Rant Wednesday! Networking

---

• Rant Wednesday!
• Your go to label maker...Dymo vs Brady vs Brother
• CAT6 wiring with 5e panel, what are the actual differences other than wire gauge
• LTE/CBRS, GRE Tunnel - Need help troubleshooting weirdness
• Avaya Desk Phones blocking return DHCP traffic to data devices.
• Using VRRP during access switch migration?
• ASA - Dynamic split tunnel + traditional split tunnel
• Does Intel X540-T2 support 5GBASE-T
• Trying to understand how to use static IP work from ISP
• Radius Server VLAN assignment
• Cisco AnyConnect, connected but no internet
• Stackwise Problems on Catalyst 3850s
• MPLS Option A | Packet loss on specific source IP?
• HP Aruba access point region variants
• BGP Duplicate AS Number
• ASN or networks of cloud g. services?
• Pause no-drop Nexus

Rant Wednesday! Posted: 29 Dec 2020 04:00 PM PST It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it. submitted by /u/AutoModerator [link] [comments]

Your go to label maker...Dymo vs Brady vs Brother Posted: 29 Dec 2020 09:20 AM PST Hey guys Regarding label makers, just wondering what your go to favorite unit is in the field for cable wraps, patch panel labeling, etc. I've seen many videos and reviews on the Brady BMP21 and Dymo Rhino series, most of which have been in favor of the Brady. Recently I came across the Brother PT-E300/500/550 series, which is different to the other 2 brands in that it actually laminates every label that comes out of the machine, unlike the other 2. So from what I see, because of that, the labels are much more resistant to abrasion, oily/caustic environments, etc. the labels also happen to be cheaper than the other 2 if you buy the clones. The Brady labels are extremely expensive where I am (Canada), and there are no third party Brady labels available. Opinions on this? Which one is the best? submitted by /u/sugarkryptonite [link] [comments]

CAT6 wiring with 5e panel, what are the actual differences other than wire gauge Posted: 29 Dec 2020 05:36 AM PST Okay, to cut it short, I know the diameter of conductor in a 6 cable is thicker than a 5e cable and the punch blocks in either a 5e or 6 panel/modules are spec's to this. BUT In terms of operating, assuming termination creates a good connection, can you achieve cat6 speeds with a decent cat5e patch panel (Connectix, Excel etc)? There's nothing 'active' in the panels and assume it's just down to connection qualities and reduction in noise crossover - but are the panels actually designed in this way to reflect these design considerations in the cable? I've searched the heck out of this and people just say it will work at the slowest speed component, but I question how much difference the panel actually makes in real world. submitted by /u/CarsAndBars87 [link] [comments]

LTE/CBRS, GRE Tunnel - Need help troubleshooting weirdness Posted: 29 Dec 2020 10:38 AM PST Please forgive my ignorance on this subject; I really need some assistance with this. I know almost nothing about how LTE and CBRS works other than the freqs, provisioning process, and that an outside controller has to have the ability to kill the entire network or just a single CBRS cell if it violates certain licensed freqs. This is why there is a GRE Tunnel. The LTE Core has to have total control of this network. We hired a 3rd party to help set up the CBRS Network. The "LTE Core" for this CBRS network is sitting on a ProxMox server with a couple of VMs and a router sitting on it. I'm not privy to the configs on this as they have not handed out any credentials for us to log into with yet. This "LTE Core" connects to a Juniper switch stack and pair of Juniper Routers with failover connections to multiple uplink providers. This equipment is what I'm responsible for. Some websites that use really low MTU's don't work. https://flightaware.com/ is one of those sites. Customer VPN Stability, constant dropping off of the network. DHCP leasing is taking 300ms or longer. Causing a CPE to resend a discovery and never get an address. High RTT when pinging in or out of the GRE Tunnel And this... I've never seen this before! This is an RTT graph to Flightaware. It does this on every website and even to our core switch. https://photos.app.goo.gl/qyf9sP7HaaEtd5Cz8 edit: grammar submitted by /u/FireBean01 [link] [comments]

Avaya Desk Phones blocking return DHCP traffic to data devices. Posted: 29 Dec 2020 05:28 AM PST Issue is that the PC does not obtain DHCP lease information. I found this by checking the port the device was connected and monitoring it's network activity. Impacted devices will show that they did send out a DHCP lease request to (Our DHCP Server) but received 0 bytes of data in return. - This indicates that the request itself went through but the device connected to the Phone did not obtain DHCP leasing information. - This also indicates that this potentially is NOT a networking issue as the network itself is doing everything correctly. - A better way to put this would be "Devices connected to Avaya Phones do not obtain DHCP leasing information" Basically the computer does not have permission to access the internet. It still is connected and would show up as connected. The ongoing solution/temporary fix is to either bounce the port or power the phone off and on. There are a few reasons why this works. When you bounce the port or restart the phone.. It requires the phone itself to obtain DHCP leasing on a Voice VLAN. The speed at which the phone obtains this leasing info is much slower than that of a PC During the reboot process of the phone, since the phone has no leasing info and has not fully connected.. The phone then becomes a switch and the DHCP request and return information goes through uninterrupted. Once that phone obtains it's leasing information. Any device requiring DHCP leasing info on a data VLAN WILL NOT WORK. You can verify these findings by disconnecting the ethernet cable from the computer. Cycling the port or restarting the phone.. Waiting for the phone to come back up and connect fully and then connecting the PC. You will achieve the same results (PC will not obtain DHCP leasing information and will not be able to connect to the internet) I do not believe this to be a networking issue as if it were one the following wouldn't happen. I would not be able to see DHCP lease requests The internet would not show connectivity The phone wouldn't work We would not be able to "Resolve" this issue by bouncing the port or restarting the phone. Restarting the phone as the "Solution" strongly suggests it isn't a networking issue because one you remove the "problem" out of the equation. Network functionality returns and everything works as intended. You will have to forgive me if my terminology is wrong. I know the issue. I just don't know how to fix it. I am Level 2 Help desk, not a networking engineer. Basically everyone is fighting over whos fault this is. I'm just trying to get people to quit calling the help desk. We use Meraki. submitted by /u/Cincinnati88 [link] [comments]

Using VRRP during access switch migration? Posted: 29 Dec 2020 01:30 PM PST We have a layer 3 campus, so all of our access switches are running VLAN interfaces which act as the gateway for each VLAN. From there, traffic is routed upstream. We're replacing an old Cat6500 with a Cat9400 soon. The 9400 will need to have the same gateway IP as the 6500, and I'm trying to move away from a hard cut and do something a little more graceful in terms of outages. A lot of these devices have static IPs and gateways configured, so unfortunately I can't just come up with new DHCP scopes and start patching. I'm wondering if anyone here has used VRRP for this purpose, i.e. setting the shared IP to the actual gateway IP for each VLAN, configuring the new switch as standby, and then moving devices over to the new switch and shutting down the VLAN interfaces on the old switch as we go. When everything is patched into the new switch, set the VLAN interface IPs to match the gateway IP and then remove the VRRP config. I tested this out in GNS3 and it seems to work fine, but that is small-scale and might not be representative of some weird problems that could pop up, i.e. ARP conflicts and such. Anyone here have experience doing something like this with access switches? Any tips for not blowing everything up? submitted by /u/FormationOfBabby [link] [comments]

ASA - Dynamic split tunnel + traditional split tunnel Posted: 29 Dec 2020 11:29 AM PST I can't seem to get this working correctly. We already have a traditional split tunnel running with certain networks to be included. I want to apply an anyconnect custom attribute to be used on the vpn group policy so that the tunnel will also include certain URLs. When users connect however, their client is not showing these domains in the inclusion list. I thought perhaps it was because they overlapped with the ip addresses already in the split tunnel, but I tried removing those ip's from the split tunnel, with the dynamic split tunnel custom attribute applied, and this caused them to not be able to reach them at all (access requires vpn, so this proves they are not being tunneled). Any ideas? submitted by /u/Smaugrens [link] [comments]

Does Intel X540-T2 support 5GBASE-T Posted: 29 Dec 2020 03:54 PM PST Have the card getting planing on feeding it 5G5GBASE-T.. will it work. Looking up info and can't find relevant info. submitted by /u/shevchou [link] [comments]

Trying to understand how to use static IP work from ISP Posted: 29 Dec 2020 03:40 PM PST Hi this is for my home, I was trying to host games and struggled hosting them so I could only join games but others cant join me. So after talking with my ISP, they said I had to pay for a static IP from the ISP. So anyways, they said that all is set and that I could forward ports etc. Even though they gave me the static IP, I did try to put it in my Netgear router, to use that IP , and it wouldn't work, so I went back to auto DHCP and it will get online. I'm wondering how can i configure my router to use that IP address? I could ping that static IP, and get to my main wireless page (I use wireless ISP) based on the number they gave me. What do I need to do. Thank you. submitted by /u/Stoogefrenzy3k [link] [comments]

Radius Server VLAN assignment Posted: 29 Dec 2020 02:33 AM PST Hello, I`ve setup a .1x authentication with MAB for phones. I`ve wanted to test what happens if someone uses the mac address from the phones and connects to some port in the office. I thought he will put in the VOICE vlan which I added in the network policy, but instead he receives both vlans and gets an address from DHCP. The port is configured with access and voice vlan. The test notebook I'm using has an address from the phone and will receive both vlans. Why? Vlan Mac Address Type Ports ---- ----------- -------- ----- 255 xxxx.xxxx.xxxx STATIC Gi1/0/35 5 xxxx.xxxx.xxxx STATIC Gi1/0/35 submitted by /u/glistal [link] [comments]

Cisco AnyConnect, connected but no internet Posted: 29 Dec 2020 02:41 PM PST Hello, Cisco AnyConnect says I am connected to the internet, however when I try to open a web browser it says "no connection to internet." I need to connect to the internet to request a token for my VPN. I obviously cannot do this since there is no connection despite it giving the green check mark and reporting no issues. I've tried everything so this is my last resort. submitted by /u/LiteralCaveman [link] [comments]

Stackwise Problems on Catalyst 3850s Posted: 29 Dec 2020 08:13 AM PST Hi, wondered if anyone has seen a problem I've just seen at work that might offer any advice. We have many Catalyst 3850 stacks in our HQ that we use as access layer switch connectivity. We have been doing upgrade from IOS-XE 16.6.7 to 16.12.4 without issue, having performed over 350 upgrades on this switch model, including 50+ logical stacks. Yesterday we noticed some APs dropped unexpectedly soon after the last upgrade of the day and traced it back to a 5-switch stack, which showed that a single non-master/standby stack member had been removed from the stack. When we consoled to the switch, it was in ROMMON mode. We disconnected the switch from the stack, copied over the .bin file again, unpacked the file and updated boot parameters, rebooted it and it came up fine on its own in Install mode, as expected. We powered off the stack completed, reconnected the 5th switch stacking cables and powered it on again, only to find that we now had the master and the 5th switch in the stack, but the other three were now showing as Provisioned, with no MAC address. Again, those switches were sitting in ROMMON even though they had successfully booted and joined the provisioned stack previously. The adjacent stack ports were showing as down and of course the other stack members were totally missing from the stack. We were pretty confused by this point but we went ahead and manually recovered the other three switches, expecting all to now boot correctly (As the 5th one did), which actually worked for a moment, but then we saw errors in logs referring to losing connection with the standby switch (PEER_REDUNDANCY_FAILURE or similar, I'm typing from memory here). A stack member would go from READY to REMOVED, eventually return to INITIALIZING and back to READY, only for a different stack member to move from READY to REMOVED. While this was occurring, a new Standby would be elected and go through the HA Sync process. It resulted in essentially a cascading failure where the stack election process would repeat over and over again, resulting in different individual stack members repeatedly dropping out and rejoining the stack, almost as if the stack cables were damaged. By this point, we were getting pretty late into our unplanned working time, and after testing with a completely new set of stack cables, and testing with only two switches in a stack and finding the same issue occurring, we gave up and replaced the stack completely with spare switches, and we also downgraded back to 16.6.7. This time the provisioned stack formed successfully, stayed online and we spent the rest of the night redeploying configs and testing services For tech info - Stack members are numbered and have correct priorities configured (15-11). Stack ports would show as down but then come back up, which seemed erroneous as we saw it with multiple switches and multiple stack cables. We checked and rechecked IOS packages, cleaned and redeployed files, verified boot parameters as well as changing out stack cables themselves. Despite having this software revision on hundreds of devices by now, this particular stack just would not behave and we eventually gave up trying to fix it and just swapped them all out and deployed on the 16.6.7 code. Has anyone see this happen with Stackwise 3850s on 16.12.x? Other than the switch platform itself being particularly slow to boot and the log messages, there wasn't really much to go on to explain this stack reelection behavior. We are planning to try to recreate the issue in our lab and escalate it to Cisco via our Cisco partner, but we also know that there are so many anecdotal experiences of odd behavior with stacks and we might not get anywhere. Appreciate any insight or similar experiences which might help understand what is the most likely cause. submitted by /u/nnnnkm [link] [comments]

MPLS Option A | Packet loss on specific source IP? Posted: 29 Dec 2020 09:15 AM PST Hi Guys, I'm currently reviewing 1 issue and just want to seek your inputs about the current setup and the problem. Topology: https://ibb.co/HTTKg5b The setup is there's 2 ISP involve (back-to-back vrf exchange between ISPA and B), Now the issue here's is that when SIP: 192.168.100.1 pings x.x.x.169 of ISP A IP packet loss exist while no packet loss when pinging ISP B IP(x.x.x.170). - Ping test from CE to ISP A IP CUST_A#ping x.x.x.169 source 192.168.100.1 re 100 Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to x.x.x.169, timeout is 2 seconds: Packet sent with a source address of 192.168.100.1 !!.!!!.....!.!!.!...!!!!!!!.!!..!.!!...!!.!.!.!.....!!!!.!!.!.....!... !!!.!!.!..!!.!.!!!!.!!.!!!..!! Success rate is 54 percent (54/100), round-trip min/avg/max = 30/35/70 ms CUST_A#ping x.x.x.129 source 192.168.200.1 re 100 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (100/100), round-trip min/avg/max = 30/35/60 ms - Ping test from CE to ISP B IP CUST_A#ping x.x.x.170 source 192.168.100.1 re 100 Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to x.x.x.170, timeout is 2 seconds: Packet sent with a source address of 192.168.100.1 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - Routing From ISP A Routing entry for 192.168.100.0/24 Known via "bgp x", distance 20, metric 0 Tag 37107, type external Routing Descriptor Blocks x.x.x.170, from x.x.x.170, BGP multi path Route metric is 0 x.x.x.129, from x.x.x.129, BGP multi path Route metric is 0 No advertising protos. Routing entry for 192.168.200.0/23 Known via "bgp x", distance 20, metric 0 Tag 37107, type external Installed Dec 27 09:01:01.620 for 2d07h Routing Descriptor Blocks x.x.x.170, from x.x.x.170, BGP multi path Route metric is 0 x.x.x.129, from x.x.x.129, BGP multi path Route metric is 0 No advertising protos. So I'm thinking this could be a circuit issue between 2 ISP but when I tried a different source IP noticed that there's no packet loss. Conduct a reachability from CE router block (192.168.100.0 & .200.0) towards to ISP B IP but unable to detected packet on both link facing ISP A. Also note that issue also happens on both ISP A link when CE pings sourcing to 192.168.100.x. I do have access to ISP A and I'm thinking what could possibly go wrong. Let me know if I have missed. no packet loss on ISP A to ISP B p2p ip addresses / no congestion. Does the BGP multi path can affect the traffic ? (i believe should not affect since able to see the p2p and bgp peering's are stable). No ACL or some sort of filtering applied on ISP A interface. IPS/FW on customer side? Thanks in advance submitted by /u/1searching [link] [comments]

HP Aruba access point region variants Posted: 28 Dec 2020 11:40 PM PST Hi All, wanted to know if we can use HP Aruba 535 US region JZ347A access point in europe? why are there different access points for different regions? is there any HW difference or is it just regulatory stuff? any comments and feedback is welcome. submitted by /u/techPikaUk [link] [comments]

BGP Duplicate AS Number Posted: 28 Dec 2020 06:07 PM PST Hi there, I could use a little help if you could provide it. So basically the day finally came where a new client tells me their AS number and it conflicts with the AS of an existing neighbor we have. Here is the config I was going to push to our Arista until I noticed the duplicate: neighbor 10.1.1.21 remote-as 64000 neighbor 10.1.1.21 description Client 1 neighbor 10.1.1.21 timers 5 15 neighbor 10.1.1.21 route-map client1-accept in neighbor 10.1.1.21 route-map client1-advertise out neighbor 10.1.1.21 maximum-routes 12000 neighbor 10.1.1.25 remote-as 64000 neighbor 10.1.1.25 description Client 2 neighbor 10.1.1.25 timers 5 15 neighbor 10.1.1.25 route-map client2-accept in neighbor 10.1.1.25 route-map client2-advertise out neighbor 10.1.1.25 maximum-routes 12000 Does anyone have an idea of how I circumvent this on Arista EOS without involving them? Thank you! submitted by /u/dohdeek [link] [comments]

ASN or networks of cloud g. services? Posted: 29 Dec 2020 04:33 AM PST Hello fellow networkers. :) Since my google-fu was too weak apparently, does anyone of you know if a list exists that would classify users as connecting from a cloud g. service such as Stadia, Geforce Now or Shadow? AS Numbers would be perfect as i could just pull the networks from RIPE, ARIN, etc. then. But networks in CIDR format would be ok as well. Thanks. :) (Wtf is this auto-mod ... filtering posts because of keywords? As if g.-traffic wasn't relevant..) submitted by /u/C6500 [link] [comments]

Pause no-drop Nexus Posted: 28 Dec 2020 04:23 PM PST Hi, I've almost come to the end of studying QoS on Nexus and have a couple of final questions regarding it... What does the "pause no-drop" command do? And if its something to do with "lossless" packets then could you fill me in on what lossless is because thats something else I'm not up on. As far as I know it is traffic that cannot be dropped, kind of like an alternative to fibre channel. Thanks again submitted by /u/Mjr798 [link] [comments]

You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States