Questions: L3 at access layer, vlan ids and ip subnetting Networking |
- Questions: L3 at access layer, vlan ids and ip subnetting
- Operators of Critical Environments, how do you test new code before deploying to your Switches/Routers?
- Best way to troubleshoot intermittent client connectivity at all sites?
- netgear insight pro? what's people's thoughts
- Optical splitter advice
- Using SFP ONT module with pfsense and Unifi switch
- is Tplink T1800G-28TS v2 broken? v3 hardware passes DHCP, v2 doesn't?
- Help with Scan to SMB
| Questions: L3 at access layer, vlan ids and ip subnetting Posted: 27 Mar 2022 02:41 AM PDT Hi, I'm a sysadmin (jack of all trades...) and i always had a preference for networking. I can develop my networking skills at work but not really deep. In my company, small-medium office ~200 people onsite before covid, we have traditional L2 domains and inter-vlan routing is done on the firewall. For me access switches are naturally at the L2 layer, trunk uplinks to 2 core switches (STP root and STP root backup), and firewall cluster connected to both core switches. We have access points with 3 different SSIDs mapped to 3 vlans (corp, byod, guest). These access points are connected to different access switches in the building (one access switch at the 1st floor, another one at the 2nd floor etc.) I'm trying very hard to understand the L3 at access layer design that is recommended nowadays. In a L3 at access layer design, I understand that trunk uplinks on access switches to core switches are not needed anymore. The traffic going out of the access switches is routed to the firewall. Now with the traditional L2 at access switches design, we have the same vlan ids on all access switches, and ip addressing is not a problem with the dhcp server that lives in the same vlan. How do you transform that into the L3 at access layer design? In a L3 at access layer design, do we keep the same vlan ids on all access switches? Ex. Or do we need to use a different vlan id? Ex. To me it looks like it doesn't matter anymore because the vlans are terminated on each access switches. What about ip addressing, it looks like we need to have a different subnet per vlan per switch. So corp vlan 25 on switch A would be 192.168.25.0/24 and corp vlan 25 on switch B would be 192.168.26.0/24 , is that right? it must be otherwise i don't know how routing between access switches would work. That looks like ip addressing is a bit more complex to maintain? And we would have to use lots of dhcp scopes and dhcp relays on the switches? Thanks for reading this. [link] [comments] |
| Posted: 26 Mar 2022 11:23 PM PDT We're an end to end Cisco shop but this question applies to any operators of any vendor. I work for a Healthcare environment and currently we don't have a strategy for introducing new code onto our Network platforms. We currently purhcase our equipment from a VAR and have support purchased through them. They mainly deal with us on a break-fix basis, so we're currently on our own regarding deploying new code. I'm somewhat aware that IOS/IOS-XE code isn't what it used to be, The Cisco Business Units don't vet their code extensively for bugs and favor features/releases over stability. I've heard stories that the BU will ask TAC Engineers if a version "seems stable" from field experience to make it the "gold star" code on the Download site. My current plans for upgrading our environment to a code from this decade (with a fleet running 3.7.x and older) is to start with a few smaller remote sites and letting them run as canary hosts for a few months before rolling out the same code to other areas. Does anyone have a strategy or plan they use with success to self-test and roll out new code for their devices? My biggest concern is that code we're running at the moment is stable, but most of it's starting to close in on EOL (or) we're missing some features like SSH due to not running k9 images (on a small % of switches) we'd like to resolve at the same time. Any help would be appreciated! edit I forgot to mention: We will be standing up lab switches with the code before we move to production, our plan was to dogfood the new code on our own local switches in the office before we move to the remote sites. edit 2: mentioned that non-k9 images is a small % of the Network [link] [comments] |
| Best way to troubleshoot intermittent client connectivity at all sites? Posted: 26 Mar 2022 03:34 PM PDT All sites lose connection to our company's proprietary application intermittently throughout the day. Systems maintain network connectivity, and network speeds are not impacted, but the application will drop connectivity, and require operators to log off and log back into workstations, relaunching application to re-establish connectivity. The application runs a timer every 20 seconds to check connectivity and report within the application. The timeout is 45 seconds before the application reports a client as offline. The application can perform certain features offline, but client connection is still intermittent. Error: System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate!. The authentication header received from the server was 'Negotiate, NTLM'.->System.Net.WebException:The remote server returned an error: (401) Unauthorized. -_-> System.ComponentModel.Win32Exception: The logon attempt failed Source machines and IP: PC1 - 10.20.15.0/24 PC2 - 10.20.15.0/24 PC3 - 10.20.15.0/24 Destination URL: https://subdomain.domain.top level domain/path/pathservicename.svc on port 443. We have already rebooted services and servers. What else could we possibly look into to fix this? [link] [comments] |
| netgear insight pro? what's people's thoughts Posted: 27 Mar 2022 02:01 AM PDT Hi I'm New as an MSP... I'm looking at cloud managed networking solutions to provide, netgear insight pro looks pretty decent apart from there's no firewall as such, I'll probably use meraki as a firewall... What's peoples thoughts? [link] [comments] |
| Posted: 26 Mar 2022 04:25 PM PDT We are in the process of eliminating single points of failure, but we're stuck without being able to buy a second 100G uplink to our provider. We know we can't control the provider network at this time, but we'd like to have near-zero downtime for our own maintenance (for ex, code drops or taking the router out for dinner and dancing) We're looking for a solution that will duplicate the optics (1310) on our 100G uplink between east/west demarc routers. In effect, we have the port shut down on our west path, and when we have maintenance on the east path, we can shut down the east port, and turn up the west port. In effect this would be same as someone unplugging the fibre patch for our upstream circuit on the east router, and physically moving it over to the west router. Is a PLC splitter the thing we're looking for? Also do routers have technologies to manage these via protocols, something like STP where a secondary path would be pruned until a primary path failed? Or maybe something like an active/passive mclag? We are using Arista 7280SR3s if that helps. [link] [comments] |
| Using SFP ONT module with pfsense and Unifi switch Posted: 26 Mar 2022 11:12 PM PDT So I'm doing some experiment now with an SFP ONT module to replace my ISP-provided ONT. My pfsense box does not have an SFP port but my Unifi switch has a couple. At this point, I'm confused as to where tagging needs to occur. If my ISP's OLT is trunked, then it is expecting tagged traffic for Internet. So frames coming out from the SFP module should be tagged with the correct VLAN ID. The topology will look something like this: pfsense WAN interface -> Unifi switchport (i.e. port 14) Unifi SFP port (i.e. port 15) -> SFP ONT module -> ISP fiber optic cable So, say, the ISP needs traffic tagged with VLAN ID 100, which device should I configure the tagging on?
Do these make sense? If not, please feel free to correct me. Thanks for the help. [link] [comments] |
| is Tplink T1800G-28TS v2 broken? v3 hardware passes DHCP, v2 doesn't? Posted: 26 Mar 2022 04:28 PM PDT Simple question: test lab with edgerouterX handing DHCP on flat 10.10.10.0/24 network. Two T1800G switches, one v2, One V3. VLAN1 set on both, interfaces 10.10 and 10.20, DHCP 10.100-250 One switch hands working fine, clients receive DHCP addresses. 2nD switch Client sends DHCP but no response. Even though the flat network, tried setting DHCP relay. Tried both EdgeRouterx -> sw1 ->sw2 and Edgerouterx -> sw1, Edgerouterx ->sw2. everything is the latest firmware. What am I missing? tried posting in r/homenetworking, since these are enterprise switches no much experience with these. [link] [comments] |
| Posted: 26 Mar 2022 03:41 PM PDT Hi, I'm trying to setup a printer to scan to a Windows SMB shared path. The share is fully accessible on the network when selecting the path and entering the username/pass. I can also ping the SMB server from the printer but I can't send a scanned document through. Tried alternating between ports 139 and 445. Tried changing the syntax, modifying the workgroup to include the domain name. Printer supports SMBv2/v3, NTLMv2, as does the network share. No luck. Tried capturing the packets in Wireshark and the traffic looks fine, but then I see a session log off request by the printer and there is no PSH packet sent before connection ends (and printer fails to send the file). So connection is made but scanned data is not sent over. Which is weird because I can drag n drop files from PCs into the folder but I just can't scan to it on the network. I've tried using various printers, ensured that they are all on the same subnet, SMB settings fiddled around with. I made sure that the windows shared path accepts network discovery, firewall rules open to SMB, etc. What am I missing here!?!? Thanks in advance. [link] [comments] |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment