Looking to transition to an automation-centered role, ideally 100% remote. What skills/experience should I focus on? Networking |
- Looking to transition to an automation-centered role, ideally 100% remote. What skills/experience should I focus on?
- Stable SW for 3850s
- Geo Location Syslog Ideas
- Most widely deployed Network Monitoring
- Does anyone here have VPN form for sending to 3rd party IT teams to fill out they could share with me?
- adding an Aruba 2930-f to an existing stack
- Using an ACL with a VTI? Cisco Router
- Windows RRAS connectivity
- N7K 10g over copper?
- How are you doing wifi microsegmentation?
- VLAN hopping/double tagging on a wireless network
- NETBOX users, is there a way to populate information after NAPALM reads the device status?
- strange issue: ARP ping works, ping doesn't
- Anyone here use Forcepoint Cross Domain, or something similar?
- VRF-Lite Route Leaking - brain exploding!
- CDN caching problem
- Linux server tunneled through SSH uses large packet sizes causing issues - suggestion of proxy / other software to resize the packets? Non-root user here.
- Advice on dns and networking
- Best method to give wireless connectivity to wired devices?
- 1 or 2 switches
- Frustrated with vQFX and vMX dual image setup in GNS3
- Stumped on Cisco Native VLAN
- Is the ARP table dependent or independent of routing?
- Sonicwall TZ600 incorrectly sending https traffic through VPN
| Posted: 29 Oct 2020 07:23 AM PDT throwaway account. looking to transition to full-time network automation in the next 18 months or less. Ideally I want 100% remote with occasional travel, but anything focused on automation / integration / infrastructure-as-code interests me. Network experience:
Automation experience:
Options I'm considering:
My free time is very limited these days, so I want to focus on the most important skills. Appreciate any input, especially from those who have made this transition. Cheers! Edit: Other relevant skills I have (intermediate level):
Edit2: Thanks guys, this really helped dial in my focus. Sounds like my time is better spent on automation workflow and programming than adding networking skills.
[link] [comments]  |
| Posted: 29 Oct 2020 01:40 PM PDT Looking through documentation to plan for a upgrade to one of our switch stacks. We have seen issues with an undocumented bug causing crashes on our stack of 3850s. Working with TAC has been less then fruitful and we are left with the "upgrade and pray" course. So I am looking for suggestions from the community on stable releases that are being run in the wild. Of note, we are using many L3 features on this stack (and we believe the bug is at L3, we have good evidence that the bug does not occur when running only L2 features/configs with our current software version). We are currently on a 3.X.X track, looking at the various 16.X.X versions. Are you running a 3850 while leveraging L3 features in the wild? Is you choice of software version stable for your environment? And, what version are you running? I have of course perused the open caveats/bugs and resolved issues, but the main concern is running into undocumented bugs again. Any suggestions on troubleshooting or versions are appreciated. [link] [comments]  |
| Posted: 29 Oct 2020 03:41 PM PDT I have a Cisco firewall and I want to be emailed every time someone attempts to establish an AnyConnect session. I've figured out the logging configuration on the ASA and also how to get the ASA to email me when sessions are established. What I would like to do now is to include geolocation of the IP address of the remote VPN client. I know that Firepower can accomplish this but I don't have that and can't afford it. I've also read that Splunk can do this for me but considering I can't afford FMC then naturally I certainly can't afford a Splunk license. Does anyone know of an open source or free syslog server that I could spin up in a virtual environment that can help me accomplish this? [link] [comments]  |
| Most widely deployed Network Monitoring Posted: 28 Oct 2020 11:47 PM PDT Hope you guys are having a wonderful day! I am in learning phase of Networking. And I want to learn more towards Network monitoring. So, I am just curious which Network tool is majorly deployed in industry. I want to start with one tool and then move as per requirements. [link] [comments]  |
| Posted: 29 Oct 2020 10:28 AM PDT We usually just have an email chain and go back and forth with the IT team of the 3rd party, but it would be much easier if I could send them an editable PDF and they just fill it out and send it back over. [link] [comments]  |
| adding an Aruba 2930-f to an existing stack Posted: 29 Oct 2020 03:25 PM PDT Hello i have a new Aruba JL558A 2930F-48G-740W-PoE+-4SFP+ Switch i want add it to my existing vsf stack, already add the member in my commander switch, and connect the new switch, the new swich detects de commander, it upgrades itself to the commander version, but after rebooting and running show vsf command, it appears as missing, running show vsf link detail show that the vsf is enable on the new switch but i enable it prior rebooting here are the logs of the commands show vsf link detail VSF Member: 1 Link: 1 Port State 1/49 Down VSF Member: 1 Link: 2 Port State 1/50 Up: Connected to port 2/49 VSF Member: 2 Link: 1 Port State 2/50 Error: VSF disabled on peer with MAC 104f58-xxxxxz VSF Member: 2 Link: 2 Port State 2/49 Up: Connected to port 1/50 right now i cant enter the new switch, i have to factory reset it, when i do and connect de DAC cables, and detects a vsf connection, after rebooting displays the message "VSF configuration mismmatch...rebooting" so any tips will be heavely appreciated Thanks in advance [link] [comments]  |
| Using an ACL with a VTI? Cisco Router Posted: 29 Oct 2020 03:22 PM PDT Hi All, Hopefully an easy question, but I haven't been able to find the answer. If I have a VTI between two Cisco routers (16.9 Fuji), using static routes, how do I apply an ACL to that traffic? Googling of course only ever brings up people talking about the advantages of VTIs not NEEDING ACLs as crypto maps. But okay, no more crypto map, now I have this point-to-point... how do I define what traffic is ALLOWED over it? Would I just apply ip access-group ip_access_list_name on the "Tunnel X" interface? [link] [comments]  |
| Posted: 29 Oct 2020 12:53 PM PDT Im having intermitant connectivity issues with a new AOVON server deployment The clients connect to the windows RRAS server via the internet to a nat'd ip on the external firewall which passes them to the external interface on the RRAS server The RRAS server has 2 interfaces with ip addresses on the same /24 subnet and on the same vlan The default gateway is on the external nic pointing to the external fw and there are static routes pointing to the internal fw on the internal nic for clients to access internal resources When clients are unable to connect, the packets seems to be coming through the external fw to the rras server but the replies are going to the internal fw and being dropped there, bit later and it might start working again or still fail My question is this because there are two nics on the same vlan and on the same subnet? Feels like the routing is doing some sort of round robin [link] [comments]  |
| Posted: 29 Oct 2020 07:25 AM PDT Can someone set me straight on this? Can they do 10g over copper using a non CISCO 10g copper SFP+? Or do I need a specific module for it? something like an F2 module? [link] [comments]  |
| How are you doing wifi microsegmentation? Posted: 29 Oct 2020 09:03 AM PDT We've started segmenting our wired network devices by using separate VLANs, with each VLAN having its default gateway on a firewall subinterface. Easy, and it works great. What we are trying to do now is figure out how to create small segments for wifi manufacturing gear. Since each SSID burns airtime, you can't just create a bunch of VLANs each with a dedicated SSID. It looks like the obvious answer is to use some sort of 802.1x auth on the clients and let the Radius server tell the wifi what VLAN to put the client on. This has some potential downsides:
Another option would be to just create one VLAN for the SSID and assign clients IP addresses based on their desired segment. Firewall rules would be based on these IP address ranges. This isn't the most secure since a client could in theory have its IP address changed and "jump" segments, but it seems like that would be an unlikely avenue for malware or hackers. Is anyone segmenting wifi traffic using other than separate SSIDs? How are you doing it? Is there a reddit or other forum for discussing microsegmentation? [link] [comments]  |
| VLAN hopping/double tagging on a wireless network Posted: 29 Oct 2020 05:45 AM PDT Hi guys, I gotta state that I'm not a pro in this area. Recently I encountered this issue where I have to assess wireless security concerns due to an upcoming project, we're planning to buy Cisco 2802I APs along with a 3504 WLC. I know that we'll have a mgmt vlan in a capwap tunnel from an AP to the WLC, carrying multiple vlans (multiple SSID) to the WLC trunk port. My question is: do you think it is possible to double tag or vlan hop as a wireless client? If I join a certain SSID that is attached to a vlan in the WLC, it might be possible to hop in another, right? [link] [comments]  |
| NETBOX users, is there a way to populate information after NAPALM reads the device status? Posted: 29 Oct 2020 09:06 AM PDT Hey all. real quick example. When I added a device, I didn't input the serial number. After the device was added, I clicked on the status tab which makes that NAPALM API call to the box, and one of the pieces of information it retrieves is serial number. Is there a way to have NetBox then go back and fill this info out within the initial device tab? Also, so far with Arista, it's not outputting the LLDP Neighbors information which is odd. Everything else is working. Anyone run into this issue at all? Thanks. [link] [comments]  |
| strange issue: ARP ping works, ping doesn't Posted: 29 Oct 2020 02:42 PM PDT Hi Guys, I'm facing a strange issue for hours now and not moving forward at all. We moved our severs to a new colocation, the provider plugged the uplink to one of routers SFP+ ports, link is fine. We were allocated an IP-subnet of xx.yy.zz.128/27 with provider gateway on xx.yy.zz.129. The port is configured to ip xx.yy.zz.130/27 and a default route of 0.0.0.0/0 to xx.yy.zz.129. All parameters are looking good, but i'm simply unable to ping the gateway and/or reach the internet. What works is when I do an ARP-Ping, I can see the providers router, but provider told me he doesn't see my ARP entry on his side. Does anyone know what issue I'm facing here? Thanks!!!!! Routes: Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0 xx.yy.zz.131 xx.yy.zz.129 1 1 ADC xx.yy.zz.128/27 xx.yy.zz.131 sfp-sfpplus1 0 [link] [comments]  |
| Anyone here use Forcepoint Cross Domain, or something similar? Posted: 29 Oct 2020 04:36 AM PDT Our agency is looking to go with a cross domain solution in the next year or 2, and recently there has been talk of going with Forcepoint and their trusted thin client solution. First question. How exactly does this work? From my understanding, say you have 5 different networks you administer, you can decide what networks that thin client has access to, and they can switch back and forth between networks, all over one wire. From the distribution console, is this basically similar to how a trunk port and pruning vlans is setup? You decide what networks go over the link to the thin client, so that they only have access to the networks they are authorized to be on? Or does it work in a different way? Second question. We are a full Cisco network. From the access layer, how are the switches configured for the clients? Is it all just 802.1x on the access ports? Do the ports still need to be assigned a specific vlan? [link] [comments]  |
| VRF-Lite Route Leaking - brain exploding! Posted: 29 Oct 2020 09:31 AM PDT Hi all I've got myself into a muddle about VRF-Lite route leaking. I'm trying to offer a shared service (one subnet now, but several in the future) to both customers. I've got a router with 3 VRFs, lets call them APN, CUSTA and CUSTB CustA and CUSTB are part of the same BGP process, I've split them off into their own VRF:
I've also got my own OSPF process where I've got my Shared service. The shared service is not adjacent to this router, but is a couple hops away.
I've defined route targets,
show ip route APN gets me:
I can also get routes from both BGP CUSTA and CUSTB, so I've got at least the VRF set up correctly, with the right interfaces in the right VRFs. How do I get CUSTA and CUSTB to see routes from APN, but not from each other? Sorry if this doesn't sound like I've tried - I've been on this all day. I've managed to get routes one way, from BGP to OSPF but never the other way round. I'm asking for a bit of a bump in the right direction! Thanks in advance! [link] [comments]  |
| Posted: 29 Oct 2020 12:35 PM PDT I've enabled caching in IIS on Server 2012 R2 (the app is .NET Framework 4.8) by setting Common HTTP Response Headers, but it is NOT working through our CDN. I have another test server going through CloudFlare ONLY, and that works fine. I get cf-cache-status: HIT Via CDN I get the following result: Do any of you fine people have any suggestions? server: ZENEDGE status: 200 strict-transport-security: max-age=10893354 x-cache-spec: Yes x-cache-status: NOTCACHED x-cdn: Served-By-Zenedge x-content-type-options: nosniff [link] [comments]  |
| Posted: 29 Oct 2020 12:27 PM PDT I use an RDP tool where I run a MacOS client that launches a linux server through an SSH connection. The linux server (newest version) is causing me issues due to large packet sizes. I would like to know if software exists that could wrap the software and change the packet sizes? I believe in our system some packet sizes that are larger than the MTU gets lost or severely delayed - thus the desire to fix this using some form of proxy / other software. TLD: MacOS App launches KDE via an SSH tunnel. Communication suffers from pauses possibly due to large packet sizes. Looking to launch an app like SSH with the ability to resize the packets - something like SSH -> WRAPPER -> KDE. Possible? [link] [comments]  |
| Posted: 29 Oct 2020 12:17 PM PDT Hello folks. I have some questions about best practices with regards to dns and network troubleshooting. I have an interview tomorrow and some things they'll cover is dns and networking. This isn't my area, I'm more audit, monitoring, compliance and infrastructure. But, the job is better than what I have now and I'm looking for advice. With regards to dns, my knowledge is quite limited. I know that if there is an issue with dns, how I would resolve it would be: - Gather all your data (is it one user or everyone?) - try to replicate the fault. Example, can you get to a particular site. If you can, then it would likely be an issue with the users end. Check the cable, check tcp settings and check host file. If its something on the back end, then I would do an nslookup and see if the settings are pointing to the right server. I know there's dns records (mx = exchange, a = domain, soa = start of authority) I know of them, but I don't know about them, if that makes sense. In essence, where do dns records fit into troubleshooting? And with regards to networking and vpns, they're very similar methods Again, you can fix it pretty easy by finding out if its a single usr, multiple users or all users. Single user would be again, cheek cables, or if they're connected to a network, or anything is disabled, maybe even check settings. For multiple people, I'm guessing it might be a vpn or maybe a vlan issue. And for everyone, that's a back end issue. And that's fixed by checking your network provider/ your monitoring solutions (if setup correctly) seeing if anything is broke on the router and if so, at worst case scenario, give it a reboot. Check running config/ changes that happened overnight. And also check router logs, if they have them. I know I'm missing some bits, but could anyone give me some pointers please? [link] [comments]  |
| Best method to give wireless connectivity to wired devices? Posted: 29 Oct 2020 09:49 AM PDT I am in a bit of a pickle currently, our business has a vending appliance (non-Windows) that is ethernet-only, but our Security team does not want it on our wired network as we do not have adequate isolation capabilities. We do however have an isolated wireless network via our Aruba APs. The struggle is getting this wired device onto that isolated wireless network. The SSID uses PSK/MAC authentication, as well as NAT (virtual controller assigned IPs), and its restricted down to internet only access. We tried using these IOGEAR Wifi to Ethernet adapters (GWU637), but they are relying on DHCP from the WiFi to hit the wired clients, then spoofing its own mac address onto them. We end up getting IPs assigned to the wired client but not passing any traffic to/from them. Basically where I am at is trying to find a router that can bridge to another WiFi network for uplink purposes, without disabling its own internet DHCP server, so it will assign an IP to our wired device and then NAT its traffic through the Wi-Fi address our restricted network gives it... does anything like that exist? Most of the routers I found that can do wireless bridging disable their 'router' features. Alternatively, is this just the wrong way to go about solving this problem? [link] [comments]  |
| Posted: 29 Oct 2020 09:23 AM PDT Hello, I'm new, so please bare with me. I have a total of about 32 devices to plug in for a small business. 24 PoE cameras and a few other devices are PoE. I have a 48 port patch panel. Should I get two 250W 24 port switches from Ubiquiti or one of their 500W 48 port switches? [link] [comments]  |
| Frustrated with vQFX and vMX dual image setup in GNS3 Posted: 28 Oct 2020 06:32 PM PDT I've been fairly new to networking side off IT (doing on two years) but really like it. I started a job with a large ISP in the US a few months ago and need to get up to speed with multicast ASAP. So I started with the training on Junos genius and am pretty comfortable with the theory. Am starting to lab up some of the scenarios in the training and day one books but the two separate vm's for control and forwarding plane is making some of the labs unwieldy and hard to organize. I've seen rumors or single vm images for vMX but those look older 14.something and seems almost impossible to get your hands on. Is there any tips for 1) some type of layering so that these can look like one device. 2) I've looked into EVE-NG as it's mentioned a bunch in some of Juniper day one books. Same issue with having to use two images 3) I used juniper vlabs but there are limitations. Any help would be nice. [link] [comments]  |
| Posted: 29 Oct 2020 05:03 AM PDT I've watched several explanations of the native VLAN, everyone says it's for untagged traffic.. but don't all interfaces already have a VLAN? So we know all ports on a cisco switch are assigned to either (A.) default VLAN, or (B.) custom VLAN. With that being said, the purpose of the native VLAN is to assign untagged traffic through the trunk port to a VLAN. My question is.. does that mean "untagged" traffic ONLY comes from the default VLAN?? Anything else would be tagged as it's specified VLAN right? [link] [comments]  |
| Is the ARP table dependent or independent of routing? Posted: 28 Oct 2020 06:20 PM PDT Hi all, I have a question regarding the relationship between the arp table and routing. In our network, we have a L3 link between two routers R1 and R2. If I do a show ip arp on R1 and I see R2's ip address, then does that mean that routing is established between R1 and R2? Or show ip arp doesn't really verify that routing (in this scenario, the protocol we are using is eigrp) works for a L3 link? [link] [comments]  |
| Sonicwall TZ600 incorrectly sending https traffic through VPN Posted: 29 Oct 2020 07:59 AM PDT Hi, I'm trying here because Sonicwall support couldn't solve my problem. As stated, I have a TZ600 with latest firmware. I have several site-to-site VPNs configured and working fine for some time. We also use SSLVPN for clients. Certain HTTPS connections to websites from head office are being incorrectly routed over VPN, although I don't know which one. The firewall then drops the connection (code 448) because there is no SA for that address configured. This is essentially regular Internet traffic that is suddenly going out the wrong way and being dropped. It is not all Internet traffic, only certain websites that do not seem related. I'm told all my settings are fine and that this should not be happening. My other sites have no trouble reaching these websites. The workaround was to make an NAT route specifically for those websites, which is working for one of the websites in question. I would rather solve the underlying issue than resort to a workaround that I have to keep adding sites to. In addition, the sonicwall can't reach the content filtering server (which may be because of the same https routing issue) and again, my other sites have no problem. The problem existed before I upgraded to latest firmware.. Has anyone seen this or have any ideas? Edit: The websites are being resolved correctly by DNS. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment