• Breaking News

    [Android][timeline][#f39c12]

    Monday, February 3, 2020

    Moronic Monday! Networking

    Moronic Monday! Networking


    Moronic Monday!

    Posted: 02 Feb 2020 05:04 PM PST

    It's Monday, you've not yet had coffee and the week ahead is gonna suck. Lets open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarassed to ask!

    Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected.

    submitted by /u/AutoModerator
    [link] [comments]

    Cisco FTD future

    Posted: 03 Feb 2020 07:53 AM PST

    Hi,

    I heard some rumour cisco is going to develope a new NGFW (real unified image) and drop the firepower NGFW slowly.

    Does anybody know if this is true or just total shit talk?

    submitted by /u/JBK90
    [link] [comments]

    Best "alternatives" to putty?

    Posted: 03 Feb 2020 11:02 AM PST

    Hello all!

    I currently use SecureCRT from VanDyke to facilitate in telnet/SSH sessions.

    However, the licensing structure is very draconian and instead of just buying licenses for the new version I'd thought I'd reach out and see what you all are are using.

    I do like Solar-Putty... its a nice interface but does lack some of the more powerful scripting/integrations that SecureCRT has.

    What are you all using???

    submitted by /u/vast1983
    [link] [comments]

    Cisco 2960-X/plus EoS?

    Posted: 03 Feb 2020 02:40 PM PST

    I know the 2960-X series switches have no announced EoS date but I have a significant number of switches in this category that I know will catch us off guard when announced.

    The release dates for 2960+, 2960-X(R) are all in Q2 2013.

    Any educated guesses out there when we should expect these to go EOS? Best I can tell is a lot of people assume "this year".

    Anyone have anything more than a guess?

    submitted by /u/cannetnerd
    [link] [comments]

    Objections to training?

    Posted: 03 Feb 2020 09:56 AM PST

    Hi all,

    I'm working to put together a training plan for a team. We're expecting to get a bunch of objections from management. What are some of the objections you've heard in your career? We're trying to be well prepared with responses to each of the objections.

    At a minimum we're expecting these objections:

    • Training is too expensive.
    • What if we train people and they leave?
    • We don't have time for training.
    • They already know how to do their job, why do they need training?

    If you have any other objections to add to the list, I'm keen to read them. Feel free to include responses as well. Hopefully there are some other people in /r/networking that will benefit from this.

    Thanks!

    submitted by /u/ThePurpleBuffalo
    [link] [comments]

    WLC 8540 SSO Failover random

    Posted: 03 Feb 2020 07:13 AM PST

    Hi all,

    i have 2 WLC in sso with Release software 8.7.106.0. For the same client i have others 2 WLC (that are used for testing) in sso with the same release software. The WLC are in 2 different datacenter and the following prerequisites are respected:

    · RTT Latency < 80 ms

    · Bandwidth ≥ 60 Mbps

    · MTU 1500 bytes

    The only difference beetween the 2 WLC of prodcution and 2 WLC of test are that they are linked on different switch, but same model (juniper).

    We have random reboot of primary WLC and so, the backup become primary.

    Someone have any idea on this issue?

    thanks

    submitted by /u/mugiwaranorufy
    [link] [comments]

    Default route fail-over between BGP peers? (BFD questions)

    Posted: 03 Feb 2020 11:01 AM PST

    Good morning! I just wanted to get some peoples opinions on what they would do/try in my situation to see if there's a better way to be doing this.

    I have an office site that has two routers, we will call them B1 and B2. These routers are connected to each other and running ibgp between them. B1 is also peered via ebgp with our ISP1, and getting a default route from the bgp peering. B2 is then also peered with ISP2 which is an IPVPN/L3VPN connection; also peered with ISP2 is our datacenter which is sending a default route into the "mpls" for other sites to use as backup internet.

    So pretty simple multihome setup: B1 connected to ISP1 and getting default via BGP, B2 connected to "MPLS" and getting default route from datacenter via BGP.

    But, right now failover is set up doing an IP SLA with a static route out to ISP 1. I inherited this network a couple years ago and I have been going through and slowly updating/optimizing/fixing all the patchwork routing - and this month is FailOver-January.

    Is there a better way to be doing this? I was thinking BFD (assuming the DIA ISP supports it). But I have a few questions about BFD: 1) does BFD need to be configured on just the ISP1/Primary peer session, or on both? 2) if both does the multihome being on two different routers cause issues? 3) Is there an issue doing BFD on a peering with the ISP2 doing IPVPN when the peering is with the ISP but default is coming from the remote datacenter (2 hops away)?

    If BFD isn't the cream dream here, what else do people recommend? I can't get access to my networking lab for a couple weeks so hand jamming configs in excel for testing fun once I get back into an office.

    submitted by /u/crum1515
    [link] [comments]

    Anybody using the Spamhaus DROP, EDROP or BCL service with BGP?

    Posted: 03 Feb 2020 07:31 AM PST

    As the title asks, anybody using the Spamhaus DROP, EDROP or BCL service with BGP? I'm wondering what your experiences have been and how quick they are to add prefixes responsible for SPAM and botnets.

    More info - https://www.spamhaus.org/bgpf/

    submitted by /u/LankyDanMan
    [link] [comments]

    Step by step to diagnose a network problem?

    Posted: 03 Feb 2020 04:00 PM PST

    This is a question that always gets asked on interviews. I'm a junior in the networking world and am curious how more senior guys tackle this problem.

    Scenario: You have an end user who says the "internet is down" or the "internet is slow".

    Where do you start? What are the steps you go about addressing this?

    submitted by /u/c0sm0nautt
    [link] [comments]

    Firewall upgrade from ASA 5505

    Posted: 03 Feb 2020 10:53 AM PST

    Afternoon all. I've been reading over the threads in the past year or so and the recommendations vary a lot. Basics for the facility:

    • ~30 users
    • User VPN (10 at most, if it matters)
    • No Site-to-site ATM, but that could change.
    • Very basic settings being used.
    • Hitting the 5505's 50 client limit.

    I've looked at a few brands including the pfSense SG3100, Fortigate 60E, SonicWall TZ350, etc. Is there any reason to choose one or the other? Also, I saw where Cisco may have released the 55XX's successor in the FRP 1000 series. Is that true or should I just ignore those (Cisco doesn't seem to be recommended anymore)?

    I've had to update a few items on the ASA 5505, and the guy who did it previously literally followed the absolute basic "here's how" guide. I'm not under a pricing restriction, but it looks like most of the entry-level items now run ~500 without client restrictions.

    submitted by /u/gothmog1065
    [link] [comments]

    Induce SSID Switch in clients via NAC.

    Posted: 03 Feb 2020 08:46 AM PST

    We're trying to solve an issue with our corp/guest wifi. For reasons outside of my control, we have to allow userID/password access to wifi. This however allows people to connect their personal devices to the corp wireless. We're in the process of rolling out EMM, and Forescout. Has anyone come up with a method to force non-EMM users, (or anyone for that matter), to be moved from one SSID to another? We'd like to have it so that if you're not enrolled in EMM, then you get kicked off corp and presented with our captive portal for guest.

    submitted by /u/codetrap
    [link] [comments]

    Help: Purchasing a small business firewall - what to do with fiber

    Posted: 03 Feb 2020 10:56 AM PST

    We have a small group here, less than 15 users. Currently we run from comcast modem via fiber to our netgear switch - ethernet to each workstation. Works great but we want to increase security. The firewalls im seeing online that fits our needs do not have a fiber port - so whats the best option for us?

    looking at this

    https://www.amazon.com/Sonicwall-01-SSC-6942-TZ105-Secure-Firewall/dp/B009Z7US24

    and this

    https://www.amazon.com/FG-60E-BDL-FortiGate-Generation-Appliance-FortiGuard/dp/B01LWQ03EI?th=1

    submitted by /u/mrdoctor
    [link] [comments]

    Monitoring latency between 2 routers with PRTG

    Posted: 03 Feb 2020 10:48 AM PST

    Hello,

    I want to set up latency monitoring between routers on our network. All of our routers at each site connect using an L2 service provided by our ISP. The goal is to be able to provide reports on our latency between our corporate office location and our satellite offices.

    submitted by /u/rezadential
    [link] [comments]

    LTE router pre-shared-key

    Posted: 03 Feb 2020 10:45 AM PST

    I'm trying to update our LTE router configs to strengthen the PSKs used in our DMVPN setup. I'm not super familiar with LTE router configs and I wanted a second (actually 3rd/4th at the point) set of eyes to make sure I'm interpreting this correctly. Here is the sanitized config from one of our DMVPN routers:

    https://pastebin.com/MVqxSb6A

    I see two places where there are PSKs defined:

    One here:

    crypto ikev2 keyring IKEV2_KEY

    peer DMVPN

    address 0.0.0.0 0.0.0.0

    pre-shared-key xxx

    And the other here:

    crypto keyring Wired vrf Wired_Underlay

    pre-shared-key address 0.0.0.0 0.0.0.0 key yyy

    crypto keyring LTE vrf LTE_Underlay

    pre-shared-key address 0.0.0.0 0.0.0.0 key yyy

    It seems that the first key is being referenced here:

    crypto ikev2 profile IKEV2_LTE

    match fvrf LTE_Underlay

    match identity remote address 0.0.0.0

    identity local address x.x.x.x

    authentication remote pre-share

    authentication local pre-share

    keyring local IKEV2_KEY

    dpd 30 5 on-demand

    But I don't see anywhere else in the config referencing the other ones. I suspect that these are not being used and can thus be removed from the config. Can somebody help me confirm that? What is the purpose of that section?

    submitted by /u/MScoutsDCI
    [link] [comments]

    Using Ntop to export/alert when new users join a Network

    Posted: 03 Feb 2020 10:01 AM PST

    Hi all,

    Just wondering if anyone is familar enough with ntop to help me out.

    At the moment I have ntopng running on a Pi 3b+ thats connected via ethernet to my router and im using the web browser within the pi to access ntop (wish I could use my computer, but for some reason cannot).

    Either way, does anyone know how to set up some form of alert so that when an individual joins/connects to the network, I am told (either through a log export ideally, or an email or other alert form) what the device name is, mac address, time since etc etc., essentially all the info that is located under the 'device' tab of ntop.

    Thanks,

    submitted by /u/DaedraCross
    [link] [comments]

    Metadata tags for networking sharepoint

    Posted: 03 Feb 2020 09:30 AM PST

    Hey all, I work for a large corporation on the network infrastructure team that currently has very poor documentation procedures. As a company we recently went to the newer version of sharepoint and I have taken it upon myself to try to get the documentation up to snuff. That said, I want to make a flat documentation structure backed with metadata so that it's easy for people to upload their data without having to drill down into a folder structure and eventually become disorganized and also so things are also easier to find.

    Now to the question: does anyone currently use a flat documentation structure with metadata for network documentation? If so, would you be able to share the structure and categories that you use for your metadata please? I'm currently planning ours out and can't decide what the most efficient metadata tags would be and am looking for ideas and inspiration.

    Thanks!

    submitted by /u/bigmuhy54
    [link] [comments]

    Cisco RV130 - Not allowing 255.255.0.0 DHCP ranges

    Posted: 02 Feb 2020 08:21 PM PST

    I am working to make my AV Control network more robust by replacing consumer grade routers with business class hardware. Disclaimer, I am not a networking professional and am self taught via this forum, YouTube etc. My current setup is as follows:

    Cisco SG300 switches (all linked via trunks) running 4x VLANs:

    1. Control and Data network
    2. Medical Devices
    3. Presentation Devices
    4. DANTE audio network (no DHCP/no Internet)

    I am adding a Cisco RV130 Router/Gateway to serve DHCP and Gateway server for 3x VLANs (via LAN4 as a Trunk to a Trunk port on the SG300)

    The current parameters for each VLAN are:

    1. 192.168.3.1, 255.255.0.0 with DHCP from 192.168.3.200 - 192.168.3.250
    2. 192.168.169.1, 255.255.255.0 with DHCP from 100 - 200 (no gateway/no internet access)
    3. 192.168.19.1, 255.255.255.0 with DHCP from 100 - 200
    4. Static 192.168.23.x, 255.255.0.0

    For VLAN 1, I am using a 255.255.0.0 subnet as each device type is on its own octet i.e.

    • Touch panels = 192.168.20.x
    • Display Controllers = 192.168.21.x

    This has all been working well for me, however if I setup VLAN 1 as 255.255.0.0, the RV130 will refuse to allow me to setup other VLANS on 192.168.x.x as it claims the interface is already in use. I am assuming this is because 192.168.3.1 on 255.255.0.0 could allow for 192.168.3.1 - 192.168.255.255 , even though I've only set it to issue DHCP addresses to the 192.168.3.100 - 192.168.3.200 range.

    My current work around is to use my existing TP-Link router for 192.168.3.1 255.255.0.0 and the Cisco RV130 for the other VLANs, but the whole point of this exercise is to have one device to manage all DHCP for all VLANs.

    Any guidance would be appreciated on the best way to make this happen.

    submitted by /u/NomadicSoul88
    [link] [comments]

    Draytek LAN -> LAN rules not working

    Posted: 03 Feb 2020 02:47 AM PST

    I have 3 lans configured on my draytek firewall. Lan 2 and 3 are in their own vlan and I have inter-lan routing enabled. When I set the default mode to allow and don't create any rules, hosts in lan 2 can communicate with hosts in lan 3 and vice versa as intended. However, If I create a rule to block all traffic from lan3 to lan2, traffic is still being passed. If I change the default mode to block and then create a rule to allow traffic across the 2 lans, traffic remains blocked. It appears as though the rules have zero effect and aren't getting applied.

    Edit: The default block/allow mode is a firewall setting rather than a rule set, it must be set to either block or allow and whichever one it is set to , the rules do not work

    submitted by /u/squarebrown
    [link] [comments]

    Portforwading with the same Port number to the same router on 2 different WAN interfaces

    Posted: 02 Feb 2020 08:23 PM PST

    Hi all,

    Just wondering if this is possible on cisco.. doesn't seem to have worked for me.

    I am trying to do some Portforwading with the same Port number to the same router on 2 different WAN interfaces.

    ip nat inside source static tcp 192.168.0.252 50000 interface Cellular0 50000

    ip nat inside source static tcp 192.168.0.252 50000 interface Dialler2 50000 ==> not working, as cisco does not allow me to have 2 similar port numbers. So I can only have one of the above, not both. However, I would need both working as this is a failover config.

    Thanks so much all.

    submitted by /u/Champ885
    [link] [comments]

    Unifi L2TP unable to route/connect to connected switch?

    Posted: 03 Feb 2020 03:11 AM PST

    I've just set up my UDM, and have L2TP working, but I can't for the life of me communicate with a portion of my LAN (that sits on a Dell PowerConnect 6248). I suspect Static Routes or Firewall, but really have no idea.

    My LAN sits on 192.168.1.0/24 and is a Corporate network without VLAN, my L2TP is configured as 192.168.2.0/29.

    When I connect to the VPN, I get one of the 6x 192.168.2.x addresses, which is great.

    Connected to my UDM;

    • LAN1 = Dell PowerConnect 6248
    • LAN2 = Cisco PoE Switch
    • LAN3 = Raspberry Pi
    • Lan 4 = Hue Bridge

    I can connect to the Cisco Switch, Raspberry Pi and Hue Bridge, but not the Dell switch (or anything hanging off it) when connected to the VPN. Naturally, connected to the Dell switch is the bulk of the stuff I need to talk to.

    What could be missing?

    submitted by /u/b0mfunk
    [link] [comments]

    No comments:

    Post a Comment

    Fashion

    Beauty

    Travel