I’m sorry if this is the wrong place to post this but this morning around 6 AM EST I turned on my TV and noticed the time was set to 5 AM, I thought huh, that’s weird so I checked the settings and my timezone was set to central. Problem is I live on the east coast. So I looked up my IP address and its geolocation is somewhere in Iowa, nowhere near my current location. What is going on here? Also when I’m on my iPhone and google, “What is my IP?” It shows my full public IP address instead of the router IP I’m getting WiFi from like it used to. It used to look like this, “192.168.1” now it looks like this, “12.345.678.910”. It’s as if my phone is acting like my modem or something. I don’t know much about this subject so any help would be appreciated. Also I’ve never used a VPN or proxy.
Saturday, December 15, 2018
What is the use-case for VPLS for enterprise networks?
Bombed an interview with Hard Rock Casinos recently due to my lack of SP technologies. I found it odd that they asked for VPLS in their job description.
I never got around to asking them, but why would Hard Rock (a non-ISP) require their engineers to understand VPLS in depth? My understanding is that VPLS is a SP service offering only and that this technology would exist in the SP network which Hard Rock would not be responsible for. They're in 10+ countries if it makes a difference.
So why would they seek VPLS knowledge from their engineers?
Wacky hotel WiFi
New to this sub, but I have encountered a networking situation I've never encountered before.
A hotel I am at in Mexico has WiFi with a captive portal, but every single AP has its own SSID, with the name of the hotel followed by a 4 digit number.
Is there any way on Android I can auto connect to every one of these networks and kind of smoothly transition between them like a proper business wireless would do?
Thanks
Edit: I'm a guest, so there probably isn't anything I can do
Configuring a /30 WAN to a /29 public block
Employer is moving their office building and the ISP for the new building did not install any kind of router, just a fiber to ethernet handoff. They supplied us with a /30 (public) "WAN" block and also a /29 (also public) IP block. I've never come across this kind of configuration before but, after some cursory googling, understand it's becoming more common. I'm struggling to get this going. Our current setup looks like:
L3 HP Switch in front of 2 Meraki Security Devices.
The goal is to split the connection into both security devices for hardware redundancy purposes. I'm struggling to even just get the internet up and operating across 1 security device. I have tested the WAN IP configuration from my laptop and can verify it is working.
What I'm unsure of is if the L3 switch can handle that kind of routing (I understand L3 switches are basically routers)? I've been trying different configurations of VLANs, VLAN Interfaces and static routes but, I'm unfamiliar with HP switches (frankly their web interface kind of sucks but, you have to configure through the web gui since the CLI is basically just for recovering a login or changing just a few basic things).
Can someone help me make sense of what needs to happen? I have so far, created 2 VLANs, assigned those to 2 VLAN interfaces.
Do I need to assign those VLANs to ports (I was thinking the VLAN that handles the WAN IP needs to be assigned to one port and then the other VLAN & it's VLAN interface needs to be assigned to a different port)? And then what should my static routes look like? I was figuring I needed to setup a static route that forwards traffic on the incoming WAN to the public IP block and then setup the reverse of that route (public block back to WAN interface)?
Hopefully someone can help a lost guy. :)
Anyone wanna give me a mock interview?(pay through PayPal)
I have an interview on Monday, looking to ensure my skills are up to par.
I will pay 25 based on your credentials
General questions surrounding ccnp knowledge, protocols, configurations etc
Non-networking advice: Key management/storage
Physical keys, not encryption keys! I'm asking here because some of you may be in a similar situation....
I have keys for work. Too many. I keep my work keys and my personal keys on different keychains... Work one in my jacket pocket, personal in pants pocket. The issue is, my work keys are bulky, cumbersome, and have started to poke holes in my jacket. I'm looking for a better keychain/key storage.
I have 9x Best branded keys for various doors, and 5x rack/cabinet keys. I cannot get all the locks changed to use the same ones. These are the keys I'm stuck with.
I have used KeySmart in the past... I was not a huge fan, but I was using it for my personal keys of varying sizes, not my work keys of a consistent size. It may be an option...
I can't leave them in my desk, because that means that I would have to go to my desk to get my keys to work on an issue. I also have a tendency to forget them.... If they're always in my jacket/pants pocket, I won't forget them. Also, if I put them in my desk I'd have to move 3 of those keys to my personal keychain.... It takes 3 seperate keys to get to my office.
What do you guys use for your keys?
You Tube Channel
Greetings, friends. I am considering starting a YouTube channel for networking and was hoping some of you here have experience with the creating & uploading bit. What's a good editor to use (keep in mind I use Linux)? If I want to use whiteboard videos a la Jeremy Cioara, what software do I need for that? Is there anything else that you suggest I might need?
Thanks. In the meantime I'm spinning the hamster wheels in my mind trying to come up with an intriguing name.
CAT6a UTP vs CAT6 UTP
While searching for networking supplies, I came across CAT6a UTP cable. It was my understanding that CAT6a was always shielded and that was the main difference between CAT6 and CAT6a, but finding CAT6a UTP has me a little confused. What's the difference between CAT6 UTP and CAT6a UTP?
Issue with my Forticlient SSL university VPN, looking for some help.
Hey guys, I recent got access to my university VPN to access on-campus only databases when I'm outside of university. It's an SSL VPN that uses the FortiClient Console.
I successfully managed to connect to the VPN network (says that it's connected on FortiClient), however it doesn't seem to work as I still cannot access any database.
I did the command "ifconfig | grep "inet " | grep -Fv 127.0.0.1 | awk '{print $2}' " on my mac terminal to display my IPV4 addresses and here's the output. The green highlight shows the IP address that corresponds to the one displayed on my FortiClient console.
Any idea of what I did wrong?
(I tried to contact my uni about this problem but they're on holidays, which is why I'm asking here)
Question about DNS transport protocol
I read that DNS uses UDP port 53. Shouldn’t domain name service be TCP since it is important which order packets arrive in and confirmation is needed to make sure they arrive? Thus shouldn’t tcp be used instead of UDP? Thanks.
Voice Gateway / POTS to GSM
Hey Guys, i may be in the wrong subreddit here but i didnt find one close to it as this one.
So:
I have a landline connection in a house, in the house there is only the landline no wifi or else.
Now i want to make calls through that landline with my mobile phone even tho i am not there. Now there is the option with a voice gateway which plugs in the landline jack and connects to the internet (could be solved with a mobile router) and then i would be able make calls over the landline with my mobile phone.
BUT:
I have a few more houses where i would like to do this, and besides the voice gateway beeing not that cheap (about 100€) and the need for a seperate mobile router, its not that convenient for me.
Now my question is:
Is there a device in which i can insert a sim card, and connect to the POTS/landline socket and then call that device with my mobile phone and it basically just routes the voice between my phone and the landline?
That would be very practical.
Thanks alot!
Just failed CCNP Security SENSS
60 questions in 90 minutes
3 interactive labs (all ASDM)
Loads of NAT ACL Class maps etc..
Failed to master Cisco Prime features and options/configs. Cisco product knowledge like ESA/WSA
And a bit of snmpv3...
I'll emphasize these on my lab for practice,
Next attempt 5th of Jan,
Let me know if you have queries about the exam
Palo Alto SSL-VPN and Default Route configuration question with diagram
Hi all,
I am new to Palo Alto and VPN in general and I have a question.
Diagram:
・Is it possible to use the WAN2 link and a default gateway when a remote pc is connected via VPN?
The goal is to connect to the SSLVPN configured on Palo Alto 1, get a default route that somehow points to Palo Alto 2 so
the remote PC connected via VPN can access Internet exit using Palo Alto 2's WAN interface.
Also, remote PC connected via SSLVPN must still access the internal office lan network.
I am waiting for the equipment to arrive so I can test this scenario but I thought it wouldn't hurt ask also here.
Thank you in advance for any suggestion/hints.
Friday, December 14, 2018
Network going down every 10 minutes - broadcast storm? Maybe a loop?
Hi r/networking,
I am troubleshooting a small business network of ~24 devices . - switch is unmanaged 24 port (I know , I tried to convince the owner to get one ) - there are 12 IP phones , the computers are connected through the phones - one NAS , one printer
Every about 10 minutes the whole network comes down , until the switch is rebooted and then it goes down again in roughly 10 minutes . When it's down , wired devices can't get an IP from DHCP nor can they ping other devices on the network. Wifi works OK, can ping other devices and access the router's admin panel. Wireshark shows lots of ARP packets going around . I tried replacing the switch , but the problem persists . I have a feeling that it's a bad device on the network causing a broadcast storm or the network is looped somehow .
Any suggestions on how to troubleshoot ?
Thanks for your help :)
10gbe, 70% packet loss.
First, I'm troubleshooting this off-site. It hasn't gone well. Netgear M4300 24x24 switch, most of which is copper. Pings between machines (specifically HA IXsystem TrueNAS servers) show a whopping 60% packet loss.
I'm not even really sure where to begin as everything has been reset to factory.
Vendor said 'cables too short', so we buy new ones. "Use Fibre not copper", so we buy new ones. I'm waiting for the 'well, it's your switch' comment, even though there are a half dozen working just fine.
Nothing suggested has worked.
We're not even loading this thing (yet). Just a little game of ping-pong.
Halp pls
The company I work for has a small LAN with both wired and wireless machines. I'm developing some software for them, but am running into intermittent network issues. We have a SQL Server running on a PC, and the other machines randomly cannot connect. Pinging the server machine yields a Destination Host Unreachable message instead of a request timeout. The problem is usually resolved by disconnect/reconnect to the LAN on the server machine. Any help would be greatly appreciated.
How do i prepare for ACCA clearpass cert?
How do i go about prepping for ACCA. I dont seem to find a book on it and very few to none youtube videos.
Software to test QoS across hops
Hey all, what I’m looking for is a bit outside my domain, so I might not be sure what exactly to ask for...
We work with clients to provide wireless capabilities at sites in which we sometimes have to piggy back off of their network without the ability to dig into their configurations down.
We occasionally run into issues where VOIP performance is degraded when the network is congested. Client says our equipment is at fault, but we have QoS properly configured on our end.
What we want to be able to do is to test QoS forwarding from an endpoint, through the hops in a client’s network, and be able to show them where in the chain either congestion or improperly configured QoS forwarding is at in case they need to fix their own equipment. We’d like to let an endpoint monitor for a period of time to check when the network becomes more congested.
In my brief bit of research, I noticed that Solarwinds and Thousand Eyes have products that can measure these types of stats, but have no experience in the quality of said software.
Any experience as to what has worked for you for this purpose?
Network Design Question
I'm looking at a few hyper converged servers, and two Catalyst switches. This is a new clean slate. My concern is not with the hardware, but rather the best way to configure the switches for redundancy to keep the hyper converged systems online (think disk replication etc) in case of switch failure or maintenance.
I have VSS on another switch pair that works well. I get to use all uplinks, and can attempt to ISSU if really wanted to gamble. Having one data plane does bother me.
I'm leaning towards HSRPv2 or GLBP. I could double up the links (2 to each switch / device) to get the same available throughput as VSS if I really had to.
Any thoughts or suggestions?
Connecting a Cisco WAP to an AT&T modem/router?
Howdy,
At a small business I help with they have recently gotten internet. It's from AT&T and they have a BGW210 modem/router. The device has the ability to setup a "Home" SSID and a "Guest" SSID. The Guest SSID is setup as "Internet Only" from a dropdown box. This all works fine.
However, the range of the modem doesn't reach into the far end of the building or into the 2nd level. We really only need the "Guest" network (for internet only) available in the remote locations. All the office work is within range of the main router. So, I thought we could add in some Cisco Access Points to extend the network. I have two Cisco 1142 WAPs and am not sure if or how I can configure them to work with the AT&T router.
I don't know how the inner workings of the AT&T router work to know if I can setup these WAPs to work in conjunction with the router and am looking for ideas. If anyone knows how I can potentially set these up so that people have internet access from the main router and the two WAPs, that'd be great.
Thanks!
Would i be able to give a decent interview performance using mostly knowledge gained from studying certification?
Iam a CCNA R&S certified network enginner (L2) with 7+yrs of exp and mostly handled L1 & L2 level responsibilities. My problem is that all the projects i have worked in till now are maintenance projects and my responsibilities were extremely limited & somewhat basic in like configuring access list, trunk/access vlan, coordination with service provider for link issue, etc. Since i haven't gained extensive knowledge in my work, i was thinking i should certify myself with CCNP to increase my knowledge/employability.
Could i compensate for my lack of extensive workplace knowledge with certification based knowledge to give a decent performance in interviews (many of what i read only in certification, iam thinking of saying i used in work in interviews)?
Forwarding/authorative DNS (appliances?) with an extra bit of security
I know I just asked about DHCP appliances but how about DNS? We're currently just running mixed environment (~30k users) with Windows DNS/BIND as internal DNS and BIND as external. We have Fortigates, F5's etc. that all could provide some sort of "Advanced DNS" stuff at least according to their datasheets. There's just so many different DNS products with different levels of security, and also lot's of services you could buy...
I guess clustering DNS services is quite easy (HA pairs and anycast addresses...) but how about those security features, what do you use or would like to use?
Any other ideas or thoughts?
Thanks!
Automation and CI: How do I create a continuous integration system for network automation?
So I have been getting deeper and deeper into network automation using python, and one of the things that I am reading is the concept of continuous integration. That is using automated platforms that run tests on your code to ensure they produce the expected results. My question is, is there any way to perform automated unit tests on code who's function is to log in to network services and perform certain configuration tasks?
In particular, I'm working with Solarwinds IPAM API, Cisco NGFW, and Cisco ACI.
Routing Question
Hey everyone, quick question.
When you configure a VLAN on a network switch, shouldn't you be able to ping the gateway from a device on a different subnet?
Thanks!!!
AWS Networking -a look behind the scene -where can I have a look ? :-)
Hi guys
Are there any documents that show what is the network piece behind any network concept used in AWS?I would like to understand how route tables are implemented. ACLs are ...clear and not quite (they have limitations compared with the ACLs we know from a regular NOS). How are the network segments stitched together, how are the network load balancers, vpn gateways firewalls built and so on
Also I am curious about the way they build their backbone, how DirectConnect is built and so onSomething like in this doc https://www.slideshare.net/AmazonWebServices/behind-the-scenes-exploring-the-aws-global-network-net305-aws-reinvent-2018
Short distance wireless bridge
Two buildings ~60 feet apart. Would like to get usable bandwidth of over 500Mbits.
I tried to use some existing equipment first...doesn't seem to get me what I need but I'll give some details in case I'm missing something....
I have two Cisco 2702i's hanging around to test with (will get access to some 2702e's but that is a week or two away) and I wanted to make sure the 2702's would be sufficient. I configured them with a root bridge/non-root bridge setup so no not a WGB setup.
I could never get them to pass traffic at anything over 450Mbits (reported via iperf anyway) and I need something just a bit higher. I know I'll never get the "advertised" rate in the spec sheets of 1.3Gbit because that includes both radios which don't get aggregated on a point to point link but the 5Ghz *SHOULD* be able to reach 867 (I think that's the number).
We tweaked about everything I can think of in the configuration. Would a patch antenna on 2702e's behave differently or is this the best this thing can do? Having the two i's sitting in the lab 10 feet from each other even with the transmit power turned down still didn't behave correctly (channel bouncing) - it wasn't until I moved it across the building that I was able to run it up to 450.
Here is what the non-root side shows:
Key Mgmt type : WPAv2 PSK Encryption : AES-CCMP
Current Rate : a9.3b8 Capability : WMM ShortHdr 11h
Supported Rates : 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0-4 m1-4 m2-4 m3-4 m4-4 m5-4 m6-4 m7-4 m8-4 m9-4 m10-4 m11-4 m12-4 m13-4 m14-4 m15-4 m16-4 m17-4 m18-4 m19-4 m20-4 m21-4 m22-4 m23-4 a0.1-8 a1.1-8 a2.1-8 a3.1-8 a4.1-8 a5.1-8 a6.1-8 a7.1-8 a8.1-8 a9.1-8 a0.2-8 a1.2-8 a2.2-8 a3.2-8 a4.2-8 a5.2-8 a6.2-8 a7.2-8 a8.2-8 a0.3-8 a1.3-8 a2.3-8 a3.3-8 a4.3-8 a5.3-8 a6.3-4 a7.3-8 a8.3-8 a9.3-8
Voice Rates : disabled Bandwidth : 80 MHz
Signal Strength : -47 dBm Connected for : 16783 seconds
Signal to Noise : 48 dB Activity Timeout : 15 seconds
The root side says this:
Key Mgmt type : WPAv2 PSK Encryption : AES-CCMP
Current Rate : a9.3b8 Capability : WMM ShortHdr 11h
Supported Rates : 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0-4 m1-4 m2-4 m3-4 m4-4 m5-4 m6-4 m7-4 m8-4 m9-4 m10-4 m11-4 m12-4 m13-4 m14-4 m15-4 m16-4 m17-4 m18-4 m19-4 m20-4 m21-4 m22-4 m23-4 a0.1-8 a1.1-8 a2.1-8 a3.1-8 a4.1-8 a5.1-8 a6.1-8 a7.1-8 a8.1-8 a9.1-8 a0.2-8 a1.2-8 a2.2-8 a3.2-8 a4.2-8 a5.2-8 a6.2-8 a7.2-8 a8.2-8 a0.3-8 a1.3-8 a2.3-8 a3.3-8 a4.3-8 a5.3-8 a6.3-4 a7.3-8 a8.3-8 a9.3-8
Voice Rates : disabled Bandwidth : 80 MHz
Signal Strength : -49 dBm Connected for : 16830 seconds
Signal to Noise : 47 dB Activity Timeout : 30 seconds
The existing gear approach was an interesting science experiment...but mostly a waste of time.
Suggestions on what to use? Looks like autonomous is no longer an option with the 1800/2800 devices but I'm guessing that you can do a bridge+pass VLANs with the mobility express? I need to be able to trunk VLANs over this. I have an aging controller (2504) but I've always preferred autonomous on wireless shots like this.
I'm concerned that the purpose-built ones won't work right since the distance is so short - suggestions, comments, words of wisdom? Of course running fiber would be ideal but this is something I have to get this going in the next few weeks and I haven't been able to find any ducts that cross the "road" (private complex).
Does a network's latency affect its availability?
I am calculating the up time percent per year (availability) for simple paths across pairs of nodes in a network of 40 nodes. I wanted to know if there exists a quantitative and theoretical relationship between the latency and availability such that I would need to penalize the network's availability if the latency on a given edge between two nodes is very high. Or are the availability and latency numbers independent of each other; in other words I could have the same availability even if the latency is very high.
Palo Alto assistance - NAT, Security rules, etc
Let me premise this post by first stating my current level of expertise. Mostly so any potential assistance can be explained at a level that I can easily grasp. I currently have a moderate understanding of most areas of networking and systems support. I had my CCNA many years ago, but have not had much related worked for 5+ years. My understand overall would probably be considered intermediate.
I am writing this post seeking guidance for my first exposure to Palo Alto equipment, as well as some other Cisco gear. I recently moved into a role where the previous (extremely talented) Network Engineer was transferred to another role. Unfortunately I will not be able to reach out to them for any assistance. As well, other technical resources in the department are limited to mostly non-network staff. Hopefully that can illustrate enough to allow enough understanding of the challenge I am up against.
So, I am trying to digest as much as I can about the PA and how they function. I'm currently faced with a few issues that I would like some clarification on. Most of which appear to be the core function of how the PA will process traffic. I'll type out a few examples of what I'm trying to resolve in a few areas of the infrastructure.
I'll try to keep zone, IPs, etc to arbitrary values.
Zone1 needs to talk to Zone2
Zone1 subnet = 192.168.10.0
Zone2 subnet = 192.168.20.0
Zone 1 and 2 are assigned to different sub interfaces
Zone 1 and 2 may or may not be members of different virtual routers
Regarding the Security policy configuration, I think I have a basic understanding of how it functions. If I need to allow access from Zone1 to Zone2, I would create a rule similar to this.
Source Zone: Zone1
Source Address: 192.168.10.0/24 or specific IP in that subnet
User: Any
HIP Profile: Any
Destination Zone: Zone2
Destination Address: 192.168.20.0 or specific IP in that subnet
Application: Any
Action: Allow
Now, would I need to create a reverse rule for 192.168.20.0 to talk to the 192.168.10.0 network? Or would outbound connections from 192.168.10.0 be considered stateful by the PA? I would assume traffic originating from the 192.168.20.0 would need it's own rule for this to work?
Now NAT, this has me confused. I can't seem to figured out the best way to establish this for internal traffic that would be crossing zones. Or more importantly, how this would be handled in a no NAT situation. If Zone1 needs to connect to Zone2 without NAT, I'm a bit lost.
Would this NAT rule be correct? What about reverse NAT?
Source Zone: Zone1 (interface Ethernet 1/1.100)
Destination Zone: Zone2 (interface Ethernet 1/1.200)
Destination interface: Ethernet 1/1.200
Source Address: 192.168.10.0/24 or specific IP in that subnet
Destination Address: 192.168.20.0/24 or specific IP in that subnet
Service: Any
Source Translation: None
Destination Translation: None
I will have some more questions regarding Policy Based Forwarding as well. However, I would like to get these first few questions figured out first.
Thanks in advance!
Help with Routing issues
First time poster... Please be kind. ;-)
We currently have a branch office that is connected via direct fiber and it's going through our Avaya switches and everything is routed back through our head office avaya switches.
At the branch office we have a need for an external service (out of my control) that needs to connect to our network and in particular communicate with server and route traffic out of their wan. They are making us use a FortiGate 60D device to connect to their wan and our internal network. If not very little experience with Fortinet products.
I have setup the WAN port on the FortiGate to connect to their modem and setup an internal port to connect to our Avaya switch and put it on VLAN 10. The device the service needs to communicate with is on our Server VLAN which is VLAN 2.
I am pretty sure I have my static routes setup correctly on the FortiGate but the issue i am seeing is when i do a Trace Route from the FortiGate to the server that it needs to communicate with I am seeing that the traffic is being routed back through our head office and than back to the FortiGate. Same goes when I do a trace route to the outside it's being routed through our head office and out through the head office External connection instead of being routed through the WAN port of the FortiGate.
I am hoping I am missing something simple. Maybe the problem is with the routing on the Avaya switches?
DCNM 11 Border Leaf Question
Can someone explain to me this issue.
In DCNM if you set a leaf to be a border leaf, and then add the networks to the border leaf, it does not add the VLAN SVIs?
I deleted the spanning tree root bridge
This was intentional, but it caused spanning tree to become unstable for that vlan, which appears to have caused some cascading issues. Fortunately these issues resolved themselves and the network did not implode, but I will be needing to make a similar change in about a month and I'd like to not cause the same issue.
Is there a way that I could do this more cleanly?
Does anyone call their NOC something other than NOC?
Like, are their alternative names for the group that does what a NOC does?
cat5e and power cable
Preface
I FEEL like I should get a million results, but it seems my google-foo is not strong enough.
Please do not flog me with a stripped 6A cable if this has been asked before.
I don't do the wiring myself. I'm a one man IT dept. for an environment that I inherited.
New cabling is done by a third party.
The heart of the matter
Everybody and their granny know that Moses actually had three stone tables, but he dropped one and nobody saw commandment 11 through 15.
Number 11, as we also all know, was "thy shalt not run thine ethernet cables and thine power cables in the same enclosure".
Sadly though, exactly that has been done in my company, everywhere.
Is this a quantifiable difference? Can I measure performance is lost somehow, or estimate this to some degree?
Example
This part may be entirely unnecessary.
I sit at a 4-way computer island. Below is a (probably too long) description of the situation.
Should I expect a big difference if I were to separate ethernet and power?
Code block is a top view, pound signs are our desks, dashes and pipe symbols are all the power and ethernet cables combined. Plus signs are where cables from different directions come together.
"P" is a printer shared by 2 users.
| | | | ####P#### +------------+---- ####P####
The total cable length from pc to switch is about 8 meters, and let's just say for the sake of ease that this is also the same length that ethernet and power cables run side by side.
Each workstation has 4 power cables (pc, dual monitors, dect phone charger) and 1 ethernet cable.
The printers also have 1 power cable and 1 ethernet cable.
All power cables go into 2 power strips, plugged into the cable trunk at the wall.
There are 10 electrical outlets at the wall, only these 2 are being used.
The ethernet cables obviously each go into their own jack, in the same cable trunk.
All ethernet cables are 5e, all power cables are... ehh.. black.
Switches are gigabit.
Am I being robbed of precious internets?
In other places of the room (you guys are going to love this) the ethernet cable runs alongside power cables of TL lights.
Final thoughts
So, should I use all my might and influence to get my company to renounce their evil ways?
If you separate them, by how far? Does it suffice to have them bound in 2 runs in the same conduit, with 10 or so mm in between, or do I really need individual trunks/conduits to have them centimeters apart?
Will my dl speed go from (random number, not tested lately) 10Mbps to 50 Mbps, or to 10.5Mbps?
Bonus question
Speaking of Mbps, how do you determine if people have an acceptable speed everywhere in the company, with varying use and many people doing many things?
How do i look for business partners or investors?
I have a few business ideas that i want to explore and i am actively looking for partners and investors that share my passion and who i can work with. But i do not know anyone in my immediate circle who are interested.
These ventures are in the fields like social entrepreneurship, sustainable living of the younger generation, renewable energy, etc. The main goal is still to make profit, but the motive is to help the society.
-
Should i specifically connect to people who have the same advocacies as i do? Or talk to entrepreneurs who could hopefully help raise funds?
-
How do i find people who might be interested in my projects?
-
How do i connect with them?
-
If i were to send them cold messages, what are the critical points that need to be in that first message to avoid getting overlooked or rejected?
-
Do i pitch all my ideas (say around 5) all in one meeting and let them choose? What if they say no but then uses that idea with someone else?
-
How do we negotiate ownership percentages during discussions?
I apologize for the slew of questions but this is my first time doing something like this and i want to make at least one of these work for various reasons. Also, i am very nervous i do not know what to expect.
Port Forwarding Question
Hi all, I'm not too great with networking so I had a question. If I don't have access to configure a router, (we'll call it router 0) is it possible for me to use a different router (router 1 - which is connected to router 0) to port forward and bypass configuration of router 0?
Windows 10 - Cert. Based Auth. - Computer does not use Cert
Hello
I'm helpless here.
I wannt to rollout a Client Cert to Win. 10 Clients for Auth. on the WLAN.
But the Problem is, anytime i set up the connection on the Client, i get a "cant connect because you need a certificate to sign in."
What are the Req. for the Client Cert?
It is a CLient Problem, as i can see on the WLC the IdentityRequest - and no Response from the client, as he does not finde a usefull certificat. But Why?
What is wrong with my Cert. ? I cannot finde any usefull Guide for this.
Displaying logging messages to vty terminal
So I’m so used to seeing this already setup in production environment i am unsure how to accomplish this task.
Basically, I’m trying to permanently enable the “terminal monitor” command..
I want logging messages such as ospf updates or link status to be displayed in the CLI terminal session when your telnetted or SSH’d to the router... is there a command that makes terminal monitor last longer then a one-time session?
Or do I need to setup logging hostname x.x.x.x, where the IP is the telnet/ssh address? (I cannot test or lab it out right now cause I’m away from equipment)
Updating Cisco ASA SSL cert from internal CA
I am trying to update the SSL certificate on my ASA 5510, but I need to do it from an internal CA. I have created the SSL cert and installed it onto the ASA, but I am getting an error when using ASDM to attempt to connect to it.
The error is "JNLPException[category: Download Error : Exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Extended key usage does not permit use for TLS server authentication"
From my research, I need to change the certificate templates on my CA to include client authentication for automatic response, but can't find anywhere that actually tells me how to go about that... Thanks in advance for the help.
Monitor & Troubleshooting PBXs - VOIP
Hey everyone, a bit of a preface. I stuck in the middle of an argument between our network admin, a PBX consultant, and our users. I'm needing some advice on how to at least identify the issue.
We use on-prem PBXs spread around the US in each of our call centers and one at our corporate office. Our corporate office often complains about static like noise and one-way communication. Our network admin says it's not his network
The PBX consultant says he's set up hundreds of PBXs for many different companies. That it's almost never the PBX box and always the FWs. He keeps saying that he's looking into the issue but cannot find anything.
Our Users don't care who's at fault. They just want it fixed. Namely the CFO and COO are starting to raise the issue because the frontline employees never get their problems fixed, it's also directly affecting the CFO. His office phone works only 50% of the time.
I'm in the middle of this because the network admin calls me his "phone guy" I'm his gatekeeper. I get chewed out by the users, then both the PBX and netadmin deny any issues, tell me to go swap their phone for another one. Won't take any calls from users. What's worse is that netadmin has our director convinced that is the solution. So he has managers buy-in/confidence
All we've been doing when anyone puts a ticket in is replacing their physical phone with the same type/model they've had. I know this isn't going to solve anything.
I keep reading about VOIP. I see that it has it's problems but there's got to be a way that users phone's work more than 50% of the time... right?
Does anyone have advice, resources, or tools I can use to help at least point to the actual problem? Point to it and yell fix this? My understanding of networking/VOIP is novice at best but I'm willing to learn/try. I'm so tired of being chewed out.
Thanks in advance for any help.
Ipsec over NAT-T
Hello,
Just trying to learn a bit about Firewalls. Thought I'd be ready for it ... Just realized I'm not. But now I have to finish this test and need to document it.
It looks like this:
Computer --- Ipsec device 1 (Local network) --- radio router --- Internet --- Ipsec dev2 ( with static IP) --- computer for data
Radio Router (I don't know if this is the right name):
I have to activate Nat Traversal, right?
Do I need a static Route to the Ipsec device 2?
Ipsec device 2:
Do I have to activate Nat Traversal here, too?
BitDefender Box 2
So I bought this thing before I knew dick about networking, I still don't know shit, but it's better than knowing dick. From what I can gather I could have set up a pi to do practically the same exact thing?
Split Brain DNS Issue
I have a DNS server (based on LFS) which I can't seem to get to resolve my primary domain as I would like.
We have a lot of test servers on our internal network, which this DNS server handles - like test.coname.com, test2.coname.com, etc. However, we also have some externally accessible servers, handled by a public DNS server, like ext.coname.com, ext2.coname.com. Those are available for internal machines, since we have entries for them in the dnsmasq.conf like so:
server=/ext2.coname.com/#
The problem is with just the bare domain, coname.com. I have the following in dnsmaq.conf, which I thought should work:
server=/coname.com/8.8.8.8
So any internal requests for coname.com, or www.coname.com which is not covered by any other entries in the dnsmasq.conf file, should be passed off to 8.8.8.8 . However, this isn't happening. Any ideas would be much appreciated!
Any experience with EDGE Optical Solutions transceivers?
Hi folks. We want to upgrade our data center with more links (10G-SR, 40G-SR internally and a 100G-LR link to our provider) and we are bidding for the transceivers. I came across EDGE Optical Solutions from Latvia. They seem to import and sell transceivers made in China, like other competitors (FS comes to my mind) and have good prices. Does anyone have experience with the company?
Small business network setup
Hello,
Recently I was hired as a production assistant for a small company. Some of my duties involve data ingest and archival.
I've discovered that I basically have full control over the data and networking internally if I want it. No one else in the office has the skillset. My formal education is in Information Technology. Specifically networking. However, I abandoned that route and haven't ever had a true networking job. So I guess advanced noob is my skill level.
Anyways, after a peek into the networking closet I have some questions regarding best practice and proper techniques.
The current setup, to my eye, is not good and even worse is that they paid a 3rd party to set it up thus I don't currently have any access to the equipment. I'm going to meet with the company that set it up and hopefully get them to help me get it set up better or just have them pass off the credentials (if they will do so) so I can do it myself.
The current setup is roughly as follows:
Office
-
15-25 people
-
~10 Cisco VoIP phones
Network
-
ISP line in ->
-
ISP provisioned router/modem combo #1 ->
-
DrayTek router ->
-
48 port PoE Cisco switch (don't currently have model number) ->
-
router/modem combo #2 for Wi-Fi
The previous business was some sort of highly networked environment because there are a couple of patch panels with cable runs to wall outlets and the cisco switch is from the previous business. Currently the cable runs are only being utilized by the VoIP phones. Patched into the switch via the patch panels. The configuration doesn't seem well implemented because the patch cables are patched in to random ports all over the router. I almost feel like the people who installed the equipment for my office just left the previous config and patched into already working ports. I do not see why the VoIP phones shouldn't be on sequential ports.
My goals are:
-
Get the people who want faster, more reliable speeds, on a cable. Especially the design/production team who throw around a lot of data. Eventually I plan to get the production team on a separate 10G network since they are doing 4k video work and such. That's a ways out though.
-
Set up 2 access points for wifi.
-
Get a dedicated modem and possibly get off the Draytek router and move to an EdgeRouter 4. (use it at home and have more experience with it)
-
Configure VoIP on a VLAN, get data on a VLAN.
I've never configured VLANs nor VoIP phones and as such they give me the most concern. I'm not sure how they're currently configured but I get the impression that the 3rd party who installed this is also managing the phones. That's perfectly fine by me I am just interested in getting our internal network in a better state. They complain about the phones being bad when the internet slows down so I do not think they have any QoS set up for the phones and that's also something I've never done but would like to do if it improves the phones for everyone.
Any advice on how to properly set this up is welcome. I don't see any outright issues with my plan but I lack the experience to know for sure. Thanks for reading!
Help with MiFi/Jetpack with Motorola Software
I'll preface this post by saying I know little about networking.
Hello all, I'm having a problem here with a program called Premier one by motorola. (Hopefully somebody is familiar with it, it's police dispatch software)
Basically we have a laptop that is connected to a MiFi/Jetpack (Either wireless or through usb) The laptop then connects to a VPN. We need to be able to run this Motorola program while connected to our vpn.
(This is a client side application we've verified firewalls are not the issue)
The Jetpack receives a public IP of 166.x.x.x
The machine itself recieves an IP of 192.168.x.x when connected to jetpack
The public IP of the machine when it is connected to VPN is 140.x.x.x
Within the config of the program it asks for SubnetIP_Pro and PublicIP_Pro here are the apps instructions for these two fields (Sorry for the long wall of text
SubNetIP_Pro is used to determine which address should be used by the server to communicate with the client. Possible reasons for having more than one address on a computer:
• The computer has two or more network adapters where each one has its own IP address.
• The computer is using a VPN such as NetMotion that assigns an additional IP address to the client. Set this field to the Subnet IP address provided by the VPN. If your client is not using a VPN or NetMotion, then use the local SubnetIP address for your computer available by entering ipconfig at a command prompt. You can often simplify the Subnet IP address by using only the first one or two octets.
Examples : Workstation IP : 192.168.1.10 SubNetIP could be 192.168.1.0 or 192.168.0.0 or 192.0.0.0. The choice depends on whether the address is static or is assigned by DHCP. If the workstation’s address could change to 192.168.2.10, then a SubNetIP of 192.168.0.0 or 192.0.0.0 should be used to allow for the change.
Workstation IPs : 10.44.1.145 and 10.44.98.127. 10.44.98.127 is assigned by the VPN and is the address the server can use to communicate with the client.
SubNetIP : 10.44.98.0 The third octet must be used to identify the VPN address because the first two octets are identical (10.44.). If dynamic addresses are assigned to the workstation, take care when selecting the SubNetIP value to ensure that it will uniquely identify the correct address no matter what value is assigned. SubNetIP_Pro (continued)
Examples :
Workstation IP : 192.168.1.10 SubNetIP could be 192.168.1.0 or 192.168.0.0 or 192.0.0.0. The choice depends on whether the address is static or is assigned by DHCP. If the workstation’s address could change to 192.168.2.10, then a SubNetIP of 192.168.0.0 or 192.0.0.0 should be used to allow for the change. However, be aware that using only the first octet or second octet will limit the amount of unique client addresses.
Workstation IPs : 10.44.1.145 and 10.44.98.127. 10.44.98.127 is assigned by the VPN and is the address the server can use to communicate with the client. SubNetIP : 10.44.98.0 The third octet must be used to identify the VPN address because the first two octets are identical (10.44.).
PublicIP_Pro This field is used to allow the Mobile client to properly function across a NAT network environment. The IP address is the IP address of the public side (outside IP address) of the router. If NAT is NOT being used, the field is not used. Leave it blank.
So in the two fields I would assume that I should put in something like
Subnetip_pro (140.x.x.x)
and leave PublicIP_Pro blank, or fill with the same IP that is in SubnetIP_Pro
That doesn't work,
The only way I've succesfully gotten this to work is to fill PublicIP_Pro with the jetack IP (The 166.x.x.x IP mentioned earlier)
Obviously this doesn't work for me as any time the Jetpack IP changes we will have an issue. Does anyone have an idea on how this might work without having to get a static IP from the Jetpack provider?
Hopefully this all makes sense, let me know if theres any more info I could provide, any help would be appreciated
Network rack organisation tips
Hello everyone,
I'm designing a level 2 network for a new office. It's relatively small, around 50 employees. 4 floors, each will have it's own small network rack. I was wondering if I should : - Alternate switch and path panels - Put all of the patch panels at the top and the switchs at the end. Keep in mind there will be around 48 ports needed for each floor, so it's a small need.
What would be your guess ? Thanks !
BGP between PE-CE - ASN?
We have a customer who is taking redundant internet circuits from us. The CE devices will be managed and maintained by ourselves.
Usually if we do this as part of an MPLS L3VPN implementation we will assign the customer a random private ASN for peering purposes, but in this instance this is for internet only through our global routing table/instance, so theres no vpn involved.
Should we use our public ASN on the CE devices and treat it as iBGP, or assign a random private and treat it as eBGP? We are also providing the customer with a /28 public subnet which will be routable
Ansible and switchport configuration
Just wondering what you guys are doing for switchport automation.
We have a fairly modest number of overall ports (~2000), but I have been relying on looping through them all to configure some stuff on a port-by-port basis (descriptions, access VLANs, etc), and then for the majority of the less specific stuff I specify port ranges (which sometimes gets messy if there are discontiguous configs involved).
The specific part takes a long time, and that's mostly what I'm looking to streamline. Our port descriptions are unique in that many of them describe where the patch drops to, which is nice to know, but getting rid of them would get me one step closer to ditching the specific part altogether. It's also kind of silly to run the task against an entire switch if we're only changing one or two ports, but assigning a tag to each port sounds excessive too. Any ideas for a modular approach to port specification for pushing configs?
Any other ideas on how to speed things up?
L2VPN with EVC Reachability Issue?
Hi, I'm having reachability between Cisco device and HP device. Here's the details of the setup.
Topology (Site A-B Interconnection):
SITE A | SITE B
(10.1.1.1)XR1---l2VPN---X2-----------HP Switch SVI((10.1.1.2)
Configuration:
#### XR1 ####
interface GigE0/1.10
ipv4 address 10.1.1.1 255.255.255.248
encapsulation dot1q 10
interface GigE0/22.10 l2transport
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
mtu 2018
#### XR2 (Pointing to HP) ####
interface GigabitEthernet0/3.10 l2transport
encapsulation default
mtu 1514
#### HP Switch pointing to XR2 ####
interface GigabitEthernet1/0
port link-mode bridge
port access vlan 10
jumboframe enable 9000
bpdu-drop any
We handle site A and partner handles B, Both mac address can be learned on both sites while we are having issue reaching it. No filtering configured in between.
Would like to know if my configuration from site a is correcct and im not missig something.
Thank you
ERP access over site-to-site VPN tunnel
We just acquired a new company in another state and they are not yet part of our domain. As a temporary measure I created a tunnel between their network and ours so our HR dept can access their ERP server via the client to do payroll. (We are both using Sonicwalls) The tunnel works and I can ping the ERP sever from one of our HR laptops located in my local network but the ERP client can’t connect. We also set up a new server there to start building a new infrastructure for future migration. I can RDP into that and even into some their existing servers, but we can’t connect to any databases using SQL Mgmt Studio. Those are just the things we’ve had time to try
I realize there are a lot of factors involved and without actually seeing the firewall setups it may be impossible to help much. Their firewall is kind of a mess, lots of customization, old configurations left over from companies they used to be a part of but no longer exist. It seems like it’s something preventing access to databases specifically and I’m hoping for some suggestions of things to check.
Edit: ERP System is JobBoss
two vpns at once?
I usually lurk here trying to learn from the q/a.
Possibly naive question:
Can I be connected to two different vpns at the same time from one machine? I almost always use protonvpn but I have some work that has to be done on a corporate vpn--is it possible to be on the corporate without disconnecting from the protonvpn?
Long haul fiber
Hello guys,
I've been in the L2-L3 business at my job primarily, and now I'm migrating towards learning the optical side of things. What I'm wondering about is what to they mean when they say the box has capacity X, and then the fiber itself has capaxity >X? Is it "switching" capacity versus propagation capacity?
For example, "the Infinera XT-S 3600 has 1.2-2.4T capacity with up to 25.6Tb in the extended C band". I'm a bit unsure if it is exactly the same as the L2-L3 capacity definitions.
Thursday, December 13, 2018
MIB Search again.
I redid my OID/MIB search tool. I made it a little better and a lot more stable. Feedback would be appreciated.
What is the difference between connection oriented and stateful protocol?
I am totally confused about connection oriented , connectionless and stateful , stateless. What is each of those do exactly?
Bridge a Level 3 Network Device to a Level 2 Device
I maintain a Wireguard VPN which lives on subnet 10.0.0.0/24. I want to add a Qemu Virtual machine to that subnet. The hypervisor has IP 10.0.0.2 and I want the guest to have 10.0.0.3. I already have it configured so traffic to 10.0.0.3 will go to the hypervisor, but I am a bit unsure how to route it. I need this interface managed by the hypervisor because the guest does not support this protocol.
I am thinking the best way to do this is to create a bridge connected to the guest; however, would the bridge get an IP? It has to right? Typically I'd set the device to be a part of the bridge, giving the original device no IP, then set the hypervisor IP on the bridge, but I don't believe that is possible with a Level 3 Network device such as Wireguard.
I've been doing routing via UFW. Hypervisor OS is Linux. Guest OS is Windows.
Insulated Staples for Cat6?
xpost from /r/electricians
Hey all. So I got a new job working support for a realtor and it turns out they need fixing phone jacks for intercom systems.
I'm doing well enough on phone work since i know ethernet wiring but im doing more and more physical labor.
I've read up on here and got klien insulated tools even tho im low voltage (saved my ass already).
My question. Running cat3/cat6 cable around a room. Any good insulated staple guns? Im also doing RG6 for camera feeds sometimes.
I saw Cable boss staple gun but the reviews are shit.
Anyone got recommendations for good reliable flexible insulated staple guns?
ASR 1006 vs. Juniper MX204
I'm struggling with a decision. I posted a question a while back asking for a recommendation for a 100G capable core router. A few of you replied with the Juniper MX204. As far as physical ports go, the MX204 more than covers what we need. The overall throughput is also way more than we need. The struggle I'm having is that nobody in our space (K-12 education) and anywhere near us uses anything but Cisco for routers. I'm not against going rogue, but I do like that I can call up pretty much any large school district and see what they are doing in the Cisco world.
The Juniper is 1U, which I love, but doesn't have all the redundancy options like the 1006. Otherwise it appears to have all the features we need. We're doing simple static routing, so all the advanced routing stuff isn't really a consideration. We do need something that can handle a good amount of policy based routing as we have a couple different traffic paths that go through and around some web filtering appliances. We also want something that does traffic shaping well so we gracefully limit the rate of traffic heading to our sites as not to oversubscribe their circuits.
Someone that's used both Cisco and Juniper, if cost wasn't a factor, what would you choose and why? Also, if you are a Cisco ASR person and have used their firewall service on an ASR, I'd like to know how it works. We're considering licensing that as part of this project to get application level visibility on traffic running through our core.
Thanks!
Paramiko no existing connection on reconnect
Have any of you ran into this specific problem on network python scripts:
I have a script that makes a device list from a text file with ip addresses, loops through that list and logs into the devices, pushes configs, commits, logs out, and moves on to the next device. Simple stuff, and it works great.
But there was a very high demand from my coworkers to add commit confirmed safety to my script.
So I tried to modify it a bit. Instead of commit, exit, and move to next device, I put in a new function where it will commit confirmed, exit the cli completely and then try to log back in the device, and commit check if it succeeds. Then finally exit and move to the new device.
Blizzare thing is I have so far utterly failed to make paramiko successfully log back in the same device after it logged out. The script gets all the way up to commit confirmed and exits, but then it fails every time to log back into the device. It throws an exception every time that terminates the script. The exception is as follows:
paramiko.SSHException: No existing session
Weird thing is it’s part of a try/except statement but still crashes and ignored the except: clause anyway.
I realize I haven’t shared any specific code but I’m hoping this is something super common all network guys run into when they first start tangling with python that has a common fix that will seem obvious once you explain it to me.
Thanks!
New at OSPF and running into an Issue
I was told to configure OSPF between two buildings here on campus. At first it seemed like everything was working great, but soon i realized that even though I could ping user subnets like the .10, .20, .and 40 that live in the first building from the second building's core and access switches; hosts in the second building, when put on the first building's user vlan/subnet, were not able to pick up an IP address. What would cause this issue?
Media converter MacSec passthrough
Anyone have any recommendations for a sfp to copper media converter that will pass macsec encrypted frames and preferably Jumbo frames as well?
Experience with cisco/checkpoint/palo alto support?
hello - in moving our infrastructure to Azure we've been looking at our options for virtual firewall/IPS appliances, I'm noticing that at least checkpoint's cloudguard and palo alto's vm-series are very similar, I've yet to check our cisco's ngfw. does anyone have experience with either checkpoint or palo alto support? we're an entirely cisco shop at the moment but we're keeping our options open in our move to the cloud and support is something we'll be relying on quite a bit. I know it's something that can be very subjective but wondering if there's any sort of general consensus out there between these providers.
thanks!! if anyone wants to know more about these vendor's solutions in azure I'd be happy to help try and answer :)
Do creative network engineering and data center architecture jobs even exist?
I've been through two firings, and four jumps and I've yet to find a job in the DC metro area that actually wants a creative and dedicated network engineer.
My other issue is I tend to challenge the status quo and make "pros" that are another field entirely defensive as they don't use standard terms for our field.
I was the throwaway on a blog post some weeks back about being fired right before my wedding anniversary while my wife is waiting for me overseas to join her for our planned vacation. That's right even with leave without pay on the table they still fired me right before the weekend of my flight.
I've never been so hurt leaving a job before except when I left the military and I just wish I knew why their lead dev hated me so much and created such a hostile environment.
Anyone looking for a dedicated (although I need a week or two to recover from my relapse in chronic depression now) data center network engineer with some knowledge in docker? 12 years time, sec +, ccent (I know I know I wanted to go higher but I suck at tests).
Thanks all and I hope your routes are up, and your packets blessed with a clean crc at the distant end.
Blogpost Friday!
It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts
Feel free to submit your blog post and as well a nice description to this thread.
Junos Route Table Dump Methods
I am currently trying to dump the entire route table from our Junos OS router that contains a full routing table. I can't seem to find much documentation in terms of dumping this information for analysis such as MRT. As it's just for a simple snapshot I'd rather not go through the hassle of setting up BMP etc. Currently I am just scraping the output and I hope there is a better way...
DHCP appliances vs. dhcpd/Windows DHCP services
We have about 30k devices in the network, and we have few Windows DHCP and dhcpd on Centos to provide addresses for the clients. Wondering if we would benefit something from switching to Infoblox or something (what are the other big players?)
Currently those servers aren't clustered, or we don't have any integration to our IPAM (Device42). Also we're just using vi to manage dhcpd and occasionally break everything with a typo :) So there's maybe something, but still is it worth the money? (Not really sure how much those appliances are)
Any experience or ideas? Thanks!
Can we determine the cause of increase of volume of BGP Advertisement?
Hi Guys,
I'm just wondering, Is it possible to determine / pinpoint the cause of sudden increase of advertised internet routes using CLI only? to check if route leak occur or to build comparison..
Thanks
Cisco N9K - Create a "dummy" port?
Looking to create a "dummy" port temporarily on a Cisco Nexus 9K.
We are spinning up a cross-connect in a co-location datacenter, and want the remote technicians to be able to plug in a cable, and see that the link comes up physically (LEDs) but we don't want the port to connect to anything.
By default, the port is on VLAN 1, which I generally don't want people plugging into.
I know I could make a "dead" VLAN, and make this an access port, but is there an easier way to "create an interface that connects to nothing"?
Thanks!
tool online to see every DNS entry for an IP address including any subdomains
Hello friends,
I'm looking for a tool online that show every DNS hostname that is associated to an IP address. Let's say for example my companies public IP address that resolves to our website is 1.1.1.1 . I'm looking for a tool that if I type in 1.1.1.1 it will show me all the subdomains as well for example
Am I asking the right question here?
From what I found online, I guess there isn't a cut and dry way to do this, but just sending out the question in case someone knows...
Thank you
Problems connecting HP 1810-24G and Brocade 6450-24
Hi,
Currently have an HP 1810-24G, and I have purchased a used Brocade 6450-24 as I have put my servers and workstation on 10G.
Both switches work fine independently with VLANs and LACP trunks to computers, but I am struggling with connecting the two switches together. I first created a LACP trunk with four ports, and added/tagged all the different VLANs that I need to have access to on both switches. When I connected the cables, my network (even my workstation) froze and I lost communication with everything (tldr; my network went apeshit).
When I disconnected the cables between the switches, things went back to normal, stable operation, so it was clear to me that the reason was that I connected the two switches.
Later, I tried to just connect with single ports and an untagged VLAN but I did not get any communication across.
Any idea's on what can be causing this, or how I should do this?
I am quite familiar with the HP Switch, but the Brocade is a bit more intimidating. I've been wanting to reset it, but I don't have access to a RJ45-Serial cable (yet, order is placed).
Connecting the HP switch with other, simpler switches (TP-Link TG108E) has worked fine with VLANs.
Any suggestions on things to check?
US-48-500W vs US-48-700W difference?
Reading the specs, the POE per port is the same.
Anyone know the difference? Is it max power 700W? I don't think I am plugging in more than 15-20 combined Polycom phones and APs.
F5 iRule
Hello everyone,
There is an iRule we have one of our Virtual servers that I don't quite understand what it does:
Here is the image of the iRule. From what I think its doing is that this irule takes the URL happyfriends.com/home and redirects it to happyfriends.com
Is that correct?
Compact Cisco switch with UPoE support?
I am looking for a small Cisco switch with UPoE support. Is the smallest Cisco switch that offers UPoE the WS-C3560X-24U-L or have I missed a model?
We are looking to deploy 4 x AIR-CAP1532I-A-K9 AP. The location is far away from the rest of our environment.
The 2960-CX and 3560-CX only come with PoE+ ports.
The requirements are as follows:
- At least 4 UPoE ports
- at least 1 SFP port (to run SM fiber back to our facility). Two ports would be a bonus
- Cisco hardware
If I can't find anything we will just need to use UPoE injectors.
Thanks in advance!
Reading the Datasheet, it says the power draw on the i model is <30w. It shows powering options as either 802.3at or UPoE. All of our current switches are 802.3at compliant (PoE+) but when we connect them to the switches they show medium power(30w) in the controller. Does anyone know why this would be?
Need help with a networking project.
I've included pictures of the supposed network that I have to set up on the Cisco Packet Tracer program.
First and foremost I DO NOT want someone to simply do it for me, I'd like to learn how this is done. I've been sitting on it for a couple weeks googling how-to's but I still haven't gotten it to work.
I currently have it set up same way in the pictures static IP's added to the computers and routers. I've connected the everything via OSPF and as able to ping everything from anywhere. This is where things started to fall apart.
I had added the vlans to each of the switches and began trunking with STP but that seems to have broken everything. I have vlans on opposite sides of the network and they can only ping themselves within their network and not the same VLAN outside the network or anything else.
I guess my question boils down to what string of text is best to resolve this in order to get the computers to ping eachother within their respective vlans and networks.
Strange OSPF LSA Behavior Question
Can somebody please help me understand why the below LSA doesn't have the "Adv Router is not-reachable" message above it? The Advertising Router IP (172.26.100.2) is in a separate VRF and not in the same RIB as the OSPF process.
router#show ip ospf database external 192.168.100.0 OSPF Router with ID (1.1.1.1) (Process ID 1) Type-5 AS External Link States LS age: 65 Options: (No TOS-capability, No DC, Upward) LS Type: AS External Link Link State ID: 192.168.100.0 (External Network Number ) Advertising Router: 172.26.100.2 LS Seq Number: 80001C78 Checksum: 0x1A4B Length: 36 Network Mask: /26 Metric Type: 2 (Larger than any link state path) MTID: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 router#show ip route 172.26.100.2 % Subnet not in table router#show ip route vrf MANAGEMENT 172.26.100.2 Routing Table: MANAGEMENT Routing entry for 172.26.100.0/24 Known via "connected", distance 0, metric 0 (connected, via interface) Routing Descriptor Blocks: * directly connected, via GigabitEthernet0/0/2 Route metric is 0, traffic share count is 1
Induction for a junior network engineer
Hi,
I have a Junior engineer starting soon and inspired by this post on r/sysadmin i thought i would see if there was anything i'd omitted from their induction that i should include.
We're a small team and he'll be the sole network engineer (i buy in elevated skill sets as required). Although he's starting as a junior I'll be looking for him to progress quickly and show ambition to take ownership and responsibility in the medium term.
In terms of softer stuff, i'll introduce him to the rest of the team and colleagues. Show him round the head office and some nearby locations. I'll also do a small piece on culture/values of the company and department. Cover off payroll etc.
On the technical side, I have a 10 slide presentation outlining the products and services we offer. I have a large whiteboard by his desk with some useful info on it: WAN diagram; list of sites; details of INT; POTS; SIP uplinks; list of systems and software he'll be using/supporting.
Over the 1st week we'll do 2 x 1 hour sessions each day where we cover a topic over the course of the hour. 8 to 10 hours over the week should be plenty.
And obviously, he'll have access to our documentation for more detail on all aspects of our infrastructure but that's not really induction specific.
Is there anything that was in your induction that you thought was cool or something that you wish was included to make the process better for you?
Switch code bug review/scrub
Hey all!
I'm looking to get some input on your individual processes for reviewing a new version of code and the bugs that are associated with it. The current process that my team and I are using is having Cisco AS perform a "Bug scrub" where they list out all of the known bugs related to a particular version, put it into a pdf, and then review the doc with us and we discuss with them the impact of particular bugs and come to a consensus on whether or not we will move forward with a limited test deployment of the code and then eventually deploy it enterprise-wide.
The current issue that we have with this process is that it takes months at a time to complete and if there is a catastrophic bug in the code we scrap the scrub and move on to the next version, which then takes another few months to complete. Even after we find a version that we decide to move forward with we seem to keep finding new corner case bugs that were not known to that particular version when we reviewed it.
Now this process only applies to our Cisco equipment, which admittedly is far too big of a percentage of our environment but I digress. For other platforms that do not have the arches branded on them we're kind of on our own to review release notes and dig up any related bug information, to which we can then take it to our account team and have them put us in touch with an engineer to answer questions we have.
tl;dr - What sort of process do all of you follow when reviewing new version of code for your routing/switching and other various network platforms?
Having issues with vlans and getting traffic to pass thru, please help!
tldr: Have APs with 2 vlans(these should not talk to each other), going thru a layer 2 switch to a sonicwall. untagged traffic passes fine, tagged gets blocked/cant get dhcp or even static ip to route.
Im not a network engineer by any measure and im having difficulties with getting vlan routing to work.
In our environment we have 5 Ubiqiti Unifi-AP-AC-Pro APs with 2 wireless networks (laptops, mobile phones and one for testing). At the moment all 3 wireless ssids networks are on the same subnet (10.8.4.1/24), I want to separate the mobile phones (10.8.6.1/24) and laptops (10.8.5.1/24) into their own networks and then route all mobile phones thru our second internet connection thru comcast vs our cogent link. THe mobile phones should not communicate to the other networks which from my understanding should be ok with layer 2 switching.
Ill start by going over the APs, then the switch they are connecting to and then the sonicwall.
On the unifi APs, this it the configuration for the networks. Everything in production currently passes thru the LAN network. The other 2 are set up for what I want to do. vlan 500 is for laptops, 600 for mobile phones.
https://imgur.com/a/6tq3RC1
This is the set up for the wireless networks so you can see that only test is set to use vlan 600.
https://imgur.com/a/GD6Y5GC
Now, onto the Engenius Layer 2 switch. I have the APs plugged into ports 2-6 and the uplink to the sonciwall is on port 1. https://imgur.com/a/aKOOCtf
The PVID is messing me up and Im not sure if this is correct. I cant add multiple vlans to each port so Im not sure if what Im trying to do is technically possible with this switch.
https://imgur.com/a/cWNqCAU
Now onto the Sonicwall. The uplink from the switch is coming to interface x2 and has 2 vlans x2:500 and x2:600 set up with DHCP scopes set for each. For now, Ill just show the info for vlan 600.
https://imgur.com/a/9sIurae
https://imgur.com/a/aOEMTUC
https://imgur.com/a/OpqIM0v
So, the question is, what am I doing wrong? I know im missing something glaringly obvious and I dont know what it is. This is my frist time working with vlans and would really like to get this figured out. Any help is appreciated!!
Thanks, Rob
Console Port on ProCurve 4208vl Switch
Hello!
I am unable console in to my HP switch. I've tested my cabling and driver, and all seems to be well. When I plug into the RS-232 port, open putty and connect via that channel, I get a blank putty screen. I do the normal "double tap" enter key, and no response. Of course the switch is wayyyyy past EOL, and hard to find support for. Do any of you great people have any ideas?
Thanks in advance!
Noob question on routing and switch configuration
I've got a bit of a noob question here about a school network that has only really been worked on before by MSPs. We have an environment with one big 10.3/16 (on VLAN 1) as well as a bunch of new smaller subnets we're transitioning to like 10.4.50/24 (our management VLAN, 50) (where VLANs map 1:1 to subnets). We have a core switch, 10.3.100.1 as well as the first address on every subnet/VLAN, that does all of our inter-VLAN routing.
We have a fiber trunk running directly from the core switch to our primary switch for our other building 200ft away (we'll call it Switch X, 10.3.100.184, an HP ProCurve). Said trunk has all VLANs tagged on it.
In the process of trying to put all of our switch management addresses on the new management VLAN, I've been going to each switch, adding a 10.4.50.x address on VLAN 50. All went well until I got to Switch X. I decided to remove its old 10.3 address. The moment I did so, I lost connectivity to its other address as well. As far as I can tell, this caused no service outages for anything else.
After consoling in and restoring the previous configuration, I took another look at the current configuration of the switch. A couple of lines stood out to me:
ip default-gateway 10.3.100.1 ip route 0.0.0.0 0.0.0.0 10.3.100.1 ip routing
(full config pastebin here: https://pastebin.com/Rhiap8Aa)
As far as I can tell, the config contains nothing else pertaining to routing. In fact, it looks nearly identical to most of our other switches. Can anyone think of a reason why this switch should have routing enabled at all? If a device were to have its default gateway set to 10.3.100.184, would all traffic going to another subnet just be redirected to our core switch?
Also, am I correct in my assessment that by removing the 10.3 address, I removed access to the gateway and thus isolated the switch so it could only be accessed by a device already on the 10.4.50/24 network?
How to obtain all IP addresses assigned to Google/Facebook etc
Hello reddit i am trying to make a list of all IP addresses ranges assigned to various companies in order to whitelist them.
Can anybody guide me on how should i do this?
Network Infrastructure as Code: what are you guys using and how are you doing it?
Hi guys
I am looking at Network Infrastructure as Code as an option for our way we configure or reconfigure and deploy devices. I have no experience with this and I would like to learn from you, if you can share your experience and your approach for this.
For the moment I am thinking about very simple things like having a template, changing the template, generating configs every time the template changes, and pushing these configs to devicesI would like this to be a fully in house solution.As far as I can understand I will need GIT and Jenkins. If there are any other options please share them.
I never worked with Jenkins and I have no idea what are its capabilities
One thing that I am interested in is a software that I can use to deploy different branches of my git source manualy. I want to got there and say deploy to these devices this and these configs. I don't need the deployment to necessarily be tied to a change in the "source code" aka config files but it should rather be a flexible tool that can deploy certain branches of my git when told to do so. Can I use Jenkins this way? What other light weight tools are there that could be used. Remember, integration with Git is vital
This is a use case that I am thinking of.
If there are other use case scenarios I am all ears :-)
Cisco 7200 vxr not resetting
I've been trying to reset the above router, everytime I type the reset command it says the "monitor nvram area is corrupt using default values". Then it doesn't reset to factory settings nor does it reboot.
Anyone able to assist?
OSPF not withdrawing default route
Our network runs OSPF internally. The topology is basically a ring from our distribution routers to core routers in the data center. (Were a small SP). Distribution connects to either another distribution via L3 links, or to a mix of distribution and core, depending on which link in the ring we’re talking about.
We’ve recently completed building our redundant WAN backbone ring and are doing some fail over testing. Originally everything worked as expected. I could disconnect any link throughout the ring and OSPF would drop routes from dead neighbors and inject backup routes, all was well.
Tonight I was testing the fail over again by removing a link in the ring and the routing table is keeping its default route via the broken link. The OSPF neighbor on the broken is dead, so the default route should withdraw and fail over to the alternate path, right?
I tried clearing the process to see if it was hung and that didn’t effect it. I also noticed this happens on more than one router. So maybe I’m just missing something here?
It’s late and I’m sure I’m forgetting information, so my apologies in advance. Btw we’re a 100% Cisco shop in case you think it’s a vendor specific bug or something.
looking for a firewall under $10K
Any suggestions/recommendations for a firewall that... - must be 10G capable - less than $10K - ability to dynamically whitelist any internal ip address for a period of 30 days - ability to check geolocation of ip address
What are you guys using?
thanks
PoE vs PoE injector
I have a question here. I work for a large company managing enterprise and small business level equipment. One of our customers have PoE injectors where their access points are plugged in. Our switches support PoE, so my question is why would we not take advantage of the PoE instead of using the injectors? Not sure if it is flawed design, but I would like some insight as to why we would use the injector instead of in the switch directly. Thank you for your time.
Wednesday, December 12, 2018
Is checkpoint a good utm?
I am wondering if checkpoint products are good, and if it is easy to learn.?
Well I finally did it...
I took down an entire building. (yay)
I am working as a wireless netadmin in higher ed. We are currently running an Aruba 6.x environment and I am currently building out an 8.x environment side by side. My new controllers are on our production subnet (first mistake I guess but I don't have a full test environment). So it was already a busy day, I spent the majority of my day with TAC trying to get rid of an inherited VLAN on my controllers which forced almost an entire rebuild of the environment in order to remove it. My boss left early to get to a doctor's appointment and it was nearing the end of the day. I figured I could probably leave right at 5, get home at a nice time and enjoy my night. So I'm finishing rebuilding the environment by adding my controllers back to the cluster and because of our use of CoA, I needed to add two more VIPs for each member in the cluster. I have a dedicated subnet for this, but I decided because I was getting incorrect information into RADIUS that I would try using the same subnet as my controllers for it...just as a test.
So my controllers are on x.x.x.3 and x.x.x.4 with its VIP on .2. I figured I would just use .5 and .6 for the other two addresses to test. I ping the addresses, nothing responds so I think I'm good to go (third mistake). I add two more SVIs on the controllers with .5 and .6 and give it a whirl. Same issue with RADIUS so I pack up my stuff and get ready to leave.
...Then I get an e-mail from Airwave.
Triple digit number of APs reported as down.
What?
I log into the router, gateway is up. I do a source ping to the controllers from the gateway, all good. I ping some of the APs. Nothing. I log into the production controller, zero APs listed. I can't remember exactly what I said, but I think it was "Oh darn!" or something like that. I log into the master and I'm greeted with pages of APs "upgrading." Oh god. I look to my AOS8 controller and lo and behold, there they are.
What is going on?!
All the APs are now terminating to my test setup. I didn't change a profile, I didn't touch an lms-ip, what could possibly be going on? I check the provisioning profile and it's pointing to the master with the TFTP IP pointing to the production controller, all good there. I dig down into the system profile and I find it. The LMS-IP (in Aruba land, that's where the APs terminate their traffic) is set to .5 even though that is not used by any controller. Well, at least not until I decided to make .5 an active interface. This was before my time, but our procedure is to boot all APs to the master and then provision them to the local controller.
So I immediately shut down the ports on my 8.x controllers and the APs downgrade and reattach themselves to the production controllers.
All in all, about 20 minutes downtime but lucky for me, no tickets generated.
First networking job. Gave myself a heart attack, but now I can laugh about it and tell all you fine folks about it. Hope you enjoyed the story.
Help running my speed networking event
Hi, I am running a speed networking session at a conference. Does anyone know of a game I can buy that would have cards that I can give out to the people?
Power connectors, C13 vs C15. KNOW THE DIFFERENCE
My go-to grey market vendor that many of you have probably heard of and maybe even use has mixed them up for the second time since I started working with them and at a very inopportune time. The cables have such a subtle difference that the uninformed can easily mix them up during packaging. The C13 is the common "computer" power cable we all think of when we look at devices with built-in rectifiers. The C15 is the variation with a notch that fits into higher wattage power supplies. It's supposed to be for higher temperature environments, presumably so there is more surface area on the connector to keep it seated during thermal expansion and contraction.
I won't name them because it's humiliating and they've committed to making sure it never happens again, but don't let this bite you at an inconvenient time like it did for me and cause unnecessary stress. Know the difference and what devices require it. Stock it if you can. And make sure your vendor knows the difference too.
Image for those who need a visual: https://www.walmart.com/ip/HQRP-6ft-Heavy-Duty-AC-Cord-10A-18AWG-IEC-C15-to-NEMA-5-15P-Mains-Cable-Power-IEC-320-C15-HQRP-Coaster/366220350
Yes, you CAN just carve up a C13 with a knife/soldering iron and make the notch yourself, but why go through the unnecessary risk to your body and your infrastructure.
-M
Phone Systems - two POTS lines into one Phone?
Does anyone know if there are circuits or products that will allow for connecting two separate phone lines into a single “phone”?
I’m working with a system that currently has a tip/ring wire as an input, the system auto answers this line and amplified that audio over a speaker string.
We are trying to make a secondary input into the system from another phone line. We attempted to just connect the second line’s tip/ring into the system in parallel with the existing tip/ring but things did not work.
Is there a product or a circuit out there that will allow 2 POTS lines into one?
Syslog service timestamps?
Was wondering what the command "service timestamps debug datetime msec" is used for when configuring syslog?
Does icmp packet loss(1-2%) really affect the service?
Hi,
Does icmp packet loss(1-2%) really affect the service? Because, There's an instance that PL occur even in P2P(WAN) ping test and since there no reported issue about that.. I'm thinking whether this Packet loss affect the actual traffic of the customer?
Pre-Checks:
No interface error/drops
no congestion
CPU/Mem normal
hardcoded as 100/full
latency is normal
Output:
Success rate is 99 percent (2998/3000), round-trip min/avg/max = 2/2/16 ms
PL happens only on ping p2p to WAN but no PL when pinging on LAN side. Any idea? anyone encountered this?
Thanks
Help with Ubiquiti Nanostation AC
Company I work for just dumped me onto an install where they need to use these as the clien(understandably so) does not want to provide more then 1 internet drop for us. I have very minimal/close to zero experience with these things. Can someone help out please?
So I have 4 of these Nanostations . I have mounted 1 of these at the internet drop location(Roof top of a clubhouse) and configured it as the AP. The 2nd one is mounted directly across the street on the roof top of a apartment building and configured as a Station. The end lands inside a room on a POE+ switch. The internet to the apartment building works fine. I am able to access sites and view cameras that land on that switch. From that same switch we ran a cable to the other side of the building so it could shoot the signal to another building. I configured that one as an AP . The last station is located on another rooftop building a little further out. Configured it as a Station but I am not able to get any internet from this for some reason. After thinking about it . Do I just need one access point in line? Not all stations will be facing the AP at the club house. But my question is do all the other stations besides that one need to be setup as Stations?
Again any help is greatly appreciated.
Need help to connect smart plug to different network band
Hello,
Am I out of option to use 2.4 GHz smart plug to my 5GHz only router?
My router is Arris - Surfboard Extreme N300. Although its a dual band router, I cannot use both simultaneously and I don't want to switch back to 2.4.
All of the smart plug on Amazon runs only in 2.4. Is there a workaround? or do I have to buy a router that can run both bands at the same time?
Please advice. Thank you.
Vendor datasheets
Hello everyone,
Reading vendor datasheets about network equipment have been bothering me for quite a while. For example, I would see a switch rated at 960Gbps switching capacity. Forwarding rate of 720mpps. Im less concerned about the vendors testing methodology on how they reached these numbers but from engineers perpective, these numbers dont tell me anything. A 48 port switch running all interfaces at 10G would make its switching capacity 960 but what does any of this mean when it comes to evaluating a switch? How is a Ciscos 48 port switch different from Junipers. In theory wouldn't any of these two vendors forward at the same rate?
Furthermore what is forwarding rate measuring? Total amount of packets being transmitted if the interface was operating at peak bandwidth? How is that different then from switching capacity?
How to SSH into IPV6
May be a noob level question, but how can one ssh into a server via the ipv6 address? ssh user@3ffe:1900:4545:3:200:f8ff:fe21:67cf ssh -6 user@3ffe:1900:4545:3:200:f8ff:fe21:67cf This is what I try, but I get no network response. And the server is running. Also, not an actual ipv6 address. Just an example address from web
Thank you
How to create a cost effective WAN
So I am wondering how you would connect 2 LAN sites that are about 5-10 miles apart to create that would also be cost effective. I was thinking about using Ubiquiti airMAX attennas to get the job done or a VPN. Are there any other ways to connect 2 LANS that would be cost effective?
Aruba Switch rollback question
I accidentally brought some phones in our office offline with a misconfigured vlan. I don't know exactly what command did it though. Does anyone know how to rollback an Aruba Switch to a previous configuration? Say... 2 days ago? I'm pretty new to networking. Thank you!
How to Handle Overlap/NAT/Firewall Between Two Enterprises
I need some suggestions on how to handle interconnectivity between two very large enterprises. Both companies are using most of the RFC-1918 address space and have an MPLS connection between their two data centres. The plan at this point is to use RFC-6598 addresses for NAT, but the problem is that both organizations are too large to be doing 1:1 NAT. We are presently looking at F5 or Netscaler to do DNS rewrite.
What we want to achieve is, a USER-A from ABC needs to access a resource at XYZ, say server1.xyz.com. USER-A sends a DNS query to dns.abc.com. Then dns.abc.com forwards the query to something (F5, Netscaler, other?), who then forwards the request to dns.xyz.com. The result for server1.xyz.com is 10.1.1.1. When the F5/Netscaler/Other receives the result, he rewrites the IP to 100.64.1.1 and sends that result back to USER-A. I am pretty sure this is possible, if yes, what should I be googling for more info?
Now the harder part, how can the firewalls allow traffic for the new translated IP address if we are doing this dynamically and not 1:1 NAT. Presently there is a mix of ASA, FTD, and Palo Alto available.
Does anyone have other ideas or suggestions on how to achieve the desired end result? Thanks in advance to anyone who takes the time to respond.
Linux equivalent to “no ICMP Unreachable” and “no ICMP Mask Reply”?
I have a Linux machine that is being used as a router. It has quagga installed and has ip forwarding enabled. It's forming an OSPF adjacency with a 3925 Cisco router.
I’m being asked to ensure that this Linux machine (running Redhat 6.8) will not send any ICMP Unreachable notifications. I know that on a Cisco router I would simply set "no icmp unreachable" on any interfaces that need it. But how could I be certain that they're disabled on a Linux machine?
I'm also being asked to ensure that no "ICMP Mask Reply" messages get sent from the router. Likewise, I know that on a Cisco router the "no ip mask-reply" command would be used. Is there an equivalent type of setting in Redhat?
Thanks for any help.
Useful linux tools you use?
I'm working on setting up some lightweight Ubuntu servers at various sites for testing connectivity and recording network metrics. I've installed Smokeping thus far and set up numerous end targets, which is showing some great historical metrics for both site internal targets, site to site latency or packet loss, and even upstream carrier CPE metrics.
I've also tested and verified some standard tools like dig, nmap, mtr, paping, and tcptraceroute. I'm wondering whether there are any other useful tools you use and would recommend?
Any Cisco AP gurus willing to give me some insight?
I'm having difficulty setting up a Cisco AP in Autonomous mode that will broadcast an SSID for a specific VLAN, but will have an IP address for management in another VLAN.
Does the switchport this AP is connected to need to be a trunk port since i've got a vlan assigned to the SSID on the ap itself? It's not working that way. The only way I can get it to work is to set the vlan on the switchport manually. The AP pulls a dhcp address from within that VLAN and every client who connects to that SSID gets an address from within that VLAN.
I just need the AP to get an IP from another VLAN for management. I don't want clients to be able to ping/access the AP
Thanks
Santa Claus Networking blog
Our company did this cool blog on Santa Claus using wireless technology and I wanted to share it. I thought it was quite clever; https://www.linkedin.com/pulse/digital-transformation-comes-north-pole-dolan-sullivan
Data Infrastructure Installers
I started working for a company that has buildings all over the US and I just realized that I have no idea how to find a good data infrastructure installer. We have a new warehouse/office in Cleveland, OH that requires installation of a two post rack, network drops, wireless access points, IDF box and all the other cool stuff that makes a network go. The electrician who is doing the classic electrical work "doesn't do low voltage" and didn't have a recommendation for someone who can.
So I have a few questions....
- Can someone recommend an installer in Cleveland?
- What search terms should I be using to find one on my own in the future?
- How do you typically judge if the installer is qualified to do the work? I've heard horror stories about botched jobs and I won't have the benefit of being onsite to check their work until the day before the move.
- Any other related useful advice would be much appreciated
Core Switch Replacements
I'm looking to replace my current core switch (HP A5820X (JC102A)). We've been generally happy with it, but it's about 7 years old and will be EOL soon. I've considered replacing with is an updated A5820X (JC102B), an Aruba 3810M, or a Meraki MS425-32 (we have Meraki at the edge). The upshot of going with the updated A5820X is I can re-use my existing SFPs and configuration, but generally this seems like an older switch line. Any feedback/thoughts would be appreciated.
Requesting career advice and guidance for a newcomer to the industry.
Hello, I recently found out about networking and its been amazing so far from what I learned. So let me tell you a little about my situation. I am currently working in retail and i'm beyond miserable about it. Don't get me wrong I do a fantastic job after all I may not like it, but its still my job and I will do it better then anyone. I've been with them for 3 years while going to college full time since everything comes out of pocket I take semesters off. but recently I've made the choice to drop college for the next semester or at least take 2-3 classes. I decided to go after my CCNE, then CCNA in R&S and then possibly CCNA Security. I was learning programming and I also loved that so my questions are.
Should I continue to down CCNA security in the long term? I kinda like the experience I've had with ethical hacking.
Should I continue to learn programming such as Python? I liked it and people have been saying that network engineers may need to learn simple programming anyway down the field.
should I learn Ansible?
Would it help to learn more in dept and get certified in Linux OS? if so what certificate?
Are there any other certificates I should work on or any fields I should learn? I'm just trying to get started for the long term and something to help me get hired for a job in networking, I'm looking for a intro position so I can understand the basics and move up from there. I want to accomplish getting my CCNE 2-4 months and move to a bigger city that has potions open, I already have a place but wont want to move until I get my CCNE, should I get anything else other then My CCNE? such as a Linux certification to help me get the intro position? should I mention my experience with python?
I look forward to any advice from professionals. Thank you.