My pc has 3 rj45 Lan sockets (1 on the motherboard and 2 on a network card) and I wanted to use them all with separate IPs. This is for connecting to a games server with more than 1 account.
3 accounts, 3 separate IPs, 1pc. I'm assuming, if it is possible, I will require a VPN or something as my isp will not give me more than 1 IP.
a) Is it possible to set up more than 1 IP from a single pc with VPN?
b) are there tutorials on how to set it up on win 10?
Thanks in advance for your help.
I am trying to think about how it all works, Tello is supposed to be CDMA, and it requires the IMEI number. But when I take out the sim card, my phone says 'Emergency Call only". Isn't CDMA only run off of the MEID?
If I reuse the IMEI/MEID on another CDMA network (let's say Verizon), would the phone still work on both networks as long as I swap SIM cards?
This is probably a long shot but the last 2 days have been rough. We've been running 18.4R3 on this cluster for close to 2 months and in the last 2 days we've had the cluster lock up twice with 0 core dumps. First node0 stopped routing traffic early Friday morning. Only it's 1 gateway interface was pinging. I drove into work and plugged a console cable in directly with no response. Activity lights were live and no alarms.
I connected to node1 and it was set as disabled and ineligible to take over the resources. Looking into it the HA was down but the FAB was still receiving heart beats so to prevent split brain node1 disabled itself. I had to hardboot node0 and it came back up fine. I had to initiate a reboot on node1 to remove the disabled state. Everything came back up with no issues. I thought maybe this was a hardware issue on node0 so I decided to turn it off and run on node1 through the weekend.
Sure enough 11 hours later node1 did the same thing. This time I couldn't ping any interfaces. I drove into work this morning and it did the same thing. Console port didn't work at all, but there were still activity lights. I had to reboot it to get in. I pulled RSI and a log package and contacted JTAC. While waiting for them to process the logs I decided to look through them and sure enough there was nothing in the logs that was useful.
When the SRX locks up the it stops logging so there is a gap from the time it stops to the time it reboots.
JTAC was useless because there is nothing in the logs and they need a core dump, but to get a core dump I'd have to actually be able to get into the device before I reboot it which so far hasn't been possible.
Needless to say after working 8 hours and driving to work twice over what was supposed to be my long weekend I ended up reinstalling 15.1 on these which is what they've been running in the last 3 years with one hiccup where it stopped routing to its next hop. My assumption is that this is a software bug that was triggered by some conf change that was made before Thanksgiving. The conf change being adding a few hosts to a firewall rule.
Has anyone seen this issue on 18.4? I have a number of routers (SRX300 series) running 18.4 but this is the only 4200 running it.
Come from IT background but need a refresher on VLANs / Networking so I am looking to learn more about VLANs for small businesses (under 50 users) and how they work with Firewalls, Switches & AP's. I will be buying some old hardware to setup a test lab but have some queries before I buy the wrong hardware.
1) Should I be getting a Managed or UnManaged switch for VLANs? The difference between them (from my understanding) is I can assign different ports to different VLANs but that's the main difference in terms of VLANs? Or is there something else?
2) If I have a FortiGate or Draytek Firewall I believe any Managed Switch work with it? But is there a make/model which is the best go to one?
3) Is it common to deploy different brand managed switches than the actual firewall and if so whats the benefit? I have been to a few client sites and noted they have Drayteks with Unifi Switches and also FortiGates with Unifi switches at other sites, is this because its easier to manage?
4) Any recommendations for books or online courses on general networking ?
5) Is there much difference between a Draytek 2832 & 2862? The 2832 are a better price for a test lab but is the functionality similar to the 2862's as these are what a lot of sports seem to use.
I can configure "snmp-server user TESTUSER TESTGROUP v3 auth sha PASSWORD1 priv aes 128 PASSWORD2". But this user information, such as username, auth and encryption, does not show in running OR startup configuration.
But if I do "show snmp user", the information shows up… IOS-XE 3.6.10.
I need to scan a pretty big network (several /16s overall, but fairly sparsely populated) to see what's attached to it. There are a lot of VLANs in use, generally using one /24 subnet per VLAN.
Not everything is on a domain. Not everything is in DNS. Not everything is even routable to a single point - some of the VLANs only have one routable machine and a heap of others using local IPs. I can't take the alternative approach of using something like 802.1x and making everything register because this is an existing network that can't be drastically changed.
I know about nmap but for a range as big as this it seems pretty slow. In any case it feels like it needs to be done on the switches somehow to see into all the VLANs, but I don't think I've seen any tools for doing that?
What do people use at this scale?
I have a Ubiquiti Ptp 900mhz wireless bridge that’s great for connecting networks in 2 bldgs. For our other outbuildings I want a ptmp bridge, but I don’t want extra WiFi equipment at the client / subscriber end. Ie I want the bridge equipment to double as an AP at the remote end.
I don’t think the ubiquiti range can do this, I see that one older model of TP-link has something called “bridge with AP mode”
Can someone direct me to some kit that will do this? Ie Ptmp bridge with integrated AP at the far end.
Oh yes... ... The farthest point is 1000+ feet with some trees in the way. And another site is closer (~400f) but in the forest So ideally 900mhz
Thanks in advance
I have picked up a Fortiswitch 124E switch and Fortigate 60E firewall to put together a lab environment. We are a 100% Cisco shop so this is to look at using different hardware at our smaller locations, but I have NO prior Fortinet experience.
THE SETUP: A cable modem is connected to the WAN port of the Fortigate, and port 1 is then connected to the Fortiswitch (a copper SFP in port 25). There are 5-6 VLAN's setup on the Fortiswitch with SVI's. Layer 3 routing is used to connect the Fortiswitch to the Fortigate via a small stub/transport network. They are setup as separate devices; the switch is NOT FortiManaged. Everything is communicating properly between VLAN's and to the Internet.
THE PROBLEM: Throughput between the VLAN's is abysmal! I am getting ~1.5 Mbps on both the Gig ports and a 50Mbps WAN connection. I have pretty much ruled out the Fortigate, as connecting directly to the inside interface achieves the expected speedtest results. While there is connectivity between VLAN's they are very slow. Internet connectivity is slow as well.
CHECKS MADE:
HELP! I am at a loss and with being new to Fortinet, not even sure where to begin. There are no obvious errors, alarms, and anything that I can find wrong. Everything seems to be working between VLAN's, just slow. I haven't been able to find any "cookbooks" or similar problems on the web. Any suggestions of what to check or help is appreciated!
I am speaking strictly layer 2. If a naive switch were to forward a frame with FF:FF:FF:FF:FF:FF as its source mac and a even more naive client would respond to that frame, this time with the broadcast address in the DST, it could lead to some undesired results. If the original frame also had the DST set to broadcast and we had multiple of these naive clients, all hell would break lose. This is why I think switch implementations simply drop frames with multi- or broadcast as their SRC.
But what I want to know is if there is a specific standard like a RFC that specifies this? Or is this just in the discression (and maybe best interest) of the switch implementation?
I recently purchased a Dell poweredge R720 for my homelab. (Didn't have a rack mounted server yet) It will arrive till end of December. In the meantime am searching for a 24port managed switch with sfp+. I focused on Mikrotik CRS326-24G-2S+RM or Unifi USW-24 GEN2 with the lcd screen. Mainly I want a managed switch with a colored touch screen in the sub $350 space. Just geek stuff and learning in my homelab. Most probably sth from ebay from Europe. Every suggestion welcome. (LCD is just because I like this kind of blink and am fond of things like grafana. Probably I can't display on this screen, widgets from Grafana, but if possible I would like a solution that gives me customization on what can be displayed-yaml? ) Thank you for your time, stay safe, greetings from Greece!
Hi all,
I have a project to propose to the business for out of band console access.
We currently have Raritan console servers connected to our LAN and they work great. I was given a task to check the possibility of having a true OOB setup to the likes of broadband and 4/5G backup.
I was thinking Raritan with a small Meraki appliance (Z3 maybe?) doing the routing and firewalling and leave the Raritan with local authentication. It would be great to have an alternative.
Does anyone know any good brands for both for broadband firewall/routers with 4G backup and console servers?
Hey all - I'm getting an AT&T circuit delivered to one of our sites in the next month or so and on the order it looks like they're giving me a WAN (A.B.C.D/30) block and a LAN (E.F.G.H/29) block and I find myself doing some mental gymnastics on how to use the LAN block.
For context, we are using Bigleaf SDWAN, whose HA routers require two publicly routable IP addresses (one each), in this case, two IPs from my /29. In talking to AT&T, it sounds like I need to use the WAN block with a router and then I can use my LAN block. So my question is, how have others approached this?
My thought is that I already need a WAN switch to split AT&T into both Bigleaf routers, so I'm thinking of getting a Cisco 2960X with IP Lite (unless I can do this with a LAN Base license) and on enter a static route? Something like "ip route 0.0.0.0 0.0.0.0 A.B.C.D"?
I generally consider myself decent with networking, but this WAN/LAN nonsense from AT&T has me stuck. Thanks so much for your help!
A few years ago SDN was the new hot topic. Cisco released ACI, vmware had NSX, and people were learning about Openflow. It seems like NSX ended making it out of that bubble.
After that we also started seeing more and more adaptation of SDWAN in the enterprise.And now we are in the Python and network automation phase.
I was curious what do you guys think will be next trendy technology in the networking industry?
If I create multiple virtual host adaptors on my local machine and connect my single physical NIC to a switch and then have that switch connected to multiple other switch ports, will I have access to the vlans behind those switch ports?
This is assuming my interfaces are configured correctly.
I don't really have enough equipment to set up a lab to test it out but in theory it should work right?
I could use usb ethernet ports and plug directly into the switch ports but I think using a switch as a splitter would be a better approach.
I've visited an anonymous chat site for a few months now. The chat consists of 2 strangers and a prompt which is entered by a 3rd person.
Over the past month or so the prompts have begun to get a lot more personal. For example, I've begun to watch an obscure show and a day later the prompt were a few of the lines from the opening song. This has happened many times with different subjects to the point where i'm certain it has something to do with my browsing habits.
Hoping someone could explain how this works!
Anyone knows where can I find vedge route, Vsmart, and Vmanage cisco ios file. Please help.
How can I login in sftp using a host with .onion It's a free server hosting ,and I was given a credentials with Host as .onion and Username ..... and port 22 How do I login using my Linux terminal
Hello! I'm sorry if this is not the correct place to ask questions like this. I'm using a Ryu 4.34 controller and I want to do packet matching based on tcp destination port. I printed out the dst_port attribute but an error shows up saying NoneType object doesn't have that attribute. And then I try printing the tcp part of the object (pkt.get_protocol(tcp.tcp)) and it says it's None. But I checked the packets using Scapy and Wireshark and it is an HTTP request packet so it should have a dst_port=80, right? I do the same thing for ethernet and ipv4 and they work normally, so I am confused as to why it doesn't work for TCP. Does anyone know what's up with this?
SSH Client with „Credential profile“
Hi all, I’m looking for a SSH client with the possibility to add a saved session to a defined credential profile. Background: we have several access methods on several devices (local, radius, tacacs, ssh key based) and therefore several passwords. I would imagine it like this: you can save a session and assign a defined “credential profile” to it.
Do someone of you know any tool which can provide this feature (for Mac or Windows).
Thanks!
So basically cause of COVID my term project is on packet tracer. I need to do IoT but apart form QoS this specific class hasn't taught anything about IoT best practice or IoT in packet tracer. It's only been 3 labs on configuring Cisco IP phones.
I digress, my idea so far are:
seperate vlans with one specific for IoT devices
QoS for the IoT devices, I know it's probably not necessary in a real world since their usage is so little but I need to fill a 4 page double column report about this.
ACL to allow traffic to enter the network from the IoT server, but disallowing IoT traffic from leaving the network.
That's it, I can't think of much else. I have a copy of Cisco IoT Fundamentals by David Hanes et al. But it doesn't offer any clear best practices.
Hi folks it looks like the C1000 doesn't take the "service unsupported-transceiver" command.
I've got a unit out in the field and we can't get the SFP to light up. At first it got thrown into errdisable, but we managed to get rid of that but still it doesn't work. We're running the usual BS about fiber at the moment...but I'd like to make sure I've got the switch stuff done right.
For some reason the command "service unsupported-transceiver" is not supported. Has anyone done this on the C1000 specifically? Maybe the command is deprecated because it is automatically supported? Or are we going backwards and 3rd party SFPs aren't accepted anymore?
Hi,
i'm looking for a device that acts as a IKEv2 CPE in a global Deployment with 1000+ sites.
The job is simple:
- Get basic IPv4/v6 Connectivity from internet CPE
- load a basic configuration and RSA Certificate from USB or Cloud-Based Controller
- Establish a IKEv2 Dynamic VPN to regional Hubs with BGP-based Route propagation
The Vendor shoud be able provide Hardware support on a global coverage with maximum 24h HW Replacement. There should be some sort of central Software and Configuration management. As little Scripting/Own development as possible.
Currently my plan is to deal with Cisco ISR1011 or ISR921 in combination with an eToken solution. OK with routing capabilitys, global support and best known Platform in my operations unit. Unfortunately worst Price/IPSEC-Performance and quite expensive management-appliance (DNA-Center)
Another idea is to use Fortinet 40F in combination with a Fortimanager as Controller... very good Price/Performance and Feature richness... but Fortimanager software is a PITA for me and large Deployments are really hard (nearly impossible) to handle.
SRX300 could be a solution in combination with Junos Space Network Director, but i have no experience with this Management Software. Any comments on this?
Any other Ideas here?
Hi Reddit,
I've researched this topic into oblivion and am currently getting in my own way of finding the best and optimal solution that satisfies ease of understanding and scalability.
Before I ask you to critique my Vlan segment design, please keep in mind that I have multiple sites that I need to account for.
I am using the 10.0.0.0/8 and breaking each site into 10.1.0.0/16, 10.2.0.0/16, and 10.3.0.0/16 respectively. It will eventually look like this >>
HQ Firewall --> 10.1.1.1/16
Remote Site A --> 10.2.1.1/16
Remote Site B --> 10.3.1.1/16
Remote Site C --> 10.4.1.1/16
I created a basic Excel spreadsheet that I took a screenshot of and uploaded to Imgur, please use the below link to understand my thought process and design decision, and please critique me. I want the most readily understandable network design that not only makes sense but would allow for anyone who has no knowledge of networking to easily understand the goal or path to scale effectively.
tl;dr >> Click the Imgur link above and please critique my design for quick understanding and ease of administration.
Edit 1 >> Updated the imgur link
i was looking for a poe switch for my cameras on amazon and came across STEAMEMO, prices are low to the point pf skepticism, so i was wondering if anyone has any experience with these switches.
Yes, i know the two have nothing technical in common and use completely different bands, im asking of APs exist that simply combine two seperate devices into one so you only need the wiring for one device. I cant find anything online, and stackexchange mods are unhelpful as usual (small rant).
Hello! I’m after a supplier of ethernet cable on the reel in the box in the UK. I have tried a local computer shop who are renowned across the UK for computer parts but have came up nada, they only do the 5 metres pre headed cables. I ha e also looked online and cannot find a decent supplier. Any help appreciated! Thanks
Hi All
So i Have a stack of 4 Dell N2048P Switches that im having problems with the Ports flapping or going up and down speradically (at least in 5 minute intervals).
I needed to move these 4 switches to a new rack in a new building, and thought it would be a good time to re-configured them and have a better setup. So i zeroed the configuration and setup a new coonfiguration. Everything was working well to a few days ago when i noticed my devices going up and down.
On further rinvestigation i notice that SW3 ports are going up and down and in checking the logs i see only ports on switch 3 going up and down, i also notice that on Switch 2 that there is no data traffic to my end device but the switch is providing PoE so i shutdown all the porots on Switch 2 and bring them back up and that brings up all my devices and havent had that problem since, after i took up the poorts i deciced to reload the entire stack to make sure that it would work after a reboot and everything seemed fine.
Soo i check the switch logs and now i see that other ports on are going up and down and this is not just an issue on Switch 3 but on Switch 1, 2 and 4 now.
I have just upgraded the firmware to latest 6.6.0.24 and reloaded the switch but i get the same behaviour, i havent had the time yet to default the configuration and start afresh.
Below you can find an abstract part of the log file. I have a feeling that this may be hardware related (i havent as of yet been able to check if its always the same ports that go down) and before i go any further i am hoping someone can perhaps point me in the right directon before i restart the configuration.
<189> Nov 27 16:26:18 172.25.172.15-1 TRAPMGR[trapTask]: traputil.c(721) 15124 %% NOTE Link Up: Gi3/0/2 <189> Nov 27 16:26:17 172.25.172.15-1 TRAPMGR[trapTask]: traputil.c(721) 15114 %% NOTE Link on Gi4/0/23 is failed <189> Nov 27 16:26:17 172.25.172.15-1 TRAPMGR[trapTask]: traputil.c(721) 15113 %% NOTE Link Down: Gi4/0/23 <189> Nov 27 16:26:17 172.25.172.15-1 TRAPMGR[trapTask]: traputil.c(721) 15100 %% NOTE Link Up: Gi3/0/3 <189> Nov 27 16:26:16 172.25.172.15-1 TRAPMGR[trapTask]: traputil.c(721) 15083 %% NOTE Link on Gi1/0/1 is failed <189> Nov 27 16:26:16 172.25.172.15-1 TRAPMGR[trapTask]: traputil.c(721) 15082 %% NOTE Link Down: Gi1/0/1 <189> Nov 27 16:26:13 172.25.172.15-1 TRAPMGR[trapTask]: traputil.c(721) 15044 %% NOTE Link Up: Gi1/0/9 <189> Nov 27 16:26:11 172.25.172.15-1 TRAPMGR[trapTask]: traputil.c(721) 15006 %% NOTE Link on Gi1/0/9 is failed <189> Nov 27 16:26:11 172.25.172.15-1 TRAPMGR[trapTask]: traputil.c(721) 15005 %% NOTE Link Down: Gi1/0/9 <189> Nov 27 16:26:09 172.25.172.15-1 TRAPMGR[trapTask]: traputil.c(721) 14959 %% NOTE Link Up: Gi3/0/5 <189> Nov 27 16:26:09 172.25.172.15-1 TRAPMGR[trapTask]: traputil.c(721) 14952 %% NOTE Link Up: Gi3/0/1 <189> Nov 27 16:26:08 172.25.172.15-1 TRAPMGR[trapTask]: traputil.c(721) 14939 %% NOTE Link Up: Gi4/0/25 <189> Nov 27 16:26:06 172.25.172.15-1 TRAPMGR[trapTask]: traputil.c(721) 14901 %% NOTE Link on Gi4/0/25 is failed Hey,
I'm now studying BGP and was wondering what is the point of distributing OSPF routes in the BGP process and the other way around.
In what practical scenario do we configure that redistribution and what does it offer. I'm sure this is a very basic question but just want to confirm their purpose and why we can do it both ways (BGP into OSPF and OSPF into BGP).
Thanks!
Can anyone please explain the difference between a business leased line and broadband to me?
I’ve got a situation in my residential building right now (around 50 different flats) where we’re in talks with Hyperoptic (broadband provider in U.K.). The Original plan was that they would build in fibre to the building and each individual flat would have the option of getting their own dedicated home Broadband service from Hyperoptic if they choose to. However, that appears to have changed now, and they’re building in a business leased line for the whole building to share. Is there any difference in the services here? Is a leased line less secure and more contended if being shared by multiple flats? Or is it the better choice in this situation?
Any help would be appreciated!
Hello! I’d like to start off by saying please ignore my name. I thought it sounded cool when I was younger.
Ok, my background. My 1-3 year goal is to land a network engineer role, or something similar. I have the CompTIA trifecta, as well as my CCNA R+S. I only just started attending college 6 months ago (WGU) and have no actual IT work experience. I am looking for ideas to help me stick out more on resumes and cover letters. Mainly, I am looking for project ideas I can do at home that would look impressive.
I do currently have a home lab consisting of 3 cisco routers and 3 cisco switches, but I don’t do much on them beyond setting up different subnets. I also do labs through NetSim from Boson. I would like to really throw myself behind a few projects though, that I could talk about in a cover letter and interview. Any ideas?
p.s. With these certs alone, I was able to land a help desk/support type position, but that expected start date is still MONTHS away (vetting process + Covid).
I'm looking to setup some wifi for a wear house that will have about 60 people in it in a 10k sqft area. Full coverage is not important as long as most of it is ~70% of the space. Are the consumer mesh systems able to hand that many users or is that too much? Usage is basic office work and I'm sure streaming YouTube and music by the employees.
Hey my ISP is Verizon and I've got quite a few devices connected to my router. I'm not networking savvy, but I think there is a way I can limit mb/s per device so that my main desktop gets top speed.
I tried to google it, but results were polluted with android/family help.
Hello!
I am building a Aruba wifi infrastructure for a whole building (With mobilitymaster controller) and I realised that the wifi handover to other Access Points didn't worked very well, I often have to connect manually with the network again when I'm moving in different areas of the building.
I tested the network adapter setting "Roaming Aggressiveness" and put the value to "6. highest". Now it works better. Is there a way to deploy this value to other devices?
I don't think It's possible to solve this via GPO or is it?
Are there other ways?
Thanks!!
Hi
I'm in need of a L3 fiber switch with atleast 8 SFP. I'm not in need of any particular advanced functionallity other than basic L3.
Also 1G is enough.
I've been offered the Cisco SG350-28SFP for approx $700, which seems to do the job.
I've also been offered the Aruba 3810M 16sfp+ for approx $11000, which is way off the budget for this project.
Then there is the Ubiquiti EdgeSwitch ES-16-XG which comes out evey cheaper again, which is also 10G.
Edge switches are chosen as Aruba 2530.
Does anyone have experience with the SG350-28SFP and/or the Ubiquiti ES?
Any suggestions on other switches?
I’m wondering if someone could explain the differences / advantages / disadvantages of:
-m limit —limit-burst vs -m recent — hitcount
What are the differences between these rate limiting options, why would you use one over the other?
Thanks folks!
Hello, our company employs 40 computers, also we have a Cisco 48 port 2960 Switch.
Unfortunately, I noticed on the wireshark that a few ip addresses via ARP request to get an ip address of a host that is not in our network. For example our computers have an ip with the fourth octet starting from 150 to 200, and the computer asks to get the macaddress to an ip address ending in .39. I would like to know why on a Windows 10 computer management is sent to this address x.x.x.39.
It is possible that in the past some application related to this ip address was working? But I'm not entirely convinced.
Sorry if that's a newbie question but I can't seem to figure out what's wrong with it.
At work, we have a D-Link DES 1024D and suddently the internet disappeared completely in the entire office. I connected my laptop into ISP's router - the Internet works. So my next thought is that something is wrong with the Switch.
I disconnected everything from the Switch and connected only the cable from Router and my laptop - the Internet worked. I checked every port - all of them seem to be working. Then I started connecting devices one-by-one and after I connect ~16 devices - the Internet just drops on all devices connected. It doesn't even matter what ports I use or which devices I connect to it, at a certain amount of devices connected, the Internet stops working.
Any ideas?
Hi all,
I have setup some ACL to block interVLAN but something is not working. I would like to have your kind guidance.
The network diagram is simple as below:
Firewall > Cisco 3850 > Endpoints
Vlan10 (10.50.10.0/23) is my data network.
Vlan50 (192.168.50/24) is my isolated network.
I have reverse static router on my firewall for Vlan50 to have Internet access.
192.168.50.0/24 > LAN interface > 10.50.10.5
The is the configuration on my switch:
interface Vlan10
ip address 10.50.10.5 255.255.254.0
end
#
interface Vlan50
ip address 192.168.50.5 255.255.255.0
ip access-group RED_ACL in
end
#
sh access RED_ACL
Extended IP access list RED_ACL
10 deny ip 192.168.50.0 0.0.0.255 10.50.0.0 0.0.1.255
100 permit ip 192.168.50.0 0.0.0.255 any
The above configuration works well to block Vlan50 to talk to Vlan10.
But I want to make sure that Vlan10 would not be able to talk to Vlan50. So I created the ACL below:
sh access GREEN_ACL
Extended IP access list GREEN_ACL
10 deny ip 10.50.10.0 0.0.1.255 192.168.50.0 0.0.0.255
100 permit ip 10.50.10.0 0.0.1.255 any
interface Vlan10
ip address 10.50.10.5 255.255.254.0
ip access-group GREEN_ACL in
end
Somehow after applying the ACL to Vlan10 it would lose network connection. A user in Vlan10 can't ping the gateway 10.50.10.5.
I tried to change the ACL to below but would gain access to Vlan10 again but no Internet access....
sh access GREEN_ACL
Extended IP access list GREEN_ACL
10 permit ip any10.50.10.0 0.0.1.255
100 permit ip 10.50.10.0 0.0.1.255 any
I am wondering what I am doing wrong.
Hello,
First of all, I don’t know if this is the correct place to post this. Please also note that English is not my native language.
I am playing around with BGP through an ASN and a v6 /48 PI block assigned to me. I’ve setup everything on Bird (Ubuntu server) and am peered correctly with an a few IP’s being exported that I’ve setup on a dummy interface.
I can even ping from IP’s assigned to the dummy adapter via “ping6 -I *ipv6addr* google.com”, I have even assigned some IP’s to another real interface which I can also ping from.
My confusion seems to be this: How would I turn the IP’s (or block) on this VM (BGP server on ESXI) to be routed into a router like PfSense?
So far, I have tried sharing the interface via a vSwitch and tried setting up a static IP with one of the IP’s on that is allocated on the BGP server but this doesn’t seem to be working.
Can anyone help me as to what I’m missing?
Hello! Idk if this is the right place to post as I have near to zero experience with networking on such a level. I have a ranch with housing sprawling over 18,000 sq ft, I’m looking for advice on a wireless networking solution where I could be able to control the bandwidth between guests and workers, since usually workers gobble up (pardon the thanksgiving pun) the resources.
My current set up is 7 airport express bases but I don’t have any control over the bandwidth.
No wiring is possible right now due to budgetary constraints.
Am open to any ideas.
Thanks so much.
Hi, has anyone tried to purposely create a L2 loop in a lab environment?
I have tried to do this a couple of ways now but haven't been able to. The only thing I haven't tried is bpdufilter on the specific interfaces.
But alas, I know that any port that is set to portfast/edge if it receives a BPDU on it, it will revert to spanning tree mode normal thus preventing L2 loops that would be caused by having it in the forwarding state straight away.
Especially if that port was connected to another switch along with another port (2x single different trunk connections to an opposite switch) i thought i could create one by setting both single trunk interfaces to portfast/edge trunk then i thought broadcasts would loop around each of the ports and back to the original sending switch because they're both set to forwarding. But STP worked anyway, I'm guessing this because the interfaces reverted back to STP mode normal because it received a BPDU on the interfaces, thus normal spanning resumed.
I guess its a testament to how far we have come in terms of having built in security in our switches (good ones anyway) that prevents this type of thing from ever happening.
The only option I see left is to put BPDUfilter on both interfaces and watch everything go down I assume?
I would've thought initially that setting port type edge and to a trunk would've caused it, but alas as I said that didn't happen.
Happy Thursday/Friday r/networking
I've recently been tasked with supporting a network that makes heavy use of many different outdoor wireless technologies (Cambium and Rajant to name a few), in addition to some standard Cisco gear. Although I'm not directly responsible for administration of the wireless gear mentioned, I want to be able to participate in conversations around them, and of course they're in the path of switches that I do manage so I think it's important I get to a good degree of understanding of them.
Although I have a decent understanding of 802.11 and RF concepts in carpeted spaces (have worked with Cisco Aironet APs, controllers, mobility express, Meraki, etc.), outdoor wireless (point to point, point to multipoint, point to multipoint (to point to multipoint?)) is pretty alien to me. Does anyone that's dealt with outdoor wireless (industrial applications specifically would be a huge bonus, would love to pick your brain) have some good starting points to suggest for my research/study? I'd really appreciate it.
Thanks
So I run a small enterprise network and I've got users with android devices that when they connect to the wifi they show that they're connected but have no internet connection. However, when you put the device in airplane mode and connect to the wifi they connect just fine.
It's only affecting a handful of android devices and all of the affected devices experience this at both sites.
I'm not running anything particularly fancy. I've just got ubiquiti gear for my infrastructure with a pi hole as my dns server. The only thing thats not just default settings is I have a rules that block all inbound and outbound ipv6 and dns traffic that isn't from the pi hole.
Anybody have any ideas?
It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts.
Feel free to submit your blog post and as well a nice description to this thread.
Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it.
Hello all !
I'm investigating on an issue we are facing in my company, where we have laptops intermittently failing their Dot1x authentication, and failover to MAC (that's the normal behaviour based on our Cisco switches access interfaces + ISE configuration).
After some research, I noticed that it concerns sleeping docked HP laptops.
At the moment the laptop goes to sleep, the LAN port of the docking station (and thus, also the port on switch side) goes down, so the Dot1x session is cleaned.
But after a few seconds, the port comes back up, and sends a few frames using the docked PC MAC address, causing a failed Dot1x and then a MAB authentication.
We do not encounter the issue when the laptops are directly connected to the wired network, without using a docking station. When they go to sleep mode, their network port remains down.
We are using HP 2013 docking stations, with a lot of different HP laptops models, but I managed to reproduce the issue with an EliteBook 830 G5 on Windows 10 release 1809.
Do you guys have an idea of what could be the problem ?
Thanks for your help !
Hi
I'm sorry in advance if this is not the correct channel to be asking this question but I feel the expertise of this community would be best suited to this question.
I am an currently running a Linux server that hosts a VPN, DNS updater and webserver. Because there is a VPN running on this server I am wanting to segregat these services from the local network it is running on so that it can be used to a "commercial" standard (allowing trusted people to use the VPN but knowingly increasing the chances of malicious attack)
I have looked into software like ip tables and router DMZ but I just don't have the complete understanding of how it works and so would prefer to physically separate the server on the local network. This is my question, what hardware would allow me to do this? I am still open to securing the network using software if there is a suggestion.
Current hardware in chronological order: ONT (modem) Router (not very smart) Managed switch with VLAN capability (not using VLAN) off this switch is all local network devices including the server.
Any help/thought would be greatly appreciated. Any links to youtube tutorials also.
Thanks, Jacob
I am doing some load-testing performance suing Trex and this is my result so trying to understand how to read this result?
what is Total-PPS vs Expected which one i should consider for my final result?
Total-PPS : 390.19 Kpps
Vs
Expected-PPS : 700.00 Kpps
Cpu Utilization : 2.3 % 1.7 Gb/core Platform_factor : 1.0 Total-Tx : 199.77 Mbps Total-Rx : 199.78 Mbps Total-PPS : 390.19 Kpps Total-CPS : 390.15 Kcps Expected-PPS : 700.00 Kpps Expected-CPS : 700.00 Kcps Expected-BPS : 358.40 Mbps Active-flows : 0 Clients : 250 Socket-util : 0.0000 % Open-flows : 20999990 Servers : 65530 Socket : 0 Socket/Clients : 0.0 drop-rate : 0.00 bps summary stats -------------- Total-pkt-drop : 750 pkts Total-tx-bytes : 1343999360 bytes Total-tx-sw-bytes : 0 bytes Total-rx-bytes : 1343951360 byte Total-tx-pkt : 20999990 pkts Total-rx-pkt : 20999240 pkts Total-sw-tx-pkt : 0 pkts Total-sw-err : 0 pkts Total ARP sent : 5 pkts Total ARP received : 2 pkts Hey guys I wanted to see how to land a Network Engineer job for another company with only a few years of helpdesk exp. and the CCNA.
I'm looking for a tool or a virtual FW I can setup to block TLS 1.0 between a client & server to see if it forces TLS 1.2.
If there's no tool, are there any open-source FWs or FWs with free trials that could help me do this?
Hi
Recently got this HWIC but it isn't recognized in my 1921.. have tried several IOS versions, c1900-universalk9-mz.SPA.155-2.T, c1900-universalk9-mz.SPA.151-4.M4 and c1900-universalk9-mz.SPA.156-3.M1. The SPD light on the HWIC is the only sign of life.
R1#sh inv NAME: "CISCO1921/K9", DESCR: "CISCO1921/K9 chassis, Hw Serial#: FCZ1632C1EU, Hw Revision: 1.0" PID: CISCO1921/K9 , VID: V04 , SN: FCZ1632C1EU R1#sh diag Slot 0: C1921 Mother board 2GE, integrated VPN and 2W Port adapter, 2 ports Port adapter is analyzed Port adapter insertion time 2d23h ago EEPROM contents at hardware discovery: PCB Serial Number : FOC162813PQ Hardware Revision : 1.0 Part Number : 73-12850-05 Top Assy. Part Number : 800-33408-03 Board Revision : A0 Deviation Number : 123694 Fab Version : 02 Product (FRU) Number : CISCO1921/K9 Version Identifier : V04 CLEI Code : COMKK00DRD Processor type : C8 Chassis Serial Number : FCZ1632C1EU Chassis MAC Address : d48c.b5c6.4180 MAC Address block size : 32 Manufacturing Test Data : 00 00 00 00 00 00 00 00 EEPROM format version 4 EEPROM contents (hex): 0x00: 04 FF C1 8B 46 4F 43 31 36 32 38 31 33 50 51 40 0x10: 06 AC 41 01 00 82 49 32 32 05 C0 46 03 20 00 82 0x20: 80 03 42 41 30 88 00 01 E3 2E 02 02 CB 8C 43 49 0x30: 53 43 4F 31 39 32 31 2F 4B 39 89 56 30 34 20 D9 0x40: 04 40 C1 CB C2 C6 8A 43 4F 4D 4B 4B 30 30 44 52 0x50: 44 09 C8 C2 8B 46 43 5A 31 36 33 32 43 31 45 55 0x60: C3 06 D4 8C B5 C6 41 80 43 00 20 C4 08 00 00 00 0x70: 00 00 00 00 00 F3 00 51 40 00 8B 41 00 3C 42 00 0x80: 00 F8 00 24 03 E8 1B 11 07 D0 1E A2 09 C4 1F A9 0x90: 0B B8 20 0F 0F A0 20 D3 13 88 21 6A 1B 58 21 A9 0xA0: 1F 40 21 B8 27 10 21 3E 41 00 50 42 00 00 F8 00 0xB0: 18 02 71 1D B0 04 E2 20 08 07 53 21 02 0E A6 22 0xC0: 60 1D 4C 22 C4 27 10 22 C4 FF FF FF FF FF FF FF 0xD0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0xE0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0xF0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF Embedded Service Engine 0/0 : Total platform memory : 524288K bytes Total 2nd core memory : 0K bytes Start of physical address for 2nd core : 0x80000000 Virtual address start of 2nd core memory : 0x0 - 0x0 2nd core configured disabled L2 cache ways for 2nd core : 0 Sorry if this isnt allowed..
I have an interview with a Fortune 500 and I'm trying to understand what they're actually looking for engineering wise. They're asking for a cloud engineer on paper, but are actually looking for a a solid network engineer who has automation experience. This is a big box retailer, they're using Google Cloud and AWS as far as I can tell. However, their main focus in my prelim interview was on BGP, EIGRP, and Ansible.
They did specify they wanted someone with BGP peering experience, specifically in GPC. Based on what limited info I have, does this position sound similar to what anyone else is doing? Is anyone working with similar technologies who can speak to the day to day work?
Thanks!
Hi, we’ve just expanded our office space to include another floor. And because of that, we now needed to expand our network. It’s an old building, so the connection there is really bad (like 10 Mbit download) so we’re relying on 4g network connection which has been great so far (city centre 200mbit)
Because we’re expanding, we also needed some more bandwith, so i went ahead and got us an extra 4g router to put on the other floor.
I gave it the same ssid and password, so you now just connect to the closest one. This works pretty okay, the only problem is just that sometimes it connects to the wrong network, and your internet becomes really slow. (Or whn you mov between floors)
Is there anyway to combine the 4g routers in a better way? Like a mesh or something?
Any advice is appreciated!
Having a hard time finding info on this. When you enable BGP multipath, at what point in the path selection process is the prefix considered equal? Because if you follow the path selection process all the way to the bottom, prefixes are never equal, so when does it stop?
So the reason there are 3 keystone jacks are to get from the router to the patch panel, and two keystones are used to get through the walls. On the router, before the keystones, i am getting 246mbps, but after the keystones I'm getting 167.46mbps download. Any ideas why?
Currently we have 1 datacenter where we host our servers and firewalls, now we're looking into adding a new datacenter into the mix on a separate location.
There's a darkfiber running between the 2 datacenters, but I'm a bit in doubt what would be the way to go to interconnect both datacenters. The goal will be to have an Active/Active setup where DC1 can be reached from DC2.
Should I connect the darkfiber to our firewall clusters so the firewall can take care of the routing, or should i connect it to the switches (making them L3)? DC1 has Juniper EX4550 switches, DC2 has Cisco Nexus switches.
My idea and how I'm currently setting this up:
DC1 ip range 10.0.20.0/24, DC2 ip range 10.1.20.0/24 both connected to their firewall cluster which handles routing with the darkfiber connected to it. That way if host 10.0.20.101 needs to connect to 10.1.20.201 it's handled by the firewall.
Would this be the ideal scenario, or am I missing something?
I'm planning new Components for Our Network (3 Hyper-V, 3 Layer2 Switche, ~60 User).
I want a transfer layer with new Layer 3 Switches. Should i look for 10GbE or is 1GbE enough?
Does igmp snooping do anything if the multicast source and receiver hosts are connected to the same layer 2 vlan?
I know igmp snooping limits the flood of multicast out all ports on a layer two segment, but isn’t it based on a multicast router being present? If you’re not running pim and not routing multicast across networks, then does enabling igmp snooping on the switch even do anything? The white paper on the matter says the switch monitors for igmp join group messages going to the multicast router. So now I’m wondering without said multicast router will this still work?
Hello Netizens!
So I'm looking for suggestions for IP transit in Central Europe. What would be your preference? Especially for a secondary provider
In my country I have 2 major datacenters.
I've already discovered that they don't offer equal transit and in this case I'm seeking advice on which to pick one.
I got pretty aggressive quotes all over the place for 10g. I'll focus on MRC for 1y as NRC is not important much.
Cheapest and most available is Asympto - €1000 for 10g flat in one DC and €1400 in another (I guess due to L2 tunnel).
Cogent €1300
Lumen €1750
GTT €1750
Then I got only in one DC:
Telia €1700 (personal preference, because most of the T1 networks send through Telia wherever the traffic goes and they have pretty good links to Oceania and HK)
HE $1500 (5y offer though $700)
NTT still waiting for offer, I'll update on the date
Could not reach Interoute...
There's also a China Telecom option, BUT as far as I know their offers are not without "hidden" costs (registration in China and reporting in case of police requests). Anyone can suggest on that?
Hey,
I bought a Edgecore AS6701 from ebay, it has a cumulus license file but the operating system was corrupted / unbootable.
Does anyone know where I can get hold of something of a download for cumulus 2.5.3 powerpc onie installer? They don't have anything in their download section anymore.
Hello everyone.
I have a question about WatchGuard Dimension. Is it possible to enable the Port 22 (SSH) for data transport over WinSCP?
My purpose is to install the Check_MK Agent so I can monitor the Dimension Server, but unfortunately, I couldn’t install the “openssh” packages because the root-user was disable or unavailable(?). I tried to change his password, but it was not possible.
I did a research on the watchguard forums and couldn’t find any solution. Is there a default root-user except the “wgsupport” user?
In the Dimension Setting there is a setting about the Remote Backups on an external file folder. Port 22 is also an option for this function, and it is automatically by default active if we enable this function. Does this have anything to do with my goal?
Thanks a lot for reading and in advance for your answers!
Cheers!
Hello All,
for the past 4 days, I was searching for the best 80.21x configuration of the switch in order to install cisco ISE 2.7.
we had any problems for users authentication before, and I wanted to start from scratch.
for this reason i wanted to change all my configs, I has been a very hard month with ISE. many users are not getting authenticated and some are getting disconnected .
I searched for documents, but I no luck with that.
If someone have a perfect document for this purpose, this will be a great help.
Thank you all.
Hey everyone just struggling a bit I have been given this question "You are working for an IT Company and they have asked you to design a server and the network. Describe how you would do it. (Note: You can use any hardware, software and network topology you like.)" I have gone over the course material and videos a few times submitted my answer and been told I'm on the right track but really stuck for ideas.
My answer:
I would use a mesh topology for more safety in case part of the network goes down. This would then connect to a firewall for extra security I would then get this to connect to the server with a load balancer attached. I would see what issues would arise as I have no prior knowledge of what is happening at the business and make changes from there. I feel this is a stable starting point.
I know this is very simple but thank you for any help!
Hello, I'm new to networking so bare with me.
I have two switches, one with four hosts and one with two hosts. I want to transmit an immense amount of data between the two switches. (FAR more than any home network hence this subreddit). I don't need speed, but I need bandwidth and that's where link aggregation comes in (I think). I want to bond together 3 ports on each switch and connect them together with three ethernet cables.
Is it fine to create a LAG/bond/team on each switch and connect them together without the hosts being aware? Does LACP require the hosts have bonds/teams/LAGs to communicate with the LAGs on the switches?
Are there any common pit falls with this? Do I have to be aware of any ARP/IP layer issues?
As long as the frames get to the link, it they should be routed properly to the hosts, correct? Is it safe to bridge the LAG to the network so that the hosts can perform DHCP?
I appreciate any help you can give me, this is the documentation for my switches https://github.com/Mellanox/mlxsw/wiki
AWS outage takes down many services on the web. Does anyone have insights as to what the reason for it might be?
I cannot reach my server, this is what I get from traceroute
2 8 ms 9 ms 9 ms 2605:a000:402:8d::1 3 18 ms 12 ms 18 ms 2605:a000:0:4::2:1272 4 * * * Request timed out. 5 16 ms * 17 ms 2605:a000:0:4::38 6 * * * Request timed out. 7 46 ms 25 ms 28 ms ae-6.edge7.LosAngeles1.Level3.net [2001:1900:4:3::501] 8 64 ms 63 ms 61 ms lo-22-v6.bar1.Tampa1.Level3.net [2001:1900::3:ea] 9 68 ms 71 ms 73 ms HIVELOCITY.bar2.Tampa1.Level3.net [2001:1900:2100::53e2] 10 68 ms 68 ms 71 ms xe-9-0-1.bar2.Tampa1.Level3.net [2001:1900:2100::53e1] 11 69 ms 70 ms 68 ms HIVELOCITY.bar2.Tampa1.Level3.net [2001:1900:2100::53e2] 12 68 ms 68 ms 68 ms xe-9-0-1.bar2.Tampa1.Level3.net [2001:1900:2100::53e1] 13 79 ms 73 ms 72 ms HIVELOCITY.bar2.Tampa1.Level3.net [2001:1900:2100::53e2] 14 68 ms 69 ms 69 ms xe-9-0-1.bar2.Tampa1.Level3.net [2001:1900:2100::53e1] 15 71 ms 72 ms 73 ms HIVELOCITY.bar2.Tampa1.Level3.net [2001:1900:2100::53e2] 16 69 ms 69 ms 71 ms xe-9-0-1.bar2.Tampa1.Level3.net [2001:1900:2100::53e1] 17 68 ms 70 ms 71 ms HIVELOCITY.bar2.Tampa1.Level3.net [2001:1900:2100::53e2] 18 69 ms 83 ms 68 ms xe-9-0-1.bar2.Tampa1.Level3.net [2001:1900:2100::53e1] 19 68 ms 71 ms 73 ms HIVELOCITY.bar2.Tampa1.Level3.net [2001:1900:2100::53e2] 20 70 ms 68 ms 68 ms xe-9-0-1.bar2.Tampa1.Level3.net [2001:1900:2100::53e1] 21 68 ms 69 ms 68 ms HIVELOCITY.bar2.Tampa1.Level3.net [2001:1900:2100::53e2] 22 68 ms 69 ms 69 ms xe-9-0-1.bar2.Tampa1.Level3.net [2001:1900:2100::53e1] 23 70 ms 73 ms 73 ms HIVELOCITY.bar2.Tampa1.Level3.net [2001:1900:2100::53e2] 24 69 ms 69 ms 69 ms xe-9-0-1.bar2.Tampa1.Level3.net [2001:1900:2100::53e1] 25 76 ms 72 ms 73 ms HIVELOCITY.bar2.Tampa1.Level3.net [2001:1900:2100::53e2] 26 70 ms 69 ms 69 ms xe-9-0-1.bar2.Tampa1.Level3.net [2001:1900:2100::53e1] 27 79 ms 73 ms 72 ms HIVELOCITY.bar2.Tampa1.Level3.net [2001:1900:2100::53e2] 28 69 ms 69 ms 69 ms xe-9-0-1.bar2.Tampa1.Level3.net [2001:1900:2100::53e1] 29 71 ms 74 ms 71 ms HIVELOCITY.bar2.Tampa1.Level3.net [2001:1900:2100::53e2] 30 68 ms 69 ms 68 ms xe-9-0-1.bar2.Tampa1.Level3.net [2001:1900:2100::53e1] This is what I get from ping TTL expired in transit
I'm a 4G/VoLTE network operator and I'm looking for mobile phone provider like Samsung, Xiaomi, Alcatel, Blackview, etc... to integrate and test on my network.
Not sure if this is the right sub so feel free to suggest alternatives.
My org recently switched our phone system (CUCM) from a PRI to SIP connection. The SIP connection to our provider goes out over our Internet connection.
Ever since the switch, it seems like our call experience has degraded. The quality is good in that I can hear the other person well and they can hear me well, but it seems like there's a slight delay - I find that I'm often talking over people because of it.
I don't know what this is called or how to reliably quantify it.
95% of our org is still doing WFH, so my team is one of the only ones still using the phone system. If there's a problem I'd like to try to identify it so we can either fix it or find a better solution before everyone comes back to the office after the holidays.
Is there some way that I can definitively measure the quality of a phone call (to include delay, etc.)?
While setting up a few internal apps, an MTU size of 1500 is recommended. Can someone explain what this means in terms of connectivity and what effect it has on TCP/UDP please? (if any correlation)
Thanks.
Solved. Thank you to the people that responded!
Explicitly looking for a getting started the indicates the default admin login. I've been on the radiusdesk website and it seems to be lacking some obviousness.
Tried root/admin and root/password.
I swear I either suck at google or developers suck at writing documentation.
I need help understanding MC-LAG with VRRP for my implementation.
As per Junper's documentation you need VRRP over MC-LAG to use OSPF on your redundant core switches. But I'm confused about the benefit of having MC-LAG active/active if i am going to use VRRP.
I will be using MC-LAG as active/active which will enable both nodes to handle and forward traffic but VRRP doesn't work this way, it has one virtual IP which will forward the traffic to the node that has the VRRP highest priority, this means that i will lose the benefit of active/active since the traffic will be forwarded to one node that has the physical active IP.
Is my conclusion right and will there be a huge benefit using MC-LAG with VRRP rather than saving redundant uplinks to both cores?
Try as I might, I cannot find a conclusive answer as to which specific SKU(s) I would need to purchase in order to have a single instance of XRv 9000 without any specific feature licenses. This is strictly for a lab setup (I do not want to use VIRL for reasons) and, as best I can tell, perpetual licensing was phased out a few years ago.
How does one appropriately purchase a "no throughput" XRv license? And, while you're here, is there an equivalent for IOS-XE?
this is painfully simple with Juniper vMX! :D
What would be the easiest way to see if a port has been active in the past (for example) 7 days? Looking to clean up some closets and free up some ports, but I don't know if those ports are in use and something is just not currently plugged in.
We use HP procurve for our switches and have Solarwinds for monitoring, including UDT. Easiest way I could think of is resetting the stats on the switch and then checking again in about a week to see if it's still 0, just didn't know if there was an easier way and maybe it's already being tracked somewhere centrally, instead of visiting each switch and checking ports manually.
I've been looking around but found no official info. Does anyone know how the Unifi Controller validates client devices? MAC address maybe? If so, if a device changes its MAC address, could it authenticate many times like a new device (defeating the guest portal or free trials)?
Thanks!
I need help to understand port numbering in EX9200. I don't understand how come there is ge-1/1/3 and xe-1/1/3 at the same time.
The naming convention is node/linecard/physical port.
How come in the same place i have a 1G and 10G port?
ge-1/1/3 {
native-vlan-id 1;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members all;
}
storm-control default;
}
}
}
xe-1/1/3 {
disable;
native-vlan-id 1;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members all;
}
storm-control default;
}
}
}
Is there a command to log out a user that has logged into multiple devices on the network?
Hello guys, I've been wondering what format do you guys use when sending a string over socket between clients and server.
I'm currently using this format
"MessageType<,>data1<,>data2<eom>" where I seperate each variable with <,> and end the string with <eom> (end of message)
for example: registerSuccessful<,>25112020<eom>
I would appreciate to learn if there are better practices.
The max sized packet I can send in a ping to google is 1464. So add 20 for ip header and 8 for icmp header this gives me 1492. What are the other 8 bytes? Also the Ethernet frame adds 14 bytes but I am not sure if this is counted towards MTU? I am assuming not since it does not get fragmented. If it was that would actually put me at 1506 bytes. My MTU is the standard 1500 and I am trying to understand why 1464 is the largest packet i can sense in a ping when there are still 8 bytes left over.
Hello everyone,
I'm wondering if anyone of You came across extensive network performance testing tool or methodology. What I'm thinking about would be related to Proof of Concepts and things of that sort, where after building up a network one could start automated tests of what the network can and cannot do (move certain workload, handle certain bursts).
Sorry if the question looks too broad, but I suppose it's mean to be.
Looking forward to Your responses.
Hello,
I'm in the market to purchase new hardware to terminate L2TP/PPP sessions on an LNS.
This is to support xDSL assets, I currently support these services on VMs. I have around 5-6Gbps of traffic with an expected growth of 4-5 Gbps in the next 12 months. This traffic will be load-balanced across at least 2-3 of the new devices.
Looking at around 20-25K budget per device (or less if I can)
I've been looking at the Cisco ASR 1001-X which looks ideal, although, I'm open to the recommendation that I can also consider for my evaluation.
I need to be able to control these sessions via RADIUS attributes, i.e., dropping them into VRFs, rate-limiting, ACLs, etc.
I was wondering what some of you ladies & gents are using in your own infrastructure to support these services?
Currently one of the my device near the router is eating up most of the bandwidth and the device further is ridiculously slow.... Any help will be appreciated. Thanks!!!
I tried to set high priority on the further device, but doesn't help much so far.
Hello.
Today we have a few servers in a cluster at our data center.
Every part of the setup is redundant, except for our Unifi routers, which we have a manually failover rutine.
We have 2 cisco routers from the data center that acts as redundant routers, if one fails the other one takes over. After this we have a couple of Unifi security gateway pro, which manages our servers network internally, and takes care of the port forwarding and Vlaning.
The limitation here is that the unifi router does not allow for a fully redundant network, and it also does not take more than 1 IP at the WAN side.
We are looking for a fully redundant router setup, where if our first router fails, the second takes over, both portforwarding and public IPs, with minimum downtime.
Something like the mission critical gateway from clearbox, but with multiple wan inputs per. box.
https://www.clearos.com/products/hardware/clearbox-300-series#flexibility
Hi folks, I got a question about Citrix ADC. An application with multiple Apache virtual hosts (Same IP, each vhost is bound to a port in the range of 12300 to 12319) that is published to outside users via Citrix ADC (using a SSL vserver). Citrix doing SNAT
Traffic from user to Citrix vserver is SSL (HTTPS), between Citrix SNIP and Apache vhosts is HTTP. Ideally, the users should always see https:// in their address bar, with no backend port. But we are encountering an issue where on user's web browser, the address bar shows the scheme being http://, and the backend port is not removed.
What I've configured on Citrix ADC:
There is also a HTTP vserver which has almost the same configuration with the SSL vserver, except for the cert, SSL params (because they are not required). On this HTTP server there's a Responder policy to redirect users to HTTPS.
Hoping to connect our windows xp pc to out network to allow file sharing. How can I do this safely so we don't open ourselves up to security issues.
No internet access is needed on the xp machines.
Is there any way to force a rekey of an ipsec tunnel on an srx? I have a problem that is only reproduced on rekey intermittently. I would like to force rekeys until it happens.
Hi,
Currently looking at potentially redesigning a large network made up of around 100 VLANs completely controlled by static routes and very old gear, looking at following something close to a Campus Network Topology(roughly similar to the image below) running OSPF - just curious to know what routing protocols or things you'd consider if you were to look at doing something like this - is using OSPF considered legacy itself and no longer a recommended solution? Are there better protocols to use to do the same thing?
https://www.networkcomputing.com/sites/default/files/modular.jpg
2xVPNs via Internet to Azure from an on-prem device that has 2 separate ISP. The way Azure works, you have a single IP to use as BGP peer, for both connections, not 2 separate peer addresses. This is not configurable in Azure.
Because of this I cannot use as-prepend because I don't have 2 neighbors where to push two different route-maps (one normal and the other with the prepend AS).
Every now and then Azure decides to change and point to the secondary ISP, but the on-prem still has the primary ISP selected to reach Azure, which results in one way traffic. Only way for me to fix is to drop the secondary VPN through secondary ISP to get Azure to restore the primary path as preferred. Ideas on how to fix ? (I cannot have multiple gateways in Azure).
It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related.
There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves!
Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it.
I'm looking to change my static IP address. Is there a way for me to do that without having to contact my ISP? Is it even guaranteed that they will change it?
I'm attempting to simulate VoIP Dial-Peers Across a WAN Link. The instructions provided to me were very unhelpful, it was just "configure these devices, Refer to Lab 2 as required." Below are the configurations I have, I was lazy and didn't bother to remove the extra vlan on CMESwitch fa0/3.
I thought perhaps the IP addressing should be different for both sides, but other students told me thats not the case and just "copy L2 for each side, changing only the phone number and specified vlans". So now I'm loss because it doesn't seem to be working and I've obviously misconfigured something. I verified the the CIPC and R2 have the same Mac address configured under ephone 1.
https://i.imgur.com/mW1sgCX.png CMERouter2(config)#do show ephone
ephone-1 Mac:00E0.8FEC.9316 TCP socket:[1] activeLine:1 UNREGISTERED mediaActive:0 offhook:1 ringing:0 reset:0 reset_sent:0 paging 0 debug:0 caps:8 IP:0.0.0.0 0 CIPC keepalive 43 max_line 2 button 1: dn 1 number 6001 CH1 DOWN CMERouter2(config)#do show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.55.0.11 54 00E0.8FEC.9316 ARPA FastEthernet0/0.57 CMERouter# show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.55.0.11 70 0009.7C3D.3D93 ARPA FastEthernet0/0.55 CMERouter#show ephone ephone-1 Mac:0009.7C3D.3D93 TCP socket:[1] activeLine:0 REGISTERED in SCCP ver 12 and Server in ver 8 mediaActive:0 offhook:0 ringing:0 reset:0 reset_sent:0 paging 0 debug:0 caps:8 IP:10.55.0.11 1026 7960 keepalive 43 max_line 2 button 1: dn 1 number 5001 CH1 IDLE CMERouter#show ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES NVRAM up up FastEthernet0/0.1 10.5.0.1 YES manual up up FastEthernet0/0.50 10.50.0.1 YES manual up up FastEthernet0/0.55 10.55.0.1 YES manual up up FastEthernet0/1 unassigned YES NVRAM administratively down down Serial0/0/0 192.168.1.1 YES manual up up Serial0/0/1 unassigned YES unset down down FastEthernet1/0 unassigned YES NVRAM administratively down down Vlan1 unassigned YES unset up down _______________________________ CMESwitch(config)#do show ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/1 unassigned YES manual up up FastEthernet0/2 unassigned YES manual up up FastEthernet0/3 unassigned YES manual down down Vlan1 10.5.0.4 YES manual up up _____________________________ CMERouter2#show ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES NVRAM up up FastEthernet0/0.2 10.5.0.1 YES manual up up FastEthernet0/0.52 10.50.0.1 YES manual up up FastEthernet0/0.57 10.55.0.1 YES manual up up FastEthernet0/1 unassigned YES NVRAM administratively down down Serial0/0/0 192.168.1.2 YES manual up up Serial0/0/1 unassigned YES unset down down FastEthernet1/0 unassigned YES NVRAM administratively down down Vlan1 unassigned YES unset up down ______________________________ CMESwitch2#show ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/1 unassigned YES manual up up FastEthernet0/2 unassigned YES manual down down FastEthernet0/3 unassigned YES manual up up Vlan1 unassigned YES manual administratively down down Vlan2 10.5.0.4 YES manual up up hostname CMERouter ! ip dhcp excluded-address 10.55.0.1 10.55.0.10 ! ip dhcp pool VOICE network 10.55.0.0 255.255.255.0 default-router 10.55.0.1 option 150 ip 10.55.0.1 ! no ip cef no ipv6 cef ! no ip domain-lookup ! spanning-tree mode pvst ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation dot1Q 1 ip address 10.5.0.1 255.255.255.0 ! interface FastEthernet0/0.50 encapsulation dot1Q 50 native ip address 10.50.0.1 255.255.255.0 ! interface FastEthernet0/0.55 encapsulation dot1Q 55 ip address 10.55.0.1 255.255.255.0 ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 192.168.1.1 255.255.255.252 clock rate 125000 ! interface Serial0/0/1 no ip address clock rate 2000000 ! interface FastEthernet1/0 no ip address duplex auto speed auto shutdown ! interface Vlan1 no ip address ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.1.2 ! ip flow-export version 9 ! dial-peer voice 5 voip destination-pattern 6001 session target ipv4:192.168.1.2 ! telephony-service max-ephones 2 max-dn 10 ip source-address 10.55.0.1 port 2000 ! ephone-dn 1 number 5001 ! ephone 1 device-security-mode none mac-address 0009.7C3D.3D93 type 7960 button 1:1 ! line con 0 password cisco logging synchronous login ! line aux 0 ! line vty 0 4 password cisco logging synchronous login ! end ____________________________________ ! hostname CMESwitch ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! spanning-tree mode pvst spanning-tree extend system-id ! interface FastEthernet0/1 switchport trunk native vlan 50 switchport mode trunk ! interface FastEthernet0/2 switchport mode trunk switchport voice vlan 55 ! interface FastEthernet0/3 switchport access vlan 55 switchport mode access ! interface Vlan1 description Management VLAN ip address 10.5.0.4 255.255.255.0 ! ip default-gateway 10.5.0.1 ! line con 0 password cisco logging synchronous login ! line vty 0 4 password cisco logging synchronous login line vty 5 15 login ! end _____________________________________ ! hostname CMERouter2 ! ip dhcp excluded-address 10.55.0.1 10.55.0.10 ! ip dhcp pool VOICE network 10.55.0.0 255.255.255.0 default-router 10.55.0.1 option 150 ip 10.55.0.1 ! no ip cef no ipv6 cef ! ! no ip domain-lookup ! spanning-tree mode pvst ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.2 encapsulation dot1Q 2 ip address 10.5.0.1 255.255.255.0 ! interface FastEthernet0/0.52 encapsulation dot1Q 52 native ip address 10.50.0.1 255.255.255.0 ! interface FastEthernet0/0.57 encapsulation dot1Q 57 ip address 10.55.0.1 255.255.255.0 ! interface Serial0/0/0 ip address 192.168.1.2 255.255.255.252 ! interface Vlan1 no ip address ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.1.1 ! ip flow-export version 9 ! dial-peer voice 6 voip destination-pattern 5001 session target ipv4:192.168.1.1 ! telephony-service max-ephones 2 max-dn 10 ip source-address 10.55.0.1 port 2000 ! ephone-dn 1 number 6001 ! ephone 1 device-security-mode none mac-address 00E0.8FEC.9316 type CIPC button 1:1 ! line con 0 password cisco logging synchronous login ! line aux 0 ! line vty 0 4 password cisco logging synchronous login ! end _________________________________________________________________ ! hostname CMESwitch2 ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! spanning-tree mode pvst spanning-tree extend system-id ! interface FastEthernet0/1 switchport trunk native vlan 52 switchport mode trunk ! interface FastEthernet0/2 switchport mode trunk switchport voice vlan 57 ! interface FastEthernet0/3 switchport access vlan 57 switchport mode access ! interface Vlan1 no ip address shutdown ! interface Vlan2 description Management VLAN mac-address 00d0.d3b1.be01 ip address 10.5.0.4 255.255.255.0 ! ip default-gateway 10.5.0.1 ! line con 0 password cisco logging synchronous login ! line vty 0 4 password cisco logging synchronous login line vty 5 15 login ! end Hi everyone. Hoping someone can help me. I got a used huawei s1720-28gwr-4x from my friend but can't seem to reset it properly. I don't have any info of the previous config.
I did hold the reset button for more than 6 second and I can get onto the web interface with the default ip. As well as telnet. But the default username and password don't seem to work.
Disclaimer: I am really new to networking, all my knowledge comes from the Google.
I was studying basics of TCP/IP protocols and was thinking about scarcity of IPv4 address space. I am familiar with how the standard server/client TCP communication works. Namely, the client (who is usually at a private IP) sends TCP request to the server (who is at a known public IP). The clients default gateway uses NAT and attaches its own public IP as a source IP and forwards the message to the server. Server reply is sent back to home router's public IP. He then translates it back to private IP and the client gets the message.
But I was wondering, can the server initiate a connection with a host on a private IP. Or even more, can two hosts on private IPs communicate directly with each other, given their gateways' public IPs are known? How?
As far as I can tell, every time I communicate with someone online, I do it using a third party (say Facebook), but I don't see why the third party's server would be necessary. I am aware that ISPs sometimes allocate only one public IP for a private network where they put a group of hundreds of their users, hence I would need some additional info about my friend, not just his public IP. I guess it has to do something with ports, but I'm not sure how. If someone could direct me to readable literature on this topic, it would be very helpful.
Hi All,
I have an FPR-2110 I'm running in ASAv mode, so basically a 5520. Internal-Data1/1 interface is shown as such:
Internal-Data1/1 169.254.1.1YES unset up up
When I check the logs, I am getting flooded by below every second:
Nov 24 2020 15:46:18 FWCoreDC2-VPN2110 : %ASA-2-106007: Deny inbound UDP from 169.254.1.3/47098 to 208.67.220.220/53 due to DNS Query
I don't route 208.67.220.220 to this firewall in the core, and considering the fact that 169.254.1.1 is the interface IP of Internal-Data1/1, I am confident the traffic is being sourced from the ASA itself.
So the question is; How do I stop it from flooding the logs without disabling log message 106007 outright?
This is probably a simple question, but my googling so far is only showing differences between Spine-leaf and the traditional 3-tier architecture.
Let's say you have 2 stacked Layer-3 core switches. All ToR and Access switches have an uplink to both core switches. The redundant uplinks ports are all configured as LAGs.
Is this considered spine-leaf or collapsed core?
Spine-leaf is not supposed to interconnect the spine switches, right? Does stacking count as interconnecting?
Is spanning-tree a requirement for it to be collapsed core?
Thanks guys!
I have been tasked with creating a secure HTTPS Proxy and Cache Server on an Ubuntu 18.01 machine. The server needs to establish an independent path to the target web server and then compare the retrieved certificate against the certificate retrieved in the normal route of accessing this web server, in order to detect whether the traffic in the normal route has been intercepted by a malicious man-in-the-middle.
I am thinking of installing and configuring a squid server, but this does not feel like the server is complete. Are there any other tools and packages I need to utilise? I need help to plan this out please.
Hey, r/networking . Long time lurker, first time poster.
I know it`s probably a really stupid question, but still..here is the long version:
I have configured vrrp before, but on private networks. Now we have a client, that wants edge switch, connected to 2 routers (that should be in VRRP), and the routers downlink to their internal network.
The incoming connections in the edge switch are multiple ISPs with multiple vlans (remote video streaming). The client has a separate AS with different ISP configured as peers.
So far the client had one hello router and there was no problem. Question is: how do we configure vrrp on those routers without requesting more public IPs (AFAIK vrrp requires at least 2 different IPs - one for virtual router (that can be a Physical interface as well, and one for the backup device in the same network). The interfaces are all subinterfaces really, but that shouldn`t matter I think.
tldl: How to configure vrrp with only 1 public IP interface?
Hi guys,
Currently working on implementing BGP for the first time in my career, and I have one completely noob question. I basically want a hub-and-spoke network, where the core can see all of the routes advertised by the branches but the branches can't see the routes advertised by the other branches. I've tried different AS numbers, etc. but I'm completely lost. Any tips on how to set this up? I'm running Fortinet gear at basically every level from access to core if that helps. Appreciate any help and all of the great info I see on this sub every day.
Hello, I wanted to know what I could possibly do to create this kind of system:
Let's say I have a workplace and we have our own machines here that host things like our websites, files, dashboards, etc. and we want users who are connected to some kind of VPN to be able to access any of these resources. So all of these things are protected from the outside world and only those who are in our network domain can access these resources freely.
Is it possible to configure this? If so, do you just need to use something like OpenVPN to set up some kind of VPN, and then you can use a VPN client, like the default Windows one, to connect to the VPN?
good afternoon,i am evalutaing two single L2 point to point connections (from two different carriers, with somehow different lengths) from my hq to my branch office, i cannot choose l3 ecmp with routing protocols to loadbalance them, so, it is better to use lacp and risk the possible out-of-order problem (due to different path length on different links) or use stp and use only one link at a time and the second one only as "backup"?
thank you
This is a bit of an embarrassing question but I really don't know how I would tackle this, any help to guide me would be much appreciated.
If I got handed right now something like an SRX300 or an ISR 1100, I don't think I could "from scratch" configure them from the CLI. I'm so used to the cheap and cheerful home routers, I believe I could do this easily from the GUI but there is a disconnect in my brain how I would learn everything I needed to know to fluently do this from the CLI.
I was thinking I would via the GUI first set it up and just reverse Engineer the configuration that results from that. I feel otherwise I might miss certain things or have to trawl through all the documentation having to skip over a lot of irrelevant stuff.
I think my issue here is that I'm so used to the commercial SME gear that I'm struggling to connect the dots for a blank slate Enterprise piece of kit. I also assume once I've done this exercise and really understood what is needed it would be easier for future times (e.g. just a lack of experience?)
Edit: Looking at the JunOS documentation for something like an SRX 110 or SRX 300 it appears like there is actually half decent guides on how to setup the device from scratch.
I am interested in how others have managed through the pandemic and what cool / interesting solutions you've implemented to solve some of the longer term challenges. For me, it was establishing layer 3 connectivity between on prem lab, and my "remote work" lab at home. Using GNS3, I setup a virtual router on my laptop, configured a router inside our lab as a DMVPN3 hub and now anytime I fire up the VPN and my GNS3 lab project, I am able to establish connectivity between our on prem lab and the one I built at home. I know there are other easier ways of establishing this but this one had 2 unique features First was the low cost. For me it was free since i was able to reuse physical gear as necessary. The second was the low risk. I didn't have to poke any additional holes in the firewall or standup any separate WAN segment since the transport is our corporate VPN, connecting directly into a lab network segment.
Below is a high level overview:
At home
Dell work laptop with corporate VPN(Palo Alto global protect)
GNS3 2800 series router on my laptop
GNS3 NAT connection to my VPN NiIC
USB NIC for wired connection to Cisco 3560cx switch
GNS3 Cloud connection using the USB NIC for physical connect to Switch
Using basic VRFs / DMVPN spoke / to establish tunnel to on prem lab
At Work
2900 series router
configured as DMVPN hub,
phase 3(default route only)
EIGRP
Any opinion about Cisco NA for ACL management (ios switch)? Any pros, cons or maybe better alternatives (as cheap as possible). Thank you.
Hi all!
I have been given an assignment of various exercises, one of which is about a .pcap file. Let me preface this with 2 things:
So here is the context. I have been given a .pcap file, containing around 16k simulated (I'm assuming) packages lapsing 4 minutes of activity on a random day. I am told that "someone is doing something suspicious, and we need to investigate", and give IP/hostname and so on. After fiddling for a couple days, I think I am able to extract those things easily once I figure out which is the suspicious activity.
But I have no idea where to start to figure out what is suspicious. I have no other context.
What I tried so far:
I hope I made it clear, sorry for any mistake I made with my explanation - I am not sure what I am supposed to be doing here. I'm looking for any clue as to where to look for a "suspicious activity".
Thanks!
Anyone know how to set the TCP MSS in Windows 10? I have some (not all) VPN users where the TCP MSS is getting set to the Physical Interface MTU -40 instead of the VPN Interface -40.
Can't seem to find a decent guide on how to actually set the TCP MSS in Windows 10. I'd prefer not to change the Firewall MSS since this only affects a subset of users and changing it on the Firewall would affect everyone.
I have many lines incoming with various /27 /29 subnets attached but these are all ISP specific
really I want the option to take out Subnets with us and switch between providers mainly cost contract negotiations as being some of these subnets had IP based services rather than DNS
is it possible to own your own Public address ranges so then I can have the option to move to any ISP
are there pro's/con's?
I am UK based if that makes a difference
Hey,
I have some baremetal libvirt hosts with virtual networks (bridges) and VMS on them. I want put them together in a mesh network (I'm thinking of using wesher for this as I've used it before) and advertise the virtual networks to the other hosts so they can route freely to them over the wireguard network.
Wesher works by creating a single wireguard interface and then a peer for each of the hosts along with adding a route to each them over the wireguard interface.
I'm thinking about using OSPF for this using either quagga or bird (I'm liking the configuration syntax of bird more) but I have not managed to get them to advertise anything.
I'd like to do this in the most hands off way possible, deployed with ansible.
So I have a couple of questions.
Thanks!
EDIT: I thought I should add some more info on the wesher setup.
Each host gets a /32 address so they're not in the same network.
```
ip a ... 3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default link/none inet 100.100.177.204/32 brd 100.100.177.204 scope global wg0 valid_lft forever preferred_lft forever ```
```
wg interface: wg0 public key: GUBhK2xfbUK7y3n34HqXBfqyg7alHk0RT3VrSatESkM= private key: (hidden) listening port: 51988
peer: +2p6S0h37vd5tzxeO1uECDVKLznkmy5EeUvse5H0B2A= endpoint: 10.100.4.2:51988 allowed ips: 100.100.59.47/32 ```
```
ip route ... 100.100.59.47 dev wg0 scope link ```
Hi, someone please help me.
I am looking for a way to 'ask' or 'query' my DHCP server for hostnames of devices on my local network. I know this is possible because it is how NTOPNG gets its hostnames (friendly names) of devices and also through mDNS. I have read almost every tutorial on the internet and they all come back to reverse dns and using DNS to find it. This is not suitable for my use case and I need to find it through the DHCP. PLEASE HELP ME :(
thanks guys
Hi r/networking,
Beginner here; very new to networking. This is my first attempt at building a network diagram (well, at least of this sort of complexity). I used draw.io to make this diagram (also my first time using this software).
I would appreciate any feedback on this diagram -- particularly at whether I have all the IP addresses mapped out properly.
IP Addresses given by Internet Provider:
• Internet access:
o 210.35.24.32 /30 bits (Site1 - left side) Gateway 210.35.24.1
o 200.23.32.100 / 32 bits (Site2 - right side) Gateway 200.23.32.1
• Remote Access:
o 210.35.24.100 (Site1 - left side) Gateway 210.35.24.1
o 200.23.32.105 / 32 bits (Site2 - right side) Gateway 200.23.32.1
Other things that I am unsure of:
-Does the UPS make sense being connected to S1 for site 1 and S10 for site 2?
I don't know what I don't know. For example:
Originally, I had the SAN (connected to S1) and then the file servers and email servers connected to the SAN. But feedback from someone suggested that the email server and the file servers are to be connected to S1 and then connect the SAN to those servers. Additionally, the SAN only has two connections, and as such, a switch can be used to solve this. It is stuff like this that I had no idea of.
Diagram: https://i.imgur.com/b9vQOgs.png
If you would like to access the draw.io file, let me know.
Thanks in advance.
Hello Network Reddit people,
I have an issue i've been scratching my head on and have been leaning heavily on GNS3 for this testing.
Please see:DIAGRAM
In the diagram, R1/R2/R3 build BGP with their loopback interfaces that gets redistributed into isis. R2/R3 only peer with R1 since it's the route-reflector. The BGP route also follows the lowest metric as expected. But the problem I have is that whenever i loose the lower metric route I get TTL exceeded.
For Example: Link with 160 metric goes down. Bgp next-hop to 192.168.0.0/24 from R1 is 3.3.3.3, which is R3 loopback IP learned from R2 via ISIS. I also see that R2 has this route (R3 Loopback Ip) with a next-hop of 3.3.3.3 to R3 over the 300 metric link. I also see on R3 that it has a next hop of the route-reflector (1.1.1.1) to 172.16.0.0/24, with the loopback IP of R1 learned via ISIS from the R3/R2 peering.
FIX: What gets to me is that I can fix this on R2 whenever I set a static of 192.168.0.0/24 to the point-to-point ip between R2/R3. This doesn't make any sense to me, because R2 should be forwarding return traffic (dst:192.168.0.0/24) to the R3 loopback ip as the next hop, since R1 had its next-hop set as R3 and not R2.... Is this an issue with recursive route-lookup in my virtual environment and/or what am I mis-understanding with how packets should be getting forwarded?
I have a strange issue.
The speed I get is around 25 Mb/s, which is even slower than HDD read speed.
I switch to 3m DAC cable and the speed goes up to like 4 Gb/s. I switch back to obtical and it's super slow again.
What could the issue be? Do optical transceivers degrade over time? (I bought them used, and they could have been used 24-7 for 10 years straight.)
Could it be the cable? I have most of it bundled in 1 ft diameter coil, and have always been careful not to bend the fiber anywhere too much.
What troubleshooting steps should I take next?
Can someone recommendation a router/firewall for a small school for 50 to 60 persons .(ages 6 to 12) Internet bandwidth is 20Mbs (up) and 10Mbs (download) Two UAP Pros One Cisco 2960
I have experience networking firewalls, routers and servers .
Regards . Thanks.
I did a cutover Tonight and once we plugged in the outside interface I saw the following error message on the LINA CLI. The error is showing up nonstop to a point where you can’t type CLI commands.
“Invalid API Param - data size must be block size multiple”
Once I changed the crypto ACL on the Site to Site VPN to something random with /24 for source and /24 for destination the error stopped. When I put the original crypto ACL (src: RFC 1918 Dest: any) the error comes up again.
Anyone know what is is about? FTD 1140 with FMC. This setup is working fine on an ASA.
