Camouflaging outdoor access points and radio bridges Networking |
- Camouflaging outdoor access points and radio bridges
- Generate FCS errors using a Bad cable
- Is it just me or are contact centers for IT absolutely flooded with backlogs right now?
- Nokia 7210 SAS-D image load failed
- Dynamic routed dual hub-spoke network configuration
- Moving Network from L2 to L3 Routed
- Pros/Cons of Interface Templates on Cisco switches
- Fyi: Givex VHub software update seems to have enabled a DHCP server on their "Internet" port. Make sure you have DHCP snooping and rogue DHCP server protection.
- Firewall at Edge vs Core
- Segmenting a network based off security
- Fortigate HA, 2xWAN
- Advice Needed: Best Method/Software for Network Config Template Management
- Routed Access design - vague Cisco's description
- Two gateways/firewalls on a network in a transition period
- Newbie question... Why does this company run SD-WAN over MPLS?
- AdminToolbox.Fortiwizard Automate FortiGate VPN Tunnels
| Camouflaging outdoor access points and radio bridges Posted: 03 Aug 2021 05:26 AM PDT Hi all, I'm helping overhaul the WiFi at a professional haunted house as a side project. The topology is very straightforward; I'm just carrying a VLAN or two to some Ubi WAPs on a few outbuildings via 5Ghz nanostations. I'd love to see if anyone has any thoughts regarding my approach to spooky camouflage for the gear. See, all of the buildings are black and/or textured, and white Ubiquiti equipment will stick out like a sore thumb and distract from the attractions onsite. I come from a B+M retail networking background, and deal with similar aesthetic challenges on store frontage. Radio-transparent enclosures are a clean solve for this situation, but I'm seeing if we can find more 'organic,' fabric-based solutions for the nanostations we'll have up on pole masts. I'm thinking of gently draping the the radios with a light wicking fabric, like a burlap or black veil material, which can get damp in the rain but won't get soaked. (That's the chief concern; the camouflage material getting wet and muting the radio.) I'll be testing out a few options this week but figured I'd also poll the audience to see if anyone has any thoughts/suggestions. edit: I've also used non-metallic paint in the past for traffic camera bridges and I know it works great, but I don't want to buy all this gear for somebody else and immediately void the warranty (Ubiquiti) unless we're cornered into it design-wise. Thanks! [link] [comments]  |
| Generate FCS errors using a Bad cable Posted: 03 Aug 2021 12:26 PM PDT Hi all, I am trying to generate FCS errors for cable testing purposes. I have used some tools and was able the necessary errors. Now I want to manually tamper an ethernet cable and generate the required errors so it resembles a real bad cable. Does anyone know any specific combinations with the internal wiring which can generate those errors? Cannot use fiber here. Need this done on ethernet. TIA [link] [comments]  |
| Is it just me or are contact centers for IT absolutely flooded with backlogs right now? Posted: 03 Aug 2021 03:43 AM PDT Is it just me or are customer contact centers being absolutely flooded since about April? Real talk, I'm sure everyone in here works a variety of different technical roles in different industries. Has everyone else noticed how insanely batshit bonkers the sheer volume of customer inquiries has been since about April if this year? Like, I'm specifically in network security for a vendor of network security and our queues for support tickets is absolutely off the wall batshit crazy. I've read other forums of people in sales with customers flooding the phone lines about appliance back orders. Seems every customer contact center whether it's a simple question or a technical question is absolutely flooded right now. Is it just me or is anyone else seeing this? For reference before covid we averaged maybe 100 to 120 tickets at end of day and we are going home with over 300+ tickets in our queue some nights and rarely dipping below 250 [link] [comments]  |
| Nokia 7210 SAS-D image load failed Posted: 03 Aug 2021 02:25 PM PDT At the ISP I work at I'm seeing other providers using interesting equipment I haven't yet worked with. One of those is the Nokia Alcatel-Lucent platform, which I'm eager to start labbing up with our preferred Cisco equipment. Pretty sure I'm missing a firmware image (it was pointing to a remote server for this on the original boot config), do I have a brick on my hands? [link] [comments]  |
| Dynamic routed dual hub-spoke network configuration Posted: 03 Aug 2021 02:20 PM PDT So my network has grown a lot over the past couple years and I am unsure how to design my network going forward as in my reading a lot of the documentation says I should change how it works and gives examples that don't really match my network and we've started to see weird routing issues. There is definitely a learning curve going from a mid-size network to a truly enterprise fully redundant network that I am trying to create. So for the back story about 2.5 years ago my network was a very traditional hub-and-spoke network. I had 14 remote locations all with 2 tunnels to our data center directly because our data center also has 2 separate internet providers. I ran OSPF between the data center and the remote sites with every router and subnet being in the same area and traffic flowed beautifully between everything and life was simple. 15 routers, 28 /30 routing subnets, and 17 /24 networks for devices. Since then we have grown a lot. By next summer I am going to have 65+ locations as well as a second data center that is a part of a company we purchased. We want to use this new data center as a second hub and would like all of our sites to be actively connected to both data centers with automatic routing and failover. Documentation on OSPF that I have found states that it is a bad idea to have 50+ routers in a single area. Additionally looking at the math there are going to be 260+ /30 routing subnets, and 70+ /24 networks for devices. This is a lot of growth and it is all happening very quickly so I haven't had time to sit down and make routing changes and create new areas but we have passed 55 sites and we are starting to notice weird routing issues having everything in one area that just miraculously fix themselves when we reboot remote routers which is not my preferred solution. As of right now I haven't set anything up in the new data center or integrated it into our network and am trying to figure out what design changes I should be making. So I am looking for recommendations or even links to documentation on how to design a network like this and what should be done for routing. Do I need to stop using OSPF, if I continue using OSPF how do I set up the areas with which subnets going into which areas? TL;DR: Looking for recommendations on configuring dynamic routing on a dual hub-and-spoke network that has two data centers that each have two ISPs. [link] [comments]  |
| Moving Network from L2 to L3 Routed Posted: 03 Aug 2021 06:24 AM PDT We have a network wide refresh coming up, and I keep reading that the L2 demarc should be as close to the access layer as possible. This makes sense, there are multiple benefits like convergence, eliminating STP and other L2 chatter, etc. However, I'm having a hard time understanding a few things.
Appreciate any input. [link] [comments]  |
| Pros/Cons of Interface Templates on Cisco switches Posted: 03 Aug 2021 12:32 PM PDT We are starting switch replacements at several sites and I am considering to use interface templates at the access layer. I wanted to see if anyone uses them and was looking for any positive/negative feedback. Thanks, [link] [comments]  |
| Posted: 03 Aug 2021 02:42 PM PDT |
| Posted: 03 Aug 2021 10:38 AM PDT Obviously I would think having a firewall at the Core switch is ideal, however sometimes this may not be possible, (depending where the ISP connection is). My question is the following, is there a fundamental difference between having a firewall at the edge vs core? At the link below is a drawing of 2 scenarios, Scenario # 1 the firewall is directly connected to the core switch. Scenario # 2 the firewall is as the edge switch on it's own VLAN (SVI) is on the core switch and there is a trunk between the core and the edge. In both scenarios, the static route is pointing to the firewall. (Note) This is for a backup ISP connection and would only be used as such. Thanks for any input. [link] [comments]  |
| Segmenting a network based off security Posted: 03 Aug 2021 09:45 AM PDT I just started a security role at a new company, much larger than the own I used to work for. This role was just created since a recent security audit found big gaps in existing processes. I am not a network engineer but have some networking knowledge. We do have a new network engineer but he is very green. The previous network engineer quit out of the blue. My boss is really set on securely segmenting our network even more so than it is already. I recommended that we should definitely segment devices that process sensitive data into their own vlans and apply acls at those ports. Also, I recommended that they enable the host firewalls on all computers where available since for some unexplainable reason they are all disabled. I told him I really like the Least Privilege Principle and think we should apply here. Here is some additional info about our current network. We have about 500 computers and an additional 500 network appliances on the network across four sites. We do have guest wifi on its own separate network with no lan access except via VPN but we are planning on turning on an employee wifi. Accounting and Legal are in their separate vlans already, thank God, and we do have a DMZ network for some servers. Internal servers are all in one vlan. Some of the typical questions we have asked ourselves are, should Exchange, file servers and domain controllers be in their individual vlans, if so why? I know this is an open-end question but what else is good practice when securely segmenting a network? Any guidance would be of great help. Thanks [link] [comments]  |
| Posted: 03 Aug 2021 06:32 AM PDT Hi all, I'm trying to set up a Fortigate HA-Cluster using 2 WAN-Uplinks. The routers are of the same provider with HSRP in between configured, so I only have one (virtual) gateway. It works if I have the two uplinks connected to a switch and then to both WAN1 port on both FWs, according to this image: Forti Cookbook HA Setup But I want to eliminate all single point of failures between the firewalls and provider. So it's more like this image: Forti Cookbook Hardware Switch How am I to achieve this? I don't really need to use Forti-HW switch, I can use switches in between provider and Fortigate WAN.. Do I need to stack them to get it working? If I need to be more specific, tell me so, any help is appreciated. Thanks a lot! [link] [comments]  |
| Advice Needed: Best Method/Software for Network Config Template Management Posted: 03 Aug 2021 12:35 PM PDT Hey everyone, I wanted to reach out to the community of networking professionals here on Reddit to see how other's currently 'solve' this problem that I'm having at my current job. I work for a fortune 500, and the networking pillar of our I.T. Operations department is comprised of about 70 employees, and this truly and purely is just network engineers and their respective PM's. Currently, there is no great system for creating a single source of truth for our network configuration templates. For example, we leverage Cisco ISR4331's for our current standard of branch router, and so we have a configuration standards document for this. However, it's just a dumb old word document. What this means, as that standard interface configurations, ACL's, object-group's, etc. etc. etc. change through time, that document never gets updated. Over time, this has put my organization into a state of conflicting truth when it comes to what we should be using for design and configuration standards. I don't know if this makes sense or not, but I'm also looking for a middle ground between the Word documents of yesteryear and the configuration-as-code of the future (think DNA, ACI, etc.). I thought GitHub could work, but I don't know if that would be too steep of a learning curve for a group of people with limited experience in that platform or code management. I'm all ears to any opinion or suggestion, so if anything comes to mind, let me know. [link] [comments]  |
| Routed Access design - vague Cisco's description Posted: 03 Aug 2021 04:21 AM PDT While reading Cisco's materials for CCNP ENT about campus architecture, I came across the following paragraph about switched vs routed access layer.
I can't understand the bold sentence. Why the same VLAN can't be on other access switches? What is the problem with that? I think it is even what many companies do - the same VLAN for example for voice on all access switches. We only need different subnets but it is not the VLAN that has to be different. Can you please help me to understand this Cisco's definition? [link] [comments]  |
| Two gateways/firewalls on a network in a transition period Posted: 03 Aug 2021 03:59 AM PDT Hi, Company has a gateway with IP 192.168.1.1. This firewall has a lot of rules, nat and port forwarding. Is it OK to have a second gateway/firewall on 192.168.1.2 that is placed on a separate/new wan link in a transition period? If it's possible without any trouble, it will make it possible for me to configure and test some important rules and NAT before cutting of the 192.168.1.1 gateway. Thanks [link] [comments]  |
| Newbie question... Why does this company run SD-WAN over MPLS? Posted: 02 Aug 2021 07:46 PM PDT I recently got hired as a contractor at a large corperation to do minor networking stuff. I am studying to become a Network Admin so I am still learning a lot. They have a bunch of branch offices that use ATT MPLS circuits. But they are in the process of converting to SDWAN. They are using 2 VCEs, one is using a broadband connection, and the other is using the same MPLS circuit. Why would they do this? I thought SD-WAN is supposed to just run over broadband internet... Wouldnt their goal be to get away from MPLS? I asked one of the full time engineers and didnt really answer me... so I thought I would ask here. [link] [comments]  |
| AdminToolbox.Fortiwizard Automate FortiGate VPN Tunnels Posted: 02 Aug 2021 07:15 AM PDT I've recently built a PowerShell module that serves the purpose of generating configuration scripts for FortiGate Firewalls. While not limited to, the primary role being to generate VPN configuration scripts for different IPSec tunnel scenarios. I am responsible for building Many VPN tunnels and I got tired of the repetitive task of copying and pasting parameters into configuration scripts. I also am not a fan of the FortiGate VPN wizard so this module just made sense. As I continued to develop the function, I decided the ultimate goal would be to run a single PowerShell function and have that generate a VPN config from a VPN form. A VPN form can be sent to a 3rd party, and when returned with the required tunnel parameters such as Peer Address and remote hosts, you can immediately generate a tunnel. To take it a step further I generated Examples that use Posh-SSH to invoke the generated configuration script directly to the firewall without ever leaving PowerShell. The amount of time this will save me is huge. Fork it, change it, contribute, critique it, or ignore it. I am pretty happy with this one, and hopefully it can be useful for some of you. Here are some related links. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment