Moronic Monday! Networking |
- Moronic Monday!
- Created a web-based network device monitoring tool for Cisco IOS XE devices with RESTCONF only
- Segmentation Best practices
- Cumulus dropping non-Nvidia hardware?
- N9K-C93180YC-EX alternative (24/48 - 25gb ports, 6+ 100Gb ports)
- Ruckus ICX errors fdry2bcm_linkscan_callback
- NSX for network overlay without a 2nd network overlay
- Help on Transitioning from Cisco ISE to Aruba ClearPass
- IPv6 on Fortigate breaking O365
- Request: config manual for TAP "Net Optics LA-IF4CU3/4SFP"
- Our company's new phone service provider doesn't verify TLS certificates -- what does this mean?
- Eigrp and Palo Alto
- Arista ECMP in iBGP Question
- Fiber Re-build at a Small Business: OM1 to OM4?
- Azure Networking Books
- Http Proxy Injector
- MTU different size by packet type?
- Aruba Mobility Controller aaa user delete not working
- New WAN - fortigate - Help!!!!
- What would be the best way to organise and categorise static IP addresses for the business
- How internet bandwidth for buildings are decided?
| Posted: 18 Jul 2021 05:00 PM PDT It's Monday, you've not yet had coffee and the week ahead is gonna suck. Let's open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarrassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. Note: This post is created at 01:00 UTC. It may not be Monday where you are in the world, no need to comment on it. [link] [comments]  |
| Created a web-based network device monitoring tool for Cisco IOS XE devices with RESTCONF only Posted: 19 Jul 2021 07:40 AM PDT Hey there, I thought you might like posting here my latest project: I created a Django-based network device monitoring tool solely by getting the operational and configuration data via RESTCONF. Right now, only IOS XE devices are supported. When RESTCONF and ip http secure-server are enabled, you can receive the data and display it on the dashboard. Feel free to try it out or just copy/modify/extend the code. Cheers! [link] [comments]  |
| Posted: 19 Jul 2021 05:34 AM PDT Hi guys, We 're refreshing our network with NGFWs and we need to start segmenting our relatively flat network I will work with network engineers but as project manager I would like to hear from networking specialists if I can find any online resources that helps designing segmentation properly. The current state is a subnet for workstations and a subnet for servers in each location we have. Moving forward we'd ideally have proper segmentation for: - management (iDracs, management interaces for swicthes, SAN, routers,...) -printers -servers -AD -DMZ for SFTP (we do not have any public facing services except SFTP servers) - Global Protect VPN clients We have enabled LDAP integration for our Palo Alto FWs so we will be able to apply policies based on users or groups. I know this is a broad topic but are there any resources online that could help me? [link] [comments]  |
| Cumulus dropping non-Nvidia hardware? Posted: 19 Jul 2021 02:05 PM PDT I stumbled on this nugget looking at the release notes for Cumulus Linux 4.4:
Has anyone heard anything about Nvidia making Cumulus an internal NOS only? I can only find news about the acquisition a year ago. I'm in the market for another switch but this would change that calculus. [link] [comments]  |
| N9K-C93180YC-EX alternative (24/48 - 25gb ports, 6+ 100Gb ports) Posted: 19 Jul 2021 02:58 PM PDT So since my last post we deployed pair of N9K-C93180YC-EX and they are working like a charm. And now we need to deploy similar setup at two other DCs but price for these nexuses on used marked jumped 100%. Any other good alternatives ? I was looking at two SN2100 but they lack 25gb ports and can only accept 4.5w transceivers on 4 ports (which limits us a lot) Arista and juniper models which I found cost even more.. [link] [comments]  |
| Ruckus ICX errors fdry2bcm_linkscan_callback Posted: 19 Jul 2021 01:45 PM PDT Ram into 7 switches in a QinQ that froze up and had to be rebooted. This is the only error (log) i could get from any of the consoles. Anyone seen this before? 17 Comm rooms with 11 of these rooms having switches behind running in QinQ. Main network was fine (lags went into blocking state) but all accessible. 7 of the switches on QinQ connections were froze. fdry2bcm_linkscan_callback port 0/17 1 1 1 100 1: failed to send message Thoughts? [link] [comments]  |
| NSX for network overlay without a 2nd network overlay Posted: 19 Jul 2021 01:37 PM PDT Hi I'm looking into a network refresh for a Data Center, the predominant architecture is to use VMware for a software defined DC I'm trying to understand if using something ACI is necessary to work with NSX if NSX would cover most of the use cases. It's around 4 spine and maybe 10-15 leaf switches. Please could someone help me navigate this? Ive read far too many blueprints that don't really give a solid answer with everyone trying to sell their products... [link] [comments]  |
| Help on Transitioning from Cisco ISE to Aruba ClearPass Posted: 18 Jul 2021 04:55 PM PDT I'm about to start a proof of concept, with the potential result of transitioning from Cisco ISE to Aruba ClearPass. I'm trying to wrap my head around the ClearPass interface and the different way things are done compared to ISE. Right now my approach with ISE is essentially using Policy Sets to separate by NAD Vendor / MAB / 802.1X. From there, Authentication based on the relevant Identity Source, and then Authorization is where the heavy lifting is done - determining what access this device gets based on whatever relevant information. I've noticed with ClearPass that they don't even enable Authorization by default in their Service Templates. Is this normal operating procedure for ClearPass? Is everything done through Roles and Enforcement Policy instead of Authorization? I fancied myself pretty good at using ISE, but I'm finding myself a bit lost when it comes to applying that knowledge to ClearPass. Can anyone point me to some good documentation for doing a transition from Cisco ISE to Aruba ClearPass, or provide some general advice? [link] [comments]  |
| IPv6 on Fortigate breaking O365 Posted: 19 Jul 2021 12:30 PM PDT Current FortiOS: 6.4.5 We received out /56 IPV6 from our ISP and I was trying to configure basic dual stack for my internal users. I configured the default IPV6 route, added an IPv6 address to one of our internal v4 interfaces, enabled DHCP6 statefull with cloudflare and google ipv6 dns servers, created the necessary rule from inside to outside allowing ALL. Everything seem to be working: I did tests with https://test-ipv6.com/ and https://ipv6-test.com (this one said ICMP filtered - ignored it for now). I can browse, do speed tests with ipv6 only, I see icloud and whatsapp traffic going over ipv6 etc. For some reason though, I cannot open office.com nor outlook.office.com - the moment I disable IPV6, it starts working. I tried it on Mac and Windows Laptop. I also noticed that whenever I opened fast.com, the speed test never starts it stalls at the very beginning. Out of curiosity I disabled UTM features (App control, AV, IPS) and results are the same. Secondly, I created a rule from WAN to Internal allowing ICMP6 but it didnt help. Am I missing something regarding IPV6 implementation on Fortigates? **Edit - it was a IPV6 BGP issue from the ISP. [link] [comments]  |
| Request: config manual for TAP "Net Optics LA-IF4CU3/4SFP" Posted: 19 Jul 2021 12:01 PM PDT Config manual please, not the marketing one-page slicksheet. I've duck-duck'd and found many hits close (CU : 10/100) but not THIS model (CU3 : 10/100/1000). This TAP (Link Aggregator) has one dip switch (8 positions) per port on the back. The stencil shows 7 settings but isn't clear which position they're aligned to. Instead of assuming, I'm trying to find the manual. The CU (10/100) manual (only one I was able to find) has different switch settings than the CU3. TY, sooper_d [link] [comments]  |
| Our company's new phone service provider doesn't verify TLS certificates -- what does this mean? Posted: 19 Jul 2021 02:40 PM PDT Recently switched phone service providers to some dinky low-end company from New York cuz its cheaper. When configuring SIP user accounts in our softphones, they tell us to disable 'Verify TLS Certificate'. Also, they want us using TCP instead of UDP, which seemed odd to me. Shouldn't VOIP avoid TCP? Mainly, I'm concerned about the security of our calls now, which contains customer payment info. Is this normal practice for softphone configuration? Should I be concerned about call information being monitored by third parties? [link] [comments]  |
| Posted: 19 Jul 2021 09:46 AM PDT I'm sorry I'm losing it right now and just looking to see if this would work. I'm running Eigrp on Nexus routers and trying to hook in some Palos for VPC. I have a set of vlans that I want to set a static route to get to secure those vlans and then put the routing on the Palos. They presently are routed on my Nexus Routers so I'll be moving the route from Cisco to PA. So example vlan 111- 172.22.111.1/24 (now on router moving to PA), vlan 112 172.22.112.1/24 (now on router moving to PA) and vlan 660 to bring myself to that network lets say 10.60.3.1/23 with a static route on the routers. ip route 172.22.111.0 255.255.255.0 10.60.3.1 ip route 172.22.112.0 255.255.255.0 10.60.3.1 route-map RM-STATIC-TO-EIGRP ip prefix-list PFX-STATIC-TO-EIGRP seq 21 permit 172.22.111.1/24 ip prefix-list PFX-STATIC-TO-EIGRP seq 22 permit 172.22.112.1/24 PA would have subinterface of 10.60.3.1/23 tagged with the proper vlan 660 PA would have subinterface of 172.22.111.1/24 tagged with the proper vlan 111 PA would have subinterface of 172.22.112.1/24 tagged with the proper vlan 112 Right now I'm doing something like that for my PA that is on the edge through a prefix list and statics. So it seems to be working my environment. That should work over the one VPC port channel right? Its all layer 3. Sorry just super overwhelmed right now and getting dumped on. Thanks. [link] [comments]  |
| Posted: 19 Jul 2021 08:06 AM PDT Hello All, Have been trying to find it but dont seem to be coming up with a solution. Basically i have 1 Arista L3 switch that is connecting to 4 Cisco Edge routers. All Cisco devices are advertising default routes to the Arista. I am diverting traffic via Flowspec Next Hop to Arista and then to a Security Appliance. The traffic returns back to Arista and to one of the closest Cisco routers and follows GRT tor each destination. The only issue i am having is all 4 have ECMP on Arista and regardless which router sent the traffic to arista, by default bgp action, it will choose the best path to be lower IP since AS, LocPref weight etc. are all the same. ECMP is happening My question is how can i send traffic through the same interface(cisco router) that it came from? Do i just remove the maximum-paths command and should work? [link] [comments]  |
| Fiber Re-build at a Small Business: OM1 to OM4? Posted: 19 Jul 2021 07:04 AM PDT Currently at customer site is OM1 Fiber. 1 MDF 4 IDF's, all Data rooms are connected via fiber, but customer is wanting to move from 1Gbps to 10Gbps or even 25 or 40Gbps if budget permits. In general we usually use SMF, but it looks like I would need to use MMF to get the bandwidth more easily through a MMF pair instead of aggregating multiple SMF's? or am I missing something? Longest run of fiber from an IDF to another IDF would be 400ft. Most equipment onsite is Unifi gear. some of their 10gig aggregate fiber switches, and thinking of using Newer Unifi Switch Pro Agg switches with (28) 10G SFP's and (4) 25 Gbps SFP28 ports as the main connection/uplink in each IDF/MDF. And current plan would be to use USW-Enterprise XG-24 when available for the 10Gig switching to endpoints. Is going a 12-18 Strand OM4 Fiber to each IDF the right way to move forward? Is my thought of that would be capable of 1/10/25/40/100Gbps per fiber pair with the corresponding hardware and SFP's? [link] [comments]  |
| Posted: 19 Jul 2021 06:14 AM PDT Hey all, Like the title says, I'm looking for some great resources on Azure networking, something that gets down into the weeds of how vnets operate, similiarities/differences to traditional networking, and any reading choices you guys have picked that really helped understand. I'd also get it if there's nothing truly out there. Let me know [link] [comments]  |
| Posted: 19 Jul 2021 09:22 AM PDT HI guys, i have a question. so in our country we don't get have a good internet connection with good pricing, with all the tax we don't get a good internet packages.mostly we have a content based plans.most of them are for social media and messaging platforms.we have to pay for the package and after fare usage policy(mostly likes 5GB) and when the fup exceeded we get to have unlimited usage for 1mbps.because of we don't have the money for paying high internet packages we use the http proxy injector created by a-dev1412 developer (https://sourceforge.net/projects/httpproxyinjector/).first we create ssh account using free ssh account making sites.after that we use the server name indicator(SNI) for routing the all the network traffic for devices. if i have a unlimited 1mbps package for whatsapp i use the sni web.whatsapp.net. this method is only available for android and windows there are no alternatives or similar software for linux.i wonder if there anybody know how to use that method in linux [link] [comments]  |
| MTU different size by packet type? Posted: 19 Jul 2021 08:19 AM PDT Hi, So I was troubleshooting some Access points which were failing to go online (state config failed). It turned out to be a middle device which fragmented the packets between the Controller and the Access Points. Everything clear so far. Now, what is strange is that ICMP-ping with size 1500 was ok, but UDP-ping 1500 was not ok. So because CAPWAP use UDP, the APs failed to go online. My questions is: is it possible for a device to have different MTU sizes (ICMP packets pass through, but UDP packets of the same size failed)? Another explanation could be that UDP-ping (which is in fact "capwap ping" command) use larger packet head, so this would explain why ICMP is ok and UDP nok. [link] [comments]  |
| Aruba Mobility Controller aaa user delete not working Posted: 19 Jul 2021 08:23 AM PDT We have black listed a client on our controllers and are trying to kick the user off but running 'aaa user delete' with mac or IP or username and it says 'deleted 1 user' but it doesn't seem to be deleting the user from active sessions or disconnecting them. Is this the wrong command? We have Mobility Master and Controllers and I believe this command can only be run from the Controllers which we are doing. Anyone experienced this? How can I kick the user off other than finding him and physically kicking him in the head. [link] [comments]  |
| New WAN - fortigate - Help!!!! Posted: 19 Jul 2021 10:28 AM PDT Hi guys I manage a multi tenanted building where were provide each company Thier own public IP with our fortigate as the gateway. We have a /27 subnet which we've divided into /30 subnets. The first /30 subnet we configure as the WAN interface. It has the ISP router as one of the available hosts and our firewall as the other IP. The next /30 subnet we have configured as LAN added as a vlan interface, we give the fortigate one of the IPs on that vlan and tell the tenant to use the other IP with fortigate IP as the gateway. There is a static route that directs all traffic out of the main ISP router. Now this all works fine but now I'm trying to add a new WAN to first work in tandem with the current line but then will replace it. I configure just the wan interface on the port the ISP router is attached to and allow ping. To test if the interface is reachable via the net I ping the wan IP but for some reason it doesn't ping. First question Anyone know what access rule I have to create for ping to work the main wan doesn't appear to need one? (The connection definitely works as I connected a laptop directly to the second ISP router and was able to get out to the internet). For the sake of time I assumed the connection is online and configured a /30 subnet on the LAN interface just like I did before on the primary wan but this time with a public subnet provided from the new wan. I create the necessary ipv4 policies, I create a policy route to override the default static to say all traffic going from the newly created vlan should route out of new WAN. I test it and it doesn't work. I'm sorry if none of this makes sense I kinda got bored half way through writing it 😃😃😃😃. But please any help would be appreciated. [link] [comments]  |
| What would be the best way to organise and categorise static IP addresses for the business Posted: 19 Jul 2021 12:07 AM PDT I'm a new network administrator at a company, with very little experience (still studying). I often run into the problem where the IP addresses become messy and confusing and disorganised very quickly. What do you think the best way to organise these IP addresses would be? Basically, my boss wants me to categorise the IP addresses by device type (desktops from .20 - .50, mobile devices from .51 - .100, for example) but this hasn't worked well and we both haven't been keeping great track of it. Is there any other alternative to this? [link] [comments]  |
| How internet bandwidth for buildings are decided? Posted: 18 Jul 2021 06:57 PM PDT I was wondering if a condo has all its residents using 500M network from a ISP, how much bandwidth (Switch/Cable/Fiber Speed) will the building need? obviously It is not an addition problem. Otherwise any building would use 400GBE for switching, which is so much of waste, but how much should that be? What is the calculation here and Can you provide me some references from the industry? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment