Network monitoring - Very simple level with ping and text output Networking |
- Network monitoring - Very simple level with ping and text output
- DNA Center Deployment
- Asking the right questions
- ISP Bandwidth Prices
- Avaya ERS 4850-GTS-PWR+ 802.1aq SPBM Homelab firmware issues
- Shell scripting for beginner network engineers?
- aruba or cisco for e911?
- ASA code skill useless in the future?
- Netconf get vs get-config?
- Questions about Anchor WLCs
- Questions about DC redesign
- Intent Based Networking
- HP Aruba layer 3 switch options
- Terminal that resolves OUIs inline?
- Software to manage switches in an air-gapped network
- Network scanner (just for IPs + hostnames)
- Deny outbound by default - question?
- Bytes Received by IP Address
- Cisco 3750 Switch: How do I enable TLS 1.2?
- Cisco AnyConnect reconnects every few minutes
- Azure oauth2 VPN authentication with new SMB firewall
- Design descisions I've seen
- Do I need additional security for medical office?
- When should we create a network baseline in an enterprise network?
- Enabling cleanair caused endpoint latency and packet loss
| Network monitoring - Very simple level with ping and text output Posted: 22 Jan 2021 08:26 AM PST We are looking for something specific network monitoring wise and want to see if there is an option before we end up spending some cycles writing it.
Pretty simple but having problem actually getting a lightweight and always running program that can do this without a bunch of other fluff in the way (WUG, PRTG, etc). Cost isn't a very big issue right now as we are planning to replace some high cost items or end up using a lot of engineer hours to write something new. Just in the exploratory phase right now for figuring out next steps. We already have tooling for SNMP monitoring but even tuning the email portions it is WAY too noisy for our low tech skill noc. Thanks! [link] [comments]  |
| Posted: 22 Jan 2021 11:17 AM PST Having a tough time getting going with DNAC. I've gotten the server setup correctly with the various cabling/IPs/certs/basic settings etc. I'm going through the only two guides I can find but still have a rough time fully understanding workflow for existing devices (imported via discovery) and new devices (all the switches we'll be ordering and hopefully provisioning via ZTP) Here's what I'm using: What am I missing? For ISE, I found a ton of information online and got a great book from Amazon. It was a lot to learn but the material was there. For this it's like sorting through scraps. Just really expected to find more information but if what I linked to is all there is I'll continue making notes and labbing to try and fully understand it TIA [link] [comments]  |
| Posted: 22 Jan 2021 04:34 AM PST So they left me in charge of the technical part of the interviews for the first time and I need help with some questions. The HR selected and weeded out the candidates and this is the second interview phase. I have some specific questions to do with the environment we are currently in but what should a CCIE certified candidate already know that I can ask them. I have stumped a candidate before with a layer 1 question before which goes liked this: The server team has configured and replaced a faulty server, the network team even replaced the network cable for the new server but the network is not working. What should you check to resolve the issue? Not sure if it's my phrasing of the questions but this happened irl, the cable wasn't crimped properly. The candidate was talking about the configuration of the server disabling and enabling network cards. He skipped the glaring clue in my question about the cable being changed and didn't even talk about the switch at all. I also kept repeating that the server is configured properly. All my questions revolve around real issues that happened to us before. I am going to have to submit my questions to my boss before the interviews start, if you can help me out or just some advice. Thanks. [link] [comments]  |
| Posted: 22 Jan 2021 02:12 AM PST We are a small ISP. And the bigger ISP we are buying bandwidth from makes us pay different amount for Youtube Bandwidth, Tiktok Bandwidth, facebook bandwidth and International bandwidth. I'm just wondering if its just like this in the ISP Business or do ISPs pay for bandwidth as a whole? [link] [comments]  |
| Avaya ERS 4850-GTS-PWR+ 802.1aq SPBM Homelab firmware issues Posted: 22 Jan 2021 11:28 AM PST Hello, My employer is switching to Extreme 802.1aq Shortest Path Bridging MAC in MAC (SPBM) equipment and I was looking for cheap gear to build a homelab and really play with SPBM since it is quite a bit different then traditional OSPF. I was able to buy a cheap Avaya 4850-GTS-PWR+ switch from ebay but to get it to the latest code which I have access to from work requires an intermediate firmware of 5.6.20 which isn't available from either Avaya or Extreme. Does anyone still have 5.6.20 stored somewhere that I can discuss getting via PM Thanks for your time Todd Smith [link] [comments]  |
| Shell scripting for beginner network engineers? Posted: 22 Jan 2021 03:13 PM PST Hi guys, I've been following this sub for a while now and I'm wondering. How important is shell scripting for Networking? I've been learning a bit from https://www.shellscript.sh/ and from a video course I found in O'Reilly called "Great Bash" by Carl Albing but I'm just curious on going further or just step away and focus on something else, I'm building my way to eventually try getting into Network Engineering. What would be the "fundamentals" of shell scripting to network engineers? Thanks in advance, [link] [comments]  |
| Posted: 22 Jan 2021 02:31 PM PST Some background: we're about to refresh our switching equipment. the deal is i REALLY would not want to go back to cisco and leaning towards hp/aruba but i'm getting some pushback. The main reason they want cisco is their switches has port tracking for E911. This was recommended to us by the people who upgraded our Call Manager. From what i understand, this tech allows first responders to pinpoint your room/office location when you make a 911 call from the building. Does Aruba have a similar tech? Other than that I think the tech between the two is a lot similar. We really have those 2 brands to choose from because we have a mix of the 2 spread all over campus (long story). I really like Aruba's tech support and like that i'm not being nickel and dimed for things like licenses, etc. Thanks in advance for your help. [link] [comments]  |
| ASA code skill useless in the future? Posted: 21 Jan 2021 09:32 PM PST Hi, as someone who is very good (at least I class myself as that level now) at ASA's and can do almost anything on the CLI wise without even having to look at documentation anymore these days to...Are Cisco going to be getting rid of the ASA CLI and replacing it with their NGF Firepower range fully in the future in anyones opinion. I don't mind Firepowers to be honest! I think they're very good, I just mean purely from a point of view of knowing how good my ASA code knowledge is, will that all become obsolete or will the ASA still exist in the future do you think? Thanks [link] [comments]  |
| Posted: 22 Jan 2021 01:52 PM PST Hey all, I'm working on some Netconf scripts and I keep seeing references to get-config and get RPCs. My question is, why bother with a "get-config" request if a "get" can retrieve both configuration and state data? Would it not just be easier to always use "get"? Generally I'm grabbing relatively specific information and am narrowing down the scope of my RPC request with xml filters to begin with. Are there any advantages of deliberately using "get-config" over "get" in these senarios? Thanks! [link] [comments]  |
| Posted: 22 Jan 2021 01:24 PM PST Ok, please bare with me. I'm a newbie whe it comes to wireless. I understand the concepts and the 100ft view of it. Recently I changed employers and they have Anchor Controllers for guest access. It's my understanding that you do this so that all guest traffic comes out of a single interface, into a dmz on the firewall for example, and is managed from the one interface. I can understand the security implications of this if there aren't any internal firewalls. However, can't you accomplish the same thing by dropping all of the guest traffic into a single VRF and manage that traffic with VRFs and traffic steering to get it where you need? Would that not save you the expense of a pair of anchor controllers? By all means roast me if my brain is not thinking this through properly. Thanks! [link] [comments]  |
| Posted: 22 Jan 2021 07:31 AM PST Hi all, I'm in a position in my company where I'm having to redesign and implement new equipment within the DC. The reason is it's never been done properly and long overdue. I've just started at this company at the beginning of Jan. Here are some facts to take into consideration: - Company has 1 DC (doesn't look like there will be any need to expand/stand up a new DC in the next 3 - 5 years) - AWS instance which is used to segregate another application & data that company have (it was built in AWS just in case it was ever going to be sold off to make it easier) - Company has 2 offices which are currently connected via Meraki 'SD-WAN' these then connect to the DC. New network equipment looks like this: 2 x Internet Lines from separate ISP's 2 x Cisco 2130 Firepower's 2 x Nexus 5672 8 x 2208 Switches I've drawn a diagram of how I see everything logically connecting to each other, but I just want to make sure I'm heading in the right direction. I've got a few questions that I've tried to look up but can't really get a definitive answer: Should the internet circuits be terminated directly on the firewall? I've read up that this is fine to do given NGFW's are a lot better than older firewalls Given the size of the estate mentioned above, should I be using BGP? It allows for possible expansion in the future, currently, static routes are being used which I would like to get rid of If yes to the above, where should the BGP be taking place? On the firewalls or on the Nexus'? Thank you for taking the time to read through this, I've been in the field a while, but this is the first time I've been a 1 man band so to speak and I would really like to get this right. [link] [comments]  |
| Posted: 22 Jan 2021 09:06 AM PST Can anyone simplify or explaining what the term of inteent based network means? As its currently used in the market and seems to be the next trend. [link] [comments]  |
| HP Aruba layer 3 switch options Posted: 22 Jan 2021 10:57 AM PST My boss bought a bunch of HP Aruba 2530 switches before I started working at the company. He was convinced they were layer 3 switches but looking in the configurations and online they're definitely layer 2 switches. Does anyone know a comparable model switch from Aruba that can handle layer 3? [link] [comments]  |
| Terminal that resolves OUIs inline? Posted: 22 Jan 2021 10:54 AM PST Resolving OUIs turns out to be a common need in tshoots. Anyone know of a terminal app or ssh wrapper that can parse OUIs inline for catalyst switches, like wireshark does? Ex: I wrote a shellscript that resolves them one-off, but inline would be much easier :) [link] [comments]  |
| Software to manage switches in an air-gapped network Posted: 22 Jan 2021 08:22 AM PST We have a network that can not connect to the internet for security reasons. It has been growing for a while encompassing about 100 network devices now, 99% switches from HP. We are planning to acquire a management software to reduce maintenance work and get more visibility. I was checking out Aruba Central but it seems to be a cloud app, so I guess that is out of the question. I feel like HPE IMC might be the best candidate, but it seems to be very heavyweight. Would appreciate to hear experiences of people managing switches with HPE IMC or recommendations of alternative software. [link] [comments]  |
| Network scanner (just for IPs + hostnames) Posted: 22 Jan 2021 12:06 AM PST Hey Guys, I'm looking for a tool to scan our entire company network continuously to get an overview of the devices in the network together with information when they have last been seen. Information I need: IP, Status, Hostname, Last Response The tool should scan the whole network and store that information for clients that are no longer reachable as long as no other client is reachable under the same ip. Solarwinds used to have a IP Address Management Solution as part of the engineers toolset which offered exactly this functionality, but it looks like it is no longer supported nowadays. They still have a solution that would fulfill the requirements, but it is a full blown IPAM which I don't need and don't really want to pay for as the price seems to depend on the amount of IPs in your address space. Tools like Angry IP Scanner are pretty close, but they are missing the last seen information which is important for me. Does anyone have any suggestions for an open source solution which would offer this basic functionality? Thanks in advance! Edit: I wasn't quite clear in my original post - I want to use this to gather information about the clients / servers, not network devices! Edit 2: A lot of the solutions posted here offer way more features than I need, I don't want to scan any additional ports, monitor network traffic or get additional data via SNMP, I just want to get an overview (including history) of the pingable devices in the network and their DNS names at that time. All these more advanced solutions don't have this quick overview or are way to expensive when I'm only using 1% of the featureset. Unfortunately I can't add images here but the following link shows an overview of exactly what I need. Unfortunately that solution works only for 254 IPs https://cdn.ittsystems.com/wp-content/uploads/ip-address-tracker-free.jpg [link] [comments]  |
| Deny outbound by default - question? Posted: 22 Jan 2021 05:49 AM PST We have a lot of small business clients who often have a single Draytek router/firewall - by default outbound traffic is set to allow all. Recently we setup some firewall rules on a clients guest wireless network to only allow 80/443 outbound. This caused several issues with things like iMessage, WhatsApp on staff mobiles and some other services. So my question is, when setting a default deny all outbound how do you know what ports to allow for all the different services? Do proper firewall/UTM solutions have built in rules to easily allow this kind of traffic or is it a manual process of seeing what doesn't port and finding the ports it uses? [link] [comments]  |
| Posted: 22 Jan 2021 01:16 PM PST I have a network video server that records IP cameras (running Windows). I want to programmatically determine the bitrate per camera connection. Basically, how many bytes did the server receive over X minutes from IP XX.XX.XX.XX. I want to be able to automate this task and check every few minutes. I was thinking I could use a Windows performance counter to do this but I can't seem to find any documentation on how to create one. Any help would be appreciated. [link] [comments]  |
| Cisco 3750 Switch: How do I enable TLS 1.2? Posted: 22 Jan 2021 08:52 AM PST I'm trying to configure a Cisco 3750 Switch and resolve a vulnerability regarding traffic encryption. However, I'm having a lot of trouble and can't find any documentation to help me on this. Typical commands to configure TLS aren't working and documentation on this device isn't providing me with any information on how to set up TLS 1.2 on the device, so I'm hoping someone here can help me out! [link] [comments]  |
| Cisco AnyConnect reconnects every few minutes Posted: 22 Jan 2021 12:06 PM PST Our Cisco AnyConnect client reconnects every 4 to 9 minutes. It is also incredibly slow. This effects every user who uses the VPN. Information from DART: Date : 01/22/2021 Time : 15:31:22 Type : Error Source : acvpnagent Description : A DTLS Alert was received from the server during a read operation. Severity: fatal Description: handshake failure WireShark does not show any errors. I tried the following changes in the group policy of the firepower: And the following changes locally on the device: Any help would be greatly appreciated since this issue is taking our whole HR department down. [link] [comments]  |
| Azure oauth2 VPN authentication with new SMB firewall Posted: 22 Jan 2021 08:00 AM PST We currently have a Cisco ASA (5512) firewall at our SMB which is EOL. Besides firewall functionality we use the VPN quite a lot. Since we use Azure/Office 365 for 90% of our business, it would be great to integrate Azure oauth2 authentication to our VPN so that end-users have just one username and password (with MFA) for most services. Because the ASA is EOL, it's time to search for a new firewall solution, preferably with the possibility to authenticate VPN users via Azure. I've seen some documentation on integrating the ASA's VPN ( Configure ASA AnyConnect VPN with Microsoft Azure MFA through SAML - Cisco ), but I'm also kinda curious about other brands like Fortinet and Palo Alto. I've read some thing about Fortigate being picky on only supporting their own MFA system. Are there any brands of firewall that provide this functionality in a pretty straight forward manner, without requiring any on-premise infrastructure (beside the firewall of course)? [link] [comments]  |
| Posted: 21 Jan 2021 07:39 PM PST Hello Gents and Ladies, I have two design questions that I want to run past you all. I want to know the pros/cons and how I deploy.
[link] [comments]  |
| Do I need additional security for medical office? Posted: 22 Jan 2021 10:46 AM PST Hello, all! I'm stuck with a network/security issue and know enough to be dangerous. I'm hoping you can provide some insight. I manage a doctor's office and we are opening a satellite office an hour away. We are renting the office space from another physician, and that physician is providing internet, PCs, WIFI, etc. We can bring laptops to use to access the internet as well. We will only be there one day per week as other clinic also rent different days. (Example: our specialty (cardio) is there Monday. Ortho is there Tuesday. Wednesday is ENT, etc. These are all different clinics just renting space from this one office.) Our medical software is cloud-based and requires us to download an app, which I was going to do today when I visited for the first time. We can take patient payments via a secure website. This morning, I met with their office manager to find out about getting admin credentials (or someone with admin credentials) to download the software, and she didn't know anything about the computers. I also asked about getting a copy of the security risk assessment that is required by CMS, and she mentioned that was something they were in the process of completing. She gave me the number to their outsourced IT guy who called me back about an hour ago. I didn't do any installs since I didn't have access and didn't know what their security protocols looked like. Left to go back to my home office. Few hours later, I talked to their IT guy. I have since learned that there is no real IT security and no network at the satellite office. There is no server of any kind, no domain, no user tracking ability, unsure if there is a firewall or AV. No clue if they do any patching, which just guessing, I would say they don't. We would be using the guest SSID for WIFI access which is also shared with patients in the clinic. I got a little overwhelmed/panicked when talking to the IT guy as he was telling me this so I forgot to ask about firewalls/AV. I'm making the assumption they are using the firewall that was provided by their ISP. I called my medical software people to ask about installing the app on a PC or using a guest WIFI account and how I actually connect to our cloud service. We are connecting using RDP and must have separate user/password for both the server farm and our actual data, but I'm still worried. I know RDP is secure, but should I do anything else? Should I use a VPN especially since I still need to run credit cards via the internet? I cannot make changes to the other physician's office because it isn't my space. I can bring laptops from our clinic down and just use their WIFI. I'm slightly terrified of using their actual PCs since all users from all the different clinics just type in the main password to access them. Suggestions? Am I overreacting and everything will actually be fine? Let me know if I need to clarify anything. Thanks! [link] [comments]  |
| When should we create a network baseline in an enterprise network? Posted: 22 Jan 2021 01:15 AM PST this was a ccna question but I couldn't remember the correct answer. Some info would be nice. [link] [comments]  |
| Enabling cleanair caused endpoint latency and packet loss Posted: 21 Jan 2021 05:45 PM PST Today I noticed that cleanair was disabled on my 5508 WLC running 8.2. We just replaced the aging 1142's with 3802i's and users were complaining about signal quality and bandwidth. I enabled cleanair on both 2.4ghz and 5ghz bands. The next two hours were quiet and then all of a sudden a specific portion of the building and only embedded windows devices were experiencing higher than average latency and timeouts. Disabling cleanair resolved the issue. The problem here is, I'm not sure why CleanAir would have done this. From my knowledge, cleanair surveys the environment for interferers and sets channels based on what it hears. Any idea? Anything you think I should look at? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment