Blogpost Friday! Networking

---

• Blogpost Friday!
• TCP Retransmits and wierd ACKing bottlenecking w/o packetloss
• EHWIC-4G-LTE-V on Verizon for home use
• Having a hard time passing credentials to proxy server for PIP and my IDE
• Arista -- setting up several multicast groups with different rendezvous point addresses
• IKE Phase 1 Error 4021 on Juniper SRX
• 60 second time out, linux gw -> hyper-v virtual switch
• Philosophy on right-sizing a Cloud DC / ISP PoP
• Help! Need to rewrite source address on Cisco ISR 1841
• ISP or Microsoft Teams Issue? | RST Packet Seen but from different TTL Value | TLSV Handshake Failure?
• mac address table constantly adding/removing devices every few minutes
• Cisco WLC - Flexconnect AP's - Airplay/screenshare
• Have any of you built virtual labs for training other teams? How?
• cross platform or vendor agnostic port security
• EVE-NG Aruba CX and Nexus9k virtuals ACLs not working
• Industrial Enterprise OT/IT
• routing drops to single site across wan link
• Microhard Bullet LTE - SMS Forwarding to Local Network?
• Fortinet WebFilter services down?
• Looking for Sonicwall 7th Gen devices' maximum configurable number of DHCP leases
• Stuck in a Network Innovations Department Manager; No Idea What These People Should Do
• Comcast supervisor lying about troubleshooting policy?
• Recommendations for a stackable 25gbe switch

Blogpost Friday! Posted: 02 Sep 2021 05:00 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts. Feel free to submit your blog post and as well a nice description to this thread. Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it. submitted by /u/AutoModerator [link] [comments]

TCP Retransmits and wierd ACKing bottlenecking w/o packetloss Posted: 03 Sep 2021 06:28 AM PDT Hi! Relevant image from wireshark capture at client: https://zerobin.no/?659ba3fb227ee99d#GHWgarZnReicdZWGb75R9CumYD5GbtQAbv2mog1wChzn (3 segments recieved at the same time, 1st segment re-transmitted 0.02s later and just after the client ACKs the three first segments) We're struggling with a machine "here and there" in our ~1000 machine network where suddenly connections to servers are dropped from ~850Mbps down til 2.5Mbps. This happens -within session-, it can be SQL-requiring application, SQL-performancetesting, SMB and iPerf - anything, really. If we have to computers simultaniously transferring data from a server, both located at the same place in the network, one can struggle, and one can be fine. The next day it's opposit. This happens at any of our ~100 directly fiber-connected sites towards our DC. The DC has 4 ESX hosts, and different switches, none which seems to have any problem and the issue can arise on whichever server. I'm also sure we've managed to get for instance 2.5Mbps on the iperf while at the same time 850Mbps in SQL performance tester - same client<->server, at the same time! We seem to have drilled it down to the above linked image. Everything works well, until suddenly TCP ACK's from the client is delayed by 20ms as opposed to the normal ~0.1ms (as seen on client capture), at which time the server has already started re-sending segments (see TCP Duplicate-package). When this first starts happening, it happens a lot that day for that client, but may be fine again the next day, while another machine gets the problem. The 10.82.66.16 is the client in this case, and 10.82.24.115 is the server. A full capture of the stream as seen by the client can be downloaded here: https://dropmefiles.com/QJ1ZA (never used that service before, but seems legit). Stream from FW and server looks the same, but I no longer have the files :| We don't expirence any other problems really, we have low jitter and practically no packet loss with pingflood/UDP-iperf. We did try to set the TcpAckFrequency to 1 which temporarily did actually for some reason help, although we also see the problem with UDP. It works when the client is on WiFi, APs connected to the same switches. There's no dropped packets on switches, firewall or router. We've tried not offloading the sessions in the firewall as well, but it really doesn't seem to make any difference, and the captures done at the server, FW and client simultanously are quite identical. On all three, we see the problem arise when the client waits those magic 0.02s before ACKing and the server starts retransmitting frames. ​ Hopefully someone can help, this is a true headache... submitted by /u/Roy-Lisbeth [link] [comments]

EHWIC-4G-LTE-V on Verizon for home use Posted: 03 Sep 2021 02:08 PM PDT Have any of you managed to setup this Cisco(Verizon-LTE MC7750) card with a prepaid data plan? When I try to activate this card on their prepaid website, I get this message after typing IMEI: "The phone associated with the Device ID you entered is not compatible with the Verizon Wireless network" I tried the procedure on my existing cell phone service using the "Change Device" option. This is what I get when IMEI is entered: "We're Sorry! Unfortunately, we are unable to complete this request. You will not be able to change your device online at this time. Please call 888-294-6804 for further assistance." My equipment is Cisco 1921 + EHWIC-4G-LTE-V The signal is strong and the SIM card registers to the network without any problem. Router#show cellular 0/0/0 network Current System Time = Sun Aug 29 17:53:32 2021 Current Service Status = Normal Current Service = Packet switched Current Roaming Status = Home Network Selection Mode = Automatic Network = VZW Mobile Country Code (MCC) = 311 Mobile Network Code (MNC) = 480 Packet switch domain(PS) state = Attached Registration state(EMM) = Registered EMM Sub State = Normal Service ​ Router#show cellular 0/0/0 radio Radio power mode = ON LTE Rx Channel Number = 3230 LTE Tx Channel Number = 23530 LTE Band = 13 LTE Bandwidth = 10 MHz Current RSSI = -56 dBm Current RSRP = -84 dBm Current RSRQ = -11 dB Current SNR = 8.8 dB Radio Access Technology(RAT) Preference = LTE Radio Access Technology(RAT) Selected = LTE submitted by /u/netwaffe [link] [comments]

Having a hard time passing credentials to proxy server for PIP and my IDE Posted: 03 Sep 2021 06:32 AM PDT Hello, ​ I have been struggling to solve this problem all week. Essentially I have been unable to pass proxy authentication so I can add/ update modules for PIP and other things. I've tried statically setting my proxy credentials through Windows command from the CLI and adding credentials to the command itself to pass them through the proxy server. ​ python -m pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org --proxy http://USERNAME:PASSWORD@PROXYHTTPADDRESS:PORT --PIPCOMMAND OR MODULE ​ The error codes being kicked out in Splunk and on command line are: 407 TCP_DENIED_CONNECT authentication_failed DENIED ​ (I know we can utilize a bypass but I really want to figure out why this is happening) submitted by /u/onequestion1168 [link] [comments]

Arista -- setting up several multicast groups with different rendezvous point addresses Posted: 03 Sep 2021 12:03 PM PDT I am trying to set up an Arista DCS-7048T to listen to two different sets of multicast groups that have different rendezvous point addresses, all over one physical link. These are the commands I have tried so far. Note the addresses have been anonymized. ip access-list standard WAN_1 10 permit 239.0.0.0/24 20 permit 239.0.1.0/24 30 deny any ip access-list standard WAN_2 10 permit 239.0.2.0/24 20 permit 239.0.3.0/24 30 deny any ip pim rp-address 192.168.0.1 access-list WAN_1 override ip pim rp-address 192.168.0.2 access-list WAN_2 override This doesn't work, joining the groups on a machine connected to the switch causes no packets to be received. Setting up one set of groups individually, with one RP, works. Sorry if this question is vague or doesn't make sense. Here is more info about the switch: Arista DCS-7048T-A-R Hardware version: 01.05 Deviations: Serial number: xxxxx System MAC address: yyyyy Software image version: 4.9.7 Architecture: i386 Internal build version: 4.9.7-1070657.EOS497 Internal build ID: 7517c179-ca6d-4e31-b0b0-bb2edfa04c58 submitted by /u/jtyson1991 [link] [comments]

IKE Phase 1 Error 4021 on Juniper SRX Posted: 03 Sep 2021 11:07 AM PDT I am configuring a remote access VPN on an SRX320 and when I test with the NCP client I am getting an error 4021 cannot contact gateway. I am not seeing what the issue is and if someone here is available to assist I will happily provide my config. submitted by /u/xeynx [link] [comments]

60 second time out, linux gw -> hyper-v virtual switch Posted: 03 Sep 2021 10:03 AM PDT I think I've got one worthy of your expertise dear reader. Thank you for taking the time to assist. My lan is 192.168.1.* Created an 'internal' virtual switch on Hyper-v as 192.168.100.* using: New-VMSwitch -SwitchName "k-dev" -SwitchType InternalNew-NetIPAddress -IPAddress 192.168.100.1 -PrefixLength 24 -InterfaceAlias "vEthernet (k-dev)" (this seems like it wouldn't be required but it doesn't work without it, even though I'm not using this ip) Next, created 6 linux vms using the virtual switch: - On 5 of them I set the gateway to 192.168.100.10 - On 1 I set the ip to 192.168.100.10 & erased the default gw, next I added a second nic connected to my lan with ip 192.168.1.100 On the two nic system: - enabled ip_forward - disabled the firewall (not sure what to set so i can do this with a firewall, disabling is ok for now) In my DNS server I added A records with the 192.168.100.* addresses. In my lan router I added static routes to the 6 systems specifying 192.168.1.100 as the gateway ip. Now I can connect to all 6 systems from my local lan & systems on the virtual switch can connect to all systems on the local lan and also to the internet. Kerberos is fine, can ssh without password, all appears well. Here's the problem: When I ssh to the systems setup on hyper-v I get a 60 second timeout even if I am actively using the connection. What's happening? How to fix? Troubleshooting so far: I'm kind of at a loss with this one on what to look at to troubleshoot. I've been using ssh in my environment without issues or timeouts so I would say the client is configured correctly. I've attempted adjustments on tcpkeepalives but that doesn't appear to be the solution. I've considered that hyper-v might be blocking something for some reason. Tried disabling firewall on hyper-v host system, didn't help. Am hoping maybe I just forgot a step in this setup and one of you might see it immediately. I noticed a couple sysctl values with timeouts of 60s, I set those to 120 & applied, no change: - net.ipv4.tcp_fin_timeout=120 - net.ipv6.route.gc_timeout=120 submitted by /u/lord_karezza [link] [comments]

Philosophy on right-sizing a Cloud DC / ISP PoP Posted: 03 Sep 2021 05:17 AM PDT Dear sub, I am working with a cloud provider / internet service provider in the SME market. We are planning to build a new location and I am tasked with designing the new DC and ISP networks. At the moment I feel somewhat overwhelmed by the available options and looking for some guidance and seconds opinions. ​ Cornerstones of my though process on requirements: - The initial size with be about 4 racks and grow about to 10-20 racks in the next three years. - We are serving the SME market but require a somewhat enterprise-ish setup to achieve high uptime. - Growth comes in surges and is hard to plan ahead. So the network should be scalable and easy-to-understand. - The ISP network-side uses a distributed PoP design, every PoP has two core routers and varying numbers of routers for peering/access and the like. - Our existing DC locations have layer2 spine-leaf DC networks implemented, as it spans only a couple of racks. - A layer3 spine-leaf network is high on the wishlist though. - The DC network will host both VMware NSX with VXLAN as well as Openstack with VXLAN, where in both occations software VTEPs are used "within" the cloud environments. - There will be some 'traditional' workloads, to something like VXLAN on the physical network is required. - Budget is tight as always, so we are not even looking at Cisco, maybe at Arista/Juniper but more likely towards affordable vendors like FS.com and Mikrotik. ​ Now here's the struggle: The spine leaf network in itself will be rather small (2 spines, initially 8 leafs) and might grow into a 40-ish amount of leafs (2 per rack). Is it worth the 'overhead' going all L3, or on the other hand is it worth the 'risk' of building an L2 network (again)? Most L3 spine-leaf designs go eBGP all the way. Spines into one private ASN, leafs into another private ASN (or more). Can I / should I dual-use my beefy spine switches to also act as core routers in the ISP PoP? We carry only a small amount of routes internally. I sense trouble having both our public ASN and the private spine-ASN on the same boxes. Could be a management nightmare, even if technically possible. But it is appealing from a budget perspective. The latest and greates in L3 spine-leafs seems to be the introduction of EVPN. Does that make sense for a small deployment or should we stick with 'only' VXLAN? We do have access to two independent DC rooms at the new location and we can utilize racks in both DCs. Given the small footprint it seems a total overkill to build two completely independent networks in terms of required components. But spanning the spine-leaf network over both rooms bears a cost in the many required cross connects. I appreciate any thoughts and suggestions. I got a feeling to have driven into a mental corner on how to right-size this :-) submitted by /u/sbudde [link] [comments]

Help! Need to rewrite source address on Cisco ISR 1841 Posted: 03 Sep 2021 02:39 PM PDT I did something very dumb and missed configuration of a default gateway on printer at remote site connected over MPLS through a Cisco 1841. There are no computers at the remote site I can remote into and big boss needs to be able to print to that remotely next week. I am quite rusty on my Cisco (I would know how to do this in a snap on a SonicWall). Is there a way to rewrite the source address of my port 80 traffic to the printer to an address on the inside interface so the printer doesn't have to use a gateway? 10.x.y.z (server in datacenter) 10.a.b.c (outside MPLS interface of router) 10.g.h.1 (inside interface of router) 10.g.h.107 (stupid printer) Port 80 traffic destined to 10.g.h.107 gets intercepted by router and source rewritten to 10.g.h.1 and translated back out or port 80 to 10.a.b.c gets translated to 10.g.h.107 with source of 10.g.h.1 or something else? Thanks for you help!! submitted by /u/i40hawk [link] [comments]

ISP or Microsoft Teams Issue? | RST Packet Seen but from different TTL Value | TLSV Handshake Failure? Posted: 02 Sep 2021 09:39 PM PDT Hi All, Ran into an issue where we desk phones connecting to Microsoft teams failed to authenticate. We did several troubleshooting and comparisons to narrow down the issue. Key point below. -> We see that client is able to complete the TCP handshake -> Client able to send a "Client Hello" with TLS version 1.2 however no response from server and so it falls to TLSv1 record table. -> From the Microsoft team document both client and server should agree on TLS1.2 min. -> We are seeing RST packets from different shops From the picture depicted below. (Wireshark Capture on WAN router). a. RST was triggered from closer to our CE. about 3 hops away. b. RST was triggered from closer to Microsoft TTL value of 101 is Microsoft, TTL 100 is still unknown. The commonality is that the reset packet comes from the public space. PCAP: https://ibb.co/Ms96RNz Based on these captures, Is this actually an ISP or Microsoft issue? Does the ISP possibly handles Microsoft traffic differently as compared to other public destinations which can is working / can communicate using the latest TLV1.2/.3 Is this something on Microsoft end not allowing the client hello and not participating in TLS handshake? What approach in your opinion is best for this issue? should we go ask our ISP to route to a different path ? Thank you submitted by /u/1searching [link] [comments]

mac address table constantly adding/removing devices every few minutes Posted: 03 Sep 2021 09:26 AM PDT Has anyone seen this issue in particular with Cisco switches in L2 mode where the mac address table is constantly adding/removing devices, mainly just printers or ip phones, every few minutes? This is causing some huge issues with out dot1x as they keep having to re-register. As seen below this is some of the information:   Switch ver: 1 52 WS-C2960S-48TS-L 15.2(2a)E1 C2960S-UNIVERSALK9-M   Printer below over a period of 10 minutes (no sleep mode turned on): Operation: Deleted Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Added Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Deleted Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Added Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Deleted Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Added Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Deleted Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Added Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Deleted Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Added Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Deleted Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Added Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Deleted Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Added Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Deleted Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Added Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6 Operation: Deleted Vlan: 108 MAC Addr: 9c93.4eb7.1b5b Dot1dBasePort: 6   run commands: On the port: snmp trap mac-notification change added snmp trap mac-notification change removed   On the switch: mac address-table notification change interval 15 mac address-table notification change history-size 200 mac address-table notification change mac address-table aging-time 1000 submitted by /u/loxleynew [link] [comments]

Cisco WLC - Flexconnect AP's - Airplay/screenshare Posted: 03 Sep 2021 06:20 AM PDT Hi, I'm having a bit of an issue at the moment. We're running two different WLC's due to the fact that we have some locations which has older AP's still in use which are locally configured. The other (newer) WLC has flexconnect APs with local outbreak. ​ On the old locally configured WLC I managed to get airplay with screenshare working through mdns configuration, but that's not an option on a flexconnect network. Right now I'm at my wits end trying to figure this out. Anyone have any specific tips on setting up airplay and screenshare on a WLAN with flexconnect configured AP's? The switches all have igmp snooping enabled. The router I'm running is a Meraki MX68. Thanks in advance! submitted by /u/Ahoelinnone [link] [comments]

Have any of you built virtual labs for training other teams? How? Posted: 03 Sep 2021 01:45 AM PDT I work for a service provider (mix of cisco and juniper) and we'd like to start training 1st and 2nd level support teams on various technologies related to our company. (we mostly do MPLS and L2 stuff, with some L3 BGP). The dream is to have some kind of remote server with GNS3 or something where people can log into and load pre-built topologies with scenarios to train on (like ospf misconfigured or something like that). It would also be nice to have a sandbox mode where people can build their own topologies. If the topology gets really messed up, we can always blow it away and reset it. Does anyone have something like this? Does it handle layer 2 technologies ok? (I remember a while ago GNS3 had issues with L2 tech and you couldn't virtualize switches, not sure if that's still the case) submitted by /u/Prophet_60091_ [link] [comments]

cross platform or vendor agnostic port security Posted: 02 Sep 2021 06:09 PM PDT Looking at options for doing dynamic port security, currently looking at ISE and Clearpass. Are there any other options out there that can do a simple assessment on device connect like is this device AD joined to x domain, put on vlan #, if it's not ad joined but matches a list of approved mac addresses on the IOT list put on ## vlan, otherwise put it on ###vlan? ​ Environment is mixed but primarily cisco. submitted by /u/heathenyak [link] [comments]

EVE-NG Aruba CX and Nexus9k virtuals ACLs not working Posted: 02 Sep 2021 07:59 PM PDT Hey all racking my brain cause somethings not adding up here. tried doing IP ACL, VACL, IP port access groups and none of them are working. I even port a simple "deny ip any any" on a vlan-interface on a nexus9k virtual and it didnt stop a thing. anyone come across this? any idea of a valid method to make them work (or work around at least?) Even the 'switchport block multicast' command doesn't stop anything. ​ Is this just a limitation on EVE? maybe to do with the way it structures the virtual switching? submitted by /u/obscure_simpsons_ref [link] [comments]

Industrial Enterprise OT/IT Posted: 02 Sep 2021 10:59 PM PDT Are there any members of this community that work for an industrial enterprise that work with some operational technology? I will start a new job soon as an OT Network Engineer and I'm wondering if people have continued to pursue their CCNP and CCIE while in OT roles. I'm currently working on my ENCOR and plan to continue to do so. I'm just interested to know the different paths of OT that people have taken and also the balance between OT and IT for anyone that does both. submitted by /u/black_wolf_1990 [link] [comments]

routing drops to single site across wan link Posted: 02 Sep 2021 09:28 PM PDT I have two buildings (A & B) that connect to our network provider WAN via 10gb links. All other buildings (15+) connect via 1GB links. Network provider equipment is not seen by my equipment as being there, just my equipment. Simple static routes: ip route 10.1.0.0 255.255.0.0 172.16.1.1 (building A) ip route 10.2.0.0 255.255.0.0 172.16.1.2 (building B) ip route 10.3.0.0 255.255.0.0 172.16.1.3 (building C) and so on ​ Buildings A and B have static routes for all buildings, as they have servers/internet access that is provided to the other buildings. Buildings C+ have three static routes, one each for A & B networks, one for 0.0.0.0 to either A or B, depending on where I want the internet traffic to exit the network ​ Issue pops up between buildings A & B, the 10gb links. Buildings A & B lose the ability to directly talk to each other over their respective 10gb links. Buildings A & B could still talk to the other buildings that have 1GB links, still using their 10gb links. Building A could talk to building B if I routed the traffic through building C. ​ ​ ​ Rebooting the core switch at building B resolves the issue for 15/25 or so hours. The switch was originally up for 80+ days. No config/firmware changes made to either switch at building A or B in the weeks prior New site/link added to network provider wan in late June without issue ​ Nothing jumps out in the event logs of the core switch at Buildings A and Buildings B. Basicaly nothing logged on either side prior to the random loss of connection. These switches are different, but the current config has been in place for over 12 months with this network provider, and the switches have been in place for some 8 years or more. Building A = Dell PowerConnect 8000 series, aka Force N4000 series Building B = HP 5406zl ​ I had a second Dell switch at building A as a spare. moved it to building B... setup WAN port like the HP 5406 was. swap fiber from 5406, 10gb link comes up/connected. ping 10.1.0.1 or 172.16.1.1 - fails ping 10.3.0.1 or 172.16.1.3 - GOOD..no drops. like WTF???? switch fiber back to 5406... ping [10.1.0.1/172.16.1.1](https://10.1.0.1/172.16.1.1) \- GOOD... no drops switch back to Dell...failure occurs.. network provider says nothing has changed with their config/equipment. Just waiting for the connection loss to occur tomorrow sometime, just like every day this week. I'll provide configs if desired when I go back in the morning. any thoughts? submitted by /u/TheShootDawg [link] [comments]

Microhard Bullet LTE - SMS Forwarding to Local Network? Posted: 02 Sep 2021 09:20 PM PDT We have a Microhard Bullet LTE deployed on a remote site. Able to SSH into the device and read SMS messages, send SMS messages, etc. But the commands seem rather limited (e.g. it's like your typical Linux commands are disabled). Our intent is to be able to issue custom commands/payloads to the device via SMS which it can then forward to specific host names which are DHCP'd on a 12 hour cycle. It is desirable to do this via SMS because it is quickly performed while operators are on the road. Just wondering if anyone has any ideas or work arounds for how to achieve this. The only thing I can really think of (with my limited experience) is to get a bash script going on a separate machine on the network which will SSH into the device, read the most recent message, and then relay accordingly. Although my intuition tells me this is inefficient, despite being simple. submitted by /u/murphinate [link] [comments]

Fortinet WebFilter services down? Posted: 03 Sep 2021 02:21 AM PDT Hi everyone. Last night a user on my network reported to me that he could not browse the internet. I check and in fact google search worked but every web page was then blocked by the webfilter. So I investigated on the Fortigate and noticed (by going to System> Fortiguard) that the WebFilter and AntiSpam services were down. After a few hours they came back up on their own. I just contacted fortinet to try to have a confirm from them if there were any problems on their servers but they told me that for now they have not noticed any problems on their side. Everything else (connectivity and various services on our side) worked perfectly, I checked. What can I do? Did anyone else have the same problem last night? It happened around 6PM CEST on September 2nd. If needed, the Firewall is in Europe. submitted by /u/L34ndrix [link] [comments]

Looking for Sonicwall 7th Gen devices' maximum configurable number of DHCP leases Posted: 03 Sep 2021 01:50 AM PDT Gen 6 Sonicwalls have a limit on the maximum DHCP leases that you can configure based on the spec of the device: http://help.sonicwall.com/help/sw/eng/6700/26/2/4/content/Network_DHCP_Server.042.02.html Have theses limit changed in SonicOS 7 devices? I can't find any info on the TZx70 range or the NSa x700 range. Does anyone have some secret documentation?! or have a 7th gen device and is willing to test for me? Thanks in advance submitted by /u/dystopian_dream [link] [comments]

Stuck in a Network Innovations Department Manager; No Idea What These People Should Do Posted: 03 Sep 2021 02:25 AM PDT Well, got stuck in charge of a network innovation team. My tech credentials: high level, night non-existent. Was put in charge because I'm a good project manager. And previous technical people proved to be horrible at managing projects. So here I am -- yay... My team appears competent, but they focus on small tasks and have no larger ideas. So I'll just ask (because I don't care what people say, Reddit is probably the best invention ever): Does anyone have any simple ideas to improve enterprise networking? At this point, not a lot of money, so Cisco programs and router refreshes are off the table. Does Reddit have any simple, low-cost suggestions I can put this team on? At this point, all valid ideas are welcomed. Thanks, Reddit, because at this point I'm phucked, yo. submitted by /u/LostLikeBillMurray [link] [comments]

Comcast supervisor lying about troubleshooting policy? Posted: 02 Sep 2021 06:29 PM PDT This is what a comcast business technical operations supervisor told me in regards to my request the a technician plug their laptop into THEIR modem and configure THEIR static public IP they provide and verify internet connectivity. Anyone ever heard this? They aren't allowed to fully troubleshoot the services they provide? "As I have said before we do not connect to the static IP directly. However tomorrow I will have a tech onsite with my computer to check the static. He will enter your Static IP 50.215.29.85 into my NIC and ping 8.8.8.8 for 5-10 minutes, after which he will delete them and return my computer. I will update you on those findings ASAP. Going forward we will not be trouble shooting anything outside the scoop of our normal Comcast policies." submitted by /u/LarrBearLV [link] [comments]

Recommendations for a stackable 25gbe switch Posted: 02 Sep 2021 04:17 PM PDT Hey guys, Any suggestion to replace a core in a fairly small network. Requirements are really quite simple: Stackable with 2 units* 48 ports of 25gbe sfp28 ports on each unit Very basic L3 routing - basically intervlan (about ~100 vlans) routing and OSPF to upstream routers Dual PSUs in each switch Currently there is a pair of Dell/Force10 S4810 switches doing the job quite happily but we need to bump the speed from 10gb to 25gbe. Before that a pair of 1gb EX4200's was used. *A stack is desired because there is a significant number of /27 VLANs that have their gateway IP residing on the core. There is no room in the subnets to shift to a VRRP type setup. Stack seems to be the simplest way to achieve the gateway IP floating between two different physical switches in the core. Open to suggestions of how to do it better though! submitted by /u/SykoticNZ [link] [comments]

You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States