Blogpost Friday! Networking |
- Blogpost Friday!
- Working for Arista TAC?
- 20+ Gb/s WAN Router needed -- Cisco ASR or Juniper MX
- Enterprise Networking Team Size Inquiry
- The extent of DMZ environments in modern Data Centers
- Looking for ideas - BGP Internet Routing
- Solarwinds and IP address conflicts
- AnyConnect IKEv2 AES-GCM
- Enabling Command Authorization on Cisco ASA
- Low cost 10G BGP router with default only
- How should I connect a F/O termination box, patch panel and a switch properly to make a LAN network?
- Brocade VE routing
- Question regarding Azure Global Traffic Manager
- What does connectivity to your branch sites look like?
- Anyone Using Nectus NMS?
- Is there a way to do a trace route, but get more detailed information?
- Q | Looking for tool which can build a packet buffer and send chosen packets at a set interval
- Issues with Workforce Call Recording on 8811 IP Phone over VPN
- Add non-Cisco device to Cisco DNAC
- Greetings Ladies and Gentlemen - May I please kindly ask if there is a IPS Test Site like the Eicar Virus Test Site
- Buying used Cisco - what `sh` output should I ask the seller for?
- ISR1111 vs ISR4331
| Posted: 23 Apr 2020 05:04 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts. Feel free to submit your blog post and as well a nice description to this thread. Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it. [link] [comments]  |
| Posted: 23 Apr 2020 12:43 PM PDT Greetings, all. First of all, many apologies in advance if this post is in the wrong subreddit, but I did find a post from around two years ago that asked about working for Cisco TAC, so I thought it was perhaps appropriate here. I am also considering this reasonable as I am not at the beginning of my career. Does anyone know what it's like to work for Arista TAC or Arista in general? I've been in networking about 6 years now and the idea of no on-call nor after hours is appealing (or at least, a better work-life balance). Additionally, I feel that in my current role, because of the pace of work, I'm losing some of the networking basics that I'd be able to hone and regain in a role like TAC. It also seems that at Cisco TAC you're a bit pigeonholed; does anyone know if this is same case at Arista, or if career progression is subdued in a role like TAC? Thanks. [link] [comments]  |
| 20+ Gb/s WAN Router needed -- Cisco ASR or Juniper MX Posted: 23 Apr 2020 07:09 AM PDT Greetings All, I would love a little feedback from the community. In an enterprise environment, would you look at the Cisco or the Juniper hardware to do your WAN routing Most likely OSPF but possibly BGP. Stability and bug free/reliable is of utmost importance. Thanks. [link] [comments]  |
| Enterprise Networking Team Size Inquiry Posted: 23 Apr 2020 02:23 PM PDT To preface. I work for a Large Enterprise Environment that has about 20K devices primarily Cisco. My current position as a Networking Analyst I am in charge of maintaining our devices to "compliance". Be it as it may I love what I do for networking. But I find myself doing my 8-10 hours during the day and 4-5 hours a night doing upgrades for 1 - 6 devices on times I can. Management is having a hard time realizing that the size of our infrastructure can't be left up to one person to manage and its ridiculous. Does anyone have good automation in their environment that is scalable and will handle Nexus Platforms? I have heard of Ansible being the answer but dont have time to even delve into that portion. We have 200+ Nexus platforms 4-5K Catalysts 2960s to 9400's. Im sick of having to tell them that we need resources and maybe get one more person. The best that we have is an expect / tcl script to do upgrades but even then its not true automation for ISR 3K / 4K and Catalysts. [link] [comments]  |
| The extent of DMZ environments in modern Data Centers Posted: 23 Apr 2020 02:01 PM PDT Hi everyone - I'm a network engineer who hasn't done a lot of work in the DC space before. I mean, I've done troubleshooting and small projects in DC environments, but I've never actually re-engineered one or stood one up from scratch. With this in mind, I've worked for 3 companies and each of them had data centers that looked like this:
It seems to me that the idea of putting only public services into a DMZ while leaving everything else more-or-less open on the internal network is, well, a bit antiquated. After all, internal users & devices can be malicious too. With this in mind, are we at the point where it makes sense to abandon the traditional DMZ concept and, instead, segment the entire data center from the rest of the corporate network? Are companies actually doing this? Or do most of them still having architectures looking very much like my previous 3 employers? Note: I'm specifically curious about those environments which aren't running ACI or NSX, since those two platforms both have their own security solutions. [link] [comments]  |
| Looking for ideas - BGP Internet Routing Posted: 22 Apr 2020 07:11 PM PDT Hi, I'm a Network Architect with about six years programming experience. I'm currently learning Angular frontend web framework and I have experience with developing backend (API/scripts etc.). My process of learning is to build something useful in parallel to learning the theory. Anyway, I decided to focus on the theme of BGP/Internet routing/security since it's a hot topic. I have a few ideas of my own, but I would love to get some suggestions about useful features I can incorporate. Currently I've got: - Summary of current status for a given ASN (including prefixes, advertisement status, neighboring ASNs/upstream providers) - Live/recent BGP events for a given AS or prefixes - Detection/alerting of BGP route hijacking/invalid advertisements and other incidents - Auditing/compliance report, with a focus on security There are some really good websites out there already, like ripe.net that present extensive information. I'm hoping to obtain suggestions about issues or challenges that are not already covered so I am simply not reinventing the wheel with this project. I would be happy to host the site/solution for others to use, maybe I can solve a problem you have... please let me know. Thanks! [link] [comments]  |
| Solarwinds and IP address conflicts Posted: 23 Apr 2020 01:38 PM PDT I am looking at Solarwinds NAM for an MSP solution where IP address conflict will be present. Based on my reading, I have found that views and account limitations could be used to limit the view/access per client/customer infrastructure. What about IP address conflicts? Could a simple instance support this? Do we need a full instance per client and an enterprise console? [link] [comments]  |
| Posted: 23 Apr 2020 12:36 PM PDT Has anyone experienced a performance increase moving from AES-256 to AES-GCM on their VPN throughput? I'm getting hammered on the AES-256/400Mbps throughput from the work from home situation. [link] [comments]  |
| Enabling Command Authorization on Cisco ASA Posted: 23 Apr 2020 08:32 AM PDT Hi all, first of all, very grateful to this community for all the help you've provided to me over the last few months, so just wanted to say thank you. Second, I wanted to get some confirmation on what I'm going to attempt to do tonight. I want to create a read-only account for my ASA, and I think I can do this by enabling Local Authorization (this particular ASA is standalone and not using RADIUS). If I have a privilege level 15 admin accounts, and some level 2 user accounts for VPN, and a single level 5 account that I want to be read only, I shouldn't run into any problems enabling this, right? My understanding after reading this morning is that it will simply enforce the privileges, so it won't lock my level 15 accounts out or anything. I plan to do this in ASDM via Device Management>Users/AAA>AAA Access>Authorization>Check the "Enable" box and select "Server Group: LOCAL" In the Configure Command Privileges Setup window when I temporarily check that box (without Applying) I should just change Command "running-config" in mode "exec" with variant "show" to privilege level 3 and I should be all set, without needing to hit the "Set ASDM Defined User Roles" button since I don't want it to create those Admin/Read-Only/User predefined roles. Does this sound right to you guys? Am I missing something and about to lock myself out? Thanks for the help once again! [link] [comments]  |
| Low cost 10G BGP router with default only Posted: 23 Apr 2020 11:39 AM PDT Can I do better than a Ubiquiti Edgerouter Infinity? Perhaps a nice L3 switch? Because reasons the equipment has to be new and under warranty. A x64 server with 10G NICs is also not an option, again, because reasons. All the router has to do is announce a single prefix, multihome with defaults and push packets. It needs to have at least three 10G ports (2x WAN and LAN). [link] [comments]  |
| How should I connect a F/O termination box, patch panel and a switch properly to make a LAN network? Posted: 23 Apr 2020 10:55 AM PDT Topology; https://imgur.com/6a6TGvk Hi, I am a beginner in fiber optical networking, actually to whole networking. Basically, I am trying to create a working LAN topology, I used 24 core F/O and distribute them to access switches with SFP and I used a patch panel to manage F/O cables (on left). While I was trying to communicate them with each other, I get confused about the termination box, panel, switching part. Should I place a switch near to the patch panel and connect them together to make a working LAN? If I should, should I connect all access switches to that switch? I got two more floors that I should carry the cores. While thinking physically I don't understand how can I just take one cable with a bunch of cores and carry it along the other floors efficiently. Sorry for the mess, I just got so confused. TL;DR: how should I connect an F/O termination box, patch panel and a switch properly to make a LAN network? [link] [comments]  |
| Posted: 23 Apr 2020 12:58 AM PDT I have current configuration: vlan 2000 by port interface 2000 And somehow I am unable to get this network up and routed, what gives? Does the port need to have a cable connected to come up and start routing? That sounds weird to me though. [link] [comments]  |
| Question regarding Azure Global Traffic Manager Posted: 23 Apr 2020 08:53 AM PDT This question may be a hybrid between systems and networking but I thought I would ask. I'm thinking of using Azure traffic manager to load balance our anyconnect VPNs. We have 2 sites, a primary and a DR site both with ASAs. We were doing some load balancing based on round robin DNS. I was thinking of using Azure's traffic manager instead. I have it set up - set up in fact was very simple. Azure instead of giving a public IP to work with, provides a DNS name instead. You're suppose to update your CNAME record with the traffic manager address. This is where I get a little confused. We have an A record currently that points to our primary ASA. Do we still keep that A record once we add a CNAME? and then wouldn't traffic just go straight to our ASA without touching the load balancer in Azure? this may be better asked on the systems side but thought I would post it here first since what I'm trying to do is essentially networking-oriented; plus these days (unfortunately) we have to deal with DNS as well. :) [link] [comments]  |
| What does connectivity to your branch sites look like? Posted: 22 Apr 2020 09:02 PM PDT Mainly this is what I'm getting at- how many folks are running bog standard business internet connections and using firewalls for site to site VPN. Versus Using expensive Ethernet circuits such as ELAN and the like and using a technology like macsec for encryption over the carrier's network. [link] [comments]  |
| Posted: 23 Apr 2020 07:00 AM PDT While looking for a Solarwinds alternative I came upon Nectus. I searched and there is nothing in /r/networking and I was curious if there was anyone else using it or demoed it? nectus5.com is the webpage it has a lot of similar modules to Solarwinds and then some but a very minimalist design. I can't find anything out about the company behind the product though. [link] [comments]  |
| Is there a way to do a trace route, but get more detailed information? Posted: 23 Apr 2020 06:24 AM PDT Just curious if its possible to do a trace route, but instead of seeing only IPs, see more detail like routing protocols, AS numbers, etc. [link] [comments]  |
| Q | Looking for tool which can build a packet buffer and send chosen packets at a set interval Posted: 23 Apr 2020 02:34 AM PDT I have been looking for a way to use Linux's Network Emulator to do this job on a bridge. I want to achieve having a variable ex. "Interval" with a value of ex. "20ms", and with some extra scripting to target packets we get the following result: - Packet B received: 10:10:30.021 - Packet C received: 10:10:30.032 This way we can force consistency on the packets we are forwarding. Thanks [link] [comments]  |
| Issues with Workforce Call Recording on 8811 IP Phone over VPN Posted: 23 Apr 2020 05:58 AM PDT Hey everyone, Hope you all are staying safe and keeping busy during the epidemic. I am currently attempting to troubleshoot an issue with some Cisco 8811 IP Phones not recording their calls. Currently all of our users are working remotely and the vast majority of them are using Cisco 7841 IP Phones registered over Cisco Expressway, and those phones have no issues when it comes to recording their calls. We have three remote users that are using Cisco 8811 IP Phones connected via the built in VPN client on the phone to a Cisco ASA. I have verified that the call recording server as well as the other collab servers are able to connect to the 8811 phones over the VPN, so network reachability is not an issue here. The 7841 and 8811 are setup identically on the CUCM with the exception of the additional VPN configuration for the phones. Otherwise everything else is setup exactly the same for the users and phones on all the other servers. We do not have an IM&P service deployed if that matters at all. As far as I can tell, none of the 8811 phones have successfully been recording the agents calls on the recorded line. I do have a ticket open with TAC for assistance and have begun providing them with information, also I do plan switching these users over to Cisco 7841 IP Phones in the near future, but I'd like to see if I can get this issue resolved quickly as recording these agents calls is very important. Thank you [link] [comments]  |
| Add non-Cisco device to Cisco DNAC Posted: 22 Apr 2020 10:31 PM PDT Hey folks, Can we add non-cisco switches in DNAC through discovery method for assurance, management and monitoring purposes? Any feedback ? [link] [comments]  |
| Posted: 23 Apr 2020 11:39 AM PDT Greetings Ladies and Gentlemen - May I please kindly ask if there is a IPS Test Site like the Eicar Virus Test Site But Specifically for Testing the IPS in your Firewall ? Hope to hear from you soon Thank you and kind regards [link] [comments]  |
| Buying used Cisco - what `sh` output should I ask the seller for? Posted: 23 Apr 2020 03:54 AM PDT There's plenty risk buying gray market gear online. How do you make sure you get it right? I'm most curious for switches, in particular. Matching up the console output to item photos seems like a safe strategy. [link] [comments]  |
| Posted: 22 Apr 2020 11:56 PM PDT What's the key differences between ISR4331 and ISR1111? I have 50 L2TP VPN Clients, few ipsec tunnels, 100-200 hosts in LAN. My goal is to reach 1Gbps NAT Throughput. As my research says I should be fine with ISR1111 but friend of mine said that I should go for 4331 instead. Any ideas why? :D [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment