• Breaking News

    [Android][timeline][#f39c12]

    Monday, August 30, 2021

    Home Unlabelled Moronic Monday! Networking

    Moronic Monday! Networking

    August 30, 2021
    Enterprise Networking Design, Support, and Discussion

    Moronic Monday! Networking

    Moronic Monday!

    Posted: 29 Aug 2021 05:00 PM PDT

    It's Monday, you've not yet had coffee and the week ahead is gonna suck. Let's open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarrassed to ask!

    Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected.

    Note: This post is created at 01:00 UTC. It may not be Monday where you are in the world, no need to comment on it.

    submitted by /u/AutoModerator
    [link] [comments]

    UPDATE: Can we talk about a strange problem on my network?

    Posted: 30 Aug 2021 10:30 AM PDT

    UPDATE: It turns out the host site had some "undesirable" traffic out of Mexico last week. So, they hardened their traffic laws. We got caught up in it because, apparently, our circuit runs through Mexican pipes. We had them adjust their posture, as it relates to us, specifically, and all is well, now.

    I want to *really* thank the community for all of the help and effort that went into your responses.

    It was partially your efforts that allowed me to present the problem to the destination as "their" problem, rather than "my problem."

    So, I want to preface this issue with the understanding that I'm a reasonably capable sysadmin with a fair bit of experience in troubleshooting networking issues BUT, I'm not a "network guy."

    Now, I've been thrown into a new environment with ZERO legacy knowledge and ZERO knowledge transfer from the last guy who left. Which is fine. Whatever. It just means there's a LOT of controls, routes and hardware that I'm unsure of. Unsure of exactly what all is in place, what all we're currently relying on and what all is there, quietly screwing stuff up, that has been mothballed but not decommissioned.

    I have a good approximation but, nothing definitive.

    ALL that said.....

    So, yesterday, a specific website and all of it's subdomains started timing out on us. No changes to the traffic rules or routes that anyone knows of (and, honestly, *I'd* have been the one making changes, ostensibly). I don't hear about this issue until this morning, around 1000 hours. So, we're 24 hours behind the trail and now it's a real problem because it's been broken for a whole day and nobody has fixed it.

    I test the site, and it's not coming up. I test it from my phone and, boom, it's alive. I fire up a laptop and connect to the enterprise WIFI, no joy. Connect to a hotspot, it works (so it's not the OS doing it). I connect to VPN, it works. I google, but the results for "a website doesn't work from my corporate network" are a bit .... voluminous.

    What I have is a site that works but, not if I'm connected to my regular production network. However, it's fine from the VPN interface on the ASA, which, naturally bypasses a lot of our corporate controls. (I do not know why)

    Since it's *always* DNS, I start there. Our DNS is controlled through an Umbrella VA and it's running well, the VA dashboard assures me that not only is this domain intentionally whitelisted but, added to that, the traffic is being allowed, according to the logs.

    On to the firewall! That's not the culprit, either. We ran traps at the interface and find the traffic is flowing with reckless abandon into the ether, we just aren't getting anything back.

    Now I'm starting to feel stupid. I will happily and readily admit that networking isn't my strong suit. I'm "OK" at it, I have a deep understanding of protocols, ports, traffic and controls but, in practice, troubleshooting packets isn't what I'm good at.

    I *can* say these things:

    It doesn't *appear* to be DNS

    It almost certainly isn't the firewall

    It definitely isn't something on the desktop

    I simply have no idea where to go from here.

    I don't expect anyone to say "this is your problem, obviously" and offer me the magic ticket. I would greatly appreciate anyone chiming in with some ideas on where I might look for the "thing that fell over" so I can put it back where it was.

    submitted by /u/hkusp45css
    [link] [comments]

    PoE issue with Cisco 9300 switch and Aruba APs - requesting class 4 (30W) but only returning class 3 (15W)?

    Posted: 30 Aug 2021 02:37 PM PDT

    I'm having some issues in a lab setup with a Cisco 9300 switch, and some Aruba AP-325 APs.

    We recently changed from a Ruckus to a Cisco switch. However, now the Aruba APs have a steady amber system light. According to this link, this means they are in power restricted mode (802.3af).

    If I check the Aruba MC (AOS 8.8.0.1), this does seem to be the case - the AP's are showing the r (power restricted) flag:

    (FOO) *#show ap database long AP Database ----------- Name Group AP Type IP Address Status Flags Switch IP Standby IP Wired MAC Address Serial # Port FQLN Outer IP User ---- ----- ------- ---------- ------ ----- --------- ---------- ----------------- -------- ---- ---- -------- ---- 00:4e:35:c9:51:32 default 325 10.134.1.54 Up 4m:31s 2r 10.134.1.5 0.0.0.0 00:4e:35:c9:51:32 CNH2HN77X4 N/A N/A N/A 00:4e:35:ca:cf:aa default 325 10.134.1.175 Up 4m:41s 2r 10.134.1.5 0.0.0.0 00:4e:35:ca:cf:aa CNHGHN7242 N/A N/A N/A 48:4a:e9:c5:de:a2 default 375 10.134.1.192 Up 3m:56s 2rI 10.134.1.5 0.0.0.0 48:4a:e9:c5:de:a2 CNHQK8018F N/A N/A N/A 48:4a:e9:c5:df:f2 default 375 10.134.1.189 Up 4m:28s 2rI 10.134.1.5 0.0.0.0 48:4a:e9:c5:df:f2 CNHQK80198 N/A N/A N/A b0:b8:67:cd:e7:18 default 325 10.134.1.59 Up 4m:13s 2r 10.134.1.5 0.0.0.0 b0:b8:67:cd:e7:18 CNGZHN700L N/A N/A N/A Flags: 1 = 802.1x authenticated AP use EAP-PEAP; 1+ = 802.1x use EST; 1- = 802.1x use factory cert; 2 = Using IKE version 2 B = Built-in AP; C = Cellular RAP; D = Dirty or no config E = Regulatory Domain Mismatch; F = AP failed 802.1x authentication G = No such group; I = Inactive; J = USB cert at AP; L = Unlicensed M = Mesh node N = Duplicate name; P = PPPoe AP; R = Remote AP; R- = Remote AP requires Auth; S = Standby-mode AP; U = Unprovisioned; X = Maintenance Mode Y = Mesh Recovery b = bypass of AP1x timeout; c = CERT-based RAP; e = Custom EST cert; f = No Spectrum FFT support i = Indoor; o = Outdoor; s = LACP striping; u = Custom-Cert RAP; z = Datazone AP p = In deep-sleep status; m = Protocol Mismatch 4 = WiFi Uplink r = Power Restricted; T = Thermal ShutDown; t = Temperature Restricted Total APs:5

    I checked the POE status on the Cisco switch, and it's showing class 4 for those ports:

    Switch>show power inline Module Available Used Remaining (Watts) (Watts) (Watts) ------ --------- -------- --------- 1 755.0 107.8 647.2 Interface Admin Oper Power Device Class Max (Watts) --------- ------ ---------- ------- ------------------- ----- ---- Gi1/0/1 auto on 15.4 Ieee PD 0 30.0 Gi1/0/2 auto on 15.4 Ieee PD 0 30.0 Gi1/0/3 auto off 0.0 n/a n/a 30.0 Gi1/0/4 auto off 0.0 n/a n/a 30.0 Gi1/0/5 auto off 0.0 n/a n/a 30.0 Gi1/0/6 auto off 0.0 n/a n/a 30.0 Gi1/0/7 auto on 15.4 Ieee PD 4 30.0 Gi1/0/8 auto off 0.0 n/a n/a 30.0 Gi1/0/9 auto off 0.0 n/a n/a 30.0 Gi1/0/10 auto on 15.4 Ieee PD 4 30.0 Gi1/0/11 auto on 15.4 Ieee PD 4 30.0 Gi1/0/12 auto off 0.0 n/a n/a 30.0 Gi1/0/13 auto off 0.0 n/a n/a 30.0 Gi1/0/14 auto off 0.0 n/a n/a 30.0 Gi1/0/15 auto off 0.0 n/a n/a 30.0 Interface Admin Oper Power Device Class Max (Watts) --------- ------ ---------- ------- ------------------- ----- ---- Gi1/0/16 auto off 0.0 n/a n/a 30.0 Gi1/0/17 auto off 0.0 n/a n/a 30.0 Gi1/0/18 auto off 0.0 n/a n/a 30.0 Gi1/0/19 auto on 15.4 Ieee PD 4 30.0 Gi1/0/20 auto on 15.4 Ieee PD 4 30.0 Gi1/0/21 auto off 0.0 n/a n/a 30.0 Gi1/0/22 auto off 0.0 n/a n/a 30.0 Gi1/0/23 auto off 0.0 n/a n/a 30.0 Gi1/0/24 auto off 0.0 n/a n/a 30.0 --------- ------ ---------- ---------- ---------- ------ ----- Totals: 7 on 107.8

    I thought class 4 means they should be able to draw at 802.3at power levels? (And the max watts is showing 30W - although I do note they're pulling at 15W).

    I took a POE tester to one of the ports on the Cisco switch - and requested Class 4 - however, it seemed to return to me Class 3 - so to my untrained eye it seems like an issue with the Cisco switch - but the Cisco power inline output shows Class 4 for those ports?

    https://i.imgur.com/OFMMbWd.jpg (POE Tester Output)

    Does anybody have any ideas what's going on?

    UPDATE

    I enabled LLDP, as others suggested. (This page has some examples of configuring LLDP - I'm normally more of a Ruckus/Arista guy, so need to mentally switch to Cisco...aha):

    Switch>enable Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#lldp run Switch(config)
    Read more
    at

    No comments:

    Post a Comment

    Fashion

    Beauty

    Travel