PSA: O365 diagnostics update Networking |
- PSA: O365 diagnostics update
- How much of your time at work is actually “technical”
- Wireless Authentication with 802.1x
- Why is OSPF considered a better protocol than EIGRP for larger companies?
- Ntp appliance recommendations
- How often do you use OSPF areas in your networks?
- Seamless Roaming with Different Manufacture/Vendor AP's
- What implications has CGNAT had on your environment/customer base?
- ASA frequent connection drops
- IPv6 ICMPv6 type 134 RA, what's the difference with broadcast ?
- SD-WAN and Packet Replication
- Looking for a 100Gb netflow collector
- Monitoring remote sites with their own IT personnel
- Best tool for backing up traditional Cisco router/switch configurations?
- Any idea why Linux VMs aren't connecting to Windows 10 Vm, but Windows 10VM is connecting to Linux VMs? Unsuccessful pings.
- How do you troubleshoot a loop?
- Cisco Nexus 2348UPQ
- Datacenter Patch Panel Port Labeling
- Visualize RFC 1918 space
- Cisco 9500 route certain URLs down backup connection
- VXLAN: VLAN Filter Processor Usage
- 2GBps+ PtP
- RouteMap Set vs Match statement confusion
- Is there a norm to certify a wifi installation?
| Posted: 13 Feb 2020 05:33 AM PST For all ye engineers out there to use Cisco Umbrella, you may get tickets this morning saying that users are experiencing cert issues for their Outlook Email. api.diagnostics.office.com CNAME of o365diagnosticsnew.trafficmanager.net which is a CNAME of ods-diagnostics-prod-eus.cloudapp.net . ods-diagnostics-prod-eus.cloudapp.net was newly created domain being blocked by umbrella for review currently. may want to whitelist it =) That is all. Happy Friday Eve. [link] [comments]  |
| How much of your time at work is actually “technical” Posted: 13 Feb 2020 06:46 AM PST In my current role (network engineer for enterprise with 10k plus users) im starting to feel like im spending the majority of my time doing non technical things such as circuit orders, talking to an ISP to make sure their mpls circuit is activated, coordinating with remote hands for correct cabling of equipment, ordering new equipment, excel spreadsheets, meetings, and the list goes on... i feel like i only spend about 20% percent of my time actually solving any issues or creating configurations.. is this normal for the rest of you guys as well?maybe its time for a change [link] [comments]  |
| Wireless Authentication with 802.1x Posted: 13 Feb 2020 11:27 AM PST Im taking another stab at this. hope someone can make it make more sense for me. I've got a single SSID being put out by my WLC, via AP's. I have the SSID configured to use 802.1x authentication via my NPS server. it works, however when you log off you lose network connectivity. this is expected since it's using user identity certificates. So now i'm working on providing the workstations Wireless access when no users are logged in. i can do this as well. i just give the machine a certificate (using an auto enrollment policy), and push the SSID to the machine using GPO. So now where i'm hitting a wall is how do i make it so the machine sits at the logon screen using the Machine credentials. after login the Authentication mechanism should switch to the users credentials. what I've read is that the logon will change the security context and it will just happen. It's not Just happening. I can't be the only one doing this and hope someone can tell me what gaping wound i'm overlooking. [link] [comments]  |
| Why is OSPF considered a better protocol than EIGRP for larger companies? Posted: 13 Feb 2020 06:38 AM PST I'm a first-year CS student looking into networking for an exam and we're going over protocols for networks, I'm struggling to understand why OSPF is better than EIGRP for companies. Granted im not terribly adverse in networking so i could be missing something simple here. Is it because OSPF uses SPF and that is the only dependant on bandwidth? Whereas EIGRP uses DUAL? And that uses bandwidth as well as delay to calculate the composite metric? [link] [comments]  |
| Posted: 13 Feb 2020 07:21 AM PST My org has asked me to investigate some ntp appliances. We are looking for something we can place in our data center and dr center that will provide ntp services for all of our physical servers, vms, and network gear. We are specifically looking for an appliance and not a vm so that The device will be independent of the server team, and we are looking for a device we can get smartnet level of support on. Has anyone had experience with an ntp appliance they can recommend I look at? I have reached out to a few vendors but want to cast as wide a net as possible and then whittle it down. [link] [comments]  |
| How often do you use OSPF areas in your networks? Posted: 13 Feb 2020 09:07 AM PST I've learned all about areas and I understand the benefits, however I've never used them in a real production environment. Granted in my 8 years as an engineer I've only seen one network large enough using OSPF where areas might have been beneficial, but we didn't use them. Curious to see if any of you are using it in the real world. Edit and no snarky remarks about area 0 being an area, therefore I have used areas [link] [comments]  |
| Seamless Roaming with Different Manufacture/Vendor AP's Posted: 13 Feb 2020 08:16 AM PST Hey Everyone! I'm going to be doing a rolling deployment with a mix of Extreme (AeroHive), Meraki AP's. They both conform to the 802.11RKV standards, any idea if they'll be able to handoff/have clients roam between different vendors? [link] [comments]  |
| What implications has CGNAT had on your environment/customer base? Posted: 13 Feb 2020 06:22 AM PST Hi All - I'm going to be implementing what will be a fairly large-scale CGNAT deployment for the ISP I work for. We're a fairly new org in the UK thus IPv4 address space acquisition is a big issue for us. One /18 goes currently for around $300k+. This cost isn't sustainable with the subscriber numbers we're planning for. CGNAT is a must. I've read significant documentation on the matter and know of the majority of risks and features implementing this will break - so IPv6 and the ability to assign our customers static IPv4 addresses are an essential prerequisite to the deployment. That said documentation can only get me so far - I would like to ask people here what deploying CGNAT broke within your network, and what the majority of complaints you received were? What did you learn from your deployments? Also I'm sure someone will say - "just deploy IPv6" - we are as mentioned, but customers still need the ability to get to the v4 internet, thus either some 6to4 conversion needs to take place (which is still CGNAT as multiple customers will be shared behind a single v4 address) or we do the NAT444 scenario we're currently moving forward with (due to CPE hardware support, and because we would like customers to be able to use their own CPE device, there is no way for us to do MAP-T/MAP-E or Lw4o6 currently - same goes for 464XLAT which is really only used by mobile carriers). [link] [comments]  |
| Posted: 13 Feb 2020 06:26 AM PST I am getting frequent reports about RDP traffic dropping for 10-20 seconds at a time. Upon inspecting port traffic on our ASA, this is what I found: *Note: outside int is a single gigabit interface to a L3 switch *Note: gi0/5 is a single gigabit interface trunking to a core L2 switch *Note: Above mentioned switches show no port errors ASA5515# sh int out det Interface GigabitEthernet0/0 "Outside", is up, line protocol is up Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps) Input flow control is unsupported, output flow control is off MTU 1500 1386271557 packets input, 1514697309849 bytes, 0 no buffer Received 570510 broadcasts, 0 runts, 0 giants 52686 input errors, 0 CRC, 0 frame, 52686 overrun, 0 ignored, 0 abort 0 pause input, 0 resume input 0 L2 decode drops 603785584 packets output, 221632398587 bytes, 0 underruns 0 pause output, 0 resume output 0 output errors, 0 collisions, 0 interface resets 0 late collisions, 0 deferred 0 input reset drops, 0 output reset drops input queue (blocks free curr/low): hardware (492/362) output queue (blocks free curr/low): hardware (454/203) Traffic Statistics for "Outside": 1386196774 packets input, 1489545780829 bytes 603785584 packets output, 210319081779 bytes 20903033 packets dropped 1 minute input rate 3342 pkts/sec, 2478208 bytes/sec 1 minute output rate 3356 pkts/sec, 2252799 bytes/sec 1 minute drop rate, 5 pkts/sec 5 minute input rate 6668 pkts/sec, 7657228 bytes/sec 5 minute output rate 2866 pkts/sec, 1354408 bytes/sec 5 minute drop rate, 5 pkts/sec Control Point Interface States: Interface number is 3 Interface config status is active Interface state is active ASA5515# sh int gi0/5 | i L2 | error 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 11444613 L2 decode drops 0 output errors, 0 collisions, 0 interface resets CPU and Memory both seem to be doing fine: ASA5515# sh cpu CPU utilization for 5 seconds = 9%; 1 minute: 11%; 5 minutes: 11% ASA5515# sh memory Free memory: 3427174896 bytes (80%) Used memory: 867792400 bytes (20%) ------------- ------------------ Total memory: 4294967296 bytes (100%) I'm not very familiar with some of the more advanced features of the ASA, so my current plan of action is to create an ether-channel group on the WAN interface to address the overruns. I'm not even sure what to do about the L2 decode drops, going to start with an audit of our VLANS and make sure that only relevant ones are being sent over that interface. Am I on the right track? [link] [comments]  |
| IPv6 ICMPv6 type 134 RA, what's the difference with broadcast ? Posted: 13 Feb 2020 05:31 AM PST Hi guy's, I'm learning about IPv6 and i learned that when host need infos they send RS to the FF02::2 all-router multicast address. When the routers recieved that, they will answer by sending the data to the FF02::1 all-node multicast address. I was wondering, why do the router use the FF02::1 adress and spam every host when he could use the SRC address of the host which is asking about infos ? Correct me if i'm wrong but it looks like IPv4 broadcast ?? Thanks :) [link] [comments]  |
| Posted: 13 Feb 2020 02:07 PM PST For anyone currently using or have used SD-WAN, what has your experience been with packet replication? If your diverse links have considerable differences in latency, have there been issues when the lower latency link experiences drops? I'm looking at packet replication to protect some low volume critical traffic and would like to hear opinions from people who are actually using it. [link] [comments]  |
| Looking for a 100Gb netflow collector Posted: 13 Feb 2020 02:03 PM PST All, We're looking at some 100Gbps ISP connections in our core upgrade. We'll have 3 100Gig ISPs coming into this router and then fan out from there. We're looking at a Cat9k or Nexus model for port density. The only thing that seems to be a show stopper at the moment are the netflow capabilities. They only support up to 512k flows, we need more than twice that. My thoughts are putting in an Ixia tap and span out to an appliance or use a Netscout packet broker, but I don't know much about either of them. Can anyone share experiences with doing something on this scale, your views on the products, are there better options, etc? Are netflows still the best way to gain traffic insight or is there a more efficient way? Thanks for the help, it's appreciated greatly. [link] [comments]  |
| Monitoring remote sites with their own IT personnel Posted: 13 Feb 2020 01:52 PM PST For you hub/DC guys, how do you guys monitor connections to remote sites that have their own IT staff? The last organization I was with just monitored the routing protocol state from our agg devices, in order to prevent network congestion and reduce monitoring traffic/load on our monitoring system. At my current org we do full SNMP monitoring of 1600+ sites, we have a bunch of pallets that are always stressed. Just wondering what everyone else is doing, happy Friday to you 4/10 guys! [link] [comments]  |
| Best tool for backing up traditional Cisco router/switch configurations? Posted: 13 Feb 2020 07:34 AM PST Hey All, I was just looking for the general consensus on the best tool or service for automatically pulling Cisco backups. In the past I've just done it manually through TFTP. I'm currently looking into Kiwi CatTools, but wanted to do some crowd sourcing as well. Thanks all [link] [comments]  |
| Posted: 13 Feb 2020 01:17 PM PST I used VMware to create 3 workstations(two linux, and one windows10) for my network security class. Last week, I created the two linux workstations, and this week I created windows10. In this week's lab, I have to verify that the Windows10 VM is talking on the same network with the other two VMs. I tried to ping the Windows10 VM from the other two VMs, but the pings were unsuccessful. However, when I ping the linux VMs from Windows10, the pings are successful and when I ping each linux VM from one another, those pings are successful as well. Any idea why this may be? [link] [comments]  |
| How do you troubleshoot a loop? Posted: 13 Feb 2020 09:11 AM PST In the past year, two of our remote sites have had a physical loop in their network. In both cases we were notified of high discards via Orion. First thing I do is check the logs but I'm coming to realize its not really helpful. Random ports are flapping and STP blocks some ports but there is no indication which port is the culprit (or is there?). In both cases, it was a small unmanaged switch that was undetectable by LLDP/CDP. I feel like I'm missing something - is the only way to find this to have someone walk the floor? Both instances were someone plugged in RJ45 to the dumb switch twice. We don't have BPDU guard enabled at any of our sites (its on my list) is that really the only recourse here? The port that ended up being the cause of the loop looked the same as all the other ports in the logs. Wondering how you all would go about troubleshooting a loop. Logs looked like this:
[link] [comments]  |
| Posted: 13 Feb 2020 12:41 PM PST I have a Nexus 2348UPQ, what SFP+ transceivers are available for me to use? Thanks! [link] [comments]  |
| Datacenter Patch Panel Port Labeling Posted: 13 Feb 2020 08:22 AM PST Are there any more datacenter/colocation focused engineers dealing with FDPs on a more consistent basis. I'm looking to overhaul some standards and curious what others seem to be doing as I see it done differently depending on company and area. If you are working on a panel that is using LCU Duplex ports, would you labeled each TX/RX as port 1 or port 1/2? Internally we are all over the place, and seems to be more a long the lines of port 1/2. However, I have a feeling this is really only hold over from most panels being SCU simplex back in the day that are still all over network. Seems like a trivial issue, but you would be surprised by how easily a couple hundred LOAs can be messed up when not knowing the difference. [link] [comments]  |
| Posted: 13 Feb 2020 07:18 AM PST Does anyone know of a tool that can generate a visual representation of private ipv4 space much like this public ip address map? https://www.techrepublic.com/blog/data-center/visualizing-ipv4-addresses-on-the-internet/ [link] [comments]  |
| Cisco 9500 route certain URLs down backup connection Posted: 13 Feb 2020 06:45 AM PST We have an OSPF based network, but at our core we statically route some things away from our main ISP connection to another ISP. We are needing to route traffic for a group of URLs that has to many IPs to statically configure (e.g. *amazon.com) away from our main default connection to our backup connection. Most of what I was looking up pointed towards Policy Based Routing. Class map the hosts, give it a dscp value in a policy map, apply it to an access list, and routemap it to the second line. Is this the best way to go? Can it still be used in conjunction with some of the static routing we already have to the secondary connection? Appreciate the assistance. [link] [comments]  |
| VXLAN: VLAN Filter Processor Usage Posted: 13 Feb 2020 12:30 AM PST Hello everyone, I took a VXLAN Test active yesterday and the first message that I was greeted with was:
Now its only the first of the 4 Slices, with a total usage of 35% currently, but its still something Im questioning whether it might be a problem in the future. Sadly, I wasnt able to find out much about the VFP:
Question is what exactly uses the VFP TCAM and whether I will need to expect scalability issues? This Test is running on Arista Hardware, but from what I can see this applies to all Broadcom based switches. Thanks for your help. [link] [comments]  |
| Posted: 13 Feb 2020 09:40 AM PST We are looking at deploying a backup link between our buildings. These buildings are currently served with a 10GB fiber connection. Distance isn't a issue, the buildings are a 1/2 mile apart. Is there any PtP options that offer speeds greater than 2GBps? Only thing i can see is a AireLink that runs at 60Ghz and offers 10GBe at max throughput depending on weather conditions. I'm worried about saturating the PtP connection if the fiber fails as it couldn't serve it with 1GBps. 2GBps would work but it would be near maxed. As this is internal traffic, I can't do what I do with my firewalls and shutdown firewall rules when our primary wan fails to the slower backup connection. I'm suspecting we most likely will end up on the airFiber 24 HDs that do 2GBps and just have to have a network suffer if we fail into it. [link] [comments]  |
| RouteMap Set vs Match statement confusion Posted: 13 Feb 2020 09:36 AM PST Hi all, I am looking to understand what the "Set" and "Match" statements on Route map configs actually achieves. I have read many an article, but the explanation seems to be very grey and confusing. So when and why would I need to use "match" and "Set" statements? I have used in a lab, but still yet to understand its effects, so any help in understanding this along the way would be very much appreciated: Below Routemap was used for WAN failover scenario with PAT Overload: ip nat inside source route-map WAN02 interface GigabitEthernet0/2 overload ip local policy route-map TRACK_PRIMARY_IF match ip address PING_PERMIT set interface GigabitEthernet0/1 ! route-map WAN01 permit 10 match ip address LAN match interface GigabitEthernet0/1 ! route-map WAN02 permit 10 match ip address LAN match interface GigabitEthernet0/2 Would really appreciate any clarification [link] [comments]  |
| Is there a norm to certify a wifi installation? Posted: 13 Feb 2020 09:07 AM PST When using cables, you have TIA568, EN 50173, ISO 11801 that tell you what to measure to certify your installation against the target category/class. Is there something similar (norm or industry best practice) for the radio part of a Wifi installation? EDIT: fixed typo [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment