Rant Wednesday! Networking |
- Rant Wednesday!
- Help with student engagement
- credit card segmentation
- Designing Mid-Size Network: Campus and Data Center
- Microsoft CA alternatives for network authentication
- Alternative to FS? Their AMs are all gone until Feb 6 according to their support people
- F5 BIGIP — Unable to load font files with a 403 forbidden error while using STREAM irule to convert HTTP to HTTPS!
- Zoom issues on medium size enterprise network
- Nortel OC3 Express
- Post Config Validation
- UniFi PoE switches on new rack how necessary is something like the dream machine?
- Looking to improve my understanding of wireless networks/networking
- Datacenter VPN to sites with identical subnets?
- Light verification tools - i.e Fluke FiberLert
- Do USB-C powered PoE devices exist?
- Password recovery/ reset to default settings on a ZTE switch
- After some wireless analysis software similar to WinFi that will give AP names as well as signal stats
- 802.1x switch access unable to authenticate
- Scalable VPN solution across 1k sites?
- hp comware vpn instance inter vlan routing with nat.
- DHCP server still reachable even though Firewall rule should block it (Juniper EX4600)
- Multicast routing between Wireguard peers
- Tunnel ip rules
- UDP packet not going outbound l, Azure NAT vm
- Are there anymore Design paths with Cisco?
| Posted: 01 Feb 2022 04:01 PM PST It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it. [link] [comments] |
| Posted: 01 Feb 2022 04:00 PM PST Hey everyone! I'm a highschool teacher and I teach networking basics to students. From the basics of hardware to subnetting by hand (they get the tools later...I need them to learn to respect the tools and understand the process first) to putting together networks (on paper and in theory, not physically). My job is solely based on the number of students in my classes and not on their grades. Fun times. I found out today that my numbers for next school year are projected to be lower than normal and that means I have to start growing interest in the subject or else I'm out of work. Now, anyone in the field can find it easy to find networking fairly interesting and even fun, sometimes. Today's students, though, need a little more convincing. I've talked a lot about the potential salaries they could be making, but that only goes so far. What I need is something fun for them to do/put together that they could even potentially take home. The problem lies in the budget. With me being a teacher, the funding isn't there (neither from the county I work for nor my own money). Does anyone have any ideas on what I can do with highschool students that's easy, engaging, and helps enlist the skills they're learning? I'm reaching out to other teachers in my county, and the surrounding ones as well, to see if anyone has any ideas. I love what I do and I don't wanna lose my students. Thanks in advance and I'll check this post as soon as I can (most likely in roughly 12 hours). [link] [comments] |
| Posted: 01 Feb 2022 11:21 AM PST Can someone help a brother out re: cc security? I've gone through some documentation online and they're pretty high level/vague. i know i should lock it down but up to what extent? My "security" person isn't really helping much. For example: if there are multiple cc devices on the vlan, what's the right way of locking down each device so they won't be accessible to the rest of the nodes in the network. [link] [comments] |
| Designing Mid-Size Network: Campus and Data Center Posted: 01 Feb 2022 05:56 AM PST Hello Folks Hope this message finds everyone in good health. I am working on network refresh and redesign project and I hope the member in this subreddit will help me to valid my design and ideas. We are going to have one single server rack in data center that will occupy Nine ESXI hosts and it may increase later in the future. Dedicated 48 port 10/25 GE SFP+ TOR switch will be installed in the rack There will be bunch of VLANs segmenting data center network. I read in Cisco Documentations and some network design white papers that it is best practice to have separately distribution switches for Data Center, so we decided to add 24 port Nexus Switch Question: Is there a need for distribution switch depending on size of data center network I mentioned? Do we follow best practices if budget is not a problem? Secondly, we would have LAN campus collapsed core where approx 40 IDF access switches will plug into it. Separate firewalls for DC and LAN is also considered, plus a theres another firewall that connect to outside world. DC/LAN firewalls will control server east-west, client-servers traffic. In some cases we need to segregate or control east-west between trusted and untrusted hosts l as CCTV, IOT, HVAC etc. Question: How would you design such network if given above requirements? How would you join all pieces together such as where will you place DC/LAN firewalls? Edit: Initial design is added here [link] [comments] |
| Microsoft CA alternatives for network authentication Posted: 01 Feb 2022 10:15 PM PST We dont run AD, so with the exception of third party vendors like SecureW2, are there open source or cloud services that supply similar services? We run JAMF, so can leverage SCEP, and obviously need revocation support. I could be wrong but AWS and Google's private CA seem to be more for in-house as opposed to external machine certificate. [link] [comments] |
| Alternative to FS? Their AMs are all gone until Feb 6 according to their support people Posted: 01 Feb 2022 03:00 PM PST Sorry for the low effort and ranty post, but I just have to ask you all for the sake of commiseration. When FS doesn't come through, who is your next go-to? They usually come through for me without issue. Well, my confidence has been shattered, once shot twice shy and all that. The arrangement we have in our procurement system is FS orders get a PO emailed to a specific AM person who's usually super responsive. Haven't heard in a few days since the PO was sent, that's weird.... I started a live chat with their support droid and was told all AMs are on holiday until Feb 6 and I should just place my 5 figure order online instead of using PO and our Net 30 terms like usual. LOL! It would be funny if it wasn't actually causing me a massive headache. Anyone else get burned like this? Edit: thanks for wading through my BS and giving me some direction, I really do appreciate it! [link] [comments] |
| Posted: 02 Feb 2022 01:24 AM PST Hi Guys, As the title says using the website is unable to load .woff2 font files while using stream irule and if I remove the stream irule we can't even load images. The server is only using HTTP, while f5 we have an SSL profile. https://i.imgur.com/QAKIO5j.png The irule we are using is https://support.f5.com/csp/article/K31100432 To mitigate the issue with the use of an iRule follow these steps:
[link] [comments] |
| Zoom issues on medium size enterprise network Posted: 01 Feb 2022 09:27 PM PST I work for an organization that has about 185 people in the building on any given day. each with a varying number of devices connected to either ethernet or Wi-Fi. We unfortunately have only a 500mbps down and 20mbps up connection since the service provider in the area wants $1200 a month for gigabit fiber. We have a Sonicwall NSA 5650, and Sonicwall Sonicwave 432i's throughout the building connected with Dell S4048T-ON switches as the backbone. Recently the network has been very unstable but specifically for Zoom, no other issues, download and upload speeds test normal. and the ability to do other things over the network both internally and out to the internet are not impacted, it is Zoom and other video conferencing specifically that is impacted. this is regardless of whether the device is on Wi-Fi or wired. I even set up QOS to give video conferencing the highest priority to no avail. although right now at night, remoting into a system in the building turning on a YouTube video and streaming that back to my home via Zoom while also downloading 30 gigs of junk data from the network over our VPN, the Zoom connection stays stable. what might be causing this? given my nighttime test it seems like it's not an issue with upload speed. is it simply the number of simultaneous connections out to the internet causing congestion? what can I do to fix this? [link] [comments] |
| Posted: 01 Feb 2022 10:32 AM PST Hi guys. I'm just curious, and always eager to learn so, has anybody ever seen one of these? It's in my company's server room somehow, but it's all stamped with the ISP's logo. What does it do? How does it work? Thank you in advance! [link] [comments] |
| Posted: 01 Feb 2022 01:56 PM PST Hello dear network community, I'd like to hear some input on how you guys validate configurations on your network. What methodology do you use to verify snmp, syslog, tacacs+/radius servers are correct? What if someone changes a configuration that can impact traversing traffic but doesn't have immediate impact? How often do you perform these validations? Is it efficient to SSH into 100 1000 devices in an hourly rate to validate configurations? What advices would you give to start validating configurations in an efficient manner, without adding too much overhead on the network with these checks? Thank you. [link] [comments] |
| UniFi PoE switches on new rack how necessary is something like the dream machine? Posted: 01 Feb 2022 07:35 PM PST I have 3 UniFi PoE switches with a mixed bag of PoE devices (cameras, keypads, APs, etc) in the space. Nothing is Ubiquity except the switches. I have experience working with Cisco and Aruba switches but first time working with the Ubiquiti ecosystem. Any words of advice? How necessary is something like the dream machine for basic VLAN set up and maintenance? [link] [comments] |
| Looking to improve my understanding of wireless networks/networking Posted: 01 Feb 2022 03:30 PM PST Hey, sorry if the post doesn't fit here. I'll delete it if that's the case. I'm looking to improve my understanding of wireless networks in general. I can read the different standards, but I'd like to understand (very much in detail, even down to the hardware level if necessary) what influences for example a deviation in network speed to the theoretical limits given by a company or a specification. And how to measure those things, and maybe improve on them. For example if my laptop wireless card and AP is rated for over 800mbps, and I put my laptop right next to the AP, why can I only measure a max speed of about 500mbps using iperf3? What can I expect the connection of a device to an AP to be depending on the situation/position of both? There is a difference in measurements made with Wavemon for rx/tx and iperf3, how come when the the iperf3 server is connected to 1gbit wired, so I'd assume it should not be a bottleneck and a negligible factor? How different things interfere with a signal. How to judge the quality of a/the difference between products. Stuff like that. And I don't really know where to get good learning resources. I'm just generally curious about the technology and do this as kind of a hobby. I'm studying to become an embedded software engineer by day (with some expertise in hardware, electrical engineering and board design, but mainly software), so this has nothing to do with my career. [link] [comments] |
| Datacenter VPN to sites with identical subnets? Posted: 01 Feb 2022 09:41 AM PST I have a datacenter with different clients spread across several vlans sharing a single firewall. I need to set up ipsec tunnels from the clients vlan to the clients offices, however some client offices will likely share the same subnet. I am using Palo Alto firewalls on each side. Will I run into routing issues doing it this way? [link] [comments] |
| Light verification tools - i.e Fluke FiberLert Posted: 01 Feb 2022 06:17 AM PST I understand you can use your phone to check SM (850nm) fibers. I don't think it works on the LR. I do have an OPM but I stumbled across this and this would be quicker and easier to verify if there is light or not, at all. And less risky to the more valuable JDSU gear. https://www.specialized.net/fluke-networks-fiberlert-125-non-contact-live-fiber-detector.html Anyone ever use this bad boy? [link] [comments] |
| Do USB-C powered PoE devices exist? Posted: 01 Feb 2022 04:04 PM PST I'm working with small PoE devices and would like to be able to do so on the go. So far I've been using a 48V power adapter (it's bulky) and a standard USB-C to Gigabit Ethernet dongle with my macbook and it works great. However it occurs to me that the macbook could in theory power a dongle box, which could contain within it both the Gigabit Ethernet functionality as well as use USB PD to power PoE injection. That way I could run a single Ethernet cable into my PoE device to power it and connect it to the computer. Once the mac is configured to share internet over that connection then the device also gains internet via the computer's wifi or tethering! So far I've only found devices that take in PoE and split it out into a USB-C port with PD and a plain Ethernet cable, but I want to go in the opposite direction and all with one port on either end. Does such a product exist? If not, I could kludge something using something that produces 12VDC out of USB PD and plug it into a 12V low voltage injector like this https://www.amazon.com/Tycon-Systems-TP-DCDC-1248-Converter-Inserter/dp/B00BNHYOUG but i would also need a USB-C ethernet dongle with PD out, so that would be 3 separate dongle items. At that point it's so complex that a better solution would be a dedicated 12V or such power source with the aforementioned low voltage to 48v injector and deal with the extra ethernet cable and ethernet dongle. Update: Seems like the aforementioned tycon box could be "enhanced" with some stuff. It's shaped like a project box anyhow. Got one on order now. It's got just the right power output I should need so it seems to be the most compact way as the bulk of the device should be put toward delivering the 48V .5A. Just gotta figure out how I could maybe modify it or extend it to host a https://www.amazon.com/JacobsParts-Voltage-Trigger-Module-Type-C/dp/B08NFL8RQC?th=1 and a USB PD sporting USB C ethernet dongle. That said, though, it may not even be possible to coax over 5V out of a macbook, so powering it externally might have to do in which case no modification is necessary [link] [comments] |
| Password recovery/ reset to default settings on a ZTE switch Posted: 01 Feb 2022 02:09 PM PST At my job we have a ZTE ZXR10 5950-H switch. My team does not know neither the boot nor the enable password. My higher ups dont know those either. Our task is to reset the settings for this thing. I tried to look for my andwser on forums and search for official documentation, but nothing comes up. We tried the defaults and the generic passwords. Nothing cane out of it. I found this page that claims to have the full doc, yet the page does not work. [link] [comments] |
| Posted: 01 Feb 2022 05:05 AM PST Hi all, As the title suggests I am after a piece of software for Windows 10/11 that will invesitgate our wireless network and show all the APs in the area but it must show the AP name along with the signal and other relevant information. I can find loads that give all the useful information but it is the AP name that is the most important part and I am struggling to find software that will provide that. Anyone know of anything that will help? Cheers. [link] [comments] |
| 802.1x switch access unable to authenticate Posted: 01 Feb 2022 01:27 PM PST I am doing some testing on configuring 802.1x to allow access on physical switch ports. I set up a windows server running NPS and test switch I configured to authenticate against this server. Plugging in a client device gives me an authentication failure on the ethernet connection. I was also not seeing anything in the NPS accounting logs on the server. Running wireshark I am seeing the incoming access request and the server attempts to send a return ICMP packet but wireshark shows Destination uncreachable (Port unreachable). I've verified I can ping from switch to server and vice-versa, and the firewall is disabled on the server for testing purposes. There are also no physical firewalls in between to be blocking the traffic. I have configured RADIUS for wifi in the past so I am familiar with NPS, but this is the first time doing it on physical interfaces so I am at a loss. Any ideas? This is on a HPE Aruba switch if that helps any. [link] [comments] |
| Scalable VPN solution across 1k sites? Posted: 01 Feb 2022 01:27 PM PST We have a large scale project that will require a VPN connection to each site with connectivity being provided by the customer. In previous rollouts, we have been able to utilize OVPN or an IPSEC tunnel from the customer's corporate network to our AWS VPC Gateway. OVPN requires some significant configuration to get a static priave network IP endpoint (which is not ideal when having to configure 1k sites), and a single IPSEC tunnel is not an option for the client. Is there a hardware based solution that can be scaled out quickly that might be able to provide the same VPN connectivity to the sites? We are willing to change our hardware deployed to these sites if the price is enough to offset the time to configure our current setup. Thanks! [link] [comments] |
| hp comware vpn instance inter vlan routing with nat. Posted: 01 Feb 2022 04:54 PM PST Hello guys how can i achive this:
vrf customer1 and customer2 has the same LAN Network Address. and i want to let them both go to the internet via vrf Inernet. (with vrf leaking) but because this to customers vrf has overlapping address i want to do nat from traffic that go from customers vrf to internet vrf. how can i do that? [link] [comments] |
| DHCP server still reachable even though Firewall rule should block it (Juniper EX4600) Posted: 01 Feb 2022 04:05 PM PST Hello everyone, I need help in understanding why a dhcp server that is not allowed inbound on a subnet (based the firewall rules) is still able to assign IPs to endpoints in that subnet. I pasted all the necessary configurations/info here https://pastebin.com/9Zac3QuC this is on an EX-4600 thanks! [link] [comments] |
| Multicast routing between Wireguard peers Posted: 01 Feb 2022 12:16 PM PST Hello everyone, I got a question about Wireguard. It's possible to route multicast between peers? (allow peers to be apart of one multicast group ) I tried it via smcroute without success and thinking about PIM routing across peers, but I'm afraid if possible to do that. [link] [comments] |
| Posted: 01 Feb 2022 11:35 AM PST I'm making a largish mesh network for work and am trying to keep ip's as organized as best as possible. With mesh tunnels that has become a pain. I'm thinking about using an ip scheme such as x.x.y.z Y:the origin site of that side of the tunnel Z:the destination site of that side of the tunnel Ie if you have 2 sites, 18 and 22, the ip for the tunnel on site 18 would be x.x.18.22 and for the tunnel on site 22 would be x.x.22.18 on a /16. Is this possible or do tunnel IPs need to be sequential and on a /30? Thank you. Edit: NVM realized the idea is flawed anyways as having it be a /16 would of meant that the subnets would overlap and not work. Thanks for the suggestions. [link] [comments] |
| UDP packet not going outbound l, Azure NAT vm Posted: 01 Feb 2022 11:06 AM PST UDP packet received but not being sent back out. Azure NAT. Hi all, I've got a server expecting UDP packets and it receives it fine, however when I respond with a udp packet using the same port I've received the packet from both source and dest it doesn't reach the server. I can see the packet on my azure vm but not the other side. I checked using the diagnostic tools and the ports are open. Could the packet be malformed? If so I would expect wireshark to complain.. [link] [comments] |
| Are there anymore Design paths with Cisco? Posted: 01 Feb 2022 10:58 AM PST If I recall correctly, there is no more strict design path. If one wants to learn the designing of today's networks, what would be the best course of action to take regarding that? While I'm not looking to get certified per se (unless it does still exist, then i'd entertain that option), I would definitely like to become more proficient in various network designs. Any suggestions would be appreciated. Thanks. [link] [comments] |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment