SecureCRT finally has phrase and substring matching for keyword highlighting! Just awesome! Networking |
- SecureCRT finally has phrase and substring matching for keyword highlighting! Just awesome!
- Enabling DHCP on Firewall, via L3 interface to Core network
- Cisco 2960G lanbasek9 vs universalk9 image
- vyos in an enterprise network
- RFP proposal gotchas?
- SD-WAN Opinions please. Cloudgenix vs VeloCloud
- Wireless Access Issue
- Reverse Poison in EIGRP
- MVR and PIM
- Cisco Prime - Push out updated WLC Controller IP/Hostname
- Private or Public IPs between eBGP peers?
- Using external and internal interface on VPN
- Unable to upgrade AnyConnect 4.x to 4.8 via ASA
- Trying to use Dynamic DNS on Att Hotspot (Netgear LB2120) and seeing different IPs, how can I dial into this network from WAN?
- ISR1000 for SD WAN
- Looking for help to avoid layer 2 strected vlan
- [ASK] Mikrotik script for user based on data usage
- Does the HPE Aruba 2540 do intervlan routing?
| SecureCRT finally has phrase and substring matching for keyword highlighting! Just awesome! Posted: 17 Dec 2019 12:22 PM PST SecureCRT 8.7 (Beta) increases your efficiency with a keyword highlighting enhancement that allows phrase and substring matches. On Windows, a dockable Command Manager lets you organize, filter, and launch commands, and local shell support lets you work in a tabbed CMD or PowerShell session. Also new are Xterm True Color (24-bit) support and the ability to include folders when filtering sessions in the Session Manager. On macOS, Dark Mode is supported. [link] [comments]  |
| Enabling DHCP on Firewall, via L3 interface to Core network Posted: 17 Dec 2019 05:09 AM PST Hey, will try to keep this simple - I'm stuck mid way through upgrading our network. I'm a CCNA been working for a 300 seat company for a year and joined with an existing flat network, all L2, using our firewall as gateway and DHCP server, all setup by someone without networking knowledge! I've created VLANS we need, SVI's on our core for inter vlan routing, and these are working via a different L3 link to our firewall but I have an issue. Due to limitations on our Dell switches they can't run enough DHCP pools, so I'd like to forward the requests to the firewall via ip helper address command. The Watchguard (M370 with latest OS) won't accept any config for DHCP pools that aren't in the connected interface range, which is an issue as it's a /30 to the core where all the vlan subnets are. Alternatively, I could run a DHCP server elsewhere but we are entirely Mac based, and using Google Suite and don't have any on-site servers to run DHCP and it's unlikely we'll buy any. Has anyone heard of ways to run DHCP servers in GCP / AWS? [link] [comments]  |
| Cisco 2960G lanbasek9 vs universalk9 image Posted: 17 Dec 2019 10:33 AM PST I have Cisco WS-C2960G-48TC-L switch and following images on tftp server so question is what image i should pick? and what is the difference between lanbase vs universal? Image list. c2960-lanbasek9-mz.150-2.SE9.bin c2960s-universalk9-mz.150-2.SE10a.bin c2960x-universalk9-mz.152-2.E6.bin [link] [comments]  |
| Posted: 17 Dec 2019 04:01 AM PST Is anyone using vyos in an enterprise network with bgp? If yes, what kind of hardware are you using and what kind of performance can one expect? We are currently migrating to bgp instead of static-routes over a linknet between our network and our ISP and we're currently using our external firewalls to peer with our ISP over bgp. Im not sure this is a good thing and im also seeing some issues when the firewalls failover. For example the bgp-session has to be re-established, this is also confirmed with the vendor (Sonicwall) since we're using a active/passive HA-solution instead of an active/active. We dont have huge traffic volumes or a big network, so i've been playing a bit with vyos and it seems pretty good. We'll probably just use a default route from each of our ISP's router so i am not expecting a huge routing-table. [link] [comments]  |
| Posted: 17 Dec 2019 05:10 AM PST My team is sorting through a pile of RFP proposals this week from the major vendors for a data center refresh. Anyone have any gotchas or something that they found later was a bit of wordsmithing to change perception? [link] [comments]  |
| SD-WAN Opinions please. Cloudgenix vs VeloCloud Posted: 17 Dec 2019 01:40 PM PST Hi All, yet another SD-wan bake-off post. We are in the process of evaluating the final two SD-wan vendors, Cloudgenix and VeloCloud. Yes we considered and looked at other vendors, but end of the day, this is the either-or decision. Our Problem to solve / what SD wan does for us: Simplify the network (remove dmvpn and other complex routing rules), replace aging cisco equipment (hardware refresh), cost ($$mpls -> internet), breakout for SAS (currently backhaul to datacenters), and hopefully better end user experience, or at least no change (user experience generally is good) Current environment is ~13 branch sites, 2 DC. Paloalto in the DCs, MPLS to sites, backhauling internet to DCs. Most sites either have the MPLS, or in some cases internet, and running DMVPN over the entire network (mpls+internet sites). Also some funky routing for the DC subnets (NSX cross vcenter, which is another story..). We do NOT have PANs at most sites, as we backhaul. we have a current POC for both solutions, and from a pure SD-wan nuts and bolts, both work fine, able to aggregate traffic across multiple links, have a voip call while dropping links, etc. Of our branch sites, we have some international, including Argentina, Saudi, and Dubai. Dubai specifically has some issues in that IKE traffic is sometimes filtered on the internet connection, causing basic ipsec to fail to establish. Both Velo and Cloudgenix use non-standard tunnel formation, so this shouldn't be an issue for either. The cost for both solutions is close enough to not be a deciding factor. Regarding security posture of the two solutions, we are looking at these options: Velo: only looking at 520v and 840v as devices, which enable the hosting of a vm50 or vm100 Paloalto firewall on the box. This means all branch traffic will hit the VM series PAN first, then onto the Velo engine before hitting internet / cloud pop, etc. We have Panorama already, and this would be an easy add-in for administration, and gives full visibility to traffic flows to panorama / cortex xdr / SIEM-SOC. Overall nice solution. Caveats are bandwidth throughput limitations on the VM series, although not really an issue for smaller sites. Also doesn't support HA (one larger site would be an HA pair), and overall adds some complexity to the solution. Cloudgenix: Would pair with Paloalto Prisma, very neat and tidy API tie in from Cloudgenix. Traffic would flow first to Cloudgenix appliance, and SD-wan policy would push generic internet to Prisma for egress. Can also utilize Prisma for backhaul between sites potentially (it can act like a Velo cloud POP). The +/- from a security perspective, if you choose to let any traffic direct to internet (not via Prisma), PAN never sees those traffic flows, and you potentially have a lesser security posture. But if you send ALL traffic to Prisma, you loose some of the benefits of the SDwan, as it's basically just forwarding all traffic to the cloud pop anyway. And Prisma generally is more cost than the vm series firewalls on Vello. Note.. I am aware Paloalto has an SD-wan subscription. We did look at it. it uses standard IKE ipsec protocols to create it's tunnels, which would get broken in Dubai. So to all the other folks out there, please share your thoughts. Which way would you go? Thanks! [link] [comments]  |
| Posted: 17 Dec 2019 09:00 AM PST Good morning, all; First time poster, long time lurker. I have run into an interesting problem, and I wanted to see what some other folks have to say, as my usual Google-fu has only been a little helpful so far. Internal network with Domain Controller as DNS/DHCP host. We've got a Sophos UTM 9 firewall with a Cisco SG300-52 as our primary switch, currently set to L3 mode. We've got multiple Ubiquiti Access Points in the building, all of which are attached to the internal network normally. We've got three SSIDs set up - two primary ones, one for users, one for guests, with no VLAN tag, and a third one just for our robots on VLAN 3. On our firewall, we've got a DHCP server set up with it's own interface for VLAN 3. On the switch. we've got all of the AP ports tagging VLAN 3 traffic, native is untagged, everything else is excluded. Figured out that we needed to turn on the relay on the firewall to get internal traffic to the right DHCP server, or else anything trying to connect got confused. Here's my problem: The confusion is still happening from time to time. I had a user, who normally connects via Ethernet, try to connect to the WiFi but they were continually being told there was no internet, despite being 'connected', and their IP address always ended up as a 169 with no gateway. Even when I assigned a gateway, it failed to connect. The only way I could seem to get it to work was by first having their PC forget the network, reconnect to it, then add a static IP address on the correct subnet to get their network/internet working. I am positive the issue lies somewhere between the access points and the firewall - specifically, I think the problem lies with the switch port configuration. I was having some issues initially setting it up, but I figured out if I tagged VLAN 3 on the port in question and left the native VLAN untagged, traffic would flow normally. GE41 is a port one of the APs is plugged into, and GE51 is our primary LAN line, allowing all of the VLANs we have configured through it. Any suggestions would be much appreciated. And if I left out any important information, please ask. Firewall interface setup: https://imgur.com/ynXGsRq Firewall VLAN DHCP setup: https://imgur.com/OMPWeSz Firewall relay setup: https://imgur.com/LgjnDwa Switch port VLAN settings: https://imgur.com/Qpb3ETz AP SSID settings: https://imgur.com/7bnqn9k [link] [comments]  |
| Posted: 17 Dec 2019 03:26 PM PST While I was doing some labs I found that router doesn't always send reverse poison packets when a new update is learnt. [link] [comments]  |
| Posted: 17 Dec 2019 03:04 PM PST I have been studying some MVR for IPTV and got a question on my mind. If you have an L3 network running PIM per usual, and you want to have a set of switches running MVR incorporated into it, would you set the L2 interface pointing on the MVR domain as IGMP multicast routing interface and the RVI as part of the PIM domain? Thanks! [link] [comments]  |
| Cisco Prime - Push out updated WLC Controller IP/Hostname Posted: 17 Dec 2019 02:57 PM PST Hi All, Not sure if this is the correct subreddit for this, but here it goes... I'm looking at changing the Tertiary Controller IP/Hostname on all of our APs from the current setting. All APs/WLC's are managed via Cisco Prime. Is there an easy way to change the settings all APs have now as their tertiary controller for updated IP/Hostname of another controller? I assume this would be completed via a template, however can I simply create a template that changes the Tertiary details? Or does the template need to contain all settings on the AP else it'll overwrite other settings? Thanks for your help. Jeff. [link] [comments]  |
| Private or Public IPs between eBGP peers? Posted: 17 Dec 2019 02:22 PM PST To my understanding the eBGP neighbors will peer with each others public IPs on their loop back interfaces but will the addresses used on the physical interfaces between the two routers be private or public? The scenario would be between two ISP's not ISP-Customer. [link] [comments]  |
| Using external and internal interface on VPN Posted: 17 Dec 2019 01:26 PM PST I'm replacing a VPN and I was wondering if there would be any advantage to using both the external/internal port on the firewall vs just using NAT to the internal IP address of the VPN. Initially I started setting up the external interface on a DMZ but I noticed the old VPN appliance is only connected internally with NAT on the firewall going directly to the internal IP address. Would it be more secure to use both interfaces on the VPN with external on the DMZ and the outside NAT pointed to that. I know the old VPN was setup by a MSP so not sure if I'm overthinking it or if they were just lazy. [link] [comments]  |
| Unable to upgrade AnyConnect 4.x to 4.8 via ASA Posted: 17 Dec 2019 12:38 PM PST Hello, I can't upgrade at all from a lower AnyConnect version to a higher one regardless on the version on a local user's laptop (the user doesn't have admin rights). I can upgrade if I switch to an admin account. It seems like this is the cause, but I can't prove it or find that this is precisely the issue. Is there a way I can pinpoint it? I look into the AnyConnect logs, the DART, debug command in the ASA, the certs, and there nothing telling me that it's an admin's rights issue. Any ideas? [link] [comments]  |
| Posted: 17 Dec 2019 12:10 PM PST I am trying to setup a external route into a network that is using ATT, a Netgear LB2120 sim modem/router (set to Bridge), and a TPLink router with Dynamic DNS and port forwarding so I can connect to a IP connected system. The issue seems to be that the IP addresses I see are different at 3 levels and the Modem . The website WhatsMyIp shows my IP as 166.170.xx.x I was reading about how there are not enough IPv4 so ATT uses a system that shows an IPv4 to outside world but internal routing is different. Getting a Static from ATT is cost prohibitive. Anyway, can someone educate me a bit so I can ask the right questions? My work around will be to put a Compute Stick behind the router so it can be remoted into. Not ideal. Thanks! [link] [comments]  |
| Posted: 16 Dec 2019 07:36 PM PST Hey guys. Im currently working on a sd wan project and looking at some router options (Cisco) . We have around 120 sites with many sites only requiring 50 to 25 Mbps for DIA. My question to you guys is how do you feel about using the ISR 1100 for these smaller sites? I initially spec'd everything out with 4300 and 4400 with appropriate licensing but it came out to be way more expensive than just deploying vEdge 100 and vEdge1000 . I know the c-Edges(isr) support l7 firewall features while the vEdges dont so im looking for a way to get the cost difference closer in order to get management buy in. Tldr; are ISR 1000 appropiate for smaller branch sites and when do you decide to use a 4300/4400 c edge over them. We plan to use fiber dia and broadband secondary later on. [link] [comments]  |
| Looking for help to avoid layer 2 strected vlan Posted: 17 Dec 2019 01:46 AM PST So to keep the long story short, we are getting two EPL lines from a ISP we need to connect to another site which we have. Our datacenter is primarily just L2 with VPC running on the leafs. And i do not want to strect a layer 2 to another site to avoid any loops as you guys suggests. I have tried to come up with 3 solutions and i'm looking for any improvement and the best way to do this. A diagram of one solution can be found here: https://imgur.com/a/Zwaoh7a At the customer site, we will deploy two routers in HSRP/VRRP and each one of them connects to each CPE from the provider. If we look at the datacenter site, there will be two firewalls running Active/Passive, each CPE will connect directly to each CPE in a full mesh, and then i want to run OSPF over the EPL line to have fast convergence. The secound solution diagram can be found here: https://imgur.com/Q3C2KVA So in here the customer site will remain the same, but at the datacenter i will connect each CPE to each Core/Spine switch in a lacp aggregation since they are running VPC, so in this way i have a full mesh layer 2, but again then i'm strecting a routed vlan all the way back to our core switch, which i guess you guys will not recommend?. The third solution: I do not have a diagram of the third solution. But in this solution, i would terminate each CPE to a pair of leafs switches "in the datacenter site" in a LACP aggregation since these Leafs also will be running VPC. I will then configure OSPF on these leafs switches and then peer with each router of the customer. But would this be a viable solution at all and is it recommended? Edit: Solution 4 which i have also thought of. Would it be ideal if i configured VRRP on the routed network, and just do static routing with the VIP's? The IP address in the diagram is the network i will routing on. Or what would the community suggest i do? [link] [comments]  |
| [ASK] Mikrotik script for user based on data usage Posted: 17 Dec 2019 01:43 AM PST Hai guys, I want to make policy in my network. So let say we give user 75Gb of quota and we want to make sure if user reach 50% of their internet data usage the speed will drop to 80% of their current max limit and 75% if they reach 80% internet data usage. I know the idea behind these scenario but I'm difficult to implement it via mikrotik scripting since I'm not play so much with script. Is anybody know how to write script for this scenario? Or share it here if you already know it. Sorry for my bad english. [link] [comments]  |
| Does the HPE Aruba 2540 do intervlan routing? Posted: 16 Dec 2019 10:37 PM PST I'm trying to understand if the Aruba 2540 can do intervlan routing. In the datasheet it says that it have limited layer 3 support but on the 16.05 firmware manual it says that if you configure and ip address on the vlan (so creating an interface on the switch for that vlan) and enable up routing you could do routing. Any hint? Background info: I only need to route between vlans on that switch, I'm replacing a Cisco 3750 that died in emergency with multiple vlans and up routing activated, configured as router on a stick, with a route 0.0.0.0/0 that send all the traffic on an uplink to the router. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment