bpduguard default Networking

---

• bpduguard default
• For those who have their JNCIA (or higher), what materials/video lectures/labs etc. did you use to study?
• Affordable Network Tester with CDP/LLDP Support
• Ospf area design for back to back links
• Changing Native VLAN in existing network
• Firewall with built-in IPS -- what do you use?
• Dual ISP/Core sanity check
• SSO via wifi credentials?
• Device unable to set static IP, requires DHCP Server, hypothetical situation question
• Check Point declining in sales? Why so?

bpduguard default Posted: 15 Dec 2019 06:35 AM PST I am trying to see what is best practices on Trunk ports. I currenlty see configuration on swithes spanning-tree portfast bpduguard default And on all ports that are connected to other switches spanning-tree bpduguard disable I am thinking about removinb off all interface and default. What are your thougts about risk submitted by /u/johny696969 [link] [comments]

For those who have their JNCIA (or higher), what materials/video lectures/labs etc. did you use to study? Posted: 15 Dec 2019 03:30 PM PST I am soon transitioning from a Hosted PBX Repair position into a NOC role and was advised by my new manager that most of the gear I will be using in my day to day is Juniper hardware, and that getting any related certs wouldn't hurt. My current position has exposed me to MX, SRX, and QFX Enterprise routers and EX switches, so I'm not walking into my studies blind, but I do not believe myself to be test ready. I have the Junos Genius app which is decent, but is limited to mobile/tablet. I read up on the course Udemy offers and that seems promising as well. But I figured it wouldn't hurt the guru's here if you have any advice. Any and all help is welcome! submitted by /u/JackieWaste [link] [comments]

Affordable Network Tester with CDP/LLDP Support Posted: 15 Dec 2019 05:33 AM PST Hi Team, I'm curious if anyone has had good experience with any affordable Network testers, Ive used the fluke and netscout stuff before and they are great, but very expensive. I've also seen Kickstarter like products which use your phone, anyone had good experiences? Id be happy to pay 150USD and if work don't pay me back then no big deal. submitted by /u/redex93 [link] [comments]

Ospf area design for back to back links Posted: 15 Dec 2019 04:19 AM PST Hello, i would like to start some talk about ospf design for back to back links of branches. If you have 2 branch routers connected to the the wan (area 0) and the branch network (area 100) What are the benefits for putting the b2b link of the branch routers into area 100? As for my understanding it would be better if there are subnets that are not redundant to to the branch routers. So there will be network lsa for them between the routers. But if there isnt, s summary lsa would be enough? As the b2b link would only be usefull if one wan link goes down. submitted by /u/YourMustHave [link] [comments]

Changing Native VLAN in existing network Posted: 15 Dec 2019 03:32 PM PST Trying to determine the best approach with making this change. I have a router that is connected to a L3 switch via an access port. The L3 switch handles routing between several VLANs via SVIs with the default route being the router. Normally I'd make the interface between the switch and router a Trunk port and then change the Native VLAN on that interface, but I am unsure if that would inadvertently cause any issues. I am sure it's straightforward but still looking for some sort of confirmation that this is the correct approach. submitted by /u/ronni3 [link] [comments]

Firewall with built-in IPS -- what do you use? Posted: 15 Dec 2019 03:21 PM PST We currently run an ASA in transparent mode with multiple contexts, but also utilize the built-in IPS (SFR module). With Cisco moving away from ASA's (and the ASA OS no longer supporting IPS functionality), I'm told by Cisco that if I want a transparent firewall, I'll have to buy a Firepower Threat Defense and run ASA OS on it, then I'll have to buy a second FTD and run FXOS on it for IDPS functionality... seems like a waste of hardware. Have any of you looked at alternatives to Cisco ASA that have IPS included? I'm looking for something with some centralized management as we have these ASAs deployed across 30+ sites. submitted by /u/sysroot107 [link] [comments]

Dual ISP/Core sanity check Posted: 15 Dec 2019 07:14 AM PST ​ Over the past couple days we have brought up a second core and a second ISP connection. We will be sending and receiving traffic on both ISPs. Both have the same 10Gb speeds. ISP1 we are receiving full tables and have a BGP session setup. ISP2 will have the capability to do BGP in the next month or 2 because of hardware upgrades. We will receive full tables in that time. IP addresses have been changed 10.100.152.0/21 is a range we own with ARIN, it is advertised by us on Core1 and by ISP2 with a static route to Core2 10.22.236.0/23 is owned by ISP2, static route to Core2 but after the upgrade they are sending us an LOA to advertise it with ISP1 We have OSPF setup advertising all PTP and Lo addresses. BGP has been setup between the Core routers and between the Core and Router1 routers. Due to Router1 being a Mikrotik, it cannot accept full tables so we have filtered that out and only distribute a default route to it. We have had reports of the internet traffic randomly dropping from our clients. We have not been able to track down what is happening exactly. Core1 Lo 10.10.131.0 PTP to Core2 IP - 10.10.129.0/31 PTP to Router1 IP - 10.10.129.4/31 interface eno1.3202 ip ospf network point-to-point ! interface eno1d1 ip ospf cost 1 ip ospf network point-to-point ! router-id 10.10.131.0 ! router bgp 1234 no bgp default ipv4-unicast neighbor 10.10.131.1 remote-as 1234 neighbor 10.10.131.1 update-source 10.10.131.0 neighbor 10.10.131.5 remote-as 1234 neighbor 10.10.131.5 update-source 10.10.131.0 ! address-family ipv4 unicast network 10.100.152.0/21 neighbor 10.10.131.1 activate neighbor 10.10.131.5 activate neighbor 10.10.131.5 default-originate route-map GW neighbor 10.10.131.5 prefix-list defaultonly out neighbor 100.105.58.113 activate neighbor 100.105.58.113 soft-reconfiguration inbound neighbor 100.105.58.113 prefix-list infilter in neighbor 100.105.58.113 prefix-list outfilter out exit-address-family ! router ospf ospf router-id 10.10.131.0 passive-interface eno1.4003 network 10.10.129.0/31 area 0.0.0.0 network 10.10.129.4/31 area 0.0.0.0 network 10.10.131.0/31 area 0.0.0.0 ! ip prefix-list defaultonly seq 100 permit 0.0.0.0/0 ip prefix-list infilter seq 100 permit 0.0.0.0/0 le 24 ip prefix-list infilter seq 6 deny 10.22.236.0/23 le 32 ip prefix-list infilter seq 9 deny 100.192.152.0/21 le 32 ip prefix-list outfilter seq 6 permit 100.192.152.0/21 le 21 ! route-map GW permit 10 set metric 1 ​ Core 2 Lo 10.10.131.1 PTP to Core1 IP - 10.10.129.1/31 PTP to Router1 IP - 10.10.130.4/31 ip route 0.0.0.0/0 10.22.239.141 ! interface eno1.3402 ip ospf network point-to-point ! interface eno1d1 ip ospf cost 1 ip ospf network point-to-point ! router-id 10.10.131.1 ! router bgp 1234 neighbor 10.10.131.0 remote-as 1234 neighbor 10.10.131.0 update-source 10.10.131.1 neighbor 10.10.131.5 remote-as 1234 neighbor 10.10.131.5 update-source 10.10.131.1 ! address-family ipv4 unicast network 10.22.236.0/23 network 10.100.152.0/21 neighbor 10.10.131.1 activate neighbor 10.10.131.5 activate neighbor 10.10.131.5 default-originate route-map GW neighbor 10.10.131.5 prefix-list defaultonly out exit-address-family ! router ospf ospf router-id 10.10.131.1 passive-interface eno1.4001 network 10.10.129.0/31 area 0.0.0.0 network 10.10.130.4/31 area 0.0.0.0 network 10.10.131.1/32 area 0.0.0.0 ! ip prefix-list defaultonly seq 100 permit 0.0.0.0/0 ! route-map GW permit 10 set metric 1 ​ Router1 Lo 10.10.131.5 PTP to Core1 IP - 10.10.129.5/31 PTP to Core2 IP - 10.10.130.5/31 /routing bgp instance add as=1234 name=default2 router-id=10.10.131.5 /routing ospf instance set [ find default=yes ] router-id=10.10.131.5 /snmp community add addresses=0.0.0.0/0 name=snmp_f0rth3h0rd3 /ip address add address=100.192.153.1 interface=LoopBack network=100.192.153.1 add address=10.10.131.5 interface=LoopBack network=10.10.131.5 add address=10.10.129.5 interface=vlan3202 network=10.10.129.4 add address=10.10.130.5 interface=vlan3402 network=10.10.130.4 add address=192.168.255.1/24 interface=ether5 network=192.168.255.0 /ip firewall nat add action=src-nat chain=srcnat out-interface=sfp-sfpplus1 src-address=192.168.255.0/24 to-addresses=100.192.153.1 /routing bgp network add network=100.192.153.1/32 /routing bgp peer add instance=default2 name=CORE1 remote-address=10.10.131.0 remote-as=1234 ttl=default update-source=10.10.131.5 add instance=default2 name=CORE2 remote-address=10.10.131.1 remote-as=1234 ttl=default update-source=10.10.131.5 /routing ospf interface add network-type=broadcast passive=yes add interface=vlan3202 network-type=point-to-point add interface=vlan3402 network-type=point-to-point /routing ospf network add area=backbone network=10.10.129.4/31 add area=backbone network=10.10.131.5/32 add area=backbone network=10.10.130.4/31 submitted by /u/WolfraiderNW [link] [comments]

SSO via wifi credentials? Posted: 15 Dec 2019 12:59 AM PST Hello dear community, i am visiting a technical school, focused on network technology and media technology. I was given the exercise, to create a Single Sign On System for our school network. To give a an overview about what services we have in our school and how the network roughly looks. - Wifi in the whole building, students can connect to it via their AD/LDAP users - Webuntis - Moodle Server (Data from teachers) - Different google Services (those are initially created with the AD Users but you can change the password, so maybe not a good idea to fuck around with those) - Services and Websites programmed by students So I just started working on that project and want to use SAML (Because we have Window Servers (I think 2016)). I want to sort of grab the username and password when the student connects to the wifi network and with those credential i want him to be able to just visit, for example our moodle server or webuntis, and he/she should be logged in automatically. To go furhter i want to maybe have a way to just check whether or not the website has an association with the school and log in on that website too. Does someone have experience in that area or maybe can give me some ressources to work with? :) submitted by /u/SenpaiMinii [link] [comments]

Device unable to set static IP, requires DHCP Server, hypothetical situation question Posted: 15 Dec 2019 10:15 AM PST Hey r/networking. Previously searched Google, forums, and the sub for this but haven't gotten any decent answers. Say you have a device that's unable to set its own IP address. This device also uses Bonjour for discovery. When connected to the LAN that does not have a DHCP server on the subnet (or say the VLAN/LAN it's on is airgapped) it defaults to the link-local address, 169.etc.etc. I'm not a professional network engineer but I'd like to think I know a thing or two. This hypothetical situation brought up the following question that I haven't been able to find a sufficient answer for. What exactly on the hardware or software side is required to program an IP address internally on a device? Obviously if there's a DHCP server the device gets it from that. Windows and most OS's let you set it via a GUI or command line. But what if the device has a VERY simple NIC that there's no way to set the IP, at least that I'm aware of? What's lacking or missing? ​ Been driving me crazy as normally I can find an answer but no luck this time. Thanks in advance! submitted by /u/lawyer_doctor [link] [comments]

Check Point declining in sales? Why so? Posted: 15 Dec 2019 07:39 AM PST For a long time they were the gold standard for Firewalls, what has recently happened to them that we are seeing such a decline in sales for Checkpoint? Is it just Palo's better product and marketing? Or Fortinet's better price/performance? Anyone used checkpoint and can comment? submitted by /u/trickintown [link] [comments]

You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States