Moronic Monday! Networking |
- Moronic Monday!
- What are some good resources for learning fiber optics, wdm systems , optical amplifiers, etc...?
- Where to start re-organizing/wiring rack?
- HPE SAN Switches
- Juniper MX : /31 issues
- Setting up a transit vnet in Azure
- SSH Public Key auth on HPE/Aruba switches [x-post from r/ArubaNetworks]
- Firewall Sizing
- UPS Topic/Recommendations To The Networking Group...
- How do non-LAG'd hosts communicate across MLAG peers?
- mitel support for mitell hx 5000
- Best way of getting full throughput on a bonded interface?
- Is there a 'friendly' tool to do quick packet captures from my switch?
- EIGRP and BGP convergence improvement question
- Cisco 3-tier/2-tier campus network
- Configure QoS on a Palo Alto Firewall Subinterface - Is it possible?
- Layer 7 filtering
- Multihome client failing to update DNS (Wired+Wireless) when transitioning back and forth
- BGP Route
- Junos to HA device
- What's the equivalent of "show mls cef exact-route" or "show ip cef exact-route" on Cisco 4500E ?
- Whats the worst drop rate you have ever seen.
- Fortigate in Oracle Cloud
- no service password-recovery
Posted: 04 Aug 2019 06:04 PM PDT It's Monday, you've not yet had coffee and the week ahead is gonna suck. Lets open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. [link] [comments] | ||||||||||
What are some good resources for learning fiber optics, wdm systems , optical amplifiers, etc...? Posted: 05 Aug 2019 10:51 AM PDT | ||||||||||
Where to start re-organizing/wiring rack? Posted: 05 Aug 2019 09:15 AM PDT Hello All, I am taking care of the tech responsibilities of a Public Library, this what the network rack currently looks like: Not big on networking and I am unsure where to even start with this. The patch panels on the top are around 25 years old. The devices on the bottom are a 24 port Cisco Meraki switch, 24 port open-mesh switch, and 2x 48 port cisco switches. I would like to clean this all up with new patch panels and such. What would you recommend? [link] [comments] | ||||||||||
Posted: 05 Aug 2019 04:06 AM PDT Hey guys, We are in the process of redoing our Server/Storage/Networking infrastructure, We are based in Australia so I know 90% of the people can't help with pricing but I'm just trying to figure out what HPE switches are the go (We have a great HPE solution infront of us but the switches are shitty access layer ones and they are trying to claim that they are good for our SAN. What we are looking for
We have been quoted the below switches (Went with 3 vendors for DD).
What we are looking at
HPE also doesn't sell Arista anymore which is stupid considering it's still on their website but everyone knows how good HPE's website is.. I'm indifferent really on switches and happy to look at anything, but would rather HPE so we get bigger discounts. [link] [comments] | ||||||||||
Posted: 05 Aug 2019 08:35 AM PDT I've been using Juniper MX104's as PE's for a while and they've worked great. We use them to terminate fibre circuits into our core. Each fibre circuit comes in on a 10Gb which is split into 100's of VLAN's, one for each customer. To save address space we tend to use /31's for these all has worked well fine for years now. In the last week however I've had two instances where a customers circuit hasn't come up. I can see their device in the arp cache but I can't ping across it. Changing the link from a /31 to a /30 has resolved the issue both times or strangely moving the circuit into a VRF instance on the MX resolves the issue. Now we have 100's of other customers on exactly the same 10Gb link and the CPE device are the same (managed by us). I'm thinking it may be a bug on this specific MX104 we haven't hit before but before I start looking at Junos upgrades I just wanted to check in here. Anyone see this sort of behaviour before? Clearing the arp-cache didn't resolve it either. Thanks [link] [comments] | ||||||||||
Setting up a transit vnet in Azure Posted: 05 Aug 2019 08:31 AM PDT I'm working on setting up a transit VNet in Azure. The idea is to route all traffic coming from on-prem to the transit VNet before it moves on to a separate peered VNet. No matter what I've tried, though, I can't seem to get it to work. Any suggestions or thoughts are welcomed.
Anything I've found online makes it seem like the routing should just work, though I have to be missing something. I tried setting up a User Defined Route in the Production Vnet for the network on-prem but there was no improvement. Eventually I'll be using the UDR's to route traffic to virtual firewalls in the Transit VNet, but I really want to prove the solution should work before cutting over production resources. [link] [comments] | ||||||||||
SSH Public Key auth on HPE/Aruba switches [x-post from r/ArubaNetworks] Posted: 05 Aug 2019 10:12 AM PDT So I'm working on securing some scripts and have run across issues finding this documentation so I figured now that I found it, I'd share it. To enable public key authentication on HPE/Aruba switches, enter config mode in the CLI and enter the following (note this is confirmed working on firmware version 16.01.0004 and newer, does not work on 15.16.0006 and maybe other older versions): Note that the ASCII text needs to be in single quotes. This can include the whole line from your id_rsa.pub file 'ssh-rsa <key text> user@domain.com' The single quotes are required, which was missing from some notes I found online. Make sure to save the config to memory before logging out. Hope this helps save someone the time it took me to find this and figure it out. [link] [comments] | ||||||||||
Posted: 05 Aug 2019 06:02 AM PDT I'm asking this because I've always been lucky on this front I guess. I see posts on here about firewall recommendations that to me, seem oversized. But the people who are making the recommendations seem to really know what they are doing so I'm curious how you would size a firewall. Let's assume you know nothing about the vendor and the specs they list are accurate (they can really do what they say). Now lets say someone asks you to purchase a firewall for a site that has 400 employees of medium bandwidth usage. Let's say they use about 30Mb's on average for download (total for all users) and 10Mb's upload. We will assume no growth is expected and their connection is 50Mbs. They host a web server and Exchange onsite and want IPS for these devices as well as layer 7 policies for everyone. They will also use AV scanning on the firewall. Assuming you can't ask a vendor to size it for you, what would you look for on the spec sheet to determine the size? I would use throughput and total sessions (with about 200 per user as a ballpark). But as I said, this normally makes me come in smaller than lots of other people. Feel free to use a real vendor as an example. [link] [comments] | ||||||||||
UPS Topic/Recommendations To The Networking Group... Posted: 05 Aug 2019 07:47 AM PDT In my IDFs I have one or two firewalls and some switches. I'm wondering what UPS you would recommend in these small locations? I'd like them to have the ability to handle remote monitoring and perform self tests? Thank you in advance for your feedback. Cheers! [link] [comments] | ||||||||||
How do non-LAG'd hosts communicate across MLAG peers? Posted: 05 Aug 2019 11:57 AM PDT This is probably a very silly question but I am having a tough time finding a definitive answer. I'm assuming the answer is yes, but I want to be sure. Let's say we have switch A and switch B, peered in a multichassis-LAG setup (not a stack). I understand that hosts that have LAGs attached to each switch communicate their info between peers using the inter-switch link to keep the LAG alive and stable. What I don't understand is if a single node 1 is attached to switch A only, and a single node 2 is attached to switch B only - are they sending traffic destined for each other across the same ISL as if it were just a typical uplink between two neighboring switches, or is the ISL strictly for LAG-related traffic across both peers? I'm looking to replace a few stacks with MLAG-capable equipment instead and need to know that typical switch-to-switch traffic won't have to leave the peer group to get back to the other side for whatever reason, or require additional STP setup (the idea here to avoid STP). [link] [comments] | ||||||||||
mitel support for mitell hx 5000 Posted: 05 Aug 2019 09:35 AM PDT i recently took over a customer who has a mitel hx 5000 it running software version 6.0 sp2 release 65 however the former PBX management company was not so nice to deal with, when the customers refused to renew the contract and asked for a copy of the software to manage the pbx himself or have us do it, they did not leave a copy of the software and so now i have been tasked by my supervisor to find a copy of the software i proceeded to call mitel and was quickly shut down naturally (they want to protect there existing vendors naturally so i would like to know if anyone has any suggestions or contacts i could possibly use in regards to this issue i would like to know have anyone else ever encountered a similar issue like this [link] [comments] | ||||||||||
Best way of getting full throughput on a bonded interface? Posted: 05 Aug 2019 03:17 PM PDT So I have a NAS I'm trying to move some data from. It's connected via 10G fiber. The server I'm moving it to has 4x 1g ethernet. I thought by bonding them I could maybe get 3-4g coming in from the NAS, but apparently since it's only one connection, it only uses 1 NIC to capacity and I get ~1g speeds. It's configured in mode 4 with LCAP configured on the switch. I tried issuing two separate rsync sessions, but it just splits the 1g. How can I get this to use the full bond speed? I've tried changing the hash transmit layers to 2, 2+3, 3+4 and get the same results. I tried mode 0(maybe I didn't configure it right) but the performance was abysmal and I went back. If I add additional IP(s) to the NAS, then mount the same NFS share via different IPs, will that accomplish what I'm trying to do? Netgear GS728TXS, CentOS 7 ** Also, I have ordered a fiber card for the server, but as a learning experience I'm curious how this would work. [link] [comments] | ||||||||||
Is there a 'friendly' tool to do quick packet captures from my switch? Posted: 05 Aug 2019 02:53 PM PDT I have been using various firewalls and finding their ability to do a quick GUI based capture of a few thousand packets to a file very handy. I have span ports set up on my switches and a wireshark VM that can be dragged around and plugged into the right bit of network to do captures, but it's a pain each time I want to reconfigure the span and move the VM around. Is there a GUI tool that can be given some filter specs - from the usual IP, port, protocol etc. that you'd use with tcpdump to more sophisticated switch focused things like a specific VLAN or port - then grab a smallish number of packets and return them to a file, or even direct to wireshark? I know it can all be done with the CLI, I just want something quicker to configure and ideally that I can let certain power users get to as well, without giving them full CLI access. The switches involved are Nexus 3K and 5K and Catalyst 2960X's. [link] [comments] | ||||||||||
EIGRP and BGP convergence improvement question Posted: 05 Aug 2019 09:50 AM PDT Hi, so I'm currently conducting a series of experiments on a network with multiple routers. I have EIGRP next to do, and BGP after that. So for EIGRP I have so far: standalone eigrp carrier delay set to 0 BFD enabled hello/hold timers set to minimum For BGP I have: standalone bgo carrier delay to 0 BFD enabled Could you guys give me any more tips which settings could improve convergence? Thanks a lot! [link] [comments] | ||||||||||
Cisco 3-tier/2-tier campus network Posted: 05 Aug 2019 01:21 PM PDT So I currently have a relatively flat network comprising 6509e at the core at each main site (x2), 2960S/2960X at the access layer, and 3650 used as distribution where we have a lot of access switches in one location. Smaller sites (x7) have a 2960S/X deployment with 3650 at the end of a WAN link back to one of the main sites. Mostly L2 stretched vlans every (yeah i know - I inherited it, fully plan to fix..) 250 switches total. I need to build out a new access stack and looked at the 9200, this got me thinking about distribution switching and building our a dual star topology in the future. I had planned to run static routes from the access stacks to distribution over 2 x 10G links, then ospf to distribution over 2 x 10G links. Our VAR recommended:
When looking at this, the 9300 seemed kinda pointless as only the uplink modules were being used. The C9500-16X seemed a better fit, and has enough ports to allow not only dual star, but partial mesh between distribution also. Then I noted that the C9200 with an essentials license can do some routing including OSPF (1000 route limit), and thought, why not simply up the port count at the core to 2 x C9500-48Y4C, and ospf straight to the access layer stacks in a collapsed core topology. kinda need some input from peers here, so please feel free to criticize/suggest/other. Thanks in advance. [link] [comments] | ||||||||||
Configure QoS on a Palo Alto Firewall Subinterface - Is it possible? Posted: 05 Aug 2019 08:50 AM PDT Has anyone done this or can tell me how? It is implied by at least this article by Palo Alto that it can be done: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/quality-of-service/configure-qos.html However, I can't find a way to do it anywhere. I have tried on a few different models of firewall that are all running 8.X . There is only a choice for "physical interface" [link] [comments] | ||||||||||
Posted: 05 Aug 2019 11:51 AM PDT Do you think it's a requirement for enterprise environments that host publicly accessible web servers? Can you point to any supporting documentation? Want to suggest deploying this at remaining locations. [link] [comments] | ||||||||||
Multihome client failing to update DNS (Wired+Wireless) when transitioning back and forth Posted: 05 Aug 2019 11:16 AM PDT May be a misnomer to call it multi-home... but systems are laptops where they use both a wired connection (Dock typically) and a wireless connection, throughout the day. In one scenario, employee comes in and works at their desk - registersDNS successfully, goes to building 2 to work via Wifi - registersDNS successfully, goes to building 3 for another meeting via Wifi - registerDNS fails, returns to desk to work out the rest of the day - registerDNS fails. each network has it's own IP range but I'm banging my head against how to get it to work. DNS Servers are AD DNS with Secure Dynamic Updates on, if i turn off the dynamic updates it all 'just works' but thats not an ideal situation. What else can I do, or check? eventually the records age out and it works again. I have a C-Suite who is pro 'mobile work force' and doesn't really care about the pain it causes the infrastructure folks. [link] [comments] | ||||||||||
Posted: 05 Aug 2019 03:18 AM PDT Hi, Hoping someone can help me understand why this route is being preferred. Looking at the attributes
The next attribute is metric and it seems to be preferring the higher metric? This is assuming MED and metric are the same thing Thanks in Advance edit - these have been redistributed from OSPF, I have a feeling this may be causing the issue but I can't find anything on it. [link] [comments] | ||||||||||
Posted: 05 Aug 2019 09:37 AM PDT Hello, I currently have a network with a Juniper router, linked to an Extreme switch, with a Sophos XG transparent bridge in the middle. I got another Sophos XG device to configure it as an HA device in Active Passive mode. I am looking to ideas on how this is accomplished on the Juniper side and the Extreme side. Do I use link aggregation, or what is the acceptable method to configure connections to multiple HA devices? [link] [comments] | ||||||||||
What's the equivalent of "show mls cef exact-route" or "show ip cef exact-route" on Cisco 4500E ? Posted: 05 Aug 2019 08:54 AM PDT I need this command but i can't find it SUP equipped : WS-X45-SUP7-E IOS : cat4500e-universal.SPA.03.02.06.SG.150-2.SG6.bin Thank you. [link] [comments] | ||||||||||
Whats the worst drop rate you have ever seen. Posted: 05 Aug 2019 01:22 PM PDT Hi All So i have a customer who has setup there network on a single broadcast domain and has over 50 Switches connected and is using spanning tree to setup a redundant link. Looking through one of there switch's I've seen the following statistics on their up link port. I am fairly new to the field and so far i've never seen anything this bad before. What is the worst drop rate that you have ever seen or experienced. [link] [comments] | ||||||||||
Posted: 05 Aug 2019 06:04 AM PDT Anyone have experience or familiar with Oracle Cloud and Fortigate? We are migrating to OCI and since Oracle does not have anything of a network insight for logging etc we decided to make our edge device a Fortigate. I followed the docs etc on how to spin them up attach VNICs etc. I attached the 2nd VNIC for the "protected network" which will be the LAN port on the Fortigate. It now states that I should update the Route Table for whichever subnets I want to go through the Fortigate and out to the internet from instead of using Oracles NAT Gateway. Pretty much I want all traffic to egress and ingress to and through the Fortigate. The underlying servers 10.100.2.2 cannot get out to the internet however if I point there route table to 10.100.0.5 (LAN on Fortigate) and they cannot ping that IP either from the servers but in the reverse direction I can ping the underlying servers when I source ping from the LAN on the Fortigate to those servers. To make it even weirder ... I have a Fortiweb WAF spun up in the same subnet as the LAN on Fortigate. Fortiweb 10.100.0.6 Fortigate LAN 10.100.0.5 I have the default route on the Fortiweb to point to the LAN 10.100.0.5 and it can get out to the internet just fine?! I run a trace on the Fortiweb it hits 10.100.0.5 then out to the public internet. This is what is driving me nuts this test proves the LAN on Fortigate is working properly by the LAN to WAN policy for ALL traffic out. It is allowing the WAF to get out to the internet through the Fortigate but not the underlying servers. I have a SEV1 opened with Oracle and that is honestly not getting anywhere it's been8 days they are even confused. I have sourcedestination checked on the VNICs as well which is Oracles way of allowing diff subnets to talk. just throwing out a lifeline to anyone who maybe has seen or heard of this issue before ... appreciate it all [link] [comments] | ||||||||||
Posted: 04 Aug 2019 04:04 PM PDT |
You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
No comments:
Post a Comment