Blogpost Friday! Networking |
- Blogpost Friday!
- I am doing career day for an elementary school and want to get them excited about the possibilities of networking. Can anyone suggest a fun activity that helps them see the fundamentals? 3-5 graders.
- For those that have pivoted to security ...
- Similar to Juniper Commit Command?
- MoCA Data Leaking
- Potentially a very stupid question
- Anyone else recently moved to Dreyfus model for employees?
- Decryption appliance deployment without certificate manipulations
- Potential Networking shenanigans to protect Sonos
- N5K-5672UP NetFlow Performance
- Looking for an application to help map applications through the network.
- RJ45 Device that can serve as a IP host and respond to pings being sent to it
- Current lead times
- How to create a ethernet 'bridge' on Cisco ios xr(asr 9000)?
- Same subnet for HQ and DR site connected via dedicated L2 1Gbps E-Lan?
- Auto-configuration applicance - are there any out there
- Block data exfiltration from virtual machines?
- Basic question about full duplex.
- Intervlan ospf?
- Linux-based Terminal Server for network gear.
- Okta Access Gateway
- Ruckus Switches and Licensing
- Any Versa SDWAN engineers around? VLAN I created is not working
- VRRP
- OpenGear console server console cabling question
- AWS inter-VPC routing quirks over peering connection and possible ways to bypass it
| Posted: 02 Dec 2021 04:00 PM PST It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts. Feel free to submit your blog post and as well a nice description to this thread. Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it. [link] [comments] |
| Posted: 03 Dec 2021 10:16 AM PST I have set up basic labs in the past and let them plug in ports to get a ping to work. They enjoyed that. The last time I did it, the vast majority of student comments were either questions about how to be a hacker, or how Fortnite works. I ran Wireshark to let them see their ICMP packets get across the network when they got it cabled correctly. Just wondering if anyone else had any fun labs to show the students. [link] [comments] |
| For those that have pivoted to security ... Posted: 03 Dec 2021 02:34 AM PST How hard did you find it to pivot towards security ? I think I'm at the end of my network journey.I seem mentally checked out for the most part on the network side and probably need to hit something new and get some younger blood in my space.I've thought about management but I detest the management I have to deal with and would hate to become a copy of these drones. New projects do nothing to me as it's just part of the daily grind. Any books,udemy vids or learning platforms or tips that you would like to recommend ? I'm getting up there in age but I don't think my age is that much of a barrier for me as of yet For context CCNP/CCDP. RHCE in a former life Good ansible/git/api automation skills Good AWS and Terraform skills Okay-ish at Python. [link] [comments] |
| Similar to Juniper Commit Command? Posted: 02 Dec 2021 08:18 PM PST Are there any other network operating system other than Juniper's Junos that support commit and commit rollback type commands? We find these invaluable for remotely configuring networks. [link] [comments] |
| Posted: 03 Dec 2021 02:56 PM PST So I recently installed some Actiontek MoCA 2.5 devices over my condo's coax lines, and noticed the devices didn't detect one another when I had the MoCA filter installed on the input of my coax splitter (Output 1: Modem / Output 2: Actiontek). Taking the filter off the splitter and connecting the coax directly to the splitter, the MoCA boxes are able to connect to each other. I assume given the filter didn't allow the devices to connect to one another, that there must be another filter installed elsewhere in the home. Is there a way I can verify whether my data is leaking to my neighbors over the circuit? [link] [comments] |
| Potentially a very stupid question Posted: 03 Dec 2021 02:39 PM PST I have an ASA with a vpn tunnel on it. That tunnel has a network object-group in its encryption domain with 14 addresses in it. Of these 14 destinations, 12 pass traffic onto the directly connected next hop firewall, and 2 do not reach the next hop. I verified routing for each address and they are all the same, and no ACL is blocking the traffic. I tried deleting and re-adding the two addresses to the object-group. Any ideas? [link] [comments] |
| Anyone else recently moved to Dreyfus model for employees? Posted: 03 Dec 2021 02:22 PM PST We are moving to the Dreyfus model for employee skill ranking and titles. I've heard it's been a mixed bag with high pay grades having to be considered expert by contributing to their area by lectures at conferences, making recommendations for changes to RFCs, and otherwise seen being a leader in the technology community not just at their employer. This sounds like some insane ploy to justify not giving out raises and making it incredibly hard to get promoted. It also appears as if those people who were previously considered expert are going to have 1-2 years to prove their skill or get moved down a level which would result in a max exodus of tech workers. I am not a fan this far but what do I know I am simply "competent". [link] [comments] |
| Decryption appliance deployment without certificate manipulations Posted: 03 Dec 2021 02:19 PM PST Hello guys, I was looking for Netscout`s network monitoring solutions today and saw decryption appliance description which is in the screenshot. https://images2.imgbox.com/49/eb/zSmifKtV_o.png As you see in there`s told that this appliance can decrypt packets without rearctitecting network and client device configuration. So its unclear how can this devices inspect HTTPS without certificate installation. Can anyone tell me how is it possible? [link] [comments] |
| Potential Networking shenanigans to protect Sonos Posted: 03 Dec 2021 12:44 PM PST So Sonos does not allow you to password protect your devices. Any device on the network can access the Sonos. Our environment: Aruba IAPs performing DHCP for WIFI on top of a Sonicwall performing DHCP for the APs and Hardline. Yes I need to overhaul it so we just have one DHCP, I know. I didn't set it up and it is currently working, so I'll handle it another day once I have fully inventoried my school and can come in on a weekend. Anyways, my predecessor's resolution to the security of the Sonos was to buy a standalone home Wifi router to connect it to. I want to remove that router. I would like to prevent all devices but one having access to the Sonos, so I get that means creating a new SSID separate on the Aruba Controller that uses a different subnet. Is there a way that subnet can access our main Aruba and Sonicwall subnets, the ones we use for everything else, but not let the main subnets access the Sonos? The biggest reason I'm going through this trouble is my Gym teacher who uses this is a vocal luddite and I want to remove forcing her to switch networks to airdrop her photos/print if at all possible. If anyone has any other ideas that will work I'm all ears. [link] [comments] |
| N5K-5672UP NetFlow Performance Posted: 03 Dec 2021 06:36 AM PST Hello, I want to enable Netflow on N5K-5672UP and send it to my Netflow analyzer to detect the DDoS attacks but before that, i want to know if that switch has a built-in in chipset or ASIC for Netflow or not. Thank you. [link] [comments] |
| Looking for an application to help map applications through the network. Posted: 03 Dec 2021 12:30 PM PST I am looking for some guidance. Frequently I am asked to mimic or share documentation on how an application traverses our network. I am looking for an application that can do the following:
I am assuming that this exists but for some reason I am completely drawing a blank. I am just really hoping that it's not something that is going to need to be created from scratch. [link] [comments] |
| RJ45 Device that can serve as a IP host and respond to pings being sent to it Posted: 03 Dec 2021 10:23 AM PST Hi, I have know idea if anything exists like this, but the use case I have is for end-to-end testing in my lab in the hopes of not having to have a separate host connected to a network interface that I want to be able to ping. I understand that it would need to have the ability to have the IP information configured on it before hand. Has anyone heard of such a device or something that could fill the same purpose? [link] [comments] |
| Posted: 02 Dec 2021 04:44 PM PST Hi all, We are taking part in a tender where we have to supply network switches. Im wondering about lead times. I've read few other lead time treads dated back a month and more this teat. Is it still that bad? What experience you have regarding lead times recently for manufacturers: • Cisco • Juniper • Alcatel • Aruba Excuse me, I post this from mobile. [link] [comments] |
| How to create a ethernet 'bridge' on Cisco ios xr(asr 9000)? Posted: 03 Dec 2021 06:55 AM PST I have googled for this but all the examples I have found were for more complex things than what I need. The examples had things like l2vpn, vpls, mpls etc... But what I need is simply to bridge two ports on one ASR. Pass a couple of VLANs between two interfaces. [link] [comments] |
| Same subnet for HQ and DR site connected via dedicated L2 1Gbps E-Lan? Posted: 03 Dec 2021 02:58 AM PST We have a dedicated 1Gbps L2 low latency connection between HQ and our DR site in addition to our 1Gbps Internet connections at each site. I plan to mirror HQ in DR with another SAN flash array synchronously replicating and another 3 node hyper-v cluster. The part I am not so sure about is networking. We have about 20 virtual machines and growing, many with static IP's and I need the failover to be as seamless as possible. I imagine it would be best to have the DR site on the same subnet as HQ, just like another office in the same building, but what about the firewall at the DR site and all our VPN tunnels from other sites? It gets a little confusing. Would I just establish those tunnels from both HQ and DR to all our other sites in advance so if HQ goes down they can reach our servers via the DR VPN tunnel? Any guidance on a best practice would be greatly appreciated. [link] [comments] |
| Auto-configuration applicance - are there any out there Posted: 02 Dec 2021 11:44 AM PST I'm in the market for an auto-configuration appliance - something I can plug into the console and mgmt eth of a device, and have it connect to the device and do assorted initial configuration tasks (firmware upgrades, config application, testing that the config is working as intended). Standard DHCP based ZTP would be lovely to be able to use, but a bunch of our kit has poor/uneven implementation, or annoying limitations (e.g. it'll take config, but won't do firmware upgrades). If necessary I'll build something myself, but if I can throw (not absurd amounts of) money at someone and make the problem go away, that'd be great. Is anyone aware of such a beast? [link] [comments] |
| Block data exfiltration from virtual machines? Posted: 02 Dec 2021 06:31 AM PST With company managed Windows devices, you can manage data loss by using locally installed DLP software. However, if a user needs to work with a Linux virtual machine using their Windows box as the host (WSL2 etc.)? What about SSH, SCP etc.? [link] [comments] |
| Basic question about full duplex. Posted: 02 Dec 2021 08:24 PM PST Given the problem, computer A and computer B is communicating with C at the same time. If you try researching what "full duplex" is, youd just get a bunch of explainations that says a full duplex device can both send and recieve at the same time. It says nothing about receiving and sending to multiple, at the same time. [link] [comments] |
| Posted: 02 Dec 2021 10:38 PM PST Hey guys im completely stumped im doing some labbing and just cant seem to make this work. I have a layer 3 switch connected to a router and just cant get them to have an ospf adjacency.any advice will be very much appreciated. Is routing using an int vlan even possible? Switch Vlan 51 Name test Int vlan 51 Ip add 10.10.51.1 255.255.255.240 No shut Router ospf 456 Network 10.10.51.0 0.0.0.15 area 51 Default information originate Int g0/0 Switchport trunk encapsulated dot1q Switchport mode trunk Switchport trunk allowed vlan 51 Also tried Int g0/0 No switchport Router Int g0/0.51 Encapsulation dot1q 51 Ip address 10.10.51.2 255.255.255.240 Int. G0/0 No shut Router ospf 456 Router id 50.1.1.2 Network 10.10.51.0 0.0.0.15 area 51 I'm not sure if this is doable or I've read something about ethernet virtual circuit (evc) if that could help me? [link] [comments] |
| Linux-based Terminal Server for network gear. Posted: 02 Dec 2021 07:43 AM PST I'm planning a DIY Terminal server for console access of our mix of network devices. I'm thinking to purchase a couple 32-port PCIe card from Pepperl+Fuchs (COMTROL) and use a tiny server with Ubuntu for remote access and experiment with provisioning automation. Would be this a better option than purchase a Cisco Terminal Services gateway C1100TG-1N32A? I can repurpose some old servers for that function. Unfortunately budget is always a concern so can't just ask to buy expensive gear unless absolutely necessary. Any suggestions? https://comtrol.com/products/rocketport-multi-port-serial-cards/rocketport-express [link] [comments] |
| Posted: 02 Dec 2021 12:08 PM PST Anyone deployed this solution? OAG seems to like a reverse proxy that does authentication proxy. It is being marketed as a Zero Trust VPNless solution for internal applications. But it seems like it's making the internal application public facing and rely on authentication as security. Or maybe OAG is the only thing that is public facing and the user won't be able access application at all until OAG as authenticated the user. True that the user no longer needs a VPN to access the internal app, but making an internal application public accessible and relaying on authentication seems wrong to me. There are other solutions like Zscaler Private Access and Azure App Proxy that does something similar without making the application publicly accessible. Thoughts? [link] [comments] |
| Posted: 02 Dec 2021 09:09 AM PST Hello, I am having some confusion with how the licensing for ruckus switches work in regards to the SFP/SFP+. We are planning an upgrade to Ruckus ICX-7150 Switches with a 10Gig backplane. Do any of the hardware switches come with the 10 GIG licenses? IF so, which ones? These are the switches we are looking at purchasing: ICX7150-48ZP - Qty: 17 ICX7150-24P - Qty: 5 ICX7150-48P - Qty: 9 ICX7150-C10ZP - Qty: 1 I don't know if I am correct in my thinking, but in this case we would need to get 15 upgrade licenses to enable SFP+ 10 Gig capabilities (48ZP Coming with it already?)? Sorry if this is a dumb question... Thanks in advance. [link] [comments] |
| Any Versa SDWAN engineers around? VLAN I created is not working Posted: 02 Dec 2021 09:50 AM PST We're using a Versa SDWAN which is co-managed with a provider. Trying not to get the provider involved. I'm creating a VLAN however I can't reach that VLAN from a switch hooked directly up to the versa box. I created a sub-interface using VLAN 2. I did notice when I'm in the command line show interfaces brief show the interface I created with a tenant tag of 0; while the other interfaces have a tenant tag of 2? I'm a little confused what a tenant tag would mean exactly since I would think the whole configuration would be under our tenant. As usual when all else looks correct, start comparing what is different from items I know are working. lol Any helpful insight would be greatly appreciated. thanks [link] [comments] |
| Posted: 02 Dec 2021 11:39 AM PST Hi, I need your help for some vrrp tech. Today came one problem for me. Some user phones didnt get IP from DHCP. After i check the switch arps, I saw the phone vlan gateway on the port where vrrp is in back-up status. After refresh the arp, phones get IP. My question is : If some packet send to port where vrrp back-up state, the router does it drop the incoming packet? TYVM. [link] [comments] |
| OpenGear console server console cabling question Posted: 02 Dec 2021 10:40 AM PST I've found some opengear equipment that I'm interested in purchasing. The datasheet for the model I'm looking at lists the ports as Cisco straight. Can I use just normal cat6 cables to connect from the console server to the consoles on the devices, or do I need to use roll-over cables? Distance between the devices and the console server is about 15 ft. The model has a cellular option. I'm thinking of using that to VPN back into an server at our main office site as a means of OOB access if the main network goes down. [link] [comments] |
| AWS inter-VPC routing quirks over peering connection and possible ways to bypass it Posted: 02 Dec 2021 07:18 AM PST Hey all! So I'm aware of the limitation in routing between two peered VPCs, where basically only one hop is allowed (AWS will not reference a route table in a destination VPC once the packet has traversed a peering link). I'm attempting to build a Palo Alto VM in an AWS account that is peered with about 20 other accounts, each with a single VPC. This Palo will be used basically as a remote access VPN server. Due to the peering routing limitations, remote access VPN users are unable to reach resources in accounts outside of the account where the Palo resides. The traffic from VPN users reaches the remote resource, but return traffic is unsuccessful due to the route limitation. I believe the typical solution to this is to switch from peering to transit gateway, but I was curious if there was a way to get around this using NAT on the Palo (or some other way). We plan to switch over to transit gateways for inter-VPC traffic in 2022 or 2023, but I was hoping I could design a stop gap solution that would allow VPN users to reach resources in other VPCs until that time. Any information or suggestions greatly appreciated! [link] [comments] |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment