Why was I told I can only use half the ports on a switch? Networking |
- Why was I told I can only use half the ports on a switch?
- Quickest way to prune trunks to active vlans only (Cisco)
- subnet with 65,000 DHCP addresses
- Realistic Client Traffic For Labbing
- Proxy recommendations
- WDS failure on Intel Ethernet Connection (11) I219-LM
- Way to graph up ports on Cisco or Extreme switches using SNMP
- IOS xrv9k EVE-NG
- Cisco Live Sessions
- Blink Cameras in the enterprise?
- Multi-WAN Internet Connection over Proxy/VPN Server to allow Port-Forwarding to Server
- What Is The Best Way To Deploy AnyConnect In 2022?
- How can i write a script to run when a specific event occurs against a firewall ?
- BGP Load Sharing and redundancy
- Thoughts on TP-Link Omada products
- Policy based routing vs static route
- My Recent Job Hunting Experience
- Why must I reboot all APs when I reboot router?
- Network cable identification? Armored outdoor rated, where can I buy more?
- Reached Azure Vnet gateway limit of 30 S2S VPN
- Juniper licensing on used MX960, MPC5E, and other speedy gear.
- Choosing a BGP edge router
- RDP drop outs with a Site to Site Connection
- Adding Tagged VLANs To Port Makes Switch Unresponsive
- Weird IPsec behaviour
| Why was I told I can only use half the ports on a switch? Posted: 16 Jun 2022 12:55 PM PDT I had a Sr Eng I worked under last year who told me if I had a 24 port switch, you actually only have 12 that you can use, but I can t recall why. Does anyone think they know what he may have meant? [link] [comments] |
| Quickest way to prune trunks to active vlans only (Cisco) Posted: 16 Jun 2022 12:36 PM PDT "What's vlan pruning?" ...said the previous admins at this site. I have a Cisco distro switch with 51 trunks that are wide open, no pruning. Several down stream switches have trunks as well. What's the fastest, sanest method to determine the active vlans to make a switchport trunk allowed vlan X,X-X statement? VTP pruning is a no-go. I'd rather not crawl through every access switch if I can help it. [link] [comments] |
| subnet with 65,000 DHCP addresses Posted: 16 Jun 2022 01:30 PM PDT disclaimer, I'm a Windows guy so I have no idea what I'm doing with networking, please be gentle. I started a new job and the guy who handled the networking left, and I can't reach him or I would ask him. We have a site that is set up for DHCP and the subnet range is 10.27.0.0 to 10.27.255.54. It's over 65,000 addresses, but we're getting messages from our Meraki MX84 that we're out, and I don't understand why, or why the subnet was set up that way. I'm only a little familiar with a subnet concept like 10.27.27.1 - 10.27.27.254. Thanks! [link] [comments] |
| Realistic Client Traffic For Labbing Posted: 16 Jun 2022 06:57 AM PDT I'm finding it's harder to generate traffic that is relevant for things like SD-WAN policy validation in a lab environment, especially SaaS apps that might be match by particular hostnames or IP ranges. My dream tool would allow me to place agents throughout the network that generate a constant flow of realistic application traffic, so that the lab was more akin to a prod environment. Cisco TRex has quite a few profiles, but still seems somewhat limited due to the way it uses IP ranges. Many of the others are more focused on generating traffic load in bursts. I was considering scripting button clicks etc in Windows clients, but that seemed somewhat prone to failure and hard to maintain. Has anyone else solved this sort of problem? [link] [comments] |
| Posted: 16 Jun 2022 02:10 PM PDT What would you guys recommend at the moment for a Proxy? We need to replace our sophos UTM proxies which are complete dumpster 🔥 [link] [comments] |
| WDS failure on Intel Ethernet Connection (11) I219-LM Posted: 16 Jun 2022 08:26 AM PDT I work for IT at a college where we have thousands of computers. All of our computers PXE boot and run SCCM/WDS just fine with no issues - except for computer models that have this specific Intel NIC - Intel Ethernet Connection (11) I219-LM (and it's the "11" that matters - that's some kind of generation maybe?). That model of NIC is having a bizarre issue while PXE'ing. It never actually arrives at Windows PE or WDS - it's failing at the very first step - the step that downloads the NBP file. I've attached a link to a Wireshark capture screenshot of what it's doing (so, this is on the client end). You can see that the NIC/PC receives 4 data packets (out of order, 1, 3, 4, 2), ACKnowledges block 1 (twice), then receives 2 and 3 again, then ACKnowledges 2, then gets another series of blocks out of order, including 2 again! Because of this, the computer never actually downloads the NBP file before timing out and the computer never PXE boots. Some things we've tried:
Screenshot: https://drive.google.com/file/d/1ODY_aN2q4eIz2Xym1RthuZaEpqEd_O9q/view?usp=sharing [link] [comments] |
| Way to graph up ports on Cisco or Extreme switches using SNMP Posted: 16 Jun 2022 02:34 PM PDT Hi, I've been given a task to graph the port status on our user switches over the day so we can see how many ports are in an 'up' state throughout the day. Using SNMP has anyone managed to do something similar? I was looking at this as it shows down ports, so maybe it does up ports to. https://grafana.com/blog/2022/02/01/an-advanced-guide-to-network-monitoring-with-grafana-and-prometheus/ I do have a Grafana server, but is there anything else out there? [link] [comments] |
| Posted: 16 Jun 2022 02:04 PM PDT Hi, anyone is using ios xrv 9k on eve-ng? I'm using 6.6.3 image and installed correctly (i guess) i followed the eve-ng guide, anyways after it boots I have no interfaces in it except the MGMT even, and when I try to configure interface gi 0/0/0/0 for example it turns to preconfigured interface. I'm unable to have connectivity between my routers and I needed for segment routing lab, can anyone please help thanks [link] [comments] |
| Posted: 16 Jun 2022 01:56 PM PDT Just finished my first Cisco Live, I feel like I got a ton out of the sessions, but looking back at my sessions completed I feel like I maybe could have fit one or two more in. I want to make sure I maximize my time next year, so I'm curious, how many sessions would you say is a "full load" for Cisco Live? I know it's a loaded question as not all sessions are created equal and everyone is going with different ideas in mind, but assuming primarily 45 minute technical sessions, how many are you all completing? [link] [comments] |
| Blink Cameras in the enterprise? Posted: 16 Jun 2022 03:16 PM PDT Been tasked to test out these devices as an easy/instant solution for video monitoring areas. We have cameras throughout the campus but we get these one offs and this device seems end user friendly Has anyone used this in their environment? Kinda worried about security since it's meant for home use. Thank you [link] [comments] |
| Multi-WAN Internet Connection over Proxy/VPN Server to allow Port-Forwarding to Server Posted: 16 Jun 2022 04:43 AM PDT Hey, i'm trying to improve the internet connection for a small business, which is unfourtunately located somewhere where installing a fiber connection is pretty much financially impossible. It does however have two slow DSL copper lines, as well as line of sight to multible LTE towers, which offer about 30Mbit/s up, 50Mbit/s down per connection. So i looked into Multi-WAN solutions, however those allow only one connection for each application, and the business also needs port-forwarding capabillities for a small server they host. So i was wondering if it's possible to load balance the traffic over a proxy or vpn server in the cloud (2Gbit/s in, 2 Gibt/s out) with a dedicated ip, so that any single application isn't limited to just one connection, and so that port forwarding is still possible. Specifically i was thinking of getting an Ubiquity Edge Router 12 for the multi-WAN load balancing capabillities, with a Cisco FRP1020 behind it, which should have the ability to route all the traffic over an vpn server. However i don't know if it's possible, and how to, set the Ubiquity E.R. up, so that it splits the "single" VPN connection over multible Internet/WAN connections towards the same vpn relay server. Are there any other routers or solutions that are more suited for this kind of WAN aggregation? Thanks for any help in advance! [link] [comments] |
| What Is The Best Way To Deploy AnyConnect In 2022? Posted: 16 Jun 2022 09:52 AM PDT I have been hosting AnyConnect on an ASA5516-x in our primary data center in one of our regions. At the time of the install (3 years ago) FTD was a dumpster fire so I flashed it with the ASA code so I could use SSH/ASDM to configure and manage it. For actual firewalls, we use FortiGates but I'm not a fan of FortiClient because it can be buggy. I have a project that I'm in the beginning stages of where I am going to host AnyConnect in two other regions. One instance will be in AWS, the other will be in another data center with hypervisors that could run ASAv or NGFWv (Cisco Firepower) or physical firewalls. So I'll end up with 3 regions that our users could connect to for VPN. All traffic filtering from the clients to the internet and internal networks will flow through the FortiGates. All inbound connections to AnyConnect will also go through a FortiGate for IDS/IPS, DDoS, and other protection policies. So I don't strictly need the IPS on the devices hosting AnyConnect. The advice I'm hoping you all could provide is should I be trying to run the ASA code still or start looking at Firepower again, or are there other options? I can't seem to get a clear answer on if the ASA code will stop receiving updates any time soon. [link] [comments] |
| How can i write a script to run when a specific event occurs against a firewall ? Posted: 16 Jun 2022 01:32 PM PDT Working towards my CCNA - After reviewing the concepts of firewalls Im curious if there was a way to implement a script only when a certain criteria is met - For instance if a hacker sends a Dos attack from the same IP address ( assuming their not changing their IPs after each attack ) a total of 3 times, the script runs and the firewall doesn't only drop the flagged packets but captures the attackers IP and proceeds to mirror the Dos attack ( or whatever attack the hacker is currently trying to implement ) and then forwards that attack back to the hackers IP. I know its far fetched but if learning how to simply run a script when a criteria is met on any networking device, firewall, router, switch would be really cool. [link] [comments] |
| BGP Load Sharing and redundancy Posted: 16 Jun 2022 09:01 AM PDT Right now I'm load sharing the traffic between 2 different ISPs that are connected to the same router. NET245 prefix list has 1 Public IP subnet and NET240 prefix list has another public IP subnet. All private IP addresses are NATed to either of these public IP subnets. What I want to do is, if the link to ISP A went down, the subnet that was supposed to go through this link, goes through the other link and vice versa. Any idea how to do this? Also, I'm not sure if I'm doing the load sharing correctly or if there's a better way to do it. Any help would be really appreciated. I'll post the BGP configuration below. [link] [comments] |
| Thoughts on TP-Link Omada products Posted: 16 Jun 2022 08:54 AM PDT Good morning. I needed a PoE switch for our new phones we are getting in a few weeks so I ordered a TP-Link TL-SG3428MP PoE Switch. Didn't know it used the Omada controller at the time of ordering. I've since done some digging and it seems there are a whole host of products that use the Omada controller. I'm now considering getting the gateway device and possibly the ceiling mount wifi access points so I can control everything from one interface. Just wanted to get some opinions from others that have used TP-Link Omada. Have I made a horrible mistake getting this switch? Will I only make things worse if I expand on this platform? I work for a small municipal government and we can't always afford the top of the line equipment so price is a big factor. Thanks. [link] [comments] |
| Policy based routing vs static route Posted: 16 Jun 2022 04:38 AM PDT I'm confused about if there's a difference between PBR and static routes. Lets say I have a network with subnet 10.200.30.0 and I configured the following static route, ip route 10.100.100.0 255.255.255.0 10.100.200.1 What's the difference between the static route above and creating a route map that matches an access list with 10.100.30.0 permitted and setting next hop to 10.100.200.1 and applying the policy based routing to the router's interface? Edit: 10.200.30.0 instead of 300 😂 [link] [comments] |
| My Recent Job Hunting Experience Posted: 15 Jun 2022 08:29 AM PDT TLDR: The networking job market still seems very hot right now, even for fully remote positions. Your mileage may vary. Sankey diagram. Quick facts about my job hunt below:
Saw a post recently about how hard it is to find a job in this field right now but my own recent experience was very different from that of the OP. I kept a spreadsheet of all my applications from a recent job hunt so I figured I would share my own experience along with some light stats/diagram. I just don't want anyone getting discouraged because the market is definitely still hot if you're looking in the right places and being smart about your application process. Some background about me: I have about 6 years in network engineering with somewhat of a focus in a couple popular security appliances. The only certs I have are CCNA and Security+. In early May I left a very toxic/crazy job that I was burnt out from. It was a pretty dumb move as I did not have anything lined up but I was just sick of it. I don't recommend leaving your current position until you have an official start date and have cleared background checks, etc. at your new position. What I found from the application process was that recruiters are far more useful than randomly submitting applications. Recruiters made up less than 1/4 of my total job leads but 2/3 of the interviews I got. I had more than one recruiter submit me for multiple roles that they were working. The first thing I'd recommend doing if you're searching for a job is updating your LinkedIn/Indeed/Dice/whatever job site profiles to add your job experience and relevant skills at a minimum. Make it as easy as possible for recruiters to find your profile, see your experience, and contact you. Odds are you'll get hit up with several emails/LinkedIn messages from them per week. My experience from the interviews I did was that many places were desperate for people, especially if you're willing to work on a contract (almost all roles I interviewed for were W2 contracts). 2 of the 3 offers I received were given after only 1 interview, not including initial call with the recruiters. One didn't even have a technical portion of the interview. Honestly, I'd stay away from positions that give you an offer with minimal interviews. My previous job that I left had a single, easy interview with just the hiring manager. That ended up being because they were desperate to fill seats due to high turnover. The 2 offers I passed on also seemed like they were just desperate to fill seats in high stress environments. I'd view any offer that comes after a single, easy interview as a red flag. Expanding off that, use the interviews to ask as many questions as you can about the role. Make sure that you have a chance to speak to actual members of the team you're joining, not just the hiring manager. Ask about what their day to day looks like and whether or not they like the organization. Team culture is more important than overall company culture in my opinion. I've worked on a great team in a bad organization as well as a bad team in a highly rated organization. Interview them as much as they interview you. This is getting long so I'll stop there. I'm happy to answer any other questions in comments. [link] [comments] |
| Why must I reboot all APs when I reboot router? Posted: 16 Jun 2022 09:49 AM PDT My LAN comprises an ADSL-with-4G-fallback router and four access points essentially providing wifi connection (same SSID) to mobile terminals and lots of smart objects. The APs are wired to the router (1 of them through an unmanaged switch and two others daisy chained) I have noticed that when I need to restart the router, sometimes desktops wired to the APs fail to get an IP as well as some of the mobile clients and smart objects, so that I specifically need to reboot all of the APs once the router's back up. Would anyone see what could be wrong with my setup? [link] [comments] |
| Network cable identification? Armored outdoor rated, where can I buy more? Posted: 15 Jun 2022 09:24 PM PDT Hey guys, I'm helping a new client and they will need a longer run of armored outdoor rated network cable to run from their trailer to aggregate processing equipment. I'm thinking about 75ft. Here's an image of their cable that's too short. Who would be a good vendor to go through for this type of cable? From what I can tell it looks like it runs about $10/ft, does that seem right? [link] [comments] |
| Reached Azure Vnet gateway limit of 30 S2S VPN Posted: 15 Jun 2022 08:39 PM PDT So i just realised today that there's max limit of 30 S2S connection for the VpnGw1 SKU (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways) Just wondering if anyone faced the same and what did you decide on? I'm thinking 2 options A: Upgrade the virtual network GW SKU to a Gen2-VpnGw4 that allows 100 S2S connections or B: Create another Vnet and Vnet GW (Gen1-VpnGw1) + peer both Vnet [link] [comments] |
| Juniper licensing on used MX960, MPC5E, and other speedy gear. Posted: 15 Jun 2022 11:50 PM PDT I'm looking to upgrade an EX8208-based network from 10Gbps to 100Gbps on real router, which would in this case be a business surplus MX960 from the well-known auction site. All the specifications seem to be sufficient hardware-wise, however, some questions remain before my accountants pull the trigger on the purchase. I'm turning for you for some help with the licensing and deployment of a used MX960. Currently, the plan is to use it with a 100G MPC5E, and add cheaper linecards to drop the network to individual racks, as one does.
Thanks in advance! [link] [comments] |
| Posted: 15 Jun 2022 05:50 PM PDT Hey guys, long time no talk! I am working for an enterprise that previously had no ASN or IPv4 assignments until me. We are looking at trying to size a router. We want 3 10 Gbps ports for multi homing to 2 providers and then backhaul into our network. I prefer 2 full routing tables. 2 full routing tables is currently 2.1 million routes. I want this because I prefer to have best path "load balancing". I know it's not load balancing but I don't like the idea of just getting a default route. I'm willing to compromise and get partial tables from my providers. I am looking at the Juniper MX line. MX150 almost has what I'm looking for. MX 104 mighty be overkill. Do you guys have any suggestions on a good edge BGP box for these requirements? [link] [comments] |
| RDP drop outs with a Site to Site Connection Posted: 16 Jun 2022 07:16 AM PDT Hi everyone, Just wondering what I should be looking at in this situation as the issue is that a client consist of 10 employees and this issue seems to happen with 3 people specifically. What happens is that they use the microsoft Remote Desktop service application and connect to our datacenter for their VMs. They're connected via site to site on IPsec to us with a Cogent 100/100 pipe on their end. I have contacted my reps with Fortinet and checked the tunnel and we all saw that its running fine so I ruled that out. I replaced the switch and wires at the network rack in their office but the same 3 people seem to have a packet drop/loss for like 1-2 seconds and it causes the RDP to drop for them. They reconnect with no user input but the thing thats bothering me is that only those 3 users are getting drops and everyone else is fine. Im going to network test the cables from their offices and see if they need to be re done at the ethernet head ends. So not sure what else to look for as before I would want to say February 2022, they were working fine in and out of office but once they came back these drops started to occur so not sure where or why or how this started happening. Are there any tools or methods to clean up the network? Im just left baffled because they're upset and I believe I have tried everything I know I can do minus redoing the wires but they were all working fine before and all of a sudden this has been occurring as of late. Any help or input would be great. If you have any questions to help examine this further let me know! [link] [comments] |
| Adding Tagged VLANs To Port Makes Switch Unresponsive Posted: 16 Jun 2022 06:52 AM PDT I thought I had at least intermediate networking knowledge/experience, but this problem I'm having is making me feel like I must know nothing. I'm working on a remote site with Aruba 1930 switches. I downloaded the config file for one of the switches. I changed this line: to this: Then I rebooted the switch and now it is completely unresponsive and everything connected to it is unresponsive too. I need to have someone at the site factory reset it with a paper clip. The VLANs were already created and included the config file I originally downloaded: All other formatting is the same, I only changed that single line, kept the indenting the same, everything. I changed "101" to "101-120", that's it. I have that same line in place on another switch and it's fine. How can that cause the switch to become completely unresponsive? If I can't update this with the plain text config file that means my only other option is to go into each of the separate 20 VLANs and add that port tagged. I feel like I'm losing my mind, I'm so angry [link] [comments] |
| Posted: 16 Jun 2022 01:50 AM PDT Hi everybody, I work in a MSP company and we're experiencing a strange situation on a customer VPN. The topology is a classic head office---> 3 branch offices, the whole architecture is Sophos XGS based, head has 2 firewalls in HA, the 2nd branch same config and branch 3 and 4 one firewall. VPNs are IPsec Strongswan based. What is weird is that main and branch firewall swap their VPN role. Head office fw is the responder and the 3 branch offices the initiator for their single VPN (3 tunnels at all). Ok, they act like the opposite, head works as initiator and branch as responder. First time It happens and can't find answers about that even from Sophos forum. Any idea? Thanks a lot [link] [comments] |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment