I think this is the right place..question about packet switching.

I’m not a computer science person, really just learning about networking, the like. But, I was wondering, if one was using packet switching as a method to send a piece of data through a network and the packets themselves are all the same, so the message is not being split up....but each one with different identifiers showing the first hub it needs to hit...., what would be the best way to garantee or make the odds high that that the message will be received at the destination...given that each hub may or not forward the data. So the hub knows where it received the data from, and is given the instruction to send the data on, but it can send it to any other hub in the network. And it is also not required to send it, so it essentially has a 50 percent chance of sending the data on to some other hub.

This is probably pretty confusing, but if anyone can help me out or point in the right direction, that would be so much appreciated.

Thanks!

Seeking design help

I used to do work on cisco devices about 5 years ago (mostly setup of site to site VPNs)... but I would not consider myself a networking guy. That being said I have no problem learning/teaching myself how to do things, I have plenty of systems/infrastructure experience, and my current role is as a developer but I also manage all our infrastructure/systems in AWS.

In a couple weeks I'll have a rack with a pair of upstream drops and I am currently trying to design the network. I already have a pair of ASA 5510's and a pair of Catalyst 3650 POE-24 switches (free from a good friend). Initially I was planning to put the firewalls on the edge, but they cap out at 300Mbit and the switches look like they have 2 SFP ports, so I am now thinking I should request fiber drops from the datacenter and put the switches on the edge, and then use traffic shaping on the upstream ports to avoid massive overages (I think that's the way to do it).

Is there a strong/obvious reason to put the firewall on the edge vs the switches?

I don't want to pay someone to set this up for me, since I need to manage it going forward I really want to understand the setup, and I have these devices sitting on my desk at home so I've got 2 weeks worth of my evenings to tinker and setup in preparation for racking them in the datacenter. Is there a good place to get this kind of design feedback, is this a good place?

I have some instincts on how to do things, I understand the concepts and how to do the configuration, but I fear I might just be doing it completely backwards since this isn't something I have real life experience with.

EXCELENTE OPORTUNIDAD

Possible TCP Issue?

I was troubleshooting user complaints of an app performing slowly across the WAN.

I observed the user try to load up a database in the app, and it did indeed take forever. About 3.5 to 4 minutes to load. The entire time, just waiting at a spinning screen.

I ran pcaps on both ends while it was loading.

Not sure what I expected to see, probably tons of drops and retransmits etc

Instead what I was greeted with was this:

The entire time the user sat waiting for the app to load, the server and client were busy constantly exchanging packets. There was no hanging, no gap in packets.. i.e. no "silent periods." Just a constant, steady clockwork stream of tiny, tiny 50-100 Byte packets sent by the Server, each one ACK'ed by the client.

Are you kidding me? What the hell?

Not a single packet was lost or arrived out of order, etc. The TCP Dump looked beautiful. Very clean. It just so happened to take absolutely FOREVER for the entire load to be sent over to the client, because it was sending such small packets and waiting for an ACK from the client before it sent the next one. With a mere 100ms of latency, this led to literal 4+ MINUTE waits to load any screen.

This.. has to be a TCP Windowing issue, right? If the server could send 1526 byte packets then it'd complete 60% faster.

I observed the client load a few other apps like Outlook and Web, and window scaling seemed to work like normal. Same for on the server. Without getting into Windows TCP Window settings, I observed normal window scaling behavior on both client and server.

SO... what gives? Is this just how the application is designed? I don't really understand what's going on here.

I'm guessing I might have to dig into registery editor and start messing with TCP settings for Windows?

It's clear to me if the server could send typical 1526 or larger byte packets the operation would probably complete 60% faster...

Basic Juniper Routers for Lab?

I would like to add a couple Juniper routers to a small home lab that is mostly FortiNet, Ubiquit, ZyXEL, NetGear, and the like. I don't need firewall features on the Juniper routers but don't mind if they're there. It's a mostly copper 1Gbps network, with 1 Gbps up/down (if I let the lab call out anyway) but if the Juniper routers are a little slower that's fine. I'll mostly be testing vlans and IPsec between FortiNet and Juniper, but will throw in some dynamic routing and other stuff as well.

Any suggestions on what to get that won't break the bank (now or with service renewals) but will let me test this out and teach myself Junos OS? It looks like a couple SRX300 or SRX100 might do it?

Thanks for any thoughts on this.

Advice on Fibre vs Ethernet

Hello,

I’m currently creating a DIY NAS for my home using Ironwolf Pro drives.

Would using a fibre NIC good or should I go Ethernet NIC if so which ones. Budget doesn’t really matter for me so no problem on price.

Thanks for your help.

SMBv2 File transfer issue

Hey guys,

I need some advice. I work for an ISP as a Network Engineer. A customer of ours is using SMBv2 to transfer files to there Colo hosted in a DC.

They have a 1gbit connection to the DC. I recently did some Iperf3 testing to our demarc in the DC from their site and with 10 parallel stream we were capable of achieving around 900mbit, so the results were fine with Iperf.

I understand there are multiple factors involved in how much throughput you can get get. The latency we can to our demarc is about 1ms. To the customer is about the same, so I don't think latency is an issue. There is is also no packet loss to the DC either.

Give that the Iperf3 testing was fine, I don't believe there is any issue with the network and is most likely due to the application is use. Are there any other applications I can use to rule out the network being the issue. Applications which are most effective in transferring files maybe?

Thanks, Your fellow network engineer

is it possible to use VPN for two connections at once ?

The question might seem a little confusing so let me explain,

I have two internet connections one is 3g mobile hotspot (which is fast but almost all VPNs are blacklisted) and the second is ADSL connection (which is super slow but VPNs are allowed). And since it is safer to use VPNs for privacy i was thinking of connecting my PC to both networks and using ultrasurf or hotspot shield or something that will connect through the ADSL connection but give me the 3g speed.

sorry if the idea is a bit dumb but i have little knowledge in networks.

Ps. both of them are mine and I am not abusing my neighbor WiFi for that matter.
thanks in advance.

Dual multi homed BGP to ISP - full table or default route?

We have 4 core routers, each with an independent ISP BGP peer.

Currently we take full tables from each peer. Internally we are running ibgp between our 4 routers.

The issue we are having is that if one router loses its ISP BGP sessions then it has knock on effects to the other routers, namely high cpu and dropped traffic as the routing tables reconverge etc.

In the past the majority of our business has been internet based - providing internet connectivity for customers and hosting services that they would connect to over the internet. We are currently transitioning the business to be predominantly based on conference calling - SIP carrier connections back to our dc’s where we have a number of conference bridges of various forms.

Would you recommend moving to default routes from each external ISP rather than the current full tables we receive?

Core routers are 4 x mx80s. They have plenty of ram to store the tables but they don’t seem to cope very well with the cpu demands of processing said routes in convergence event

Networking a downstairs area?

Hi everyone,

I’ve purchased our second house and we have a large under the house storage area fit for an office. We also have a shed/outdoor area that could be used as a secondary office or even converted to a guest room with a bit of tlc.

What are my options in terms or networking the under the house area to upstairs and also networking the outdoor guest house / shed.

The floors are wooden (polished floorboards) and the distance between the house and the guest room / shed is about 10m.

Thank you in advance.

Best virtual network tool for troubleshooting practice?

Hi, I got my diploma in IT at TAFE a couple of years ago, and am looking to practice fixing various network issues so I can get a job in IT or start a software technician business. What's the best virtual networking program (like GNS3, packet tracer etc) for this task? Also, if anyone knows of a similar thing for actual computer issues, please let me know.

Ruckus 7025 / Cisco 3850s / Nexus 7K

Weird issue at work today we have some Ruckus 7025 devices still in our network and we started having an issue with those devices losing communication with the ZD. When looking at the switches that they are connected to we see the interfaces constantly bouncing. Keep in mind this is property wide across more than 10 switches. We also noticed (not sure if related) the mac address table disappears on the vlan the 7025's use to communicate to the ZD. and other VLANs as well (for ex. admin vlan) on the Core N7K. Any ideas?

Netflow and bandwidth utilization

I am using both Solarwinds Netflow Traffic Analyzer and PRTG Netflow sensors to get a sense of how the bandwidth at our campus is utilized. Both tools report top talkers and top conversations. The display in both cases reports the amount of data transmitted over the link (in megabytes). Although this is useful, what I'm more interested in his how much of the connection is being used by these top talkers., that is, I'd like to see how many mb/s of bandwidth these top talkers are using at a particular moment in time.

Not sure if this is possible or even logical.

Suggestions and feeedback is welcome.

​

Wayne Hann

​

HELPPPPPPP!!!!!! Linksys ea7500 blocking hulu

https://ift.tt/2xPAkxd

Ethernet Connection

To start, I know absolutely nothing about networking or anything related. I'm not even entirely sure that this is the right place to ask this question. I live in a college dorm that has one outlet for an ethernet cable. The campus wifi blocks game consoles from connecting so me and my roommate both need access to this outlet to use our systems at the same time. Is there any way to split it into two connections so we both can be plugged in at once? Or is that not possible?

Thank you in advance!

Trying to improve ping on my Mesh Network with my Xbox

Hi. So right now after running a Speedtest on my Xbox One I’m getting about 105-107 megabits DL. About 12 megabits UL but my ping is shit. I’m getting about 67-70 ms ping and I’m not very knowledgeable about networking but I know this ping is terrible. I don’t have a traditional router I have a Linksys Velop AC6600 Mesh Node System. Though I think each node is AC2200 and since there’s 3 it’s 2200x3 to give you AC6600 which is what the outside of the cardboard box says. Right now I have an Ethernet cable going from the second node into my Xbox. The cable modem is across the house (plugged into the first node) so that’s not an option to go directly into the modem.

This mesh system seems good for most my devices but I really don’t know how to open ports using the Linksys app...

Microsoft gives you specific ports that need to be opened but I’m not sure where to put these numbers. On the Linksys app under port settings there’s 3 options: 1)Single Port Forwarding, 2) Port Range Forwarding, and 3) Port Range Triggering.

I think I need to use the Single Port Forwarding option but do I put the port numbers from Xbox.com into the external port or internal port fields?

Thanks

HSRP flooding network with packets on PT

I am working on a case study for my networking class, and it not only has me stumped but my professor as well. We are using packet tracer for some configurations and then moving to hardware and we noticed that HSRP is constantly sending broadcast packets out and they are reaching end devices. Is this a normal thing or is there a way to stop them from reaching end devices. I feel like that is a lot of extra packets that do not need to reach an end device unless something were to change with the devices configured with HSRP.

I appreciate any and all responses

Network Mesh recommendation across the Mall

I have 2 business inside a Mall

One store can get fiber the other is a Koisk limited to DSL 1.5 MB

I want to Beam Wifi to the Koisk

What device should I get to and which mode should they be configured to thank you.

Inline store is 200 feet from Koisk

DHCP Rate Limit

We have dozens of Cisco 2960-X switches on campus. From the time of their deployment several years ago, their access ports have had DHCP rate limit turned on.

ip dhcp snooping limit rate 100

Up until recently, that limit has never been a problem. However, after migrating the bulk of our machines to Windows 10, we've begun to see ports going into the err-disabled state because of dhcp-rate-limit. I generally have at least a couple of ports go down at some random place on campus every day.

I could just turn off the rate limit, or turn on port recovery, but that's just sticking my head in the sand. I'd like to know what's causing this, but can't figure out a way to track it down because it's so sporadic. Any thoughts on what would cause that much DHCP traffic in a second? Have you seen anything resembling this? I feel like it's related to our Windows 10 migration, but perhaps that's only because I have no other change to point to.

Our hardware is Lenovo with an Intel chipset. We're just using the Windows 10 provided drivers.

Upgrading A Subdivision from ADSL to Fiber

So I just recently moved from Panama City, Florida to Kerrville, Texas. Back in FL we lived in a semi-rural neighborhood. But even with low population density we still received cable internet (Comcast) at about 180 down and 25 up. When we where house hunting in Texas, I was also doing a bit of research in internet providers. When we perchance our current house, the only ISP that was not wireless or satellite was ADSL (Windstream). At the time I did not know much about ADSL. After we had our internet installed I asked the installation guy how fast my speeds where going to be. He said somewhere between 5 and 10 down and 0.5 up. This was very disappointing for me considering I was expecting 50 down and 8 up (See pictures) So after a couple days of research I came to the conclusion that my speeds really could not get any faster, due to the distance between me and the "community ADSL box / switch"?

So I was thinking how much money it would be to convert the subdivision to fiber, who would be paying for it, who can do it, or how to do it (If possible).

https://imgur.com/a/iqmRuxU

​

This is just and idea I had to see if it is even possible.

Any comments would be amazing help!

Issues with seeing specific IP over VPN

Hi guys

SO ive been trying to use RDP over a VPN from my surface to my computer but I've had issues seeing the IP of my computer (192.168.2.30), the surface is connected via the VPN has the IP (10.1.0.1) , is able to ping all other devices on my network apart from this computer. When I connect the surface back to the network on WiFi though it can see the computer at (192.168.2.30) again. Im not sure why the computer isnt visible.

Any ideas?

​

Thanks guys

Has anyone ever had the Running-config show up in the local logs on a catalyst switch? TAC hasn't seen before, exhausted search options.

VSS 6800 pair, needs a code upgrade, software bug made logs spam "PSU ERROR" messages for a good power supply. We entered a discriminator to filter them, now randomly when using "Show Log" command parts of the running config show up in the logs. I have tried clearing logs and every few days they show up again in logs with random parts of running config.

​

Likely cosmetic and seems tied to adding the discriminators, has anyone ever seen this before?

​

Google has nothing like it for searches and TAC can't seem to figure out why it would be happening. Searched this sub and didn't find anything similar.

Porting numbers from a PRI to SIP trunk - Time slots - No weekend cuts????

Hey guys,

We are moving from an old Avaya PBX using PRI's, to a Cisco VOIP PBX using SIP trunks.

We are working with Centurylink, our PRI and SIP Trunk provider, to determine when to cut/port DID's. We were hoping for a Friday late night port (ie 9pm Central). That would give us the weekend to work through any issues. We would be fine with paying extra for weekend support.

But Centurylink is telling is it is literally not possible. The latest they can do on a Friday night is 6pm Central. Which is crazy, because we have California sites so the cutover would be happening at 4pm Friday night for CA sites.

So the question is.... are Telco's really putting their foot down on Friday night cuts? Does everyone else do cuts on weekday nights or early on Friday night?

What is considered production?

In your environments what is considered production? More precisely what needs a change request to make a change? In the environment I am in, making a change on a switch or firewall that does not in any way impact the business is still considered production since the gear is production. (IE. A firewall rules for troubleshooting, or a vlan change on unused ports)

Can't get my router to keep a Gigabit connection

The router in cause is a TP-Link Archer C2. I got it two years ago I believe. The problem I have is the fact that it doesn't keep a Gigabit connection running. It limits it to 100Mbps.

The first year i had it for it worked great. I was getting Gigabit speeds every single day on my computer and 300/300 WiFi on my phone. After a year it started limiting speeds to 100Mbps. If i had restarted it it would work on Gigabit for a few months and then cap the speed at 100Mbps. Now if I restart it it doesn't output Gigabit. I have to like let it powered down for a really long time to only get Gigabit for a few days and then be limited at 100Mbps again. Same applies to the speeds on the phone. Limited to 100Mbps.

It's starting to be kinda frustrating to be honest. It poses as my second router. The main one is from my ISP and does the Fiber Optic decoding. If I plug the cable that comes from the main router directly into my computer I get Gigabit speeds (950d/500u) consistently without any problems. I tried anything I could find on the internet really, from updating the firmware, to windows settings, to resetting to factory settings a few times...nothing seems to fix the issue.

What can I do to it to have it consistently output the Gigabit internet speed like it's supposed to? Thanks.

Updating SSL certificate on Cisco ASA 5525

I am in the process of updating an existing SSL certificate that will be expiring soon with an updated one and I am curious if I need to create a new TrustPoint in conjunction with the cert replacement.

I am running a Cisco ASA 5525 w/ 9.1(7)

Ruckus/Arris/Brocade FastIron Upgrade from 8.0.30 to 8.0.61 Train - Warning if you rely on RADIUS

https://ift.tt/2prFXxy

Looking for a hardware recommendation

Hi guys, I have a small company. I need a gateway that is an iOS compatible vpn host, has at least 5 at least 1gb Ethernet ports, supports 2.4 and 5ghz abgn, which will easily support 50 wireless devices simultaneously. I am using the asus acrt5300, and honestly it kind of sucks. I have to reset it all the time, I just don’t think it’s powerful enough to handle this load. Does anyone have a recommendation?

Thanks!

Cool VR software for networking

Not sure if this was shared in here before, but I thought it was neat and never seen it before

ASA code on FPR 2100

Hey guys. Real quick. Looking for a concrete answer on how running ASA code on the FPR series works in regards to the FirePOWER service module?

​

Is is basically identical to running on an ASA or is there any difference? We need more horsepower but I'm not interested in the shitty halfbaked FTD code as of now.

​

thx.

How activate advertise l2vpn evpn command in virtual N9K

Does anyone know how to activate the command: advertise l2vpn evpn under BGP vrf address family ipv4 on N9Kv?

Activated features:

nv overlay evpn feature bgp feature interface-vlan feature vn-segment-vlan-based feature lacp feature vpc feature lldp feature nv overlay 

​

F5 RADIUS Health Monitor: Can a pool member be marked "healthy" if it sends back "Access-Reject"?

I'm running a RADIUS service that has a test user account built in. It is designed to send back "Access-Reject" (as is common sense) to any health monitor. After all, if you get a RADIUS response, the server is obviously healthy.

It seems, though, that the F5 health monitor will only mark the device up if it sends "Access-Success".

Am I missing something?

If you had a chaos monkey on your network, what would it do?

So, Netflix has made a program called "Charos Monkey", which randomly disables servers in their data center. They then 'upgraded' it with some other programs they call the Simian Army that do other things.

The goal of the Simian Army is to:

• First, can your infrastructure handle the losing of $thing? If not, this is REALLY important to fix.
• Second, do the users even NOTICE that $thing went down, even if it continued to function (perhaps its degraded)? If they DO notice, then you need to add more of $thing, or increase redundancy.
• Third, does your team received a monitoring alert that $thing went down? If not, then you need to step up your monitoring game.

So, if you were to have a Chaos Monkey / Simian Army on your network, what would you task it to do?

Any engineers/techs from different ISPs noticing drastic speed fluctuations in the last month when using speedtest.net

About a month ago something seems to have changed somewhere. I used to be able to see consistently good speeds when testing to certain servers off of Speedtest.net, only using IE though, Chrome (which I think was because of Java) produced horrible results when testing to the same servers.

Now any browser that I use will produce bad results. Oddly enough if I use the Speedtest.net downloadable application and test through that I am able to get 900+/900+ consistently to one or two servers.

Anyone know of anything?

Help running fiber through conduit

Hi all, I have never worked with fiber. But I need to connect two buildings that are 350 meter away and wanted to lay some fiber. The trenching is not a problem because I have a caterpillar 416f, but what I do not know is how to get the fiber through 350 meters of conduit. Should I do it in shorter peaces or is there a way to get the 350 meter complete?

​

Thaks

Is gpon technology good or bad eli5

Thinking of getting new broadband that has some too good to be true plans so i was wondering what's the catch.

Can't find Copper SFP to work between Intel X520-AT2 and Cisco Nexus C92160YC-X

The link refuses to come up. If I plug the Intel into a regular old copper switch, it comes up at 1Gb just fine. I've tried both of the copper SFPs from FS.com(which they claim are compatible) and a few other random ones laying around but either no link or Cisco didn't like the transceiver. The SFPs work with other connections, like the IPMI interface at 1Gb, no issues. On the server side it says NO LINK.

I'm thinking of ordering the 10Gtek RJ45 10Gbase-T SFP+ they have but again, don't know if it'll even work.

I've tried adding "service unsupported-transceiver" on the Cisco side but that didn't help. I also found a Cisco bug with these Intel X520-AT2 NICs but I am well past the resolved in firmware version.

Anyone run into this issue and have a confirmed working copper SFP? I'm trying to avoid buying Cisco SFPs since they are so expensive.

Thanks in advance!

Odd Behavior on Verizon Fios

I'm hoping someone can help me understand what is going on here and if they have seen similar behavior. Since early yesterday morning the firewall at one of my offices has been alerting that our Verizon Fios connection has gone down and we have failed over to Comcast, only for it to be back up a minute later. I decided to let MTR run for a while to see what was going on, immediately I was greeted by something odd. A trace to my usual destination of Google's 8.8.8.8 DNS only returned 2 hops, the firewall, then Google with an average response time of 3 ms. I manually shutdown the interface with Verizon and ran the test again over Comcast and the trace looks normal. There are no VPNs, MPLS, or anything else on my end. While the Verizon interface is up it seems to be functioning normally and my Pingdom monitor has not recorded an interruption in service for in several days.

To 8.8.8.8

Verizon

Host	%	Sent	Recv	Avg ms
192.168.100.1	0	214	214	0
8.8.8.8	0	211	211	3

​

Comcast

Host	%	Sent	Recv	Avg ms
192.168.100.1	0	46	46	0
96.120.77.149	0	46	46	9
xe-10-0-0-sur01.uofdelaware.de.panjde.comcast.net	3	43	42	8
be-1-ar03.norristown.pa.panjde.comcast.net	0	46	46	10
be-201-ar03.ivyland.pa.panjde.comcast.net	0	46	46	12
69.241.64.98	0	46	46	14
Noresponsefromhost	100	10	0	0
209.85.245.29	0	46	46	15
209.85.243.191	0	46	46	14
8.8.8.8	0	46	46	14

​

​

If I ping 8.8.8.8 and increment the TTL manually I get a full trace, except hop 2 (Verizon) responds as 8.8.8.8:

ping -n 1 -i 1 8.8.8.8 - Reply from 192.168.100.1: TTL expired in transit. ping -n 1 -i 2 8.8.8.8 - Reply from 8.8.8.8: bytes=32 time=1ms TTL=254 ping -n 1 -i 3 8.8.8.8 - Reply from 130.81.223.126: TTL expired in transit. ping -n 1 -i 4 8.8.8.8 - Request timed out. ping -n 1 -i 5 8.8.8.8 - Request timed out. ping -n 1 -i 6 8.8.8.8 - Reply from 140.222.2.231: TTL expired in transit. ping -n 1 -i 7 8.8.8.8 - Reply from 209.85.149.208: TTL expired in transit. ping -n 1 -i 8 8.8.8.8 - Request timed out. ping -n 1 -i 9 8.8.8.8 - Reply from 108.170.226.198: TTL expired in transit. ping -n 1 -i 10 8.8.8.8 - Reply from 72.14.238.201: TTL expired in transit. ping -n 1 -i 11 8.8.8.8 - Reply from 8.8.8.8: bytes=32 time=6ms TTL=123 

​

In fact whatever is upstream of us on Verizon's side is responding to any ICMP Echo:

ping -n 1 -i 2 1.1.1.1 - Reply from 1.1.1.1: bytes=32 time=2ms TTL=254 ping -n 1 -i 2 1.2.3.4 - Reply from 1.2.3.4: bytes=32 time=2ms TTL=254 ping -n 1 -i 2 203.0.113.1 - Reply from 203.0.113.1: bytes=32 time=2ms TTL=254 

​

And no there is nothing between out firewall and the ONT.

Juniper vs. Cisco Routers

Politics and money aside - if you had the choice between two ASR9k's or two Juniper MX's for a redundant core, which would you go with and why? The ASR's and the MX's are configure with similar port counts, licensing and are not doing anything too complex. Both routers will be peering with three upstream ISP's and there will be a handful of GRE tunnels, downstream peers, and a few l2 cross-connects. Our team is knowledgeable in both IOS-XR and Junos, but Junos will have some learning curve. Which system do you enjoy working on more?

TPx SD WAN

Hello everyone. I had a simple question and curious to know what your thoughts are on TPx SD WAN solution their pushing MPLS customers to. Any experiencing bad or good?

Trying to consult on best path to take for a client who has two sites. PRIs on T1s at each end. HQ has DIA and Branch has broadband. Traffic over the MPLs consists of email server, auto cad and voice for internal routing.

TPx is really pushing their SD WAN solution and offering bandwidth at each end via DIA.

Thanks for any help you can provide with your experience.

First exposure to Fortinet was good

Received a firewall, switch, and AP from a vendor and I had it up and running in less than an hour (wan, lan, management interfaces, ssid, fortilink, nat, security policy, etc). Fortinet made it very simple to deploy their devices. The web guy is not terrible and the cli has a juniper feeling. Do you know how reliable are these devices in terms of hardware? How’s their support or tac for enterprise or large deployments? I feel at first sight they are putting a lot of intelligence in their products, my understanding is their prices are extremely attractive, devices are decent looking. Vendor only mentioned good things about Fortinet, performance, visibility, threat detection/prevention, and a million other Fortiproducts. Are they really that good or this is all marketing? What are some of your worst experiences with Fortinet?

Looking for VPN Server

Hi,

​

Long time ago i used PPTP to connect to mine home LAN (with a router running DD-WRT)

Now i'm looking for someting else because since IOS10 PPTP isn't supported.

​

First i've bought a "TL-R600VPN" but this was a "client VPN", so hosting a IPSec of L2TP Server wasn't possible.

So i bought a "DLink DSR-250" and after looking on the internet i've found 1 manual to setup the VPN (http://files.dlink.com.au/Products/DSR-500AC/REV_A/SetupGuides/How_to_setup_L2TP_VPN_Service_in_DSR-1000AC_500AC.pdf)

I did the same like in the manual but it don't work to connect with mine iPhone running IOS12

​

I know a bit of networking but i'm not a expert. But is there a other brand/model that's easier to configure the VPN on it, than i can buy this.

At mine home i have cable internet.

​

Greetings,

Pieter

Bachelor's or Associate of Applied science?

Long story short, I'm paying my own way through college and really would like to avoid crippling debt upon graduation. Obvious way to avoid extra time and money is to cut the core curriculum out and only focus on classes I actually need by obtaining an AAS.

Would you say someone with an AAS + certs + 2 years real experience that a bachelor's degree holder wouldn't have would be at steep disadvantage when applying for jobs in the same market as the one with a bachelor's?

Age is also a factor. I'm already 21 with a few IT courses under my belt and I'd be working full time while getting my basics at a community college if I go for a bachelor's. That means I'll be around 27 or 28 by the time I graduate and that sounds really old. With an AAS, I can save up the 10k or so it takes and go full time, graduating at like 24 or 25 with no debt.

I'm really leaning twords the AAS but maybe I'm just clouded by the thought of not having to write english/history papers till I'm 30.

MTU size confusion

I'v been struggling with a slow speed issue lately, and After playing around with the modem's settings I figured out that it was caused by the MTU and TCP MMS values.

​

So after reading about how to figure out the optimum MTU value using ping 8.8.8.8 -f -l 1452 command in the CMD and keep increasing it till Packet needs to be fragmented but DF set goes away, and then adding 28 + highest MTU value you get without fragmentation etc..

​

Now, I noticed that if I arbitrarily changed the modem MTU value to let's say 1480, the highest MTU value I get without fragmentation using the CMD command is 1452 which is (1480 - 28 ).

​

And if arbitrarily set it to be 1440, the highest MTU value I'd get without fragmentation using the CMD command is 1412 which is (1440 - 28).

​

So it seems like this method is not accurate at all, I'm not an expert in networking so I would appreciate an explanation as to what's happening there and if there's a better way to figure out the maximum MTU and optimum TCP MSS values for my connection.

​

pfSense vs Docker vs RouterOS: Maintenance and security wise?

Hi all,

I am having a hard time finding what's best in terms of maintainability and security for a single homelab router:

• Low energy x86 machine with pfSense

• Low energy x86 machine with Docker containers: Kea, unbound, nftables, etc.

• MicroTik RouterBoard with RouterOS

Configuration time or hardware costs are not a factor. What is your opinion?

Thank you in advance!

How good are you with Cisco (Ccna,Ccnp,Ccie etc) and how much sysadmin task you're doing (WinServer, Linux etc) at your job ?

1) How good are you with Cisco (Ccna,Ccnp,Ccie etc) and how much sysadmin task you're doing (WinServer, Linux etc) at your job ?

2) Do you feel that more and more of the networking is going in SDN inside or outside the Datacenter or in medium, large enterprise ?

3) Do you like the rivals tech like Juniper, Aruba etc or you prefer to stay Cisco ?

4) Do you manage a lot of Cloud tech and are you afraid of automation or infrastructure as code ?

as juniper contrail used in at&t AIC, what is the overlay packet encapsulation used there , MPLS over GRE/UDP or VxLAN ? use MPLS and VxLAN both? what is reason behind there choice?

No text found

How capable are linux based active directories, and domain controllers compared to Windows server 2016?

Im still in school in my last year of classes and im taking a microsoft certification class at the moment. I have already taken a virtualization class and a data storage class and some basic networking courses.

I have only learned about the microsoft side of things and the VMware side of things. And i have very little experience in linux and cisco. I recently only learned that linux can support domain controllers and active directory. And im curious on how capable they are.

Dumb Network Design of Day

I go to a college where there newest residence hall which was built in 2013 has 10/100 ports for end users only. The building is wired for Cat 6 and the access points get the gig wired connection. However, when I did a speed test I was getting no where close to gig internet speeds, heck the speeds were below 100 mbps. Talk about wasted ports. In my opinion this setup is dumb, why just not make all of the ports 10/100/1000. The building is wired for it. Just not the switches for the end users (10/100 switches). Just my thoughts and I am wondering what your thoughts on this are.

"The Internet will split into two" According to Eric Schmidt.

Regardless of this statement by Google's former CEO, can someone explain the current state of the internet on a global scale and how China could theoretically split to control their "own internet"? Isn't this already the case?

Does anyone have experience with askey firmwares?

Hi!

I have an old Askey modem that I'd like to use for guests.

Problem is: It does not seem to work with OpenWRT (and similar).

But I managed to dump It's Firmware and extract everything (I guess) from it.

Jut to try things out, I tried to re-pack all files back. Using mkfs.jffs2 (it's a JFFS2 Big Endian Firmware).
On the other hand, my dumped file (with no modifications) works as is. My modem accepts it.

But it does not work.
Any ideas?

Having trouble understanding how these "out-of-line" firewalls are working in this network

I started a job at a large university a few months ago working with the network infrastructure team. I've mainly been doing more developmental work with some of the different network devices in the network. Recently, in between tasks, I've also been trying to "map out" the network in a way. Mostly because I've never worked in a big enterprise network like this and am trying to get a better grasp of how all the different devices and services work together to serve 50k+ users smoothly. I have been given some network maps that helped layout some things, as well as stuff like NetDisco, Nagios, and NetMRI to help see all our devices.

Anyways to get onto the real question, I've diagrammed out a simplified version of one 'branch' of the campus, and was hoping someone could shed a little light on to how these firewalls are actually doing anything for the campus LAN devices.

https://i.imgur.com/6cwADo4.jpg

I feel like it has something to do with the hundreds/thousands VLANs + device authentication, or something involving tunnels, but I'm not totally sure... I can try to provide more info about the network if needed, too.

Does anybody have examples or references, of use-cases where firewalls are installed like this in the network? Or some solid explanation for them being installed like this?

I'll probably ask at work tomorrow or next week if I am still unsure, but was hoping one of you fine folks here would be able to help too. Plus gives a bit of discussion here haha. Thanks! :)

Isn't top-of-rack supposed to be secured and isolated?

Maybe I'm crazy here, but I always thought that the "top-of-rack" switch was a secured switch on an isolated network that didn't have any general traffic. (i.e. a "management network") Everything I've seen has ToR as being a general-purpose network that includes management traffic. This seems insane to me, because LoM/management interfaces are intentionally opened for protocols like SNMP, HTTP/S management, and VNC, not to mention how horribly insecure they can be anyway. It seems crazy that people would mix that traffic with general-purpose server traffic. Am I just being paranoid or crazy here? Am I missing something?

Router question

What's it called when a router pretends to be from a coffee shop but just forwards traffic through it and scans everything going in and out?

ISR 4k - BFD QoS

So I'm reading this article from Cisco that says this

​

BFD packets are not matched in the QoS policy for self-generated packets.

1- https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bfd/configuration/15-mt/irb-15-mt-book/irb-bi-fwd-det.html

​

When I try it on an ISR 4-k (output qos policy-map) I never see any packets matching BFD (outbound). So how do I guarantee that during times of congestion these packets will go out first? I know there's pakpriority but does that feature understand that i have shaping my WAN link?

​

Ideas for experimental study on computer networking topics

I'm currently taking a course on computer networks as part of my masters in computer science. At the end of the semester, we perform a literature survey and conduct an experimental study to examine the properties of any networking topic of our choosing (some of the suggested topics are listed below) and then present to the class. I've been trying to think of some cool and interesting possibilities for some type of interactive program I could create that potentially utilizes everyone's smartphones in the room live during the presentation, but I haven't had any ideas that seem to fit into any of the recommended topics. Anyone have any cool ideas or inspirations?

​

Suggested potential topics

• 5G networks
• Big data and machine learning for networks
• Cellular networks
• Cloud computing/mobile cloud computing
• Cognitive radio networks
• Crowdsourcing
• Cyber-physical systems
• Datacenter networking
• Energy efficiency in networks
• Edge and fog computing/networking
• Fault tolerance, reliability and survivability
• Internet architecture
• Internet of Things
• Localization and location-based services
• Mobile sensing and applications
• Mobility management and models
• Multimedia networking
• Network economics and pricing
• Network management
• Network virtualization
• Overlay and peer-to-peer networks
• Quality-of-service and resource management
• Smart grid applications
• Social computing and networks
• Software-defined networking
• Vehicular networks
• Web applications and content distribution
• WLAN, WPAN, RFID, and NFC
• Wireless sensor networks

​

Blogpost Friday!

It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts

Feel free to submit your blog post and as well a nice description to this thread.

Unknown traffic spikes?

im seeing this strange spikes in a particular vlan in My DC my Firewall and Router that have interfaces in that vlan register 1Gbps+ Download spikes at the same time as if it was some type of multicast/broadcast. i have tried to capture traffic at the router interface while it occurs but pcap file contains no relevant traffic of the volume it should've collected. Router in question is an ASR1001. most of the servers are SQL/DFS and so far havent found any source.

Any input on this?

​

​

Active FTP data channel connection originating from a random port other than 20?

Story: I've noticed a weird issue with FTP at one of my client's sites. They use our FTP client software which is behind a NAT router to connect to another company's FTP server. The FTP company recently migrated to a new server with a new URL and a new IP. I made the change in the FTP client to connect to the new server. I am able to connect to the new FTP server via active FTP, log in, and change directories. Once I attempt a DIR or a file download, it times out with a 550 response 90% of the time. 10% of the time I can complete the connection just fine.

I've obtained a packet capture on the public interface of the router and noticed that when the FTP server attempts to establish the data channel connection back to the client and it fails, the source port is not 20, but something wacky like 925, 9053, or 11973, and is blocked by the firewall. That 10% of the time that the connection is successfully established, the source port is 20, as it should be.

They have a Meraki router so I assume it is FTP aware which is why the active ftp connection works under normal circumstances. For example the router modifies the port command to display it's public IP instead of the FTP client computer's private one. I also assume that the Meraki is then expecting the incoming connection to originate from port 20, which is why it fails when it originates from any other port.

​

Questions: I've googled my fingers red but can't seem to find any reference to an FTP data channel connection request originating from a port besides 20.

-Can you even configure an FTP server to do that?

-Could this be something like a proxy server or other networking device that is replaying or otherwise modifying the source port in transit?

​

More than anything I'm curious as to how or why this source port would be anything but 20. Secondarily, if anyone had some advice to get this working on my end that'd be awesome.

I've contacted the company who runs the FTP server, but can't seem to get through to anyone with any technical knowledge directly. I just get emails telling me to whitelist their IP on the router, which supposedly the Meraki MX64 cannot do.

Output drops w/ AutoQoS

I rolled out AutoQoS on several 3560X's in preparation for a VoIP deployment. I'm troubleshooting some intermittent issues, and I see nonzero output drops on several 1Gb/10Gb interfaces that I'm surprised to see drops on, since they are used so minimally--average throughput in the tens of Mbps or less. It's hard to imagine they have experienced significant congestion, but I'm also new to this.

Is it possible that AutoQoS settings would cause output queue drops, even without link saturation?

More generally, is it possible AutoQoS produces settings that cause more problems than they solve?

Example platform info: WS-C3560X-48P on IOS 15.0(2)SE11 (latest gold star)

Edit: So I disabled QoS altogether and cleared interface counters. A few moments later I see them incrementing on several idle interfaces. Maybe a hardware issue?

Traceroute: not showing intermediary Level 3 hops between Western US and EU

Traceroute uses the inherent behavior of the IP routing process to map out each router that a packet is forwarded through, by sending out a series of probe packets which are intended to expire before reaching their final destination, and capturing the resulting ICMP TTL Exceed messages.

Performing a traceroute from a network in Phoenix to a host based in London reveals intermediary hops in Dallas, Atlanta and Ashburn and the use of MPLS as the probes are routed over Telia's fiber:

ryan@phx10:/home/ryan# traceroute -eA --back 46.101.44.214 traceroute to 46.101.44.214 (46.101.44.214), 30 hops max, 60 byte packets (snip) 3 10.140.2.13 (10.140.2.13) [*] 0.536 ms 0.559 ms 10.140.2.1 (10.140.2.1) [*] 0.506 ms 4 phx-b1-link.telia.net (62.115.42.9) [AS1299] 0.684 ms phx-b1-link.telia.net (80.239.194.109) [AS1299] 0.840 ms phx-b1-link.telia.net (62.115.41.253) [AS1299] 0.867 ms 5 phx-b1-link.telia.net (62.115.42.1) [AS1299] '-4' 0.827 ms phx-b1-link.telia.net (80.239.194.109) [AS1299] '-4' 0.877 ms phx-b1-link.telia.net (62.115.42.9) [AS1299] '-4' 0.812 ms 6 dls-b21-link.telia.net (62.115.135.12) [AS1299] '-5' 23.463 ms dls-b22-link.telia.net (62.115.118.246) [AS1299] <MPLS:L=10850,E=0,S=1,T=1> '-5' 32.692 ms dls-b21-link.telia.net (62.115.137.106) [AS1299] '-5' 23.300 ms 7 dls-b21-link.telia.net (62.115.137.106) [AS1299] '-5' 32.474 ms 32.625 ms atl-b22-link.telia.net (80.91.246.74) [AS1299] '-6' 41.248 ms 8 atl-b22-link.telia.net (80.91.246.74) [AS1299] '-6' 50.239 ms 50.358 ms ash-bb3-link.telia.net (62.115.125.190) [AS1299] '-7' 52.116 ms 9 ldn-bb3-link.telia.net (80.91.246.69) [AS1299] '-8' 129.974 ms atl-b22-link.telia.net (80.91.246.74) [AS1299] '-6' 50.181 ms ldn-b4-link.telia.net (62.115.134.139) [AS1299] 129.160 ms (snip) 

I assumed that packets over Level 3 fiber are routed more or less using the same path. In fact, a Google search easily produces older traceroute results that reveal Dallas, Atlanta and Washington as hops between Phoenix and London on Level 3 fiber. However, when performing a traceroute from a Level 3-peered network in Phoenix to a same host in London, I noticed that no intermediary hops show up at all, and no indications of MPLS either:

ryan@phx1:/home/ryan# traceroute -eA --back 46.101.44.214 traceroute to 46.101.44.214 (46.101.44.214), 30 hops max, 60 byte packets (snip) 3 lw-dc4-border2-te0-0-0-1.rtr.liquidweb.com (50.28.96.29) [AS19905/AS53824] 0.478 ms 0.510 ms 0.549 ms 4 5-2-34.bear2.Phoenix1.Level3.net (4.28.83.25) [AS3356] 0.615 ms 0.627 ms 0.655 ms 5 ae-116-3502.edge3.London15.Level3.net (4.69.167.78) [AS3356] '-11' 123.048 ms ae-226-3602.edge3.London15.Level3.net (4.69.167.94) [AS3356] '-11' 123.042 ms ae-227-3603.edge3.London15.Level3.net (4.69.167.98) [AS3356] '-11' 122.996 ms (snip) 

Why did no TTL decrement happen when the traceroute probes passed through intermediary nodes on Level 3's fiber?

Did the Level 3 router in Phoenix already label every probe with a complete routing decision to London so that intermediary hops could just forward the probes to London based on these labels instead of sending them to their routers for further routing decisions?

Did the intermediary hops send the probes to their routers, but did those routers not decrement the TTL for some reason?

SOCKS proxies - how they are different from Terminal Servers?

I guess it's a strange question, but I can't understand this - how SOCKS proxies do work.

OK, as a networking guys, we have got few of areas in our network which we access with using Terminal Server or SSH TS (because there's no routing or for security reasons or it's a small branch):

- Terminal Server usually has got one interface with global IP address and another interface(s) which resides on the remote network. It's a Windows machine, you just RDP on it, start putty and perform some actions in the remote network

- SSH TS - the same thing, but it's a LINUX/BSD box which you ssh onto and then ssh to devices from it. Sometimes, in case of small branch office, we just ssh onto Internet-facing router (which NATs all the inside users) and ssh to the switches inside directly from the 'border' router

This cases are understandable for me.

But looks like SOCKS proxies work not in the same manner. I just can't get the idea. Our partners use it for remote connection, remote administration and often I receive requests to add some ACL entries on the firewall(s) to allow these connections. Usually it looks like:

allow access from Internet to Proxy on Internet-facing Firewalls

and

allow access from Proxy to server pools on internal Firewalls

​

And I'm just trying to understand how it's different from TS/SSH TS which I described earlier?

Can't find any article or youtube video clearly explaining the concept of SOCKS proxies. No idea how it all works and sometimes this misunderstanding raises issues and conflicts.

Thanks a lot for your help.

​

PS: our partners also use some app called ProxyCap - to create some proxy rules, etc. May be someone of you can explain this also.

​

​

​

​

​

How does a VPN work at a more technical level?

Every time i try googling it i get simplistic explanations of how a VPN works. Is there a slightly more technical guide that talks through how traffic is routed and encrypted?

I'm very new to the concept as a whole so any information would be helpful - thanks!

Cisco ISRs with large output drops causing massive inter-vlan slow down

Talking with Cisco about this, but since it isn't a complete network down situation, they have me waiting. Background on this is I moved my network from a single legged 2900 router to a HSRP pair of ISR4321 routers. Access switch trunked into Gi0/0/1 with a handful of sub-inf acting as the default gateway for everything.

When I have all VLANs/sub-inf on one of the ISRs, network slows down to shit. I peel off half of them, its much better, but still getting drops.

GigabitEthernet0/0/1 is up, line protocol is up Hardware is ISR4321-2x1GE, address is 2cab.ebba.8941 (bia 2cab.ebba.8941) Description: co-asw-stack // eth1/48 // trunk MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, reliability 255/255, txload 3/255, rxload 1/255 Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set Keepalive not supported Full Duplex, 1000Mbps, link type is auto, media type is RJ45 output flow-control is off, input flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters 21:03:07 Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 161125

Right now the network is working fine, but I have half of the networks on one ISR and the other half on the other ISR. The moment I have everything on one interface, local network latency goes to shit and services between vlans go to hell.

Switch all have default-GW pointed to the network management interface of the ISRs and none of them are running L3 routing. The base interface of the ISR is default. Should there be anything more that needs to be added to it?

interface GigabitEthernet0/0/1

description co-asw-stack // eth1/48 // trunk

no ip address

negotiation auto

Week 1 - OSCP Preparation / LAB Setup

Please check out my posts for OSCP preparation! :)

https://www.jpsecnetworks.com/week-1-oscp-preparation-lab-setup/

Wipe partions (factory reset) from Poweredge 2950 with ESXi installed?

I'm trying to "factory reset" some old poweredge 2950's that I have and currently have ESXi 5.0 installed on them. I want to completely wipe the servers so that nothing is installed on them. I'm familiar with wiping partitions with windows servers, but not so much with ESXi OS installed. What is the easiest way to completely wipe the Poweredge 2950?

Can I use a passive fiber splitter to daisy chain a pair of dark fiber.

I'm going to lease a pair of dark fiber 11 miles long to connect 3 sites. It is 9 miles from my NOC to site A and then 1 mile from site A to site B. So the fiber pair will connect a switch at my NOC to a switch at site A and then from that switch at site A a pair of fiber to a switch at site B. In this config however if power goes down at site A it takes down site B.

So I'm wondering. As long as I use two different wavelengths (say 1310 between NOC and A and 1550nm between NOC and B) can I put a passive splitter in at site A that splits the fiber from the NOC so that site A is in one side and site B is in the other. Then at the NOC have a splitter with the two different wavelength fsps ?

My thought being the passive splitter doesn't need power so if power goes out at A then B is still able to see the NOC.

Assuming this would work is 1310 and 1550 enough separation since both SFP's will see the light from the other SFPs. Will the splitters cause loss issues on an 11 mile link with 20km sfps ?

Purchasing Panduit jacks

Where is the least expensive place to buy Panduit keystone jacks for 5e and 6 on a regular basis. I'm tired of people telling me eBay or Craigslist. I want a reliable vendor I can go back to every few months when I want to order another 100 without having to price shop and look for sales. Doesn't have to be the cheapest on the planet, but I would like to save money where I can because it can kill my dept budget.

Thanks for any help you can provide

Dropped packets on ZTE router

I have ZTE F660 router from my ISP. When I login through telnet and see at ifconfig, there is a lot of TX dropped packets. For example if I restart router it resets, so it will be like TX packets: 80 dropped: 15000.

It is on eth3, so my LAN port to another router which then goes to my laptop. I tried to check if any settings affect that on both routers, buth no luck so far.

Tried to connect laptop directly and same thing.

Is this normal or not?

I don't see any packet loss or bad pings, but sometimes I think it helps in fps games after router reset to not get shot instantly. But at dslreports I don't always get A or B for quality, and retransmits are between 3 to 8% depending if I check on Linux or Windows and day time.

It is fiber optic to router ZTE router.

Adding new Circuit to BGP For internet, first time doing it need to report possible downtime to upper management

We essentially have block IP space x.x.x.x/24. We have 3 Providers and were about to add a fourth, an ATT circuit.

I've set up BGP on our end, the link is up, I'm just waiting to "schedule" a time for ATT to do their end.

What's the possible down time here?

I personally think there won't be a noticeable down time as the route populates through ATT's back bone, or while ATT owned spaced populates to our router, but shouldn't be long, or?

And if anything does happen I should just be able to unplug the link to break BGP.

Thoughts?

Thanks

How do I limit management access to only the management interface (Cat 9K & IOS-XE 16)

Has anyone solved this issue? We are deploying Catalyst 9000 switches and are trying to keep people from being able to SSH to any SVI or IP on the switches. We want this to go to the dedicated management interface only since this will be a separate, firewalled network. Sounds pretty reasonable, right? :)

Extended ACLs with destination networks are still unsupported on IOS-XE 16 for the access-class statements. The control-plane-host & management-interface statements in control plane policing are also unsupported.

This may be more of a warning that IOS-XE Fuji, etc. do not support all the features that previous versions did. I have a TAC case open but so far they've only offered solutions that don't work or are not supported on this version.

Might be the wrong place for this

Ive been trying to sell / get rid of to someone who might make use of them -3 cisco 3745 routers. Used condition but ideal for study / lab - if your in the London area and interested - give me a pm.

Apologies if its in the wrong place, ive tried selling them on ebay but keep getting fake sellers!

Phone vendor trying to blame the data network

We handle the data networking and infrastructure at a client. The client is having phone issues. Their clients sometimes cannot call in sometimes and lines are dropped. We have never had an issue calling and have not experienced the issue. There is a separate company that is handling the VOIP system. The phones are mostly on their own wiring and subnet except for one PC(we are running a cable to fix that) . The subnets are routed together on the firewall, though DHCP is not routed.

I test the DHCP on both sides and it resolved properly. The VoIP PBX is the DHCP on the phone subnet. The phone vendor is a bit hard to work with. I asked him for Packet Captures and sent this to the client. Sideways and everything.

https://imgur.com/a/zM7qNTm

​

He is saying there are DHCP error on the network and blaming the data network. All the phone register. It looks to me like the PBX is not set up properly. Is the VoIP vender trying to smoke screen the client with this screen shot?

​

Website monitoring on local network?

Hello, I looked into website monitoring on my home network. As a i am getting my ccna right now, i am intrigued in how my network works and how i can monitor it.

I want to be able to monitor what websites are accessed by a specific computers on my home network.

I looked into wireshark, filtered by port 53, and ip addr of the specific pc.

And i was able to see the traffic. But there was so much traffic it was impossible to monitor everything. To much noise with wireshark.

And at the moment i am trying open dns, but i dont think dns can monitor each pc in particular.

Any software or anything. Enterprise lvl or not I would like to know

Thank you.

Network tester recommendations

We have a fluke linkrunner. For the most part it does the job but it’s getting long in the tooth. It only does 1gb fiber links. We’re going to 10gb. I’m looking at the linkrunner AT 2000 which looks like the upgraded model of what we have. Any other recommendations? I don’t really know about what’s out there. Thanks

Avoiding Night Shift Entry Level Positions?

I have my CCNA and I'm about to finish my degree. I'm starting to look for entry level positions. But it seems like many of them are working in NOCs on the night shift. I'm comfortable with paying my dues, but I can't physically work the night shift. I've done it for several years in previous jobs and it took a serious toll on my health. I even feel asleep during my shift once and woke up in the morning with other staff starting to come in. I don't have any sleep disorders. I'm just a morning person and not a night person.

Is there another path to normal day shift positions? Are there other types of companies I should be looking for? Would it be easier to start from Help Desk and move into a networking position?

​

How do you keep up with all the computer updates?

Hi Reddit!

I am in some need of help to be more efficient when updating Machines on our network. Our company has grown from about 15 workstations and 5 servers, to about 100 workstations and 25 servers. For a long time, I did everything myself, but due to the growth, we hired a helper for me. I am a huge fan of KISS - Keep It Simple Stupid - I basically just used an excel sheet to keep track, and simply went to every computer every month. This with my help desk responsibilities kept me busy and the bosses happy. This worked very well, until it became overwhelming, which was when we hired help. We have continued to grow, and we are at the point where we can't keep up again. I find myself working many nights just to try to keep up. Short term, not a problem, but I need to find a better way!

​

For Servers, I still think the best way is manually. We only have a few that cant be maintained during work hours, so we have a scheduled Sunday morning maintenance that gets done. With 4 weeks in the month, this is not a problem to get all the servers maintained. I work less than 4 hours on those Sunday mornings, and I get it all done without having to rush like a madman. We do have monitoring on our servers, so I am aware if anything goes down. To be honest, I don't see an issue here, but please, if you have some input on improving efficiency, please voice it!

​

My roles and responsibilities go a bit beyond just IT, so I would like to be in charge of handling those responsibilities, the server maintenance, and network security. We have a 3rd party audit annually that we are still working on making improvements. I never feel like I am spending enough time on this, which is a main reason for coming here today! The problem is, my helper cannot possibly keep up with all those workstations. Which is why i have been needing to log in at night and catch up. We split help desk responsibilities as well. There is simply too many issues that pop up, and too many workstations to maintain.

​

For our workstations, we are to login, run windows updates (reboot if necessary), Update Java, Update Adobe. For the most part this is all we do. There are a few workstations with special software that needs to be updated from time to time, but for the most part, we can perform those upon request.

​

First question I want to ask... Is this necessary? Windows, Java, Adobe? Maybe we could get away with only Windows updates? What are some of your thoughts on this? Maybe roll out Java updates when they come out instead of constantly checking them monthly? Adobe pretty much updates itself - would i be safe if I simply took that off the radar? I'm afraid I am opening up to security flaws if I don't keep those up to date all the time.

​

Second: Is this not enough? Is there more to the maintenance that I am not covering? This is strictly in the computer, not the physical area and/or cleaning. We do take care of that as well (as needed)

​

Third - and the real question/purpose of this post: How can I automate this? Maybe even just monitor it? So we are more efficiently doing it manually? But I haven't found a software to monitor Windows versions, Java Versions or Adobe Versions? I have read so much about programs like solar winds that it has started to make my head spin. I still don't think it does what I am asking for.

​

Please help me!

All advice and tips are welcome and appreciated

Thanks

Bru!

Sending traffic over a LACP channel

Hi all, I'm kind of new to networking and would need any help I can get for my lab. I'm supposed to push as much traffic as I can over a LACP channel of two10Gbps links. I have configured four switches (two stacked on each end, 3750 Series) with LACP using the 10Gbps cables.

How can I; 1. Push the most traffic through the two links for a sustained period.

1. Push the most traffic per computer used

The only rule is traffic can't be sent to the switches' IP addresses

Thanks

Cisco WLC help

Hi all,

Wireless networking is not my strongest area, does anyone have a good guide or cheat sheet for managing a cisco WLC?

Software defined solutions for enterprise business

Hey everyone,

I was wondering if any of you have any custom designed scripts that you are running that aren't offered by vendors, what is it used for?

I am trying to develop my coding skills in Python, but other than device provisioning I am not sure what other types of projects can be best tackled by scripting.

Is anyone using any API's for anything cool?

Any advantage I'm getting using an ASA/Firepower module here?

So I have a building with only probably 20 people at a time really going out on the internet through this firewall. Right now it's a Fortigate 310B, which is pretty old and crashed on us last week. It's mostly just filtering who can hit the static route to the WAN, and a few other devices that connect into it, and a couple other pretty basic policies to block a few things.

I have some spare Fortigates, but I saw that my predecessor had acquired an ASA 5515-X with a Firepower license (just protection/control, no firesight). Honestly, overkill, but I figured I would take it as a chance to learn ASA/ASDM/Firepower as I have virtually no experience with it.

Well holy crap. Fortigates have a few weird things, but they are pretty dead simple once you know where everything is. This ASA has been one of the deepest learning curves, from installing the ASA module, licensing it, figuring out how management works, routing traffic to it. That's all without figuring out exactly how to translate the configurations over from the old device.

Looking over it, I really don't see a ton of advantage I get with the ASA. ASDM is okay but feels in dire need of an interface update (I've heard it might even be going away). The responsibility line between the ASA and Firepower are really blurry, and the firepower module doesn't appear to give much advantage, at least that I can tell (seems just like slightly more user control and filter intelligence.)

Am I totally off? Not sure If anyone has used both and ASA and Fortigate.

Renaming devices on the network not saving..

I have a Netgear wireless router. I have been trying to go into access control and rename devices so I can keep better track of what is what. For some reason certain devices change back to their original names even after I save it. What am I doing wrong?

Firepower Ball Aches - EIGRP Redistribution

Someone help me redistribute a simple route-map on firepower into EIGRP. I have found the option to create the route-map and the prefix-list on the FMC. I see a way to redistribute my route-map for BGP, RIP and OSPF on the FMC for my sensor. What I don't find, is an option to redistribute a route-map into EIGRP for my sensor!! Fuck I hate fucking Firepower!

You try and make the bastard prefix-list and apply it to a route-map via flex-config, and I get the following shit error upon deployment:

"Error - Unsupported CLI prefix-list RA-VPN seq 5 permit 10.18.0.0/20"

Multi path tcp

Hello Friends i have 2 questions 1 is it possible to use WLAN and another WLAN at the Same time with mptcp 2 how many Connections are possible with mptcp for example is it possible to use WLAN and another WLAN and LTE at the Same time

Palo alto partnership question

Hi All,

Sorry if im posting in wrong sub!

Just a quick one... My company want me to get a PCNSE so that we can become a partner with PA... although i do not want to do it i am considering it to try and get a payrise. i feel i am very underpaid for the skills that i have (im the only PA guy here and we have a serious backlog of PA projects that i am basically single handedly deploying. this ranges from small pa220's to panoramas with 10+ sites and up to 3260 deployments with ECMP etc...

​

My actual question here is once we become a partner i want to know what sort of discounts my company will get on products so that i can adjust the amount that i would like to ask for in a payrise. I was thinking about going in at a 10k increase based on the amount of money that i believe they will save on kit and support etc, and also will bring me up to what i believe is market value for my skillset.

​

does anyone know what sort of discounts you get as a partner? or benefits?

Should every network engineer strive to work for a cloud-scale data center or large ISP?

Should working in a large multi-tenant "cloud scale" data center, or for a large ISP be the ultimate pinnacle of a Network Engineer's career?

I was thinking the biggest difference must be that instead of the Network merely being infrastructure that supports the business, the Network itself is the product your company is selling.

That is such a huge paradigm shift over working in a Corporate/Enterprise network, I can't even imagine it. It should mean pretty much everyone who works there at that company supports the network in some way or other, rather than the network simply supporting them. That should mean the network engineer is not looked at as a mere support agent, but an actual money maker for the company. "You keep doing what you're doing! We're making $$$ with this stable, secure network that hosts MANY businesses!"

---

The reason for this line of questioning, is that I realize that in these environments you'll see a lot more complex configurations. It's like "networking for grown ups" versus Campus LAN which is basically "kid stuff."

VRF's, VDC's, VXLAN Overlays (EVPN!!), MPLS, etc, you typically won't see this stuff at a corporate network. Which means the Network Engineer who works there won't get to play with it. That means they simply won't get the experience of configuring and troubleshooting it. If you want to play with that stuff you have to work for a big Cloud Provider or ISP. Right? Or am I completely wrong about that?

Likewise I think having an environment that big kind of necessitates the whole automation thing, so Ansible, Chef, etc is probably widely used in that environment. Another experience set you completely miss out on by not working in that environment.

Should setting your sites to an environment like this be the ultimate career goal of every network engineer? Do you think job positions like campus/corporate network will continue to shrink, as "everything goes to the cloud" and companies go with Outsourced IT more and more?

Or do you think Network Engineers will always continue to have a home in "simple" single tenant campus/corporate environments.

Question about Microsoft NLB traffic isolation

Hello.

We are in the process of setting up Microsoft NLB (IGMP Multicast).

The question: is it possible to isolate multicast traffic within VLAN except for the ports specified in the IGMP configuration on the switch?

It means that other hosts should not see the multicast traffic within this vlan.

Switch: WS-C2960S-24TD-L

IOS: C2960S Software (C2960S-UNIVERSALK9-M), Version 15.2 (2a) E1

IGMP multicast config:

arp 192.168.0.222 0100. ***. *** ARPA

ip igmp snooping vlan 666 static **. **. ***. 222 int po8

mac address-table static 0100. ***. *** vlan 666 interface port-channel 8

When I run ping 192.168.0.222(NLB address) from 192.168.1.1 this traffic can be seen on the host 192.168.0.200 in the same VLAN:

"192.168.1.1 192.168.0.222 ICMP ICMP: Echo Request Message, From 192.168.1.1 To 192.168.0.222 {IPv4: 1}"

Is it possible to isolate multicast traffic with Microsoft NLB (except placing every NLB cluster into its own VLAN)?

Thank you in advance.

Low energy router supporting ssh, iptables and 2+ gigabit ports?

Hi all,

I am searching for a router which should have: - Low energy consumption (50W max) - Support a network with 5 normal computer users and one high traffic server (scrapping websites) - SSH support - iptables support - 1 input gigabit port - 2 output gigabit ports - 5GHz Wifi - Maximum cost of USD 250

No VPN/file transfers should be running on it so CPU speed is not that important.

What would you recommend me?

Thank you!

Thinking of using snmp for monitoring/managing a project, would like some feedback...

So I'm not sure if this is a great idea or an idiotic one. I'm going to be working on a project involving distributed devices on vehicles, and am looking at putting in an overall RMM system. Each vehicle will have a few embedded systems on it, and each "site" will have a few vehicles and it's own mini datacenter. As we want to be monitoring and managing all the network infrastructure at the same time as the vehicles, I thought that instead of building an api for the vehicles we could use snmp. We only need to be collecting basic telemetry for this project, and sending simple instructions (go here, do this etc).

On a scale of 1-10 how dumb am I being? My main concern is not creating a huge amount of work down the line that I'm not anticipating at the moment.

How to prevent a corporate firewall slowing down my SaaS product

We picked up a big shiny customer that is big on security. They are 50,000+ employees so we can’t even get close to the IT dept where decisions get made.

Each company device/laptop has a root certificate installed that allows this company to intercept and scan all SSL traffic for threats.

The problem is this firewall seems to take forever to scan JSON blobs - adding 30 seconds to some page requests. This makes our software painful to use.

Is there any way we can force our software to break if it isn’t a known root cert? Any other way we might fool this firewall so it doesn’t break our app performance?

5508WLC 8.5.135.0 Code

Hey guys,

We are currently in the process of a swing migration to get our HA pair of 5508s up to date for 2800/3800 AP support. To facilitate that, our VAR sold us a basic 3504WLC with temp licenses that is loaded with 8.5.135.0. From what the VAR says the 3504 can't / shouldn't be downgraded from that level. My question... has anyone been using the 8.5 code train? I've been hearing a ton about how unstable the code trains have been on 8.3 and 8.4... was wondering if the bugs were starting to get ironed out. Interestingly, 8.5.135.0 is now the gold-starred release for the 5508 (it wasn't when i checked two weeks ago)... In order to fail back the WAPs once the migration is complete, they are recommending we upgrade the 5508's to match the code level on the 3504..

TL;DR: 8.5.135.0... is it crap?

Is my isp out of ip addresses?

Hey guys. So I do basic networking for small businesses and ive been noticing something from the only isp in town that is barely hurting anything, but it is nonetheless. So anyway, I notice that if i have a computer, any computer, plugged in, sometimes it doesn't want to work at all. When it does this, if I run an ifconfig command, ill get an address 192.168.1.2 /24 which is weird becayse under normal circumstances, the internal address of the modem is 192.168.100.1 /24 aka different subnet. Normally i get a public ip address plugging the computer into the modem.

The plot thickens. When it does connect, if i ping 4.2.2.1 I consistently get packet loss. Nothing too crazy, but it shouldnt be happening. But yo if i plug a router in there, it works 100% of the time. And no packet loss. Today when I ran an if dhcpcd (a linux based dhcp client), i got what i hope to be the smoking gun (pictured).

So my question is, is s why the fuck does,a,router make it work better? He'll, even my own 35 dollar walmart router works better than no router at all. What gives? I have a theory, which may be totally wrong, i don't know. So, the cable modem can offer clients internal addresses (ive gotten 192.168.1.2 addresses from it) but it can also offer a public address, which it always does if you plug a computer in (normally). The address of the computer and the modem are usually different as evidenced by running an ifconfig command (ipconfig for winnders) and referencing that to a google search "what is my ip". If you get a router, however, and look at the internet settings on it, under dhcp or static, in the static spot it has the same address as the same google search. To elaborate, you can select dhcp or static on thw router gui page. Therein, you can also enter static ip address info. It comes prepopulated with the current info obtained via dhcp.

Is the modem issuing the router a local address instead of having two public addresses, one for the modem and one for the router, as it would be on a computer? There then would be a router to route across subnets (192.168.100.1/24 and 192.168.1.1/24). The computer wouldnt be able to do that since its not a router. That would explain why computers sometimes wouldnt want to connect, but not why it would connect and have 4% packet loss. Fuck me, man.

Heres why this isnt in home networking. This isn't about home networking. This is,not,about small business networking. This is about enterprise level shit, brah. This is service for an entire city were dealing with. I've called before but you know cable companies they all suck. So after i get a couple more examples, ill call them again.

In the picture, the dhcpv6 reply is from the cmts at our cable companys headend. Its pretty much the last router before hitting the cables running to your house.

https://i.postimg.cc/VvkV8MgM/nahdude.jpg

Bonding multiple USB wifi dongles and ADSL into one connection.

​

I am tearing my hair out with this one , maybe someone can shed some clarity on this situation.

​

I have:

CCR1036-12G-4S Mikrotik cloud router top of the line.

RB951G-2HnD small MikrotiK AP

Dell R710 - high spec

Dell R810 - high spec

Access to a hosting facility in the UK (I live on a remote island ADSL is just 8MB)

​

My neighbours are nice I have half a dozen wireless access keys, a mast on my roof bringing wifi in on USB.

​

I tried speedify running it in a windows VM with ADSL plus one WIFI - no good.

​

I am not the kind of person who wants to sit with a raspberry pi , or have some linux solution to run on a server in some VM that takes the connection down every time i reboot, I am looking for a hardware combination solid using hardware to bring say 3 wifi connections on on a mast , put them either onto ethernet somehow or have a hardware device to help me bond them. I do have access to a DC in the UK so if i had to run the CHR version of mikrotic router OS , my own CCR router and do it somehow like that i will.

​

​

How do I increase my internet speed using this hardware or more?

​

THx

​

Open Hardware and Software for Switches Discussion

I just wanted to make a post on r/networking about Open Hardware and Open Software for switches and was hoping to have a decent conversation about it. There's a lot of Open/White/Brite box hardware manufactures for switches out there and it's a little much to take in.

​

Open Switch Hardware

What I was hoping we talk about is experiences with hardware from a usability, performance, reliability, and support perspective. I know most all of the Open Hardware runs on the same chips, so usability and performance probably isn't really a thing since it either works or doesn't and it apparently works. I think what I'm getting at here, for example since these switches have the same chips, is buying a HPE Altoline 6960 better or worse than buying a Penguin Arctica 3200c? Should people try to stay away from particular Open Hardware manufacturers? Does price really matter, as in does cheap mean crap? Has anyone been burned by particular manufactures? Is there a list somewhere out there that shows which switches are basically the exact same?

​

Open Switch Software

Regarding software I was wondering basically the same as the hardware, what experiences do you have with usability, performance, reliability, and support perspective of the major software companies. It appears to me to Cumulus is the top choice for many. Why do you like it? What background did you have when first used it? If you came from Cisco, what was the learning curve like? Are there good "Cisco" like OSes out there? How do people like built in OSes like the Dell Force10 OSes (OS9/OS10)?

I would also like to see if anyone has any recommendations for Web based configuration tools for switches using YANG or the sorts. What I'm trying to get at here is just something where I can see all my switches in one view and easily add a single vlan or something without logging into 30 switches to do so. I'm coming from a Cisco FEX solution here so it's nice to have a simplified view of the network in my opinion.

​

Any responses are welcomed! Thanks!

Cisco ACI - ELI5

So I know this isn't the "ELI5" sub but I feel that it would be relevant and provide value for others as well.

I have a CCNA R/S and am starting to learn more about ACI in general for a customer. I have taken a Intro to ACI class o. Udemy but want to hear from folks who have worked in production with it and have had to explain or describe it.

While I may understand the basic logical concept of ACI, I feel that I do not want to limit the responses to things I may already know (which is limited considering I am only at the CCNA level in R/S)

Thank you in advance for all of your insight. You all rock!

Cisco Vlan help?

Hey guys, I'm currently working to deploy an Avaya IP phone system at my work.

I'm running into an issue where the phones will not connect to the DHCP server that is being hosted on the Avaya R630 server.

We upgraded our entire backend network to Cisco 2960X switches to be able to provide POE support to all areas of the building.

Our setup is pretty simple, We are going to be plugging the phones directly into the wall and our end users desktops to the phones. The IP phones are set to be running on VLAN 201 named "Voice". We only have about 260 total users and we are in one building across a couple of floors.

I have gone through all of my switches in my deployment and changed all of the ports to trunking ports, and allowed access to Vlans 1 though 201.

Picture of my topology:

https://imgur.com/a/jo5IKCg

​

On one of my switches, labeled "3rd north", I accidentally changed all ports to access ports for Vlan 201. When I did this the phone was able to reach the DHCP server and obtain an IP address. However once I allow it access to all Vlans accross 1-201 I can no longer access the DHCP server or the call server even if I give the phone a static IP on the same subnet.

​

I have gone through and made sure that all of the port that connect my switches are setup as trunk ports, some of them were still setup as static even after making changes through the CLI of the switch. Please let me know if you guys have any ideas on where this issue might lie and if there is anything else that you would like me to confirm. I have access to all switches and can provide any additional screenshots to help with troubleshooting.

​

Sorry if I'm leaving out some important information.. Been working at this almost 10 hours straight.

Multicast security cameras

I am attempting to setup a single site LAN to allow for multicast streams from IP security cameras.

I am using pim sparse dense mode and I have it enabled on the layer 3 VLAN for the security camera network. I have ip multicast-routing issued to globally enable multicast. I have also entered a class D multicast address on the cameras to send the stream. First question, and I think I know the answer, does each camera need to have a unique multicast address?

When I checked the ip igmp groups, there is a group that is random and not defined by any of the cameras. When I try to open the stream in VLC player, it errors out.

What am I missing?

Thanks

Maping network best practices

Hi guys, I have my ccent and have been tasked with mapping a section of our network, I usually use sh cdp neighbors and sh cdp neighbors detail, sh run and interpret and document the output so I can map it to either Visio or something something cheaper. Apart from the network addresses, point to point ips and subnets, management vlan ip, what are other best practice information I should pull from the router or switch for my documentation or other commands that will help me gather useful info. Also if I encounter a non Cisco device I’m will be using the llldp protocol cdp is not available. Thanks and I’m sorry for being so green.

confused NAT config on ASA

Hello network folks!

​

So I have this server here in the datacenter for example with private IP of 10.19.100.100 and I have a NAT statement on the ASA to SNAT this address for outbound connectivity and DNAT it for inbound connectivity. so 2-way NAT...or whatever you call it. I NAT 10.19.100.100 ---> 2.2.2.2 for the sake of the argument. I have put this NAT statement, then I went to "what is my IP" of this server to show the public IP of this server on google to see if this change has been reflected...it is not. I continue to see the same static public ISP IP address that is the IP address of the interface g0/0/2 on our Router that connects to the ISP which I guess is the default NAT since "overload" is configured on this interface. I'm not seeing the 2.2.2.2 translated address on "what is my IP". This might not be a misconfiguration but some big picture I'm not seeing here.. I would expect this to be reflected to show the now new 2.2.2.2 IP address. Here's another tricky part. When I do an nslookup on this hostname of this server on "server 8.8.8.8 (google public DNS)" I see the correct Ip address being used..

​

Does anyone know why this new NAT public IP is not reflected on the "what is my IP"?

​

Please lmk if this question is too vague and needs more detail.

SysAdmin needs help - Switches / Router

Hello everyone,

We have recently moved into a new office, and are rebuilding our system and network infrastructure. I have the system and server setup down, and everything is good. However, I am not so versed on the networking side of things.

Right now, we have one networking rack that has all of our drops patched into it, and only twenty of those connections live connected to a standard L2 Netgear 24 port switch, which gives the lines we are currently using internet.

We have two Ubiquiti Unifi 48 port Managed gigabit switches coming, as well as a Ubiquiti Edgerouter 8, to replace our nighthawk. I thought I would simply use these as L2 switches, for the most part. Just add drops from our patch panel and call it a day.

However, one of my other sys admin friends started talking about Hierarchical internetworking model, and layer core, distribution etc and he lost me. All of our devices will be connected to the same local network, and connected to our domain. Maybe we need a vlan for our wifi guest network, but other than that I don't see the need for any complications.

Is there anything I should know, best practices, do I need to make this complicated with vlans? Basically, I am not sure on the best layout to make this work.

Thank you, hopefully this sort of makes sense.

Static routing on Cisco 3750X

Alright... I've got an easy one here I could answer if I had the lab environment to do so.

​

I have a Cisco WS-C3750X-48T-S running c3750e-universalk9-mz.122-53.SE2 with an ipbase license. Setting up a direct connect to a single interface will require me to set some static routes and an IP address on the interface for the direct connect. At the moment 'ip default-gateway' is configured and based on the documentation I'm finding I need to issue 'ip routing' to enable routing. Though as it is right now 'ip routing' is showing up in command completion as well as 'ip route ...' to create a static route. Then also found the command 'ip route static' in the CLI saying this will allow static routes.

​

Not finding the correct command reference in my searches and kind of at a loss with how to proceed and not break things. If this was local to me it would be a different story and I'd just do till it was working. Being remote and breaking could easily deny my access.

​

So... if there is any guidance someone can assist with to be sure I do this correctly would be greatly appreciated. If there is no way around breaking it I can arrange something with the remote hands at the colocation but would rather know this before diving in.

​

Thanks!

What software are you using for wallboards

I need to display several RTSP video feeds in a wallboard. What solutions do you use?

Macs randomly disconnecting from wifi, at a loss.

Hey everyone. I kind of placed into a network admin position due to my proximity of the hardware and very slight knowledge of the subject at a growing company. One of our offices is in a super crowded area and all our neighbors seem to have their own wifi + broadcasting a wonderful xfinity signal as well. I'm guessing this is my main issue, but all our macbooks seem to randomly disconnect once or twice a day. It happens for about a minute, and sometimes requires turning the wireless off and on.

I've got a sonicwall and a couple of ruckus r610s. I previously had some ubiquiti WAPs in there. Anyone have any advice or experience with something similar?

Things ive tried: Running new cable, replacing WAPs, trying different channels on waps, trying different ruckus firmware, manually setting MTU on mac.

​

Things I should probably try: Going to each of our 20~ neighbors and asking them to turn off their xfinity wifi.

Is this a lot of traffic?

I've had a couple of warnings pop up in my PRTG system for a Hyper-V host. I'm having some trouble understanding if this is a lot of traffic or if this is just high usage for this hour of the week like the warning states.

​

[Unusually High Traffic warning](https://i.imgur.com/CUY0eUH.png)

LowVoltage Vendor recommendations - Minneapolis(and area)

Hello,

​

As the title says, i'm looking for some recommendations on low voltage vendors that can service Minneapolis and if possible, Minnesota as a whole for other offices.

​

Ive been going around with various vendors and I wont name names, but just haven't found a vendor with constant quality work. Ive had some issues with drops not being labeled, punchdowns to the wrong panels, vendors installing patch cables to my switches without authorization, etc. and each time its a different crew or worker so my explanations for why or special needs at sites need to be explained each time.

​

Id appreciate some insight on what others are using or if maybe my expectations are to high.

​

​

Home to Office VPN connection issues

My office has a Dell Sonicwall TZ600 with which I have set up a VPN access point for outside contractors to be able to access the network and upload/download files. Our work environment is 99% Mac, so I have set it up as L2TP, since macs can run that with the stock OS network preferences and no client is needed for the computers, as would be the case with SSL VPN, etc. Yes, it's less secure and all that, but we don't really deal much with sensitive information. Just need to get files back and forth on to the server easier than ftp, or transfer services, etc.

I routinely screenshare to a computer in the office through the vpn from home using the vnc protocol built in to the mac. In the last 3-4 days or so, I can screenshare for about a minute or two, then the screenshare app loses it's connection. Then about 30 seconds later, I will be booted from the vpn with a message about the PPP server not responding. Then if I reconnect to the vpn, I can't seem to screenshare, it basically just has a window that is displaying that it is trying to connect to the IP address I typed in. I could connect via afp (or smb...) but the vnc screenshare won't work. I have to disconnect and reconnect to the vpn sometimes 3 or 4 times before the screenshare will work again. This is affecting other people on the vpn as well.

I don't have a formal education in IT or anything, I am just a dude who is pretty smart with computers and built my own computer for the first time when I was 12. I sort of just became the de facto computer/IT guy at my work. I can follow directions with coding and all that and can navigate around, but I am not really savvy on trying to find the exact point where a problem might be occurring.

Does anyone know of what to look for? Is this something in the Sonicwall settings? I imagine it is. But I can't find anything in there about PPP server or anything like that. And google searches for this haven't been very insightful either. If anyone has some kind of insight that could help, it is greatly appreciated.

server name not populating in AnyConnect

Does anyone know what I need to modify on my ASA so that when people download the client, it's pre-populated with the server they need to connect to. Cisco said I need to modify XML file in Asdm but I can't see what in that file I need to change or add. Anyone?

5516 9.5

Getting away with generic 4G antennas on Cisco gear [IR829]

This is the first time I have configured a cell interface for a Cisco router. I am configuring some tradeshow equipment for my company and we ordered a Cisco IR829. We didn't realize the antennas didn't come with the unit [of course they don't!] so I was wondering if something like this would work for us. That would save the hassle of going through our vendor again and paying for a premium Cisco antenna. We just have one SIM card. Any suggestions?

Everything is fine, network edition. Not sure if this is allowed, but might brighten your day.

https://imgur.com/a/lrUTqKn

My new desk ornament.

Cisco STP Issue

Hello, I am working on an issue for someone that has me stumped. There are two locations with this network. The second location is connected via trunk. The core is at the the main location and all vlans for the second location live there. They have a problem where they lose connectivity intermittently. And it is because of spanning-tree topology changes as far as I can tell. All switches are in rapid-pvst mode. The priority on all vlans is set from 4096 on the core and the priority on all switches at the second location are set to 61440. Yet at this location the root bridge keeps changing despite the priority and then wireless clients lose connectivity for the 45 sec network convergence takes. Every 15-45 min the root bridge changes to one of the switches local to this location then 5 min later back to the core at the other location. I can't see why this continues to happen even after setting the lowest possible priority on all switches at the second location. Any direction anyone could offer would be greatly appreciated.

This is the spanning-tree config on all devices at the second location.

spanning-tree mode rapid-pvst spanning-tree loopguard default spanning-tree logging spanning-tree portfast bpduguard default spanning-tree extend system-id spanning-tree backbonefast spanning-tree vlan 10,12,20,50,60,80,100,102,150,170-171,192-193 priority 61440 spanning-tree vlan 200,300-303 priority 61440 

This is the spanning-tree config on the core .

spanning-tree mode rapid-pvst spanning-tree loopguard default spanning-tree logging spanning-tree portfast bpduguard default spanning-tree extend system-id spanning-tree backbonefast spanning-tree vlan 10,12,20,30,50,60,80,100,102-103,150,170-171 priority 4096 spanning-tree vlan 192-193,200,300-303 priority 4096 

Here are some of the traps from the core. (Note, the mac ending in e580 IS the core and gi1/0/48 is the port facing the second location.)

Sep 19 10:11:40.598 CDT: %SPANTREE-5-ROOTCHANGE: Root Changed for vlan 300: New Root Port is GigabitEthernet1/0/48. New Root Mac Address is 00af.1fc6.e580 Sep 19 10:12:47.707 CDT: %SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port GigabitEthernet1/0/48 on VLAN0301. Sep 19 10:12:47.727 CDT: %SPANTREE-5-TOPOTRAP: Topology Change Trap for vlan 301 Sep 19 10:12:47.727 CDT: %SPANTREE-5-ROOTCHANGE: Root Changed for vlan 301: New Root Port is GigabitEthernet1/0/28. New Root Mac Address is 381c.1a39.c800 Sep 19 10:12:48.718 CDT: %SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port GigabitEthernet1/0/48 on VLAN0303. Sep 19 10:12:48.729 CDT: %SPANTREE-5-TOPOTRAP: Topology Change Trap for vlan 303 Sep 19 10:12:48.729 CDT: %SPANTREE-5-ROOTCHANGE: Root Changed for vlan 303: New Root Port is GigabitEthernet1/0/28. New Root Mac Address is 381c.1a39.c800 Sep 19 10:13:33.705 CDT: %SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port GigabitEthernet1/0/48 on VLAN0010. Sep 19 10:13:33.705 CDT: %SPANTREE-5-ROOTCHANGE: Root Changed for vlan 10: New Root Port is GigabitEthernet1/0/48. New Root Mac Address is 00af.1fc6.e580 

Here are log messages form the user switch where connectivity is being lost.

Sep 19 10:11:40.588 CDT: %SPANTREE-5-ROOTCHANGE: Root Changed for vlan 300: New Root Port is GigabitEthernet1/0/24. New Root Mac Address is 00af.1fc6.e580 Sep 19 10:12:47.711 CDT: %SPANTREE-5-ROOTCHANGE: Root Changed for vlan 301: New Root Port is GigabitEthernet1/0/24. New Root Mac Address is 381c.1a5f.7800 Sep 19 10:12:48.718 CDT: %SPANTREE-5-ROOTCHANGE: Root Changed for vlan 302: New Root Port is GigabitEthernet1/0/24. New Root Mac Address is 381c.1a5f.7800 Sep 19 10:13:33.942 CDT: %SPANTREE-5-ROOTCHANGE: Root Changed for vlan 10: New Root Port is GigabitEthernet1/0/24. New Root Mac Address is 00af.1fc6.e580 Sep 19 10:16:31.553 CDT: %SPANTREE-5-ROOTCHANGE: Root Changed for vlan 303: New Root Port is GigabitEthernet1/0/24. New Root Mac Address is 381c.1a5f.7800 Sep 19 10:16:32.622 CDT: %SPANTREE-5-ROOTCHANGE: Root Changed for vlan 301: New Root Port is GigabitEthernet1/0/24. New Root Mac Address is 381c.1a5f.7800 Sep 19 10:16:41.598 CDT: %SPANTREE-5-ROOTCHANGE: Root Changed for vlan 10: New Root Port is GigabitEthernet1/0/24. New Root Mac Address is 00af.1fc6.e580 

You can find a crude drawing of the setup here..... https://imgur.com/xv6HFsT

What it looks like to me is that the switch with a mac ending in c800, despite having a lower priority, keeps becoming the root bridge and forcing the main switch for the location to block the vlan on the trunk connecting to the core. I do not understand why this would be happening.