Moronic Monday! Networking |
- Moronic Monday!
- What do you use for network documentation?
- How do you guys organization your Firewall policies?
- F5 support - Is it me or does it suck?
- Unifi switches not supporting port aggregation and PoE at the same time, can Cisco?
- A/V over ip
- IPSEC IKEv1 Dead Peer Detection, on both sides or just 1?
- VPN with Cisco Meraki
- Routing protocol for redundancy between two sites.
- Network Engineer learning Azure. Good Idea or Bad idea??
- Cannot get Port Forwarding/Port Address Translation configured correctly on Cisco RV325
- Notification on new machines in network?
- Options for stripping S-Tags on Arista from an ENNI?
- Proxy/Gateway Question
- "VLAN tag native" equivalent of this CLI on Juniper Switches
- Creating networks recognized by docker before docker is running
- /30 from Service Provider work around
- BT Broadband in Datacentre?
- Upgrading switch stacks running ios-xe from Denali 16.3.7 to Everest 16.6.7
- DNS question in SBS 2011
- How would you design this?
- Cloud Connected OOBM?
- Wireless connection between buildings - advice needed
- Could one make a vendor-neutral SD-WAN-like solution using all open source?
| Posted: 08 Dec 2019 05:04 PM PST It's Monday, you've not yet had coffee and the week ahead is gonna suck. Lets open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. [link] [comments]  |
| What do you use for network documentation? Posted: 09 Dec 2019 01:29 PM PST At the moment we are using Sharepoint. But it is getting laggy when you need to edit a page with a lot of information and etc.... So I was wondering, what (cms) do you guys use for network documentation? [link] [comments]  |
| How do you guys organization your Firewall policies? Posted: 09 Dec 2019 08:12 AM PST Edit also just realized my grammar error in the title. :/ sigh... So long story short. We need to rekajigger our network design. In that we also need to update the Firewall rule base to accommodate this, but also clean up our rules as well. (We have over 500 between network and application layer.) This is a bit new to me.. So i'm trying to educate myself on the best way to organize this for a better layout, performance, and less headaches overall. (Whoops this rule is still getting caught on the catch all because of routing!!) Meaning categories? Systems, networks, services? The current implementation looks like someone had a plan, then abandoned it or someone else took over. It starts out with main, then moves to specific appliances, then back to say protected networks, then random specific vendor/business systems. + Whatever application layer is on top of that. (Mostly for URL/content filtering, but some other specific sites too.) Using checkpoint with most of the bells and whistles. So IPS/IDS, TLSi, limited vpn integration etc. Thanks in advance. [link] [comments]  |
| F5 support - Is it me or does it suck? Posted: 09 Dec 2019 02:43 AM PST Hello fellow packet pushers! We have a pair of LTM's in HA that are experiencing Traffic Management Microkernel (tmm) restarts. This started on Friday evening and kept happening until Saturday afternoon. Though the act/standby HA platform worked very well and no customers supported by these LTM's were impacted (maybe some https sesssions reset), it's seems like a really big problem. They failed over back and forth for almost a day. A dozen times... I immediately opened a ticket with support and provided the qkview's and core dumps that they asked for and raised the sev to 1....haven't heard a word from them since the ticket was opened. I have dealt with their support during business hours before and it was pretty good. Is there after hours support just that bad? [link] [comments]  |
| Unifi switches not supporting port aggregation and PoE at the same time, can Cisco? Posted: 09 Dec 2019 08:48 AM PST Hi all - I work in a small school and there is a mixed environment of Cisco Catalyst 2960s's and Unifi's. There was recently a structured cabling upgrade and I'm trying to bundle up a couple of switchports to give the APs extra bandwidth, but the PoE feature becomes disabled when I aggregate the ports on my US-L2-48-500W Unifis. I haven't attempted this with any of my Cisco switches yet, and was curious if anyone out there had experience with this? Edit: I learned that PoE DOES work with port aggregation on Unifi, but the GUI does make it a little confusing. [link] [comments]  |
| Posted: 09 Dec 2019 06:13 AM PST I have been tasked to create an a/v system for a church. I can do all the a/v stuff, but I would like to bounce a network idea off of people that would know more than me. I need to send video all over the church. There is an existing cat6 wire from the network switch. I have not seen this switch, but I can assume that it is probably not managed or possibly not even enterprise grade. I am worried about other traffic on the network. I was thinking of buying a small 10G switch and distributing video though that switch and connect the old switch to the uplink on the new switch because I will need internet on that side also. My thinking is that if all my equipment is on a separate switch if the other gets overloaded mine will still work. It will also keep my traffic off of the original switch. Connecting them together will allow me to have internet to some of my equipment that needs it. I am not sure of bandwidth requirements from the A/V equipment as far a distribution goes (I have not picked out that equipment yet). The streaming computer will be sending out 5Mb/s over that same line and that is why the internet is needed on the second switch. Thanks for the help the last time I worked in networking was 18 years ago. [link] [comments]  |
| IPSEC IKEv1 Dead Peer Detection, on both sides or just 1? Posted: 09 Dec 2019 06:09 AM PST Hello, had a quick search but couldn't find anything concrete. Just wondering if when using IPSEC IKEv1, do you enable Dead Peer Detection, on both sides of the VPN, or just 1? Thanks! [link] [comments]  |
| Posted: 09 Dec 2019 03:47 PM PST I would like to configure a VPN for access to a location using the MX65. All of the documentation I have found online is either incorrect or not for the MX65. On my dashboard, I don't see any options for VPN setup. Any help would be appreciated! [link] [comments]  |
| Routing protocol for redundancy between two sites. Posted: 09 Dec 2019 03:39 PM PST What protocol would you use for the following scenario? We have two sites that are connected by fiber. I want to build in some redundancy over a different medium. Since each site has internet with plenty of bandwisth, I was thinking of building a vpn and using that as a failover. I want the failover to be automatic, so we would need to use some sort of routing protocol that can handle that. It's been a long time since I learned about the different protocols and haven't ever implemented them irl. If I recall correctly, OSPF works based on link-state. Not sure if that's sufficient or not. I'm imaging that if we have issues on the fiber, the link would show as down, so it would probably work well. Since it's a simple and static topology, I don't think I need to account for distance vectors or throughput. What are your opinions? [link] [comments]  |
| Network Engineer learning Azure. Good Idea or Bad idea?? Posted: 09 Dec 2019 09:16 AM PST I'm primarily a networking engineer focusing around building networking/security solutions for my customers. I've spent most of my career focusing around Cisco. I'm kind of in limbo at the moment with certifications/training since Cisco is very close to rolling out their new certs. I'm seeing more and more cloud projects coming up, but most of them are hands off for me because its mostly just on-prem server moves and VPN tunnel from on prem to CSP. I've started looking into the AZ900 since Azure is what my employer deals with most, but a lot of the material is very sysadmin focused. Most of the stuff i've never really had to deal with and finding myself going down the path of web dev and db admin. Hard to see the point in continuing since the networking portion is very small. Anyone else on here see the benefit in continuing on vs. spending time focusing on new networking and security technologies (NGFW, SDWAN, SDA, etc...)? [link] [comments]  |
| Cannot get Port Forwarding/Port Address Translation configured correctly on Cisco RV325 Posted: 09 Dec 2019 03:05 PM PST I have a local dev environment setup with 6 Linux servers. These are all local Virtualbox servers that occasionally need opening up for outside access. I have rules set up that will forward traffic for http and https to one IP address each. This works fine but when I need to provide outside access for more than one internal server the process breaks down. Here's an example: Linux Server 1, IP 1.1.1.32 - I can set this up with 'Forwarding' rules and have all traffic from port 80 and 443 forwarded to the internal IP address Linux Server 2, IP 1.1.1.33 - When I need to send http/https traffic to this internal IP I cannot use 'Forwarding' rules because ports 80 and 443 are already forwarded to 1.1.1.32. The RV325 has a Port Address Translation service that should solve this problem but I cannot get it to work. I have added a new service to the Service Management Table with the following cofiguration: Then in my PAT Table I have this rule: My expectation is if an external user enters this into their browser: That traffic should be directed to my internal Linux server at 1.1.1.33 on port 80. But it does not work. Anybody got a suggestion on how to get this to work? [link] [comments]  |
| Notification on new machines in network? Posted: 09 Dec 2019 02:37 PM PST Hi, does anyone know a network montioring-tool which can send me an alert (per mail) after one or more specific devices go online on my local network? Those devices could be identified either by IP or Mac-address. Maybe something that runs on a 24/7 powered device like an raspberry or linux server? Im sure one of the „big" monitoring-suites offers such things, but i can't really find good Information about it. Thanks alot 😊 [link] [comments]  |
| Options for stripping S-Tags on Arista from an ENNI? Posted: 09 Dec 2019 10:37 AM PST Currently we have a number of ENNI interfaces with Q-in-Q traffic from our different sites that are passed into our network from our carrier provider. Our existing hardware can currently terminate the traffic without stripping the S-Tag from the traffic coming into and leaving our network via the ENNI interface. In the process of upgrading our network equipment to provide additional capacity, We've sourced a handful of Arista hardware -- Particularly, two Arista DCS-7280QR switches to provide gateway connectivity via an SVI per VLAN where routing to transit/peering connectivity is necessary, and two Arista DCS-7160 switches to provide access and aggregate traffic from the ENNI interfaces via a cross connect. Unfortunately in the process of preparing to put the hardware into service, we've noticed that the existing access switches do not currently provide (from what we've seen so far) a usable method in which to strip the S-Tag from the Q-in-Q traffic, nor do the gateway switches provide the ability to attach an SVI to the C-Tag (or strip the S-Tag to allow an SVI to attach to the newly translated C-Tag). In the process of labbing this particular issue, the only use case that we've found to function so far is utilizing one of the DCS-7280QRs to remove the S-Tag, while a second DCS-7280QR can then attach an SVI to the freshly translated and unencapsulated C-Tag. Unfortunately, this won't be a viable option to pass traffic between the two 7280QRs, as this would then nullify any sort of high availability scenario we put together as traffic would then require both 7280QRs to be online and functioning at all times to work. My question at this point -- Is there a simpler way to strip or remove the S-Tag and attach an SVI to the C-Tag traffic? Am I relegated to replacing the new access switches for a switch that can manipulate and remove the S-Tag as it leaves the cross connect to the gateway switches? And further, what other options might be worth looking further into to provide translation and removal of the S-Tag so the gateway switches can attach to the C-Tag VLANs, especially erring on the side of cost effective? [link] [comments]  |
| Posted: 09 Dec 2019 02:22 PM PST I am trying to come up with a solution that will take all network traffic based on an EXE or traffic bound for a specific IP and route it through a specific server. I know of one tool that does what I want it to do but I am looking for additional options. The option can be a paid tool or just some fancy routing tricks to accomplish what I am after. [link] [comments]  |
| "VLAN tag native" equivalent of this CLI on Juniper Switches Posted: 09 Dec 2019 02:13 PM PST I want the juniper switches to tag even the Native VLAN and looking for a Juniper version of the "tag native-clan" command on Cisco IOS switches. Please let me know if there is such a thing. [link] [comments]  |
| Creating networks recognized by docker before docker is running Posted: 09 Dec 2019 02:01 PM PST |
| /30 from Service Provider work around Posted: 09 Dec 2019 01:25 PM PST I have 2 firewalls. 1 is in production and 1 is a new one that I plan on deploying. The prod Fw is running bgp, has an internet link, wan link (t1 bundle) , and an ae to the core. The plan is for the new Fw to take the ae and internet link, but keep the t1s on the old fw (the one currently in prod). Run ospf on the new Fw and old fw. That way the networks in the ae that will sit off the new Fw are advertised and then redistributed via bgp across the t1 link on the old Fw. This would leave me to having to connect my new Fw to the old Fw... but I'm stuck. The service provider gave me a x.x.x.x/30 address and the other usable ip is used by the service provider. Do I call up the service provider and ask them to change their network to a /29 to accommodate the new Fw ? Would appreciate any thoughts. ** the reason why there's gonna be 2 Fw's is because someone wants to keep the t1s for now. [link] [comments]  |
| Posted: 09 Dec 2019 12:31 AM PST Hey all... I'm just looking to get a super cheap backup broadband line for OOB management. This is in Telehouse London. Wondering if BT could supply a simple business broadband connection? Anyone have any experience with this? I've made an order with BT already, but I'm not sure they'll actually be able to do this. The sales guy just said "well I guess we will find out if the engineer can do it!"... and I'm sitting here like... but you're going to need to get me a cross-connect back to wherever you guys are probably, and we need to escort you to our cab etc etc..... Am I going about this the wrong way? [link] [comments]  |
| Upgrading switch stacks running ios-xe from Denali 16.3.7 to Everest 16.6.7 Posted: 09 Dec 2019 10:13 AM PST although its the 16 train, just want to verify that I can go directly from 16.3.7 to 16.6.7? I also have a case where one switch stack is still in bundle mode running 03.06.05.E. Plan is to convert to install mode and then upgrade directly to Everest 16.6.7, thoughts? Thanks [link] [comments]  |
| Posted: 09 Dec 2019 09:51 AM PST I have a website hosted by godaddy called example.con, I can access said website from everywhere excluding work. At work I have my domain controller which has the DNS role installed with a zone called example.com (forward lookup zones). This zone also contains autodiscover.outlook.com (O365). How can I access my website from work? Some sources say to add a www entry inside but where should it point? What type should it be? Should I remove the zone all together? But then how will we use emails as autodiscover is important. When opening the website from work I get that example.com server IP could not be found. (DNS_PROBE_FINISHED_NXDOMAIN) from Vivaldi (ERR_NAME_NOT_RESOLVED) from Chrome I understand DNS theory wise but not the way SBS 2011 does it or how the real world uses it. [link] [comments]  |
| Posted: 09 Dec 2019 01:05 AM PST You already have a fixed physical design, but need to design the network connectivity on it. The hardware is mostly Catalyst9k. Basically it's: L3 access switches <-> L3 transport switches <-> L3 core switches <-> Firewall <-> WAN. You have X amount of separate networks on the access switches and you want to pass all the traffic from these networks through the firewall, but you also want to use L3 routing on each switch, not just extend L2 from the firewall.
[link] [comments]  |
| Posted: 09 Dec 2019 09:23 AM PST Looking to see if anyone knows of any solutions for a type of cloud-connected out of band management solution? Basically I'd like to have a device to plug into the console of a router/firewall/switch, connect it to an internet connection, then have it registered back to a cloud-based console. [link] [comments]  |
| Wireless connection between buildings - advice needed Posted: 09 Dec 2019 05:21 AM PST I have two buildings - line of sight - 3k feet(ish) between the two running a very ancient Cisco Aironet setup. There's a small lake and parking lots between them so no practical way to run a cable. I'm looking to upgrade this to something more current - debating just doing another internet service and going to a VPN but I'm wondering what's out there that actually works to replace the existing wireless connection with. Have any suggestions? [link] [comments]  |
| Could one make a vendor-neutral SD-WAN-like solution using all open source? Posted: 09 Dec 2019 04:41 AM PST My thoughts are you could pretty easily in theory. You could just use something like Ansible as the Controller server and have a playbook module that would learn the public IP of each router, and build configure IPSEC tunnels to the other routers. Each IPSEC Tunnel would stand up eBGP neighbors with BFD for sub-second failover. You could have another playbook write ipsla probes for every route in the route table across each tunnel and dynamically create static routes for each of them on the lowest latency path. (So the eBGP learns all the routes dynamically but then you configure static routes for each learned route on the lowest latency path.). You could probably make a simple formula in python to factor in loss and jitter too. The only thing would be that the controller has to reach out to the routers and not vice versa. So you have to achieve some level of autonomy here. Maybe incorporate EEM scripts to do some of the stuff. What do you guys think? I think an open source solution that would work with any router would help keep the vendors honest because it would show a lot of this stuff isn't really anything new. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment