I have read a lot about these and it looks like you can connect POE device to Switches with only POE+ capabilities. But I had these issue with Ubiquiti AP some years ago. I had some Cisco Small Business 200 with POE. We bought the Ubiquiti AP and we thought that everything will work because POE is a standard. It didnt work we had to buy the Power Injectors for all the AP.
So the question is how can I know if my legacy devices with POE will work with POE+ switches?
Anyone know where I could find a good price on a Cisco Meraki MX46W and a 3 year Advanced Security license? I want to get one for my home to upgrade my security posture and to use in a lab capacity but the price is pretty steep. There's a few on eBay and most are pretty close to what I can get them on CDW for or really cheap (like probably stolen or a scam cheap). Looking for a good *reputable* seller that can cut that price down. I know if I was buying on behalf of the company I work for we could get 65-75% off retail pretty easily through our distributors but as a regular citizen it's like 25% off and they are acting like it's a sale.
To put it simply, it won't work. I think it has something to do with the laptop i'm using to work requires a docking station because the USB port for the headset is busted. If i have the "ring through internal PC speakers" box checked off it still rings through the headphones. This makes sense because When I plug the headset in to the docking station the default sound on my laptop becomes the headset.
Now heres the odd part... If I change the default sound settings back to the internal speakers and leave that box checked, it WILL ring through the speakers, however I am then no longer able to hear the customers through my headset, rather they come in through the PC speakers instead. Anyone familiar with this issue?
Further details: O/S: Windows 7 Professional
Laptop: Dell Lattitude
Docking Station: Also Dell, not sure the model
So I am in a tough position.
We recently moved sites, and during the move a vendor configured our switches and an edgemarc 2900e and sent them to me to connect. FedEx failed to deliver them, and I had to get them from a distribution center.
I was supposed to have assistance from our MSP to install these, but the delay caused them to no longer be available. We open at our new site on Monday, and I have installed the switches - internet is up and running, but I have this edgemarc 2900e I dont know what to do with.
I'm not a networking guy, I can just plug it in, and as far as I know it is configured to plug in and work. I am not sure where in the flow of the network it should go.
We have comcast come into the IT closet, which goes into a Cisco ISR 1000, which goes out to a second ISR 1100 and then both the ISR's flow into the four switches we have.
I would assume the only place the edgemarc could go to catch all the traffic is between the comcast and the first ISR, but when I have comcast go into the edgemarc and the edgemarc out to the ISR nothing works.
The device I am referring to: http://www.startechtel.com/docs/EWN2900E1000015_Manual.pdf
Any help would really be appreciated. Thank you. I hope this post falls under Questions for enterprise, this is a small health care non-profit, our network isn't the biggest, but it isn't small either.
Working at a company that has 3 completely different networks but all running from 1 cable modem (Not important).
The printer has a static IP of 192.168.71.75
I am trying to network our 1 main printer to 2 networks. Network 1 is being firewalled by fortiguard.. No internet... The other network is pretty open. . Everytime I plug an ethernet cable from network 2 (that has internet) to an open port on a switch from network 1. Fortiguard takes over network 2 and blocks internet to everyone on it. But network 1 and network 2 router IP address is 192.168.71.1.. Now obviously, this doesn't happen if I set network 2 IP address to 192.168.72.1.. the only problem is that It won't find the printer still on that network. Help.. Ideas?? I also, do not have access to fortiguard account to change anything on that network.
I created a mgmt vlan and I am purposely not assigning any access ports to the native VLAN (1)
I created a Trunk port and I am allowing VLANs 2, 3 and 4
The trunk port has a PVID of 1 and 'Untagged VLAN' of 1
Is this acceptable? or is this bad pratice?
Thanks
Hello All,
Was wondering if anyone could tell me if the Aruba 2920 switches are capable of supporting ACLs on vlans. Our current core switch is a procurve 2910 which only supports port based ACLs so we need to find something that does. If anyone has any other recommendations, I be up for it but just something to consider, it has to be an HP brand switch. My Seniors has made that clear to me.
Thanks!
From router, I cant ping the peer address. Though I can learn the mac from switch and resolve using arp?
This is just a point-to-point connection.
Diagram: RT1---SWC4500(g2/10)---RT2
Also from switch Im seeing that peer IP has multiple vlan tag? Do you think i affect the layer 3 reachability?
SW#sh mac address-table interface g2/10
Unicast Entries
vlan mac address type protocols port
---------+---------------+--------+---------------------+-------------------------
600 5c5e.abd2.3561 dynamic ip,ipx,assigned,other GigabitEthernet2/10
621 5c5e.abd2.3561 dynamic ip,ipx,assigned,other GigabitEthernet2/10
RT1#sh arp | i 1.1.1.1
1.1.1.1 - d867.d929.c744 Interface ARPA Bundle-Ether12.621
1.1.1.2 00:00:06 5c5e.abd2.3561 Dynamic ARPA Bundle-Ether12.621
What would be the cause possible of IP reachability issue?
Thanks
My laptop connects on every network but it doesn't work unless I walk away from the router. It's connected but chrome says no internet connection, when I walk away from it everything is working nicely. I don't have no idea what can possibly be wrong (I have tested it on several networks, it's same on every one, so I guess it's laptop's problem)
I've seen several people here casually throw around the idea that 5G is basically poised to overthrow Wi-Fi, as though it were a matter of widely-accepted fact. At least in my vertical (K12 in North America) I have nothing on my radar to suggest that will happen any time soon.
I can see cellular/5G spreading rapidly in the IoT space, but do we have good reason to believe it will overtake any other problem we currently solve with Wi-Fi?
Hi folks
I am posting this here because it's not exactly early career advice, so hoping it fits into the senior progression category.
I've been a network engineer for almost 5 years now, and have been a 'senior' in my company for about 2 years. I work for a major UK company with a very large, mixed network (Cloud, enterprise, ISP, Nexus DC's, Wireless, security etc...). I do lots of support, design, network firefighting, root cause analysis, process development and improvement, automation, scripting and much more.
I've gained a lot of great experience and am well respected in my company by my peers and managers. I hold 6 current IT certs including the CCNP R&S. My highest level of formal education however, is that of 'some college'. I have a college cert in networking at NVQ level 3. UK people will know what that means, it's lower than a degree and a diploma, basically a post high school certificate. Everything else I've 'self studied' through books, videos, labs and on the Job learning.
So far I have not experienced any issues whatsoever with me not having a degree, it's almost never been brought up and when it has it's been overlooked in lieu of my talents/experience/certs etc. I've managed to land all my networking jobs so far on the first interview, as I interview quite well and have passed the technical examinations. I'm at a level now though where I'm starting to look around at my peers and can see I am surrounded by people who, on paper, are much more highly educated than me. I've been thinking about Brexit, and how if the UK economy tanks and people start losing their jobs these might be the people I am competing against for fewer jobs.
I have an opportunity to do a masters degree in networks part time at a reputable university. It's cost prohibitive but I can afford it by spreading the payments. I'm in my 30's by the way.
Do you guys think it's worth doing a degree at this stage of my (Somewhat established) career? or even necessary ?
I want to do it, but don't want to put myself through the mill if it's going to be irrelevant to my career progression. Considering I am constantly having to learn new technologies and get certified in them because of my job, it's going to mean a lot of extra study.
I appreciate any thoughts you guys have on this, I'm at a bit of a crossroads and am trying to decide the best way forward.
Hello everyone,
This what happened, out of the blue, my PC stopped connecting to the internet (a wired connection directly to the router) and the ethernet icon on Windows 10 kept flickering between "red not connected sign" and "yellow connected but no internet one" over and over again and not connecting at all.
Now, I've tried a few things; starting with the router, I've tried three different routers "one ZTE and two TP-Link"; then with the internet wire, I've also changed the wire connecting my PC to the router; finishing off with the PC, I've installed a new version of Windows 10, Uninstalled then installed the ethernet drivers and tried the safe mode with networking. Nothing worked.
The interesting part is, I've an access point that when I switched it to the mode when It is connected with a wire to my PC and wirelessly to the router, my PC gets connected (thats when I knew that ethernet port on my MB is working, MB is ASUS M5a 97 r2.0) .
Any help please, I have failed so far to tackle this issue.
Cheers,
I recently upgraded my friend's office from a coax cable connection to Comcast Dedicated Ethernet fiber. Comcast made a big deal about how I needed to make sure I shaped the outbound traffic so as not to exceed the CIR (200/200), otherwise TCP traffic would be severely affected.
This wasn't a problem as we had a Palo Alto firewall that could easily do that, but it made me wonder why this was something I had to do instead of the coax connections where we just plugged E0 on the firewall into the modem from Comcast and let the ISP handle all the rate limiting? What's the difference between the two connections in terms of how the rate limits are enforced?
My role as Director of Business Development/Project Management(damn sales guys right) has done little to prepare me for my most recent and apparently urgent assignment:
-Evaluate company’s desktop equipment, software installations, VoIP service and local network and web application environment. The purpose being to identify opportunities for improved security, connectivity, scalability, efficiency and maintenance.
-Question Numero Uno, and the specific goal of this post, is whether I should continue as the confused/uneducated party responsible to maintain the local network, leaning on tele-support options like Geek Squad when I need guidance or clarification to continue? Or am I anywhere near justification for outsourcing and the associated costs? Lastly, can y’all make suggestions outside the two options currently on the table?? Maybe a hybrid solution or tech/hardware/software driven solution that simplifies local network administration for dum-dums like this one???
Just a little tidbit on our business and technology’s role within it:
-We are a Small Business clocking sub$5MM in annual revenue. We employ 23 people and assign work to thousands of subcontractors nationally every month. - The office with the local network, is what I’m most concerned about this minute. There are 20 work-stations for our 24, soon to be 25 employees. Around 5 people generally work remotely, using their own personal computer to access the web ab and with private cell phones. -Keep in mind that no info data, etc -Most key work flow processes are carried out by our team, predominately using our proprietary PreCloudEra-cloud based application. Our CEO guided its development back in 08 working with a seemingly well-talented programmer. He since made a change and we parted ways. We were referred to a development firm in India and we now pay a monthly amount to have them staff one top quality full-time, dedicated developer who handles ALL updates and new coding related to our application. He also created and maintains the hosting environment(AWS redundant servers, etc...) I’m very excited about task automation too. Can anybody give me a little feedback on their favorite platforms for such an item?
-Being I’m addressing the local network, which is used exclusively for internet connectivity and networking printers, (lately those of us with laptops that we can’t plug in to Ethernet, have been greatly affected by WiFi interruptions.) No file sharing occurs locally. We utilize many of the office 365 apps, including one-drive for cloud sharing.
Please stick with me one minute more. Summary of local network: cox for business powers—-> zyxcel router powers——>24 port Cisco switch connects——->live Cat 6 at each station powers——>20+ polycom VoIP desk phones on Intermedia’s platform, powers——- ——-->each of 20+ desktop PCs, all HP, running varying versions of Windows 7-10 home, and varying antivirus/security software all with different renewal dates/trial lengths/associated svc plans..... We are not storing or saving anything locally on the network except what’s saved to our actual individual computers. from our owned software to the office 365 apps, nearly everything we do is cloud based. That said, I’m wondering if vulnerability in the local network could ultimately offer a path to our web application that our on-site/remote employees are logging in to and working in daily. The MySQL database for our web app stores a lot of protected data, so we would want to be leaving a back door.
Solution: This is where you come in. -I have already identified the value in paying for and installing Windows 10Pro on all of the company’s equipment. Especially since we use the office apps and they sync up nicely. -Next, should I shop firewalls, antivirus softwares, upgrade switch (24 ports will be too small within 30-60 days), WiFi router apart from firewall? -Is there any good reason to evaluate security the same way where I have offsite folks who A) use the same phones which connects them to same cloud phx? B) log directly in to our web application with near admin level access from their personal PCs. -Is it realistic, as we near 30+ devices including printers and TVs, for me to continue handling this with as needed tele-support? If so, can y’all suggest a more user friendly solution for setup and for maintenance review? Perhaps an automated solution for risk alerts and guided steps for configuration changes? All of this coupled with kickass security we can be proud of will be a huge weight off my shoulders. You see most of our clients are fortune 500 and either subject to FCRA or HIPPA, so we wanna tighten up before they audit.
IMPORTANT: if we are better off to outsource to a 3rd party IT mgmt company, please give me any available advice on finding a good dependable accountable solution!
Thanks Reddit!!
What everyone favorite NAS? I have a wd ex2100 and I’m looking to grab a symbology 2bay nas that supports running small Linux virtual machines. I’m also curious to know how the nas in link below perform when running 2 Debian os at the same time.
One be dns and the other be a lab os.
Hi All
Not a network expert but I have a business network for my friend he got a standard business router (Router A) for WiFi however since he is using chromecast in his lounge customers end up casting changing videos etc
We purchased a AP router (Router B) - TP-Link EAP115 to give free access to customers by allowing them to login with Facebook like etc
The issue is now after setting it up and connecting to the new Router B, people can still discover the chromecast on their phone!
How can I disallow/hide this from the customers that connect to Router B
Any advise please thanks
I hope I'm writing this in the right place.. Apologies if not.
I have been working in IT Support for the last 7 years and have decided to make the jump into Networking. I took a month out of employment to focus on attaining the CCNA and am taking the CCENT this friday.
I am very fortunate and have been offered 2 jobs as a Junior Network Engineer. Both are for fairly small MSP's.
One is extremely close to me and offering 23k (gbp) with a further 1.5k on-call once I enter the shift rota in around 6 months. This one will primarily involve fixing copper broadband lines and taking calls for new issues and faults.
The second is around 20 miles away and offering 20k, which they have guaranteed will increase to 23k in 6 months. This one specialises in Wireless, utilising Ruckus etc. I need to consider the travel with this one as it would cost around 2k per annum. They have agreed to assist in Wireless related certifications.
I'm wondering whether to go down the Wireless route or whether to stick to slightly more money and less travel but fixing lines and engaging with more basic issues. Either are new to me at this point.
I'd appreciate any advice you could offer. Thanks in advance.
Hello all, I am fairly new to the networking field as I have been studying for my CCNA and about to start a help desk role for a telecom company. For the last couple of years, I have been installing structured cabling (CAT6/Fiber), patch panels, routers and switches. No configurations, just pulling and terminating cable, and rack and stack. I enjoy hands-on work but I also enjoy the computer side of things. I was wondering what type of Network Engineers out there, work with new clients on the installation and configurations of lets say their new offices. I am interested in a role where I work on deployment projects of networks for new client sites. I would like a traveling role, working with a variety of different deployments, and doing the initial configurations and installations. I have heard VARs do this specifically, and I just wanted to reach out and see if anyone would like to share their perspective on this. Thank you.
So I’m using my pc as a router for my ps4 since the original ps4 doesn’t support 5ghz, and my question is, is there a way I can keep the internet connection to my ps4 while my pc is on sleep mode? My pc heats up my room fairly quickly.
I have a Meraki MX upstream routing 10.0.10.0/24 10.0.20.0/24 via 10.255.10.4 (on Arista)
created two vlans 40 and 41, that i wish to connect to ports 19-22 for a few ESXi hosts.
however 'show vlan'
localhost(config-vlan-40)#sh vlan
VLAN Name Status Ports
----- -------------------------------- --------- -------------------------------
1 default active Cpu, Et1, Et3, Et5, Et6, Et7
Et8, Et9, Et10, Et11, Et12
Et13, Et14, Et15, Et16, Et32
40 VLAN0040 active Cpu
41 VLAN0041 active Cpu
66 VLAN0066 active Cpu, Et33
67 VLAN0067 active Cpu, Et35
vlan 66 and 67 was my test for the routes from the MX and thet work but to the single ports however when i do 19-22
40 untagged 41 tagged unabled to bring up the vlan interface.
! Command: show running-config
! device: localhost (DCS-7140T-8S, EOS-4.13.7.2M)
!
! boot system flash:/EOS-4.13.7.2M.swi
!
transceiver qsfp default-mode 4x10G
!
snmp-server community public ro
snmp-server community read ro
snmp-server community write rw
!
spanning-tree mode mstp
!
aaa authorization exec default local
!
no aaa root
!
username admin privilege 15 role
!
environment fan-speed override 40
!
vlan 40-41,66-67
!
interface Ethernet18
flowcontrol receive on
!
interface Ethernet19
flowcontrol receive on
switchport access vlan 40
switchport mode trunk
!
interface Ethernet20
flowcontrol receive on
switchport access vlan 40
switchport mode trunk
!
interface Ethernet21
flowcontrol receive on
switchport access vlan 40
switchport mode trunk
!
interface Ethernet22
flowcontrol receive on
switchport access vlan 40
switchport mode trunk
!
interface Ethernet23
flowcontrol receive on
!
interface Ethernet33
flowcontrol receive on
switchport access vlan 66
!
interface Ethernet34
flowcontrol receive on
switchport access vlan 66
!
interface Ethernet35
flowcontrol receive on
switchport access vlan 67
!
interface Ethernet36
flowcontrol receive on
!
interface Ethernet37
flowcontrol receive on
switchport access vlan 40
switchport mode trunk
!
interface Ethernet38
flowcontrol receive on
!
interface Ethernet48
flowcontrol receive on
!
interface Management1
!
interface Management2
!
interface Vlan1
description san-network
mtu 9000
!
interface Vlan40
description view-desktops-vlan-40
ip address 10.0.10.1/24
ip dhcp smart-relay
ip helper-address 10.255.10.2
!
interface Vlan41
description view-desktops-vlan-41
ip address 10.0.20.1/24
ip dhcp smart-relay
ip helper-address 10.255.10.2
!
interface Vlan66
ip address 10.255.10.4/24
!
interface Vlan67
ip address 10.10.11.1/24
!
ip route 0.0.0.0/0 10.255.10.2
!
ip routing
!
management api http-commands
no shutdown
!
!
what am i missing here?
So I just got done implementing some Cisco 2960X's throughout the building at my work. I set them all up at my desk and then added them to the Cisco Network Assistant to make sure that I could easily have a way to manage them.
We completed the switch over tonight and noticed something odd whenever I checked the Network Assistant.
You'll see in the image that switch 309.1 is the centralized switch. (Eventually I will be adding a layer 3 3850 switch to be my core switch.)
"6thIT" has a straight connection to the "309.1" switch as well as "3rdNorth".
I was expecting "6thIT" to have just a straight connection to "309.1" as that's how it's connected directly.
However it also has a connection going to "3rdNorth" which to be clear there is not a connection straight from the "3rdNorth" switch to the "6thIT" switch. If there was would this also not cause a network loop?
Let me know what this might be and if there is anything that I need to double check on my end. After the implementation our network is working as it should and I have not noticed and limitations at all.
Hello! I am working on a tool that works with device configurations, to look for configuration drift, generate device specific configurations, etc.
My tool should work for any configuration. To that end, I would like to collect base configurations of all kinds, so I can ensure my tool works appropriately.
I would really appreciate it if any of you could provide some base configurations for your environment, so I can use them to test my tool.
I'm especially interested in layer 3 device configurations, and configurations that have a different style than Cisco (Juniper, HP, etc).
Thanks in advance for any help you can provide!
Hi All
Would anyone be able to shed some light on limitations with using PIM ASM for multicast group to VNI propagation to the VTEP apart from having a lot of (S,G) entries.
Is that going to be consumed rapidly if on 9k switches. The limitation with PIM Bidir is that it currently does not support tenant routed multicast.
But wanted to understand some success stories with using 3 Spine and ~20-30 leaf if any limitations were found with using PIM ASM.
Thanks in advance
On a non-domain network, why is that when I spin up a new windows VM that all my other Windows devices can automatically resolve its hostname? I never add a DNS record to our DNS server, nor do I see one get created. Also, I never edit the hosts file and add a manual entry. Is this Dynamic DNS? Is this proprietary to Windows?
I figured that since I wasn't adding a hosts file entry, that the resolution must have been happening via our DNS server. To me, this implied that the new machine must be making some generic DNS broadcast (sort of like a DHCP request). So I monitored a Wireshark capture throughout the whole configuration of the VM, start to finish, filtering for packets going to my DNS server. I saw two packets originate from a new IP that I didn't recognize. Sure enough, it was ip of the new machine. These were the two packets:
10.11.0.90 10.11.12.224 53 DNS 76 Standard query 0xd53a A time.windows.com 10.11.0.90 10.11.12.224 53 DNS 76 Standard query 0x7bdd A dns.msftncsi.com
But these don't appear to be doing anything like "add an A record for me DNS server". Just fetching the times server, and network connectivity status. So where's the magic happening??
I will likely be hiring someone to do this as I am mostly a sysadmin and while I could hack the networking together this may be too critical for me to guess through it, but because I'm a creature that likes learning...
If you had 3 facilities, each with basic "business" internet with NO SLA (imagine comcast) and that was your only option, but you could also have microwave/long range wireless link between the facilities as backup (or vice-versa). What would you buy for devices to interconnect these 3 facilities?
so basically I will have comcast-like modem as one internet handoff and probably another handoff for the microwave link at each facility.
I would like automatic HA/failover for the devices AND the WAN connections, if it means buying 2 devices for each facility I am ok with that.
I would also like something with a GUI and CLI, if possible, but I can manage CLI-only if needed (there may be others that would struggle with it involved too, hence why GUI would be nice).
Does anyone have a diagram of how this would be connected up?
I'm in a job where I configure circuits for VPN networks. I encounter both Cisco and juniper routers.
While determining the next available IP assignment, I noticed that there seemed to be a pattern of the IP assignment. They would go in increments of 4 (xx.xx.xxx.16, xx.xx.xxx.20, etc.). Within each group of four, the IP would increment by 1 (. 16 would have 17, 18, and 19 available to use and 20 would have 21, 22, and 23 to use).
I was wondering about the .16 and the .20. Are those not used?
Hey guys. Happy weekend. Sorry for a dumb question, but I am working an area that I am less than expert.
I recently inherited a building, and had to replace a jacked up two-post rack with a full 42u enclosure. I transitioned the existing patch panels into their new home, and we had enough slack. In some cases it was pretty tight, while other trunks had plenty of lead.
I managed it as best I could with the velcro at hand, and some additional zip ties where necessary. (Don't worry, they are temporary.)
So it occurs to me that I have no idea how to manage these cables. What are my options for routing and securing the cables? Thoughts? Thanks!
Does having multiple paths to a destination increase FIB usage?
e.g let’s say I have a router with 100K FIB limit. If I have 50K destination prefixes but they all have 2 next-hops each for ECMP, is my FIB now 100% used?
I'm attempting to parse the output of Packet-Tracer using TextFSM, but the first phase is never matched. Here's the relevant part of my template:
Value Required PHASE (.*) ^Phase: ${PHASE}
I've tried various permutations of the above with no luck.
So this is a situation that happened today. My company deployed Cisco ISE a couple months back, and, despite a few problems, I'm really enjoying ISE. Now obviously a lot of trouble tickets that come in now a days are just adding a phone or printer MAC to the Identity Group or whitelisting a PC MAC temporarily so we can push new certifications to the PC.
Well this one customer in particular has been needing a new MAC added every other day, so this morning I decided to look at all dot1x failures on that building's switch and then go out there and fix them all at once. I look through the list of MACs, and I notice one MAC looked odd. A completely different OUI than any other device on our network. I check that failed authentication session in ISE, and notice that it labels the Endpoint Profile as Nortel. Thats odd, because we shouldn't have any Nortel devices. I search in ISE for the first 6 of that OUI and notice that we have 4 Nortel devices on our network. Our network currently has 3,000 dot1x sessions active, so 4 Nortel devices is really odd.
I also notice that 3 of the Nortel devices have authenticated with the PC dot1x policy, which means they are authenticating with certificates and not MACs. Better yet, theres one Nortel device in the building I work in, connected to the same switch as me! I tell my more senior network engineer, and now we're both interested. Its very unlikely these devices are rogue machines if they are authenticating with certificates, but still, we're both wondering what Nortel devices could be in use. We immediately go to question the sysadmin shop, but they have no clue. We figure out the switch port the device is connected too, and also the wall port number labeled on the path panel. We hunt all over the offices looking for the wall port, but there's no real rhyme or reason to how they were labeled and large desks cover most ports. Finally, the senior network engineer spies an interesting looking laptop. It just so happens that the laptop in question was mine. I, for some reason, was issued a Lenovo laptop, while the other thousands of ends users use mostly HPs. I tell him thats mine and its a Lenovo, not a Nortel, but he still insists I check my MAC....
Lo and behold, I was the rogue device. I can only assume that Lenovo must have bought Nortel NICs or something along those lines, which is why ISE displayed the device as Nortel. We all got a good laugh out of it, and I genuinely say I would have NEVER checked my own PC. https://imgur.com/a/4aKF7XR
TLDR. Found an odd MAC on my network, after searching all over for it, turns out it was my PC.
Edit: Rogue not rouge
Hello guys, My NOC Supervisor and I were just having a conversation about a potential Multi-SSID WLAN project for some residential buildings.
The idea is where we would have multiple APs for each residential unit/suite, per floor, say 10+ Floors. Each AP would be preconfigured have each SSID be in it's own VLAN(For customer LAN enviroment) and to broadcast the SSID assigned to that unit so the customer may access their network at home.
The AP will also be broadcasting, or rather not, every other non-assigned SSID(for the whole building) as Hidden Networks, to allow roaming, for the same unit-SSID everywhere in the complex without drops.
Very ambitious, I guess at this point the limitation would how many SSIDs a single AP can hold.
Based on some articles I read, there is a range of between 0-64 SSIDs per unit so I don't think thats an issue.
Seems like it's more of an overhead problem where the more SSIDs are in a network, the more ssid beacon frames are sent, slowing down the network with upwards of 50% management overhead.
I was wondering if you guys had any ideas as to how far we can get with this idea?
I had another idea with GPON equipment and programming magic to make the ONTs broadcast 2 networks, one home and one single community-ssid for non-LAN access (IP Isolation) and when you connect to the lan-SSID, it automatically connects you with the hidden one.
Hi Guys,
When would a reverse proxy be favored over a traditional load balancer for making websites/applications accessible from the internet?
After reading about reverse proxy, to me it seems like the more "secure" option for publishing websites out to the internet - however in the jobs I have worked before we have not used this technology to make web servers accessible from the internet - we always perform a NAT into the DMZ, to the front end of a load balancer and the web servers sit behind that.
When would a reverse proxy be favored over a load balancer and visa versa?
We purchased a couple of Aruba 8320s and would like to run Axiom J4859D SFP transceivers (FS.com doesn't have compatible transceivers yet) but upon inserting them into the switch, it shows 'Unsupported XCVR'
Anyone know how to get these SFPs working?
The developers here are starting to work with a multicast protocol implementation in one of our products per a customer request. I have two subnets, one for static hosts/servers and one for user desktops/laptops, etc, with a SonicWall routing between them and to the public internet. The developers need multicast traffic from one subnet to reach the other.
Multicast support is disabled by default on this SonicWall. But, it looks like all that's needed to enable is to check a box in the Firewall Settings and check a box on each of the relevant interfaces - easy enough.
And as soon as I did, the network ground to a near halt. I am not sure of the exact symptoms, but it took about 10 minutes to be able to bring up the web admin interface on the Sonicwall so I could get those boxes unchecked again.
I'm a sysadmin in a one-man shop, so while I have a baseline competency with networking, I don't know enough about multicast as a technology to figure out what went wrong.
Is there any obvious textbook cause why this would have happened? Doesn't need to be Sonicwall-specific (click this button then that one), but conceptually, what happened?
Hello, I am working on a small project investigating the challenges with testing an IP-based computer network. I have come up with two so far - scalability and resource. Scalability being the fact we're being asked to test 100G ports in a model capable of only 40G traffic. Resource is a challenge too. We're a small team and when we're all in the office it's fine - we can work on individual specialities - but as soon as Leave or illness comes in we struggle to move the skills around. I would love some thoughts on more technical challenges if you have any
My boss, who is not from around here and constantly complains about how things are done in "America", claimed that the newly-placed server rack which is upside down is actually right-side up, based upon how things are done with "real" racks in other parts of the world.
So, the power prongs (on the attached power rail) have the ground pin on top and the two tines on the bottom, like a triangle, and the cable to this power rail goes to the ceiling, when we otherwise have power on the floor. We may have power somewhere above the drop ceiling, I'm not sure.
I just want to verify his claims for myself, because he isn't really listening to me while I observe with my best :/ face on.
Hello, we are having an issue with a gig link between our datacenters. We are only getting roughly 400mb of throughput using iperf between two systems during downtime. When switching to UDP, we get nearly the full gig. Our first thought was window sizing, and the possible need for a wan accelerator. Has anyone seen this before? If so, what did you do to fix it?
I'm moving to a place without any Ethernet/LAN wall ports. Can anyone help a Network newbie and explain if there's a way to get good connection for gaming in a situation like this?
Dear /r/networking, I have a problem connecting the SG350 to a HP Comware switch (A5800).
I have quite few SG300 switches and they work OK when connected to the HPE A5800. Recently I've got a new SG350 and trunk port configuration doesn't work. The port on HP switch is configured like this: vlan 1 untagged (native), vlan 160 tagged. On sg350 I've configured uplink to HPE as a trunk port with tagged vlan 160.
When I connect SG300 with the same port configuration I can see incoming mac addresses on both native and tagged vlans, on the SG350 I see incoming mac addresses only in the default vlan
Example port config on A5800:
interface GigabitEthernet2/0/40 port link-mode bridge port link-type trunk port trunk permit vlan 1 160 #
Port config on SG300 (uplink to a5800, works):
interface gigabitethernet50 switchport trunk allowed vlan add 160
Port config on SG350 (uplink to a5800, doesn't work) :
interface gigabitethernet50 switchport trunk allowed vlan add 160
I've also tried switchport mode general with no result.
Any hints?
I'm mostly a jack of all trade guys and wanted to double check something. https://imgur.com/a/YPGGr38
I am looking to add the new addition that is in red. My goal is to separate that switch onto a new vlan and network similar to the phone server scope.
Create a new dhcp scope on dhcp server for 192.1.2.50-192.1.2.200.
Create vlan 35 with ip helper for ports that will be used for access points and map it to that dhcp server for dhcp scope. I will need to tag those ports. Anything else would just get a regular dhcp scope.
I want to create similar to phone scopes but instead of using the phone dhcp, use the dhcp server.
If anyone see any issues with this setup, please let me know.
I'm looking for a resource that describes how vLANs operate from a conceptual standpoint, rather than a, "Here's how you configure a vLAN on our particular hardware," angle. Ideally it would describe how switches deal with vLAN tags in different scenarios, what the terminology means, etc.
Hey all,
I'm looking at maybe picking up a Fortinet Fortigate 50E (FWF-50) and had some questions.
First question is regarding the licensing. I see that I can buy them from a lot of places both new and used. I know new I won't have a license and even with Amazon I've seen some complaints about people getting a device that shows up with just a few months left on the term due to the clock starting when it left the first vendor rather than when it left Amazon. So to avoid some of the headaches (and maybe save some cash buying a used one) I was thinking I'd get it without licensing and just buy the license separate and load it on. Is there any problem with this approach?
Next is access points. I've had issues in the past with the various WIFI routers I've owned due to where the cable comes into the house. As is often the case where the wiring comes in isn't ideal to get full coverage. That said I'd like to run cabling upstairs and put an AP up there. Are there any caveats to adding an AP to this device that I should be aware of? I've never actually used Fortinets at all, where I work was a Juniper shop and has converted to a Cisco shop. I know both of those have some weird quirks with what's compatible with what, etc and I just want to make sure there's no big gotchas other than checking to see if the models are compatible with each other.
I am actually leaving my job in a couple weeks to take a new role at a place that's a Fortinet shop. That coupled with a bit of inspiration from this sub has got me thinking I'd like to upgrade my home kit from the mid-grade Netgear home crap I have to entry level small business kit (baby steps). To be honest until I saw a few threads here I had no idea Fortinet sold an entry level line that's this affordable so I'd never considered it as being an option for home.
Hello ppl of reddit,
I need some career advice. Story of my life in nutshell: I was attempting uni (computer science), but i have not graduated, after i was doing all kind of low level job (cleaner, fork-lift driver, waiter...) then i got fed up and once a friend of mine (CCIE) suggested to start learning cisco. I did. I wanted to work in security, but first things first, need the fundamentals and i did ccna r&s. After i was looking for a job, but i quit and change again and change again and now i am at about to change again and im not sure what would be the smartest move right now.
First i got a network designer job in an SSC, this was too boring, no technical tasks. Standard designs, mostly worked in excel and visio. (about a year)
Then i got a junior pen-tester job (lower job grade as network designer), which was very cool, but the management was trying to fight the fire in a burning building with a cup of water...it was a mess and too much headache. So less value i could extract there. Basically we were reporting stock web app issues... (9 months)
Then i changed to system verification job (R&D). Basically i have to support my colleagues in a data center environment. Configuring underlay network and testing (regression,sanity) switch firmware, (in security aspect as well, but that is just a very small slice), reproducing customer issues and solving them. ( Trial period will end soon)
I got two offers:
One is a Cyber Threat Defence Analyst, which is an real-time, eye on glass job, where we need to review SIEM alerts and escalation by end users. Escalating anomalies.
The other is a network engineer. Operation and maintenance of global back bone, resolving trouble tickets, on call support (night and weekend), domain registration.
I am a CCNP R&S and CCNA Cyber Ops and so close to OSCP.
What would you do? Stay at the data center where probably SD network will be the direction OR regular network engineering where later on i could try the ccie OR go for cyber cybersecurity, which is the closest to my heart?
I am a little afriad of the cyber threat job, because probably it is just staring at various displays (which is boring AF) but if there is chance to grow and in 1-2 years doing some interesing jobs in a SOC (if there is...) then it worth the suffer...but i have to stop jumping from job to job.
What would be a reasonable decision here? What would you do guys? Any advice with a bit of reasons? (31 yrs old with family)
Hi everyone! I'm the sole network engineer recently hired to work on a fairly new MPLS network. It was designed and handed over to my employer before I came on board. I've begun testing the network and I've noticed a potentially huge flaw in the design.
While this is a fairly straight forward MPLS network, it does have a slight hitch. All L1 connectivity is done via microwave which connects to around 100 sites. Every site has a 3560 switch (L2 ONLY) which was meant to serve as the PE and all hub sites have Cisco ASR1002s. Due to being microwave, a lot of the sites are in remote locations and the microwave paths are crossed over with the 3560. This network is doing iBGP in the core with OSPF as the IGP. So if I were to bring on a customer at SW1 in the middle of a segment, I'd peer them via eBGP with R2 and R3 with the intent that if the link failed, it would go in the other direction to reach CE2.
Here is a sample segment from my lab:
Although, there are only 2 switches in the drawing, sometimes there are as many as 6 3560 switches between ASRs.
The issue I'm having occurs when the microwave path gets interrupted between switch sites. As depicted in the drawing, when I shut down SW1 port F0/7, CE1 can no longer reach CE2.
The issue is that R2, is still preferring its 0.0.0.0 path to CE1 because it acts like it isn't aware the path between SW1 and SW2 has failed.
Is there something I could do with BGP to make it not prefer its local originated route?
I realize since it's Cisco I could just change the weight something higher than 32768 on the R3 neighbor, but when I did this in my lab, it only went to R3 and still wouldn't failover.
I hope bringing 3560s into the iBGP mesh isn't the only way to fix this.
I'm sorry about the lengthy post and I'm truly appreciative any input I get. Thanks!
What do u guys think about the future of SD-WAN and the viptela products? Thoughts, concerns,topics
Do any of you follow a 'documented' development cycle for any of the scripting / automation / DevOps that you do? Any special software you use to aid in the sign-off and deployment of the code?
We are just getting around to getting an 'official' internal server to be used to house git repos for those of us in IT that aren't on the development side of the house. I'm interested to hear what others are doing and if / what kind of defined processes you're using.
So I downloaded wireshark onto my laptop because i'm learning about networks and internet and I was given a task that has to be done through wireshark.
So what the task is about is basically getting a screen capture of DHCP and ARP packets , in other words traffic generated by DHCP (acquisition of the IP address from the DHCP server)
These are the steps ive done to try get a screen capture of it
1)So ive cleared the arp cache
2)Then I use ipconfig/flushdns in the command prompt
3)Then I start wireshark analyser (should I use wifi or lan interface ?)
4) Should I do something with filters to eliminate background traffic ? because when I run wifi interface I get a lot of different packets
5)I use the fliter bootp||arp , but only get arp packets , its not until I start using command prompt and type in ipconfig/release and ipconfig/renew that I get DHCP packets
Note I should be getting DHCP packets first and then ARP packets
Can anyone give me any suggestions
Anyone know of a easy way to convert a HP switch log file to a Zyxel switch log file?
Any help greatly received
Hello,
I am in process of rolling out bunch of cookie cutter 10-rack environments around the world. Configs are built automatically, switches are being provisioned by POAP - that pretty much takes care of most of human error issues, except for wiring and using the right SFPs and QSFPs. So I need to verify that everything is indeed plugged in the same way I would expect it to be done.
It shouldn't be too hard to write a script (probably with netmiko) that would SSH in, get all the data and compare it to what I expect, but before I do it I want to check - maybe somebody did something similar already? I wasn't able to find anything terribly useful with Google, so if you could point me to scripts or some other way somebody else have handled this task - it would be greatly appreciated!
Hi;
In the case of multiple Policy Sets on Cisco ISE, what order of processing/operation takes place if there were overlapping conditions on policy sets?
I have been tasked with building two routers to handle multiple full tables and IBGP between them (all 10G), running VyOS, with a budget of $2500.
I could proceed and build dual e5 systems to handle everything, but after getting tired of finding a reliable benchmark on an Intel 10g NIC for 64 byte packets (needs to handle short ddos attacks without dying), I've decided on the Ubiquiti EdgeRouter Infinity (ER-8-XG).
The only problem is that it doesnt support hardware LACP, which really sucks, but I can get around it with ECMP based BGP from the core and vice versa for the default route. Otherwise it ticks all the options to handle full tables.
The core is a QFX5100, which gets a full tables from our providers but only accepts very specific AS paths for optimal routing between sites.
So the question comes down to this, do I continue with server builds or push for the Ubiquiti router and suffer with the problem. I'm also all ears for other small routers that fit within $2500, a pair preferably but can be 1 based on the hardware specs.
Thanks!
Operating Small Business: 23 employees, 30+- devices, sub-$5mm/yr gross sales, 10,000+ subcontractors nationwide.
Questions:
1) Should I outsource local network config and monitoring, and to who and what extant?
2) Which hardware/software solution is best for current network function/scalability? (Cisco NFGW comes to mind but I’m outa place)
3) Can I set up the network securely with phone support?
4) Should I upgrade all business PCs to Windows 10 Pro?
5) Does each PC need antivirus or only sensitive ones, or does a good firewall solution eliminate need for PC level antivirus?
6) How should I feel about remote employees using their own PC or should I provide company wide PCs? Should I know anything else about remote employee availability?
7) Probably 100 more questions... I’m open to outsourcing or consulting agreement if necessary. We use Office 365 apps across multiple devices.
Important To Know:
Project: local network security and performance optimization.
Proprietary cloud software: [PCS](CRM Adjacent): facilitates most business process management, hosted at AWS and managed by developer in India.
Local Network Summary: zyxel firewall (configured a couple years ago with 25% as many PCs)-powers 24 port Cisco switch-feeds cat 6 to 20 workstations-powers 20 intermedia desk phones-powers 20 PCs(Varying Windows versions 7-10 home)
We Mostly Serve: Medium-Large national financial services companies(multiple F500/100 companies). Some may audit for security.
Periodically, I run a free course on Learning Python for Network Engineers. The next course starts on Thursday, August 9th.
This course is an online course and covers Python fundamentals from a network engineer's perspective.
The course is a lesson a week for eight weeks. The lessons are delivered via email and consist of videos, exercises, and additional content.
The course syllabus is as follows:
The course is generally taught using Python3 (I cover some PY2/PY3 compatibility issues and the reference exercise solutions support both PY2 and PY3).
To sign-up, see: https://pynet.twb-tech.com/email-signup.html
I would like to create a script that will open several ports on a Cisco switch that in-turn powers a back-up internet if the main service goes down. A problem I am running into is I do not know what I should use to monitor the main connection and trigger the script to be pushed to the switches. Any thoughts?
I'm not here to rip a vendor, I just want to make sure that I'm not missing anything obvious.
The company I work for is having a vending machine installed that requires a connection to the internet to send inventory numbers back to the home office. I plan on putting this device in its own VLAN with rules blocking access to other subnets/devices.
The vendor stated that all they need access to is http and https (obviously 80 and 443). We are not a large enterprise and we have never blocked outbound connections, however, I'm trying to change that as changes are made.
Their vending machine is only sending data out, meaning, it isn't a web server that needs access coming in on 80 and 443 that you'd see with your traditional web server.
I don't want to block all ports, outbound, except 80 and 443, since the port number that their vending machine will use to establish an outbound connection will be random and will never be 80 and 443.
What am I missing here?
Pics in post. I purchased these at auction for very cheap, the racks were 5$ each. They are not familiar to me with my limited time in datacenters. They also have solid steel bases, sides and are very very heavy. 50+kg. They have an odd hinged section on the lower part. Is it for shallow servers/networking equipment? Or possibly AV devices? The hinged part is not standard rack width and has little U shapes cut out of it.
Bonus question does anyone have any familiarity with nas infrastructure. They each have 2 14tb Raid5 Arrays as far as I can tell. I think they all link need to interlink together?
https://www.open-e.com/products/data-storage-software-v7/
This is the software, but I can't find any diagrams as to how they might go together. If anyone knows of any good resources to learn how to operate them, I'd greatly appreciate it!!!!
We have three sites, each with Comcast EDI (Fiber). I’m told that traffic never actually hits the public open internet and latency should be quicker.
Is this always the case? Or are there times where it’s possible that it will hit public internet momentarily?
I’ve ran traceroute and each time it seems to always stay within Comcast network.
I’m trying to get an understanding of how ISPs route traffic.
It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts
Feel free to submit your blog post and as well a nice description to this thread.
I'm currently looking for a solution for remote workers/groups like the Cisco OfficeExtend AP's, where we could give the group a preconfigured AP, and they simply go to their home or remote site, plug it into the internet and have all their corporate WLANs come up with VPN tunnels back to the office.
The Cisco solution seems pretty good, except for two things:
Needs wired connectivity
No support for captive portals (needs an unblocked internet connection, so probably won't work at most hotels or conference centers)
Anyone have any other suggestions for this type of solution, that would allow wireless connectivity and support logging into captive portals?
Thanks!
Can someone take a look at this and tell me if it's acceptable to keep fiber like this?
I'm a programmer, C, C++, Assembly and all the rest, Python etc but mostly concentrated on game stuff and so have learned some networking basics but have recently wanted to really learn in depth from the top down about networking, what all the terms mean, subnets, gateways etc.
I underestimated just how insanely complicated this subject can get and how many branches there are to it. As a result tracking down a good book or video series that covers everything is tough. So far I've found a decent "ethical hacking" course but it makes a lot of assumptions about what I know. Since I never focused solely on networking I've picked terms up over the years so I'm not a complete beginner but I'm not solidly intermediate either, I'm in a weird position.
I just want to learn what the hell all my network settings mean, where my connection goes when I go online etc. Then once I have that down start to learn about TCP/IP and any other protocols so I know what's going on on a low level similar to how I started programming with C then that helped me learn Assembly easier.
I know this probably gets asked a million times but every time I search for past questions I get bogged down in various different specifics of networking that I know nothing about and so it gets overwhelming so I'm just curious if there are any good sets of books / courses / videos / Youtube channels for me to learn from the basics to advanced? Even if it's just lectures on some college Youtube channel it'd be great.
I'd very much appreciate it. I'm sick of using networking tools and not understanding what they're doing exactly. If something goes wrong I'd prefer to know what I'm doing so I can fix it myself. Most of these networking video courses just teach you a list of tools to remember and I'm sitting there waiting for an explanation of what it does and why it works and it NEVER comes. So before this gets any longer I'll stop. Any help would be appreciated.
I've been managing a small network and the main devices include a Meraki MX84 as our router/firewall and two Cisco SG500 switches in stacked mode.
The MX84 is our DHCP server for all VLANs on the network. The network only uses one VLAN for all devices, but I'm attempting to add a new VLAN that is entirely segmented from the other VLAN for lab and testing purposes. Let's say my main VLAN is VLAN 1 and the one I just made is VLAN 2. The MX84 runs a DHCP server for both. I have two ports on the MX84 that connect to each SG500 and only allow VLAN 1. I have another port on the MX84 that connects to a switch and only allows VLAN 2. Subsequently, I have 7 ports on a SG500 where the default VLAN is 2. All other ports are VLAN 1.
The problem I'm having is that if I connect to the switch, it can grab a DHCP address from either the VLAN 1 subnet or VLAN 2 subnet, no matter what port I plug it into. This is a major issue because in my MX84, I have blocked traffic between VLAN 1 and VLAN 2.
For the record, all ports on the both switches are configured as trunk ports. Is this the issue? Minus the ports that connect to the MX84, do the ports need to be access ports? We have another corporate network I've worked on that is configured a similar way with no issues (unless I got lucky).
Hi All,
If anyone can give me some ideas/advice on the below, I would be very appreciative.
I have taken over looking after a customer with about 30 PCs on their LAN. They connect via a Sophos UTM (SG210) to a virgin media service (50/5MBit).
I have found that the latency when pinging 8.8.8.8 from the LAN is normal (say 25ms) when there is no outbound traffic. As soon as any data starts leaving the LAN, the latency will jump up to well over 250ms.
I tested the same from my LAN (we use Mikrotik firewalls), and found that even when I saturate my WAN connection outbound (with a speedtest), my pingtimes are still reasonable.
I have no idea why this would be…today, in the QOS settings, I defined the outbound maximum bandwidth as 4.3Mbit to see if that makes a difference, and it doesn’t.
Thanks in advance for any assistance.
I already have some mtp-lc breakout cables in my walls going to 10 gigabit edge switches. I would like to reuse them to connect to my main switch with LC connectors, so I need something. Nothing I have tried has worked. I tried a cassette. That didn’t work. I asked the people at fs.com and they recommended a up-up coupler to go with another breakout cable and that’s not working. Can someone help me?
Hi everybody,
I would like to learn better how to configure a network such as router, firewall, switches etc
if you can suggest me some practical books would be great
thanks
Ok, I MUST be missing something here... I have a 5512 that isn't running show env or show tech commands.
Is it to do with my priviledge level? I'm inputting at the usual # prompt level and I don't even get the commands appear in the suggestions when I ? it out.
Am I missing something blindingly obvious? Would appreciate the help please, it's been a long day!
EDIT: I initially tried show tech and when that didn't work, I informed the TAC engineer who suggested show env, so I'm pretty sure the command is available for the device usually?
Hello All,
I have a client that has warehouses they maintain (surveillance, monitoring, etc). Most of these locations are in metropolitan areas but do not have network infrastructure coming into a building. The sites themselves are large lots (10+ acres, multiple buildings) and do not have copper lines or fiber for internet. The ISP's I have spoken with will do an install for $40K++.
This sounds dumb, but I know about Ubiquiti Airfiber and cheaper variants; Can I just get some antennas set up on site, and make a deal(contract) with another business/ home owner to allow up to put up an antenna and internet connection? Are their ISP that would provide me service and point it at my Antenna?
From a legal aspect, If I owned a house across the street could I buy internet there and beam it across the street to the facility?
How do you all handle these scenarios?
Our Server 2008 R2 DNS server is logging errors claiming that replies to certain DNS queries contain invalid domain names.
I've captured the queries and replies in wireshark, and the domain in the reply is valid, and identical to the domain in the query.
However, what I have noticed is that the reply contains only an A record - no NS record.
Is this what's causing DNS to complain?
Hello,
I need to monitor packet loss to the internet. I want to put a computer with two Network cards, one connected to the internal network and the other one connected directly to the modem bypassing the firewall. Is there a pinging tool that would let me run two simultaneous tests on the same computer but each test using a different network card ?
Thank You
Last night I switched from an old (slower) IP Flex circuit to a new (faster) one. As part of the change the managed router went from a Cisco 2900 series to an EdgeMarc 4808. I'm now having faxing issue, primarily with reviving inbound faxes but outbound is less reliable (more attempts needed to connect). Prior to this change, I had 6 years combined of pretty much no issues on the old circuit and the circuit prior to that (both used same managed Cisco 2900 router)
Physical connection wise, it's a somewhat unusual setup with a PRI conversion in the middle: AT&T Fiber into EdgeMarc 4808. PRI handoff out of 4808 to PRI interface on my Cisco 2851, and then GigE out of 2851 into the voice VLAN where the phone system sits (it's the fax server as well).
I'm using g711ulaw on my end, ATT takes whatever I negotiate with, but they default to g729 first. Fax relay is enabled on my 2851 with fallback as pass-through g711ulaw. Engineer said my inbound test faxes start as g729 the re-invite to g711. He also said he's seeing it switch to T.38 on his router, but I never see that on my router for an inbound fax. When I outbound fax, I see g711ulaw and then switch to T.38 14400
What I am seeing on the surface is an inbound fax attempts comes in and it's picked up by the phone system, codec is g711ulaw. Your usual fax noises start from the fax server subsystem of the phone system and when I record the call, I hear them, but the call just stays like that. Eventually the sending fax machine quits and goes into retry. It seems like the sending machine isn't hearing tones properly and starting to send.
I have my VAR involved who provided support on the phone system (Genesys PureConnect, formerly Interactive Intelligence CIC) to help nail down in the logs what's going on.
Wondering if anyone has dealt with something like this where it's possible there is something specific to EdgeMarc routers that needs to be done different vs. the Cisco router AT&T used on the old circuits. Looking for things to throw back at AT&T when I get back on with the engineer. I've also asked for an escalation to get additional eyes on it from their end.
For a new retail site the only provider the landlord will realistically allow us to use is Granite Telecommunications' Granite Grid. I've never heard of them and I'm wondering if anyone has experiences, good or bad, with this provider? We plan to just buy Dedicated Internet Access (DIA) from them, but I'm curious about experiences in general as well since they offer a range of MSP-like services as well.
From what I can tell they are just providing fractional reselling of a larger fiber DIA from the local telco (Verizon) split among tenants. Their sales folks were not at all technically knowledgeable about the product, though I have an engineering call scheduled to try and get more details. It worries me that they are talking about connecting our new-construction detached building with a single Cat6 line into the main mall building and the sales folks thought that was totally normal. The only docs about Granite Grid online look like sales and marketing materials with no technical data and that compare it to DSL and DOCSIS rather than other enterprise or medium business providers of DIA and MPLS. Glassdoor and other employee reviews are pretty mixed, and are mostly for sales positions rather than for network engineers and technical folks.
Typically we use Verizon or Lumos DIA at retail sites, and this feels nothing like buying from them so far.
Thanks!
Got my first network engineer gig. Start in a few weeks. Coming over from software engineering and an electrical engineering background. Ill be the only in-house engineer, currently have all their faith in an MSP, they're trying to cut that dependancy over time and its on me. Any advice would be appreciated... which questions I should ask, tips n tricks? Kicked ass in the interview, got a CCNA, but I still feel a bit underqualified. Ready for the challenge though, thanks in advance!
When trying to connect to our corporate network for the first time our users see this message:
"Continue Connecting? If you expect to find "x network" in this location, go ahead and connect. Otherwise, it may be a different network with the same name.
We use an ACS server to authenticate users to our internal corporate network through RADIUS.
Hi r/networking,
I’ve been asked to assist with a network installation in a rural area to provide network connectivity to 35 different buildings that are ~200m from a PoP. We are planning on installing fibre switches at the PoP and media converters w/ SFPs at each building.
I’ve done many installations of fibre but this scenario is a bit new to me and I have some concerns about the type of fibre that needs to be used and the termination of it. In the past I’ve used pre-terminated cables on indoor runs. Would any kind Redditor be able to shed some light on the following:
Are there any special considerations I should make in selecting the cable? I know I’ll need a cable rated for outdoor use but is there anything less obvious I should know?
Will we need any sort of fibre distribution hub or ODF? Is using pre-terminated cable feasible in this scenario? Are there any risks involved?
Any other general advice you may be able to offer me? :)
Thanks!
Good afternoon. I noticed that our switches here weren't allowing login via Tacacs through the console. I have the switch configured right login authorization console, and authenticate through ssh just fine.
My ISE server is directing me toward the wrong policy set though. It missed the admin one and goes right to default (which gives me the deny shell profile). My Policy set only matches the AD group, Device location, and device type.
Looking at the tacacs log for a successful ssh connection and a failed console connection it differs on the process.
The ssh starts with a "Recieved TACACS+ Authorization Request - AD Source name"
The Console starts with "Recieved TACACS+ Authentication Start Request" and it never gets to authorizing.
If I stick the default rule to have a good shell profile, it will let me in. So I know I'm hitting the ISE server and talking fine to the identity source. The only thing I can think is that ISE sees it coming in on TTY0 or something and is interpreting that differently. I can't find anything that would indicate this though.
To anyone out there who has encountered the issue, I really need help badly. I have been going at the problem for almost 1 week and I think I am losing my mind. Project is starting next week and I still haven't resolved the issue. Basically I have 2 machines cities apart but within the same network via mpls. I have tried to allow everything but the icmp is not going thru. Looking at the logs, the connection is being built and teardown. No denies or anything. I have implemented the same solution to other locations and is working completely fine. Just this one specific case where it wouldn't work. Need help thanks
For the last decade, give or take a year or two, we have had a policy that we do not purchase maintenence on any Cisco gear that comes with a limited lifetime warranty, with some minor exceptions. One of those exceptions is that we maintain SNT on a single device of any given type.
Translated, we have about 4000 access-layer switches across a few hundred sites, which are mostly a mix of 3850 and 3750X with some older devices being replaced by C9300. None of which have support entitlement. In the rare circumstances where we have had a hardware failure, we have been given an RMA. Plus, we maintain sufficient spare supply.
Of course, the gotcha is that the real reasons we buy Smartnet, generally speaking, are for: 1) TAC support. Either because we are truly stuck, or because there is a fire and the impulsive upper management types immediately insist on getting a TAC case open. And 2) Software upgrades. As in 2.0 to 3.x, 3.13 to 3.16 to 16.3, 16.3 to 16.6, etc.
I have ethical concerns with knowingly opening up a TAC case for a 3850 that came with IOS-XE 2.0.x installed, now running 16.3.5b, and has no support entitlement, and said TAC case was actually opened using the one serial number out of the 4000 devices that actually does have support.
At one point, I realized that, whether or not my boss told me to do so, I could be personally liable for knowingly committing fraud. So I stopped performing upgrades and have refused to open TAC cases. My current boss understands, and just picks one of the other 20 or so network engineers on the team to do the dirty work in these cases. Future bosses may not be so understanding. Two bosses ago or three bosses ago would have had me written up for it.
Not once has TAC called us out. Even our account team says that everyone does it, no big deal.
So my question for you... Is it true? Does everyone do that? Do you? Have you had any bad experiences? Bear in mind, no gray market equipment is installed. All legit. Am I overthinking it?
Already posted this in r/meraki but haven't received any feedback. Figured I would try here. Thanks for your time.
Good day,
Some good upfront info:
Each LAN is purely wireless from a client perspective! Yes, you read that correctly, no Ethernet connections for laptops so alllllllllll of this GTM traffic has to traverse the (dense) wifi network. I have advised mgmt that this is not best practice and will cause issues such as these.
Also, ALL of the applications we use are hosted in the cloud!!! Yep! This setup makes for some fun....
Equipment at each site: (2) MX250, (2)MS350-X, (X) MR53 APs....
The enterprise network that I manage currently consists of 6 locations that all use Meraki (MX/MS/MR) gear. Each location has two isp connections for redundancy. The problem I have been tasked to fix is "voice quality issues with gotomeeting", which is what we use for voice and video collaboration. I do see that Meraki has some application layer functionality and is able to identify certain traffic at layer 7 such as Skype, and give it priority over other kinds of traffic. My goal here is to prioritize GTM traffic so that it is treated with priority on the local network(s), as I know QoS markings are typically not honored by ISPs and will be stripped upon entry into their network. What, in your experience/opinion is the best way to go about this? I am thinking that since I do not have the layer 7 functionality to identify GTM traffic, I'll have to settle for using domain names, UDP/TCP port numbers, and potentially even IP addresses to identify the traffic. What do you guys think? I am considering marking GTM traffic with a GPO at the OS level and then configuring upstream switches to trust ingress marking. I think that might help a little. I hope it does. That's really all I'm left with considering GTM does not mark for qos and I am using just a regular old internet connection which ignores qos settings anyways, so I feel like all I can really do is tweak the LAN side here. Any thoughts or ideas will be greatly appreciated.
Thanks guys,
Derek
Edit: I have already made a "wish" that Meraki come up with application signatures to identify GTM traffic at layer 7
Edit 2: I was thinking I'd mark traffic in both directions, on egress at AP, and ingress at MX. That way at least GTM is prioritized on the LAN. Hopefully that will give me some room to breathe.
Hi all,
I am currently working on a project, and I am very new to networking. I was told that an enterprise access point can change all the MAC addresses of its clients. Is this true? And if so, how? Nothing turned up when I googled the question, and I'm not having much luck sifting through the 802.11 standards.
Any help would be appreciated. Thanks.
Hey /r/networking, I have recently been assigned to a project that requires a decent amount of networking. Networking is in no way my field of expertise, but I find myself grasping the concepts very well. Seeing how I've only been doing the just a few short weeks, there is a slow learning curve.
The Setup:
We have a system setup with 2 Unify 24 Port PoE switches that are both powering and receiving data from 13 different HIKVISION Cameras. We have a Unify Security Gateway as well, giving us internet and DHCP assignment to the switches. The building we are working is is large, so using 2 switches is a must. There is a security rack in the the back of the building that contains an ALIBI NVR5032P (Model: ALI-NVR5032P). I have all cameras connected into the switches, powered through PoE, and placed on a security VLAN. From there, I have an additional port jumping from a switch to the LAN on the ALIBI NVR (this port jump is also on the security VLAN).
The Issue:
The NVR won't pull up any of my damn cameras! If I plug into any of the 16 ports on the back of the NVR, it shows only one camera. All of the cameras IPs are being recognized by the NVR. Funny thing is, depending on which port I plug into, a different IP camera will show up! But only one at a time!
My gateway and switches are working on the 192.168.1.X scheme, but many tutorial videos and forums are showing the NVR to be on a 192.168.3.X scheme. I assume this is okay, especially because I am seeing the cameras.
Questions and Concerns:
1) I understand the NVR should be set to static, but what should my IP address scheme be? 192.168.1.X or 192.168.3.X?
2) Is there a particular configuration for my subnet mask and gateway that is recommended?
2) Should I manually assign IP addresses to the IP Cameras? If so, should they match the IP scheme of the NVR?
3) Could I possibly have my security VLAN configured incorrectly?
4) Is the NIC address necessary to configure?
5) Is there some facet of this conglomerate we call networking that I might not be aware of that is/could be an issue?
I'd like to reiterate the fact that I am entirely new to this, so this issue that I find difficult to solve could be simple to you all. Then again, it could be quite difficult. I wouldn't know.
Any advice, suggestions, or answers would be much appreciated!
Thanks
I have a Juniper Router SSG 5 for work purposes at my home. Everything is connected to it, and they're in the right ports. I have 100mbps through my ISP, but I never get more than 60mbps. I just purchased a new router, but that did nothing. I also updated the ethernet wires, they're all cat 5e now. I have hard wired to just the modem, and I got an average of 115mbps, so the speed is there. I connected the modem to the router directly, both the new and the old, but I still only get 60mbps. Is my wireless signal dropping that much speed, or is it the Juniper Router? Any help or suggestions would be great!
I have a client transitioning from an ATT fiber connection between their two offices to one provided by charter and Comcast. This new connection is an EPLAN and I have no experience with them previously.
I've been told it's a port based connection so whatever goes in one side should come out the other, including broadcast. Is this not the case?
Right now I have a router with a separate network set up. If I plug the cable into a laptop I get an IP and can access the internet, everything works. If I plug that same cable into the EPLAN they get nothing on the other side - can't even ping the interface of the router.
We've tried testing it by just plugging the EPLAN into the main switch. Also just tried a single computer plugged in to the other end with a static IP and couldn't ping the interface of the router which is connected directly to the other side. Nothing we have done has been able to even get a ping across the EPLAN.
The other side is just a small office with a switch and some computers and do not have a separate internet connection, they will be using the main location's internet.
I've had a couple charter techs say it should work the way it is set up. I've had another charter tech now tell me both sides have to have a router....
Been waiting on charter support to verify the EPLAN for a couple days now, seems they have found a couple problems but it still doesn't work. The last mile being Comcast has really thrown a wrench in everything.
Anyway, any help appreciated.
Edit: reworded a part to add in the bit about the internet. Edit2: added the bit about testing.
tl;dr - Can unmanged switches be plugged together in such a way that they nuke the network?
We have an office LAN of 30ish devices and all of a sudden the desktop machines lose their internet connections and show massive RX traffic on their network adapters - to such an extend the PCs themselves got sluggish and these are powerful i7s.
Fearing the worst I went and unplugged the modem and WiFi AP. No change. Rather than log on to each managed switch, I went through unplugging cables and isolated the source of the network traffic to a single connection.
This connection, it turns out, goes off to a little nest of 5 unmanaged switches which connected together about 10 IP cameras and 7 PCs. Having isolated this little cluster, the chaps working there (the MD and a colleague, trusted and definitely not trying to do anything nefarious) unplugged everything, so by the time I went back over having plugged the rest of the network back in it was impossible to see what might be going on.
I've now systematically plugged everything back in on that little cluster of stuff (not connected to the LAN) and all seems fine. Similarly, connecting it all back to the LAN through the same cable and everything seems OK. Virus scans of each of the PCs show nothing abnormal and all were set up with firewalls and scanners active. I will probably nuke them anyway but the chaps here reckoned it all started when they might have accidentally plugged their unmanged switches in 'weirdly' to cause some kind of crazy loopback or switch confusion that might have blitzed the network...
I have never heard of / experienced such a failure mode but if anybody would have come across weirdnesses like this I figure they might be here! Any ideas?
Hi everyone,
Long time lurker, have a question about my ProCurve 2824. I know it's old, but I got it for $50 and it was one of the cheapest gigabit managed switches I had seen after about 1 month and a half of searching.
Is there a possibility I can update it to a third party operating system? I can only access the one that HP makes through Internet Explorer due to it using specific Java plugins that many newer browsers like Chrome or Firefox no longer support (I'm a GUI person, I know). Any advice on how I can get the most out of it?
Thanks guys!
see this shit?
https://www.lightreading.com/mobile/small-cells/charters-inside-out-wireless-plan-starts-to-take-shape/d/d-id/745090
aX chip makers are giving isp's exclusive access to them
before they are available to the rest of us retail schmoes.
it's like how latest model smartphones only come with a plan.
god - how i hate these internet industry executive fuckers...
Hi, I'm looking for a hardware device that will provide a whole house VPN traffic solution. So my current setup is like this:
Virgin media 200mb modem (routing is switched off) -> Google WiFi (router) I think whatever hardware would need to sit between the two of them.
Stuff I'd like it to do: * needs to have a openVPN client so I can connect it to say nordvpn, or another provider * provide encryption for all data (TV ie iplayer, PC's/macs, dishwasher(!)) to the VPN endpoint needs to be able to handle upto 200mb VPN or more. It should use the bandwidth we're paying for really! * be easy to use and set up * needs to seemlessly allow additional ad-hoc vpns to our offices (standard office VPNs).
Stuff I don't want it to do: * no wifi capabilities :)
I've been looking online, but there's quite a variety i'm looking more at small business VPN routers.
Any thoughts as to suitable VPN routers please, or experience doing something similar?
Thanks in advance! :)
So now maybe we'll get a better 2FA experience with them and Anyconnect? Training my users to type "push" or "phone" in a 3rd password field has been a bit difficult.
I'm trying to setup several wired connections in different rooms in a large house (~5000 sq ft) for a family friend.
Currently, it looks like when they originally built the house they ran both Ethernet and coaxial cables to practically every room. However, in each room the Ethernet cable is connected to an RJ11 keystone jack rather than an RJ45 one, and it is only using 1 or 2 of the twisted pairs. On the other end (in the basement), the Ethernet cables are punched into a patch panel, which connects to a NEC DSX-40 phone key system.
What is the best way to get wired internet connections to these rooms? Ideally we want to also keep the phone line extensions available for each room.
-Someone suggested using MoCa adapters, but that seems expensive and overkill since there are already Ethernet cables running to all the rooms. - I read an article about using a single Ethernet cable for both phone and internet, but would that work with the phone key system? - If we can't reuse those Ethernet cables, is it possible to use them as guides for fishing an additional cable?
Thanks in advance for any advice!
I have a TP-Link WA-850RE (EU version with latest firmware). I have set it up as a Range Extender with a different SSID than the main router, so that people know which AP they are connecting to.
However, I would also like to set a different (easier) password for the range extender, since I can't change the password for the main router. How can I do that? If I go into the Settings and type in a different WPA2 password, it loses connection to the main router, so it needs to have the same password there.
Help would be appreciated!
I'm having some difficulty isolating a few Docker containers I have running on a Synology NAS. The way DSM starts and manages the Docker daemon seems to be slightly different than a standard installation, and all troubleshooting steps I've tried so far have failed.
Quick explanation of the environment:
The issue I'm having is that both of those containers have access to all of the ports running on the Synology NAS, including non-Docker ports (by simply visiting the container's own gateway IP, followed by the port of a service running on the NAS). In addition, the containers are able to reach the gateway IP's of the Docker network they are not mapped to, despite being on separate subnets.
For instance, Container A has a service running on port 8080. Container A is on the 172.18.0.0/16 subnet. If I try to access 172.18.0.1:8080 from Container B, which is on the 172.19.0.0/16 subnet, I am able to do so. However, I can't access Container A directly via it's own IP address from Container B - Container A is only exposed via it's gateway IP and port.
I don't want either of the containers to communicate with anything but the Internet. I still want to allow incoming connections to ports open on those containers, so long as those connections originate from outside of the Synology NAS (and as such must pass through the inbound firewall rules I have in place).
To summarize, I want to make sure:
I've tried adding iptables rules to the DOCKER and DOCKER-ISOLATION chains, but they seem to be disregarded entirely. According to Docker's documentation, there's supposed to be a DOCKER-USER chain, which should be created as long as dockerd isn't started with --iptables set to false. Looking at Synology's Docker scripts, and daemon.json, it doesn't look like it is, so the DOCKER-USER chain should be there.
I'm sure there's something simple I'm missing here, but I'm just not sure what it is. I would be content with a few DROP rules with the IP's of the containers as the source, but the rules I've already tried don't work for some reason.
Any help is greatly appreciated!
Hope they don't have to roll back!
Please point me in the right direction.
My house is already wired with cat6a and I would like to install a 10G network, mainly to access my Synology box that will be stored in a closet.
I’ve searched for switches and I see many more options for SFP.
What are cost effective options for switches and NICs?
Hello,
some years ago I purchased our first SFP+ 10 GBase-SR optics at fs.com: 20 pieces for ~1000€ They all run without any problems.
Some months ago I ordered some hundreds of 10GBase-SR and 25GBase-SR plus some CWDM optics which we've installed for some weeks.
Well, for now I have about 15 pieces of 10 GBase-SR and 7 pieces of 25 GBase-SR optics that are DOA, i.e. you put the optic into the switch, but the laser doesn't work or it works for some minutes after which completeley goes of, after which you can put it out, wait some time and get it up again for some time.
For me it looks like the quality has decreased for the last years, while hardware costs have decreased.
What is your experience?
Hi All,
Wondering if anyone can assist me this since I'm about to lose it. I have a certificate on my iphone that has been pushed by an MDM (MS Intune). I have setup Anyconnect to use certificates for authentication but every time I try to connect anyconnect says "the connection requires a client certificate, but no matching certificate is configured."
I cannot see the certificate from Anyconnect and it looks to me that Anyconnect cannot access the certificate store on my iphone. Has anyone done a similar setup and got it working?
I know this has been asked before but wanted to revisit. Is anyone working any part-time networking gigs? Are they mainly consulting-related? I'm curious how to find them and who's hiring for them (I know govt is an option). At this point I'm willing to trade some salary for more time. Thanks.
Hi all,
I have to make a stack ring topology for 6 aruba 2930F with sfp+.
It's the first time for me, so I'm looking for some advice.
Hi everyone!
I’m having a strange issue on my sonicwall. Everyone in the hard wired , and Wi-Fi network is able to access a site through port 5003 except one machine. The only difference between that machine and the other is that it has a static IP of 192.168.0.xx set, subnet mask was initially 255.0.0.0, and I changed it to what the other were which is 255.555.255.0, gateway is 192.168.0.254. I checked the NAT policies and firewall policies and nothing looks out of place.
All of the other devices on the network work just fine except this one. Any thoughts ?
I know I need a toner/probe to trace cables in a bunch but I'm not sure what the difference is between analog and digital toners and if I need something special to trace on "live"/"hot" links (cables are connected to a switch already) or if PoE is something to consider.
I basically want to see where a port on the wall leads to on the patch panel and switch in another room. Cat5/Cat5e/Cat6 cables
This looks awesome but not down to spend $2000 as I wouldn't use it daily anyway. NETSCOUT LRAT-2000-KIT LinkRunner AT & IntelliTone Pro Copper Fiber Ethernet Network Test Kit https://www.amazon.com/dp/B007FR6T6A/ref=cm_sw_r_cp_apa_7nJyBbC4CE7B4
I really like the https://pockethernet.com/ I've seen recommended here. I'll probably buy it because getting the switch name, port, and vlan info would really help my current situation. I see it has a toner function so would I just need a probe at this point? The Fluke Pro3000 looks decent to me but I'm a complete noob here. I just need to find some cables a few times a month or so.
