Rant Wednesday! Networking |
- Rant Wednesday!
- Risks in upgrading Cisco 2960s/2960X stack members individually ?
- Equinix Cololocation in Ashburn, VA DC4
- Cumulus VRR to good to be true?
- Weird port security violation
- Help me understand Cisco prime infrastructure and DNA center
- Blocking an IP on a Cisco WS-C6509-E
- Mbps vs MBps
- Cant ping static IP from core
- Measuring packet loss roaming between access points
- Networking education for industrial controls
- iperf slower than Internet on WLAN and I've ruled everything out
- PnP deployment of 22 new switches
- Second level domain forwarding with a FortiGate 60D
- SRX Firewall NAT rule with multiple route instances or zones in "from".
- Juniper EX vs MX - why do they use MX as their core
- Clone Deploy on separate Vlan - PXE boot
- On the note of Distributed transactions and message loss within a transaction scope
- LLDP Client for Android/iOS
- ProCurve Per-IP rate limiting
- Cisco Prime Location Alternative
- What's a Wyebot?
- Ideas on upgrading TPLink to Unify - Advise on kit needed
- How can I accomplish VPN across Dual Wan connections?
- TLS 1.2 Authentication
- Looking for some ideas on a switch install location.
Posted: 06 Aug 2019 05:04 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! [link] [comments] |
Risks in upgrading Cisco 2960s/2960X stack members individually ? Posted: 07 Aug 2019 11:10 AM PDT Hey all! We've got a few Cisco switch stacks in one of our production environments and I'm looking to upgrade the IOS to the current gold star version. The only thing is, we don't want to have to reload the entire stack at once, but rather, upgrade them individually. Info about the environment setup:
I've created a test environment consisting of two 2960s switches stacked together. I'm upgrading from iOS 15.2(2)E6 to 15.2(2)E9 (Stack Protocol Version 1.56) I've successfully upgraded IOS on switch 2 with the following command, issued from the master: This was successful and switch 2 booted up and joined the stack using the new IOS. We did the same command for switch 1 and when it went to reload, the master failed over to switch 2 automatically (which preserved any connections on switch 2 as was desired). I am aware that the only reason this was successful was because the Stack Protocol Version is the same between both IOS releases. Here's the issue... I can't find this procedure documented anywhere. And while it worked on the 2960s in my test environment, I'm hesistant to apply the procedure to the production 2960X stacks. When looking at the official chapters on managing switch stacks for both the 2960s and 2960X it doesn't mention upgrading this way. It doesn't explicitly go over a procedure for upgrading a stack at all. Though, a lot can be inferred from the examples it does show. There is however a whitepaper called "Cisco Catalyst 2960-S FlexStack: Description, Usage, and Best Practices" that does talk about upgrading IOS on the stack. And while it doesn't explicitly outline a procedure to upgrade each stack member individually, it seems to imply you can. From page 14 of the white paper:
So does the lack of documentation mean that this is an unsupported way of upgrading a stack? I'm curious if anybody else has tried to do this before. I don't think upgrading IOS in this manner could result in bricking the switches. Thoughts?? -J [link] [comments] |
Equinix Cololocation in Ashburn, VA DC4 Posted: 07 Aug 2019 01:07 PM PDT Does anyone have an gotchas you could recommend we look out for on a full rack colocated in Equinix out of Ashburn, VA DC4? Looks like we'll get a full 42U that is 19" wide and 36" deep and 45U tall (45U rack, top 3 RU reserved for Equinix) with primary and secondary 208V, 30A, single-phase power (we will provide PDU's). We plan to use this rack to tap into their ECX (Equinix Exchange). [link] [comments] |
Cumulus VRR to good to be true? Posted: 07 Aug 2019 08:51 AM PDT TL;DR: Cumulus Linux's VRR just seams so simple and easy? What am I missing? Why don't all networks work like this? Why bother with VRRP/HSRP/GLBP? What are it's gotchas or limitations? From my reading, instead of a protocol with dead timers, a master, etc, like VRRP or HSRP; VRR works on the anycast principal like this:
My environment: I just got 2 new EdgeCore switches + Cumulus Linux, and am installing them as the core switches for my manufacturing campus and datacenter. I'm planning to do MLAG to each server (12 servers), MLAG to our Checkpoint firewall cluster, and MLAG to several of the IDF switches. Some other IDF switches will just have single uplinks for now. The Cumulus switches will terminate L3 for all server and LAN vlans and will route traffic onward to the firewalls (I'm using VRF-Lite for segmentation). Any issues with using VRR like this? Being a manufacturing plant we do have random flaky devices out there and it makes me wonder whether we'll have issues with devices chocking on 2 ARP replies? [link] [comments] |
Posted: 07 Aug 2019 09:22 AM PDT I had an offline printer this morning due to port security violation. The weird thing is, the device that violated it is indicated by MAC address to be one of our VOIP phones. The phone in question however is located at a different site several miles away on different switches and as far as I can tell from the logs has not been disconnected recently. This leaves me with a few possibilities.
In my experience the only thing I've ever come across that was weird with regards to port security was a Black Box DSL device that constantly spit out a new mac address every few hours or so. Anyone have any ideas of how this could not be possibility #1? [link] [comments] |
Help me understand Cisco prime infrastructure and DNA center Posted: 07 Aug 2019 10:10 AM PDT Is there a difference between both products? DNA is the replacement for prime? We have 5 offices with a mix of c9200's in new, and 3750's in old. Add to that a couple of c9300 stacks, and some 4500-x's in data centers. We then have 20ish access points with 2 wlcs in data centres. Do I have a use case for either of these products? Does DNA center support the older devices, does prime even support the newer catalysts? For pricing, I think I've worked it out at $100 for base prime license then you either buy single device license for around $60 or buy a bundle. For DNA center I can't really work it out.... [link] [comments] |
Blocking an IP on a Cisco WS-C6509-E Posted: 07 Aug 2019 07:18 AM PDT Good Morning! My company is probably close to death. We no longer have a network admin, so I apologize if this is a stupid question... I know crap about networking, but this has fallen on my lap. Our main router is an ancient Cisco WS-C6509-E running iOS 12.2. When I run The IP Is this correct? Is there a way to block this IP on this antique hardware? Thank you! Edit: This is how the ACL 69 is applied: and this is the relevant chunk of the ACL. All IPs are obfuscated... [link] [comments] |
Posted: 06 Aug 2019 06:20 PM PDT Today at work there was an arguement about why bandwidth was measured in bits and not bytes. I suggested that it was measured in bits because each electrical signal sent over a cable is either a 1 or a 0, hence being measured in bits. My coworker suggested that its a clever marketing scheme to make data rates seem faster. What are your opinions on this? [link] [comments] |
Posted: 07 Aug 2019 08:18 AM PDT I have a Juniper ex4600 for our core. I have had issues, where I cant ping a static IP from the core but I can from the switches on the subnet. This has happened with more than 1 device at more than 1 location. I can ping the IP from any client machine on the subnet but not from any other subnet. The netmask has always been correct when looking into it. If I put the device on DHCP it pings fine. If I move it back to static it will ping fine for a few days maybe. Then it will stop responding to ping from any other subnet or the core. Do you have any ideas what the problem might be? [link] [comments] |
Measuring packet loss roaming between access points Posted: 07 Aug 2019 09:30 AM PDT Is there some kink of a speed test I can run for like 5 minutes while I walk around to measure packet loss and download speed? I'm trying to [link] [comments] |
Networking education for industrial controls Posted: 07 Aug 2019 01:13 PM PDT I work in instrumentation, automation, and industrial electricity. Most of what I do is the installation of measuring instruments and creating or editing ladder logic. All of our logic controllers are ran over an ethernet network or subnetwork depending on their tasks. Ive been spoken to about my company potentially integrating our process control and information technology department. My networking knowledge is very limited in the scheme of things. The only experience I have is dealing with our limited PLC networks. I'm interested in going back to school to learn more about networking but I'm unsure as to whats the best way to go. Is another associates degree worth pursuing or are there certification classes that could catch me up to speed on networking. I apologise if this post isn't allowed. I read that esrly career advice isn't allowed but my career isnt in networking and its more supplemental than anything. Also, sorry if there is more information you need from me to answer my questions. [link] [comments] |
iperf slower than Internet on WLAN and I've ruled everything out Posted: 07 Aug 2019 09:03 AM PDT I just installed 4 Ubiquiti AC Pro APs in a business; so far so good. The only problem is that iperf tests from over Wi-Fi are uniquely slow: slower than an Internet speed test on the same hardware setup. I was hoping someone with fresh eyes or more experience can see something I missed. Background: The network is a single /24 network that spans 3 buildings, with a single 1Gb fiber between each building. Fiber terminates into SFP port on the L3 switch in each building. There are no traffic shaping rules except for IGMP and multicast suppression enabled on the switches. The network is for 30 users, and activity is mainly Web, printing, VoIP, and Filemaker database. The fiber is installed between the 3 buildings as: [Admin]------[Manufacturing]------[Sales office] The internet router is in the Admin IDF, and production/VoIP servers are in the Sales office IDF. Test setup: -iperf server running on my ThinkPad, 1 Gb ethernet into the switch in the Sales office IDF. (All tests) -iperf client running on my IdeaPad laptop Tests:
The next test is where I'm confused
Test 5 shows that there is enough bandwidth between all 3 buildings Test 2 shows that that Wireless internet access works as fast as the ISP can deliver. Test 3 shows that the iperf server can push almost 1 Gbps If iperf can push 1 Gbps over LAN, and Wi-fi can send 150 Mbps, why is test 6 slower than test 2? [link] [comments] |
PnP deployment of 22 new switches Posted: 07 Aug 2019 07:08 AM PDT Hello, I have a deployment of 22 (total) small business grade Cisco SG550XG-8f8t, SG550X-48 and SG355-10P switches. It's an isolated network and once this deployed won't (shouldn't) require any work except in case of equipment failure. I'm trying to decide if it's worth looking in to any PnP solutions to upgrade the firmware image and apply a base config allowing me to ssh on to them. I can't see anything Cisco OpenPnP related without having DNAC. All the Free/OpenZTP projects I've been finding are POAP rather than PnP. I think I've answered my own question but for this number of devices is it worth looking at automation or should I just crack on with the console cable? What would you do? [link] [comments] |
Second level domain forwarding with a FortiGate 60D Posted: 07 Aug 2019 02:07 PM PDT First of all I have no idea what I'm doing. I want to forward every connection received at [link] [comments] |
SRX Firewall NAT rule with multiple route instances or zones in "from". Posted: 07 Aug 2019 08:48 AM PDT |
Juniper EX vs MX - why do they use MX as their core Posted: 07 Aug 2019 06:07 AM PDT Hello, I see many people using MX series as their core switch instead of high-end EX switches, for example, EX9200 which is a modular solution as well. why is that? [link] [comments] |
Clone Deploy on separate Vlan - PXE boot Posted: 07 Aug 2019 01:36 PM PDT Windows server 2016 - DHCP HP Arube 5400 switch CloneDeploy I'm setting up a seperate vlan, I already have a IP Helper configured to my DHCP server. What do I need to do to get PXE boot running properly. I see some options in my DHCP server may allow what I need. But I'm also seeing ip helper address (which I already use to point to my DHCP server on a seperate Vlan) that works in conjunction with "ip forward-protocol udp <??> " [link] [comments] |
On the note of Distributed transactions and message loss within a transaction scope Posted: 07 Aug 2019 07:27 AM PDT Considering that in the context of executing a transaction part of the transaction may be lost within messaging (considering the two generals problem). How should you go about helping your system learn when a transaction experienced such a fault if you are restricted to the Two phase pattern? Some context, we have an application that handles Distributed Transactions with MSDTC, and the main problem we are facing is explained here: https://ayende.com/blog/167362/the-fallacy-of-distributed-transactions Aside from the obvious, commonly accepted consensus, that one should not use distributed transactions. Are there some discussions with regards to, discovering when the fault occurred. I.e if we were to take the two generals problem again, if before a transaction started a copy of the message firing the transaction was kept,and deleting this message if the transaction finished successfully (by confirming this when the transaction comes back), would we be able to "report" and "retry" transactions in cases of such faults mentioned in the link above? I can't seem to find someone discussing this "patch" to a similar situation. Not sure if it belongs in this sub.. [link] [comments] |
Posted: 07 Aug 2019 04:10 PM PDT I purchased a USB OtG adapter that successfully powers an Ethernet adapter. I was able to test it on my iPad Pro and a Samsung 10, got IP address and was able to detect devices on the network. Seeing this function, it would be an amazing tool for on the go field work when working on networks. Is there an LLDP client for either OS that can be used to see the VLAN, Switch, Port ID, etc. on the network, similar to Hanewin LLDP client for Windows? [link] [comments] |
Posted: 07 Aug 2019 07:13 AM PDT At a remote site tied back via MPLS, I have a guest network which we are looking to throttle a bit to prevent link saturation. The router at the site is a ProCurve 5406zl with v2 modules on K.16.02 code. Guest users are all running in the 10.0.100.0/22 space in this scenario and vlan 1000 is the guest vlan. When testing however, the policy doesn't seem to work. [link] [comments] |
Cisco Prime Location Alternative Posted: 07 Aug 2019 09:26 AM PDT I haven't been able to find much for a suitable replacement for a small environment. I'm planning on about 10 Meraki MR55's with real time location services. I'm interested in location awareness and helping entry level support people troubleshoot wifi issues. All of the software I kept coming across was "wifi analytics" which is basically marketing BS to gather data try and push sales on people. Meraki RTLS looks like it might help us a bit but the integrations don't look like they are up to date. [link] [comments] |
Posted: 06 Aug 2019 07:22 PM PDT My CFO has been getting emails about a Wyebot and keeps asking me if we should use one to diagnose our network. I shrugged it off last year, but she's brought it back up again and I need to figure out if it's worth expending any effort on. Has anyone here has any experience with the company or the device? Supposedly it conducts a wireless site survey and makes recommendations. We use Tamograph (not the best) for this already. Any advice or general wireless analysis discussion would be awesome. [link] [comments] |
Ideas on upgrading TPLink to Unify - Advise on kit needed Posted: 07 Aug 2019 10:03 AM PDT Hi all, I am looking to upgrade our predominantly TP-Link based network with Unify devices and would appreciate your help on what is best to go for. I inherited this setup and its having all kinds of issues. 1) The 200 Meter link has nasty ping which may be down to some Willow(trees) and 2.4 saturation. 2) The WiFi the customer is getting is 1-4 mbps, but we have a 20Mbps line. I want to upgrade to 5Ghz so was thinking of upgrading the main 200 Meter link with: Ubiquiti NBE-5AC-Gen2 NanoBeam I am not sure that the N Router is required and possibly slowing down the throughput. Maybe replace with an unmanaged L2 switch. I wasn't sure what to replace the CPE210s with? The final piece is i think the travel routers are unnecessary and was thinking maybe upgrading to UAP AC Pro so there is just an access point without the router features we currently have but don't need. Here is the current network topology: [link] [comments] |
How can I accomplish VPN across Dual Wan connections? Posted: 07 Aug 2019 08:57 AM PDT How can I accomplish VPN across Dual Wan connections in a optimal way? Idea is to make:
Note
I am interested to know how can I accomplish this? [link] [comments] |
Posted: 07 Aug 2019 07:58 AM PDT Hello Do you know any good reading about 802.1X using TLS 1.2? I'm lookink to authenticate a device using a User and a Certificate (Windows PKI)... Don't know if its possible tho THanks :) [link] [comments] |
Looking for some ideas on a switch install location. Posted: 07 Aug 2019 04:09 AM PDT We have a building outside that has no air conditioning. They want about 6 cameras around and wifi in building. I am tasked with putting a switch, cameras and new fiber. Cameras and fiber should not be a problem, however no ac for the switch. All open area. Switches are juniper ex3300 poe models. Looking for options. Thanks [link] [comments] |
You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
No comments:
Post a Comment