Rant Wednesday! Networking |
- Rant Wednesday!
- Routing – Firewall or Switch
- Fibre optic ring not functioning as expected
- mGig 10GBASE-T Unmanaged Desktop Switch for expanding port capacity at the workstation/desk
- Identifying Potential Vendors (Quoting Question)
- Looking for Feedback on a Design
- Have Fortinet 100D should I replace Cisco AP with Fortinet AP?
- In need of clarification about 5Ghz and 2.4Ghz wireless
- QoS statements on every port, would they actually be doing anything?
- Trouble with Cisco WSA
- Supplemental Ground on Router
- Cisco DHCP snooping database backup?
- What kind of device is needed in this situation? Only option a second SPAM Filter or can the router handle it?
- Interface Outbound Discard alerts from Cisco Prime 3.6
- Split VLans
- Looking for remote location network monitoring advice.
- Network/systems administration and certifications
- What do these Cisco iOS warning messages mean?
- ISP mass throttling Iperf speeds 1/10th speed test in browser
- With ARP, why do host's know IP Addresses, but not MAC Addresses?
- Network jack giving Power (PoE) but no network connection?
- LACP between Meraki and IBM Fabric
- Dot1x: How to go about testing priority tagged EAPOL with wpa_supplicant?
- Trying to understand IDS and TCP
- Recommendations Sought: Atlanta area cabling contractors
| Posted: 28 Jan 2020 04:04 PM PST It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! [link] [comments]  |
| Posted: 29 Jan 2020 01:16 PM PST I'm currently in a discussion with my colleagues, regarding best practice in network segmentation and routing. Some of my colleagues however prefer to route certain traffic through the core switches – especially the traffic between clients and servers. They argue that - the communication between clients and servers require a large number of different ports, so you can't really limit it anyway - routing everything through firewall creates a bottleneck, as smaller firewalls are not capable of dealing with that much traffic. What's your opinion on that? [link] [comments]  |
| Fibre optic ring not functioning as expected Posted: 29 Jan 2020 08:12 AM PST We have a fibre optic ring around a construction site. Probably about 10km of cable and linked up to 10 switches as it goes. A simple design, just using fibre as the uplink and downlink to each switch around the site, creating a perfect ring theoretically. However, when/if switch 9 is deactivated, switch 8 also drops from the network, even though it should be supported from the other side by switch 7. The switch (8) itself is still powered up in this instance and providing PoE to the connected devices, it just cannot transmit the data through the link. I have used a tester on this cable (admittedly a cheap one) and it seems to be OK. Unfortunately we cannot run a new cable between 7 and 8 because the ducting is terrible. Other than switch 1, the others are in outdoor environments (protected in IP68 cabinets) so there is only space for a patch panel, a switch and a UPS, with none of the luxuries we can rely on indoors. Can anyone shed some light on this? It's quite a big issue for us. I have UPSs in place but now and again the battery will completely drain before the electricians can restore power, creating the problem I mention. [link] [comments]  |
| mGig 10GBASE-T Unmanaged Desktop Switch for expanding port capacity at the workstation/desk Posted: 29 Jan 2020 12:59 PM PST Hello my networking friends. As we move towards development networks scaling to cat 6a and 10gbe to the desktop and 40Gbe/100Gbe backbone and server access I'm looking for a simple unmanaged switch with no worries of STP/config overhead for increasing port capacity. The building i'm in has 6 drops to each desk but access needs can expand over time per user on rj45 cat6/cat6a The reason I'm posting is I've found it hard to find any unmanaged mGig from common vendors besides the NetGear XS508M which has 7 mGig after consuming the uplink. I'm going to get one of these for evaluation. Cisco had their SMB unmanged series for this use-case for a long time but there isn't a mGig option I see anywhere. Anyone else on a similar search find anything or currently using? [link] [comments]  |
| Identifying Potential Vendors (Quoting Question) Posted: 29 Jan 2020 01:03 PM PST Hello r/networking! I apologize if this is the wrong place to ask this - I couldn't find any other telecom subreddits related to my question. Hoping the former or current quoting/supplier management people might be able to weigh in here. Are there any free resources to help identify internet providers in a certain area? I currently use BroadbandNow and Fiberlocator, but those are mainly for the US. I'm looking for different resources that could help me learn more of a global approach. For example, if I Google "wholesale internet Mexico" I get mostly results for US towns called Mexico. I'm up for whatever will help me learn which companies serve which territories. Thank you so much! P.S. thank you for the advice about a year ago. I left my crappy job and got a better one. :) I'm really happy with my new gig and want to continue to improve. [link] [comments]  |
| Looking for Feedback on a Design Posted: 29 Jan 2020 08:30 AM PST Diagrams: https://imgur.com/a/LdTV9rH I'm looking for some feedback from my peers on a design I'm planning to implement. The problem lies in a lack of redundancy at our network edge. Currently, all of our carrier circuits (even backup connections) land on a single layer-2 switch, which uses VLANs to provide connectivity to our active/standby firewalls. Obviously, this single layer-2 switch a glaring weakness in the network design. In the proposed design, I'm intending to add a second layer-2 switch that all backup circuits will connect to. IPS-1 has also agreed to provide a second device that can be used to provide additional redundancy as well. I'm going to connect the Core switch to both layer-2 Edge switches and add a connection between the two Edge switches. This way, should a firewall failover occur, the traffic would pass from Edge-2 to Edge-1 and to the ISP. This creates a layer-2 loop, of course, so I'm planning for RPVST to block the loop. The Core will be the root bridge for all WAN edge VLANs. One final note, the voice (903) shown in the diagram is a point-to-point connection from the Core to the ISP-1 device. This prevents voice traffic from being inspected by the Firewall / IPS. My plan is to have the ISP implement HSRP or something similar to provide redundancy for this connection. So my question for you all: Have I missed anything? If you've worked with a design similar to this, is there anything I'm needing to be wary of? Would you do it any differently? I genuinely appreciate the knowledge on this subreddit; don't be shy, let me have it. [link] [comments]  |
| Have Fortinet 100D should I replace Cisco AP with Fortinet AP? Posted: 29 Jan 2020 08:47 AM PST Have Fortinet 100D should I replace Cisco AP with Fortinet AP? Just had one die and need to replacement and I am not Cisco certified and would like a better GUI to configure it. Would you recommend replacing it with a Fortinet AP or is not ready for prime time? Additionally is there reoccuring charges with the AP's? [link] [comments]  |
| In need of clarification about 5Ghz and 2.4Ghz wireless Posted: 29 Jan 2020 12:42 AM PST We have a client that runs into a strange wireless situation. When they use 5Ghz network, everything works fine however when they do switch to 2.4 they start having connectivity issues. Our first thought was that this could be caused by interference, but after running Inssider and using Ekahau heatmapper, we discovered that the channels used(1,6,11) by the access points (Dlink 6610 B1) were clear and no other wireless devices were broadcasting around them. Since their network is consisted of one huge subnet for everything, we thought that maybe the network gets congested however the question remains, why does the congestion not happen on the 5Ghz band? I am not very experienced with wireless but the only explanation I could think of is maybe 5Ghz antennas support more traffic than 2.4Ghz...I've been looking online for the differences between the 2 bands but all I keep seeing is 'less interference because more frequencies' I would appreciate it if someone could at least point me in the right direction and help me find some materials regarding this issue [link] [comments]  |
| QoS statements on every port, would they actually be doing anything? Posted: 29 Jan 2020 07:59 AM PST At my work we have common configurations for every cisco switch deployment we do, and for our QoS settings we apply the following to every single interface: srr-queue bandwidth share 1 2 3 4 priority-queue out mls qos trust dscp Being that this is applied to every interface and there is no shape statements, would this configuration actually do anything? [link] [comments]  |
| Posted: 29 Jan 2020 07:49 AM PST I am having trouble adding a realm to WSA from our AD. When we try to join the WSA to the AD we get an failed to update kerberos file error. Has anybody had any experience with this issue. [link] [comments]  |
| Posted: 29 Jan 2020 06:35 AM PST So I plan on using an Adtran router (Netvanta) for my small businesses office. However, in the installation manual it mentions attaching a supplemental ground wire to the unit. In my small office we don't have have a networking room and just plan on placing on a tabletop so I don't really have anything to ground the equipment to. My question is whether or not this is just a manufacturers recommendation or if it is required for the safe operation of the switch? The router has a 48VDC power input but is connected to a power brick which plugs into an AC outlet with a 3rd prong. Does that 3rd prong ground not safely ground the chassis of the switch? [link] [comments]  |
| Cisco DHCP snooping database backup? Posted: 29 Jan 2020 07:58 AM PST Hi! I have read that having the DHCP Snooping database on the local switch (cisco catalysts) may cause an outtage if the switch reboots but I dont understand how losing the database would be an issue. Would it not simply be rebuilt? I am a little confused. THanks [link] [comments]  |
| Posted: 29 Jan 2020 09:24 AM PST Here is quick simple run down. We have 2 ISPs, 2 routers, 2 spam filters, and 1 mail server. One path is our main operational path and the second is our DR path. (See Attached Diagram). https://i.imgur.com/9mAl3YD.jpg I need to replace the DR Spam Filter. It' quite old, is starting to become very unresponsive at times, and is not up to date or even able to get a service contract to even get updates. It is our old junk device that just accepts the messages, performs the initial STMP communication, and then hands it over to our fully up to date Spam Filter for the actual inspection. The DR device does nothing else. The biggest issue is it's response times have exceeded 15s several times so, it is not reliable enough to use. And, once 200-500 email start trying to come in it just locks up. (it was bought in 2009 and hasn't updated since 2013.. It's a dinosaur) My first thought was to just route the inbound DR Email traffic directly to the Main Spam Filter using an extendable NAT, routing only port 25 and 465 traffic from the DR Router. But, we run into a default route issue when attempted.... The connection comes in and gets handed to the main filter but, when the communication gets started, some of the responses get sent to the Main Filter's Default gateway (main router) and the connection breaks at that point as it's a different router and ISP than what the connection initiated on. I can make it mostly work with static routes but, I can't put in a static route for every sender. The only reason why it works at all is the DR Spam Filter uses the DR Router as it's default gateway and it handles all of the initial communication before handing it off to the Main SPAM Filter. Once that happens, the communication is all internal and doesn't need to talk with the outside world any longer.... So, I am thinking I need something similar. Something that will handle all initial communication until it's time to hand it off. I am not opposed to purchasing a second up to date SPAM Filter. Cost isn't really an issue. I just want to make sure I am getting the best device for the situation and following the best practices. Seems like there should be a better way of doing this. Like some sort of internal SMTP relay or something. Thanks! Need any other details, just let me know! [link] [comments]  |
| Interface Outbound Discard alerts from Cisco Prime 3.6 Posted: 29 Jan 2020 10:50 AM PST We are seeing alerts similar to the below for a few different switches/stacks we have in our environment (Cat3k, Cat4k, Cat9k). Has anyone else seen these alerts in Prime before? Logs in the switches don't show anything and looking at the individual ports, nothing is standing out. Interface SWITCH1/GigabitEthernet3/0/47: value of Interface Outbound Discards = 19% violated the set threshold: 5%. Additional: InPktDiscards=0%, OutPktDiscards=19% - Automonitoring - Link and Trunk Ports - Device Name: SWITCH1 - Reporting Address: 10.2.25.1 Interface SWITCH1/GigabitEthernet3/0/45: value of Interface Outbound Discards = 17% violated the set threshold: 5%. Additional: InPktDiscards=0%, OutPktDiscards=17% - Automonitoring - Link and Trunk Ports - Device Name: SWITCH1 - Reporting Address: 10.2.25.1 Interface SWITCH1/GigabitEthernet4/0/11: value of Interface Outbound Discards = 71% violated the set threshold: 5%. Additional: InPktDiscards=0%, OutPktDiscards=71% - Automonitoring - Link and Trunk Ports - Device Name: SWITCH1 - Reporting Address: 10.2.25.1 Interface SWITCH1/GigabitEthernet4/0/12: value of Interface Outbound Discards = 66% violated the set threshold: 5%. Additional: InPktDiscards=0%, OutPktDiscards=66% - Automonitoring - Link and Trunk Ports - Device Name: SWITCH1 - Reporting Address: 10.2.25.1 Example of interface:
[link] [comments]  |
| Posted: 29 Jan 2020 10:47 AM PST Hi, I have two sites A and B. Stretched vmware clusters using layer 2 network connecting the sites. Servers in site A can be vmotion to site B in event of failure. Palo Alto firewalls also at either site acting as gateway in active / standby configuration for Cross site traffic and internet. Do I have to configure split vlans or can I use same vlan for server X that will reside in either site A or site B ? The VMware servers will have same IP when moved between Sites A & B. [link] [comments]  |
| Looking for remote location network monitoring advice. Posted: 29 Jan 2020 10:20 AM PST My searches haven't come up with any good results for what i'm looking for so my apologies if it has been covered. We are a growing company with 3 office locations which we have no trouble monitoring with standard means. The challenge we are facing is with our store locations which currently number 38 and growing by another 20 this year. These locations do not contain a server of any kind currently. They consist of redundant security appliances, switches and access points to connect iOS, other Apple devices, etc. What we are wanting to do is install a raspberry pi (or maybe a NUC?) at each store that could handle monitoring these locations as far as internet connection, pings to various important IPs and API response from our corporate server. Then we would need a central server preferably with a dashboard that could be displayed on a single page to show the status of these locations. Anyone have any advice for how they have handled similar situations or what hardware/software I should look towards? If there is an existing similar thread a link or key words to search for would be appreciated. [link] [comments]  |
| Network/systems administration and certifications Posted: 29 Jan 2020 09:40 AM PST So I'm in the job market again after nearly a 2 year hiatus from the field (previously had 11 years IT experience). Just renewed my CCNA and reading for the new CCNP ENCOR. I'm looking for some input here from anyone currently working in a dual role of both server and network administration. A lot of the "network admin" jobs I am seeing call for experience for both, and I am starting to wonder if it might be a good idea to go for an MCSA/MCSE, or if there might be another cert that would be more worth my time that would help in any system admin role I might end up with in the future? Most of my experience has been in a NOC/managed services role. [link] [comments]  |
| What do these Cisco iOS warning messages mean? Posted: 29 Jan 2020 02:02 AM PST I have tried googling but found nothing. Those messages appeared after I put a VLAN on a neighbouring Mikrotik, and then I put a VLAN into that VLAN. How worried should I be if they appeared only once? What if they appear again? My next step is to put that VLAN on a bridge in the Mikrotik. [link] [comments]  |
| ISP mass throttling Iperf speeds 1/10th speed test in browser Posted: 29 Jan 2020 12:56 PM PST Hello, I was wondering if anyone else has experienced throttling of pretty much everything except for a few services on Comcast. Speed test.net or whatever reads 10x what I'm getting in Iperf3 to my gigabit capable servers. [link] [comments]  |
| With ARP, why do host's know IP Addresses, but not MAC Addresses? Posted: 29 Jan 2020 11:23 AM PST Googling around the example of the router's IP address is given a lot. That is, you enter the IP address of the router when you set up the PC and it needs to know where to send IP packets that aren't for the network it is currently on so it broadcasts an ARP to get the MAC address for the router so that it can send traffic out to the WAN. Does anyone have a different example? My understanding currently is: Say you start RDP session and go to "some-other-pc-on-the-same-network" RDP will look up the name in the DNS and see that it is on the same network based on the IP address. Then once it has this IP address it will broadcast an ARP for the MAC address of the PC with the IP address it received back from the DNS query. It will then use the MAC address to communicate with "some-other-pc-on-the-same-network" Is this understanding correct? Does someone have a better way to explain why a PC would know a different computers IP address but not it's MAC address? [link] [comments]  |
| Network jack giving Power (PoE) but no network connection? Posted: 29 Jan 2020 07:25 AM PST We have a few ports that will power on our PoE phones but it will not give it any kind of network connection. Plugged in my laptop directly into the wall and still no connection. It is now about 4 different ports... and they stopped working one at a time over a 2 week span. I am thinking it is a switch issue? Any other ideas? [link] [comments]  |
| LACP between Meraki and IBM Fabric Posted: 29 Jan 2020 09:17 AM PST Hey /r/networking, I wanted to verify my thinking on this in case there is anyone here that has experience with this type of configuration. We have a Meraki MS-390 switch and an IBM EN4093 switch connected with two patches. With the LACP configured on the EN4093 and Link Aggregation configured on the Meraki the link should work as intended? The Meraki interface is limited, only offering a button for Link Aggregation and doesn't appear to offer any other type of configuration. [link] [comments]  |
| Dot1x: How to go about testing priority tagged EAPOL with wpa_supplicant? Posted: 28 Jan 2020 11:54 PM PST Hello, I am trying to test priority tagged EAPOL authentication. To keep things simple I have a linux host running wpa_supplicant and there is 1 interface that is connected to an authenticator. Now, I am sending priority tagged (dot1q packet with vlan_id set to 0) EAPOL start by configuring a "VLAN 0" interface in linux: then running wpa_supplicant over this device: Problem is that the switch on the other end acting as the Authenticator is replying with UNTAGGED frames which are getting received over eth0 instead of eth0.0 (correctly i assume). Thus wpa_supplicant cannot get any RequestIdentity frames and hence the authentication fails by time out. Am I doing this wrong? How do you guys test EAPOL with priority tagged frames? [link] [comments]  |
| Trying to understand IDS and TCP Posted: 29 Jan 2020 07:02 AM PST I need a wee bit of help here. I have 3 virtual machines on a virtual network. There is nothing else on this network. vm1 is a DHCP server to give out IP addresses. vm2 has snort installed on it. vm3 just exists to do stuff to the other two. It is my understanding that snort listens to all traffic on the interface. VM1(DHCP) <-> VM2(Snort) <-> VM3(Stuff) Here's the rule I am trying to trigger: What I have set up is netcat on vm1 and vm3 with Here's my python code. [link] [comments]  |
| Recommendations Sought: Atlanta area cabling contractors Posted: 29 Jan 2020 06:34 AM PST Anyone have a cabling contractor they are happy with? Our current partner leaves much to be desired in terms of communications and follow throughs. Edit: clarification. This would be traditional infrastructure copper/fiber network wiring in new construction. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment