Interactive network diagram software recommendations? Networking |
- Interactive network diagram software recommendations?
- VPN Appliance with Azure AD Authentication and MFA Support
- Anyone aware of GPON in use in enterprise campus?
- Is there a hardware that can run with a client to connect it to multiple APs?
- I feel like I owe you this: Almost 90% of our zoom problems are resolved with WLC firmware upgrade
- Dynamic Network Mapper based on CDP or SNMP
- Network write-up after outage
- Good priced and reliable USA vendor for SM fiber patch cords and SFP+ optics??? Need to use a PO
- Can Cisco AnyConnect client VPN terminate on Fortigates or any other edge type of firewall such as maybe NSX edge firewalls?
- Issues with F5 VIP from HTTP to HTTPS
- Anyone Using ISE 3.0 With AzureAD and or Auto Pilot?
- LTE to bridge a terrestrial service circuit gap
- Interface DNS entries for better traceroutes. Are you doing it and if so how?
- UDP Return Traffic
- Aruba 6300m and HPE IMC
- Network Controller Unifi Alternatives
- Access IP camera at specific times in my network
- Best RSTP configuration for ports on the Juniper root-bridge switch
- Would anyone be willing to share a sanitized Aruba L2 config (2540)?
- Enforcing standard configuration
- Is it possible to split an IP address to route two ways simultaneously?
- MTU across switches
| Interactive network diagram software recommendations? Posted: 03 Mar 2021 11:17 AM PST I am looking for a piece of software that takes a network diagram to the next level. We have a very outdated network diagram that was done in Visio. But we have grown over the years and a lot of that info can't fit on one page printout anymore. I was wondering if anyone has any recommendation for an interactive network diagram builder? For example if we click on a VM, we'd like to be able to see more information we can assign to it with custom attributes, etc. Thank you! [link] [comments]  |
| VPN Appliance with Azure AD Authentication and MFA Support Posted: 03 Mar 2021 01:59 PM PST Hi everyone, I'm trying to research some enterprise VPN products that allow for direct authentication against Azure AD (without RADIUS), but my Google searches are turning up more about VPN for Azure resources. Does anyone know of such products? [link] [comments]  |
| Anyone aware of GPON in use in enterprise campus? Posted: 03 Mar 2021 07:58 AM PST I'm aware of GPON application in FTTH for ISP's, hotels, university campus etc. Anyone aware of any major deployments in the enterprise campus? How has that worked out? [link] [comments]  |
| Is there a hardware that can run with a client to connect it to multiple APs? Posted: 03 Mar 2021 08:44 AM PST This is a dumb question, I'm sorry. I was in IT 15 years ago, and switched to development. Thanks to Covid and being located in the middle of nowhere, finding IT people is very difficult. I hope I'm not breaking any rules here, I'm just running out of options. I have a large area covered by close to 100 APs. The network works fine and well for nearly everything - desktops, laptops, phones, etc - however we have some trucks that move around the area and need to maintain a remote desktop session. Given that, it's not wholly realistic to expend the budget for replacing the hardware with a mesh network, just for these 5 trucks. Google only talks about mesh networks. The networking company that we hired says our network is great, don't change anything, OR change everything to radio or mesh. I've been out of the game long enough maybe I don't remember the name of a solution, or maybe it doesn't exist. So my question is: Is there a system I can build that has multiple wifi adapters, which are not allowed to connect to the same AP, which will then determine the best connection at any given moment, and deliver it to a port that the truck's user can connect to? That is, on the truck have a piece of hardware that can round up three or four APs, create a local connection, and deliver it to a port or short range WiFi so that these guys don't have to wait for Windows to swap from one AP to another while driving around. I'm happy to do the googling if there is some phrase that will help. Sorry this is dumb. [link] [comments]  |
| I feel like I owe you this: Almost 90% of our zoom problems are resolved with WLC firmware upgrade Posted: 02 Mar 2021 05:21 PM PST I asked a question here a while back about our zoom problems dropping, freezing, and etc. Our 5520 WLC was running 8.3 firmware from 2019. After trying almost everything; be it iperfs, reconfigurations, and etc. Nothing fixed our issues. We did not have the license to download the firmware and I didn't really suspect firmware, but it should have been the first thing I took care of. Anyways, bought the smart license last week first upgraded to 8.5 and now we are at 8.10 Zoom works awesome. Firmware upgrade will be my primary focus going forward. I know lots of schools are having issues with Zoom. Try upgrading all your network devices. [link] [comments]  |
| Dynamic Network Mapper based on CDP or SNMP Posted: 03 Mar 2021 12:28 PM PST We run a multi branch standardized Cisco network setup of, Core - L3 Firewall - L3 Distribution (or aggregation) - L2 Access - L2 Meaning some subnets have it's GW sitting on the Core or on the FW. Is there any tool out there we could throw to both of the L3 devices and make them run through the topology (based on CDP) until it finds the Switch and port where the IPs ARPed are connected to? EDIT: Either OpenSource or commercial would work. [link] [comments]  |
| Posted: 03 Mar 2021 02:22 PM PST So we experienced a company wide internet outage last week which lasted 5 minutes, and needless to say affected several critical applications so it was very noticeable. Between 3 network engineers we scoured our logs on all edge, firewall, core switches, anything to give us an indication of why the outage occurred, we found nothing on the ISP side either, no flaps, no BGP losses, no accidental cable unplugs, no power outages, no flaps on the edge or core . the only thing we did see was a flap on a edge switch which has an uplink to a Barracuda and a Firepower device which I guess could feasibly have caused an outage. We jumped on a call with Barracuda to help us look at the logs but they found no conclusive evidence. So my question is, have you ever had to account for an outage you found no hard evidence too? If so, how would you word it so they could present answers to their superiors? [link] [comments]  |
| Good priced and reliable USA vendor for SM fiber patch cords and SFP+ optics??? Need to use a PO Posted: 03 Mar 2021 11:09 AM PST Networking Hivemind- We just completed a fiber ring-project on a large Community College campus and are ready to bring up dozens of redundant 10Gb links. I need a reliable vendor in the US that takes Purchase Orders, as it is way too big an order for my company credit card. [link] [comments]  |
| Posted: 03 Mar 2021 09:24 AM PST Hey guys, as the title states, can Cisco AnyConnect client VPN terminate on Fortigates or any other OEMs? Has anyone done anything like this? I checked Cisco's data sheets, ordering guides, and FAQs and it looks like based on my research AnyConnect is only compatible with Cisco equipment. Just checking to see if anyone else has implemented AC client with other firewalls that are not ASAs. Thanks! [link] [comments]  |
| Issues with F5 VIP from HTTP to HTTPS Posted: 03 Mar 2021 03:14 PM PST Hello, I'm trying to figure out what my issue is, but I'm not entirely sure. I feel like I set it up right, but I'm trying to figure out if it's a server issue so I can speak to that team. We have a simple VIP with 2 nodes. The VIP is set up on port 80, and redirects to the nodes on 443. I have the http_to_https redirect irule set up, but when I go to the VIP I get a "This Site Can't be reached" error. I've tested the webservers to make sure they connect on all ports. Here is my config: ltm virtual test-171-http { creation-time 2021-03-03:10:30:27 destination 1xx.yy.zz.bb:http ip-protocol tcp last-modified-time 2021-03-03:11:59:41 mask 255.255.255.255 pool test-171-pool-https profiles { http { } tcp { } } rules { _sys_https_redirect } serverssl-use-sni disabled source 0.0.0.0/0 source-address-translation { pool snatpool_3_1 type snat } translate-address enabled translate-port enabled vlans { VLAN171 VLAN3 } vlans-enabled vs-index 4 } What am I missing? [link] [comments]  |
| Anyone Using ISE 3.0 With AzureAD and or Auto Pilot? Posted: 03 Mar 2021 02:42 PM PST Hi everyone, The company is moving towards Auto pilot and we are in a hybrid AD environment. Looking over the new features of ISE 3.0 is the ability to integrate into AzureAD. Just looking for any feedback on how it is? Right now one of the checks for a computer to get on the network is that there is an object in a certain OU in AD well with AzureAD that doesn't exist anymore and right now any computer configured via Auto pilot can't get on our corporate SSID and gets kicked to guest because its failing the AD lookup. I've got the MDM / InTune stuff working great but my ISE 2.x instance doesn't know anything more about anything in the dictionaries except mobile devices and I'm hoping ISE 3.0 will have a dictionary for laptops, desktops etc. connected to AzureAD. Thanks for reading. TLDR: Can Cisco ISE 3.0 successfully authenticate devices that are only located in Azure AD against the wireless 802.1X authentication policy? [link] [comments]  |
| LTE to bridge a terrestrial service circuit gap Posted: 03 Mar 2021 07:43 AM PST A little background, I have a few plant locations that are currently serviced by a regional telco we are having trouble with and I'll leave it at that. We are in the process of ordering new WAN circuits and direct fiber to these locations to replace the current ones, but are worried that they may pull the plug on us unexpectedly. I have been tasked with coming up with a contingency plan using LTE internet service and existing VPN infrastructure in the event they pull the plug on use before new circuits are in. Our requirements are 10-20 Mb of bandwidth, we would be doing VoIP over it but could go to the local GW if necessary. Programs used are general MS Office applications and general internet. I am wondering if anyone here has used LTE to bridge a gap for a WAN circuits and how that worked out. What service did you use, ATT, Verizon, T-Mobile? [link] [comments]  |
| Interface DNS entries for better traceroutes. Are you doing it and if so how? Posted: 03 Mar 2021 09:04 AM PST I am looking to get all our interfaces into DNS that way it is quicker to identify what is going on. How are you all doing it if at all? Part of a process with manual entry during interface creation? Python script that scrapes and updates? Something else? [link] [comments]  |
| Posted: 03 Mar 2021 10:50 AM PST Can somebody help fill a gap that I'm blanking out on? I'm creating in/out ACLs on a Cisco that involves UDP traffic for things like VoIP and Skype. I've allowed udp traffic "in" to the SVI but I don't think I need to permit udp traffic "out" from the SVI. ip access-list extended In permit tcp 192.168.0.0 0.0.0.255 any permit udp 192.168.0.0 0.0.0.255 any ip access-list extended Out permit tcp any 192.168.0.0 0.0.0.255 I don't think I need to account for udp return traffic in the "out" ACL since udp is one-way and if the VoIP provider sent us udp traffic it wouldn't get NAT'd back to an endpoint anyways. Unlike TCP where return traffic is accounted for and the session is maintained in the firewall. So my questions are: - If udp return traffic isn't permitted then how do applications like VoIP and Skyp deliver the stream from the remote end to me? Seems like over tcp but wouldn't that have the same latency issues as sending over tcp?
As you can tell from Skype, vendor documentation isn't that great about this. I commonly see ports listed, great, but never identifies inbound/outbound direction. https://support.skype.com/en/faq/FA148/which-ports-need-to-be-open-to-use-skype-on-desktop [link] [comments]  |
| Posted: 03 Mar 2021 09:00 AM PST Hi has anyone been able to successfully manage the 6300m switches using IMC. I was recently advised to upgrade IMC to 7.3 (E0705P10) as this would fix the issues. I have completed this upgrade and While IMC now recognizes the 6300s and can give them the correct system Description, I am still unable to backup the config or push an update to the 6300s. I have SNMP enabled on the switch and have the correct details entered into IMC but this still displays an error, although i can see all interfaces on IMC. I'm not sure what i'm missing and any fresh ideas are welcome. also posted to r/ArubaNetworks really just hitting a brick wall at the moment [link] [comments]  |
| Network Controller Unifi Alternatives Posted: 03 Mar 2021 05:22 AM PST I have a customer that has a Unifi switch setup. They use this mainly for the cloud controller that let's them kick users off the network if they are too active on their phones for example. Their current provider is extremely difficult to work with and as such we have decided to look around and see what alternatives there are. The whole point of the system is to act as as gateway to the network, users need to click "Connect" almost as if it is a guest network and we have the ability to remove their access at any point. What alternatives are out there? Thanks in advance. [link] [comments]  |
| Access IP camera at specific times in my network Posted: 03 Mar 2021 10:28 AM PST Hello I plan to have an IP continuously streaming at a specific URL inside my network (RTMP). I want to access that camera from the internet only at certain times. What I was planning to do is:
Does this make sense? Am I overcomplicating things? Thanks [link] [comments]  |
| Best RSTP configuration for ports on the Juniper root-bridge switch Posted: 03 Mar 2021 02:03 AM PST Hello Everybody, I am not sure what is the best-recommended configuration for the ports of the root-bridge switch should I add to all ports on the core-switch(root-bridge) both commands (mode P2P and no-root-port). Below are the commands from the Core and Access Switches: Core(root-bridge): set protocols rstp bridge-priority 0 set protocols rstp interface xe-2/2/7 mode point-to-point set protocols rstp interface xe-2/2/7 no-root-port set protocols rstp interface xe-2/3/2 mode point-to-point set protocols rstp interface xe-2/3/2 no-root-port Access Switch: set protocols rstp interface ge-0/0/0 edge set protocols rstp interface ge-0/0/1 edge set protocols rstp interface ge-0/0/2 edge set protocols rstp interface ge-0/0/3 edge set protocols rstp interface ge-0/0/4 edge set protocols rstp interface ge-0/0/5 edge set protocols rstp interface xe-0/1/2 mode point-to-point (this is uplink to core1) set protocols rstp interface xe-0/1/3 mode point-to-point (this is uplink to core2) set protocols rstp bpdu-block-on-edge [link] [comments]  |
| Would anyone be willing to share a sanitized Aruba L2 config (2540)? Posted: 02 Mar 2021 06:24 PM PST Hi All - I am new to the Aruba world (coming from Cisco and Juniper) and have a test 2540 up and running, but I can't help but feel like my config looks clunky. I attempted to set it up to match as close as I can to the Cisco L2s I will be replacing (2960s mostly). As an example, the end of my config has a spanning-tree bpdu-protection for every single port. I am hoping someone could share what their standardization is like for L2 Arubas that they support. I appreciate any guidance Thanks so much [link] [comments]  |
| Enforcing standard configuration Posted: 03 Mar 2021 01:15 AM PST I'm looking for some input on what tools/methods people are using to enforce standard config. I don't exactly mean a golden config, I just mean ensuring that all your devices have certain lines of config applied. We do have solarwinds but it's baseline configuration is pretty useless in this regards as instead of just checking that all the lines exist, it matches those that also do not exist and says there is a mismatch. I am also in the process of trying to script it, just working out the best method at the moment. So how does everyone else go about doing this? [link] [comments]  |
| Is it possible to split an IP address to route two ways simultaneously? Posted: 02 Mar 2021 08:06 PM PST Jr network engineer here so I apologize if I do a bad job explaining, but here's a situation I'm faced with. I have Analog data stream that is converted into IP at a remote site and then sent over to my L3 switch which I have control over, at that said L3 switch I have two end devices that cannot talk to each other but both need to be able to access said data stream. The remote proprietary device that converts the analog to IP has a router on a stick type feature that I set up on its port pointed back to the L3 switch, this allows the stream to be split, this is specifically pointed to virtual interfaces on two separate vlans and with this setup everything seems to be working fine while keeping the two end devices from communicating with each other. Cut to, there is now a new additional stream that needs to be ingested by both end devices, however this time the remote device does not have a router on a stick type capability that I know of, I could set up two different static routes pointing to each device right? but then they couldn't view the stream simultaneously only one at a time and having to switch between the two depending on who needed to see it more. I could set them both up on the same vlan but then the two end devices will be able to talk to each other. my question is it possible to route this data to both devices at the same time after it hits my network, in the first example i could do this because the remote end device had this capability and it was split to two ip address before hit my network, could i some how do this on a cisco piece of equipment? say the end devices are 192.168.1.3 /24 and 172.16.1.3 /24 respectively and the remote stream is 192.169.1.3 /24 , is there a way to tell 192.169.1.3 as it comes into my network to go to both 192.168.1.3 and 172.16.1.3 at the same time? [link] [comments]  |
| Posted: 02 Mar 2021 10:57 PM PST Hey guys, So I'm going to link two backbone switches up, each contains about 35 computers and a few servers. The switches are both Dell FTOS but years apart so the operating system is like 9.3 vs 10.5. I'd like to link them via 10 gig and set the MTU size to 9000 on each perspective interface. However on one switch after I set the MTU to 9000 it says ip MTU 8968 and layer 2 9000 and on the other switch after I set the interface to 9000 it says ip mtu 8982 while 9000 on layer 2. So a 14 bit difference between the two switches. I've successfully linked the switches up but I got a LLDP configuration mismatch on the interface in the logs, however, everything works. So I guess my question is : do I want 9000 and 9000 at layer 2 but be off by 14 at layer 3. Or do I want to match 9000 to 90014 at layer 2 to match 8082 to 8082 at layer three? This is just an access port link, no trunking. Also I've never really tested two switches linked at 9000MTU before while the rest of the network is at 1500. Does it make a big performance difference? Also I cannot upgrade the OS of the old switch incase anyone wanted to recommend that. Because probably if I did that by default MTU would be the exact same but I can't because the old switch is in production and I just need this to work for a few months, then the old switch is getting replaced. Also the same mtu mismatch happens at the default 1500 setting as well. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment