Moronic Monday! Networking |
- Moronic Monday!
- Experienced Network Engineer Looking for Career Advice
- Cisco 9200L's MAC Learning Issues
- FS.com switching - honest reviews
- Is MPLS an option if I have no clear delineation between PE and CE?
- Is it wrong to have M to F MPO FDU's?
- Help with a switch that needs NAT
- 802.1x EAP-TLS for Cisco IP Phones - Question
- Cisco catalyst 1000, boot time.
- VANET Routing Protocol Help
- Cisco IOS BGP - multiple listen ranges to same peer group?
- Umbrella DNS setup
- Where do I go from here?
- Cisco ISE 802.1x. If I create a group in Cisco ise, it will do nothing until I associate it with a policy, correct?
- 25gbe backward compatibility with 10gbe
- Wiring from patch panel to CNC machines out on the floor...
- Junos automation Netconf XML
- Azure doing uRPF?
- Extend Wi-Fi Direct over IP?
- Firepower 8000 traditional licensing issue
- How do you make micro-segmentation in Data center
- Anyone have a copy of the CombiHarris TS430 ISDN test set?
- bad cli error while pushing templates to cisco Viptela.
- How to stop IP conflict of another device and router/gateway on business network
- Connecting two branches
- Send CISCO IOS log messages to different servers based on severity
| Posted: 31 Oct 2021 05:00 PM PDT It's Monday, you've not yet had coffee and the week ahead is gonna suck. Let's open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarrassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. Note: This post is created at 01:00 UTC. It may not be Monday where you are in the world, no need to comment on it. [link] [comments]  |
| Experienced Network Engineer Looking for Career Advice Posted: 01 Nov 2021 02:24 PM PDT Hey all, I'm struggling with my current job search and looking for some advice. I've worked as a network engineer for 15+ years and currently work for a large government contractor. Although the money is good and there's a fair amount of work/life balance (I never work more than 80 hours over a two week pay period), I'm not feeling particularly challenged, and, for a variety of reasons, want to move on from the company/industry. I've been searching for a new job for the last six months or so, but am struggling to even get interviews. I fear that the fact that I lack automation or cloud experience are key contributors to this. I'm trying to make it a priority to gain some new skills on the side, but it's hard to make time. Anyway, I'm considering moving out a strictly networking role and could use some help as I try to identify potential opportunities. One of the more promising experiences I've had so far interviewing was with a big tech company for pre-sales Systems Architect role supporting a named account. Basically, my job would have been to work with the customer to identify technical solutions within the tech company's vast portfolio to help address their technology needs. Ultimately, I ended doing well in the technical interviews, but didn't connect with the sales manager. I don't know that that role would have been a perfect fit for me, but what I really liked about it was that the scope of it extended beyond working with traditional network products and extended to whole system design. Although I still like being technical and having my hands on equipment, I really enjoy the system design/architectural aspects of my current job (when I'm given the opportunity to do so anyway) and would like the opportunity to expand upon that in a future role. I do kinda like the idea of being in a pre-sales role, but I feel like that may be an uphill battle going forward just due to a lack of experience in that capacity. It seems those types of roles are typically described as Systems Architect or Solutions Engineer/Architect. If I wanted to support a company internally with a similar role, what type of positions or keywords should I be entering into my job search? Any ideas would be appreciated. [link] [comments]  |
| Cisco 9200L's MAC Learning Issues Posted: 01 Nov 2021 06:51 AM PDT Hello all, I was just wondering if I'm the only one that has come across issues with 9200L's learning MAC addresses on legacy devices? Thus far I've found older Star TSP800II printers, older Netgear hubs (I know they shouldn't be on the network, it's not my choice), and some older medical equipment. TAC has been unhelpful. I've demonstrated to them that 3750x's and 2960x's have no issues with these legacy devices. I've been told to to upgrade the software to the latest version that came out a few weeks ago with the only resolved caveat being related to QoS. In some cases the switches will learn the MAC's correctly but the endpoints are still unable to communicate across the network. Below is my latest encounter with the issue, I have two hosts behind a hub (against my will). show int (I notice the output drops, has me curious) sh mac address-table int Going to my core and checking the ARP table: Attempting to ping these from the core: Now as soon as these are moved back to the very old 2950 on-site, it works fine. Any thoughts are greatly appreciated. Edit: Configurations are identical between the two switches. Thanks! [link] [comments]  |
| FS.com switching - honest reviews Posted: 01 Nov 2021 09:25 AM PDT I have a customer who needs some 48 port PoE switches like -right- now and as we all know, availability of anything I'd normally go with is totally messed up at this point, and we have a firm Dec. 1st deadline to get this expansion done by. I need 3x 48 port PoE+ switches, L2/L3 is okay either way, and some SFP+ ports for "reasons". About the only thing I can actually find in stock anywhere are fs.com switches, which it seems like are pretty generic whitebox Broadcom or similar hardware with their OS on top. Reviews seem to indicate that they're passable, the web UI is a bit of a mess but I'd just plan on using the CLI. Has anybody used these in a real deployment that can provide some feedback before I steer them in that direction? Realistically the only things that matter to me are setting up a couple of VLANs, doing LLDP-MED for the phones, and SFP+ for some NAS boxes & the uplink to the firewall. Or, alternatively, any options I should be looking at? Nonprofit, so price is a concern. [link] [comments]  |
| Is MPLS an option if I have no clear delineation between PE and CE? Posted: 01 Nov 2021 08:31 AM PDT In other words, PE / CE will essentially be the same equipment. CE will be housed in it's own VRF and I would like to have that VRF communicate with another VRF for the same customer in a different DC. I am currently route-leaking all subnets into the main routing table and then route-leaking the other direction at the other data center. As you can tell, this is....not scaleable and a PITA management wise. I thought I could use MPLS between my cores and get around any subnet overlap, etc but now i'm realizing I might have a problem? [link] [comments]  |
| Is it wrong to have M to F MPO FDU's? Posted: 01 Nov 2021 01:28 PM PDT I inherited this configuration. We have a two spine switches and all of its downstream patches are to a FDU it the spine rack. That single large FDU feeds to smaller FDU's in other racks that connects to TOR leaf switches. Thing that caught me a bit off guard is the MPO connectors in the leaf rack FDU's are female. I though it would be standard that the connectors on both sides of the FDU would be male and the device transceivers would be male so I would only need F to F patch cords? So is this a very non standard configuration or a legit option that someone chose? [link] [comments]  |
| Help with a switch that needs NAT Posted: 01 Nov 2021 09:25 AM PDT So I am in charge of setting up a NAT switch, THIS one exactly. I work in controls and we have IP conflicts sometimes in which PLCs with the same IP need to communicate, hence the need for NAT. I figured out how to do VLAN on a Stratix 5700, but that knowledge seems lost on this switch. Can anyone lend me some knowledge on this ? I need it to be possible for 2 PLCs with the same IP to communicate sometimes. I can't have one get bumped offline because that could have catastrophic consequences. This is a DYMEC switch, not Cisco or Rockwell Will I need another NAT switch ? [link] [comments]  |
| 802.1x EAP-TLS for Cisco IP Phones - Question Posted: 01 Nov 2021 08:25 AM PDT To my understanding, and as depicted in the diagram here: https://securew2.com/blog/802-1x-eap-tls-authentication-flow-explained ...EAP-TLS authentication requires that the supplicant be able to validate/trust the RADIUS server identity cert, before it sends its client cert for the server to validate, essentially creating a 2-way trust. As part of our migration to a new PKI, I'm assisting our CUCM admin in replacing his LSCs for all the IP phones in the environment, by using a CAPF cert that is signed by our new Windows PKI. My question is how does the phone validate the server identity certificate? I'd like to somehow verify what CAs the phone currently trusts. Part of this migration is eventually to replace the server identity cert with one also signed in this new PKI environment, but as part of the transition, the server identity cert will be signed by a *different* CA than the new CAPF cert (and ultimately the phone cert) for a period of time. I found this link: https://www.ipstorming.com/cisco-ise-ip-phones-and-eap-tls-authentication/ Which only discusses the RADIUS server trusting the CAPF cert for authentication, which is just the second part of the authentication. Maybe this is all that happens with IP phones? Thanks in advance to anyone who answers. My fear is that the phone will only trust the chain that signed it's LSC, meaning I will have a period in time between assigning the new LSCs and replacing the server identity cert where authentication will be broken. [link] [comments]  |
| Cisco catalyst 1000, boot time. Posted: 01 Nov 2021 09:23 AM PDT Hi, I have been working with several CBS-350 switches and their boot times have been pretty slow for my intended application, I'm looking to buy about 20 more switches and I'm considering the catalyst 1000 series. Does anyone know how long it takes for these to boot up? The CBS-350 takes about 2-3 minutes. Also, how does the c1000 compare to the CBS350 series? I'm not sure which direction I should go. Thanks. [link] [comments]  |
| Posted: 01 Nov 2021 10:16 AM PDT What are the best ways to create a routing protocol for VANETs? I've previously worked in NS2 for network simulations, but I'm open to try other simulators. I'm trying to make an implementation of the following research paper: Distance and Signal Quality Aware Next Hop Selection Routing Protocol for VANETs It's a part of a project. Any help would be really appreciated! [link] [comments]  |
| Cisco IOS BGP - multiple listen ranges to same peer group? Posted: 01 Nov 2021 10:31 AM PDT I have two categories of client devices in a DMVPN network running BGP. Currently we're specifying the addresses for all neighbors, but since we use the same settings for all I would like to change to listen ranges. Currently, both categories of devices get all the same BGP settings, but in the future we might need to change that. I wouldn't think there's an issue creating 2 or more listen ranges and setting them to the same peer group, but I just wanted to check and be sure someone is running a config that way without issues. Thanks [link] [comments]  |
| Posted: 01 Nov 2021 08:13 AM PDT We are deploying Cisco umbrella with 2 VA. How do you setup DNS clients when using web proxy on UTM firewalls is in place. How do the DNS requests are managed ? At present clients are using mix of transparent and explicit proxy. I found this link on Umbrella KB but couldn't get more out of it. https://support.umbrella.com/hc/en-us/articles/230563527-Using-Umbrella-with-an-HTTP-proxy Any suggestions? [link] [comments]  |
| Posted: 01 Nov 2021 08:51 AM PDT I've been a network engineer for nearly 15 years now, working my way from a low-paid operations engineer to a high-paid project delivery contractor. I have worked alone, in small teams, large teams, MSPs, small datacentres, large datacentres and financial institutions. Currently make good money, though have never had a decent work/life balance until my current role. The thing is I've never had any passion for the career. I've got my CCNP/CCDP and a bunch of random qualifications for other vendors but have never been interested enough to go further. I could be quite happy in my current position until retirement but we all know it doesn't work like that: this is a career that is in constant change. Sooner or later I'll have to recertify, study new technologies that I have no interest in, or move on. Maybe I could aim for CCIE but I honestly have zero interest in studying, except for the potential financial reward. So where do I go from here? I feel like a career change would do me good but anything would likely mean a step down in salary, which is not ideal as I have a family to support. What do engineers who are long in the tooth do anyway? Personality wise I don't have the outlook for management; even though I think I'd make a good stab at it I've been told I'm not "management material". I don't fancy going back to anything involving the general public or end users. I did enjoy being a desktop support engineer a long long time ago before moving into networking but I feel like that's a young man's game, not to mention the money is poor. I guess I'm just hoping others who have made the successful jump from being an engineer to another career will see this and can offer some advice. [link] [comments]  |
| Posted: 01 Nov 2021 10:06 AM PDT And if I associate it to a policy, it won't do anything until I configure the switches/ports to use 802.1x settings, correct? I am trying to learn ISE and this sounds correct, but I want to make sure before i move forward. [link] [comments]  |
| 25gbe backward compatibility with 10gbe Posted: 31 Oct 2021 03:52 PM PDT I've been repeating that 25gbe is backwards compatible with 10gbe for years now. Hell, I probably have ~100 links now where one side is a 25gbe switch/nic and the other is 10gbe. However, recently I've been burned repeatedly. I have 5 nics and 2 switches that refuse to talk at anything but full 25gbe. They recognize 10gbe transceivers, but don't down-negotiate to them. Hard setting the speed doesn't seem to have an effect: I still can't get them to bring up a link. Switches are Dell S5224f-ON units, and the problem persists across OS10, pica8 and SONiC nightlies. The NICs are Marvell / Qlogic Fastlinq ql41212h, also of Dell origin. On this side we've been through multiple OS's without changing the behavior. Anybody seen anything like this? Am I missing something really stupid, or have I just gotten lucky with a pile of gear that doesn't behave as every other unit on the planet does? Edit/Update: Okay, the switches were a distraction: turns out you have to set the port speed in groups of four. That is, once I set 1-4 to forced 10000, we get link on those. The NICs are weirder. They exhibit the same behavior with these Dell switches (hard coded to 10gbps now), and existing 10gbe infrastructure from HPE-Aruba, Cisco, and old school HPE-comware. I have other 25 gb cards from mellanox, solarflare, chelsio and I think one of those damn intel 710 cards..... [link] [comments]  |
| Wiring from patch panel to CNC machines out on the floor... Posted: 01 Nov 2021 07:56 AM PDT This question is for a small business, so not enterprise but not for home networking either. I was tasked with cleaning up the area where the server is at and management bought a wall mounted 6U rack with a 24 port patch panel, 24 port managed switch, rack mount PSU and a tray to hold the modem and firewall. The previous setup was wiring coming down from the ceiling and plugging into a 3x 8 port switches sitting in a wiring nest on the desk next to the server. Wires are going directly out to the machine floor, running down the electrical boxes hanging from the 16/20 ft (depending on where) ceiling to plug directly into the CNC machines themselves. I'd like to take the cables plugged into the three 8 port switches and punch them down into the patch panel and then use 6 inch patch cables to run from the PP to the switch in order to clean it up instead of just plugging them into the 24 port switch. All the extra cabling is wrapped up on the machine end of things in case we move things around out on the floor when adding additional machines, something we've been doing lately. I'm unsure which wiring scheme I'm supposed to use going from the PP directly to a machine, A or B. Everything I've looked up on line, and maybe I'm not wording it correctly in the search, is going from PP to wall port and then machine but I can't do that because of the way the machine floor is laid out, there is no junction boxes with network ports, it's just electrical boxes. With going directly to the CNC machines and not to a wall plate, do I use A or B on the patch panel? Thanks. [link] [comments]  |
| Posted: 01 Nov 2021 11:25 AM PDT Hello guys, Any ideea what Netconf XML filter should I use to activate back a leaf node? I am trying to basically activate the OSPF back like in CLI below: {master}[edit] # activate protocols ospf area 0.0.0.0 {master}[edit] MX# show protocols ospf area 0.0.0.0 { interface ge-0/0/0.0; interface ge-0/0/1.0; } {master}[edit] MX# show | compare | display xml <rpc-reply xmlns:junos="[http://xml.juniper.net/junos/20.2R0/junos](http://xml.juniper.net/junos/20.2R0/junos)"> <configuration> <protocols> <ospf> >>>>>>> <area active="active" operation="merge"> <name>0.0.0.0</name> </area> </ospf> The XML filter above does not seem to work for some reason...... [link] [comments]  |
| Posted: 01 Nov 2021 03:17 AM PDT Client VM --> ASA --> PANOS --> Internet For outbound general Internet access. I tried to pass a packet through two NVAs: first, an ASA, then a PANOS. This doesn't seem supported in Azure and I think it's because they are doing uRPF, though I can't find any documentation on this theory. If I NAT the client IP on the ASA, it works just fine. Routing is good. I double double triple checked. Even connected the client directly to the PANOS to be sure and it works. I tried having dedicated subnets for the interconnect (ic1 and ic2), and tried just a single interconnect subnet. Same result. Even if UDR is setup right, and routing tables on the appliances, I think uRPF is the issue since the client IP is routed through a different interface on the vnet gateway (under the Azure hood). I can see the packet arrive at the ASA, and get routed out the ASA, but the PANOS never even sees the packet. I turn on PAT on the ASA and boom, all works like magic. Anyone else come across this scenario? [link] [comments]  |
| Posted: 01 Nov 2021 10:40 AM PDT Possibly crazy question/request. We have a scenario where we have devices that talk to each other via Wi-Fi Direct (only) and we need to put them in physically separate location i.e. far enough to where there is no chance the Wi-Fi Direct connection would work. However, we would still like to have them communicate with each other. Does anyone know of any way to "extend" Wi-Fi direct over IP or Ethernet? I would imagine this would involve some sort of rebroadcasting on both ends but couldn't find anything on this in some Googling. [link] [comments]  |
| Firepower 8000 traditional licensing issue Posted: 01 Nov 2021 06:40 AM PDT Hello, Bought IPS TA license subscription for firepower 8000 series. Received Edelivery mail without Get License (PAK) bar. Checked traditional licensing on cisco.com and can`t see PAK there. Can someone tell how to activate this license without PAK or how to get the PAK? [link] [comments]  |
| How do you make micro-segmentation in Data center Posted: 01 Nov 2021 10:10 AM PDT Hi Folks How do you make micro-segmentation in your datacenter whilst VMs based on such infrastructure as ESXI, Dell VXRail, or Nutanix AHV. 1- Is it with vlans/vrfs, have each vm in its own mini subnet (/30) with the gateway being the firewall encompassed in the vlan. I know it is tedious managing if you have a lot of systems 2- Group the servers in the form of VLANS, such as categorize them by using like the front end, database, and so on and then micro-segment the servers on hypervisors where one VM cannot talk to another VM in the same VLAN. Let's forget about NSX, due to cost. Nutanix has its own Flow. I don't know about Dell. [link] [comments]  |
| Anyone have a copy of the CombiHarris TS430 ISDN test set? Posted: 01 Nov 2021 12:43 AM PDT I know it's a shot in the dark, my set is over 20 years old and I love it, used mostly for BRI testing but would just love to have copy of the manual as the one time I would like to consult the manual, I can't seem to find my ancient copy. [link] [comments]  |
| bad cli error while pushing templates to cisco Viptela. Posted: 01 Nov 2021 04:34 AM PDT I got an issue while pushing template configuration, the error pops out as Bad cli, the SDwan have Viptella controller image, while Edge devices are using Cisco IOS-XE 17.xx software. [link] [comments]  |
| How to stop IP conflict of another device and router/gateway on business network Posted: 31 Oct 2021 10:31 PM PDT Hi All First time post, long time viewer. I manage a Fortinet network for an office of about 100 people, with one FortiGate, and around 15 managed Forti-Switches. About once a year, someone brings in a device that the IP conflicts with our FortiGate, which causes devices on our network to point to the wrong device when trying to get out the internet. I feel like this has to be an easy answer, but the Fortinet support team cant seem to wrap their heads around what I'm asking for. While I realize, long term, I can start adding several subnets over VLANs and also, changing the IP of the FortiGate(router) to something that maybe isn't as popular when it comes to default addresses, however in the meantime, isn't there something I could set on each of the managed switches that would make sure all devices would route to the FortiGate, for instance perhaps, via the routing table over MAC address? I appreciate any input. Thanks! [link] [comments]  |
| Posted: 01 Nov 2021 04:53 AM PDT Dear Networkers, I need a solution, I really did google a lot and I do have CCNP (2014 so I'm kind of rusty) but its still not clear to me what to do with my needs. Here is our current network diagram "its over simplified, I just decreased amount of devices" I have two branches each have internet connections 1gb/s with a dedicated IP address. how can I utilize this two connections to connect the branches together in one network? is there a software or a device that does that? I know usually this is done by using VPN and please correct me if I'm mistaken, this will only allow point 1 to ping point 2 but it will not make the whole infrastructure works like one Local network? Also because there is two routers with internet how to make them work together? I am open to any solution, but I prefer something doesn't involve subscriptions or ISP. I mean if I have two Internet points why its should be easy to connect them right? [link] [comments]  |
| Send CISCO IOS log messages to different servers based on severity Posted: 31 Oct 2021 04:16 PM PDT Hi there, We currently have a log server that we send all switch logs (500+ switches) to of severity 2 and lower (critical to emergency). Lets say this server is 10.10.10.10 I have just setup a bunch of event manager scripts that I would like to monitor when they're being triggered. They present with a severity 5 log (notification) when they run. I would like to send level 5 logs (and only level 5) to a different log server, lets say 10.10.10.20 Your help is appreciated! [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment