NSA advisory on Pulse SecureTM, Palo Alto GlobalProtectTM and Fortinet FortigateTM VPN products Networking |
- NSA advisory on Pulse SecureTM, Palo Alto GlobalProtectTM and Fortinet FortigateTM VPN products
- SD-WAN
- Going with Cisco 9000 series access switches without SD-Access stuff?
- Network Analyzer / Monitoring
- Best practice for cabling switches
- SFP speed limitations?
- Viptela | Web server certificate?
- How to get decent e2e connectivity between US/EU and LATAM/EU?
- Simultaneous traceroutes? (Thread saftey)
- Preferences on NOS and Whitebox Hardware
- UDLD Loop on Carrier Handoff?
- Checkpoint VPN - phase 2 subnets
- Aruba 7010 centralized licensing
- Routing Protocols - Switch Config
- F5 BIG IP - Help with Redirect from Port to URL
- Strange AP Issue - PoE issued, link down.
- Cisco switch shutdown with specified reboot time?
- Need help with wifi issue (somewhat desperate)
- Aruba VSF Stacking Question
- SSID Extending
| NSA advisory on Pulse SecureTM, Palo Alto GlobalProtectTM and Fortinet FortigateTM VPN products Posted: 09 Oct 2019 02:52 PM PDT |
| Posted: 09 Oct 2019 05:53 AM PDT Does anyone know of a good site or conference with some true vendor-agnostic SD-WAN material? Looking around the web and I am only finding people trashing one vendor over others (cough cough Cloud Genix). I appreciate the info in advanced! [link] [comments]  |
| Going with Cisco 9000 series access switches without SD-Access stuff? Posted: 09 Oct 2019 10:46 AM PDT SD-access just seems too complex for the problem it solves in our case as we're just building a new campus building and not totally a greenfield installation. Wondering if there's any point now getting Cisco access stuff and use Prime? Or do you see that SD-access is a must and Prime will be replaced with DNA center and then we have to renew DNA licenses etc :) ? We've been mainly an HP/Aruba shop and our only reason to go with Cisco is that we can get 48x1G PoE+ switch with 2x PSU and 10G uplinks and stack kit for something like 1200 euros. With Aruba we'd need to go up to 2930M where we need to get one 10G SFP+ module and 2x PSU modules and stack modules. That would be something like 2600 euros I'm afraid. With SD-access we'd need to replace the distribution switches we already have extra for this case and also probably get some sort of border leafs etc. and use at least 9300L as we're going to need more than 4 segments. With few hundred switches and as in our sector there's never money to get anything, it feels sort of hard to justify the Aruba cost. I wouldn't mind Cisco, we'd still use ClearPass and 802.1X to put the client in right VLAN and have the same config in every switch. Any thoughts? [link] [comments]  |
| Posted: 09 Oct 2019 05:24 AM PDT Hello, Anybody can recommend a good free network monitoring tool. Just for checking the current bandwidth that is passing on the network. and maybe other data also. I just need to verify from a user standpoint. i don't have access to their internal devices. Thank you in advance. [link] [comments]  |
| Best practice for cabling switches Posted: 09 Oct 2019 11:09 AM PDT What I have been doing up until this point, I'll try to explain like this: Switch 1 gi1/0/24 trunks to Switch 2 gi1/0/23 Switch 2 gi1/0/24 trunks to Switch 3 gi1/0/23 and so on... It looks great. Very neat. Is this bad practice, though? Obviously if Switch 2 fails... hell if even just the trunked cable going from Switch 2 to 3 comes out... everything else down the line is screwed. I feel like I already know the answer to this but I am just throwing it out there to get some feedback. Is there a way to aesthetically and logically keep things organized beside what I have described, that I may be overlooking? Is a setup like I have descried essentially destined to fail? [link] [comments]  |
| Posted: 09 Oct 2019 11:57 AM PDT I have a couple of TP-Link Jetstream POE switches with SFP ports available. Not being SFP+, they were designed as gigabit sfp slots, but I have read that they are still capable of 1.25 or even 2.5. Could someone clarify what the theoretical maximum is on SFP, and whether RJ45 vs fiber would be a limiting factor. I have not purchased any transceivers or DAC yet, as I want to make an informed choice. We also have a new server ordered that will have a 10G card for future-proofing, although I admit I do not know if those ports are RJ45 or SFP. I assume if they are SFP, they will not be compatible to interface with my SFP slots on the current switches, correct? Thanks for taking the time. [link] [comments]  |
| Viptela | Web server certificate? Posted: 09 Oct 2019 11:18 AM PDT Hi, I would like to confirm the following regarding viptela web server. Supposed that the purpose of this certificate is to establish a secure connection between your web browser and the vManage server using authentication certificates. Q:
For example, if the current certificate issuer OU is vmanage does it mean that this is locally generated by vmanage? Thanks [link] [comments]  |
| How to get decent e2e connectivity between US/EU and LATAM/EU? Posted: 09 Oct 2019 12:22 PM PDT Every residential/small office ISP seems to go through pretty congested uplinks out of each continent. What are the ways one could get proper connectivity over the Internet to avoid the usual chokepoint? Ignore price concerns but be reasonable please. [link] [comments]  |
| Simultaneous traceroutes? (Thread saftey) Posted: 09 Oct 2019 12:42 PM PDT I'm a developer working to help automate some network tasks. One of these tasks involves running a series of traceroute commands on a server, targeting a series of destinations. To speed up the run time, I'm considering running the traceroute commands in separate threads, which would result in them running simultaneously. However, I couldn't find anything online (probably searching wrong terms) about whether running traceroutes simultaneously/threaded like this was safe or not, and I don't know enough about the underlying mechanics of traceroute or networking to conclusively say for myself. I understand traceroute functions by sending out a series of packets with a TTL that runs out on each progressive hop, then receiving the ICMP Time Exceeded Message from the device at that hop. My question is with simultaneous traceroutes running, will it know which ICMP message is for which traceroute command? Does this hold true if the traceroutes are targeting the same destination? Does using a UDP vs a ICMP traceroute affect this? What defines this behavior? The underlying protocols of networking? The run environment/implementation of traceroute (Linux, Windows, Cisco IOS, etc.)? Thanks for any help or further information you can give me. EDIT: The underlying question might be: What information does the 'ICMP TTL Exceeded' response contain and how is the response matched back to the packet that originated it. Is it even matched back a specific packet, or port, or command? Or just to the source ip? [link] [comments]  |
| Preferences on NOS and Whitebox Hardware Posted: 09 Oct 2019 05:38 AM PDT I am trying to decide on a path for my network. I am looking at "Whitebox" options and their built in OS's (eg. fiberswitch, edge-core, dell) or go pure bare-metal and look at some of the NOS systems out there. All I am really looking for is standard L3/L2 features, but also MLAG/"Stacking". So far I like the idea of the Whitebox switch with software over the built in, but Price is a strong factor as I will want two switches for the redundancy but can only afford one of the two at this time (Second one could be bought early next year if needed). What are peoples feelings are on the names I have found: Cumulus - Seems a touch Expensive based on some of the offerings on FS's site. IPfusion Big Switch Networks PICA8 - Cheaper then Cumulus? Other then the BS fs has pulled with the marketing what do people feel about with edge-core/fs builtin software? I have looked at the usual hardware vendors (Dell, FS, Edge-core), and am wondering what experiences people have run into with those brands and the NOS based software. One of the big things I am worried about in all of this is company reputation and support. I just realized as a cost saving feature I could possibly go with a Dell switch and save money on the software with openswitch. I do understand that this is a more on your own support model though. [link] [comments]  |
| Posted: 09 Oct 2019 07:16 AM PDT Hey Everyone - Have an odd issue, and wanted to see if the hivemind had any ideas. Have a point-to-point circuit with a regional fiber carrier that connects from their Juniper CPE to our Cisco Nexus edge devices on both ends. The problem we're having is that on one end of the circuit, everytime there is a Carrier outage, the Cisco edge device puts the port into a udld Loop state, and effectively blocks the port. It stays in this state until the interface is flapped. This is pretty inconvenient, as it prolongs outages. A brief 30 second outage on the carrier side might take an hour to fix, because someone has to log into the site/switch, and flap the interface. Is there anything that can be done on the carrier CPE or our edge device to prevent this? Also - any common causes for the udld Loop state on a circuit handoff interface? [link] [comments]  |
| Checkpoint VPN - phase 2 subnets Posted: 09 Oct 2019 05:16 AM PDT I mainly work with Cisco ISRs for VPN and I am used to creating an ACL to define the subnets I want to participate in phase 2 for IPSEC vpns. I can have multiple VPNs, all with different phase 2 source subnets. On our Checkpoint firewalls (R77.30) I cant see how to configure the same behaviour. All I seem to be able to do is create a group to define a VPN domain at gateway level which applies to all VPN connections. This means all my subnets are getting included in phase 2 for all VPNs. It doesnt prevent the VPNs from getting established but I am not comfortable with every VPN connection having all source subnets included in it. Any idea how I can configure this in smartdashboard to be more like the Cisco config? [link] [comments]  |
| Aruba 7010 centralized licensing Posted: 09 Oct 2019 03:33 AM PDT I inherited two Aruba 7010 controllers: one is master, the other is backup. As far as I can see, licensing is centralized: Enable Centralized licensing: Ticked This morning, for some reason, the master controller rebooted. Thanks in advance ! [link] [comments]  |
| Routing Protocols - Switch Config Posted: 09 Oct 2019 12:58 PM PDT I am taking over the networking role from someone that left. I have a good grasp of the basics but am still working on getting my head around the more in depth topics. I have updated the vlan's to the ip range for the new site, I assume i need to update any ip that is in the existing site's range to the new site's range, correct? [link] [comments]  |
| F5 BIG IP - Help with Redirect from Port to URL Posted: 09 Oct 2019 08:47 AM PDT Hello. I've configured SSL Offloading on my F5. I have my VS set to use 443, while my Pool is set for 80. I have set a client SSL certificate. Within IIS, my site is bound to port 80. I've tried a bunch of different iRules but am at a roadblock. When I try to connect via my client, I'm getting an error stating the connection has been actively refused on X.X.X.X:80. I had a similar configuration with Citrix ADC and had to create a policy to redirect from port 80 to https://server.domain.com. Is this possible with F5? Any help is greatly appreciated. Thanks! [link] [comments]  |
| Strange AP Issue - PoE issued, link down. Posted: 09 Oct 2019 07:45 AM PDT The AP came online initially and registered in the WLC just like normal. I was able to rename it, update its software, etc. Then it just went offline. I have ten other APs in the exact same setup. I stripped the config on the switchport to be very basic. I have 130 APs operational on this WLC and its licensed to 200. I'm guessing its a software bug and a reboot of the switch will resolve it, just curious if anyone else has seen anything like this before. As the title states, the PoE is granted, but the connection is down-down. Hardware:
Switchport Config:
The switch itself has plenty of power available from a "show power inline"
Gi1/0/1 auto on 15.4 Ieee PD 4 60.0 (output for switchport of the AP) [link] [comments]  |
| Cisco switch shutdown with specified reboot time? Posted: 09 Oct 2019 07:33 AM PDT Is there a command I can run that will shut down a remote switch for a specified amount of time (24hrs) and then boot it back up? [link] [comments]  |
| Need help with wifi issue (somewhat desperate) Posted: 09 Oct 2019 06:36 AM PDT Hello everyone! I recently started a new role that is slowly becoming more Networking focused (not my specialty). I have full access to our local meraki instance. Problem: people are constantly getting disconnected from the wifi even while the laptop is not moving. Currently we are only running out 5Ghz channel, when I look at the client event logs the event type is 802.11 disassociation details unknown reason. When can I start troubleshooting this??? [link] [comments]  |
| Posted: 09 Oct 2019 06:13 AM PDT Hello all, I've acquired nine Aruba 2930F switches for my job. I've got two running as standalone switches and I'm forming additional stacks of four and three switches, via SFP+ ports and DAC cables. I'm not quite sure why this is, but when I show running config, I see a discrepancy that I think might be causing the issue? I think it might have something to do with "link 1 1/49,1/52" on the commander (member 1). The stacking ports are both showing up under the same link, whereas for the others, they are separate. Not sure how to deal with this to reconfigure it to the same as the others... I don't even know if this would fix the issue... Any advice would be appreciated. Ultimately, I just want them in a ring topology. Edit: Resolved [link] [comments]  |
| Posted: 09 Oct 2019 04:59 AM PDT Is it possible to extended a SSID from a WLC to the meraki portal for offering to meraki devices? I have a Z3 that needs to connect to a wireless network that is hosted on a WLC. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment