SSH CA authentication Networking |
- SSH CA authentication
- Routing between two bridges in linux without need of overlay
- OpenVPN on Docker Routing w/ PfSense
- Indirect DMVPN Route using EIGRP
- INE / CBT /ITPro /Youtube?
- Does having someone on call for New Years make sense?
- Static Routing Preference Question
- 2020 Predictions
| Posted: 31 Dec 2019 09:28 PM PST Hey everyone, I'm a previous network admin and have experience with Juniper, Cisco and Arista products. Before logging a million and one support cases, I'm wondering if anyone has any ideas if SSH CA authentication is supported by any of the regular vendors out there. For security reasons, I've got to implement SSH key management for our Linux and supporting systems and I thought if I could extend this down to the network elements it would be a really good solution. Replacing RADIUS and keeping TACACS+ for command auth / logging. My only problem is that, either my Google-fu is bad, or the only people that seem to have anything to do with it are Arista. I can't see support for this from anyone else. Anyone else tried this? Thanks, Berny [link] [comments]  | ||||||||||||
| Routing between two bridges in linux without need of overlay Posted: 01 Jan 2020 03:41 PM PST I've posted this question on serverfault. Can someone answer this, please? https://serverfault.com/questions/997239/linux-routing-between-bridge-networks-without-overlay [link] [comments]  | ||||||||||||
| OpenVPN on Docker Routing w/ PfSense Posted: 31 Dec 2019 07:29 PM PST I have a server (IP: 192.168.101.2) running a Docker container with OpenVPN Access Server. OpenVPN AS is giving all clients IP's in the 172.16.0.0/24 range. I would like these clients to access everything in the 192.168.200.0/24 range. I have a PfSense setup with the 192.168.101.0/24 and 192.168.200.0/24 VLAN's both set up and a firewall rule running in between them:
However, this is having the effect of letting everything on the 192.168.101.2 server through to 192.168.200.0/24. I only want the OpenVPN clients to be able to get through to 192.168.200.0/24, instead of the entire server. --- What PfSense settings should I add/change on that firewall rule to get only the 192.168.101.2 VPN Clients to access the other subnet, instead of the entire server? [link] [comments]  | ||||||||||||
| Indirect DMVPN Route using EIGRP Posted: 31 Dec 2019 07:43 PM PST Hello, looking for some advice on what config setting I am missing... Sites A, B and C are all connected via DMVPN with 2 separate "clouds", Tun100 and Tun200 on each site. Running EIGRP for route distribution amongst all sites. Each site has 2 routers one has Tun100 and the other has Tun200. The routers are connected to the core routing switch at each site via a /30 subnet for each router. Tun100 and Tun200 between Site A and B is down. Tun200 between Site B and Site C is down. Tun100 between Site A and Site C is down. This results in there being a path between Site A and Site B such that Site A connects to C on Tun200 and then in turn could connect to B on Tun100. However, EIGRP doesn't seem to distribute this routing path. I can't figure out why it won't distribute that route short of the two DMVPN routers are not EIGRP neighbors of each other, so it won't redistribute routes that way. But I am not certain. An example of the eigrp config is below. The 10.2.255.0 network is the router<-->core switch at the local site. 10.255.252 = Tun100 and 10.255.253 = Tun200 address space. Any ideas on what I am missing that would help push this indirect route into our routing table? [link] [comments]  | ||||||||||||
| Posted: 31 Dec 2019 04:58 PM PST Looking for opinions on learning resources yall have used. Going to get a subscription for 2020 to step up my skills and grab a cert or 3. Looking at INE / CBT Nuggs / IT Pro. They all seem to be have some advantages the others don't have. Thoughts? [link] [comments]  | ||||||||||||
| Does having someone on call for New Years make sense? Posted: 01 Jan 2020 08:00 AM PST Has this ever come up at your job? It seems like the chance of something going wrong increases significantly on January 1, I'm wondering if any companies mandate someone being on call? Right now I'm dealing with GPS sync not working on my Cambium radios, it stopped working world wide exactly at 9PM UTC on Dec 31, I can only assume it was something time related. [link] [comments]  | ||||||||||||
| Static Routing Preference Question Posted: 31 Dec 2019 05:21 PM PST Hi r/networking, I have a pulse secure appliance that is connected to our network via static route to our transit LAN subnet. Our firewall has an interface on this same LAN and there is a static route configured to the Pulse Secure appliance. Our firewall currently has a site to site vpn with AWS using BGP. When connected to the pulse secure I can reach the firewall and all of the locally connected resources. I've determined that in order to route to AWS, I'll need to include a static route on the firewall over the correct tunnel interface. If I add the static route in the firewall this will definitely take precedence over the BGP route, but if for some reason the static route is unavailable will it naturally go to the BGP route? (we have a few redundant tunnels configured in case one drops). Am I incorrect in assuming the static route on the firewall will correct the issue from the firewall? Will there be any additional issues from adding the static route? Thanks in advance and sorry if this is a stupid question, but I'm on a time crunch and just inherited the entire management of our network. [link] [comments]  | ||||||||||||
| Posted: 01 Jan 2020 02:35 AM PST 'sup /r/networking. Over the past decade, I've made a number of predictions for around the 2020 time frame. I'm going to try enumerate on them and say where I am with them. Please feel free to use this post as a place where you can either reflect on your own predictions for 2020, or predict the next decade in networking.
Around the 2012/2015 timeframe, I was commonly saying that Cisco will exit routing/switching "by around 2020". This was based on their constantly eroding market share in edge routing and DC switching (They remain in enterprise however). Given their last few years of "becoming a software company" and now their latest move of "Cisco Silicon One", I think I'm on the right track, just overly aggressive timelines. Overall, I'd say I was a 50/50 on this one. Trends matched up with where I was thinking, however I never expected Cisco to actually play to their strengths (ie: focus on being a foundry). Time frame was also overly optimistic.
Pretty sure I was right here, Arista is the first choice in DC switching, and fast becoming represented in edge routing.
Pretty sure I'm right here. There's very, VERY few NetEng jobs out there right now. I just changed jobs, and I can tell you most of my interviews was coding/algorithms, and maybe 20% NetEng. So, /r/networking - how did your own predictions go? Do you have some for the coming year/decade? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment