Network refresh Networking |
- Network refresh
- What Do Employers Want These Days?
- Peering with MPLS provider BGP? OSPF?
- Blogpost Friday!
- BGP and OSPF review materials or lab recommendations
- Looking for literature recommendations on enterprise networks and telecommunications
- Weird DHCP issue with wireless
- Dell PowerSwitch N2048 Stack Firmware Help
- Static mDNS-SD records on a Cisco WLC
- Anybody have any experience with Honeywell ct50/ct60 scanners and Meraki access points?
- Best way to document VLANs in a large network?
- Cisco FMC - Access Control + Geolocation
- Enterprise Switching + Routing in a Single Device?
- Sanity check regarding connecting 2 businesses (IPSEC S-2-S vs Cisco Anyconnect Client VPN)
- Real world experience with leaky coax for VoIP?
- Confused between copper straight-through and crossover cables
- Meraki Configuration Questions
- Cisco ASA to Juniper IKEv2 Tunnel Issues
- Training certifications that centre around PKIs?
- Cisco Wireless | WLC redirects the Guest portal but not prompting automatic on client devices?
- Tool for Network Access Matrix?
- Does any RADIUS server support PEAPv1 other than Cisco ISE
- Cisco RegEx
- mellanox driver instalation
| Posted: 29 Jul 2021 06:52 AM PDT Hi, We just got our quote from Cisco to upgrade our remote branches L2 access switches. 9200L 24 or 48 ports PoE. I can't believe how expensive this is ! Around 150 switches for 800K$ CAD. That's about 5K$ each including stack cables, SFPs, licensing, 3 yr support, etc. Crazy amount of money for just basic L2 switching !! [link] [comments]  |
| What Do Employers Want These Days? Posted: 29 Jul 2021 06:28 AM PDT Hello all, What do employers want these days? I've been working in the public sector for some time now and I'm planning my next move (1 year). Problem is, I've moved so high up I never touch actual equipment anymore--I just sit in on bullshit meetings. Which brings me to ask this fine group of professionals what they're working on or seeing in the field. What skills do employers expect senior network engineers to have these days? Any other advice regarding where my focus should be? I'm not looking to be this rockstar network engineer. As a man entering his 40s, those aren't my ambitions anymore. I'm just looking to be an easy hire, and able to keep up with what most organizations are doing. For context, I currently maintain the following certifications: PMP, CCNP, CCDP [link] [comments]  |
| Peering with MPLS provider BGP? OSPF? Posted: 29 Jul 2021 05:00 PM PDT I'm curious how most people peer with their mpls provider? BGP or OSPF? we've done both at different times for different reasons, BUT with our SD-wan rollout cisco doesnt support redistributing replicated routes into bgp....so im thinking of switching back over to OSPF to avoid having to put hundreds of static routes then redistributing them into bgp. do most shops peer using ospf? or bgp? also do you use one area? one AS? [link] [comments]  |
| Posted: 29 Jul 2021 05:00 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts. Feel free to submit your blog post and as well a nice description to this thread. Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it. [link] [comments]  |
| BGP and OSPF review materials or lab recommendations Posted: 29 Jul 2021 04:38 PM PDT I passed my CCNP more than a year ago, but has not got a chance to work on BGP nor OSPF outside basic configuration. I wonder if you know a good review material or labs that I can use to refresh and retain my skill Thanks [link] [comments]  |
| Looking for literature recommendations on enterprise networks and telecommunications Posted: 29 Jul 2021 03:49 PM PDT I would like to learn more about the following things:
Is there a good textbook that covers any of this in a concise way, or should I just lurk online articles, standards & documentation? [link] [comments]  |
| Weird DHCP issue with wireless Posted: 29 Jul 2021 03:39 PM PDT We've got a corporate VLAN 1 on a Cisco 3650 switch with a DHCP pool configured on cisco ISR4321. Both devices interconnected. On the switches, I've got Meraki AP with corporate SSID that utilize the vlan1 dhcp. Comcast ------ ISR ------ 3650 ------ Meraki AP Everything worked perfectly until there was a bad storm and killed the connection overnight. Things came back up but now, some corporate laptops get the dhcp from the vlan 1 (10.40.10.0) which is good and some get dhcp directly from the Comcast modem behind the ISR. The weird part is, the users that get the Comcast IP (10.1.10.0) it shows they are connected to the corporate SSID, how is that possible? And how do I get rid of that? I tried rebooting everything, clearing DHCP, etc... it's almost as if it's cached on the laptops end. Laptops were rebooted as well. I will get more time to troubleshoot tonight, just trying to get ideas. I could turn off dhcp on the Comcast modem but the ISR gets dhcp from 10.1.10.0 on the outside interface, any ideas? [link] [comments]  |
| Dell PowerSwitch N2048 Stack Firmware Help Posted: 29 Jul 2021 03:26 PM PDT Hello! We have 3 N2048 stacked we need to update the firmware. However, even after a successful upload and stack transfer, the firmware is not reflecting in show version. I've reloaded the Stack as well, but still same problem. Latest Firmware Available:6.7.0.4. ~~ ~~ then So even with a successful upload and distribution of the firmware to the stack, the current firmware still shows listed. I am new to managing the PowerSwitches but I am just going off the PDF detailing the process contained in the firmware download zip. I am connected via telnet and not console. Stack looks good [link] [comments]  |
| Static mDNS-SD records on a Cisco WLC Posted: 29 Jul 2021 03:04 PM PDT First off, I'm not an expert on mDNS by any stretch of the imagination, so apologies if I get some of the terminology incorrect. TL;DR - Is it possible to create something approximating a static mDNS record that a WLC can cache and serve to clients, essentially saying "XYZ service is available at 1.2.3.4", irrespective of whether 1.2.3.4 has actually advertised that service? I'm having a problem with a server that is supposed to serve AirPrint queues to wireless devices querying for them--essentially, the server is a wired client on an otherwise wireless subnet that serves up AirPrint queues. When things are working, the WLC sees the mDNS advertisements of these queues, and makes them available to iDevices and other things that query for ipp/ipps (AirPrint). Initially, we ran into a problem with the server not sending out advertisements. I read through the mDNS RFC and I think I determined why that was occurring--I believe the RFC states that devices should not forward out unsolicited advertisements of available services, but should only respond to queries for those services, possibly to cut down on network traffic (no sense in a device spamming out that it supports GoogleCast if there isn't anything trying to cast content). We have global multicast shut off, and if I understand the documentation correctly (https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/210835-Troubleshooting-mDNS.html), that means mDNS queries from clients remain local to the access point they're attached to, or maybe to APs in the near proximity--that way if you're sitting in conference room 101 in Building A, you only see the Apple TV in that room; you don't see the Apple TV that's in conference room 203 in Building E a half mile away. Since the print server is a "wired" client, and global multicast is disabled, it's essentially positioned such that it's never going to receive a query from a client; if it only responds to received queries and it never receives a query, it'll never advertise the AirPrint queues, and they'll never be cached on the WLC and thus never be available to wireless clients. To address this, we attached a wired client to the otherwise wireless network and set it up to periodically send out queries for AirPrint; since it was a wired client, its multicast traffic would not be subject to the limitation of having global multicast disabled. (As an aside: I've since seen in packet captures that the WLC actually periodically sends out queries for mDNS services on its wired interfaces, and the documentation linked above states as much: "When mDNS is enabled globally, the controller sends mDNS queries to 224.0.0.251 for all the services on wired (management and dynamic interfaces) and wireless network." That would seem to suggest the wired client is wholly unnecessary in terms of getting the mDNS server to respond to queries, but that's a challenge for another time.) The above solution sort of worked for a while, but I'm finding lately that the print server doesn't seem to reliably send out AirPrint advertisements, even when I can see in packet captures that the wired client (and the WLC) are sending queries. It's probably not an ideal solution and I may be falling into an xy problem trap, but is there a way on the WLC to create something like a static mDNS record? What I mean is, instead of depending on the server at 1.2.3.4 to send out advertisements of AirPrint services for the WLC to cache and serve to clients, is there a way to explicitly configure an entry on the WLC saying "IPP/S queue ABC is available on 1.2.3.4" and serve that to clients? I know that runs the risk of advertising a service as available when it really isn't because of some unrelated issue on the server, but I just want to see what options are available. [link] [comments]  |
| Anybody have any experience with Honeywell ct50/ct60 scanners and Meraki access points? Posted: 28 Jul 2021 08:20 PM PDT Very intermittent issue where scanners pop a code 0 network disconnected message and have to be rebooted. That exact scanners in the same spot will work fine after reboot. Trying to catch it in a trace but remote sites and very intermittent. Scanners and APs are locked down to the same channels. Bitrates are set to 802.11b per Honeywell documentation. All load balancing, traffic shaping, 802.1r, and fastlane features are disabled. Issue isn't a lack of coverage/signal strength. SSID is scanners only no other clients types on it. Thinking next steps (besides getting the packet capture) is bumping the minimum bitrate up to 5.5 or locking down the SSID to only 2.4. If anybody has seen a similar issue I'm all ears. [link] [comments]  |
| Best way to document VLANs in a large network? Posted: 29 Jul 2021 02:08 PM PDT Greetings all, I work at an ISP and I'm wondering what is the best way to document VLANs in a way that is easy to visualize. With lots os vlans coming and going between devices a line diagram gets very busy very fast. I have a spreadsheet separating the vlans per device, but that not easy to grasp when the vlan goes through several routers and switchs. Thank you in advance. [link] [comments]  |
| Cisco FMC - Access Control + Geolocation Posted: 29 Jul 2021 12:14 PM PDT Hey guys I'm would like to deploy access control policies with geolocation. We have some servers that are accessible from outside ( HTTPS and HTTP ) , and countries I'd say USA and Canada only. ** I don't wanna block AnyConnect clients by countries** what do you guys think about it ? how should I apply the geolocation policies? Deny > OUTSIDE > ANY > ALL THE COUNTRIES EXPECT ( USA AND Canada) permit > Outside > MY SERVER > HTTPS/HTTP is it correct ? [link] [comments]  |
| Enterprise Switching + Routing in a Single Device? Posted: 29 Jul 2021 02:00 AM PDT Hi, Does anyone know of enterprise ready devices which do switching and routing. The requirements are pretty basic:
Looking at simplifying our non critical branches to have Internet connectivity and for support to have visibility, but to reduce the hardware as much as possible on site. Does anything like this exist on the market yet? [link] [comments]  |
| Sanity check regarding connecting 2 businesses (IPSEC S-2-S vs Cisco Anyconnect Client VPN) Posted: 29 Jul 2021 09:26 AM PDT Hi all, looking for a bit of a sanity check and if my thinking is flawed or I am missing something here. We have a client we are working with, who has a vendor that provides them a LOB application via remote desktop. Currently to connect to the remote desktop they launch Cisco Anyconnect VPN, log in to that, authorize 2FA with Duo and then are able to connect to the terminal server. This worked great when the users all were connecting from individual PC's, and we had made the vendor aware that we would eventually be migrating to a Azure WVD environment and that this wouldn't be an issue. Now during testing, this has become an issue and users end up on the same host and only one user can launch Any Connect. We have proposed a solution of connecting the Azure WVD environment to their environment via a IPSEC VPN and only permitting RDP traffic on port 3389 to traverse the tunnel. We were told by their security team that an IPSEC VPN tunnel is insecure and will allow full unauthenticated access to their environment, which we all know as long as configured correctly is just not the case. Guess what I am really trying to get at is, am I missing something here that would make an IPSEC tunnel insecure or are they just not grasping the concept of what we are proposing. Or if you know anything about Cisco Any Connnect is there a way to make it work when users are connecting from the same host in a shared VDI environment? [link] [comments]  |
| Real world experience with leaky coax for VoIP? Posted: 29 Jul 2021 09:19 AM PDT I am thinking of installing leaky coax to get rid of all of the dead/weak zones in the building/elevators. Some people say that it doesn't work with voip phones very well, others say it works just fine. Does anybody have any actual experience with trying this? Edit: why is this such an unfriendly sub? [link] [comments]  |
| Confused between copper straight-through and crossover cables Posted: 29 Jul 2021 02:54 PM PDT I've been confused on the devices a straight-through and a crossover cable would be used for because i have been under the consumption that straight-through is used for unlike devices(router to switch) and crossover is used between like devices(router to router). I keep seeing people using crossovers between unlike devices, but others using ST's on like devices. So i was just wondering if anyone could clarify for me which cable would be the correct one to use in a network between devices? Still kind of a newbie to all this. [link] [comments]  |
| Meraki Configuration Questions Posted: 28 Jul 2021 07:39 PM PDT Good Evening, Just a simple question. I think I know the answer, but I'd rather be for sure before I deploy these new Meraki switches. If I have some interfaces that currently ONLY have a PC on them, but in the future will have a VOIP that tethers to a PC is it okay for me to just preconfigure these ports with Access VLANS and VOIP VLAN? I just want to make sure it's okay for me to preconfigure them this way in Meraki. It would save a lot of time to just pre add this VLAN now. [link] [comments]  |
| Cisco ASA to Juniper IKEv2 Tunnel Issues Posted: 29 Jul 2021 08:24 AM PDT As title states, seeing intermittent issues with an IKEv2 tunnel between a 5516-X and SRX. Tunnel bounces periodically throughout the day. Parameters confirmed on both sides. Error messages from ASA side are this: IKEv2-PLAT-4: (13): session manager killed ikev2 tunnel. Reason: Lost Service or this IKEv2-PLAT-4: (13): session manager killed ikev2 tunnel. Reason: Peer Reconnect Juniper side error logs (vendors side) show this : "Peer proposed unsupported multiple traffic-selector attributes for a single IPSec SA" Debugs from my side (ASA) show DPD timer expired. PCaps show the Juniper side just not responding to DPDs and then the tunnel is torn down and renegotiated. Anyone come across this before with a Juniper and ASA IKEv2 tunnel? Possible bug? Sanitized configs/debugs can be made available. Thanks in advance. [link] [comments]  |
| Training certifications that centre around PKIs? Posted: 29 Jul 2021 01:51 AM PDT Hi all, [link] [comments]  |
| Cisco Wireless | WLC redirects the Guest portal but not prompting automatic on client devices? Posted: 29 Jul 2021 07:20 AM PDT Hi, We have a wireless setup in which guest client should authenticate through web guest portal from ISE server however when client connects to the SSID the client never prompted about the guest portal page. Client are Iphone,android,laptop windows users. I have validated from logs WLC it is actually sending the guest portal page to client. To get this works, Client needs to open a browser and browse random sites after doing this.. Client able to see the guest portal and able to put their credentials. From WLC configuration the " Web Auth Captive-Bypass " is already disabled which means it should auto launch on client end. from the network summary I'm seeing that the redirect port is 80/Http which from the above logs we are redirecting 443/https. Am I on the correct page in where I'm checking on global parameters in network summary or should I check the wlan configuration itself? Any suggestion about the issue? [link] [comments]  |
| Tool for Network Access Matrix? Posted: 29 Jul 2021 09:43 AM PDT Hey all, I've been tasked with creating a Network Access Matrix. Basically listing all of the subnets at the company, and which networks can talk to which. (What networks can Data talk to, what talks to Server networks, etc. etc) The first thing that comes to mind is just a spreadsheet grid, all the networks on the x and y access, then filling out the cells with red or green. But of course with all the networks I have that would be a huge spreadsheet and be unmanageable in the long run. Is there any kind of tool anybody uses for this? [link] [comments]  |
| Does any RADIUS server support PEAPv1 other than Cisco ISE Posted: 29 Jul 2021 11:18 AM PDT I need to test an supplicant's 802.1X implementation which supports TLS, PEAPv0, PEAPv1, and TTLS. I am able to verify the implementation of all the above authentication methods other than PEAPv1 using FreeRADIUS. Is there any other RADIUS server other than Cisco ISE which supports PEAPv1? [link] [comments]  |
| Posted: 29 Jul 2021 11:15 AM PDT I'm still a little green to Cisco RegEx. I know that ^ represents the beginning of a string and $ is the end, but does ^$ with nothing in the middle essentially mean anything? Edit: Think I found my answer here, I just didn't know how to find it at first. [link] [comments]  |
| Posted: 29 Jul 2021 07:04 AM PDT hello, I have nodes with an Infiniband connection and a centos 7.9 installed. when I execute the following lspci | grep Mellanox 01:00.0 Network controller: Mellanox Technologies MT27500 Family [ConnectX-3] lspci -vv -s 01:00.0 | grep "Part number" -A 3 [PN] Part number: MCX353A-FCB I will reinstall the system to rockylinux. My question is: how to install the Mellanox hardware Is it enough to use the provided package from the distribution (yum group install Infiniband) or should I also use the package provided by the manufacturers in the following link: [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment