• Breaking News

    [Android][timeline][#f39c12]

    Wednesday, January 27, 2021

    Home Unlabelled Move from 192.168.x.x to 10.x.x Networking

    Move from 192.168.x.x to 10.x.x Networking

    January 27, 2021

    Move from 192.168.x.x to 10.x.x Networking

    Move from 192.168.x.x to 10.x.x

    Posted: 27 Jan 2021 02:39 PM PST

    Hello all,

    I've started my own company, together with 2 friends from university, exactly one year ago. We are doing good, my male friend is doing finance and product management, my female friend is doing Marketing and PR; while I am doing all things IT related. Since we are a software company in the making, there is a lot of emphasis on getting the infrastructure right. We are only 3 people and so much to do.... that's why I am turning to you guys for guidance.

    Our internal network is on 192.168.x.x setup by me, we have 2 SH dell servers, a router, a switch and a NAS. Now that we have have established 4 departments and some people joined our little company, I am in the position where I want to move from 192.168. to 10.20.x.x, to have some easier management and to avoid IP conflicts. We currently have no AD (and no DNS in our org). We have about 30 people connecting from home with a Windows built in VPN connection

    I want to split things like this:

    10.20.1.x - networking appliances/VMs, services, AD (which I also need to setup and link to O365) and a DHCP range from 10.20.1.100 to 10.20.1.200

    10.20.2.x - developer and QA

    10.20.3.x - Management, Finance, Sales and Marketing

    10.20.4.x - interns and testing area

    Now, I am no networking master, but I have worked as a systems and network admin in the past, so I have some experience. I admit I have never done something like this until now, but I feel confident enough to allocate one weekend to setup things.

    My plan roughly is to :

    1. Reconfigure router from 192.168.x.x to 10.20.x.x and powercycle. Reconfigure DHCP to use 10.20.1.100 - 10.20.1.200 range

    2. Reconfigure switch

    3. Reconfigure server to use new network

    4. Test and see if a device can connect to the network via VPN and gets IP from the new range

    5. Test to see if Office365 email works from the office

    6. Start allocating fixed IPs to everything that needs one inside the office

    7. Fix printers

    8. Setup AD and DNS

    9. Migrate laptops/PCs to domain profiles and add them to domain

    10. Continue to improve

    Of course, I've made a very raw overview of what I want to do and there are a lot more bits and pieces to it.

    Hopefully, with your help and suggestions I can improve my plan.

    submitted by /u/TheEnabler88
    [link] [comments]

    Service Provider Equipment Lab Rental (Not for CCIE)

    Posted: 27 Jan 2021 03:07 PM PST

    Hey does anyone know of a remote lab service for more advanced service provider equipment? I'm thinking like the NCS 5000, ASR 9900 with 100G ports etc. There are some cases where we need to test certain QOS intricacies or upgrade procedures and need some of this equipment on demand.

    submitted by /u/notpudding
    [link] [comments]

    Any Wireless Engineers in the House?

    Posted: 27 Jan 2021 11:00 AM PST

    Hi everybody,

    Maybe it's random, but I was just interested in some feedback from wireless engineers and designers. What do you like about the role? What don't you like? I've done some wireless design and implementation, and it's a pretty fun specialty that blends traditional networking with science and blue collar work, but it also seems there's a lot of pushback from customers/users who pull the "well in my wireless network at home" line or are convinced wireless is perfect magic.

    Let's hear some thoughts!

    submitted by /u/Subnetmask9473
    [link] [comments]

    Cisco introduces micro switches

    Posted: 26 Jan 2021 05:28 PM PST

    Cisco unveiled their catalyst microswitches. Anyone seeing a use case in the enterprise world?

    submitted by /u/muxie2007
    [link] [comments]

    Hauwei S5720 QinQ issue: Stacked VLAN on one port and double tagged on another port, but no ethernet frames in one direction. What am I missing?

    Posted: 27 Jan 2021 02:48 PM PST

    We are using QinQ a lot in our network, because we are working on multiple sites and between some of these sites we have only a single VLAN. The switches have a management-vlan with qinq stacking enable. The servers are sending single tagged ethernet frames which will be stacked in the outer VLAN on the switch interface. This all works quite well.

    But now we need to add another device to our management VLAN that doesn't support VLAN tagging at all. So luckily our Huawei switches support double tagging of frames. The idea is that the untagged ethernet frames from this device will be tagged first in our management VLAN and then again in the outer VLAN. This works but... It only works from a remote site. The management server on the same site is unable to connect with the untagged device.

    • Management VLAN: 40
    • Outer VLAN: 1500
    • Uplink to remote site is connected to: GigabitEthernet0/0/1
    • Server is connected to: GigabitEthernet0/0/2
    • Untagged device is connected to: GigabitEthernet0/0/3

    vlan 40 management-vlan # interface Vlanif40 ip address 10.0.0.1 255.255.255.0 undo icmp host-unreachable send qinq stacking vlan 1500 # interface GigabitEthernet0/0/1 description uplink-to-remote-site port link-type hybrid qinq vlan-translation enable undo port hybrid vlan 1 port hybrid tagged vlan 40 1500 port vlan-stacking vlan 40 stack-vlan 1500 # interface GigabitEthernet0/0/2 description management-server-tagged-40 port link-type hybrid qinq vlan-translation enable undo port hybrid vlan 1 port hybrid tagged vlan 40 port hybrid untagged vlan 1500 port vlan-stacking vlan 40 stack-vlan 1500 # interface GigabitEthernet0/0/3 description untagged-device port link-type hybrid qinq vlan-translation enable undo port hybrid vlan 1 port hybrid untagged vlan 1500 port vlan-stacking untagged stack-vlan 1500 stack-inner-vlan 40 #

    No response from the untagged device when the management server on the same site is trying to connect or send a ping. But the funny thing is that a management server from the remote site is able to get a response. What am I missing here?

    submitted by /u/MediaSmurf
    [link] [comments]

    Looking for Automation Platform/UI Suggestions

    Posted: 27 Jan 2021 12:37 PM PST

    To make a long story short, I'm looking for some software suggestions or alternative ideas.

    I work at a company where we leverage Ansible for network and server configurations. Those scripts are executed through Ansible Tower. However, our general user base uses an internal website we've built using Django/Apache to have custom UIs for every script we have to allow for a wide range of configurations.

    We want to build a new site of UIs that is built using React/JavaScript. Instead of building it up from scratch, we were hoping that there would be some sort of automation suite that we could leverage to host automation apps that make the API calls we need to get things executed. Itential's Pronghorn is one such example, but looking for alternatives.

    Thanks in advance!

    submitted by /u/fishey9999
    [link] [comments]

    Random Timeout Issue

    Posted: 27 Jan 2021 10:48 AM PST

    Here goes my shot in the dark. And of course the job of the network engineer is to prove it's not the network.

    Anyways, seeing a random timeout issue going across our 2 networks. Our production and test environment. When viewing a webpage, you will get get a page that never loads and just keeps spinning (even odd when in chrome, near the bottom it shows the url and it's googletagmanager.com, weird as crap). Again when you visit a page or site, it will just stay stuck loading and if you click refresh everything is happy.

    It happens on external pages and internal pages. On both networks/domains. the only thing the two networks share is one of our perimeter firewall. Tired with no web proxy, not WAN errors or routes, nothing out of the norm for switches/routers/firewalls. CPU/memory is fine. Even tried when our WAN is hardly being used. Mostly a Cisco shop but it's been happening for a little over a month and everyone is going crazy trying to figure out what is happening.

    I've look at everything i could except a wireshark capture to see if it's just never receiving the rest of the web page.

    any suggestion on places to dig deeper?

    Edit: tried IE and chrome. Under developer tools. Does not mention googletagmanager and just normal web page stuff that never loads

    submitted by /u/shrimpy888
    [link] [comments]

    Cisco ACI

    Posted: 27 Jan 2021 07:37 AM PST

    In general, what does everyone thing of Cisco ACI? I'm thinking of making the plunge into it.

    submitted by /u/BlueWaterBeyondSkies
    [link] [comments]

    Need assistance with some TCP config options on a Cisco router

    Posted: 27 Jan 2021 04:49 PM PST

    Hi all,

    I have been asked to change from defaults to the following settings on one of my networks. I was provided the following 4 settings that seem to be from a FortiNet firewall, however I am using a simple Cisco 881 router at this small remote site acting as a firewall.

    set tcp-option enable
    set tcp-halfopen-timer 100
    set tcp-halfclose-timer 100
    set tcp-timewait-timer 100

    If anyone has any clue if it's possible to mimic this on a Cisco 881, along with what commands I would need to use and which mode (e.g. global config, interface config etc.) it would be greatly appreciated!

    submitted by /u/BEST_FOR_BIDNESS
    [link] [comments]

    Vrrp Comware to ArubaOS-CX

    Posted: 27 Jan 2021 11:59 AM PST

    Hi, Anyone successfully got a Vrrp working between these switches os's? We're getting odd issues. Version 2, you can failover the vlan to Aruba fine, but routing goes dead when try to fail back to comware. Version 3, both routers go master! Have a case with tac, but it's slow going. I suspect it's going to be a bug.

    submitted by /u/S0uthw3ll
    [link] [comments]

    Cisco ASA hit counters

    Posted: 27 Jan 2021 05:20 AM PST

    Does any of you know what is the maximum size of an acl rule hit counter in ASA?

    I know that it allows 32 K flow logs but can't seem to find the max hit counter anywhere.

    submitted by /u/angryLoveableTuna
    [link] [comments]

    Moving from ACS/ISE to Clearpass for TACACS

    Posted: 27 Jan 2021 03:54 AM PST

    I need to replace a Cisco ACS server soon as it is well past EOL and Adobe banning flash has now killed the reporting functionality completely. It is only used for AAA TACACS for about 300 devices.

    The most straightforward path is to ISE with device management licensing but I have been looking at alternatives and am considering Aruba Clearpass as an option.

    Anyone else gone the Clearpass route? How did it work out for you? Did you have to live with losing any functionality?

    submitted by /u/Kslawr
    [link] [comments]

    Asymmetric Routing Between Sites Towards Internet

    Posted: 27 Jan 2021 11:51 AM PST

    I have two disparate internet edge sites with different public IP spaces. I have an IP SLA setup so that if one ISP goes down, a default route to the other site will be added to the routing table and traffic will start to egress through the other site. One site is our primary (A), and the other a secondary (B), but are active active. When an internal client wants to reach the internet, they are always going to route out of A unless the IP SLA is triggered and then they will route out of B. Both sites have stateful firewalls between the router with the SLA and the internet.

    If we have an outage on A (I.E. ISP has a routing failure), the IP SLA will trigger and routing with fail over to B as expected. Our external DNS is updated to use the B site's public IPs instead. Now if site A comes back up, and the IP SLA changes the route back to site A, but external DNS is still pointing to site B we are asymmetrically routing where inbound traffic (for example SMTP) comes in through firewall B, but because of the IP SLA routing change the traffic will egress through firewall A. This seems to have mixed results, but sessions like cloud provider sync jobs don't seem to function while this is the case until the external DNS changes back to site A so that everything is flowing symmetrically.

    Is this something inherent of the functionality of a stateful firewall?

    submitted by /u/aetherpacket
    [link] [comments]

    Planning my first small/medium business network overhaul

    Posted: 27 Jan 2021 05:30 AM PST

    Let me begin by saying, I am a software engineer, my B.S. is in applied math, but I have worked the last few years in college as a sysadmin for a small company. Before moving into my new role as a software engineer, I have a big job of reworking the network while working with consultants to meet NIST 800-171 + CMMC Level 3.

    I understand static and dynamic vlans, DHCP, and subnetting on their own, but I am having trouble planning how they should all work together.

    I have 2 locations with new Sophos routers, the one smaller location just has 1 48 port L3 switch with a main VLAN and VoIP VLAN. I am planning the setup for the larger location that has 4 48 port stacked L3 switches, 1 48p distro switch, and 2 24p distro switches.

    MY QUESTION: I have planned out which ports will have which VLAN tags, which ports will be LAG/ trunk, but do I need separate subnets within a single location? (Both locations are on different subnets) Also, we use Windows server 2019 for DHCP, how do I setup DHCP for different VLANs?

    I also want to use LLDP for trunking ports where the VoIP connected to the wall and the PC connects to the VoIP, but would that require dynamic VLAN rather than static?

    The core switches are Dell PowerConnect 5548 and my distro switches are Ubiquiti Unifi L2 gen 2.

    Thanks for the help!

    submitted by /u/bpgould
    [link] [comments]

    Validate matched class in COPP?

    Posted: 27 Jan 2021 08:06 AM PST

    I am on a network with a lot of control plane policing. Is there a quick way I can validate which specific class-map inside of my policy-map that a specific piece of traffic is hitting? I'm sure a problem I'm facing is to do with CoPP, and I won't be allowed to remove the service policy, so I need a way to validating which line in the policy-map I'm hitting. I was hoping there was some sort of #test policy-map kind of command (you know, like how you would test aaa or test which port on an etherchannel you get load balanced out of), but I don't see it.

    submitted by /u/sg4rb0sss
    [link] [comments]

    Best documentation tool for storing circuits and related VRFs etc

    Posted: 26 Jan 2021 10:21 PM PST

    We are currently using a excel document to store various details such as the VRFs used by a VPLS, their locations and IDs along with xconnect src/dst/ids etc

    After moving all our IP addressing into Netbox, and being unable to find a good way to store the above in Netbox, what does everyone else use for these types of details?

    submitted by /u/semaja2
    [link] [comments]

    My boss can't afford a professional and I'm the most tech-savvy employee she has, though only by default. I have a month to fix her outages or else we have to use cellular hotspots for the biggest money-making event this quarter. Our ISP has officially given up on us. Help with a speedrun?

    Posted: 26 Jan 2021 06:52 PM PST

    I'm not exactly a genius, everything I know about networking comes from Linus Tech Tips videos. That said, here's the situation as of when I was set to the task:

    • At peak, we have 10-20 employees and several dozen customers using the internet at once.
    • Internet (Spectrum) comes in via a coax cable that gets split four ways. Three go to different modems, one goes to who knows where. Or at least I assume it works like that, because I need to at least pretend I understand something about all this.
    • Of those three modems, one is an Arris 1602 and the others are Arris 1670 modem/router combo units. I have no idea if those are good enough as modems for our network requirements, but the router on the 1670 we use (the 2.5gz network is reserved for guests) just dies during peak, and the connection drops out- not slow internet, the network just drops your device.
    • The other 1670 only really exists for employees can try to connect to it when the other networks fail. It doesn't do a great job of that. It does connect to a RasPi TV showing ads and a mysterious, unmarked grey box that nobody knows the purpose of. It also connects to a PoE wall plug injector, which only has one plug for power out. Why is this going into an already-powered router? I don't know, but wish I did.
    • The 1602 wasn't actually being used, but it was plugged in, connected to an inline PoE injector which itself powered a Ruckus r500 (the only router that looks like it can handle this many customers, which naturally was only used by half of the office staff). For some reason, it didn't actually provide data, so instead of fixing this the Spectrum guy apparently decided to just plug it into a 1670 while leaving the other cable uselessly connected.
    • There's a Cisco 24-port switch of some kind that says "10g/100g" as well as "PoE" on it, so I assume it's good for something, but it's not being used for any of the actual networking. I think it's used for the phone lines, but I don't know for sure because this whole building is an absolute mess of cables. This is a retrofitted warehouse, so no actual ceilings, just steel girders with wires hanging off of them. None of the cables are marked in any way.
    • The front office are all equipped with laptops, but can't use wifi due to aforementioned issues. Instead, they run on a massive tangle of wires, one of which is a cheap 5-port switch daisychained off of another cheap 5-port switch all the way back at the main hub/rat's nest.
    • None of this mess is in a server room or anything, it's just mounted on a wall by the door. And by mounted, I mean some of it is screwed into the drywall and some is just dangling by it's own cables. The cables are strapped to power lines whenever they're going the same direction.
    • The public router still uses the default admin password.
    • Not really network related, but there are UPS systems everywhere, and none of it is actually applied to anything. Most of the equipment is tied to one with a dead battery and nonfunctioning battery plugs, so it's just a really heavy power strip. Another is only connected to a printer- the battery isn't even inside the device for this one, it's just sitting to the side with bare wires exposed. Another goes into a room where the only powered devices are laptops. I think (hope) one of them powers the security cameras, but it sure doesn't power the alarms.

    The actual issue is that, aside from the public network not working under load, the main issue is that sometimes the networks just stop working. It's either "Connected, no internet", or trying to connect gives you an infinite loading screen. It happens with no warning and lasts anywhere from a few seconds to the better part of an hour. On some of the older devices we have, a disconnect breaks the internal antenna so that it won't pick up signals at all until it's rebooted. Obviously, that's not great when you have business-critical stuff that depends on the internet. Spectrum insists they don't see any outages on their end, so either they're wrong or the mess here is to blame. You can guess which I'm leaning towards.

    What my instincts are telling me to do is rip everything apart, then just go modem ==> switch ==> everything else, but this is a business environment and IDK if that's a good idea or would even solve my problem. I'm coming in early tomorrow to try and get more info when no customers are there to be annoyed by falling dust and cat 5e cables. If there's anything I should try to find out let me know.

    Edit: we probably need some kind of monitoring system or... something, but I wouldn't even know where to start.

    Edit 2: Picture, as requested. Missing the third modem I mentioned.

    submitted by /u/UncertainOutcome
    [link] [comments]

    Guidance on Cisco AP drywall ceiling mounting.

    Posted: 27 Jan 2021 01:52 AM PST

    Their deployment guide gloss over drywall ceiling mounting and add some nonsense about buying the right angle Oberon mounts. Anyone have any success with mounting 2800/3800 series APs to normal ceilings and not drop ceilings? Worried about pull out using regular drywall anchors.

    submitted by /u/Knowguy
    [link] [comments]

    I am looking to buy 10G-EPON OLT.

    Posted: 26 Jan 2021 08:25 PM PST

    Hello Everyone, I currently have 1.25G-EPON OLT and I want to upgrade to the 10G-EPON OLT. So here are my questions.

    1. Does 10G-EPON OLT have a 1:128 splitting ratio?
    2. Will my existing EPON ONU work on this new OLT?
    3. Can I use XPON ONT on this new OLT. Will my existing XPON ONT will work on this new OLT?
    4. Where can I buy this OLT and what will be the expected price?

    I searched for the 10G-EPON OLT and came across this Telesail TP5500-10G EPON OLT, 8 PON Ports Layer 3 Ethernet. It is saying to have a 1:128 splitting ratio on EPON OLT. I need the OLT to be shipped to India. (Sorry for my bad English)

    submitted by /u/jtnrao7
    [link] [comments]
    Read more
    at

    No comments:

    Post a Comment

    Fashion

    Beauty

    Travel