Blogpost Friday! Networking |
- Blogpost Friday!
- DWDM ROADM Vendor Experiences
- Networking newsletters?
- Cisco FDM not routing between VLANs
- Random reboot of ASA 5585 with firepower installed
- Cisco Silicon One Powers the Next-Generation Enterprise Switches - New Cat 9500X and 9600X
- PoE advice
- Hands-on practice labs for firewalls and load balancers
- Multicast - why are some joins via RP and some via source?
- Vlans on Aruba CX6000
- Making Private Cell Modems Publicly Accessible via VPN to VPS and DNS Splitting?
- Question about IKEv2
- Cisco 9136 AP Released (Wifi 6E)
- ExpressRoute Query
- Client L2TP/LNS rechable only from PPPoe Server
- Zerotier not working when connected to Broadband but works on 5G Mobile!?
- How can packet collisions ever occur if an ethernet cable has distinct RX and TX wires inside its cable?
- Aruba/Silverpeak vs Cloudgenix
| Posted: 03 Feb 2022 04:00 PM PST It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts. Feel free to submit your blog post and as well a nice description to this thread. Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it. [link] [comments] |
| Posted: 03 Feb 2022 07:43 PM PST Hey reddit. We're building a brand new 18 county fiber network in the mid Atlantic and I'd like to hear people experiences with DWDM hardware vendors. We're talking with Ciena, Infinera, PacketLight, SmartOptics, Juniper, and setting up time to talk to Nokia, Adva, and Fujitsu. Do any of you guys have experience with these vendors DWDM products or are there vendors I should check out? I'd love to hear the good, the bad and the ugly from your point of view. [link] [comments] |
| Posted: 03 Feb 2022 09:56 PM PST Currently I am a subscriber to commsupdate and I really enjoy it but I'm wondering if there's anything else like it? Basically just looking to stay in the loop on what's happening in the networking world. [link] [comments] |
| Cisco FDM not routing between VLANs Posted: 04 Feb 2022 02:06 AM PST Setting up VLAN's on an interface on a Cisco FDM box, all Vlans are on the same interface and in the same zone, however vlan traffic will not route though the firewall. I can ping devices on each VLAN from the firewall. Is there some speical magic sauce that needs doing aswel, VLANs on same interface VLANs in same zone fired up a pfsense firewall and connected to make sure issue isnt in switching but switches currently just doing layer 2 and all vlans are tagged on the switch that need to be hence why devices are pingable from firewall but not vice versa [link] [comments] |
| Random reboot of ASA 5585 with firepower installed Posted: 04 Feb 2022 03:03 AM PST Anyone experienced this ? I have ASA5585 in HA active-standby and they've randomly rebooted one after the other at different times of about a month. There is no crashinfo for that time frame, and show vers doesn't show what caused the reboot. I'm running 9.12(13) for ASA and 6.2.310-59 for the Firepower. For monitoring I am using Solarwinds and there are no critical alerts before the reboot till the Standby firewall takes over and sends msg of failover neighbor down. [link] [comments] |
| Cisco Silicon One Powers the Next-Generation Enterprise Switches - New Cat 9500X and 9600X Posted: 03 Feb 2022 02:01 PM PST Some of the highlights, i think
https://blogs.cisco.com/sp/cisco-silicon-one-powers-the-next-generation-enterprise-switches Posting here in case anyone is interested. [link] [comments] |
| Posted: 04 Feb 2022 03:40 AM PST I have an estate of about 70 edge switches that all do PoE+. Most switches are Aruba 2930 and 2540. However, this problem is not switch specific. My organisation uses a third party supplier of building control security devices, They have asked that PoE be disabled on the ports that their devices use as this conflicts with the device and causes it problems and random reboots. I am arguing that it should not be up to me to disable PoE at the port level for these specific devices but they should be disabling PoE on the device. This may seem a trivial problem but it causes me and the helpdesk problems if ports as subsequently re-provisioned for a PoE device or if I want to disable/enable all PoE interfaces on a switch to reboot all PoE devices on that switch it as I will inevitably re-enable PoE on one of those device ports. Any ideas to make it clear it is their problem not mine would be most welcome. [link] [comments] |
| Hands-on practice labs for firewalls and load balancers Posted: 03 Feb 2022 07:27 PM PST Is there any way we can get hands-on experience with Paloalto firewalls and F5 load balancers? I have worked with Cisco ASA and Fortigate firewalls. However, wanted to learn PA. If there is any site like THM for cybersecurity to learn firewalls and load balancers please let me know guys [link] [comments] |
| Multicast - why are some joins via RP and some via source? Posted: 04 Feb 2022 01:23 AM PST Hi! I'm trying to understand and hopefully someone can explain in an easy way. What's the difference between a source tree (s,g) and shared/RP tree (*,g)? In my scenario I have the same source router for everything and I don't understand how some can be sources and some are wildcard and only have the Rendezvous point. I'm checking a Juniper router and doing "show pim join extensive". How come it differs? Group: 233.1.2.3 Source: * RP: 2.3.4.5 Flags: sparse,rptree,wildcard Upstream interface: ae0.0 Upstream neighbor: 1.2.3.4 Upstream state: Join to RP Uptime: 00:18:24 Downstream neighbors: Interface: Pseudo-GMP ae4.777 Number of downstream interfaces: 1 Number of downstream neighbors: 0 Group: 233.1.2.3 Source: 4.5.6.7 Flags: sparse,spt Upstream interface: ae0.0 Upstream neighbor: 1.2.3.4 Upstream state: Join to Source, No Prune to RP Keepalive timeout: 310 Uptime: 00:18:24 Downstream neighbors: Interface: Pseudo-GMP ae4.777 Number of downstream interfaces: 1 Number of downstream neighbors: 0 [link] [comments] |
| Posted: 04 Feb 2022 01:22 AM PST Hi girls and guys. I have a question about HPE/Aruba VLANing. Since the 25xx-series of switches soon will be discontinued I ordered a CX6000 the other day to try it out. I connected it to the console port and made the initial configuration, set IP, password, etc, and can now access it through the GUI. I also created two VLANs (VLAN 10 and VLAN 20) but I got stuck when it came to tagging the uplink-port that's connected to a port on a 2530-switch. I know the terminology differs between HP and everyone else but this is how I set up uplink ports on a 2530, lets say port 48: Untagged on VLAN 1 Tagged on VLAN 10 Tagged on VLAN 20 This will allow traffic on VLAN 10 and VLAN 20 between switches. But what would be the equivalent on the CX6000-switch? I tried to add port 1/1/48 to VLAN 1 in Trunk-mode with "Allow all VLANs" but it did not work. I also tried to add the port to VLAN 1 in Native trunk mode. In the 25xx-series you do not need to use trunks, you just have to tag the ports as I did above. Could anyone point me in the right direction, I can't seem to find out how to do this? Perhaps poor Googeling? [link] [comments] |
| Making Private Cell Modems Publicly Accessible via VPN to VPS and DNS Splitting? Posted: 03 Feb 2022 02:52 PM PST What's up r/networking? I've got a semi unique problem I'm trying to solve that I hope one of you networking gurus can shed some light on. I have some cellular modems, which each host their own web management application. I am trying to find a solution that allows me to access these web management applications from the world wide web. Due to them being cellular modems, they're hidden away in some private IP space of the carrier. Here's what I think I can do, correct me if I'm wrong. I plan to purchase a VPS, which will host a VPN server and a dynamic DNS client (or I'll just set up my own DNS with bind or something but dynamic DNS seems easier for a networking noob like me). Each modem will VPN up to the VPS. Then I can use internal DNS, or I've seen it called DNS splitting, to route external web requests to the modems on the VPS's LAN. So effectively, I want to have the modems hole punch through the carrier's private IP space by VPNing to the VPS, which will have a domain say "mydevicecloud.net", and then use internal DNS to route subdomains like "deviceabc123.mydevicecloud.net" to specific LAN addresses. My only other concern is that these devices need to either have static LAN IP's, or they also need to somehow have a dynamic DNS sort of setup. Does any of this make sense? Does anybody have resources on how to implement a setup like this? To add context, I had modems VPNing to a gateway on Azure, but in order to access these modem's I need to also VPN to the Azure gateway and lookup the devices VPN IP. I want to clean up this process by making the modems just publicly accessible via a known domain. Thanks for the help! [link] [comments] |
| Posted: 03 Feb 2022 03:59 PM PST Hello r/networking This is my first post here, I have a question about IKEv2 as part of some work I am doing relating to 5G. Hopefully this is the right place to ask. In IKEv2, both parties negotiate Diffie-Hellman values based on a public-private key pair generated at both ends. We use those values to verify that all subsequent encrypted messages can be authenticated. My question is regarding the later stage, were party A sends an IKE_AUTH message with an AUTH payload, using one of three allowed mechanisms: Pre-shared code, DSS signature, or RSA. Why do we need both modes of authentication? Why is using the initial public-private key pair not sufficient to authenticate? I am referencing RFC 4306 which described the AUTH payload, which I understand to be sent once the 5G core has authenticated a UE using an agreed upon algorithm (ex. EAP) Perhaps I lack the needed knowledge in cryptography, thanks for any insight you may provide! [link] [comments] |
| Cisco 9136 AP Released (Wifi 6E) Posted: 03 Feb 2022 11:56 AM PST Cisco has released their first Wifi 6E - 6Ghz AP - model 9136. If you watch the 9 minute spec video on youtube, they say it has an oxygen sensor as a "COVID" related / back to the office selling point...interesting. Just wondering what lead times will be. My guess is backordered until 2023. [link] [comments] |
| Posted: 03 Feb 2022 02:32 PM PST Hi guys Our ExpressRoute is coming up for renewal and I've been tasked to investigate if it's worth renewing for another year. Currently the circuit is connected to our DC and is not joined to our MPLS directly. Most of our offices are joined to the MPLS. We also have an SD WAN project ongoing involving fortinet. I guess my question for you all is, have you been in this position? What would your recommendation be? Is an SD-WAN connection capable of replacing an ExpressRoute, reliably? [link] [comments] |
| Client L2TP/LNS rechable only from PPPoe Server Posted: 03 Feb 2022 11:48 AM PST Good morning I have a routerOS v 6.49.2 router that works as LNS to give connectivity via pppoe to our customers. our partner has a CISCO LAC. our LNS authenticates sessions via RADIUS. everything works correctly, the client receives the IP address and from the PPPOE server I can ping it and vice versa. the problem is that I cannot reach the l2tp client from the routers external to the PPOe server, for example the router that acts as a gateway to the pppoe server does not ping the client attested to the pppoe lns. the network is in OSPF and on the gateway I see the route on the routing table. if I do a traceroute the packets stop at the pppoe server if i use the same configuration but instead of using l2tp i use pure pppoe server everything works fine so the question is, how can i make the ospf routers correctly see the l2tp client attested to the pppoe server? [link] [comments] |
| Zerotier not working when connected to Broadband but works on 5G Mobile!? Posted: 03 Feb 2022 03:50 PM PST Hey, So I've setup a Zerotier network and any machine running on AT&T's fiber router just does not work! The connection get's through, however, the response takes absolutely ages. Then it just hangs, eventually we get part of the response, but that takes about 10 minutes. I've tried this on other computer on the network and we get the same issue. However, If we swap the wifi connection to my 5G mobile data, boom! Issue gone, connection and response is instant. Could anyone help with this? I'm lost. ISP is AT&T Fiber - router model is BGW320-505 TIA [link] [comments] |
| Posted: 03 Feb 2022 01:50 PM PST Hello The title says it all I guess? Assuming two computers are connected to each other without any switch or hub or whatsoever. How can collisions ever occur knowing that an ethernet cable has distinct RX and TX wires? I guess the rx on one end is connected to the tx on the other hand and vice-verca. Does collisions somehow start mattering when you have a switch or something like that between the two endpoints? [link] [comments] |
| Aruba/Silverpeak vs Cloudgenix Posted: 03 Feb 2022 01:33 PM PST We are preparing to transition to SD-WAN, finally. We have 8 sites total. We have narrowed our selection down to the two options, Silverpeak & Cloudgenix. Cloudgenix has been our leading contender. We use P.A. devices on the edge so it makes sense logically to go with their solution. Silverpeak, however, looks to be just a nice of a product but doesn't have the native Palo integrations. Where it makes up for it though is, Silverpeak is ~30k cheaper over 3 years which is a substantial price savings on top of getting rid of our MPLS circuits. We currently have physical Firewalls at each branch that we'd like to keep. We need to upsize the firewalls at our Production & DR sites though to handle the new incoming bandwidth with the implementation of the SD-Wan solution. Production site has PA-820 device All other branches have PA-220 devices. Production and DR site each will have Qty 2 - 1 gig DIA circuits Each branch will have a Qty 1 - 100mb DIA circuit, Qty 1 - Broadband Circuit, Qty 1 - Verizon LTE Circuit The Cloudgenix solution is: 9000 series device at Production and DR site 3000 series at Production for branch traffic 12005G device at all other branches and DR site for branch traffic. 150MB license at each of the 1200 locations and a 500mb license for the 3000 device. The Silverpeak solution is: Unitiy Edge Connect Extra-Small SD-WAN Appliance for each remote branch 200MB Bandwidth 3 year License Unity EdgeConnect Small SD-WAN Appliance in High Availability mode for Production and DR site. 2 Gig Bandwidth 3 year License Should we go with the Silverpeak solution and then tunnel to Palo Alto Prisma Cloud Firewall or should we go with Cloudgenix and have that integration built in? Do you have any hands on experience/recommendations between these 2 products that give you a positive/negative light on either solution? [link] [comments] |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment