Rant Wednesday! Networking |
- Rant Wednesday!
- Juniper MX204 End of Life Announcement
- Frustrated trying to find a network job
- How does a router know where in a network to send packets from a web server if the server only addresses the packets to the router’s public IP address?
- Need to verify network configurations on switches, servers, NAS
- Fortinet/FortiAP issues
- Cisco Nexus 5672 10GBase-t SFP+
- upgrading WLC code to 17.3.5a with x700 AP's in the enviroment
- Vendor equipment policies and remote access...
- Increase tcam region size on nexus 5548
- Buying Lab Networking Hardware
- Question about Dynamic NAT/Overload
- Command to check optical power in cisco 7600 router
- Multiple NAT overloads on IOS-XE issue
- Retail store network options
- Implemented NAC and no ip assigned from DHCP
- Windows NPS Machine Cert after Log In
- Summarizing/Aggregating BGP routes from a peer
- ASR9001 Upgrading
- Core Switch for Cisco C1000 Access?
- High quality headset for service windows in a data center/switch/head-end, etc?
- Cisco 3560X Netflow
- Are there any issues renaming cisco firmware?
- Palo Aalto Certifications Value
- Is it worth pursuing a senior network engineer position?
- How do pros test and quantify your WAN link quality?
| Posted: 14 Jun 2022 05:00 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it. [link] [comments] |
| Juniper MX204 End of Life Announcement Posted: 14 Jun 2022 07:15 AM PDT |
| Frustrated trying to find a network job Posted: 14 Jun 2022 07:56 PM PDT I have been looking for a Network Engineer job for over 9 months. Ok I have a lot of experience. I have 15 years working in IT. 10 being as a Network Engineer. I have CCNA/CCNP. Enterprise Cisco routing, switching, firewalls, troubleshooting. Linked in here: https://www.linkedin.com/in/michael-mandel-0bb25922a/ I have been unable to find a job. I have applied for 200 jobs have had 10 interviews that went well. All turn downs. Well were looking for this skill, picked another candidate that best fits our requirements. Ok these companies are just being way too picky with their jobs. I live in Denver, and way too many people moving here. I'm hearing that secretaries jobs have 500 candidates. All the networking job have about 300 people applying for jobs. And I am searching the entire country for jobs. Full time, contract. I prefer working from home, there is still a lot of employers requiring onsite work 100% I have had 3 companies that went though hiring process, and job just went away.wasn't approved. Essentially just wasting everybody's time. All these company's are crookid as hell. They want you to working way too many hours, my job at Centurylink I averaged 49 hours a week, burn everybody out, because they can easily fill you role. Really bad management at Centurylink they care about their employees. Do not work for Centurylink! If you are missing 1 skill, then they are unwilling to let you learn a new skill on the job. Talking to recruiters, they are also frustrated with these companies when they send them candidates with skills in job description, and not interested the candidates 99% of the time, because they have another 300 that somebody will have. This is a HUGE problem right now. Not good time to work in IT. What about the guy who has 5 years experience. Look ok you can't be an expert in every technology invented. Anybody else here having same issues as me? I need a new career change. I am at the end of my rope here, just losing my mind right now with the job search. I have never ever had a problem finding work in my entire career up until now [link] [comments] |
| Posted: 14 Jun 2022 09:12 PM PDT Just confused, if data from a web server are addressed to the router's WAN IP them how does the router know where in the network to send it from there? [link] [comments] |
| Need to verify network configurations on switches, servers, NAS Posted: 14 Jun 2022 06:33 AM PDT Hello. I am tasked with verifying that all the network configurations additions/modifications were completed in my environment. I have Juniper switches (EX4300), servers (Raritan DSX2-48, DL360/380's), ESXi hosts/VMs, and NetApps installed in my workcenter. So far, I see the best way to verify the configurations were completed on the Junipers is by using 'compare' in Notepad++. Is there a better/quicker way to verify the configurations? The other devices that seem like they will take A LOT of time would be the servers and ESXi hosts and just going through our installation guides that we made ourselves and just checking off that each modification was completed line by line in the GUI. This seems like a very time-consuming/tedious process. Would there be a quicker way I'm not seeing? I am wondering the quickest/easiest way to verify that the configurations were completed on all these devices. Some of these devices are new installs, so the setup is quite extensive. I am still formulating my plan of attack, so any suggestions/comments would be greatly appreciated, thanks! [link] [comments] |
| Posted: 14 Jun 2022 08:16 PM PDT I'm having issues with clients intermittently not connecting or losing connectivity. Seems isolated to our 2.4ghz frequency networks, mostly tunneled. We are fully in the Forti ecosystem – firewall, switches and APs. IoT devices occasionally lose and can't regain connectivity (despite a DHCP reservation). Also, devices occasionally don't connect due to "incorrect password" (it's – not – an incorrect password). Happens on iOS, Mac and Windows. Has anybody experienced anything like this? [link] [comments] |
| Cisco Nexus 5672 10GBase-t SFP+ Posted: 14 Jun 2022 08:07 PM PDT Tldr; Anyone have luck getting 10GBase-t SFP+'s to work in a Nexus 5672? I have a couple of Cisco Nexus 5672s that I am connecting up to some blade Chassis that have a couple of blades each. Each blade runs VMware esxi. The NICs in the blades are 10gbase-t. I am using 10Gbase-T SFP+'s for the VM traffic network and iscsi network. Recently bought a bunch of 10Gtek SFP+'s to replace a few failed transceivers and move the management network from 1gb to 10gb to increase vmotion speeds. The SFPs we replaced worked just fine without issues. When I plug in the 10gtek SFP+'s to the 5672 to upgrade the management network to 10gb, the layer 2 link comes up just fine and everything looks good on the switch side and link light side, but the ESXi host sees the link as down. Or the host will only see a single nic come up. Currently there are redundant NICs and both would be plugged into the 5672s. The vswitch and port group are setup in an active passive state. I have one server that both new links operating at 10gb. The other servers are all missing a link. All ports being used in the Nexus are configured the same as access ports and same VLAN. I also did a little more research and am thinking the Nexus may not support 10gBase+t SFP+'s. The transceiver shows as 10gbase-sr which is a fiber transceiver, so my guess it is just tricking the switch because it isn't supported. So not sure if anyone else has had luck with 10gbase-t SFP+'s in a Nexus 5672? Any thoughts? [link] [comments] |
| upgrading WLC code to 17.3.5a with x700 AP's in the enviroment Posted: 14 Jun 2022 05:55 AM PDT Hello all, we are doing an upgrade of our WLC from 17.3.3 to 17.3.5a to resolve a few bugs, we have about 200 x700 model AP's in our environment and I have been reading that if the path MTU drops below 1500 the new code can break the x700 models. It looks like there is an SMU that fixes this so it shouldn't be problem, I just wanted to know if anyone has been through this upgrade already, what was your experience? Do the AP's rejoin once the SMU has been applied? Recommended Cisco IOS XE Releases for Catalyst 9800 Wireless LAN Controllers - Cisco [link] [comments] |
| Vendor equipment policies and remote access... Posted: 14 Jun 2022 07:17 AM PDT Currently my workplace has no real policy or pre-purchase requirements in place for vendors we buy equipment from and I'm having to have discussions with vendors already onsite with equipment that a departments purchased and negotiate what sort of remote access the vendor will have. For instance right now I've got a vendor asking me to open up NAT rules to the world so one of their employees can access a system on our network through one of our public IPs from his home computer and phone via SSH and HTTPS, which I am not going to let happen, but I do not even want to be having a conversation like this at this point. Does anyone know of any example or template policies I could reference to draft a policy? Basically I want something that our departments heads could keep on hand and present as our set of requirements to the vendor before the purchase is completed. I want upfront clarity that we will have ultimate say in how to make the equipment comply with our network safety protocols and we will need administrative credentials and access information to the equipment so we can assess and apply any needed security updates or diagnose any potential issues with the equipment. I've had to deal with enough legacy systems put in place years ago that we've reverse engineered documentation for or just shut down because we don't have the info, I don't need more of that. [link] [comments] |
| Increase tcam region size on nexus 5548 Posted: 14 Jun 2022 06:24 AM PDT Hi there I have nexus 5548 and i get ERROR: tcam region full error when i want to add a new rule access-list How can I increase tcam region size without services interruption? [link] [comments] |
| Buying Lab Networking Hardware Posted: 14 Jun 2022 12:22 AM PDT I hope this post doesn't run afoul of the rules. I'm tasked with replacing a lab environment at our company. This lab will be used for testing by developers of networking software, so the requirements are a bit odd. I'm looking for 6-8 routers with the following features:
What I don't need:
I guess my problem is visible from the requirements: I'm looking for stuff that is old enough that manufacturer websites probably won't even list it anymore and the licensing stuff tends to be buried deep anyway. And if I have to buy new licenses, that will probably eat up all cost savings of buying used, old hardware. It also probably has to be a model that was popular at some point, or I won't be able to find several of them. To handle one expected question from the start: Virtual devices are not what I'm looking for. We have those too, but for some stuff, real hardware is required. I hope someone here can point me towards a fitting model (or even just a manufacturer), so I can start hunting. [link] [comments] |
| Question about Dynamic NAT/Overload Posted: 14 Jun 2022 12:35 PM PDT I'm trying to set up a BOVPN, typically I do this with private IP space for phase 2 connections, but because of IP conflicts between sites, I'm not able to do that. This may be a basic question, if I'm NATting my tunnel traffic to a public IP on my Firewall for access to a jump box on the other end, will I get issues if my public traffic from that IP also attempts to access hosted resources on the other end that AREN'T attached to the tunnel? Example would be: Sorry if its basic or poorly worded. [link] [comments] |
| Command to check optical power in cisco 7600 router Posted: 14 Jun 2022 12:54 AM PDT Have 1000base-lx/lh SFP tranceiver connected to Gi1/5 port. Need to check optical power of the same through command line. Show interface transceiver detail- only shows the Te7/1 port which has zenpak-10gb-zr module. Any help will be much appreciated [link] [comments] |
| Multiple NAT overloads on IOS-XE issue Posted: 14 Jun 2022 05:26 AM PDT So, I have 2 PAT statements, as below, Ip nat inside source list ACL-1 interface Tengigabitethernet1/0/2 overload ! Ip nat inside source list ACL-2 interface Tengigabitethernet1/0/10 overload ! ACL-1 & ACL-2 are identical... Routing is preferred over the first interface Te1/0/2...but I'm seeing traffic being NATd with Te1/0/10 interface IP address. I confirmed there's not a single route point out this interface, so little confused how's outgoing traffic is being NATd here. [link] [comments] |
| Posted: 14 Jun 2022 01:53 PM PDT Any folks working retail store networks have recommendations for WAN and LAN? Currently using Meraki but the team wants to get away from it for previous headaches and promises not met. Open to whiteboxing and using like a PA VM if someone is doing that. WAN/Edge requirements are split tunnel, IPSec, HA, content filtering and firewalling. LAN requirements are basic L3 segmentation which we could use the WAN/Edge device for L3, these aren't huge sites. What are some solutions you're using, do you like them and were there any gotchas along the way that you learned? [link] [comments] |
| Implemented NAC and no ip assigned from DHCP Posted: 14 Jun 2022 01:30 PM PDT Implemented NAC and no ip assigned from DHCP. Hello, We have cisco switches and checkpoint firewall in our organization. We have implemented ISE NAC and seems like the authentication part with the certificate done perfectly.computer connects to a switch ,switch sends request to ISE(NAC SERVER) which verifies computer has a certificate from the CA, assigns the computer with a VLAN tag based on the security group he is in (based on AD).goes back to checkpoint FW which then proceeds to the DHCP relay i setup (with my DHCP &ISE servers).and by that point my computer is not receiving any ip , for this scenario it should get 192.168.40.0 vlan. After sniffing both FW and DHCP server i can see that the FW gets a dhcp request from the computer , but computer cant reach the DHCP server(window dhcp server).went trought the FW rules and basically did exactly as shown "here"(if you'd like me to share the video) which resembles my network topology .seems like my computer is able to send a request to the FW but client doesn't receive DHCP. switch is configured as dot1x port and i have 2 trunk ports that are familiar with the vlan , plus vlan itself knows how to approach the dhcp relay with ip-helper address . Does anyone have an ideaaa where this thing can be stuck. [link] [comments] |
| Windows NPS Machine Cert after Log In Posted: 14 Jun 2022 08:25 AM PDT I'm setting up a Windows NPS to allow machine authentication to our SSID. Currently the machine connects to the SSID at the sign in screen, but once logged in the device disconnects from the network. When trying to reconnect we receive the message "Can't connect because you need a certificate to sign in" Shouldn't everything just carry over from sign in screen to actually being signed in? [link] [comments] |
| Summarizing/Aggregating BGP routes from a peer Posted: 14 Jun 2022 05:00 AM PDT I'm spitballing some ideas on the best way to do this (trying to keep it simple). Basically my core N9K is hitting its limit for the amount of routes and I'm looking at summarizing/aggregating from up the chain. I've tried upping the tcam limit but that did not work out the way I thought it would (long story) so i'll revisit that later but for now, until I get some downtime, how would I best try to reduce these routes: External ISP -> Firewall -> Nexus. Basically given over 7k routes into AWS (Direct Connect) from the ISP . Firewall handles it fine, Nexus is crying that it can't add routes to the fib etc etc. Firewall is doing bgp (running quagga) and looks like I can run some advanced bgp commands via cli using aggregate as-set summary but there are a tonne of mostly /24's which are not inline so I can't put them all down to a /16 or lower as some won't match that statement. Seeing as the Nexus doesn't support auto summary, is there a way to simply aggregate/summarize any route from the external ISP's AS or from AWS's community tag before the firewall redistributes it? Rather than me going through all the routes manually? Maybe ask the ISP to do this instead? Does that make sense or am I over complicating it? OSPF is injecting a default route already towards our other plain ISP for everything else. I haven't involved TAC yet but can do just to see what they say, worst case, I could probably remove peering from the Firewall to the Nexus but if I can learn something, that would be ideal. Thanks for listening. [link] [comments] |
| Posted: 14 Jun 2022 03:53 AM PDT I've received a ASR9001 RMS with an old 4.3 image on it. I've loaded the latest image (6.8.2) and done install but it fails probably because it's too big a leap. The actual error says about not enough space but apparently that is the error you get if you try to skip too many images. As the ASR9001 is currently blank can I do a turbo upgrade and go straight to the latest image instead or will I have a similar problem? Thanks [link] [comments] |
| Core Switch for Cisco C1000 Access? Posted: 13 Jun 2022 12:24 PM PDT We are in the early planning stages of an office network refresh for a small/medium IT-Company with around 120 people. The existing network has been around for about 10 years and consists of Cisco SG200/300 for the access and a stacked Cisco SG500 as the "core" and connection to an OPNSense Appliance. For the new access I was thinking to go with ~10 Cisco Catalyst C1000 48T-4X switches as 1Gbit ports are enough for our workstations and we don't need PoE. For the core I was thinking 2x Cisco Catalyst C9500-16X in a stacked config. The main reason for the switch to the Catalyst series over the Cisco SGX50 line was the availability of IOS and therefore the possibility for ansible management (which we use heavily for our cloud infrastructure). Although I learned networking and cisco specific commands in university I lack the experience and practical knowledge one gets while working with the gear. Is this a good combination or am I overlooking something compatibility wise or are there any better suited alternatives? Is it ok to mix switches without Cisco DNA (C1000) with a core that does come with DNA (mandatory for C9XXX series) and perhaps most importantly how long are those switches typically maintained for regarding software and replacement units? Thanks and please let me know if there is anything missing to give a helpful reply :) [link] [comments] |
| High quality headset for service windows in a data center/switch/head-end, etc? Posted: 13 Jun 2022 09:11 AM PDT Hi Reddit, Im wondering if any of you havr recommendations for a really good headset for communicating on a bridge for onsite support? Some requirements that come to mind:
Wondering if any veterans have a good recommendation? Ive tried a few but im ready to drop some serious coin. Thanks guys! [link] [comments] |
| Posted: 13 Jun 2022 11:54 AM PDT Hey Guys, I have several WS-C3560X-48P switches running c3560e-universalk9-mz.152-4.E10.bin. I'm trying to make Netflow work with SolarWinds NTA, but it's not working. SW(config)#flow record ipv4 SW(config-flow-record)#! match ipv4 tos SW(config-flow-record)#match ipv4 protocol SW(config-flow-record)#match ipv4 source address SW(config-flow-record)#match ipv4 destination address SW(config-flow-record)#match transport source-port SW(config-flow-record)#match transport destination-port SW(config-flow-record)#match interface input % Incomplete command. SW(config-flow-record)#collect interface output % Incomplete command. SW(config-flow-record)#collect counter bytes SW(config-flow-record)#collect counter packets SW(config-flow-record)#! SW(config-flow-record)# flow exporter NetFlow-to-Orion destination x.x.x.x source Vlan transport udp 2055 export-protocol netflow-v5coll ! flow monitor NetFlow-Monitor description Original Netflow captures record ipv4 exporter NetFlow-to-Orion cache timeout inact 10 cache timeout act 5 ! [link] [comments] |
| Are there any issues renaming cisco firmware? Posted: 13 Jun 2022 06:25 AM PDT I recently start field supporting hardware. I want to make a flash drive with several firmware updates for deployment. Can I rename the .bin file to 9300.bin or 3850.bin to organize and shorten commands? Or will it show up as the file name in the flash when I am done. [link] [comments] |
| Palo Aalto Certifications Value Posted: 13 Jun 2022 09:33 AM PDT Recently I got my CCNA cert and loved the knowledge as well as the value I got from the cert. I wanted to see what people thought of Palo Alto certifications specifically the PCNSA, I am interested in pursuing it and seeing what I can learn. I wanted to see if people could tell me how much weight it holds in terms of employers and stuff? Is it a know relevant cert or is it still gaining popularity? [link] [comments] |
| Is it worth pursuing a senior network engineer position? Posted: 12 Jun 2022 07:44 PM PDT I'm not sure if this would be better suited to r/ITCareerQuestions but I figured I'd ask here since I might get some more experienced answers. I've been working as a network engineer for about 4 years with 2 years at my current company. They just let the senior engineer go for not taking the lead on a lot of networking projects and not taking ownership of issues. They'll be posting the senior job posting soon and I've been invited to throw my hat into the ring if I'm interested. I already head up a number of improvement projects on my own and had my hands on all of the major projects the senior was working on but I also am relatively insulated from the politics of the job as a junior. I make a comfortable wage where I'm at and anything extra would really be icing but I'm wondering whether moving up right now is the thing to do. I plan on staying with the company for at least a few years but turnover has been high for the past few years so my stability is not guaranteed. My gut instinct is to keep my head down and get more experience as a junior and maybe earn my CCNP before moving on. I also don't know how likely I would be to get the senior position if I applied since one thing that has been mentioned is that getting a well experienced senior in the role could lead to someone to mentor me as I progress. If you were in my position what would you do? Also what areas of knowledge or ability would you say delineate a true senior engineer from a junior or mid-level network engineer? [link] [comments] |
| How do pros test and quantify your WAN link quality? Posted: 13 Jun 2022 02:04 PM PDT What is the good practice way, how do pros do this? Stuff like hard to notice, transient packet loss, unavailability, hiccups, routing problems (including on distant routers, internet exchange points), subpar bandwith, latency spikes etc. Including problems occuring on some traces/with some hosts, but not others. What tools you use, do you test with any 3rd party hosts. Basically making sure internet connection can be depended on at all times, predictable, as stable and performant as you can get. [link] [comments] |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment