We all know how hard it is to deploy a WiFi network where the airwaves are busy. We also know that a major source of noise comes from the APs themselves. Would it be possible to lower the noise floor by keeping each AP submerged in liquid nitrogen? With a decrease of over 200K, that'd be sure to improve SNR levels and give clients the best experience.
Saturday, April 3, 2021
Copper vs Fiberoptics
Hello, My understanding of the difference between the two is that copper uses the movement of electrons whereas fiber optics uses light signaling.
Now I have read that both copper and fiber uses EM signals. But this can't be true. Copper depends on the movement of electrons, which is near speed of light, yes. But it is not the equivalent of an EM wave. Electromagnetic waves are not the movement of electrons, but a wave in the electromagnetic field, or photos.....which is distinctly different from electron movement.
Or am I wrong?
I'm interviewing for a Technical Program Manager position in a network planning/data center design team . I would like to know if any of you have worked or are working with TPM's in this domain and what technical knowledge (in networking) do you expect them to have?
or what kind of technical stuff do they usually come across? I have a technical round with the company in which they will ask me basic networking stuff so just want to be sure about how to prepare for it.
How to check if UDP 4500 and 500 are blocked?
I have an ISP provided router/modem: ARRIS TG3482G model.
I am a complete noob here so if there is an application or a website that I can visit to determine, that would be helpful.
Thanks
Extranet Site-to-Site VPN
Any other admins cringe every time a request comes in for a site-to-site vpn connection to an external network or am I the only one?
Aside from having to manage overlapping rfc1918 address space, aren’t there signifcant security concerns even if you segment out the network and place it in a DMZ?
How to convert cisco asa firewall rules to a network flow matrix ?
Hello, Is there any tool or method to automate the conversion of cisco ASA rules to a network flow matrix ? Thanks in advance.
Dropbox connection
I have 2 devices, both connected to the same router via ethernet. They both have gigabit ethernet, and gigabit is working absolutely fine.
However, on one device I get the full bandwidth to Dropbox, and with the other I get no more than 8mbps!
I have tried using the desktop application, chrome, edge, firefox...even reinstalling the application, but that one particular device does not cross 8mbps, whereas the other has no issues at all.
This speed cap is only applicable to Dropbox. I get the maximum speed on every other application. I have gone through Dropbox settings, changed the bandwidth cap, set it to auto and to max but still no help.
If anyone has a solution, please let me know! Thanks!
Share your network automation ideas!
Just curious as to what you have automated during your networking career that has made you a lot more efficient at work. Please specify tool used, e.g. python, ansible, netmiko, etc. Thanks a bunch!
Nexus 9k ssh timeout
Hoping a nexus guru can steer me in the right direction...
disclaimer- I have worked closely with catalyst switches(ios+ios-xe) extensively for 5+ years and halfway to being ccnp certified, but this is my first time logging in to a nx-os device
device: C93360YC-FX2
NXOS: version 9.3(2)
So I got the device online via mgmt0. I am not using aaa/tacacs at the moment, just getting it online so my boss can provision it. I am able to ssh in to the device from my office now, but my ssh session keeps timing out in like 60 seconds of inactivity! Here is my "line vty" config from "sh run all | sec line"
line vty
session-limit 32
exec-timeout 120
logout-warning 20
absolute-timeout 120
Would anyone be willing to explain this behavior?
Getting an unusual IPv6 address on a IPv4 only wwan interface
Ahoi,
I got a LTE card here which I configure using modemmanager cli. Sadly it only has IPv4 connectivity and I have to set the IP address manually. This all works pretty nicely. What is a bit strange, is that the interface always gets an additional IPv6 address. Which causes my system to think that it has IPv6 connectivity and tries to resolve stuff by IPv6. This is extremely annoying and so far I couldn't figure out where this IPv6 address is coming from.
The address in question can be seen here:
$ ip address show wwp0s20f0u6 34: wwp0s20f0u6: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000 link/ether my:ma:ca:dd:re:ss brd ff:ff:ff:ff:ff:ff inet 10.32.555.333/16 brd 10.32.255.255 scope global wwp0s20f0u6 valid_lft forever preferred_lft forever inet6 ::fc11:myma:cadd:ress/64 scope global mngtmpaddr noprefixroute valid_lft forever preferred_lft forever inet6 fe80::fc11:myma:cadd:ress/64 scope link valid_lft forever preferred_lft forever
It's this one: inet6 ::fc11:myma:cadd:ress/64 scope global mngtmpaddr noprefixroute
The address configuration is done by systemd-networkd and configures only a static IPv4 address.
Does someone have a clue where this IPv6 address comes from?
nmap -sn different results than - sL (-sL shows missing host from -sn)
Executing nmap -sn 192.168.2.1/24 gives all hosts but 1 (192.168.2.116 just won’t show). Ping 192.168.2.116 works flawlessly. Nmap -sL 192.168.2.1/24 shows all hosts also the missing 192.168.2.116 that -sn won’t show. Why is that so even though the host is „pingable“?
Wifi6 installation acceptable speeds
If you hired someone to install a wifi6 solution in your building 250+ APs what would you consider to be minimum acceptable speed for the end user devices. What speed would you be very happy with?
With the following assumptions...
low numbers of clients on each AP and network generally under utilized and not stressed.
end user devices are high spec wifi6 devices.
Minimal interference from other devices or nearby networks.
Internal wifi coverage is excellent.
Also any recommendations you consider better than Cisco catalyst 9800-40 wireless controllers would be helpful? (Can't be cloud based e.g Meraki).
Thanks.
How can I dynamically introduce different delays in a physical ethernet link?
Hello r/networking!
I am currently working on writing some controller applications for SDNs that take into account multiple parameters for moving packets around the networks. As a requirement for the project I have to use actual physical links and not just artificial links such as those generated by mininet (which allows controlling the link parameters).
My big question is how could I add some delay on a physical link (preferably not a very expensive solution but at this point I am desperate for an answer so any idea will do). I will need to be able to add the delay and remove it dynamically (in an ideal scenario) and see how the controller reacts to these changes in the physical layer, that is my end goal.
My only current idea is to use an FPGA and just buffer the signal for a few milliseconds, sadly this is far beyond my FPGA programming skills and I am looking into alternatives.
Friday, April 2, 2021
How to store/hash a password to a database but you also need the original password for access to a cisco network switch, using netmiko? I understand that there are RSA keys but how would you do it in python?
Hey guys, so i have been creating a flask application that can share screens through a cisco network switch. I have added a lot of user functionalities like creating their own account with a username and password. These passwords are stored and verified in a SQLite database by using generate_password_hash and check_password_hash from the Werkzeug module. However, I have also allowed the admin to change the password of the switch therefore it needs to be stored in a database. However, I don't mind hashing the password but I need the original password to get access to the switch to configure ports. I know then that there is no point of hashing the password LOL :')
Therefore, the main question would be "how to hash a password and obtain the original password because you need it for the application?"
I know there is no point of keeping the password floating around the code like a global variable or storing it as plain text in the database? Therefore, what do I do? Do I create my own encoding function?
By the way, I am also containerizing in a docker container. Please let me know also how to put it in a docker container on the cisco switch and make it available to users within the network's vicinity?
Thank you so much
How does your device know the IP Address of the person you're communicating with in Whatsapp
I know how packets gets delivered when specifying the destination IP Address like "ping 192.168.1.1" we use ARP to find MAC Address and etc but this is basics, i want to know how you send a private message to me without specifying my IP Address.
Ways to practice networking/network management without hardware
Wanted to get into networking but am not sure how to start. Are there any good programs, software, vm's, etc that can simulate one or be used as a learning tool?
Netmiko Help - error handling or if/then statement??
Using netmiko and has worked great. Recently I've been creating larger groups of devices and combining devices of multiple L2/L3. The issue is when one of the loops hits a device that doesn't accept the command the script stops. Any help is appreciated and here is a simple example:
The script has many calling functions and how can I force the script to continue even if the return from the network device is '% Invalid input detected at '^' marker.'
table = net_connect.send_command("showcommand not exist")
for line in table:
data = {'IP Address': [entry['address'] for entry in mac_table],
'MAC Address': [entry['mac'] for entry in mac_table],
'Interface': [entry['interface'] for entry in mac_table]
}
Bandwidth requirements for IPSEC?
We have several MDS iNET radios linking remote locations. The data at these locations are sensitive and I need to keep it off of the corporate network. These radios only have 256k of bandwidth at best. I'm trying to have two IPSEC VPNs to backhaul back to the servers they need to talk to. The locations that are a couple blocks away operate just fine. However, the locations that are greater than 3 miles out are locking up. The locations have Cradlepoints and connect back to a Palo alto. The cradlepoints have an active LTE modem. Failover is setup where the iNET radio is the primary (cause it's cheaper than paying for data) and we would like to have backup internet to these locations.
There are two VPNs. One for each subnet where two sets of devices live.
Now, the VPNs never disconnect. After about 20 minutes, no traffic will flow through ONE VPN. I can restart the cradlepoint, and traffic will flow again. OR I can turn off the ethernet interface connected to the iNET radio and the data will flow just fine over LTE once the VPNs are reestablished.
I thought it was a routing table problem not properly being changed at a failover, but then I noticed that the VPN never actually goes down, so failover is never activated. This lead me to think that IPSEC is producing more bandwidth than the iNET radios can handle.
Traffic flowing from the remote locations is low. We don't really need a lot of bandwidth to these locations. Only DNP traffic is being pushed. Think SNMP, but for industrial equipment.
Also, I can access the cradlepoint's web GUI through WAN and see that the VPNs are still connected.
I looked through the logs and nothing stands out. Traffic just dies and the server can't ping the devices and the local network can ping the server.
Does IPSEC provide enough overhead to where there's a minimum bandwidth requirement?
Thanks!
Question about crypto mining from a network perspective
What does crypto mining look like from a network security perspective? Is there a way to block it, a certain protocol it uses, does it even need a network connection? Can you block it from a firewall? Just trying to make sure it’s not going on in our network.
VPN weirdness
In an office of 10 windows machines and when one of the machines connects to an openVPN server (a router with openvpn server running off site), the internet dies for everyone. Any ideas?
Silverpeak SD-WAN and private (RFC 1918) ISP IPs
New product for SD-WAN - this time Silverpeak. MSP states that this solution cannot use RFC 1918 IPs from the ISPs (Internet circuit providers), and that they only work with public routable IPs. This could be a challenge, in cases where circuits were provisioned with ISPs unable to offer public IPs ==> canceling circuits, ordering new, etc., etc.
Fiber connectors confusion.
Total noob here, recently applied for a ftth connection, they terminate the fiber with either SC/APC or SC/UPC connector and provide their own router. I do not want to use their router and use my pfsense box with a NIC that has SFP+ and another one with just SFP, I also have ordered a UDM Pro for some other project. What kind of transceiver/connector do i need if I want to connect it directly via one of these options?
When I looked it up most transceivers have dual fiber(what is this type called), but mine has only one fiber which I found out is called SC/APC or SC/UPC depending on termination technique and wasnt able to find a single fiber transceiver.
Please enlighten me with all the knowledge reguarding this topic.
Open source network weather map/visualization - what's out there?
The old an trusted PHP weathermap is a bit old fashioned, generating a single image with HTML overlay. We're looking for something more dynamic. Just the visualization part - not the collecting of data.
So the question is, whats your suggestions and experiences? We've looked around, but the stuff we find seems to be either abandoned or just not in a working state.
How many of you work with open-source SDN and other solutions? What are your thoughts on its current and future status?
I've been trying for a while to figure out what I wanna do next in my career. Now I do pretty typical Cisco on-prem campus and datacenter stuff, but I kinda hate DNA and most Cisco products. On the other hand, I've always loved open source stuff, altho traditional that's mostly been software/applications, not for infrastructure.
On the other end, I've thought about heading towards a DevOps/SRE sorta role, but the amount of application-layer and programming involved is of moderate appeal - I don't really wanna program 75% of the time, and I don't really wanna leave networks behind me for the most part.
More and more I see jobs posted that I've not seen much of before: the open-source datacenter. Often startups or forward-looking companies are trying to implement it, often because their business model may have very specific infrastructure requirements that cloud can't accommodate well (at least not yet).
These sorts of positions seem rare, but interesting. A mix of old-fashioned on-prem, SDN, automation/programming, Linux and perhaps some cloud as well.
It sorta seems like this is maybe where I want to go...something in between a network engineering and an SRE position, with a bit of the best of both worlds as well as a design/architecture component.
I'd love to hear from anyone who does this kind of work and what you like/dislike, what your day to day is like, what your underlying hardware looks like, as well as your views on the future of it. I don't see much discussion of this in this sub lately.
Thanks
Postmortem analysis - what was happening here?
Weird problem I don't quite understand:
Two gateways, different providers
These providers are connected to a switch
Switch is connected to two Sonicwall NAS devices in primary/ha standby mode, both configured identically with the failover/lb set to use both of the two gateways
Users started to report slow internet, a VPN tunnel reset itself every minute or two
ping -t to both of the SonicWalls, steady connection, no packet loss
ping -t to the intermediary switch, steady connection, no packet loss
ping -t to 8.8.8.8 and to the primary gateway showed a consistent pattern of about 60 replies, then 8 timeouts, then another 60 replies, repeating ad infinitum.
This pattern of packet loss was observed regardless of pinging host: from a PC, from the Sonicwall, or from the switch between the Sonicwall and the gateways - pinging from the switch to the gateway resulted in the same issue even though it was not passing traffic through the Sonicwall at all
As I isolated components one by one I eventually discovered that it was being caused by one of the two Sonicwalls - unplugging that sonicwall fixed the link between the switch and the gateways.
Packet monitoring didn't show anything interesting.
What could possibly have been going on here? No packet storms seen, just something with the sonicwall was causing the link between switch and gateways to drop on a set cycle. There was a period of flickering lights/brownouts so that's my guess as to what caused the problem, whatever it was, but I'm curious as to what was actually happening.
Palo Alto Pan-OS SDWAN vs Fortinet FortiOS SDWAN?
I am looking for a sdwan implementation for a small network of 6 branches and two datacenters, which will go along with a replacement of the firewalls/gateways at each site. We currently have FortiGates at the sites.
Looking at just their native SDWAN capabilities and ease of configuration and management, which seems to be the better implementation? Going by what I've seen, it looks like the Pan-OS + Panorama solution is a bit easier to use and more robust than the FortiOS + SDWAN Orchestrator combination in Fortinet. Some even say that Fortinet works even better without the orchestrator.
Mainly looking for the opinion of people that have worked with both, or have some experience in either. Thanks!
I have a unique situation that I am trying to fix regarding booting - any help appreciated
Hello, I work in a system development environment where we have many isolated networks that each rely on a single switch, and are not interconnected to one another or to a larger network. All of these networks are spread out across the world and we have to send technicians to do an update on the network and the system each year. These are not network technicians, so I am trying to make it as easy as possible for them to do. If I can totally automate it, I would eliminate a lot of the issues that can arise from someone who doesnt understand networking playing with boot variables and .cfg files.
I am trying to find a better way to update the IOS and config files on these networks. At its current state, the switch gets updated using a fat16 memory card. The new IOS and config reside on that card, and I have written a text file of paste-able commands for the field support reps to use once they are in enabled mode. Once pasted, the switch will push out the old flash, reassign a new boot variable, and install and assign the new config file before reloading to process the boot variable update.
The biggest issue that I am having is that these cards, and really any usb flash that I use, is that they're really finicky. The switches have all sorts of intermittent problems reading these, which leads to FSRs in the field at the "SWITCH:" prompt, where they are lost and in an opposite time zone.
What I want to do: I want to install a tftp server in the network, point the switch to that server, and have the FSR put the new files into the tftp server and reload the switch. Seems easy peasy.
THE PROBLEM: These networks are actually a contained system. A simulator for pilots to train on. And the whole thing is powered down in some locations each day. The issue that I think will happen is that when the system is turned back on, the switch will boot faster than the rest of the system, and it will not have a boot file to read from because the tftp server will not be online yet.
Any insight on how to get around this would be amazing! maybe in the config file, I can set commands to copy over the tftp boot variable into flash and then reset the boot variable to the static entry? what would be the best way to go about that?
thank you!
Multiple networks over IPSec tunnel, but not all networks should be able to communicate with each other
I want to send 2 pairs of networks at either side over an IPSec tunnel. But both pairs of networks should not be able to interact with each other:
Site1 —> Site2;
Pair 1: 192.168.10.0/24 —> 192.168.11.0/24;
Pair 2: 192.168.20.0/24 —> 192.168.21.0/24;
So for example 192.168.10.0/24 needs to be able to reach 192.168.11.0/24 at site 2, but not 192.168.21.0/24.
To accomplish this, should I make 2 IPSec tunnels? Or 1 tunnel with multiple phase2 selectors?
What do you want from you boss?
This question is not directly network related. But still towards network eng/admins and so on.
What for competences do you want from your boss?
Like a genius in Networking? Or more a genius in administrative tasks like processmgmt, ressource planing?
Powershell script to test Radius Server
Dear networkers,
are you aware of any Powershell scripts that can be used to actively monitor the status of a Radius Server (like sending fake PAP/CHAP requests)?
Thanks!
Thursday, April 1, 2021
Cisco fex and juniper satellite distance
Hello all!
Is there a distance / latency requirement for nxos fex deployments, or for juniper qfx satellites?
I'm migrating some gear to a new site with 10g LR backhaul and it needs to be part of the same switching domain, but I'm not sure if I can simply buy new fexs and satellites for the new site, or if I will need to buy another 7700/mx960 for the site as well.
I read through the cisco fex documentation, but I couldn't find latency guidelines.
How to switch wifi from 5GHz to 2.4?
I have a bunch of smart lights that need a 2.4GHz wifi connection but my wifi is 5GHz or atleast that's what I'm told. How do I fix this ? I'm in Canada with a Bell home hub 3000
Need help! My Router has Cut-Through Forwarding enabled by default, should this be on?
I just wanted to know if cut-through forwarding should be on or off. My router has it enabled by default and I'm not sure if it can cause issues or not. Any help is appreciated.
MMR Infra Design advice
Hi there,
I am wanting some architecture advice.
Problem
I want to place an Arista DCS-7280SR-48C6-F in one MMR (DC#1) and rent darkfiber to connect to another MMR in DC#2..
The goal is to reach IXP's and iptransit providers that are available in DC#2 which are not available to me in DC#1.
Question:
Should I put another router like Arista DCS-7280SR-48C6-F in DC#2's MMR or could I just get away with using a network switch in DC#2's MMR in order to pass traffic over the fiber back to DC#1's Arista Router?
Alcatel-Lucent end of life devices
hi I devices been searching for a list of end of life dates for Alcatel-Lucent devices. I can't find anything on the main site. i need help guys.
Blogpost Friday!
It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts.
Feel free to submit your blog post and as well a nice description to this thread.
Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it.
OpenSource tool to monitor multicast in NX-OS environment
Hi All
Just wanted to ask if anyone has come across an open source tool to monitor multicast in a network. Was looking for something like this
https://ipfabric.io/blog/troubleshooting-multicast-traffic-flows/#
Not sure if I'll be able to get this level of information via nx-api .. but I guess the challenge would be to run the script across multiple switches and try and scrape data to tabulate and correlate.. But if something along this already exists and you guys use it would save some time even if I have to code to refactor it.. happy to do it if there's some baseline config available.
Refreshing Access Layer, curious of differences in these models?
So I am refreshing a bunch of floors and I'm trying to see the true difference between a
9200-48P-E and a 9200-48PXG-E
If anyone could help me that'd be great, I Though it was due to the POE, but the specs page cisco offers isn't really clear.
Thanks in advanced.
ASLO: LOL april fool's and the only flair options. Got me good.
Cisco ISE - dACL IPv4 and IPv6 traffic
We are in the early stages of a Cisco ISE deployment, we are setting up Guest wired redirect/access using DACL. This functions perfectly in the IPv4 world. What we discovered today is that the DACL only covers IPv4 traffic, the IPv6 traffic is un-filtered. If we try and apply and IPv4 and IPv6 DACL, it fails to apply either. We are testing this on a 3850. Has anyone else had experiences with this? We don't route v6 traffic so disabling IPv6 on the switch comes to mind, but is this a good idea? any thoughts or experiences welcome.
Thanks!
Question about ubiquiti breach
I've heard ubquiti has had a "massive" breach. However I don't see how that affects us when I don't have any ubquiti gear on the cloud, it's all local stuff. No ports forwarded or no cloud router unifi from ubquiti.
Is there a public database listing SSID and location?
This stuff is public knowledge... just wondering if a collection of it to accessible to public.
Proxy for protection
Hey, guys. I finally decided to build my first website. It's going to be a local online platform for buying and selling different everyday things. I want to set up a possibility for users to create their own profiles, upload pictures, ads, etc. I'd like to avoid problems with the website's security because any data breach will be a disaster. The problem is I'm not a very experienced person regarding internet security, so I need your help.
One of my friends said that it's important to set up a security system including proxy servers because it will significantly reduce the risks of being hacked. He failed to explain how exactly these proxy servers work for data protection, but I was able to find some basic info on tech websites. As I learned on Cloudflare here cloudflare.com/learning/cdn/glossary/reverse-proxy/, such proxies are often used as an SSL gateway. The platform could respond to external HTTP requests without fear of revealing the structure of its network. I understood that proxy in this case acts as a mediator between external users and internal network. I also learned that some companies use residential proxies like speedproxies.net for protecting their infrastructure. If potential attackers want to get particular information about the network, it would be impossible because the requests will be answered by servers from different countries and regions.
Well, I get it, but can such proxies really hide data from potential attackers? Don't get me wrong, but I have some concerns about it. I know that proxy servers can't be “unique” and are used by many people at the same time, and not always for good reasons. Is there a risk that my online platform will be blamed by search engines or even by authorities for using these proxies?
Switching Cisco 4500X fan direction
I have a Cisco 4500X in production that's using front-to-back fans and power supplies, when it really should be back-to-front. I have a set of back-to-front fans from another 4500X that really should be front-to-back. Since the chassis only cares that all the fans and PSUs have the same orientation, the swap should work fine.
My question is, can I swap the fans and PSUs one at a time without taking the switch down? I would ultimately have it all swapped out in less than a couple minutes so they all match, but I don't know if the switch will shut down and/or stop moving traffic until I power-cycle the switch or complete the swap. It's a core switch, so taking it down would be a severe pain in the butt.
But.. I like Ubiquiti..
Glad to see Ubiquiti acquired this sub, it was a much needed change around here! /s
a good resource to learn ansible for network automation
Hey,
I'm looking for a good resources to learn about ansible , I found some stuff but most of them focusing on servers or just out of date.
anyone have any suggestion that focus on network modules ?
Replacing arista 7508N and 7280SE spine/leaf with UniFi?
Hi,
We're looking to replace our existing 40gbe 7508N and 7280R spine/leaf DC with UniFi or perhaps edgeswitch/edgerouter (if budget allows!). Has anyone done this? Hopefully when we rip out the old stuff, we will make enough off eBay to pay for the new gear. Right now we're running BGP as our IGP but would like to transition to OSPF and BGP for underlay/overlay and do VXLAN and EVPN PIM. Are there addtional licensing costs for these features in the EdgeSwitch line?
Thanks a bunch fellas.
Show config is not showing anything in user mode
I have configured tacacs,but show run not giving configuration.It gives x of y bytes.
Router>show config X of y bytes
Can some one help
Peap wireless bridges.
Anyone have a good device they use for wireless bridging that are peap capable?
ARP not updating on border router from CPE changeout
Im sure this is a common issue but I don't know the terminology to look for.
My border router ARP entries aren't getting updated when a customer changes out their equipment on a passthrough port.
The topology is: Customer Firewall -> passthrough port -> Calix 844G -> Calix E7-2 -> Cisco 920 -> MPLS -> Cisco 920 -> Cisco 1002HX Border Router
Now that I know this happens, I just clear the arp entry on the border router and their new equipment works just fine. Ideally I wouldnt have to manually clear the arp entry or wait for the arp expiration.
What is the proper method for dealing with this? Lowering the arp timeout doesnt seem like a good idea.
route server w/ 2-4 full tables?
Hello all, I'm looking to setup a route server for a little 'micro-IX'. I'd like to get about 20-30Gbps aggregate out of the box before having to upgrade.
I'm considering a Linux/FRR box with a 10G NICs. I feel like I can put together something that can handle this for a few grand.
I'd also consider a cisco/juniper box for this purpose but I think the price will be quite a bit higher. I haven't been using this gear for a long time (run a wISP, use a lot of mikrotik) so I'm out of the loop of what I should expect for price/performance here.
I had considered mikrotik, but I think 10G is about the ceiling on pretty much anything they have and the 'faster' devices have really slow BGP performance.
Opinions?
Wireless internet keeps going out
Hi,
I just got fiber internet and the wired internet is really good. But my wireless internet keeps going out or going down really bad. The router is genexis platinum 7840, i searched and more people have problem with this exact router. Can anyone please help me?
2960X Stack - Management Interfaces
Hi Guys,
I have a stack of 3 2960-X's and am looking to start using the dedicated management ports on them for out of band management.
In theory the stack has 3 management interfaces, however there is only one 'interface FastEthernet0' in the config.
Does that mean I have to use the master and am not able to have management failover to the other stack members?
I read in the Cisco Docs that you are meant to put all 3 into a hub and then use that, but its 2021 and I dont have easy access to a hub! :)
Please could someone explain what I need to do here?
Ubiquiti Acquisition Status
Hi There! If you missed our announcement earlier today, Ubiquiti has acquired the r/networking subreddit and is currently transitioning the support forums to r/networking.
We are still working through the acquisition process, and soon our overlords will allow posts again. All topics are still approved, however there is one specific new rule:
You must select a flair from a wide array of choices in order to post on r/networking. Comments will remain unaffected for the time being.
As always, hail to our glorious benefactors, Ubiquiti!
Wednesday, March 31, 2021
Maximum throughput for 64 byte frame on RFC 2544 test
How would someone be able to perform an RFC 2544 layer 2 test w/ VLAN tagged & successfully pass 940 MBPS on a 64 byte frame? (Far side port that is being looped for RFC 2544 testing is 1 gig port)
This is what I’m referencing for maximum throughput calculations:
7 bytes of Preamble + 1 byte of Start Frame Delimiter + 12 bytes of Inter Packet Gap + 4 bytes VLAN = 24 Bytes overhead
Throughput = [Frame Size / (Frame Size + Overhead)] * Switch Port Capacity
[64 / (64+24)] * 1000 Mbps = 727 Mbps throughput for the 64 byte size frame.
DIA Service Negotiation
Howdy folks! Do humans actually negotiate DIA service contracts? I received mine which looks very similar to this one. Any tips for things they can work in to the contract that they'd be willing to give? Are there any gotchas or things to make sure get covered?
Short version, I'm kicking off a neighborhood network :)
Questions about device deauthentication/disassociation and Access points.
My spouse has an iPhone 11 and has a deauthentication count of 28 within the last 3 days and a disassociation count of 560. My iPhone X and her work IPhone 8 have a deauthentication count of 0 and about the same disassociation counts 160/163. I’ve also noticed a log stating “BSS transmission response accepted” with a similar destination ap but the last character changes to a number on the ap address. I’m not sure what any of this means. We have ATT Internet with their gateway
I'm in love with a Solarwinds NCM fam.
Recent security scandal aside, It's so feature rich and is already saving us a lot of work. I created a security policy to show us devices that are missing key configs, service password- encryption, no mop, no finger, ect... so I get the report and decide to remedy the no encryption. Being that we've only had it a few days and I wanted to be cautious, I decide to start manually adding password encryption to devices... then I remember there ain't no way password encryption can break a network, so I enabled auto execute on that rule only, and update the policy. In about a minute NCM went through dozens of devices and added encryption automatically. Brilliant. It tells you EoL devices, config mismatches, all kinds of stuff. Love it.
Support experience
Hi all,
Looking to find what everyone experience with support it with Network vendors, My company is currently a Cisco only shop I've inherited (2960s access, 4910 core, Asa's, merakis)
With a move impending to a new office and colo we have opportunity to replace -some- items (not all...thanks covid) this summer.
Vendors Include cisco, Aruba, extreme, Mellanox, juniper
We have quotations from vendors regarding core switching (32x100GbE ports core) to start, wifi and firewalls to follow but I'm curious how others experience with the following companies are, from customer support, implementation, intercompatabily day to day running, gotchas etc
My experience is limited Cisco only from here, but I'm curious if anything is better.. especially for an almost solo infrastructure admin
We ran off our old core for since 2011 so the speeds are to future proof growth of our growing media company (200 employees, ~3 petabytes of data)
Access switches will be staying our 2960s this year, with hopes of swapping next year to the same switch family
(thanks to covid it not being the entire) Specif
Anything Beyond Seven Drops won't connect
Hey Networking,
This may be completely obvious to some of you but I do not have a background in networking and I work for a small government team of 3 with no networking guys. I have a branch office that has a Cisco SF300-24P managed switch that is connected directly to their ISP's (Viastat) Exceed modem. Whenever they have 7 drops or more connected no one else can join the network. To get anyone new on we have to unplug everyone and start from scratch. I logged into the router and reset it to factory settings and then updated the firmware but it was the same thing after my efforts. I called their ISP to see if I could log into the modem or if they have some weird rules set up to only allow a certain amount of connections. They have a 3 public IP limit and will not allow me to log into the router and said only their network engineers have that privilege. I have ordered a new identical switch as there were recently some severe storms where they were and were not on battery back up. I went over every setting on the switch but saw nothing to indicate a port limit of some type.
Am I missing anything here I can check on? Do you think it is a setting or the switch has gone bad? Do you think the small-town ISP is the problem? Thanks in adavnce.
Encrypting traffic between datacenters?
Hello,
Currently due to the nature of the business we're in we require that traffic between our datacenters be encrypted(using IPsec VPNS as of now). Currently we are doing this by running interconnects between firewalls but this presents a problem because we have firewalls handling the routing at the edge...is there something big I'm missing here?
I'm aware this is broad but im looking for any and all suggestions.
Controlling / Verifying Azure Routing Tables to enforce traffic through Third-Party Firewalls?
I imagine this is a common problem, but my quick Google-fu has failed me. We're implementing third party NVA firewalls in Azure in the standard active-active load balancer sandwich, and want to make sure that all traffic from certain subnets has to go through them.
The standard way of doing this is to override the default Azure subnet routing tables with routes pointing at the NVA load balancers. So far so good, everything works as expected. But as the number of networks grows, and Azure keeps tossing automatic routes into its routing tables because it likes to be helpful, it's a management nightmare to make sure all routing table routes are always overridden with user-defined routes. How are people managing this and are there any clever auditing tools or tricks to prevent Azure or an admin from just tossing in a route that completely bypasses the firewalls?
Layer 3 Access and IPv6
We are working on an IPv6 addressing scheme for our enterprise. We also use layer 3 access for IPv4 and have for 15+ years. Each switch stack has its own production, VoIP, and management subnets (and special networks as needed). The reasons for L3 access were to limit broadcast domain size and minimize the spanning tree.
Now we're working on our IPv6 addressing. My organization is large enough that we have a /32. And we're trying to keep to the /64 subnet boundary so we can still use SLAAC if we choose to.
But we're having a disagreement on whether to continue layer 3 access, especially in light of IP fabrics and CRB.
- In our existing design, every access switch stack will get its own IPv6 addressing for production/VoIP/management.
- In an IP fabric design with CRB, a building has single production/VoIP/management subnets.
The objection to CRB is that we go back to having a building-wide broadcast domain and more difficulty identifying the switch stack. (Example: if a production subnet is 10.47.88.0/24 and we see an IP 10.47.88.36, DNS resolution on 10.47.88.1 will tell us the switch stack, as that's the gateway IP. We're still flailing in our automation chops. Acknowledged.)
So I'm looking for input from people who have implemented IPv6 in a L3 access and want to know what you did. Is the broadcast domain size still a concern? Did you maintain individual subnets per stack? Are you switching to a fabric? Did you change to CRB (regardless of a fabric or not)? Any other input?
5 story building - running all cable drops to 1 floor
We have a 5 story building that currently has an IDF closet on each floor which serves the devices on that individual floor. Each floor connects back to the building distribution/core switch on the 5th floor. The problem we're having is that these IDFs are absolutely horrible to work in. Most of the racks are 10ft in the air and you need a ladder just to patch in a cable. Patch panels literally hanging down from the ceiling by rope. They're poorly lit, each having just a single light bulb hanging from the ceiling. No climate control or air filtering so they're luke-warm and filthy.
Unfortunately, there isn't room to expand the current IDFs and there is no room on any of the floors to make new IDFs except on the Basement floor or 5th floor, so my question is - is there any particular design reason why we couldn't just run all new drops for each of the floors to a single, large, purpose-build MDF either on the basement or 5th floors? Each floor has about 12ft high ceilings so I can't imagine cable length would be an issue, unless I'm overlooking something.
Meraki MX67 Is IDS and IPS enabled by default?
As per the title, we are using Cisco Meraki MX67 with IDS enabled (which I can see in the 'Security & SD-WAN' section) under 'Intrusion detection and prevention' with the mode set to 'Detection' but I am not sure if that also includes IPS? Is there somewhere to determine that?
FEC and SD-WAN in Reality
I would love some additional feedback on FEC. It appears to me that when evaluating FEC with test tools, generating random packet loss as a percentage of packets, FEC works as advertised. But in real life, packet loss often occurs in bunches due to WIFI handovers, route flaps, and temporal network congestion.
In a previous post, there was a wise comment about how FEC can increase latency, and its a trade off between how much FEC is applied, verses the increased bandwidth and latency. I'm a believer that dynamic FEC may never be responsive enough, or be able to anticipate events that cause packet loss in real life.
I think the ideal use case for FEC is microwave circuits. These tend to really simulate random packet loss that is consistent during a rain storm. I doubt there are any other uses cases where dynamic FEC will actually improve things much at all.
FCoE and FC Switch Options
Hello all,
We've got a pending issue that we've got with our Cisco Nexus 5548UP's having gone end of life, we've recently got 2 from Cisco refurbished, but we've only just found out they can't sell us an FC license for it, as the license is end of life too.
We're putting together a BoM for 8 x Nexus 9300's but in the meantime the FC eval license on the Nexus 5k's is due to run out shortly, so I'm after some advice for bridging the gap, so to speak.
What options do we have? Can the 90 day eval license be reset? Is there a cheap-ish (new or used) switch that'll do FCoE and FC I can use whilst the new n9k's arrive?
Best, CC
Blogpost: Working for MSPs vs VARs vs Vendors vs internal IT.
I have been meaning to write this post for a while now. I have worked in almost every place except in a vendor and here are my findings.
Note: Every place is different and every experience is different, but I will try to make it as neutral and wholesome as possible.
- Working for a vendor. A vendor can be a great opportunity, depending on the vendor of course. When I talk about a vendor, the first company that comes to my mind is Cisco and the way they treat their people. You can get a good spot with a big vendor and lots of perks, including free drinks in the office, marketing gifts such as T-shirts, pens, tickets to events around the world and flexible working hours. The cons for working a vendor can be that you get specialized in one technology only (imagine being the SME for the Cisco 2960 switches and only that), and when the going gets tough, you are just a number for them. Cisco has fired thousands of people in 2020, trying to restructure the business for the new decade. If the vendor is small, you can get into a firefighting situation such as having a bad product that does not deliver and attracting the wrong customers who constantly complain because "they got what they paid for".
- Working for a VAR. This was my favorite spot in the industry since working for a VAR is mostly a project related job and the companies who buy services from a VAR are the ones who have money and interesting projects. The pros can be traveling, constantly learning new ways to use the product and always being in the edge of technology. A couple of bad things I have seen in VARs are that their offices are sometimes in the middle of nowhere/industrial areas and their salaries are not great; they tend to overpay that specific person with low social skills and high technical skills who manages to annoy their colleagues and forces them to quit.
- Working for an MSP. This has been the worst of my career experiences since the MSP tries to hunt for juicy projects like VARs, cannot deliver and settles for the same old boring stuff. I used to think that MSP were similar to VARs but boy I was wrong. There are MSPs who support legacy equipment and specialize in niche technologies. The pros can be that you can get a good salary and become a SME in your company; the bad things are that most of your service offerings are the same, leaving you with little room for improvement.
- Working in internal IT. This is again a gamble just like the other 3 options. There are companies that understand the value of IT and others that, sadly, do not. From the companies that understand its value, there are the ones who like to spend in innovative IT, and others who do not. So it's a gamble. For example, I once got a job offer for Ocado, a UK online only supermarket which uses AI and robots in their warehouses. Prior to talking to anyone in an interview, I had to take an IQ test. I thought "OK, that shouldn't be that hard." The IQ test was harder than I thought with questions like "A chair is to a pentagon what the table is to a _____ (circle, square, rectangle, hexagon)". It was gibberish to me, so I lost interest and intentionally failed the test. Don't get me wrong, some companies use a lot of in-house IT, but I guess those are the exceptions of the rule (such as Google and Facebook which are technically considered media companies but we all know they are not). The pros are that if they like you, you can get a nice, easy job with lots of money and be their god for knowing exactly what to fix. The cons are that you will probably be doing more spreadsheets and pointless meetings where you are in mute than actual work. And let's not forget that you may be doing nothing at all since the business doesn't really understand IT or how many people are actually needed.
DNS explanation for RDC specific case
If two computers connected to the network in different countries cannot connect to each other through Remote Desktop via its hostnames (but via IP they can)
Will the usage of same DNS server, set inside network adapter configuration, make them visible so they can connect via hostnames?
How many of you actually code at work?
Everyone is going crazy about coding nowadays, even in stuff that do not need coding. It's like a buzzword, a trend, a fad you name it. But every company I have worked with, I never had to code anything, not even a script.
So my question for this subreddit is: how many of you who their primary job is network engineer write/wrote code for a specific task at work? And by code I do mean actual code and not Excel formulas.
Site-to-site very large file transfer speed erratic
Hello everyone! I'm having a problem that I'm sure others have had, but I'm struggling to figure out the easiest and most reliable solution. Small company who is growing and trying to use low cost solutions for the moment.
It might be the classic "long fat pipe" situation, but I'm a bit surprised that there are no clean and easy OOTB solutions, at least not that I've directly found.
We have two sites each with 1gbit fibre connections to the internet. Ping times are very low - Google is less than 1ms, to each other is less than 5ms. SpeedTest.net on both ends multi-connection show full gbit speed, single connections are over 600mbit each side easily.
We have backups that are > 1TB in size, and want them sent from one site to the other. The backup software that we're using doesn't support splitting the file, and it's better to have it as a single file for instant recovery purposes. Herein lies the problem.
I see several different solutions that handle multi-stream or segmented file transfers, but they ?all? seem to split into multiple files locally, then combine after. Considering both windows and linux support sparse files, I have no idea why this is the default behavior. Recombining a 1TB file in this manner is incredibly inefficient and slow, especially as we're leveraging external 2TB USB drives on the receiving end for the offsite copy of the backup (have them on hand and they work for redundant storage).
Using standard SFTP, FTP+TLS, FTP, or SCP have varying levels of success, but all seem to be anywhere between 15 and 80MB/sec depending on which way the wind is blowing. I assume it's more a matter of what path happens to be found between the two sites through the internet.
Ideally I'd want an automated solution, but I'm not against manual ones for now. I'm toying with the idea of download accelerators but those are manual and all the ones I've seen use separate files and recombine in the end. I need to wrap my head around FastDataTransfer (http://monalisa.cern.ch/FDT/download.html) to see if that'll cover it. I'm also trying to wrap my head around rclone to see if that will do it.
TL;DR - in today's age of multi-gbit connections and multi-TB file transfers, I can't seem to find an easy and reliable method for gbit file transfer speed across the internet that just segments a single file transfer without splitting it into multiple files on one end.
Ubiquiti Replacement Options?
Let’s say, hypothetically, you had a small business with two 48 port POE, 1 aggregation switch, a 5 AP WiFi network, and a couple other switches from Ubiquiti. Only thing remotely fancy is vLan for VOIP. The price point was good, easy to setup and manage, and so far zero outages.
Which vendors would you suggest looking at for replacement equipment should things get to that point? Anything close in terms of cost and ease of use?
I’d like to get out ahead on the research if things go from worse to worser.
How do I NAT a public IP to a private IP on google cloud?
I have deployed EVE-NG on google cloud and my devices(A Mikrotik) can access the internet. I would love to know if there is a way I can use winbox to access this Mikrotik on the cloud? Can someone point me in the right direction on what terms to search for to NAT the public IP of the google cloud to a private IP so I can get to the device.
Tuesday, March 30, 2021
QoS on VXLAN EVPN fabric with servers at 25Gbps nics
Hi All
Just curious to ask this question, running an evpn fabric with 2 spines and a couple of leaf switches.. leafs are cabled to spines with 100Gbps links.. do any of you running evpn also supplement your configuration with QoS? Or there's enough complexity as it is and if the fabric is running as normal there's no need to add yet another layer of complexity..
Can a bad switch cause 169 ip address
I'm lost here.
Small network of 5 computers
Modem > router > single cable going in the wall > 3 switches in between > 2 pc and 3 Mac computers wired connection...
All Mac and pcs have dhcp issues. They get 169 ip addresses instead of 192. Everything was fine last night until we walked into the office this am.
I connected a laptop directly to the modem via ethernet. No issues. It gets 192 ip. Directly to the router, same. No issues. 192 ip.
Router also broadcasts wifi. No issues.
Both modem and router are dhcp enabled. Automatically detect settings.
I rebooted modem and router. All switches too. Firmwares up to date.
Questions;
Can a bad switch cause this? Can there be broken cables in the walls? Do I need to check the connections with a cable tester? Or all software/setting related? It's the same both on pcs and macs.
Any thoughts welcome.
When they say voice is networking...
They’re lying, coping and/or insane.
Unless you like playing telephone... and want to learn knowledge that Cthulhu might smile at, then walk away.
if you are mr network rain man go for it, but realize the responsibilities and knowledge load you are throwing on yourself. I think there‘s a reason why the route and switch fellows don’t touch it. Be like them.... until you’re ready.
maybe being half serious...
Is a Senetas CN6100 layer 2 encryptor from Ebay any good?
Hello,
We operate a small network and are adding our second location soon. It means we will get a metro wave (10gbps) between these two locations and I would like to encrypt the communication on that line.
Unfortunately our switches do not support MACsec, So we have to put something in between to handle the encryption. I found some earlier posts (1) which both mention Senetas encryptors to do the job, which is a viable option for us.
I do found a bunch of them on ebay for cheap, however, I can not find too much documentation online about them. Will this work? Do I need a separate license / or credentials to make any use of these boxes? As they are high security devices, I can imagine it is not trivial to reset the passwords/keys for example.
Thank you!
1:
https://www.reddit.com/r/networking/comments/7snrl7/encrypt_40g_cross_country_connection/
https://www.reddit.com/r/networking/comments/7q39xb/recommendations_for_switchtoswitch_encryption_of/
yet another topic about 10+100G switch
Trying to pick cost-effective(read ebay/refurbished available ) switch with 24/48 x 10G and at least 6 x 40/100G ports.
Two switches in the setup, preferably VPC/Stack capable.
Majority of the traffic will be just L2 switching (and I'm probably looking at 400Gbit/s max)
+ under 20Gbit/s of the multicast (via pim/routing, not l2/igmp)
So far N9K-C93180YC-EX seems like a good choice but would appreciate if anyone can harp on it.
Thanks !
Most Efficient Way to cover 15,000 SQ FT?
Hey all - my business is growing and we are moving from a 4400 sq ft warehouse to 15000 sq ft warehouse (expandable to 25k). I have been getting by using a home router and modem in our current warehouse but obviously, it won't cut it for the larger space. I wanted to know what the best setup was for this large of a space. We have 1000 sq ft of office space which should be no problem to cover, but we will be using WiFi enabled SKU scanning equipment throughout the warehouse. I'm a software engineer by trade so I know my way around technical things and can likely setup the network without issue.
Thanks in advance
Office SD-Wan and personal privacy risk
One simple and direct question:
How risky is to install a corporate SD-Wan gateway for smart working in a private home LAN for our personal privacy?
Does the SD-Wan gateway will permit the access from the office LAN or to any network administrators to the personal home LAN where the SD-Wan gateway is installed? The same way as a VPN could do with bidirectional tunneling communication?
Rant Wednesday!
It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related.
There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves!
Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it.
Need help blocking Internet on VLAN -- Except for one device...
So I have a router feeding a L2 switch with 2 vlans. The router is providing Internet to both networks.
192.168.101.0/24 - (aka VLAN 1) - ports 2-16, Internet access (Rack Pc, Apple TV, client devices)
192.168.102.0/24 (aka VLAN 2) - ports 17-24, Internal Network for A/V equipment, I do not want Internet to be accessible on this network, it is for A/V equipment to speak to one another.
The thing is I need one device on the A/V network to be accessed remotely...
Can I edit the DHCP server for the A/V network to distribute DNS (Or gateway?) address "56.56.45.34" or something random to the A/V DHCP clients? That way if someone accidently plugs into this network, they won't be able to access Internet?
And for the one device that needs Internet access, I could set the correct config on there as a static...
I don't mind using the firewall, but the objective is to keep it simple, and if I plug in my laptop into the AV network and need new firmware or something, to be able to just go into my network settings and put in the correct IP address
Any one see any issues here?
Switch: DLINK DGS1210-52, Firewall: ER-LITE3, Needy device: QSYS CORE
tl;dr: I have two networks - one with Internet and one that should not have Internet, but I have a device (with one port) that needs access to the Internet *and* to control devices on the non-internet network -- any way to do with without complex FW rules?
Proper fiber optic entrance in sealed server room
I'm trying to find the proper way fiber optic conduits should enter a sealed server room. The server room will be completely sealed for FM-200 fire suppression. Most of the time the cabling company we do business with use 4inch Carlon conduits. An other company is taking care of sealing the room, installing cable tray and firestop sleeves. Is there any fire stop sleeve compatible with 4 inch Carlon ? What's the proper way to do this ?
Dell X1052p - Gateways
I googled etc and already found threads where other users have the same issues. Just no clear solution.
A customer has a Dell X1052p switch. That switch should be reconfigured for another site.
I upgraded the FW, did a reset, logged in via default IP 192.168.2.1
The goal is to have it in a tagged management LAN with ID 99.
So I created the VLAN, configured 2 trunk ports transporting that ID (plus ID 1), and then tried to add a second IPv4 adress on VLAN99 (additional to the default DHCP adress on VLAN 1).
After applying that I lose connection. Every time.
Why?
Maybe the gateways are missing? But where to add, the switch shows these fields greyed out.
A thread talked of "Level 2+ per default" and "no gateway needed". Do I have to add the gateway as a route entry in "Routing"? If yes, what's the right order not to lock myself out?
any help appreciated here, I should get that working tmrw .. thanks!
CLUS Day 1 Discussion Thread
Since we're not in person (again), I figured I put this up for anything you guys want to talk about. I put these up last year and the Mods allowed it so hopefully it will stay.
Dell FN410 user question
I'm working with a Dell switch and double checking the config matches what it should be per the specs, a more jr admin built it.
So I found an extra user I'm not familiar with and don't know how to remove.
bsd-username [User] secret [Hash]
I did a ? After bad in both enable and config-t and couldn't find any commands listed.
I tried just putting no in front of it in config-t mode and it didn't recognize anything that starts with bsd-, much less bsd-username. I searched google and found a "solved" question on the Dell forums that is this exact issue .. but the OP just says he figured it out without providing any explanation
Could it be something under the username command tree I'm missing?
Changing DNS away from WinServer, running Bind9 on Ubuntu, Search Domain not working. DHCP Option 119?
Hey all. Thanks in advance for any troubleshooting tips you might have.
I'm running a network with a Unifi gateway router that's doing DHCP. We are trying to get away from a Windows Domain environment, but we have a DC running the DNS. We have a lot of Linux in our environment, many different client distros based on whatever the users feel like using. I've set up an Ubuntu Server running Bind9 for DNS and I'm having quite a few issues with it, primarily Search Domain related but there's other problems I'll have to tackle later.
Lets say I'm on an Ubuntu desktop (20.10) and my DHCP from the Unifi gateway (10.1.1.1) is pointing to the Windows DC at 10.1.1.5. If I do a ping to another server, lets call it Goku, it knows to translate "goku" to "goku.corp.capsule.com". If I point the DHCP to my new DNS server running Bind9 on Ubuntu, it fails to translate that. It does resolve if I ping "goku.corp.capsule.com", but not the shortened name.
Nothing is domain joined to the AD, so it shouldn't be getting info that way, but it functions more efficiently as a DNS by being able to translate the shortened name by putting on the "corp.capsule.com" suffix.
I've tried multiple different things, some work but aren't efficient, other things just don't. In all of the zone files I have on my Bind9 I put "$ORIGIN corp.capsule.com." with the trailing period since I think Bind9 needs it. I COULD edit my /etc/resolv.conf and put in either "search corp.capsule.com" or "domain corp.capsule.com", but that's a terrible option because you don't want to try and get 100 individual users to edit their resolv file or append a DNS Suffix to their network adapter settings. And YES I have put the domain string in the Network section in the Unifi controller. There's a nice field there for it and everything but it doesn't actually work for me (at least not on my ubuntu machine).
I've tried setting the DHCP Option 119 but I'm having trouble with it. The unifi controller isn't accepting "corp.capsule.com", I translated it to hex and it took it, but it's not actually working. I've googled a ton of guides on how to configure it, some of them suggest preceeding numbers to indicate the length of the characters like "4(corp hex)7(capsule hex)3(com hex)00" but it rejected this outright with Invalid Payload and I also tried "4corp7capsule3com". It accepted this but doesn't actually work for the search domain. I clearly don't know what I'm doing on this one, just trying things to figure out how it works but I'm coming up with nothing.
How can I configure my network to assume my domain suffix for short name lookup? More specifically for Linux clients, the main option in the Unifi Networks section probably works for Windows just fine.
HSRP - LAN _ asymmetric routing
Here is a topology:
LAN|------ SW1-------------Firewall1----ISP1
LAN| -------SW2-------------Firewall2----ISP2
SW1 and SW2 are interconnected as well and run HSRP. (VIP: 192.168.1.10) Now, I have vlan 11 stretched between SW1, SW2, and firewalls. SW1 is 192.168.1.1, SW2 is 192.168.1.2, Firewall1 is 192.168.1.3, Firewall2 is 192.168.1.4. SW1 is active in the HSRP group and acts as a default gateway for end devices in vlan11.
I will end up having asymmetric routing. Is it a problem? A PC in vlan11 sends a message to the Internet. It goes to 192.168.1.10, SW1 sends it up to Firewall1 192.168.1.3, firewall sends it out to the internet. The message comes back and the firewall1 192.168.1.3 is going to send it down to PC firectly bypassing SW1.
I noticed on my Macbook that when I ping sth, it keeps showing 'redirect network: addr: 192.168.1.3' suggesting it can actually 'bypass' the default gateway of HSRP.
Everything else works. There is no NAT in place or firewalls on SW1 and SW2 so... is it good?
VDSL Nor working with my vdsl router
Hello guys i have a strange issue with my line.. I have vdsl router and i keep modulation type always auto so my router automatically take an ip with vdsl standard and working very fine, so today i connected an adsl only router and this router take an ip too but with adsl2+ modulation, so i went back to my vdsl router but this time it not worked at all with vdsl modulation i have to change modulation type to adsl2+ or anything but not vdsl.. So my situation is my vdsl not working with vdsl modulation type just works if i change modulation type to something else like adsl 2+.. So what the problem guys
Single band router very slow in less interference surrounding
Hi,
I have one single band router set at channel number 4, kept beside single band router working on channel number 11. In my surrounding there are 2-3 more routers which are also operating on 2.4 GHz but on channel 7,1,11. I am getting very slow speed on both the routers. They at max go till 40 Mbps on 100 Mbps connection. At least channel 4 router should have performed better. I have checked through the cable I get ~96 Mbps speed. Channel -11 router is isp router and channel 4 router I used to get more speed by reducing interference. Any scope of increasing speed ? I know 5Hz router is the way to go, but any scope for improvement in current case ? If I lack knowledge please correct me.
Selecting router for small business -- PA-220, Fortinet, Cisco ?
TL;DR: Small business looking to update router and switches. Need some recommendations (PA-220, Fortinet, whatever else) that don't require an expert to configure.
----
My work has somewhat basic networking needs with maybe 6 PCs running (no domain or anything fancy like that). There are a couple of access points for wireless devices, mostly for guests. And there is an analog CCTV setup using DVRs that are also on the network.
They've been running a Zyxel router for at least 10 years (maybe a USG-50 IIRC). There is no one in a dedicated position to oversee any of this, so it frequently falls to me. The last few times they've tried to do anything (add a new computer, switch out a malfunctioning AP), the Zyxel has been really causing real headaches.
I'm trying to push for a new router. I would also like to get a couple of 3750 switches as they would like to phase out the analog CCTV cameras in favor of PoE IP cameras.
I've been reading tons of posts on what to do going forward, but I am not positive of the best choice in equipment. I can usually get by with most things, even some command line stuff, but I am not interested in learning a whole programming language to have to configure a piece of equipment (e.g., Cisco). A few hours of config would probably be the most of what I would be looking for.
It seems that PA-220 and Fortinet 30 are some viable options, but I am trying to avoid complicated licensing issues. Typically, I would opt for used equipment to save cash.
Comcast limiting WANs to /29 or smaller
So I'm working on a client build and need additional static IPs. The client currently has a /29 WAN subnet and a /26 LAN subnet (comcast's words not mine). From the discussion with them the WAN subnet is the network between their equipment and ours. the LAN subnet is a block of public IPs that is routed to the first client usable IP in the WAN subnet. We asked them to swap the /29 and /26 as we needed more than 5 actual devices on the outside of the firewall. Their response was that they will only do a /29 or /30 for the WAN. Anyone else ever run into this? I know I've configured clients with /28 and larger WAN subnets but I can't recall off the top of my head if it was with Comcast. Their reasoning BTW was to save IPv4 addresses which makes no sense since we use the same number of IPs either way.
Cisco BDI/L2VPN problems with IPv6
Hello redditors, I have this situation and seeking wisdom from you all.
I've got an ASR1004 that serves as an edge for IPv6 then I have routers from other brands as endpoints, they are connected via an MPLS backbone, those other routers don't support 6PE, 6VPE or anything like this, but they do support L2VPNs.
This is the configuration in the ASR:
pseudowire-class VPLS_IPV6_OVERLAY encapsulation mpls control-word ! l2 vfi VPLS_IPV6_OVERLAY manual vpn id 2000 bridge-domain 2000 neighbor 10.255.0.9 pw-class VPLS_IPV6_OVERLAY neighbor 10.255.0.6 pw-class VPLS_IPV6_OVERLAY neighbor 10.255.0.7 pw-class VPLS_IPV6_OVERLAY ! interface BDI2000 description IPV6 OVERLAY no ip address ipv6 address FD23:AFBC:CFFF::1/64 ipv6 enable end Here's the situation:
- If there's a single neighbor active (say 10.255.0.9) I can ping that neighbor via IPv6 using the tunnel IPs just fine, no problem whatsoever (say fd23:afbc:cfff::100 can ping fd23:afbc:cfff::1 and viceversa)
- As soon I enable the other neighbors IPv6 only works towards one of the neighbors
- There's no issue with the l2vpn vc, all the routers report the tunnels up/active with the right label ids
- What I am seeing is that ND messages seems to fail on all the routers but one
- It really looks like the ASR is only replicating the ND message on a single tunnel and this is randomly selected, sometimes 10.255.0.6 works fine while 10.255.0.7 and 10.255.0.9 stop working. Other times 10.255.0.7 work fine while the other two don't.
- Say 10.255.0.6 sends an ND message asking for the ASR's IPv6 address, the ASR replies to those messages only to 10.255.0.9 and doesn't flood it to all the pseudo wires (at least this is all I can think by judging the behaviour).
So I am guessing there's something I am missing here, perhaps anykind of multicast/flooding support I have not enabled?
Thank you all for the help in advance
Dell OS10 - BGP Idle Issue?
Hello,
I'm running Dell OS10 firmware 10.5.2.3 on some Dell S5248F-ON switches and currently experiencing a weird issue with BGP sessions staying in an IDLE state and I was wondering if anyone else has experienced this same behaviour before?
When the neighbouring BGP peer's interface flaps or we perform a manual shutdown/no shutdown on the interface or the server is rebooted; the BGP session obviously goes down, although, it will constantly stay in an "IDLE" state on my switch and will never attempt to establish a connection.
A packet capture shows the peer initiate/establish the TCP handshake and sends its initial OPEN message but we respond with an RST packet which is expected if our BGP state is stuck in IDLE.
It's definitely not a Layer 1-3 issue since ARP/ping is working perfectly fine without any problems and we have routes to the BGP peer. Control plane ACLs are fine as well with the traffic permitted.
Performing a shutdown/no shutdown or a "clear ip bgp x.x.x.x" on the neighbour on the OS10 switch still does not resolve the problem and the neighbour remains in an IDLE state.
It's only when I delete and re-configure the BGP neighbour again does it resolve the problem and we can bring the BGP peer online. Although, if the BGP peer was to go down again it would remain in IDLE.
I am going to raise a case with Dell but any help would be appreciated if you've ran into this problem before :)
Switch recommendations that allow tiered GUI access
What options are out there for access switches for about 350 users spread over 9 locations? I have Cisco 3850s right now but looking to upgrade to something a little more "GUI friendly" for a fellow co worker who doesn't know Cisco commands. I have never been a proponent of paying monthly for access to my equipment like Meraki, but after working with Ubiquiti access points over the past 2 years, I totally understand "you get what you pay for".
Don't need too much for access switches just POE, GBE, port security, etc. Would mainly upgrade for ease of access for simple tasks for coworker and perhaps true remote access to my switches. Also if it matters, I may dump Ubiquiti in the next year too.
2 in 1! Cisco CCNA 200-301 + Python Network Automation
2 in 1! Cisco CCNA 200-301 + Python Network Automation- free course from udemy for limited time -
https://www.myfreeonlinecourses.com/2021/03/100-off-2-in-1-cisco-ccna-200-301.html
Juniper config / compatibility with IBM/BladeOS VLANS
I have a large number of switches interacting with MSTI across ~12 VLANs and each port also has a PVID, and this works for me across IBM/BladeOS, HP Procurve, and Ubiquiti EdgeOS switches. I'm trying to add some Juniper switches, and currently I'm trying a used EX4200. I've got "everything" configured up to the point I trunk in the uplink and pass along a trunk to a downstream switch.
My understanding from the Juniper docs is that I should be able to
edit interfaces xe-0/1/1 unit 0 family ethernet-switching set port mode trunk set interfaces xe-0/1/1 unit 0 family ethernet-switching vlan members all And then all defined VLANs from the upstream switch should pass tagged to the 10Gibt module 10Gbit port 2. What is unclear is if the PVID on the bladeos side would pass, or this would be tagged only. I have tried also adding
set native-vlan-id 1 to match PVID 1 being untagged on the upstream BladeOS switch. I then, using a ge interface should be able to do the same for a downstream EdgeOS switch. However, in practice, it doesn't seem to work.
Can anyone point out what I'm missing in the junos config? Or what their equivelent of VLAN1 in the other switch models would be (i.e. the default VLAN, untagged etc, what VLAN a client would get if plugged in even if other VLANs are tagged)?
Can we extend Cisco ACI VxLAN to Nutanix AHV ?
Hello guys,
Is it possible to extend ACI VxLAN to Nutanix AHV OVS (using Opflex agent maybe), in other words can we integrate it to ACI ?
DR/BDR Election
here is a direct quote from encor ocg
Routers then receive and examine OSPF hellos from neighboring routers. If a router identifies itself as being a more favorable router than the OSPF hellos it receives, it continues to send out hellos with its RID and priority listed. If the hello received is more favorable, the router updates its OSPF hello packet to use the more preferable RID in the DR field. OSPF deems a router more preferable if the priority for the interface is the highest for that segment. If the OSPF priority is the same, the higher RID is more favorable.
this flat out wrong the router complies with existing DR on set segment in order to keep the stability of it , i know the answer but i tested it in order to keep my sanity and yeh still the quote wrong . am i missing something , or im misunderstanding the point in the book ?
Monday, March 29, 2021
Aruba CX EVPN Scale Limits?
Does anybody out there have hands-on experience with a large-scale Aruba CX EVPN deployment? I'm at the very end of the design phase of a campus refresh that uses EVPN to deliver L2 and L3 services across campus on top of a single underlay network. We're planning to start installing equipment in the next couple of weeks, and I'm suddenly getting conflicting information about the EVPN scaling limits of the CX 6300 and CX 8325 platform. My configuration is working fine in the lab at a small scale, but the number of VTEP peers is being called into question, and my entire design hinges on being able to run VTEPs on every switch stack across campus.
The Aruba Dynamic Segmentation "VNBT" 10.05 guide lists the VTEP peer limit at 256, which my campus just fits inside of. The "show capacities-status" output on the 6300 lists the limit at 512, which gives me tons of headroom to expand. But now my local support engineer is telling me the "real" limit is only 64 VTEP peers, which burns my entire design to the ground.
Does anybody out there have a definitive answer?
What network do military drones use?
Not sure if this is right sub.. But here goes
What network are military drones using to stream high definition video across such huge distances ( like the other side of the planet)? I read iridium network specs and it looks like streaming even crappiest quality video is impossible and cost prohibitive. So what are they using?
Suddenlink Internet keeps dropping
I have about 53 devices connected to my router via wireless and ethernet. I have a Linksys EA9500 router that drops internet access several times a day. I have to reset the modem to get it to reacquire the signal.
I also have a Linksys MX5300 that does the same thing.
Could the number of devices kick my router off of internet access or something else.
Every cable all the way to the node is new. My modem is new as well. I have 400mbps service from Suddenlink
Any Aruba shops also using CER?
this question goes out to a specific group. I need info on how you implemented E911 using Cisco Emergency Responder while using aruba switching. I'm in this dilemma right now that we're going to refresh our switching. Right now it's down to Cisco and Aruba. I really don't want to go the cisco route but the main selling point is C's obvious compatibility. I'm not the voip guy and much of what i know is from youtube videos and other searches, so mostly abstract. I want to know if it'll work and if so, what will be the difference?
Restrict SNMP access on Lenovo NE1032 CNOS 10.10.2.0
I have a NE1032 running CNOS 10.10.2.0 and configured for SNMP, the SNMP is Woking fine.
Currently SNMP is available on any vlan interface from any source, I'm trying to restrict SNMP access with a simple IPv4 ACL but haven't managed to get this working.
From the 10.10 application guide I believe the correct configuration would be like below.
https://systemx.lenovofiles.com/help/topic/com.lenovo.thinksystem.ne1032.doc/CNOS_AG_10-10.pdf
Switch(config)# line vty vrf default
Switch(config-vrf-vti)# ip access-class MANAGEMENT in
IP access list MANAGEMENT
10 permit ip host 192.168.1.1 any
20 permit ip 192.168.0.0/16 any
But when I applied this to my switch I didn't get any change in behaviour, I could still SSH and SNMP to the switch.
Even creating a deny statement at the top of the ACL and specifying my server IP I still could access the switch.
I confirmed the particular vlan interface I was testing belongs to the default VRF,
CP-OP-RSP-SW02(config)#show vrf
Maximum number of vrfs allowed: 65
VRF default, FIB ID 0
Router ID: 192.168.99.2 (automatic)
RD 0:0
Interfaces:
Vlan1
Vlan55
Vlan57
Vlan58
Vlan59
Vlan60
Vlan62
Vlan98
Vlan99
Vlan502
Vlan506
loopback0
po1
Ethernet1/1
Ethernet1/2
I assume I have overlocked something but struggling to find it, Can anyone please give me some assistance on this?
Best Wi-Fi Security for a Small Remote Network?
I'm setting up a small network for a remote client and am wondering what the best/most secure options there are to secure their WiFi networks.
- Users: 15 Employees
- Clients: 8 Windows 10 PCs; 4 MacBook Pros; 3 iPad Pros
- Fortinet Network Equipment: 1 FGT80E-POE v6.4.5; 5 FortiAP221E v6.4-build0460; 5 FortiAP223E v6.4-build0460
- Directory: JumpCloud DaaS
- Productivity: Microsoft 365 Business Premium
The plan is to use JumpCloud to control access to the Client Machines, Wi-Fi, and the MS 365 resources.
I will be provisioning Microsoft 365 Business Premium and integrating it with JumpCloud this week.
I have the FGT80E-POE and the FortiAPs setup up and running, and have configured JumpCloud's RADIUS-as-a-Service provide WPA2 Enterprise authentication (user credentials) for the business Wi-Fi networks. Seems to work!
Given the hardware, software, and services in the quiver... Is the current WPA2 Enterprise security using JumpCloud's Radius-as-a-Service authentication the best option? Or, are there other better options you would recommend?
Thanks!
Can someone help me with the different between different SDN concepts?
What is the difference between these sets of concepts?
Data - control - management planes
VS.
Infrastructure Layer - control layer - application layer
Are these not the exact same thing?
I understand the basics of SDN but how can you tell these apart?
Best alternatives to Aruba Central?
We are in the early planning stages of upgrading our AP infrastructure (around 400 APs in the environment). We are currently an Aruba shop and I generally like their hardware, but Aruba central can be a bit of a mess. What vendors/solutions should we be looking at to replace Aruba?
IP Geolocation issue
Hello,
I am a junior Network Analyst for an ISP in Canada/Quebec and a few of our customers can’t access certain websites because of a geolocalisation issue. For example, customer A can’t access a certain Canadian website because the website thinks he’s in the US, customer B can’t access his company Microsoft Teams...
The IP block my company uses for customers is correctly registered with ARIN, but some IPs shows up in the US on some geo IPs web databases. I am not sure how to solve that issue. Any kind of tip/advice is welcomed. thank you in advance
Edit I've already contacted the providers on this list https://thebrotherswisp.com/
When I have a remote client connected to my Juniper firewall VPN they lose Outlook / Internet access
Hi,
I have an remote VPN client service setup on a Juniper.
I trying to set up a split tunnel service on Window 10 machine so that:
Internet Traffic is sent outside VPN (for speed)
Certain Local IP is sent through the VPN tunnel
My question is : I've tried setting some static routes to force the traffic through the VPN tunnel. But no luck. is it possible routes to force the Internet / Outlook traffic outside VPN client without split-tunnel config on juniper ?
VPN defaut route like below on Windows 10 computer :
IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.136 25 0.0.0.0 0.0.0.0 172.16.10.0 192.168.1.136 280 0.0.0.0 0.0.0.0 on-link 10.186.100.10 1 (vpn ip address)
Thanks,
Using vlans into no managed switch
Hello,
Can we activate vlan on a not managable switch? If for exemple i have switch layer 3 and i have vlan student and vlan administration, can i make a not managable switch work with the vlan student only?
Thank you in advance for your reply.
Being overruled by leadership because of "familiarity" -- A rant
Just wanted to let this off my chest. This is not so much meant as a flame war between Cisco and Aruba. I think they're both are great.
I work for a small-medium sized college. We're in the process of upgrading our switches (under 200) and we're down to 2, Aruba and Cisco since we have both already in some shape or form. I made the presentation w/ quotes and pros and cons. Got quotes for 92-9300s for C and 2930+6300s for A. As some of you may guess, C's quote was significantly more!
I was surprised to find out that our leadership is leaning more towards C, mainly because we're also doing E911/CER and since they believe it'll be an easier transition/familiarity. Mind you there's basically 1 other person who works with me on networks. He happens to do the phones.
For one, our phone vlan scheme would have to be gutted regardless since it was created over a decade ago. Vlans are stretched between buildings and floors. Plus, there's no location info in any of them. I'm not a voip guy but from what i understand, going with C will allow port tracking capabilities for phones which i guess will help w/ overhead when someone moves locations. With 'A' tracking would have to be done via (new) subnets.
Going back to cost, we already pay up the nose w/ smartnet, licenses, etc. We also have several projects (such as e911) that would be funded if we choose A. Some of you in the public sector may have gotten some CARES act money. This is basically how we're affording all this. Being a small college we've gone thru our share of downsizing. We've also done our share of really dumb moves over the years.
I'm just frustrated. It's like you're trying to help but people are putting 'ease' over everything. Speaking of ease, I'm the one who will be using it! I know it's not my money to save but i've been there long enough to know that we'll have our lean years and that means cuts to budgets or worse, jobs.
/rant
Cisco WLC 3504 SSID Issue on legacy Devices
I have a WLC 3504 (v8.10.130.0) with AP's (C9115AXE-B) and they work great for newer devices but I have some old legacy Motorola Omnii XT PDA's (Windows CE) that I need to use for a project and they all show "__" as the SSID when trying to connect to these AP's. I have a clerical issue that is delaying my TAC case so in the interim I am lookin elsewhere for solutions. I even created a wide open SSID with a forced b/g only radio policy with the same results. Any ideas?
Setting up a anyconnect with certificate authentication
hey,
After days of struggling i still can't find any solutions to my problem.
We have several ASA and one of them is about to be decomissioned so i pulled its conf and put it into another new ASA that will exclusively be configured for VPNs.
At first we decided to use LDAP authentication but after all the fact that the AD users credential are free on the internet (still encrypted) we changed to a cert authentication.
And here is my problem i pulled the old certificate from the previous ASA this certificate isn't outdated and still up for 1 year i installed it both in the machine and in the Identity certificates of the ASA.
The cert is associated with a single trustpoint so far and whenever i try to log it throught the anyconnect client i instantly get a certificate validation failure.
Logs from anyconnect only show : No valid certificates available for authentication.
and logs from asdm :
6 Mar 29 2021 17:01:57 Device selects trust-point ASDM_TrustPoint4 for client WAN:10.x.x.x/19305 to 10.x.x.x/443
6 Mar 29 2021 17:01:58 10.x.x.x 19305 Device completed SSL handshake with client WAN:10.x.x.x/19305 to 10.x.x.x/443 for TLSv1.2 session
Note that any other way of authentication works ldap or regular local AAA
also the p12 file is imported in the workstation aswell.
Sorrento Networks Gigamux documentation/manuals
Hey all, I got some Sorrento Gigamux 3234 Chassis to manage. Unfortunalety i cannot just pull out the power plug and move to a newer plattform. And the worst is that there is no documentation at all about that dwdm plattform.
I got 4 GM 3234 with MPM2 management cards OCM10GF OCM2 OET MD100-40 8GFC
Sorrento Networks has no public documentation and it seems like that the contact form is dead.
Any guess where i can get some information about them? Does someone has some documentation for it?
How to change my IP so that my work VPN thinks I'm still in the US?
Hi everyone, I'm working for a fully remote company, and they're sticklers for employees being in the US. I'm actually a contractor and from a tax perspective there's no issue at all, I have LLCs open in both countries where I want to work and reside, I can pay the appropriate taxes in both, and have dual citizenship.
The issue is mainly the company procedures and guidelines which are pretty non sensical to me.
So, would it be possible to spoof my IP for the company VPN so that they think I'm still in the US?
If this sort of post isn't allowed pleased let me know, I read through the rules and didn't find any it would break.
Thanks!
iBGP between locations using private link (fiber) which is used for internal vlans
Hi Guys,
I have currently two data centers inter-connected with dark fiber. Only one of them has ISP uplinks ( two separate BGP routers - each multihomed with 2 ISPs - we have AS and PI). Apart from 2 eBGP each router has iBGP between them and OSPF to propagate loopback routes and VRRP for redundancy from LAN side. LAN side has a default to VRRP VIP configured on Fortigate cluster in active-stanby mode.
As it comes to physical connections in DC1 both BGP routers have directly connected ISPs and behind them I have dedicated L2 switches to connect to Fortigate cluster.
I need to move one BGP router with one ISP to another location DC2 that is connected with private fiber with DC1. I want to move one Fortigate from the cluster as well. The problem is that I have only one core switch within DC2 which terminates this private link and we use this for internal vlans. I will have to connect BGP router and FW to that switch in DC2.
Now the question arises - I have several mainly safety concerns:
- Is it safe to put iBGP vlan over the same L2 switch (physically the same aggregated link) between DC1 and DC2? I have only one private aggregated link.
- What about traffic to FW from DC2 - I assume that only one Fortigate would be active (in DC1) and some traffic from BGP router in DC2 (even if not prefered) would also go to FW in DC1 over the same physical ports within aggregated link?
Measure Latency, Jitter, and Throughput Between Firewalls.
I'm doing some testing with various encryption algorithms, and I want to measure the latency, jitter, throughput by different encryption algorithms in a VPN.
I need an application, that can measure these stats and produce outputs in any standard format.
Question about ARP and NAT.
I spent so much time trying to find the answer. I hope I am forgiven if this is a fairly simple question.
If devices communicate on an internal LAN using Layer 2 (Data Link layer with MAC addresses) then how does NAT play into this equation? If our devices on an internal network are communicating using MAC addresses. Then why does each device need it's own internal private IP address using NAT?
Sunday, March 28, 2021
Port History?
Is it possible to find the history of when certain ports were closed and by whom? I’ve been tracing back why all my security cameras have gone down and everything points back to my ISP shutting down the ports used by the cameras for some reason. Just trying to see if I can find anything else on it before I call them up tomorrow.
Do you believe the pendulum will swing back?
Over the course of my time in IT (6 years now) I've seen how the industry has been trending away from insourcing to outsourcing, from centralized architectures to distributed architectures (i.e. CLOS, HCI), from on-prem to offsite, from private to public, from combined to separate data/control planes. I also have realized - from talking to old-timers - that technology and management trends tend to be cyclical. With that in mind - I'm curious to know if you think the trends we're seeing are here to stay, or if you believe the industry will course correct and start swinging in the opposite direction?
Sidenote: If you do think the pendulum will swing in the opposite direction, is it already starting to? Where do you think we are in this "cycle"?
Are Cisco 3750G compatible with SFP Optone or not?
I had installed Cisco 3750G and i had problem when i made interconnecting with Ubiquiti Edge Switch 24port Gigabit PoE - 250W using sfp optone SFP WDM SM 0220A and SFP WDM SM 0220B. Ubiquiti Edge Switch 24port Gigabit PoE - 250W can detecting sfp optone but Cisco 3750G cannot detect sfp optone at all and indicator lamp is down.
Please help me.
CWDM Issue.
I am hoping to get some extra suggestions on troubleshooting an strange CWDM issue.
Okay we recently had to move our uplink, and after the migration, we have noticed that one of our wavelengths in the 1510-1590 range that is having massive signal loss, we are seeing -37dbm or lower for a single wavelength. Prior to the migration there was a loopback installed on the Demarc for the provider who saw an expected signal across the complete range. This leads me to believe that the carrier side is alright. Once the CWDM was placed on this new link we lost the wavelength.
Things that were tested.
- Swapped the fiber for the problematic wavelength.
- Swapped Optical modules.
- Swapped ports.
- Installed a Loopback on the problematic wavelength.
- Fiber cleaned.
Things I feel that might be an issue are possibly the CWDM, fiber attenutation.
Can anyone else, come with a suggestion.
I am sorry, I can't be more specific in information.
Moronic Monday!
It's Monday, you've not yet had coffee and the week ahead is gonna suck. Let's open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarrassed to ask!
Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected.
Note: This post is created at 01:00 UTC. It may not be Monday where you are in the world, no need to comment on it.
Need some clarification on NAT?
The definitions are very convoluted and I THINK I have a decent grasp on what these all mean, can someone verify that my understanding is correct? Or if i'm totally off pleaseeee let me know lol
Inside global: The PUBLIC IP address as seen by other networks (if you're the host that is translating to a destination network - it would be the IP associated with your networks router?)
Inside local: The PRIVATE IP ADDRESS as seen by others on the network you're translating from (it's your PRIVATE IP address, but to other networks it is a public IP?)
Outside local: The PUBLIC IP address as seen by the network that is translating to this one (this is a HOST IP address?, meaning the opposite of inside local - a private IP to that host but it is PUBLIC to other networks)
Outside global: The PUBLIC IP address of the network you're translating to (This is the destination networks router?)
So in summary?
Inside global - Public IP - the router of the source network
Inside local - Private IP - the host that is sending the packet
Outside local - Public IP - the host that is receiving the packet
Outside global - Public IP - the router of the destination network
Sorry if this is a mess of a post. I'm trying to get this concept down before I sit for CCNA
Mobile hotspot 4g
Speedtesting my mobile's 4g speed shows a ping that ranges between 15-20. However when I connect my laptop to my phone's hotspot and do a speedtest, the ping goes up to 40-50. Both devices are next to each other.
What can i do to reduce ping on my pc?
thanks!
Networking design tools
Hi,
I'm looking for free and good design Networking tools like 3D networking.
Any suggestion, please?
Subscribe to:
Posts (Atom)