I want to add a printer so that guests on our guest wifi can print to it. I put it on the guest wifi. But then it turned out the computers and iphones also on guest wifi could not see it. It turns out this is a feature. Then I went to the router (netgear genie), and there's an option "Allow guests to see each other and access my local network", which was off and is off by default. I do not really want to turn that on, since I do not want guests to be able to get to the computers and printers on my regular non-guest wifi. I don't mind if they see each other. Any suggestions? Thank you
Saturday, December 30, 2017
Conecting 2 nighthawk ac1900 routers
Hey i just bought another nighthawk router to setup in my garage i have a cat6 cable that im going to use to connect the two routers i need help on how to setup the other one
Edgeswitch to Unifi Switch Trunk
Quick question for the Guru's out there...
I have an Edgeswitch ES-16-XG as my collapsed core. An ES-48-Lite, and a Unifi US-48-500W.
I have all my L3 routed VLANs defined on the ES-16XG, and all the VLANS defined on the other two switches. My trunk works as expected between the two Edgeswitches.. No traffic I can see passes across the 10Gbit DAC trunk between the Edgeswitch and the Unifi, seemingly they work when connected over regular ethernet cable.
It shows the port as up on both sides, however with the way the VLANs are setup on either branded switch being considerably different I am wondering whether there might be something I overlooked. Maybe it doesn't like the particular variety of DAC cable?
Anyone working with a similar setup?
What is most accurate way to test wifi connection strength in different areas of a building?
I am trying to compare different set ups to see what provides the best wifi coverage in all areas of a building.
Since using something like fast.com has too many variables, and not really what I'm looking for, I am wanting a way to view just wifi strength at a certain spot in the building. And then go back to this exact spot connected to a different brand of mesh system and see what I get.
Would using a program on the same device each time to view the connections strength in dbm be the best option for me?
Thanks
[Shower thought] The evolution of Networking is just us changing into Systems Admins
So a user post in another comment got me to thinking. This user stated that the networking industry (really network vendors) were making a lot of progress, because they were finally running on *NIX OS'es.
It made me think. We're moving "forward" by going to *NIX OS'es which are all quite old and literally from the very earliest stages of computing. Now granted, I know that Linux is still heavily used because it's just better than Windows at certain things... but one has to think: if everything is going to Linux Shells and the like, and there's this push to stop managing our devices through individual CLI prompts... aren't we just gonna turn into Systems Admins?
To me a job posting that says "must be able to administrate a linux system, must be able to write python and bash scripts, must know tcp/ip and associate protocols" that sounds like a Systems Administrator job, not a Network Admin/Network Engineer.
Also with Dell and other vendors coming out with new blades where it's a high powered Data Center Switch + Server in one, at what point are we all just systems guys?
To me this isn't really an evolution but more of a compression.. a collapsing of different roles. It's the industry carving down their IT department... it's one of the oldest methods of down sizing: combine multiple offices together to perform one function, and then cut the numbers down after integration.
[Shower] thoughts?
First time designing a link between networks and I may be in a bit over my head
We have several networks that currently look something like this: http://ift.tt/2lxD5Nw The basic function is that the modem goes over a 4G VPN connection back to our central office, a server at this office periodically collects information from the primary PLC. Most of the traffic however is between the "location" and "branch location" which is not transmitted over the 4G but is instead transmitted via a ubiquiti radio and a small switch.
I'm trying to connect four of these (typical) locations together so the main PLCs can communicate with each other and I'm not sure how to best design the connection between them. Here is my proposed design: http://ift.tt/2loQJTT
The part I'm unsure about is the connection going between the locations. The ones labeled: Main location, location 2, location 3, and location 4 in my diagram. My thoughts are that I could connect a router to the switch at each of the locations. From there it would be connected to a second ubiquiti radio. This radio would then be placed in "transparent bridge mode" which to my understanding acts as a layer 2 bridge. The location labeled "main location" would then be set up as a AP and the other locations would connect to it. Then I would have to set up some sort of routing between the locations on the new routers.
Additional potentially useful information: WAN (central office) side of the modems is 192.168.7.0/24 LAN side of each modem are the four listed 10.130.0.0/16 networks.
Is this design stupid? Is there a better way to do it? Any thoughts or feedback would be welcome.
Quick HPE/Aruba Switch Question....
I bid on/won an “open box/customer return” Aruba 2530-48G switch recently. When it was delivered to my house it ended up being the HPE 2530-48G switch instead. It is/was also sealed and never been opened. My understanding is that when the Aruba “rebranding” occurred, everything internally on the 2530 and possibly other HPE switches remained identical, it just had a new coat of paint/name.
Is this correct? I really don’t want to go through the hassle of returning this HPE 2530-48G for an Aruba 2530-48G if I really don’t have to.
They’re identical from a hardware standpoint? My understanding also is that the HPE switches ran ProVision software, and the Aruba rebranded ones run Aruba OS? So...if I power this HPE 2530-48G up...will it update to Aruba OS?
Loop back for DNS on clients
I work at an outsourced helpdesk and occasionally I see 127.0.0.1 input as DNS. I can understand why you would want to do that on the DNS server itself but why on a client pc? Are there any advantages to having a client use its host file for DNS? Doesn’t it cause more administrative effort? Wouldn’t ARP and mapping drives take care of finding files and servers within the network even if it is a home group rather than being on a domain? Thanks in advance as nobody I’ve asked seems to know.
Traffic not being unNATed
So I'm hoping someone can help me out with this as I am really not understanding why this traffic is not being unNATed on this Cisco ASA 5512x
I can prove that the traffic is being sent and received from the WAN interface with a packet cap:
1: 05:53:52.236056 173.197.56.174 > 8.8.8.8: icmp: echo request
2: 05:53:52.268083 8.8.8.8 > X.X.X.X: icmp: echo reply
The same cap applied to the inside interface, however, does not show the replies:
1: 05:54:23.694711 192.168.51.2 > 8.8.8.8: icmp: echo request
2: 05:54:25.696512 192.168.51.2 > 8.8.8.8: icmp: echo request
3: 05:54:27.712426 192.168.51.2 > 8.8.8.8: icmp: echo request
4: 05:54:29.714776 192.168.51.2 > 8.8.8.8: icmp: echo request
The relevant config should be as follows:
KC-ASA(config-router)# sh run nat
nat (INSIDE,OUTSIDE) source static VPN VPN destination static VPN_HQ VPN_HQ no-proxy-arp route-lookup
!
nat (any,OUTSIDE) after-auto source dynamic any interface
KC-ASA(config-router)# sh ip ad
System IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/0 INSIDE 192.168.51.1 255.255.255.0 CONFIG
GigabitEthernet0/2 TEST 192.168.151.1 255.255.255.252 manual
GigabitEthernet0/4 OUTSIDE X.X.X.X 255.255.255.252 CONFIG
Current IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/0 INSIDE 192.168.51.1 255.255.255.0 CONFIG
GigabitEthernet0/2 TEST 192.168.151.1 255.255.255.252 manual
GigabitEthernet0/4 OUTSIDE X.X.X.X 255.255.255.252 CONFIG
Given the simplicity of the setup I don't understand what I'm missing. Connectivity tests from the ASA to the Internet as well as the internal L2/3 infrastructure has been thoroughly tested and is working fine. The L2L VPN (referenced by the first NAT line) is even working flawlessly. Anything going from INSIDE to the Internet though, appears to be not NATed as it re enters the INSIDE interface. I can provide additional information upon request and I should mention that both of the same-security commands have been applied to this device.
What is the purpose of using HASH encryption from router to router?
for example 2 routers, both running EIGRP with MD5. I "think" that I understand that if the 2 routers have the same authentication hash that they can communicate with each other, correct?
and if so, then what? is the communication between the 2 routers are encrypted?
and if not, what is the purpose? just to prevent other routers from forming an EIGRP neighbor from forming?
Friday, December 29, 2017
New WISP Network - Is VPLS a Crazy Idea?
I am helping with planning a new network for local WISP that my friend is starting. I have some networking background (College, had my CCNA years ago) but never in a service provider setting, as well I my day to day job I am not doing much with routing and switching. I have the following working in GNS3 but have a couple questions. As well, if anyone wants to tell me if I am crazy or if I have gone about this completely wrong I am open to any criticism.
Before I start my rambling, here is a couple pictures of my test network and topology. http://ift.tt/2Ej6EuM
I will be setting a router up at each tower and then using a Mimosa A5C to deliver access to the clients using a Mimosa C5. Since the C5 can be auto provisioned and managed from the AP itself with Radius I will also have a Radius server in a data centre that our transport comes in to.
All the towers are setup on a 10.0.0.X/30 for each of the backbone interfaces. I have OSPF and MPLS setup to route the traffic back to the main tower and then over our transport provider back to the data centre. From the data centre the traffic will then be routed out to the internet with our interconnect provider (Hurricane Electric).
From the tower sites we have a VPLS tunnel for each tower terminating at the data centre. This allows us to have a Radius server in the data centre and use PPPoE if needed to route public IP addresses. Using VPLS it transports the tagged VLAN traffic to each interface that is bridged with the Mimosa access points that he C5 bridges connect to. The networks are then terminated on our main router and routed out to the internet.
For now I am using VLANs and DHCP on a server in the data centre to hand out addresses. I only have a /26 but am looking at getting more or implementing IPv6 and then using a translator to allow IPv4 access. Right now though the /26 should work well for what I need. At the towers the routers will hand out 10.0.X.0/24 addresses to the Mimosa C5 bridges. This allows them to connect to the network, provision from Radius and then get the customer router an IP address through the tunnel.
At the client site I have the Mimosa C5 bridges setup to to connect to the Mimosa access points on our towers and then allow the traffic depending on the VLAN to the client. If the client is getting a natted IP address they are put in VLAN 200. If the customer has a static, public IP they are put in to VLAN 300. The port on the C5 bridge becomes an access port. For instance, if they are in VLAN 200 they would be able to plug a router in and the router would then get a WAN IP of 172.16.0.20. If they are in VLAN 300 they would get a WAN IP of 200.200.200.20 on the router. VLAN 100 is reserved for our management LAN and is how we can access the C5 bridges to configure and monitor the connections.
The main issues that I am concerned about:
- Broadcast domains - Will this cause issues when using VPLS? I know I should have a routed network but my fear is that when I am tunneling it all back across a virtual layer 2 tunnel I am defeating the purpose of having a fully routed network.
- VLAN performance - Is this the best way to hand out IP addresses with DHCP and keep our management and data networks separate?
- Security for clients and our infrastructure - The Mimosa clients and tower access points have client isolation and I have rules setup on the routers to not allow traffic between hosts. With the way the VLAN is configured, as far as I can tell the client can’t have access to the C5 interface or any of our management network unless they were authenticated in Radius and then hooked up a laptop or such to their bridge that they programmed to get VLAN 100 data from.
- Any way to do this without using VPLS - Again, am I taking a routed network , making it complicated and then just doing a bridged architecture anyways? Am I over complicating things?
Sorry for the long post. Again, any feedback is much appreciated.
Cisco Mobility Express + iPhone 7 = no connectivity?
As the title says, I've got an office running a CME controler on 8.5.103. All devices there work fine (Lenovos, Macbooks, Androids) except for iPhones but seemingly particularly 7s. I did a debug client on one of the known 7's and it seems to only strike when the client roams. In other words, freshly flicking WiFi on the phone and connecting 'fresh' means you get full speed and life is great. Roam between two APs or after some other event and you can't reach a thing, on network or off network. Debug included here (we followed best practices for Apple Fastlane including 802.11k/v/r, I believe).
Anyone have any inklings as to what we're missing or what other logging I can collect to not pull my hair out over this:
Building my first medium sized network Update. Need more advice, better diagram
Previous post: http://ift.tt/2CojOWA Like I said before, Ive got a decent amount of IT experience but I dont want to buy the wrong stuff, especially since we're on such a tight budget.
This is what the office actually looks like: http://ift.tt/2zN7tsg (Legend: Yellow triangles are 4 or 8 port switches, green stars are printers, blue lines are ethernet wires and green lines on the walls are 2 ethernet jacks. if they have a red dot on them they arent working)
I left out the individual lawyers offices because they all work fine other than being on a slow network and they all only have a single pc in them.
Anyways, we got about 40 computers, 40 phones and 10 printers on this network as well as a shitty NAS and a dell server of sorts The router thats actually doing the business is a microtek rb3011uias-rm. The 48 pt switches are cisco catalyst 3560 100mpbs max. They are not set up at all. There is also a random netgear nighthawk x6 ac3200 that i probably will move and use as a wireless access point.
The goal of this network is for everyone to be able to access their files (photos and pdfs mostly) from the server and run their software (its called abacus, its law firm management software)
Now I know one of the biggest issues is the room with 12 computers in it that has only 6 ethernet wall outlets and several cheap 4 port switches daisy chained together. Should I just throw a switch in there that can handle all the connections and call it a day, especially if I get everything up to gigabit speeds or do you think I need to do a drop for every computer in there?
Here are the questions I have now: Is the server room wired correctly?
What can be done about the room with 12 computers and 6 ethernet outlets? 1 good switch or do I need to do drops?
How much of a help will upgrading to 1gbps switches?
In the last thread people kept telling me to set up VLANs for the phones and the computers so they were separate. Will that be a big help or not really?
How do trunk lines work and does that make 2 switches act like 1 switch?
What kind of 48+ port switches should I buy?
Lastly, the dell server is running win server 12. Active directory is not installed and the server isnt really doing anything. How do i go about making active directory work? is there a guide thats good for someone starting from scratch to set it up with group policy settings and accounts and such?
thanks so much in advance! You guys have been a huge help~!
What are some unanswered questions in networking that, if solved, will revolutionise the field?
For example, math and computer science have quite a few open problems. Is there such a thing in networking?
Networksoft Solutions- Anybody heard about this training company?
Anyone heard about networksoft training or has experienced training with them? Please advice. Mods if this is wrong please delete. I posted in r/ccie and got no comments.
Is anyone here familiar with the old Nortel DMS-100 PBX systems?
Hello,
I've recently been brought in as a L3 network support resource for a very large company that happens to be running with some extremely outdated equipment. One of these pieces of equipment happens to be an ancient PBX system - the Nortel DMS 100. Thankfully it isn't my job to support this, but my coworker - a telecom professional - is stuck with it, and I'm looking for resources to make their life easier.
The problem here is that there has been absolutely no knowledge transfer for this. The company in question has bounced through several managed services contracts throughout the years, and apparently contacting the old MSP is out of the question. The DMS-100 is also, like I said, ancient, so we have no vendor support; and no other industry professionals we've spoken with have a clue how to support this.
If any of you have any resources for supporting these things (documentation, videos, etc) I'd greatly appreciate it if you'd sent them my way! So far, we've managed to come across a command reference, at least, so there's that. But we're running into errors trying to enter several commands and we don't have a clue how to get past them.
Lead Network Engineer vs. Sr. Network Engineer? And what does a Network Analyst do??
What would you consider the difference between Lead and Sr. Network engineer? About six months ago I interviewed for a position which they didn't know whether to call it lead or senior. When I received my offer letter it said lead, my current title says lead, but the director calls me the sr. It really doesn't matter to me as I am the most senior engineer on the team and the pay is right in the ballpark of what leads/seniors make. But, I would suspect that a lead is junior to a senior and if my title is changed to senior I should be asking for more than an average pay raise? Thoughts?
Also we work with a few companies who employ "network analysts." I have no idea what these guys do, other than send requests to me. I'd suspect I should be asking them for cat gifs and memes?
Dell S4048 base-t transceiver help
I need to connect a gigabit RJ45 device to a Dell S4048-ON switch which has SFP+ ports. Dell can't seem to find their 10GBASE-T SFP+ transceiver but they do have a 1000BASE-T SFP transceiver. Can anyone confirm the 1000BASE-T SFP will work in the S4048 switch?
Denying static IP assignments
Hello!
I'm trying to figure out a way to prevent people from statically assigning an IP on their laptop/pc in my network which conflicts with any DHCP reservations I may have. I can't find any tools for this, and the only solution I see right now is to write a Python script that detects & arp spoofs people who do it until they fix it.
Does anyone here know of such a solution... where I can prevent people from using DHCP reserved IP addresses on their PC/laptop?
Thanks!
[[ Info ]] Network gear: ERPro-8, Cisco 2960-S (48 port), UAP-AC-Pro + UAP-AC-Lite.
Could someone with Ruckus Support access help me out with a Link?
I have a P300 bridge running a point to point that is randomly disconnecting. I am getting a Disconnect "Reason 63" code in the Syslog, but I do not have access to support to download the documentation. (We are a Cisco/Meraki shop, Ruckus just makes a damn fine Bridge!)
Could someone shoot me the text from this link: http://ift.tt/2zMr2AE
Thanks!
[Cisco]: If you have another choice, choose that one.
I've worked with Cisco products ranging from ASA firewalls, 5508 WLCs, Routers, Switches, ISE, ACS, Prime (MSE), Firepower, etc. They have simply gone downhill these past two years very quickly. I'm not entirely sure as to why, but nonetheless, they have. If you ever have the choice between a Cisco product and another product, don't pick the Cisco one.
ISE For basic functions, the ISE works great. Device admin AAA functions for example are wonderful.
-Client Posturing: It's SCCM MDM integration starting with ISE version 2.1 (now on 2.3) does not support anything other SMBv1. Yes, you read that correctly. You have to open your network to one of the most common vectors of attacks to "securely" posture your devices coming onto the network. (what could possibly go wrong?!) Worse yet, Cisco hasn't announced any plans to change this. In the various bugs relating to this, Cisco simply states "Customer unwilling to downgrade to SMBv1" as its solution.
-VM Snapshots: Yes, many vendors don't officially support VMware snapshot as a way to back up their servers. But then again, the ISE VM is the only VM I know of starting with version 2.2+ (at least in the environments I've worked in) that stops all services and requires a reboot once Symantec forces a snapshot for its backup process. Ciscos offical way to back up the server is to recreate a VM from an .OVA file, then upload the config via FTP or NAS. This could take 30 minutes to hours depending on the environment. Regardless, its much, much slower than a backup should take in the current year of our technological advancement. The official response from Cisco when contacted was "how often do you really have to rebuild this server?" Wow how comforting.
-MISC: It also will miscategorize endpoint profiles, even more so "if you put too many factors" (TAC reply) determining the device.
3850 Switches: Overpriced garbage stick to the 3750X's if you can. IOS releases have been almost always crap. In the past two years, many of their "Cisco recommended" releases simply stop passing Management plane, then Data plane traffic after a few weeks. IOS files are getting to the point where you can't even boot its .bin file due to its size. You must take every other bootable IOS off of the device first leaving no back up until you've performed an upgrade. Transferring an IOS file over Xmodem is something I've done once, and made dang sure I never had to do again.
ASA Firewalls: Much like the switches, they will put out releases that will just stop traffic after a certain number of packets are processed by the firewall. Sometimes, they'll even include it in the release notes while still having the bad release available for download. It also still uses a JAVA GUI. Disgusting and slow.
5508 WLC: Much like all the other previous devices, their software releases have sucked. They just had a recent release, Cisco recommended, that resolved the KRACK vulnerability. I upgraded to it, only to have zero APs associate to the controller. The release notes stated the upgrade path was direct. Once I upgraded to another non-vulnerability software version, they associated. This may seem small, but it takes a very long time to change the software on the WLC.
Cisco TAC: Their customer support has never been this bad ever. I always get a TAC Engineer who never reads the initial case notes. I will put everything they can possibly request, and they will still, on script, ask the exact same questions as if I only wrote the title of the case, and nothing else. Lately every single TAC Engineer interupts me when I am talking. None of the issues I have had could be resolved either. Since they weren't just basic "opps I forgot to check this one setting" type of issue. Hilariously enough, during a network down event due to a Firewall Software Upgrade, our Cisco account manager asked why we didn't try and do a webex with TAC. The TAC Engineer on the phone was also flabbergasted when I told him "no, we have a network down event, we cannot webex".
Sorry for the long post. I've just had enough of Cisco's shit.
What does it mean when an octet in a subnet mask isn't a full 255?
Say we have subnet mask 255.255.192.0 with IP address 192.168.1.37.
I know that when it's three full octets like 255.255.255.0 that the usable IP addresses start after the third octet because anything in the first three is locked by the mask. Very hard for me to accurately describe what is going on, but you get the idea. The first three octex being 255 mean that the first three octet of the IP address are never going to change, and that the last octet will be the host addresses. But I don't understand how this changes when the final architect is not 255 but instead something like 192. Can someone help?
SonicWall Dual WAN
Hey guys I'm trying to find some documentation on Sonicwall's with dual WAN not in round robin. Let's say I have WAN1 and WAN2. If both are up how does the sonicwall choose that route for clients to WAN1? Would I just have to change the priority on it in routing? What I'm wanting to do is have both WAN's live with duplicate NAT and also so if there is a routing issue we can still come over WAN2 from our secondary provider. If were out of town or remote. I know I can set up failover with primary and secondary with failback in the failover policies with duplicate NAT because of multiple statics on one interface.
Intel Intel x520-da2 vs x710-da2
Anyone have practical experience with either of these cards (interested more in the later x710)? checking the data sheets it looks that they are basically on par with the exception that the x520 supports FCoE and is 8 years old compared to the 3 year old of the x710. Doing prices checks it looks like they are on par when you remove the x520 clones. Just trying to understand if there is some hidden constraint on the x710 compared to the x520 (beyond FCoE) as usually old tech is cheaper then new tech.
Trying to learn about AS and BGP
Hello everyone! I feel as though I have a decent understanding of a local lan network and how it works. Things like how a NAT works, along with the different protocols like tcp, udp and the OSI model. What I don't understand is how the BGP and Autonomous Systems work, along with something called peering. I have been trying to learn it but it still seems confusing. http://ift.tt/1pXBHUF https://www.youtube.com/watch?v=z8INzy9E628 https://www.youtube.com/watch?v=O6tCoD5c_U0
rack + PDU ground confusion
Hi,
I'm looking at these two units:
and this part of the PDU technical details confuses me:
Grounding on aluminium profile
Does this mean that this particular unit provides grounding for the whole rack (through the plug and wallsocket) just by installing it and thus a separate grounding wire isn't needed? (Which would be convenient)
I checked a couple of other units but they don't mention anything about ground other than for the actual sockets.
Is this a common practice or just a mistranslation and I'll have to run a ground wire (to, I guess, a lug somewhere in the rack)?
Now, while I was writing this my brain came up with this: it must be a mistake because if you were to install more than 1 of these, you'd end up with multiple ground points, am I wrong?
While we're at it:
- if the rack is grounded, and has a patchpanel bolted in, but maybe there's some coating/paint on mounting rails/brackets, is this enough to ground that patchpanel or it needs to be done through the lug/wire (like here)?
- if the patchpanel is filled with shielded wires and is grounded, is it better to use unshielded patchcables (panel-to-switch and wallsocket-to-device) to avoid double grounding OR it's assumed that cables are always grounded at patchpanel and nowhere else and we can use shielded cables everywhere without grounding loop issues?
Thank you for your help.
Considering leaving Cisco and ACI behind and starting down AWS/Azure career paths.
Any tips for getting there? What are the training resources some of you have used to get there?
VyOS + Sophos XG Routing Quirk
I'm noticing an issue in the lab where a VyOS and Sophos XG are both on the same ESX host. The network is using OSPF with custom timers and all devices form the proper adjacencies, except when the XG falls out of the network. When it comes back in, it only forms an adjacency with the upstream Cisco ASA firewall, but does not form with the VyOS and the core switch (also Cisco).
The vswitch is in promiscuious mode, and I'm wondering if some Sophos function is eating some of the packets before the adjacencies form. When the VyOS is rebooted all adjacencies come back as expected.
Next steps are to separate the XG and the VyOS to different ESX hosts and see if the issue persists, after that I will take some packet captures. Anyone see something like this before?
Need help troubleshooting "the Internet."
So, we have a number of remote workers. They each have a little VPN router (Fortigate), a VoIP Phone, and a desktop provided by us.
Several of our users have started having really bad problems with connectivity, around 2-3 months ago persisting to this day. During certain parts of the day. Their web based apps on the desktop will slow to a crawl, their phone calls will start sounding garbled and cut in and out (so jitter + loss basically), and other apps they use become unresponsive and slow.
I started mapping the users who frequently have the problems, and the thing is they aren't in the same region, they don't have the same ISP, they don't even have the same "type" of Internet (2-3 are on DSL, another 4-5 on Cable, one even has a "Fiber" Internet to their house supposedly)
The Internet pipe that their VPN routers talk through back at the data center is not saturated during these incidents. We have no link saturation in our backbone either. During one of the episodes we monitored the whole end-to-end path between the VPN head end and VoIP server delivering the audio packets, nothing was saturated and we could follow the path via NetFlow to confirm yes the traffic is going this way.
EDIT: and yes we have QoS and confirmed that the correct counters were incrementing, proving the traffic was treated as EF all the way to our edge, and the traffic coming back from the remote user was also marked EF when it arrived here.
All health checks on the VPN head end and the individual endpoint routers come back clean. No memory or CPU spikes, no syslog errors... nothing.
When it's happening and you remote into their router, it's horrendously slow.. even typing into the CLI the words you type show up like a minute later after you've typed them, and the SSH session will just drop and you have to reconnect.
We all feel pretty strongly that the problem is "out there on the Internet" somewhere between them and us. But there doesn't seem to be any kind of evidence proving this. Like, I wouldn't feel confident opening a ticket up with our provider on that Internet Circuit because we have no real evidence showing there's a problem... and for all we know it could be dirty fiber at one random Internet Exchange somewhere out there I don't know how we can isolate the problem.
Is there some kind of tool or method we should use to get more data?
We usually can't ping their outside public IP, since the modem delivered by their ISP usually blocks inbound pings anyway... traceroute to their outside public IP shows no unusual latency at any hop either. Like wtf is going on?
Cisco NAT stops working
I have an ISR 4331 with latest IOS XE setup with some VRF lite, inner VRF routing, NATing, IPsec tunnels... Any ways.
The problem is with the NAT.
I have 2 NATs setup.
1 is outbound to provider A using a dynamic pool off a /25. This works fine
The second is outbound to provider B using the interface IP and NAT overload. This works for awhile and after a few hours the desktops that were connecting to resources behind Provider B stop working. If I try it on a desktop that wasn't using those resources it works when the others arent working.
The only way I've been able to fix it is to do a 'clear IP nat translation *'.
I can post config later.
UCCX Experts, Need Help
Hey everyone,
My Manager gave me the opportunity to work in a Cisco Collaboration project, and i've got the UCCX part of it, which is a new and challenging thing for me. I've read some of the documents and tried to understand the basics like What's a JTAPI, RMCM, CSQ, Skills, ressources etc ... and now I'm trying to install that platform and make it work,now I have a hard time to understand some concepts and how to make them work together, Like : The applications scripts, Triggers, which number to give in those triggers ( CTI numbers or agents numbers .. ) etc etc, a lot of misunderstanding of concepts makes me frustrated.... Overall, My problem is the WHY not the HOW, because youtube is pretty much full of HOW to do things, i.e once an application is created, we add a trigger to that application in the CCX, which trigger should we add ? is it a number of one of the cti ports ? or one of the agents ... I'M LOST, help
Thanks in advance :)
Blogpost Friday!
It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts
Feel free to submit your blog post and as well a nice description to this thread.
Cisco Product Quick Reference Guide
Cisco used to sell a nice printed book that made it easy to understand their product line. The last version I can find is from 2013. Do they still sell this book, and if not, what resource replaced it?
Thursday, December 28, 2017
Mikrotik Opinions
I'm definitely more on the systems side than network side, but I'm curious on the opinions of mikrotik equipment. I've seen several posts where it's recommended or people have great experiences with it but many posts where it's not even a consideration.
The cost of the devices and things like SFP+ transceivers are a pretty attractive alternative, but have rarely or never seen these devices out in the wild (~7-8 years). Why is this? Are they just not popular because of a lack of marketing?
Thanks in advance!
Cellular Networking Information
I've been curious and reading about the evolution of cellular data transfer, but I'm finding it increasingly difficult to find adequate information on how things like taxiing, cellular modulation, and asynchronous transfer mode fundamentally work. There is a lot of hand waving in the articles I've read in a couple Steven Shepard books and the Wikipedia articles I've browsed. I feel like there has to be a holy grail of knowledge somewhere out there. Does anyone have any resources they could point me to?
Thanks in advance!
I want to set up a free public internet, I believe it's called point to point or fixed wireless ? little help?
I just want to set up a simple sever with like 4-8tb capacity, fill it up with open source software and music/videos that are no longer under copyright and be able to share it. Of course I realize this will only reach a limited amount of people (a hundred?).. but it's a start.
Could someone point me in the right direction in terms of reading material ? Thanks.
1 ISP:Many Firewalls - Dirty Switch or No. Is there a better way?
Here is the classic example: - Customer has Verizon FiOS, ONT only has a single Ethernet port - Said port goes directly to a firewall (Sonicwall, Watchguard, pfSense, etc). - Customer finally updates phone system from 1876, but goes with some know-it-all VOIP phone guy and he absolutely, positively needs his own Edgewater POS and it absolutely needs a direct external IP. - VOIP guy wants to have his edgewater infront of your firewall, but you pay for 500/500Mbps and that Edgewater is going to be only capable of 65-70Mbps if you are lucky.
What do you do? Dirty Switch, take a switch, make 2 firewalls share 1 isp. But is there a better way.
On virtualized firewalls, I have put a quad-port nic in one of the servers and made that a VMWare Switch and handled it that way, but that is really just the same thing.
I understand the entire "Single Point of Failure" and I've actually had it happen and I have used passthrough adapters when doing Active/Passive redundant firewalls.
Another option (more for like pfSense) was to create a WAN Bridge Group - which again is just another dirty switch.
Last option that I was thinking. Ubiquiti EdgeRouter, and maybe routing the IP's. It's a firewall in its own right, albeit highly limited in the firewalling. But, I feel better with that touching the naked internet instead of a switch - even a dumb one. I can give it one IP, I can have it email me, and the darn things can probably max out a gig line.
Ideas? Rants? Raves? Insults? Let 'em fly.
Cisco WLC 2504 problem joining AIR-AP1852I-B-K9
Been trying to join the above mentioned AP to a Cisco WLC and the only thing I can see that could be causing the problem is that the AP time is 9 hours ahead from the Controller's time. The AP's debug output continually shows a cycle of logs including:
Bad certificate alert received from peer
I can ping to and from the AP and I've already checked that the certs are not expired yet. I cannot find any documentation on how to set the clock on an AP. There is no "config clock" command when in enabled mode...
Need help starting own 6in4 tunnel on DigitalOcean
I want to start my own tunnelbroker to provide IPv6 addresses to my address using a Cloud VPS I have from DigitalOcean. I know this is an enterprise networking subreddit but I figured you guys might be more experienced in this as it includes handling servers, etc.
I tried to follow this guide http://ift.tt/2leR8bk
and I get no errors when I follow the steps but my router never gets internet over the IPv6 addresses. Not sure it is even working at all. It works fine with HE (except high latency due to routing issues with HE in the mean time).
Here is an example of the IPv6 provided to me in the control panel (Don't worry, this is just an example, not real IPs, but they do belong to DigitalOcean of course).
Public IPv6 network
PUBLIC IPV6 ADDRESS:
2a03:b0c0:0:1010::a0:e001
PUBLIC IPV6 GATEWAY:
2a03:b0c0:0:1010::1
CONFIGURABLE ADDRESS RANGE:
2a03:b0c0:0:1010::a0:e000 - 2a03:b0c0:0:1010::a0:e00f
I would really appreciate any help offered. Thanks.
The Timeless Classics of Networking
What are the books that you consider to be the "timeless classics" of networking? I'm not asking "what's on your bookshelf?" - I've got quite a few that aren't in the category of "classics", but rather, which books would you say contain the unchanging fundamentals of networking - which books do you turn to when you need to deeply understand how a protocol works or how networks behave? Here's what's on my list:
- Routing TCP/IP Vols 1 and 2
- TCP/IP Illustrated Vol 1
- Optimal Routing Design
- The Internet Peering Playbook
But I'm sure I'm missing some - what do you consider to be the timeless classics?
Switch Recommendations for iSCSI SAN
So I am looking at a few Cisco options here (for sake of debate, Cisco is the only option to go with right now). The only real requirements are redundant switches, 16-24 ports, line-rate/non-blocking, and 10Gb SFP+ for iSCSI traffic between the hosts and storage array. To my knowledge, at this time there will be no converged networking requirements.
I've done some research and landed on 3850s, 4500-Xs, or Nexus 3000s.. but I realize there may be other well-suited options out there. Does anyone have good or bad experiences with those models I listed? Or other recommendations I might not be thinking of?
Cyberoam firewall capped at about 100Mbps and I can't figure out why
No QOS, no IPS, application control, etc. The WAN link is negotiating at 1000/full (Gigabit Internet connection). If I bypass the customer's firewall and plug my laptop directly into the ISP's switch I get ~800Mbps, but through the firewall I'm capped at ~95Mbps up/down.
I'm out of ideas as far as what could be causing this. The licensing on the firewall has expired but as far as I can tell this shouldn't be causing the issue. (We renewed the subscription but the customer can't remember the password he used to register the device and the password reset isn't working, so we can't apply the key right now).
I'm kind of at a loss here, anyone else have an idea of what this might be?
Edit: ...nevermind. Someone did a "speed 100" on all the access ports on the switch here. Now getting 800Mbps. Should have checked the interface speed on my laptop I guess.
How much would it cost per mile to run fiber optic cables in 2018 to create an ISP?
I live in a rural area in Northern California, where there's only 1 choice for wired internet. I'm not too worried about the feasibility of running the network, as if needed there's a nearby town that's fairly dense for the area with 13000 people that also only has one isp with broadband speeds, so it's not saturated, and they charge a LOT and are not capable of super high speeds. A lot of land is private here, so it shouldn't be too hard to get permission to do digging and such, and the ISP that serves our area has now tipped over $100 a month for the cheapest internet plan that doesn't have a 250GB data cap, which is outrageous. What exactly does it cost per mile to lay out a fiber to the home network, capable of providing homes with 100mbps and 1gbps speeds (Possibly more?)
BiDi(Simplex/Bi-Directional otherwise known as Single Strand MultiMode Fiber)
Good afternoon all,
A customer of mine has a fiber run, and it looks like one of the two multimode fiber strands has been cut or damaged. I'm looking into options that will provide a 10/100 Mbp/s connections to the phones that this fiber supports. As a side note, this switch does not support CWDM.. Quick searches come to up with Single Strand (WDM) Fiber Media Converters.. Most of them being Perle branded. Any info or alternative ideas while I'm digging further into this is very much appreciated.
Fiber Vs Copper
Currently I have 300/30 (get 360/25) business class via Spectrum, I pay $169/m with 1 static IP (no contract). I have an offer from a local provider GWI to get 100/100 fiber for roughly the same cost but a 3 year term, I work from home and don't need upload terribly but it does help. Which should I go with? Recently we lost our internet for 8 days due to a windstorm (we didnt lose power but the node that im connected to did). Latency isn't terrible but 32ms is the lowest I get, I dont get much speed drop. But not sure what I will benefit from. Any guidance is helpful. I really want 1gb but its not doable here at any sort of decent budget. They have yet to offer residential here for fiber.
Unable to Console into 3 3750 E Switches
As the title says I have 3 3750 E switches that were removed from a stack yesterday. I have tried to console into each one and cannot. I have tried rebooting holding mode until syst light flashes amber then solid. I have booted the switch waited until it loads then held the mode button until all of the lights go solid. Nothing will put this this into a mode that I can console into it. I have used Putty and Tera Term all i get on the terminal screens is a bunch random characters nothing that makes sense and no command prompt to try to reset these. Normally I would think that points to a driver issue so I just re-installed the USB to serial driver today on my computer. I have also tested my cable and computer to console to a switch in production and I can console with no issue. All of these switches were working yesterday. Completely lost and I can't find anything online that can explain what is going on. Was hoping to re-purpose a few of these switches for an imaging station. Any assistance is greatly appreciated.
EDIT: I actually just tried to log into the 3rd one and I can get into that one. Is it possible that the other 2 have their console ports bricked but still working because they were in a stack? Doesn't make sense to me but at least I can get into 1/3.
Cisco ASA Port Forwarding Issue
I'm running into an issue where placement of NAT rules is breaking my port forwarding rules. I figure it's a simple mistake/oversight on my part that can probably be answered quickly without posting the config.
Three interfaces. Outside, customerA, and customerB. I have PF rules (NAT object) for customerA. After that I have two basic NAT overload rules for customerA and customerB to allow inside to outside traffic.
If I move customerB's NAT rule in front of the customerA's PF rules.. they break and the server is no longer accessible from the Internet. They are very different, non-overlapping subnets (192.168 and 172.17). Nothing shows up in the ASA logs about a denied connection or connection built at all and I cannot access the server.
Any idea why this would happen?
I can move S2S VPN NAT rules in front of the PF rules to other remote sites and the PF for customerA still works. It just doesn't like customerB's inside to outside nat overload in front of it.
Appreciate the suggestions! I can sanitize the config and post it if necessary, but NAT rules in question are as basic as explained.
EDIT:
nat (inside,outside) source static SanDiegoFO SanDiegoFO destination static HQ HQ no-proxy-arp route-lookup
!
object network TrackUserUDP
nat (inside,outside) static interface service udp 30014 30014
object network TrackUserTCP
nat (inside,outside) static interface service tcp 30014 30014
object network TrackDeviceTCP
nat (inside,outside) static interface service tcp 30015 30015
object network TrackDeviceUDP
nat (inside,outside) static interface service udp 30015 30015
!
nat (TSCM,outside) after-auto source dynamic any interface
nat (inside,outside) after-auto source dynamic any interface
object network TrackUserUDP
host 172.17..
object network TrackUserTCP
host 172.17..
object network TrackDeviceTCP
host 172.17..
object network TrackDeviceUDP
host 172.17..
TSCM interface is 192.168.. inside interface is 172.17..
IPS Critical/High alert - What's your process?
I recently took over a Systems/Networking admin position for a mid sized company(500ish employees, 50 sites). We have a Fortinet firewall partially managed/hosted by our MPLS provider.
Prior to me being here they really didn't do anything with any of the IPS Critical/High alerts, they weren't even being notified when they occurred. What is your process for investigating, and processing these kind of alerts? Do you block the IP or the whole range? Do nothing? Any other tips or advice?
Running 400' of coax because the desert needs the internet
Hey guys. I hope you can give me some feedback and criticism on an idea I'm tossing around.
The current setup: Three buildings in the middle of the desert need internet so some scientists can submit lab results from time to time. They currently get 5Mb/second which is not enough. I've arranged to get new satellite internet out there that is 25Mb/second which will easily be what they need since their demands are so low. But my questions lie in how to get internet to all three buildings.
The buildings are each 400 feet apart. Ethernet can't handle that distance adequately, Fiber is OVERKILL for speed, cost, and also durability against the harsh desert elements is questionable (extremely hot summers, extremely cold and snowy winters). So my currently plan is this:
I feed satellite to the center building as an MDF to my main router/switch/servers/WAP etc. From that switch I use x2 media converters to go ethernet to coax, and run two lines of burial grade quad shielded RG6 in two directions to both of the side buildings. In the buildings I convert back to Ethernet and into two more WAPs.
My questions are ... does this sound like it'll work? Haha! I haven't worked with coax nearly as much as fiber so I'm unsure if the coax will be shielded enough to not get massive amounts of interference? Do I need to bury my lines to avoid interference? Will that distance have too much data loss? Should my coax media converters be MoCa 2.0 or if i can get by with simple DECA adapters? etc.
On paper when I look at signal loss numbers, and distance limitations it seems like it'd be... fine... but paper vs real life can be very different... and again I REALLY haven't worked with coax much.
I'm open to all ideas and criticism, but does this sound like it'll work?
Cisco TDR Test - Normal for one pair to be long?
Is this a "normal" result? The pair status claims normal, but Pair B is wayyy longer than the others. I'm trying to remotely troubleshoot an intermittent issue with a 8851 phone dropping. The error code is ReasonForOutOfService=26 -- TCPclosedVlanChange - The device closed the TCP connection due to reconfiguration of IP on a new Voice VLAN but I haven't touched the switch or voice VLAN configuration.
STACK#show cable-diagnostics tdr interface gigabitEthernet 2/0/20 TDR test last run on: December 28 02:37:19 Interface Speed Local pair Pair length Remote pair Pair status --------- ----- ---------- ------------------ ----------- -------------------- Gi2/0/20 1000M Pair A 39 +/- 10 meters N/A Normal Pair B 187 +/- 10 meters N/A Normal Pair C 31 +/- 10 meters N/A Normal Pair D 32 +/- 10 meters N/A Normal
What exactly does it mean when a carrier uses another telco's network?
http://ift.tt/2DpbCVj <-- Example http://ift.tt/2ChokGx <-- Virtual networks?
If X company uses Y companies network, does it mean that X company will get the full coverage and speed of the Y network?
The same coverage and speed that Y customers would get?
Or would X company be handicap in some way?
Nexus 5k - move an HSRP member w/o downtime?
I have a pair of 5596Ts which are set up as vPC and HSRP peers. They own all SVIs for vlans in a DC. 5k1 is primary, with 5k2 as secondary. They are basically being used as a core and handling all L3 for this location, but doing all 10g server access as well. The only member with orphan ports is 5k1.
Background - A few years ago, having zero Nexus experience, I asked our then-MSP(the guys who built the damn setup) how we could go about physically removing one of the 5ks to begin the process of moving into our (then new) DC. I was told to simply power down, de-cable and have a nice day. Go in after the fact to the remaining Nexus and remove all HSRP and vPC config. Great, except that when I powered off the second unit, all traffic stopped flowing.
Question - I'm now in a situation where I need to bring 5k2 into a different rack. In theory, because everything is HSRP and vPC, I would think that I could power it down, move it and bring it back up without impacting traffic, but history has shown me otherwise. Am I missing something here or do these things completely shit the bed when a member stops responding to heartbeat?
Current OS is 7.1.3 off the top of my head.
Wireshark-type app for Android?
Just curious if there is an equivalent app for Android that does essentially what Wireshark does.
just searching wireshark in the app store shows a couple packet capture programs, but before I download anything, I thought I'd see if there's something out there that you guys like.
thanks in advance.
Help: Accessing blocked sites with PuTTY.
Hello I am working in a company which it's use a router with application called "Fortinet", this Fortinet blocks almost every page except google and few other sites. Even proxy VPN softwares can't connect through it. After I searched about solution I found out that there is a software called "PuTTY" can help to access these blocked site from Fortinet. After the first use of it, it didn't works and I get message saying
PuTTY Fatal Error Network error: Connection refused
I hope someone can help , I am a beginner in these things, so please explain it with details if possible. Sorry for any English mistakes.
Wednesday, December 27, 2017
ACI SDK (acicobra) Download?
I've been working throug the Cisco devnet ACI programmability tutorials and hit a bit of a roadblock. They want me to install the SDK (called acicobra) but they don't give any direct links to the files. They only hint that they'll be available and a certain URL on your APIC, considering we haven't implemented ACI yet and all of my Cisco reps are on vacation (trying to get in a little downtime education) I'm wondering if there isn't another way to get these .egg files? Some download link I'm just not seeing? Something in the Cisco software catalog I haven't found? Or am I really up a creek until I can get my APICs up and running? Just seems weird to have all of these learning modules on devnet and no way to download the SDK files outside of a production environment.
CableIQ without Windows?
I've had a CableIQ tester for what seems like forever. There have been no firmware, driver or application updates in years. Is there any way to do anything with test results without a Windows PC (or Windows VM)? It would be great if I could use a Linux or Chrome app to download and process test results. Alternatively, even the ability to get the data off the tester and into cloud storage using an Android device with an OTG cable would be great.
Deploying 464XLAT for IPv6 only customers on a small WISP network
I run a small WISP and ARIN won't give us any more IPv4 addresses. They were happy to give us an IPv6 block, and so after more than six months of research and testing we have deployed our first half-dozen or so IPv6 only customers over the past few weeks. This documents the tools we have used to do it.
Hopefully this will help someone in our position. I would love feedback to make the writeup (and possibly our configuration) better.
(and yes, this is my blog, I have no ads and gain nothing but network/cpu load from traffic)
Be sure to use built in cable testing on switches... tdr!
I ran into an issue where a punchdown only had the orange and green wires terminated. Cable testing helps! After the port was re-terminated, the remote netgear was still in half duplex due to the one side being in auto-negotiate, and the other side forced to 100-Full. Usually, I just swap the port to auto-negotiate and it's fixed, but I'm working on a tool to automate issues using the output of tdr testing. Thought I'd share the output of these three cases. 3560X -> Netgear 108T
Run this command to test cable --->
switch# test cable-diagnostics tdr interface gigabitEthernet 1/0/13
Run this command to see status if a working port --->
switch# show cable-diagnostics tdr interface gigabitEthernet 1/0/13 Interface Speed Local pair Pair length Remote pair Pair status --------- ----- ---------- ------------------ ----------- -------------------- Gi1/0/13 1000M Pair A 69 +/- 10 meters Pair A Normal Pair B 69 +/- 10 meters Pair B Normal Pair C 69 +/- 10 meters Pair C Normal Pair D 69 +/- 10 meters Pair D Normal
With duplex mismatch --->
Interface Speed Local pair Pair length Remote pair Pair status --------- ----- ---------- ------------------ ----------- -------------------- Gi1/0/13 100M Pair A N/A N/A Not Completed Pair B 0 +/- 1 meters Pair A Normal Pair C 0 +/- 1 meters N/A Normal Pair D 0 +/- 1 meters N/A Normal
With data only crimp --->
Interface Speed Local pair Pair length Remote pair Pair status --------- ----- ---------- ------------------ ----------- -------------------- Gi1/0/13 100M Pair A N/A N/A Not Completed Pair B 0 +/- 1 meters Pair A Normal Pair C 75 +/- 1 meters N/A Open Pair D 72 +/- 1 meters N/A Open
What's a good router for office with 10 people, using gigabit fios?
Sad to learn that our current "gigabit" router is not gigabit and we cannot get full internet speeds, I need to get a new router for our office. Nothing special, just routine data transfers, lived with 50mbps for years, so obviously we don't need the fastest router, but now that we have gigabit, need something to utilize that speed. Everything else in our network is gigabit.
Thanks.
IP network scanner
Hi all - I'm looking for a new IP network scanning tool recommendations. Free is good, but would pay a little bit based on feature set. I'm currently using Advanced IP Scanner, and finding that it is not returning all the devices on the network. For instance, I had a network AP that I have ICMP enabled on and can ping it from a command prompt, but when I scanned the network using Advanced IP, it didn't register (I had to go look in the DHCP table to get the IP). It also caches scan results, so if I run a network scan on 192.168.1.0 at Client A and go to Client B and run the same scan, it will show me results from Client A. This forces me to have to go into a menu option and clear the cache (no shortcut key).
What does the community use? Thanks!
EDIT: might help... windows 10 with the linux subsystem installed
Is SmartNet needed for access point firmware upgrades?
I’ve seen similar conversations pop up on here. For example,
However, I can’t seem to find anyone with experience in exactly what I am wondering about. That post mentioned switches and ASAs, but I’m wondering about access points.
I’ve got over 175 AIR-AP2802I controlled by a 5520 WLC. Do I need SmartNet on every one of those APs in order to update their firmware?
I’d like to cover the WLC and at the most 1 AP so that I can receive firmware updates. I’ll have spares on hand to use if one should crap out. RMA that, and put it back on the shelf once it arrives.
I have seen where others have done this with access switches, but I cannot seem to find anyone with experience doing it with APs.
Any insight is appreciated.
Patch to patch cable
This may seem like an amateur question but our IT supplier is currently out of stock for cat6 patch panels. We can only be supplied 5e panels to use to recently installed cat6 cables and patches. Are there any limitations to this setup? Considering cat5e and cat6 both run 1G at 100m? But 10G on the patches (since it's 1 metre long) connecting to the 5e panels?
Small mfg floor/office using Ubiquiti kit
I have been asked by a former co-worker (at an ex employer) who's finally splitting out on his own, to help come up with a list of kit for him to deploy in his new engineering/manufacturing space. It's a small space and won't have that much actual hardware required, but he'll need a few TB of NAS, a 1GBPS switch setup, and Wifi over part of the floor with the ability to easily expand it's coverage.
I'm thinking of Ubiquiti for the switch and wifi portions, and a Synology for the NAS. Easy and affordable, and let's him centrally manage it without a ton of experience (minimizing his calls to me in the future). I just don't know enough about the Ubiquiti line to make the right calls on those parts...
From what I can tell a US-8-60W switch should be fine to come off his ISP router and then feed the APs with the POE ports, and the NAS off of the others.
For the AP's I'm looking at UAP-AC-LR-US because the price point is nice for him, and the long range means he can start with 1 or 2 and possibly get all the coverage he needs at AC speeds.
I don't quite have the sq footage of the place from him yet, but I'm set to get a peek at it in the next week or two. I don't expect it to be more than a standard house size, nice and open without obstructions.
Thoughts from Ubiquiti users/SMEs?
Bonded Internet for the Digital Nomad in Rural Areas
Hi there, some of the sweet spots on this Earth have crap internet. However, I'd like to work/play in these areas. I've been doing research about bonded internet. This seams to be a solution - several companies have hardware devices for these - but which is the best? From the websites out there, these companies rarely advertise price - this one however does - Bodi BD004 Any suggestions on what would be a good hardware device for areas that have 1) 4g/3g and wireless connections - albeit < 4mb?
Cisco ASA/Wireshark question
This is a little puzzling. There is an office using a cheap linksys router to do port forwarding to their DVR so that they can access from a public ip address. this office with the DVR isn't on the network and it's part of a piece of the company we're divesting. Anyway, they're using port 2000 and 3000 to port forward to a couple of different IP addresses/DVR servers in their office.
One of them works and the other one doesn't. Ive done packet tracer as well packet capture on both flows and everything looks good.
if i telnet to publicipaddress:3000, i get some wingdings indicating i made a good connection.
if i telnet to publicipaddress:2000, i get an open connection but no wingdings. If i do the same test at our DR site with a different internet connection, it works on both of them.
I ran wireshark on my computer and noticed the one that doesn't work, (port 2000) I noticed after about the 3rd entry the window size value is 64813 and the calculated window size value is 64813. in fact after this entry all of the window size values and calculated size values are the same. While the one that does work, the values are different.
you know how it goes. if you don't know what you're doing, just compare 2 things, one that works and one that doesn't and spot the differences. :)
Talking with a LISP - A LISP Post
Hi all,
It's been awhile since I did a proper post on reddit and with the xmas break I finally managed to finish one! So if anyone wants to read about LISP and such then you can do so at my blog here.
Since I'm lazy over the holidays I won't convert this one over to reddit so if you don't want to click then enjoy this holday CAT!!!
Using a USG and a managed switch, how can I choose a subnet based on assigned VLAN?
Hello!
I am upgrading my network and got a Unifi USG and a Zyxel GS1548 gigabit network switch. I want to connect both my regular stuff (say, ports 2-16) with a subnet of 10.0.0.X/24 and my servers / homelab (ports 42-48) with a subnet of 10.0.1.X/24. The USG I have only has two ports, so I thought I would assign both groups of ports to a VLAN and have the USG pick IPs based on that. However, I can't seem to get it to work.
I made a new Network on the Unifi controller, gave it the new subnet range and told it to use VLAN 200. Then I made a VLAN group on the switch with ports 1 (uplink) and 42-48 (my servers) to tag egress traffic. But it doesn't work. No matter what combinations of tagging / untagging I do I either can't get a connection or get assigned an IP in the untaged range.
I've been stuck on this for a while now and my family is frustrated that the WiFi keeps going down when I test things. I would appreciate any help you guys can give me, thanks!
Somber reminder to take care of yourselves
Yesterday we had a guy on our team pass away right in front of us. EMS was there about five minutes from the 911 call that went out immediately after he collapsed. He was gone before they wheeled him out on the gurney. Nothing any of us nor the EMS could have done. Suspected cardiac arrest.
Make sure you guys and gals are taking care of yourselves. Most of us work in a sedentary and high stress setting. Take time to get up throughout the day to take a walk. Try not to eat out so much, get some exercise, and find a good stress relief. Tell those close to you that you love them and squeeze your SO and kids a bit tighter tonight.
Sorry if this isn't really the place for this. Mods feel free to remove it if you need to.
Free RADIUS Servers with GUIs?
Is there a well-maintained RADIUS Server with a GUI? Both Radiusdesk and daloRADIUS (for FreeRADIUS) look dead to me.
Vendor Firewall Upgrade - Vendor Feedback
Fellow Network people, I would be forever grateful for any feedback on your real world experience using/supporting/upgrading/issues with Palo Alto, Juniper, Fortinet, Cisco ASA firewalls. We will be upgrading our vendor firewalls in 2018 and we are still trying to narrow down the company to use. We are currently using Juniper SSG140's with OLD Netscreen code, so anything will be an improvement. Not looking for model recommendations or anything, just real world feedback from the boots on the ground using these devices, not the VARS trying to sell us on what they get the biggest cut from. Thanks in advance.
Hey, I don’t even know if this is the right sub for this but
Before I start, I’d like to say this is on Windows 10. I bought a PC to me from me for Christmas, but it won’t connect to my wifi network. For some odd reason it doesn’t show any available networks, and when I click on network settings it takes me to the VPN section. Now, I have no clue about what VPN is, or how to fix my PC so I can connect to my wifi. Any help?
Need help troubleshooting a network issue
Hi! I need some help to understand what's the problem with my setup.
I've recently deployed a wireless network solution with Unifi devices, combined with two small Cisco switches (sf-110d) and a Mikrotik router.
These two Cisco switches are about 150ft/50m apart. Once or twice a day the link between these two switches goes down (led off). All the other ports are unaffected. The switches are unmanaged and new. Unplugging and plugging back the UTP cable restores the link between these two switches.
Also, till a couple of days ago we had a TP-Link switch in one of the ends, presenting the same behaviour. It was replaced with a new one (Cisco) to discard any possible fault but the problem is still there, no matter which switch we use.
I suspect in the UTP cable or RJ45 connectors. I replaced yesterday one of the ends but it didn't solve the issue, ...last night had the same problem again. I plan to replace the other end today.
My doubt is if there's something else that can trigger this kind of failure. Spanning tree is not an option AFAIK, ie: we use non redundant topology. I still don't understand why simply unplugging/plugging the UTP connector restores the link. Is this a physical or logical issue? Any ideas?
Thanks in advance for any help.
SMF vs MMF on SRX650
Hello All -
My experience with fiber has been minimal. Basically just 850nm MMF, the orange wires, and thats it. Usually in-rack or jumping to another rack for cabling.
Now I have a cross connect with a counterparty in another datacenter. The ports installed at the patch are SMF. This is my first time using SMF and I have some questions (since I already bought the wrong parts...) as my understanding of SMF is flaky at best. I guess so is my understanding of MMF but I really never had to get in to the weeds with these details before
Is SMF literally just one way per cable? This is my understanding vs MMF which has the two cables for TX/RX purposes but to my understanding and SMF TX or RX per line. I say this because I have 4 total ports installed at the patch and I've been told that they are active/backup. So my best guess is I need 1 cable for the primary to receive and 1 cable for the primary to transmit and again for the backup line - is this correct?
To that end, what SFP's do I need to buy? The only thing I could find was a 1310nm which is SMF but this still has two holes for the fiber wire, which is what is leading me to believe what I ask above is correct. The only single holed SFP I was able to find was 1000BASE-BX which I definitely dont think I need. I have an SRX650 with an 8-Port Gigabit Ethernet SFP XPIM (http://ift.tt/2E20D5c)
Again, way out of my league here so wondering if you can help
Nexus 5k install all and reload
I can't find the documentation. After an 'install all' with a disruptive upgrade, does the switch do a 'reload' or a 'reload power-cycle'?
I'm trying to figure out if I have to reload it twice bc of "After a successful power sequence upgrade, you must switch off the power to the system and then, power it up"
Advantages of using a Macbook?
Every networking event I go to (local meetups, Cisco live, etc) I see way more people with mac books over windows. Is there a solid reason that I should consider using a Mac book for my next upgrade for my 100 percent Cisco networking environment? I have no real personal preference for the OS, I have experience with both, but we are a mostly windows shop, and I need to see if there is any reason for me to push for Apple for my office.
Google Wifi or Netgear Nighthawk To Cover a Dead Spot
The wifi in my house is horrible, and I have been giving serious consideration to going to a Mesh system. Where my router and Modem are currently located, is in my home office where my fiance does her work from home, and where I need a decent wifi connection, is in my game room upstairs.
Now, the wifi router that Optimum gave us (a D-Link DIR-868L router paired with a Arris TM822G Modem) doesnt quite reach the game room, even though its roughly 150 feet away, like one room over upstairs from where its located.
I have an Amped SR20000 located in the room right above the office, and I still find the wifi to be severely lacking in my gaming room, with drop outs constantly happening, and just horribly slow speeds. It doesnt help that customizing a Optimums router is a chore.
My questions are whether I hooked a Google WiFi mesh system would alleviate the slow connections and drop out, or if I should go for just the Nighthawk and keep my Amped bridge, if I still have a weak connection in my gaming room with the Nighthawk installed.
I just dont know if I want to spend the current price of $269 for Google WiFi or the far better price of $199 for the Nighthawk. I feel like the nighthawk will give me the boost of range I need, or at least enough power to give a better signal to my Amped extender, so there wont be as much of a connection loss.
I feel like mesh networking would just have inherent latency issues, like having multiple extenders dont give you faster wifi, just more consistent wifi. I want stronger signal with the least amount of speed loss, in literally just one spot of my home, and my current router and Extender solution isnt helping as much as Id like.
Which would get me the best bang for my buck?
IP on link
My company is planning to overhaul their current network to full Cisco. 2 ISR routers and 3 L3 switches. Unfortunately they don't have a dedicated line with a single IP. Can I not configure the wan link to the ISP and use a default route for internet traffic? Or I would have to configure an IP on the interface before it works?
Thanks
why is bgp timers set at 60/180?
Why are bgp timers set so high? What inherent characteristics does bgp possess to warrant such high keepalive/deadtimers?
If I do NOT use BFD, then is setting the bgp timers as 5/15 (for example) ok?
Tuesday, December 26, 2017
SlimLine CAT6 run
Can't find a whole lot of documentation on this (I searched!). I purchased 1000ft of SlimLine CAT6 to run a few APs at work, and can't for the life of me figure out how to crimp these properly.
The pairs are the diameter of human hair (almost), and will not be coerced at all into staying lined up to be used in a connector. I know people have used this stuff successfully for patch panels, but I can't for the life of me imagine how these were crimped.
They are also so thin, they won't stay in a keystone jack or patch panel. The weight of the cable itself pulls it right out of the patch panel - and in a keystone jack, the pairs are so thin they aren't making adequate contact.
Long story short - what are best practices for this type of cable?
Rant Wednesday!
It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related.
There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves!
Help with resume and career advice?
Hi guys, I need some help. First with my resume and secondly with some life advice, normally I wouldn't reach out to strangers but there not really anyone I know personally in this field I can speak with ti get advice from.
First, I'm 21, currently enrolled in an It Networking and Telecommunications B.S. program at a local community college part time, and I work full time as T2 contracted phone support for a certain fruit based technology company.
I have an A+, my Associates(general ed.), I recently got my CCENT, and I'm working on my CCNA. I'm trying to see if I can get a new job as I don't like my current job very much. It pays a lot better than fast food, but its very stressful, the customers are rude, and short tempered and much, much more. I feel as if I've learned everything I can here and the work environment has become more stressful and anxiety driving since I started working here. Various co-workers I started working with have quit since the begging of the year.
I'm trying to see if I can find a job at an NOC or as help desk for an actual organization rather than glorified phone support. I'm wondering If trying to get into such a roll with what I have and a years experience is over-reaching?
Should I finish my CCNA, get a Sec+, then start looking again in February? Or do you think what i have right now would be enough with a good resume. Also, please help me with that as well. These would be the first "Real" jobs I've ever applied for, and I'm the first person in my family to work anything other than minimum wage or construction.
The reason I ask is because I really hate the job I have and I think I'm a few customers away from blowing my top.
Any help you guys have got to give would be really helpful here.
Edit: Am I allowed to post my resume here for some critique and help. I've been sending to interesting help desk and anything with "JUNIOR" and "NETWORKING" to it.
Basic DHCP Question
I'm using a Linksys LRT224 router. Been adding devices to the network and DHCP has been assigning them IP addresses. I'm then going in through "IP/Mac Binding" and assigning each one a static IP address within the DHCP range. The static IP is "taking" and I can access the devices through the newly assigned static IPs. However, when I click on "DHCP Status", it's still showing the old IPs which were assigned by the DHCP server. How do I get this to update?
Thanks!
Trying to understand this particular VLAN configuration (Dell N3000 & SonicWall)
Hi guys, I'm an idiot trying to wrap my head around VLANs, specifically with one particular configuration I have set up. First thing, this has been set up for a while now and it's working fine, as I had help from Dell support. I'm just unclear on how this works.
Overview: I set up two VLANs, one for corporate wifi and the other for guest. Two SonicPoints (wifi access points) connect directly to specifically configured ports on the switch, then a third port connects to X3 on the SonicWall. I then can further apply rules to each wifi zone from the SonicWall.
SonicWall firewall which has these zones of interest:
- LAN: X1
- WLAN: X3
- WLAN-Guest: X3:V200
PowerConnect N3048P:
- VLAN 0 - Default data VLAN (not tagged)
- VLAN 2 - Corp wifi
- VLAN 200 - Guest wifi
Here are the port configurations on the switch. The first two connect to SonicPoint access point units, and the third connects to X3 of the SonicWall:
interface Gi5/0/25 switchport mode general switchport general pvid 2 switchport general allowed vlan add 2 switchport general allowed vlan add 200 tagged exit ! interface Gi5/0/27 switchport mode general switchport general pvid 2 switchport general allowed vlan add 2 switchport general allowed vlan add 200 tagged exit ! interface Gi5/0/29 switchport mode general switchport general pvid 2 switchport general allowed vlan add 2 switchport general allowed vlan add 200 tagged exit
My confusion:
- In the switch config, why does VLAN 200 have "tagged" added next to the command but 2 does not?
- I thought VLANs were always tagged (except the default VLAN) and that's how traffic was differentiated
- I don't understand how VLAN 2 and the data VLAN could both be untagged and still separated as VLANs
- I do see that the PVID of each port is set to 2, and that each port allows traffic from 2 and 200. So based on this, I am assuming that VLAN 2 and 200 tagged from the perspective of the switch, but only 200 is tagged from the perspective of the SonicWall.
- Does this mean that the switch is tagging only VLAN 2 and the SonicWall is tagging only VLAN 200, but the switch is allowing traffic from both VLAN 2 and 200?
Security Engineers of Reddit, what does a typical day look like for you?
I know it changes a lot and varies depending on the company, but if you could, please share what you do on a day to day basis.
CAT6A Network Equipment
Just wondering what kind of tools everyone is using to make CAT6A cables. Before anyone says cat6a is overkill, I work in datacenter and we are upgrading our network connections from 1gb to 10gb.
I have been a long time user of platinum tools, but I do not think it will support cat6a. Is anyone crimping with the below setup?
Platinum Tools 100054C Clamshell EZ-RJPRO HD Crimp Tool and Shielded EZ-RJ45® for CAT5e & CAT6 with Internal Ground
My gut feeling it is not supported. I am looking at:
TitanXg™ 2.0 Crimp Tool and RJ45 CAT6A 10Gig Shielded Connector
Does anyone know an easier/faster way to view what COM port is in use in Windows 10?
I've been doing nothing but pushing out Palo Alto's and Aruba switches for a few months now. The most frustrating thing for me is when I need to go into computer management or the device manager to see which COM port number Windows has decided to use. What I'd love is some kind of tray widget or something that just says COM6 or something once I've connected a console cable. Does anything like that exist? So far the fastest method I've come up with is to hit WIN+R and type in devmgmt.msc and hit enter... then I usually need to rescale the window or scroll down.
Source of file on PaloAlto WF-500
HI
We use palo alto WF-500 ATP.
So I can see some url filtering logs which have blocked access to a malicious domains, the source IP for these is the VM machine inside the WF-500 ATP.
This indicates the PA FW sent a file to the ATP which was then run by the VM machine and it is this file which tried to communicate to the malicious domain.
However how can I find out which client on the network was downloading this file while the PA sent it the the ATP appliance?
Thanks.
MVRP in multi-vendor environment
Hi all. I wanted to ask for experiences about MVRP. Did anyone deploy it on Cisco Devices, or even in an mulivendor environment?
Is it recommendable?
Monday, December 25, 2017
Meowry Christmas
So, it's that time of year again. Makes me wonder: do you have a vendor wishlist, or feature wish list?
For example, I'd love a switch that will tell you a list of .1q tags ingress (and associated mac addr), without any specific configuration. I'd also like a "who speaking to me at layer 3" feature on p2ps. And maybe an associated BGP feature.
So, kids, what do you want santa to bring you?
Your best practice regarding Microsoft SFB ?
Hi guys,
How are you dealing with those crazy udp ports that needs to be open for Ms sfb ? Tons of destinations to add so finaly one have the option to open those specific udp ports to internet which is scrary!
Thanks for sharing.
Can't create hurricane electrics tunnel. IP is not ICMP pingable. Please make sure ICMP is not blocked. If you are blocking ICMP, please allow 66.220.2.74 through your firewall.
Hi everyone, so I've been trying to create a tunnel on Hurricane Electrics, but I constantly get the error which is the title of this post. So this is part of a school project but our proffessor didn't say much after I've showed him the error,but to disable firewall, which I did. I disabled my router firewall, I created a new rule for ICMP allowing it to go through the firewall on my pc, but yet i keep getting the same error. I've tried vpn or proxy thinking it would fix it but no luck there either... So I get that port mapping or DMZ could help me but don't really know how to use them or set them up so that it would work, so if anyone can help me please do.
Get the JO Media android app FREE
Get the better experience. Get the JO Media android app FREE!
FEATURES Great tv channel with lots of positive content and variety.
A very interactive social network.
Receive notifications on Jobs, Sale, Real Estate & more on your mobile phone/device.
Games & more
If you're in business, you can notify your clients/customers of Sale, Specials & more using this app. All this in 1 awesome app.
FREE DEMO AVAILABLE
CLICK HERE TO DOWNLOAD http://ift.tt/2zrM9rU
Moronic Monday!
It's Monday, you've not yet had coffee and the week ahead is gonna suck. Lets open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarassed to ask!
Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected.
Sunday, December 24, 2017
Firewall rules best pratice
Has anything changed with regard best pratice on what ports to enable on a firewall rule set? I have a rule set that permits destination HTTP(+UDP), HTTPS(+UDP), DNS(UDP), NTP(UDP),IMAP4S(TCP),Submission(TCP) and SMTPS(TCP). I'm seeing hits on the deny for really weird ports like 8545, 32414 etc. It's mostly mobile devices for apple and google play. I'm debating if I should keep it restricted or just open it up.
Does QoS not exist anymore?
Hey /r/networking, I haven't done a network role in almost 2 years now, so I'm relying your subreddit's expertise here. Does QoS no longer exist?
I know this is a home networking related question, but my bigger question is for the enterprise world in context of home networking. Every provider I've had for the home thus far including Frontier, COX and Spectrum have all provided QoS options either on the ISP provided router or a customer provided one.
However, I recently moved to Fullerton California and the only fiber provider is AT&T. QoS is not an available option on their managed router and AT&T refuses to let me use my own router. This doesn't surprise me, as when I used to work network support for a grocery chain AT&T was one of the shittier LEC's to work with.
With that said, can anyone confirm in the enterprise networking world if QoS is no longer a thing? Just want to make sure I'm not crazy.
Merry Christmas btw.
Help with internet protocols?
Can someone explain to me what internet protocols are and some examples of them? I’m taking a networking class and I’m kinda confused.
P.S. Happy Hollidays!
What are your network related "failures" from 2017?
A corollary to the post about achievements. What has been something you either broke and learned from or something another party bungled that you had to diagnose and fix?
Mods, if you hate this post, then delete it (and mutter BahHumbug! as you do).
Cable Internet going in and out - mostly out. Help Diagnosing?
So my Northland cable internet started dropping out 3 days ago. Northland says they cant get out here until Wed-Thur of next week, so I'm trying to figure this out myself as almost everything we got for my youngest son for Christmas depends on having the internet. =-O
The cable line runs straight from the street pole (there's a inline splitter on the pole) via 50ft of coaxial to my houses wiring panel outside. There's one line in to the house. From that line it goes 20ft to my modem.
Now. When it first went out I had a splitter before the modem (from the wall in our house). I removed that splitter. Reset the SurfBoard modem and the internet connected. Was on all night. Woke up the next morning. No connection.
Took the modem outside and hooked directly to the line coming from the street pole. Same thing. No connection.
I took the modem up to the local Northland Office yesterday, they replaced the SurfBoard with a Arris Gateway. Came home. Hooked it up. The Arris modem connected right from the start. Worked all night. Had great speeds etc. Woke up this morning. No connection again..
I've power cycled the modem etc. Still no connection. This is whats in the modem error log.
1/1/1970 0:41 82000900 5 B-INIT-RNG Failure - Retries exceeded;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 0:41 82000200 3 No Ranging Response received - T3 time-out;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 0:44 82000900 5 B-INIT-RNG Failure - Retries exceeded;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 0:45 82000200 3 No Ranging Response received - T3 time-out;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 0:48 82000900 5 B-INIT-RNG Failure - Retries exceeded;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 0:48 82000200 3 No Ranging Response received - T3 time-out;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 0:50 82000900 5 B-INIT-RNG Failure - Retries exceeded;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 0:51 82000200 3 No Ranging Response received - T3 time-out;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 0:54 82000900 5 B-INIT-RNG Failure - Retries exceeded;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 0:54 82000200 3 No Ranging Response received - T3 time-out;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 0:57 82000900 5 B-INIT-RNG Failure - Retries exceeded;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 0:57 82000200 3 No Ranging Response received - T3 time-out;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 0:59 82000900 5 B-INIT-RNG Failure - Retries exceeded;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 0:59 82000200 3 No Ranging Response received - T3 time-out;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 1:02 82000900 5 B-INIT-RNG Failure - Retries exceeded;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 1:03 82000200 3 No Ranging Response received - T3 time-out;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 1:06 82000900 5 B-INIT-RNG Failure - Retries exceeded;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 1:06 82000200 3 No Ranging Response received - T3 time-out;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 0:03 82000900 5 B-INIT-RNG Failure - Retries exceeded;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
1/1/1970 0:03 82000200 3 No Ranging Response received - T3 time-out;CM-MAC=38:70:0c:66:de:9f;CMTS-MAC=00:01:5c:33:b6:0e;CM-QOS=1.1;CM-VER=3.0;
This is the modem connection page
RF Parameters Downstream DCID Freq Power SNR Modulation Octets Correcteds Uncorrectables
Downstream 1 4 123.00 MHz 5.10 dBmV 40.37 dB 256QAM 170392 287 853
Upstream UCID Freq Power Channel Type Symbol Rate Modulation Upstream 1 4 23.00 MHz ---- ---- ---- ----
Status
System Uptime: 0 d: 0 h: 09 m
Computers Detected: staticCPE(1), dynamicCPE(0)
CM Status: DS_TOPOLOGY_RESOLUTION_IN_PROGRESS
Time and Date: Thu 1970-01-01 00:09:52
Now before this started there was a guy going pole to pole on our street installing what looked like splitters or something. Not real sure. We just noticed he would stop at every pole, hop in his bucket, spend 5 minutes screwing something onto the pole then move on to the next. Possible related?
What I'm not understanding is when I removed the splitter on the Surfboard modem. I got connection. When I changed modems. I got connection.
Honestly seems like a issue on Northlands side of things. I told them I had the same issue when I hooked the modem directly to the cable outside of my house. They still insisted it was a issue on my end..
Summarize using RFC1918
Hi all
A couple of months ago I was tasked with migrating our 3 US offices + DC from an existing l2vpn (full mesh with our UK DCs + EU sites) to an isolated l3vpn with a new provider, we will be peering with managed CPEs using EIGRP. The new WAN environment will include the US sites + the UK DCs, with the UK acting as a transit between the US and the rest of our environment. The UK site is our HQ.
All of our sites will be advertising /16 summary routes 10.x and the US DC will advertise a default route for the US sites + a couple of /24 DMZ subnets 192.168.x.
This project is taking a long time to get going due to things outside of my control so i have had a long time to ponder over my design and now having doubts! My plan was to summarize RFC1918 on the UK interfaces towards the new l3vpn. This means the routing tables in the US sites should only have:
3 x RFC1918 routes, 3 x /16 from the other US offices, 2 x /24 DMZ subnet from US DC, Any number of public static routes advertised from elsewhere and 1 x default route from the US DC.
I labbed this up in GNS3 and it seems to be sound but i still feel like i may be missing something. Can't seem to find any route summarization examples using RFC 1918 but my only other option is to just allow all global sunbets to be advertised and summarize what i can.
Any one done something similar?
Subscribe to:
Posts (Atom)