Moronic Monday! Networking |
- Moronic Monday!
- How do you keep everything monitored?
- Applying to ISP jobs but to no avail
- How to set up a DMZ in this case?
- Cisco ISE first installation
- Thoughts on certificates, future planso and familiarity with Aruba HPE exam - HPE6 A47 or any Aruba related exams?
- I finally made it into pre-sales. But can I get what I want out of it?
- Gold standard open source host discovery?
- [OC] Simple tool I made...
- ChromeCast cross VLAN, Blocking other MDNS Devices
- Enterprise router options
- Cisco ASA - Restrict traffic to devices on the same VPN VLAN/subnet
- Cisco ASA Active/Standby Connect Directly to One WAN Router
- Using SR-IOV with virtio passthrough mode on KVM for CSR1000v
- Issue with Same Default Gateway is set on multiple different VLAN on Aruba 2540-48
- HP 1920, L2 Block clients from communicating on the same VLAN
- Separation of Concerns - Routers
- L3 Roaming in Wireless
| Posted: 01 Sep 2019 06:04 PM PDT It's Monday, you've not yet had coffee and the week ahead is gonna suck. Lets open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. [link] [comments]  |
| How do you keep everything monitored? Posted: 02 Sep 2019 10:45 AM PDT Hi, I Ops Manager in a Big datacenter and sometimes we have trouble to keep everything monitored. We use a lot of Zabbix and a private Workflow tool for CMDB but frequently we find switch's or router's that were added to the topology and are not monitored or added to the CMDB.. Of course this means flaws in change management process. But how do you make compliance with this problem ? Network discovery tools like Netdisco ? Can you share you experience on this subject or recommend any good books and tools to take a look ? We are working on making our process more strong and clear but i need to add some controls to make sure. [link] [comments]  |
| Applying to ISP jobs but to no avail Posted: 02 Sep 2019 04:51 AM PDT Hiya fellas! Basically I can't get past the damn HR filter. Recently just passed my CCNA, on my resume I've written down that I am working as a Network Admin/Implementation Engineer on a 50-50 ratio, in regards to time and responsibilities. Also from my resume: Layer 2 implementation + configs, W/less, Aruba and Cisco, PoE devices and some f/walls. This I've been doing for the past 9 months, and apparently no HR will have have me. No HR in the ISP/MSP sector that is, that's where I want to go really. And having gone halfway through the CCNP doesn't seem to matter to anyone. Before that, my EXP on the resume is a bit shabby, and no college degree either, so maybe those are the culprits. Any thoughts on this guys? Am living in UK and yea, I'm a foreigner if that matters to any. [link] [comments]  |
| How to set up a DMZ in this case? Posted: 02 Sep 2019 03:23 PM PDT Hello redditors, finally I got fiber and a public static IP in my house. Now I need some servers but due to security reasons I need first a DMZ. This is my situation: https://imgur.com/a/vtotZJd (the DMZ is not yet configured) Basically the ISP Router is useless, I can only forward ports, assign static IP addresses and little more. Than I have and old fully configurable router running OpenWRT. I know in a proper DMZ my servers should be in the middle, between internet and my LAN but unfortunately this is the only way to go I can think about. How should I configure my firewall and a subnet in order to be the most secure as possible? [link] [comments]  |
| Posted: 02 Sep 2019 05:27 AM PDT Hi r/networking, I am installing Cisco ISE 2.4 on a pair of SNS3655-K9s and it has been on the same screen for about 2 hours. Anyone know how long the initial install should take? Last output to the terminal is:
[link] [comments]  |
| Posted: 02 Sep 2019 06:13 AM PDT I am fresh electrical engineer graduate who's currently working as pre-sales engineer (not my type of role tbh). I worked part time as a programmer during my university days for a period of 4 years. I have mastered the programming field and can easily learn any program language in less than a week; however, as being an engineer, I wanted to specialize in a core engineer job. Currently I've finished 3 un-procured Cisco exams related to sales. Now I'm working on Aruba Design Professional certificate as requested by my boss. I've became more interested in it since it discuss engineer related topics and got me more familiar with network switches, routers, APs, RF planning and so forth. Many employees suggest that it's not good to get certificates since other companies would think I'm only going to study at my role but the fact that I've been in this job for +2 months and had no background knowledge on networking I've literally ignored what they said but still want to know if what they told me is correct or not? Will these certificates help me in the long run for my career hunt since I'm planning to work as an engineer and not a sales person? If so how is the nature of these exam or the exam I'm taking in particular and what should I expect? Does studying the materials suggested at HPE Press is sufficient or do I need more practice? [link] [comments]  |
| I finally made it into pre-sales. But can I get what I want out of it? Posted: 01 Sep 2019 05:29 PM PDT I'm a young guy with 4 years of experience in network engineering. At high level, all I've wanted out of my career is 1) a big paycheck, 2) personal freedom, and 3) the power to influence decisions. A pre-sales job seemed like the best way to get all 3 of these things, so earlier this year I maneuvered myself into a Solutions Architect role at one of the big telecoms. I've definitely gotten the big paycheck and the freedom I've craved, but I still feel as powerless as ever. I think this is because our company really only sells Managed Services and ISP-stuff to our customers. Even though we have the capability to do everything that a VAR/integrator can do (and we loooove talking about how "strategic" and "innovative" we are), nobody actually seems interested in going outside of their comfort zone and competing in that space. I want to engage with the customers and build out whole solutions, but I feel too constrained by my account execs, my own management, my customers' views of us, and my company's culture at large. I'm definitely going to stick it out here for at least 2 years*, but, I'm planning for the future nonetheless. Here are where my questions come in:
*Edited [link] [comments]  |
| Gold standard open source host discovery? Posted: 02 Sep 2019 02:33 PM PDT Hey all, I'm looking for a solid host discovery tool. I know and have used a lot of the standalone tools out there but I need something a bit specific. Not only should it do on demand/scheduled scans but I need something real-time. For instance Forscout eyesight receives a copy of client segment DHCP traffic (via ip-helper). This triggers and automatic response of WMI/nmap/switch snmp data discovery right when a host comes online. With retention and alerting of this data it could be a workable tool for my SOC. I'm tackling BYOD but real NAC is a looong term project. Ideally my SOC will use this tool to track down and take action on unmanaged hosts. My heart would sing if LibreNMS or had integration support for something like this...or maybe I feed it to Splunk. Thanks for reading and any for inspiration. [link] [comments]  |
| Posted: 02 Sep 2019 10:05 AM PDT I'm sure literally all of you have a better way to ping your devices, but just in case you need something stupid simple... (maybe a better visual for manglement.) I made a little tiny program to ping multiple IPs simultaneously at a given rate. Shows latency and dead/alive status and that's about it. Github here: https://github.com/jakehedlund/MultiPing
(PS: not trying to make money off this, so I hope it doesn't break any rules...) [link] [comments]  |
| ChromeCast cross VLAN, Blocking other MDNS Devices Posted: 02 Sep 2019 01:24 PM PDT Hi all I was going to install it on my IoT Network (I have a few VLANS to keep devices separated) but hit a roadblock with the cross vlan mdns issues. I know i can enable a few things on my router (unifi USG) and get cross vlan working (quite a few forums online telling you how) The problem is I dont want to turn on cross vlan for everything, as I have other devices I want to keep separate (cameras, printers etc) Is there some way ( firewall rules ideally? ) that I can say allow the chromecast (IoT Vlan) to be accessible from my main and guest vlans? while stopping everything else (printer for example) from being discovered on the guest vlan? I know there are options like mdns repeater servers which I can use if needed, just wanted to try avoid having to run another VM just to route traffic. Thanks in advance. [link] [comments]  |
| Posted: 02 Sep 2019 12:33 PM PDT Hi I was hoping for some advise on some options for enterprise routers. I have a very good understanding on the Cisco ISR and ASR ranges and Juniper SRX lines and using those as routers. Could anyone share some experience with any other brands please? As far as I'm aware for enterprise options I don't think there are many dedicated cost effective enterprise routers that can be used at scale. I'm Looking to achieve around 1Gbps throughput at 1500B packets around 1500 prefixes in the routing table. With Cisco you could use ISR4431's or some of the lower models with boost licenses but considering the length of time the ISR4000 series has been around now I am guessing an End of Sale announcement is imminent and cost against performance I think is on the high side with limited interfaces with expensive NIMs and SM-X's for additional interfaces comparing these against higher end models. I'm also not really aware of any white box routers, could anyone point me in the direction of any distributions? I guess it's feasible to use a Linux box and use FRR but I wanted to see if there was anything dedicated. I have seen many things about Whitebox switches but nothing really relating to routers. Another option I am going to look in to is the potential to use switches to see if there is a viable option that could be used in place of a router and what compromises would be made by doing so I.E IPSec VPN not an option. Thanks [link] [comments]  |
| Cisco ASA - Restrict traffic to devices on the same VPN VLAN/subnet Posted: 02 Sep 2019 11:15 AM PDT Howdy, I was wondering if it was possible on a Cisco ASA to restrict traffic between clients on the same VPN DHCP VLAN/subnet. Example: User 1 VPN'd to ASA - IP address = 192.168.1.99 User 2 VPN'd to ASA - IP address = 192.168.1.100 At present, I can ping 192.168.1.99 from user 2's PC. Is there a way to restrict all traffic on the VPN DHCP VLAN so that users VPN'ing onto the network cannot reach or route to other devices on the VPN DHCP VLAN/Subnet? Thanks. [link] [comments]  |
| Cisco ASA Active/Standby Connect Directly to One WAN Router Posted: 02 Sep 2019 09:24 AM PDT For some reason I can't find a good way to do this, and I feel like it should be pretty simple. I have two Cisco ASA 5515-X firewalls in an Active/Standby configuration. Upstream, I have one WAN router (which I control) that hosts a GRE tunnel to the rest of the world. Somehow I need to connect both firewalls to the one router and have the failover work correctly. I have seen plenty of documentation on how to accomplish this with both firewalls connecting to a switch which then connects to the WAN, but a direct connection to a router isn't common. Any ideas? I figured that I could assign each firewall a separate transit /30 network and uplinking each one to the WAN router that way, but I don't see how to assign the standby firewall an entirely different WAN subnet. Edit: Thanks everyone. Since the only ways to do it seem to be a bit hacky, I went ahead and got a little 8port switch to aggregate the links. Have a good night you all! [link] [comments]  |
| Using SR-IOV with virtio passthrough mode on KVM for CSR1000v Posted: 01 Sep 2019 07:44 PM PDT Hi r/networking, I have been struggling for a few days on this and thought its best to look out for someone who has already done this. I am trying to bring up a CSR1000v on KVM in Centos 7 using virt-manager GUI tool in Quantas server. I want to be able to communicate to a Nexus9k switch connected to the Quantas server via 25GbE links (intel xxv710 dual port 25gbe sfp28). Initially i was trying to directly use ports in passthrough mode with virtio driver. On more research, I understood that the Intel xxv710 might not be compatible in direct mode and then added VFs for SR-IOV. Currently, i have mapped the SR-IOV VFs to CSR1000v in KVM via virtio passthrough mode but it does not seem to work as when i try to ping from CSR, i dont see any packets on VF when i do a tcpdump. Has anyone tried this before and have any inputs on what am i missing? Do i need to enable promiscuous mode as well? I am also looking to add tagging to one VFs which i have done by adding vlan to the vf itself as my nexus side interface will expect a vlan tag. I believe this is right and will work once i sort the first part of correct mapping. Relevant outputs at : https://imgur.com/a/EK3jadO [link] [comments]  |
| Issue with Same Default Gateway is set on multiple different VLAN on Aruba 2540-48 Posted: 02 Sep 2019 04:50 AM PDT I have a newly accuired Aruba 48P switch and see that all my VLAN is showing the same default gateway and when I change it on one VLAN it changes it on all VLAN. Talked to HPE support but he could not answer this so I was hoping here that anyone knows why it does this? [link] [comments]  |
| HP 1920, L2 Block clients from communicating on the same VLAN Posted: 01 Sep 2019 10:20 PM PDT Hi folks, so I don't know if this is possible with the 1920, but figured I would ask I have an HP 1920 L2 switch and a pfSense firewall (Dell R210 II) and I want to create a few VLAN's that can block communication between clients on the same VLAN. For example, a Camera VLAN that blocks device-to-device except the NVR (in another VLAN), and a Public VLAN that also blocks device-to-device but allows internet connectivity (physical ports for public terminal PC's, AND tagged WLAN). I have both networks up and the pfSense firweall blocks vlan to vlan communication, but obviously does not block client intercommunication within a vlan. I have never done this before, let alone with a lowly HP 1920 (does everything else I need up till this point). Is this the correct procedure? Configure static routes --> then configure ACL's, create a QoS Classifier, a Behavior, and then I can create a port policy to map to specific switch ports. Damn, that seems complicated..... Is this easier with a true L3 switch?? https://vmfocus.com/2012/09/26/how-to-configure-layer-3-static-routes-vlans-on-hp-v1910-24g/ https://achilleanblog.wordpress.com/2016/05/29/hp-1920-vlans-and-acls/ [link] [comments]  |
| Separation of Concerns - Routers Posted: 01 Sep 2019 10:05 PM PDT I work at a small business. We use a Cisco RV260 router. We have just under a dozen servers, and maybe a dozen workstations and then people's cell phones, tablets, etc, on the network. Right now, everything is on one VLAN - one subnet. This means anyone on the network, from the sales team to the tablets, to a guest at the office, could theoretically have network access to our core business infrastructure - the servers. I want to change this. Obviously. I've been trying to read up on this before making a proposal to my boss on Tuesday, but sometimes the terminology gets dense and I have trouble understanding how to actually implement separating different devices into their own subnets. For example, I'd like to get the sales team on one subnet, the support team on another, and the servers on their own, etc. Ideally, I'd like to be able to create these subnets with the infrastructure that we already have. From what I can tell, I can create a VLAN (on the RV260) for each subnet that I would like to have and thereby isolate the servers from the salespeople from the support team, and so on. If I'm right so far, what would I need to change on the actual servers/PCs/etc to get them operational on this new network configuration (eg do I need to change the default gateway on them?)? Is there anything special I would need to do when setting up the VLANs? Do I need to have a separate router for each subnet that I want to create? Or is having a VLAN sufficient to create new subnets? Then, to take things a step further - how might I go about getting two subnets to communicate if I need to? For example, allowing the support team to share files with the servers, should I need to? Would it be possible to restrict which parts of the subnets can communicate to each other? [link] [comments]  |
| Posted: 01 Sep 2019 06:54 PM PDT Hi r/networking! Long time lurker here. Where I work, we're looking at deploying a new wireless network. The current network is Cisco based, with WLC. But for the new network, we are thinking about deploying a Mojo (Arista owned WiFi vendor) network. During our researches, we found that it does not support L3 roaming. Our office network has a lot of subnet, historically, we have a subnet per ssid/per floor. Here's the question: Does any of you fine people have deployed MoJo Wireless in larger office/campus with a lot of subnet? Has the lack of roaming been an issue for you? We're thinking turning off all 2.4GHz wireless, so bleed between floors would be less likely, but I'm still not sure if the lack of L3 roaming is a deal breaker or not.... [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment