NAGIOS vs Zabbix Networking

---

• NAGIOS vs Zabbix
• PJON (Padded Jittering Operative Network) - A new networking Open Standard
• SD-Branch and moving fw rules towards the branc gateways
• RSTP/MSTP Max Convergence
• Who is your favorite person from networking world?
• Ruckus WatchDog Support?
• Looking for bandwidth calculation for 5g over cbrs
• Aruba wireless gougle expeditions Airgroup issue
• Quick question regarding Reverse DNS Record
• Troubleshooting Wifi device - need low level WiFi Sniffer
• Surely RADIUS Authentication is just an insecure protocol
• Some thought about a proxy server problem from textbook

NAGIOS vs Zabbix Posted: 08 Dec 2019 12:03 PM PST Hey Guys, So I'm setting up a IT monitoring solution for my servers. We have a bunch of servers all over the city with VPN access so I can either pull SNMP or install an agent on them and get monitoring information that way. I setup Zabbix and it works okay. I'm trying to get uncorrectable error counts via smartctl on linux servers. It works for SATA drives but not for SAS drives. I'm wondering if anyone else has set something like this up. I'm also considering Nagios as it might be more popular so there might be more support to get these uncorrectable error counts via Nagios plugin. What do you guys think? I know Nagios cost like 4 grand, and Zabbix is free, so that's kind of a huge deal, but I can get the 4 grand from my company if I need too. I just want a reliable way to preemptively get the uncorrectable errors from my servers so I don't have emergencies all the freaking time, so annoying. submitted by /u/MudKing123 [link] [comments]

PJON (Padded Jittering Operative Network) - A new networking Open Standard Posted: 08 Dec 2019 08:31 AM PST Hi, I would be happy to know what you think about PJON's latest release: https://github.com/gioblu/PJON Few years ago I submitted here PJON and many of you have given really good suggestions that we have effectively implemented, although initially my tests were not able to identify the downsides you pointed out. Thank you for your support and for this great reddit community. I hope this may be useful for you! submitted by /u/gioscarab [link] [comments]

SD-Branch and moving fw rules towards the branc gateways Posted: 08 Dec 2019 04:07 AM PST submitted by /u/PublicSectorJohnDoe [link] [comments]

RSTP/MSTP Max Convergence Posted: 08 Dec 2019 01:04 PM PST Can someone help me setup a lab demonstration of a RSTP multi second convergence time? I believe this can only happen when a link does not go down but instead stops sending bpdu's and timer's are used. thanks. submitted by /u/IndSolutionist [link] [comments]

Who is your favorite person from networking world? Posted: 08 Dec 2019 05:15 AM PST I gotta say David Bombal. He is CCIE although very humble and shares knowledge on YouTube. I know he has courses on Udemy as well but lots of free stuff is on YouTube and it is very informational. Who is yours and why? submitted by /u/sounknownyet [link] [comments]

Ruckus WatchDog Support? Posted: 08 Dec 2019 03:00 PM PST Hi all! We are almost done with an RFP process for replacing our entire wired and wireless network. One of the contenders is Ruckus and we would purchase both their wired and wireless. They would be supported by Ruckus WatchDog Support. I'm wondering what the general view on this support is as the other contenders have more local support options that we know are good. I'd love to hear any thoughts at all. Thank you! submitted by /u/zenzenexpert [link] [comments]

Looking for bandwidth calculation for 5g over cbrs Posted: 08 Dec 2019 10:59 AM PST If this is the wrong sub, please direct me to right one. Been investigating 5g cbrs 3.4 to 3.7 ghz for private use, on the web. But I cannot find how to calculate how much bandwidth or how the new 5g nr will work to allow a range of spectrum to be used. Any pointers out there? Edit: found a lot of marketing on the web, but not much on how to plan or build a private 5g network. I'm hoping to get 1g to 10g bandwidth. submitted by /u/jcsf321 [link] [comments]

Aruba wireless gougle expeditions Airgroup issue Posted: 08 Dec 2019 10:17 AM PST I know this is more of a k12 thing posted there to. Was hoping maybe someone here had done this or something similar with a different service on Airgroup. Has anyone got Google Expeditions working with AN Aruba controller/Mobility Master. Ive followed all the stuff for setting up AirGroup but there is something I'm missing cause it still wont work. If i setup an Instant AP I can get it to work with Airgroup but for some reason cant get the controller working. It seems like it's hit or miss for people being able to get it working. submitted by /u/bretfred [link] [comments]

Quick question regarding Reverse DNS Record Posted: 07 Dec 2019 05:12 PM PST I hope i'm in the right spot to ask this. I recently got my ISP to provide me with a few reverse dns records for some mail servers. I've done this many times and never had any concerns about them working, but this time the results I get back when I test make me wonder if they were set up right, or more likely, that I am not understanding the protocol, and my googlefu is not working on this subject. Is this an acceptable reverse dns record? 1.2.3.4.in-addr.arpa. 12345 IN PTR mail.acme.com.2.3.4.in-addr.arpa. Thanks everyone. submitted by /u/mtmadhatt [link] [comments]

Troubleshooting Wifi device - need low level WiFi Sniffer Posted: 08 Dec 2019 12:03 AM PST I'm troubleshooting an issue where ESP8266 Microcontrollers frequently don't respond to ARP requests when connected to a Mikrotik Access Point if they're configured to use any kind of sleep (which is enabled by default). This appears to be a common issue rather than a code or configuration problem. Investigations so far suggest that this is related to the way APs buffer broadcast packets and wait for the next time the client wakes up before forwarding the packet. To troubleshoot, I've setup an unencrypted Wifi network and used Airodump-ng to dump the frames to a pcap, however it seems to "simplify" the traffic. E.G if one host pings another I'd expect to see the frame twice, one from client to AP, and again from AP to the client being pinged. However I only see one frame. Similarly for ARP I only see it once. Assuming it's being buffered correctly, I'd expect to see several times, once from client to the AP, the client broadcasting it to all connected clients, and then again each time a sleeping client wakes up and requests pending frames. Is there a free / FOSS tool that captures Wifi frames in this detail? Or have I configured Airodump-ng in correctly? Edit: I need to see the L1 Wi-Fi stuff, not just the normal IP traffic Thanks submitted by /u/YeezysMum [link] [comments]

Surely RADIUS Authentication is just an insecure protocol Posted: 08 Dec 2019 08:46 AM PST I might be mis-understanding something, but let me demonstrate why I think RADIUS is a bad protocol, envisage this: PC ---INFRASTRUCTURE NETWORK ---> ASA ----> INFRASTRUCTURE NETWORK ---->RADIUS SERVER Let's say you SSH to your ASA, and login. There's a few steps: Process Your user/pass is sent over the encrypted SSH tunnel to the ASA The ASA uses it's stored shared secret with the RADIUS server to verify it's identity, and encrypts your password with HIS shared secret, and sends it off as a RADIUS "Accesst-Request" towards the server. Server decrypts the request, checks the username/pass combo, and sends it back to the ASA as a RADIUS "Access-Accept" ASA sees the accept message and allows the user to login. SOME MAJOR issues with this process that horrifies me in my findings. I'll detail the problems in relation to the steps above: Issues with the process Your user/pass is sent as a clear-text password, over the SSH tunnel. At the ASA side, it's able to see the full user/pass. The only reason it's fairly safe, is because you sent it via SSH to the ASA. Problem = your password was never encrypted by YOU. Your user/pass at step 2 is encrypted with the ASA's shared secret (shared with the RADIUS server), and it transits over the underlying infrastructure. So the strength of your password actually doesn't even matter at this point, as the constraints to decrypt it lie purely on the strength of the encryption algorithm & password complexity of the ASA's shared key. Server decrypts the request using the shared secret between the ASA and RADIUS server, and gets a nice clear text view of the password to then verify you. Again, your password is simply now in clear text at 2 places, on the ASA and the RADIUS server. So if that shared secret gets compromised, you can capture a login request, import compromised ASA shared key into wireshark, then view the users password (which I tested on this exact setup, to verify my understanding). Summary My point being that you are not in control of your password at all. When you enter it, you rely ONLY on the strength/complexity of the shared secret between the RADIUS server and ASA, along with their encryption algorithms. Since it's a shared secret (i.e. using symmetric encryption), with a standardized function of how to encrypt/decrypt it, it means the process is reverseable. To crack the password, you would need a packet capture, then brute force the encryption key by running it through the reverse function used to encrypt it for each attempt. So as I say, the strength of your password almost doesn't matter, because that's not what is keeping it secure. We should surely be using asymmetric encryption from the host to the radius server, with the ASA's job being to forward that packet to the RADIUS server. Then we are in control of our password. submitted by /u/sg4rb0sss [link] [comments]

Some thought about a proxy server problem from textbook Posted: 08 Dec 2019 04:58 AM PST - Description: Assume the rate of the institutional network is Rl and that of the bottleneck link is Rb. Suppose there are N clients requesting a file of size L with HTTP at the same time. For what values of Rl would the file transfer takes less time when a proxy is installed at the institutional network? --(Assume the RTT between a client and any other host in the institutional network is negligible.) --- I understand that the goal of setting up a proxy server is to satisfy client request without involving origin server, and it is a way to reduce response time for client request and reduce traffic on institution's access link. But I am wondering why it asks about institution bandwidth? Is there any limit to that? (isn't it the higher the better). Doesn't "cache hit rate (requests satisfied at cache/ all requests) > 0" already guarantee less response time? thanks for any idea! --- submitted by /u/hungg8g8 [link] [comments]

You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States