Blogpost Friday! Networking |
- Blogpost Friday!
- All patch cables (from patch panel to switch in same two post rack, not to floor) cut by LV workers during a renovation project that required moving the network rack. Is this normal?
- What is it like to go from a network engineer to a manager?
- Moving from Cisco to Arista, any experiences?
- Security Events and what to do with them
- Need guidance on replacing Cisco SD WAN router (1121x-8p) with another.
- Cisco WLC 9800 CoA Vlan assignment from FreeRadius
- Imaging ports in an 802.1x closed mode environment
- [LFSwitch] Anyone have experience with blackbox networking, need -40C -> +40C POE+ 6-10 port switch with management
- How to advertise routes learned from Remote iBGP through eBGP
- Confusion on AnycastGateway in EVPN-VXLAN nework
- HA LAN Setup Across Datacenters
- [Design] redundant BGP internet help
- Looking for L2 switches for a large deployment
- Help advertising a default route with prepends to a BGP neighbor
- Nexus 7K/9K port mirror 802.1Q encapsulation
- Long distance LTE options
- HP Comware Switch - Aggregation with single interface?
- Need some help configuring a VPN using IKEV2 protocol
- Wildcard Mask Sanity Check
- Any ideas on why an Engenius ews860ap isn't working?
- Windows Domain Strange Issue
- Cumulus Linux Download Link/License Questions
- AWS VPN with VPG question
- Ethernet Local Managment Interface (E-LMI) MEF 16 on Customer Edge
- Simple NAT device
| Posted: 04 Nov 2021 05:00 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts. Feel free to submit your blog post and as well a nice description to this thread. Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it. [link] [comments]  |
| Posted: 04 Nov 2021 01:40 PM PDT The patch paneling is at the top of the two post rack in which we have two 48 port switches below with patch between. I understand cutting the cabling to the rack from the floor. I do not understand cutting all the patch from the panels to the switches. Their current explanation is that it was so the could leave the cable ends in the switch to prevent dust from getting in during renovation. I call BS. We've done this before and can simply unplug the cables if you need to remove the switches (which they were removed anyway after cutting the cables). If you're going to remove the switches you literally have any number of ways to prevent dust during reno getting in them. I'm of the opinion someone was trying to save a headache while removing the switches and simply cut them all and now they're backpedaling. [link] [comments]  |
| What is it like to go from a network engineer to a manager? Posted: 04 Nov 2021 06:18 AM PDT I've been an network engineer for many years and am at a point where I don't see much room to advance without getting into management. I saw a management job open up which I think I'll apply for even though I really have no management experience. I guess in most people's career you reach a point where you have to say "Do I switch over to management or just keep doing this the rest of my life?" Anybody want to share your experience with this situation? [link] [comments]  |
| Moving from Cisco to Arista, any experiences? Posted: 04 Nov 2021 10:11 AM PDT We have a new management team at work, and they would like for us to migrate from Cisco to Arista for our networking's core (layer 3 leaf/spine setup) in order to save on operating costs. Does anyone have experience with similar migrations? Any gotchas we should be wary of? Any general thoughts on Arista vs Cisco? Thanks in advance! [link] [comments]  |
| Security Events and what to do with them Posted: 04 Nov 2021 06:40 AM PDT I'm going to start with saying maybe this is a really stupid question, or maybe there are alot of people who are just getting into things like FMC and AMP and all these new security suites and bells and wqhistles (not necessarily on my own accord). so i have them setup. they do stuff. they occaisionally go off and tell me things. What happens next. for example, i use FMC and AMP (Secure Endpoint) from Cisco. Both don't appear to have any real tools to tell you what an event was, did, if it was successful, sometimes it says it's blocked. etc. do just what are we supposed to do with the plethora of information these systems provide if there are no clear cut remedy options offered through the tools themselves, and i struggle ot make sense of the analysis features as it just looks like random useless information nonspecific to if i have an issue i need to fix or not. Again, maybe this is a stupid question, but i seriously wonder HOW you're supposed to use these things to the best of their capabilities. it seems like they should do more than just list you a ton of information, and occasionally block something from happening. [link] [comments]  |
| Need guidance on replacing Cisco SD WAN router (1121x-8p) with another. Posted: 04 Nov 2021 02:11 PM PDT Took over a shop that uses Cisco SD-WAN managed through VManage templates. We had a router go south that needs replacing. Can someone please tell me if my plan will work? I was given almost no documentation on their processes so I've managed to pull together these steps from the cisco docs I read through (links below). 1.) Generate bootstrap configuration file from the existing router in vmanage and copy it over to the flash of the new router 2.) Take down old router and invalidate its certificate in Vmanage 3.) Bring up new router and make sure that it loads the configuration from the bootstrap file properly. 4.) Validate the certificate for new router inside Vmanage. At this point I'm thinking it should be manageable by VManage. [link] [comments]  |
| Cisco WLC 9800 CoA Vlan assignment from FreeRadius Posted: 04 Nov 2021 04:26 PM PDT Hello, I am attempting to set up a Freeradius server using daloradius gui. Ive got the basics setup and auth is fine to my juniper switch, and router, etc so the last part is getting my WLAN users to auth through it. Currently everything is pointing to an Aruba Clearpass server however, im tired of applying new eval licenses ever 180 days. Has anybody been able to get this type of setup working? It worked using clearpass just by sending: Tunnel-Private-Group-Id = WLAN-VLAN-2 I set up the same attribute in freeradius and its authenticating but the vlan assignment is hitting my default vlan. Tunnel-Type = VLAN Tunnel-Medium-Type = 802 Tunnel-Private-Group-Id = WLAN-VLAN-2 Did a packet capture on the WLC and it all goes through but still no vlan assignment. I have tried with just the group id attribute, ive tried with just the vlan number instead of the name. The name is what worked with Clearpass. [link] [comments]  |
| Imaging ports in an 802.1x closed mode environment Posted: 04 Nov 2021 09:19 AM PDT I am researching different methods on how to support ports for imaging in a closed mode environment. I am curious how different organizations approach this and their experience in doing so. Some results that I've found:
Happy to learn how you've tackled this issue and the pros/cons that you may have ran into! [link] [comments]  |
| Posted: 04 Nov 2021 03:10 PM PDT As title states we have an environment where the switch will be exposed inside a non heated shed (and a cabinet right now is out of the question due to urgent need for the switch to keep production going). I saw this switch https://www.cdw.ca/product/black-box-industrial-extreme-temperature-switch-8-ports-managed-taa/5471411?pfm=srh which seems to check all the boxes, however I don't know anything about this brand. Our needs are basic
[link] [comments]  |
| How to advertise routes learned from Remote iBGP through eBGP Posted: 04 Nov 2021 09:49 AM PDT I have a customer, who uses the same BGP AS for all of their sites, which is 65002. These sites only have one neighbor and its the ISP, which is 65001. How is the ISP AS 65001 advertising routes learned from the HUB R1 to the other remotes R2 and R3. [link] [comments]  |
| Confusion on AnycastGateway in EVPN-VXLAN nework Posted: 04 Nov 2021 11:16 AM PDT Hello I'm confused about Anycast GW in an EVPN-VXLAN fabric. Do all leafs carrying the virtual GW IP should be able to ping a host belonging to the subnet? I'm wondering because in the test environement i have (based on Nexus), only the leaf carrying the host can ping (so the host is directly connected to that leaf). I we take that basic topology below, does LEAF2 can ping 192.168.1.1? Thanks [link] [comments]  |
| HA LAN Setup Across Datacenters Posted: 04 Nov 2021 12:18 PM PDT Hello Everyone, I need to wrap my head around some basic design and possibly choose routing protocols for a project. Basically we will have DC a and DC b which are connected together over a direct fiber link, with the intention that DC a will be primary site. DC b the backup site. At the WAN level failover between sites will be handled by BGP. My questions surround the lan side. I have two switches at each site and a fiber link connecting those switch pairs with a trunk between them. How do I go about setting up the Lan so that of site a goes down site b takes over in the same way almost like a mirrored config. What routing protocols should I use as well ospf or vrrp? Should I put all switches into a quad vrrp setup? I can provide any other details needed but I just wanted to throw something out to start. [link] [comments]  |
| [Design] redundant BGP internet help Posted: 04 Nov 2021 08:21 AM PDT I need a little BGP advice ..... So I have 2 routers peered with two different ISPS that serve up our internet IPs via an Asn. Behind those two routers are a few firewalls that cannot handle the entire BGP route table.... so I just need the firewalls to understand that both paths have a 0.0.0.0 route (that dynamically dies if 1 upstream provider or the other dies.) Currently the routers are bgp peered with the Firewalls and injecting a static 0.0.0.0 route via route map to the peers.... however I do not think this is dynamic in any way..... IE its going to inject 0.0.0.0 even if my Isp peer dies and the router cannot get to 0.0.0.0..... Example peering on RtR to the FW -
Should I just back down to statics on the firewalls and monitor the paths? [link] [comments]  |
| Looking for L2 switches for a large deployment Posted: 04 Nov 2021 06:02 AM PDT Hello! I am tasked with designing a network for a local hospital and I would like to ask your opinions on the best switch line-up for the job. I am looking for 3 different types of switches, preferably the same brand for usability. The first one would be tasked with the distribution to the other switches, It needs to have around 12 gigabit sfp ports. The second type should have 48 rj45 gigabit ports and a few sfp ports, this would connect to the patch panels. And the third type needs to be a smaller 8 or 16 port rj45 switch, managed, and preferably with a few poe ports Price is very much of a concern, I was looking into the Dell EMC line-up and it seemed perfect in other regards but the price was a bit high. All the switches need to be managed as there will be different VLANs for different uses. Cisco is not an option because many people would be working on this network and not everyone is familiar with their configuration. Thanks in advance [link] [comments]  |
| Help advertising a default route with prepends to a BGP neighbor Posted: 04 Nov 2021 11:49 AM PDT Any way I can advertise a default route to a specific neighbor with prepends? I have a private wireless carrier that we have multiple wireless devices on and we peer with them in 2 locations on Cisco ASRs. I have import and export route-maps with a default-originate setup in BGP. When I test this in my lab the export route-map that has the AS prepends and ip prefix-list permit for 0.0.0.0 doesn't seem to be sending the prepends across. It appears the default-originate is it's own special thing and wont add the prepends even if there is a route-map setup to do it. [link] [comments]  |
| Nexus 7K/9K port mirror 802.1Q encapsulation Posted: 04 Nov 2021 07:25 AM PDT Hi All, I have a recurring issue with a few clients who use Nexus 7K/9K switches. The aim is to see VLAN tags in a port mirroring session. On catalyst switches you simply enable 802.1Q encapsulation when setting up the mirroring port, but that command no longer exists on nexus switches. I was told u can see them when you mirror by VLAN, but Nexus switches have a limit of 32 VLANS when mirroring. I've gone to Cisco TAC and they said it's not possible. Just wanted to put it in the ether to see if anyone has managed to send VLAN tags in a port mirroring session when using Nexus 7K/9K switches and if so, how please? Thank you! [link] [comments]  |
| Posted: 04 Nov 2021 06:10 AM PDT Hey all, Anyone have experience with LTE and long distance? Specifically if the LTE tower is about 10 miles away. I assume directional antennas are good approach, anyone tried this before? Is 10 miles too far? What vendors would you recommend? Thank you! edit: forgot to say I do have direct visibility, sorry about that. [link] [comments]  |
| HP Comware Switch - Aggregation with single interface? Posted: 04 Nov 2021 10:57 AM PDT Question to the layer 2 experts. Knocked one of our core switches out by adding a single interface to a vlan. After adding the interface to the vlan the switch stopped operating instantly. After rebooting I checked the config and saw that this interface is the single member of an aggregation. I think this doesn't make any sense… could the different vlan membership of aggregation and interface the reason of the error? [link] [comments]  |
| Need some help configuring a VPN using IKEV2 protocol Posted: 04 Nov 2021 02:08 AM PDT Hello! I need some help configuring a VPN. I'm really new to networking / virtual networks so please bear with me. We have a relatively small network using an Ubiquiti US-24-250W switch and a server running VMs. I want to configure a client using Ikev2 protocol but the authentication fails. This is where I'm at a loss. Our provider reports that on their side of the VPN tunnel the packets are coming with a source IP address of a local client (VM) instead of our global static IP that we provided. Could it be configured a way that the packets are encrypted with the correct IP and routed internally to and from a random client? Or we just give the wrong IP to our provider? [link] [comments]  |
| Posted: 04 Nov 2021 01:31 PM PDT Hi all, I'm trying to permit GRE traffic to two IPs:
I believe this would be a valid ACL entry:
I believe that mask which is the following in binary means that we don't care about the least significant bit of the second octet (source)
Can anyone give me a sanity check on this? You don't see this configuration much because most people would just do two ACL entries but I'm super tight on TCAM and have to be very precise in what I allow. Thanks! [link] [comments]  |
| Any ideas on why an Engenius ews860ap isn't working? Posted: 04 Nov 2021 09:34 AM PDT I can't figure this one out and figured I'd post. I've opened a ticket with the vendor through thier site, and there is no activity on the ticket for a full month now. In my opinion, that is not really acceptable, so here I am digging to find solutions. I've come up empty handed so far. At work, for outdoor events, we have an Engenius Ews860ap. It was configured and working well over a year ago in a public park for an event. After said event (pre-covid), we simply unplugged the PoE injector as outdoor WiFi was not needed and there was no point broadcasting a SSID. Now about 1.5 years after its last use, the device itself still looks brand new, but for whatever reason, it will not work. The AP only displays a green 'Power On' LED light and the PoE injector has a red led light on indicating there is power. Plugging the device into a switch and attempting to connect to it via an IP address is unsuccessful. The device is unseen on the network and the port on our managed switches indicate that the link is down. We've tried multiple switches and ethernet cables, but believe now that the problem is with the actual AP hardware or PoE injector. We tried plugging it into a PoE port on one of our switches, but there, we only get the green power LED and nothing more. Is this AP just broken? Is it salvageable? Does anyone have any suggestions on how to troubleshoot or fix it? Thanks for any replies in advance! [link] [comments]  |
| Posted: 04 Nov 2021 06:23 AM PDT Hello, Recently at the company that I work at we have undergone a network redesign to modernize hardware and implement redundancy. One of the issues we have faced has been a connection between our windows domain controller and the 2 clients that connect to it. The 2 client machines were moved from the firewall down to the router level and the domain controller remained at the dmz level on the firewall. All of the machines can ping one another and the domain controller can see the 2 client machines, however the 2 client machines cannot communicate on the domain level. Anybody have any obvious ideas that I happen to be missing? Thank you for any help you provide. [link] [comments]  |
| Cumulus Linux Download Link/License Questions Posted: 04 Nov 2021 06:14 AM PDT So I recently bought a used/older Quanta T3048-ly9 switch that is running Cumulus Linux. When I first scoped this out I did some quick research and found that Cumulus used to be free to try (download an actual image for bare metal)/somewhat affordable, but was recently acquired by NVIDIA. The original Cumulus Linux is what I based my buying decision on. It looks like I made a mistake by not researching this enough. NVIDIA's ownership seems to have really tanked this product. The multiple webpages are also a complete mess. Between having to go Mellanox, the old Cumulus site, and NVIDIA itself for various pieces of information, its crazy. So I guess I have two questions here, the first and right now most important, is there anywhere to even download legacy Cumulus Linux anymore (pre 4.1)? I tried to register an account with Mellanox and go to the download page as stated in their documentation for Cumulus, but I get a page error. I emailed them asking about a download link and I got a generic automated message saying they cant validate that I'm a customer. I'm just looking for the img/bin file here. The second question, are there any reasonable license options for Cumulus now that its owned by NVIDIA? Ideally a few hundred dollars to get a perpetual basic license. The only thing I need to use on this is VLAN trunking and VLAN assignments to ports (I only bought this switch for the 48x 10Gbe ports). I did see some mentions of ONL, but there is almost no documentation for this and I would prefer to not use it unless I absolutely have to. Any suggestions would be greatly appreciated. Thanks and take care. [link] [comments]  |
| Posted: 04 Nov 2021 02:27 AM PDT I am a developer that got stuck with a task of solving this, and this is as far as I got. I am still struggling with terminology, but here is my best attempt at explaining the issue. I have an AWS VPN with static routes connection with customer established, both tunnels are up. I can as well ping few IP's on their part of the network. And they can ping my EC2 instance on my side. However, the customer want to be able to ping IP's inside the VPN tunnel, my guess is for monitoring, but that does not work:
Any idea what in AWS is blocking it? NACL allows all from 0.0.0.0/0 inbound and outbound. There is no firewall. Please point me in the right direction! [link] [comments]  |
| Ethernet Local Managment Interface (E-LMI) MEF 16 on Customer Edge Posted: 04 Nov 2021 08:18 AM PDT Hello. Does anyone knows a device that supports this protocol (E-LMI) on the side of the customer (CE)? All I can find is that Cisco and Juniper support only PE (Provider Edge) side, but nothing about the CE side. [link] [comments]  |
| Posted: 04 Nov 2021 05:11 AM PDT We have a very old piece of equipment that has an static IP that cannot be changed. We want to put it on our network but have a different IP. Is there a simple NAT device that can go in between the equipment and the network that changes its IP. I know routers can do this, just wondering if there was a specific device. Thanks. FYI I'm not a networking expert! [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment