Hi Guys was curious if anyone has ever ordered the Cisco Routing and Switching training bundle from INE.com. I saw that they had a sale for May 4th for the weekend and just ordered it today.
If anyone has ever ordered it would you happen to know if its just videos or just books etc...
If my post is against the rules my apologies in advance.
So I don't know much about networking and am struggling to figure this out.
I'm trying to find the optimal location of a VPS to reduce the latency for my trades on the Bittrex crypto currency exchange. I've tried a basic traceroute which leads me to a cloudflare server so I'm kinda stuck here. I suspect that it would be possible to trying making a request from various locations and seeing how long they take/which cloudflare servers it's sent to and figure it out that way, however I don't have access to any other IP's to try it with.
Is there another way to do this or can someone help with this please?
Here is a sample request url from their API that returns a JSON ticker value. https://bittrex.com/api/v1.1/public/getticker?market=BTC-ETH
If anyone could provide some insight/help, I would be very grateful!
Note: I'm also interested in figuring out best locations for a VPS that will connect to other exchanges like Bitfinex, Binance, Poloniex, Bitstamp, etc.
I've been working on improving our network backbone. Currently the network is a bunch of Ubiquiti switches, with all traffic untagged vlan 1.
The first step of my expansion was to add what will be the new network core, a two-tier MLAG of Dell switches. However, simply attempting to connect this to the existing network switch is causing some kind of loop I can't figure out. The network has RSTP, and the Dell switches are running Rapid-PVST, but there is no spanning tree recalc, the network just grinds to a halt with storming traffic as soon as the new dell switches are connected.
Here is the current network topology; the switches were all configured essentially using Dell's recommended MLAG guide:
This configuration seems so simple, I'm baffled on why there is a problem already, but I feel like I must be missing something kind of obvious.
I work for an MSO and we utilize a lot of different vendors for different purposes in different areas of our network. We used to have these vendors and areas managed by different teams, but now we are cross training to have multiple teams manage more areas. What I am trying to find, is a tool that I can make network topology on, but as you zoom in/out, different devices that pertain to that area are made visible (or invisible) as needed. I feel this would help greatly in illustrating how all of these different areas compliment one another. Bonus if it has an option to assign nodes to a group that could be toggled on/off with check boxes. Even if you're not sure of a tool/software like this, if you have an idea of another subreddit that may be able to help, that would be appreciated.
I have an idea about using an SDN controller to set up BGP policies, and I want to test the overhead it would have and the impact on convergence.
Ideally I want to take a stream of BGP updates from [RouteViews](http://routeviews.org/) and provide it as input to a vanilla BGP router to measure its performance. Then I want to create a custom implementation where the BGP router will take policy rules from an SDN controller, and test its performance with the same stream of BGP data.
Unfortunately I don't have dedicated hardware. Is there any open-source software platform available for such experimentation?
First, I have to vent for a moment.
I'm not a network engineer, I am a system integrator in defense. Naturally, every cabinet I work on has some sort of network connectivity but the vast majority of the time any issues I have to chase down are configuration problems.
For the past two weeks, we've been trying to determine why an external piece of equipment that's connected to my unit was getting in a jacked up (like, a boat can't go to sea with this jacked up) state. Because my unit is brand new and never deployed all suspicion was on me. The external equipment is not built by us but built by a partner, so naturally they're inclined to blame my unit as well.
EEs insisted it was a power / grounding issue based on the fact that manipulating (or even touching) some connections on the front of one of the unit elements would cause problems. As much as I tried to insist this wasn't possible I was pretty much overruled and ended up down a grounding/power debug rabbit hole. If you've ever been there you know how much it sucks.
As it turns out, there's a media converter tray just above the element in question and you pretty much can't touch or manipulate the connectors everyone was blaming without gently brushing them. Yesterday, while doing power checks for the thousandth time I noticed a link light on the media converter go out when BARELY touching the ribbon cable. Even blowing on it was enough to cause issues.
I'm pretty sure that wasn't always happening... I think it's been bad all along, but only NOW is it bad enough to make the link light go out / server go offline / etc. In fact while disturbing it to prove to others that's where the issue lied I eventually broke the cable to the point it doesn't work at all.
Anyway, that's the end of the rant... I lost a LOT of time over something so simple.
I've never had any experience with that flat ribbon cable. Manufacturing is now using them because they improve cabinet airflow but I'm concerned about their fragility. This particular one got to the point where ANY movement side-to-side (in the lengthwise direction or whatever) would cause problems. Literally WALKING by the unit would break things sometimes.
Does anyone have lots of experience with these, and how would you say they compare to traditional round cables? I know I'm biased because I now have only one experience with them (and it's bad) but I'm not certain they're reliable enough for my application. I think I need to go back to the HW folks and we need to reassess whether we want to use them.
Can these even be reterminated? It looks molded all the way to the connector itself, so I imagine any bad one just has to be pulled out and scrapped. I don't know why they went with these.
Hi everyone!
I've been observing spikes in CPU usage on the MPC line cards we have within one of our companies Juniper MX960 edge routers and I'm really struggling to figure out what could be the cause of these spikes in usage as they appear to come out of almost no where (for the most part. I have observed a significant spike in usage to around 60% on the MPC's which occurred when over 1Mpps of TCP SYN packets was sent from a single sip).
However in this case I've checked the following from the minute the CPU usage spiked.
And so far I've come up empty trying to pin down the cause of this.
I've been using Observium for SNMP monitoring for quite a while now, and one of the only things that I can see that happens at the same time as the increase in CPU usage is that under ICMP statistics I can see a spike in out msgs and our errors as shown in the screenshot below. I can't see it being redirect messages as we have no-redirects and no-redirects-ipv6 set under the system hierarchy.
ICMP statistics - https://i.imgur.com/ILkdtlz.png MPC (MPC3-16x10GE) CPU usage - https://i.imgur.com/9joe008.png
Do any of you have any thoughts or suggestions to further diagnose the cause of this? Any assistance would be greatly appreciated.
Thank you.
I work for a VAR and many of our large customers are starting to move to Agile for network projects. Cisco and our sales people are happy to say it’s a great idea because it means equipment gets sold faster. I think there’s probably some areas agile could be used in IT but infrastructure implementations with emerging technologies in the core of fortune 100 companies isn’t the place.
As someone fairly new to enterprise networking and learning a lot, I have noticed one of the immediate values that Reddit adds to picking up new skills: Educational material is discussed on merit, whereas google simply serves up whatever has the best page ranking.
for me, the one diagram that helped me understand packets: https://i.imgur.com/SpHkdPj.png
Forgive me if this is a stupid question, but I have little to no knowledge of WAN infrastructure, just looking for some pointers.
So the CE-PE link I understand, in the UK that would be laid by openreach and the PE would live in the local exchange. If the local ISP's next device is 100 miles away what happens in between? Are they running off the national carriers fibre or something?
So I was using my Android device, suddenly there was error in WiFi. It kept connecting and then disconnecting. Then at a point, it kept trying to connect but didn't. at this point i have had tried restarting router many a times
Out a sudden a similar SSID with Open connection starts to appear. I shut off and restarting the router also checked if the same was with another device. Now I use "forget" connection on my Android. and shut down the router. Funny thing open Network was still there. I connected and immediately within seconds disconnected. Then I think it was gone.Then turned on the router and relogin on network with the password and it is working fine till now.
I am freakin confused what happened here. anybody with help?
Scored a great score. The work ewaste (read: if it gets "disposed" into an employees car, nobody cares :D) had this beauty.
I take it home. I plug it in. DOA. Makes sense (was hoping for maybe a dead port instead of a totally dead switch, but ... cont'd!)
Take the shell off. Was gonna check the fuse, but ... where's my multimeter... Shit. Oh well lets just plug it in to see... Hmmm a light. Maybe an LED? but why? .. couldn't see it outside of the case.
So I unscrew the daughterboard (which looks like it's for the POE side of things) which the flash of light on plug in. was originating from. Flip it over and try power on again. ZZZT SPARK! Then I notice it, clearly, a damaged ceramic surface mount cap (very small). There's a bit of a skid mark of burning towards it and it's clearly cracked.
So I bust out the soldering iron, and remove the busted ass component. Plug it back in, and FUCK YES, STARTS UP!
Now what I try I can't get into the web interface (says 192.168.1.254 in the manual). and what bothers me more is serial doesn't work.
Now the way I do serial is via my big guy vm server which is one of the only serial ports I have. I use screen on the tty0 in /dev. Now I tried all the different speeds, hitting enter a lot. Even trying when it's booting up etc etc. I know this works because I can connect to the device in the next paragraph (I installed console pfsense image like a boss).
I also realized that my little router that I have that has a RJ45 serial port, could on the other end of the cable maybe connect to a RS232 style port. Since it's PFSense I tried the "cu" command to no avail.
Got this defective router "as-is" (and I fixed it, by removing a defective surface mount tiny capacitor on the POE Daugherboard). It passes traffic fine, but no web interface nor serial. It also seems to boots fine too (status flashes fast whilst booting and then goes solid). Tried from a proper hardware serial port connecting via screen on /dev/tty0. Also tried from a tiny atom router pc's rj45 serial (to standard serial), using freebsds cu command (it's a pfsense router).
All I get is nothing. Hitting enter doesnt work. changing speeds etc. Update firmware somehow? Tried reset, and rebooting etc. Nogo. I downloaded the latest firmware, can I setup a TFTP server with certain settings to get this to auto update? If I have to I can buy a serial to usb adaptor so I can try this in windows, or use yet another machine.
Also the last little thing, is I haven't replaced the surface mount cap yet. I really don't think that's important though (at least with this issue, it might affect PoE support etc, and maybe I am risking bad shit).
Hello, recently I was assigned at my job to handle WiFi. I cannot get our WiFi to connect to our main domain WiFi. Only our guest WiFi is working for the location. Can anyone help me better understand how to get the device connected to our domain? The domain name server is ours. The group policy is ours.
Thanks guys.
General question, sorry if this was asked before.
PC1 running 9K MTU - 10.2.2.0/24
PC2 running 1500MTU - 10.2.2.0/24
PC3 running 1500MTU - 10.3.3.0/24
Gateways in between all 9K capable
Can PC1 communicate with PC3 with a packet that is 9K in size?
Can PC1 communicate with PC2 with a packet that is 9K in size?
It's my understanding that the gateway will separate the 9K packet into smaller packets. But will PC2 be able to negotiate maximum packet size with PC1 since they are on the same subnet? Or does it require a gateway in between to do this?
Also, this is all assuming the don't fragment flag is not set. Thank you! I'm not lazy I just can't find any good info on this. Links to articles are great, make me read!
Hi All,
Let me know if there is a better place to post this question.
I have a client who is having ton of issues with their workers hiding in their bathroom and playing on social media. They feel it is a grey area to go in and tell them to get out of the bathroom. They are requesting we install a signal jammer in the bathroom to stop the issue (which I believe is illegal in the U.S.?). My first idea was content filter or some firewall rules but that does not stop them from using their phone carrier 4G connection to get to social media. Is that the best solution I can offer them? Any ideas? Right now the prevailing solution is to only allow personal devices on the guest network and turn off the guest network during work hours(enable on break), or install a content filter without a solution for the cellular/4G side of things.
Thanks for any ideas! I am willing to work outside the box on this one!
Edit: So I am going to stand by my original answer to them, and only provide options for content filtering on the wireless. Thanks ladies and gents!
I usually just blindly buy Cisco because it's Cisco, and I know it pretty well. Still, from what I read I get the feeling I'm buying inferior/overpriced hardware/software, particularly in the firewall/IPS area.
I'm kind of an old geezer and am a career-long CLI guy, but I don't mind learning something new. I don't want to stick with it just to keep me comfortable. What else should I consider for firewall/IPS, switch and router? This particular one is a small install with just a handful of servers and small internet connection, maybe 10Mb. I don't think I need a $5000 ISR for that.
So I purchased a 1Gbps PoE+ injector and was testing it using my PC that has a 5-speed NIC (10G/5G/2.5G/1G/100Mbps). I noticed the link speed is showing 5Gbps when using the injector as a bridge between two PCs with 10Gbps NICs. Basically I am ignoring the PoE function and just using the data in/out ports to connect two PCs.
My question is how come the link speed is showing 5Gbps, and I'm also curious to hear any theories on why the manufacturer used more expensive hardware components but only marketed it as 1Gbps.
I am having an issue with resolving a DNS hostname while using Cisco AnyConnect connecting to an ASA. The end user profile is setup for split tunneling to send only traffic to our servers through the VPN.
Their Windows PC is on a separate domain from our server. The user can access the server via FQDN but the application they will be using only points to the server hostname and is unable to change the configuration. What is strange is we have had consultants from different companies who have not had any issue resolving servers by hostname only and are using identical profile settings.
My first thought would be to configure the profile to resolve all DNS settings. That would get the issue fix but could cause more problems on the user's side. Another thought is to have them change their HOSTS file to statically map the server to our internal IP. Unsure if there was a way to push a single DNS entry without user intervention.
I appreciate any feedback or insight!
I've always been under the impression that a 1Gbps fiber link between switches is either working at full speed or is completely trash. Dude told me today that link speed is actually somewhere between 0-1000Mbps depending on quality of the link. What is truth oh mighty networking masters.
Fairly new to ASA’s and I’m not sure how to allow traffic from one VPN to be able to communicate with a vendor on another VPN. Both site to site VPN’s are up, NAT’s are in place and I’ve allowed these addresses via ACL’s over specific ports.
Basically: Vendor from VPN A needs to send traffic to vendor on VPN B and that traffic will go through the ASA.
I also use ASDM when it comes to ASA’s, only know cmd line for switching and routing.
Thanks
I am a student currently learning networking concepts.
So from what I know and understand, HTTPS is used to encrypt traffic at application layer so if somebody intercepts it, that person will not be able to read it. IPSec is used to encrypt either a payload/data portion of IP packet (transport mode) or both header and data portions (tunnel mode).
here is my question: if we already encrypt data at application layer with HTTPS, why do we need to encrypt it again at the network layer with IPSec? correct me if I am wrong or maybe I do not properly understand concepts of HTTPS and IPSec.
We're looking to purchase a spare 3750X. Cisco no longer sells them. Is it still possible to buy one that will be covered by warranty? We've only ever bought from Cisco through a reseller before. We are not looking to attached service to it, but we'd like to be covered for hardware failure up until EOL.
I'm doing a network overhaul for our core switch and need some advice for NIC teaming best practices. My environment includes:
4 x 10Gb switches configured as a single stack (1 master, 1 slave, rolling failover)
Ubuntu servers with 2-4 ports each (some 10Gb, some 1Gb)
Multiple VLANs
I'd like to configure 4 x 10Gb NICs for failover and load balancing, so that the server has 40Gb of theoretical bandwidth. Here is a link to the Ubuntu Bonding modes. Based on my understanding, the best option seems to be to bond all 4 physical NICs into a single interface, then add the virtual NICs on top of that. I also want to pass multiple VLAN traffic to the bonded "40Gb" interface.
I believe 802.3ad/LACP is the best option, but even if it is, I'm not sure how to configure the switch as such. Is this truly the best option, or is there a better practice? I can probably figure out the server configuration once I know which mode to choose, but any additional advice is welcome too.
Thanks in advance for any input.
I have been looking for two new switch to be install in a colo data center to connect to our MPLS router and a couple of servers and peer with third party network. The switch will not be doing much and will only require HSRP, IP SLA tracking and routing/EIGRP. We have ruled out the 2960XR and currently looking at the Nexus 3K and Catalyst 9300. In terms of pricing they are very similar even with all the licensing required - Cat9300 is only $200 cheaper. I understand that the nexus is more aimed at DCs and the Cat 9300 is more a access switch, but the core feature sets we require are present on both models. What would you recommend going for?
I've setup eBGP peering over a BGP free core (CE to a route-reflector). All the IPv4 routes received are fine and once received I can traceroute to the IPv4 addresses over the BGP free core using MPLS. all good.
IPv6 however isn't working. The route-reflector is getting the IPv6 routes fine via eBGP but it doesn't look like it's appending an outgoing label so as soon as packets it leaves the route-reflector to the next hop it loops right back as the connected router has no idea about the route and as it's got no label it's not going via a LDP path.
If I look at the labels you can see the following:
IPV4 received route. All good, outgoing label seen.
R2#show mpls forwarding-table 123.64.12.0
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
None 8028 123.64.12.0/24 0 Te0/1/0 88.228.143.150
IPv6 however shows no outgoing label.
R2#show mpls forwarding-table 2A0X:XXC:6::/48
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
25044 No Label 2A0X:XXC0:6::/48 0 Te0/1/0 FE80::207:7DFF:FE75:7740
Now I think it's because it's trying to use the link-local address as it's next hop instead of one of the established LDP IP's which of course are all IPv4.
It's only the eBGP received routes it has this problem on. iBGP is fine, OSPF is fine.
Any of you guys seen this behavior. Any help greatly appreciated. thanks
Hey all.
I am trying to send a default route down one interface in our ISIS domain, and not the entire instance (so can't use default information originate) and i'm not sure this is possible.
This is on a Cisco 9k6 box. Is there any way to do this what so ever?
Hi all,
I picked up several Foundry GS648p switches off eBay. I was wanting to upgrade them all to the latest 07.2.02h firmware, which I was able to download off of Foundry/Ruckus' site.
The problem is that the firmware on these switches is really old and the firmware release notes state that I need to go to 04.3.02 first before trying to go to 07.2.02h.
I can't find 04.3.02 firmware on Ruckus' site and contacted their support and they said since the switch was EOL, they don't have copies anymore.
Does anyone have a copy of the 04.3.02 firmware anywhere I might could get to use to upgrade?
Thanks in advance!
Can someone explain why upstream bandwidth is so limited and expensive vs downstream. Is it just how the transit networks make their money?
Does such a tool exist that I can apply a display filter against a file to pull only the data stream out I need into a new file?
I have a daily rolling buffer wireshark capture that runs. A ring buffer is used to break out into 150mbs chunks. I merge the files I need, then open up the merge file with wireshark to look at the data. This particular data stream created quite a large file, and wireshark is having issues with it. Individually each 150mbs file is ok, but the merge file is just too much to handle.
Hello,
So first I'm going to give a disclaimer: I'm not a voice guy, but apparently, I'm the only person on my team who's skilled in the art of google and reddit-fu.
There is an ongoing issue at one of our clients sites where an analog paging system (viking) is not functioning. The paging system connects using an anlaog line to an FXO port on a 2851 router. What happens is we make a call, CUCM successfully routes it to the ISR, and the voice port goes off-hook, but no audio is heard over the paging system.
At this time, we have replaced the and a tech has been dispatched to verify the state of the paging system and the telecom cabling. I think the paging system itself has also been replaced. The only thing that hasn't been tested, is the portion of the analog line that is patched to the FXO port itself.
We're thinking that a tech will have to be dispatched again - preferable a different one than last time (as there are some concerns about the integrity of their work), but before we do that I thought I might as well try to get the internet to weigh in on this...
Here are the voice configurations on the router if you're curious:
voice call send-alert voice call convert-discpi-to-prog voice rtp send-recv voice service voip ip address trusted list <hidden> no ip address trusted authenticate allow-connections h323 to h323 allow-connections h323 to sip allow-connections sip to h323 allow-connections sip to sip no supplementary-service sip handle-replaces redirect ip2ip fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none voice class codec 1 codec preference 1 g711ulaw codec preference 2 g729r8 voice-card 0 dsp services dspfarm voice-port 0/2/0 connection plar 80 voice-port 0/2/1 voice-port 0/3/0 voice-port 0/3/1 voice-port 0/3/2 voice-port 0/3/3 dial-peer voice 1 pots incoming called-number . direct-inward-dial dial-peer voice 80 pots destination-pattern 80 port 0/2/0 forward-digits 2 dial-peer voice 2 voip incoming called-number . no vad
Hello Guys,
I have a question about the migration scenario of a brownfield network towards ACI Greenfield.
I have 2 Data centers seperated physically and i'm going to build a multipod from it.
So the phased approach would be:
Build the greenfield fabric ACI
Plan the migration
Now when i build the multipod i will have leafs and spines in each site (2 Spines and 5 leaves each site). This means that when i'm talking about migration. I will have to define a L2out in DC1 and one in DC2 to perform the Layer 2 migration between brownfield and greenfield ACI.
A scenario like this one:
The brownfield is connected to the ACI with a layer 2 trunk in the form of a double sided vPC. But i will have to foresee 2, because i have 2 data centers. Also the brownfield network has a data center interconnect which is a vPC on it's own.
In order to do the layer 2 migration i have to enable arp flooding and something else on the bridge domain inside ACI because of the traffic leaving ACI again in order to be forwarded/routed to the core switch in the brownfield network (nx-os)
But how will that work with 2 data centers? Say i have the vlan moved into the ACI fabric with the way out still being that L2out EPG in a single DC, what if that vlan has also been trunked across the brownfield data center DCI and ends up in the other DC. Won't i make my core switches go haywire for seeing mac address across the vPC doing the DCI and across the vPC going towards the ACI?
Or will this only happen in a scenario i have an active host in both data centers on that same vlan? Then i could manipulate the way ACI sends the traffic out by adding the L2out to the Bridge domain?
I'm looking for some cheap-o DWDM solutions to act more as a range extender than anything. Due to 40G+ only stopping at 40km, and I need closer to 70km.
I need something that I'm going to do 40G currently as a point-to-point link, upgradable to 100G later. I'd prefer a cost less than $25k per link but I understand these systems aren't exactly cheap.
Also no FiberStore, their management software is junk from what I've seen (Requiring SQLs "sa" user).
I'm in a situation currently with a /23 that is about to run out of IP addresses.
I've seen similar posts on here with "why don't you just add another /24 to it" but I'm not sure I quite understand how this would be done.
The other day I set up a small test with a small VLAN of 1 address (/30) and then tried to connect my phone to the same network but was unable to get an IP address as expected.
I then added a second internal IP to this interface with another /30 and reconnected my phone but still did not get an IP from the next range.
I then added a second DHCP server to provide IP's to this "secondary" range. This didn't work either and the first DHCP server and range complained that it was out of IP addresses.
I posted about this in the Ubiquiti forums but was met with "why wouldn't you just go from a /23 to a /22" but everything I've read and heard from others in various networking groups is that this is a bad practice due to multicast, broadcast, etc.
Am I thinking about this incorrectly?
I have some new EX4550s sitting on my desk to be configured up. According to JTAC either version 12 or 15 is recommended.
What's the major difference is between the two? It feels like 3 major version numbers would have quite a significant impact on the software?
Thanks.
So my work is currently in the process of moving from Cisco to Juniper. So far, its been going a lot smoother than anyone thought it would, but last night we ran into a small problem. Its a weird situation, but essentially my company's network provides VoIP services for another network that is completely separate from ours, so I can't personally look into their switches. This company has a single connection where they pass VoIP traffic to our media gateways. So I built the Juniper switch to replace the Cisco one, but it wouldn't pass the vlan traffic.
The situation is I have a Juniper 3400 connecting to a Cisco 4500x using 4 copper ethernet ports in an aggregated trunk running LACP and passing only the VoIP vlan. I can't check the Cisco 4500 side, because I don't have access to that network, but I am working with their network engineer and I trust him.
My config for Juniper looks like this.
ae7 { native-vlan-id 666; aggregated-ether-options { minimum-links 1; lacp { active; } } unit 0 { family ethernet-switching { interface-mode trunk; vlan { members VOIP-Vlan; } storm-control default; } } } ge-0/0/46 { ether-options { 802.3ad ae7; } } ge-0/0/47 { ether-options { 802.3ad ae7; } } ge-1/0/46 { ether-options { 802.3ad ae7; } } ge-1/0/47 { ether-options { 802.3ad ae7; } }
The odd thing is the ports all came up and ae7 showed it as being up. But my mac address table wasn't populating with any phones so it looks like it wasn't passing any traffic. I disabled and enabled my ports on Juniper, but still nothing. The network engineer on the other side says the Cisco 4500 was configured for LACP and had the correct vlan-id. He also shut/no shut his ports as well. Weirdly enough, when we swapped the Juniper back to Cisco, the link came right back up and was passing VoIP traffic. I'm kinda at a lost here. I've done some googling, but haven't come up with anything. Has any of y'all seen something like this?
Does anyone have Crestron AirMedia units setup in their conference rooms? Do you have noticeable delay and choppiness in the video?
How do you have your network setup to handle any delay?
Hello, I noticed a /24 prefix 'migrated' from an as of one provider to another. How ipv4 address are managed after being allocated to the RIRs and then to the local providers? I didnt know Local providers could buy prefixes from others but apparently this is the case.
Hey fam, relatively new NetEng here, I typically do ok but I have an issue that I need a little help with.
We are using AdRem NetCrunch as our NMS, and for awhile now I have been getting the following alerts on (3) of our Cisco 2960S's.:
(Warning) NetCrunch Alert - lsystem.bufferFail 0.01 different from expected threshold value
Alert
Received at: 5/3/2018 3:42:38 PM
From: L5 (192.168.xx)
MAC Address: xx
Node Information
Type: Switch - Cisco
(WS-C2960S-48FPD-L)
Info1:
Info2:
Event
Type: Event Trigger for SNMP Performance Counter
Severity: Warning
State: operational
Description: Buffer Allocation Failures is too high
Parameters
Snmp.Base: 0
Snmp.Counter: lsystem.bufferFail
Snmp.CounterPath: MIB&|1.3.6.1.4.1.9.2.1.46.0/sec
Snmp.Kind: Flat Value
Snmp.KindId: 5
Snmp.MonitoringTime: 5
Snmp.Samples: 1
Snmp.Status: raised
Snmp.Threshold: 0
Snmp.value: 0.01
So let me say I do have a 'general' understanding of what this means, I just don't know the best way to go about troubleshooting it.
I'm not asking for anyone to just tell me what the problem is of course, I'm trying to become a better NetEng, so if someone could steer me down the right path I would be forever grateful.
I didn't really know what information would be relevant here, but I can provide anything needed to get a better understanding.
What's suspicious is that this typically happens during off-peak hours, so I wouldn't even know why there would be buffer issues during low traffic periods.
Thanks in advance!
Here is a link to the original post from nine months ago. First off, thank you again to everyone who responded. Reading your thoughts made me realize that I need to focus on the factors that I have control over. I cannot change my family, but I could do something about my dead-end job at my company. It finally hit me that they were never going to do anything about by position unless I threatened to leave. So, I started looking. Within a couple of months I found a job that was very close to home, and was able to negotiate a pay bump. I gave my notice to my current manager, which I felt terrible for, as he was a great guy who was already stressed out.
The next day I am called into our division VP’s office, asking where I wanted to work, and he would make it happen. He also told me to give him a number for salary. I acquiesced. But by this point I did not want to stay, so I gave them a high number I knew they could not come up with. I do miss working with a group of ‘A’ players, but looking back the place was a sinking ship (the VP who I greatly respected, has since left himself, and there have been two layoffs).
Anyway, I am four months into the new job, and much less on edge. As an added bonus I now have time to play with sandboxes at work, and even get a little study time in at lunch. I have been able to develop my skills a lot more the Linux side, and after passing my NSX cert, I will start to learn Ansible. My home situation has unfortunately not improved, and I still cannot get anything done (including posting Reddit updates) unless they are sleeping. But, that’s life. My CCIE will have to wait until the kids get older.
TL;DR: Got a new job that cut my commute by 90%, gave me a good salary bump, and reduced the work stressload. Waiting until the kids are older before pursuing my CCIE+S.
Good morning,
I am trying to find some information on split-tunneling and split tunnel policy. I have found the below in a config file and I don't understand what it does. I'd like to know what the 2 lines below are doing.
split-tunnel-policy tunnelspecified split-tunnel-network-list value yyy
group-policy xxx internal group-policy xxx attributes vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value yyy default-domain value zzz
It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts
Feel free to submit your blog post and as well a nice description to this thread.
Please see the following diagram
https://imgur.com/gallery/p0QC6yD
This is our current configuration for our connectivity to a service provider. My org are the sites, their org owns the routers and datacenters. The datacenters must be inter-connected since the IPs that we route to are the same no matter which route we use. I do know they use BGP on their end to dynamically route. Also our internal IPs are NAT'd / NAT overloaded on their routers.
Right now, If Datacenter 1 or Router 1 goes down HSRP fails over to Router 2 and all traffic automatically goes to Datacenter 2. If Datacenter 2 goes down or Router 3 goes down, I have to manually change static routes at Site 3 to tell it to route through Site 1. The same if Site 1 were to go down, I would have to manually change Site 2 static route to point to Site 3.
Is there a way I can use BGP to neighbor with the service provider owned routers without advertising my own internal routes? If they inject the BGP routes into OSPF and I distribute those, is there a way to avoid Site 2 doing ECMP? I admit I'm a jack of all trades and I don't understand BGP well but what do you think the best way to dynamically route this would be?
It's not unusual for a business to have a person who knows everything about things, such as how a specific network is configured or how to communicate with a specific client. Suppose that person goes away for a vacation or suddenly gets ill. What procedures do you follow to make sure things don't start to fall apart? Do you always make sure there is a backup person? If so, how do you make sure he is kept up to date with all details? What if both, out of some freak coincidence, turn ill at the same time?
Hi,
I work at an indoor agricultural farm as the IT technician. I've been tasked with setting up a VoIP system for mostly internal use with outbound calls required as well. All the cabling has been run, and at most, we're going to have 11 phones. Our management will have a dedicated line, and everyone else will probably split a line or two.
We are looking into a business account with the local ISP for the phone lines, but they offer their own service called SmartVoice that seems far too expensive for what it is. They don't support VoIP and their support will end at the modem.
I'll likely have a dedicated box for this. Looking into FreePBX and Asterisk, but I'm concerned about the learning curve of Asterisk. I'm not much of a coder, honestly. I can manage shell scripting and bash, some Javascript, and can do the basics in C, but that's about it. We'd need a system that can connect and use the local number(s) we'll have leased, as well as handle internal calling, robust enough to have call-forwarding/recording/differentiated tiers for management vs everyone else, and it needs to be reliable.
Also, looked at Asterisk phones and Cisco phones but would love to see what suggestions people have for phone models. PoE is crucial, as well as the ability to handle lines and have good voice quality. Balance the pros against the price, as ever, but we're looking for something reliable that won't fail on us in two years or reach end-of-life within the next while.
Any suggestions or advice? Thanks so much for the help _^
I'm trying to set up a small company's network that will ride off of a larger company's network. For legal reasons, small co will be firewalled (checkpoint) behind larger co's network, fiber uplink between buildings. They will use some applications of larger company and internet service of larger company is being used as well. So basically it almost is like the larger company network is one big DMZ for smaller co. They just added the requirement of having a domain trust between co's. Domain trusts require un-natted connections with a ton of ports open between domain controllers, so I'd like to open up traffic from small co's few servers 172.16.10.x to a couple server vlans in larger co 10.10.10.x, 10.10.11.x.
I've considered just bringing those vlans straight over on the switch but company doesn't really want to extend there server network across buildings, setting up a vpn (seems odd way to do this for internal traffic), but wanted to know if I can do this just with routing, ACL's, nat rules but I'm not sure. Right now larger co's plugged in the wan interface, and small co in the lan but i'm confused how to get by the outbound nat rules for the servers. Maybe I should just reconfigure with both on a trusted interface and just use acl's to restrict traffic with no nat. Any thoughts?
So looking at the following layout provided from Cisco:
I understand the switching aspect totally, I'm lacking what I need to do on the router interface. I run BGP internally with a MPLS network to my other sites and provider and in my router on a stick set ups I use a network statement for each subnet and then a sub interface on the lan port. For this type of layout it seems like all of those sub interfaces are just on the layer 3 switch and I have a separate subnet to the the switch and router. How do I advertise the subnets on the L3 switch in my router that connects back to the rest of the network so my other sites know how to get there? Do I make subinterfaces on the router on the same port as the switch uplink and just set them to .2? Or can I just redistribute static routes into bgp from the router to the switch? Guess I'm just looking for the industry standard method as I believe my bgp routing table is too large to only be on a switch.
I'm trying to find software that's relatively easy to use on a Windows desktop that can show exactly what IP addresses a given program is using to 'call home' for updates, validation, etc that doesn't require a cli.
Hello
Part of my phase 1 (monitor mode) config is to enable ip device tracking. Along with this config ive been adding " ip device tracking max 0 " on trunk ports to avoid the following bug: CSCvc76593
My questions has to do with how to handle trunk ports that are part of a VSL link... would you still add ip device tracking max 0 on those?
Hello /r/networking
So I test router/switch hardware/software for my day job. Part of that job is building out topologies to test devices for different use cases.
The tedium comes with rebuilding cfgs, cabling and troubleshooting. I've been looking into some lab automation services/products and found a few online.
Just wondering if there's any other products out there? What's your experiences been like with these platforms?
https://www.quali.com/solutions/lab-as-a-service/ https://www.ixiacom.com/products/cloudshell https://www.netscout.com/solutions/lab-service
There seems to be a lot of different ways to get to the same effect, but I'm having trouble getting things to work. I have a rpi2 connected via ethernet to my ddwrt, which currently is hosting an apache2 server that I would like to have all connected traffic visit upon connection. Once they enter a code on this server, I'd like to allow visitors to use the server for a certain amount of time preferably.
That's a separate issue that I haven't researched yet though, right now I'm just trying redirect all the received traffic. With all the options (lighttpd, chillispot, httpdirect, dnsmasq, etc), which do I even go for? Most tutorials are for pi3's using the wifi chipset as an AP.
Working on a Firepower Management Center/ASA sourcefire upgrade, and this came to mind: https://www.youtube.com/watch?v=NuLkWmG3gPk
Between the Firepower management Center, Firepower Threat Defense, NGIPS, Sourcefire modules, the options for ASDM or FMC management, each with their own licensing, and appliance, virtual and cloud versions for all could Cisco have made this more confusing?
Preface: I am a newbie when it comes to enterprise networks and my background is more on the the layer 1 side of networking.
My work has tasked me with building a WLAN capable of gigabit+ data transfer to 50-75 mobile devices. I don't need security as all of the devices will be heavily restricted and the LAN will never connect to the open internet. The problem I am running into is figuring out if I would be better off with a few consumer-grade AC wifi routers or with an enterprise-grade router with WAPs to push data to devices. I just can't quite grasp the why enterprise systems tend to be pretty low in terms of bandwidth compared to consumer grade.
I am sorry if this breaks the rules but I couldn't quite find a better spot to ask. I have done research but there doesn't seem to be a ton on WLAN construction. Thanks for the help.
I'm interested in generating YouTube traffic between two client devices on a local network. I've used IxChariot 9.2 but the simulated traffic doesn't seem to capture the buffering characteristic of YouTube traffic. I'm most interested in testing using traffic that reflects this buffering; is there a tool which would accurately reflect YouTube traffic?
I work for an ISP and we run DNS servers with anycast IPs.
When a customer sends a query to the anycast IP, 10% of the time, the request will land on the server and go unanswered, eventually timing out for the client. If they send a query to the server's real IP, everything works 100% of the time.
I'm confident - bordering on certain - it's not a network fault because it's fairly simple configuration, routes are never being dropped and, as stated above, the queries land on the servers which I verified with tcpdump.
The servers run BIND on Ubuntu 16.04 and they peer with our routers using BIRD/BGP and advertise the anycast IP. Here's a shitty simplified topology:
+----------------+ +------------------+ | | | | | DNS1 | | DNS2 | | 1.1.1.1 | | 2.2.2.2 | | anycast 8.8.8.8| | anycast 8.8.8.8 | +------+---------+ +-----+------------+ | | | | | | | | | | | | | | +--------+--------------+ +-------+-------------+ | | | | | | | | | site 1 +---------------+ | | | | site 2 | | | | | +---------+-------------+ | | | +----------+----------+ | | | | | | | | +---+-------+ | | | | | | +----+------+ | customer 1| | | | | |customer 2 | +-----------+ | | +-----------+
Has anyone observed similar behaviour in the past? What could we be missing?
Has anyone seen an 802.1Q tag change on an ingress and egress PCAPs? I'm trying to troubleshoot why traffic is being discarded across two network devices and the 802.1Q completely changed even though the tag (that it changed to) isn't marked on that interface.
Hey, so pretty much my title. I have been in IT for the last 3 years, started at help desk and now a Sys Admin. I understand the basics of networking although I am no guru hence the level 1 job I applied for. I am looking to break into networking and specialize.
What kind of interview question's can I expect? What are your daily issues/tasks that arise if you are a network admin? Seeing that I deal with our network I get help a lot of times with 3rd party vendors for major issues, do network admins usually deal with these types of problems on their own or does it all depend?
Side note: I keep hearing networking engineers and admins will be soon out of the market and not in demand vbecause of automation or something? Whats that all about?
Thank you, everyone!
We have BGP peering in place on our firepower device with two ISPs both advertising the same /24 network. The BGP is configured on the firewall and we do not have an upstream router. Since the firewall is a stateful device we cannot have traffic coming in one ISP and going out the other. We have used a combination of AS path prepending and BGP communities to force all traffic to/from one ISP or the other.
When we perform a test failover, everything works properly with the BGP path selection, but no traffic flows to our servers until we update the NAT statements to go to ISP1 vs ISP2. The fmc will only allow us to NAT to an individual interface (ISP1 or ISP2) and we cannot NAT to an interface group. I am wondering if there is a workaround for this so everything fails over automatically if one ISP goes down. Ideally i would like to avoid having to add a router to our topology.
So I have a Chenbro 4U server with an older dual LGA 2011 (v1) Foxconn motherboard. It has 2x SFP + 10 Gb ports (1 ethernet port, but it's for BMC). I also have a Cisco SG200-26 gigabit switch. As I've learned recently, you can't connect a SFP+ 10Gb port (using an SFP+ cable) to a 1Gb SFP port. So my question is, would the following set work:
Use a GLC-T Cisco 1000BASE-T SFP Transceiver Module . Plus that into the SFP+ 10Gb port on my server. Then simply plug in a cat 6 cable to run from the transceiver to any open ethernet port on my switch?
Do you know of a better solution or a cheaper one? Or is this priced well and will work with no problems?
Looking for some community feedback. Do you use these systems? If so what do you like or dislike about them?
If there was something you could know now that you didn't know when you chose your platform, what would it be?
I run a Cisco shop, no BYOD, and very little wireless (company managed iPads under AirWatch).
Hi All- I have a coworker that asked me to make a 20-30 minute presentation on the topic of IT and networking for a group of high school kids (think like votech IT 101). They've touched on a little bit of everything apparently and he's looking for a more informal "real practitioner's" perspective. So... what's everybody's thoughts on topics? Hopefully we have a few members still in HS/College that can weigh in on what they'd want to see.
Couple ideas I've been kicking around: OSI Model, basic subnetting, basic campus architecture (DNS/DHCP/AD/Wifi/switches/etc), virtual machines, how to set up a homelab.
Not sure if this belongs in /r/voip but it seemed like a mix of enterprise/home over there, and this is somewhat topical here anyways. Disclaimer: I am a novice to voice outside of the basics of setting up/managing VoIP for small business/home use, so I'm aware my speculation may sound dumb. Just trying to learn.
Can someone explain why CLI spoofing is not more preventable? In my admittedly limited understanding of all things voice it seems that the problem may be purely legal, i.e. we could require CLI info to match the number it originates from but there are no laws doing so. Am I correct or are there deeper technical reasons why? Almost sounds like a problem that could be at least somewhat mitigated by requiring verified registration of CLI info when the number is registered to some person/entity. Something along the same lines as a routing registry to prevent incorrect BGP advertisements.
Also any pointers to deep dives into how voice routing/registration works on the provider level would be appreciated. I sort of get it from rubbing shoulders with the voice team while working at a large SP, but....not really. It's always sounded like a weird mix of ancient Bell arcana and modern networking concepts to me.
Hi everyone,
I need some advice with your experience on the videoconferencing.
Exemple: configure QOS,traffic shaping, multicast ....
We have many rooms in the same building with the videoconferencing. We use different products like Cisco and Avaya.
And actually we have some poor quality and latency between two rooms in the same bulding.
Thanks
So I'm looking to put some SD-WAN appliances at client sites, what I need is a physical appliance that has at least one physical wan interface to connect to the internet (modem/gateway/ont/ciena/adtran/etc), and then two lan interfaces- one of the lan interfaces being the "sdwan" option, and on the the lan ports being a dumb bridge to the wan interface.
The goal here is to be able to have two networks...one interface using the sdwan functionality of the appliance, and one that simply passes through the internet connection to the lan interface...
Does anyone know of such a solution?
Has anyone seen a way to use the native Ansible modules for NXOS to configure a Loopback interface in NXOS with an IP address?
I use the nxos_interface module to create loopback0, which works fine.
However, if I use nxos_l3_interface to apply an IPv4 address to the loopback0 interface, that task fails with the output indicating that it failed upon trying to issue a ‘no switchport’ command under the loopback0 interface which is an invalid command in that context.
I’m using 2.5 with the network_cli connection method.
I could drop down to using nxos_config to deal with this but I’m looking for a way to see if this can be done via nxos_l3_interface.
So I have been tasked with possibly replacing our current network monitoring software and wanted some input on what other people are using. Currently we are using nagios but its starting to lack in features that we want.
I need some help fixing a switch that seems to be disabled due to port security.
I need to find out the IP of the switch in order to access it and maybe try a no shut command or turn the port security off but as it is disabled I can’t plug anything in and get this information, is there a way to find the IP of the switch at all?
I know this is kind of unclear but if someone could help that would be great.
Hi,
I'm just wondering if anyone has found a gateway device that can track WAN usage for LAN devices and implement a quota (on a monthly basis) please?
Thoughts from anyone with real experience of this would be gratefully received.
Thanks.
I'm trying to diagnose occasionally sketchy VoIP quality in a medium sized network running Cisco switches, Fortigate firewalls and RingCentral softphones (no actual hard phones anywhere).
I took a look at a Wireshark capture on my laptop going to RingCentral during a call. It doesn't look like DSCP is set on these packets. This tells me that all of the QoS on all of the switches is actually doing nothing at all. Am I reading into this correctly?
Hi,
I've got a fairly simple network of a mixture of 1142, 3502 and some 3602 connected to 3560 POE switches and being controlled by a vWLC running 7.6.120.0. The software has been pretty much rock solid but I've not ruled this out as an issue.
I'm having an issue whereby APs will appear as registered with the WLC, be broadcasting the relevant SSIDs, but not allow client devices to connect. The devices attempting to connect have no underlying similarities (different OSes, different hardware). The issue occurred again this morning on an 1142 with the following:
S/W Version .................................... 7.6.120.0
Boot Version ................................... 12.4.18.3
Mini IOS Version ................................ 3.0.51.0
The issue seems to occur after a fairly random period of time, and doesn't affect all APs at the same time. It affected one out of 5 that came up at the same time, so it wouldn't necessarily appear to be an issue with the vWLC in that we didn't lose registrations of other APs at the same time.
Has anyone else experienced similar here? I'm wanting to move to a hardware WLC ASAP anyway but I'd prefer to try and understand the root cause of the problem. It's resolved by issuing config ap reset - as soon as the AP comes back it's fine.
Bagged a new role with a company specialising in providing hosted Skype for business/Cisco UC solutions who also own an ISP.
Anyone work in similar roles? I'm looking to set up on stuff while working my notice period, currently working in an MSP predominantly dealing with LAN/Firewalls.
What technologies would you recommend I get stuck into in preparation?
Currently the network is setup as do: Arris->Sonicwall->Cisco Switch->PC’s
I called Spectrum to make sure that the Arris router was in bridge mode so that when I did the setup on the Sonicwall router, it would do it via DHCP and pickup all the settings itself and then the Arris would send all the traffic to the Sonicwall and the Sonicwall would handle everything.
Well everything was running smooth and then I went into the settings of the Sonicwall and edited the LAN to WAN & WAN to LAN. I also edited the UDP timeouts and the ALG settings.
I followed this guide:
I also found a more detailed step my stuff information page for Sonicwall VoIP settings.
But when I restarted the router. The Sonicwall still had a connection through the Cisco switch. It just didn’t have any internet at all.
So I called after work and the person said that whoever I talked to earlier today set up the Arris wrong and that it has a static IP address still and that my Sonicwall is just sending all my Cisco switch traffic through the Sonicwall and actually still being handled by the Arris.
So what do I do and also why do you guys think the internet access stopped after the input settings?
Should I call back to tomorrow and get the arris actually turned into a bridge mode so that all the network is actually handled by the Sonicwall and reset the Sonicwall and try the VoIP settings?
Or just get the Arris turned into a bridge mode and then try the phones again? Because maybe the settings I did are blocking connections to the internet since the Arris is actually handling the traffic right now?
Any ideas and comments will help. But my goal is to make the Arris bridge to the Sonicwall so that the Sonicwall is the traffic handler and that the settings in the Sonicwall actually allow the MegaPath VoIP work.
It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related.
There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves!
Anyone here manages retail stores network? How do you do it, and what's best practice? VOIP? POS Machines? Domain Controllers? Failover internet?
We are on VOIP Phones and if the internet cuts out or if there are some unexplainable issues there's no one there that can do simple debugging or power cycling and a lot of issues pile up.
What are ways that you have found to allow as much remote fixing/debugging as possible?
Sorry I'm a newbie, please go easy on me haha.
I wanted to get some feedback to make sure I am not crazy.
I have the budget 5 48 port switches and I have been given $5000 to complete.
I have looked at Ubiquti switches and have heard ... mixed reviews on them enough where I don't know if I should trust.
All switches are layer 2 w/ the WAN connections and wifi are managed by a different entity. Am I crazy to think that 5K or even going a bit over that number would not be worth it? It seems most "quality" switches and associated hardware (SFP's, etc) cost vastly more than what has been budgeted. Any feedback is helpful!
So, we are refreshing our Internet edge infrastructure, and seeing as we're an all-Juniper shop, it made sense to go with the SRX platform. We picked SRX 1500's, as they seemed to meet our needs for an affordable price.
We're currently in the design phase of setting up how all of this is going to work. We're to get two DIA Fiber Circuits for our Internet Handoff. One will be a 10Gbps circuit, and the other a 1Gbps circuit.
We're currently weighing our options between doing an HA Cluster configuration, or leaving the two SRX's as stand-alone boxes with VRRP and iBGP between them. (LAN side will have a single, static default route pointed to a single gateway IP Address in either scenario.)
Based on our understanding of how the two configurations work, this is how the two different setups would look
Here are some of the pro's and con's we came up with between going Cluster Mode and going with stand-alone SRX's.
Cluster Mode Advantages
Maintain state table between both boxes. (This helps sessions stay alive during failover events)
You don't lose one of the Internet circuits if one of the SRX's goes down.
Single management plane, so the routing and security policy configurations are simplified.
Cluster Mode Disadvantages
Have to put a switch/switches north of the SRX's so that each Internet circuit can be fed Layer 2 to both SRX's. So this includes extra hardware/extra devices to manage.
Single management plane could mean crash/failure/instability of both SRX's (but hopefully the new hardware with updated code would make this a non-factor)
Adds the redundancy groups configuration to the boxes.
Stand-alone SRX Advantages
We won't have to put any switches up north of the SRX's, so it saves us money, less devices/less equipment, etc.
More maintenance friendly? (we can do maintenance on one SRX that won't affect the other)
Some people like sticking to open standard stuff like VRRP and BGP (not sure if this qualifies as an advantage, but thought I'd throw it in there)
Stand-alone SRX Disadvantages
Less redundancy - each Circuit is hard-tied to one SRX. If SRX-A goes down, we lose the 10 Gig circuit, period.
More configuration, as far as setting up iBGP to share routes and VRRP to establish the gateway (this may be trivial configuration, but it's still more)
Failover events would be noticed by users, since all the sessions would die and have to re-establish (first packet isn't SYN, etc.)
That's pretty much what we've come up with so far. We're including feedback from this community in part of the discussion process, so feel free to pick all this apart and tell us what we're over-looking, what we're wrong about, etc. I'm thinking there's probably a bunch more bullet points that could be added to a few of the sections.
Thanks for any help you guys give.
Please correct me if I’m wrong at all.
I want to basically turn off the WiFi on the ISP Arris Router/modem box and the bridge the connection from it to the new Sonicwall router so that the Sonicwall now handles all the traffic on the network. But as of right now this is how I think it suppose to be setup...
I am going to put the Arris in bridge mode so that the WiFi is disabled. Then I’m going to give it a set static IP address. Up doing so. I am going to run a Ethernet cable from the Arris to the WAN port on the Sonicwall so that the internet is handed off for the Sonicwall to control the traffic.
(I have a Ethernet cable from the LAN port on the Sonicwall router that is connected to a Cisco switch)
My main confusion if all that is correct is that upon setting up the Sonicwall. I am going to set it up as static as well. When I set it up. It asks for my subnet, dns, gateway. It also asks for a WAN address. I’m not sure if that is the useable gateway or if I should go to here, what is my ip to check my WAN ip address. Or I guess I can call the ISP to get it as well.
Once all that is setup. I should be able to connect and use the Sonicwall as the traffic controller. Correct?
I would like to get feedback from someone using Cumulus Linux. If anyone is using the product out there I would love to know your thoughts and what is cool and what needs work. We have been looking into different SDN products since Cisco is now going the same model to encourage cloud SDN adoption.
I'm sure there are other or better places to ask this, I tried on the irc but would like a second opinion. We as a business don't use much Cisco equipment currently, so I don't have much experience with it, but the hardware choice is out of my hands
Currently we are trying to setup wireless aps (aironet 1562e) over poe (poe+ in this case, so 25/30W) but they are not all drawing enough power to turn on the radios. It is not consistent between Aps either. The ones that do not get enough power log "waiting for poe negotiation to complete" but connect to the wlc (2504) without an issue and get network info etc, they just aren't putting out a signal because of low power. Cdp entries show the local host as not having any info on power_* attributes on the failing ones but these are present on the one the has radio up. Is manually setting the cdp info viable?
I have tried unmanaged 802.3at switches with enough budget to run 4 at 30W each, but even if there is just a single one it does not get the power. We also have tried regular power injectors (air-pwrinj6) as listed compatible in the ap data sheets, but even then the ap only gets 15W after waiting for negotiation.
All devices are brand new too. Currently 1 of 4 ap gets the correct power, the others refuse to negotiate it, and I have several more in boxes to setup.
I don't know what else to try at this point, we have gone through several updates on the wlc&ap to no avail. I wish I knew more before getting dumped on this. Any assistance or advice would be greatly appreciated. If we just need to return the devices under the presumption that they are bad, that's really unfortunate but it is what it is. Thank you.
Outside perhaps Extreme (Avaya) Networks and Alcatel-Lucent hardware level support for this protocol seems pretty rare. And there is no linux kernel level support that it can see either beyond the three year old and seemingly unmaintained PBBR code.
I don't quite understand this because it would seem a fully meshed network with no blocked ports and super fast convergence time is pretty much the holy grail of networking. I assume I"m not the only person who sees 50% of their network infrastructure sitting unused and wonders why we aren't feverishly working to solve this waste of resources. So why isn't 802.1AQ (Shortest Path Bridging) more prevalent in data centers and product offerings?
Hi guys. I got a new task at work. Company is planning an upgrade from 10G to 100G by the end of this year. They are getting some deal on wavelength to SIX (Seattle Internet Exchange). Plan is to get a 100G port at SIX and peer. There is not much information available about router/switch models and pricing. I am familiar with Brocade, Ubnt and Mikrotik only. I have only seen one article about Netflix using Arista 7280 and 7500 for the same situation. Does anyone have pricing information about these models? I tried looking them up on ebay and there is nothing. I want to gain some knowledge before talking to vendors. Please share your valuable experience about your 100g solution. Company Budget is $20k, its super low (I know... lol but boss is always right!!).
I asked for help before and got downvoted with zero comments. I read the rules before posting and looked at several other subreddit so I'm pretty sure this is the right place. Please don't just downvote me and ignore this, I will have no way of knowing what I did wrong, and will do it again for lack of feedback.
My company is migrating a customer's building controls from their system to ours. I need to go through several hundred objects with roughly but not exactly the same points and change them up to be able to be visible by our system. This involves a table for each object. The system is Niagara, and I'm trying to pull the tabular data from the system using Java, as that's what it's written in. While the data is tabular I haven't found anything in the documentation that explains how the data is stored or how I would go about converting it to a typical table format like excel. The API is called Baja and it is very large and written for developers, so the perspective does not explore what I'm trying to do in any depth. This is not like pulling xml data using python, the documentation is relatively limited and I have spent a long time trying to figure out which parts I need to use to edit these tables, or even interact with them. The documentation wasn't written with this in mind, and the discussions online don't cover solutions to this type of problem. I'm having trouble finding the circles where these people are, beyond techs doing the basic service call work. Any guidance would be greatly appreciated.
Hey guys,
We use enhanced juniper web filtering which makes use of websense server to find the category of the URL. When i go to csi.websense.com there is a limitation of how many sites you can check a day(5) if you are not a forcepoint customer. Is there another way to find the categories of websites without having all sort of conditions.
I'm pretty new to all this stuff. Just learning about NAT in my class now. I have a decent understanding of subnetting up to this point but am always confused when we start subnetting in the 3rd octet.
I am following a youtube video to help me get through a particular packet tracer problem and have a question about breaking a /19 address into 2 equal subnets.
https://www.youtube.com/watch?v=VGx23Wn4_m4
As you can see in the video he makes it a /20 and breaks it into 172.16.128.0 and 172.16.144.0....
Why can we not break it into 2 equal subnets but keep the /19? So it would be 172.16.128.0 and 172.16.160.0. I'm sure there is a reason why it needs to be made /20 but I just don't see why it would be necessary?!
If someone can shed some light on this for me it would be majorly appreciated!
I'm looking at FortiNet Firewalls and have learned that they can route data between WAN and LAN. And that having a firewall as the edge device instead of a gateway router is normal.
Inside my LAN, I'm using a server for DHCP, DNS, and AD. All these connected through just switches and DMZ segmented by using FortiNet V-DOM.
I have about 100 users and possibly 200-300 devices. But since my Server is handling DHCP and switches routing data between the Firewall, DHCP/DNS/AD Server, and User devices.
Do I need a router? Have I made a silly mistake?
Hello,
I have not been able to find much online. Netbrain and Risc seem to be a similar tools. I am wondering what the major differences are or why an institution would run both in their network?
Maybe my brain is creating a false memory, but I remember reading something that you can have a local cache in the switch after a user has authenticated with RADIUS once via ssh,telnet... so that next time it doesn't have to authenticate with the server. Is it possible ? I can't find the information back on Google.
If you could only use 3 metrics to monitor your network, what would you choose? You can have as many sensors as you want, but you can only choose 3 metrics.
If possible, define those metrics in your own words, and briefly explain why these metrics are the most important.
I want to learn what I should be using for monitoring that perhaps I am not using, and what metrics I should be paying attention to.
Hello,
I wanted to check and see if there were other campus network departments out there that utilize software (commercial or homegrown) to allow outside IT departments to change their switchport access VLAN. If so what software are you using? If it's homegrown is this something you'd be willing to share?
Hello r/networking.
My boss has tasked me to oversee an office extension/buildout of our new space (it's right next door). I need to make sure that the network portion goes smoothly. There is also a possibility of a dedicated fiber optic install that might happen (pending approval).
Our current building (BUILDING A) has the following equipment: * Watchguard firewall - also does routing * HP 2530-48G * 2x HP Procurve 2510G * HP ProLiant Server/ESXI * QNAP (virtual storage)
This is what I was thinking
Add a router such as this one with fiber capabilities. in BUILDING A.
Install 2 switches (such as the 2530) in BUILDING B.
Configure and install Ubiquiti AP's throughout BUILDING A and BUILDING B.
BUILDING B will have Cat6 cabling all throughout. I'm not 100% sure what BUILDING A/our current building has. This was before I joined the company (I assume Cat5e).
For all switches, will configure VLAN's on each, subnets will be /20 (except for a DMZ, that's a /24).
My questions are these:
This is my first actual network buildout, and I do have a coworker in our parent location also giving me some advice. This isn't their first expansion, but I'd like to get things done the right way this time (lack of planning has led some of us to have desktop switches in the office). :(
Thanks in advance to everybody.
EDIT Formatting
I have multiple providers using Metro-E circuits. I would like some suggestions to test the line speed periodically either automatic or less manual.
Here's how I'm doing it now. I transfer a 500MB/1GB file from my desktop (at the data center) to a workstations C: at a remote site. I expect a lot of overhead but given the lines 100Mbit bi-directional speed I'd be satisfied with 80/80 Mbit.
I then record the date/workstations used/and file size/speed results in an Excel spreadsheet. This is very manual and time consuming, probably not that accurate. I do sometimes check link utilization if the speed is questionable.
Are remote sites utilize on average 10% of the link, but sometimes users notice a slow speed if they need to transfer files.
Troubleshooting link speed with an ISP it's usually their "policers" that are configured incorrectly.
Since we experience issues with our services I try to be proactive instead of reactive to a complaint. Anyone out here have a better method to check link speed periodically? No downtime can be incurred so cannot run direct connections between hardware.
Thanks for your suggestions.
Hi all,
I work for a financial firm as a LAN admin and I've been asked to brush up skills to get some WAN training so I can assist in engineering long term. I'd say that I'm at a ccna level right now as far as LAN goes but I'm a bit shaking on the WAN stuff. OSPF and BGP I have a slight understanding of so if there is any course online or somewhere that anybody recommends I can start it would be helpful. Much love!
Today I was setting up an old JDSU test set that doesn't allow setting an Ethertype value for untagged and tagged traffic, only for QnQ, and after mucking with it I decided I needed to research this further. I thought I'd write this up to either be helpful to the community and/or ask for any worthwhile additional information I may have overlooked.
As of this morning, I understood VLAN tags have no field containing data about whether or not that tag is a C-tag or an S-tag. A router will strip off a VLAN tag and process the packet based on that, and the only difference is that it's possible to configure a router with QnQ, at which point the router then continues to look at the packet to see if there's an additional VLAN tag inside the first one, and if there is, act on that as well. As I understood it, if a router's not configured with QnQ the existence of any additional VLAN tags inside the first are immaterial. That being said, I remember configuring Cisco devices a few years ago where we also had to be aware of Ethertype settings. It's been a while so I forget the specifics, but I remember we had to know whether to configure our equipment to use Ethertype 0x8100 or 0x88A8. We never got clear information on what that was about, just that both sides had to match.
Today I was working with a router whose port was configured to be an NNI, and the port was set to expect an Ethertype of 88A8. I didn't think our JDSU specifically needed to be configured for QnQ, I expected that it should be able to pass traffic with only 1 VLAN tag. From the point of view of an ISP I'd expect my customer actually should be sending untagged traffic across my circuit (assuming they have routers at each end, though not everyone does). But this didn't work. I had to specifically set the JDSU for QnQ and tell it to use Ethertype 88A8. Only then could it pass traffic. The inner VLAN was immaterial, but I had to set the JDSU for QnQ and 88A8 before the router would recognize the traffic. Based on what I wrote in my first paragraph I assumed this is because of the 88A8, not that the VLAN tags have any indication of one being an S-tag or C-tag, right?
So I went to 'ze Googles'.
This page seems to say 8100 = regular VLAN traffic and 88A8 = QnQ.
However this page seems to indicate 8100 can also be used on double tagged frames.
The wiki page for 802.1Q matches the first Cisco page I linked to (8100 = regular VLAN traffic and 88A8 = QnQ).
Seeking consensus I keep looking.
The wiki page on Ethertype says 8100 is for a "VLAN-tagged frame (IEEE 802.1Q) and Shortest Path Bridging IEEE 802.1aq with NNI compatibility" and 88A8 is for "Provider Bridging (IEEE 802.1ad) & Shortest Path Bridging IEEE 802.1aq". This seems to indicate that 8100 should be used for QnQ, not 88A8 (the reverse of what seems to be indicated above). It lists 0x9100 as being for "VLAN-tagged (IEEE 802.1Q) frame with double tagging" but that's not an option on the gear I'm working with.
What's interesting are the pictures on that page. If a VLAN tag's needed it gets added before the Ethertype field. But it also says, "A QinQ arrangement would add another four octets tag containing two octets TPID using various EtherType values." I think that's poor English and is supposed to say "A QinQ arrangement would add another four octet tag containing a two octet TPID using various EtherType values." If I'm correct then I was right that Ethertype is not part of the first VLAN tag, but this page seems to be saying the Ethertype IS part of the second VLAN tag.
Clear as mud, right?
So off I go to read RFCs. RFC 5342 doesn't mention 8100 but states that 88A8 is for "Service VLAN tag identifier" which implies QnQ. This IANA page says 8100 is for a C-tag and 88A8 is for an S-tag.
All the other sites I'm seeing are either not IEEE or they're RFC drafts, which not being the published version I wouldn't trust.
So I guess I'm left with nothing concrete. Maybe some equipment automatically assigns the Ethertype based on whether or not you've configured it for QnQ while other equipment gives you the option to modify them separately. I guess the latter is better because it doesn't seem like you can trust the values. But apparently the bottom line is that both VLAN tag and Ethertype have to match or you're SOL, regardless of whether that's part of the VLAN tag or not.
Cheers.
I know hubs are outdated and not used anymore but I was wondering if there are any cases where a hub would be a fitting solution.
We are contemplating an upgrade to a nexus 9500 series chassis switch. The fabric modules are where I'm confused. It says nothing about the FM-E fabric modules being compatible with the 10/40gb cards, only the 100gb cards. In my mind, that means that if I want to run a switch with 40g and 100g cards, and both require 4 FM and 4 FM-E cards, respectively, I'm SOL, because there's only room for 6 FMs. Am I wrong here?
I have a PC with 8 Gb Ram. However it takes ages for vsrx to startup. Anything I need to tweak to make it spin up quickly?
Hey all,
Still working on this wireless stuff. We have a 5520 WLC, and now have all APs set to auto channel and TX power (I have a manual channel/tx plan I came up with in case auto does not work out for us, created with CAD files imported into Ekahau) and have disabled a ton of 2.4 GHz radios. We are using 40 mhz channel width, FT over the DS, and are running 8.3.x code. Our environment is filled with Apple and IOS devices.
Now, I have issues with people using Zoom. The person across from me with a Macbook pro (we all have these) will go wireless and I'll go wired. He'll end up freezing now and again (packet loss?). It's not an internet connection thing or a switch thing, as being wired produces no issues.
Here's the stats. I do not know why the connection score is 0% or the spatial stream shows up as 0%, it did not used to before goin to 8.3.x, Cisco seems to not understand how to report I guess.
https://i.imgur.com/IR0gvES.png
https://i.imgur.com/CXqzDsE.png
I'll be performing an active survey soon here, and it's just going to return what I already know. Good coverage, low interference. Packet loss is inevitable on a wireless medium but he should hardly have any. There's no QoS being done, but QoS wouldn't even come into play with how low the utilization is on the AP (and it's always this low). Zoom using 1 mbps anyway, hardly anything. Thoughts? Ideas?
I specifically went to this code to help with roaming on IOS devices too, but it made no difference. If you walk a bit brisk, you'll end up dropping the call. Walk slower and it's fine. Doesn't matter if it's FT over the air, or FT over the DS. Frustrating stuff.
We are quickly outgrowing our SE800s and SE1200s. We need to move to the next generation with 40g and 100g ports, but multibind is a must. Is this strictly an ericsson feature? We have multiple vlans all bound to the same interface and subnets. I can't seem to find a way to do with with alcatel/cisco/juniper without some overly complicated scheme. Any ideas? We were looking at the Ericsson SSRs, but the licensing is crazy expensive for a smaller ISP. Our reseller suggested the Alcatel 7750 SR12, but we need a feature similar to multibind...
Got a strange one here, a bit out of my depth if I am honest.
I have a network that is unable to start an SA. The phase 1 tunnel is up but I can't get the phase 2 tunnel up. Other networks that are using the same phase 1 tunnel are working fine. I thought sending traffic to the network would bring up the tunnel but it hasn't done anything.
when i run
show crypto ipsec sa it doesn't actually show the phase 2 connection for these 2 networks at all. Any ideas on how I can further troubleshoot or force the phase 2 connection?
Sorry if I am not making much sense here but as I said I am a bit out of my depth to be honest. (Or at least I feel it.) I'm learning though!
I'm going to setup BGP at one of our locations to advertise our /24 subnet. Its my understanding that I can advertise this route out 2 ISP's and then the best path will always be used.
I just got off the phone with a "prospective" secondary ISP and they said they will need a second /24 to match our Comcast /24. What are they talking about? Am I just completely wrong?
Thanks
Hello All,
I am trying to split a network up into two LANS(VLAN) using Unifi/Ubiquiti equipment. The problem here is when i did some research into this i found old information that stated that Unifi equipment does not do MAC address based VLAN tagging. I would like to know if anyone has successfully created a VLAN network using MAC tagging using Unifi/Ubiquiti equipment.
I am spinning up two 4510R+E chassis with one SUP8-E in each chassis. Regarding the physical interfaces I started (over thinking) what interfaces to use for the VSL (virtual switch links). Instinctively I set it up on a Ten sup interface (SFP-10G-SR) to establish the VSS pair more effetively in boot up situations but then started to realize that if one of my sup's died then my VSL goes bye bye. Is it reasonable to convert that sup interface to a GLC-T that would allow me to setup other interfaces on my X4748-UPOE+E line cards for redundancy? (I cant have mismatched 10G and 1G interfaces). Are there some good strategies you have seen in this regard?
Sorry for asking this common question. I have zero experience with networking and am looking for good books/textbooks and online resources to get me started. I was looking at the Introduction to Networks v6 by Cisco Networking Academy but am unsure if this is a good book to start with. Thanks
Hi all.
I have fiber that runs above ground and my particular cable happens to run through some tall tree branches in my neighbor's garden and I worry every time there's heavy wind. When I do a connection test on my XBone, I always get 1% packet loss and have been experiencing some other minor issues past couple of weeks. So my question is this: What would the symptoms of a damaged fiber line be? Would it be a lot more obvious than just 1% of packet loss? I have no idea how these things work, please help!
I work in a rather large building that is 3 floors and is all wired up with fiber optic cables, going to from our communications room to a wall plate in each room, most with multiple runs of pairs of fiber. On the 3rd floor, we are constantly having fiber go bad and having to replace and re-terminate fiber jacks.
A co worker of mine has the idea that the reason this happens is because of how tall the building is, the upper floor most likely gets vibration and swaying from wind and whatnot. He says all this vibration is causing the fiber to go bad and literally says it is disintegrating.
I am rather new to the networking field. Is this a common issue? Could a slight vibration cause fiber to go bad over time? The stuff mostly sits there and is untouched by us, unless we are troubleshooting.
Long story short, We are building a rural fiber network, We have been using a borrowed /23 from another rural ISP an announcing that to them via bgp using a private ASN, they strip the private and announce it upstream. We just got approved and now "own" a /21.
I figured I could keep the setup for the borrowed pool and add another BGP profile and announce that via our real AS but the juniper won't let you announce a private AS and subnet plus a public AS and different subnet to the same peer (unless i'm missing something...)
What is the best way to keep our "borrowed" IP space working AND get our new IP space working so I can get all the servers, equipment etc moved over to the new IP space without trying to "fuck it we do it live" and pulling an all-nighter?
We have Visio, but I was looking for something else possibly.
I'm trying to implement a TCP hole punching example, and I need to know whether NAT devices use the same bindings for UDP and TCP sessions or keep different records for each. Whether such behaviour is specified by a standard or is implementation-dependent. I've skimmed the RFC, but it's unclear on this point.
For example, would a TCP packet from say 192.168.10.10:12345 use the same binding as a previous UDP session from 192.168.10.10:12345 or cause a new binding to be created. As far as I can tell there would be no problem using the same entry, both bindings lead back to same host and it can send the UDP packets to the UDP endpoint, and the TCP packets to the TCP endpoint easily enough.
In some places, we don't always have the luxury of a full test environment. In those cases, how do you test a new firewall to ensure all of the holes are poked accordingly before moving to production? I've used nmap with an alphabet of strings behind it, tcpdump stuff, but is there an easier or different way to do it?
For those of you who have to document something before it hits production, how do you do it? Is it a manual process to make the data look good or is there a tool you use?
I'm just curious to see how other people test/store/present the process of implementing a new firewall/router in an environment where disruption is crippling.
Everyone has a test environment, not everyone has a separate production environment
Been a while since i've posted anything on this subreddit.
I've applied for a Network Consulting Engineer Position and got an interview with a CCIE.... I failed my CCIE twice (second time i truly think i should have got my number and that the switches had a bug which wouldn't let me establish a trunk between my distro switches...) (mpls,vrf,redistribution,dmvpn,route-maps/route-leaks all where same as cisco wanted(utilizing the show commands) but couldn't do an end to end ping since my trunks were not up)
Just wanted some input... i'm currently a system architect and i would say I do a lot of high level things but never diving into the CLI in almost 2 years(production network).... last CLI touch i had was my CCIE studying/test like 8 months ago... my current position is mostly theory and implementation dealing with executives and engineers on way ahead and dicating major changes in the network(actual networking,data centers and security)...
I was wondering what i should do with my interview.... I can explain a lot of networking concepts but i'm truly (rusted)... Any advice?
Anyone have any negative experiences with deploying VeloCloud or dislike the product? If so, why? Will be displacing Fortinet Firewalls with these soon.
I know you can use programs such as Angry IP Scanner to scan a range of IPv4 addresses, which is useful to see everything on the network. But, what I'm trying to do is obtain the IPv6 addresses of all connected devices. I don't think Angry IP can do this, and when searching Google for an application made for this type of stuff, I mostly just see port scanners, which isn't quite what I need.
Is there a utility out there that scans a range of addresses (or a network address) to find the IPv6 addresses of locally connected devices? I mean I suppose I could run Wireshark, and just use the process of elimination to figure out which IPv6 addresses I see belong to what devices, but I feel like there has to be an easier way.
Thanks in advance for any help, I'm certainly not a networking expert, but I do find this stuff really fun to work with.
