Major Comcast Outage Networking

---

• Major Comcast Outage
• Arista 7050SX3-48YC12 or 7050SX3-48YC8
• Alcatel OmniSwitch 9702: NI module stuck in Operational Status: Down
• Username and Password on Clearpass OnGuard agent
• MPLS LSP selection
• Multiple Active DC Design - is it wise to run BGP between your border leaf and border gateway which are different pairs of firewalls?
• VyOS routing performance issue
• WIRELESS LAN CONTROLLER INFORMATION
• WIRELESS LAN CONTROLLER WLC INFORMATION
• Fcs errors
• CCIE Cisco Modeling Lab (virl) topology
• Port forward issues with ASA 5506
• Wireshark - Filter by MAC address
• Traffic on unusual port
• Is it bad to run 2 NICs to the same switch?
• Stacked switches - what happens if I lose just a port
• Dynamic routing using BGP with Cisco Nexus
• Nat was supposed to be dynamic not static
• Tool for config backups and mass config changes / Any recommendations?
• Cisco ISE Posture - ASA VPN
• Cisco Stateful Interchassis Redundancy can data and control be the same interface?
• Spent 20 hours troubleshooting this very bizarre network issue on church streaming PC
• Help! Multi-site/multi-location offices

Major Comcast Outage Posted: 09 Nov 2021 05:25 AM PST I'm seeing cable and fiber down across all my customers nationwide submitted by /u/trippinwontnothard [link] [comments]

Arista 7050SX3-48YC12 or 7050SX3-48YC8 Posted: 09 Nov 2021 01:43 PM PST I am looking for a pair of switches that can meet the following requirements: SFP / SFP28 ports - Looking to use those ports for 10Gb copper using sfp transceivers that let me plug in a copper cable. - 25Gb using sfp28 (fiber). - Good amount of uplink ports prefer 6-8. I was looking at HPE FlexFabric 5950 48SFP28 8QSFP28 Switch, but I don't see any 10Gb copper transceivers. Just 1Gb and DAC available. I saw Aruba has JL624A Aruba 8325-48Y8C 48 x 25Gb ports (SFP/+/28), 8 x 100Gb ports (QSFP+/28), but I am trying to avoid this unit because of how hard it is to get 3rd party transceivers. I know my company will not want to pay over 1k per transceiver. There are 2 switches that Arista offer that can do that: 7050SX3-48YC12 or 7050SX3-48YC8. I don't have anyone that I trust to resell. If anyone has any vendors with the switches available? submitted by /u/sp00bs [link] [comments]

Alcatel OmniSwitch 9702: NI module stuck in Operational Status: Down Posted: 09 Nov 2021 10:47 AM PST I've search the forums and couldn't find an existing resolution.... Our OmniSwitch 9702E NI-1 is stuck in "operational status - down". We only have 1 NI and 1 CMM. Because of this error, no ports appear under "show interfaces" and thus we are unable to add VLANS to interfaces and etc.... >show module status CMM-A Admin-status - POWER ON Operational status - UP NI-5 Admin-status - POWER ON Operational status - DOWN Getting the following errors in logs: INTERFACE - info - Excessive wait for connection to NI 1 NISUP HSM-CHASSIS - info - ==HSM == NiNsmT1: NI state rcvd (sl: 1), MsgFlag: 3 Local T.O. Flag: 0 HSM-CHASSIS - info - ==HSM == NI down rcvd from App 6 for slot: 1, ResetMode: 3 HSM-CHASSIS - info - ==HSM == Clearing Takeover Flag from NI CTX HSM-CHASSIS - info - ==HSM == NI (1) down received (from: Appid: 6), Power Off NI HSM-CHASSIS - info - ==HSM == Power off NI niSlot=1 IPC-DIAG - info - ipctPipeReceived: PICT_CLOSE_CONNECTION slot 1 INTERFACE - info - esmHandleNIBootUpFailure() NI 1, err 0 INTERFACE - info - NIs are ready INTERFACE - info - Warning date could be changed, kindly set date if needed REMOTE_CONFIG - error - Invalid state: 2 event: 1 SYSTEM - info - i2cNiBoardReset: task tCS_HSM slot ` device 0x70 state 0 data 0xff HSM-CHASSIS - info - ==HSM == NI 1 has been reset... HSM-CHASSIS - warning - ==HSM == Skip NI (1) Power ON due to HSM-CHASSIS - warning - ==HSM == ....Admin Power Off HSM-CHASSIS - info - ==HSM == csHsmUtilNiCtxBrdSend() nsm CS_HSM_NSM_ST_OP, poweroff 0 NI1 VLAN - info - CS_NI_DOWN/CS_NI_Notpresent msg Rx for slot 1 GM - info - NI-down_1 System info: show microcode: Jbase - 6.4.3.884.R01 Jadvrout- 6.4.3.884.R01 Jos- 6.4.3.884.R01 Jeni- 6.4.3.884.R01 Jsecu- 6.4.3.884.R01 Jencrypt- 6.4.3.884.R01 Jdiag- 6.4.3.548.R01 show hardware: uboot Ver - 6.4.3.479.R01 uboot-miniboot ver - 6.4.3.479.R01 Please let me know if I could provide any additional details. Thank you submitted by /u/Successful-Contest46 [link] [comments]

Username and Password on Clearpass OnGuard agent Posted: 09 Nov 2021 10:29 AM PST After installing Clearpass OnGuard agent on a device, it asks for username and password credentials. Are these credentials validated against active directory (basically the same ones used for employee login) or is this a unique username/password specific for OnGuard submitted by /u/Pro_network17 [link] [comments]

MPLS LSP selection Posted: 09 Nov 2021 08:13 AM PST This is probably a very basic question but im having or perhaps missing something here in my studies. The org that i am working for is running its own MPLS environment. I understand the theory of MPLS, EROs , etc. What I am not understanding is the following: There are multiple LSPs built to the same egress router. Each LSP follows the same strict path. Why not just use one LSP? There are 2x physical circuits between MPLS routers. Each circuit is being used. This is the big question for me which is, how is some traffic being directed over one circuit vs the other. Background, one circuit is used for heavy UDP traffic and the other is for general purposes so there is some traffic engineering going on to dictate which circuit and which LSP to be used. submitted by /u/mpmoore69 [link] [comments]

Multiple Active DC Design - is it wise to run BGP between your border leaf and border gateway which are different pairs of firewalls? Posted: 09 Nov 2021 03:18 AM PST Hi folks, I am reading up on some design documents in order to cater for Active/Active DCs model, which relies heavily on leaf/spine fabrics with MP-BGP EVPN as a control plane overlay (and VXLAN as data plane). The idea is to span L2 when needed, over IP fabric, without actually spanning VLANs across DCs. There is an idea for advertising host routes (/32 and /128) into IGP and/or BGP peering with the border gateway, in order for better control of the ingress traffic. However, most guide just mentions the concept but without the actual consideration for real-world device performance. I am thinking of a design where my border leafs at each DC would peer BGP with perimeter firewalls, since with BGP I can use lots of attributes for better control and conquer. The perimeter firewalls then can advertise summary routes if needed. IGP is giving me quite a headache in calculating costs, and there are still cases that I am concerned with asymmetric routing (since these are all stateful firewalls). So, have you ever thought of or designed your data centres in such way, and do you have any experience to share with this poor guy? Do you have performance and convergence issues with BGP running on firewalls? P.s: Please bear in mind that when I refer to those perimeter firewalls, I did not limit it to Internet DMZ firewalls only, but to a modular design where between each module (WAN-to-ServerFarm, HO-to-ServerFarm) would have different firewalls in between. submitted by /u/IrvineADCarry [link] [comments]

VyOS routing performance issue Posted: 09 Nov 2021 09:01 AM PST Dear experts! Im facing some performance issue with VyOS 1.4 rolling version. My topology is simple as follow: VM1 - VyOS1 - VyOS2 - VM2 All VM are deployed in Openstack with vNIC. The link between each VM can handle over 10Gbps via iperf. VyOS1 and VyOS2 running BGP peering session in control plane and VXLAN in data plane (AKA EVPN). The issue here that when I do iperf between VM1 and VM2, the throughput only get around 400Mbps, which is too low. Even if I turned off VXLAN and running purely BGP routing, iperf between VM1 and VM2 get 3Gbps, which is no where near 10Gbps capacity. I dont see any CPU/RAM overload. Is this normal? anyone goes VyOS with this scenario? submitted by /u/hoainam1512 [link] [comments]

WIRELESS LAN CONTROLLER INFORMATION Posted: 09 Nov 2021 03:44 PM PST WIRELESS LAN CONTROLLER the wlan controller provides wireless connectivity without the lightweight ap? I ask this because in my work they told me to create some vlan in the switch I have several vlans created and configured but I would like to know if I can create vlan in the wlc without the thin aps and put the port that goes to the wlc in trunk to be able to use dot1q encapsulation to communicate the vlan submitted by /u/luispolanco012 [link] [comments]

WIRELESS LAN CONTROLLER WLC INFORMATION Posted: 09 Nov 2021 03:41 PM PST the wlan controller provides wireless connectivity without the lightweight ap? I ask this because in my work they told me to create some vlan in the switch I have several vlans created and configured but I would like to know if I can create vlan in the wlc without the thin aps and put the port that goes to the wlc in trunk to be able to use dot1q encapsulation to communicate the vlan submitted by /u/luispolanco012 [link] [comments]

Fcs errors Posted: 09 Nov 2021 03:19 PM PST I just work help desk for a rather large enterprise. Anyway I had a call today that an a user that seemed rather knowledgeable was receiving an fcs error on a switch that she accessed using putty. I normally just do proxy troubleshooting so i didn't know what an fcs error was. But the technician group I forwarded this ticket said they could ping both switches. But the user said the network was so slow it wasn't useable.Anyway my questions is after reading about fcs errors, Could this be caused by a duplex mismatch or a bad port. And how would the technician still be able to ping both switches assuming one switch is down stream? submitted by /u/corn_debator [link] [comments]

CCIE Cisco Modeling Lab (virl) topology Posted: 09 Nov 2021 02:52 PM PST I am looking to see if there is a good topology to download or use for cml virl, for the ccie enterprise infrastructure. I have a ine subscription, but they don't seem to have it either. submitted by /u/RestinRIP1990 [link] [comments]

Port forward issues with ASA 5506 Posted: 09 Nov 2021 01:56 PM PST Evening, I am trying to complete my first first forward on a 5506, this is what I have but I can't connect to the RDP. object network RDP_Media_PC host10.0.10.104 nat (inside_10,outside) static interface service tcp 3389 38383 access-list rdp-inbound extended permit tcp any object RDP_Media_PC eq 3389 access-list rdp-inbound extended deny ip any any access-group rdp-inbound in interface outside What am I doing wrong please? submitted by /u/blinkydamo [link] [comments]

Wireshark - Filter by MAC address Posted: 09 Nov 2021 06:13 AM PST Morning all, Does anyone know the updated expression to filter network traffic by MAC address in Wireshark? I used to use eth.addr or eth.src or even bootp.hw.mac_addr but none are working. Any thoughts? Thanks, Jeff submitted by /u/jeffmtham [link] [comments]

Traffic on unusual port Posted: 09 Nov 2021 01:42 PM PST Apologies if this isn't the most appropriate place to ask. We're seeing a significant spike in traffic on port 61616. A quick search shows it's generally used by ActiveMQ "An open source message broker written in Java…Communication is managed with features such as computer clustering and ability to use any DB as a JMS persistence provider besides virtual memory, cache, and journal persistency" Sounds kinda like malware to me. Are there other uses for port 61616 or is it reasonable to see a spike in traffic on this port? submitted by /u/Patchewski [link] [comments]

Is it bad to run 2 NICs to the same switch? Posted: 09 Nov 2021 08:38 AM PST I have computers in the field that have multiple NICs and so what I have done is connect both of them to a switch and in the event I need to troubleshoot another remote Vlan I will tag the switch port that goes to the secondary NIC to the alternate Vlan so that I can gain access to that Vlan but 90% of the time both of the NICs will be on the main Vlan. The primary NIC is set with a static IP and the secondary NIC is set to DHCP to get an IP of whatever Vlan I put it on. Is there any concern of doing things this way as far as routing or connectivity? These machines run Windows 10 LTSC. submitted by /u/In000 [link] [comments]

Stacked switches - what happens if I lose just a port Posted: 09 Nov 2021 11:25 AM PST Looking at creating a stack with 2 catalyst 3850 and I understand that it becomes active/standby and in the event of a switch failure, the standby will become active. However, if a single port fails, what happens? Thanks submitted by /u/officedg [link] [comments]

Dynamic routing using BGP with Cisco Nexus Posted: 09 Nov 2021 07:18 AM PST We've several Cisco Nexus models, like 55xx, 9k3, and 6k. We're also using VPC technology with FEX devices. Reading the manuals - i saw that the best way to make a server peer with Nexus switches using VPC is to enable peer-router and peer-gateway commands under VPC. But - the eBGP peerings works well even with no peer-router and no peer-gateway commands added. Do i'm missing something here ? Or maybe that peer options are for Dynamic routing protols which uses multicast ? Because BGP is unicast based protocol. submitted by /u/kajatonas [link] [comments]

Nat was supposed to be dynamic not static Posted: 09 Nov 2021 04:47 AM PST Some of this post is experience sharing: So this school(~2000 users) used sip phones with port 5060 on door intercoms for years without no issues. This summer school worked with a new Networking Service company and they kind of rewamped the network. When the network is up school realized sip phones on door intercoms won't work. The Voip provider comes in and says "oh we have had this issue before, I will just give them different static ports that is not 5060". Without asking why we never had to do this before. Weeks pass and hard phones are up. That was just the start of problems little we knew. All the voip hard phones started to have intermittent issues; such as calls drop, no dial tone. Restart the phones and mostly fine. Wasted about a month to troubleshoot this. As the IT consultant for this school, we go and check the Cisco FTD and see that nat is setup as "static". I am like But why, there is only 1 public ip and what happened to dynamic port address translation? Anyways we set the natting to dynamic pat and all is well since then. But the thing that begs the question is why the school only experienced issues with phones. How were staff and student devices were able to connect to internet? I am guessing chromebook browser will use a random port to make requests and firewall nat will remember this internal port but how is it getting mapped externally? One by one static and just not dynamic? We also had Google reporting wifi mac address changes alerts around this time. Not sure if these were related. https://www.reddit.com/r/k12sysadmin/comments/pnrt17/alert_suspicious_device_activity_device_property/?utm_source=share&utm_medium=ios_app&utm_name=iossmf submitted by /u/chown_chmod [link] [comments]

Tool for config backups and mass config changes / Any recommendations? Posted: 09 Nov 2021 12:31 AM PST Hey guys, I'm looking for a tool (open source or paid doesn't really matter) to backup our network devices (mainly HPE / Aruba switches) and do mass config changes/rollouts. Any suggestions? We only have around 30 stacks (2-4 switches each) on three sites. ​ Sorry if there's already a post about it, but I haven't found anything recently in this sub. Btw, this is my first post in here. IT hooray! ​ Thanks for your help! Cheers, uneinverleibbar submitted by /u/uneinverleibbar [link] [comments]

Cisco ISE Posture - ASA VPN Posted: 09 Nov 2021 04:12 AM PST Howdy! I'm trying to setup a PoC for posture compliance over Cisco AnyConnect VPN (via Cisco ASA) for a customer. I've got it setup in ISE so that if the posture status of the VPN client is "unknown" it redirects them to the default portal and uses an ACL I created on the ASA that looks like this: Deny any domain (allows DNS) Deny any ISE (allows access to ISE) Permit any web (Denys any web traffic) When I connect to the VPN, it doesn't install the posture agent and check my compliance. I just get restricted based on the ACL listed above. Is there something else I'm missing here? I've uploaded the AnyConnect and Compliance module to ISE, and setup the policy to install it, but nothing is working. Any help would be much appreciated. submitted by /u/Network_John [link] [comments]

Cisco Stateful Interchassis Redundancy can data and control be the same interface? Posted: 09 Nov 2021 02:04 AM PST I have two identical Cisco 4351 routers. I want to configure them in HA using Stateful Interchassis Redundancy. I have standard 4 interfaces in each router. One goes to Inside, Second to Outside and Third one is empty and there is Management interface. Does anybody use Stateful Interchassis Redundancy? According to documentation it requires a data link, control link and interface link. Could it be the same physical interface? submitted by /u/yamamba [link] [comments]

Spent 20 hours troubleshooting this very bizarre network issue on church streaming PC Posted: 08 Nov 2021 05:30 PM PST Client machine is our church streaming PC - Intel Xeon, 4 core, 16gb ram, 512 SSD, GTX1050ti (for encoding), Windows 10, onboard gigabit NIC. Using OBS to send out stream at 8mbps. Internet is 100/100 fiber. Connected to 24 port Aruba switch tied to main LAN. DHCP for all clients. Firewall checked, port for stream is wide open, priority for video packets. Everything was working fine until new IT company came in and installed new gear. Ever since, we have had continuous issues with pushing a stable stream. Starts out fine but within a few seconds, goes to pot with erratic upload of 0 to 4mbps as indicated by OBS. IT company says no problems that they can find, must be the PC or ISP, so I started my own troubleshooting. Upload tests through speedtest.net show a 100/100 connection. But if I run it through TestMy, only getting 4-5mbps using random packet testing. Installed new PCIe NIC, cables, removed all other connections to the switch, and tried various ports on switch with same results. Updated drivers to no avail. Here is where it gets weird. On a whim, I hooked up a USB to Ethernet adapter to the PC and suddenly had great upload speed tests along with a stable stream output. I then hooked up a different PC using normal Ethernet, it too suffered from the same problem until I hooked up the Ethernet adapter. But there's more, the USB Ethernet adapter only provides the normal connection if it's connected to a powered USB hub. If I try a direct to PC USB connection, the problem still persists. I am baffled. Any ideas? The adapter isn't really a solution as extended testing still shows some problems, but it's 90% better. I don't understand how an Ethernet adapter, through a powered hub "fixes" the problem on either PC. submitted by /u/ashenfang7404 [link] [comments]

Help! Multi-site/multi-location offices Posted: 09 Nov 2021 04:46 AM PST Here's my set up on our company. Main Office Project 1 Site 1 4G Pocket WiFi 1 - Laptop Computer Project 2 Site 1 4G Wireless Router 3 - Desktop computers 1 - Printer Site 2 4G Wireless Router 4 - Desktop computers 10 - Laptop computers 1 - Printer Project 3 Site 1 4G Wireless Router 6 - Desktop computers 8 - Laptop computers 1 - Printer Site 2 4G Wireless Router 1 - Desktop computers Site 3 4G Wireless Router 1 - Desktop computers Site 4 4G Wireless Router 4 - Desktop computers 12 - Laptop computers 1 - Printer Site 5 4G Wireless Router 3 - Desktop computers 2 - Laptop computers 1 - Printer Site 6 4G Wireless Router 1 - Laptop computer 1 - Printer Project 4 Site 1 4G Wireless Router 12 - Desktop computers 5 - Laptop computers 1 - Printer Site 2 4G Pocket WiFi 1 - Desktop computer Project 5 Site 1 4G Wireless Router 3 - Desktop computers 2 - Laptop computers Site 2 4G Wireless Router 10 - Desktop computers 12 - Laptop computers 2 - Printers Site 3 4G Pocket WiFi 1 - Desktop computer Project 6 (soon) Warehouse Site 1 4G Wireless Router 1 - Desktop computer Camp Site 1 4G Wireless WiFi 1 - Desktop computer As seen above, we got several sites with several locations and the only source of internet connection is using the 4G wireless router. The client doesn't provide internet access and they don't allow ISPs to lay cables to their buildings. Problem 1 - All sites doesn't communicate with each other, all communications goes thru e-mail or MS Teams. I want all sites to communicate with a central hub/controller in the main office which I could easily control computers within the network. Problem 2 - Everybody wants internet. Everyone wants to connect their phones or personal computers to the router to connect to the internet. My solution to this is using MAC Filtering on all the routers. Problem 2a - Not all laptops stays on 1 location, most of them are going to different places. With the issue on Problem 1, I can't control the MAC filtering on 1 location. So I need to go physically on each sites to register/reconfigure the MAC filter for those routers and to grant access to computers that are on that locations. Problem 3 - I don't have a team, I'm working individually managing all these sites. I don't even have a AD and VPN set up. Problem 3a - The company doesn't prioritize the budget for IT. It may if I could properly present a solution to these problems, but I can't risk buying a system/network that won't resolve all problems stated above. ​ Please give me some advice and recommendations on making my work easier. submitted by /u/canizter [link] [comments]

You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States