I'm having an issue with two users on different network who connect to 2 different VPN that access the same server. The server runs reports to a remote server. When the user is connected to VPN1 he accesses the server and runs reports. Large and small files are transfered. When connected to VPN2 user can small files but larger files fail. We don't think its a network issue due to the fact that they can access the application remotely and transfer the small file. What doesn't make sense is why when connected on a different VPN the large file can not be sent. I don't think it should matter which VPN the user uses to connect to the server with. The report is transfered from the server to the remote server. Nothing is done on the users actual PC.
Saturday, August 22, 2020
So.. Huawei is dead now.
Dear community,
Now Huawei is passing away slowly (not only in wireless markets but in routing and switching), due to the american ban, which networking vendor will be the next major player 2020-2025? Remember Huawei stands 2nd in market share just behind Cisco but now I think the market will change drastically.
IMHO Juniper should do something to get second, this is its only chance.
What do you think? Who will be the next major networking vendor along with Cisco?
Program that constantly reports IP address to a given server?
Hello!
I am an IT technician for a local government. I am looking for some recommendations as far as remote support goes. COVID-19 has driven me to work from home a portion of my normal work time.
Typically I use a VNC program to provide remote support to a variety of users that carry their laptops to our various APs, thus having their IP address changing each time. We also have users that make use of a private tunnel to our network. This can make keeping track of IP addresses difficult. I have tried to look on our DHCP server to find a given host name as we have several VLANS, theoretically making it easy to organize but these IP addresses are not always accurate. I usually have to have a user run an IP config to find their IP address, at least for our laptop users. For some of our more elderly users it’s a bit like trying to pull a blue whale through a car door.
Does there exist such a program? Something I can install on a client computer, and report the local IP address to a receiving server of sorts? I apologize for any lapses in terminology.
Help with connection
I have an issue with my wifi signal. Normally works fantastic (5-20 ping) but recently I've been experiencing packet loss of over 50% and occasionally, internet cutting out (connected to WiFi but no internet connection). Thought I'd go looking for help and after a quick look at this sub this looks very under par with what you geniuses are normally asking for but if you know anything that would help id appreciate that allot.
aruba s1500 console access
i just bought my first home and have a aruba s1500 switch for all the drops in my walls. however i can’t access the internet except wirelessly. i have my comcast router plugged into the front of the switch. i was able to go thru the quick setup but now can’t access the switch. not sure what i’m doing and may be in over my head now
ISP DHCP
Those of you working for ISPs, what DHCP solution are you using? We are moving from PPPoE to DHCP and looking for solutions that will provide similar tracking for copyright and subpoena purposes.
Subnets of mobile network providers
For a court case, I need evidence that an IP address logged on a DocuSign contract belonged to Verizon. There are public tools online to show what network a given IP is on today, but I'm not able to find out if the mobile operators have a set range of IP's, thus that it would belong to that operator on the day the document was signed.
Can someone point out the correct resource?
Had a firewall rule allowing private IP range on public interface.
So a sophos firewall I use auto created a firewall rule when I made a new IPsec tunnel. It was allowing source networks of 192.168.x.x and 10.x.x.x private IP range on all interfaces, including WAN. But since there was no NAT rule and private IP ranges aren’t routable on the Internet, could anything external have accessed something via this rule?
People claim that changing DNS to Google improve their streaming. I thing it's not posaible. Am I worng on this one
So people are voting down my comment claiming DNS can't possible have any effect on webRTC.
Am I wrong??
Semi-n00b Router Question
So I am reasonably tech savvy however am having some confusion regarding internet speeds. I am currently using a Netgear WNDR3400v2 (rated at 10/100, I know - not the best) with a 200mb internet connection from an Arris TM822. When plugged directly into the modem I am indeed able to get 200mb and the “Link” light flashes green. However when plugged into the router I am maxing out at 100mb and even less so for wifi (with only 1 device connected) and the “Link” light on the Arris flashes orange. I recently purchased a Netgear R6080 to do some troubleshooting - also rated at 10/100 & 1000mb wireless and am having the same issue - wireless speeds not surpassing 100mb with one device connected and Arris still flashing orange. Can anyone elucidate how I can achieve over 100mb wireless speeds with either of these current routers from my 200mb connection or do I need to get a faster router? And if so, any recs under $100? Thanks!!!
Help me out
How do i disable vtp pruning in Cisco packet tracer... Is that possible to do that ?????
Best use case for dCEF over CEF with ASR9k routers?
Hey all.
I'm trying to understand when you would want to use just your typical centralized CEF switching process as opposed to decentralized CEF. It sounds like dCEF would be more preferred but i'm sure there are instances you would NOT want to run dCEF and just strictly run CEF.
Anyone with real world examples or best practices of when to use one over the other?
Arris Gateway DG3450
Anyone know if you can use IP pass through or bridge mode on the Arris Gateway DG3450? And if so, would any router be compatible?
Network Engineer Skills in 2021 and beyond
Hi all
I was just curious as to what are the new trends for a network engineer now that the world has been more digitally transformed in the last few months..
Aside from
1)VXLAN
2)Public Cloud
3) Automation
How does Kubernetes fit into the realm of a network engineers role mostly because this has normally been what devops seem to do. Is it worth pursuing this or just stick with the 3 listed.
Any help on understanding what other technologies outside of the norm would be good to break into.
Thanks in advance.
USB tethering OnePlus phone to Mitel
Hi all,
Hoping someone can help and I'm in the right place! Basically, I've just moved house and don't have the internet in place for a week or two. I work from home and use a Mitel phone to make and receive calls which is normally connected with a PoE adapter from my router to my pc. Does anyone know if it's possible to use my OnePlus' USB tethering option and a USB C to Ethernet adapter to then tether my mobile phones 4G connection through my Mitel phone and get both that and my PC up and running?
I'm back at work on Monday and need to find a way urgently to get this going... Thanks all!
How can I test IPsec VPN connectivity?
I'm in the middle of setting up the three firewall on my lab for my client.
-FW-A is active located at Site1.
-FW-B is Active and Passive devices at Site2.
-The Site1 and Site2 are supposed to connect each other via IPsec VPN.
-Unlike the actual client environment, the lab has no Internet connectivity.
Now, I'm almost finished with implementing all of the configurations on the devices. However, I'm just wondering how can I see if VPN connectivity works properly between two locations. One rough solution I came up with is to place a router/L3 switch between the two sites and configure it so that the tunneling is running, but I am not sure exactly how it should be.
Can anybody help me out with this?
Question about browser security
(Apologies in advanced if this is the wrong place to ask)
A friend and I were having a discussion as to whether or not the following situation is technically possible.
Consider the following scenario.
Say someone logs into their work gmail account and then logs into their personal gmail account. So now we have an internet browser open with 2 gmail accounts simultaneously logged in. Is it now possible for the company for which said person works for to see activity from their personal gmail? For instance, if the personal google drive has pictures/videos, can the persons work company see those? Can they see website activity/history? What about google colab stuff? stuff like that.
My friend has a separate gmail account which he sends himself his own artwork and personal project ideas, stuff like that. He gets paranoid of people seeing stuff that he hasn’t perfected or just personal stuff in general.
My view of the situation is simple. If that was allowed, that would be a massive security breach however, I would love to hear from people much more knowledgable than me.
Thanks!
TP-Link Archer XR500v Connector Interface
I placed an order for TP-Link Archer XR500v GPON router and it is yet to be delivered.
The product specifications page of the Archer XR500v says that the device has a SC/UPC GPON port. However, the product images shows the port colour coded 'green' which as per my understanding implies that it has a SC/APC GPON port.
Can anybody familiar with the device give some clarity regarding this?
Regarding the Pearson VUE Online testing
This is strictly a rant so bare with me. These guys are a joke. To anyone reading - please do not go for the online test option with this joke of a company.
I had my exam scheduled for today for 8:30AM CEST, I opened the OnVUE app around 8 to run all the prequisites - this part went smoothly. Then, at 8:14, I got greeted by the "You're almost ready to take the exam" screen or something like that, where they say that a proctor should join the call in around 15 minutes. Well - I waited for around 1h20mins - nobody showed up.
Better yet, I tried calling multiple of their phone numbers to their so-called 'customer support' - of course noone was available for 20 minutes. I also tried the online chat, where I was being constantly messaged that the chat agent will join shortly and that the estimated wait time was 0 minutes. That went on for 40 minutes.
I'm super pissed because the exam costs 360$ and I had to reschedule everything today to be able to take it in the morning. Just terrible experience overall - don't do it to yourself and don't take the online exam.
Friday, August 21, 2020
Cat9k for WAN edge?
My shop runs EIGRP on our WAN circuits, so we're locked in with Cisco and we're okay with that. We've had pretty good luck with VARs, TAC, feature set, etc.
For our WAN edge, we're currently using ASR1001-X routers. However, they only have 2x10gb and a handful of 1gb interfaces which is a bit limiting. We run the 2x10gb into our redundant leaf switches but that means we can't land any 10gb links directly into the router.
Our requirements are fairly basic. Need to be able to do a couple of VRFs for tenants (yeah, we're starting to hit that point in our maturity), need to be able to do BGP and EIGRP with BFD, need to do some fairly simple QoS shaping, and need a handful of 1/10gb interfaces (25gb+ is a bonus).
We tried deploying a Nexus 9K for this purpose, but we kept running into problems (did you know an ACL on a routed interface on a Nexus 9K can't block multicast? we didn't!), so that's out. Next best options we've come up with are the Cat9Ks, specifically the C9500-16X or the C9500-24Y4C. We have a couple of Cat9500s deployed as a stack handling layer 2 only, stitching firewalls to routers, and have had good luck with them. Anybody have any other experience with the Cat9500s? Anything in particular we should be watching out with?
Our VAR is scheduling a meeting with a Cisco engineer to go over this in more detail, but I figured I'd try to source some input from strangers on the internet as well.
Router advice?
Anyone know a good wireless router in the $300 range? the things I hope for would be wpa3, 4+ lan ports, ODFMA, 802.11ax, mu-Mimo, and 6+ streams. If this is just wayyy too much to expect let me know. I don’t need more than gigabit speeds for anything.
LTE/4G OOB Device
I'm wondering what everyone is utilising for OOB devices these days over LTE/4G. I've read through the previous posts, but these devices don't fit our requirements. The LTE/4G providers in my country can't offer a static IP on LTE/4G connections. I need something that can initiate the OOB connection somehow? I.e. Check in with a centralised site. Etc
What would be the appropriate job title/description for me?
Thought I'd ask more experienced people because I have a hard time figuring out what my exact job title is and part of it is lack of confidence and experience.
Quick summary... started working for a small ISP/VoIP reseller in CA as tech support helpdesk, basic stuff, the usual take a call internet is not working, power cycle router, ATA, etc, etc, that was a couple years ago but I started getting into networking so I took a CCNA course for a few months mainly because I like networking but also because one of my perks at my work is having full access to all the equipment and infrastructure this includes the multiple MSANs we have with different modules for ADSL, SHDSL, T1, FXS, VDSL, etc cards on them, DSLAMS, access to the softswitch for VoIP, etc.
I don't have my CCNA cert yet but what I currently do is manage the network, work on tickets with high level issues, I have to work on the multiple interfaces/links for the different internet connections we have to subscribers, look for errors, get dispatch for techs going if there is a physical issue, otherwise change the interface rates/configuration that might impact customers, work on EFM groups, T1s, ADSL, SHDSL, etc, I also do the IP routing for public IPs for the customers that want them, work on our main Cisco ASA with access lists, traffic filtering, etc, I also analyze traces for SIP calls and look for routing/trunking issues, packet loss, bad quality, etc, and work on CPE troubleshooting as well.
The other day a customer was down and no one caught wind of it because it seemed like a regular customer that was down, upon my analysis and troubleshooting I found out that the reason why he was down was because our network was being hacked and they were attacking through SSH on some of our CPE routers, I had to go through several analysis and troubleshooting steps all the way to the ASA to locate the hack, find out what else they were doing and block them.
I'm asking for a raise because I think I'm doing way more than your regular pick up a call and assist a customer with basic troubleshooting steps but I'm having a hard time figuring out what my exact position is in the first place, all I know if that I do a lot and I'm not being valued as I should. Please help me.
Recommendations—PDU or plug strip w/web mgt and auto-ping capability
Hi,
I’m looking for some recommendations for either a PDU or plug strip with individually configurable outlets and auto-ping capability. The product needs to be able to power off and back on a component such as a modem if the ping fails. I want to be able to control the ping IP or web address, set power off interval (such as 30 seconds and then back on), stuff like that.
These are the two products I’m considering so far, but I’m open to better solutions. Price is important, but quality, reliability, and nice web based interface are more important.
I’ve come across these two products so far.
Digital Loggers Web Power Switch Pro—seems like a good product but some of the reviews indicate frustration with lousy software/firmware/crude interface.
2nd product—Synaccess NP-05B. I can’t find as much info about this one online or any screenshots of the interface. It’s rack mountable with is a plus for me, but not a must-have. It is also more expensive than the first product.
What’s the community think? Am I missing some other good products out there, either better performing or a better value?
Thanks!
Cloud-based Enterprise Fax Solutions
Hello,
I am just looking for some suggestions in cloud-based enterprise fax solutions. What are you using and what do you like and not like about it? Any Office365/Microsoft integration is a plus. I know print drivers are available for about any solution. I'm just looking for any bonuses over what a entry level fax server would have. For example, Biscom has Sharepoint integration and OCR based routing apparently. Does anyone have any experience with the following?
A quick list from Gartner:
Biscom
Concord Technologies
Easylink
Esker
Graphnet
J2 Global Communications (eFax.com)
Retarus GmbH
Thank you!
-fg
If everyone in the same apartment complex uses a lot of internet, does it slow down for everybody?
Basically if a lot of people (50 or 100?) in the same building are using the same internet provider and access type (ie DSL vs cable) simultaneously (manifesting as a high network load), does the incoming and outgoing data flow get congested? Are the physical access lines supplemented with more when the demanded load increases?
Older Cisco routers and Cradlepoints SSH access.
I know this is a longshot, but with older cisco routers (2800, 1800, 870) I get an abort error while trying to SSH to the Cradlepoint. My investigation determined it was due to weaker encryption algorithm on the router (debug shows key exchange fsilure). Allowing weak ciphers setting on the Cradlepoint works with some device but not all. I've even tried NATing a switch on the LAN to be able to SSH to the Cradlepoint but get the same error. Leads me to beleive the router uses its algorithm for the switch too. Anyone know of any clever work arounds?
Chinanet packet loss?
A bunch of my customers began having issues accessing Chinese websites today. (We are located on the US East Coast).
Issues getting to websites like bilibili.com and hupu.com, both of which seem to have anywhere from 10 - 40% packet loss within the chinanet network. There doesn't seem to be any loss until the traffic hits China.
Has anyone else here began seeing the same issue recently? Nothing on the outages mailing list.
iPhone can't connect to HomeDepot public WiFI anymore
first time I connect to their public wifi with iPhone, the browser pop up came up in settings to agree to terms and use public wifi. now when I come back to the store again the iPhone connects automatically to their "att public" network but there's no internet and the login pop-up doesn't come up either. I tried forgetting the network, cycling wifi on and off, disconnecting data, still doesn't work.
and and this particular store theres no data / phone signal inside so have to use wifi if i need to go online or text someone thru viber
Difference between IP and Ethernet?
I was looking at this chart ( https://imgur.com/a/9X3SLqq) on 5G "xHaul" and I realized that I must be misunderstanding what those two terms meant. For backhaul it is labeled "IP/Ethernet", but mid-haul is labeled just "Ethernet".
I though Ethernet was just the wire and then IP was the protocol used to transmit data, but there is no IP label for mid-haul. What protocol is used to transmit data along the ethernet?
I know we talk about bags a lot. But what about internal bag organization?
Between patch cables, console cables, fiber cleaners, my laser, SFPs, WLAN Pi, WiSpyDBX, a mouse, some spare batteries, a few small tools etc etc, my backpack is slowly turning into a disaster (even with its internal organization). What are you guys using to keep things together, besides velcro straps?
Looking for information regarding SIP Trunking in the UK
Interested in obtaining SIP Services in the UK but not clear on whether it is fully integrated with the PSTN (for instance is calling from SIP to the PSTN seamless?)
Also I do not know who the best & most reliable SIP Service providers are. Any guidance or information would be much appreciated.
ZAYO at it again!
Anyone had a 10 minute outage between 7:20 and 7:30 AM EST this morning? We had a few DIA and Eline circuits that were up but not passing traffic. How long do we have to suffer with whatever move they are doing!!
P.S. This is in the DC metro area.
-JJ
Help! I accidently flushed iptables
Hey,
i accidently flushed iptables with iptables -F and I have some docker servers running on my machine and now I cant connect to them via the internet.
Is there a way to reconnect docker with iptables?
All my prior attempts failed and I would appreciate some help.
Thanks in advance
HTTPS and connection
Hi,
Say I access a web server from my phone using https and Wi-Fi. A TLS tunnel is then set up that among things ciphers the exchanged data using a secret session key.
Now, suppose that before accessing a new page on the website, I switch my network access from Wi-Fi to 4G. My IP address changes and I must open a new TCP socket, a new TLS tunnel and so a new random generated session key is generated. Am I right?
I guess there is no issue because http is a stateless protocol.
Now if I am logged on the website, do I need to log in again though or will I remain connected because of cookie information stored in the cache of my navigator?
NB: sorry about my broken English but I'm not a native speaker
NB: I posted this question on cybersecurity a week ago but it hasn't received much attention so far so I'll try it here
MPLS inter AS option A,B and C.. where have you seen this deployed in real life? And why?
I am trying to understand where exactly one might deploy these options. I understand this might be a quick migration option in case of AS mergers but not sure if two separate AS or transit provider would use these options?
If a customer has two locations connected to two separate AS and wants to connect these then they can use L2VPN from one AS and terminate it at the other AS?
Also there would have to business agreement done if two separate AS wants to use these options?
Ethernet over Phone Line, money not an issue.
So the old world of CAT3 IDFs and Racks that's are so small I can't believe people were aloud to install them in the first place has struck me this week.
I have a SHDSL Hub Modem thingo which looks older then me supporting this large campus sites remote office. One end of the Hub is ethernet and connects to a cisco switch and the other is RJ11 Phone Line which patches to this CAT3 IDF that I assume runs down and goes into the rack in which I see the CDP Neighbour from the switch.
The office is a good 5min walk from its CDP neighbour and apparently 1mbps is what they're getting out of it. I've only been to this site once and the next time I go I'd like to see if I can upgrade this obvious bottle neck to the remote office. In these times of covid people are getting spaced out to the whole site and so ensuring each square block of land on the site can be utilised is the customers key requirement.
So before I take this request to our vendors ect I was wondering whether our Reddit legends may know of a great way to up this network? My first thought is to figure out how to source these old hubs, but I'm wondering if there is something newer which might assist, else should I buy 5 of these and create a 5mbps port channel? Mbps is probably all they'll need, it's really just the video requirements shutting them down. Alternatively I may install a 4G Cradlepoint and set it up as a new site.
Interested for feedback, thanks all.
UDP hole punching
I am behind a CGN. My public ipv4 doesn't change as well as my port (I think?). How do I easily find out my public port which servers use to feed data to me?
Hpe aruba 3810M
Have anyone use this for a core switch as a Active and Passive?
Two fortigate on top. Two 3810m as core ( not stacked but using vrrp) And some access switches.?
Thanks
Need help with a 2 router setup
Hi guys,
Looking for some help - I'm an absolute noob when it comes to this so please give advice in simple terms, I'm not very clued with the terminology etc.
I have 2 routers and multiple devices.
Router - GL.inet x750 spitz & edge router X.
I have my 4 devices - 2 desktops, 1 work laptop & a raspberry pi for pihole.
My setup is as follows: x750 > edge router > 4 wired devices. I want wireless disabled.
I want everything managed on the edge router, QoS (I have a basic queue set for my 2 desktops for bandwidth limits), etc .. (unless it's better to have this on the x750?).
What I'm trying to achieve here is have the x750 in bridge or IP pass through? (Is that right?) so I don't get double NAT because I game (my DSL connection constantly has faults and the 4G is more reliable believe it or not. I also get Lower ping on 4G).
I just want the x750 to take the connection from my ISP but want all routing etc done on the edge router so keep the number of hops, etc and ping as low as possible.
Is what I'm asking possible? Or is there a better way to do this?
Also will this stop me accessing the GUI of the x750?
Thanks!
Cat6a structured cabling sensitivity
Doing a job for a company temp site move and I am installing/config the networking gear, its a new office with new cable runs put in by the electrician from the office floor.
I was out in the office pre racking the switches in the comms rack and, for cleaner runs from the panels to the switches in the comms cab, I moved a couple of the patch panels and cable management arms (up or down a U or 2) in order to rack the switch.
As I was finishing the electrician who had ran the Cat6a to the panels came into the comms and worriedly asked me to not move the patch panels. Apparently he had some issues after other panels he had just ran to the same location were moved by another guy. His cable testing was clean before the panels were moved but some ports were faulty after they had been moved.
His reasoning was Cat6a panels in general shouldnt be moved post install due to the sensitivity of the Cat6a cable. I told him it was unrealistic to expect people to never move panels in a rack, but he seemed an alright guy and I felt for him as he was under pressure.
I had finished what I was doing anyway when he came to me. So he is telling me there might be issues, but he will fix/re-terminate if needs be.
Looked like shielded Cat6a, any truth in what he is saying?
Thursday, August 20, 2020
Problem with IP adresses
Hello. On my network I have 5 servers and 4 PCs. Got static IP and all ports correctly forwarded.
All of my 5 servers have 192.168.1.X(1,2,3,4,5) IP adress, given by default. Problem is that last digit of IP (X) adress keeps getting changed, sometimes few times a week. Problem is, there are times when no one is office for a few days, due to this Corona situation. Then I have to waste my time, go to office and manually change port forwading to newly assinged IPs.
Googled it before posting here, it seems that's problem with my router. Called network provider and they ofcourse have no idea, what I'm talking about. Why is this happening and what are my options?
Why is there a public and private address for routers? Isn't it redundant to have two IP address that points at one device?
Might be a stupid question... I get that the concept of public and private IP addresses was created because of the IP exhaustion. But why is there two IP addresses for the router that points at the same device?
Able to ping devices that don't exist on the network??
Has anyone experienced this before? Kinda freaking me out! They are on a completely different subnet too
STP Unmanaged Switch - Would a loop occur?
In the case of either of these two networks, https://imgur.com/a/sOQ7v4B where STP is enabled on the management switches and STP is not enabled on the Unmanaged switch does spanning tree still block the redundant connections in both network A and network B?
Since STP is not a feature of the unmanaged switch in my situation I was curious if STP convergence would take place or if a loop would occur?
If a loop would occur could we use something like BPDU guard on one of the downlinks to the unmanaged switch to potentially block on of the uplinks?
Best Access Point for Small Business Office
Hello Folks,
I have been tasked with coming up with a solution of deploying a wireless network infrastructure in a 7,000 square foot space. This client would like full wireless coverage on top of being protected from the latest threats. They would also like content filtering and app control. I am having a hard time coming up with a decent solution for them especially with the controller based access point part. I have done some research online, and some people are saying go with the Unifi Dream Machine, switch, and their AP's. The downside to that is, Unfi is very behind in the threat management space. So I kinda don't wanna deploy that solution. I have decided to look at the Sonicwall NSA's, but now I am trying to figure out what decent AP's would give me good coverage. Should I still proceed with just getting the AP's from Unfi and combining that with the Sonicwall NSA or is there a better combination of equipment I could go for? I hope my question makes sense.
Anyone Using SDN?
I'm a network engineer and I was just wondering if anyone has implemented a SDN solution for their organization? I also wanted to know if it is worth my time to educate myself.
Blogpost Friday!
It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts.
Feel free to submit your blog post and as well a nice description to this thread.
Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it.
Bad RJ45's or bad crimper?
I've got an RJ45 crimper (forget the brand, it's not marked) that seems to work with some brands of RJ45's but not others. Trying to figure out if it's a cheap/worn crimper, or cheap RJ45's?..
On the failed crimps, it doesn't always crimp the outside pins (1,2 & 7,8) all the way. It looks like the teeth of the crimp head don't always hit square on the RJ45 pins and "slip" while crimping, actually noticeably bending the RJ45 pins a little.
What do you think, sign of bad /worn crimp head or cheap RJ45's?
Thanks in advance!
Questions on PTP
Hi Everyone!! Digging a bit on the titled recently, wondering if anyone could briefly explain the
differences (pros & cons) of deploying a BC vs a peer-to-peer TC at the edge of a specific L2 domain? Also, does cascading p2p TC induce the same error/jitter as cascading BC?
Any reference matrials or documentations available?
Thanks in advance!!
I have a strange issue of VPN between FTD and ASA
I have built a tunnel between FTD v6.4.0.9 and ASA v 9.10(1)42...It is IKEv2 and it is up. But when I tried to ping from either end of the network to the other, both FTD and ASA only show Encap# increases and 0 for Decap#...
#pkts encaps: 56, #pkts encrypt: 56, #pkts digest: 56
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
Any ideas?
Buy Small IPv4 Range?
Are there any reputable sites that are selling/reselling/auctioning small IPv4 ranges? All I can seem to find are sites selling full /24's for $6k+ - I'm looking for something like a /28 or /29.
Fiber management question
Hi!
For some context, I work as a network technician and it manager in a business where we provide IT services and PBX installation and service. Another division of the business resell ISP services.
We share a building with 3 other businesses and have a dedicated Fiber connection with a single IP address and decided to upgrade our service and get more IP addresses and my boss would like to provide internet to the other renters with their own IP address, router and equipment behind.
I would like to have some insight to how I should proceed with that request as we want to limit the connection of the other renters to a specific speed. As we have 2.5gbps, we would like to give 250 to 1gbps. What I thought of was to have a wan facing switch and provide an IP address in our range to the renter and to some ACL rules (as an exemple with a microtik switch).
We usually use Fortinet, Ubiquiti and Microtik networking equipment, but, I could buy other gear if needed.
Thanks for the help!
Question about PoE budgets...
So when I'm picking switches for AV over IP, I'm always told by manufacturers to calculate max wattage for an encoder or decoder's PoE class for every power. I've never actually seen endpoints use close to the max, although i know they can when booting up potentially.
When a device is 802.3af (PoE), but the switch supports 802.3at Type 2 (PoE+), it seems to me that the power draw is less than the 15.4W allocation. Shouldn't the wattage range be different for 44-48V voltage vs 56V?
While calculating max-budget is best practice, sometimes shorting a little can save big dollars depending on the switch model, and whether you need RPS, etc.
Looking for product / ecosystem recommendations
Recently started with a new org. We have Unifi which was fine when the company was a handful of people in a single office, but now the org needs "proper" networking.
I also have used Meraki before and honestly, not really looking to go there again.
In discounting both Unifi and Meraki, but bearing in mind that the org is trying to be as cloud native as possible, what else is there that does full stack switching, wireless, firewall (doesn't need to be next gen as we have a strong endpoint management approach) and has a management ecosystem which will pull it all in to a single pane of glass?
And really, we need to run said management ecosystem in Azure, or it be a full cloud controller.
Oh yeah and we want SD-WAN, while still looking at a traditional design approach of defense in depth i.e. perimeter firewall in a different vendor.
I'm kinda thinking I need:
- SRX on the perimeter with a small JunOS Space (somewhere on vmware because they don't even support Hyper-V yet let alone Azure/AWS) footprint to manage it. Thinking perform the SD-WAN here. This could be any vendor I guess, but I am not ever going to be using FirePOWER and I'm not going to invest in ASA mode now, and I know SRX well.
- Fortinet gates for internal segmentation, L2 switches, ap and fortimanager/fortianalyzer for the main part of the stack / single pane of glass.
Is there any other vendor I could be considering particularly for the second main element?
As an aside, given we have a strong endpoint management approach, do we even NEED separate vendor firewall layers for defense in depth? We're protecting on the endpoint, and at network layer. Is that enough by itself? I've been in government/military/finance for the last 5 years and they throw so many firewalls at things your head spins: what's best practice in the corporate world now in this regard?
4G/LTE Modem and APN profile abroad
Hello everyone,
It may not be the best place to write this post, but I did not really know where to write it. Please, if you know a better Reddit, I'd be glad to hear suggestions.
So, I bought an LTE Modem that works pretty fine in Canada. I also took a sim card from a canadian company, which will allow other devices to access to the Internet through the modem. So far, everythink works fine and I'm pretty happy about the product.
However, my main main job is to send all those devices in the USA, and I won't be able to be there physically. I know the sim card will work through roaming network with a smartphone, but I'm pretty worried about this modem. I know especially that the APN profile is important. For now, the sim card uses the APN profile of my canadian network, but I'm quite sure it's not gonna work in the USA, even though the phone company sells the sim as a canadian/USA phone plan.
Do you think I need to change the APN, and if yes, for which configuration? The company in Canada told me Verizon or AT&T would do, but still I have two choices of configuration...
If you know anything about this subject, it would really help!
Thank you very much.
question/help needed: how does switch stacking works with dual nic servers (esxi)
Hi,
I'm pretty noob with networking as you can imagine when you see the title...
Anyway, I switched jobs and I ended up working in a small company where I have to manage the network (which I didn't have to in my previous job, but i'm ok, i'm gonna learn.)
Now, this company has 2x EMC vdx-6740b switches stacked for redundancy. I think the link to connect them both is called "ISL".
I figured that because I get an entry when I run this command: show fabric isl
The ESXi hosts with dual 10g nics are connected to both switches. Fox .ex one uplink is connected to port 44 on the top switch and the other uplink is connected to port 44 on the bottom switch (active/standby on the vswitch in vCenter)
I understand that the 2 switches forms 1 logical switch. So from the ESXi host POV, the 2x 10gb uplinks are connected to the same switch.
1) I'm trying to get my head around what's the benefit of having 2x stacked switches connected together. If one switch goes down the other one is there to keep the traffic flowing. But isn't that pretty much the same than having 2 separate switches? From the ESXi POV, whether the switches are stacked or not, if one goes down, traffic will flow to the other one (because of dual nics)...
2) They way the uplinks are connected to the stacked switches: same port on both switch. Is this a requirement when stacking switches? or it's just to keep things organized?
CMTS Configuration
Does nyone here have experience with CMTS provisioning for any major cable companies?
I have a Casa Systems CMTS node and I'm currently using QAM 46 - QAM 77 for my DS channels.
Does anyone think those frequencies are too high?
HP switch and Vlans on Ubiquity access points.
Curious on this setup. I have VLAN 1 and 2, I want my access points on VLAN 1 although I want my SSID on VLAN 2. From an HP switch config, am I configuring the port going out to my AP, untagged 1 tagged 2?
Second question would I have to the same thing on the Ubiquity Controller?
Network Service Testing
I am a Network engineer for a ISP. We have only been providing service for <2years. My manager has at this point pushed us into providing "Business Class Services" to local business. Some of these are quite large operations and I have been tasked with finding a network tester that would help us qualify these deployments, as well as the circuits for our own network. I have been looking at the Viavi T-BERD/MTS-5800. But I was hoping to get some suggestions/options here. I am inexperienced with this type of equipment, but I would need it to have capability to test Fiber as well as copper, and up to 10-Gig. Thank you in advance.
Having an issue with IRR data/leased space
Dealing with these outsourced NOC reps isn't always the greatest.
Situation: Leasing a /24 block through provider A and announcing it via provider B for multihomed purposes. Certain ASNs won't accept my announcement as I don't have a route object. I can't create a route object as I'm leasing the space from the provider and it's not mine. This prevents certain ASNs route filters from being updated.
Provider A in this example is Cogent who use RWHOIS, and not SWIP, for delegation data. In addition, their route object is for an entire /8 and not my /24.
Anyone know how to navigate this and get my announcement accepted?
WAN failover design
Hi - please see the diagram:
We currently have two ISP connections terminating to a single switch which is doing BGP, and which also has connections to both our active and standby firewalls. Whichever firewall is active will communicate with the inside interface of that switch. The ISP advertises a default route on both connections, but applies a higher local preference on connection A. The firewalls have a static default route to the switch inside interface IP, and the switch has static routes for all our public IP ranges pointing to the firewall's WAN interface IP.
Failover between the ISP connections works very well, as the switch has both default routes in its routing table and will immediately start forwarding over connection B if connection A goes down. Both ISP connections are also available to both firewalls.
Obviously if that switch fails we will have no WAN connection at all, and we can't reboot it to update the firmware without an outage, so we would like to improve this and have two separate routers as shown in the 'proposed' diagram.
The intention is that whichever firewall is active will communicate with the VRRP address.
Traffic should always go via connection A if it's available, so if the standby firewall becomes the active, but R1 and Conn A are still up, traffic should flow across the link between R1 and R2 to reach the internet.
The standby firewall should still be able to communicate with the VRRP address when R1 is the VRRP master, as all the interfaces for the connections shown in green will be in the same VLAN.
I'm not sure what the best way to configure the communication between R1 and R2 is.
Option 1 - Just use VRRP to control failover. Each router has a BGP peering with the ISP, but only knows about its own default route. If R1 loses its connection to the ISP it can decrement its VRRP priority via object tracking, and R2 becomes VRRP master. If R1 goes down R2 also becomes master, and traffic flows to connection B.
Option 2 - Run BGP between R1 and R2. Both routers will know about both routes to the internet, but connection A is preferred because of the higher local preference. If R1 loses its connection to the ISP it will have an alternative route in its route table via R2. This has the advantage that we could adjust BGP at a later date to make connection B the preferred route for certain networks and load balance across the two connections. In this scenario R1 can stay as the VRRP master even if it loses its connection to the ISP, so no object tracking needs to be configured.
Option 3 - Something else?
Creating standard device templates
Were starting to deploy more switches, firewalls and routers on a regular basis. I need to build out some standard device templates that I can use to bootstrap most of the configuration. I've got the system services (NTP, Syslog, DNS), creating of break glass accounts and ACLs for mgmt. I'm going to script in the non standard config like interface IPs and hostnames. What things do people normally miss on their device templates?
Cisco Wireless Explorer Game
Do anyone know how to access this game? I've been looking for hours but all ive found are broken pages and i rlly wanna play this game again.
Looking for Advice - New fiber terminated to demarcation point, >300ft to business suite..
I am more of a systems guy, in charge of a satellite office turn up. We have fiber being provided, pulled to the office space, terminated at the buildings demarcation area. The distance required to pull service into the suite is right around that 325ft max for Cat 6 copper.
I have very little fiber experience in this scenario. I am being told by the low voltage contractor who is handling the demarc to suite run, that we should look at media converters and fiber to the final service destination.
This is the ONT we are expecting, a Calix 762. https://i.imgur.com/N65FS1x.png
Seems a bit crazy to go fiber->copper->fiber->copper as Ethernet is required for our router, but that could be my lack of experience.
Just looking for some ideas of how you pros would approach this, any good media converters you would recommend on a budget, what type of fiber, any other suggestions on proceeding in general?
Thanks,
Mike
Sharing a lab - how to automate?
TLDR below.
Hi, We are in the enviable position of having a lab that replicates our production network, a really good idea. But, sometimes this lab is tied up in TAC cases for extended periods of time, often with low utilization. The problem is that the size of the lab means that it takes at least 2 full days to shift the configs and images for another project. Hardware is mostly Cisco IOS and IOS XE but support for other things like Junos and netconf would be nice. So what is the BCP? I was about to do some ansible and git, but figured someone has already done this and probably better than I would, my google-fu just isn't up to finding it.
TLDR; What is BCP for switching configs and images between projects in a hardware lab?
Wednesday, August 19, 2020
Trying to understand VLANs on Edgeswitches coming from Cisco
I'm used to Cisco gear and trying to understand how VLANs and trunks work on Edgeswitches. In the port configuration below I'm wondering what would the native vlan be? This is an uplink port to an edge router, looks like its only allowing VLANs 450 and 460 but no native vlan therefore only traffic tagged with 450 and 460 will be allowed on ingress/egress? Confused as to why a native vlan isn't specified on the trunk port
""interface 0/24
description 'Uplink'
vlan participation exclude 10,20,100-102,450,460
vlan participation include 450,460
vlan tagging 10,20,100-102,450,460 ""
Additionally it seems that the port config for an access port on vlan 100 looks like this... Which just looks so weird to me. Am I correct in understanding that this is how an access port is supposed to be configured on EdgeSwitches via CLI?
""interface 0/10
description 'Data Port'
vlan participation exclude 10,20,100-102,450,460
vlan participation include 100
vlan tagging 10,20,100-102,450,460 ""
Any other oddities or tips from those familiar with Edgeswitches would be much appreciated. A new client I'm at has all Ubiquiti switching so I'm trying to wrap my head around it. I'm excited to learn a new vendor, I'm hoping I'm overthinking the syntax differences and will get the hang of it soon.
Help with an assignment
Anyone here able to help me with my school assignment?
Here is there link
https://docs.google.com/document/d/1I5eFEZTmHNiE4zR_p9GGSLAFe1Cc1AZpKBuN9KJ_UoA/edit?usp=sharing
Aruba Central - Default Gateway
I'm trying to get my bearings on Aruba Central and am having a bit of a rough go of it. Handful of switches, 2540/2530. I have a few joined to Aruba Central and it seems the act of joining them into Aruba Central is preventing me from making any local configuration changes - is this to be expected? A simple change, ip default gateway x.x.x.x is not available via the CLI - the ip command simply isn't recognized. When we purchased this solution we were informed that we'd be unable to make changes to the APs, but does this apply to the switches as well? I'm not sure how comfortable I am relinquishing all CLI control over the switches...
Anyway, if this is the case, can anyone point me in the right direction to issue the ip default-gateway command to these switches via the Central UI?
Cheers
Any former Sophos customers out there? Did you move onto something better?
I've not been enjoying using their firewalls lately an am afraid to move fully from SG to XG as it seems to be developed and improved so slowly. Is the grass greener on the other side? Is there better value out there for similar money?
FRESH GRADS!! WHAT DO U NEED MOST IN 2020
In light of covid-19 and recession across the world. What is one thing you wish you had now to further your career?
Managed WAN switch
Hey guys.
Excuse my ignorance but I am having a hard time wrapping my head around a conversation we are having with our ISP.
Here's the situation:
We recently implemented HA into our SD-WAN environment. Previously we had two separate carriers plug directly into the SD-WAN appliance interfaces. With the additional appliance, we implemented a l2 unmanaged switch to utilize multiple IPs from the /29 ISP blocks. The switch is set to autonegotiate. The switch is autonegotiating at 1000Mbps on both connections. Both connections were originally set to 100 Full duplex which caused a duplex mismatch along with huge performance issues. ISP A set their NID to autonegotiate with no issue. ISP B is refusing to change the negotiation speed on the NID. They have proposed implementing a second circuit but we'd prefer not to do that as it will take 3 months at best. The second solution they have proposed is to implement a managed l2 switch.
I did not want a managed switch originally as it sits outside of the firewall and I don't want a publicly accessible switch in the DMZ. They are stating that I could create a private VLAN on said manage switch then leave the ports for the ISP connection untagged. I'm having trouble seeing how this would work as this switch will have no connection to my campus switches and should just have the circuit plugged into it with two ethernet cables running to each SD-WAN appliance.
Any guidance?
I wrote a web app that measures internet speed from scratch to feed my obsession with aggregated statistics.
https://lightspeedtest.xyz/ (Screenshot)
It currently allows testing in three locations: Frankfurt, Toronto and Singapore. The optimal testing server is chosen based on ping.
Cisco ASR9K and SIP700
Dear community,
I'm currently upgrading some Cisco with A9K-RSP880-SE however those A9K-SIP700 line cards that we use won't support a 64bit software. Use case here is SDH circuits and for that matter we use some SPAs (STM1/4...)
Does anyone could recommend the right upgrade to those SIP700 line cards for this purpose?
Thanks in advance,
While running a zoom meeting the task manager shows that im consuming 200Kbps on upload and 800Kbps on download average. Does this mean that if my internet provider gave me only a stable 1Mbps upload and download speed, I would be still able to have a zoom meeting?
Sorry if this question seems dumb, I dont even know how to google a question like this. Thanks in advance!
ipv6 /64 question
I have a question for the ipv6 experts out there. Were starting to look at implementing a few pieces of our infrastructure with ipv6 addresses, like out DNS servers and a web server or 2 and some desktop clients just on a trial basis. My issue is that Centurylink (use to be Level 3) will only allocate me a /64 ipv6 subnet. I need to break that down into 4 or 5 internal networks that are on different vlans currently and I am having a hard time trying to set everything up. Should I subnet the /64 into smaller segments and just live with the non standard subnets or is there a trick to get a single /64 routed to multiple vlans? Any advise would be appreciated.
Replace 1gig Aruba Transceivers with 10gig Transceivers
I have some aruba 3810's and 2930m that have J4859D Aruba 1G SFP LC LX 10km SMF Transceivers and I want to replace those with 10gig Transceivers. Does anyone know what Transceivers I can use for this?
Asymetric routing - active/active extended sites
Hello guys,
I'd like to have some help about an asymetric routing issue.
We subscribed to an IaaS OVH solution to deploy an active/active infrastructure. You can see an overview here : https://www.casimages.com/i/200819050333618224.png.html
We have one cluster of Palo Alto spread on two physical sites (by the OVH solution named vRack), so from a networking POV, this is one logical site. We have to use two routers (one for each public IP pool) in front of our Palo Alto cluster. The cluster of Palo Alto is reachable from a public IP on the left and also on the right by NAT rules.
The problem is that when one user reach the B site for example, the incoming trafic is routed on the Palo Alto cluster normally, but the outcoming trafic can possibly be routed to the A side as also the B side. We use static routing with the same weight on the Palo Alto.
May some of you have solutions and best practices to solve this kind of issue, please ?
Thanks in advance and I can give some further informations of course !
Abysmal Upload speeds to the Cloud and other sources
Okay Networking Reddit Community, I have a dozy for you!
We have a 500Mb symmetrical pipe with Cox Com. and we are having problems with our offsite backups to Google Cloud. The issue started about a week ago when we noticed our backups were failing because they were stumbling over themselves. Keeping it short, 2 weeks ago our backups were running on Sunday and maxed out our 500Mb upload which is what we want. But this past Sunday the backups were capping out at 100Mbps.
We have run speed tests with Ookla and Iperf3 to test the connections from different machines and servers in our network. We get different results all over the place. Which I understand speed tests can be unreliable when wanting to know true Up and Down rates. So we tried pushing some very large ISO's to Google to see what and actual file would do when trying to upload. When doing the actual file upload we can only get 100Mbps upload. It is like there is a brick wall and that is it.
I used the same file and from my house I can upload at 700Mbps, yes I have fiber, to the same Google instance that we store our backups. So I am thinking that it is not Google capping me on the upload speeds.
Does anyone have any Ideas that could be causing the 100Mbps capping for the backups. And before anyone asks:
- We have disabled all traffic shaping policies on our Fortigate and all the interfaces
- We have run and Iperf test from the Fortigate and there is no issues with Up/Down speeds
- We have also tested the same file uploading from different Servers and workstations and get the same result.
Any suggestions or insight would be awesome and I will check and report back. I just love troubleshooting. Thanks ahead of time. If you need any specifics on network design just ask.
A10 Networks OS Code Version heiarchy
For ACOS, which is version of code supercedes the other?
4.1.4-GR1-P4 vs 4.1.4-P4
Also, can you provide a source?
ISE policies
Hello guys,
I think ISE is one of the most important devices in the network when it is configured in the correct way.
I have done many searches, I found that there are many practices regarding the deployment of the policies.
the problem is that there is no basic rule for configuring its policies, and that depending on what i found on the web.
my main question is that are there any basic best practices for ISE policies that will make my logs easier, and is there any ideas regarding the policies that may make my network more secure.
thank you all.
802.1x Cert based wifi authentication not working
So to preface the issue, I am setting up 3 offices on each their own domain with cert based wifi. So I have my first office/domain setup and working without any issues. So I have my settings and steps down for the most part. Im not stuck setting up office 2 and coming across a weird error in the CAPI2 event logs that I need some help on.
- System
- Provider [ Name] Microsoft-Windows-CAPI2 [ Guid] {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} EventID 82 Version 0 Level 2 Task 82 Opcode 0 Keywords 0x4000000000000400 - TimeCreated [ SystemTime] 2020-08-19T13:22:30.914540800Z EventRecordID 4522 - Correlation [ ActivityID] {651e674f-74ab-498e-a2b5-f08c4edd06bd} - Execution [ ProcessID] 3356 [ ThreadID] 5028 Channel Microsoft-Windows-CAPI2/Operational Computer domain2.ca - Security [ UserID] S-1-5-21-1333609209-1366884872-2700020970-1472
- UserData
- CryptCATAdminEnumCatalogFromHash - CATQueryInfo [ hash] 29340DBB0E8B1CF4C0EA9AFD4A167258404C4604 - AdditionalInfo - Action [ name] Call_CryptSvcCatDBEnumCatalogs_NotFound [ parameter1] {127D0A1D-4EF2-11D1-8608-00C04FC295EE} - Action [ name] Call_CryptSvcCatDBEnumCatalogs_NotFound [ parameter1] {F750E6C3-38EE-11D1-85E5-00C04FC295EE} - EventAuxInfo [ ProcessName] MsMpEng.exe [ impersonateToken] S-1-5-21-1333609209-1366884872-2700020970-1472 - CorrelationAuxInfo [ TaskId] {9FD90FCD-7A50-48F0-973F-87A5D21E4C38} [ SeqNumber] 1 - Result Element not found. [ value] 490
And on the connecting laptop, I am getting the same type of error. I have confirmed my certificates are setup identical, along with my NPS. I cannot for the life of me find anything related to this and need some wisdom from my peers on this one.
Cisco 3560 DHCP Port Allocation
Have a network in an industrial plant that we use DHCP port-allocation on our switches, mainly 2950's that has been working great for the past couple of years. Maintenance can just replace a device and it will automatically receive all the information it needs after being connected and powered up.
Now we are installing a network monitoring device, where I've had the great fun of tying all the VLANs to a management switch (Cisco 3560) using ip routing and a few ACL's to keep the VLANs from communicating with each other.
In order to keep things simple for maintenance, it is now required to have a default gateway on these devices in order for them to communicate across the VLANs to the management VLAN, where the network monitor is hooked in.
I can't seem to find a way to assign a default gateway through DHCP port-allocation, or if it's even possible. Am I chasing a pipe dream? Or do I need to just assign the default gateway manually after the device is replaced and alerts on the network monitor?
The network monitor is a Panduit IntraVue Server (part# PNPIV).
Edit: There is not actual router on this network, never will be, our corp. IT will come and murder us. Our controls network is seperated by firewall to the corp network. We mostly control the controls network while corp. IT controls the firewall and above.
Does a switch need to be synced with an NTP server in order to maintain SSH?
I read without an NTP server configured, NTP won't operate correctly and won't read the RSA keys. Why is this? Can I set the time locally and still be able to SSH?
Best sub for reviews/info on colocation providers?
What’s the most appropriate place to discuss colocation providers on Reddit? I’m looking specifically for dedicated bare metal hosting (ideally leased from the provider)
There are plenty of virtual hosting / cloud hosting / consumerish threads out there but these are mostly about hosting websites or other relatively low demand services- hobbyist/personal hosting. Not really what I’m looking for
Can someone point me in the right direction?
My needs are about a half dozen 2U servers, unmetered gigabit, proximity to at least two major Internet Exchanges. Is there a sub for this?
Sorry for the spam, hope this post isn’t outside of the parameters of this sub
Disorganized firewall rules
Has anyone found good rules of thumb or guiding principles on structuring firewall rules well?
I feel like every firewall I've ever dealt with has been a dog's dinner.
Currently doing Zscaler integrations for our sites and it only gets worse. Now not only do we have a mess of firewall rules and NAT translations, we now have issues with PBR.
Switch to PC Vs Switch to Port
Hi everyone, first post here.
We're having our offices redesigned to be more ergonomic. Part of this will require recabling the office power and network.
Now I've never thought of this before but what is the reason for having ports next to the PCs which are then patched in the cabinet to the switch VS just wiring directly from the switch to the PCs?
Surely there is a reason the first is far more common despite being more expensive.
Thanks.
Auto Provision via Serial
Hello, Had a question, is there any way to provision the SW, once it connects to the console port.
We use opengear as our console server. I need to gather the data from the switch, so that I can create file to build the SW. For example: Opengear > port 1 <> SW (console) . Is there any way to ssh opengear connect to port 1 and run commands and gather the data and create a basic file? Thanks
Tuesday, August 18, 2020
Good L3 switches
Trying to find a good switch with l3 switching capacity and 24 ports. I was looking at netgear smart managed pro switches but it seems most are only l2. I saw the edgeswitch 24 lite for $225. Is this the best price I should expect?
Arp and mac address questions
Do network devices use arp on the internet and do you even need a mac address of a remote server/router?
ASA DHCP Relay for Guest network
This is pretty newb of me to ask, but can a ASA relay DHCP requests between networks that don’t have access to each other? Or does a rule to allow that port need to be enabled?
This ASA has been serving as a DHCP server for a couple, separate VLANs without access to each other, like a guest WIFI and one other disassociated network. But I wonder if I can use one server on one of the networks as the DHCP network by enabling DHCP relay?
Question about switches
I’m wiring up an office space and I am curious how this specific switch works. It is the SuperStack Dual Speed Hub 500. I current have roughly 24 Cat6 lines I need to terminate at the switch but it only has 24 ports and none of them seem to be specifically an input. I’d think there needs to be an input so feed the switch from the modem. Can anyone explain this to me please?
Fluke CAT 5 Cable Stripper Blades
Does anybody have a source for blades for the Fluke Networks CAT 5 Cable Stripper? Mine arrived without the blade, and Fluke Network customer service was unhelpful in directing me.
Thanks for your help!
Rant Wednesday!
It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related.
There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves!
Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it.
Is the ASA 5525x that bad for IPS / IDS / Content Filtering?
We have around 10 sites 80-100 users in each site with a pair of ASA5525-x firewalls in each site, I wanted to improve our Web security solution (we currently use Trend IWSVA on a VM in each site).
We recently purchased Velocloud SDWAN for each site but the edges we have are not VNF compatible so I can't simple drop in a Palo Alto VNF there.
What's a good option here? I was thinking of adding a firepower module to each of the ASA but the costs will quickly add up. My major concern is Web security, Internet based threats. Should I even be worried? We have quite strict controls on wired port security (802.1x) and endpoint protection (Applocker, Symantec Endpoint)
3 remote machines, same subnet, no DG set, L2tpv3 - what am I missing?
Evening all,
So I've got this problem at work, in its simplest forms as follows.
3 laptops, each in a different location
They MUST be on the same subnet (I know that its bad, but it's not my call)
It is not an option to set a Default Gateway on the laptops (again, I know, customer suck sometimes)
So I'm testing this in a lab, I've got 3 C1101s interconnected by G1/0/1 and G1/0/2 (switchports, so they're each in a VLAN) with OSPF doing the routing.
I've allocated G0/0/0 as the laptop port. I've configured pseudowire and made an L2tunnel between the first two boxes, I can see the tunnels up, and the laptop ports are up.
Laptops have IP 10.10.10.1/24 and 10.10.10.2/24 (with no default gateway). The laptops are just standard win10 build.
What else do I need to do to make 10.10.10.1 be able to ping 10.10.10.2?
This is above my usual technical level so im getting a little out of my depth, any advice more than welcome.
Thank you
Sources material for CCNP (ENCOR)
Hey fellows networkers,
I am looking for good sources material in order prepare the Cisco ENCOR examen.
I was about to buy the official book as usual but i have heard bad things about it. Is anyone can recommended me other alternatives?
Juniper CPU Limiter Removal
Years ago on a support case in an effort to speed up a firmware upload of a device out of production, our JTAC agent applied a command to stop the CPU protection packet limiter. Our firmware upload went from 300KB/s to many MB/s. I for the life of me can't remember this command and it would be incredibly useful right now, does anyone know what it is?
I want to say it was some sort of DDoS protection or routeing engine protection command?
Devices are SRX's and EX's
CCNA 200-301 exam October 10th
Hello everyone,
I have a couple of years of experience in the IT field but by no means any expert. I've schedule my exam for this coming October 10th. I have registered for this NexGenT CCNA video course (50 hrs), packet tracer, practice tests, and some videos for concepts that I am still unsure of. I do have the Wendell Odom Vol. 1-2. I actually wanted to use the textbook at the end and go over key tables, vocab, concepts, etc.
Realistically, does this seem doable? I'm just trying not to schedule my exam too far out or too soon. I really need some structure for my lessons along with some motivation. PLEASE PLEASE HELP!
Help with Cisco UC540 MOH.
Evening everyone.
I have a Cisco uc540 in production at the moment. Several handsets across the place. At the moment I’ve got lavender fields default music on hold. I wanted to upload a new file for the MOH.
I’ve tried doing so but I just hear weird noises and muffles across the phone. It isn’t working.
Any ideas on what I’m doing wrong? I’ve converted MOH file to U-LAW WAV and just isn’t working....
Capture packets between router and modem
In my home all devices are connected with my router, I want to capture all traffic so I have done below connection
Modem --------> Laptop (Windows 10) ---------------> Router
I have purchased USB to Ethernet adapter, used it to connect Modem & Laptop via Ethernet adapter
Now Laptop's Ethernet Port I have connected Router via LAN cable
Now In windows, I can see two Network connection Network1, Network2.
Then I have selected above two Network in Windows 10 and create Bridge
Now from router I can access internet and also In Windows 10, wireshark software can also be able to show traffic
Now when I try to capture traffic, it does not shows me any HTTP request, It just shows me IP addresses.
Any one please help me how to capture http traffic in this connection? Am I doing something wrong?
UserID to associate to devices in Cisco Prime Infrastructure?
Greetings all.
Just wondering if anyone has any success in getting userID fields in the client device pages in Prime Infrastructure filled without Cisco ISE?
We just purchased ISE but don't have it implemented yet. I'd like to get our 3rd party NAC userID information into Prime in the meantime if at all possible. I've looked at the Prime APIs and don't see any way to do it and I don't recall seeing anything in the GUI to set up anything other than ISE. Our current NAC does have the capability of doing Identity Publishing to other systems (I think I can even do a syslog format) but, of course, there has to be a way to ingest that on Prime for it to work.
Thanks!
Wavelength Service - Protocols down, but link state up?
Hey All,
I used to see this a lot when I worked for an MSP, our datacentre backbone links would sometimes lose ISIS/BFD sessions on the link but the actual physical connection would remain up during a planned outage. I'm wondering what causes this behaviour?
I work for a normal ISP now and one of our backhauls experienced this, I can't see any issue on our devices so I've reached out to the link provider to see if it was an unplanned maintenance. We did have an issue on our devices with our overlay BFD/BGP session going down due to a large number of ARP DDoS protocol violations but we can't see the same issue on the switch at the moment so I'm assuming for now it was possibly the fibre...
Multiple Network Changes (Long Post)
I apologize ahead of time for the long post but I am in the middle of trying to implement several different network changes and keep getting stuck for long periods of time in stupid places and just get frustrated. Really hoping the Reddit "Brains" can give me a quick hand on this.
Environment
Sonicwall NSa2650 HA Pair
Dell N3048EP-ON Core Stack (5 Switches)
Dell X1018-P (My office switch)
Projects
Configure VLAN 200 with DHCP from the Sonciwall X0:V200 interface for new IP Phone System
Port Security using Radius and Certificates
(This are the two big ones right now. Also have DraaS I am setting up, Migration of 6 VM servers from 2008 to 2019, just finished migration to Unity Flash Array and I manage the Helpdesk Queue and the 2 guys that do the tickets. I'm a bit busy, but I truly love my job. Best place I have ever worked.)
Current Issues
I am trying to get DHCP relay set up for these IP Phones. These things have been a royal pain. I have worked with their engineers and made some changes and was finally able to get the phone to pull DHCP on the LAN network. However, exec's want the phones to be on their own VLAN. They also want the DHCP to come from the Sonicwall, reason being that if the main DHCP server were ever to go down, the phones will still be able to be on the network, so people can still make calls even if the PC isn't working.
I guess my struggle here is that I can't find a solid example of setting up a DHCP relay on a Dell Switch. I can find it for everything else, but not Dell. I was able to Enable l2relay globally, I was able to enable l2relay on the VLAN 200, I was able to provide the ip-helper address. From what I have found, I have that set right. Other than DHCP Option 82. I am unsure if I need this. The info on it just confuses me for some reason.
I also have the switch in my office set for dhcp l2relay with a helper address of the same. I can't figure out of I need the ip-helper address on this switch as well. In an effort to not cause any type of network outage I have only configured the VLAN 200 on the port the phone is plugged into and the port that connects my switch to the 3048. VLAN 200 is set up on the 3048 Stack, but the dhcp l2relay is only on the port that my switch is connected to.
So to make that a little less wordy
Dell X1018-P:
Vlan200 Tagged Ports 1(To LAN xx.10.1.x), 9(Phone - dhcp)
dhcp l2relay ip-helper address xxx.200.1.1
Dell 3048 Core Stack
Vlan200 Tagged Ports Gi3/0/8(Connection to Dell x1018), Gi1/0/46(to Sonicwall X0)
dhcp relay enabled globally, enabled on Gi3/0/8 ip-helper address xxx.200.1.1
Sonicwall NSa2650 HA Pair
X0:V100 LAN
X0:V180 Wireless
X0:V200 Phones DHCP Scope set xxx.200.1.2-xxx.200.1.253 Option 132 set for VLAN ID 200
I have wireshark running and don't see any traffic at all from the Phone. Nothing at all. The phone Config has been configured both for VLAN 200 and for VLAN 1 in testing. No traffic at all on either. Not 1 single packet. I have also turned off VLAN and get nothing. LLDP and CDP on or off, same result. I'm very confused by this. I know the phone is good. It worked beforehand. I got it connected on the LAN previously. I had to have everything turned off to get it to connect. VLAN, LLDP, CDP all off.
I just went through and defaulted the phone and am trying again. Nothing. So, apparently in one of the changes I made I have made things worse.
Anyone have any thoughts?
Thanks!
Meraki or Cisco Wireless Deployment
We are planning for large wireless deployment where it is expected to have 1000+ access points across multiple geographiscally sites.
That being said anything that you have insight, it would be helpful to explain Meraki Cloud Managed or Cisco On-prem solution is better and why ?
Non EOL Sonet routers?
Hi everyone,
I've been tasked in finding options for a set of devices/switches to receive an STM-1 (Sonet) connection over which we can communicate and control a few remote sites.
I'm finding it very hard to find devices which will support Sonet that aren't EOL and that we can purchase and gain support for. I've found a few hints towards SFP's which can actively convert STM-1 to ethernet but I can't seem to get a price for them.
The customer is aware that sonet is old and they are in the process of migrating to dark fibre but this could take a few years!
Any suggestions that would be really appreciated!
Price range for the solution should be under £3000
DirectPath I/O within VMware 6.5
Hello,
We have an environment with 3 VM hosts in vSphere. We are looking at implementing DirectPath I/O within VMware. Our setup is vmnic 4, 5, 6, and 7 are disabled at the moment and vmnic 0,1,2 and 3 are not supported. Does this mean that 0-3 we are not able to enable DirectPath I/O? If so, if we already have vmnic's setup i the environment will that cause an issue with configuring DirectPath I/O?
Thanks,
HP iMC 7.2 - disabling a trap
One of our switches is creating info entries for the trap "SFP Phony" basically telling me that it's SFP doesn't match the switch vendor.
I know this (as I put the SFP in) and want iMC to stop telling me but I can't figure out where to disable that particular trap.
I've found 5 instances of the trap with different OIDs (under Trap Management > Trap Definition > search for "SFP Phony"), which I can change the severity of but I can't seem to find anywhere to disable it from being logged. I don't necessarily want to delete it (unless I have to).
Any ideas welcome! Thanks
Cat6 barely exposed outside - regular solid cat6 will be ok?
Hi all,
Running 20+ cat6 drops on a new construction home. Of these, 4 of them will be going to my exterior wall for PoE cameras.
On these exterior drops, do I really need to worry about outdoor cable? I know that's the best practice and all, but when I think about how much cable is even exposed outside, it's basically none.
The cable comes out of the exterior vinyl maybe 2 inches? And that's basically just the rj45 termination I would do. But then the camera is going to mount right over it anyways, so no direct exposure to elements. 99% of the cable is indoors.
Can I get away with solid cat6 for the whole job? I ask because then I can just buy two 1000ft rolls of the same cable and don't need to worry about outdoor rated stuff etc.
Thanks
Anybody used the FS dwdm gear
Has anyone used the FS dwdm gear?
Coming from a smartoptic and packetlight shop I've got a new build coming up soon and can't help but notice the FS dwdm gear is 1/3 the price of other brands I have used. Ive bought regular 10/40gig optics from them in the past and they seem fine, however I'm weary of putting these same optics into our optical transport network.
Their optical monitoring gear looks pretty junky, probably give it a miss.
Keen to hear if anyone else has tested them and if they are any good.
Can you recommend me a tool for network mapping?
Hello, I am looking for open source tool for visually mapping networks (routers, switches, e.t.c...)
Is there any?
Monday, August 17, 2020
Need help with Nortel Baystack 5000
Is anyone familiar with Nortel Baystack switches? I have a 5500-48T running FW: 6.0.0. 18 SW:v6.3.4. 028. I am trying to set up a bonded interface and aggregate the those interfaces. The equivalent of ether-channel and port-channel in the cisco world. Nortel calls it MLT (multi-link technology). This is for the connection to my Synology NAS.
! Embedded ASCII Configuration Generator Script
! Model = Ethernet Routing Switch 5510-48T
! Software version = v6.3.4.028
!
! Displaying only parameters different to default
!================================================
enable
configure terminal
!
! *** CORE ***
!
sntp server primary address 10.150.10.60
sntp server secondary address 129.6.15.28
sntp enable
!
! *** SNMP ***
!
!
! *** IP ***
!
ip address switch 0.0.0.0
ip address source configured-address
!
! *** IP Manager ***
!
no ipmgr snmp
!
! *** ASSET ID ***
!
!
! *** IPFIX ***
!
!
! *** System Logging ***
!
!
! *** STACK ***
!
!
! *** Default Command Interface ***
!
!
! *** Custom Banner ***
!
!
! *** STP (Phase 1) ***
!
spanning-tree port-mode auto
!
! *** VLAN ***
!
vlan create 1001,1010,1100 type port 1
vlan name 1 " "
vlan name 1001 "v1001-House"
vlan name 1010 "v1010-Prod"
vlan name 1100 "v1100-Guest"
vlan ports 20,41-42 tagging tagAll
vlan configcontrol flexible
vlan members 1 NONE
vlan members 1001 1-34,36-48
vlan members 1010 20,35,41-42
vlan members 1100 20,41-42
vlan ports 1-34 pvid 1001
vlan ports 35 pvid 1010
vlan ports 36-48 pvid 1001
vlan configcontrol strict
!
! *** EAP ***
!
!
! *** EAP Guest VLAN ***
!
!
! *** EAP Fail Open VLAN ***
!
!
! *** EAP Voip VLAN ***
!
!
! *** 802.1ab ***
!
!
! *** 802.1ab vendor-specific Avaya TLVs config ***
!
!
! *** 802.1AB MED Voice Network Policies ***
!
!
! *** QOS ***
!
!
! *** RMON ***
!
!
! *** Interface ***
!
!
! *** Rate-Limit ***
!
!
! *** MLT (Phase 1) ***
!
mlt 1 name "asm-test1" disable member 28,30
!
! *** MAC-Based Security ***
!
!
! *** LACP ***
!
interface fastEthernet ALL
lacp key port 28,30 10
lacp mode port 28,30 active
lacp aggregation port 28,30 enable
exit
!
! *** ADAC ***
!
!
! *** STP (Phase 2) ***
!
!
! *** Port Mirroring ***
!
!
! *** VLAN Phase 2***
!
!
! *** MLT (Phase 2) ***
!
!
! *** PoE ***
!
!
! *** RTC ***
!
!
! *** Avaya Energy Saver ***
!
energy-saver enable
!
! *** AUR ***
!
!
! *** AAUR ***
!
!
! *** L3 ***
!
!
ip routing
!
interface vlan 1001
ip address 10.150.1.2 255.255.255.0 5
exit
interface vlan 1010
ip address 10.150.10.1 255.255.255.0 3
exit
interface vlan 1100
ip address 10.150.100.1 255.255.255.0 4
exit
! --- ECMP ---
! No license for ECMP.
! Contact [support@avaya.com](mailto:support@avaya.com) to update Software license.
ip route 0.0.0.0 0.0.0.0 10.150.1.1 1
!
! *** Brouter Port ***
!
!
! *** IPV6 ***
!
!
! *** VLACP ***
!
!
! *** DHCP Relay ***
!
ip dhcp-relay fwd-path 10.150.10.1 10.150.1.9
ip dhcp-relay fwd-path 10.150.10.1 10.150.1.190
!
! *** L3 Protocols ***
!
arp timeout 30
! --- IP Directed Broadcast ---
! --- Proxy ARP ---
! --- UDP Broadcast Forwarding ---
! --- VRRP ---
! --- Route Policies ---
! --- OSPF ---
router ospf
router-id 6.136.116.0
exit
! --- RIP ---
!
! *** DHCP SNOOPING ***
!
!
! *** ARP INSPECTION ***
!
!
! *** IP SOURCE GUARD ***
!
!
! *** IGMP ***
!
!
! *** STACK MONITOR ***
!
!
! *** SMLT ***
!
!
! *** SLPP ***
!
!
! *** SLPP-guard ***
!
!
! *** PIM ***
!
!
! *** UNICAST STORM CONTROL ***
!
!
! *** SLAMON ***
!
TIA!
Issues with HIGH Ping to Singapore Servers from Auckland, New Zealand.
I'm trying to play PUBG / Apex on Singaporean servers from Auckland and the ping should be around 100-130 that's what all my friends get. Without a VPN if I do a speed test on speedtest.net to Singaporean servers I get roughly 350 pings and like 100download/upload. If I use the Singaporean VPN on expressvpn I get 350 ping. If I use a Sydney VPN on expressvpn I get 120 to Singaporean servers. Is my net somehow limiting the connection directly between me and Singapore? Why do I have to use a Sydney VPN to get usually connect times on Singapore? If I use a Singapore VPN on PUBG I get 350 ping whereas it should be 120 and the same for apex. Could someone please help me with this. Thank you. (I've gotten my friends to do speed tests to Singaporean speedtest.net servers and they get 120) Should I call my ISP? Thank you
Connecting to routers not in the same subnet
Can't believe I'm even having this conversation but this consultant has some sort of solution to a complex problem we have and it basically involves connecting two devices (layer 3 switch and a firewall in reality) without them sharing any sort of common subnet and not having any other routing in between.
What he ended up doing in GNS3 to prove his point is putting R1 on 10.1.1.1/24 and R2 on 10.2.2.2/24 and putting a static route on each to talk to each other. Sure as shit he pinged R2 from R1. This is totally wrong and should not work and I blame GNS3 because in any event, he shut down the interface connecting to R1 on R2, yet R1 still said UP/UP.
I can't get through to this guy for whatever reason, does anyone have any sort of easy to understand documentation or response I can just send him so he gets it? The lab he quickly built I saw with my eyes and he didn't pull a fast one, but I assure him if he used two actual routers there's no way this would work. Still, does not believe me.
Basic corporate network issue
Hey,
Hoping for some assistance. We recently relocated a WAN connection to a site which has a small network already there, with a normal internet router and it's own IP range.
What I'm trying to achieve is to connect to 2 together, to enable the existing site to be able to access the printer connected to the WAN network.
My thought process was to add a router between both networks and set up some static routes between, but I'm unsure if this is correct, and also the config steps to take.
I assume this is fairly 'simple' but routing's one of those things I've not got my head around. Switch config and adjusting config, VLANs etc I'm comfortable with, but not had to touch much routing.
Any assistance or guidance would be appreciated.
Here are some diagrams of what I mean.
[Current](https://i.imgur.com/NLeSb4b.jpg)
[My Assumption](https://i.imgur.com/P11OlUW.jpg)
I just assume some things need to be done to route 0.0.0.0 depending on which side of the network you're on etc.
How to handle imposter syndrome?
I was an associate network engineer for 2 years and am currently a grade level network engineer for the past 1 year at a new company. I have my bachelors in Networking and have my CCNA, but today I feel defeated. I feel like I am not smart enough to be the network professional that I want to be. Today I was called out by our lead engineer for not paying enough attention to details. On top of that the DHCP server I deployed and got working is in the wrong VLAN and was IP’d wrong. So now I have to go through and basically redeploy the server with the correct IP and coordinate that change all over.
Sometimes I feel like I am not cut out for this type of work. I have been lucky enough to work with some really smart engineers and it seems like it just comes naturally to them and I seem to struggle more.
How do you get through the ups and downs of being a network engineer or IT professional?
Nexus 9K - 100 Mb/s + Full Duplex Question
have a Nexus 9500 with a 9788TC-FX card in it. Was supposed to move some legacy Avaya voice equipment over to it, but when I hard-coded the ports to 100/full I could not get a link light. The older non-Cisco switches were configured this way without issue. I tested an available Catalyst 9300 and it worked.
I'm led to believe this particular card can operate in 100 Mb/s mode. I connected a Cat9K and set it for 100/Full and it worked fine. When I had the old voice equipment set to 'auto' only (I think because the consultant with access was extremely confusing) it worked but then eventually link was lost as the other side reverted the setting automatically for some reason.
Has anyone run into this? I had a TAC case open but it was of no use. Working with the vendor supporting the voice side but expectations are low. I specifically designated 2 cards for voice, and am not concerned about 'wasting' ports on 100 Mb/s. The alternative is to setup a designated Cat9K stack for this purpose which is far from my preferred option
Thanks
Wireless Repeater
Hi All,
Due to Covid-19 my organization is looking to expand wireless from our CT5520 WLC to areas of the parking lot outside to provide users with a way to drive up and do business without coming inside the building. We use AIR-CAP2601 and 3601's APs inside the building. The organization is pinching pennies as much as possible and I was quoted ~$1600 for (1) Cisco outdoor AP with enclosure.
I tried a cheap and dirty trick to beam the SSID into the parking using a directional TP-Link AP in Repeater mode, but the WLC thinks that device is a client or a rogue AP. We use web-auth on the SSID, so I suspect that is causing an issue while in client mode. This seemed to be a janky setup and I question whether it'll work at all.
Does anyone have a good idea to get the saturation outside we want without dropping the money needed for an outside AP with enclosure?
-NetManMark
NAT ARP Hypothetical
Hypothetical question I've been musing over from a strictly academic perspective.
You have two firewalls both sharing the same external IP WAN block. Let's assume we own that entire /24 block.
ISP: 38.0.0.1/24
FW #1: Inside: 10.0.0.1
FW #2: Inside: 10.0.0.2
If you configure BOTH firewalls with an external NAT to translate 38.0.0.10 back to 10.0.0.100, both firewalls are going to be trying to respond to the ISPs ARP requests for "Where do I find 38.0.0.10?" Functionally, I'm pretty sure we just created an IP conflict (right?). In this scenario, would either firewall take precedence over the other due to some factor, or is it really as dumb as "whichever replies to the ARP request the quickest?". Would you see any sort of flapping of the ISP sending those packets back and forth between the firewalls? What would be the behavior here?
Thanks!
Windows/Samba issues
Other than requiring the local account password to access a share, is there any other means of securing the file transfer? I've heard nothing but complaints about Samba and vulnerabilities. I have a good VPN. Also, how can I allow access to public folders without everything else on the drive being readable?
I've been on Google. Telling me to google it will not be helpful.
Arista vs Cisco - specific reasons why one is better than the other?
Was going through the archives, and saw lots of comments about how "Arista is just better" or how "we're a Cisco shop but I'd go with Arista" and the like, but there wasn't a clear articulation about why that was. I've pieced together multiple comments and threads and it seems like they aggregate towards these:
- single OS
- better automation / open API
- better pricing
- better software, better support teams
I'm sure there's a ton more but these were the main ones. Do you guys think this is the right list about why Arista is better than Cisco or even Juniper? To be honest, seems like Cisco is coming out with better updates to compete more effectively, but just want to make sure I'm thinking about this correctly.
How does networking work for the Dark Web?
Being a little new to the field of networking (I've only barely had a year of networking experience but I'm enjoying it so far!) I am curious as to how traffic via the Dark web is managed(after being recommended a Youtuber who made a video about the dark web). Sure VPNs and such are a must, but as for the network itself... Do these sorts of networks use the WWW's infrastructure to send encrypted traffic or something via the VPNs?
Just a little thought, thank you all for any insight.
Secure network with 802.1X help please.
Trying to secure the network while no one is in office. 802.1X was done for the user interface. Which is working. For wireless dot1X, that is being taken care of the WLC. But what do I do about the interface on the switch? What prevents a malicious person from unplugging the the wireless AP and plugging in a device? I put the same config for a laptop on the Wap and devices can't connect to the network. I see them on my Cisco ise live logs. But they arent able to access anything. Would sticky ports set to 1 for the AP work?
Thanks
Not in office due to covid but still expected to complete this from home. Using all Cisco switches 9300s and Cisco ISE2.7
Why is a local DNS server required on the client side ?
Because a local DNS cache can also be maintained on the client machine itself. And if needed the client machine can directly contact the root DNS server. This would also reduce the delay time as there would be one less level of DNS server. . PS- I am just a beginner in starting out in this field so forgive me for any tomfoolery.
Thanks in advance :)