Promiscuous mode - am I understanding this right? Networking |
- Promiscuous mode - am I understanding this right?
- 802.1x/PEAP-MSCHAPv2 question: iOS 13.5 sending inner EAP username as outer identity?
- Aruba logic vs Cisco logic for VLANs
- Windows update out locally on a full tunnel?
- How to measure wireless signal strength without access to RSSI?
- MTU on a virtual interface
- OpenFlow Experimenter: Experimenter ID
- Cisco 9300-24UX-E as layer 3 distribution
- gNMI service map
- Loopback testing on a gigabit ethernet carrier fiber interface.
- Need help with my school lab. Are 2 management IPs required for intervlan routing? Should I put one IP on SVI and then trunk connection? Or 2 SVIs?
- Is it still true that Viptela only allows one of each "color" to be present on a vEdge?
- Looking for best method and device to simulate a Taclane in gns3 or eve?
- Cisco 1117-4p GB WAN
- Eliminating the ISP factor in our business need advice
- Is there one platform that can configure / manage any major switch vendor?
- Cisco CML2 lab for ISE
- Looking for experiences with 10Gig Copper and NBASE-T networking...
| Promiscuous mode - am I understanding this right? Posted: 28 Jun 2020 11:46 AM PDT My understanding so far of promiscuous mode is as follows:
Given the above, computer A should now be capturing traffic addressed from/to computer B's ip But this does not happen Is there something wrong with my understanding? I have reversed the roles of computer A and B to decrease the likelihood of hardware being at fault. [link] [comments]  |
| 802.1x/PEAP-MSCHAPv2 question: iOS 13.5 sending inner EAP username as outer identity? Posted: 28 Jun 2020 09:08 AM PDT I'm working in a lab on setting up EAP-MSCHAPv2 to authenticate Wi-Fi clients with FreeRADIUS 3.0. I've gotten it "mostly working," except that I'm trying to prevent the clients from exposing the inner identity during the outer EAP setup. For most of my testing, I'm using Apple Configurator 2 to push a profile to an iPad that has a client cert+key and the CA cert for the server identity. The profile is set to WPA2 Enterprise and PEAP only. The outer identity is specified in the profile as "anonymous" but I can confirm in the FreeRADIUS logs and the AP logs that when the client attempts its first outer request, it is sending the inner identity username instead. Has anyone run into this? I understand there was a bug in a much older version of iOS where they sent some 802.1x responses outside of the EAP tunnel once it was established, but Apple has long since fixed that bug years ago from what I've read. Edit: Think I may have found the answer. The outer identity seems to only be sent if I append the realm to the end of it. In other words, the UPN format of the inner identity didn't match the format of the outer identity, so the device seems to simply ignore the outer identity configuration. Changing the outer identity to anonymous@[domain-name].local appears to have resolved this. Thank you all for your help with this. [link] [comments]  |
| Aruba logic vs Cisco logic for VLANs Posted: 28 Jun 2020 11:30 AM PDT Hi! Sorry for the noob question... I am using different switch vendors, that are using the cisco style for checking vlans on ports
Aruba switches are looking promising, but every example I found is showing, that I need to change the whole way to configure to:
Is there any alternative to that method? For me, it's much more "straight forward" to configure one port and its vlans instead of vice versa. Am I just to inflexible, or is there any other option? Thank you for your thoughts ITStril [link] [comments]  |
| Windows update out locally on a full tunnel? Posted: 28 Jun 2020 10:16 AM PDT Hey everyone, I've got requirements that conflict against our capacities. Oh the one hand, I've got regulatory requirements for full tunnels, always-on VPN, consistent patch remediation, and FIPS-validated crypto. On the other, I've got 1500 WFH users who are actually in the habit of shutting down at night. Which means their windows updates like to saturate my internets during business hours. How can I make this work and still comply? FIPS-validated means I'm cornered into FortiOS 5.6. Can I poke MS servers out locally and still be in compliance and save some of my bandwidth? Could that even be done in 5.6? [link] [comments]  |
| How to measure wireless signal strength without access to RSSI? Posted: 28 Jun 2020 12:29 PM PDT I am developing an app for iOS and wish to include a wireless strength signal indicator to show the user how good their wireless connection is however Apple has locked this down and does not allow access to wireless signal monitoring. I have come here to ask if there would be any other way I can show WiFi signal bars in my app by measuring the network in some other way? Would dropped packets from a ping be a good indication? The app I'm developing streams RTSP video - could the connection quality also be measured from the number of dropped frames from the video stream? [link] [comments]  |
| Posted: 28 Jun 2020 12:19 PM PDT Hi guys! Can a MTU be set on a virtual interface or is it strictly a physical interface concept? A bit of background info: I am troubleshooting packet loss over a VPN connection. I've determined that anything above 1250 doesn't go through. So I'm wondering if I can set a MTU exclusively for the ppp0 virtual interface. Many thanks! [link] [comments]  |
| OpenFlow Experimenter: Experimenter ID Posted: 28 Jun 2020 04:24 AM PDT Hi guys, This is a pretty niche question that I couldn't find an answer to online. Hoping someone here can share their expertise. For my SDN related masters thesis to work I need to make a substantial number of extensions to the southbound api protocol OpenFlow. These extensions are necessary to define new messages, actions etc sent between the controller and switches. In the OpenFlow documentation an "Experimenter ID" is needed which is either a vendors IEEE OUI or assigned by the ONF. As an MSc student I do not have a valid IEEE OUI to generate this ID from and am yet to receive a response from the ONF regarding assignment of my own ID. Would use of an "unofficial" Experimenter ID that I choose myself work or will a bad Experimenter error always be thrown? Should I try different ID's until one works or is it better to cut my losses and change the focus of my masters? I need to find out if a work around is possible so I do not waste any more time on this. Thank you for any responses. [link] [comments]  |
| Cisco 9300-24UX-E as layer 3 distribution Posted: 28 Jun 2020 11:21 AM PDT I have a hospital with a campus style network and a horrible design, they have 3 large buildings all sitting off the back of a stacked 4500-X core and P2P circuits stretching layer 2 to access switches in each of the buildings. My proposal is to create a resilient OSPF network between the buildings to create a full mesh "triangle" which requires an additional circuit from building 2 to 3. I am planning to use cisco 9300-24UX-E's as the new collapsed cores in each building and run OSPF over it for the resiliency. Efforts have already been completed to give each building their own VLANs, but they currently all terminate on the core in building 1. Having never worked with the new Catalyst 9XXX series, I have some questions:
The kit needs to be Cisco, as they are a Cisco-only shop and we'd rather keep it that way. But I am open to other suggestions on hardware models, and even constructive feedback on my design. They are very adamant that resilience is key here, hence the full-mesh approach with OSPF to failover the circuits, and the stacked collapsed-core at each building. The end goal will also to have the most important of the 2 buildings connected via an etherchannelled P2P circuit, but that comes later... [link] [comments]  |
| Posted: 28 Jun 2020 02:14 AM PDT Hi networkers, Just wanted to share, maybe it will save quite some time for you getting through the deeply nested structures of the service. [link] [comments]  |
| Loopback testing on a gigabit ethernet carrier fiber interface. Posted: 28 Jun 2020 04:28 PM PDT Okay so back in the stone age days we use to loopback a oc3/ds3/t1 interface to itself and run ping tests to the ip address on the interface. We would keep moving the loop closer to us until the problem stopped(no more dropped packets). This would point us to where the problem is. So fast forward to now (the age of gigabit ethernet). How do i run this same test. it seems like it works when it's physical loopbacked (same light going in and out). But when i have the carrier loopback the remote end i don't see the same packet input as the same packet output. i've been researching this all weekend, and it looks like ethernet oam/cfm is the way i should go about this. Thats fine if it's the only way but just trying to make sure i can't do a simple ping test with the equipment already in place. TLDR: can i loop back a fiber gigabit ethernet circuit at ANY point along the path and test with consumer** equipment. [link] [comments]  |
| Posted: 28 Jun 2020 04:13 PM PDT Sorry if my question is a little confusing, I am working on a lab for my school. I'll try my best to explain. So I have VLAN56 on one switch with an IP address on the vlan interface (56) of 10.1.1.2 255.255.255.0. I am trying to add VLAN56 traffic to another switch so it can cross over into my other broadcast domain. The catalyst has the option for IP routing. My question is can I simply add VLAN56 to the other switch, and trunk the connection between the switches? Or would I have to create VLAN56 on the new switch, and also give it an SVI of 10.1.1.3 255.255.255.0? [link] [comments]  |
| Is it still true that Viptela only allows one of each "color" to be present on a vEdge? Posted: 28 Jun 2020 04:08 PM PDT Cisco documentation suggests that is still the case, but I wasn't sure. It seems like such an arbitrary limitation. Can anyone tell me if this is indeed still a limitation, and whether or not they are any plans to remove it? Or is it just a strict requirement for OMP to operate? [link] [comments]  |
| Looking for best method and device to simulate a Taclane in gns3 or eve? Posted: 28 Jun 2020 01:12 PM PDT Hi I work in a secure environment that uses taclane to encrypt data from the CE side through the WAN and back to the CE side on the other side. I always struggle with understanding and implementing the best device and ultimately configuration to simulate the networks I work on the correct way. What is the best way? Some examples would be appreciated. Thanks for your help. For example you have site A that uses OSPF to connect to all other sites, then that site egresses to a taclane that connects to a PE router that maybe uses bgp or isis for WAN neighborship the hits the taclane on the other side. Hopefully this makes sense, sorry typing on mobile. [link] [comments]  |
| Posted: 28 Jun 2020 02:47 AM PDT Not a a Cisco expert, so sorry for basic question I have 2 ISPs that I use, ISP 1 is a 1gb circuit connected via a Cisco 1117-4p, engineer from ISP 2 has been to site today saying ISP 1 have mis sold us the 1117-4p as its not sized for a gb circuit. I cannot find any throughput sizing for just L3 routing for this device, it does nothing else. [link] [comments]  |
| Eliminating the ISP factor in our business need advice Posted: 28 Jun 2020 11:04 AM PDT We want to setup WAN connection between our sites, currently we are using mostly cisco devices switches for LAN sites and 2 routers with hsrp config to ISP using bgp protocol, i was wondering if we can use WAN switches and connect all sites together without isp, we might lease some dark fiber [link] [comments]  |
| Is there one platform that can configure / manage any major switch vendor? Posted: 27 Jun 2020 04:53 PM PDT I'm looking for a single platform that can manage the configuration of any switch from the major players. (HP, Cisco, Dell, Juniper, etc. Is there ONE utility or platform that can allow me to set up things like vLANs, trunks, etc. regardless of the 2-3 different switch types we have deployed? [link] [comments]  |
| Posted: 27 Jun 2020 09:20 PM PDT Hello All, I really want to learn how to use ISE since eventually we might get this solution at my work. If I wanted to lab this at home on CML2, how would I go about doing this? I use CML2 with VMware Fusion. So I went to Cisco software download and grabbed the ISE 2.7 trial ova file so I can put it onto a server. At this point I'm lost on how I can boot this image up in my CML2 lab so I can network it in my lab and start connecting switches to it. Would I need to start 2 different Virtual machines in VM ware fusion and somehow bridge the NICs so they can see eachother on the same network. I'm not able to find much documentation on this, so if someone could point me in the right direction, I would really appreciate it. Thanks in advance [link] [comments]  |
| Looking for experiences with 10Gig Copper and NBASE-T networking... Posted: 27 Jun 2020 04:11 PM PDT Hi all, I'm in the pro-av market and I'm putting a system together that will connect two switches (Netgear M4300 / M4200) over 10Gig SFP+. What I am undecided on is how robust of a cable I really need for a link under 25ft. They aren't in the same rack. I realize that CAT6A is recommended for 10Gig... but, I've been reading that CAT6 would be fine for between 37-55m. Also, I'm a huge fan of the super slim CAT6A cables that Monoprice and other retailers have, and while they're super convenient, it's hard for me to believe they can handle 10Gig... though I realize they're only designed for a single device-device link. I'm not considering using slim run CAT6A for 25ft either, but I am considering unshielded CAT6A, mainly because I have it. I am generally used to shielded CAT6A and even shielded CAT7A for digital video applications (HDBase-T), but I am thinking that I don't need to go that route for this. This 25ft run isn't in a ceiling or wall or anything so I'm not worried about interference. Also, the whole CAT6 and CAT6A varieties are driving me nuts. Surely, 23AWG CAT6A is not the same as 26AWG CAT6A, but I suppose if they can both do 500Mhz they both qualify? I'm looking for your experiences and practices right now... [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment