Blogpost Friday! Networking

---

• Blogpost Friday!
• VyOS 1.3.0 epa1 released
• PSA: AnyConnect Pre-4.10 pulled from Cisco Downloads
• EVPN and Anycast Gateway on Juniper
• Juniper/Mist AP32/AP33 Wall Mount
• Independent benchmarking of WIFI6 access points
• Vonage IP Networks
• A10 AX2500 failover
• Using the terms VLAN and Subnet - are they synonymous?
• Wireshark setup to capture HTTPS
• What would an AX client choose - weak AX or stronger AC?
• Password complexity for TACACS+ (running on Linux server)
• Ansible juniper_junos_config "network os junos is not supported"
• Dell N1548P active and backup images
• Career advice after too many years in the same company : selecting job opportunities
• PTMP in a small Congolese city
• why is netmiko not sending commands from file for me?
• Juniper third party maintenance
• Cisco SDWAN Python SDK
• Do all ISPs bond from upstream connectivity sources?
• TACAS accounting logs on ISE
• Planning a LAN deployment for 100+ mobile devices
• What is the difference between instant on 1930 switches and entry-level Aruba switches like 2530 and cx6100.
• Surveillance system firewalls
• Network documentation and diagraming tips?

Blogpost Friday! Posted: 30 Sep 2021 05:00 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts. Feel free to submit your blog post and as well a nice description to this thread. Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it. submitted by /u/AutoModerator [link] [comments]

VyOS 1.3.0 epa1 released Posted: 30 Sep 2021 09:21 AM PDT VyOS team just released 1.3.0 early production access 1, which is available for download for anyone. Now there are just some final touches before this goes into LTS. Since its open source, hopefully the community can join in and do more testing! Highlights of the new version is VRF, MPLS/LDP, IS-IS and lots of optimization of the code under the hood. More info on their blog here https://blog.vyos.io/vyos-1.3.0-epa1-release ​ This is the next LTS version after VyOS 1.2.x. Hopefully it will be as stable as 1.2 has been. Personally I run about 60 1.2.8 routers in productions, and a few 1.3.0-release candidates. They have all been very stable! New features are added to 1.4 track now. submitted by /u/sliddis [link] [comments]

PSA: AnyConnect Pre-4.10 pulled from Cisco Downloads Posted: 30 Sep 2021 12:36 PM PDT I noticed that Cisco has done some housekeeping recently and cleared out all previous builds of AnyConnect, leaving 4.10 as the only train available. The release notes say that AnyConnect 4.10.x will become the maintenance path for any 4.x bug. Makes me wonder what was going on with previous builds that the needed to be pulled. submitted by /u/Poulito [link] [comments]

EVPN and Anycast Gateway on Juniper Posted: 30 Sep 2021 03:38 AM PDT I want to use the Anycast Gateway feature on Juniper MX. The reason I want to use it is to provide resilience to some customers that only have a /30 IP address configured (unable to run VRRP with a /30) between the two routers. I only have 2 x MX devices and that's the only place I need this Anycast Gateway feature to work (not extending it anywhere else in the network) I can't use MC-LAG because they are MX5 but also the downstream switches are two separates switches (not a stack) I have labbed it up and it seems to partially work but I'm getting about 20% packet loss but I can't seem to work out why. If I just create a normal IP address on ae1.107 on one of the routers it works fine and no packet loss which makes me pretty sure it's related to the EVPN/Anycast Gateway config. Below are the configs from my two routers. AE0 is used for connectivity between the two routers for OSPF, BGP, MPLS. AE1 is where I want to put customer interfaces. I have configured one IP address on irb.107 (100.100.100.2/30) I have another device in VLAN 107 and if I leave a ping running to 100.100.100.1 (Anycast IP address on the MXs) it responds fine but there is the packet loss. Can anybody see any obvious issues with this config? MX1 set interfaces ae0 flexible-vlan-tagging set interfaces ae0 aggregated-ether-options lacp active set interfaces ae0 aggregated-ether-options lacp periodic fast set interfaces ae0 unit 106 description "new iBGP connection to MX2" set interfaces ae0 unit 106 vlan-id 106 set interfaces ae0 unit 106 family inet address 2.1.1.1/30 set interfaces ae1 description "Aggregate to Customers" set interfaces ae1 enable set interfaces ae1 flexible-vlan-tagging set interfaces ae1 encapsulation flexible-ethernet-services set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp periodic fast set interfaces ae1 unit 0 family bridge interface-mode trunk set interfaces ae1 unit 0 family bridge vlan-id-list 107-109 set interfaces irb unit 107 family inet address 100.100.100.1/30 set interfaces irb unit 107 mac 00:00:00:01:01:01 set interfaces lo0 unit 0 family inet address 50.50.50.40/32 set routing-instances EVPN instance-type virtual-switch set routing-instances EVPN protocols evpn default-gateway do-not-advertise set routing-instances EVPN protocols evpn extended-vlan-list 107-109 set routing-instances EVPN bridge-domains NETWORK1 domain-type bridge set routing-instances EVPN bridge-domains NETWORK1 vlan-id 107 set routing-instances EVPN bridge-domains NETWORK1 routing-interface irb.107 set routing-instances EVPN bridge-domains NETWORK2 domain-type bridge set routing-instances EVPN bridge-domains NETWORK2 vlan-id 108 set routing-instances EVPN bridge-domains NETWORK3 domain-type bridge set routing-instances EVPN bridge-domains NETWORK3 vlan-id 109 set routing-instances EVPN interface ae1.0 set routing-instances EVPN route-distinguisher 1000:1000 set routing-instances EVPN vrf-target target:1000:1000 set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 50.50.50.40 set protocols bgp group ibgp family inet-vpn unicast set protocols bgp group ibgp family evpn signaling set protocols bgp group ibgp neighbor 50.50.50.48 set protocols ldp interface ae0.106 set protocols mpls interface ae0.106 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ae0.106 set routing-options autonomous-system 6500 set routing-options forwarding-table chained-composite-next-hop ingress evpn MX2 set interfaces ae0 flexible-vlan-tagging set interfaces ae0 aggregated-ether-options lacp active set interfaces ae0 aggregated-ether-options lacp periodic fast set interfaces ae0 unit 106 description "new iBGP connection to MX1" set interfaces ae0 unit 106 vlan-id 106 set interfaces ae0 unit 106 family inet address 2.1.1.2/30 set interfaces ae1 description "Aggregate to Customers" set interfaces ae1 enable set interfaces ae1 flexible-vlan-tagging set interfaces ae1 encapsulation flexible-ethernet-services set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp periodic fast set interfaces ae1 unit 0 family bridge interface-mode trunk set interfaces ae1 unit 0 family bridge vlan-id-list 107-109 set interfaces irb unit 107 family inet address 100.100.100.1/30 set interfaces irb unit 107 mac 00:00:00:01:01:01 set interfaces lo0 unit 0 family inet address 50.50.50.48/32 set routing-instances EVPN instance-type virtual-switch set routing-instances EVPN protocols evpn default-gateway do-not-advertise set routing-instances EVPN protocols evpn extended-vlan-list 107-109 set routing-instances EVPN bridge-domains NETWORK1 domain-type bridge set routing-instances EVPN bridge-domains NETWORK1 vlan-id 107 set routing-instances EVPN bridge-domains NETWORK1 routing-interface irb.107 set routing-instances EVPN bridge-domains NETWORK2 domain-type bridge set routing-instances EVPN bridge-domains NETWORK2 vlan-id 108 set routing-instances EVPN bridge-domains NETWORK3 domain-type bridge set routing-instances EVPN bridge-domains NETWORK3 vlan-id 109 set routing-instances EVPN interface ae1.0 set routing-instances EVPN route-distinguisher 1000:1000 set routing-instances EVPN vrf-target target:1000:1000 set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 50.50.50.48 set protocols bgp group ibgp family inet-vpn unicast set protocols bgp group ibgp family evpn signaling set protocols bgp group bitco-ibgp neighbor 50.50.50.40 set protocols ldp interface ae0.106 set protocols mpls interface ae0.106 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ae0.106 set routing-options autonomous-system 6500 set routing-options forwarding-table chained-composite-next-hop ingress evpn submitted by /u/Tars-01 [link] [comments]

Juniper/Mist AP32/AP33 Wall Mount Posted: 30 Sep 2021 01:28 PM PDT Anyone able to get any pictures for an AP32 or AP33 mounted with the stock bracket (APBR-U) on the wall? Ideally over a 1 gang or double gang box? Any pictures at all would be great, a few side profile and bottom pictures would be super great. So far my google research hasn't been successful. Bracket looks to have a .8 inch offset, for thermals i assume. If its up near the ceiling, looking from below, the way i think the cable routes, i assume you can see the cable plugging into the ports? Cisco/Meraki has always been good with mounting, brackets, and aesthetics. We are working with aruba, and there slide mount method leaves a little bit to be desired for wall mount situations. Mist was out of our price range right now, but we will have more to buy next year and things may be different. Curious how much "better" mist would look/be if mounting on the wall. submitted by /u/cooldude919 [link] [comments]

Independent benchmarking of WIFI6 access points Posted: 30 Sep 2021 11:53 AM PDT Is anyone aware of any independent orgs publishing benchmarking test results on enterprise grade WIFI6 access points? It's time for our gear refresh and my plan is gather a mix of wifi-5 and wifi-6 clients for automated tests. The tests will focus on: -Speed -Capacity -Airtime utilization (measuring retries, packet loss, etc..) I'll get half of the inventory this year and add WIFI6e APs when the market becomes more mature. submitted by /u/vakennu [link] [comments]

Vonage IP Networks Posted: 30 Sep 2021 12:30 PM PDT We have Vonage Business for our office phone system. Prior to that, we just used Vonage residential units at each desk. When using the residential gateways, I found a document years ago on Vonage's support site that listed the IP blocks and ports that needed to be available for a two way conversation to happen. I can't find that for the VB service and they definitely aren't the same, as the softphones on user's PCs aren't working. I've now spent about 3.5 hours on the phone with their business support trying to get this info. I'm currently on hold with their Advanced Support trying to get the info. I don't suppose anyone has it or can point me to a support doc? Hope this is okay to post in /r/networking submitted by /u/soopastar [link] [comments]

A10 AX2500 failover Posted: 30 Sep 2021 08:12 AM PDT We added a node to an existing A10 device to restore HA. Instead of coming up as vMaster-active and vBlade-standby, it's the opposite, vMaster-standby and vBlade-master, and logging in with the floating mgmt IP lands you in the vMaster-standby. This leads me to believe that the mgmt plane is active on one box while the dataplane is active on the other. How do I go about getting both active on the same box? We are using both aVCS and vrrp-a. submitted by /u/slicerpro [link] [comments]

Using the terms VLAN and Subnet - are they synonymous? Posted: 30 Sep 2021 08:47 AM PDT I have a couple embarrassing questions, I might be confused about some details regarding subnets/vlans. I see a lot of people referring to the 3rd octet in a device's ip address as the device's VLAN, but I don't believe they're using the correct term. Even when talking about a /24 network wouldn't they be referring to the subnet the device is in rather than the vlan? If I am not mistaken, 10.20.50.22 /24 and 10.20.50.23 /24 can each be assigned to separate VLANS. -1 Would they still be considered in the same subnet? -2 I believe if they are in different vlan's they wouldn't be able to communicate unless there was a route setup, is that correct? -3 I don't believe it's accurate to say these devices are on vlan 50, they probably would be on the native vlan 0 unless instructed to a vlan through lldp or dhcp, is that true? I would say 10.20.50.22 and 10.20.50.23 are in the same subnet, but can't determine if they are in the same vlan. I am just asking because 8/10 customers I talk to would say these are in vlan 50 and it's driving me nuts. Thanks for reading my noob questions, any responses are appreciated. submitted by /u/Only-Arm1322 [link] [comments]

Wireshark setup to capture HTTPS Posted: 30 Sep 2021 10:44 AM PDT I'm trying to troubleshoot a performance issue with an application for a client. This application sends HTTPS calls which I can see in Fiddler. Unfortunately the client uses ZScaler which doesn't allow Fiddler as proxy. There's a workaround for this but client would prefer not implementing this. I thought of using Wireshark but I can't seem to get it to capture HTTPS? Testing on my own machine, if I load an HTTP website in the browser I can see entries, if HTTPS no entries. Then if I load the application in question on my own machine in HTTP, I still cannot see anything logged. The client has the same application but with added security (HTTPS) but I can't seem to log HTTP traffic locally let alone HTTPS. I know the calls do go through as they're logged by Fiddler (which I've closed while testing Wireshark). Is this possible to achieve? submitted by /u/vtq90 [link] [comments]

What would an AX client choose - weak AX or stronger AC? Posted: 30 Sep 2021 09:50 AM PDT Hi all, Shocked I came up empty handed trying to Google this. I've got one AX AP and a separate SSID for IoT noise that is AC only. I'm thinking of throwing a spattering of AC APs into the mix and spreading them around the environment, and then replicating the AX SSID onto those APs, hoping the AX clients will continue to seek out and use the AX AP even when there is a closer and stronger AC AP available, thus unlocking the real potential of AX for those clients! This would be a very expensive experiment though! So I'm hoping someone can speak to what the AX client would actually do in this situation? I know I can probably lock them to AX only to make it happen, but I'd like them to still be able to fallback to the AC APs in the event that the AX AP is down, or when the clients that move are just way too far out of range. Edit: Additional, possibly of use information - all the AC APs are Omada and centrally managed, but the AX is off-brand, so any kind of AP-to-AP centralized band steering (if that's even a thing) is probably not possible. I may add Omada AX to the mix down the line, but it's not in the cards at this time. submitted by /u/Hyacin75 [link] [comments]

Password complexity for TACACS+ (running on Linux server) Posted: 29 Sep 2021 11:59 PM PDT Hello, we have a Huawei based network - around 35 L3 switches - and we use a Debian server with Tacacs+ installed to manage access to these swtiches as well as privilege levels. At this point we have 3 privilege level groups configured and 10 active usernames. What we need in our environment is to enforce password complexity but I cannot find any information on how to configure it on our Tacacs+ server - is it even possible? If not, is there alternative to Tacacs+ we could use? Preferably a free solution. Any help is appreciated. Thank you submitted by /u/MassiveCapercaillie [link] [comments]

Ansible juniper_junos_config "network os junos is not supported" Posted: 30 Sep 2021 07:01 AM PDT [Solved] Hi fellow network engineers :), I'm trying to retrieve the current config of some Juniper firewalls with ansible 2.10. I've used the following documentation to set up the playbook:https://www.juniper.net/documentation/us/en/software/junos-ansible/ansible/topics/topic-map/junos-ansible-configuration-retrieving.html Working with ASAs using the cisco.asa modul has worked fine, but with our Juniper SRXes the following playbook: - name: Juniper FIREWALLS hosts: juniper_firewalls gather_facts: no roles: - Juniper.junos connection: local ignore_unreachable: true ignore_errors: true tasks: - name: JUNIPER CONFIG juniper_junos_config: retrieve: "committed" register: output RElevant section of the inventory: [ibm_firewalls] myjuniperhost ansible_host=1.2.3.4 ansible_connection=local produces this output: fatal: [myjuniperhost]: FAILED! => {"msg": "network os junos is not supported"} Versions etc.: ansible-galaxy list && ansible-galaxy collection list && ansible --version # /root/.ansible/roles - Juniper.junos, 2.4.3 - juniper.junos, 2.4.3 # /usr/share/ansible/roles [WARNING]: - the configured path /etc/ansible/roles does not exist. # /root/.ansible/collections/ansible_collections Collection Version ----------------- ------- ansible.netcommon 2.4.0 ansible.posix 1.2.0 ansible.utils 2.4.1 cisco.asa 2.0.0 juniper.device 1.0.0 ansible 2.10.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible python version = 3.6.12 (default, Dec 02 2020, 09:44:23) [GCC] I'm sure I'm missing something basic, but could someone please point me to the right direction? I've been banging my head against this for a while now... ​ Thanks, CB submitted by /u/Cyberbird85 [link] [comments]

Dell N1548P active and backup images Posted: 30 Sep 2021 09:08 AM PDT When auditing a new clients switches I saw that some of the backup images were different from the current images. Is this normal in the Dell switch world? I am currently looking through the User's Configuration Guide for the upgrade process and if there is any notes on it about this situation. submitted by /u/MexiBulldog [link] [comments]

Career advice after too many years in the same company : selecting job opportunities Posted: 30 Sep 2021 08:53 AM PDT Hi, I have 10 years of experience in network and security infrastructure (switch, firewalls, reverse proxy and so on) I have been doing integration consultancy projects (HLD, LLD config and deployment in production) for 5 years now for many big clients in my country. Before that I was in a NOC team. I want to move company because I have seen everything in my current place and because I they specialized me too much on 1 product (on prem LB). ​ I have 2 job offers: 1: small company of 350 users, so IT for this company will be a lot smaller of what I've seen (about 10 people in the prod team, 1 infra guy (I would be the 2nd guy), other guys for systems) They also have a team of internal devs that build some very specific apps with a little bit of AI and some complex calculation, so it's not just basic IT like emails, phones, internal apps, wifi, etc. There will be many technology to learn apart for network and security stuff, like ESX, kubernetes, public cloud, storage, some automation and even voice But it will also be production work too so, there will be incidents to manage and in a non formalized environment (small team) There will also have projects to install the new stuff or replace old infrastructure. They are quite happy of their IT budget that is still increasing over the years. They want me to bring my knowledge in best practices that I gained working on projects in well organized environments. What I like here is to be able to work with the whole infrastructure and not just be specialize on 1 niche. The challenge here will be to learn the new stuff and going back to incident management (but I think it will be easier that what I did when I was in NOC) And also there will be architecture work like choosing and designing new infra from time to time, they build labs to tests solutions and they use consultancy to reinforce the team when deploying new stuff, so I think this is a good opportunity to learn the tech on the job. Maybe there is also the opportunity to learn from others regarding all the tech because the team is not siloed. But it also can be a job where they are looking for unicorns, so maybe it's a trap. ​ ​ 2: Big consulting company that covers all aspect of IT (technical and functional). My job would be in their technical branch to work on security projects for multiple clients as an expert (on prem and cloud) and also start learning and doing architecture. They have just created this branch and are starting to grow. So here I think there are opportunities to specialize more on security (which I prefer, I don't do networking much anymore) but with a lot more work and stress and all the problems related to consultancy. There will be travel but not as many as a pure integrator that is contently on site. ​ --- Regarding compensation it's about the same for both (1 has more perks and variable stuff, job is very close to where I live and almost no travel, and the office are nice). ​ Job 1 feels easier for me (on paper) and I want to broaden my skills on many tech, but I think it can be problematic in the long term regarding progression. I think moving from bigger companies network to small is possible, but moving from small to bigger is more a lot more complicated. And I will also lose the multi client aspect. Job 2 is a challenging job for me, with many aspect of security I will have to learn : on prem and also in the cloud and not just FW. And also start to do architecture --- Has anyone worked within a similar small IT team ? Has anyone progressed into architecture ? What is the difference from doing architecture within a company or doing architecture projects as a consultant for a client ? What do you think about my case ? submitted by /u/xcorv42 [link] [comments]

PTMP in a small Congolese city Posted: 30 Sep 2021 01:10 AM PDT Hy guys I have a small telecom company in Congo, we would like to deploy a Point to multi point service to offer affordable residential internet. We will use ubiquiti equipment ( rocket 5ac lite and omni 5g13 antenna) wich will be connected to a v-sat with a bandwidth of 20mbps/6Mbps for wich we pay 600$/month The plan is to provide unlimited 2/1 internet to our customers in the range of 50/70$ per month. My question is, how much customers will be able to share that 20/6 bandwidth without it being saturated? I know it depends of a lot of factors, but take in account that most users here only use internet for basic stuff, like whatsapp, Facebook, YouTube, etc submitted by /u/Djibanzee [link] [comments]

why is netmiko not sending commands from file for me? Posted: 30 Sep 2021 07:53 AM PDT Good day trying to get this to work now, I don't understand whats wrong.... I really don think it's the code I can send output = net_connect.send_command('show ip int brief') no problem and get results back - so not an ssh or connectivity issue also tried output = net_connect.send_config_set(['interface tunn3','shutdown']) too which wont work either ran below from pycharm and ran in from cmd - getting same errors ​ from netmiko import ConnectHandler ios_devices = { 'device_type': 'cisco_ios', 'ip': '192.168.50.88', 'username': 'cisco', 'password': 'cisco', 'secret': 'cisco', } net_connect = ConnectHandler(**ios_devices) output = net_connect.send_config_from_file(config_file='commands_file') print(output) ​ ​ C:\Users\howyegettinon\Desktop\PYTHON\PycharmProjects\DMVPN>python testConfigFromFile.py Traceback (most recent call last): File "C:\Users\howyegettinon\AppData\Local\Programs\Python\Python39\lib\site-packages\paramiko\channel.py", line 699, in recv out = self.in_buffer.read(nbytes, self.timeout) File "C:\Users\howyegettinon\AppData\Local\Programs\Python\Python39\lib\site-packages\paramiko\buffered_pipe.py", line 164, in read raise PipeTimeout() paramiko.buffered_pipe.PipeTimeout During handling of the above exception, another exception occurred: Traceback (most recent call last): File "C:\Users\howyegettinon\AppData\Local\Programs\Python\Python39\lib\site-packages\netmiko\base_connection.py", line 573, in _read_channel_expect new_data = self.remote_conn.recv(MAX_BUFFER) File "C:\Users\howyegettinon\AppData\Local\Programs\Python\Python39\lib\site-packages\paramiko\channel.py", line 701, in recv raise socket.timeout() socket.timeout During handling of the above exception, another exception occurred: Traceback (most recent call last): File "C:\Users\howyegettinon\Desktop\PYTHON\PycharmProjects\DMVPN\testConfigFromFile.py", line 14, in <module> output = net_connect.send_config_from_file(config_file='commands_file') File "C:\Users\howyegettinon\AppData\Local\Programs\Python\Python39\lib\site-packages\netmiko\base_connection.py", line 1809, in send_config_from_file return self.send_config_set(cfg_file, **kwargs) File "C:\Users\howyegettinon\AppData\Local\Programs\Python\Python39\lib\site-packages\netmiko\base_connection.py", line 1876, in send_config_set output += self.config_mode(*cfg_mode_args) File "C:\Users\howyegettinon\AppData\Local\Programs\Python\Python39\lib\site-packages\netmiko\cisco_base_connection.py", line 48, in config_mode return super().config_mode( File "C:\Users\howyegettinon\AppData\Local\Programs\Python\Python39\lib\site-packages\netmiko\base_connection.py", line 1756, in config_mode if not self.check_config_mode(): File "C:\Users\howyegettinon\AppData\Local\Programs\Python\Python39\lib\site-packages\netmiko\cisco\cisco_ios.py", line 32, in check_config_mode return super().check_config_mode(check_string=check_string, pattern=pattern) File "C:\Users\howyegettinon\AppData\Local\Programs\Python\Python39\lib\site-packages\netmiko\cisco_base_connection.py", line 38, in check_config_mode return super().check_config_mode(check_string=check_string, pattern=pattern) File "C:\Users\howyegettinon\AppData\Local\Programs\Python\Python39\lib\site-packages\netmiko\base_connection.py", line 1740, in check_config_mode output = self.read_until_pattern(pattern=pattern) File "C:\Users\howyegettinon\AppData\Local\Programs\Python\Python39\lib\site-packages\netmiko\base_connection.py", line 655, in read_until_pattern return self._read_channel_expect(*args, **kwargs) File "C:\Users\howyegettinon\AppData\Local\Programs\Python\Python39\lib\site-packages\netmiko\base_connection.py", line 583, in _read_channel_expect raise NetmikoTimeoutException( netmiko.ssh_exception.NetmikoTimeoutException: Timed-out reading channel, data not available. submitted by /u/howyegettinon1 [link] [comments]

Juniper third party maintenance Posted: 30 Sep 2021 07:49 AM PDT Hi everyone, Currently we are looking for a very reliable third party maintenance 24/7 for Juniper MX. We have reached out to some company like Parkplace but the sales teams doesn't react. It would be to support about 20 Juniper MX routers in a large scale ISP environment. Someone as some recommendation? We are EU based company but the infrastructure are spreaded accross the globe. Thanks submitted by /u/thomvn [link] [comments]

Cisco SDWAN Python SDK Posted: 30 Sep 2021 05:07 AM PDT I am looking at automating some of my Cisco SDWAN deployment with a python script. I was going to use the rest API but then I saw they have a python SDK. Does anyone have experience with the SDK? As I would like to use the SDK as it is easier but I am not sure if it has feature parity. submitted by /u/bluerackham [link] [comments]

Do all ISPs bond from upstream connectivity sources? Posted: 30 Sep 2021 08:31 AM PDT (Attempting this under rule 6 - this is for informational purposes; clearly, I don't work in the industry): Internet bonding is pretty great although for private consumers it's a little tricky to configure. ISPs are in the business of delivering reliable internet to businesses. High availability backed by an SLA is a common requirement. I'd be curious to know how common it is for ISPs (say tier three or twos) to bond together upstream connectivity sources in order to deliver better networking for their customers. Another question: wouldn't it make sense for every ISP down the food chain to do this? Say: add a few cellular and satellite links to bolster connectivity in case there's disruption further up the pipe? Is this common practice in the industry or only something that certain ISPs will do in order to upsell consumers on connection that's more robust than the average requirement? submitted by /u/danielrosehill [link] [comments]

TACAS accounting logs on ISE Posted: 30 Sep 2021 08:29 AM PDT Is there anyway I can delete tacas accounting logs that are shown in the reports section on ISE? submitted by /u/Som3a92 [link] [comments]

Planning a LAN deployment for 100+ mobile devices Posted: 30 Sep 2021 08:23 AM PDT My startup is planning an event in the near future. It will be in a large space (brewery). Our needs are: LAN connectivity for 100+ mobile devices running our own app which features a real-time multiplayer component, so low latency is of the essence. Bandwidth is not as much of a concern (average of <1 Mb/s per client with spikes of a few Mb/s). Server will be my gaming rig with a wired connection directly to router. No public internet access is required. (We could connect this LAN deployment to the venue's internet, but we are concerned of public internet traffic degrading network conditions, so keeping it to LAN only seems preferred?) Our setup will be in one corner of the space, wifi only needs to be strong/reliable in that corner, not the entire space. Budget is $1000 max preferably. Was thinking of getting 2 APs and an enterprise router. Does that sound reasonable? (Was leaning towards Ubiquiti APs and a pfsense Netgate router, but it seems Ubiquiti has fallen out of fashion?) Would appreciate any equipment recommendations, as well as anything to consider that might not be immediately obvious. I have never deployed something like this before. Thanks for your time. submitted by /u/ResonantMango [link] [comments]

What is the difference between instant on 1930 switches and entry-level Aruba switches like 2530 and cx6100. Posted: 30 Sep 2021 12:50 AM PDT We are planning to deploy some Access layer switches in our network, we want to integrate these switches with Clearpass, initially planning to buy cx6100 but instant on 1930 is cheaper than CX. How do these switches compare regarding Clearpass integration? submitted by /u/sjnair [link] [comments]

Surveillance system firewalls Posted: 30 Sep 2021 08:22 AM PDT I work surveillance in the casino industry in Nevada. I've been tasked with setting up remote access and viewing across multiple locations to be connected to a central office. Due to gaming regulations, all DVR devices must be connected to a hardware firewall on both the satellite location and the central office. I have never worked with hardware firewalls and I have no idea where to start. Can anyone give me recommendations on a decent hardware firewall? If it matters, all DVR units are Hikvision units. submitted by /u/gion_siroak [link] [comments]

Network documentation and diagraming tips? Posted: 29 Sep 2021 04:36 PM PDT I have never had to do this before outside of lab environments and I am relatively green at networking (I do have my CCNA). The whole IT team is new at my site and I seem to be the one with the most networking knowledge and am tasked with these things. I now have to document our physical environment in a server room that has had three previous engineers who did not document anything. Two firewalls (HA) and 8 switches with wires everywhere and nothing really labeled. ​ How the hell do I go about all of this? I have access to all the management consoles. What do I use to diagram? Are there any tips or tricks? What to consider? I guess just muscle through it and trace each wire? submitted by /u/xrscx [link] [comments]

You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States