Moronic Monday! Networking |
- Moronic Monday!
- MikroTik has released a stable RouterOS version supporting MLAG
- Equipment woes
- EPL Link working only 1 way
- 10G Peering on L3 Switch (Cisco, maybe N9K?)
- VLAN through MPLS
- Ubiquity Dream Machine Pro (and my small business use case)
- Traceroute % Loss
- Ubiquiti edgeswitch dhcp conflict issue with ping and host declined errors
- 802.1x user experience
- C9300 Licensing Confusion
- How to make iperf3 run indefinitely?
- One dedicated firewall per subnet/securityzone VS one firewall connected with dedicated interfaces to different subnets
- Ubuntu DHCP relay agent
- Default route inter-vrf
- Cisco Aironet 9130 Convert 10GBase-T to mGig?
| Posted: 05 Dec 2021 04:00 PM PST It's Monday, you've not yet had coffee and the week ahead is gonna suck. Let's open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarrassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. Note: This post is created at 01:00 UTC. It may not be Monday where you are in the world, no need to comment on it. [link] [comments] |
| MikroTik has released a stable RouterOS version supporting MLAG Posted: 06 Dec 2021 03:44 AM PST Just noticed they have released there first stable version of RouterOS that includes MLAG. Not to many budget friendly options that have MLAG so pretty awesome to see this. Would be interested to know how reliable this is in production. [link] [comments] |
| Posted: 06 Dec 2021 08:21 AM PST My cisco switch orders from August just got pushed back again, now to February. I know with the chip shortage, this is probably affecting everyone but is anyone having luck with aruba or juniper orders? I've been itching for an excuse to change our standard. [link] [comments] |
| Posted: 06 Dec 2021 08:15 AM PST Hello folks, I've been working for a while on this configuration but I can't seem to make it work somehow. I am totally alone trying to make it work and I need help. Thanks in advance for your input. Basically, EPL is like a very long cable and it seemed easy to setup but i'm stuck. Here is the topology:https://imgur.com/gallery/aPKyeJQ On site B, I can reach a server in the 10.37.20.0/24 network from the 192.168.100.0/24 network but I can't reach anything from site A to anything in site B. There's an address object group including the lan networks from site A including 10.37.100.0/29. There's also a routing policy from X0 to X3. Even though I looked through the Meraki documentation, I haven't found anything related to an EPL connection or routing to non-meraki router. There are mostly MPLS or VPN walkthrough. There's a routing subnet from the L3 switch MS250-48. If I create a DHCP server in the 10.37.100.0/29 network and plug my PC in in site B, I get an dhcp IP and can reach everything in the site A. It seems the rest of the Routing configuration that I found can be done on the firewall side in "adressing and VLANS" but in order to maximize the bandwidth I'd like not to use the MX if possible. So, what I am missing? any idea is welcome! [link] [comments] |
| 10G Peering on L3 Switch (Cisco, maybe N9K?) Posted: 05 Dec 2021 11:45 PM PST Hey all, This is a somewhat-recurring theme but here goes again... I've got a need to do wire-speed peering @ 10gig and our existing transit gear isn't cutting it (ASR1K with 1G uplinks). Peering is ~150k ipv4, ipv6 we just take defaults and is not likely to change for a few years at least. To be honest we could probably kill off Hurricane and drop that down to <50k ipv4 total, but I want something that will scale to at least 200k ipv4 reliably, do 10g and last ~3 years. I'm looking at the Nexus 9K, specifically the 9348GC-FXP. It seem to have a validated capacity of 471k ipv4 routes in "LPM mode"... Anyone know if this is a Cisco marketting trap and in real-world transit prefixes are going to grenade it? These can be picked up for ~$3k on eBay and look like a bargain option for my needs (2 x 25G uplinks to core and walk away?) Anyone have experience doing this sort of think on the N9K, or any other product line? In an ideal world I'd buy a couple of ASR 1KX's and call it a day but that isn't an option at this very moment sadly. I know the answer is probably jump ship to Junicade/*insert brand here* but in-house knowledge is all Cisco so I've gotta make this work... Any and all opinions welcome :))) [link] [comments] |
| Posted: 06 Dec 2021 02:50 AM PST Hi guys, We have two offices in the same country connected through MPLS provided by an ISP. It looks like the diagram here: https://i.ibb.co/dj1hFLN/image.png. My question is, is there any way I can stretch VLAN 20, which is terminated in Office 1, to Office 2 through this MPLS? The uplinks to the ISP routers are access ports, so I'm thinking of some kind of tunneling, but I could do with a few pointers where to look, or if it's even worth it. Thank you for the help in advance. [link] [comments] |
| Ubiquity Dream Machine Pro (and my small business use case) Posted: 06 Dec 2021 06:23 AM PST Hi, Looking for suggestions as to whether the Ubiquiti Dream Machine Pro / line of products fits my use case, or whether I should be looking elsewhere. If anyone has any experience with Ubiquiti or would love to hear alternatives. My small business has about 20 people across quite a large, 2 level office with sizeable meeting spaces. Will solve:
I've been keen on a managed switch to help create VLANs, prioritise traffic, troubleshoot likes of broadcast storms. But other than that stuff like guest accounts, wifi APs, cameras seems like creating a lot of extra work when it comes out the box with Ubiquiti. The downsides I'm assuming is cheap/unrealiable(?) kit aimed more at the homelab than corporate... Don't get me wrong, I'm happy to learn more and go down more technical avenues if required - any guidance would be greatly appreciated. *edit, just to confirm that I've done a lot of googling on reddit which tends to be the ubiquity sub (very very positive) to other subs quite negative, but it's been difficult picking out alternate suggestions... [link] [comments] |
| Posted: 06 Dec 2021 06:02 AM PST When I perform a trace route to a host behind the firewall (FortiGate 601E) - i see a 75 % loss at hop 19 which is the external port of the firewall . Should I be concerned about this ? 19.|-- 203.126.222.xxx 75.0% 4 260.6 260.6 260.6 260.6 0.0 20.|-- 203.126.222.yyy 0.0% 4 259.1 262.1 259.1 267.2 3.6 However, if I traceroute only up to the firewall external port, I see 0% loss. 17.|-- 203.126.222.xxx 0.0% 4 263.5 262.5 262.0 263.5 0.7 [link] [comments] |
| Ubiquiti edgeswitch dhcp conflict issue with ping and host declined errors Posted: 06 Dec 2021 05:41 AM PST We have an edgeswitch at one of our locations that runs the dhcp server. And almost 2/3 of the pool is coming back with a conflict of mostly "ping" or sometimes "host declined" Any help would be appreciated...I am stumped on why this is happening. [link] [comments] |
| Posted: 06 Dec 2021 12:16 AM PST Hi, I'm still new to networks and I'm struggling to understand what 802.1x looks like from the end user perspective. So as I understand it, 802.1x will check the username and pw against a RADIUS server and grant or deny access. But where does the user put in those credentials? I have never been asked for that when connecting to any network except for SSID password which I assume is not 802.1x but rather just a password. [link] [comments] |
| Posted: 06 Dec 2021 03:20 AM PST Hi guys, So I just noticed that some of our switches display this output for "show license all" License Authorization: License Usage (C9300-48 Network Essentials) (C9300-48 DNA Essentials): We always buy DNA essentials for our switches but we don't really activate it from smart account because we don't use those features yet. I also see the network essentials licenses on my smart account but we didn't activate them either. What is weird that those switches that I upgraded to IOS 17.3.3 display a different output. License Usage network-essentials (C9300-48 Network Essentials): dna-essentials (C9300-48 DNA Essentials): There is no longer any word about the Eval and no counter running there. So is it really needed to activate those licenses? Does anybody know what happened there between the 16.12 releases and 17.3 with regards to the licensing? [link] [comments] |
| How to make iperf3 run indefinitely? Posted: 06 Dec 2021 03:17 AM PST Hello guys, I dont know if this is has been discussed before but i cannot find it in the internet. Do you guys know how to run iperf3 indefinitely? Im testing reliability and im sending data from client to server but I do need it to run at a very long time. Im thinking of just making test duration very big like -t 10000000000000000000000000000000000000000000. Do you think it is OK? [link] [comments] |
| Posted: 06 Dec 2021 03:11 AM PST We are running a highly restricted intranet with different networks attached to it. DMZ, VOIP, RECOBS webbrowsing, facility mgmnt, network administration subnet and so on. Right now we are using dedicated firewalls for each of these networks so if one firewall is misconfigured, not all networks are open for attackers. All of these firewalls are linked together in a routing subnet to route from the intranet to these firewalls via layer 3 Switch. I'm rethinking that structure to reduce the number of firewalls - but i think it will be more vulnerable for misconfiguration to connected networks… If an attacker can attack the firewall (iptables) he would have instant access to all subnets… [link] [comments] |
| Posted: 05 Dec 2021 06:39 AM PST I need some help in understanding and solving a sample network deployment for a project. I have to setup a DHCP server via Windows and have it assign addresses to another network with my client machines. I have setup my DHCP server correctly and I am using an Ubuntu box as a router between the two networks. I have a basic iptables rule to allow communication between the two networks and I am able to ping the DHCP server from the client and vice versa using static addresses. However if I attempt to use DHCP via ipconfig /renew, it is unable to procure an IP and yields a timeout error. Examining the the tcpdump on the router, I can see the request come and I see a reply come in on the other interface but nothing happens after that. My networks are 192.168.3.0/29 and 192.168.3.8/29 respectively [link] [comments] |
| Posted: 05 Dec 2021 04:06 PM PST Attaching a diagram for better understanding. - VRF A is just containing the two Ptp SVIs between the WAN Router and the Firepower. All of this works fine and the traffic between the entire LAN either Firepower or Other L3 devices is sent via the Firepower still. Even tho some might suggest this would be easier by just moving the WAN Route to the Firepower, well, this is why my next question. How can we achieve some redundancy by sending the default route also between VRFs as backup scenario in case Firepower fails or ends up in some kind of issue? I've seen some documentation around this but usually about the opposite direction or even using multiple devices. Cores are regular IOS-XE with old IP Services or DNA Advantage. Any help would be appreciated. Diagram -> https://imgur.com/teyaf5L [link] [comments] |
| Cisco Aironet 9130 Convert 10GBase-T to mGig? Posted: 05 Dec 2021 01:45 AM PST Unfortunately the mGig capable uplink port on new Cisco Aironet 9130 AP's is not a full mGig spec port that supports 2.5/5/10. It only supports upto 5. Whether they did that to force people into also buying mGig capable switches, regardless of their existing 10GBaseT capacity or whether it was simply to cover the required uplink capacity only…. We'll never know, read into that how you wish. Anyway….. is there a device sort of like a media convertor or adapter that will take me a 10GBaseT in from the switch, and give me an mGig capable port on the other side? [link] [comments] |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment