Blogpost Friday! Networking |
- Blogpost Friday!
- How do you contact infrastructure support at a large ISP (spectrum)?
- Connecting to a secondary data room.
- 3PCC Cisco phones
- Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication
- Our NOC is being moved into a different building and we have the ability to weigh in on the remodel. My supervisor has asked us NOC leads for input. If you were remodeling your NOC, how would you change up your area to make it better?
- PLC Remote Access with VPNs with same IPs/Subnets on the PLC
- Cisco ISE Wireless 802.1x Compute Auth
- I saw a post about airline content filtering that works even if the user has a vpn. Do you all know where I can find that thread?
- Viptela on Eve-ng, vedge and vmgmt stuck?
- Best Practices
- How important is it to replace carpet flooring in a future MDF?
- Adding BFD to multiple (100+) eBGP sesions on an ASR1000
- More Access Points or Fewer Higher Density Models?
- Why do people not encrypt data over MPLS and leased lines?
- Anyone experienced with ATT NOD?
- YACAV - Yet Another Cisco ASA Vulnerability
- Cisco ASR/CUBE lite sip keep-alive
- AWS DX to ASA - Intermittent BGP outages
- Unusual behaviour of ping responses
- Cisco 9800-CL on hyper-v?
- Enterprise Switch Help.. AP plugged into switch not showing on switch.
- Palo Alto Management Access
- Buying C15M cables in bulk?
- VPN Routing Question
- HTTP 502 errors
| Posted: 03 Oct 2019 05:04 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts Feel free to submit your blog post and as well a nice description to this thread. [link] [comments]  |
| How do you contact infrastructure support at a large ISP (spectrum)? Posted: 03 Oct 2019 01:51 PM PDT Does anybody know how to contact somebody at Spectrum who actually knows what they are doing? I have a problem with some of their DNS servers resolving one of my domain names to 127.0.0.54 I've spent a week fighting with their cable tech support and twitter support. I have dig / nslookup screenshots to prove the problem, but of course none of their low level support understand that. They keep asking for the same irrelevant troubleshooting steps. (traceroute -- yeah traceroute to localhost is really going to help you troubleshoot this). [link] [comments]  |
| Connecting to a secondary data room. Posted: 03 Oct 2019 11:43 AM PDT We're looking at expanding into another space in our building and will need connectivity back to our main data room (different office, same building) and are not sure exactly how we'd like to approach this. The new space will only require access switches. There's already a single fiber run between the two spaces, but my thoughts are that if we use that, whatever switches we connect this fiber to become single points of failure for the new space. My initial thoughts would be running cables (cat 6) between patch panels in both data rooms so that each switch would be able to have redundant uplinks back to the core switch stack, but there's some concern that we may be crossing that 100ish meter threshhold. Anyone have experience in this area? EDIT: Thanks everyone. I was really overthinking this. Just gonna run more fiber like you've all suggested. [link] [comments]  |
| Posted: 03 Oct 2019 07:28 AM PDT Hi guys, Would really appreciate some help on this one. A client ordered CP-7841-3PCC & CP-8865-3PCC phones. Today he comes back to us saying the 3PCC firmware is not compatibale with ''Cisco Unified Communications Manager (CUCM)''. After searching the internet for a couple of hours i did not get any wiser. Is there a way we can make this work? or is there a way to Change the firmware on the phones to 'K9' so it would work? Thanks in advance! [link] [comments]  |
| Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication Posted: 03 Oct 2019 09:27 AM PDT |
| Posted: 03 Oct 2019 03:22 PM PDT Like the title says, our NOC is moving into a different building that has a large room in it (probably 30 feet wide by 50 feet long if I had to guess) and a remodel will be taking place. If you guys/gals had the ability to change up your current areas (or NOCs if you work in one), what features would you want in the room? I am a big proponent of comfort since we're in here 8-12 hours a day so why not at least be comfortable? We'll have windows to the outside finally (hooray!!) so that will be nice. We have 12 NOC techs currently as well as three of us leads and our supervisor. What sort of desk setups would you choose? Standing or sitting? I am trying to think of everything and anything I can and figured why not ask those who do the job saily what they would choose? I've done some searching already and in the older threads it was always set up a NOC from scratch. We've been established now for almost 20 years so our procedures/escalations paths/etc. are good to go. [link] [comments]  |
| PLC Remote Access with VPNs with same IPs/Subnets on the PLC Posted: 03 Oct 2019 03:33 PM PDT Hey Everyone, I hope someone can help me. I have softether running on windows server on a VPS. I have successfully setup up server and clients and can connect via PC and the 4G LTE Route (Teltonika RTU240 ) and can access siemens s7-1200 PLC. I have a NAT setup on VPN server with 192.168.5.1 and have given PLC static IP of 192.168.5.10 and Have set static IP on TAP Interface on PC with 192.168.5.15 and have Installed virtual ethernet adapter (microsoft loopback) and assigned a satic IP of 192.168.5.20 and bridged the connections in softether server to the virtual hub. This now gives me access from server to PLC ( I can ping PLC from Server and Engineering PC ) I can connect to the PLC from PC fine. The Problem I now have Is I have a lot of PLCs at remote sites already set up and they all have the same subnets and they can not be changed (connected to other devices in the network I have no control over) I have thought about setting up individual NATs on the routers I will be installing but it seems the OpenVPN TAP client in the router is bridged to the local lan and can't be altered. The other issue I see is the SCADA software running on the server needs to access these PLC ( I set the PLC IP address in the software for which one they connect to) I now have an issue as they all have same IP so I was possibly thinking about setting PLC IP in the software as the NAT ip set on the Router and then create static route to the PLC on the router. If I need to access PLC network from Engineering PC I will just connect to server and set the TAP IP to the NAT the PLC is on and may need to cascade the connection to that particular virtual VPN Hub. I will link a diagram for a better understanding If anyone has any better ideas or ways of achieving this would be great [link] [comments]  |
| Cisco ISE Wireless 802.1x Compute Auth Posted: 03 Oct 2019 05:06 PM PDT Cisco ISE Wireless 802.1x Computer Auth*** I'm setting up Cisco ISE with a Cisco WLC to allow only Domain Joined Computers on the the Network (That single SSID). It's a Windows 7 native supplicant which I configured for WPA2 enterprise AES and used the Computer Authentication Only (in the new wireless network setup). The client is unable to connect. ISE is showing the following error: "client didn't provide suitable ciphers that are allowed on ise" I have my policy admission criteria configured to Radius called station ends with [ssid name]. Inside of the policy AuthC is set to check AD and AuthZ is configured to PEAP and Member of domain Computer. This is on ISE 2.6 patch 2. Any idea why I get the error in ise live logs "client didn't provide suitable ciphers that are allowed on ise" and the client is unable to authenticate. Also if I remove ISE and just use PSK on the WLC client is able to successfully connect. [link] [comments]  |
| Posted: 03 Oct 2019 04:29 PM PDT I think it was a post on here in the last few months. Any help is appreciated. [link] [comments]  |
| Viptela on Eve-ng, vedge and vmgmt stuck? Posted: 03 Oct 2019 07:33 AM PDT Currently building a Viptela lab and I would like to ask if maybe you encountered this kind of issue.. my vEdge and vMgmt is not running, Copied the YML details on the documentation to all of my viptela component but these two seems like not working.. Do I need to tweak something on YML file? Heres the output image: Also maybe you can answer the below question.
Currently using Vmware hypervisor and Eve(free) 2.0.3-95 with 12-CPUs 24gb-memory is this ok? Thank you [link] [comments]  |
| Posted: 03 Oct 2019 12:31 PM PDT Dear Fellow Redditors, I am an junior network engineer working at a service provider which also manages on-site networks. Currently I am thinking about making a document/wiki page about best practices/design principles for switch/router configurations. These principles are general rules about how to configure a switch. Some examples are; disable telnet, no webmanagement, banners motd, exec, incoming etc but also rules like ALWAYS use recommended firmware from the network supplier. These items are pretty basic, but very important for consistency and management. Any ideas how to implement a good policy? and what do you think about such a way of working? [link] [comments]  |
| How important is it to replace carpet flooring in a future MDF? Posted: 02 Oct 2019 10:06 PM PDT Hello! I wanted to know the importance of replacing carpet with VCT tile for our future MDF. I will be bolting down a rack on the floor which will hold network & server equipment. Based on the room size, the estimated cost to replace with VCT tile and replace the base cove would be around $120 + labor. I am aware of static concerns but has anyone dealt with this same situation? If so, what should be done? The people in charge only want necessary changes, so I need to give them reasons to replace if needed. Thank you. [link] [comments]  |
| Adding BFD to multiple (100+) eBGP sesions on an ASR1000 Posted: 03 Oct 2019 08:19 AM PDT We have around 100+ eBGP peers to customers. We use BGP for failover purposes on their assigned ranges. Obviously the timers for BGP can be a bit long so if their WAN goes down then failover can take a few minutes. This hasn't really caused us any problems but it would be nice to have a faster failover. Has anyone noticed if adding BFD to multiple BGP peers to add much of a performance hit at all? This would be on ASR1002 routers but I would also probably want to add it to MX104 PE's as well. thanks [link] [comments]  |
| More Access Points or Fewer Higher Density Models? Posted: 03 Oct 2019 12:58 AM PDT Hi When planning wifi deployments for high density environments such as open plan office spaces, is it best practice to go for more access points to spread the load or fewer access points but of a higher end model e.g. more antennas etc. We are a Meraki user and I am weighing up whether to go for Meraki MR33 or one of the higher end models such as MR42 or even MR45 taking into fact that for the price of one of these I could get atleast 2 MR33. [link] [comments]  |
| Why do people not encrypt data over MPLS and leased lines? Posted: 03 Oct 2019 06:20 PM PDT I've been reading a lot of stuff about SD-WAN lately, and I constantly see examples where people are like:
I also have heard it from my peers several times over the years - stuff like:
I have spent my last 6-7 years in IT in sectors where there's very sensitive data (defense, baking, healthcare), and to me, an MPLS connection is just another connection over an untrusted network (ie. a network that I don't control), and I wouldn't dream of sending unencrypted packets across it. According to HIPAA, if my service provider takes a PCAP, I've gotta report a breach. Is it just me, or do a lot of people actually use MPLS without IPsec? [link] [comments]  |
| Anyone experienced with ATT NOD? Posted: 03 Oct 2019 10:43 AM PDT We're having issues with configuring our network to work with ATT NOD (network on demand). Currently we have all sites connected through the NOD on a VLAN 50, we are trying to change this to a different VLAN so we can isolate all sites and not extend VLANs (other than 200) across the network. The NOD is supposed to act like an L2 switch, but when we change VLAN ID on the port connected to the NOD (same IP, different VLAN tag) all traffic drops. ATT assured us VLAN didn't matter to NOD, but that's as far as we can get with support. [link] [comments]  |
| YACAV - Yet Another Cisco ASA Vulnerability Posted: 03 Oct 2019 08:04 AM PDT |
| Cisco ASR/CUBE lite sip keep-alive Posted: 03 Oct 2019 11:04 AM PDT We have an issue with a Cisco ASR acting as an SBC, not sending sip keep-alives. This is a new carrier we are working with and they expect to see a hello within 30 minutes or they drop the call. I've seen the below: (Dial-peer)#voice-class sip options-keepalive up-interval 30 Is that what will do it or should I look at something else? [link] [comments]  |
| AWS DX to ASA - Intermittent BGP outages Posted: 03 Oct 2019 11:00 AM PDT Hi all, I've been struggling with this issue for a really long time and can't seem to find the smoking gun. This has been going on for way too long [link] [comments]  |
| Unusual behaviour of ping responses Posted: 03 Oct 2019 09:14 AM PDT Hi everyone! Have a curious situation here, and I THINK I know why it's happening, but I just wanted to confirm. We are currently testing some new ACL's where I work, and we are getting some unusual responses to our test pings. When we attempt to ping a gateway (say 10.2.2.1) from a network (192.168.0.0/24), the ACL's work correctly. When we attempt to ping a network/broadcast address (/24, so 10.2.2.0, or 10.2.2.255) I BELIEVE the router is proxy arp'ing back, with the Interface closest to the source, so say 172.16.1.1 for example. My question is why does the router respond with a proxy-arp when it's the network/broadcast address, any not any other address behind the network? Is it because it see's itself as 'owning' those addresses, or belonging to that subnet on those addresses? Any further info on this would be greatly appreciated! Steve [link] [comments]  |
| Posted: 03 Oct 2019 08:53 AM PDT Need to deploy one of these as we have a bunch of new compatible access points, and our current/old wlc is end of support/eol. Officially it only supports Aws/KVM/esxi, but has anyone tried running it on a hyperv host? Our only current esxi host is falling to bits but we have a couple of new hyperv clusters it can run off if it works in hyperv [link] [comments]  |
| Enterprise Switch Help.. AP plugged into switch not showing on switch. Posted: 03 Oct 2019 04:18 PM PDT I am trying to figure out which switches are on which floors, so I followed ap to patch panel to switch. When I go into the switch back end, it seems to have few to no clients connected, none which are the AP. Many APs are visible on other switches but none of the switches that I traced the APs to are saying they have APs connected. The switches are linked together. Could anybody shed some light on how this works or maybe some reading resources to figure out why this is behaving this way? It looks like one switch is mapping the APs to another switch but I would like to know how this is happening and how to trace where they originate and end. edit Aerohive switches SR2324P and 2224P. Aerohive access points AP250,122,150W [link] [comments]  |
| Posted: 03 Oct 2019 08:32 AM PDT Pretty new to Palo Alto but so far very impressed with them. I have what seems like a pretty routine task, but I can't nail it. We have a PA220 that we manage for a customer. We have a management profile applied to the outside interface, allowing https, ssh, and ping from our company public address. It works as expected. Cogent wants to monitor it as well with pings, but if we add their source IP addresses to the management profile, they will also have the ability to ssh and https. I know they can't login, but on principle they should only have pingability. It's not possible to assign multiple management profiles to an interface. And it looks like when we add a regular security rule to allow pingability on the outside interface from a specific source, the management profile takes precedence. I was considering removing the management profile and using only security rules to allow our management access and Cogent's monitoring. I also something about NATing to a loopback address, but that sounds overly complicated. And something about configuring the management interface as another security zone, but again that sounds like it shouldn't be needed. I've done a fair amount of Googling and so far have not found the ideal solution. I even found a Reddit question for the exact same scenario, but nobody actually answered the question. Any suggestions? [link] [comments]  |
| Posted: 03 Oct 2019 04:56 AM PDT I'm in the middle of color coding all cables in a datacenter and I'm having trouble finding C15M cables for juniper/cisco devices. I need several lengths and several colors, I can't seem to find that online. Does anyone have a good source for them? [link] [comments]  |
| Posted: 03 Oct 2019 01:45 PM PDT Hi guys. I am trying to get some syslog packets routed from our core switches over our Checkpoint site-to-site VPN to our main office's syslog server but I'm getting lost in the detail and was wondering if you could help me figure out how I can get it to work. Our setup is as follows (fake IPs): BRANCH OFFICE: Firewall (cluster IP = 10.10.10.1) Core switch (IP = 10.10.10.2; Default gateway = 10.10.10.1) MAIN OFFICE Firewall (cluster IP = 10.20.10.1) Core switch (IP = 10.20.10.2; Default gateway = 10.20.10.1) Syslog server (IP = 10.20.30.1 on DMZ defined only on Firewall; no DMZ VLAN defined on core switch) So, routing should be: Branch Core switch > Branch firewall > [Over VPN Tunnel] > Main firewall > Core switch > Syslog server I have setup a firewall rule similar to one below but no packets are hitting the firewall: Branch_Core Syslog_Server [Over_VPN] Syslog Accept My question is: Do I need to setup a static route i.e. 'ip route 10.20.30.1 255.255.255.255 10.20.10.1' even though the DMZ VLAN isn't defined on the core as at the moment everything is being routed to the firewall cluster IP and it might not know how to route it over the VPN tunnel I hope this is clear - happy to answer any questions! Thanks in advance [link] [comments]  |
| Posted: 03 Oct 2019 01:30 PM PDT I had a few of those in the last couple days. Started to wonder what is going on. Different clients, trying to get to different web site, and the the error. When I enter a proxy, the sites are available.. The ISP says that they don't have any restrictions. Is then something going on on the server side? Does someone know what exactly? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment