All,
I'm in need of some input. The short version is I need to cover a wind farm site with a wireless network capable of fast uploads. There are multiple mobile devices that need to connect to this network and upload large amounts of data. Sites are up to 11 miles across. Is there a cost-effective solution for this? I was looking at 900MHz but it looks like it's going to be too slow and a pain to obtain compatible hardware.
I am reading about IP's to improve my AWS knowledge and came across this on reddit:
Now, let's say your IP is 8.8.8.8
. I type it into my browser and press enter. What happens is my browser generates a generic web request for 8.8.8.8
on port 80. Unless you're running a web server like apache and have configured port forewarding, your router won't respond, because it isn't listening for incoming packets on port 80 (or any port). This is good, because it means there is no way for outside users to even talk to your computer or flood it with packets.
Yet still, all around the globe computers of people that don't even know what a router IS get remotely controlled. Did all of them open port 80? Must it be port 80 given that's what the browser will look for, or you can work some tricks to connect any type of port as long as it's open?
Mind you I understand how a computer can become infected with malware that deletes your files. I don't understand how a hacker may "open" a computer for requests from the web.
Howdy Folks,
I got a /29 from my ISP and have had it running stable for a few months. What interesting and educational routing projects can I do with this block?
I'm open to many ideas. FWIW I have a large home lab (on prem email, web services, corporate domain etc).
At the moment, I just push guest WiFi over a different address to my "core" network. That leaves 3 usable addresses free.
Now I'm on a network supporting ipv4 and ipv6. But I need to configure the network route manually to choose ipv4 or ipv6 network. Are there any smart methods to choose ipv4 or ipv6 route dynamically?
So we have 2 houses on our farm. The first house has the internet/router from the ISP. I've run a.. like 300ft ethernet wire over to house 2. Which goes to a switch then ethernet to each room in house 2, with a wireless router attached, it has its DHCP setting turned off. So everything gets its 192.* IP from the ISP router in house 1.
What I would like to do is have house 2 on its own network but still able to get the internet from house 1. Access from either house to either house isn't necessary but I guess would be ok.
The problem we are having is all of our Google home and smart devices between houses are getting intertwined on the same network so it now makes sense to seperate them if possible.
Thanks!
Hello People, i am new here.
i am studying with the junOS system , 14.1
i am trying to do the following:
i will like to set up a routing option , static , with the ip 0.0.0.0 , Reject
(set routing-options static route 0.0.0.0 reject)
already tried with /0 or /32
when i create such option, i commit and when i run the ping , i do NOT get any response , no ICMP message of ''destination unreachable''
any advice?? im stomped
If you have a Nexus 7004/7010 there is a good chance it has an air filter installed. After approx 5-8 years of operation these filters will become clogged with dust and start to overheat the chassis. I'd highly recommend performing the cleaning guide found [1]
To figure out if you do have a filter run the command
7k# show env | grep ig filter Fan Air Filter : Present HTH!
It’s gotten to the point for me now that there’s only so much networking stuff I can read to further my knowledge. Now it just feels like my brain is mush and I think I need to pursue a new subject just to keep my mind fresh and engaged.
One of things I’ve started looking at pursuing in my spare time is psychology, as I’ve always been interested in understanding different personalities.
What sort of subjects do you follow outside of networking?
You know that feeling you get when you know you're forgetting something but you can't remember what? That's kinda how I'm feeling building a 100Gb core.
Is it really as simple as buying this stuff and plugging them in? Or are there some gotchas that I am totally unaware of?
I'm upgrading my core from some old Cisco 3750G boxes and it just seems remarkably (and suspiciously) easy to increase the speed by a factor of 100!
Hey there,
Recently set up a new server. This server provides primary DNS. For the most part, everything is working fine. Networking is up, traffic is flowing, DNS is answering queries, etc.
One major issue I just discovered is a complete lack of network connectivity to one of Google's CIDRs
If I run a dig @8.8.8.8 mydomain.com (to test google's DNS resolution of any of my domains), it works 75% of the time, but 25% of the time it returns no results.
I've figured out that one specific Google owned CIDR (74.125.0.0/16) CAN connect to my server, but my server CANNOT connect to any IP in that CIDR. I have watched network traffic via tcpdump, and I see the DNS queries come in from 74.125.0.0/16, but no reply is sent.
The first thing I checked was both Iptables and hosts.deny, but these are not what is blocking the traffic. To test, I temporarily cleared the rules from both the firewall and hosts.deny and the 'no route to host' issue still exists.
I don't think this is a DNS service (or setup) issue because I cannot even ping or traceroute these 74.125.0.0/16 IPs. I can ping and traceroute these same Google IPs successfully from other servers on other networks though!
So my major question (plea for help) is, What am I missing?? What else could possibly prevent connectivity to this Google CIDR?
My last thoughts are maybe the hosting company has a firewall that is blocking, but considering this IP space is Google DNS, I doubt it.
For the life of me, I can't figure out what else might be preventing connectivity ...
(Full setup below) I'm troubleshooting my network and seeing a weird issue. Im using a couple UAP-AC-LITE APs and have the SSIDs separated into 2G and 5G. Both bands are using the same encryption and passwords. When I'm on the APs 5G band, after 7-10 minutes some apps are very slow to open (Ring, Score, Xfinity to name a few). The problem doesn't occur on the 2G band. I turned the modems 5G band back on, and no issues. Also, everything works completely fine on cell signal.
Typically, I connect to the 5Ghz band and everything works great, all apps opening quickly. After about 7-10 minutes, the indicated apps open VERY slowly (~1 min and more).
I tried removing the switches from the network and still have the same problem. Interestingly, when I have the switch connected, my problem occurs quicker. The apps are slow to open after 5 min.
Has anyone run into this issue before? Is there something supported on the 5ghz band that isn't on the 2ghz band? Am I missing a setting my modem that is interfering with the 5ghz band?
Setup: SBG6782 modem/router combo (running in bridged mode with radio signals off and wireless disabled as to not interfere with AP signals) TL-SG1005P POE Switch to UAP-AC-LITE AP TL-SG108 Switch to another UAP-AC-LITE AP All modem and AP firmware are up to date
Hi All,
I would like to know what would be the recommend speed between nodes(Not access devices).
Example - Speed between Core Router and Layer 3 switch?
multiprocessing.pool.RemoteTraceback:
"""
Traceback (most recent call last):
File "C:\Users\faziz\miniconda3\lib\multiprocessing\pool.py", line 121, in worker
result = (True, func(*args, **kwds))
File "C:\Users\faziz\miniconda3\lib\multiprocessing\pool.py", line 44, in mapstar
return list(map(*args))
File "C:\Users\faziz\Downloads\Portable Python-3.7.4 x64\Arubanetmikoparaller4.py", line 54, in Get
output = net_connect.send_command("show stats global")
File "C:\Users\faziz\miniconda3\lib\site-packages\netmiko\base_connection.py", line 1337, in send_command
search_pattern
OSError: Search pattern never detected in send_command_expect: 34FCB9C235CA:5309:53909\#
"""
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "<input>", line 1, in <module>
File "C:\Users\faziz\AppData\Local\JetBrains\PyCharm Community Edition 2019.2.3\helpers\pydev\_pydev_bundle\pydev_umd.py", line 197, in runfile
pydev_imports.execfile(filename, global_vars, local_vars) # execute the script
File "C:\Users\faziz\AppData\Local\JetBrains\PyCharm Community Edition 2019.2.3\helpers\pydev\_pydev_imps\_pydev_execfile.py", line 18, in execfile
exec(compile(contents+"\n", file, 'exec'), glob, loc)
File "C:/Users/faziz/Downloads/Portable Python-3.7.4 x64/Arubanetmikoparaller4.py", line 246, in <module>
results=mypool(hostips)
File "C:/Users/faziz/Downloads/Portable Python-3.7.4 x64/Arubanetmikoparaller4.py", line 226, in mypool
result = p.map(Get, hostips)
File "C:\Users\faziz\miniconda3\lib\multiprocessing\pool.py", line 268, in map
return self._map_async(func, iterable, mapstar, chunksize).get()
File "C:\Users\faziz\miniconda3\lib\multiprocessing\pool.py", line 657, in get
raise self._value
OSError: Search pattern never detected in send_command_expect: 34FCB9C235CA:5309:53909\#
net monitor for employee software how can i allow this to remote or access the client computer on different area?
we have 2 sites and we're using VPN to connect to each site, when i'm in main site i can't access the second branch but i can ping them but not with the use of net monitor. seems like the firewall won't allow me to remote or access client computer without turning it off, i already try to allow the port of net monitor on firewall but still no luck i think i'm missing something.
anyone can help i don't want to turn off my firewall just to monitor their activities.
ps. if i disable the firewall i can see their activities but when it's turn on i can't.
I’m setting up some cameras for my home but I don’t have all the equipment just yet. Right now I have a Ip cam connected to a Poe switch. The poe switch is connected to a stand alone router with no internet access. Ive connected my phone to the stand alone router but when I try to login to my cameras ip, it just times out and never loads. Right now I would like to just be able to view the camera from its default ip using just a smartphone. Is this possible? All the guides I can find are saying that you have to change the ip on your pc first before you can even log into the camera. Does this mean you cannot use a smartphone to log directly into the ip camera? (as you cannot change the ip on a smartphone like you can on a pc) hope this makes sense, any help is appreciated as I’m fairly new to networking.
Hello
I have 2 DC connected through an ISP QinQ to a Cat3850-12XS and a Cat9500-16X-A.
Obvisouly i need layer2 continuity between those 2 DCs so i simply tag all my VLAN into the ISP QinQ.
The problem is, i'm connected to the QinQ via 1 10G fiber and there is a backup but that is not connected. In case of failure i have to manually plug it.
So i would to connect both link but obviously if i do that, STP will block one of them.
I'm trying to evolve this design, maybe by using VXLAN or other Overlay technology, but i'm not sure that's possible on Catalyst series.
Can you give me your advice?
Hello, this may be an easy question for many people. We have an enterasys s series 10gbps interface connected to another enterasys switch (both with 10gbps single mode transceivers). These are connected via a 3km single mode fibre stretch. Both interfaces are up and it’s just a layer 2 link. Anyway, the server team have been complaining that their backups which exclusively go over this link have a low throughout. When monitoring the interface I noticed a lot of errors and the throughput on solarwinds was seeing was 400mbps. I swapped the fibres and the throughput is now 1.5gbps with no errors. Both ends of the link see it as a 10gbps link. If the backup servers etc can handle sending and receiving 10gb is there any reason the link is only being 10% utilised? Is this normal or expected? Even though the interfaces see it as a 10gbps link could it actual be less in real life?
Okay guys bear with me here, this is going to sound strange, but here is what I'm trying to do - I have a USB WLAN card that I have attached to my Win10 PC. I'd like to use that to create it's own WIFI network - it doesn't have to bridge or connect to my actual primary (internal) network connection, I just need to create another new wifi network that will exist to allow devices to connect to it and then to communicate to each other through this small isolated wifi hotspot that I create.
I've been trying to figure out how to do this, but all I seem to find is how to share your EXISTING wifi interface to a hotspot, instead of how to utilize a second WLAN NIC to create ANOTHER network. I know i could just get a DLINK cheap WifiRouterAPall-in-one thing to do this, but I'd like to do it from a USB attached to my PC.
Any ideas? Did I explain my usecase properly, or should I provide more information to give more insight.
I recently worked in a preconfigured virtual lab environment which had a Juniper vSRX configured in it with multiple VRFs. Each VRF actually had OSPF running between the VRF instance and the default routing instance. Interestingly, this was carried out by looping a cable from one interface configured in the default instance to another physical interface configured in the VRF instance. Seems like a waste of interfaces since you could just export routes from VRF tables into the default instance without OSPF in both Junos and IOS. But I am curious how else you could configure OSPF between VRFs?
Is there a way to configure OSPF between VRFs virtually rather than this kind of physical linking? I realize the configuration for this could be very vendor-specific, but just curious at the methodologies. Anyone ever used this kind of configuration in production?
Hey Guys! So I was doing some research on sys log server. What platforms do you guys use in your network Environment? Currently looking for somethat that is somewhat better than Kiwi Syslog because I believe all the logs recorder are just saved on a text file.
Been doing some searching around in the internet and thought I would ask you guys.
I'm new to EVE-NG. I added a MikroTik node and then a Cloud0 (management cloud), then enable the DHCP client in MikroTik and MikroTik can ping 8.8.8.8, but when I traceroute it's not working, what could be the reason? Don't the ping and the traceroute use a similar protocol(icmp) internally?
ping:
[admin@MikroTik] > ping 8.8.8.8 SEQ HOST SIZE TTL TIME STATUS 0 8.8.8.8 56 128 97ms 1 8.8.8.8 56 128 95ms 2 8.8.8.8 56 128 94ms 3 8.8.8.8 56 128 94ms traceroute:
[admin@MikroTik] > tool traceroute 8.8.8.8 # ADDRESS LOSS SENT LAST AVG BEST WORST 1 192.168.19.2 0% 2 3.4ms 5.9 3.4 8.4 2 100% 2 timeout 3 100% 1 timeout 4 100% 1 timeout P.S:
I absolutely have no idea what that 192.168.19.2 is! Maybe it's the cloud node?! Then why is it stopping traceroute?
Also MikroTik is 192.168.19.132/24 (ether1) and my computer's VMnet8(NAT) is 192.168.19.1.
Thought I'd tell y'all a story about a problem that had me stumped for a few days. That and allow google to index it to save someone else this experience.
I get put on a project to help a customer migrate from the internal IP address scheme based on 192.0.2.0/24 to a more appropriate RFC1918 compliant subnet. Step one is to clear the low-hanging fruit: We're moving the IP surveillance cameras from 192.0.25.0/24 to 10.1.25.0/24.
So the Exacqvision server (Windows 10 appliance) has two interfaces, one for management and access (192.0.2.20/24 on vlan 1), one just to talk to cameras (192.0.25.3 on vlan25). I create the new 10.1.25.0 network on the core router (which is a SonicWall firewall but hey, thats the way small offices with Netgear switching roll) and attach it to vlan 25. Move the first camera, update its IP in exacqvision, and all is well. So I move the rest of the cameras. Check the firewall and of course its routing 150mbit of camera traffic, so I switch the IP of the vlan 25 NIC to its new IP addresses and... nothing happens. 150mbit still going through the firewall.
I disable and reenable the cameras, no dice. Reboot, no dice. netstat confirms that exacqvision is using the 192.0.2.20 NIC to route to 10.1.25.0/24 even though 10.1.25.3/24 is DIRECTLY CONNECTED and UP. The route table shows 10.1.25.0/24 on the correct interface. arp shows nothing but the firewall IP and MAC. Traceroute to camera 10.1.25.100 shows its directly connected. And yet... every camera is being routed from the public vlan1 interface.
I figure it has to be the Exacqvision service picking the wrong source interface, even though I don't know that's a thing the OS would allow it to pick, because traceroute indicates that other applications are using the correct interface.
As it turns out, however, that's not the case. After a few days to clear the head and return to the site, I did a test that found the real problem: Unplugging the 192.0.2.20 interface stopped connectivity to the cameras.
The inside vlan25 NIC... was configured for vlan1 on the Netgear switching. 150mbit of camera data was always being routed by the firewall, even before I got there.
Once the vlan issue was resolved, arp started showing all the camera MAC addresses. New connections from Exacqvision started going out the correct interface.
Why did I get an arp from the sonicwall on that interface? No idea.
Why did traceroute show directly connected to the camera? No idea.
Why did windows fail silently to access 10.1.25.0/24 through a directly connected interface and then decide on its own to use a different interface to try route it? No idea.
(Also: Why was the TTL of the pings I was getting the SAME when it was going through the firewall verses when it was directly connected after the fix? No idea.)
Thats my story. Quite a walk for a problem that... kinda didn't turn out to be the network in the first place. But thats why network engineers tend to be good at so many other things... we have to be able to point to where the problem really lies because so many things look like network problems.
Key phrases for the google: Exacqvision accesses camera through wrong interface. Windows 10 uses wrong interface
I would like to set up a web filter for my work. I am looking for something free and easy to use. I am simply trying to restrict web access to business related sites and am not sure if that is best done on each PC or via the entire network.
So let's say we have a scenario where a router has one of it's links congested because say that link is connected to a server which is being patched and therefore the link is getting overloaded which is causing problems or slowness of that link and also the server itself is not able to say use it's services properly.
Now how do I go about troubleshooting this issue if-
if I have access to the router(ssh access) and have no idea that the issue is being caused by a server being patched (say I want to look at which link is getting saturated).
if I do not have access to the router at all but have access to say a firewall (like checkpoint,Cisco ASA or something) and say I could look at the logs or something.
Hello everyone,
I have run into a weird situation with my IP phone system (Primus/Polycom VVX) while developing a new network. I have created a VLAN on a Fortigate 100D with an ID of 774 and assigned it to my LAN interface which contains 5 ports on the Firewall. I also made the VLAN a DHCP server as well so the phones can pull an IP from it. I replicated this VLAN in the Cisco SG350 switch with the same VLAN ID. I trunked a port on the switch to the Fortigate which allows our corporate (data) and voice (774) VLAN. I then set an access port to allow VLAN 774 and connected my IP phone to that port on the switch. When the phone powered up, it didn't get an IP address. As a test, I switched the port that the phone is connected to from an access port to a trunk port and now the phone is able to get an IP and make calls. I'm confused to how this is happening, is the phone sending VLAN-tagged packets that the access port isn't able to read? Is there something I can do different so I don't have to make 10+ ports on my switch trunk ports?
Good day everyone.
I currently have the task of getting our network ready for a sniffing appliance, and as such, need to configure RSPAN on our switching stack.
We use a couple of 9300's as our core switches. Nexus doesn't seem to support RSPAN, so I'm sort of stuck with having to configure ERSPAN to route mirrored traffic to our destination switch.
I'm a bit rough on routing, as it's been a while since I'm mostly doing layer 2 level configs on our stack. What i'm trying to say, is go easy on me.
Here is a quick, dirty sketch of the network:
To test things out, I started by creating a gre tunnel between the 4510-1 on the left to the 4510-2 on the right.
these are the configs:
###4510-1### interface loopback 0 ip address 1.1.1.1 255.255.255.255 interface tunnel 1 ip address 172.31.0.1 255.255.255.252 tunnel source loopback 0 tunnel destination 3.3.3.3 tunnel mode gre ip ###4510-2## interface loopback 0 ip address 3.3.3.3 255.255.255.255 interface tunnel 1 ip address 172.31.0.2 255.255.255.252 tunnel source loopback 0 tunnel destination 1.1.1.1 tunnel mode gre ip both show as up: (exactly the same on the other end, but reverse, obvs)
Loopback0 3.3.3.3 YES manual up up Tunnel1 172.31.0.2 YES manual up up
routing is enabled on both switches. Can't ping either side.
I know i'm missing a crucial element to get these two ends to talk, but I just can't think of it.
I feel like there needs to be some sort of manual route entry or something; i'm just plain stumped. Any advice? or is this an exercise in futility?
Is Zayo’s support absolute garbage or is it just the tech I got?
I’ve got a new 10Gb circuit turning up, never used Zayo before, and while I have a link and can pass traffic using the /31 and /126 if I add default routes, I’m not able to get BGP sessions up for IPv4 or IPv6 which means I can’t announce my space... The TCP sessions are just sitting at SYNSENT.
I opened a ticket yesterday and all the tech did for his first few replies was ask questions I answered in my original ticket. He was totally ignoring the BGP part of the ticket and kept acting like if the link is lit, everything is working.
Now, overnight, it seems as if my ticket disappeared from their portal. Somehow the tech managed to mark it as internal only because the chat rep could see it and told me I’d have to call in.
I guess as a related question, anyone who has used Zayo, do they do anything quirky for BGP that would prevent my session from coming up like my other provider links? This should be like 5 lines in the “router bgp” section of my ASR but it’s just not working.
Hey guys,
Wondering you guys have any suggestions for load balancing two 100Mbps Internet connections from a SD-WAN type router with firewall built in.
I know Palo Alto can load share WAN connections and act as a router but was wondering if there is anything more SD-WAN specific from Cisco or another manufacture?
I'm getting AWS Route 53 set up for a domain that's registered with Namecheap and I was just plugging in my aws delegation set as the nameservers under the custom dns bit in Namecheap.
Is there any benefit here from entering the static IP of the AWS dns servers rather than the domain name I've been given (looks like ns-xxx.awsdns-xx.net)
I read something about this here that's confused me a bit - https://serverfault.com/questions/222641/in-dns-can-an-in-ns-point-to-a-cname
I have been trying to troubleshoot this issue for 2 days and i still can't come up with an answer. we have the current setup:
FG100D <->cisco 3750 <-> ASA
on the switch, we have a bunch of static routes used for voice traffic pointing to the ASA. while our default route points to the fortigate for all other traffic. This setup suddenly stopped working and we noticed that we can't even ping the fortigate from the switch. After further investigation, we found out that whenever we add a default route to either firewalls, the switch stops communicating with that firewall. Removing the default route allows us to communicate normally again with both firewalls.
Initially we thought it was because of the switch, we changed into an Aruba 2930F, and the issue persisted
On the firewall side, there are only routes pointing to our LANs and 1 default route pointing to the internet on 2 different providers
Is this a routing loop? What could possibly cause this behaviour?
We have a case open with tac who are at a total loss.
Bunch of 1815 AP's in a branch office utilising flexconnect with a 9800-cl wlc back at hq. We have a ssid authenticating with psk. No problems with Android devices or laptops.
For Apple though some users when homed to certain access points cannot connect. Either get a message saying wrong password, or just says cannot connect. Wlc logs show nothing wrong, they go through the authentication process and then just drop off.
If these affected users move to another part of the office, closer to different access points, then they can connect with no issues, using same psk and ssid.
Totally weird. Anyone able to offer advice?
Anyone having this?
Four ASAs reboot twice today at the same time, in different Data Centres.
Crashinfo files are in the flash, but just wanted to see if anyone has seen this before? Note they are only in VPN Load Balancing Mode at each DC (2 x DC).
Some possible theories I had were -
Some type of bug that has to do with the Date & Time or something expiring
Some type of targeted attack
This is the first project I am soley responsible for and I'm not as confident as I'd like to be. I'm respectably savvy with older ASA. I have to make a hardware recommendation(model) soon and I don't know all of the project requirements yet. I have asked. I came up with several solutions but would love to hear your thoughts on what I am thinking I should ask for.
- They require new Cisco FTD 1000 or 2000
- I'm currently given 1 IP address at our location and of course will be asking for more.
- Low bandwidth usage
- Secure site to site required to 4 locations
- Branches can't access each other but have total access to our network.
- 3 VPN clients
- No domain registration for our site
Would you change the following?
- IP addresses: Request a total of 6 IP addresses. 1)PAT, 2,3,4,5)site-to-site, 6)Client VPN
- Routing: Route with FTD, policy routes from accessing one another.
- point to point vpn for branches
Can I get away with less than 6 IP addresses if I want to keep it simple?
I am struggling and spending a lot of time in Cisco documentation on these new models. I am assuming I can have all 6 IP's and described services run from one FTD port to a modem?
Does a FTD1120 fit the project?
I have Cisco 5585-X pair in HA, life was good until yesterday we got hiccups and this is what i found, if you notice in output there are two uptime so what uptime i should be looking at?
Does my device got rebooted or not? and why one saying 7 hours and another saying 2 hour?
ASA-1
asa-fw1/pri/act# sh version Cisco Adaptive Security Appliance Software Version 9.6(3)1 Device Manager Version 7.1(1)52 Compiled on Thu 30-Mar-17 21:40 PDT by builders System image file is "disk0:/asa963-1-smp-k8.bin" Config file at boot was "startup-config" asa-fw1 up 7 hours 5 mins failover cluster up 1 year 294 days ASA-2
asa-fw1/sec/stby# sh version Cisco Adaptive Security Appliance Software Version 9.6(3)1 Device Manager Version 7.1(1)52 Compiled on Thu 30-Mar-17 21:40 PDT by builders System image file is "disk0:/asa963-1-smp-k8.bin" Config file at boot was "startup-config" asa-fw1 up 2 hours 5 mins failover cluster up 1 year 294 days I'd like to know how mobile applications keep me connected when I switch between 2 (or more) networks. I just open the app and it does not ask me to sign in again.
Is this because the authentication is based on token and the token has my MAC address? or something else?
I find it interesting
Has anyone used these?
My company is expanding internationally and used a local resource to source the IT equipment. We had a say in what what purchased so we spec'ed out the router but I didn't pay a lot of attention to the switches as they selected a 2960L. I didn't catch the "sm" in the model name. When I started to configure the switches, I discovered the command line interface is limited to info and troubleshooting. So I dig into the web interface- This is a layer 2 switch but the ports have an option to be routed? There is also an option to configure SVI's?
I am fairly new to networking and wear a bunch of hats (network/telecom/cellular/admin) so I have some outside help on the configuration. The guy I am working with has not seen any switches like this. Since the switch is layer 2, we built the router config as "router on a stick" with sub-interfaces. Should I keep this config? Being new with little experience, this job has my head spinning.
Hi Guys,
We have bandwidth hogs here in my office and I'm tired of our internet slowing to a crawl. (2.5kbps)
I read once, a long time ago that I can enable a min bandwidth guarantee per each and every IP via a sonicwall rule. But I can't for the life of me find the article anymore.
We sometimes have users upload or download huge media rich files that take days to upload, and for some reason they slow everyone else to a crawl. You would think that the sonicwall would let the other people through too, but I guess since the priority is all equal it just lets the hogs consume it all?
Anyways, there is no way to set a limit on them, because they would use two or three stations, and the bandwidth would still be sucked up all the way. We have 300mbps here and if I throttle everyone to 100mbps they will just use multiple computers to get the max speed, leaving the remaining users with 2.5kbps... each. We have about 20 users here.
So I know we can do minimum guaruntees per vlan, but I wasn't sure if we can do it per IP for each individual person gets 20mbps minimum. So if user 1 is maxing out the 300mbps user 2 will pull 20mbps and then user 3 will have 20mbps and user 4 will have 20mbps and each user will take away bandwidth from user 1 the hog, but when everyone goes home for the day, user1 gets to use the full bandwidth.
I know some of you are thinking just set a schedule, and do throttling per ip and limit, because so many people want to throttle the bandwidth. I think that's super complex and isn't necessary if we can just set a min guarantee per each and every ip of 20mbps. All the bandwidth rules are there, I just don't know how to create an object for each and every ip.
Anyone know how to create a min guarantee per ip on a sonic-wall version 6.5 I think. NSA 3500.
Anyone have input on best practices for subnet/VLAN sizing in a campus environment? I am particularly interested in how big is too big. I have found a few opinions saying don't go larger than /23.
Hey r/networking,
I'm a lone sys admin at my office and that also encompasses our networking equipment. I've run into a bit of an issue that I've been digging through documentation to attempt to figure out but am coming up dry.
We've got a pair of Netgear M7100-24X switches that are being used to move data between two clusters of servers and two SANs. These are currently serving as stand-in units while we wait on new switches to be ordered, but in the mean time I've noticed something weird. All of the ports are showing at 1000 Full Duplex, but the VLAN they're a member of is showing up at 10 Half Duplex. As a result of this, data transfer is painfully slow, and it's something that I need to get resolved fairly quickly. Here's the status from the switches:
(M7100-24X) #show interfaces status all Link Physical Physical Media Flow Control Port Name State Mode Status Type Status --------- ---------------------------- ------ ---------- ---------- ------------------ ------------ 0/1 Up Auto 1000 Full Copper Inactive 0/2 Up Auto 1000 Full Copper Inactive 0/3 Up Auto 1000 Full Copper Inactive 0/4 Up Auto 1000 Full Copper Inactive 0/5 Up Auto 1000 Full Copper Inactive 0/6 Up Auto 1000 Full Copper Inactive 0/7 Up Auto 1000 Full Copper Inactive 0/8 Up Auto 1000 Full Copper Inactive 0/9 Up Auto 1000 Full Copper Inactive 0/10 Up Auto 1000 Full Copper Inactive 0/11 Up Auto 1000 Full Copper Inactive 0/12 Up Auto 1000 Full Copper Inactive 0/13 Down Auto Inactive 0/14 Down Auto Inactive 0/15 Down Auto Inactive 0/16 Down Auto Inactive 0/17 Up Auto 10G Full Copper Inactive 0/18 Up Auto 10G Full Copper Inactive 0/19 Up Auto 10G Full Copper Inactive 0/20 Up Auto 10G Full Copper Inactive 0/21 Up 10G Full 10G Full DAC Inactive 0/22 Up 10G Full 10G Full DAC Inactive 0/23 Up 10G Full 10G Full DAC Inactive 0/24 Up 10G Full 10G Full DAC Inactive lag 1 Up lag 2 Down lag 3 Down lag 4 Down lag 5 Down lag 6 Down lag 7 Down lag 8 Down lag 9 Down lag 10 Down lag 11 Down lag 12 Down lag 13 Down lag 14 Down lag 15 Down lag 16 Down lag 17 Down lag 18 Down lag 19 Down lag 20 Down lag 21 Down lag 22 Down lag 23 Down lag 24 Down vlan 1 Up 10 Half 10 Half Unknown (M7100-24X) # ...and the second switch is identical:
(M7100-24X) #show interfaces status all Link Physical Physical Media Flow Control Port Name State Mode Status Type Status --------- ---------------------------- ------ ---------- ---------- ------------------ ------------ 0/1 Up Auto 1000 Full Copper Inactive 0/2 Up Auto 1000 Full Copper Inactive 0/3 Up Auto 1000 Full Copper Inactive 0/4 Up Auto 1000 Full Copper Inactive 0/5 Up Auto 1000 Full Copper Inactive 0/6 Up Auto 1000 Full Copper Inactive 0/7 Up Auto 1000 Full Copper Inactive 0/8 Up Auto 1000 Full Copper Inactive 0/9 Up Auto 1000 Full Copper Inactive 0/10 Up Auto 1000 Full Copper Inactive 0/11 Up Auto 1000 Full Copper Inactive 0/12 Up Auto 1000 Full Copper Inactive 0/13 Down Auto Inactive 0/14 Down Auto Inactive 0/15 Down Auto Inactive 0/16 Down Auto Inactive 0/17 Up Auto 10G Full Copper Inactive 0/18 Up Auto 10G Full Copper Inactive 0/19 Up Auto 10G Full Copper Inactive 0/20 Up Auto 10G Full Copper Inactive 0/21 Up 10G Full 10G Full DAC Inactive 0/22 Up 10G Full 10G Full DAC Inactive 0/23 Up 10G Full 10G Full DAC Inactive 0/24 Up 10G Full 10G Full DAC Inactive lag 1 Up lag 2 Down lag 3 Down lag 4 Down lag 5 Down lag 6 Down lag 7 Down lag 8 Down lag 9 Down lag 10 Down lag 11 Down lag 12 Down lag 13 Down lag 14 Down lag 15 Down lag 16 Down lag 17 Down lag 18 Down lag 19 Down lag 20 Down lag 21 Down lag 22 Down lag 23 Down lag 24 Down vlan 1 Up 10 Half 10 Half Unknown (M7100-24X) # I've been digging through the 600+ page Netgear CLI manual, and see that setting interface speed is a very straight forward process, but the way to set the interface speed for your normal interfaces isn't an option when you go into interface vlan 1.
Apologies if this is a very straight forward answer that I'm just missing (I think I see a networking home lab in my immediate future), but can anyone offer some insight into this for me? Thank you!
It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts
Feel free to submit your blog post and as well a nice description to this thread.
Let's say I have a minimal setup, 2 routers running VRRP for the default gateway, and I want to run DHCP on the routers (Cisco).
What methods are there to make the DHCP server on the router redundant?
I was thinking of configuring both routers to hand out DHCP addresses, configure router 1 to hand out IPs from .5-.127 and router 2 to hand out IPs from .128-.254. this way they'd never hand out duplicates.
Is this kind of setup typical?
Good afternoon. I don’t know if this is the right place to ask for help, but I’ll give it a try. So as the title says, sometimes the internet feels like disconnected or really slow, sometimes even when I’m right next to the modem. I know some basic stuff about changing passwords, the internet channels, etc. But I can’t get to fix this problem. The speed test goes all well, but when using reddit/instagram, it takes almost forever. I can’t really see videos in this two apps.
So I have a low powered VPS, that I use for testing and do a couple mundane things on.
I recently posted about my work using SSL inspection. I read about using SSH tunneling as a work around. So I just want to confirm the security aspect of what I am doing or if there is anything I need to setup or secure on my VPS.
Using putty I setup an ssh tunnel and selected dynamic port. Specified a source port, let's say 8888. Connected to my VPS.
Opened up Firefox and specified custom proxy and selected SOCKS host 127.0.0.1 and the 8888 port. Verified traffic was flowing and confirmed my IP was showing the VPS IP on ipchicken and it's geo-location.
Is there anything I need to be worried about from the VPS side or the host being able to capture? IE if I did banking or anything transactions via using this connection?
The job is in the market for a new switch, and I was wondering if anyone had any recommendations for a SMB. It doesn't need to be anything super fancy, this would replace a 16 port Netgear, but it does need to provide metrics to see what's happening with it.
It's a small company, and the three employees and the twelve servers will be sharing the switch. Not the most ideal setup, but it will work until I get a bigger budget. I'm the systems engineer in the office, by the way, and while I'm very comfortable with Linux and Unix-like OSs, I haven't worked with networking equipment full time in a while.
Needed specs:
Nice to have but not particularly important specs:
Not needed specs:
Budget: <$1K (US), preferably
Candidates:
Also, it does need to be new, and I don't need a support contract. I love refurb equipment too, but not right now.
Hi,
I have an odd use case in which a team needs local 10 Gbps switching with POE. I see very few 10 Gbps switches that do it, but maybe I'm just not looking in the right places.
I have a simple question about POE injectors: can you plug one into a 10 Gbps (obviously copper) switch port and expect it to work as it would in the more typical use case with a slower copper port? I understand that doing this will necessarily slow down the port to whatever speed the injector is rated for.
Thanks!
Looking for some opinions and real world experience here.
We're looking to implement top of rack 24 or 48 port 10gb SFP+ switches for a new Server Rack. Workloads are VMware servers + iSCSI storage + a few misc servers.
Switches will be supported by a separate 1gb/s ethernet switch stack for 1gb ports with 10gb/s SFP+ uplinks.
We're being quoted both Cisco and Aruba switches for this but aside from the differences in support (HP lifetime vs Cisco Smartnet) what is your real world experience like comparing these switches?
Aruba 8320 + 6300M series
Nexus 3524P-XL / 3548P-XL
I need to configure NTP on a catalyst switch so that it syncs its own time with a given NTP server but does blocks all other NTP traffic. I think that can be done with NTP access-groups but I'm not sure if I get the commands right.
Would this work?
ntp access-group peer <ACL that permits the NTP Server IP>
ntp access-group serve-only <ACL with deny any any>
So ive been looking to expand my skills in python and powershell by playing around with snmp Turns out SNMP is being depreciated and the only lead on the replacement is Network Telemetry? But my google research on it is a hit and miss. Does anyone know what SNMPs future is for all networking devices? Or what i should be looking at to pull network information via scripting?
Hello! I'm the "IT Guy" for my employer and I'm struggling to set a couple things up. We're currently hosting 2 servers at our office, and they both need to be publicly accessible. We only have 1 static IP from our ISP, and the servers are both behind a Unifi Security Gateway.
How would I go about setting up the ability to use two hostnames, to each point at one device?
Currently we have server.xxxx.com pointing to our IP address, and if I configure the DNS records for server2.xxxx.com it still goes to the same device.
Do I need an internal DNS server to point incoming traffic to the correct IP? I cannot get a second static IP from our ISP at this time.
I'm a Network Admin for a company that invested in CheckPoint firewalls a few years ago. We have a couple of issues I was wondering if anyone else had experience wtih. (1) Is there an easy way to apply firewall rules to VPNs? (2) Has anyone else had site-to-site VPN issues between CheckPoint and SonicWall manufacturers?
Regarding issue (1), with our old (and missed) Cisco ASA the concepts of a site-to-site VPN and firewall rules were decoupled. If you wanted to create a firewall rule you would simple say something like src:10.1.1.1 dst:10.2.2.2 service:tcp/22 allow. If that traffic happened to be coming over a VPN, or from DMZ > Inside zone, it didn't really matter. I spoke with a tech support agent at CheckPoint about this and they told me to achieve the same level of granularity I'd basically have to create a new VPN rule for each traffic flow. I'm curious if anyone with CheckPoint fierwall experience can speak to this; maybe there's an alternative?
As far as issue (2), we have around 15 site-to-site VPN's, and we constantly had issues with two of our VPNs that happend to be terminating to SonicWall devices. After a few months of troubleshooting and not finding much, we ended up moving the VPN's to our older Cisco ASA's and the issues immediately stopped. When the issue would occur, the remote end would be unable to initiate traffic to bring the tunnel up. I would have to log into a server and send a PING or other type of traffic to bring the tunnel up, and then bidirectional traffic would flow just fine from anywhere between 4hrs to a few days. I'm mainly curious if anyone else experienced this issue and, if so, if you ever found a solution.
Hi All,
I am currently working on a project where I would like to have a public web server in my DMZ Zone and the LAN obviously secured.
My question is what will be the best practice since I never worked with Firewalls, shall I put the firewall before the L3 router or after ?
Hi everyone,
Lets make this discussion a reference point to the new member of the network community to start there careers.
My question in detail is:
As someone who just graduated from university with a degree in Network security engineering, I found it difficult to make up an opinion regarding where should i go,
for example i love L2 and L3 of my studies, so i took CCNA RS and planning on CCNP RS,
but to build a great career that can help you work anywhere in the world you want; should you choose a bath for example L2 and L3 and from the beginning take it and develop your skills in it, or first few years jump around into for example: data centre network or network security (firewalls, proxys, load balancers....) or automation and development.. And maybe you love different things..
So whats your opinion and experience one path the whole way or jumping around?
Thanks for any one help us with his/her opinion🤘
I hope it get pin pointed so everyone can benefit from it.
Is there a way to remove the firmware on a sky Q hub so i can use it as my own ISP router?
Self-signed X.509 PKI certificates (SSC) that were generated on devices that run affected Cisco IOS® or Cisco IOS XE software releases expire on 2020-01-01 00:00:00 UTC. New self-signed certificates cannot be created on affected devices after 2020-01-01 00:00:00 UTC. Any service that relies on these self-signed certificates to establish or terminate a secure connection might not work after the certificate expires.
This issue affects only self-signed certificates that were generated by the Cisco IOS or Cisco IOS XE device and applied to a service on the device. Certificates that were generated by a Certificate Authority (CA), which includes those certificates generated by the Cisco IOS CA feature, are not impacted by this issue.
https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html
Hi guys,
Does anyone know of any freeware radius servers that support MAB in a scalable/manageable way? - ie just a lookup to an external list/file that we can easily add new macs into.
Ideally it would just be a list we can append single device mac addresses into (however, we are talking thousands of mac addresses)
This is part of a requirement we have been asked to look at as an interim solution, before we deploy more network segmentation / Proper PNAC/Identity profiling next financial year (I have highlighted that MAB is not secure however people still want to investigate it as an interim solution)
I've looked at the documentation for free-radius however the MAB functionality looks like some esoteric regex pattern matching. what we want to do it export known mac addresses from something like solarwinds UDT and import these into a single MAB list within a radius server - oh did I mention that this has to be free !
All google services this morning in the Balkan area were down from about 8:30 to 10:00.
Some carriers rerouted Google elsewhere for a higher latency.
Anyone have any inside info on what happened?
I have a 8510, that only seems to extend up to 800mm in the cab (maybe 1000), but I need to get it into a 1200 depth cab. The rails it uses won't extend long enough, so I'm thinking of getting a tray. However, all the trays I've looked at usually don't get more depth than 55cm. So I'm wondering if you guys have any suggestions on what I can do ? I need box in the 1200mm depth cab.
Wanted to share because you guys will understand. I passed my ICND2 today and got my CCNA in RS. I can’t believe I’m done studying for this thing.
And for giggles, the most messed up question I got was in relation to MS Azure stuff. Probably for the next version of the test but it was one of those “Really Cisco? Really....” moments. Only Cisco can write a test that leaves you feeling demoralized even when you pass.
I'll change ISP and the new ISP offers preconfigured AVM Fritz!Box 7530 modems for purchase. If I have to buy a modem, I'd like to buy one that the user has full control of.
Are there open source, open hardware modems/routers?
Hey guys, i posted a few days ago how to create a Infrastructure that sort of authenticates and logs you in to all the services in our school (we have Moodle and some Services that students created).
The initial plan was to make that happen sort of instantly when you connect to the wifi with your student credentials, but now our new plan is to get it working via 1 centred authentication page.
So for example, if you want to use Moodle/Service X,y you first go to a page like "auth.domain" and log in there, that requests the access/user token which is needed and if you go to any other service we implement that feature, you are automatically logged in.
Has someone got experience in that type of thing and could help me out with some resources? (I currently looked into simplesamlphp but couldnt test it because my test setup is only going to ready in a few days).
If my description is not good understandable just ask what you want to know i am going to answer you within 10-20 minutes.
Thanks in advance^^
Hey all,
I’ve posted this in the Fortinet subreddit, but I feel like this is a networking/routing issue.
I am running a FortiGate 100D and I have created 5 VLANs (DHCP server enabled) with 5 different subnets and assigned them to port 1, 3, 5, 7, and 9 on individual interface mode.
Here is a list of the VLANs and their IP Addresses:
VLAN 10 - 192.168.10.1/24 VLAN 16 - 192.168.16.1/23 VLAN 32 - 192.168.32.1/23 VLAN 64 - 192.168.64.1/23 VLAN 774 - 192.168.7.1/23
I have 3 Cisco SG350 switches and as a test, I trunked 2 ports on one switch, one for VLAN 16 and 32, and connected it to the VLAN 16 and VLAN 32 firewall interfaces. I then set two more ports on the switch as access ports and assigned VLAN 16 to one and VLAN 32 to the other. I then connected two Macs to those access ports, they receive the correct IP addresses just fine. Now by default, there should be no routing between these VLANs as they're in different subnets, correct? Will do my astonishment this is not the case, while the Mac with a VLAN 16 address can't ping the VLAN 32 Mac, the 32 Mac and ping the 16 Mac. I have no clue how this is the case and can use any help on troubleshooting this. There are no IP policies configured on the FG that relate to these VLANs/interfaces/subnets. Here is a picture of the physical set up, here is a screenshot of the Cisco switch VLAN config, and here is a screenshot of the interface setup on the FG. I feel like it's a routing issue, as if I create a zone, add all VLANs in it, and allow intra-zone traffic, both Macs are able to ping each other. I'm just confused to how any of the VLANs can communicate with no IP policies being created yet.
Hello guys,
I have only some basic knowledge about networking and since several days I'm trying to solve this issue. I cannot replace ISP's shitty router, so I have double NAT. Everything is fine, except I cannot set up a VPN for accessing files remotely from the mobile. The network looks like this:
https://i.imgur.com/rsxvXow.png
ISP router has no bridge mode available, so on ISP router I set a static IP for USG WAN port - 192.168.0.2 and added it to DMZ. I used No-IP DDNS, since the public IP is changing dynamically and followed the tutorial of enabling RADIUS server on USG, creating user and network. Then I discovered that I cannot forward 1701 port used by L2TP, because it's reserved for another service on ISP router. Any ideas for workarounds? Maybe I'm missing something?
Hi...Hopefully I can describe this well enough. The specifics: Network with about 300 users, 12 switches for distribution (Unifi), Unifi wifi throughout building, onsite Unifi controller, Xfinity ISP with static IP, Sonicwall firewall, Unifi core, and Server 2016 for AD and DNS.
Only on domain joined computers the internet (including pinging) will timeout for random pages. In other words, I can go to ESPN.com no issue, go to Google.com with no issue, but then try Amazon.com and it will time out. Eventually, Amazon will appear and work. Usually getting to a page makes it better for the immediate time, but the next day or after a period of time things return to the same randomness. Using ICMP (ping) it is the same....time out, time out, then finally it will respond. This is different on each computer and very random.
Changed to static DNS (8's and 9's and ISP) on a domain joined workstation, essentially skipping the DC/DNS on prem server. Still same results with the time out. Other computers on the same network that are not domain joined (students or chromebooks) all work as they should with no timeout issues at all.
Any thoughts would be helpful!
Hi guys, I just finished my CCNA studies and I've got everything down with the exception one one topic. How do MPLS, Metro E, and Leased lines differ? I understand label switching of MPLS but...I keep hearing that they area all the same? Like I've read that Metro E is a type of leased line, and that Metro E uses MPLS...does that mean MPLS uses a leased line?
Can have MPLS without Metro E? Would that just be Serial connection? Is a P2P metro e line the same thing as a leased line but just ethernet instead of serial?
Hey all,
Posting here because I'm at the end of the troubleshooting I'm knowledgeable about and Brocade support wasn't much help.
My configuration: Brocade 7450, port 1/4/1, 10GE LR 10km SFP+ Brocade 7250, port 1/2/1, 10GE LR 10km SFP+ Multimode Fiber No additional port configuration, both ports show as 10gig.
When these are connected, I get links up on the 7250, with a LK-DISABLE status. The 7450 port 1/4/1 shows as down. When I disable 1/4/1, port 1/2/1 on the other switch goes down, so I know they are connected.
I have tested the SPFs by plugging them into the same switch and looping them, both ports show as up. (One LK-DISABLE to prevent the loop) But it won't work between the 7450 and the 7250. Fiber vendor is confident their physical is correct. I have the correct licensing on both of my Brocade switches. Firmware on both is the same, version 08070e which is a known good version.
Am I missing something here? I've got this working between other Brocade switches just fine. About to test the fiber with Cisco switches to make sure it's not a Brocade configuration/bug but I'm sure it will be.
Hey all!
I'm trying to configure some VPN tunnels in a new environment I inherited with a Cisco Firepower FTD firewall as our endpoint, but a unique config is requiring that the tunnel be terminated to an IP address that isn't the one directly assigned to the outside interface. My outside interface IP is RFC1918 (10.10.10.1 in diagram) because the path to our internet egress traverses a separate internal network, but our public range is routed from that network to my firewall's outside interface and my public IP range (x.y.z.0/29 in diagram) is reachable from the public internet. x.y.z.1 is my PAT address from the devices inside the firewall and that egress also works properly.
The issue here is that when trying to create a VPN tunnel, it requires that the local VPN endpoint IP be an interface IP (my only option when choosing my outside interface is 10.10.10.1) and will not allow it to be one of the public IPs I have that isn't the exact interface IP. Is there another way to get it to specify the source address of the tunnel as one of those public IPs?
Diagram - https://i.imgur.com/8tVqAa3.jpg
The background on this is that we have an old server running Windows Server 2003 that runs a legacy accounting application. We finally migrated to a cloud-based system a year ago, but of course, this server must be kept running indefinitely for audit purposes. We have no support for the application (nor did we for the previous 5 years I've been here when the application was actually in production), so we try to touch this server as little as possible lest we mess something up.
Since it needs to stay running, we want to wall it off from the rest of the network as much as possible. It's on our Active Directory domain, so we want to maintain the ability to authenticate with AD. We also need to allow access from a small number (3-4) of dedicated laptops but want to limit access beyond that.
One of the ways I've been looking at doing this is by enabling security at the switch. Our core switch is a 5406R and our access is a 2930M stack. I'm planning to create a new VLAN for the dedicated laptops. Those machines should have access to a domain controller for authentication, the accounting server, and nothing else. We plan to connect them to an unmanaged switch in the accounting department and bring it upstairs to a port in the access stack. I'd like to limit the server to connections to/from the domain controller and the dedicated laptops. None of these machines should have internet access.
Looking through the Aruba documentation, there appear to be a few ways to do this.
Based on the information provided, can anyone suggest the best way to accomplish this task?
Thanks,
Hi All
I have a core switch (5412zl) with vlan 100 MGMT configured.
I also have 3 sets of switches downstairs (several floors down) which are connected via fiber. All three switches have MGMT 100 configured and tagged on the fiber port.
x.x.100.20 (Accessible)
x.x.100.21 (Accessible)
x.x.100.22 (Not accessible)
I also have my core switch's fiber ports tagged with MGMT 100 as well.
Now, I can ping/traceroute 100.22 from the core switch -- I can also ping it from other auxiliary switches that have MGMT vlan 100 configured -- but I cannot hit 100.22 from my PC or any other machine on the network.
Any idea what could cause this?
Hi all,
Weird one that I haven't encountered. I have some Cisco UCS C240 M5SX's that are sending a 36 character string as their DHCP client-id rather than their MAC address as I would expect. This is making it hard to deliver configs via PXE, do DHCP reservations, etc before hand.
Does anyone know where this identifier is coming from? They all seem to start with "b6220feb00020000" and then a changing 20 character string that tends to start with "ab".
Switch 1-------------------------------------------------Sw3------------------------------------Sw5
| | |
| | |
| | |
Unmanaged SW ---- Device 1 Device 2 Device 3
|| | |
|| | |
|| | |
Switch 2-----------------------------------------------Sw4--------------------------------------Sw6
The figure above describes a network we plan to implement on a moving vehicle. The devices represent computers which send signals to the propulsion units on the vehicle allowing it to accelerate, decelerate etc. With the exception of the unmanged switch, all switches are L3 with a single VLAN spanning across the entire network shown above.
The idea is for Device 1 to be able to constantly communicate with either Device 2 or 3 at any given time. Originally Device 1 was only connected to Sw1, but to add more redundancy, a second link ( represented by ||) was proposed. This was supposed to allow for a single failure (of either Sw1 or any of the links) and provide an alternate path for Device 1 to communicate to 2 and 3. During some basic connectivity tests, I ran simultaneous and continuous pings from Device 1 to Devices 2 and 3. However, upon unplugging any of the primary links or killing Sw1, both ping streams are affected and it takes about 30 seconds for them to recover. The transition is not seamless and this 30 second gap is considered an unacceptable failure condition.
All the devices are on the same network with RSTP running on all switches. Trunk links have been established and the behavior is generally predictable. The unmanaged switch however is from a different supplier and is flat with no configuration on it. The ports on Switches 1 and 2 connected to this unmanaged switch are access ports. What is causing this behaviour? What can be done to rectify this? Thanks!
EDIT: Sorry, the formatting is screwed up! The crude illustration was that of a ladder type network with Switch 3 and 4 connected to Device 2 and Switch 5 and 6 connected to Device 3.
EDIT2: Grammar.
Hello,
My brocade (Switch-1) switch is connected to another switch called Switch-2 (IP 192.168.12.1). There is another device behind switch 2 with IP 192.168.1.20. For Switch-2 they did a static route and now switch 2 can ping 192.168.1.20
Switch-2 has a Vlan created 333.
I connected the Switch-2 to Switch-1 and I added the VLAN and everything and static route. Now I can ping from Switch-1 Switch-2 and also I can ping 192.168.1.20 from Switch-1.
I have another pc that is connected to Switch-1 with another VLAN. This PC can't ping Switch-2 and can't ping the device 192.168.1.20
Can someone help with the configuration
I am trying to route traffic between two specific "inside" ASA Interface of the same security level in order to connect two customers under our same firewall. I know this can be done with "same-security-traffic permit inter-interface", but there are many other customer networks and I cannot have them intermingle. So far, my efforts to get around this policy with ACL's have not been successful.
I've been studying for my CCNA for 1.5 years. I've failed it 3 times. I can't seem to get a grip on the multiple choice questions. Everytime I go in to test, the way the questions and answers are worded kills me everytime. I only have 2 months left to pass my exam - does anyone have any tips please? I've poured thousands of dollars into online courses through Cisco, Udemy, CBTnuggets, Network Engineer Academy, text books and more. - I'm goingto become very depressed if I just spent 1.5 years studying for an exam that I will never be able to get.
I understand the material - I can do the labs. I do the labs everyday and if you ask me a question related to the CCNA I can answer it in words. But when the questions come up I feel like I just can't read them. They don't make sense in my head, and I look at the answers and they all kinda look right.
Any advice is appreciated.
Hi All,
I am in the process of finalising a server environment that is geographically located in two seperate locations
For the WAN side the 2 firewalls connect to our PE routers and is working fine
On the LAN side for the server resiliency I am running a VPLS connection between the two switches with VRRP running over this. The gateway address 10.0.1.1 floats between 2x SRX firewalls with the SRX in Location A being the primary.
The host's can all communicate via ping and can access the internet
Host 1 in Location A has the IP 10.0.1.10
Host 2 in Location B has the IP 10.0.1.90
The issue:
Unable to access webpages hosted in location B from Location A or vice vera
The web-pages do respond as I can access them from the WAN side
Ping between the hosts:
C:\Users\Administrator.JUMPBOX-EN1>ping 10.0.1.90 Pinging 10.0.1.90 with 32 bytes of data:
Reply from 10.0.1.90: bytes=32 time=1ms TTL=64
Reply from 10.0.1.90: bytes=32 time=1ms TTL=64
Reply from 10.0.1.90: bytes=32 time=1ms TTL=64
Traceroute from Host 1 to Host 2
C:\Users\Administrator.JUMPBOX-EN1>tracert 10.0.1.90 Tracing route to 10.0.1.90 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 10.0.1.90 Trace complete.
Telnet 443 from Host 1 to Host 2 - Connects
I have checked the firewalls and the traffic isn't hitting it as the devices are technically on the same LAN
What would be the best method for diagnosing this?
Hey nerd fam,
I've got ISE 2.4, though I'll be upgrading it soon. I'm looking to setup a sponsored guest portal... and while I know I can build out the components involved (ACL's, Policy authZ, etc) by hand, I wanted to test out the wireless setup wizard. Videos make it seem pretty simple to use, but because they slap BETA on it, throw warnings around and have it disabled by default... I can't figure out one simple question. Will it leave my existing WLC configs for other SSID's and my existing policy set for ISE alone and just add the components additionally to what's already there? To confirm, the "feature" is accessible in the upper right corner in a drop down menu that also has PassiveID setup. Thanks for any help!
I just saw it on the morning national news? I hadn’t heard anything. We have a lot of sites on Verizon but haven’t noticed anything down.
If you Google “Verizon outage” there are multiple outlets reporting it.
Recently i have started migrating some switches from OSPFv2 to OSPFv3 and have stumbled over something that I can't figure out.
This is (the relevant part of) my ospfv3 config:
router ospfv3 10 ! address-family ipv4 unicast passive-interface default area <omitted> nssa no-summary Now, coming from ospfv2, what I expect this to do is leave any interface that has not been explicitly configured as "no passive-interface" in passive mode.
But whenever I go on and add an interface to the routing process using the command below, since I want it to be advertised in the network, IOS XE goes on and automatically whacks a "no passive-interface" into the OSPF config. Which I have to remove again, since I don't want my OSPFv3 building neighbourships over my access VLANs.
ospfv3 10 ipv4 area <omitted> Did anyone else here come across this and figure out how to actually set "passive-interface default"?
Can anyone help me out with exporting and accessing logs on Checkpoint FWs? We are on R77.30. I can view the current logs through Tracks on the Smart Console but I cannot figure out how to export the logs from there. Also it only displays logs of about the last 24h. I suppose the older ones are stored?
I tried to look things up on the Checkpoint communities but they are not very helpfull as they assume you know how to access everything on those stupid boxes.
As title. I got it downloaded and have used it and it seems...interesting. Kinda interested in seeing how it would be as an edge router and an MPLS P. Seems like it would be very interesting.
The other thing I found cool is that it apparently has a control plane/forwarding plane separation in it. The forwarding plane part is apparently DPDK...which is VERY interesting. Could bring a crap ton of PPS of throughput.
Anyone mess with it yet?
I work for a small voice provider and we use public internet termination in combination with MPLS circuits to feed our voice network trunks. In the days of least cost routing our calls can be originated/terminated almost anywhere in the world and so we accept UDP traffic from many AS's around the globe.
Now, we will get tickets for our VIP customers where we need to figure out why we lost RTP UDP packets over the public internet. We have used bgpmon.net to monitor our own prefixes and use a variety of external "reachability" services but those dont give us a view of sub optimal route changes between any AS in the world and our AS at the time in question.
For example, if a link goes down between the big guys, say for example, between Verizon and L3 and there is a major re-route due to a fiber cut. Did that happen at the time of the call in question.
Any suggestions that wont break the bank?
Hey guys. I'm just wondering is the CCNA test more geared to knowing the actual commands to complete a task? Or is it more of knowledge and situational based? In addition what is the best path to take with Cisco certs in your opinion. Keep in mind that I'm not nailed to the United States, meaning I'm willing to go and live in other countries as well.
I'm very new to VLAN and need a simple clarification.
I have a small Unifi managed switch to which an 8-port (+ 1 uplink) unmanaged PoE is connected. I have 8 IP cams connected to the unmanaged switch.
Can I VLAN tag all my cameras if I tag the uplink port on my Unifi switch?
I have a not-so-optimal setup on our network, with a Cisco 2900 series router facing out to the Internet with several IP prefixes announced, covering approximately 10k IPs, plugged into a "WAN" vlan'd port on a Nortel Baystack 5510-48T managed switch. Aside from that there aren't really any vlans configured to segment off individual hosts - as most of the hosts are VMs on vSphere hosts, where some VLANing is done on the [distributed] vSwitch there - and at the end of the day I end up with a boatload of ARP traffic hosing every single active port on the switch.
A tcpdump from an interface with the "WAN" tag VLAN on a non-VMware host yields no less than 8000 ARP queries per minute, presumably the result of non-stop Internet scans across the 10k+ IPs announced on the router. The vast majority of queries go unanswered as only a fraction of the IPs are in use at the time.
What are my options for reducing this number of ARP queries on the switch? Should I be looking at some kind of per-IP ARP query 'cache' time, e.g. if answer timed out, don't ask again for X amount of seconds; some kind of configuration where I can list CIDRs of IP space as currently unattended, telling it not to ask; or anything else I'm not considering? I am not overly familiar with both Cisco CLI and the Nortel Baystack switch firmware (an Avaya CLI, similar to Cisco syntax, on the managed switch).
Any input is appreciated. Thank you!
We have some new switches we're testing that have 32 x 100Gbps (QSFP28) ports
However, we still have a bunch of legacy equipment that uses 10Gbase-LR, with SFP+ optics.
We could get a separate ToR switch just for them, but it'd be easier if we could integrate all into the one switch.
What's the easiest way of breaking out each QSFP28 port, such that we can use our existing SFP+ optics/fiber?
I do believe each QSFP28 port can be split into 4 x SFP28 - which is backwards compatible with SFP+, right?
However, I can't actually find any adapters that do the breakout. All I can see are DAC cables with QSFP28 on one end, and 4 x SFP+ on the oehter, which is not what we want.
Ideally, we want to break out each QSFP28 into 4 x SFP28/SFP+ slots into which we can insert our existing SFP+ optics.
Does such a thing exist?
While I was doing some labs I found that router doesn't always send reverse poison packets when a new update is learnt.
Is there a rule to reverse poison?
It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related.
There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves!
Hi All,
yet another SD-wan bake-off post. We are in the process of evaluating the final two SD-wan vendors, Cloudgenix and VeloCloud. Yes we considered and looked at other vendors, but end of the day, this is the either-or decision.
Our Problem to solve / what SD wan does for us: Simplify the network (remove dmvpn and other complex routing rules), replace aging cisco equipment (hardware refresh), cost ($$mpls -> internet), breakout for SAS (currently backhaul to datacenters), and hopefully better end user experience, or at least no change (user experience generally is good)
Current environment is ~13 branch sites, 2 DC. Paloalto in the DCs, MPLS to sites, backhauling internet to DCs. Most sites either have the MPLS, or in some cases internet, and running DMVPN over the entire network (mpls+internet sites). Also some funky routing for the DC subnets (NSX cross vcenter, which is another story..). We do NOT have PANs at most sites, as we backhaul.
we have a current POC for both solutions, and from a pure SD-wan nuts and bolts, both work fine, able to aggregate traffic across multiple links, have a voip call while dropping links, etc.
Cloudgenix i think does a better job with L7 monitoring, and an overall better/simpler UI. Velo is a little light on details in their UI, but more feature rich for networking, and I like it supports ospf (no need to buy a BGP license for datacenter)
Of our branch sites, we have some international, including Argentina, Saudi, and Dubai. Dubai specifically has some issues in that IKE traffic is sometimes filtered on the internet connection, causing basic ipsec to fail to establish. Both Velo and Cloudgenix use non-standard tunnel formation, so this shouldn't be an issue for either.
I like the idea of the Velo cloud POP's for the international sites, although I don't have any real world experience for either solution in those countries.
The cost for both solutions is close enough to not be a deciding factor.
Regarding security posture of the two solutions, we are looking at these options:
Velo: only looking at 520v and 840v as devices, which enable the hosting of a vm50 or vm100 Paloalto firewall on the box. This means all branch traffic will hit the VM series PAN first, then onto the Velo engine before hitting internet / cloud pop, etc. We have Panorama already, and this would be an easy add-in for administration, and gives full visibility to traffic flows to panorama / cortex xdr / SIEM-SOC. Overall nice solution. Caveats are bandwidth throughput limitations on the VM series, although not really an issue for smaller sites. Also doesn't support HA (one larger site would be an HA pair), and overall adds some complexity to the solution.
Cloudgenix: Would pair with Paloalto Prisma, very neat and tidy API tie in from Cloudgenix. Traffic would flow first to Cloudgenix appliance, and SD-wan policy would push generic internet to Prisma for egress. Can also utilize Prisma for backhaul between sites potentially (it can act like a Velo cloud POP). The +/- from a security perspective, if you choose to let any traffic direct to internet (not via Prisma), PAN never sees those traffic flows, and you potentially have a lesser security posture. But if you send ALL traffic to Prisma, you loose some of the benefits of the SDwan, as it's basically just forwarding all traffic to the cloud pop anyway. And Prisma generally is more cost than the vm series firewalls on Vello.
Note.. I am aware Paloalto has an SD-wan subscription. We did look at it. it uses standard IKE ipsec protocols to create it's tunnels, which would get broken in Dubai.
So to all the other folks out there, please share your thoughts.
Which way would you go?
Anyone out there running either solution in Dubai? What has your experience been like?
Support experiences in North America vs International?
If you have deployed either solution, what has your experience been like, positive and negative?
Thanks!
I have a family member with a iphone and whenever they first attempt to connect to the wifi everything completely drops and without them letting me look at their phone im stumped otherwise.
SecureCRT 8.7 (Beta) increases your efficiency with a keyword highlighting enhancement that allows phrase and substring matches. On Windows, a dockable Command Manager lets you organize, filter, and launch commands, and local shell support lets you work in a tabbed CMD or PowerShell session. Also new are Xterm True Color (24-bit) support and the ability to include folders when filtering sessions in the Session Manager. On macOS, Dark Mode is supported.
Hello,
I can't upgrade at all from a lower AnyConnect version to a higher one regardless on the version on a local user's laptop (the user doesn't have admin rights). I can upgrade if I switch to an admin account. It seems like this is the cause, but I can't prove it or find that this is precisely the issue. Is there a way I can pinpoint it? I look into the AnyConnect logs, the DART, debug command in the ASA, the certs, and there nothing telling me that it's an admin's rights issue. Any ideas?
I am trying to setup a external route into a network that is using ATT, a Netgear LB2120 sim modem/router (set to Bridge), and a TPLink router with Dynamic DNS and port forwarding so I can connect to a IP connected system.
The issue seems to be that the IP addresses I see are different at 3 levels and the Modem .
The TPLink router shows an IP 10.32.xx.x
The Dynamic DNS service reports 107.77.xx.x
The website WhatsMyIp shows my IP as 166.170.xx.x
I was reading about how there are not enough IPv4 so ATT uses a system that shows an IPv4 to outside world but internal routing is different. Getting a Static from ATT is cost prohibitive.
Anyway, can someone educate me a bit so I can ask the right questions?
My work around will be to put a Compute Stick behind the router so it can be remoted into. Not ideal.
Thanks!
I have Cisco WS-C2960G-48TC-L switch and following images on tftp server so question is what image i should pick? and what is the difference between lanbase vs universal?
Image list.
c2960-lanbasek9-mz.150-2.SE9.bin
c2960s-universalk9-mz.150-2.SE10a.bin
c2960x-universalk9-mz.152-2.E6.bin
Hi everyone,
I'm looking for a tool all-in-one that would help me with discovery switches over LAN, paint picture of infrastructure with uplinks/downlinks and would manage devices, adding VLANs or configuring interfaces.
Client has 300 devices mainly Cisco, ECI, Siemens.
Does anyone has some experience in this area and can advise?
So this was one of my networking class final question and is it just me or this just doesn’t make any sense especially “equipment line (4)”
Can someone please help me understand this?
Describe a design for a Network graphically using Dia/Word/Freehand(pen/ and pencil)/etc… The network connections should be between a remote office and a corporate office for a business. You can also use existing sections of Cisco Packet Tracer examples (using cut/paste) for the graphical connections.
EQUIPMENT (1) 1 file server, 1 web server, 1 mail server, 1 admin server, 8 printers at the corporate office along with 8 PC clusters. (2) Each cluster has 8 PC’s. (3) 4 24 port switches at the headquarters for LAN use. (4) An 8 slot Router where 4 2 port slots are LAN connections connected to the corporate switches and Access Points and 4 1 port slots are WAN connections to the remote office and an ISP. (5) 1 24 port switch/router, 2 PC clusters, 1 printer.
CONNECTIONS (1) Each PC cluster and server is connected to the switches. (2) Each corporate switch is interconnected to a LAN port on the corporate router. (3) The Router is connected redundantly to the remote office over WAN connections. (4) The Router is connected to the ISP over a WAN connection.
Good morning, all;
First time poster, long time lurker. I have run into an interesting problem, and I wanted to see what some other folks have to say, as my usual Google-fu has only been a little helpful so far.
Internal network with Domain Controller as DNS/DHCP host. We've got a Sophos UTM 9 firewall with a Cisco SG300-52 as our primary switch, currently set to L3 mode. We've got multiple Ubiquiti Access Points in the building, all of which are attached to the internal network normally. We've got three SSIDs set up - two primary ones, one for users, one for guests, with no VLAN tag, and a third one just for our robots on VLAN 3.
On our firewall, we've got a DHCP server set up with it's own interface for VLAN 3. On the switch. we've got all of the AP ports tagging VLAN 3 traffic, native is untagged, everything else is excluded. Figured out that we needed to turn on the relay on the firewall to get internal traffic to the right DHCP server, or else anything trying to connect got confused.
Here's my problem: The confusion is still happening from time to time. I had a user, who normally connects via Ethernet, try to connect to the WiFi but they were continually being told there was no internet, despite being 'connected', and their IP address always ended up as a 169 with no gateway. Even when I assigned a gateway, it failed to connect. The only way I could seem to get it to work was by first having their PC forget the network, reconnect to it, then add a static IP address on the correct subnet to get their network/internet working.
I am positive the issue lies somewhere between the access points and the firewall - specifically, I think the problem lies with the switch port configuration. I was having some issues initially setting it up, but I figured out if I tagged VLAN 3 on the port in question and left the native VLAN untagged, traffic would flow normally. GE41 is a port one of the APs is plugged into, and GE51 is our primary LAN line, allowing all of the VLANs we have configured through it.
Any suggestions would be much appreciated. And if I left out any important information, please ask.
Firewall interface setup: https://imgur.com/ynXGsRq
Firewall VLAN DHCP setup: https://imgur.com/OMPWeSz
Firewall relay setup: https://imgur.com/LgjnDwa
Switch port VLAN settings: https://imgur.com/Qpb3ETz
AP SSID settings: https://imgur.com/7bnqn9k
In my limited experience with Cisco and some other vendors. Cisco is the least frustrating. Even their small business lineup.
It tends to just work most of the time.
Other vendors have many more little papercuts. Like being crap at either switching or routing, being picky about fiber transceivers, getting confused about STP once you first configure them.
Far from Cisco being perfect, but it is solid.
Hello
I'm a junior Network engineer, I just got this title 4 months ago but do work normally done by systems engineers Like working with Vmware, Servers etc. My company is small so we need as much skills as possible so I'm only a network engineer by title. Network engineering is my passion so what advice would you give to a someone relatively new in the field? What scripting language should they learn? How do the begin learning automation? Should getting the CCNP be a priority this early in my career?
Hey, will try to keep this simple - I'm stuck mid way through upgrading our network. I'm a CCNA been working for a 300 seat company for a year and joined with an existing flat network, all L2, using our firewall as gateway and DHCP server, all setup by someone without networking knowledge!
I've created VLANS we need, SVI's on our core for inter vlan routing, and these are working via a different L3 link to our firewall but I have an issue. Due to limitations on our Dell switches they can't run enough DHCP pools, so I'd like to forward the requests to the firewall via ip helper address command.
The Watchguard (M370 with latest OS) won't accept any config for DHCP pools that aren't in the connected interface range, which is an issue as it's a /30 to the core where all the vlan subnets are.
Alternatively, I could run a DHCP server elsewhere but we are entirely Mac based, and using Google Suite and don't have any on-site servers to run DHCP and it's unlikely we'll buy any. Has anyone heard of ways to run DHCP servers in GCP / AWS?
My team is sorting through a pile of RFP proposals this week from the major vendors for a data center refresh. Anyone have any gotchas or something that they found later was a bit of wordsmithing to change perception?
Is anyone using vyos in an enterprise network with bgp? If yes, what kind of hardware are you using and what kind of performance can one expect?
We are currently migrating to bgp instead of static-routes over a linknet between our network and our ISP and we're currently using our external firewalls to peer with our ISP over bgp. Im not sure this is a good thing and im also seeing some issues when the firewalls failover. For example the bgp-session has to be re-established, this is also confirmed with the vendor (Sonicwall) since we're using a active/passive HA-solution instead of an active/active.
We dont have huge traffic volumes or a big network, so i've been playing a bit with vyos and it seems pretty good. We'll probably just use a default route from each of our ISP's router so i am not expecting a huge routing-table.
Hai guys, I want to make policy in my network. So let say we give user 75Gb of quota and we want to make sure if user reach 50% of their internet data usage the speed will drop to 80% of their current max limit and 75% if they reach 80% internet data usage. I know the idea behind these scenario but I'm difficult to implement it via mikrotik scripting since I'm not play so much with script. Is anybody know how to write script for this scenario? Or share it here if you already know it.
Sorry for my bad english.
So to keep the long story short, we are getting two EPL lines from a ISP we need to connect to another site which we have. Our datacenter is primarily just L2 with VPC running on the leafs. And i do not want to strect a layer 2 to another site to avoid any loops as you guys suggests.
I have tried to come up with 3 solutions and i'm looking for any improvement and the best way to do this.
A diagram of one solution can be found here: https://imgur.com/a/Zwaoh7a
At the customer site, we will deploy two routers in HSRP/VRRP and each one of them connects to each CPE from the provider. If we look at the datacenter site, there will be two firewalls running Active/Passive, each CPE will connect directly to each CPE in a full mesh, and then i want to run OSPF over the EPL line to have fast convergence.
The secound solution diagram can be found here: https://imgur.com/Q3C2KVA
So in here the customer site will remain the same, but at the datacenter i will connect each CPE to each Core/Spine switch in a lacp aggregation since they are running VPC, so in this way i have a full mesh layer 2, but again then i'm strecting a routed vlan all the way back to our core switch, which i guess you guys will not recommend?.
The third solution:
I do not have a diagram of the third solution. But in this solution, i would terminate each CPE to a pair of leafs switches "in the datacenter site" in a LACP aggregation since these Leafs also will be running VPC. I will then configure OSPF on these leafs switches and then peer with each router of the customer. But would this be a viable solution at all and is it recommended?
The IP address in the diagram is the network i will routing on.
Or what would the community suggest i do?
I'm trying to understand if the Aruba 2540 can do intervlan routing. In the datasheet it says that it have limited layer 3 support but on the 16.05 firmware manual it says that if you configure and ip address on the vlan (so creating an interface on the switch for that vlan) and enable up routing you could do routing. Any hint?
Background info: I only need to route between vlans on that switch, I'm replacing a Cisco 3750 that died in emergency with multiple vlans and up routing activated, configured as router on a stick, with a route 0.0.0.0/0 that send all the traffic on an uplink to the router.
Hey guys. Im currently working on a sd wan project and looking at some router options (Cisco) . We have around 120 sites with many sites only requiring 50 to 25 Mbps for DIA. My question to you guys is how do you feel about using the ISR 1100 for these smaller sites?
I initially spec’d everything out with 4300 and 4400 with appropriate licensing but it came out to be way more expensive than just deploying vEdge 100 and vEdge1000 . I know the c-Edges(isr) support l7 firewall features while the vEdges dont so im looking for a way to get the cost difference closer in order to get management buy in.
Tldr; are ISR 1000 appropiate for smaller branch sites and when do you decide to use a 4300/4400 c edge over them. We plan to use fiber dia and broadband secondary later on.
I use csharp tcp network programming. I don't want to use one socket and one thread on the server side. which I/O multiplexing models are there?
I've been looking around for other opportunities in IT (networking, infrastructure, security, etc.). I have over 20 yeas experience.
But it is all crap out there, basically consisting of companies that want you to do the jobs of 3-4 people, be on call 24/7/365, and travel 30% of the time. Recruiters routinely lie about the scope of the job, downplay support requirements, and try to convince you it is "managerial" when it is an engineering role (aka, put in some equipment and then troubleshoot for the next 3 months)
Just talked to one tonight, and he was like "they need someone to come in and be a lead-architect and designer. It is mostly network, security, etc."
so I go look at the actual job advertisement. It is a "Senior Infrastructure Engineer" position, and in addition to knowing everything about networking (SD-WAN, VoIP, enterprise routing and switching, QoS, etc), they also want "Office 365, Windows Server, Linux, VMware vSphere 6.5, Hyper-V, DNS/DHCP Services, Active Directory, WSUS, and network monitoring, logging and event monitoring, anti-virus/malware endpoint software, security services, and server hardening"
oh, and you have to be an expert in storage too, and be willing to design, implement, and support networks in 30 different cities
contract to hire too!
yeah, I passed
I have a user that’s using and MacBook trying to hit our F5 that’s saying it’s connected but isn’t connecting for him. Ideally I’d be the sys admin that would have the access to monitor his path but that’s not the case here. If anyone thinks of an idea let me know.
full disclosure im extremely new to voip and I tried searching for my question but couldn't find a clear answer.
So I have recently setup a voip service through my internet service provider. I have a $50 cordless handset which is fine and does what I need.
I do vehicle graphics and wraps so i dont spend all my time sitting at the computer, so a cordless handset is perfect for this. However, the handset I have isn't the greatest and due to working by myself a lot of the time, I often miss calls and need to get back to people when its convenient. The handset I have has a voicemail option but the greeting recording is terrible quality every time I try and set it up and that leads me to my question.
Is there a software which can manage my voip service, eg. display call lists incoming and outgoing, and also has voicemail managing which lets me upload my greeting from an audio file on the computer.
Everytime I search I find enterprise level or call centre type stuff thats offering so much more then I need. and at very high prices. The catch is i want to still use my cordless phone and not have to have the calls running through the pc.
thanks in advance