Rant Wednesday! Networking |
- Rant Wednesday!
- Freeradius SQLIPPool giving multiple addresses for each client
- Switching Migration
- ASA (9.x) to FortiGate NAT Conversion
- Looking for service assurance monitoring solution
- SilverPeak First-packet iQ - substance or marchitecture
- Cisco Modeling Labs Enterprise Edition - Host Specs
- Bypass the enable mode and get directly into privilege mode
- Dell S6010-ON 40Gbe to UTP
- Proxy vs NAT Firewall
- VPN connection from client in another country is very slow, any ideas?
- Switch CISCO SG350-10P POE problem
- AFL OTDR Stuck in boot screen
- LAG load distribution concept clarification
- Cisco Live: DC or dev track
- Cisco ASA and QoS policy
- Need help with SNMP Traps
- Encrypting payload over https
| Posted: 23 Mar 2021 05:00 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it. [link] [comments]  |
| Freeradius SQLIPPool giving multiple addresses for each client Posted: 24 Mar 2021 01:27 PM PDT I set up Freeradius with SQLIPPool, and when testing it out, every request is replied with an unused IP address despite coming from the same client. I'm sure its a miss configuration on my part somewhere, but I'm not entirely sure where. I thought maybe it was the pool key, but I tried setting that to User-Name, and that didn't make any difference. Any suggestions? [link] [comments]  |
| Posted: 24 Mar 2021 03:55 PM PDT We are an Aruba shop right now with a mix of 2900 models and want to replace it with either 2930F or CX 6200 and we are looking for centralized management so either going with Aruba Central or Net Edit. While I was going through that we saw Juniper EX series + Mist Wired Assurance+ EFL is also providing similar setup. The main idea of choosing aruba is we are already an aruba shop, so no learning curve it works super stable , no bugs and life time warranty with One or two day shipping. Plus if we are to use a NAC solution in future clearpass is one of our favorites. What are options available with juniper ? what kind of licenses I need so it will be similar to aruba setup. Is the price higher or lower than aruba? How warranty works? Which NAC solution works better with Juniper? We already had Meraki so not looking on that side because of no CLI. Cisco is Pricey and Extreme networks no clues. Any suggestions are new ideas are appreciated. [link] [comments]  |
| ASA (9.x) to FortiGate NAT Conversion Posted: 24 Mar 2021 10:00 AM PDT I have the following NAT Rule from the ASA (code 9.x) and I'm trying to convert it to FortiGate (Code 6.4.4). I'm using Central NAT on FortiGate. What is the best way of doing this? Do I need two rules, Central SNAT and DNAT? nat (OUTSIDE,INSIDE) source static OBJ-10.10.17.136-143 OBJ-10.10.65.64-71 destination static OBJ-10.10.65.124 OBJ-10.10.160.40 I used the FortiConverter but the output is messy. [link] [comments]  |
| Looking for service assurance monitoring solution Posted: 24 Mar 2021 08:46 AM PDT What does everyone use for service assurance monitoring? My company has made a swift migration to all things PAAS,SAAS in the last year or so, and I've found that internet service reachability has become more critical than internal network reachability. With that being the case I'm trying to find a solution that would allow me to monitor all of these solutions from each remote office. I've looked at Aruba and Netscouts solutions, but wanted to check to see what other solutions people may have found whether it be home grown or open source. [link] [comments]  |
| SilverPeak First-packet iQ - substance or marchitecture Posted: 24 Mar 2021 02:03 AM PDT Hello In short, I am getting into the details with regards to how vendors do application identification in conjunction with SAAS optimisation. Initially focusing on Cisco Meraki and Silverpeak The full back story is I am currently in the early stages of exploring SD-WAN for my organisation, and I am starting to get my head around some of the products and new features on the market. One area that seems to be getting a lot of focus is SAAS optimisation/ SD-internet/ Smart SaaS QoE as I have heard it called. Essentially looking at how vendors can optimise the traffic delivery from branches to a SAAS applications. I understand how different vendors achieve this at a high level. What I want to understand further is how an application is identified, how different vendors approach identification and what makes some engines more superior than others. I am familiar with Meraki and I currently have a Cisco Meraki MX67 with a SD-WAN plus license. I have started my initial testing with this product as I used it for SD-WAN at a previous company and I see the value of its simplicity. I am aware that its Smart SAAS QoE is not available yet however I have been able to test the L7 VPN exclusion feature which is a stepping stone to achieving there Smart SAAS QoE. Just to state this post is more about understanding the application recognition element over comparing the full SAAS optimisation element of both vendors. Meraki have 10 major applications to select from with the option of defining other custom applications via IP or URL. Im testing this at the moment and it works as you would expect. I am running a packet capture and I can see the relevant traffic break out onto the internet rather than take the default route over the VPN to my test datacenter MX. More information on the feature. I have started to explore the literature on Silverpeaks First Packet IQ and it sounds very impressive. What I am struggling with is trying to distil from the Silverpeak marketing message what the real benefits are of this innovative and industry first feature over and above what I am seeing the Meraki box. Is this just marchitecture or is there real substance to this Silvepeak feature. I admit my understanding of application recognition is relatively elementary so any guidance is massively appreciated. If you can shed any light on this specific feature and potential advantages and pitfalls that would be great. What is the limitation with defining applications by IP and URL only? What common SAAS applications would I fail to identify on the MX? Silverpeak Feature in more details https://www.silver-peak.com/products/unity-edge-connect/first-packet-iq 'Silver Peak's innovative First-packet iQ identifies applications on the first packet. Using multiple techniques, First-packet iQ identifies more than 10,000 applications and more than 300 million web domains. First-packet iQ goes beyond typical Deep Packet Inspection (DPI) and port-level approaches used today and it adds a cloud-hosted internet map and geolocation database in addition to real-time machine learning to provide the highest levels of application intelligence.' Thank you in advance for your input [link] [comments]  |
| Cisco Modeling Labs Enterprise Edition - Host Specs Posted: 24 Mar 2021 06:58 AM PDT We're investigating purchasing a CML Enterprise license to do some labbing and datacenter emulation and I'm curious if anyone else is emulating a relatively large environment in CML and what server specs they have. Networking would have to purchase the host so we'd like to know what to ask for when we get a quote. We have roughly 70 Nexus and ASR devices across each datacenter, and while I don't think we'd be looking at dropping every single node in our lab environment, it would be nice to be able to run at least 40 nodes. I'd assume 128 gigs of RAM would be the minimum, but not sure what to ask for in terms of CPU cores. Anyone else out there doing something similar? [link] [comments]  |
| Bypass the enable mode and get directly into privilege mode Posted: 24 Mar 2021 01:15 PM PDT I have tacacs configured and in line vty I have given privilege level 15,but still the router prompting for enable password. I want to bypass it and go to privilege mode directly after entering tacacs. [link] [comments]  |
| Posted: 24 Mar 2021 11:22 AM PDT Hello, At work we are going from Dell S6000 switches to Dell S6010-ON switches in the future at new racks. Is it possible to get UTP (RJ-45) to work on those 40Gbit/s QSFP ports? Thanks a lot. - Jessy [link] [comments]  |
| Posted: 24 Mar 2021 10:48 AM PDT I often work with other vendors that will need to connect to my environment to use some hosted application. For some companies its as simple as opening the required ports on their firewall and that's it. For others, there is a proxy involved. Does anyone work in an environment where proxy servers are used? If so, why are you using them? To me, firewalls do all the work that a proxy does(for the most part ). You can permit/deny certain applications, you can hide your private network addresses,. This level of complexity here is often a bane of the troubleshooting process as most vendors outside of port 80/443 don't allow custom ports. So now they are in a place to have the user move to a segment of the infrastructure with no proxy to try to access our applications. If that's the workaround.......why have the proxy in the first place? [link] [comments]  |
| VPN connection from client in another country is very slow, any ideas? Posted: 24 Mar 2021 12:38 AM PDT Hi everyone, I'm the only network engineer at this company and so I have no one else to bounce ideas off of, so I'm coming to you, r/networking. The company I work for is in Germany, we have 2 Palo Alto Firewalls and we use GlobalProtect as our VPN with a gateway on both PAs (one is physical on site and the other is a VM in a cloud). The company hires a few people living in other countries and they just work remotely. I've never heard any issues with this until this week. Someone working from Uzbekistan cannot reach any of our internal sites. After a lot of investigating, we found that the connection through the VPN is so slow that the DNS requests come to late or not at all and after a failed request from our DNS his PC sends a request to his local modem, which obviously only resolves external sites. I checked on the PA for his public IP that his connecting with for GlobalProtect and checked the security logs from that IP and more that half of the connections are being dropped because of no answer. So I'm now thinking that his internet or the connection from his country to us is just not good enough, but he can quickly resolve and load any other German/European websites. Is there anything I can even do here? It's odd to me that he can easily reach other pages in other countries but only our GlobalProtect connection is bad. It's also good to note that the 2 PAs don't use the same internet, because one is in the cloud it just uses whatever that cloud provider has. Otherwise I would have contacted our internet provider to see if they had anything going on that could be causing this. Any ideas are greatly appreciated. I'm hitting a wall here and you are my last hope for fixing this. [link] [comments]  |
| Switch CISCO SG350-10P POE problem Posted: 24 Mar 2021 10:04 AM PDT Hello, I have created "time ranges / recurring ranges" for the POE power supply of my equipments (Raspberry). When the switch restarts, it powers the Raspberry for a few seconds then applies the time range. The Raspberry's are then cut instantly. How can I prevent the POE ports from being powered up when the switch starts up? [link] [comments]  |
| Posted: 23 Mar 2021 11:33 PM PDT Dear All, I have been using an AFL M200 OTDR for all the fiber testing, recently my OTDR stopped booting in to the menu screen, it will stay on the boot up screen showing AFL logo and never goes in to the menu. Suspecting the issue is due to memory got full due to old test results in the device, Thier support is saying the device is EOL and will never help to fix it. Kindly help me if anyone have any workaround to fix this issue. [link] [comments]  |
| LAG load distribution concept clarification Posted: 23 Mar 2021 08:53 PM PDT We all know the high level concept of how a frame gets load balanced across a LAG. Frame comes in and a hash is taken based on source/destination L2 or L3 or maybe even L4 header information. Hash is pinned to a member link and away it goes , forever pinned to that member link. The point I need clarification is that based on my readings, the most common way that a hash is generated is for Layer 2 header information. Does this mean that if I have an L3 routed link the switch is only looking at L2 info to make the hash? Or is it based on if I am going over an L2 or L3 link would determine the type of load distribution that will be done? Cisco documentation: The default load-balancing mode for Layer 3 interfaces is the source and destination IP L4 ports, and the default load-balancing mode for non-IP traffic is the source and destination MAC address Does that mean that traffic going across a Layer 2 port--channel trunk , by default is non-IP traffic and therefore source/dst MAC address is used? [link] [comments]  |
| Posted: 23 Mar 2021 06:55 PM PDT I have a lot of experience with ACI and I'm afraid it's just going to be the same ole intro to ACI I keep finding everywhere. Anyone else have thought that going?(virtual) [link] [comments]  |
| Posted: 24 Mar 2021 06:58 AM PDT I'm not really a firewall guy but I'm trying to isolate some QoS issues. On a router and switch (depending on what switch you have) you have to create and assign QoS policy. Generally curious, when you are setting up inbound connections that terminate on your firewall, are you configuring QoS policy on your firewall similar to how you would on a router? [link] [comments]  |
| Posted: 23 Mar 2021 04:47 PM PDT Hello, I've been tasked with setting up a basic per-port mac limitation config on some Juniper ex-4300 switches, and to get SNMP monitoring set up to log events when it triggers. I've never worked with SNMP traps before, and the corresponding OID for this is notify-only. I've had this on my project list for a while and keep making little to no progress as I either don't understand this well enough to google my way to an answer, or a simple answer doesn't seem to exist anywhere so I'm hoping someone here can help me out. Here's my current snmp config on the switches: And on the receiving end (centos 7/rhel) I've verified snmptrapd is running, but nothing is logging with this config. Obviously I've got some chunks missing but getting frustrated trying to find answers as to what. [link] [comments]  |
| Posted: 24 Mar 2021 05:22 AM PDT so i am communicating with the server over https where my app is connected to restful api is there any advantage when encrypring the body of the post request if i am sending sensetive data edit: i will encrypt the data at client side and decrypt it at server side [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment