Blogpost Friday! Networking |
- Blogpost Friday!
- Advice? Net Engineer for a school district.
- Anyone here running Teleprotection over MPLS?
- Asymmetric vs Symmetric IRB
- multi-vendor gRPC -C++ "dial-out" collector
- General questions on management VLAN setup
- Juniper ACX1100 Memory
- Mikrotik + Ubiquiti vLANs and WiFi
- Looking to up to game to 50gb is all 100gb module down-compatible ?
- Is U/FTP worse than U/UTP and F/UTP
- DNS pitfall
- VLANS without switches
- HP 5412zl Replacement?
- Stuck trying to use netbox as inventory source for ansible
- Generate SNMP private MIB for custom SNMP agent
- Need help suggesting a network testing tool or command.
- Routing issue in my lab setup
- Unable to ping server while connected to SonicWall ssl vpn
- upgrading epld image N9K-C9372PX-E
- Help figuring out partial Tiktok Block
- Cisco pipe command to show only specific entry
- Remote & Local Group IPSec VPN Question
- What is the name of a device used to check if an ethernet port has a signal?
- Data center vs Public cloud - What would you choose as a career ?
- Creating a Secure, VPN'd Wireless Network Off a Quasi "Public" Ethernet Jack In Commercial Rented Space
- C19 Cables are very loose in Power Supplies, Solutions?
| Posted: 02 Jun 2022 05:00 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts. Feel free to submit your blog post and as well a nice description to this thread. Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it. [link] [comments] |
| Advice? Net Engineer for a school district. Posted: 05 Jun 2022 06:50 AM PDT I'm starting a new job as a network engineer at a school district. The only one… Any advice? 9 campuses connected with dark fiber, ospf, fortigates, dell switches, Aruba waps, and Aruba clearpass. [link] [comments] |
| Anyone here running Teleprotection over MPLS? Posted: 04 Jun 2022 04:40 PM PDT Where my utility folks at? Just curious to see what your transport is and how your network timing is setup (PTP, SyncE, etc) Thanks! [link] [comments] |
| Posted: 04 Jun 2022 01:59 PM PDT I am currently learning differences between asymmetric IRB and symmetric. I am doing an EVPN labs and noticed that all examples with symmetric evpn irb provides aditional configuration with internet provider (default route to internet) as type 5 route. And there is nothing mentioned about that when configuring asymmetric. Tho, simply advertising the default route via bgp in the fabric is enough and I can reach the internet (in my lab, everything simulated). So my question would be: When configuring asymmetric evpn do you have to configure default gateway from ISP to be announced as type 5 route or is it enough to simply advertise it (as you would normally do without evpn)? [link] [comments] |
| multi-vendor gRPC -C++ "dial-out" collector Posted: 05 Jun 2022 07:39 AM PDT Hi Community, I was looking for an efficient way to collect metrics from a relatively big (>1000) & multi-vendor network. Nowadays all big players (Cisco, Huawei, Juniper, Nokia ...) support "yang" to model the data & gRPC with multiple encoding (JSON, GPB-KV, GPB) to share it across the network. This is why I recently started the development of a gRPC-C++ "dial-out" collector & I was asking myself if someone else is already working on something similar or might be interested in joining the project. The development is done with C++ using the gRPC's async API plus multi-threading to maximize scalability. [link] [comments] |
| General questions on management VLAN setup Posted: 05 Jun 2022 06:46 AM PDT Hi everyone, I read about management VLANs and that it seems to be best practice to not leave anything in the default VLAN 1. My understanding is that the management VLAN is set up in a way that only through the management VLAN one can access network components (GUI or console). The access from all other VLANs is not possible. Some open questions remain:
Thanks in advance for some guidance [link] [comments] |
| Posted: 04 Jun 2022 12:52 PM PDT I'm thinking of getting two Juniper ACX1100 to act as my core routers. But I haven't found out how much RAM these have. Can they run full table IPv4 and v6? [link] [comments] |
| Mikrotik + Ubiquiti vLANs and WiFi Posted: 03 Jun 2022 11:55 PM PDT Hello everybody. I have to setup the network for a company that has some beach sectors. I want to change the present router with a Mikrotik RB750GR3 and create two different vLANs that will be used as follows:
I will make the vLANs not pingable. My question is, how can I setup the Ubiquiti APs to broadcast two different WiFi networks, with different SSIDs using those two vLANs that I have mentioned earlier? It is absolutely needed to have a wireless network for staff because they have iPADs on which they have installed POS and ordering software. Looking forward for your answers. Thanks! [link] [comments] |
| Looking to up to game to 50gb is all 100gb module down-compatible ? Posted: 04 Jun 2022 02:02 PM PDT Hi I did for a while all install at different venue in 25gb with all xxv710 nic, but got couple of request for higher speed, but it's unclear about how to get a proper 50gb. All qsfp28 100gb do give 4x 25g by mtp cable , but how do we get a 50gb ? I know going direct to 100 could be better, but as i can grab a lot of Mellanox MCX4131A and mcx4431a.... i only see dac that do 100gb to dual 50g. It's fully compatible on 50 to 2x 25g, but remaining optic is needed with run of over 200ft. On the install, there's dwdm casette possible to suit some rackmount chassis, but to make it easy : -if i do 50g to 2x25 , i just pick 2group over the 4 fiber. But if we upgrade later both end at 50g : do i need to add an extra dwdm to mux back the 2 group over 1 to feed a qsfp28.. Or simply grab a 100g module and connect 4 fiber and it automatically give the 50gb link in full ? Thanks for precision on that. [link] [comments] |
| Is U/FTP worse than U/UTP and F/UTP Posted: 04 Jun 2022 12:55 AM PDT I've been told by a friend that works as a network engineer that CAT6A u/ftp is actually worse than other cat6a standards " As to having foil on each twisted pair will not provide consistent protection for each pair due to foil overlapping at different places." Apparently if cables are not consistently protected there will be more errors from interference that aren't detected as noise. Is this correct? If so what's the reasoning for Cat6 U/FTP. I'm slightly sceptical as my friend didn't know CAT6 U/FTP existed before I asked them about it. But I'm struggling to find much online other than U/FTP may be easier to install. [link] [comments] |
| Posted: 03 Jun 2022 05:56 AM PDT Is delegating DNS more than one level dangerous/wrong? For example: Your company is foo.com. You outsource databases to a company and delegate db.prod.foo.com to them, so there is an NS record for db.prod in the foo.com zone. In my experience this all works well until you create a prod.foo.com zone, at which point something like test.db.prod.foo.com sometimes resolves and other times not. Something like "dig +trace" always works, but without +trace most of the times no record is returned, I am assuming because prod.foo.com is queried, and there is no A record in there (or CNAME) for "test.db", or no NS record for "db" [link] [comments] |
| Posted: 03 Jun 2022 07:36 AM PDT So my new employer provided me with a list of vlans....but we don't know what switches they are on. There are nearly 100 switches in the network. What's the easiest way to figure out where these vlans are? [link] [comments] |
| Posted: 03 Jun 2022 11:37 AM PDT Does anyone know what the replacement would be for a 5412zl switch? I'm running 7 modules in it currently and am not sure who the new version is. Is it the Aruba 5400R? [link] [comments] |
| Stuck trying to use netbox as inventory source for ansible Posted: 03 Jun 2022 12:41 PM PDT Let me preface this by saying that my ansible knowledge is fairly limited; I know how to do a few things but I'm in no way proficient. I'm trying to get my team to adopt ansible to automate some repetitive tasks but managing a static inventory is going to become pretty cumbersome in the near future, so we're testing netbox to see if it meets our requirements. So far I've managed to pull device and interface data using the nb_lookup plugin and json_query, but I can't figure out how to pull ip and fhrp data for their respective interfaces. For a bit of context, the data returned looks like this: https://pastebin.com/cHe8Rjmn , and the play is as follows: The play fails with a message that says: I've tried using the device.display key as well, but it throws the same error. I've tried printing the values in those keys without any filtering (i.e. json_query('[*].value.assigned_object.device.name') and it does return the names of the routers as expected, so I don't really understand what I'm doing wrong. Has anyone encountered a similar issue? EDIT The solution is using this query instead of one that uses contains() [link] [comments] |
| Generate SNMP private MIB for custom SNMP agent Posted: 02 Jun 2022 10:19 PM PDT I have created a custom SNMP agent for monitoring a device on the network and I want to be able to generate the private MIB file dynamically. Is it possible to generate a private MIB file from Snmpwalk output. If so is there any tool/script for doing so or any other way to generate Private MIB for an agent [link] [comments] |
| Need help suggesting a network testing tool or command. Posted: 03 Jun 2022 05:08 AM PDT I have a very simple problem. I have a wholesale business. I would like to remote access different machines at our different stores from my office. Right now we use Chrome Remote Access and I do not wish to switch it as it works flawlessly and everyone can easily use it at this point. My issue is that, at almost all the stores I have no issues accessing the machines, there is no lag or bad quality video etc. At all the locations I use the same router and switch, almost same machines. The new shop which I'll call, shop X is having issues with CRA though. In fact the machines at that location are a little bit better. But same network setup, identical equipment. I use the same ISP for all locations, all the shops are within a 5KM radius from me. In fact one of the shop uses a cheap LTE router but there is no lag and I get full quality, so why is this new shop having issues? But that is not what I need help with here, could someone suggest me a tool where I can test maybe latency, jitter bandwidth issues. To see if it's a problem on the ISP side or whatever it is, I need a tool that can report the network status in a detailed way to me so I can compare with other locations etc. Also, I'm not tech savvy at all so I would appreciate if you it's not assumed I know stuff, but I'm quite understanding. Any help is really really appreciated. I just wanna make the job of my accountants DA and everyone easier cuz if I can easily remote access the location they can work from office. Thanks. :) [link] [comments] |
| Posted: 03 Jun 2022 02:58 AM PDT Hello, I've been building a networking lab to learn more about PaloAlto Firewalls. But I've run into a strange problem that I've spend several hours on and I really can't figure this one out. I use VMWare ESXi on a Dell R820 Server for this lab. The server is connected to a regular residential ISP modem (via some cisco layer 3 witches). I have made a quick schema (https://imgur.com/ySJ1IAx) to make my setup more clear. But it is basically Ubuntu Desktop VM -> PFSense VM -> PaloAlto VM -> ISP Modem -> internet. The issue that I have is that the Ubuntu VM (Ubuntu01 in the schema) cannot access the internet in any way. No ping, no dns, no nothing. But the strange part is that the Ubuntu VM can ping the ISP modem (192.168.0.1), so the traffic is routed as it should through the PFSense and PaloAlto. During my troubleshooting I tried to attach the (same) Ubuntu VM to the portgroup that connects the PFSense to the PaloAlto and from there it can access the internet just fine (Ubuntu02 in the schema). It is just a lab, I know I don't need the PFSense and everything would work just fine if I let the Palo handle everything. But I would like to understand what is happening. EDIT: I have changed the 10.17.5.0/30 subnet to a /29 subnet to avoid conflicts with the ubuntu2 and the /30 broadcast address EDIT: I have found the issue in the Policy Based Forwarding Rule on the PaloAlto. thanks for the feedback!! [link] [comments] |
| Unable to ping server while connected to SonicWall ssl vpn Posted: 03 Jun 2022 09:39 AM PDT Hello all, Not sure if I'm in the right place but I have a puzzling issue. Several employees have reported that while they are able to successfully connect to the SonicWall ssl vpn they are unable to ping or RDP to servers on our network. Everything looks correct route print is correct. The temporary solution is to launch wireshark that will then allow them to ping the network successfully. However this seems to be only temporary and they have to repeatedly relaunch wireshark to resolve the connection issue. The other solution I found was uninstalling Zscaler. Once Zcaler was fully uninstalled they seemed to route correctly. This ideas only affecting one user but now it has spread to several. Majority of the company has no issues. I'm just wondering is anyone could offer some insight as to wireshark is a temp solution and what I should pursue as far as further troubleshooting. [link] [comments] |
| upgrading epld image N9K-C9372PX-E Posted: 03 Jun 2022 07:39 AM PDT Hello, I've couple of questions about Cisco N9K-C9372PX-E upgrade. Currently it runs on: I've read the upgrade notes of latest suggested version 9.3(9) so i can upgrade it straight - in one hop. I need some clarifications regarding EPLD: 1) Do i understand correctly - that if the newest version of EPLD image is FIXED to 0x15/0x8 - i dont need to upgrade it because the fixed version is the same as current EPLD ? 2)How to know if the device supports golden EPLD image ? On C93180YC-EX there was support of Golden image, i saw it by the show logg | include fpga command, which showed that the device was booted from Golden image. How to know the same information (if golden image is supported/needed for upgrade) for this cheaper N9K-C9372PX-E device if my logs are already rotated ? Thank you [link] [comments] |
| Help figuring out partial Tiktok Block Posted: 03 Jun 2022 07:31 AM PDT I know a lot might welcome issues blocking TikTok, but putting that conversion to the side, I'm hoping someone can help figure out where/why certain satellite offices cannot access the site and some can. All are using the same gear --PA for their firewall and Akamai for their DNS. Have checked both and do not see any rules, filtering, etc. In place. Same result when DNS is changed. Same for wired and wireless across multiple devices, browsers etc. Any specific thoughts or places within either configuration to check? Thanks in advance. [link] [comments] |
| Cisco pipe command to show only specific entry Posted: 03 Jun 2022 07:30 AM PDT I tried to RTFM to no avail. If I want to perform a show run and only see exact output, can it be done? For example, I want to see everything that contains 10.10 ( preferably only entries that begin with 10.10). In google, we would simply surround 10.10 in quotes like "10.10". What I don't want are results like 10.100 or 110.10 and ideally not something like 110.50.10.10, etc. which I get with show run | inc 10.10 [link] [comments] |
| Remote & Local Group IPSec VPN Question Posted: 03 Jun 2022 06:20 AM PDT Hello, Question regarding configuration of the "remote" and "local" groups for an IPSec VPN. Is my understanding correct that the "Remote Security Group" allows you to scope (by IP, subnet, etc.) which devices connected to the router will leverage the IPSec tunnel? Consequently making it so any devices NOT in scope will NOT tunnel back to the main site router? And for the "local security group" I read it defines which devices at the main site will be able to access the IPSec tunnel, but why would something at the main site need access to the IPSec tunnel if its already on the main network? Also, and this is a more unrelated question and just something I am curious to know the answer to, if you had a specific on premise resource at your main site that you wanted only specific clients from the remote site to be able to access, how would you restrict that while still allowing the other remote clients to access other on-premise resources located on the main site's network? Thanks! [link] [comments] |
| What is the name of a device used to check if an ethernet port has a signal? Posted: 02 Jun 2022 02:54 AM PDT I had to use a device at school that made it very easy to check if an ethernet port in a patch panel had a signal by holding it near the port and it would start beeping. It's not a device where you would plug an Ethernet cable in, but hold it in front of an open port to scan ports quickly. [link] [comments] |
| Data center vs Public cloud - What would you choose as a career ? Posted: 02 Jun 2022 05:08 AM PDT Hi All, Was just wondering, if you had the option to pursue career in on prem data center vs public cloud, what would you choose ? Assuming that the person has the ability and the interest to learn both. I am currently studying both and it's hard AF to manage both. Scared to go all in on a single choice due to FOMO [link] [comments] |
| Posted: 02 Jun 2022 01:43 PM PDT Hello, Here is my situation: We are opening a very small remote office (3-5 employees). The leased space provides a shared Wireless/Hardwire network for tenants of the building (this is a commercial building) and does not permit independent ISP runs for tenants. Assuming I was going to only be able to run off the buildings shared wireless, I setup a Wireguard VPN connection with PiVPN and configured the PCs to start Wireguard on boot to route all traffic through the main office firewall, simple enough but it means that the VPN connection becomes reliant on the employee's computer and makes adding things like wireless printers a bit more complex. In a turn of events, I just spoke to the building owner and he said that there are hardwire ports in the leased space and that I am welcome to install my own wireless access point/router/firewall unit if I want to create a private network just for our employees. Now that alone only segregates, obviously it doesn't encrypt the traffic on its way out, but I believe I can get a unit (or use something like PfSense?) that supports VPN routing on top of being a wireless router and firewall. The benefit of this means I only need to worry about the VPN connection on one device and is thus a more scalable, reliable option. If I wanted to go that route, do you have any suggestions on the best appliance/set-up? I would like to keep it all in one unit if possible. I need wireless, routing, firewall, and VPN. I believe since I would have hardware at the remote site, I can then go the IPSec route for a Site to Site VPN to the main office firewall, yes? I confirmed my main site router supports IPSec just to be sure. Thoughts, concerns, things to be aware of, recommendations? I want to note that the purpose of the VPN in my use case is strictly for the purpose of encrypting the network traffic in transit, I dont have any on-prem resources that need to be accessed. Thank you all in advance! [link] [comments] |
| C19 Cables are very loose in Power Supplies, Solutions? Posted: 02 Jun 2022 08:28 AM PDT I have some new chassis based firewalls that have C19 power connections. The cable to PSU connection on these are so loose it is silly even though I am using the vendor's cable. Clearly some engineers saw this problem too and added small zip-type cable clamps to the back of the PSU but even properly tightened I have no faith that these C19 cables will not vibrate or get otherwise disturbed during standard work in the racks over the years. I see that Tripplite makes some Plug lock inserts for C19, has anyone ever used them with success? I suppose I could also just wrap the C19s with 2 or 3 layers of electrical tape but that feels a bit low-brow solution for a few hundred thousand $ worth of firewalls. [link] [comments] |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment