Rant Wednesday! Networking |
- Rant Wednesday!
- Internal Speedtest
- Free access to ACM Digital Library - Networks and Communications
- Separating Servers and Client PCs
- Which modules in pure Python scripting you guys use to parse configs? I used to use Ciscoconfigparse, anything better out there?
- How does Windows 10 select among DNS servers on multiple adapters?
- Internet Options for Sorority House Fiber vs Coax
- How is this site able to provide searchable netblocks with such granularity?
- anyone use Raritan KVM/Console (Dominion SX)? I'm trying to disable CBC mode ciphers
- Please help me make sure I understand this right! (VC vs MC-LAG)
- Safe Place to get ScriptLogic SL360 Tool Suite? All search results lead to the sketchy freeware sites. I know SL360 is Freeware but I can't find a good source.
- Sending this on behalf of our network engineer
- SNMP Question
- ISE: IPSK same SSID but assign different VLANs
- Cisco Access Point for Wireless Site Survey
- What are tie cables?
| Posted: 31 Mar 2020 05:04 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! Note: This post is created at 00:00 UTC. [link] [comments]  |
| Posted: 31 Mar 2020 10:49 AM PDT Looking to implement a localized speed test tool. Users in remote offices can run an internal speedtest from there PC to our server in the DataCenter (that will host the speedtest). Any good suggestions? Edit1: Thanks all for the suggestions! [link] [comments]  |
| Free access to ACM Digital Library - Networks and Communications Posted: 31 Mar 2020 01:59 AM PDT I thought maybe for someone it can be useful.
[link] [comments]  |
| Separating Servers and Client PCs Posted: 31 Mar 2020 12:31 PM PDT I'm helping a buddy of mine clean up his company's corporate network, and the most importan aspect I recommended was to divide into VLANs. Everything was on a flat address space (192.168.1.0/24) and obviously this presented many issues. The entire network is based on UniFi hardware and Windows AD DCs acting as DHCP and DNS servers. I've successfully separated IP cameras, printers, workshop machinery and devices and employee's mobile phones into their own VLANs. Different SSIDs for gust Wi-Fi is also in place. Now, what's left are the Windows servers and client PCs. As I mentioned, there are two DCs acting as DHCP and DNS servers, currently offering IP addresses only to domain joined PCs, as every other device gets an IP directly form the USG. This is working perfectly fine although every computer in the domain can see every server when going to Network in Windows Explorer. Both DCs have a scope setup in the 192.168.1.0 range. It's split up 80/20 so both are offering addresses. The same goes for the DNS Reverse Lookup Zones, each one has the 1.168.192.in-addr.arpa zone. I created a new VLAN subnet in UniFi with 192.168.40.0/24 to place all client PCs there. DHCP was set to Relay pointing to the current servers. My questions are:
I want the DCHP and DNS servers in 192.168.1.0 to serve all clients in 192.168.40.0. Would this be OK or am I giving the wrong advice? It's been a while since I setup DHCP and DNS on Windows Servers. Sorry if this is the wrong sub. Stay safe. [link] [comments]  |
| Posted: 31 Mar 2020 12:06 PM PDT As the topic says. Used to use Ciscoconfigparse but wondering if anyone found something better? [link] [comments]  |
| How does Windows 10 select among DNS servers on multiple adapters? Posted: 31 Mar 2020 05:53 AM PDT I've been seeing an issue recently with VPN users who can't properly resolve our internal addresses. As near as I can tell, the machine used the local network to resolve DNS, and some ISPs DNS servers, instead of responding 'I don't know' to unknown address requests, return some useless IP for 'dnserrorassist.att.net' or whatever (which--omgwtf!?). So far I've solved this by forcing local DNS to use 8.8.8.8, but I found an article recently that suggests simply changing the route metric for the VPN to be lower than the local adapter. I realized that I have a deeper problem: I don't understand how Windows name resolution actually works. It seems obvious that it chooses the DNS server on the lower-metric adapter and then falls back to another, but I've never actually seen this written down anywhere (and it's been more than a few years since I did networking 101). Can someone explain this or point me to an article for it? Thanks! [link] [comments]  |
| Internet Options for Sorority House Fiber vs Coax Posted: 31 Mar 2020 07:49 AM PDT I have some questions about internet at a sorority house. I redid the network with 25 APs and a USG 4 to help with wifi connections. There are about 70 people living in the house and the number can flex up to 150 during a day with other people coming in the house. Internet use is regular streaming and web browsing. Currently they have a spectrum agreement ending in october for 200/200 fiber for 1300/month. I have gotten two new quotes for similar fiber service for 850-950. I can also get 1000/50 coax for 200/month. Question is do I need to spend the extra 600+ a month for fiber? [link] [comments]  |
| How is this site able to provide searchable netblocks with such granularity? Posted: 30 Mar 2020 07:24 PM PDT Hey folks- network engineer here, looking for some help reverse-engineering how this (really powerful) free service works. The site I am talking about is ipv4info.com and the unique ability it provides is a searchable database by keyword (for organization, contact, etc, etc) for even the most tiny of network allocations. FIRST: If you suspect I am about to spam you to sell a service, please see the last line of the post and also read the content here carefully and judge for yourself; you can no longer pay for data from this site, and it seems to be moribund and not making any revenue off of any obvious advertising (though I guess the traffic rankings do boost the value- whatever...) SECOND: If you still thinking I'm spamming you / advertising but you have some helpful technical answers for me about how it might work, feel free to send me a direct message if you don't feel comfortable potentially sending more traffic to this site THIRD: If anyone is able to help me figure out how this works, I'm happy to put up a clone as a free service and open-source the tooling/backend- though the fact that it's shutting down and based in Russia makes me wonder if it is up to something that can be considered a "gray-area" ... ... back to the point. I am very aware of whois/rwhois. I pull down the latest rwhois raw database files from all of the RIRs (ARIN, APNIC, LACNIC, ...) every night over FTP, parse them out, and do some searching based on keywords for some organizations that I work on contract for to provide them data on their Internet assets when they need third-party verification of "inventory" What I found at this specific site when I stumbled upon it just a few months ago (which is apparently defunct, not taking new customers, and starting to have stale data) is a bunch of /28, /29 and /30 CIDR blocks that can't be found via any paid or free service I've been able to find over the years. This includes searching via the individual RIRs themselves using their keyword search mechanisms as a I mentioned. I'm wondering how the heck it is possible that they have this data in this keyword searchable format. I understand I can always rwhois an IP address and get back the fields that contain keywords that I am looking for (e.g. the name of a customer's business) but for that you obviously need to know the IP address first. So, chicken and egg. And I'm not going to try to actively whois every IP on the Internet and get banned from every rwhois service before I get .05% through. I figure even excluding RFC1918 addresses, there's just too much search space since you have to search within the larger blocks to discover these smaller ones. Brute force searching just doesn't seem feasible unless it's part of some hybrid approach To be clear- I am not talking about a standard searchable ASN database site- these are a dime a dozen and I've been using them for years. I'm not even talking about the equally common sites/services that let you find smaller CIDR blocks, typically /25 and larger via keyword searches. None of these sites turn up the networks that this site finds. Example: As an example of how this is different, go to the ARIN site and search for "Exxon" (AND NO, I AM NOT AFFILIATED WITH EXXON EITHER!) Using ARINs keyword search, You'll be able to track down a handful of their network blocks, especially a few of their big ones. Great. Now go to the site I mentioned in the first paragraph and type "Exxon". The networks it returns is significantly longer and contains a relatively large amount of really small networks, down to /30. These obviously are not all Exxon corporate- but at least a few are probably small Exxon corporate remote sites, maybe egress points, out of band management for DR, or surveillance gear. They are not all just random little gas stations or loosely affiliated entities. I guess Exxon wasn't a great example, but still, it works to demonstrate the point. Can anyone speculate as to how they are getting this data in such a way that it is searchable by keyword? After talking to a few friends, some ideas came up about monitoring for route announcements passively, then performing some active rwhois queries, and then continuously updating via this basic approach. But none of us are quite sure if this is actually practical. I'm not necessarily looking for an equivalent service/site (though I would be very interested if there were any) but I am very interested in figuring out how they do this as it would help me in my work quite a bit- these small networks are often not well known to the organizations that are responsible for them, and they end up being the source of an outage or a security incident eventually, so having them discoverable so easily is really significant. Before jumping to any conclusions and telling me that this site/service provides no unique capability, please give it a shot with any large international corporation as an example- find a small block (maybe a /29) see if you can find it via a keyword search on ARIN's site or ARINs rwhois DB snapshot files (or any other RIR for that matter) and then do a whois on it to see that the data is in fact correct. BTW- In case anyone suspects I'm advertising for the site, I'll point out that it seems to have been a pay service at one time but is no longer accepting payments/subscriptions. It also says that the domain is for sale. It seems to be based in Russia. I assure you I'm not based in Russia, nor am I trying to attract attention to a moribund site in Russia. [link] [comments]  |
| anyone use Raritan KVM/Console (Dominion SX)? I'm trying to disable CBC mode ciphers Posted: 31 Mar 2020 11:51 AM PDT I cannot see a setting on our Dominion SX to disable CBC ciphers. in the security settings page, the only options are for AUTO, AES-128, AES-256 and RC4, then you have the option to enable/disable FIPS4.0 and also options for TLSv1.0, 1.1 and 1.2 I chose AES-256 and enabled FIPS4.0, with TLSv1.2 butt he security scan still shows up for "CBC mode ciphers is enabled" how to fix this?? thanks [link] [comments]  |
| Please help me make sure I understand this right! (VC vs MC-LAG) Posted: 31 Mar 2020 11:03 AM PDT Hi there In the past, I always saw people do stacking to have 'redundant' uplinks on the stack and the downstream gear. I believe MC-LAG is the way to do it with Juniper these days for the hypothetical setup below: Combo fw/router (not redundant, identified already as SPOF) feeding 2 links to, say, 2 EX4650's. These EX4650's have MC-LAG going between them and each EX4650 has one link to, say, EX3400's downstream. This setup would provide EX3400 uplink redundancy all the way to the firewall, right? [link] [comments]  |
| Posted: 31 Mar 2020 09:53 AM PDT |
| Sending this on behalf of our network engineer Posted: 31 Mar 2020 09:38 AM PDT We recently acquired some Cisco Firepower 1140 NGFWs to replace our 5515x's. We use Riverbeds and the network engineer I am assisting had a question regarding this migration of configuration settings for using tcp-maps for option 76 and 78. I found a forum post on Cisco's website but no answers. I am hoping someone here may have a solution. https://community.cisco.com/t5/network-security/ftd-2110-configuring-tcp-options/m-p/3864701#M923345 [link] [comments]  |
| Posted: 31 Mar 2020 09:09 AM PDT Hello- I'm curious about a value I'm getting with SNMP. The OID 1.3.6.1.2.1.69.1.3.4.0, I understand what this OID is for. The only thing I don't understand is what the integer 5 means. After searching online the only explanation I get is Other. Any help would be greatly appreciated. [link] [comments]  |
| ISE: IPSK same SSID but assign different VLANs Posted: 31 Mar 2020 08:33 AM PDT Our goal is to have one SSID shared by all external companies hiring office space on our campus, give them a password each and thereby their own seperate VLAN. Is it possible to do this without having the endpoints profiled already in ISE? I can't figure it out. Thanks. [link] [comments]  |
| Cisco Access Point for Wireless Site Survey Posted: 31 Mar 2020 06:14 AM PDT I am going to conduct wireless survey in a multi floor building, type of traffic will be data and voice I have got Ekahau AirMagnet Kit, but I am confused in chosing the right access point model. I got multiple choices like Cisco 1800, 2800 and 3800 series access points. Which one of them is better and why would be it better choice. [link] [comments]  |
| Posted: 31 Mar 2020 08:06 AM PDT I read that when building out an IT room you need tie cables between racks. Does that mean the uplink? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment