vCenter to NetBox Sync Tool Networking

---

• vCenter to NetBox Sync Tool
• Cisco’s development of Snort 3.0 stalled?
• How to setup Cradlepoint CBA850 with LP6 modem for failover
• VOIP Vlan between two sites.
• Chrome duplicate three-way handshake?
• Serial Connection to the DNA Center Appliacne
• Weird ESXi Networking Issue
• Catalyst 3650 and flash core directory
• Any recommendations for an open-source multi-point VPN
• Cannot access Azure resource from a particular ISP -- works everywhere else
• NSX DC to Viptela Integration
• HP Aruba SSH "CLIENT" Configuration
• Cisco Polycom 7937 = WTF!! Need some help!
• Zyxel USG 50 VLAN setup
• Zyxel Vlan "Base Ports"

vCenter to NetBox Sync Tool Posted: 27 Dec 2019 04:14 AM PST Happy holidays, Everyone! Recently on the NetBox discussion group there was a conversation around methods of syncing data from vCenter to NetBox. I've been a huge fan of NetBox and wanted the opportunity to give back to the community and this looked like a good chance. After lots of successful internal tests, I'm now comfortable moving it forward. I'd like to work open it up to beta testing before making a 1.0.0 release. If you have a dev instance of NetBox and are interested in collecting data from vCenter I would love your feedback. I've also added a cleanup function so you can wipe all the synced data when finished testing. GitHub - vCenter NetBox Sync Thanks so much! A very happy new year to all! submitted by /u/sudoraymond [link] [comments]

Cisco’s development of Snort 3.0 stalled? Posted: 27 Dec 2019 10:29 AM PST Does anyone have any updates about Snort 3.0? There is basically nothing but radio silence on their official webpage/blog about its development? submitted by /u/ITdirectorguy [link] [comments]

How to setup Cradlepoint CBA850 with LP6 modem for failover Posted: 27 Dec 2019 11:45 AM PST I have business that I own and do IT for. I need backup cell data in case our main internet goes out. I have Arris Modem from Spectrum (which I cant configure as they restrict access). I bought cradlepoint CBA850 with the LP6 modem. I plugged in att sim card and was able to get data from lan1 working. I followed directions here for failover. Its not working because I dont have router after cradlepoint to act as the nat/dhcp host. How do I configure that in cradlepoint? I know its tricky because if data comes from arris modem then that acts as the dhcp server and hands out ip addresses but if it switches to cellular data then everything will have different ip and mess up entire network. Id like to keep the ip addresses and range the same if landline internet vs cell so network doesnt get affected. submitted by /u/Austinandersen2323 [link] [comments]

VOIP Vlan between two sites. Posted: 27 Dec 2019 01:04 PM PST Hello everyone, I am trying to wrap my head around this. I would like to separate our VOIP from our PC network. We have a Aruba 2930F L3 switch and Sonicwall firewalls with sire to site VPN. We have two locations with a PBX in each location. Separating the VLANd locally is not an issue because the L3 would handle the intra vlan connections but how would I get the Aruba switch to forward the traffic to the sonicwall so that it can pass along the traffic to the second location when someone wants to make a call to the branch office using the internal extension number? The GUI doesn't seem to have any way to configure routing. Is this only possible trough CLI? submitted by /u/dimx_00 [link] [comments]

Chrome duplicate three-way handshake? Posted: 27 Dec 2019 12:47 PM PST Does anyone know why when you do a wireshark capture of a chrome web socket, it sends two three-way handshake protocols? Or am I the only one who noticed? submitted by /u/the_facts_please [link] [comments]

Serial Connection to the DNA Center Appliacne Posted: 27 Dec 2019 01:05 AM PST Hello everybody We got a DNA Center Appliance from Cisco for the next 3 Months to test it. but it is allready a pain in the ass, as i put it into the rack, patched all cables as written in the manual. patched also the CIMC + Serial. First of i had to realise - CIMC is NOT on DHCP on default - so fuck that i have to go over the Serial to configre the CIMC. fuck that also as i cannot connect to it and there is no info on the internet about the settings to connect to it. i found out it has to be 115200 Baudrate. but nothing else. it does not work when connected to our Console Server as when i connect to it with my Cisco Cable. ​ Does anyone here have any idea how the hell i can get the serial connection to work? as i realy dont have time to get a screen, a keyboard, go to the datacenter and set tall this shit up. submitted by /u/kaiser-bus [link] [comments]

Weird ESXi Networking Issue Posted: 27 Dec 2019 02:46 PM PST TL;DR A VM on ESXi can't ping VMs in the same VLAN on another ESXi host, but can if vMotioned to a third host. Changing the virtual NIC's MAC address resulted in the same issue, but different source and destination problem hosts. Changing the virtual NIC a 3rd time and now it can't connect to VMs on any host on a different VLAN (but can reach other non-virtualized network devices and other VMs are able to connect as expected). Long version: I have 4 ESXi 6.5 hosts, each with 2 10Gb up-links, one each to 2 Cumulus core switches in MLAG. The core switches are the default gateways for the VLANs. Each VLAN is in it's own VRF, and inter-VLAN traffic is routed up to the firewall. We have several VLANs/VRFs, important ones are VLANs 1 and 4 which are trunked to all hosts. Round 1: I noticed our monitoring system (VM1, Solarwinds on Windows server 2016) which was hosted on host 1 in VLAN 4 was unable to reach any VM on host 3 VLAN 4, but could reach any other VM in either VLAN 1 or 4 on hosts 1, 2, and 4, and any VM on host 3 in VLAN 1. Also, other VMs on host 1 VLAN 4 could reach anything, including VMs on host 3 VLAN 4. Watching in Wireshark on VM1, I could see it sending out ARP requests for the IP of VM2 (a VM in vlan 4 on host 3) and I could see the ARP requests coming into the core switches (watching via a span port). However, watching Wireshark on several of the target VMs I never saw any of VM1's ARP requests at all. If I vMotioned VM1 to any other host, everything worked perfectly as expected. So... weird. After much experimenting and head scratching, I tried removing the VM1's virtual NIC, and adding a new one (new MAC address, identical IP config). Immediately everything worked as expected. Round 2: Weeks later, VM1 got moved to host 4 and immediately lost access to all VMs on host 2 VLAN 4, but again, access to all other hosts and VLANs worked as expected, no other VMs seemed to experience the issue, and everything worked perfectly if I moved VM1 off host 4. Same behaviour with the ARP requests, I could see them leave VM1, see them cross the switch, but never see them in any target VM. I again deleted it's virtual NIC and re-added it, this time as the VMXNET 3 adapter type rather than E1000. Access to host 4 VLAN 4 started working again, as well as VLAN 4 on all other hosts. Round 3: Five minutes later, I get alerts for everything in VLAN 1. VM1 is not able to ping any VM on any host in VLAN 1, but can reach everything else (anything not virtualized) on VLAN 1. I can see the packets coming in the switches, up to the firewall, and back into the switches on the correct VLANs in Wireshark. However, watching in Wireshark on several of the VMs in VLAN 1, I don't ever see the echo request. But, physical servers and other devices in VLAN 1 are no issue. What the hell??? I guest the fact that things change when I change the virtual NIC made me think it was some kind of weird layer 2 connectivity issue with ESXi, possibly related to the MLAG load balancing config somehow? I've gone over and triple-checked both ends of the MLAG up-links, and don't really see anything that looks unexpected. The ESXi end has one virtual switch, with 2 uplinks, the load balancing mode is "route based on IP hash". The switch side has the up-link added to a bond with the CLAG ID matching on both switches and the bond mode set to balance-xor, layer3+4 mode. Any thoughts? submitted by /u/packet_nerd [link] [comments]

Catalyst 3650 and flash core directory Posted: 27 Dec 2019 06:42 AM PST Hi guys! I'm needing to upgrade a 3650 and I'm memory short. Seeking where is the shit, I found that I have a lot of this: hostname#dir Directory of flash:/core/ 85361 drwx 4096 Dec 20 2017 19:50:25 -03:00 modules 38814 -rw- 1 Dec 27 2019 11:32:57 -03:00 .callhome 38818 -rw- 5139267 May 20 2019 12:32:20 -03:00 hostname_1_RP_0_nginx_11572_20190520-123208-CHI.core.gz 38819 -rw- 4673333 May 20 2019 12:32:31 -03:00 hostname_1_RP_0_nginx_29257_20190520-123220-CHI.core.gz 38820 -rw- 4672672 May 20 2019 12:32:42 -03:00 hostname_1_RP_0_nginx_29549_20190520-123231-CHI.core.gz 38821 -rw- 4673332 May 20 2019 12:32:53 -03:00 hostname_1_RP_0_nginx_29746_20190520-123242-CHI.core.gz There's a lot of this files (around 800 MB of those) and I can't find info about what they are and if I can delete them. Inside each of those .gz files there is one binary file with extension .core Does any of you have any idea about this? submitted by /u/ujemvi [link] [comments]

Any recommendations for an open-source multi-point VPN Posted: 27 Dec 2019 09:13 AM PST Trying to find a non vendor specific VPN (supported on Routers/Firewalls IOS), which is able to connect multiple sites. Such example is Cisco DMVPN but as the name implies it's vendor specific. Any suggestion is greatly appreciated. submitted by /u/MasterMattin1080p [link] [comments]

Cannot access Azure resource from a particular ISP -- works everywhere else Posted: 27 Dec 2019 08:56 AM PST I am having a weird issue that I can't quite wrap my head around. I know it focuses on an Azure resource, but I feel the issue is network/ISP related more than an Azure related issue -- hence the post here. ​ I have deployed an instance of Azure Files SMB for a client. let's call it companyfiles.file.core.windows.net Azure Files SMB 3.0 runs on port 445 for direct connections and this share has a public facing endpoint with RBAC controls. Connections to this resource works just fine on all of our sites except one out near the Poconos in Pennsylvania. Connections time out, Test-NetConnection and Telnet fail to connect to the port only at that site. I opened all ports on the site's router -- I even bypassed the router and firewalls entirely and hooked my laptop to their Brocade switch/modem, assigned the WAN IP and still could not connect to :445 -- While still connected I VPN'd to another site, works just fine so the resource is live. We're using Adams Cable and they swear up & down that they don't block any ports for their customers, and I believe them. They ran an nmap scan from their data center to the IP of the Azure Files endpoint I am using and they found only port 80 and 443 open, not 445 which made no sense to me, but nmap scan to my WAN IP showed 445 open. Azure has almost no settings for Azure Files networking on public endpoints so there's no configuration its an all-or-nothing config so nothing to mess up there; bypassed the site's firewalls and router so no issue there; used online port checkers against the Azure Files endpoint shows the relevant ports/services are open; to me it has to be the ISP or something upstream from our ISP? On the ISP with no VPN it fails a Test-NetConnection but when I do a tracert from my laptop directly on their modem I get the below result 1 21 ms 1 ms <1 ms SITE.WAN.IP.ADDR 2 24 ms 25 ms 27 ms chi-8075.msn.net [208.115.136.27] 3 25 ms 25 ms 25 ms ae31-0.icr02.ch2.ntwk.msn.net [104.44.237.21] 4 34 ms 32 ms 32 ms be-122-0.ibr02.ch2.ntwk.msn.net [104.44.11.8] 5 32 ms 32 ms 32 ms be-4-0.ibr02.dsm05.ntwk.msn.net [104.44.19.253] 6 32 ms 32 ms 33 ms ae162-0.icr02.dsm05.ntwk.msn.net [104.44.22.188] 7 * * * Request timed out. 8 * * * Request timed out. 9 * * * Request timed out. 10 * * * Request timed out. 11 * * * Request timed out. 12 * * * Request timed out. ... 30 * * * Request timed out. ​ What can I do to troubleshoot this further? Is the ISP blocking it? Is their upstream blocking it? I am far from a networking guru yet so I am stuck.... submitted by /u/dnuohxof1 [link] [comments]

NSX DC to Viptela Integration Posted: 27 Dec 2019 05:09 AM PST Hi All I have a scenario where the end customer already has NSX at his DC , currently he is evaluating Viptela and concerned about the end to end story. Is it possible to integrate SD-WAN from Cisco with NSX from VMWare (DC)? Thanks submitted by /u/gunner_100 [link] [comments]

HP Aruba SSH "CLIENT" Configuration Posted: 26 Dec 2019 07:11 PM PST Hi All, We have a few HP Aruba switches (5400R ZL2 to be exact). I'm working up some systems to take automatic backups over SFTP (I'm a Linux admin by heart). I'm working on adding a scheduled job to automatically backup the configurations. So far I have only been able to do this manually as I have to enter a password each time to upload over SFTP. I'm unable to find any information on generating a private/public key FOR THE SWITCH itself so that it can SFTP without a password but the only results I get on Bing/Google are about adding SSH keys so that operators/managers can SSH to the switch itself without a password. Can anyone point me in the right direction? Having some issues tracking down exactly what I need (assuming it's possible?) from HP or search engines. submitted by /u/amperages [link] [comments]

Cisco Polycom 7937 = WTF!! Need some help! Posted: 27 Dec 2019 10:02 AM PST Okay so I have this weird shit going on with a Polycom 7937 conference room IP phone. I plugged this phone in at my desk and I was able to get it configured correctly. I also verified that I could make and receive calls on it. So I am like okay cool, let me deploy it to the conference room where its going to sit. A few days earlier I also verified that the port on the conference room table works, I plugged my laptop and got an IP, and I also plugged in a regular Cisco phone and it was working. So this morning I go to plug in the 7937 and it stays stuck on "Configuring VLAN" so I am like huh ... okay ... I unplug and plug it back in. Same thing .... so I plug my laptop in and I get an IP. I verify I can reach the server and devices on the network. So I plug the phone back in, nope back to "Configuring VLAN" So I unplug it and plug into the port on the wall for the TV and boom it works! So now I am like WTF is wrong with that port. I just on the shitty switches they have here (SMB SG220s, and SG350s, I know lame) and I verify that the port on the table is configured EXACTLY the same as the one on the wall. I go to plug the phone in and I get stuck on configuring VLAN again. So I am like OKAY I know what I am going to do. Since it worked on the pot on the wall I am just going to go move the patch cable and move it to the working port. I go move the cable to the port I know it worked on, I plug the phone in and BAM!! "Configuring VLAN" again I did this a few times with different ports in the room I could get it to work on any port except the table port even if I move the patch cable. What say you Network superheroes? Any ideas as to WTF is going on here? submitted by /u/SiRMarlon [link] [comments]

Zyxel USG 50 VLAN setup Posted: 27 Dec 2019 07:34 AM PST Hey /r Somehow I'm unable to get VLAN's working in my lab setup which we will implement to our customers once we get some more understanding on it. We have an USG 50. In my setup I have created 1 vlan, assigned it to the LAN port and hooked up a client to the LAN port. I setup DHCP on my vlan but the notebook is refusing to get an IP address. There is no switch between the USG 50 and the client. I also do not understand how the Notebook should know it is assigned vlan10 ? I am used to cisco devices to which a specific vlan was assigned to a specific port. Yet this should be able to work with tagging? We want to configure this port to have (for example, VLAN10, VLAN20, VLAN30, etc...) and that servers will get vlan20, clients vlan30, AP devices vlan10, etc.... This is my current setup: ​ hardware-watchdog-timer 10 ! software-watchdog-timer 300 ! interface-name ge1 wan1 interface-name ge2 wan2 interface-name ge3 lan1 interface-name ge4 lan2 interface-name ge5 dmz ! port-grouping lan1 port 3 port 4 port 5 ! port-grouping lan2 ! port-grouping dmz port 6 ! account pppoe WAN1_PPPoE_ACCOUNT ! account pppoe WAN2_PPPoE_ACCOUNT ! ip dhcp pool LAN1_POOL network 192.168.1.0/24 default-router 192.168.1.1 first-dns-server ZyWALL starting-address 192.168.1.33 pool-size 200 lease 2 ! ip dhcp pool LAN2_POOL network 192.168.2.0/24 default-router 192.168.2.1 first-dns-server ZyWALL starting-address 192.168.2.33 pool-size 200 lease 2 ! ip dhcp pool DMZ_POOL network 192.168.3.0/24 default-router 192.168.3.1 starting-address 192.168.3.33 pool-size 200 first-dns-server ZyWALL lease 2 ! ip dhcp pool Network_Pool_VLAN10 network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 starting-address 192.168.10.3 pool-size 30 first-dns-server 192.168.1.1 second-dns-server 8.8.8.8 lease 2 0 0 ! interface wan1 ip address dhcp type external ! interface wan2 ip address dhcp type external ! interface lan1 ip address 192.168.1.1 255.255.255.0 ip dhcp-pool LAN1_POOL type internal ! interface lan2 ip address 192.168.2.1 255.255.255.0 ip dhcp-pool LAN2_POOL type internal ! interface dmz ip address 192.168.3.1 255.255.255.0 ip dhcp-pool DMZ_POOL type internal ! interface vlan10 port lan1 vlan-id 10 ip address 192.168.10.1 255.255.255.0 upstream 1048576 downstream 1048576 mtu 1500 type internal ip rip send version 2 ip rip receive version 2 ip ospf priority 1 ip ospf cost 10 ip dhcp-pool Network_Pool_VLAN10 ! interface wan1_ppp account WAN1_PPPoE_ACCOUNT ! interface wan2_ppp account WAN2_PPPoE_ACCOUNT ! address-object LAN1_SUBNET interface-subnet lan1 address-object LAN2_SUBNET interface-subnet lan2 address-object DMZ_SUBNET interface-subnet dmz address-object IP6to4-Relay 192.88.99.1 ! eps warning-message windows-auto-update enable ! eps warning-message windows-security-patch enable ! eps warning-message personal-firewall enable ! eps warning-message anti-virus enable ! isakmp policy Default_L2TP_VPN_GW mode main transform-set 3des-sha 3des-md5 des-sha lifetime 86400 local-ip interface wan1 peer-ip 0.0.0.0 0.0.0.0 authentication pre-share local-id type ip 0.0.0.0 peer-id type any xauth type server default deactivate group2 deactivate ! crypto map Default_L2TP_VPN_Connection ipsec-isakmp Default_L2TP_VPN_GW encapsulation transport transform-set esp-3des-sha esp-3des-md5 esp-des-sha set security-association lifetime seconds 86400 set pfs none scenario remote-access-server adjust-mss auto deactivate remote-policy any ! vpn-configuration-provision authentication default ! router rip ! router ospf ! zone LAN1 interface lan1 ! zone LAN2 interface lan2 ! zone WAN interface wan1 interface wan1_ppp interface wan2 interface wan2_ppp block ! zone DMZ interface dmz block ! zone SSL_VPN ! zone IPSec_VPN crypto Default_L2TP_VPN_Connection ! zone TUNNEL ! ip http server ! ip http secure-server cert default ip http secure-server ip http secure-server force-redirect ip http secure-server cipher-suite aes 3des des rc4 ! hostname zywall-usg-50 ! ip ssh server cert default ip ssh server ! console baud 115200 ! ip ftp server cert default ip ftp server ! ntp ! snmp-server ! ip load-balancing link-sticking activate ! no firewall activate ! ! session-limit activate session-limit limit 1000 ! session-limit6 activate session-limit6 limit 1000 ! idp signature update auto ! idp signature update weekly sun 0 ! idp signature LAN_IDP base lan ! idp signature DMZ_IDP base dmz ! idp anomaly ADP_PROFILE base all flood-detection tcp-flood block flood-detection udp-flood block flood-detection icmp-flood block flood-detection ip-flood block flood-detection icmp-flood threshold 1000 flood-detection ip-flood threshold 1000 flood-detection tcp-flood threshold 1000 flood-detection udp-flood threshold 1000 scan-detection sensitivity medium scan-detection block-period 5 flood-detection block-period 5 ! idp signature rule 1 from-zone any to-zone LAN1 bind LAN_IDP activate ! idp signature rule 2 from-zone any to-zone LAN2 bind LAN_IDP activate ! idp signature rule 3 from-zone any to-zone DMZ bind DMZ_IDP activate ! idp anomaly rule 1 from-zone any to-zone LAN1 bind ADP_PROFILE activate ! idp anomaly rule 2 from-zone any to-zone LAN2 bind ADP_PROFILE activate ! idp anomaly rule 3 from-zone any to-zone DMZ bind ADP_PROFILE activate ! idp anomaly rule 4 from-zone any to-zone ZyWALL bind ADP_PROFILE activate ! anti-virus rule 1 activate no from-zone no to-zone scan http scan smtp scan pop3 scan ftp scan imap4 infected-action destroy infected-action send-win-msg no bypass white-list no bypass black-list file-decompression no file-decompression unsupported destroy log ! anti-virus update auto ! anti-virus update daily 0 ! no bwm activate ! policy controll-ipsec-dynamic-rules activate ! app SMTP defaultport 25 ! app POP3 defaultport 110 ! app SIP defaultport 5060 ! app HTTP defaultport 80 app HTTP defaultport 8080 app HTTP defaultport 3128 ! alg sip defaultport 5060 ! users retry-limit users retry-count 5 users lockout-period 30 ! users update-lease automation ! app-watch-dog activate ! htm phase 1 add all ! force-auth exceptional-service DNS ! force-auth default-rule authentication unnecessary no log ! no usb-storage activate no diag-info copy usb-storage ! no logging usb-storage ! logging system-log suppression logging system-log category forward-web-sites disable ! logging mail 1 category all level all ! logging mail 2 category all level all ! vrpt send interface statistics interval 15 vrpt send system status interval 15 vrpt send device information interval 3600 submitted by /u/Tony_Pajamas_k [link] [comments]

Zyxel Vlan "Base Ports" Posted: 27 Dec 2019 02:44 AM PST Hey r/ I'm busy with testing VLAN setups on Zyxel Firewalls since my company has no experience with VLAN's. I noticed that there is a "Base Port" setting. What does this mean? I've set the "zone" to LAN1 so I assume that traffic for VLAN10(in this case) is going to LAN1. The "Base Port" is by default set to WAN1. Is this meant to indicate the interface to the internet? submitted by /u/Tony_Pajamas_k [link] [comments]

You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States