Saying goodbye to some old friends. Networking |
- Saying goodbye to some old friends.
- Is it possible to capture traffic on a port with wireshark, and then retransmit that data on a loop for testing?
- Predictive Hardware Failure? Thoughts?
- Industrial devices with the same unchangeable IP
- Cisco AnyConnect embedded browser + Azure SAML IDP
- Zyxel experiences? Good or bad? Sanity check
- Can you send VLAN trunks over a UNI interface on a Cisco ME 3400?
- Class A network
- Juniper Switch filtering SSH?
- SD-WAN video series?
- Eve-NG
- Cisco FTD Bugginess
- How do you deal with multiple monitoring platforms?
- WPA2-Enterprise Mode setup
- In which protocols every station has a specific previous and a specific following(next) station?
- An inaccessible website
- Please recommend a testing tool for this type of fibre (see attached images)
- [Curiosity] Just a question for Cisco's throughput numbers (as compared to others like MikroTik and FortiGate)
- HP Switch bandwidth problem
- Recommended network tester under $200?
- mitmproxy over iot device
- Juniper QFX QinQ configuration
- Forcing Traffic to Proxy ?
| Saying goodbye to some old friends. Posted: 03 Sep 2020 04:42 AM PDT Getting these prepped for pickup and removal. There are two more still in service, but we should have those in the pile in another week or so. That was about $2M worth of hardware when it was new, and we replaced it with about $2M worth of Catalyst 9400+9500s. Cat6500 was the most frustrating platform I've yet to work on, but also the most stable, once you get them dialed in just right. So, fare thee well old friends, your watch has ended. [link] [comments]  |
| Posted: 03 Sep 2020 03:56 PM PDT I have some server-client software I'm helping to debug, and I'm wondering if its possible to capture the data that gets transmitted when the client attempts to connect to the server (eg via wireshark), and then run that through some other software to imitate how the server would perform at scale? Ideally I'd like to see how the server would perform with hundreds or thousands of these client requests all occuring concurrently. Simply opening a telnet connection to the server port doesn't register on the server an attempted client connection. [link] [comments]  |
| Predictive Hardware Failure? Thoughts? Posted: 03 Sep 2020 01:42 PM PDT Has anyone here deployed or been part of a PoC where a company tried to predict hardware failures of your networking equipment? If so, how was the journey, and what was the outcome? If not, feel free to express your feelings about failure prediction on network hardware. [link] [comments]  |
| Industrial devices with the same unchangeable IP Posted: 03 Sep 2020 03:05 PM PDT I have several IoT devices I need to communicate with that I can't change the IPs in as they are all hardcoded to 192.168.1.5 . My first thought was to throw some kind of NAT device in front of every IoT device to change their IPs however this is prohibitively expensive as the hardware has to survive being outdoors and most prices I have seen have been in the $1000+ range. I do have access to a hardened Linux box with enough ethernet ports that I can plug in each device directly to it over ethernet. I could then run the necessary software on the Linux box to communicate with each device over a different ethernet interface. The devices do not need to talk to each other. I can't seem to figure out the correct combination of iptables and network name spaces to get this to work however. Is what I want to do even possible? [link] [comments]  |
| Cisco AnyConnect embedded browser + Azure SAML IDP Posted: 03 Sep 2020 10:19 AM PDT Hi folks, Have any of you configured Cisco AnyConnect to work with Azure as an IDP? We have it working in production (our internal users love it) but when we create a domain account for contractors to complete some work on our network, they are getting Azure error AADSTS90072 because the AnyConnect embedded browser is automatically passing their company's credentials (not what we want). Screenshot edited below to remove sensitive data. For example, once the contractor hits CONNECT in the AnyConnect app, [JOHNSMITH@VENDOR.COM](mailto:JOHNSMITH@VENDOR.COM) is being automatically logged in. Instead of the account we want him to login with, JSMITH.MYCOMPANY. The Cisco AnyConnect embedded browser gives us no way to log him out of [JOHNSMITH@VENDOR.COM](mailto:JOHNSMITH@VENDOR.COM), and the Azure SAML page gives us no way to switch accounts. Since I am god awful at explanations, here is a link to someone else having pretty much the same issue but with Pulse instead of Cisco AnyConnect: I have tried clearing cache/cookies/browser settings on all browsers on the user's machine and the issue persists. It seems that the embedded AnyConnect browser operates on its own rules for some reason. I reached out to Cisco TAC and they suggested the force re-authentication command on our Cisco ASA's SAML configuration, but that will require all our users to authenticate on every login attempt, not just the vendors. I asked if there was any way to get AnyConnect to open a default browser session rather than an embedded browser session, but that does not currently exist and would have to be an enhancement request. Our sysadmin folks call it a limitation on the AnyConnect app, and Cisco TAC calls it a limitation on the Azure page. Truthfully, it seems to be a limitation on both, which leaves me stuck somewhere in the middle on this one. How can I get this user--or any contractors who already have O365 accounts with their companies--logged in? [link] [comments]  |
| Zyxel experiences? Good or bad? Sanity check Posted: 03 Sep 2020 01:03 PM PDT Hi All, Had a bit of a conversation tonight regarding our recent refresh of Cisco equipment (Cisco Catalyst 3750) and a renewal for one of our offices. Basically we took over the office and the equipment was already fitted - we took over the company and the Cisco kit fell under us until it expired support wise. Unfortunately the quotation has came back and it's really too high for support and firmware upgrade costs. We have went around for MSPs and the channel, unfortunately it's way too high of a price for what management want. Normally I don't touch a large portion of networking these days, and the office has been relegated to a regional office - previously had servers and high end VOIP which has been ported to the cloud since. I was instructed to find replacements that don't break the bank, I have hit upon the XGS4600 here https://www.zyxel.com/products_services/28-48-port-GbE-L3-Managed-Switch-with-4-SFP--Uplink-XGS4600-Series/ We already use Zyxel switches elsewhere in the business in other offices, so the knowledge and support agreement is already there which is why I am looking at Zyxel specifically. I am aware that Zyxel is MUCH cheaper in support and cost of the hardware, I've checked the data specifications and it seems to match what we're looking for. Ticks all the right boxes, I've ran it through our network guys but they're not really interested in regional offices so not really available to consult due to an ongoing outage tonight with Level 3. Can't shake the feeling that I'm missing something - possibly the price difference between $11,500 USD vs $73,309 USD and trying to do a sanity check. If anyone has experience of Zyxel would like to hear what you think or if anyone has a different brand suggestion at all? Thanks. [link] [comments]  |
| Can you send VLAN trunks over a UNI interface on a Cisco ME 3400? Posted: 03 Sep 2020 10:15 AM PDT Can you send VLAN trunks over a UNI interface on a Cisco ME 3400? i have a Cisco ME 3400 12ts-s. [link] [comments]  |
| Posted: 03 Sep 2020 04:03 PM PDT I got hired on to tackle a network after the last administrator left without documenting anything about the network. I've never worked on anything bigger than a class C network but I have cisco training so I remember the basics of subnetting and what not. The network has an incoming line that goes to a Mikrotik Cloud Switch Router that seems to be handling the brunt of the network with a router and a dell power edge serving as dhcp for two other rooms on site. OKay here's the story, the dell is running a class C and the other two are running class A networks (10.16.230.0-10.16.242.254) is the range I imagine but I"m sure it's broken up by subnet. The subnet in the one room is 255.255.252.0 which I guess is subnet /22 for a class A, correct me if I"m wrong. When the network was functioning we could check on the status of all servers, the class C, both class A networks, but there was a failure with the main internet line and the ISP insists it's our equipment and won't come to support the Mikrotik that according to the company that hired me, he owns, it's his router not theirs. The company had a unifi dream machine and asked if I could set it up in lieu of the other router. At first glance all the servers came back up and started doing their work, but they were concerned they couldn't check the servers from the central control area as they had been, so I started investigating and that's when I found out there are three networks running, one of them a class C, and I tried matching subnets with at least the other class A and it didn't help, in fact all the servers came up and our PCs couldn't make a connection to the internet. THe whole thing is a giant cluster pluck and I barely know where to begin either than unplugging everything and starting from scratch which seems out of the question but like the only solution. Has anyone used a Unifi and ran into problems using a class A network? Does anyone have any suggestions at all? It's not even about having the gig anymore I Just want to fix it because I have hte drive to find out why, why can we not talk to the servers when connected to the new router set up, why do the two rooms work but the main room doesn't work? I've reset machines, switches, routers... any help or conversation would be greatly appreciated. [link] [comments]  |
| Posted: 03 Sep 2020 02:49 PM PDT Hey Guys. Struck on a really strange networking issue that I cant wrap my head around. I have a server which gets its IP address from a DHCP server built into my router, hooked up to a juniper EX4200 switch with factory reset configuration. That switch is then hooked into my router. I can ping the server but when I try to SSH to the server I get . This seems to indicate that the TCP session is not being built properly. However, when I copy this exact same physical topology except I replace the juniper ex4200 switch with a factory reset 3750g, the SSH connection works fine. What could be the issue here? [link] [comments]  |
| Posted: 03 Sep 2020 02:43 PM PDT Hi, I have been reading Cisco's main design guide to SD-WAN in an attempt to understand it and how it all works and glues together. So far so good as far as understanding everything, i'm just past a third into this guide ( https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html#SDWANRouting ) but as you can imagine it is extremely dense and i'm wondering if there any actual video series on SD-WAN from the beginning of starting it up to the end with everything configured? I'm guessing places like CBTNuggets have "intros" into it explaining what it means and what it'll do etc...But seeing someone actually using it on the interface with your eyes is a far far better way of getting to grips with it while reading that design guide so i'm wondering if there is anything floating about out there... The only one i've managed to come acorss so far has been this channel on YouTube... https://www.youtube.com/c/worldwidetechnology/search?query=sd+wan Thanks everyone [link] [comments]  |
| Posted: 03 Sep 2020 03:58 AM PDT Hi, I recently transferred from GNS3 to Eve-NG. I like it so far, but is it me or the nodes have to be turned off before we can connect them together ? It's pretty annoying. [link] [comments]  |
| Posted: 03 Sep 2020 08:04 AM PDT We have about 10 FTD firewalls acting as the edge and backbone of our data centers and are getting concerned with the number of bugs we were hitting with these devices recently. So far we have had a routine firmware upgrade completely corrupt the firewall and a format of the firewall was required, the devices get out of sync periodically which causes them to split the configs between the 2 devices in the HA pair (1 has the NATs and 1 has the ACLs) and stop passing traffic, continuous VPN disconnects occur due to a bug in the code which forced us to upgrade not only the firewall but also the FMC (14 hour process so far), and this is all on top of other issues including SIP calls not working correctly until you disable SIP inspection which we never had to do in our old ASAs. Does anyone have any ideas as to why these FTDs are such hot garbage? Does anyone have any opinions on the FTDs in general? Would we be better off junking these in favor of another vendor? [link] [comments]  |
| How do you deal with multiple monitoring platforms? Posted: 03 Sep 2020 03:21 AM PDT Hi community, As the title says, how do you deal with different monitoring platforms in your environment? I'm looking for a product that could combine everything to 1 dashboard. At the moment I'm learning Python so if you can build something with it I see it as a learning project for myself. [link] [comments]  |
| Posted: 03 Sep 2020 12:38 PM PDT I was tasked with setting up a test WPA2-Enterprise Mode wireless environment to test a network product. I was using the video linked below to configure Windows Server 2016 as the RADIUS server, and create NPS and Group Policies to get the laptops in the domain to connect to a enterprise mode wireless network. After following the video, it worked for a Windows 10 laptop but it does not work for a Windows 7 laptop. I've spend weeks googling and researching as to why it doesn't work for Windows 7 but I haven't figured out why. When running wireshark on the Server 2016, it shows 10 RADIUS packets with the last one Code: Access-Reject (3). When running MMC and looking at the certificates, it looks like the certificate is there. Any ideas on how to troubleshoot or resolve this issue would be helpful [link] [comments]  |
| In which protocols every station has a specific previous and a specific following(next) station? Posted: 03 Sep 2020 11:56 AM PDT So I have the following options:
I know there are two of them Here are my thoughts on these:
I think I just realised that token ring also happens in a cycling manner so the two protocols that have stations with specific previous and next stations are these two. Writing this post helped me realise that.. I think my thought is correct, can someone confirm?(or correct me if I am wrong)? [link] [comments]  |
| Posted: 03 Sep 2020 11:34 AM PDT Let me set the stage, I'm responsible for supporting the networks of several stores, they are all pharmacies. The store in question has three computers, there is a generic home TP-Link router and a printer. There is a certain website that we access called McKesson, the issue is this website is not accessible inside the network on a wired or wireless connection to the router. This is on every computer and every smart phone connected to the Wi-Fi, however if someone uses their phone to connect to the website via there data plan they can access the website. Now I know what you're thinking, it must be an issue within our network, something is blocking the website. However I recently replaced the router with a new one because the web interface for managing the router was acting strange. Other than this store having a static IP address so that the stores server can talk to an outside server oh, there is no other static IP addresses or configuration on router. The website was working me just after I replaced the router but it appears to not be accessible again. Dose anybody have any idea what could be causing this issue, I'm starting to wonder if it's the ISP'S DNS servers that are acting up as it literally just seems like the website doesn't exist when you try to navigate to it. I don't have a lot of experience with networking other than basic setup configuration and troubleshooting. I was hoping one of you more experienced folks might be able to provide me with some additional troubleshooting steps or possible solutions. At this point I'm going to call the ISP tomorrow and see what they have to say because I'm starting to think it's an issue on their end not having a route to that website. However our other stores have static IP addresses and half the same ISP. And another store even has the same router. However if the issue is on my end I would like to know what I'm not seeing on my end that's causing the issue. [link] [comments]  |
| Please recommend a testing tool for this type of fibre (see attached images) Posted: 03 Sep 2020 10:42 AM PDT I need some way to test the fiber cables in the data center I service. I do not even know what to call the cabling we use so I'm uploading images. https://drive.google.com/file/d/1yZ6ik6V69y4u0E3vO---0vNtCzwvYun0/view?usp=sharing https://drive.google.com/file/d/1cAJbHD9LK0X6hak4Fvm7HkNDoyp9GJF5/view?usp=sharing [link] [comments]  |
| Posted: 03 Sep 2020 08:23 AM PDT So I'm just curious as to why Cisco's throughputs are so low as compared to others that have high numbers - i.e. FortiGate, even Mikrotik. I mean take the 2900's for example. How come they're so weak in pushing packets that can't even achieve >300Mbps despite them having much of a hardware yet the little MikroTik and FortiGate devices have much much higher - 490Mbps for MT Hex Lite and 3Gbps for the 90D? I've been working with Cisco devices all my 8 years in the industry and have now just started learning more on FortiGate, Juniper, and MikroTik, and this huge throughput performance gap with Cisco has kept me wondering why then businesses choose Cisco (aside from the familiarity in IOS and the reputation). [link] [comments]  |
| Posted: 03 Sep 2020 07:02 AM PDT Hi guys, I have a problem regarding internet bandwidth on my business firm switch, I'm not a network kind a guy, and need help in understanding where to look at. Switch is HP V1810-48G J9660A. Situation is that I have confirmed 100mbps coming from the ISP C 3400 router, on switch port which has configured Link speed AUTO, 1000MbpsFullDuplexCopper. This port have vlan tag 2 - WAN network. Bandwidth which comes out of the switch is in range of 20/20 approx (after Patch panel if it is important). Tried also connecting another Ethernet cable on it directly, in port with same vlan tag, and result still the same. I hope this approach of testing is ok, but would need recommendations where to look next. Any help is more than welcome! [link] [comments]  |
| Recommended network tester under $200? Posted: 03 Sep 2020 05:43 AM PDT Looking to get our field techs some network testers. Existing techs have the Klein Tools VDV501-823, and it does the job, but of course we're always looking for something better. I know there are dozens of much more expensive (and obviously better options) but 90% of the time all the techs need is to test new cable runs. Also, we prefer to buy on Amazon so something from there is preferable. I looked at pocketethernet and netools.io but neither appear to be available on amazon. Thanks. [link] [comments]  |
| Posted: 03 Sep 2020 03:52 AM PDT Hi. I'm setting up the architecture below. Essentially my goal is to do mitm between my iot device and its server. iot device <--> ethernet to usb conv(eth1) <--> laptop(eth0, bridge between eth1 and eth0)<--> internet - At first I'm setting up the rules below with iptablesiptables -t nat -I PREROUTING -p tcp --sport 80 -j REDIRECT --to-ports 8080 sysctl net.ipv4.ip_forward=1 iptables -t nat -I PREROUTING -p tcp --sport 443 -j REDIRECT --to-ports 8080 iptables -t nat -I OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080 iptables -t nat -I OUTPUT -p tcp --dport 443 -j REDIRECT --to-ports 8080 -Then I'm plugging in an 'ethernet to usb' converter between my pc and iot device. Setting up the bridge between my lan adapter and external usb lan adapter. And iot device has internet when I sniff with wireshark over external adapter eth1. With the rules I set I'm able to do mitm from my browser etc. but i can not proxy the packets that comes from/to the external adapter. What am I missing? [link] [comments]  |
| Juniper QFX QinQ configuration Posted: 03 Sep 2020 02:20 AM PDT Trying to to a simply QinQ interface on a QFX5100. I've setup the below on the QFX interface but it's not working: set interfaces ge-2/0/1 flexible-vlan-tagging I know the switching on the inside is fine as if I replace the Juniper with a Cisco with a similar config it works fine. interface GigabitEthernet0/0.1000 Am I missing something in my config? Thanks [link] [comments]  |
| Posted: 02 Sep 2020 05:54 PM PDT Hi guys, Not sure where else to post this but I could really do with some big brain power. Currently got a proxy server running. It works with both transparent and explicit proxy address. Transparent works when you set the workstation gateway to the proxy server IP content gets filtered perfectly. However, I'd like to be able to force that network wide via pfSense if possible? So far I've tried a rule similar to below. I've tried changing the Dest Address to WAN Net, WAN Address. Tried changing my NAT port for the proxy to the specified HTTP and HTTPS ports and I've tried the standard 80 and 443 port too. Just can't seem to get the traffic to go through the proxy. Would greatly appreciate if anyone has any ideas? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment