Responsibility Creep Networking

---

• Responsibility Creep
• What is the best vendor when looking at price per-port for layer 2 access switches?
• Mac Flapping issue
• How am I getting 520 mbps PHY link from a single antenna with 802.11ac?
• Anyone else feel this way when trying to grasp ACI..
• IPerf3 showing high TCP packet loss but no UDP?
• Fiber ISP CPE Options
• Dell EMC N2000 Series Firmware Versions?
• Microsoft Always On VPN vs ZScaler ZPA?
• Setting up a Juniper (MX104) to assign IPv6 IA_NA addresses
• Troubleshooting one way audio
• HPE/Aruba dhcp-snooping database
• Getting started with OSPF and BIRD. Incl. topology.
• Question: Is it possible to logically overlap addressing space for the same network ranges on the same internal network? The company is very anti v6.
• Switching to Comcast Enterprise Fiber
• Selfservice-portal for DHCP-reservations
• Being forced to support stateful apps over client VPN/consumer broadband connections?
• DMZ isolated via VLAN in virtualized environment (DMZ VMs and production VMs on same host)
• DHCP Server behind DHCP Relay - requires route to subnet?
• tcpdump/tshark filter inside ERSPAN packet
• What Is Your preferred Solution For SFTP / SCP Software?
• ACL Issue
• Abstract in IET Communications today on Best beam selection and PHY switching policy for hybrid FSO/RF inter-satellite communication link (1st Dec 2020)
• L3 Switch ACL Losing Internet Connection On VLAN
• Cisco VLAN adress

Responsibility Creep Posted: 02 Dec 2020 10:31 AM PST I'm going through constant changes of responsibility and the scope thereof said responsibilities. I feel completely powerless to stop it, or to be able to sway my supervisor to be able to do something about it. It has gotten to the point where i'm responsible for things that I have no business in being responsible for and or be considered the culpitable one given my skillset and knowledge base. The amount of hat's i'm expected wear has me believing this is normal, and they aren't going to compensate me properly for added responsibilities. Considering my lack of expertise in said things and I feel like I'm struggling to get by in these tasks, should I just accept it regardless? It's filled me with lots of Anxiety on a daily basis not knowing what i'm going to have to deal with next. The usual "your doing a great job" , I know is encouragement but it feels so hollow and meaningless. Anybody else dealing with something similar workwise and or feeling wise? Advice and words of wisdom would be appreciated. submitted by /u/OctetOcelot [link] [comments]

What is the best vendor when looking at price per-port for layer 2 access switches? Posted: 02 Dec 2020 08:10 PM PST We have Cisco catalysts every where. They are solid, and great switches. But every time they add some new cost, or dumb licensing requirement I start looking elsewhere. Right now, if you want to buy a current-gen Catalyst, you are required to purchase a minimum 3-year subscription to DNA, even if you aren't going to use it. Thus I'm looking again. I'm always told that Cisco is the most expensive enterprise network hardware, but when I reach out to get quotes for Ruckus, Aruba, etc Cisco seems to be pretty much the same price. What are you guys doing for enterprise switching? submitted by /u/TheAnusOfSauron [link] [comments]

Mac Flapping issue Posted: 02 Dec 2020 09:23 AM PST Hi guys There is a Old Cisco Catalyst Data Center designed very bad. There are four 6500 that form a square with several 3560 linked to them. There is also attached a couple of Nexus 7k (new DC) and a juniper VC to aggregate firewall and F5. 6500-1 is the root bridge for all vlans. Some of these vlans are trunked to the Nexus and to the juniper. Problem: We have a lot of Mac Flap on Catalyst vlans, when flaps occur nexus and juniper are affected (mac move are present in logs) and we can see disconnections and issue everywhere. Could be a L2 loops but we cant find the root cause, Mac that are Flapping are from different vlans and dislocated on different switch. I read about L2 autonegotation protocols like DTP could be the cause. Catalyst have autonegotation, nexus and juniper no. I red here about this ( https://serverfault.com/questions/790841/how-to-troubleshoot-a-mac-flapping-between-switch-ports-cisco ) submitted by /u/Obesotto [link] [comments]

How am I getting 520 mbps PHY link from a single antenna with 802.11ac? Posted: 02 Dec 2020 09:58 PM PST I'm trying to solve this mystery, maybe someone here can help. I have an Intel 7260 card which has a 2x2 radio. I've only been getting 433 mpbs PHY link rate, which is the max for a single antenna on 802.11ac with an 80 MHz channel. So one of my antennas is not getting good reception. Or maybe it's the extension cable. I'm trying to figure it out. So in troubleshooting, I disconnected it completely, including the pigtail cable that connects the SMA connector to the wireless card header. And then lo and behold, I'm getting 520 mbps with the remaining antenna. That should be impossible. 520 mbps PHY link is a dual antenna configuration only in 802.11ac 80 MHz. And no, I am not using a 160 MHz channel. This means that somehow both antennas scaled down to 64-QAM 2/3 and I'm getting 260 mbps from each. But there is no way the completely disconnected antenna is getting 260 mbps. Especially when it couldn't get that when it was fully connected. So by disconnecting one of my antennas, I am getting a higher PHY link, and furthermore it's one that's impossible to get on a single antenna. So I'm very confused. Hopefully that wasn't too complicated an explanation. Thoughts are welcome. Thank you for reading. submitted by /u/Qbccd [link] [comments]

Anyone else feel this way when trying to grasp ACI.. Posted: 02 Dec 2020 08:57 PM PST How I see ACI structure: https://imgur.com/a/milQsZ9 How I feel trying to process in my head: https://imgur.com/gallery/R2NeZsq submitted by /u/tolegittoshit2 [link] [comments]

IPerf3 showing high TCP packet loss but no UDP? Posted: 02 Dec 2020 05:32 AM PST Have two locations connected by ASE (ATT Circuit) with a 15Mg CIR. Customer is complaining about performance, speedtest consistently shows ~1Mg of throughput. When I run Iperf3 I'm seeing high packet loss for the TCP test but no packet loss for UDP: ​ UDP TEST (no packet loss) Tims-MacBook-Pro:Applications tpfannes$ iperf3 -c 10.208.37.226 -t 120 -i 10 -f m -b 10m -u Connecting to host 10.208.37.226, port 5201 [ 5] local 10.175.9.82 port 59649 connected to 10.208.37.226 port 5201 [ ID] Interval Transfer Bitrate Total Datagrams [ 5] 0.00-10.00 sec 11.9 MBytes 10.0 Mbits/sec 8632 …. [ 5] 110.00-120.00 sec 11.9 MBytes 10.0 Mbits/sec 8633 - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Jitter Lost/Total Datagrams [ 5] 0.00-120.00 sec 143 MBytes 10.0 Mbits/sec 0.000 ms 0/103591 (0%) sender [ 5] 0.00-120.00 sec 143 MBytes 10.0 Mbits/sec 1.137 ms 0/103591 (0%) receiver ​ ​ TCP (lotso packet loss) Tims-MacBook-Pro:Applications tpfannes$ iperf3 -c 10.208.37.226 -t 120 -i 10 -f m -b 10m Connecting to host 10.208.37.226, port 5201 [ 5] local 10.175.9.82 port 56069 connected to 10.208.37.226 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-10.00 sec 6.26 MBytes 5.25 Mbits/sec …. [ 5] 110.00-120.00 sec 4.28 MBytes 3.59 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-120.00 sec 50.7 MBytes 3.54 Mbits/sec sender [ 5] 0.00-120.00 sec 50.6 MBytes 3.54 Mbits/sec receiver ​ Any suggestions as to why this may be happening? Recommendations for next step? Not sure where to go from here. Thanks! submitted by /u/tpfannes [link] [comments]

Fiber ISP CPE Options Posted: 02 Dec 2020 05:56 PM PST We have a data center that also acts as an ISP (fiber only) in a few counties. Currently we are getting fiber handoff from transport and taking customers back to the data center over L2 and thus we have no demarc. For a number of reasons we'd like to start putting CPEs on site during install. Must support QnQ as we will only be allowed 1 VLAN back to our network from the transport provider. I've looked around and Juniper seems to have a stronghold for sure in this arena. Who should we consider? submitted by /u/Legonator [link] [comments]

Dell EMC N2000 Series Firmware Versions? Posted: 02 Dec 2020 12:35 PM PST Is anyone familiar with the difference between the 6.6.0.x and 6.6.3.x firmware branches? I notice that both are showing as available, and both branches seem to be being maintained and non-overlapping. But, I'm not exactly certain why from the documentation. Is one considered GA and the other isn't? submitted by /u/TheDarthSnarf [link] [comments]

Microsoft Always On VPN vs ZScaler ZPA? Posted: 02 Dec 2020 01:19 PM PST If you have the option to user either for remote access to your internal network, what are the pros and cons of each? submitted by /u/rancho100 [link] [comments]

Setting up a Juniper (MX104) to assign IPv6 IA_NA addresses Posted: 02 Dec 2020 06:07 AM PST I'm having difficulty getting a Juniper which is acting as an LNS to assign IPv6 addresses via IA_NA I've setup multiple pools on the Juniper as described on the Juniper websites as follows: set access address-assignment neighbor-discovery-router-advertisement IAPD-PPPOA-POOL set access address-assignment pool delegated-pool family inet6 prefix 2a02:123:c05e::/56 set access address-assignment pool delegated-pool family inet6 range d1 prefix-length 64 set access address-assignment pool IAPD-PPPOA-POOL family inet6 prefix 2a02:123:c05d::/48 set access address-assignment pool IAPD-PPPOA-POOL family inet6 range IAPD-RANGE low 2a02:123:c05d:1::/64 set access address-assignment pool IAPD-PPPOA-POOL family inet6 range IAPD-RANGE high 2a02:123:c05d:ffff::/64 set access address-assignment pool v6-ia-na-pool family inet6 prefix 2a02:123:c05f:1000:0000::/64 set access address-assignment pool v6-ia-na-pool family inet6 range v6-range-0 low 2a02:123:c05f:1000::1/128 set access address-assignment pool v6-ia-na-pool family inet6 range v6-range-0 high 2a02:123:c05f:1000::ffff:ffff/128 but no luck. I think it's probably as I've defined the v6-oa-na-pool but there is no reference to it anywhere to use this pool for IA-NA assignment. The things is if I look at the Juniper site it also doesn't have details of where it should be referenced. I'm obviously missing something here Juniper Thanks submitted by /u/Busbyuk [link] [comments]

Troubleshooting one way audio Posted: 02 Dec 2020 08:18 PM PST Hey! Kinda of a noob so apologies. Is there anyway to prove sip alg is enabled without accessing the firewall. One way audio tried 3 different headsets wired on all. Wired and wireless internet connection on others. Could very well be a NAT issues as sometimes client can't hear agent but agent can hear client. Thank you! submitted by /u/imACabbit [link] [comments]

HPE/Aruba dhcp-snooping database Posted: 02 Dec 2020 03:45 AM PST Hey, short Question. I setup dhcp-snooping and arp-protection, so far no problem - everything as intended. In the past I never setup a remote dhcp snooping database but on this setup I want to store the DB every 5 Minutes to a TFTP. Also no Problem here, setup everything, file is writte works. ​ Now the point: If I look at the DHCP Snooping Info it says "Read at boot: no" how to change that? I mean why to store all the leases if they are not recovered? ​ sh dhcp-snooping DHCP Snooping Information DHCP Snooping : Yes Enabled VLANs : 1 200 246 Verify MAC address : Yes Option 82 untrusted policy : replace Option 82 insertion : Yes Option 82 remote-id : mac Store lease database : Yes URL : tftp://10.246.246.1/200.dhcp FT Port : 69 Read at boot : no Write delay : 300 Write timeout : 60 File status : delaying Write attempts : 10 Write failures : 0 Last successful file update : Wed Dec 2 12:33:31 2020 Authorized Servers ------------------ 10.200.0.1 10.246.246.1 172.16.100.1 Max Current Bindings Port Trust Bindings Static Dynamic ----- ----- -------- ---------------- A1 No - - 1 A2 No - - 1 A3 No - - 6 A5 No - - 6 B3 No - - 1 B12 No - - 1 Trk1 Yes - - - Ports A4,A6-A24,B4-B11,B13-B24 are untrusted Thanks! submitted by /u/solarizde [link] [comments]

Getting started with OSPF and BIRD. Incl. topology. Posted: 02 Dec 2020 01:41 PM PST Topology: https://imgur.com/28QOZW9 So, this is a lab model that I'm playing with between 4 Ubuntu 20.04 hosts (rt1-4) with bird and keepalived. On the far ends of this mess we have two /24 networks. 192.168.100.0/24 and 192.168.200.0/24. Clients on the 100.0/24 subnet use 100.1 as their default gateway and this floats between 100.2 and 100.3. Likewise, clients on the 200.0/24 network use 200.1 as their default gateway and this floats between 200.2. and 200.3. I'm currently using keepalived for this and this works fine. My goal is to use an iBGP protocol like OSPF to create some "HA" between them. This is my first gander in the world in dynamic routing protocols so I must admit I'm against a learning curve. Any advice would be appreciated. submitted by /u/vbman213 [link] [comments]

Question: Is it possible to logically overlap addressing space for the same network ranges on the same internal network? The company is very anti v6. Posted: 02 Dec 2020 11:31 AM PST I thought that you could use seperate vrf's and forwarding, but I cant logically figure out how routing would work, and seeing as I haven't done it, I wanted to ask the experts of reddit. submitted by /u/Crypto_Link [link] [comments]

Switching to Comcast Enterprise Fiber Posted: 02 Dec 2020 12:49 PM PST Hi Everyone, We're upgrading our Comcast service from Business to Enterprise Fiber. Our current set up uses a Comcast router connected directly to our firewall in bridge mode. Our firewall and the Comcast router sit in our public IP block and proxy ARPs for our public IP space. Default gateway is the public IP of the Comcast router. This has been pretty easy to manage and NAT for. However, I'm told upgrading to Enterprise Fiber will be a little different. The Comcast router will connect to our firewall over a /30 instead of sitting directly in the public IP space that we lease. What should I be aware of when it comes to NAT'ing and utilizing this public IP space? Will all public IP space still be forwarded directly to my firewall? I should still proxy ARP for the public IP space and nothing much will change? I'm not entirely sure what to expect with this change. We're not utilizing BGP and the firewall is the edge device. Appreciate any insight from someone who has experience with this. Thank you! Edit: For clarification, we're upgrading to Ethernet Dedicated Internet (EDI). submitted by /u/Luk1ko [link] [comments]

Selfservice-portal for DHCP-reservations Posted: 02 Dec 2020 06:29 AM PST Hi. I wonder if anyone have implemented some kind of selfservice-portal to do reservations in the DHCP-server? Our local IT-staff currently installs printers and other stuff with static addresses and I would prefer them to use DHCP with reservations instead. I'm not so keen to give them direct access to the DCHP-server. I'm thinking a portal were they can add (and remove) reservations themselves should be helpful. We already let these users add MAC-addresses in a portal for MAB to our 802.1x-solution. The DHCP-servers are Windows. If anyone has done something like this and have some learnings to share it would be great. Our network is serving approx 12k endusers in 100 locations, 802.1x on (almost) every switchport, and one of the reasons I want to increase the use of DHCP is to prepare for more profiling in Cisco ISE. BR submitted by /u/simbassoo [link] [comments]

Being forced to support stateful apps over client VPN/consumer broadband connections? Posted: 01 Dec 2020 06:33 PM PST Wondering if anyone else is in this boat due to covid and more people working remote that never had the ability to before. We're dealing with SAP right now, drops the connection after retransmissions happen. Seems fundamentally impossible to avoid with consumer broadband connections but we're unable to convince the SAP team it isn't anything we can do and they should adjust their app (run on vdi/xenapp or switch to the stateless html version). Anyways, was just looking to see if anyone else has been put in a similar situation due to the massive increase in remote users lately. submitted by /u/indiez [link] [comments]

DMZ isolated via VLAN in virtualized environment (DMZ VMs and production VMs on same host) Posted: 01 Dec 2020 05:05 PM PST Hi all, first time posting here. I am working on reorganizing the network of the small company where I work at (we are moving to a new location) and was thinking in separating the DMZ servers from the production network servers by using VLANs on the hypervisor. In the testing scenario, there are 2 virtual machines on the same hypervisor: one in the DMZ and the other in the production network. The whole idea is implemented as follows: - Firewall: defined 3 separated networks where one is for management (10.0.1.0/24 - VLAN id 100), one for internal servers (10.0.2.0/24 - VLAN id 200), and one for the DMZ (10.0.3.0/24 - VLAN id 300). There are explicit firewall rules blocking any traffic from the DMZ network (10.0.3.0/24) to all other internal networks and vice-versa. Also, firewall rules block traffic between the management and production network in both directions. Finally, NAT 1:1 from a public IP to the DMZ VM, with rules allowing inbound traffic to ports 80 and 443 only. - Switch: configured as L2, plugged to the firewall. Port where the hypervisor server is plugged allowing VLANS 100, 200, 300. No native VLAN defined (only tagged traffic allowed). - Hypervisor server: only one NIC being used. Over the physical interface, one virtual interface on VLAN 100 (IP 10.0.1.10) and 2 bridges (one with a virtual interface on VLAN 200 other with another virtual interface on VLAN300 - both interfaces without IPs). The production VM is connected to the bridge on VLAN200 (IP 10.0.2.10) and the DMZ VM plugged to bridge with VLAN 300 (IP 10.0.3.10). The gateway for both VMs and the hypervisor is the firewall (10.0.1.1, 10.0.2.1, and 10.0.3.1). Based on the tests I made, all communication between both internal VMs or from the hypervisor to the VMs always passes through the firewall (which is good and expected). With the rules in place, both VMs cannot reach the hypervisor management interface and the hypervisor cannot reach the VMs. I know this approach relies solely on the software stack (hypervisor) and that physical separation for DMZ is always better when possible, however this approach above would be cheaper for us for not needing to buy more hardware. Do you guys see big problems with this approach? Thank you in advance for any opinion or thoughts. submitted by /u/BearsAreCool2077 [link] [comments]

DHCP Server behind DHCP Relay - requires route to subnet? Posted: 02 Dec 2020 07:47 AM PST Hello everyone we are in the process of setting up multiple vlans at a customer and are wondering about some setting concerning DHCP relay. We are using a switch to relay DHCP requests from different vlans to our sophos SG firewall which has DHCP servers for the scopes and knows they are behind a relay. Between the firewall and the switch there is a transfer network just for internet and DHCP. Now, we can see the DHCP dicovery coming from the switch to the firewall in a packet trace but the firewall is unable to answer it. If we create the following static route on the firewall everything works fine: Destination: Subnet in which we want DHCP | Gateway: Interface of DHCP Relay in VLAN between DHCP Relay and Server ​ Is this routing rule required and should we create a route for all subnets that will receive an IP address via DHCP, oder is there something wrong with our configuration? ​ Thanks in advance and best regards! Florian submitted by /u/menten-gmbh [link] [comments]

tcpdump/tshark filter inside ERSPAN packet Posted: 02 Dec 2020 02:55 AM PST Hello ! We're using ERSPAN on Catalyst 3k and Nexus 3k to mirror several VLANs traffic to a virtual monitoring appliance for voice analysis. This works great, as the monitoring application can natively decapsulate ERSPAN and look at the SIP or RTP original packet. ​ But we also sometimes need to start longer capture sessions, directly via the linux CLI using (until now) the tshark program, usually in a screen session to keep it running during hours or days. Since we've switched to ERSPAN (we were using a SPAN session from a physical switch interface before, as the monitoring appliance was a physical server), we can't use source and/or destination IP as tshark filters, as the src/dst IPs are always from the two devices on the ERSPAN session (switch mirroring the traffic, appliance receving the mirrored traffic). ​ We would thus need a tcpdump or tshark filter to match the original IP headers inside the ERSPAN (GRE) packet. I've read many articles (ie. below), but I wasn't able to filter out the wanted traffic yet. https://osqa-ask.wireshark.org/questions/9723/capture-an-ip-inside-a-gre-packet https://weicode.wordpress.com/2017/11/13/tcpdump-flags/ I've tried the ip[x:y] == hex/decimal value but no luck. I'm not sure why they use 40 as the starting byte for source IP in one article, and 54 in the other though.. And as they are not specifically talking about ERSPAN, I guess I could have a different overhead size too. If this Is this something you have already done, I would gladly take any pointers you can give me ;) Thanks ! submitted by /u/dVNico [link] [comments]

What Is Your preferred Solution For SFTP / SCP Software? Posted: 02 Dec 2020 01:53 PM PST Hey Everyone, What is your preferred software that you use for internal FTP for things like images, backups etc? any pros / cons? Looking for options right now doing FileZilla and Solarwinds SFTP / SCP server but looking for a better option. submitted by /u/S3xyflanders [link] [comments]

ACL Issue Posted: 02 Dec 2020 09:55 AM PST 30 permit ip 10.240.50.253 0.0.0.255 172.25.61.0 0.0.0.255 31 deny ip 10.240.50.0 255.255.255.255 172.25.61.0 0.0.0.255 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 ​ even though I have 10.240.50.253 above 10.240.50.0 as soon as I apply this to a VLAN on its incoming side, 10.240.50.253 is unable to reach 172.25.61.0 Ok maybe im dumb but putting it like this fixes it: ip access-group "VLAN57_IN" in originally I had it as ip access-group "VLAN57_IN" out out says routed from another VLAN to this VLAN in says routed from this VLAN to another VLAN shouldn't it be set to out for inbound?? submitted by /u/Hayabusa-Senpai [link] [comments]

Abstract in IET Communications today on Best beam selection and PHY switching policy for hybrid FSO/RF inter-satellite communication link (1st Dec 2020) Posted: 01 Dec 2020 06:25 PM PST Abstract Free space optical (FSO) inter-satellite links could often be non-reliable due to the imperfect line of sight (LOS) links. To achieve more reliable communication, the authors propose hybrid inter-satellite links. However, this leads to new challenges like switching physical (PHY) layers at the satellite's transmitter. In this work, they propose a novel hybrid radio frequency-FSO (RF/FSO) satellite system. For it, they develop a novel best beam selection policy (BBSP) and switching of FSO and RF to improve the reliability of the inter-satellite links. To obtain more insights, they investigate the performance of BBSP by deriving expressions for the outage probability, average spectral efficiency, and average bit error rate of the BBSP. For the PHY switching, they compare the instantaneous error probabilities of RF and FSO links and find the signal-to-noise ratio threshold at which it is more efficient to switch to RF. They further improve this threshold by considering a satellite transmitting multiple beams and choosing the best source beam. To validate the analytical findings, they simulate the proposed model with CubeSat level parameters. They and that the BBSP delivers superior performance in terms of various performance measures, which shows its applicability in next-generation satellite systems. Always fascinated to find out what's going in the field of space based lasercom. If there are any similar papers, drop them off onto /r/lasercom. Best beam selection and PHY switching policy for hybrid FSO/RF inter-satellite communication link (IET Communications, 1st Dec 2020) DOI: 10.1049/iet-com.2020.0515 submitted by /u/Aerothermal [link] [comments]

L3 Switch ACL Losing Internet Connection On VLAN Posted: 02 Dec 2020 05:50 AM PST I read through the ACL not sure what im missing. Im applying this ACL to a VLAN which will apply to traffic from inside the vlan to outside (Aruba 3810). Outside to inside is currently not configured so by default all is allowed but as soon as I apply the ACL, computers in the VLAN lose access. I've permitted the VLAN to our Firewall (Switch -> Firewall -> Internet) & DHCP/DNS/AD ports are all permitted so im not sure what im missing :s ​ DC/DHCP/DNS = IP of the server FIREWALL = IP of the firewall (its in the default VLAN of 1) 10 permit ip DC/DHCP/DNS 0.0.0.255 172.25.61.0 0.0.0.255 11 permit tcp PrintServer 0.0.0.255 172.25.61.0 0.0.0.255 eq 139 12 permit tcp PrintServer 0.0.0.255 172.25.61.0 0.0.0.255 eq 445 13 permit udp PrintServer 0.0.0.255 172.25.61.0 0.0.0.255 eq 138 14 permit tcp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 464 16 permit udp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 389 17 permit tcp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 389 18 permit tcp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 636 19 permit tcp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 3268 20 permit tcp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 3269 21 permit tcp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 53 22 permit udp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 53 23 permit tcp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 88 24 permit udp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 88 25 permit tcp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 445 26 permit udp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 445 27 permit tcp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 67 28 permit udp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 67 29 permit tcp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 68 30 permit udp 172.25.61.0 0.0.0.255 DC/DHCP/DNS 0.0.0.255 eq 68 31 permit tcp 172.25.61.0 0.0.0.255 PrintServer 0.0.0.255 eq 445 90 permit ip 172.25.61.0 0.0.0.255 IPCamera 0.0.0.255 91 permit ip 172.25.61.0 0.0.0.255 FIREWALL 0.0.0.255 100 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 ​ Weird so I had to add a line to fix it which was 92 permit tcp 172.25.61.0 0.0.0.255 0.0.0.0 255.255.255.255 eq 443 (basically HTTPS) I would assume 91 permit ip 172.25.61.0 0.0.0.255 FIREWALL 0.0.0.255 would work as it'll allow any packets through to our firewall thus the internet after being filtered by the firewalls ACL. Does that also mean 91 permit ip 172.25.61.0 0.0.0.255 FIREWALL 0.0.0.255 is useless and is not needed? submitted by /u/Hayabusa-Senpai [link] [comments]

Cisco VLAN adress Posted: 02 Dec 2020 02:44 AM PST Hello, It's maybe an easy question, but I can't figure it out. I've assigned a Switch a client vlan and a management vlan. The ports for the clients are correctly configured. I can ping from outside the client vlan and the clients but not the management vlan. Do I need to assign the management vlan to a port? Kind regards glistal submitted by /u/glistal [link] [comments]

You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States