Radius and TACACS+ Solutions Networking

---

• Radius and TACACS+ Solutions
• Meraki for LAN monitoring?
• OSPF Path Prepending?
• How do Cloud VoIP Providers guarantee qos and call quality if you access their services over the Internet?
• Spanning vlans between sites - failover implementation?

Radius and TACACS+ Solutions Posted: 28 Dec 2019 07:10 AM PST We are looking for an AAA solution mainly for login management of network switches, routers, and access points for our network techs. Vendors include Juniper, Cisco, Calix, Adtran, Nokia, Mikrotik, and Ubiquiti. Some of these network operating systems support both radius and TACACS+ authentication methods, whereas others only support radius (Mikrotik for example). Is TACACS+ even widely used anymore? There does not seems to be a dominant hosted solution for this out there today, so I assume many people have rolled their own with opensouce or commercial offerings. What solution do you have in place? Ideally something with a nice GUI and logging capabilities. Integration into an external LDAP or IDP would be preferred as well. submitted by /u/ColtonConor [link] [comments]

Meraki for LAN monitoring? Posted: 28 Dec 2019 11:59 AM PST Hi, large enterprise here with MPLS network connecting multiple sites. Our perimeter is pretty solid but I'm looking for a security appliance that will give us good visibility into the LAN at each facility to monitor inbound/ outbound traffic, bandwidth, endpoint online status, and that includes anti-malware and intrusion detection/prevention. No routing. No VPNs. Just set up as passthrough. I've used Meraki in the past and especially liked the intuitive dashboard. It enabled us to identify problems rather quickly and respond to security incidents. What are your thoughts on this use case and is there anything out there that is similar? submitted by /u/SysAdminCafe [link] [comments]

OSPF Path Prepending? Posted: 27 Dec 2019 08:44 PM PST I apologize for the dumb question, I am banging my head on this one. I currently work for an Organization with 14 Sites and two Colo/DC's. We currently have an L3VPN over MPLS with a typical BGP peering session between the PE and CE. Due to a number of different reasons (Carrier Reliability, Cost), we will tentatively be moving to a L2/Metro-E solution for the WAN Connectivity to the branches and using OSPF as the routing protocol for simplicity. What I can't wrap my brain around is how we announce the DC and default routes to the WAN. We have our Servers split between two DC's. DC-A servers are in VLAN 10, DC-B in VLAN 20. Several years ago, we added OTV into our environment and have been moving servers to a single server VLAN, VLAN 30. VLAN 10,20 and 30 are all apart of the OTV Domain and using Vmware we can migrate servers between DC's for HA (pretty standard), We currently use route maps to Prepend the routes to force all DC-A traffic to DC-A unless unavailable and likewise for DC-B, then announce the Defualt (Internet-bound traffic) via DC-A unless unavailable. (Failing to DC-B). Is there a way to easily accomplish this with OSPF or should I look at something else? Thanks in Advance submitted by /u/theITcowboy [link] [comments]

How do Cloud VoIP Providers guarantee qos and call quality if you access their services over the Internet? Posted: 27 Dec 2019 05:26 PM PST As we all know as network professionals there is no qos honored on the Internet between different carriers. Dscp is usually stripped off or at least ignored. We also know as network professionals that VoIP cannot work without qos. If you send 10 udp packets from your location to another location on the Internet chances are all 10 packets will each take a completely different path, hitting different routers and even different autonomous system numbers. This is just how the Internet is designed, and if at any hop your packet meets a loaded interface your packet will be buffered and transmitted best efforts after any carrier grade traffic is given priority. This means two big things. The time between the packet being sent will not match the time between the packet arriving. This is important because RTP sends a steady stream of packets each packet sent at exact time intervals. The packets may not arrive at the same order they were sent. This is important because each packet has a small sample of audio data My question is how do Cloud VoIP providers guarantee good call quality and qos on their product if you are using a best effort medium to reach them? If you have got a tier 2 isp for example your VoIP might go through 3-4 differ transit provider before it reaches your provider. I am just wondering how businesses are able to use Cloud VoIP and the users do not notice any problem? How is that working so good? Many businesses are using this Cloud VoIP so I'm wondering if there is something going on where they found a way to protect this traffic and give it qos? submitted by /u/NetworkApprentice [link] [comments]

Spanning vlans between sites - failover implementation? Posted: 27 Dec 2019 04:33 PM PST Inherited this weird DC setup which was meant to be temporary - presence in equinix and cyxtera in CH2 Chicago but with a need to pass a vlan between the two. Was meant to be temporary but has become semi permanent due to other issues in moving out of one of the floors ASR at each site is passing one vlan through using x-connect over public internet. It's taken is nearly a year to get a proper cross-connect up between the two sites and we are now passing the vlan directly between switches in both sites instead. My question is, is it possible to keep the x-connect as backup incase the cross-connect goes down (without causing some kind of loop)? Do bpdus get passed through a x-connect? Would spanning tree save our arse or would it do us over? submitted by /u/LittleWanger [link] [comments]

You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States