What are your favorite virtual networking tools for playing with ACI/SDN Networking

---

• What are your favorite virtual networking tools for playing with ACI/SDN
• Secure deployment of MSCHAPV2 wireless?
• Security of wifi with hidden SSIDs?
• DHCP Help Part 2
• Cogent Communications co-location and connectivity to Cox Communications network
• J4858A vs J4858D Aruba Networking SFP Modules
• Help with business VPN
• Need some PIM-SSM multicast information
• Career based question, how do I maximize my income?
• Career based question, how do I maximize my income?
• Port scan large number of IP Addresses

What are your favorite virtual networking tools for playing with ACI/SDN Posted: 01 Aug 2020 06:53 AM PDT Hey guys, I am a software engineer who just accepted a role on a networking team. I'm being brought on to help them get the ball rolling with SDN and ACI automations. I have a very limited background in networking (my employer is well aware) so I wanted to get my feet wet by playing around with some virtual networks. What are your favorite tools? I am looking at GNS3, Ciscos ACI Simulator, etc. Are there any others you would recommend? I have a halfway decent server to run a virtual network on. 64 gb ddr3, 12 cores, 14 TB raid 5 storage. Edit* Wanted to say thank you for all the help on this thread! Thankfully, my old company decided to not keep me for the extra two weeks although that was my intention and now I have a whole week free to prepare and study! submitted by /u/dtaivp [link] [comments]

Secure deployment of MSCHAPV2 wireless? Posted: 01 Aug 2020 10:07 AM PDT Is it possible to configure MSCHAPV2 using AD credentials securely by using MFA? submitted by /u/rancho100 [link] [comments]

Security of wifi with hidden SSIDs? Posted: 01 Aug 2020 08:27 AM PDT I know that hidden SSIDs are easily found with third party network scanning tools. So, they add little security, but do they do anything to decrease security? Some have said that, if a device is configured to connect to a network with a hidden SSID, it constantly broadcasts that it's looking for that network and that can be used to aid attackers. However, doesn't that happen anyway for any wireless network the device is configured to connect to whether hidden or not? submitted by /u/rancho100 [link] [comments]

DHCP Help Part 2 Posted: 01 Aug 2020 01:08 PM PDT Sorry this is again a bit of a noob question. Im getting stuck on a networking concept relating to DHCP. How does one implement a DHCP server spanning multiple subnets? My understanding is that routers will drop any broadcast frames sent to them so i wouldnt be able to drop in a DHCP server connected to my central router. Does this mean my DHCP server has to have multiple interfaces for each subnet/VLAN I am trying to run DHCP on? If not how would I configure the routing table to send all DHCPREQUEST packets to the DHCP server? submitted by /u/deathewillcome3 [link] [comments]

Cogent Communications co-location and connectivity to Cox Communications network Posted: 01 Aug 2020 07:29 AM PDT Hello, We just started to co-locate our equipment at Cogent Communication's datacenter in Phoenix. Prior, we had co-location at Phoenix NAP (right across the parking lot actually!) with a 3rd party who has multiple carriers (GTT, HE and more). Cox is in the meet me room at Phoenix NAP. Our Phoenix NAP co-location had excellent connectivity to the Cox network. I can reach Cox Business fiber optic customers at 3.5 ms latency on average. With Cogent however, this latency has gone up to 24 ms average. I called tech support and opened a ticket and they said their routes go to their DC in LA, then over to CoreSite and then back to Phoenix. I asked them if this could be optimized. They said no. Are they telling me the truth? Or do I have to accept this now? I don't see why they can't connect to Cox, right across the parking lot at Phoenix NAP. I am sure I'm missing something here but it seems ridiculous for traffic to make a trip to the west coast, turn around and come back to Phoenix. submitted by /u/irfan602 [link] [comments]

J4858A vs J4858D Aruba Networking SFP Modules Posted: 01 Aug 2020 12:04 PM PDT I wanted to buy J4858D SFP modules from FS, since that was the model given to us on an official quote from HPE. However, they are only available from the Asia warehouse and will take 3 weeks to get here. The J4858A can get to me by Tuesday. Will the J4858A work with an Aruba 5406R zl2 Switch? We bought the 20x1Gbps and 4xSFP+ module to put in it, so this transceiver would be plugged into one of those. Thanks for the help! Still new to fiber networking. submitted by /u/youraverageITguy1 [link] [comments]

Help with business VPN Posted: 01 Aug 2020 08:17 AM PDT Good morning! Crazy problem here. Our site to site VPN at our place of business quit working when we changed our primary site's internet connection from Spectrum to an AT&T Wireless Broadband device (4G cellular) using the Nighthawk MR1100. After connecting the new internet at the primary site and changing the interface, the internet works well. The only change we make at the remote site is to change the gateway IP address that points to the main site to the new public static IP address assigned by AT&T. After making this change the tunnel shows active but no data is exchanged. It appears that the Phase 2 negotiation stalls out when the tunnel tries to come up. Here are some relevant details. Hoping someone here has run into something similar or could provide us some suggestions on what to try. Our current thinking is something is different about this network traffic being sent out over the nighthawk modem (cellular network) Firewalls on both sides = Sonic Wall 250 Remote side makes a vpn connection to the primary site Nighthawk is set to IP passthrough and VPN passthru is enabled. Nighthawk has a custom APN assigned by ATT to provide the public static IP for us. VPN connects using aggressive mode, IKE phase 1 is on aggresive mode, DH Group 2, Encryption: 3DES, Auth: SHA1, Ipsec Phase 2 Protocol: ESP, Encryption: AES-128, Auth SHA1 Some notes: The only thing that changed was the new internet connection and changing vpn gateway IP at the new site. Before that everything was working fine. So all of our routes and access rules should be fine. After the tunnel comes up, looking at the packet monitor I see Phase 1 looks good. I see UDP Port 500 traffic get received successfully on the remote site from the main site. However it doesn't look like phase 2 completes. Sonic Wall tells me I should see UDP port 4500 next for the ESP but that packet is never received. AT&T also told me their MTU size should be 1430. The largest packet I can send using ping using "ping -f -l is 1402 google.com" is 1402. I'm wondering if the overhead with IPSec needs a larger packet size than this? I have tried setting the MTU on the WAN interfaces on both sides to 1430, 1400, and lower. Many thanks to anyone taking the time to read this and to give ideas. I know enough to be dangerous. This was written up by our trusted friend and IT consultant. We have spent a ton of time reading, researching and trying different settings. We are going to try one more time with a couple more changes today but after today, we have exhausted everything we know to try. We have been on the phone with ATT, SonicWALL, and our IT support company for the last week and putting in lots of hours on this to no avail. Any help is much appreciated! Thank you! submitted by /u/KolostomyBag [link] [comments]

Need some PIM-SSM multicast information Posted: 01 Aug 2020 05:16 AM PDT I have an issue with my PIM-SSM multicast configuration using ISR4431s. I am wanting to forward broadcast data from an application from one VLAN in on the multicast source to another VLAN on a multicast router on a small network. The method I am using is PIM-SSM. I have a multicast source R1, a multicast transition router R2, and a multicast receiver, the R3 device. Any insight into why the broadcast data is not forwarding is welcome. Here is the topology: R1—R2—R3 R1 Config (Multicast Source): hostname R1 ip multicast-routing distributed ip pim spt-threshold infinity ip pim ssm default no ip igmp snooping vtp mode transparent spanning-tree extend system-id vlan internal allocation policy ascending vlan 100 interface GigabitEthernet0/0/0 ip address 10.194.234.226 255.255.255.252 ip nat outside ip pim sparse-dense-mode interface GigabitEthernet0/1/0 switchport access vlan 100 switchport mode access interface Vlan100 ip address 10.1.1.1 255.255.255.0 ip nat inside ip pim sparse-dense-mode ip multicast helper-map broadcast 232.1.1.1 bcast-to-mcast ttl 50 ip forward-protocol udp 3205 ip nat inside source static udp 10.1.1.71 3205 10.194.234.226 3205 extendable ip route 0.0.0.0 0.0.0.0 G0/0/0 ip access-list extended bcast-to-mcast permit udp any any eq 3205 end R2 Config (Multicast Transition Router): hostname R2 ip multicast-routing distributed ip pim spt-threshold infinity vtp mode transparent spanning-tree extend system-id vlan internal allocation policy ascending interface GigabitEthernet0/0/0 ip address 10.194.234.225 255.255.255.252 ip pim sparse-dense-mode no shutdown negotiation auto interface GigabitEthernet0/0/1 ip address 10.156.51.225 255.255.255.252 ip pim sparse-dense-mode no shutdown negotiation auto ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 end R3 Config (Multicast Receiver, NOTE: 192.142.1.99 is not the device that is receiving the data. Other devices on vlan 600 need the data): hostname R3 ip multicast-routing distributed ip pim spt-threshold infinity ip pim ssm default no ip igmp snooping vtp mode transparent spanning-tree extend system-id vlan internal allocation policy ascending vlan 600 interface GigabitEthernet0/0/0 ip address 10.156.51.226 255.255.255.252 ip pim sparse-dense-mode ip multicast helper-map 232.1.1.1 192.142.1.255 bcast-to-mcast ip igmp version 3 negotiation auto interface GigabitEthernet0/1/0 switchport access vlan 600 switchport mode access interface GigabitEthernet0/1/1 switchport access vlan 600 switchport mode access interface Vlan600 ip address 192.142.1.1 255.255.255.0 ip broadcast-address 192.142.1.255 ip directed-broadcast ip pim sparse-dense-mode ip igmp join-group 232.1.1.1 source 10.194.234.226 ip igmp version 3 ip forward-protocol udp 3205 ip nat inside source static tcp 192.142.1.99 61000 10.156.51.226 61000 extendable ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 ip access-list extended bcast-to-mcast permit udp any any eq 3205 end submitted by /u/jhughes1963 [link] [comments]

Career based question, how do I maximize my income? Posted: 01 Aug 2020 12:40 PM PDT So I consider myself very lucky where I am at the current upper echelon of pay for a network engineer, 125k. I dont believe certifications are the right move for me in terms of the commitment of time and resources vs what I will get out of it. What are your suggestions, if any from personal experience to maximize income. Please note, I am a FTE and I have no intentions of moving to a lower income area where my money will go further due to family. However the thought has crossed my mind about, FTE + contract side work, does anyone recommend that? submitted by /u/NetworkGuy22 [link] [comments]

Career based question, how do I maximize my income? Posted: 01 Aug 2020 12:40 PM PDT So I consider myself very lucky where I am at the current upper echelon of pay for a network engineer, 125k. I dont believe certifications are the right move for me in terms of the commitment of time and resources vs what I will get out of it. What are your suggestions of any from personal experience to maximize income. Please note, I am a FTE and I have no intentions of moving to a lower income area where my money will go further due to family. However the thought has crossed my mind about, FTE + contract side work, does anyone recommend that? submitted by /u/NetworkGuy22 [link] [comments]

Port scan large number of IP Addresses Posted: 01 Aug 2020 11:46 AM PDT Here's the use case: Total number of IP Addresses to scan in the environment across different subnets: 2000 IP Addresses. System available to me: Kali box with the most up to date release. The system has 2GB of RAM, 80 GB of storage and 4 CPUs allocated. This is a virtual machine. The virtual machine has access to all 2000 IP Addresses. The objective is to port scan all 2000 IP Addresses in order to find out the status of TCP and UDP across all 65,535 ports. My initial thought is to use NMAP but I do not know which certain switches are good for such a scan. And this is the cake topper. I have only 6 hours to complete the scan since my change window is limited. What would be the suggestions from the community as to the best approach to accomplish this project and would your recommendations support the ability to complete in time safely? I would like to output to different outputs such as -oA outputfiles and after that my plan is to use xsltproc to convert the xml output to html. This is if it is NMAP. I was thinking Masscan but I could get false positives. Looking forward to responses. Thanks in advance. submitted by /u/creoseclabs [link] [comments]

You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States