Moronic Monday! Networking

---

• Moronic Monday!
• WSJ -- Cisco Wins Legal Challenge in Battle Against Chinese Counterfeits
• Tips / tricks to cisco TAC?
• UPDATE - Using Ansible to save Cisco (IOS, NX-OS, ASA) configs
• Cisco Default ARP Timeouts
• Made an EIGRP problem
• Networking Industry Overcrowded industry
• Anyway to specify what IP to use during traceroute?
• Cisco switch, how to see log when user connects to a port, instead of doing show int and seeing which one newly connected?
• Policy based IPSec failover?
• Completely offline smart licensing?
• 802.1x Cisco WLC RADIUS / NPS trouble
• "550 MHz" Cat 6 and 10GbE
• Voip managing software
• What scripting tools would you use to push firmware code (SCP) to multi-vendor devices?
• Fiber from Multipoint Service Terminal
• Blacklisted Countries
• Recommended target for availability monitoring
• Console set up for Cisco through a Mac
• Charlotte - Anyone have any DAC cables?
• ISP Troubles/Blocks
• I was given some Extreme Networks Summit X440-48P/24P switches by a business that was going to toss them. Need help factory resetting one with a password.

Moronic Monday! Posted: 15 Dec 2019 05:04 PM PST It's Monday, you've not yet had coffee and the week ahead is gonna suck. Lets open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. submitted by /u/AutoModerator [link] [comments]

WSJ -- Cisco Wins Legal Challenge in Battle Against Chinese Counterfeits Posted: 16 Dec 2019 08:44 AM PST https://www.wsj.com/articles/cisco-wins-legal-challenge-in-battle-against-chinese-counterfeits-11576494003?mod=hp_lista_pos4 Cisco apparently won an injunction against selling Cisco branded knock-off transceivers. It applies to Alibaba, Amazon, eBay, and possibly others. I'm unsure if this will stop the sale of Cisco compatible (vs branded) transcievers. submitted by /u/sgent [link] [comments]

Tips / tricks to cisco TAC? Posted: 16 Dec 2019 08:44 AM PST I've heard there is a certain time of day to submit tickets to get better Cisco TAC people whom won't just run you around. Is this true? Anyone else have any cool tips / insider info with TAC? submitted by /u/Wall_Stair [link] [comments]

UPDATE - Using Ansible to save Cisco (IOS, NX-OS, ASA) configs Posted: 16 Dec 2019 11:22 AM PST I'm following up on a post I made in hopes it can be useful. In the original thread, I asked for help with a playbook so my team could successfully save Cisco device configs using Ansible. Some of you suggested Oxidized, which I tried to set up. Since refactoring the playbook was easier than implementing an entirely new solution, I opted to stay the course with Ansible. After trying both approaches, I think Ansible is easier if you're not a raw beginner. Here is the playbook we are now running in production to backup all device configs. I didn't remove plays for certain devices because I have relevant comments regarding the approach. Those more knowledgeable can feel free to critique the playbook if parts appear sub-optimal. Ensuring backup folder exists This is a loop to create a backup folder for each site. I hardcoded the values because if I use host or group vars for folder creation, I can't run once. Running once only creates one of the backup directories, which makes saving to directories that don't exist fail. NX-OS and IOS NX-OS will by default timestamp when you ran the command, which will make every show run appear as a running config diff. To avoid this false positive, the running config begins at the software version, which was easier than excluding several contiguous lines at the top. IOS has different timestamps that would register as a config diff, so exclude them from the output. Git This section is hackish because it delegates to the localhost rather than indicating the localhost outright. I might refactor this in the future. I did it this way because I wanted to avoid putting the Ansible control node itself in the inventory. Special thanks to u/boobless24 for getting me 90% of the way there on my first thread. I might add a play to email my team when git makes a commit as a way to indicate there were config changes. This might even include a text file with diffs. For now, this playbook is doing everything we want: We don't have to manually back up configs, pay for a tool to do so, nor get bogged down with application deployments (RANCID, Oxidized). I will try RANCID and Oxidized again for the sake of learning, but I was turned off that when I tried to deploy Oxidized, I got a Ruby error. Anyway, I hope this helps. ``` Backup network device configs How to run: ansible-playbook playbook_backup_cfg.yml --vault-id prod@vault_key hosts: all gather_facts: no tasks: name: TASK 1 - Ensure backup folder exists for each DC file: path: "{{ item }}" state: directory with_items: backups/dc1 backups/dc2 backups/dc3 delegate_to: localhost run_once: true tags: dir hosts: all_nexus_switches gather_facts: no connection: network_cli tasks: name: TASK 1 - Get the running-config nxos_command: commands: term len 0 show running-config | begin version register: cli_results name: TASK 2 - Save the running config to ansible server copy: content: "{{ cli_results.stdout[1] }}" dest: "{{ backup_dir }}/{{ inventory_hostname }}.cfg" hosts: all_ios_devices gather_facts: no connection: network_cli tasks: name: TASK 1 - Get the running-config ios_command: commands: term len 0 show running-config | exclude ntp.clock-period|Last.configuration.change|NVRAM.config.last.updated|Current.configuration.*bytes register: cli_results name: TASK 2 - Save the running config to ansible server copy: content: "{{ cli_results.stdout[1] }}" dest: "{{ backup_dir }}/{{ inventory_hostname }}.cfg" hosts: all_asa_firewalls gather_facts: no connection: network_cli tasks: name: TASK 1 - Copy run start and save running config to ansible server asa_config: save: yes backup: yes backup_options: dir_path: "{{ backup_dir }}" filename: "{{ inventory_hostname }}.cfg" hosts: all gather_facts: no connection: network_cli tasks: name: TASK 1 - Get current date and time command: date +"%F %T %Z" register: date delegate_to: localhost run_once: yes tags: git name: TASK 2 - Check directory status command: git status backups/* register: git_status changed_when: false delegate_to: localhost run_once: yes tags: git name: TASK 3 - Commmit changes to Git shell: | git pull git add backups/* git commit -m "Committing changes to running configs on {{ date.stdout }}" git push origin master when: not("nothing to commit" in git_status.stdout) delegate_to: localhost run_once: yes tags: git ``` EDITS: Typos, formatting submitted by /u/j-dev [link] [comments]

Cisco Default ARP Timeouts Posted: 16 Dec 2019 06:56 AM PST Noticed the default ARP timeout is 4 hours for my 3650's! Any reason why this is so high? I feel like it should be closer to the MAC timeout (5 minutes). Nexus is 30 minutes, which sounds more reasonable. Has anyone ever tweaked this timer before? Are there any negatives to considerably lowering it? I just don't understand where Cisco got 4 hours for IOS devices... submitted by /u/ThunderMcCloud [link] [comments]

Made an EIGRP problem Posted: 15 Dec 2019 11:38 PM PST Hello! I did a no router eigrp to a Cisco 6500 and now i cant connect to the switch... didnt realize this would happen. is my only option console access? (I did this offsite...) submitted by /u/throwreality [link] [comments]

Networking Industry Overcrowded industry Posted: 16 Dec 2019 02:19 PM PST Here in the USA, it seems that the networking Industry is overcrowded? LinkedIn says there are 6,052 people with a CCNA & 1,513 people with a CCNP in my area (Atlanta, small population city compared to others) and it took me 5 years after I got my CCNP to get a network engineer position...what are your thoughts? Do you feel that this industry is overcrowded & not enough jobs for us network techs? Thinking about getting into Cyber security because I just got laid off. submitted by /u/BlazedWebSoldier [link] [comments]

Anyway to specify what IP to use during traceroute? Posted: 16 Dec 2019 07:53 AM PST I'm trying to think of a way to specify the individual device, instead of each interface of the device via OSPF to indicate the hop during a traceroute. I don't need or want to know every /31 P2P hop, I just care what the route is itself. Any idea how to accomplish such a thing or am I SOL? Cisco environment primarily for what it's worth. submitted by /u/Fhajad [link] [comments]

Cisco switch, how to see log when user connects to a port, instead of doing show int and seeing which one newly connected? Posted: 16 Dec 2019 06:01 AM PST Thanks submitted by /u/UK_spikey [link] [comments]

Policy based IPSec failover? Posted: 16 Dec 2019 01:21 PM PST Hello, so I need to do a policy based IPSec with failover. I have two links: fiber and cellular. I have BGP with my provider: one wan physical interface and a GRE tunnel (cellular link). At first I thought it will be easy: bgp with provider, put the public IP on loopback interface, gre over ipsec and that's it. If one of the link goes down I still have the same public IP and GRE tunnel is alive. The problem is that the remote side doesn't support gre over ipsec.... They're asking for policy based IPSec with failover. And they can only do ipsec to one ip address (that's why I have bgp session). It would be easy as well, but when I try to apply crypto map to tunnel interface (tunnel to ISP for BGP session via LTE and my defualt route is via this tunnel, so I guess I have to apply crypto map to this interface?) `Currently only GDOI crypto map is supported on tunnel interface.` ​ Don't know if you will understand this, if you need some more information - just ask. I will be very thankful for any help... submitted by /u/cyb3rL0rdq [link] [comments]

Completely offline smart licensing? Posted: 16 Dec 2019 01:13 PM PST With Cisco Smart Licensing, there is a way to create an "offline reservation", so the switch never needs to contact a licensing server. I am trying to get this working. I have a 3850 that I recently updated to 16.9.4, the part I am struggling with, is how to get a license in my "Smart Software Licensing Inventory" at software.cisco.com. How do I convert the license on the switch to a license that exists in the inventory on the website? I have access to the switch, but I don't have the original PAK PIN code or anything like that. submitted by /u/JamMan23 [link] [comments]

802.1x Cisco WLC RADIUS / NPS trouble Posted: 16 Dec 2019 01:09 PM PST Long time lurker, hoping for some advice... Try as I might I'm hitting dead ends with this. I've searched and read through many different articles but seem to be going in circles. This is my first attempt at rolling out 802.1x... Our environment: 5508 WLC running 8.3.143.0 and windows 2012 R2 with NPS role(Not a DC or CA) Hub and spoke topology - remote clients are using flexconnect Created a new SSID using WPA+WPA2 AES 802.1x and our sys admin team spun up a new server with NPS role. Followed this guide: https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/115988-nps-wlc-config-000.html Win10 Clients are prompted for username/pw (sometimes, very inconsistent) It fails when it does prompt -There are no logs on the RADIUS server -There are no debugs for the client MAC address on the WLC/WAP -Absolutley nothing displays in a wireshark capture on a client PC (do I need to mirror the WAP port or does simply running it on the client suffice?) This is the only thing i can find from event viewer on the PC when attempting to auth: "The description for Event ID 5060 from source Netwtw02 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer." If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: \Device\NDMP3 Intel(R) Dual Band Wireless-AC 7265 The specified resource type cannot be found in the image file Attempted: -WLC can reach the NPS server and vice versa via ping -Reinstalled wireless NIC driver -Unchecking "Verify the server's identity by vailidating the certificate" on the SSID settings. Asked about the cert with the sys admins. -Manually specified the NPS cert -Opened a TAC case and they verified WLC settings are correct. -Went through countless guides on configuring NPS/WLC specifically geared towards our environment and everything checks out- honestly the config seems fairly simple. -Simulating a test from the WLC (test aaa radius) it fails every time (except once! but I cant replicate it) Event Viewer on the NPS server states that it is invalid username/pw when the tests fail even though its a known good AD account. "Event ID 6273 " Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect." But given all this... I can simulate a successful login attempt using "RADIUS test client" software from my PC (PAP) I am left scratching my head.. Considering that I have no messages on the client PC to go on and nothing displays in debugs or captures when a client attempts to auth. What should I be looking at ?? submitted by /u/phsikotic [link] [comments]

"550 MHz" Cat 6 and 10GbE Posted: 16 Dec 2019 12:12 PM PST I know 10GbE is rated for 55m over Cat 6 cable (250 MHz). I also know that it's rated for 100m over Cat 6A cable (500 MHz). I understand that there are no guarantees, but if I have a "Cat 6" cable rated for 550MHz (monoprice in this case) would it be safe to assume that it could handle 10GbE at 100m? If there are errors at 10GbE, would throttling the speed to 7-8GbE help clear that up? What device would you recommend purchasing / renting to test the connection properly? submitted by /u/farhadd2 [link] [comments]

Voip managing software Posted: 16 Dec 2019 03:39 PM PST full disclosure im extremely new to voip and I tried searching for my question but couldn't find a clear answer. So I have recently setup a voip service through my internet service provider. I have a $50 cordless handset which is fine and does what I need. I do vehicle graphics and wraps so i dont spend all my time sitting at the computer, so a cordless handset is perfect for this. However, the handset I have isn't the greatest and due to working by myself a lot of the time, I often miss calls and need to get back to people when its convenient. The handset I have has a voicemail option but the greeting recording is terrible quality every time I try and set it up and that leads me to my question. Is there a software which can manage my voip service, eg. display call lists incoming and outgoing, and also has voicemail managing which lets me upload my greeting from an audio file on the computer. Everytime I search I find enterprise level or call centre type stuff thats offering so much more then I need. and at very high prices. The catch is i want to still use my cordless phone and not have to have the calls running through the pc. thanks in advance submitted by /u/cs-maffs [link] [comments]

What scripting tools would you use to push firmware code (SCP) to multi-vendor devices? Posted: 16 Dec 2019 10:51 AM PST I cannot get a grasp of this whole scripting world. I'm trying though, and my first script I thought I had down but it runs into issues. In short, and only starting with Arista, I created my script using Netmiko which would log into a device, check the version. If the code was up to date, it would exit out and state as such. If not, it would check flash to see if the latest code was downloaded to flash. If it was, it would exit stating that the device has the latest firmware but it needs to be installed. If it's NOT in flash, it would go out to our FTP site and download the latest version to flash. That's all i'm trying to do. I thought I had it good with Netmiko but with using the "expect_string", sometimes it would just exit out stating it never found the string I was prompting it to expect, thus, it's not working 100%. This is most likely user error more than Netmiko but Kirk Byers did mention that this is not a good use case for Netmiko (paraphrasing). With that said, I was thinking about learning how to use Pexpect or whatever, but I figured i'd ask you folks that have more experience here. What tool(s) would you use to create this script? I'm sure it's not a really complex script, it's just i'm having difficult in what to use more than the syntax itself. Any help would be appreciated. Thanks. submitted by /u/magic9669 [link] [comments]

Fiber from Multipoint Service Terminal Posted: 16 Dec 2019 10:23 AM PST We have recently gotten the option to grab a few dark fiber connections from a local ISP. These are built out to MSTs averaging about 100 ft from each location. My Google Fu is tripping over its self trying to get exactly how these would be terminated to our locations. Drop cable from the MST to the location, but what would be the best way to transfer from a drop cable to a switch? From what I can find, drop cables can have SC connectors, would a simple SC to LC converter be the preferred method, or should I be looking at something more extravagant for a single fiber? submitted by /u/TheTrafficNetwork [link] [comments]

Blacklisted Countries Posted: 16 Dec 2019 07:08 AM PST Hello,A company I consult for has asked us to find a solution for customers that reside in countries they blacklist. Nothing came to mind; I would like to know if anyone has created a solution for a request like this. Perhaps a cloud/proxy solution? ***EDIT*** The customers will need to access the external website of the company. This website is hosted internally and access is restricted by several security layers including geo-filtering. We need a way to provide access to customers in the filtered country that is user-friendly and easily provisioned. submitted by /u/Hrauding [link] [comments]

Recommended target for availability monitoring Posted: 16 Dec 2019 10:57 AM PST We use PRTG for network monitoring. One of the standard sensors for HTTP availability is to hit www.google.com every sixty seconds. This has been in place for a couple years now, but our users have recently started getting captchas when using google search, and by far the largest number of sessions going to google.com are our PRTG servers. Is anyone else having trouble with this? Is there a better recommended target website for this kind of monitor? I'm considering changing to Cloudflare or something to test against if Google has changed their policy. submitted by /u/canexan [link] [comments]

Console set up for Cisco through a Mac Posted: 16 Dec 2019 09:50 AM PST Hey guys. I have not set up a Cisco switch in a while, when I used to do it a PC is all that I used. My question is, how can I console into a brand new Cisco Switch with a MAC Mini? To my knowledge MAC already has a Putty built in to it's system? What would be the steps that I need to take to configure this switch? submitted by /u/jerome908 [link] [comments]

Charlotte - Anyone have any DAC cables? Posted: 16 Dec 2019 07:22 AM PST I have 2 HP switches I need to install with 2 DAC cables, but my boss isn't sure if they have any. Am en route now, does anyone know if there's any places in the area that'd stock a 10 Gbps DAC cable? HP Compatible? submitted by /u/HomesickRedneck [link] [comments]

ISP Troubles/Blocks Posted: 16 Dec 2019 06:33 AM PST What websites do you use to verify if something is blocked on the internet? Right now our ISP told us that cogent (I assume an ISP) is blackholing our website hosted by maxihost in their South America region. I assume the public IP maxihost is using is associated with bad internet traffic and cogent decided to block them for security or compliance reasons. submitted by /u/joshman160 [link] [comments]

I was given some Extreme Networks Summit X440-48P/24P switches by a business that was going to toss them. Need help factory resetting one with a password. Posted: 15 Dec 2019 06:51 PM PST Basically, I have been trying to follow stuff I've found searching online, and can't figure out how to get past the password prompt to run the "unconfigure switch all" command (and does this actually wipe any and all existing information on the switch? For what it's worth, I did get connected to one and was able to run this command. I'm kind of proud of that lol). I am new to this stuff and I'm absolutely stuck. I have been giving it an honest try and googling my ass off though, if that counts for anything. I just don't know what I'm doing and I'm getting nowhere. I need some help to get me sent in the right direction. submitted by /u/ReddiEddy78 [link] [comments]

You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States