How do you deal with network blaming?

What the title says.

Here’s the longer version: I’ve got a good job, a great schedule, and a supportive boss. I’m the sole person responsible for the operation and performance of a mutli-site enterprise network.

At the same time, I have about 1000 internal users who are convinced I don’t know what I’m doing, including powerful decision-makers above my boss.

Nearly all of the issues our staff runs into are run-of-the-mill remote web server anomalies, user-created circumstances (hasn’t rebooted in four months or has 9 billion tabs open), or our user has very dated hardware (devices with 5200rpm HDDs, 2.4 GHz-only WLAN adapters, hasn’t been re-images in 5+ years). But to our users, these are all “network” issues indicative of an incompetent IT staff and our network is slow and broken and never works.

I know the obvious solution here is data, data, and more data, but these aren’t people who are willing to even consider listening to a layman’s explanation of any data I collect. I’ve tried to keep my head down and block out the noise, but the constant barrage of criticism is demoralizing and it’s really starting to eat away at my confidence.

What do you guys/girls do in blaming/burnout situations like these?

Constant BFD triggers?

Anyone have experience with resolving chronic BGD triggering issues with a provider? I have a site that has been having on again off again issues. When it's bad it's a few times a day. As of recently there are no L1/L2 errors. I know BFD runs on the line card. Possible defective module on the provider's end?

Need recommendations for Top of Rack switch with BGP and IPS/DoS support

We are moving from leased servers to colocation, we will run BGP to advertise our own prefixes to the upstream provider. Half rack for now.

I was first thinking about a classic pair of routers with VRRP and then another pair of switches with 2 NICs per host for redundancy, then I actually though:

What about if the switches run BGP and we skip the routers altogether, but I don't know if this is something people are doing and what would be the cons/pros of doing it.

Open to suggestions.

Thanks,

Back to basics.

Ok, first of all, this is my first time posting here. I'm a one man IT department with a modest amount of networking knowledge from being a 25N in the army. The majority of my civilian career however has been managing VMware and Wintel server administration, so please be gentle, I'm by no means a career network pro. I simply know enough to get by (or get in trouble) in small networks. A discussion in a private facebook group for IT folks about the fundamentals of Ethernet had wondering a few things and it was at this point, my brain ran away from me...

​

(I'm going to number my questions so if you feel like answering any of them, you can number your answer)

1. What were the origins/applications of "IP Broadcast" in the early days of ethernet?
2. Was broadcast back then "litteral" in terms of literally broadcasting onto the coaxial medium or has it always been protocol based broadcast?
3. What is the purpose of broadcast on the Internet as it is now? (Not in private networks, I get that)
4. To what extent does WiFi implement ethernet? 4/5G?
5. What/if any broadcast traffic is allowed to traverse the internet between or at least internal to ISPs today?
6. Is there any authority that decides what/who is allowed to broadcast or is it just up to companies like Level3 to manage their own infrastructure's means of handling any broadcast traffic?
7. Is digital traffic on coaxial cable from ISPs still modulated onto a carrier frequency or have the means evolved to be purely digital such as in Cat5? My instincts tell me it must still be modulated because the medium must loop for two-way traffic to traverse one wire. Am I wrong?
8. If the above assumption is correct, do cable companies struggle with frequency management on wire? It sounds like the most nightmarish wave theory problem I've ever imagined.
9. Might companies like this broadcast time or hardware events for infrastructure management or route analysis?
10. Also wondering, on an ethernet network, could someone theoretically configure an FPGA to act like an ethernet controller that would accept packets destined for any IP/MAC address?
11. Is placing intentionally non-compliant hardware on the Internet "illegal" in the same sense that the FCC punishes unlicensed radio broadcasters?
12. I understand that with proper network segmentation, only traffic in that network segment could be trapped/interfered with but given a small/unsegmented private network, would this see the same data Wireshark would capture?
13. How much of network infrastructure depends on trusting hosts to behave when it comes to bits on wire?
14. What safeguards exist against hosts designed intentionally against protocol?
15. Is the internet especially vulnerable to "rogue" hardware/infrastructure assets that manipulate traffic on the bit level? Is there any history of hardware based attacks on ethernet?

Of course nobody has to answer any questions, but even if you only answer one question, I'm still grateful.

Proxy Servers & Home Network Performance

I have a small network at my house which is configured in a way which I could easily implement a dedicated proxy server on my Ubuntu server.

I have seen various things online that say that a proxy server can significantly improve my networks performance, is it worth configuring? Are there any downsides of running a proxy server on the same LAN, or any downsides for that matter?

I never learned about proxies much in college surprisingly, so I am curious to have more insight on all of that. How I didn’t have more involvement with that and I have my CCNA R&S is probably even more interesting though.

Aruba SD-WAN - anyone using it?

We are looking into SDWan solutions and currently have Clearpass and some Aruba wireless infrastructure in place.

Has anyone deployed Arubas SDWAN using 72XX or 70XX controllers for edge routing for mpls/internet?

DHCP via VPN

Hello guys

I don't know if this is the right place for this, but I have a question about VPN site to site

I'm trying to implement site to site VPN between site A and site B ( either IPsec or GRE)

Site A is using DHCP server for it's LAN (23.0.0.0/24) scope I want site B to have the same scope from the same DHCP server is there anyway to implement that

I searched through the cisco community but I didn't find a satisfied answer, I'm using 2 CISCO routers btw

is there anyway you can help me with ?

Newbie Question

Hey All,

Hopefully this question doesn't get crapped on too hard, but I'm posting it here because I'm sure to get some good information. Newbie networking guy trying to work toward CCNA to pivot from current position into another. I recently purchased some Cisco Switches and Routers, installed Packet Tracer and am just starting to play around.

So, the Cisco switch that I have has 24 LAN ports, a consol port for configuration and an ethernet management port. In a real world, enterprise environment, how would I connect my switch to my router? Do I use any of the 24 ports available? Do I use this management port? What if I want to link multiple switches together?

I am waiting to get my "CCNA for dummies" book, so I'm hoping this can answer some of those questions.

Can I send generated traffic through another switch to somewhere else?

I have a packet generator used for testing. At the moment it writes to a dedicated NIC on a server and the device being tested is on the other end of the wire and sniffs the traffic.

Is there a way to send this through a switch to somewhere else? The MACs, IPs and timestamps will all be wrong for the 'real' network so it needs to be kept isolated.

Learning SQL

Posting here instead of other subreddits because I feel it's most appropriate, and I think I'll get answers I'm looking for in this subreddit.

​

I got a former employer that contacted me to return back to help manage their IT systems. When I was an employee there I wasn't in IT, I left there(on good terms) to pursue an IT career a bit less than 2 years ago. It is a small company, under 100 employees, but the business they do relies almost entirely on the IT infrastructure. Currently I'm a junior sysadmin, and I have fundamentals in networking(have a CCENT, getting CCNA soon), and on the job Server 2008/2012 knowledge. I have hands on experience working with switching closets and know the basics of handling server and networking hardware.

​

I spoke to the IT person departing the job for a different position, and he said that about half of his workload is doing SQL queries. I have very little experience in coding languages(dabbled a little in college), but I'm not intimidated by it at all. They're also talking about switching buildings in the next year or two, so I think gaining experience in setting up IT infrastructure would be beneficial.

​

However, my passion is networking technologies. I've been working towards being a network admin/engineer, and at least knowing the fundamentals of microsoft servers. I also understand that sql is part of Microsoft(I guess more specifically, MSSQL, which it sounds like that's what they use.) I'm asking, if what I do learn about SQL would apply later in my later networking career? I can see at least knowing the fundamentals of database would help me prove that a problem isn't networking related, but what other applications could I use SQL knowledge with the new networking technologies that are coming up? Thanks in advance

Problem with VPRN

Hello guys, I am configure a vprn using nokia/alcatel for the core and cisco for the customers, and I am with a bit difficult, maybe someone can help me.

My topology is this one:

https://ibb.co/sHDPGjt

I am using BGP in the core, and eBGP from PE to CE,but for example, this is my routing table for the bgp from one PE view:

A:vRR# show router route-table =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix[Flags] Type Proto Age Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 1.1.1.1/32 Local Local 00h06m44s 0 system 0 2.2.2.2/32 Remote OSPF 00h06m25s 10 10.0.0.1 100 3.3.3.3/32 Remote OSPF 00h06m25s 10 10.0.0.1 200 10.0.0.0/31 Local Local 00h06m30s 0 toR2 0 10.0.0.2/31 Remote OSPF 00h06m25s 10 10.0.0.1 200 ------------------------------------------------------------------------------- No. of Routes: 5 

I can the the other PE and on customer, but I cant see the customer with the ip 10.2.2.1 from the other side.

Here I leave the configuration of this PE: https://pastebin.com/cvfMpatx

Thanks for any help...

eBGP - Multiple neighbors off one interface?

Might be a silly question but is it perfectly fine to have multiple eBGP neighbours with one common subnet between them all?

Usually with a router we would use 2 interfaces and have a /30 off each with one eBGP neighbor off one interface.

In this instance we have a active/standby ASA setup so im proposing making the transit subnet a /29 on one interface, into a switch (vss so also ha), and have our wan routers inside interface(which will be used to bring up the bgp session) also within this /29

I think it is fine, but wanted some feedback before into ahead with the proposal on Monday.

Reason behind this is it will save me having to mess about with interface zones, as all traffic will be coming in and out of one interface on the ASA, rather than potentially causing issues with statefull TCP checks etc

Meraki MR33 + Rukus R500, can they cooperate/extend?

I know they are relatively competing products, but if I've got a single MR33, that doesn't quite cover a space, and I also have a spare Rukus R500, is it plausible to use both to provide a full-zone coverage, albeit without the speciality features from the Meraki side, of course.

​

Not using anything fancy like guest networks or even VLANs, purely for wifi coverage, extending the LAN segment; DHCP done by higher up. Is there anything special to make them work together, or is it simply a matter of giving both the same SSID and tuning power to reduce overlap pools?

Cisco key-chain update playbook

I made this playbook for learn more about asible and for manage/update the key-chain key and datetime.

It maybe be useful to someone else so here it is: https://github.com/max-cz/cisco_keychain_update

Ridgecrest Earthquake

Anyone else have assists down in the Ridgecrest, CA area due to the earthquake?

My public library there went down right after the 7.1 magnitude earthquake tonight. Power is out in the area, I will not hear any details about the building until Monday.

I’m 150+ miles away so we just felt the big ones here, none of the smaller ones they are dealing with locally.

I find it funny that the USGS and AWS can’t handle everyone in Southern CA trying to pull up the earthquake page at the same time; their website had several outages.

Double NAT

So, my brother is getting a double NAT message on his Xbox. This is is wifi setup:

Modem -> Router -> Outside CPE setup as an AP -> Outdoor CPE setup as client -> Router -> Xbox

The two routers are wifi routers with different SSID. I am pretty sure the issue is because of the two routers, I am not sure on how to fix it exactly. If I throw the second router into bridge mode, then the speed slows down significantly. Ideas?

Role of a Server

I have been freelancing, and have been in corporate support roles for quite a while. I've set up a few routers and switches, know some linux, and a lot of windows.

​

One of my clients has 2 offices and they have a working linux server in one, and another that is not fully set up. The offices are about 50 miles apart. The staff uses mostly windows and a few linux clients.

​

They utilize network shares, and both offices can see all the shared folders, and can access only ones that they are allowed to. Each user gets a mapped network drive as they log in to the windows client.

​

I don't know much about the role of the server. I suspect that it's performing at least 2 major functions: mapping drives and setting permissions. What do most people do when they set up a linux server with windows and linux clients?

Airmagnet or Ekahau?

I've been using Airmagnet for about 14 years, but it's expensive and Tamograph is a bit like early versions of it, so not a bad choice (cheap) and then there's the 'industry leading' Ekahau. (Which isn't cheap either)

I've recently conducted a multi floor survey for a client who specified that I use Ekahau, and these are my concerns with it.

(I don't work for, or have any interest in, any of these software companies, I'm just a WiFi Surveyor and posted this as an FYI for anyone interested)

1. If you conduct a survey on a site that already has multiple deployed AP's (or even use APoS), it doesn't use the physical data collected when you place Simulated AP's, it ignores all sources of attenuation and displays the Simulated AP signal propagation as if the walls Etc. don't exist. You need to add these attenuation sources manually, which then skews the results of the physical survey, since you are adding attenuation on top of attenuation. (Airmagnet bases the simulated attenuation and signal strength on the data already collected from the physical survey, and I'm sure Tamograph does as well).
2. SNR visualisations appear to be way off. i.e You can select two adjacent AP's broadcasting on the same channels on each band and its shows no issues. (They will interfere and they will have an impact on SNR)
3. Channel Interference (as above) is off. It shows the amount of interfering radios (see 6.), not the value of interference.
4. You can't turn off the survey paths in survey mode, best you can do is grey them out, which clutters the floor plan. A nightmare when you have a complex floor plan and conducting multiple surveys.
5. The entire building survey is a single file, so there's no easy way tor export particular parts of it. (You can open it with WinRar (it's an archive like docx), but it's a pile of json files etc, so impossible to pick apart.)
6. You can't filter single SSID's for each AP (not sure how it works with Ekahau, but with AM we filter them out, as multiple SSID's seen on a single radio show as sources of (self) interference...might be OK though, jury's out on that until I give it more thought)

Don't get me wrong, Airmagnet can be a pain in the hoop at times (i.e. having to enter separate MAC addresses etc. for every simulated AP on each band and intermittent crashes during surveys, even more when running Sims)....but you can hit Save at least without stopping the survey, unlike Ekahau which has to be paused/stopped, which also has a habit of locking up all your USB ports after disconnecting the adapter. (If you don't see the notification that it's dropped the adapter you can find yourself conducting a survey that isn't collecting any data.)

Upshot is, I'm not impressed with Ekahau, it's only as good as your planning was before you deployed the AP's.

​

#1 is a massive issue though.

Real World Data is Gold, but it ignores this for estimations based on how thick (attenuating) you think a wall might be, rather than how much it was measured to be.

By ignoring the collected data, you essentially have to start with a clean sheet every single time you add or move an AP.

Fine if you have a room or two with a requirement for data traffic only, but when you have a high density deployment for voice & data with 40 or 50 AP's per floor requiring channel planning, it's a damn nightmare.

Technical Interview at Cisco - Part 2

This is an update that started with this post.

I had the technical interview today. It was only 10 questions and it was text based. The person giving the interview just shared her screen and had the test in word format on the screen. Most of the questions were multiple choice with a few "order" questions. It covered mostly MPLS stuff (which I've never used in production, only read about it so I was very worried). They also had some OSPF and IGMP questions. They were mostly port/protocol questions and route preference questions.

Anyway, like I said I haven't used MPLS before so I didn't answer those questions with much confidence. I honestly figured I failed when I ended the session. A few minutes later I got an email saying I passed! So now they are sending my resume to the hiring manager for the next step.

I also found out (it was on the paper) that this is for HTTS at Cisco. I understand this is for high profile clients etc but can someone give me more details about the department/team etc? Is it still part of TAC or something else?

key data points during a ddos attack

Hey folks,

​

I've been thinking about what makes a good DDoS defense tool and I wanted to try and poll this group of experts to see if anyone could contribute thoughts here. My questions revolve around the following:

When your company is under a DDoS attack, what features and/or data do you need in front of you in order to understand the nature of the incoming attacks? What features or data do you need in front of you in order to mitigate the attack? And what features or data to you need in front of you in order to communicate details about the attack to customers or to internal colleagues? How do you describe the attack to others?

​

Any pointers to products that do this well or poorly would be awesome as well.

audiocodes mediant 1000 not working after reebot

Hi! our phone system is down for over 2 days! we moved offices and the audiocode system does not ping and I cannot access webGUI. I reset the device and it works, but then when I go to load my backup config it just doesn't get back up.

Even a simple change and when I go to reboot it, it goes away.

​

Any ideas?

Thank you!

Entering Cisco SNMPv3 passwords in digest form

Has anyone successfully been able to enter your SNMPv3 passwords in digest form?

My SNMPv3 works when passwords are entered in clear text, but when entered in SHA digest form, SNMPv3 tests fail.

Cisco says this can be done (scroll down a little to "Working with Passwords and Digests")

The format I'm entering is as follows:

SNMP-Server user testuser SNMPv3Group v3 auth SHA db:fa:10:bc:69:69:59:6d:3d:d4:71:9d:5f:65:fd:c2 priv AES 256 30:a4:c7:c7:df:a2:28:88:7d:a0:13:ce:73:9c:1d:0a access 30

​

I'm creating the SHA1-96 digests by discarding the last 4 octets of SHA1 digests.

Looking for advice on how or whether to use LAGs between non-stacked pairs of Dell/F10 switches

See diagram here: [Imgur](https://i.imgur.com/mDbpyoc.jpg)

I'm designing and building out a new data center using a pair of Dell S6010s for the core (all 40GE) and Dell S4048s for top-of-rack (40GE uplinks, 10GE downlinks), and have decided to not use stacking for any pairs of switches, due to the instability and possible outages that would occur with switch member reboots and upgrades. My goal is to have a L2 network with no single points of failure, but still present aggregated links of some sort to the downstream servers.

​

As you can see in the image linked above, we're using a spine-leaf topology, with the core switches and top-of-rack switch pairs linked together with a high speed interconnect between them (RSTP enabled, with one core switch configured to be the preferred root bridge), and leaving each pair as independent, non-stacked switches. This way, each switch retains its control plane and can survive its peer switch dying or being rebooted. The downstream servers are going to be a mix of Windows 2012R2, Ubuntu Linux 18LTS, and ESXi 6.5+. These systems need to run LACP or similar protocol with the ToR switches that can ensure quick link failover in case one of the ToR switches stop forwarding. I can't wait for the usual spanning tree reconvergence time, as we have a strict 3-second outage limit for our application. I'm also afraid standard "active/standby failover" bonding at the OS level wouldn't account for a situation where a ToR switch "locks up" and stops passing L2 traffic but still presents L1 link to the downstream server. Ideally, I need to ensure the systems can detect when the upstream switch on its respective link has stopped passing traffic or stopped sending BPDUs and mark that link as offline/failed within 1-2 seconds.

​

I can't do LACP between the Top-of-rack switch pairs and the downstream servers, because LACP would require the ports upstream from each server all be in one control plane (like a stacked pair), and I can't do VLT (virtual link trunking) between the core switches and ToR switches because VLT requires one end of the trunk to have a single control plane. I could do VLT if either the core or the ToR switch pair were in a stack, but they're not and will never be.

Am I stuck with just trusting RSTP for path resiliency, and just giving up on link aggregation? What are my options, for switch-pair to switch-pair aggregation and switch-pair to server aggregation, using the standard protocols that Dell/F10 switches offer?

To leave current position or stay

Hi all

I am in a bit of a dillema and would like to see how other people in the networking world think about tackle these things.

I have been a network analyst at a global firm now for 3 years and a senior within the team for almost a year. Prior to starting here I worked at a couple of ISP NOCs for less than a year doing 1st line (foot in the door type roles).

In my current position our team is responsible for all network infra within the estate and it's a mix of support and projects. I have learned a ton here about how enterprises operate and learned things outside of networking that have definitely enhanced my skillset. Since I have been here I have identified and resolved a bunch of issues and delivered some significant projects hence the senior promotion.

The thing is, I am not really liking where I am now and don't see where the future progression is. We have an architect in another country who is quite frankly not very good and I feel like my network skills are going to atrophy in the long term if I stay. Most of my work now is admin related and project management, and people generally don't seem to really care about making things great.

I have been presented with an opportunity to work for a global MSP where the office is located 5 minutes from my house. The pay is 5k less than what I am on and the role is advertised as 1st/2nd line but I feel it could open up more opportunities in the mid to long term with progression to different teams etc. Has anyone made a similar jump in the past and if so was it the right move? My main motivation is to have more fulfilment which includes spending more time with my family.

EDIT

I should note that my long term plan is to become a consultant but the short term is to spend more time with my young kids while having some interesting work to do.

Port Security; Before of After Parameters?

Not sure where I read this but I will paraphrase: "If the 'switchport port-security' command is issued prior to port-security parameters, the interface will only acknowledge the default parameters from the port-security command."

In other words, the interface will not see the parameters (e.g. ...maximum 3) and only run with the default parameters.

Is this incorrect?

All clients not receiving DHCP offers during PXE boot, but have no issues when booting into windows.

First off sorry in advanced for asking yet another WDS question on this thread. But this situation has been plaguing me for months. I need advice.

My environment was recently refreshed with L3 Juniper devices, from Cisco. Since the refresh our deployment services have not worked. Clients are no longer receiving IPs from DHCP. Current config:

1. 802.1x enabled managed by Cisco ISE

2. DHCP relay points to DHCP and WDS

3. DHCP options 66 and 67 have been removed (still have 43 which is required for wireless networks)

4. Spanning Tree enabled with PortFast equivalent

5. WDS sits on different subnet than DHCP

6. Updated DHCP relay with delete-binding-on-renegotiation option

What I've done to troubleshoot:

1. Disable dotx on the port, enabled sticky Mac. This allowed the client to boot 1 time to WDS. Each time after it fails with same error " No DHCP offers were found". I have a suspicion that after the initial boot the port is binding with something that's fails to process DHCP each boot afterwards.

2. PXE booted multiple different models (HP, Dell, etc) in both legacy and UEFI.

3. Added option 66 back to DHCP.

4. Try booting from multiple VLANS including the subnets as both the DHCP server and WDS.

5. Updated BIOS on client.

I'm running out of ideas and my sanity. I can definitely narrow it down to an issue with the Network. Consulted with the new vendor but we have yet to find a solution.

My latest theory is that the ports are authenticating quick enough to ISE and the PXE client times out.

Has any one encounter these symptoms? Have you found a solution?

(Fluff post) Stranger Things is hosting an Alternate Reality Game (ARG) for its third season, and it's featuring an active SSH server.

ARG wikipedia page for those who don't know what that is.

 

I thought this was a very cool move by Netflix/whoever is doing this. Get yourself to your nearest terminal and type:

 

ssh 34.68.105.48 -p 1985

 

I had problems with Mobaxterm (ssh_dispatch_run_fatal) but I think it's something to do with the colors, or what they've done with the terminal itself?

For those who want it, there's a lot more context at the ST3 ARG discord.

FortiSwitch 448D vs Juniper EX2300

Our company is looking to upgrade our current switches and have come down to these two.
FortiSwitch 448D and Juniper EX2300

We are a small business with under 150 users and just looking for feedback on either. We also have a Fortigate 100E currently in our setup. We know the FortiSwitch would integrate easily but having all the same product is one of our concerns. Fortinet is new is the switch game so just looking for first hand experience. Thanks

Help with dmz fail over

All,

​

Please let me apologise if this is a wrong place for this post - this is my first post on reddit (and I'm under pressure to fix this problem).

​

I have got a problem with our dmz fail over set up. From the diagram you can see that we are using 2 x fortigate units (500d), 2 x dmz unmanaged switches, 4 esx hosts. each fortigate is plugged into one dmz switch, and from the switch the connection goes to the esx host either adapter 1 or 2 (it depends on which fortigate)

​

The HA mode on the firewall is set to active - active (i don't know why - i'm trying to fix this mess). on esx hosts (vmware) the dmz 'standard switch' fail over order is set to active - standby, however when i check the otions from the 'virtual switch' menu, the fail over order is set to active - active.

​

Problem:

​

When firewall 2 is master, dmz is online. When we failover onto firewall 1 (so fg1 is a master now), dmz is offline. The network icon on the dmz server goes red - network not available. BUT when I unplug the dmz cable (which goes from dmz1 switch to firewall 1) from dmz1 switch and plug it into dmz2 switch, the dmz server goes back online. Which to me means that the network adapter 1 on the esx host didn't know that i have failed over the firewall onto firewall 1 so the network adapter 1 is still on standby.

​

I know its confusing but i've tried to explain it as best as i can.

​

Thank you for any help.

Tom

​

dmz diagram

Small Business Remote File Access from Home Advice (OpenVPN not cutting it)

Hi, sorry in advance if these kind of normie questions are a bother.

My wife does graphic design work for a (very)small town printing and promotional company. We had a baby four months ago and she's been doing some piecework from our computer at home lately.

The town IT guy helped then set up OpenVPN so she could access work files from home. Sometimes it works fine(ungodly slow, but these are large CorelDraw and Photoshop files so that's probably unavoidable) but almost weekly the damn thing stops working because reasons.

The town IT guy is nice enough but it's frustrating for us and him to have to mess with it constantly. Could be he didn't set it up great to begin with or we're not using it right, I don't know. I've posted so many log files to the OpenVPN forum and pounded my head against the keyboard so many times and for so long trying to help with varying degrees of success. It'd be less time consuming and much less frustrating to just go in every morning with a USB stick and get the days' files manually that way.

Are there any good alternatives to using OpenVPN? Is a VPN even what we want? I appreciate any advice.

How to find a companies ASN Number?

Looking at blocking companies based on their IP ranges on a network firewall level.

I do not know current IP range for say, Dahua (The camera company)

​

How would I go about locating the ASN?

The Metanet Starts a 4-Dimensional Supercomputer that lives on Bitcoin.

https://medium.com/@_unwriter/the-metanet-starts-84f255a65782

Unidirectional & Bi-directional Traffic Difference

Hi Guy,

I'm trying to know about the difference of unidirectional & bi-directional traffic.

Any reference document or link?

The convergence time of unidirectional & bi-directional traffic is different in my same network environment.

OSPF on a single subnet versus dedicated links

At the moment, I have a handful of devices, each have an IP in a /24 subnet. This /24 subnet is like a WAN subnet. They have static routes to route traffic between them. We're starting to add more devices, get active/standby devices going, etc. This doesn't fair well with static routes (doing fail over between them is manual or IP SLA and is messy).

​

I'm wanting to enable OSPF between these devices.

​

Any reason why I couldn't just enable OSPF on these interfaces and call it a day? (Removing the static routes afterwards)

​

Would I need to instead, remove the /24, designate one or two devices as "cores" and then create /30 links between each devices and the cores?

Blogpost Friday!

It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts

Feel free to submit your blog post and as well a nice description to this thread.

Juniper unable to commit due to "https Missing mandatory statement: local-cert..."

Hi, I need to delete this command on Juniper device but I'm having this error message when saving.

​

- Command to delete

#del system services web-management https local-certificate cert.x

​

when I issue commit check , I'm having the below error message, anyone has ever encountered this?

[edit system services web-management]

'https'

Missing mandatory statement: 'local-certificate' or 'pki-local-certificate' or 'system-generated-certificate'

error: configuration check-out failed: (missing statements)

​

Thanks

Telllabs 532L 0/1 Admin Complex / DUMP ALL Question

Hello Everyone,

I work at an ISP and have been put in a position where I get to monitor/troubleshoot all of the transport equipment on our network. Currently on one of the 532L DAC's there is was an ADMIN COMPLEX alarm active on the equipment but I had a tech clean/reseat the Data Storage module which cleared it.

​

Now however when I query the system for alarms and the storage on the DACs it throws the following errors.

UTL::QRY,ALARM!PF M 09:23:14 11,00 6 UTL QRY ALARM 4 LN MSG: PART 1 OF 1: CRITICAL 5 CGAS ON PORT MODULES MINOR ONE OR MORE PES POWER CONVERTER MODULES HAVE FAILED MINOR AUTOMATIC DUMP ALL FAILED EOP UTL::QRY, STORAGE ACTIVE!PF M 09:25:51 11,00 6 UTL QRY STORAGE ACTIVE PL-NOMEDIA DNY UTL::QRY, STORAGE INACTIVE!PF M 09:26:41 11,00 6 UTL QRY STORAGE INACTIVE TPE-SCSI DN 

I looked up the alarms in the user manual and am advised to do the following steps.

PL-NOMEDIA There is no media for the specified device. Recovery: 1. Verify that media is installed. 2. If the media is present, change out the media.  If there is no media installed, insert one. TPE-SCSI Anomaly occurred on storage device’s drivers. Recovery: 1. Verify that the media and storage device are inserted and reenter the command. 2. If the problem reoccurs, try a different media and reenter the command. 

Does anyone here have any experience with this? Or can point me in the right direction. The DACs has been like this for the past few days and I am very afraid that this might be a bigger issue. I know for a fact that DUMP ALL could potentially break the DACS so I do not want to force that...

​

It also doesn't help that my company does not have a support contract for this.

​

Thank you in advance guys.

call-home in cisco

I see you can specify a custom HTTP for the call-home feature in Cisco's. Never used it. Anyone used the call-home to custom PHP scripts or anything like that? I don't plan on usign "call-home", but I am interested if other people use it.

Currently, we use SNMP, SYSLOG, and SSH to automate our management/monitoring.

​

https://www.cisco.com/c/en/us/td/docs/switches/lan/smart_call_home/book/SCH31_Ch2.html

I start schooling for the full basics of IT including Networking and Security next in 2 week! Any basics and terminology I should know by then?!

I’m interested and I know the schooling will teach everything but like what are some basic vocabulary that would help me understand a little easier?

IKEv2 Linux Server (VPS) to Windows Client

I am trying to setup a road warrior VPN to my VPS on a CentOS 6.10 box and Libreswan

Following all instructions, I have successfully created and can log into my VPS using Windows VPN client with a 509 and IKEv2. I get an IP address from the IP pool and all is good.

However, I need to be able to configure the VPN so that all traffic can route through my VPS and a whatismyip will show my VPS's IP address.

As well, I have given my VPS an internal IP address which I cannot ping once connected.

Any advise would be appreciated

Server Config

conn ikev2

 left=%defaultroute leftcert=X.X.X.X leftid=X.X.X.X leftsendcert=always leftsubnet=192.168.103.0/24 leftsourceip=192.168.103.1 leftrsasigkey=%cert right=%any rightid=%fromcert rightaddresspool=192.168.44.10-192.168.44.250 rightca=%same rightrsasigkey=%cert narrowing=yes dpddelay=30 dpdtimeout=120 dpdaction=clear auto=add ikev2=insist rekey=no pfs=no ike-frag=yes ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024 

,aes128-sha1;modp1024 phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2 modecfgdns="8.8.8.8 8.8.4.4" encapsulation=yes mobike=yes

when I connect:

PPP adapter VPN:

Connection-specific DNS Suffix . : IPv4 Address. . . . . . . . . . . : 192.168.44.10 Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . :

I noticed on my PPP adapter, there is no default gateway, which I am guessing is an issue but not too sure how to proceed

thank you

Can someone help me with my Calix 711GE ONT?

Hi all,

I have Windstream service and I have been without internet for over a week now. I finally decided to take a look at my ONT to see what the deal is and there are no green status lights on at all. Power has a solid orange light and the CPU light is blinking orange.

I haven’t been told anything about what the problem is. Local network techs haven’t been able to tell me anything about what the problem is either.

Anyone have any insight?

Do Cisco SG350 RSPANs actually work?

I have two SG350-20s where I'd like to do an RSPAN. I've followed Cisco's instructions to the tee, though the information on the "reflector-port" is ambiguous - does it need to be connected? I never see any of the RSPAN traffic on the destination. "sh monitor session" and "sh vlan remote-span" seem to indicate everything is correct, so I'm at a loss. The firmware release notes seem to indicate RSPANs have a bug, but I'm not sure if that applies in my situation.

Here's a quick pseudo config on switch1 (source):

 conf t vlan 333 remote-span exit int gi20 switchport mode trunk switchport trunk allowed vlan add 1 switchport trunk allowed vlan add 333 exit monitor session 1 source interface gi1 both monitor session 1 destination remote vlan 333 reflector-port gi2 network exit 

The switch CLI forces me to specify "network" for the reflector. The reflector port is not connected to anything and is "down" but not "shutdown."

And now switch2 (final destination):

 conf t vlan 333 remote-span exit int gi20 switchport mode trunk switchport trunk allowed vlan add 1 switchport trunk allowed vlan add 333 exit monitor session 1 source remote vlan 333 monitor session 1 destination interface gi1 exit 

Any insights, comments, etc. are welcome! This really has me scratching my head.

SNAT Server Sanity Check

I need a quick sanity check on my iptables config for SNAT. I've a bunch of servers in a private IP space with no external access 10.0.10.0/24 that I'd like to have access out to the internet when needed.

I've a CentOS box that has firewalld disabled and the below iptables rules added after clearing everything out. I believe this should allow anything within that network to set it's gateway to my CentOS box and get access out. I'm confident that only computers in the defined range can go in through the SNAT internally, I'm just concerned I'm opening up the public side of the SNAT to allow stuff in to my internal side. Or some other security issues I'm totally missing.

There just doesn't seem to be a whole lot written about implementing SNATs!

```

ens6 internal

ens9 external

-P INPUT DROP -P FORWARD DROP -P OUTPUT ACCEPT

-A INPUT -i lo -j ACCEPT -A INPUT -s 10.0.10.0/24 -i ens6 -j ACCEPT

-A INPUT -p tcp -m tcp --sport 53 -m state --state ESTABLISHED -j ACCEPT -A INPUT -p udp -m udp --sport 53 -m state --state ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT -A INPUT -p udp -m udp --sport 80 -m state --state ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT -A INPUT -p udp -m udp --sport 443 -m state --state ESTABLISHED -j ACCEPT

-A FORWARD -i ens9 -o ens6 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 10.0.10.0/24 -i ens6 -o ens9 -j ACCEPT ```

Fluctuations in dBm sensor values

Hi,

I've been thinking about this for quite some time. We are monitoring all our SFP core ports in Observium and I can see Fluctuations on TX/RX one some interfaces, its not a lot (0.1db) but one other interfaces its really stable. Seems to be more of an issue on fibers internally (both SM and MM) but not so much on dark fiber exiting the building.

I know interference can be a thing but should it Fluctuate at all?

Shotest path and number of hops

My thinking : the shortest path in a network depends on the costs of links between nodes not the number of hops .

If I am correct , is there any reference I can cite that mentions this ?

If I am not correct , is there any reference that estimates this relation between shortest path and the number of hops?

Thanks a lot.

Troubleshooting script in python?

Hi Guys,

just want to ask if any here currently using or developing a script that conduct a pre-checks and simple troubleshooting on multiple device? Can you share the details of your tool and the user representation(output)?

​

Currently I'm building a simple one and it's a CLI output that summarize the output from my pre-checks command. Just want to gather some idea on how to create a better one. thanks

Lenovo RackSwitch - Scheduler? Kron? Cron? Nothing???

Morning all,

I've been poking around in the CLI of my RackSwitch, trying to figure out how to automate some things (eg: turn a port on/off at a specified day/time).

However... I can't for the life of me find any type of scheduling functionality on the switch itself. Am I going crazy, or, is this an unrealistic expectation?

I'm pretty sure most Cisco devices had kron... but again, could be crazy too.

Thanks!

Enterasys E7

Hi Everybody, anybody here know much about Enterasys E7 Chassis switches. I’m trying to fit a line card to the chassis to increase capacity but I’m hit with the log of a version mismatch. Anybody know the process to upgrade versions of this linecard or generally any linecard ?

Windows 10 with DOT1X and MAB, MAB fallback not working

Hello everyone,

​

trying to get a windows 10 VM working with a VIOS as a NAD, flexauth is configured on the NAD for the sequence dot1x and as a next-method MAB.

A problem that occurs is that when dot1x fails, the windows 10 vm has decided that authentication failed, which causes the green light for the MAB check from the NAD ,which occurs with changed timers around 10 sec later, to be not working

Has anyone successfully managed to get windows 10 or any other OS working with flexauth where MAB is a next-method and also does anyone know where the issue could be?

​

any info is appreciated.

Is optical SFP DDM/diagnostics monitoring using SNMP useful?

It seemed to me that monitoring SFP DDM/diagnostic values (TX/RX power, voltage, temperature) would be a good practice for preventive maintenance. Having recently spent over a week troubleshooting problems in an optical link, I thought maybe looking at SNMP-DDM graphs would prevent end user complaints next time.

When looking for a switch with 8-16 SFP ports, I was very surprised to find that monitoring SFP DDM is not supported over SNMP.

• Planet MGSD-10080F provides the data only using browser.
• Both Unifi EdgeSwitch ES-12F and Cisco SG350-10SFP provide data over CLI and browser. Unifi confirmed the data is not available over SNMP. I've yet to hear back from Cisco, but I'm afraid the answer is the same.

SFP DDM is widespread, which has to mean it's useful, right? Yet the data can be only accessed manually using CLI or browser, is not available automatically using SNMP.

Does it mean continuous values tracking / graphs are actually not used in practice and alerting is implemented within switch using Warning/Alarm thresholds and SNMP traps?

SPAN/MIRROR flow generator recommendations

Hi all,

​

I'm looking for some recommendations on a *flow generator (preferably netflow) which will receive traffic from a SPAN or Mirrored port as well as a analyzer.

I really just want to know the source ip/dest ip/dest port that is coming over the wire and have this data available in a CSV or similar.

What work should I be consulting out as the only network guy?

Spread pretty thin lately and I’m starting to wonder what I can outsource without creating even more work for myself later.

Technical Interview at Cisco

I have started the interview process for a Technical Consulting Engineer - Data Center Routing & Switching position at Cisco and have a technical interview on Friday over Webex. I was told in an email that it will only be 10 to 20 questions. Does anyone know what to expect? I was surprised it's only a few questions so I assume this is just the initial screening.

This isn't through a recruiter (if that matters).

Thanks!

Is it worth it to switch to IMS from Softswitch?

My company uses soft switch for fix core, Is it worth like saves money or it gives better service to switch to IMS from old soft switch?

Need help with a routine package installation that broke my clusters network connection

Hello,

I have an older High Performance Cluster running Centos7 that had a very strange problem today. I was installing some prerequisite packages for python 3.7. They installed fine on the head node, and then it failed on the child nodes due to the hostname resolution failing. I figured it was a DNS issue, so I checked the network status. It was running fine on each node, but no DNS. So, I elected to restart the nodes. That didn’t fix anything. After some more troubleshooting I restarted the head node, and now the network interface that handles ssh and other public connections is not detected on the network. Instead, the local interface to handle communication between the nodes seems to be multi casting on the network. Perhaps this was an issue before I installed these packages, but things were working fine the last time I did this for a server maintenance just a few weeks ago. The network interfaces are both up and running well since I can ping both IPs. The problem is that I just can’t ping or connect to anything else. It’s all unreachable.

Im quite new to HPC, and am at a loss. I haven’t changed anything to this system and neither has the Networking team Any suggestions on what to look for to fix this issue would be wonderful.

Thanks!

Not qualified SFP module Arista DCS-7124S EOS 4.2.2

Context/Info:

Hello, first off, my boss bought these discounted switches and we are struggling because the sfp modules we have are not supported by the switch.

The switch is an Arista DCS-7124S as the title says, and is version 4.2.2 of EOS. Everything is running fine if I use Arista sfp modules or even a couple other brands I have available, the thing is, I can't find the blessed code for this switch to allow third party sfp regardless of qualification.

I already tried service unsupported-transceiver wiprolabs f5047577 but no luck, the command is not even recognized. Also tried touch /mnt/flash/enable3px, but this version does not accept touch as a command, let alone create the file.

For the record, my sfp modules are shown with status "errdisabled", although displayed -correctly- as "10GBASE-LR".

   

Actual question:

Has anyone here managed to make this switch/version able to use third party sfp modules? Anyone with the magic code?

   

Any help is highly appreciated, thanks in advance.

Can you daisy chain CWDM passive mux/demux ?

Want to make sure I understand the way the "Line" port and "Expansion" port work on a passive mux. Can they be daisy chained like:

M/D #1 Line <-----> Expansion port of M/D #2 Line <----->Expansion port of M/D #3 Line <------> Expansion port of M/D #4 ? I realize that I can not duplicate any wavelengths along the chain but I've never tried daisy chaining them. Seems like it should work.

Been question about POE and switches

Hey group. I purchased and just setup a ring security cam using a Wasserstein PoE injector to power and transfer data.

Before I spend money on an additional Ethernet switch, can my Wasserstein PoE act as a switch also? I simply need more Ethernet ports for the house, but almost none need PoE.

If I CAN use it, should I plug into the LAN side, and not the PoE side?

Edit: tried to edit title to say “newb” but apparently I can’t do that? I’ve been in my 120 degree attic all day, so I’ll claim heat stroke.

Internet2 peerage and bandwidth shaping in Palo.

I have an interesting case. We are a main interconnect for our ISP and currently interface two 10g connections. We (they) are also Internet2 (I2) members, so much of our campus traffic can freely flow to those exchange peers without incurring a hit on our "ISP provisioned rate."

We are also peered with other sites on our ISP ring, we pass a lot of traffic back and forth as we are each other's DR. Any traffic between these sites also does not incur a count against our provisioned rate. Thus, only Internet1 (I1) destined traffic is subject to the rate.

The ISP does not throttle, shape or QoS. It is left to us to comply, which we've done well with thus far. They basically just ding us on overage rates sustained above 95% of the provisioned rate, which I don't believe has ever happened. And also, it is only on egress I1. Ingress I1 does not incur the same limit restrictions.

However, I just discovered that the Palo links to the edge have an egress QoS value set at our provisioned limited rate as the Max for all classes, thereby impacting all interconnect traffic, I2 and I1 equally. Palo does not let you create QoS egress exceptions based on subnet destinations in the Network QoS profile; you can create exceptions to the profile based on source networks.

What would be your ideal method of chopping up this traffic by destination and rate limit only the I1 stuff for egress? I am pretty sure I figured it out, but would be curious if I'm not so unique in my specific quandary and could take some pointers from other I2 member engineers.

When do you consider Cisco gear EoL?

Thinking of an access switch on an internal company network, do you use the last day of vulnerability/security support, or the last day of HW support as your "EoL" date for equipment?

Passing CCIE RS without attending bootcamp or CIERS1/2?

The title says it all. Has anyone here passed without attending a bootcamp and/or CIERS1 & CIERS2? I understand it's better it attend if you can, but that won't be possible for me.

​

Background:

INE subscription

Completed INE workbooks

Completed Cisco 360 Core and Advance workbooks

Completed Cisco T-shooting labs

Anyconnect and the new IOS XE (C1100) routers

Have they now moved to FLEXVPN for client based VPN's on these routers or do they still have the support for Anyconnect?

Looking through the datasheets on Cisco and lots of VPN guides but none at all for setting up Cisco Anyconnect on these routers and 'webvpn' is missing.

Thanks

ipv6 octets?

So in ipv4 we call the 4 segments octets because they are 8 bits each. In ipv6 we have 8 segments that are 16 bits each. Writing an email talking about one segment of an address I was at a loss as to what to call it. How does the hive think I should refer to a single segment of an IPv6 address?

At lost - random network problems regarding Office 365

Since multiple weeks we have those weird problems, where we can access the internet, but not our synchronized Office programms, Outlook or Sharepoint for minutes at the time. This happens via LAN and WLAN connection in the same network.
We made multiple tests to ensure, that not our internet connection is at fault. The problem only and exclusively resolves around the Office 365 package.
We can access our Sharepoint and Office package through mobile data via smartphones though.
Everything seems to work, except using everything Office 365 related in our network. Sadly, the Microsoft Support Team couldn't help us yet, even though we send multiple log files.

I don't know if it matters, but we use our fixed IP for internet access (at least, this is what shows up when I check "whatismyip".

Do you guys have any idea, why this is the case and what we can try to resolve this? I would be incredibly thankful.

I have following ideas, but I do not know if they are worth trying:
*Changing the DNS to 1.1.1.1 and 9.9.9.9
*Disabling the Firewall, Anti-Virus-System and VPN for only one Computer and see if the problems still occur (I don't know if this is possible)

Multimode Fiber Multiplexer / SPFs

Hi All,

​

I'm looking at multiplexing fiber (CWDM + MUX/DEMUX) over my existing 62.5nm multimode backbone to address lack of available fiber for redundant links. The existing fiber is mostly 400-1000m and we are using Ci$co gear at each running 1GE interfaces. Has anyone had experience with this type of solution and can speak to its feasibility and reliability? If so what vendors have you used? The Ci$co list prices make it look like running new fiber would be cheaper :/

Feasibility-wise, I'm somewhat concerned the transceivers will burn themselves out, being a fraction of their rated range from each other.

Idea: Non-profit, fully auditable, free VPN that pays for infrastructure costs via truly anonymized traffic pattern/trend data.

I've been putting off moving to a VPN service because I'm too lazy to stand up my own and I've only heard bad things about paid services. After all, if your private data becomes important to someone (e.g. govt) then they'll just pay the VPN company enough money to get it anyway.

Been mulling over the idea in my head for a while and I have two questions my experience (cybersec policy/compliance) can't quite confirm:

1) Can you set up an infrastructure like this on a cloud solution that would scale and also be a fairly safe harbor, in the event someone important/powerful doesn't like what we're doing?

2) Can you actually sell anonymous traffic data in such a way that it would pay for the infrastructure (and a little extra for the admins and lawyers we'd probably need to have on staff). Alternatively, could we work with ad networks to provide semi-targeted ads that wouldn't break confidentiality?

Otherwise, I'm fairly confident that we could set up a black-box solution that could be independently verified by a 3rd party audit (e.g. Big 4, Verizon, IBM, etc.) that would prove no human being can actually get to the traffic data before it's completely stripped of any identifiers. Even if the environment is tampered with, it could simply drop any unprocessed logfiles that haven't been stripped and purged.

Would love to hear some thoughts on problems I haven't thought about already, even outside of 1) and 2) above.

Switchport config to secure an external- facing port?

Branch site has its own internet. I want to shunt it directly to a meraki AP, what's the best way to secure the Cisco switchport that connects that modem to the AP?

Anyone knows this site "http://ipcisco.com" ?

If is trustfull or worth ?

because I was think about to try a month , but will cost 29 ....

so maybe someone knows or uses...thanks

It looks like an ASIC issue ... And now I want to borrow an SFP module in Boston.

I've got four switches connected in a double-ended MLAG like this (not my drawing). Two switches from vendor A (A1 and A2) and two switches from vendor B (B1 and B2).

It's been running for many months without issue.

Recently, some flows have begun failing to traverse the some legs of the aggregation. I zeroed in on one problem flow, found the specific link carrying that flow. SPAN on the sending side shows the frames leaving. SPAN on the receiving side doesn't show the frames arriving. Other flows between the same IP pair (using different ports) are unaffected. Other flows traversing the same link are unaffected.

Error counters are not incrementing.

If I down the suspect LAG member, the problem flow hashes elsewhere and gets delivered just fine. Re-enable the link, the problem flow lands on it again, and doesn't survive the trip.

Both ends are Broadcom based: Trident2+ from vendor A, Trident+ from vendor B.

Because the two SPAN results don't agree, I'm leaning toward putting a tap on the link to get an independent opinion.

BUT... The links are made with CX-1 cables, so I can't tap 'em.

Ideas?

I've got SR transceivers I could use on one end, need some HPE 455883-B21 for the other end.

Anybody happen to have some of these at 50 Innerbelt in Somerville MA?

3rd Party Optics - Cat 9500 "high-performance"

Anyone have experience with 3rd party optics (including BaseT) in the Cisco Catalyst 9500's (C9500-48Y4C)? I'm interested in 1Gb MMF SFP, 10Gb SMF/MMF SFP+ and 1Gb Base-T SFP.

How do I restrict my router to give ipv6 address to only one pc?

I'm running ddwrt. I set up a 6in4 tunnel to get ipv6 address but I only want one computer to use it. Or is there a way to block devices from using ipv6 with wifi? Thanks!

Newbie

Hello all. I hope you are having a wonderful day. I was wondering what I would need to do to start getting into networking and the likes of it. What are the steps I should take.

Routing Nightmare

Hello all. Recently got my CCIE R&S, so I know all of the routing protocols very well. I recently came to a new company and they have the biggest routing nightmare that I've ever seen. They're running OSPF, EIGRP, BGP, IS-IS, have a TON of static routes, and PBR implemented in random places. And, redistribution between them and lots of sub-optimal routing because of loss of metrics with redistribution including static/connected redistribution into almost every routing protocol. My goal is to clean this network up and get to a single routing protocol (BGP, and maybe OSPF or EIGRP for an underlay). Almost every device in the network has static routes pointing traffic in different directions. My first goal was to draw out the routing boundaries, so I've done that. My next thought was to immediately work on shrinking the number of routing protocols. That has became a challenge because of the mixed redistribution everywhere and static routes in lots of places overriding the dynamic protocol. I'm sort of leaning toward eliminating as much static as possible instead as my first steps.

​

My question is: have you dealt with something like this before and what was your attack strategy?

BOVPN Hub and Spoke Network Watchguard

Hello,

Apologies in advance if this seems like a rather simple question, I am not as familiar with Watchguard systems as I would like to be.

I recently took over the network administration at a company with a hub and spoke network with two hubs (M200's) and around 10 spoke sites running T50's.

Looking at the BOVPN tunnel topology it appears as if the entire network is built on a point-to-point basis as opposed to hub and spoke. Should I need tunnels on each individual site that point to every other site if the hub is in place?

For example we have 192.1.1.1 as our hub, which has a two-way tunnel to 192.1.2.1 and 192.1.3.1

Both 192.1.2.1 and 192.1.3.1 have the same two-way tunnel to 192.1.1.1 and a forest trust is active between all sites as proof of connectivity to the hub, however in order to direct traffic between 192.1.2.1 and 192.1.3.1 there needs to be a BOVPN tunnel in place between the two on each side.

We have a limited number of licences for tunnels so I am wondering if anyone could shed any light on this situation and if a more tunnel-efficient solution will be possible?

Many thanks in advance.

Different Autonomous Systems - OSPF routing over private lines before using BGP learned routes

Hello,

​

I´ve a setup which seems to be fine, but wanted to know from your experience if it´s a valid / common one, or something to be avoided. ( https://imgur.com/kTSxyTG )

As i need to extend this setup to other sites.

​

i´ve two Antonomous Systems (same company)

- one is a private AS

- the other one a public AS

​

SiteA & SiteB are inside of the private AS having their public ip address space from the same provider (ISP A)

- Each site is advertising its own and the public address space of the other sites to achieve redundancy (they are physically at different locations)

- Each site is receiving the default route only from ISP A

- SiteA and SiteB are interconnected directly via P2P line

- Via OSPF running on SiteA-RTR and SiteB-RTR, SiteA & SiteB knows that they can use the P2P lines to reach each others public space.

- In case of a P2P line failure, they will use the default route learned via BGP to reach each others public address space

​

SiteX has a public ASN and peers with different providers

- SiteX is advertising its public address space to different providers (ISP-B & ISP-C).

- Ifself it´s receiving full tables from ISP-B and ISP-C

​

​

Now i need to integrate SiteX into this public routing over private P2P lines setup.

- There is a P2P line from SiteB to SiteX

- The target is, that SiteA, SiteB & SiteX are joining the other sites public network over the P2P lines

- in case of P2P line failure, they should use the internet to join the public address space of the other site

​

-> I will include SiteX into the OSPF routing in order to make them aware of the public networks which can be reached over the P2P lines. (Right now there is no OSPF running on SiteX Routers) In case of P2P line failure, the routes learned will be removed from the routing table and the received routes from the eBGP peers will be taken.

​

Is this a valid / common setup?

Are there any pitfalls i should be aware of?

I´m happy about every hint / comment

SNMP VPN monitoring Cisco ASA

Good morning,

Hopefully this is okay to post in here.

I am currently trying to monitor a VPN using a PRTG SNMP sensor between my ASA and a customers peer.

The PRTG server is on another site and can communicate with the ASA via a different VPN.

In my ASA (version 9.2(3) I have put in the following command:

snmp-server host inside x.x.x.x poll community ****** version 2c

From what I can understand that should be enough to allow the PRTG server to poll the ASA but it doesn't seem to be working. I spent ages looking at this yesterday, far too long if I am honest.

Any ideas on what I am missing here?

Couple of Infiniband questions...

NIC's:

​

1. What's the sweespot bang/€ for used gear these days ? ConnectX-4 ?
2. What's the significant real difference WRT to CX-4/5/6 these days ?
3. Is therea an option for a cheap used IB 100Gb/s switch ?

3750x licensing experience - enforced or honor?

Good evening Redditors!

Have an interesting situation where a remote site’s industrial router failed, and thanks to oof we were able to bypass it and keep the site alive by enabling IP Services (BGP) on a 3750x. Unfortunately, this place is pretty remote, and given its non-stop environment all maintenances are minimum 90+ days out, leaving me in a pickle: if this license expires before we can get a replacement router installed, the site goes down. I have found lots of differing input on this topic - some saying that as of IOS 15, IPServices goes right to use after the eval period ends. Others say it removes the features real time.

So, simple question, hopefully answered from experience: when the evaluation license expires on a 3750X running 15.x, do the enabled features turn off?

Cisco SPA Series Phones Available

https://ift.tt/2XlqMV6

freeradius server issues

hello, I have installed a basic freeradius server. that server authenticates users wanting to gain access to the softether server I've built. I have a website that users would need to log in and pay for access. issue is that when I've been testing user accounts from the website to authenticate to the radius server, I get "Error: Ignoring request to auth address * port 1812 bound to server default from unknown client xx.xx.xx.xx port 33622 proto udp". On the ubuntu server 18.04 LTS, I've opened up ports 1812 and 1813. what am I missing? thank you in advance!

Rant Wednesday!

It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related.

There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves!

Service similar to AWS Snowball

I may have a need in the near future to replicate about 100TB of data to a new DR site data center a couple states away. The interconnect is most likely only going to be 1G throughput, which will be plenty for the ongoing backups and replication.

I know AWS has Snowball which is a 50TB storage box you load up and mail back to them to import to the cloud. Is there a similar service out there where I could rent and replicate to a box locally and mail it to the DR site?

EIGRP - What If a Route Announcement Is Missed?

I’ve been studying OSPF and EIGRP in prep for ICND2 and find something lacking about EIGRP: routes are never re-flooded, only changes or updates. A transport protocol like TCP could enforce message receipt, but EIGRP doesn’t use a transport protocol. So what if there is some type of loss when a route announcement is sent to the neighbor, preventing the neighbor from ever learning a route?

OSPF seems to handle this by re-flooding all LSAs every 30 minutes. BGP uses TCP (I get that it’s in a other class of routing protocols though). Split horizon prevents the original router from ever seeing its own connected routes have been learned by the neighbor too. So how would EIGRP handle packet loss and ensure routes are successfully learned by neighbors?

Interconnect Between Nexus 9k and Catalyst 9400

I am installing a new top of rack nexus 9k switch pair soon and was wondering the best configuration for connecting it back to my cat 9407. This is purely L2. No routing etc between the two.

​

I thought of the 3 options in the attached image. https://i.imgur.com/y9KJz4t.jpg

First being an isolated portchannel on each nexus which I believe is a bad design when we have VPC to work with. Second option was using VPC and creating 2 port channels. The third option I came up with was just using all 4 ports in one portchannel/vpc. Let me know if there is a clear best practice winner or if I need to provide additional information. Thanks in advance.

Cisco IOSXE RESTConf NAT Configuration

Hello r/networking. Hoping someone could help me figure out how to modify NAT configuration through RESTConf.

Generally I just hit the root of the tree: "restconf/data/Cisco-IOS-XE-native:native/" and then follow the path down to the object I want to modify. For example, I use restconf/data/Cisco-IOS-XE-native:native/interface/GigabitEthernet to modify an interface. However, when I look at NAT I see: Cisco-IOS-XE-nat:nat as the top of the NAT tree. And I can't figure out what the correct url path would be to configure that.

If I just try and POST it to the root of Cisco-IOS-XE-native:native, then I get an error: unknown element: nat in /ios:native/ios-nat:nat

Anyone know?

Ethernet Laptop Stations Best Practices

Most of our local infrastructure is wireless. Everyone is using Macs. This setup is very robust. However, to improve wireless for everyone, we're placing switches on the tables were CS can hardwire into to call customers and take live calls on an as-needed basis.

What's the best practice for this? My prior experience is at a call centre where phones were wired into the drop which was wired to the PC, and voice/data were on the same VLAN. All machines were Windows desktops.

All desks are bought already, so there isn't an option to have a desk with built in ethernet drops.

What are your recommendations?

PLC fibre-optical splitters for unidirectional multiplication of 100GbE on SMF?

So, I'm pretty far out of my depth, but wanted to check if someone else had already done this before I sank more time into figuring this out: I'm trying to design a system which, at one point, requires the same high-bandwidth (100GbE or more), strictly unidirectional signal be sent to multiple (4-16) destinations. I realize this could be done with just custom broadcast domains and a giant switch, but that would blow a hole in the project budget. Has anyone tried using passive optical splitters for the same purpose? I can't find much online, and would appreciate if someone could share their experience.

Cloudflare outage

Anyone else having trouble getting to cloudflare sites?

Dell S/N-Series configuration

Hello,

​

I am a former cisco ios user but I now have to configure a dell s4128f and s3148f

​

Most IOS commands work with the s4128f, but I'm particularly blocked with the s3148.

​

Basically, I need, for the moment, to connect 2 clients together, on the same switch (s3148), on the same VLAN (150). VLAN that is declared on s4128f

​

So, on the s4128f I have my VLANs declared as:

interface vlan150 description monitoring no shutdown ip address 10.50.254.254.254/16 

​

and

​

interface vlan161 description network-hardware no shutdown ip address 10.61.254.254.254/16 

​

On the s4128f my uplink to the s3148 on the ethernet1/1/27 port such that:

 description uplink-sw-ss-00 no shutdown switchport mode trunk switchport trunk allowed vlan 150,161 

​

On the s3148 the uplink arrives on the TenGigabitEthernet 1/49 port such that :

no ip address switchport no shutdown 

​

On the s3148 my clients connect to GigabitEthernet interface 1/18 and 1/13 such that:

 no ip address switchport no shutdown 

​

On the s3148:

Vlan 150 interface description monitoring no ip address tagged Gigabit Ethernet 1/13,1/18 no shutdown 

​

and

​

ip route 10.61.0.0.0/16 10.61.254.254 

​

The configuration of the clients is correct, but it is impossible to ping them together.

Maybe I forget something?

​

Thanks

Massive Cloudflare outage, again

Almost all CF hosted sites I checked are returning a 502 Bad Gateway.

Even downdetector.com and downforeveryoneorjustme.com are down.

​

Cloudflare's status page states that "Cloudflare is observing network performance issues. Customers may be experiencing 502 errors while accessing sites on Cloudflare. We are working to mitigate impact to Internet users in this region."

I checked multiple locations via VPN and got a 502 for all regions.

Tracking VPN usage, OpenVPN?

Is there a simple way to track VPN usage with OpenVPN on a OpnSense router using NPS for authentication on Windows 2016?

Ipsec error

Im trying to set up a ipsec connectivity with a hub, but i keep getting this error

CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=216.34.3.2, prot=50, spi=0xA3E37FC5(2749595589), srcaddr=192.35.197.50

​

Can anyone tell me what i need to be looking at?

​

Thanks

Reommendation for a network setup to aggregate and load balance 5 ADSL lines

We have 5 ADSL lines* in our office; each line has a separate router+wifi hotspot. We want to find an excellent way to Merge those 5 ADSL lines to get the benefit of the speed combined and balance the load too.
Some people recommended pfSense (Software), some people recommended Sophos (Software), and some other people recommended Sophos (Hardware).
Here are our basic requirements:
- Aggregate the 5 ADSL lines.
- Load balance the 5 ADSL lines.
- Monitor the traffic for each device.
- Limit the traffic for specific users/devices.
- Limit the traffic for particular websites (increase for Skype, throttle for Youtube).
- Up to 150 connected devices.
- Two WiFi hotspots (75 devices each) with the same SSID.
*Why 5 ADSL lines? the internet connectivity sucks in our city!

Scanning for TTLs

I work in a test lab were we have a few of our clients who are using private networks below us and a dual homed box as a NAT (technical not allowed but there are worse things they could do). I read something about Cellular ISPs scanning for TTLs more than 1 to see if you are tethering your phone. This made me curious. How hard is it to scan for TTLs in a production environment? Does anyone do it in their environment? What products/applications do you use for it?

Thanks!

Rapid deployment of large data centers

Here is the Dongguan cloud BU construction video, I was shocked by the speed at which Huawei built the data center.

why does a directly connected router interface creates 2 router table entries?

http://prntscr.com/o9j874

Experience with IBM Resilient SOAR and/or other SOARs

Hi,

what is your opinion or experience with IBM Resilient SOAR? I understand that it has great integration with QRadar, but I would like to have something that can work with QRadar and ArcSight and isn't very SIEM dependent.

​

Better alternatives for me atm are Swimlane, on which I've heard only praise, but we are also toying with the idea of using TheHive project, but we are afraid it will need too much work.

​

I haven't really found anything useful on IBM Resilient in this sub yet, that's why I am asking.

​

What are your experience on some of those tools or maybe you use another great tool which we should consider (Demisto maybe)?

Requirements for 802.11ax sitesurvey

What are the requirements for at a 801.11ax site survey?

​

Are they the usual -65dbm for VoIP and -75dmb data or are there any differences and/or new things to take into account?

Massic problem with ASCOM i62 Phones

Hello

im posting here, as i'm on my Limit.

We have a Building with WLAN - Meassured with Fix Radio settings on each AP - Using WLC 5508 (8.5.135) WLC and 2702 APs.

And i62 ASCOM phones.

These Phone working just fine. but suddenly they go in "message only" mode.
This can happen without any roaming. it just sits there in the doking station.

The phones are perfectly fine associated with the Wireless.

but not reachable from the WLC.

​

How the hell can i prove it is not the wireless??

VPLS Operetional state UP/DOWN

Hey guys, I am trying to learn vpls in alcatel/nokia, but I am with seriously problems.

I tried to configure vpls twice, but without success, always I got the same result:

-------------------------------------------------------------------------------

sap:1/1/3:111 q-tag 1518 1518 Up Up

sdp:22:111 M(1.1.1.1) Mesh 1518 1518 Up Down

​

I leave my configuration below, if anyone could help, I will be thankful:

--------------------------------------

sdp 22 mpls create

far-end 1.1.1.1

sr-ospf

path-mtu 1518

keep-alive

no shutdown

exit

no shutdown

exit

customer 1 create

description "Default customer"

exit

customer 2 create

description "Cust_a"

exit

vpls 111 customer 2 create

stp

shutdown

exit

sap 1/1/3:111 create

exit

mesh-sdp 22:111 create

no shutdown

exit

no shutdown

exit

​

thanks :(

Terminal network scanning for devices and hostnames

I was just wondering how to scan a network for all the devices on it. I know of the classic 'ping' then 'arp -a' but that doesnt always show the device host names. I feel as though I had seen a tutorial that showed it at some point but I cant for the life of me remember. I was just wondering if there were any commands or chain of commands that people know of that can be used to show the devices and their hostnames? Thanks!

Question about STP change on Cisco FTD mgmt link

Hi everyone, this is my first post and I hope it will make sense for You.

Couple of days ago, in envirement I try to maintain, I saw on one of the switches that 'topology change detected' and also a 'new root bridge in STG xx' so I tried to figure out what was going on.

I started from core switch from 'sh spanning tree vlan xyz detail' and noticed that this was a root bridge and last change came from link po2. Than I logged on the switch after po2 and did same and again, and again, finally reaching a mgmt cisco switch that was configured as transparent in vtp, and uplink was in trunk mode, also that switch has only 3 mgmt vlans and not the one I was searching for. To that switch I have only connected mgmt links from FTD / fire power / ASA. Unforrunatelly I am not allowed and do not have any Access to that device, nor I have any information what that device is doing or when it was rebooted. But at my segment it has only mgmt links connected. Later that day same information log on other multiple vlans also same that last change lead me to mgmt switch, that had no such vlan configured.

I taking all advise to figure out how to troubleahoot this. Thanks in advance.

Basic Multicast RPF Question

Apologies, my multicast is quite poor. Take the simple network: https://imgur.com/a/GfpQ143

​

The normal unicast path between C and F is C-B-A-D-E-F. I'd like multicast to flow C-B-E-F. I'm using static mroutes on B and E to influence this path; however, multicast won't work. Debugging B shows the RPF check is using A, the unicast path. The mroute is in place, show ip rpf <IP> shows E is the RPF interface, yet debugging still shows A as being chosen for the RPF check. The second I change unicast routing to route between B and E multicast begins working and debugging shows E as the chosen next-hop interface for the RPF check. Is my understanding just wrong? I'm still actively labbing and reading to better understand and thought any input or opinions would be greatly appreciated.

2960X Stack Upgrade Issue

BACKGROUND

We have begun updating our 2960X switches from 15.2.2E7 to 15.2.4E7. The main trigger was that we wanted to be able to run test cable-diagnostic tdr on 1 Gbps ports that were running at 100 Mbps, and at the time, 15.2.4E7 was the latest TAC star release (I realize that E8 is now available, but we already had E7 tested in production and did not run into issues with it, so we opted to stick with E7 rather than re-test on E8).

​

Using the SWIM features on Prime Infrastructure 3.4.1, Update 2, we distributed the .bin files to our standalone switches and the .tar files to our stack switches and made them the bootable image. Then over the course of several days, began activating those images (SWIM process for rebooting the switches so they load into the new image). We do it in phases over the course of 5 or so nights, with around 10-15 switches in each phase. That way, if we run into issues, we don't have a buttload of problems to take care of (there's only two of us doing Networking). That's also the reason we test the code on one of our stacks for a month or more before we deploy it to the rest of our switches.

​

ISSUE DESCRIPTION

So far, out of 18 switch stacks, we've had 3 different stacks run into the following issue:

The switch stack will reboot and load the new code. The Master switch will update without issue. The member switch (each stack that has had this issue so far has been a stack of 2 switches) will update, but when it boots, it fails ACT2 Authentication during POST and spits out the following log message:

%ILET-1-AUTHENTICATION_FAIL: This Switch may not have been manufactured by Cisco or with Cisco's authorization. This product may contain software that was copied in violation of Cisco's license terms. If your use of this product is the cause of a support issue, Cisco may deny operation of the product, support under your warranty or under a Cisco technical support program such as Smartnet. Please contact Cisco's Technical Assistance Center for more information.

Once it finishes booting, the member switch will no longer stack with the Master. It should be noted that all of these switches are authentic Cisco switches - we only order from a Cisco-Authorized VAR (ConvergeOne, in this case). Luckily, we keep several spares available in case we need to replace a failed switch, so we haven't had any extended outages due to this issue. We've tried doing several hard resets by physically removing the power cable and plugging it back in, but still get %ILET-1-AUTHENTICATION_FAIL on boot. We tried upgrading to the very latest IOS train of 15.2.7E0a, hoping that the bootloader upgrade would fix the problem, but it did not. All of our troubleshooting was done with the stacking module removed and all cabling removed (except for the console cable).

​

It appears to be some iteration of CSCur56395, which was supposedly fixed in 15.2.2E2. Since we were already on 15.2.2E7, and upgraded to 15.2.4E7, it was either not actually fixed, or is a different issue. So far, it has not impacted our standalone switches, only our member switches in a stack of two, but not every 2960X stack of two switches has been affected.

​

RESOLUTION

At the moment, our only option to correct this issue has been to call TAC and open a Warranty RMA on the affected switches and get them replaced. This thread appears very similar to the issue we're seeing:
https://community.cisco.com/t5/switching/ilet-1-authentication-fail-on-2960x-after-ios-update/td-p/3682974

Help Request - Network Admin and voice things

Alright, so I'll start off that right now, i'm feeling a little overwhelmed and think I need some knowledge dropped on me to help me reset myself to the right place, correct some expectations and just in general, help get started.

​

I myself, the Network admin, feel very confident in doing anything networking wise, network is in a good place, but i also do the Voice/Security and those are maturing since i've joined last year I work for a company of about 480, domestic in the US, with about 12 remote offices and 2 more on the way this year(SD-WAN with either MPLS or public ISP). My Voice experience really is CUCM and it was basic at best, enough to say keep something running and sort of hold a conversation with a real voice engineer about CUCM. I understood enough at my last job to be dangerous and get by was about it.

​

What my boss wants/is requesting:

​

Voice - No more desk phones, a solution to remove desk-phones from the environment. We give almost every user a cellphone, I myself dont have a desk phone, just a cell. We have Shoretel(old) for the desk phones.

​

Chat collaboration - Private chat, Group Chat and File sharing. Teams is the flavor, this is mostly because it just comes with our M$ licensing. It has been brought up about using this as the "soft phone".

​

Video Collaboration - Meeting rooms that are video capable, mobile friendly and client joinable. Bluejeans is what we have now, talks about Zoom.

​

Lets break this down further:

Voice -

We have a old Shortel system, the environment consists generally of users assigned DIDs and a voicemail box, we have a front desk phone at most sites that they transfer calls to the users that actually have phones(about 150). Ive setup some hunt groups that allow locations with DID's and no physical phone on site to ring to the main receptionist phones. Nothing beyond that in the system such as hunt lists for say ring to a Custom Service, helpdesk team or anything, and to boot, most phones are call forwarded to a cell phone anyways.

​

Chat -
IT has put for effort to encourage users to use Teams, and with general success, many users use it to chat and sharing files internally, but nothing more than that, we don't use the meetings feature, we don't use the VOIP calling.

​

Video Collaboration -

We are using BlueJeans, this is used for internal and external customer facing meetings. We run the BlueJeans Relay to integrate our meeting rooms with BlueJeans. These rooms consist of PolyCom Trio 8800 + Collab and Cisco SX20s(one SX80).

​

The play money here to make a solution work - about $40,000 is what in total we spend yearly on bluejeans and to maintain our Shoretel system(with is EOL), my reality sensor here says this is not even close to a realistic number to achieve the goal.

​

​

So, as my brain thinks about this.

Idea A.

Voice - Maintain the Shoretel system, but upgrade it to be modern. I can integrate Polycom/Cisco with Voice at this point, ditch the desk phones and forward DIDs to Cells. (messy!)

Chat Collab - Keep at it with Teams

Video Collab - I can integrate the Polycom with Teams for Chat and Video Collaboration, but not the Cisco gear (AFAIK) *The hangup and no idea on cost*

Idea B.

Voice - Ditch the Shoretel system and switch to a hosted solution (I think Zoom offers something )

Chat Collab - Ditch Teams and use Zoom

Video Collab -Ditch BlueJean and go with Zoom

Im not very educated on this however and is more theorycrafting right now and seems like a expensive switch

​

Idea C.

Voice - Move the voice to Teams(AFAIK this is expensive and feature lacking)

Chat Collab - Keep Teams

Video Collab - Keep BlueJeans and my existing Gear

​

This probably isn't enough info but i'll try and responds as I can.

Prime Infrastructure 3.4 - Wired Clients not populating

All of our switches are talking via SNMP v2c to Prime. 3750 switches are sending wired client info Prime that is populated in device details of each switch. All newer switches (3850, 9300, 9500) are not populating. Sounds like it is an SNMP context that may be missing. When checking SNMP groups, it looks identical on a 3750 compared to a 3850 (only thing different is storage-type (non-volatile vs permanent (Assume Cisco renamed non-volatile to permanent).

I found a forum that referenced having to add context to the group. When I tried this, it created another group instead of modifying the existing group leaving off the existing ACL.

Any idea if that is what is missing to allow Prime to see the wired clients? If so, what do I need to do to allow all VLANs report wired clients to Prime for an existing group?

snmp-server group <whateveryourgroup> v2c context vlan- match prefix 

Thanks

Recommendations on VPN Concentrator replacement

Currently using an ASA 5505 solely as a VPN Concentrator terminating a handful of L2L IPSec tunnels. This old guy is a workhorse but it just can't do some of the encryption methods some of my vendors are looking to run. I noticed that the ASA5506-X are the replacement, but I imagine EOL will be announced on those fairly soon. Any recommendations on a replacement for my 5505?

IPSec VPN over Megaport to AWS VPC?

Hola,

Has anyone had prior experience configuring an IPSec VPN from say a data center up to an AWS transit VPC using Megaport? Megaport's documentation says it's possible but doesn't seem to be very clear about how it's done. Unless I'm misreading things, they just kind of provide a high level diagram showing a tunnel across their services, and then point to AWS's VPN documentation if you have further questions. AWS's VPN documentation doesn't take into account a service like Megaport in between though.

I have two Megaport drops in a data center cage connected into an SRX fw cluster and looking to do a tunnel per connection as primary and secondary.

Eve-NG Wireshark Capture on Mac

Has anyone figured out how to use the capture feature for Eve-NG community on Mac? I get the “capture:// is not recognized” error. I also tried following along to this article with no luck.

Shared internet access for multi-family housing complex

(Mods, please remove if not appropriate for this sub)

Hi all! My dad is building a 16-unit apartment complex in an area that has gigabit residential fiber, so I floated the idea of offering free wired internet as a tenant benefit. My hope is that tenants can plug their router's WAN port into a provided cable drop in the closet, tweak some settings, then bam, free 60Mbps up/down. I myself have an electrical engineering background but I'm not a networking expert by any means, so I have a few questions for folks here.

1) Will this setup be kosher from the ISP side? If they end up insisting on us getting a business 1Gbps connection, it might not be worth the monthly cost. Or, what are the odds they'll just insist on installing an individual ONT for each unit?

2) How difficult will this be to setup and manager? I assume I will need an enterprise-grade router to enforce strict QoS. Each tenant router will have to change their WAN settings to specify their own IP address and use the building router as a gateway. How can I guarantee a tenant in Unit 3 cannot access file shares on Unit 12's LAN?

Thanks!

Warm up Network Jack

Hi Guys!

​

tl;dr

I have a -40 freezer and need a way to warm up network jacks so I can unplug the Ethernet cable without shattering the brittle network jack, the cable is fine after unplugging, it's the actual port itself that breaks

​

I have a freezer that is -40 degrees (Celsius and Fahrenheit). We have network jacks inside where APs are plugged into. One AP went down. We have not determined yet what is bad, the AP, cable, or jack. If the problem lies with the cable I'll need to unplug it. I have unplugged a cable from a previous jack and the jack essentially "exploded" from being brittle due to the cold (the plastic and the contacts).

​

I need some way to warm this jack up to let me unplug the cable without destroying it.

​

​

If there isn't a device out there, I would need to make something, a couple thoughts I had:

• Find a Large Funnel and stick a hair dryer in the smaller part, then place the large opening over the wall jack. Hopefully it wont melt the funnel!
• Cut a whole in a plastic box and use a hair dryer

​

If there is some other kind of heat source I can put in, it wouldn't need an opening, just need to make sure the heat source isn't able to melt the jack or the container it's going to be in.

Hopefully there is something more professional or somebody has an idea that would be easier / more efficient!

Network Engineering Group In Los Angeles

Does anyone know if there is a Network Engineering Meetup anywhere in LA? I'm looking to network a bit more (sorry for that one). And would love to meet others to build that out. I'm currently at a media company and have been for the past 4 years solving some pretty interesting Internet facing/packet/latency problems, would like to share some war stories.

Wireless bridge loses connectivity

I have a pair of Airbr1310's and I'm having a weird issue. When I change the hostname on the remote bridge I lose connectivity everytime. Has anyone else experienced this?

2 dial tones (L1/L2) to 25ish phones

I’ve tried googling this one but I don’t think I’m phrasing it properly. I know this is telephony not networking but the telephone/telecom subs I found were pretty low on members and when I searched 66 block in Reddit r/networking was the first result.

I’ve got about a dozen handsets right now that are wired into jacks that are wired back to a 66-block. We’re expanding and moving into a new office which is going to have roughly 25 handsets on it.

Can I just punch line 1 and line 2 all the way down the block for all 25 phones? Do I need to worry about voltage drops (these particular handsets have wall warts as well)? The current incoming dial tones will be provided through an ATA but if for some reason we went back to the phone company’s copper in the street is there some kind of amp or regulator or something that I should be using?

Let me know if I missed a detail or there’s a better sub to post this on. Thank you.

[HIRING] Network Engineer - Focused on Wireless and Cellular Services in NYC - Up to 110K

This advertising and media company is looking for a Database Engineer to join their Digital Infrastructure team. The company is located in an infamous NYC building in Midtown Manhattan. The company is one of the largest outdoor media providers with advertisements across North America.The company focuses on leveraging technology, location, and creativity to engage audiences.

As a Network Engineer, you'll be joining the Digital Infrastructure team. The team is looking for someone that has general network experience, but this role will have a focus on WiFi and Cellular Services. You'll be working on these network operations and planning as well as work with different cellular and wireless providers to develop solutions. They'll be looking for an understanding of protocols - such as related to TCP/IP - and an understanding of network security.

Required Skills & Experience

• 2+ years of relevant Network Experience
• Understanding of network configurations
• Experience with Wireless and Cellular Services
• Experience working with Cellular and Wireless Providers
• Understanding of network protocols

The Offer

• Competitive Salary: Up to $110K/year, DOE + Benefits

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.

​

For questions, or to apply, please email: annelise.hudson@workbridgeassociates.com