Moronic Monday! Networking

---

• Moronic Monday!
• standard BGP has faster convergence than OSPF??
• IPv4 Public Address Space
• EIGRP's future at Cisco?
• Outdoor Cat5 Goo Remover
• Network monitor without backdating?
• ASA - natting multiple non consecutive VLANs - Am I doing it right?
• Cisco - VLAN's
• Ping Issue
• Super putty move from secure crt to manage nodes. -- Looking for search functionality.
• New classroom build, physical build problems - terminology?
• Free Telco Circuit Testing Solutions?
• Email when port status changes
• Does this mean that this Cisco switch does not support DACL?
• SecureCRT keeps spacing/scrolling down automatically
• VPN Concentrator that includes IOS devices
• Going to Implement Voice Vlan for the first time
• Opensource clientless VPN
• Network device software upgrade 'snapshot' data points
• tap aggregation - help
• has anyone ever use panduit's panview IQ layer 1 monitoring solution?
• Cisco FMC / FTD Remote management over Internet
• Is it possible to redirect a user's folder navigation from IP address to FQDN?
• RADIUS questions
• Not sure if this is the right sub to post this in, but does anyone here have experience with Adva fibre switches?

Moronic Monday! Posted: 11 Aug 2019 06:04 PM PDT It's Monday, you've not yet had coffee and the week ahead is gonna suck. Lets open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. submitted by /u/AutoModerator [link] [comments]

standard BGP has faster convergence than OSPF?? Posted: 12 Aug 2019 07:01 AM PDT I am currently performing convergence tests, and just found out that BGP convergence time is around 2 seconds, which is way less than expected. My OSPF times are 8 seconds. I am not modifying the protocol in any way. This seems ridicilous, would anyone have an explanation as to why BGP is so fast just like EIGRP? I hesitate to continue the testing because fo this. Any advice or reasining welcome, thanks! submitted by /u/Exteeez [link] [comments]

IPv4 Public Address Space Posted: 12 Aug 2019 09:04 AM PDT Hey, I work for a company that back in 1991, bought 13 /24 public IPv4 addresses. Just recently, I've had to update all or information with ARIN and update the ownership of our ASN. (Legal name changes, buyout, etc....) Our company has no reason to have 3,302 public IPv4 addresses. So my question is, how do we go about selling the /24 networks? Is it worth it? Thanks in advance. submitted by /u/goldfingeroo7 [link] [comments]

EIGRP's future at Cisco? Posted: 11 Aug 2019 08:08 PM PDT I know in probably in the minority here, but I really like EIGRP. Quicker to converge, more complex/detailed metric, doesn't have the somewhat restrictive "area" concept. Anyway, I noticed in the IE3400 switch, which just got L3 routing support in the latest update, they included OSPF but not EIGRP: https://www.cisco.com/c/en/us/td/docs/switches/lan/cisco_ie3X00/software/16_12/16-12x_ie3x00_ess3300_release_note.html Has there been any kind of internal roadmap I'm unaware of where they are de-emphasizing EIGRP? I don't doubt the IE3400 will get it eventually, it just seems odd OSPF was included first. submitted by /u/JamMan23 [link] [comments]

Outdoor Cat5 Goo Remover Posted: 12 Aug 2019 01:40 PM PDT Does anyone have any special tricks or products to remove the goo inside of outdoor cat5 cable? When I go to terminate it I have been just wiping it on a rag but it would be nice if there was a better way to remove the goo from the ends I am about to terminate. Thanks! submitted by /u/PowderTech [link] [comments]

Network monitor without backdating? Posted: 12 Aug 2019 07:17 AM PDT Are there any network monitor tools out there that don't practice backdating on support renewals? We are currently a few years behind on support and would like to renew with our current vendor, however, they want to backdate our support contract to the day our support ended. This means we would be essentially be paying the full cost of the product we originally paid a perpetual license for. I understand paying for the software update portion, however, it seems rather unfair to pay for the time when we had no access to support. I have spoken to two other companies and it seems they also follow in this vile practice. Essentially they bundle software updates in with support in order to extort software update pricing to the tune of 25% per year. It seems that while this practice may be widespread, it should be illegal. TIA submitted by /u/davidhk21010 [link] [comments]

ASA - natting multiple non consecutive VLANs - Am I doing it right? Posted: 12 Aug 2019 03:47 PM PDT I need to nat multiple non consecutive VLANs to a public IP address. I am currently planning on doing it this way: object network VLAN200-network nat (inside,outside) dynamic 1.2.3.4 object network VLAN202-network nat (inside,outside) dynamic 1.2.3.4 object network VLAN200-network subnet 10.1.1.0 255.255.255.0 object network VLAN202-network subnet 10.1.6.0 255.255.255.0 But I am getting this warning: WARNING: Pool (1.2.3.4) overlap with existing pool. Will this work as planned or will there be a conflit? submitted by /u/bobpage2 [link] [comments]

Cisco - VLAN's Posted: 12 Aug 2019 03:05 AM PDT Hi All Just a quick one. Can 2 different VLAN's have the same default gateway? If so, are there any down sides to this? Thanks for your time! submitted by /u/Flipwin [link] [comments]

Ping Issue Posted: 12 Aug 2019 03:42 AM PDT Good morning, In this topology I can ping from CE-1A to the WAN, but I can't do it from CE-2A. https://imgur.com/a/QWuWJRT The network works fine (e.g. I can ping from CE-1A to CE-2A) except when I try to ping my WAN interface. It should be something related to CE1A because traceroute from 192.168.10.2 results in: CE2A#traceroute 193.246.121.2 Tracing the route to 193.246.121.2 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.2.1 8 msec 5 msec 5 msec 2 10.0.9.9 [MPLS: Labels 19/22 Exp 0] 15 msec 10 msec 10 msec 3 10.0.9.1 [MPLS: Labels 21/22 Exp 0] 13 msec 10 msec 9 msec 4 10.0.1.1 [MPLS: Label 22 Exp 0] 9 msec 8 msec 8 msec 5 10.0.1.2 11 msec 9 msec 10 msec 6 * * * 7 * * CE2A# But it can reach 193.246.121.33 from CE2A: CE2A#traceroute 193.246.121.33 Tracing the route to 193.246.121.33 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.2.1 9 msec 5 msec 4 msec 2 10.0.9.9 [MPLS: Labels 19/22 Exp 0] 12 msec 10 msec 9 msec 3 10.0.9.1 [MPLS: Labels 21/22 Exp 0] 12 msec 11 msec 10 msec 4 10.0.1.1 [MPLS: Label 22 Exp 0] 12 msec 9 msec 9 msec 5 10.0.1.2 10 msec 9 msec 9 msec CE2A# I'm running OSPF on CE1A: CE1A#sh ip route Gateway of last resort is 193.246.121.2 to network 0.0.0.0 S* 0.0.0.0/0 [254/0] via 193.246.121.2 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks C 10.0.1.0/30 is directly connected, GigabitEthernet0/0 L 10.0.1.2/32 is directly connected, GigabitEthernet0/0 O IA 10.0.2.0/30 [110/2] via 10.0.1.1, 02:41:50, GigabitEthernet0/0 192.168.10.0/32 is subnetted, 2 subnets C 192.168.10.1 is directly connected, Loopback0 O IA 192.168.10.2 [110/3] via 10.0.1.1, 02:17:32, GigabitEthernet0/0 192.168.11.0/32 is subnetted, 2 subnets C 192.168.11.1 is directly connected, Loopback1 O IA 192.168.11.2 [110/3] via 10.0.1.1, 02:17:18, GigabitEthernet0/0 193.246.121.0/24 is variably subnetted, 2 subnets, 2 masks C 193.246.121.0/24 is directly connected, GigabitEthernet0/1 L 193.246.121.33/32 is directly connected, GigabitEthernet0/1 CE1A# Anyone can help me out please? Thank you in advance, David ​ ​ EDIT: CE-1A Configuration CE1A#sh run Building configuration... IOMEM size set to 53477376 bytes. Current configuration : 3612 bytes ! ! Last configuration change at 11:09:26 UTC Mon Aug 12 2019 ! version 15.6 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname CE1A ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ethernet lmi ce ! ! ! no process cpu autoprofile hog memory-size iomem 5 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ! ! ! ! ! no ip icmp rate-limit unreachable ! ! ! ! ! ! no ip domain lookup ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! archive log config hidekeys ! redundancy ! no cdp log mismatch duplex no cdp run ! ip tcp synwait-time 5 ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 172.16.0.1 255.255.255.255 ip ospf network point-to-point ip ospf 1 area 0 ! interface Loopback1 ip address 172.16.1.1 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 ! interface GigabitEthernet0/0 ip address 10.0.1.2 255.255.255.252 ip ospf 1 area 0 duplex auto speed auto media-type rj45 no cdp enable ! interface GigabitEthernet0/1 ip address dhcp ip ospf 1 area 0 duplex auto speed auto media-type rj45 no cdp enable ! interface GigabitEthernet0/2 no ip address shutdown duplex auto speed auto media-type rj45 no cdp enable ! interface GigabitEthernet0/3 no ip address shutdown duplex auto speed auto media-type rj45 no cdp enable ! router ospf 1 router-id 172.16.0.1 ! ip forward-protocol nd ! ! ip http server no ip http secure-server ! ! ! ! control-plane ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous escape-character 3 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login transport input none ! no scheduler allocate ! end submitted by /u/davideganna [link] [comments]

Super putty move from secure crt to manage nodes. -- Looking for search functionality. Posted: 12 Aug 2019 02:13 PM PDT I will keep this short is there a search functionality in Super Putty like the binoculars in secure crt. My company has many nodes/routers in our network and the current program that we use to access all of them is secure crt. We are looking at moving to super putty. I am messing around with it currently and cant seem to find a way to search text in a session. We do not want to use logging to search or copy and paste it into notepad++ to find what we need. Thanks for reading.. If anyone has any way that they know of to search it will be greatly appreciated. submitted by /u/Trevdog16 [link] [comments]

New classroom build, physical build problems - terminology? Posted: 11 Aug 2019 08:15 PM PDT We're an Australian organisation, with USA classrooms with the majority of IT based in Australia. We built a brand new classroom recently, new walls, new everything - great! an opportunity to get cabling done right. Here's a picture of the final build of a classroom: https://i.imgur.com/wij46Dl.jpg - is this OK? I am livid, I can't figure out how something so easy gets done so badly. Here's the plan and approved flag notes: Plan: https://i.imgur.com/PA5p5Ju.png Flag notes: https://i.imgur.com/ZNAku6i.png We were told that rough in was scheduled to be completed before dry-wall installations, admittedly we didn't get the rough in remotely checked at this point. The plan & notes clearly shows: 1 network termination per workstation, not some double-data double-sided taped to the wall monstrosity "Provide wall data outlet..." - Did I need to actually specify "Provide wall data outlet with structured cabling in the inside of the wall" This has now happened twice. Are we getting stiched up by electricians? are our plans ambiguous? or are we using the wrong terminology with USA contractors? submitted by /u/mpaska [link] [comments]

Free Telco Circuit Testing Solutions? Posted: 12 Aug 2019 12:36 PM PDT New to the SMB world and turning up my first new circuit at my new job. In a prior life had a pretty elaborate in-house solution for running 24-hr circuit tests (latency, loss, etc) prior to accepting a new circuit, but nothing of the sort at this new job. Can anyone recommend a free solution for testing a new telco circuit prior to accepting it? submitted by /u/yotaferd [link] [comments]

Email when port status changes Posted: 12 Aug 2019 11:45 AM PDT First, let me say that I don't even know if we are going this route, but I was asked about it, so I wanted to get some information as I haven't done this myself. We are currently a Cisco shop, and I am interested to hear what others have done in regards to getting email alerts when the a switches port status changes. Any solutions are welcome for research... free, easiest, cheapest, best, most inclusive, business standard, whatever. update Thanks for the replies, gives me some directions to look into. I don't expect us to starting doing this, especially not on all ports. submitted by /u/Xelliz [link] [comments]

Does this mean that this Cisco switch does not support DACL? Posted: 12 Aug 2019 02:51 AM PDT hello guys, ​ in the past i tried out different virtual switches that are available with GNS3 but sadly none of them showed and processed the received DACLs, debugs did show them as being received tho.. So some weeks ago i bought a refurbished Cisco switch for the sole purpose of testing DACLs, its an ws-c3750-24ps with the latest IOS version available atm, and it seems as if DACLs are also not supported on this model. ​ My question is if anyone knows if i missed some particular command to enable DACLs. Ip device tracking with an source address is already enabled, debugs show that the DACL are being received,just like the virtual models. i would also appreciate it if someone knows a suitable refurbished cisco switch model for trustsec with DACL support, since i am considering buying another model for this sole purpose. ​ P.s, what made me think DACLs are not supported with the model is the show authentication session interface command, ACS ACL seems to be missing. ​ output copy i get, ​ Switch#show authen sess int fa1/0/2 Interface: FastEthernet1/0/2 MAC Address: - IP Address: 192.168.10.10 User-Name: test Status: Authz Success Domain: DATA Security Policy: Should Secure Security Status: Unsecure Oper host mode: single-host Oper control dir: both Authorized By: Authentication Server Vlan Group: N/A Session timeout: N/A Idle timeout: N/A Common Session ID: - Acct Session ID: - Handle: - ​ vs output copy i found random on the webz with some info purposefully let away ​ C-3750-5#sh authentication sessions interface g1/0/1 Interface: GigabitEthernet1/0/1 MAC Address: - IP Address: 192.168.1.10 User-Name: - Status: Authz Success Domain: VOICE Security Policy: Should Secure Security Status: Unsecure Oper host mode: multi-auth Oper control dir: both Authorized By: Authentication Server Vlan Policy: 100 ACS ACL: xACSACLx-IP-PERMIT_ALL_TRAFFIC-511 Session timeout: N/A Idle timeout: N/A Common Session ID: - Acct Session ID: - Handle: - submitted by /u/ll9050 [link] [comments]

SecureCRT keeps spacing/scrolling down automatically Posted: 12 Aug 2019 11:26 AM PDT Say I have a sh run on the screen. I haven't space bar to the end so there's still "more" to show. If I leave it alone and not press anything, SecureCRT will eventually "press" space and tab down to the next page of the config. If it gets to the end and is on the privileged mode, it will eventually start adding spaces. Is there a way to stop this? submitted by /u/21brandon021 [link] [comments]

VPN Concentrator that includes IOS devices Posted: 12 Aug 2019 10:54 AM PDT With our new PA box being crazy expensive to add IOS VPN clients, we are looking for something dead simple to support a handful (~15) of remote VPN users. Does anyone have any recommendations for something that can handle this? We are replacing an old 5500 ASA that is getting long in the tooth and we just need to provide VPN access. IOS, Windows, and OSX clients must be supported and preferably something with a simple profile-creator for IOS devices would be a huge bonus. Does anyone have a recommendation? Google turns up companies I've never heard or or appliances that do a lot more than our simple needs. Any help is appreciated! submitted by /u/mcflyatl [link] [comments]

Going to Implement Voice Vlan for the first time Posted: 12 Aug 2019 10:53 AM PDT My company is going to implement voice vlan for the first time in preparation of using UCx client from TPx. My understanding of networking is pretty novice, so there are a lot of uncertainties that I wanted to address. For instance, our environment will comprise of both desk phones and softphones. If we were to segment the network with both a data vlan and voice vlan, how would a softphone work on a PC that is on a data vlan? Also, if we were to use a deskphone that has a PC daisy chained to the deskphone, how would the PC be able to communicate with the data network when the deskphone is connected to a port that is on the voice vlan? Would the solution be to just have the interface both be on the voice and data vlan? If so, wouldn't that defeat the purpose of having a segmented network so that there will be less broadcast? submitted by /u/WS-GHQ-1054 [link] [comments]

Opensource clientless VPN Posted: 12 Aug 2019 04:29 AM PDT I have a web application at a small site currently accessed using the web-ssl VPN on a Cisco 5505. I want to replace this solution but don't want to expose the legacy web application to the internet. The user's have to access it via the web and cannot use a client. Is there any active clientless opensource projects at the moment like ssl explorer used to be? Or any low cost paid solutions? submitted by /u/PericardialMembrane [link] [comments]

Network device software upgrade 'snapshot' data points Posted: 12 Aug 2019 08:53 AM PDT Hi /r/networking, What kind of data do you record on network devices to 'baseline' them before a software upgrade, in order to gauge the success or failure of the upgrade post-reboot? So far, I record: Switches: Spanning tree status (port states, root bridge MAC per VLAN (if doing some flavor of PVST)) General interface status (output of show int status on a Catalyst switch, for example) If switch is L3 - routing table, dynamic routing neighbor status if any such protocol is in use Routers: General interface status (show ip int bri, on a Cisco router, for example) Routing table, dynamic routing neighbor status (if any such protocol is in use) Firewalls: General interface status (show int ip bri, on an ASA, for example) Confirm connection/session table populating Confirm translation table populating If there are any disparities between the pre and post software upgrade baselines, I justify or resolve them, and then consider it successful. What is everyone else doing? I am trying to approach it all 'programatically' so that I can eventually script the entire process and have peace of mind knowing that the baselines match before and after the upgrade. Let me know what data you gather to determine a successful or failed upgrade, thanks! submitted by /u/tilphecklenburg [link] [comments]

tap aggregation - help Posted: 12 Aug 2019 08:08 AM PDT Talking out loud here, so please bear with me. ​ Previously, we have multiple taps through span sessions at strategic points of the network. Some are inline fiber taps as well. It's easy to identify and say "hey I want to see if this packet was seen at X location" because each tap port, or span session went back to a specific interface on the capture appliance. Now, we have grown, and the cost of adding these capture appliances are incredibly expensive. So we are going with a tap aggregation setup. So we purchased some Aristas to do the tap aggregation, and we have all the data from different VLANs/capture points going to different capture appliances (we have 3 currently, 12 capture interfaces total). However, I am struggling to figure out where the packet is seen, not just that it was 'seen', if that makes sense. Previously I could goto into capture appliance X and see if packets were making it to the port I had the tap on. Now I don't know if the packets made into network X, other than I just see it on the network. How far did the packet get into my network? I don't know now. Using the arista as the packet broker, is there some kind of data or extra meta field I can add onto each tap interface, to say where the packet was seen? De-Dupe is turned on, and if I turn it off, it just compounds the issue due to the number of capture points. With de-dupe turned off, is there some kind of logic here, like hey I see this packet 10 times, so it must have made it all the way into the core network? Maybe a mix of dedicated and aggregated? Does anyone know of a good tap/aggregation design guide? This is all relatively new to me. submitted by /u/networksmuggler [link] [comments]

has anyone ever use panduit's panview IQ layer 1 monitoring solution? Posted: 12 Aug 2019 07:56 AM PDT submitted by /u/juldell [link] [comments]

Cisco FMC / FTD Remote management over Internet Posted: 12 Aug 2019 07:55 AM PDT Hey! I have purchased three Cisco FTD 1010 for a customer and a 10 license FMC appliance. They have three sites. Site A (Main site, FMC and one FTD here) Site B: Another Country Site C: Yet another Country. ​ So what I want to do is add site B & C in the FMC via Internet. AFAIK there's no official solution to this from Cisco. But I talked to colleague and he said that it would be possible to do. So what I'm thinking is. *Publish FMC on site A on Internet Set the MGNT-interface on site B & C on a public adress, and then do some form of NAT. Has anyone tried this successfully? submitted by /u/e2zippo [link] [comments]

Is it possible to redirect a user's folder navigation from IP address to FQDN? Posted: 12 Aug 2019 07:33 AM PDT We have some older corporate software with IP address hardcoded (e.g., software checks files on share \192.168.0.100\files) however our newer security software requires users to use the server FQDN for file shares (e.g., \fileserver\files) and this is breaking some of the software reports. Unfortunately the software is no longer supported so getting the hardcoding updated is not an option. What I'm trying to find is a way (such as Windows hosts file) to redirect the IP address to the FQDN so software share lookup will function as needed. Is this possible? submitted by /u/s3rvant [link] [comments]

RADIUS questions Posted: 12 Aug 2019 07:19 AM PDT Cisco radius questions... 1) How do I enable that all radius over ssh authenticated users have level 15 enable privileges? Even better if it directly drops them into the exec shell? We use freeradius with LDAP. 2) I have used aaa authentication login default group radius local on vty 0 4 or aaa authentication login default local group radius on the same vty 0 4. But I have never been able to login as local or vice versa as radius on the same vty via SSH. My idea was in case that I ever forgot my radius users password I can use a local user as a fallback. So Imagine I have applied aaa authentication login default radius local to the vty 0 4 where ssh is, but I have forgot my radius password and now I want to ssh with ssh localuser@ciscodevice? I mean, I tried that but for some reason it did never fallback to the local database, am I missing something? submitted by /u/Irkutsk2745 [link] [comments]

Not sure if this is the right sub to post this in, but does anyone here have experience with Adva fibre switches? Posted: 12 Aug 2019 06:10 AM PDT We've had Openreach (BT in the UK) rock up and install a fibre line that terminates in a adva fsp150cp fibre access switch, which apparently is one built specifically for Openreach so I'm struggling to get a manual for it. It looks like we've got the option to use either ethernet or fibre to go from this to our router, but according to our provider only the fibre will work "because the connection is too fast" for ethernet. This is only a 100mb line and lets just say the provider hasn't been 100% accurate with their advice so far. Anyone here run into this kit before and if so did you get it running using ethernet? edit: It's one of these - https://www.itinstock.com/adva-fsp150cp-optical-fibre-access-switch-f150bt-cpgig2ac-0078993005-42179-p.asp - nice to see British Telecom sparing no expense :) submitted by /u/chrisv650 [link] [comments]

You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States