Blogpost Friday! Networking

---

• Blogpost Friday!
• i don't believe CCIE is worth it anymore
• Service Provider Network Monitoring
• DHCP assignments in /30, /31 subnets
• Advice for managing locations/data centers/carriers
• STP cabling - differences of opinion
• What is the Cisco command to generate these type of error logs?(pic)
• How Are You Measuring SLA?
• Left over money in budget want to purchase tools for networking department, suggestions?
• Real world 1 vs 10 gig
• flowmon profile
• EVPN/VXLAN Data Centre Fabric, Multivendor?
• Cable testing results?
• Fortigate Experience
• Is there API to determine 4G/5G signal strength and/or average speed
• Configure SLAAC with ULAs on old HP comware 5 switch
• Controlling interVLAN traffic?
• what happens if we have two ospf members with the same network to share?
• Third party switches and ISE
• IPSec behind NAT issues
• Watchguard WebUI Port Translation Help!

Blogpost Friday! Posted: 30 Dec 2021 04:00 PM PST It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts. Feel free to submit your blog post and as well a nice description to this thread. Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it. submitted by /u/AutoModerator [link] [comments]

i don't believe CCIE is worth it anymore Posted: 31 Dec 2021 06:34 AM PST i been network engineer for 1 year i been studying networking for past 4 year every day,i have my ccnp, i was planning for my CCIE for end of 2022 or 2023 max and then planning for my second one, i just started reviewing learning matrix and the blueprint and i was frustrated, it became how much you know Cisco more than how much you know networking, i know this sentence is ironic since the cert name is cisco expert, but common SDA DNA-C ACI. like why would i waste hundreds of hours being expert in vendor priority product? at least with R&S you could transition your experiences to to another vendor deployment, non of CCIE tracks is vendor neutral anymore except the SP track, i'm currently working in environment with ACI deployment but i only will be ACI admin, i don't know i lost my purpose in this field CCIE was the aim but without it i don't know what to aim for, i need some input and guidance from the veterans here how should i rebuild my milestones? what are good,rare and complex areas to master that can transition very well among vendors submitted by /u/time_over [link] [comments]

Service Provider Network Monitoring Posted: 31 Dec 2021 02:00 PM PST We are a growing ISP and are looking to replace Logic Monitor as our network monitoring platform. I'm a bit overwhelmed with all of these new cloud monitoring companies that have popped up over the last few years. They all seem so focused on monitoring the 'full-stack' and bill themselves as infrastructure monitoring platforms, but every time I speak with them their actual "NETWORK" monitoring seems like they have no clue how to do it. We are a network provider. We don't have cloud workloads, we aren't a software development house. I am most familiar with Solarwinds and have been using it at pretty much every organization I've worked at for the the last 10 years. I've looked at Data Dog, New Relic, OpsView, SevOne, and several others, but none of them seem to be able to provide a true single pane of glass for monitoring. I've looked at Kentik and their solution looks AMAZING for service providers, but I was so disappointed when I got into the product and noticed that all it does is look at interfaces and flow data. It doesn't do anything in the way of monitoring, alerting, up/down, cpu, memory, etc. What is really out there for service providers or large enterprises that want REAL network monitoring and everything that comes with it. (advanced alerting, up/down, flow data, bandwidth utilization, path monitoring, etc.) We would prefer an on-premise solution if possible, but are open to exploring cloud solutions. (we're not looking at open-source solutions, we want something off the shelf) submitted by /u/cyr0nk0r [link] [comments]

DHCP assignments in /30, /31 subnets Posted: 31 Dec 2021 11:21 AM PST We need to make DHCP assignments for lots of very small (/30, /31) subnets. In each of these subnets, only a single IP address is available for the endpoint (and the other is permanently assigned to a switchport). Because only 1 endpoint can be present in such a subnet, it is counterproductive to maintain a "DHCP lease" for the MAC addresss of an assigned address. Instead, any device that is attached to the switchport should be assigned the available address, regardless of whether that address has previously been assigned. Is anyone aware of a DHCP server that can offer assignments in such a manner, ignoring any previous leases? submitted by /u/accuracyincomments [link] [comments]

Advice for managing locations/data centers/carriers Posted: 31 Dec 2021 07:18 AM PST Hi networking, maybe i can use your wisdom. I work in a startup in the security/networking field and we are expanding very fast and its becoming hard to keep track of our locations growth (worldwide PoPs). Each location is hosted in a DC and has a few internet carriers connected to it. We are constantly upgrading and increasing our capacity everywhere and I wonder if there is a better way to keep track of it. Currently using excel to manage this and its becoming too messy. Maybe you can assist? submitted by /u/SultanOfZwing [link] [comments]

STP cabling - differences of opinion Posted: 30 Dec 2021 10:20 AM PST Hi All, I did a search and found a few things in passing, but they were a bit older. I have a relatively small building (4000 sq ft) and the need to run Ethernet right alongside 110/220v lines. I'd love to separate them, but it'd be way too much $$ to rebuild/modify cable pathways. Being a small building, everything is on a single electrical service and same grounding plane. We have STP cable around from another build and the patch panel is bonded/grounded to the electrical service ground. What are folks thoughts on grounding only one end of STP? Everywhere I look I'm finding different solutions. Some folks say it has to be grounded on both ends, but others say one end is sufficient. Personally, given what I've read so far, I'm inclined to believe the latter (ground on one end is okay). Grounding on one end is also what I'm hoping to do for this particular job. One of the reasons why I'm cautiously thinking grounding on one end is okay is that all of our POE security cameras and APs use STP cable (as directed by the mfg) and therefore are only grounded via the patch panel. If grounding only at one end creates an RF/EMI antenna (as some folks say), wouldn't these cameras/APs have RF/EMI issues since their cabling would be grounded on one end? In the use-case we're looking to install, the STP would go into keystone jacks on the wall (field-side) and standard UTP patch cables would go from the equipment (e.g. desktop computers, printers, etc.) to the keystones. This is different from APs and security cameras, but I still don't see how one-ended STP grounding would cause an issue? I'm definitely not an electrical engineer and looking for guidance/suggestions. Thanks! submitted by /u/rratselad [link] [comments]

What is the Cisco command to generate these type of error logs?(pic) Posted: 30 Dec 2021 09:54 AM PST https://ibb.co/Ttj9Xjk ​ I'm not a network guy so hoping I can get some answers here. ​ We just spend a couple of days troubleshooting latency, packet drops around the network and found out this switch was stuck in a loop. After finding the culprit(a device connected to port 45), issue seems to be gone now. ​ This switch is a C2960X and luckily I was able to get into the GUI using Chrome and review the event log. The issue here is we have several older switch with a GUI set up but need to use really old browsers to access them. I have basic knowledge of switch commands and know how to set up one but lack experience running debugs on them. What would I need to run on capture these type of events? Back when I worked with ASA's, we ran a few basic debug commands which only showed relevant information on what I was looking for and was told to avoid certain debug commands otherwise they would generate too much information and crash the ASA. This is what I'm trying to avoid. ​ Thanks! submitted by /u/ProfessorWeed69 [link] [comments]

How Are You Measuring SLA? Posted: 30 Dec 2021 10:02 AM PST Hey everyone! I'm the Network Engineer for a CLEC. Working revamping our KPIs and SLA monitoring. We use PRTG for monitoring and are using device uptime sensor on our cores to calculate our SLA. Where are SLA measurements taken? At the core? Average of customer device uptime? Upstream provider uptime? submitted by /u/ZNastyyy [link] [comments]

Left over money in budget want to purchase tools for networking department, suggestions? Posted: 30 Dec 2021 01:32 AM PST Title. I completed a hardware upgrade project this year and with the left over money about $2000 left. I wanted to get some tools for me and other co-worker to use while on the job. We sometimes have to pull & crimp our own cables while on the job. I was thinking about getting a nice crimp/cable tester kit. Amazon links might be more ideal if I need to make a quick purchase such as end of the year budgets closing. Don't know if the money rolls over or not. Any really neat tools that you guys use at work that come in handy in a pinch? submitted by /u/Murderous_Waffle [link] [comments]

Real world 1 vs 10 gig Posted: 30 Dec 2021 02:11 AM PST Hi there, Just planning an upgrade for my tiny data centre from gigabit connections for each ESXi server to 10gig connections. As far as I'm aware, the maths is simple - a 10gig connection is equivalent to 10x1gig connections, but in the real world is it that simple? ie are there any packet bottlenecks to consider? submitted by /u/pentangleit [link] [comments]

flowmon profile Posted: 30 Dec 2021 12:05 AM PST Hey guys, I need advice from someone who has extensive experience with flowmon. I set up a profile with this filter: (hhost "netflix.com") or (hhost "nflximg.com") or (hhost "nflxvideo.net") and not (myPcIP). But it doesn't work when I look at the analysis of that profile, it still shows my ip address there. What am I doing wrong? submitted by /u/MaaS_10 [link] [comments]

EVPN/VXLAN Data Centre Fabric, Multivendor? Posted: 29 Dec 2021 02:45 PM PST I know plenty of people that have a multi-vendor strategy but this seems to be different vendors in different data centre locations and not multivendor in the same fabric. Does anybody deploy multiple vendors such as Arista, Cisco, Juniper in the same EVPN-VXLAN fabric? In my eyes, it would be madness to even consider, but I'm curious. submitted by /u/SensitiveTowelHolder [link] [comments]

Cable testing results? Posted: 29 Dec 2021 11:22 AM PST I've been in the business of installing cabling and wireless access for 16 years. I'm not new to pulling and testing Ethernet cable, but I've never needed to provide cable test results in a spreadsheet to a customer. There are a couple of jobs that I'm interested in bidding on but they want the cable test results dumped into a spreadsheet. What exactly are they looking for? I have two testers - one is a basic Fluke, the other is a Chinese made tester that can output a picture that shows all of the connected pairs. The Fluke simply shows the passed test on the screen. Is this a functionality of some high end testers? What type of equipment would I need to invest into for this ability? submitted by /u/Pukeolicious [link] [comments]

Fortigate Experience Posted: 29 Dec 2021 10:59 AM PST We have several Fortigate 60F's in production and all of them seem to run just fine. Both the CLI and Web interface are easy to work with and I haven't minded working with them at all. Last couple of months though, we've had two devices where the WAN1 ports died. I'm curious if anyone else has experienced this or if maybe this is just an odd coincidence? The first one it happened and we swapped it out. I ran through the diags and we were able to get it RMA'd. I don't remember what the diags came back with. Then just had another one do it and we're working on getting is swapped out. Haven't been able to get diags on it yet. submitted by /u/DevilDogg22 [link] [comments]

Is there API to determine 4G/5G signal strength and/or average speed Posted: 29 Dec 2021 06:07 PM PST A question primarily directed at people working with radio telecom hardware, RF-modeling and so forth. My company is an early-stage consumer startup that operates a "telepresence-on-demand" service, currently focused on the proxy shopping use-case. In other words, we recruit contractors around the world as remote shopping assistants who get paid for going to retail locations near them and doing a video conference call with our end customers — buying stuff for people while being supervised in real-time. The retail destinations are arbitrary and unpredictable, and since the whole thing relies on live-streaming, we would like to increase the likelihood there's cell reception down there before we send our contractor there to avoid doing refunds all the time. I am looking for a data provider that would allow me to enter a coordinate (Lat, Lon) and perhaps a mobile carrier (e.g. T-Mobile, Rakuten, etc.), and get back some stats on signal quality and average upload speeds at that location. The response may come in any form: either raw data or a map tile, etc. What do people in the industry use for similar tasks? What should I do if I don't have much budget? Is there something with pay-as-you-go pricing, per API request? I sent an inquiry to Oookla and OpenSignal already, but it does seem their solutions are targeted at MNOs and similar-sized players, rather than early startups like mine. submitted by /u/vakrolme [link] [comments]

Configure SLAAC with ULAs on old HP comware 5 switch Posted: 29 Dec 2021 05:32 PM PST Ohai, I'm trying to setup IPv6 on some old HPE 5800-48G-PoE+ switches on a VlanInterface. But I only get a link local address to show up. Documentation on these old switches is hard to find. Here is how the config for the interface currently looks like this: interface Vlan-interface2342 ipv6 address auto ip address 10.0.0.10 255.255.255.0 It should pickup the correct network via RA. It works for servers in the same VLAN. Not sure where to go from here. The CLI doesn't really mention any ULA, only GUA. Can someone point me in the right direction? Is this even supported? I also can't find any infos if these switches support RFC7217. So please direct any hints about that also in my direction. :) submitted by /u/XenGi [link] [comments]

Controlling interVLAN traffic? Posted: 29 Dec 2021 12:10 PM PST We have a layer 3 core switch routing a number of internal VLANs. In an effort to improve security, we've been limiting traffic crossing between VLANs by using a combination of ACLs on the core switch and GPOs to control host based firewalls (Microsoft shop). It is a messy process and it got me wondering how others approach this. submitted by /u/save_earth [link] [comments]

what happens if we have two ospf members with the same network to share? Posted: 29 Dec 2021 10:00 AM PST I configured a ospf but I've had a lot of fiber's issues so I want to configure another member in azure's cloud we already have a vpn and the ospf configured. but I don't know what happens if I have the same network in two different devices. submitted by /u/zener-A- [link] [comments]

Third party switches and ISE Posted: 29 Dec 2021 09:53 AM PST What are your experiences with other switches and ISE. We are looking at refreshing our WAN switches this year and I'd like to look at non-Cisco options. I just need to know how well they work with ISE 802.1x, CoA, DACL's, etc. Aruba, Dell, Brocade, FS, Juniper. I'm looking at every option here. submitted by /u/CaseyChaos1212 [link] [comments]

IPSec behind NAT issues Posted: 29 Dec 2021 02:37 PM PST I am testing out an IPSec tunnel with both routers behind a NAT device before attempting to deploy them and I am having issues with it. No problems were encountered with NAT not being used. NAT-T is enabled by default and I did run the command to enable it to verify. On the two ISP mock routers I can see the NAT translations being done for UDP 500 to the correct "global" addresses of each. My crypto isakmp sa output shows "MM_NO_STATE" in debug crypto isakmp I can see that both routers detect NAT, but for some reason it's not working and bringing the tunnel up. Below are the configs. R1#show run Building configuration... Current configuration : 1695 bytes ! ! Last configuration change at 21:11:18 UTC Wed Dec 29 2021 ! version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot system flash boot-end-marker ! no logging console ! no aaa new-model ! ! ! ! no ipv6 cef ip source-route ip cef ! ! ! ! ! multilink bundle-name authenticated ! ! ! license udi pid CISCO1921/K9 sn FHK150270LL ! ! ! redundancy ! ! ! ! crypto isakmp policy 1 encr aes 256 authentication pre-share group 15 lifetime 28800 crypto isakmp key KEY address 5.5.5.2 crypto isakmp invalid-spi-recovery crypto isakmp keepalive 10 crypto isakmp nat keepalive 900 ! ! crypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac ! crypto ipsec profile MYPROFILE set transform-set MYSET set pfs group15 ! ! ! ! ! ! interface Tunnel10 ip address 1.1.1.1 255.255.255.252 ip mtu 1400 ip tcp adjust-mss 1360 keepalive 10 3 traffic-shape rate 70000000 1750000 1750000 1000 tunnel source GigabitEthernet0/1 tunnel mode ipsec ipv4 tunnel destination 5.5.5.2 tunnel protection ipsec profile MYPROFILE ! ! interface GigabitEthernet0/0 description <== LAN ==> ip address 10.10.10.1 255.255.255.0 duplex auto speed auto ! ! interface GigabitEthernet0/1 description <== ISP ==> ip address 192.168.1.10 255.255.255.0 duplex auto speed auto ! ! router ospf 1 log-adjacency-changes network 1.1.1.0 0.0.0.3 area 0 network 10.10.10.0 0.0.0.255 area 0 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 192.168.1.1 ! ! ! ! ! ! ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4 login ! scheduler allocate 20000 1000 end R1_ISP#show run Building configuration... Current configuration : 1226 bytes ! ! Last configuration change at 23:29:56 UTC Wed Dec 29 2021 version 15.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1_ISP ! boot-start-marker boot-end-marker ! ! no logging console ! no aaa new-model ! dot11 syslog ip source-route ! ! ! ! ! ip cef no ipv6 cef ! multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! ! ! ! license udi pid CISCO1841 sn FTX1044W061 ! redundancy ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 description <== R2_ISP ==> ip address 5.5.5.1 255.255.255.252 ip nat outside ip virtual-reassembly in speed auto full-duplex ! interface FastEthernet0/1 description <== R1 ==> ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in speed auto full-duplex ! interface Serial0/0/0 no ip address shutdown ! ip forward-protocol nd ip http server no ip http secure-server ! ! ip nat inside source list NAT interface FastEthernet0/0 overload ip route 0.0.0.0 0.0.0.0 5.5.5.2 ! ip access-list standard NAT permit 192.168.1.0 0.0.0.255 ! ! ! ! ! ! ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4 login transport input none ! scheduler allocate 20000 1000 end R2_ISP#show run Building configuration... Current configuration : 1229 bytes ! ! Last configuration change at 21:23:46 UTC Wed Dec 29 2021 version 15.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2_ISP ! boot-start-marker boot-end-marker ! ! no logging console ! no aaa new-model ! dot11 syslog ip source-route ! ! ! ! ! ip cef no ipv6 cef ! multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! ! ! ! license udi pid CISCO1841 sn FHK1340730P ! redundancy ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 description <== R1_ISP ==> ip address 5.5.5.2 255.255.255.252 ip nat outside ip virtual-reassembly in speed auto full-duplex ! interface FastEthernet0/1 description <== R2 ==> ip address 192.168.2.1 255.255.255.0 ip nat inside ip virtual-reassembly in speed auto full-duplex ! interface Serial0/0/0 no ip address shutdown ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip nat inside source list NAT interface FastEthernet0/0 overload ip route 0.0.0.0 0.0.0.0 5.5.5.1 ! ip access-list standard NAT permit 192.168.2.0 0.0.0.255 ! ! ! ! ! ! ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4 login transport input none ! scheduler allocate 20000 1000 end R2#show run Building configuration... Current configuration : 1676 bytes ! ! Last configuration change at 22:00:16 UTC Wed Dec 29 2021 ! version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! no logging console ! no aaa new-model ! ! ! ! no ipv6 cef ip source-route ip cef ! ! ! ! ! multilink bundle-name authenticated ! ! ! license udi pid CISCO1921/K9 sn FHK150270KX ! ! ! redundancy ! ! ! ! crypto isakmp policy 1 encr aes 256 authentication pre-share group 15 lifetime 28800 crypto isakmp key KEY address 5.5.5.1 crypto isakmp invalid-spi-recovery crypto isakmp keepalive 10 crypto isakmp nat keepalive 900 ! ! crypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac ! crypto ipsec profile MYPROFILE set transform-set MYSET set pfs group15 ! ! ! ! ! ! interface Tunnel10 ip address 1.1.1.2 255.255.255.252 ip mtu 1400 ip tcp adjust-mss 1360 keepalive 10 3 traffic-shape rate 70000000 1750000 1750000 1000 tunnel source GigabitEthernet0/1 tunnel mode ipsec ipv4 tunnel destination 5.5.5.1 tunnel protection ipsec profile MYPROFILE ! ! interface GigabitEthernet0/0 description <== LAN ==> ip address 20.20.20.1 255.255.255.0 duplex auto speed auto ! ! interface GigabitEthernet0/1 description <== ISP ==> ip address 192.168.2.10 255.255.255.0 duplex auto speed auto ! ! router ospf 1 log-adjacency-changes network 1.1.1.0 0.0.0.3 area 0 network 20.20.20.0 0.0.0.255 area 0 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 192.168.2.1 ! ! ! ! ! ! ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4 login ! scheduler allocate 20000 1000 end submitted by /u/Deez_Nuts2 [link] [comments]

Watchguard WebUI Port Translation Help! Posted: 29 Dec 2021 09:46 AM PST My office uses a Watchguard T30, I need to send incoming port 80 to a different one on our nginx proxy manager running on a hypervisor. I cannot figure out how to do this I have done this in many other interfaces but watchguards is throwing me off. Anyone have any suggestions? submitted by /u/Squanchy2112 [link] [comments]

You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States