anyone using infiniband at home for direct connection between computers? SMB3 allowing speed breakthroughs?

good evening,

i've been looking for a cheaper alternative to 10GbE switches, and (as many others have) came across infiniband.

after reading several articles from 2011 about effective speed limitation due to SMB latency and not playing nice with RDMA, i've finally found a more recent one, that discusses SMB Direct, with SMB3, now being able to use RDMA.

https://www.starwindsoftware.com/blog/smb-direct-the-state-of-rdma-for-use-with-smb-3-traffic-part-i

if i understand correctly, infiniband allows direct connection between two computers with HCAs.

does that mean i could pick up two $25 inifiniband HCAs from ebay, and get 40Gb/s bandwidth between the two computers??

thanks!

I’m questioning what I thought I knew about dhcp-relay

My understanding is that in dhcp-relay, the router will process the broadcast discover message, and generate a unicast packet and send one to each relay agent configured.

The servers will likely all reply with offers, which the router will forward on to the client, but the client will only respond with a request to the first server it receives the offer from, and ignore every other offer it gets back.

As a result when there’s multiple dhcp relay agents, it’s the one with the lowest latency to the respective client that typically becomes the client’s dhcp server moving forward.

So how is it after introducing a new dhcp relay agent to the config, do the clients on the subnet now show an almost perfect 50/50 split of which server is their dhcp server, when the A server is local at the site, and the B server is over 50ms of latency away?

My assumption was that the A server which is less than a millisecond away would win out for the vast majority of clients.

Toning Cat 6

I'm struggling to use a toner on our cat 6 horizontal cabling. The process always seemed so simple before. I can't even get a signal very far in a patch cable. Any suggestions? I have replaced batteries and tried a couple different toners.

Are there newer devices that do this better? I have looked at a bunch of different toners but I can't determine a difference.

The "tone" just isn't traveling very far or bleeding through the cable jacket well.

Doodle Labs Smart Radio 2450 Help

I have a Doodle Labs Smart Radio 2450 with their version of OpenWRT on it. I bought the test antennas too, but their range doesn't seem to be that good and their data sheet suggests that they are for bench and short distance applications. I have a few questions that I'm hoping some of you know the answer to.

1. I want to use this router for 2km communication with another router on a competition vehicle, so do I need to buy a bigger antenna?
2. Here's a picture of the input output, the grey box is the radio, the green pcb is the antenna (there's two, and Doodle labs says we need to have two). Does anyone know what kind of plug this is? Could this interface well with a bigger antenna?

Any help would be really appreciated.

Wired 802.1X EAPoL supplicant on ISR WAN port

Hi all,

I'm looking for suggestions to enable 802.1X supplicant authentication on a Cisco ISR WAN port.

Scenario:

• My college dorm provides internet access through ethernet ports in every room and requires users to authenticate on the network. When a port comes up, and an endpoint sends a DHCP Discover, the dorm switch - a Cisco C2960X - sends an 802.1X-2010 EAPoL packet requesting identity. A DHCP lease and unmetered internet access are offered when a supplicant successfully authorizes the port using EAP-PEAP-MSCHAPv2 with username and password. IEEE 802.1AE/"MACsec" security is not deployed.
• If no credentials are provided in 5 seconds, the switch sends an 802.1X EAP Failure packet and authorizes and assigns the port to a Webauth VLAN. New DHCP requests are now offered a lease, but all other traffic remains blocked except for DNS and web traffic. The latter is redirected to a web authentication portal; metered internet access is offered upon successful authentication in the portal.
• In any case, the switch only allows one (1) active DHCP lease per switch port. MAC addresses do not need to be registered beforehand. An official FAQ document suggests the use of a router to connect multiple devices, and this is not restricted by the terms of use.

Need: For the end-user, 802.1X authentication provides significant benefits over authentication in the web portal:

• Unmetered internet access. The web portal was introduced many years ago and is still, by far, most used to authenticate, even with its current downgraded status as a fallback method. 802.1X authentication was introduced recently, and due to its current low uptake, migrating metering has not been considered a priority as of today.
• Automated authentication management. Authentication completed on the web portal times out after a set amount of hours, requiring the end-user to authenticate using the portal again. 802.1X authentication times out as well, but renewal is seamlessly handled in the background by the supplicant. This is preferred when there are devices that always need to be reachable from outside the room.

Problem: My previous router, a Ubiquiti EdgeRouter 4, didn't support 802.1X supplicant natively in EdgeOS 2.0 but would allow external Debian packages to be installed, so I deployed wpa_supplicant to authenticate the router using 802.1X. Like the EdgeRouter, the current replacement device, a Cisco ISR1K router running IOS-XE version Fuji-16.09.04, also doesn't natively support 802.1X supplicant on the WAN port [1], and I'm stuck finding a simple and elegant method getting around this.

Ideas, from most elegant, to least:

1. Similar to the solution for EdgeOS, using the guest shell to install wpa_supplicant on IOS-XE. However, initial attempts to launch the guest shell with front panel connectivity crashed the router. Additionally, I'm not sure whether the non-root BusyBox environment suffices for a wpa_supplicant deployment.
2. Reversed LAN/WAN roles. Connect the supplicant-supporting LAN port to the dorm switch and connect the WAN port to my switch. While I think this can be done with heavy tweaking, I'm concerned that it would lead to a lot of undesired complications.
3. Several variations on the same theme involving a physical 802.1X supplicant device between the router and the switch - considered complicated and not elegant due to the need for a second always-on device.
   a) Inversed and beneficial "A Bridge Too Far" attack (DEF CON 19) [2]. Deploy a "SlimShim"/transparent MitM bridge [3] on a Linux device with two network interfaces between the router and the dorm switch. Spoof MAC address of one interface to that of the router, and filter relevant traffic using ebtables [4]. But instead of piggybacking on the authenticated device as the original attack demonstrated, use wpa_supplicant to authenticate and then let the router enjoy unrestricted access on the authorized switch port.
   b) Same as above but with a switch and a computer with wpa_supplicant. Involves caution as not all switches will pass 802.1X frames.
   c) Same as above but with another known 802.1X supplicant such as wpa_supplicant on an EdgeRouter.

[1]. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/15-mt/sec-user-8021x-15-mt-book/config-ieee-802x-pba.html#GUID-2C674232-26A2-42DC-A214-DFDB3BB73FCC
[2]. https://www.defcon.org/images/defcon-19/dc-19-presentations/Duckwall/DEFCON-19-Duckwall-Bridge-Too-Far.pdf
[3]. https://mkirby.org/mkblog/?p=403
[4]. https://ebtables.netfilter.org/

Will a PoE switch damage a non-PoE device?

My boss is adamant about the fact that our Cisco and Zyxel PoE switches that we have will "fry" our company's proprietary devices since they don't require PoE. However, according to the 802.3af/at standard doesn't a device have to request PoE in order for the power to be sent over the appropriate pins?

I'm assuming companies like Cisco and Zyxel implement the 802.3af/at standard in all of their devices.

I bought load balancer and it did nothing

I have 2 wifi router 4G LTE-A both with lan ports connected to tp-link router load balancer and then load balancer Connected to switch, my dl was 40-80 mbps using one router connected to switch without load balancer but when i added load balancer and connected other wifi router(both turned off their ssid and wifi) speed went down to 14-20 mbps , i tried turning off firewall on routers and load balancer still speed sucks, anyone know why

AVPN circuit physical interface won't come up

We have an AT&T MPLS circuit with CenturyLink/Level 3 as the LEC, at one of our sites. This is our 2nd circuit with AT&T at this site. It is replacing the other AT&T circuit with a lower CIR. Verizon is the primary WAN at this site with AT&T as backup. One of my colleagues was assigned to bring up this new AT&T circuit and decommission the current one. Then he was abruptly laid off. So no one knew the status of the task. Long story short, we are now looking at a circuit that won't come up. Demarc is a Cisco 3600 ME router on a different floor from our equipment. We've re-used the SFPs from our existing working circuit on the demarc and the ASR (our equipment), swapped fiber on both ends, used the same riser port as existing working circuit, tried different ports on the ASR but the ports won't come up. We see -33dbM from provider and they are reporting similar results from us.

Unfortunately, the company has refused to send out any of my colleagues out there. So we have to rely on field support to do the work. This means we have no testers or any other way to validate our end. All they're doing at this point is asking how long they have to pay for 2 circuits! CenturyLink of course see nothing wrong with their side of the circuit.

I'm at my wits end and don't know if there's anything else we can do to determine where the problem lies.

Has anyone had any experience with AT&T Business dedicated fiber service, specifically for rural locations?

My Mississippi business is located approximately 15 miles from the nearest reputable high speed ISPs like Comcast or AT&T Uverse. So for the past 18 or so years, we've used a satellite ISP (Hughes formerly, now Excede/Viasat) which means we've been forced to pay upwards of $600/mo for high data usage monthly periods and less-than-ideal speeds, ping, and reliability. FYI if we exceed 300gb data, we now get charged $50 for every 10gb more we use after capping.

Moving on to AT&T Business dedicated fiber... I was contacted by an AT&T rep claiming he could bring us a dedicated fiber connection to our office. AT&T would contract out the work as long as the installation costs less than $10,000; otherwise, they either wouldn't do it or would ask us to finance the install. For those that may not understand dedicated, AT&T claims speeds of say 50mbps down/up unwavering whereas a shared connection could be 35mbps down and 5mbps up on a good day. Continuing, AT&T is offering our rural location 50mbps down/up for $750/mo or 100mbps for $950/mo. Can even get up to a gbps but I didnt ask how much that would be out of fear of price shock. Because it's AT&T, this would also mean our phone lines, which we have two, a toll free and a fax line (yes we still use it), could be wrapped into this deal under that $750/mo plan. Where our phones cost us around $250 now. So far, it seems expensive since this would be $9,000/yr but still may be worth it. Unless you compare it to what you'd get in an urban market which makes this all sound like highway robbery.

Another unrelated to business perk is that this AT&T service has an option for running dark fiber to any homes on the property we own where the business is located. Those costs to install could be financed into the monthly bill. This is big news for those of us living out there as we could finally stream, download big files, and hopefully do some multiplayer gaming as well.

Back to my question... Has anyone had any experience with a rural dedicated fiber solution like this AT&T service?

TL;DR rural business seeks opinion on AT&T Business dedicated fiber

Where is everyone buying cables?

I have an upcoming project to pull some drops. I normally buy my spools from monoprice or a local supplier. Where is everyone finding the best deals for spools. I’m looking for a couple spools of CAT6A plenum shielded and CAT6 plenum shielded.

Advertising public subnet out of different country - routing implications

We have a /21 and a /22 which we advertise out of our data centres in the UK via a variety of tier1's for redundancy. In the USA we use a subnet owned by CL, which we can only advertise via CL and thus have no carrier resiliency.

The current plan is to link up our UK and USA operations via a vpls/mpls, re-IP our USA operations out of a /24 contained within our /22.

What we dont want is for external traffic from the UK destined to our USA based /24 to carry across the vpls circuits as bandwidth is expensive and we can to keep the capacity for internal operations. So the plan was to amend what we advertise in the UK to be a /21, /24, and a /23, ommitting the /24 we want to use in USA. Then find an IP transit provider with whom we can peer with in the USA to advertise the /24 out to the world.

Been thinking about it though and the step of ammending our advertisements in the UK seems like a redundant step. If we advertise the /24 out of the USA and keep advertising the /22 in the UK, then externally traffic destined for the USA /24 so should go direct there via the transit provider anyway as its a more exact route.

Globally the internet will see a /22 reachable via GTT and a /24 reachable by whoever we choose in the USA, so traffic will go that way anyway?

Or ive got this totally wrong, and before more specific routes are even taken into consideration the BGP best path selection algorithm comes into play and the UK traffic will come via our UK DC due to the shorter AS path attribute?

​

Is my assumption correct or am i missing something out?

Does anyone here have experience working for collocation datacenter?

Lets assume they are in the top bracket of data centre class.

Would you say that such a company is a good move for someone early on in their networking career?

Primary objectives for me are: - Getting exposure to routing and switching to aid future studies (CCNP) - Getting exposure to other technologies and vendors - Giving me a solid foundation as a Network Engineer

Does iBGP neighbor lookup using an eBGP route flag recursive routing lookup?

I'm trying to set up an EVPN between two of my datacenters, problem is my upstream ISP dumps all BGP attributes before it hits the WAN (Don't ask I already barked up that tree). Could I just use my EBGP neighbor ship with the ISP as an "Underlay" protocol to get my BGP attributes across the wire for EVPN-VXLAN signaling? I think I might just be better off running a GRE tunnel for this.

IOS-xe guestshell python

Recovered a newish 3650-24ps-s running 3.6.4. This ver does not support the guestshell, and I was thinking about updating to 16.? so I can goof around with running python scripts. Looking for most stable ios-xe that can run a python guestshell..can I run netmiko??

Anyone powering a point-to-point(-to point) bridge with solar?

I have been presented with a challenge.

One of my sites is a golf course. Approximately 1.5km away is the associated Driving Range.

Currently, the course is part of my fiber MPLS setup, but the range is tunneled in over DSL because it's all that's available there. We're paying roughly $100/mo for 10mpbs (you're reading that right).

The thought right now is that it would be cheaper (long term) and a better experience for the users at the range if we could link them to the course over a PtP wireless link and drop the DSL. Problem is, the only way I have decent LoS is if I put a pole up about 1km from the main site and repeat the signal to make about a 45-degree turn around some houses and trees. I've already established that I need a 30' pole... but I have no power within 500' of this spot and in the interest of keeping the cost down, I'm not looking to trench or have the power company install a meter.

Is there any cost effective way to use solar for this application? Anyone here experienced with networking "off the grid"? We're only looking to put up a couple decent APs. My biggest concern is dropping the link if we have a couple of cloudy days in a row or something.

I know this is probably more of a facilities issue for most of you, but figured it's worth a shot.

Data discovery tools for compliance

Hi /r/networking,

My organization is in a data discovery phase where our objective is to find and tag the data we keep on-premise. The class of data we're most interested in is, unsurprisingly, personal data--names, addresses, email addresses, IP addresses, credit card numbers, national identification numbers, so on and so forth.

We've engaged in an exercise where we've interviewed representatives of each department and have documented data fields and interaction between systems, so we have some idea of how our data is governed, but it is imperfect and would likely be insufficient in the event of an audit.

I'm wondering if there are tools out there that can scan our systems, hunt down the data we're looking for, tag it, and map the relationships between the different systems that we use to track data transmission.

What would be the best way to go about completing this task?

Permit and Deny ICMP options on Adtran router

Does anyone know if there is a deny fragments option for ICMP on an Adtran router? I can't seem to find one. These are all the options I have, none of which look like what I'm looking for (what does dod mean in this context btw?) :

administratively-prohi - Administratively prohibited bited

alternate-address - Alternate address

conversion-error - Datagram conversion

dod-host-prohibited - Host prohibited

dod-net-prohibited - Net prohibited

echo - Echo (ping)

echo-reply - Echo reply

host-isolated - Host isolated

host-redirect - Host redirect

host-tos-redirect - Host redirect for TOS

host-tos-unreachable - Host unreachable for TOS

host-unknown - Host unknown

host-unreachable - Host unreachable

information-reply - Information replies

information-request - Information requests

log - Log matches against this entry

mask-reply - Mask replies

mask-request - Mask requests

mobile-redirect - Mobile host redirect

net-redirect - Network redirect

net-tos-redirect - Net redirect for TOS

net-tos-unreachable - Network unreachable for TOS

net-unreachable - Net unreachable

network-unknown - Network unknown

option-missing - Parameter required but not present

packet-too-big - Fragmentation needed and DF set

port-unreachable - Port unreachable

precedence-unreachable - Precedence cutoff

protocol-unreachable - Protocol unreachable

reassembly-timeout - Reassembly timeout

redirect - All redirects

router-advertisement - Router discovery advertisements

router-solicitation - Router discovery solicitations

source-quench - Source quenches

source-route-failed - Source route failed

timestamp-reply - Timestamp replies

timestamp-request - Timestamp requests

traceroute - Traceroute

track - Make this access-list entry dependent upon a track

ttl-exceeded - TTL exceeded

unreachable - All unreachables

Paid help for TN3270 emulator

Hello, I have problems with IBM MainFrame TN3270 emulator: I connect to their server with my Python script, type commands, everything works, but once I have to pass commands to strict cursor position - I can't do that. I believe problem is simply to fix for someone who have experience with networking. Please, contact me, I will pay for help. Thank you all in advance.

Ruckus master AP question

Does the master AP only work if you connect the others AP to it daisy chain?

Or you just connect all the AP to a switch and then assign the Master on the unleash App?

The photo on ruckus page make it seem like question #1

Thanks.

Why don't any of the big name firewall appliance vendors support OpenVPN?

Cisco, Juniper, Fortinet, Palo Alto, etc. - none of them offer onboard OpenVPN support as far as I know. I get that OpenVPN performance can lag a bit behind IPsec in some scenarios but I'm just curious why it's only the FOSS based guys like pfSense, OPNsense, VyOS, and so on that offer OpenVPN connectivity options. Perhaps the big guys aren't able to bake it into their ASICs?

Can't enter multiple port because the router has a character limit on the external port box

I'm trying to forward multiple ports (XXXX-XXXX) but the external port box only allows for 5 characters, what should i do?

Quite different upload speed from Windows to two different Linux Machines

Hi there,

I've been fighting with a strange issue.

So, I have a Windows test machine, and when I test with iperf3 I get quite different performance when testing against one Linux machine than when I test to another one.

Important Note:

Both Linux machines are host in quite different environments. Both run over KVM, but on is using Openvswitch for network access while the other uses a linux bridge.

I know it would make sense to test using more similar environments, but on one side our setup is quite complex, and on the other hand I'm are trying to find out the root issue. I mean, I'm trying to get the same speed against both Linux machines, no matter in which environment they run.

After all the tests we have been doing, looks like by some strange reason, the Windows test machine when running iperf does not try to send at the same rate to both machines.

We've been comparing the Linux machines for a while, from ethtool to sysctl (And also the hypervisors hosting them) but we cannot find a difference that changes the result.

This is a iperf3 against the machine that performs as expected:

https://www.dropbox.com/s/hbv6hngkwikthwa/good_perf.PNG

And this is the one with bad performance:

https://www.dropbox.com/s/9rw8dlw80l70dls/bad_perf.PNG

As you can see, the first one behaves as I would expect. It keeps increasing the transfer speed until it goes back down a little bit and then tries to increase it again.

The one with bad performances, just seems to keep a rate, without really trying to go faster.

Does this kind of behavior remind you of anything you may have encountered before?

I've been trying to pinpoint the issue for the whole week, and I'm starting to run out of ideas.

Also, we tried with other windows machines, and looks like the lower the ping the faster the iperf performs. Which would mean it's a windows size or windows scaling factor issue, but as far as I can see it is not as the windows size on the bad performance machine seems to be quite high.

Any ideas?

Thanks!

PoE+ Patch panels?

Is there such a thing as a patch panel that will provide power to PoE devices? I'm looking at replacing a few switches because I need more PoE out of them and I was wondering if there is a cheaper alternative out there. I looked around and couldn't find much except for some sketchy looking stuff from ali express. Anybody seen anything like this?

Default gateway management interface

Dear Network Engineers,

There is something I don’t get here and was hoping if someone could help me understand. For a firewall, in my case a Palo Alto FW, Is the default gateway for a management interface a physical router ? Or is that IP of a logical router within the firewall that just directs traffic out of a data port ? I am asking because I am currently troubleshooting a management service (ping/ssh/snmp) connection where the route to the destination is in place and bytes are being sent , but I believe this specific connection does not have a way back as bytes are not being written back. Trying to determine if it’s a firewall or R/S issue.

Cable Labelling - Laser/Inkjet Friendly label recommendations

Needing to print around 1000 labels (50/50 split of Cat6 and OS2). Our Rhino 5200 isn't going to cut it when it comes to bulk labels. I've been looking at label solutions that use a standard inkjet/laser printer to print using a template. I've seen good reviews about the panduit labelcore solution https://www.panduit.com/en/products/signs-labels-identification/labels-markers-printers/desktop-printer-labels/s100x225yaj.html but they're hard to get in Australia and i'm on a bit of a tight timeline. Are there any other solutions that people can recommend?

Please help with setup

I have 2 wifi huawei routers and would like to use load balancer to get more bandwidth, each router got its own subscription with different isp using sim cards ,will placing routers near each other slow the net? Radio waves interfere with each other? Do i need to place faraway from each other

VIPTELA SD-WAN

Hello So I started studying SD-WAN and settled for Viptela to do my labs, when I start to study about it from YouTube I knew it should has a Vbond But when I went to cisco site to download my OVAs so I can build my labs I didn't found the Vbond and I found a Vcontainer So I am really confused, I search the internet but didn't found an answer so I decided to asl you guys Any help? Thanks

MPLS COS Oversubscription SOP

https://ift.tt/2ABLiYA

Optics EEPROM information

Hi,

I'm trying to determine what kind of information is being stored in EEPROM of optics. Is that info pure informational or is it somehow usable by switch and influences hardware operations. Thinking here perhaps about some thresholds that can for example shutdown optic, based on some condition.

Based on wiki article EPPROM contains:

transceiver's capabilities, standard interfaces, manufacturer, and other information

​

My use case is to use 3rd party optics in a switch. I can get those optics working by issuing a command enabling 3rd party optics, so they are operational. But is it still worth to code optics with vendor specific info ?

Switch config over console using pyserial

Has anyone had success writing a script and making this happen¿ Total python noob, but spent a couple hours trying, and getting lost in the details. Have found a few examples online, but they are written in python 2 and having a hard time with formatting. Github pages are way to advanced for me, any help?

Yes, I figured out how to do this via ssh, using netmiko, and it was awesome and intuitive. But my requirement is via console. About 70 switches a few times a year.

Prefix List & EIG Distribute-list filtering

GOAL:

Block the 10.1.4.0/24 network being advertised by Router2 FROM Router1

I'm using pre-fix lists. And i ultimately know how to get my desired results. But what im not understand is why some of my ideas aren't working. I guess im not understanding how prefix-lists operate in the IOS

​

Both routers running EIGRP properly.. I can ping the networks without route filtering.. this is a question about prefix-lists. ----Router2#---- These are the routes being advertised on router 2 10.1.1.0 /24 10.1.2.0 /24 10.1.3.0 /24 10.1.4.0 /24 <--- Only this should be blocked via prefix-list filtering ----Router1#---- router eigrp 1 network 192.168.1.0 distribute-list prefix BLOCK-10.1.4.0 in THIS WORKS: >> ip prefix-list BLOCK-10.1.4.0 seq 10 deny 10.1.4.0/24 >> ip prefix-list BLOCK-10.1.4.0 seq 20 permit 10.0.0.0/8 le 32 THIS WORKS: >> ip prefix-list BLOCK-10.1.4.0 seq 10 deny 10.1.4.0/24 >> ip prefix-list BLOCK-10.1.4.0 seq 20 permit 10.0.0.0/0 le 32 THIS DOES NOT WORK: >> ip prefix-list BLOCK-10.1.4.0 seq 10 deny 10.1.4.0/24 >> ip prefix-list BLOCK-10.1.4.0 seq 20 permit 10.0.0.0/8 

In an attempt to block the 10.1.4.0/24 network but permit the other 10.x.x.x networks i have... Why doesn't " ip prefix-list BLOCK-10.1.4.0 seq 20 permit 10.0.0.0/8" this permit what i want? In my head, 10.0.0.0/8 would cover the address space i want to permit. What am i missing here... This is a simple question that I am looking to understand the IOS interpretation of prefix-lists, so I'm expecting a simple answer. Let me know if you dont quite understand what im expressing above.

Is Cisco Prime being discontinued soon?

We are looking into Cisco Prime at my job (California based MSP), however we can't help but notice its aged web interface and also lots of the Cisco Prime documentation URLs either going 404 or redirecting to DNA.

So I am wondering whether it would be discontinued soon?

VLANs

Okay, someone help me here. I’ve only done cabling and small networks and have never had to do anything with VLANs. No I’m trying to learn them and think I’m doing something wrong. I have a little experiment I’m trying to setup and can’t seem to be able to get it to work. Here’s what I’m trying to do.

I have a Cisco RV215W router with four ports on it. I have a Cisco Catalyst 3750V2 48-port + 4 SFP switch, and a Catalyst 2960-S 48-port + 4 SFP switch.

Here’s what I’m trying to achieve: anything you plug into one of the switches goes onto one VLAN with the default gateway of 192.168.3.1 and everything you plug into the other switch would go onto another VLAN with the default gateway of 192.168.4.1. I’m not going to go on about all they ways I’ve tried to make it work, but I’m curious the right way it should be configured to work that way. Thanks!

Aruba stack + power outage = no access except console but all routing works fine since it came back up

I can dump the config if interested but here's the go: Can't ping it Can't ssh or telnet to it No web interface

Show web-management says http is enabled No management vlan defined

From what I have seen trying to find with other people with similar is they could at least ping it and just couldn't load the web interface.

Any ideas on what to start looking for?

vlan config, do I have this right?

I'm trying to isolate a network appliance so only one other device (my workstation) on the network can access it.

- I have a simple 8 port switch. Ports 1-8 are all on VLAN 1
- my networking appliance is on port 2
- my workstation is on port 3
- I created a VLAN with ID of 99 for ports 2 and 3, both ports are untagged
- I created a PVID of 99 for port 2
- Port 1 is connected to a route which provides Internet access

I think this configuration will isolate port 2 (the appliance) so only port 3 (my workstation) can access it while still allowing my workstation internet access. Am I correct?

If I have this setup right, is it working because port 3 (my workstation) traffic is transmitting and receiving on both VLAN 1 and VLAN 99 simultaneously whereas port 2 only transmits/receives VLAN 99 traffic, no VLAN 1 traffic? Do I understand that correctly?

DQA: Question about IPv6 subnets and routing

So I'm not a complete idiot, but networking has never been my strongest suite.

Question: ISP gave us a \64 subnet. The route is from ::1 to ::2. Do I have the ability to assign \56 subnets from an L3 switch as is or do I have to go back to the ISP with the requested routes for each \56?

I have a Cisco L3 SmartSwitch and a Sonicwall TZ400 I'm working with currently.

I'm not asking for the answer, just if I'm on the right track or not. And if anyone has like a link or video of someone visually explaining this stuff that they could recommend, that would be even better.

Need help finding a loop

So this thing has been at me all day

​

We have a warehouse satellite office that has been giving me issues the whole day.

The problem: I installed a 48P+4SFP ubiquiti switch as the main switch, there are four other switches in the warehouse that have fiber running to this switch on the SFP ports. When all four ports are active, Port 49/50 simulteanously go on and off - it might be all of them but I definitely see it happening to these two.

​

I don't see any loops. I have traced out each interface and the device attached to them. I turned off any devices that could cause issues. There are some switches connected to those four switches, but nothing of interest. I even turned off STP thinking it would cause an issue.

I cannot identify anything. Could it by the ubiquiti not supporting the SFP? I notice they're SFP1/SFP+1/SFP2/SFP+2 ports.

What do you wish you knew?

I'm not sure if this violates rule #5 or not, but I am a little anxious about this job I just accepted.

I am a senior in the network management and technology major at my university and just landed my first networking job. I have never worked in the field, I have always worked in pharmacy and a way to pay for school. That being said, I spend a lot of my free time at home playing with servers, computers, and networking labs. I feel like I have a lot of information but I am scared about the practical application of the information in the job field. I just wanted to come here and ask what you guys wish you had known or brushed up on before going into your first networking job. Is there a protocol or specific task you wish you had learned before going into the job?

I realize every organization is different and may have different hardware/software/business needs but anything I can look into and brush up on might help.

​

Thanks!

Is CiscoWorks used nowadays?

Has CiscoWorks 2000 been replaced or is it supported? I'm trying to load some MIB files that I've downloaded from Cisco and it says " Network Management Software such as Cisco Works 2000 can be used to install MIBs. "

https://mibs.cloudapps.cisco.com/ITDIT/MIBS/MainServlet

Cisco NTP SHA1 Keys Support

Is Cisco ever going to support SHA1 NTP keys on switches and routers? Asking for a STIG friend...

Blogpost Friday!

It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts

Feel free to submit your blog post and as well a nice description to this thread.

PXE-32 TFTP open timeout.

Everthing seems to be working fine but for some reason it doesn't work, I'm new to networking, so sorry if i sound like a total noob, when i open the TFTP tab it just says progress 0% 0 bytes transferred, i've been working on this for 5 hours (litterally, from 6 to 12...)and i feel like i want to scream to a wall for 2 hours straight rn, it's driving me nuts

im using serva RN

here's the YT video i followed, and the other one

here's the log, any help would be appriciated

[09/19 21:28:13.716] BINL Inf: Preparation/Maintenance procedures "Start" **
[09/19 21:28:14.074] BINL Inf: Expandd OK, C:\Users\tristan\Desktop\serva\WIA_WDS\win7\_SERVA_\pxeboot.n12
[09/19 21:28:14.258] BINL Inf: Expandd OK, C:\Users\tristan\Desktop\serva\WIA_WDS\win7\_SERVA_\bootmgr.exe
[09/19 21:28:14.272] BINL Inf: Copied OK, C:\Users\tristan\Desktop\serva\WIA_WDS\win7\_SERVA_\boot\boot.sdi
[09/19 21:28:14.667] BINL Inf: Created OK, C:\Users\tristan\Desktop\serva\WIA_WDS\win7\_SERVA_\ServaBINL.dat
[09/19 21:28:15.069] BINL Inf: Injected OK, C:\Users\tristan\Desktop\serva\WIA_WDS\win7\_SERVA_\boot\ServaBoot.wim Added [2]\Windows\System32\ServaPENet.exe
[09/19 21:28:15.082] BINL Inf: Injected OK, C:\Users\tristan\Desktop\serva\WIA_WDS\win7\_SERVA_\boot\ServaBoot.wim Added [2]\Windows\System32\Winpeshl.ini
[09/19 21:28:15.093] BINL Inf: Injected OK, C:\Users\tristan\Desktop\serva\WIA_WDS\win7\_SERVA_\boot\ServaBoot.wim Added [2]\Serva.txt
[09/19 21:28:15.120] BINL Inf: Created OK, C:\Users\tristan\Desktop\serva\WIA_WDS\win7\_SERVA_\boot\bcd
[09/19 21:28:15.131] BINL Inf: Created OK, C:\Users\tristan\Desktop\serva\BM\PXESERVA\BIOS\pxeserva.cfg\menu.def.bak
[09/19 21:28:15.134] BINL Inf: Created OK, C:\Users\tristan\Desktop\serva\BM\PXESERVA\BIOS\pxeserva.cfg\menu.def
[09/19 21:28:15.134] BINL Inf: Created OK, C:\Users\tristan\Desktop\serva\BM\PXESERVA\BIOS\pxeserva.cfg\menu.def
[09/19 21:28:15.136] BINL Warn: Serva assets not found when creating C:\Users\tristan\Desktop\serva\BM\PXESERVA\EFI32\pxeserva.cfg\menu.def
[09/19 21:28:15.137] BINL Inf: Created OK, C:\Users\tristan\Desktop\serva\BM\PXESERVA\EFI32\pxeserva.cfg\menu.def
[09/19 21:28:15.147] BINL Warn: Serva assets not found when creating C:\Users\tristan\Desktop\serva\BM\PXESERVA\EFI64\pxeserva.cfg\menu.def
[09/19 21:28:15.148] BINL Inf: Created OK, C:\Users\tristan\Desktop\serva\BM\PXESERVA\EFI64\pxeserva.cfg\menu.def
[09/19 21:28:15.655] BINL Err: WIA_RIS_SHARE not found; 127.0.0.1:445 SMB is not responding
[09/19 21:28:15.657] BINL Inf: WIA_WDS_SHARE OK; 127.0.0.1:445
[09/19 21:28:15.658] BINL Inf: Preparation/Maintenance procedures "End" **
[09/19 21:28:18.730] DHCP Inf: Serva's own interface MAC ?/18:DB:F2:3F:3E:61 : ignoring request
[09/19 21:28:42.262] DHCP Inf: Rcvd DHCPDISCOVER from IP 0.0.0.0, MAC Elitegro/00:16:EC:6F:67:BB, ClassID "PXEClient", Arch "Intel x86PC"
[09/19 21:28:42.264] DHCP Inf: Address 192.168.20.90 is being OFFERED
[09/19 21:28:42.265] DHCP Inf: Broadcasting through local interface [192.168.137.1]
[09/19 21:28:42.266] DHCP Inf: Broadcasting through local interface [192.168.100.3]
[09/19 21:28:42.266] DHCP Inf: Broadcasting through local interface [169.254.85.60]
[09/19 21:28:43.296] DHCP Inf: Rcvd DHCPREQUEST from IP 0.0.0.0, MAC Elitegro/00:16:EC:6F:67:BB, ClassID "PXEClient", Arch "Intel x86PC"
[09/19 21:28:43.296] DHCP Inf: Address 192.168.20.90 is being ACKED
[09/19 21:28:43.298] DHCP Inf: Broadcasting through local interface [192.168.137.1]
[09/19 21:28:43.298] DHCP Inf: Broadcasting through local interface [192.168.100.3]
[09/19 21:28:43.298] DHCP Inf: Broadcasting through local interface [169.254.85.60]
[09/19 21:28:43.355] DHCP Inf: Rcvd DHCPDISCOVER from IP 0.0.0.0, MAC Elitegro/00:16:EC:6F:67:BB, ClassID "PXEClient", Arch "Intel x86PC"
[09/19 21:28:43.355] DHCP Inf: Address 192.168.20.90 is being OFFERED
[09/19 21:28:43.356] DHCP Inf: Broadcasting through local interface [192.168.137.1]
[09/19 21:28:43.356] DHCP Inf: Broadcasting through local interface [192.168.100.3]
[09/19 21:28:43.356] DHCP Inf: Broadcasting through local interface [169.254.85.60]
[09/19 21:28:47.311] DHCP Inf: Rcvd DHCPREQUEST from IP 0.0.0.0, MAC Elitegro/00:16:EC:6F:67:BB, ClassID "PXEClient", Arch "Intel x86PC"
[09/19 21:28:47.311] DHCP Inf: Address 192.168.20.90 is being ACKED
[09/19 21:28:47.313] DHCP Inf: Broadcasting through local interface [192.168.137.1]
[09/19 21:28:47.314] DHCP Inf: Broadcasting through local interface [192.168.100.3]
[09/19 21:28:47.315] DHCP Inf: Broadcasting through local interface [169.254.85.60]
[09/19 21:28:47.380] DHCP Inf: Rcvd DHCPDISCOVER from IP 0.0.0.0, MAC Elitegro/00:16:EC:6F:67:BB, ClassID "PXEClient", Arch "Intel x86PC"
[09/19 21:28:47.381] DHCP Inf: Address 192.168.20.90 is being OFFERED
[09/19 21:28:47.382] DHCP Inf: Broadcasting through local interface [192.168.137.1]
[09/19 21:28:47.382] DHCP Inf: Broadcasting through local interface [192.168.100.3]
[09/19 21:28:47.382] DHCP Inf: Broadcasting through local interface [169.254.85.60]
[09/19 21:28:48.354] DHCP Inf: Rcvd DHCPREQUEST from IP 0.0.0.0, MAC Elitegro/00:16:EC:6F:67:BB, ClassID "PXEClient", Arch "Intel x86PC"
[09/19 21:28:48.354] DHCP Inf: Address 192.168.20.90 is being ACKED
[09/19 21:28:48.357] DHCP Inf: Broadcasting through local interface [192.168.137.1]
[09/19 21:28:48.358] DHCP Inf: Broadcasting through local interface [192.168.100.3]
[09/19 21:28:48.359] DHCP Inf: Broadcasting through local interface [169.254.85.60]
[09/19 21:28:48.362] TFTP Inf: Read file <\BM\PXESERVA\BIOS\pxeserva.0>. Mode octet
[09/19 21:28:50.415] TFTP Inf: Read file <\BM\PXESERVA\BIOS\pxeserva.0>. Mode octet
[09/19 21:28:54.380] TFTP Inf: Read file <\BM\PXESERVA\BIOS\pxeserva.0>. Mode octet
[09/19 21:29:00.364] TFTP Inf: Read file <\BM\PXESERVA\BIOS\pxeserva.0>. Mode octet
[09/19 21:29:08.329] TFTP Inf: Read file <\BM\PXESERVA\BIOS\pxeserva.0>. Mode octet

How to make an IPSEC VPN such that it allows for a high MTU?

Hi guys, on Mikrotik equipment, how do I make a site to site IPSEC VPN in such a manner that it would create a minimal amount of MTU overhead? So that there is a larger MTU left for the packet data itself.

Is there a chart of IPSEC algorithms and security protocols and how much MTU they take up?

Fragmentation issues...

Devices that support BootP and not DHCP?

Just curious, I've run across a newly manufactured device that does not support DHCP, only BootP. Is there any logical reason why a modern device would support BootP and not DHCP.

The flip side of that question is, would it be normal for a modern Layer 3 managed switch to support DHCP and not BootP? It was my understanding that DHCP was backward compatible to BootP.

Specifically, I'm talking about a Rockwell Powerflex 525 VFD (BootP only) and an N-Tron 708TX switch (doesn't support BootP), both common devices in industrial automation. However, Cisco switches do support many functions for BootP devices and private label to Rockwell as Stratix switches. It very much appears that Rockwell has removed DHCP support on the VFD to force the purchase of Stratix switches, but maybe I should instead be complaining that N-Tron switches are abnormally limited by not supporting BootP?

Is BootP basically dead in the modern age or is it a semi-common protocol?

Internet Transit in Equinix Chicago

We are hoping to advertise our ASN and a subset of our public subnets out of Equinix CH2 in Chicago, but im looking for the right term for what we need from Equinix.

Am i correct in asking them if they provide "IP Transit" services? Ive asked them that and they have come back offering my internet exchange peering. I dont believe that is the right option for us though

Standalone single 4500-X (non-VSS) to VSS pair conversion

I have a question/sanity-check request regarding this project. I would like to make sure my plan is sound and/or possible.

Background-

I have a single 4500-X switch currently running as a non-VSS device. We are needing to add a second 4500-X to run as a VSS pair with this current device. I need to minimize the downtime getting this setup as much as possible - very critical infrastructure.

Plan -

Once the new device is received, upgrade firmware/software and configured VSS. Migrate the existing switch config over to this new device, rack it and move the existing cables to this new device. Once everything is verified good and functional, wipe the config off the old device, upgrade firmware/software and configure for VSS, plug into running switch.

Questions -

Can I configure the new device as a new VSS member and get it up and running without yet plugging in the other device? Once I connect the second device, will all configuration automatically duplicate/convert over to the second unit without any further downtime/reboots/etc.?

Anyone go through this process before? Any issues/caveats? I'm aware of the requirement to match model, port counts, licensing, modules and firmware. Just want to make sure I have all my bases covered.

Thanks!

Sonicwall IPSec tunnel double NAT issue

Client bought out a new location and they are currently forced to use the equipment already there outside of the firewall. They use sonicwalls throughout their organization so that is what they placed here behind the fiber router of the ISP. We have no access to that device to make it do a passthrough, so we are stuck dealing with the private IP scheme its giving out and dealing with the natting it is currently doing. I was able to get the tunnel up by building it in aggressive mode, but i am only seeing packets going outbound currently and none inbound. I cant ping the main office from this new remote site, but i can ping any device on the remote site from the main office. Could use some help thinking through this issue to see if I am missing anything.

Cisco TRex

Curious if anyone here has used Cisco TRex and has any constructive statements on how it compares to Ixia? I have never used TRex, but if I can install an open-source package on a UCS server for a tenth of the cost of Ixia and generate just as much traffic, that's a no-brainer...

OOB Console Server recommendations

I currently have a bunch of OpenGear 4216-34's for OOB management. Public IP on one side, and console ports to each device on the other.

​

I am looking to replace these as they are super slow and have been since installation. Anyone able to recommend an alternative?

Poor roaming behavior with iPhones on Meraki network

I’m a r/s engineer by trade so forgive me if I use the wrong terms

I have a small two floor office roughly in the shape of a square. There’s an ap in each corner on the first floor to provide wireless for both floors. What I’m seeing is if a user is in the northwest corner they associate fine, good signal and all is well. However if that user relocates the iPhone remains associated to that ap to the bitter end instead of roaming to a closer one. As far as I can tell it’s only iPhones (the most complaints at least)

Is there something on the iPhone or meraki I can look at? My wireless guy hasn’t come across much so I’m asking on his behalf (and mine too honestly because I get to hear the same complaints).

iPhones are running 12.4+ and I've tested 802.11r and as far as I can tell, there's been no improvement

Question on Cisco Etherchannel Load balancing

Is there a way to actually see that the load balancing is working. As in verifying that each link in an etherchannel is transfering the same amount of data?

Applications of Artificial Intelligence (AI) in the Food Industry

View full story here:
https://www.indiblogger.in/forum/topic.php?id=24585

Motorsport IT solutions, likely wireless

I am looking for suggestions on the most appropriate solutions to several IT problems that turn up in motorsport, likely solved with short/medium range wireless transmission. To be clear I am not looking at the problem of live telemetry from the race car, but instead all of the other data handling tasks among the team. Chief problem: Pit wall, garage and data truck tend to be physically separate areas where wired connections would either be too cumbersome to install temporarily or physically impossible. Present solutions of consumer grade WiFi performs poorly if at all, likely due to the interference from cars, other teams, broadcast, high voltages etc. The solution I have in mind involves directional antennae between the three locations, however I can only see solutions that are based on USB dongles and other pretty cludge solutions. What exists that would essentially take a wired router connection, fire it wirelessly through some directional antennas to another that it is configured to work with? How complicated or delicate is the setup? How weather sensitive would it be? We do have to put up with some pretty awful wind and rain.

Ideally you guys could poke some pertinent questions and we could work toward the best sounding solution.

Cisco Switch Stacking Principles

Hi everyone!

New to the subreddit, am hopeful a Cisco veteran out there can help.

So I'm working on a rather large 3-tier Cisco network for a client, and I've done a fair chunk of research into Cisco's current DNA licensing scheme thus far. We have about 80 x Catalyst 9300 access switches in total, and have designed to have 2 x 10G SFP+ uplinks for each switch (redundancy and all that). I was under the impression that with StackWise 480 architecture, stacking cables are required, and that it is possible to use only two uplinks per stack, and not two per switch. We would have gone for 2 x 25G SFP28 uplinks to the stack master and the next-in-line in this case, to accommodate the bandwidth required by the total number of ports in the stack. Thing is, we were told by a Cisco rep that it's not possible for, say, a stack of four switches to share uplinks to the distribution layer, even if the transceiver speed is high enough to accommodate the bandwidth required by the end-users for those switches, and that stacking just allows a single administrative interface for a number of switches. So we went with the point-to-point uplinks-per-switch design for our budget. Fine, I reckoned that trusting the Cisco guy was the best bet since the documentation is so convoluted and I'm a newbie.

The same Cisco rep told us that if we went with the DNA advantage licenses, it would be possible to stack the access switches virtually (no stacking cable required) with StackWise Virtual. This conflates with what I've come across in my own research - it sounds to me like StackWise Virtual is mainly meant for the distribution and core layers, and it's not possible to do with 9300s, even with the DNA Advantage licenses. Can someone either confirm or deny the advice from this Cisco dude? I'm beginning to think that either we're not communicating properly, or we're being taken for a ride.

Any advice would be appreciated!

802.11 Deauth_reason 13

Morning/Afternoon/Evening all,

​

Have been recently troubleshooting a sporadic issue, which only seems to happen to a small number of devices. There's no overall rhyme or reason, and one hardware/software combo will face the issue, but another of the same will not. Based on that, away to packet capture and user-debug logs I went. In the midst of that, I encountered the below (output filtered)

Sep 18 15:17:09 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 68 Sep 18 15:53:07 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 68 Sep 18 15:53:18 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 13 Sep 18 15:53:28 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 13 Sep 18 15:53:36 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 13 Sep 18 15:53:47 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 13 Sep 18 15:53:57 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 13 Sep 18 15:54:35 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 13 Sep 18 15:54:49 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 68 Sep 18 15:59:39 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 27 

At the risk of sounding like a blog post, I won't go into my next steps, but I've seemingly arrived at a problem for the specific AP, on the 5Ghz radio (from AP driver-logs).

However before I got to that point, I had attempted to understand what deauth_reason 13 actually means, and I'm afraid really I'm no closer. Code 68 in my vendor context is a roaming event, and 27 as per the 802.11 standard is "Disassociated because session terminated by SSP request".

All I have per deauth_reason 13 is, as per the standard, "Invalid element, i.e., an element defined in this standard for which the content does not meet the specifications in Clause 9". Clause 9 talks about the Frame format, so I could only surmise that something in the frame is incorrect (such as FCS, or frame size incorrect etc).

I suppose the question I'm really asking, is if you've come across this before with your own devices/user devices, and how you went around troubleshooting/debugging it. I was lucky because it was happening to my device which offered a lot more access than I would typically have..

Thanks for the read, sorry for the length!

How do your organizations do vulnerability management or security scanning?

Our security department is a relatively new addition to the company (as it's own entity) and with it comes a new director and a few new employees. I'm generally on-board with their goals and priorities, but the actual working relationship has been frustrating for everyone in my networking corner of the IT world. Specifically, we're dealing with a PCI audit and the patching / vulnerability mitigation that comes with it.

Currently, they use Tenable's Nessus, and we get a CSV dump of vulnerabilities by IP. We just finished an internal update project, so every single one of our devices has been upgraded to a Cisco starred release within the last 6 weeks. Still, we have a few hundred items that we have to manually review and (hopefully) prove are not applicable, or are mitigated via other means.

I don't really have any specific questions as the whole process is new and seems quite badly designed. I'm more interested in how you handle it and if you've discovered any helpful hints or tools that can make the process easier, both immediately, or over time. The few specific complaints I do have is that Nessus only reports via IP, so we get a lot of duplicate reports--one for most interfaces on each device. Additionally, we've been told that blacklisting only works for 90 days, and we've had to review many items repeatedly as they re-appear in our scan results.

I'm especially interested if any of you have automated tools for dealing with vulnerability verification or patching priority.

Thanks for whatever input you can give.

Replacing 4 x 10 Gbps with 1 x 100 Gbps - how do you split up into "virtual" links, and guarantee bandwidth?

I'm setting up some small VM test labs, running Proxmox (KVM) and Ceph in a 3-node HA configuration.

Currently, we're using SFP+ for our ToR switches, running 10Gbase-LR.

Each VM node has four SFP+ ports:

• 1 x 10Gbps for VM traffic
• 2 x 10Gbps (LACP) for Ceph traffic
• 1 x 10Gbps for Corosync (i.e. heartbeat for the HA).

I'm looking at upgrading the lab with new servers and switches to 100 Gbps (QSFP28) switches. Yaysies!

The ToR switches are likely to be either EdgeCore (running Cumulus) or Aristas.

However, the new servers we're using only offer a single 100 Gbps port...

Previously, we were splitting it across 4 x 10Gbps to avoid network contention etc.

If we put everything over a single 100 Gbps - is there some way we could divide up the 100 Gbps connection into say, three arbitrary "virtual" connections?

How would we do this?

And is there some QoS we could use (or similar feature) to guarantee bandwidth, even under saturation?

Writing to QNAP NAS is incredibly slow from 1 of 2 machines using it. Any ideas?

I just got a QNAP TS 453BT3 setup with 4 8TB Ironwolf drives in RAID 5 the other day. My desktop is currently connected via a standard Gigabit connection until I get my 10g card in. This PC writes and reads at maximum Gigabit speeds right now. Everything performs as expected on this machine and has been working well.

However, my second machine which is a 2019 XPS 15 laptop is writing incredibly slow and sometimes timing out over Thunderbolt connection. Most of the transfers start in the kbps and eventually drop to 0 before freezing in windows explorer. Interestingly, read speeds are very good and get up in the 400MBps range.

I have no idea where to start with these terrible write speeds and timeout issues. I have no idea why I'm unable to copy files to the NAS from the XPS. I don't see any permission limitations and am not getting any errors, just horrendous performance.

I'm brand new to NAS stuff so any suggestions for me would be super appreciated.

How do you all stay up to date? Trade mags, blogs, sites, RSS feeds, peer drinking/smoking groups?

I'm just wondering how all of you stay up to date with the vast array of networking fields in today's modern network.

What's your weekly "must read"?

Normenclature for Cloud Agnosticism

https://ift.tt/32PMioh

Juniper: Unable to delete and add "forwarding-options sampling family inet output flow-server..."?

Hi Guys.

Any one here experienced deleting and adding a new flow server, tried delete the current config but I',m having the below issue also in adding a new one. Thanks

​

Here's the configuration:

> show configuration forwarding-options sampling input { rate 100; run-length 0; } family inet { output { flow-server 11.5.4.4 { port 2055; version9 { template { ipv4-test; } } } flow-server 1.5.4.47 { port 2055; version9 { template { ipv4-test; } } } inline-jflow { source-address 10.28.255.1; } } } > show configuration | display set | match flow-server set forwarding-options sampling family inet output flow-server 11.5.4.4 port 2055 set forwarding-options sampling family inet output flow-server 11.5.4.4 version9 template ipv4-test set forwarding-options sampling family inet output flow-server 1.5.4.47 port 2055 set forwarding-options sampling family inet output flow-server 1.5.4.47 version9 template ipv4-test My Command: delete forwarding-options sampling family inet output flow-server 11.5.4.4 port 2055 delete forwarding-options sampling family inet output flow-server 11.5.4.4 version9 template ipv4-test set forwarding-options sampling family inet output flow-server 10.35.10.120 port 2055 set forwarding-options sampling family inet output flow-server 10.35.10.120 version9 template ipv4-test Applied Command: > configure Entering configuration mode The configuration has been changed but not committed [edit] # delete forwarding-options sampling family inet output flow-server 10.5.4.47 port 2055 warning: statement not found [edit] # delete forwarding-options sampling family inet output flow-server 10.5.4.47 version9 template ipv4-test warning: statement not found [edit] # set forwarding-options sampling family inet output flow-server 10.35.10.120 port 2055 [edit] # set forwarding-options sampling family inet output flow-server 10.35.10.120 version9 template ipv4-test [edit] # commit check [edit forwarding-options sampling family inet output flow-server 11.5.4.4] 'version9' Missing mandatory statement: 'template' [edit forwarding-options sampling family inet output] 'flow-server 11.5.4.4' Missing mandatory statement: 'port' error: configuration check-out failed: (missing mandatory statements) 

Any Idea how to remove and add? Thanks

Multicast Broadcasting

Hello Network guys!

I'm an audio-visual tech, looking for a way around our network having disabled multicast traffic. I need this to be enabled to use all the features of Zoom Rooms.

I have heard of a way that uses a 1 PC to "process the incoming network" and then that feeds a second PC, running Zoom.

As I'm sure you can tell, this is over my head. Ha. I'm an audio guy FFS!

Any help you can send my way or direct me to would be good.

Is there a network vendor (switches, routers, firewalls) who does true zero touch provisioning like Meraki?

No text found

Is Multi-cloud dead before arrival

This article assumes Multi-cloud is a fad because it doesnt offer much value:

https://medium.com/@kenhuiny/multi-cloud-is-mostly-a-waste-of-time-2d689b25d37f

1) Geography and Latency Requirements are all great now across the same cloud regions. 2) Mitigation Against Cloud Outages doesnt matter much. 3) Avoidance of Vendor Lock-in is a joke

Opinions and facts would both be appreciated.

Thanks

Recommended introductory book about computer networking?

I'm a total beginner, I looked a bit on "Computer networking - a Top-Down Approach", looks not bad, but still a little dry and somewhat intimidating, Do you know other recommended books for beginners?

hello is it possible to create a standard access list that covers 2 networks ?

hello i am practicing Nat for ccent and wanted to know if it was possible create a standard access list that covers 2 networks

i have two network 192,168.0.0/24 and 192.168.1.0/24 is it possible to put these in a 1 standard access list ?

or would i have to create a extended access list ?

Problem: Clients Not Getting DHCP

Hi all,

Pre-face: I am not a networking expert. I'm a sysadmin with a solid grounding in the essentials.

Description: I have a remote site which will not get their DHCP addresses in a timely fashion. It can take up to 30 minutes for the client machine to pull an address. I have a total of 30 remote sites, and this is the only location that I have this problem at. Additionally, it is only a portion of the building that has this problem. The building houses about 160 people and a similar number of devices. The problem is intermittent, but occurs most frequently after a user has transported their laptop to a different network. Problem persists after reboot. I have successfully replicated on my own laptop. I have 508 leases available for DHCP, and exceeding the available pool is not the issue.

Infrastructure involved: Windows server 2012R2 domain with an onsite RODC. Sonicwall TZ400 router, Three Netgear GS752P switches in single ring topology, Unifi AP-AC-Pro WAPs. Clients are a mix of different HP laptops with differing wireless NICs. (FYI, switches are being replaced with M4300 units in a 10G collapsed core RSPT setup. This is part of a planned upgrade and not a troubleshooting step for this problem.)

Steps I have taken: Bypassed the RODC and distributed DHCP through the router, sending the clients to central office for DNS/AD. Replaced the switch serving that area with known good hardware. Replaced the router with known good hardware. Replaced the WAPs (2) serving the area. Rebuilt the wireless network. Hard wiring the computers solves the problem, but there are very few ports available for doing so and as a practical matter is not acceptable for daily operations.

This seems to indicate a wireless problem, but after replacing the WAPs and reconfiguring the wifi, I have a hard time accepting that. The only thing I can think of is that the actual cables / patch panels serving the WAPs are the issue. But, thats why I'm asking for help! What do I not know that I don't know?

Thanks for your help!

Question on storm control Cisco switches

At my job, we are having issues with booting up and running about 170 pcs at once for an event we are hosting. These are not all on one switch, but split up between 8 access switches, so 20-25 a switch, all connected back to a core switch. These pcs are receiving images from a Citrix server. It's your typical battle where sysadmins are blaming the network admins and vise versa.

We are investigating the network portion and looking at our access level switches. We do not actually manage these switches (different network managed by different team) but we do have access. Upon investigating, we noticed that storm control is set on each interface with upper and lower thresholds set at 5%.

5% seems extremely low in my opinion. Does anyone else think this could be causing an issue with boot times. Not only boot times, but once the pcs do boot and we are logged in, a lot of them are just freezing up and giving no interaction. I would think at this point, the broadcast storm would be done, but am I wrong?

CCIE DC exam (Written/LAB) ?

Hi, Anyone here working for their CCIE DC written or lab exam? Maybe you could answer the below question of mine? Thanks

1. Did you build you own lab or rent a lab? If building your own lab, what would be the min. pc hardware requirement in order to build a lab for DC?
2. What simulator did you use (GNS3 or EVE) and where did you get your image?
3. I f you passed the IE written dc exam u'll earn "Implementing and Operating Cisco Data Center Core" which is qualifying exam of DC lab right and this core is valid for 3yrs..so u can take the lab anytime right?

Thank you

Getting an public IPv6 subnet for home-use (EU/Ger)

Hi everyone,

i'm wondering if there is a simple (and free) way to get a public ipv6 subnet for home-lab use. I want to try some things and since ipv4 addresses are becoming rare (and expensive), I would like to do this directly with v6 as well.

My two ISP for my home connection are using ipv4 for my adresses and i don't want to change this (due to bad experiences with my provider and ipv6) and i want a provider independend solution for it.

So i was thinking about if there is a way that i can tunnel a v6 network to my home firewall and use this adresses. I know that there is a solution like this with and american ISP but i don't want to tunnel my traffic to america and back.

Do you know a solution for it?

I was googling about it but i always got redirected to ripe and i don't want to pay for it.

Best practices to lock down a network

Hi!

We have a small NOC team of 10. Each connects to the NOC network VLAN via WiFi or Ethernet. Currently, there is not much security in regards to what devices can plug into the ethernet ports or connect to the Wifi (as long as they have the password). Each NOC engineer needs a static IP address so that they can RDP to their machine from outside the network via a VPN.

​

Is there anything I can do to implement more security? Would Active Directory allow us to lock down what users can connect to what WiFi? Is there anything I can configure on our cisco switches which can detect a user profile/MAC address and put them into a certain VLAN?

​

Keen to find out!

Same VLAN on two Trunk ports

I have a pair of stacked Huawei S6720 switches. Can I add the same VLAN(s) to two link aggregation groups (EthTrunks)? i.o.w. eth-trunk 1 contains vlans 101-104 and eth-trunk 2 also contains vlans 101-104.

Router manufacturer with syslog & performance monitoring?

Hello everyone. I'm in need of 1000x routers that are completely manageable. 2x WAN ports, 1x LAN. I need to be able to verify what's connected/enabled, ping, bandwidth, connection type, I will also need syslog synchronization for remote log capture/storage and analyzing (pretty interface a bonus). Would be great if there was VPN as well. These devices will be connected at various sites, to various providers modem/devices. Same concept as AT&T and their passthrough solution. I want to be able to see how these various end points are performing against the ISP/local infrastructure. Is there someone that provides this or someone who makes and configures to specification? Thanks!

Edit: is wifi too much to ask for as well?

Angled Patch Panels?

I just learned that angled 110 degree patch panels exist. They look pretty cool and very data center-esque, but what are the primary reasons to use them over a traditional flat patch panels?

Hello fellow bpdu's! Tftpd / windows question

Tftpd32 running on a windows box. Tftp works fine from network devices. Syslog seems to be working, the packet shows up in wireshark "config saved by user bla bla" but tftpd is not showing it in the viewer or the little syslog text document. Is this a bug?

EDIT: Fixed it - restarted the tftpd service and it is now logging. For those of you that will say I should have tried that first... Yes.

Fortigate web filtering issues?

Anyone has having issues with their Foritgate contacting the Fortinet servers today?

If I ping 'service.fortiguard.net' I get very eratic responses. Pretty much most of the IP's seem unresponsible. This has caused one of my units to report webfiltering as being unavailable.

I've got around this by finding an IP which is responding and manually using that one instead.

I've raised a ticket with Fortinet but though I would check here too.

thanks

Batfish A Network Configuration Analysis Tool

Our company just signed up for POC on Batfish. So just having heads up if my Reddit Networking community has any experience with it? It would be great help.

Thanks a lot in advance.

Azure ExpressRoute Feedback Needed

Hi Reddit , I have a customer that currently has a primary of 500/500 Mbps connection and a failover 250/250 Mbps from another provider connection at their premises.They use the circuits for basic internet breakout/hosted mail , branch connectivity and ssl dial-in vpn at present.Each circuit has a couple of provider supplied public IP's that terminate into a NGFW at present and they use SD-WAN functionality on the firewall to connect to a couple of their branch offices.

​

They are in the process of moving a majority of their internal apps to Azure and the developers have urged them to upgrade their primary 500/500 link to an Azure ExpressRoute to ensure consistent app time response.

​

For whatever reason it's been really hard to get a straight answer either from the devs and ISP on some things . From what I can tell the ExpressRoute sort of acts like a private MPLS style link that they migrated away from a couple years ago , ie a fully private style link with no public routable addresses.

​

Questions

​

1. Will the public IP addresses that were assigned to the primary 500/500 circuit fall away or become unusable if upgraded to ExpressRoute ? Though the dial in ssl vpn will become less used when apps are migrated to Azure they would still need access to some remote internal apps.
2. From the documentation I've read I can push a 0.0.0.0 through the ExpressRoute for internet breakout via BGP. Are there any cons to doing this ?

​

​

Have researched as much as I can . Sorry if I missed something basic in the docs.

Problem: High Latency on Network

Network novice here, so please bear with me.

Our main site has been experiencing high latency to our off-site datacentre for the last 2 days. The set up is a VLAN provided by a local network service, a third-party providing datacentre hosting for our VServers and Terminal Servers, and in house we have a print server, backup server, as well as our M370 Firewall.

The ping we've been experiencing is around the 30ms mark. Not disastrous by any means but due to our outdated Terminal Servers users are constantly hanging, apps timing out, etc. I've spent a bunch of time trying to diagnose the issue, 8.8.8.8 pings at around 15ms. Our datacentre says it's not them, our VLAN provider says it's not them. I don't think it's us, the firewall was rebooted last night. Internal servers pinging under 1ms. I'm stuck in a position of everyone blaming everyone else.

Any help here would be massively appreciated.

CCIE

Well, I know this is a long shot, but worth the try.

Does anyone know if there are any resources out there that are to willing to financially sponsor for a CCIE RS LAB training, or sponsor the fee for the CCIE LAB exam? I currently passed the CCIE written, and want to do the LAB before 02/20/20, however, I don’t have the funds to pay for the training and the exam itself. My job won’t sponsor it, and I don’t see how I’d be able to afford this exam. Hopefully I can get some help from this group. Thank you.

I am currently a Sr. WAN Network Engineer, located in the east coast.

Problem: IGMP Snooping On REP Segment

Background: Resilient Ethernet Protocol (REP) on Cisco IE5000 switches with IGMP snooping enabled on all switches in segment. When a fault is introduced into the REP segment, multicast traffic is interrupted for a period of approximately 4 seconds. I have narrowed it down to the IGMP snooping that is causing the disruption, learning/rebuilding etc. This is layer 2 multicast traffic. Two queriers exist on the REP segment as it stands, however, I have tried a few combinations of queriers.

Unicast traffic is only disrupted for a period of approximately 50ms.

If IGMP is disabled ring wide, no multicast interruption experienced.

Efforts: Attempted to play with IGMP timers to no avail.

Questions: Is it good practice to have IGMP enabled on a REP segment? Is there a way to improve multicasts convergence speed over a REP segment.

Any tweaks I should make to my 12 month plan?

Computer information systems major graduating with my bachelors in 18 months.

Disclaimer: I am 30 years old making a career change into IT/Networking/Security.

Ideal career field would be security but I know I will need to work my way to that.

Here is my plan:

1. In the process of applying for internships for Spring of 2020. This internship will account for 3 credits towards my major.

2. Currently studying for my Network + certification with any free time that I have once I have finished my studying/homework. Plan to test in December.

3. Once I complete my spring 2020 internship I would like to look for a summer 2020 internship that is a step up from my entry level spring 2020 internship.

4. During that summer 2020 internship study and take my security +

Anything that you guys see here that doesn’t look right or something else you recommend me doing.

I am looking to put myself in the best position possible to secure a well paying job once I graduate.

Any feedback would be greatly appreciated

Auding Network Management.

Hi All,

I'm going to audit our network management in the last quarter of 2019. May I just ask what are the basics that I need to learn since this is really the technical side of our organization so that I will be able to add value in our organization. Thanks to all. I will appreciate it if you can give me some reference/title of e-books, but just the basic so that I can study in advance. Thank you so much again

What would be my new job title?

I will be joining a company that has 200+ gas stations as a first full time IT person to look after all the IT infrastructure.

Station level tech: basic setup with firewall, switches, CCTV, phones etc with some port forwarding rules

Main office: Windows server, AD, ~50 user, phones etc necessary stuff. Monitoring a unique dispatching software, change the existing company website to a dynamic website which responds to user input.

My background: IT consultant/tech support. I have pretty much good idea about networking and windows server. Bachelor in Computer Science with knowledge of C++, Java, HTML, CSS, JavaScript, php, sql, Linux.

Rant Wednesday!

It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related.

There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves!

Cisco ACS - Failure to add a secondary ACS

Rebuilding the secondary ACS (5.8).

I do have reachability between the two.

Error I'm getting - "This System Failure occurred: Connection timed out Unable to register node. Possible cause of this exception is an invalid hostname or invalid ip address has been entered.. Your changes have not been saved."

Both systems are running on the same hotfix. Not sure what else could it be at this point.

Any thoughts?

Cisco announcement of IPv6 Vulnerability

This came from Cisco but they say it's an IPv6 vulnerability, not a Cisco-specific vulnerability. No workarounds or patches yet.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6

"A vulnerability in the IP Version 6 (IPv6) packet processing functions of multiple Cisco products could allow an unauthenticated, remote attacker to cause an affected device to stop processing IPv6 traffic, leading to a denial of service (DoS) condition on the device.

The vulnerability is due to insufficient processing logic for crafted IPv6 packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 Neighbor Discovery (ND) packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to stop processing IPv6 traffic, leading to a DoS condition on the device".

I love my job - BUT

I am at the tail end of a datacenter move after my company got bought out, and I'm having to dig down deep to find the motivation to come in everyday. Ever been there? Doing it all myself, working in a vacuum is exhausting. Especially since nobody understands what we're up against. That and the "why don't you do it this way" theories make me want to start drinking at 10am. I just wanna go play Apex Legends for a month straight. =D

Just thought I'd say that.

SynAckz

Juniper vqfx Q-in-Q

Hi

I am trying to setup Q-in-Q in a lab. The below command doesn't work on the vqfx version 15.1X53-D63.9 and 18.1R1.9 limited

"set ethernet-switching-options dot1q-tunneling ether-type 0x8100"

Has anyone come across this issue and is there a work around.

Thanks in advance

Emergency Situation, Need assistance/expertise relating to ACI please

I have a Change Management Request that was dumped into my lap with 3 hours before go alive. I am not great with ACI and am still learning. We are having connectivity related issues in our leaf profile object associated interface, where we have Server's with multiple IP's and we tried setting them as access port's and a trunk and I am still unable to ping.

Stubby, NSSA, Totally stubby, Totally NSSA

Im studying for ccnp and have built a home lab of sorts using this topology. https://imgur.com/a/6BDq4Dn

I am trying to shortern the routing table but cant wrap my head around the 4 types of stubby areas. I've tried making r4 and r3 the stub routers but thats not working.

Any help?

Lansweeper VS ?

I am looking at Lansweeper to gather ports availability, model. location etc. This tool offers alot however don't need all the feature. there must be a free one that I can use to discover a network. Do you guys have suggestions on software

PXE Problem

I have a problem where an IT staff who can't get his PXE boot working. He's blaming the network. I connected a working laptop (with an OS) to the same port he was using on the access switch, which gets a DHCP address & can do whatever. It can also ping the PXE server, which is on another SVI off the distribution switch. So there's no reachability issue to the DHCP server or PXE server. However, I get the IT staff to plug his laptop into the same port and I do an embedded packet capure on that port to see what's going on in a pcap. The only traffic being sent is DHCPDISCOVER's from that source laptop to the broadcast address. It never gets a DHCP offer. I've got my helper address configured correctly (as a normal laptop on that same vlan, as described earlier, get's an IP address), so I am just completely baffled as to why when they PXE boot a PC it can't even get a DHCP offer?? Any suggestions?

External and Internal Service Access

Hi all,

Got a service running on a mac mini, FileMaker to be precise.

FileMaker utilises the ports 80, 443, 5003. These ports are forwarded in our router, a Netgear BR500.

​

If you access our static external IP from outside our network, you get the FileMaker web page. Which is correct.

However if you access the same IP but whilst on our network, you get the login page for the router.

​

Any ideas as to what I need to set up or change to enable people on the internal network to access the service using the external IP.

As far as I'm aware, the router supports NAT loopback, although there are no settings in the web gui to change.

​

For the purposes of this question, lets assume the following IP addresses;

Mac Mini FileMaker Server - 192.168.10.100 - Ports 80, 443, 5003

External IP - 80.80.80.80

​

Any help would be greatly appreciated.

new network design / port channels

http://prntscr.com/p79tl6

In above picture i've made a drawing of how people want to attach some new switches with the most redundancy they can get.

The two core switches are already in place at a customers site. We want to attach some new hypervisor/hardware with some new mellanox switches (SW1,2,3,4) over multiple locations.

Core1 and Core2 are already in place. What is the best way to attach SW1,2,3,4 for the most redundancy? There is some fiber between the two locations.

I hope i can get some advice :)

fortiswitch zabbix template

Hi!

I'm testing a fortiswitch 448D and i use zabbix to monitoring the network devices, but i not found templates to fortiswitch switches.

Have somebody already did it?

Thanks

Add node to Checkpoint FW

Hi there,

Checkpoint newbie here: I tried to add a new node to our Checkpoint. Actually, I managed that. I added the node and added it to the required groups. But somehow the Checkpoint does not apply the right rules for this node.

Still the clean up rule at the very bottom dropps all traffic from the new node even though other forwarding rules should have caught it.

Any ideas what I missed?

Huawei & Tacacs

Anyone got a Huawei and tacacs authorization working properly?

I have it all setup and can log in, but but I'm only logged in with priv level 1 despite setting the authorization to 15 in aaa config

​

authorization-cmd 15 hwtacacs local

​

complete AAA config is below

​

hwtacacs-server template telnetusers

hwtacacs-server authentication x.x.x.x

hwtacacs-server authorization x.x.x.x

hwtacacs-server accounting x.x.x.x

hwtacacs-server shared-key cipher xxxxxxxxx

!

aaa

authentication-scheme tacacs+

authentication-mode hwtacacs local

ssh authentication-type default password

!

aaa

authorization-scheme tacacs+

authorization-mode hwtacacs local

authorization-cmd 15 hwtacacs local

!

aaa

accounting-scheme tacacs+

accounting-mode hwtacacs

recording-scheme tacacs+

recording-mode hwtacacs tacacs+

cmd recording-scheme tacacs+

aaa

domain tacacs+ admin

authentication-scheme tacacs+

authorization-scheme tacacs+

hwtacacs-server telnetusers

What are the different data formats in each layer of TCP/IP protocol suite?

Hi,

​

I'm doing some research on network programming. And I'm interested to know, what data formats (like bits, bytes, strings etc) are used in each layer of the TCP/IP protocol suite?

​

Thanks in advanced

Can't connect to 5Ghz wifi

I'm trying to get my laptop to connect to 5ghz network, but it refuses to connect to it. I know my laptop wifi adaptor has the ability to connect to it since its ''Intel dual band Wireless-AC 8265''. Could it be a problem with my router setting or the computer itself? I don't have a phone which supports 5ghz connection so i have no way to know.

Multi DC network technologies

Hello everyone,

Looking for some practical advice where to look. We have need for multi DC design and ofcourse we need capability of failovering between DCs. We did vlan stretching between locations since it was "only way we knew how to do it". Or for example we are using ASAs in failover, and failover stretches between 2 DCs. Whenever I talk with someone, turns out this is "accident waiting to happen". I believe there should be some better way to do it. Asked Cisco partner for assistance, "to sell me someting" :) however they had Cisco ACI to sell in this quarter, so nothing good from them. And Cisco is full of "sales-marketing" information, nice videos but no concrete info. Would love to get at least some "technology name" to look into.

PBR on MikroTik - issues with inter-VLAN routing

Hi.

I (client, actually) have some simple infrastructure: two WAN interfaces (10/1 DSL and LTE) and few VLANs. MT does routing for those VLANs. The device in question is hAP and runs 6.45.5 firmware.

GOAL

To push all the traffic OUT of LTE, while leave DSL as backup (as since only this connection has public IP, it's used for VPN/RDS, etc).

So I followed this guide:

https://wiki.mikrotik.com/wiki/Policy_Base_Routing

Did the following:

• Created Address List (LAN), containing all the VLAN subnets.

• Created Mangle rule (prerouting/Src Address List: LAN/Action: mark routing/passthrough on/new routing mark: LTE)

• created two static routes with the same distance (one has the LTE routing mark set)

• finally created two NAT masquerade rules for LAN address list: one for DSL and the other one for LTE.

Current Outcome

No routing between VLANs. I presume it's because mangle affects prerouting chain? I tried creating copies of the routes for connected networks (this time with LTE mark - didn't work). When I do the traceroute, I see the client computer first hits its' default gateway and then goes straight for LTE interface...

As a workaround I made some changes in Mangle route: aside from Address List, I specified TCP protocol and ports like 25/80/443/465/587/8080. Works, but it's not ideal.

Any idea why router behaves like this?

Working in a literal rat’s nest

TL,DR: I’ve been in IT for 3 years and it’s hard to know if the company I currently work for is moving in the right direction. 6 months ago I was the only person in the department, today I’m supposed to be working part time from home, but am actually working nights upgrading the network. Just had my first kid. Should I be moving on?

It was 10:39 when I started this post and now it’s 11:22. I’m drinking a beer after doing an after hours upgrade. I guess I just want to rant a little.

I’m not a network engineer, I honestly have no idea what I’m doing. We’re going to Meraki (at a consultants recommendation) from mostly Cisco asa 5505s and catalyst 3750s in all of our sites (14) because, well, we don’t have a network engineer. Just me. I’ve learned a lot over the last year, because I had to. An Asa would crash and I’d...figure out how to put in a new one. The meraki stuff is easy but I still had to learn what a vlan was because I had a mitel controller and a 2003 server doing dhcp on the same network.

I just passed 3 years in IT, and I’ve been at my current company for 1 1/2. For 2 months I was the whole IT department. We’ve got a real department now, manager/sr. Admin, 3 helpdesk people, and a second Jr. admin in addition to me. So things appear to be moving in the right direction, although the (non-IT) manager I followed from my previous job was just fired with no warning.

I’m sympathetic to the previous IT guys. The previous mandate was obviously “spend as little as possible” and we were purchased by a big time investment company shortly after I was hired which was the reason for everyone else being let go.

But these friggin network closets, man. We’ve got one with no patch panel, just wires hanging out of the ceiling. One normal sized guy can barely fit in the room. I cleaned an awful lot of mouse shit out of that one the first time I was in there. A bunch with no racks. When I first got hired I found at least one switch just sitting on its side on the floor, everything plugged into it. One location we purchased that I had to turn over while the only member of my department is behind a sliding door in someone’s office (think your moms closet in the 90s.) That one still has a rack full of another company’s equipment because...reasons?

Tonight’s takes the cake. My shiny new meraki stuff is on a shelf that is 5 inches too short about an inch from the ceiling. You have to go outside to access it. There’s no air conditioning, and it’s gotten up over 100 for at least a few days in the summer every year I’ve lived here. The wall is covered in old telephone lines, patch panels added seemingly at random, some lines hanging right out of the ceiling and not even terminated to a panel. Before we started tonight we tossed a dead rat out of a trap.

I want to believe we’re moving in the right direction. We went from one person (me) to 6 in 9 months. The Sr. Admin is tough to work with right now, but he knows his stuff and I know it’s because he is overwhelmed by the environment and hasn’t been a manager before. But I also have said, again and again for a year “why are we putting $10,000 worth of equipment in this facility where a rat is going to chew through a cable?”

Am I the crazy one? Were they right to fire my boss because she must not have been bringing these concerns to the rest of upper management? (I genuinely believe she was, although an inexperienced IT guy communicating to a non IT person may have led to loss of urgency.) Am I wrong to think this company is moving in the right direction when even with a new, seasoned manager they still show no interest in addressing these concerns?

I just had my first kid, and while my partner was pregnant I applied and was offered two radically different jobs. One was as an admin at a non profit that sounded like it wouldve been a lot like where I work now, although with the mental benefit of being for an organization whose mission I believe in. The other was a part time helpdesk job for a government organization where I would’ve taken a major pay cut in exchange for a team of people who had been in IT for 10+ years. I was convinced by the new manager and the C-level boss I followed to stay, and wound up stepping down to part time from home work. As soon as I was back from leave, I was put on this after hours network upgrade project for the 9 remaining sites, and the boss I followed was fired.

Did I fuck up by not taking those jobs? Should I be applying again? (I updated my resume and LinkedIn and have already applied to the first attractive job i saw on indeed in a fit of passion.) is this just what it’s like? Do I have a sweet deal working mostly part time, mostly from home that I should ride? All of the above? I was so happy to move into IT and get out of retail a few years ago, and I want to make this my career, but I’m truly exhausted.

Consultants want to push Cisco Meraki switches/routers on us

I work for a company and mainly a Cisco shop using a mix of 2960S, X, 3560C, 3650, 3850, and 4500x switches with a lot of Gen 2 ISRs. Our IT budget has been fairly small for the size of the org and management has mainly cheaped out on us. They’ve recently hired a consultant who is starting to push Cisco Meraki at us. We use them for wireless but that’s all right now. I have about 6 years of Cisco CLI experience and I have never had a problem with Cisco other than the usual software bugs and licensing but I’ve heard very mixed reviews about their Meraki line of network switches/routers. I was hoping to upgrade all of our access layer to 9200s and out distro/core to 9500s. The idea with the meraki push was to ease up the burden of maintaining network device firmware patching. From experience, the only time I’ve patched firmware on devices was to fix bugs or get newer/more secure features within the firmware. How should I react to this? Any counter arguments to why Cisco Meraki isn’t or is a better way to go? For instance, licensing is expensive with Meraki from what I know. With Catalyst platform, I wouldn’t be subject to licensing (we use mainly IP base/LAN base on all of our access layer stuff).

Cisco DevNet Certification Plans

For those looking to get one of the new DevNet Certs, are you planning on doing the Associate level first or going straight for Professional level now that the prereq is gone. Thoughts/Reasons on your decision.

Ruckus SmartZone vlan pooling or large vlan for Airplay/bonjour

I am setting up Ruckus Smartzone and R720 AP's to replace a Cisco wireless system. I currently am using 1 SSID and use a radius attribute to apply a vlan pool and traffic policy on the controller. I have different vlan pools each with several /24 vlans in them configured for staff and student as well as BYOD. I will have AppleTVs on the system on their own SSID and in a single vlan. I used pooling to limit broadcast traffic but I think I will have issues with the Ruckus bonjour gateway if the clients are in a vlan pool (it looks like the gateway policy needs to be configured to forward bonjour traffic from one vlan to another and not to a pool). Currently our BYOD DHCP scope has 4,800 leases handed out in the last 24 hours so if I go single subnet it needs to be fairly large.

Would I be better off to create some /20 or even /19 subnets and not use the ruckus pooling?

Anyone run into issues using large subnets for BYOD wireless?

Wanna learn TCP/IP? Start with the greatest visualization ever.

"Apple Talk packets... they're going against traffic, as usual"

​

Had to share. Old, but never seen it myself. Found it quite funny. It's also very accurate and full of great beginner information.

​

https://www.youtube.com/watch?v=HOaIqQAeaik

Humble Books Bundle: Network & Security Certification 2.0 (MCSA, CCENT, CCNA, CompTIA A+ / Security + / Network+, AWS Certified Advanced Networking and more)

https://www.humblebundle.com/books/network-security-certification-2-books

Tier 1 ($1 or more):

• MCSA Windows Server 2016 Study Guide: Exam 70-741
• MCSA Windows Server 2016 Study Guide: Exam 70-742
• MCSA Windows Server 2016 Practice Tests: Exam 70-740, Exam 70-741, Exam 70-742, and Exam 70-743
• CCENT ICND1 Study Guide: Exam 100-105 (Third Edition)

Tier 2 ($8 or more):

• CompTIA A+ Complete Review Guide: Exam Core 1 220-1001 and Exam Core 2 220-1002 (Fourth Edition)
• CompTIA Security+ Review Guide: Exam SY0-501
• CompTIA Network+ Review Guide: Exam N10-007 (Fourth Edition)
• MCSA Windows Server 2016 Study Guide: Exam 70-740

Tier 3 ($15 or more):

• CCNA Routing and Switching Complete Study Guide: Exam 100-105, Exam 200-105, Exam 200-125 (Second Edition)
• AWS Certified SysOps Administrator Official Study Guide: Associate Exam
• AWS Certified Advanced Networking Official Study Guide: Specialty Exam
• Official Google Cloud Certified Associate Cloud Engineer Study Guide
• OCP: Oracle Certified Professional Java SE 8 Programmer II Study Guide: Exam 1Z0-809
• OCA: Oracle Certified Associate Java SE 8 Programmer I Study Guide: Exam 1Z0-808
• CompTIA CySA+ Study Guide: Exam CS0-001

Attention: The CCNA gets an overhaul. The last day to test under the current certification program is February 23, 2020.