Unable to understand a Networking concept

I have basic understanding of networking. As far as I can understand IP add and MAC add are unique . At switch level (layer 2) you need MAC add and at router level (layer 3) you need IP add to communicate on internet. Ports belong to PC's and PC can run different services on different ports. Websites also have IP add and these websites are hosted on a server (PC) . You can scan a website IP for open ports as well. I am unable to grasp all this that how can you communicate to a website since it does not have a MAC add? How can you scan a website IP for open ports? How come a single server PC can have multiple IP's in the for of websites? Please guide. Thanks

Is there any kind of Ethernet cable splitter that sends the identical data to multiple outputs?

I have a headphone mixer system (hearback) that uses cat5e to send audio to individual mixers. These cables are sending identical data, so I wondered if rather than running multiple Ethernet cables the length of the studio, I could run a single cable that would split in the room.

A switch won’t work - it needs to be the exact output of the rack unit. The data only flows one way.

Thanks!

The issue is RTNETLINK answers: Device or resource busy error

Hi All. It's crosspost u/linuxadmin, I felt so embarrassed that I couldn't resolve an issue. Basically, the issue is one of our servers (Intel S2600ST new servers installed with Ubuntu 20.04) isn't having an internet connection, this system is set with a static IP address. So when I received a call this morning telling me that the system is having a network issue, when I physically visit the data center to check the issue, I don't see any issue with the cable or the switch connection. when I enter "ip a s" all the interfaces are down, so I cat ou the "/etc/netplan/00-netplan.yaml" to see which interface was used to have set the static IP, it was enps0f1 was set to have the static IP. so I tried to bring the interface up by "ip link set enps0f1 up" whenever I enter this command in the console, I get an output as "RTNETLINK answers: Device or resource busy" but if I type "ip link set enps0f1 down" since it is already in downstate there is no output. I tried to reboot the machine but there is no use. Does anyone have a solution for this? Your help me much appreciated.

This is how the static IP configuration is set: /etc/netplan/00***.yaml file . This is just an example IP address. this configuration setting was done by my colleague while setting up the system. Since I don't see the dhcp4 set to no, I edited the file and set dhcp4: no and renderer: networkd, saved the file and applied the changes sudo netplan apply, the configuration is applied no error is found then when entered sudo ip link set enps0f1 up didn't work. tried to restart the networkd service but say's no netword.service found.

network:

version: 2

ethernets:

enps0f1:

addresses:

- 192.168.0.10/27

gateway4: 192.168.1.1

nameservers:

addresses:

- 8.8.8.8

I also tried: Sudo netplan apply, there is no issue but when I enter: Sudo ip link set enps0f1 up, the same RTNETLINK answers: Device or resource busy error.

Is this normal?

APN mint

No internet connection after setting up server proxy on windows 10

As the title reads, every browser and app that requires internet is unanle to connect after that i set up windows to use a proxy. I wrote my ipv4 in address setting and 808 port in port setting. The wifi icon shows I'm connected but that seems not to be the case. I am also using AnalogX. I tried disabling automatic settings detection. I tried disabling firewall. I tried a different port. I can't manage to use internet with my proxy on. Anyone experienced this?

Velocloud icmp response

Hi,

Does anyone know how to configure the edges to respond to ping on all public wan interfaces, not just the first interface.

I found this page in the documentation about icmp responders. Can this be used? L https://docs.vmware.com/en/VMware-SD-WAN/3.3/VMware-SD-WAN-by-VeloCloud-Administration-Guide/GUID-B7362A13-7F3D-4342-9661-8D05A81D59B6.html

Arp -a and arp-scan

Why does arp -a and arp-scan give different result? If the arp -a prints the arp arp table, shouldn’t it print all the host on the network? Thank you in advance

Networking frustration on linux

Hey, this probably is not the 100% correct subreddit for this question, but I can't find help anywhere.

​

I am running manjaro. I am trying to redirect example.com and https://example.com in my /etc/hosts file.

i have it setup like this:

0.0.0.0 example.com 0.0.0.0 www.example.com 0.0.0.0 https://example.com 0.0.0.0 https://www.example.com 

pretty sure last two entries do nothing but i am desperate.

Whenever i ping any of these sites i get correct results it is

64 bytes from localhost (127.0.0.1)... 

on both http and https requests. But whenever i open a web browser - tried Firefox, Brave even elinks it just goes connection refused. I've been battling with this for two days now. It is just absurd how I can't get this to work. I need this for a local website development

Recommended MSS value on ISP PE interface facing CE?

Hi All,
We are experiencing issues with desk phones authenticating to Microsoft Team, We had several troubleshooting with ISP and the action that they did to get this work is to set the TCP MSS value on their PE interface to 1460...... but the problem occured again after a few hours and we are seeing the same issue in where deskphone can't communicate to MS team.
Diagram/FLOW: https://ibb.co/hWXNR1W
From the packet capture on CE we are seeing 2 things.
1. RST packet coming from public network (unable to identify since we don't have control)
2. TCP session is working (3 way handshake) however client is sending "Client hello" however no server response.
Question:
1. Any idea why after changing the mss value to 1460 the deskphone connection works and suddenly stops after a few hours ?

1. By default the ISP is using the default MSS value which is 536Bytes. What is the recommended value for MSS on the ISP side ?

2. The only value that is being accepted from df ping is 1496. Is it possible that it is causing the issue? Since if the payload is 1460 + 20 + 20 for header the total is 1500 however the MTU allowed up to Microsoft peering is 1496?

3. Packet capture from CE router shows client sending "do not defragment" and the payload size of 1300+ so means there are still available for additional overhead.. Is there any possibility that additional overhead is added along the way which exceed to the maximum value of 1496?
   Thank you

CAT6 keeps reporting opens on pairs 1/2 every 3-5 metres?

I've run some CAT6 cable through the ceiling space - length is approximate 50m.

I'm testing it with a cable certifier (Viavi Certifier40G) - and also checked with a NetAlly Etherscope - and it's telling me there's a open at one end.

The problem is, I keep cutting off the length where the fault is meant to be - I re-test it, and it's telling me there's another open on pairs 1/2 further down.

For example, first it said there was a short around 3.5m:

https://i.imgur.com/ZuItrHZ.jpg

So I cut off approximately 4m of cable, and then re-crimped.

I re-tested, and it said there was another open on pairs 1/2 further down again about 4.5m - so I cut off 5m of cable, and re-crimped, and re-tested - same story - another 4m there's apparently an open on pairs 1/2.

Is it possible this cable's just been damaged at multiple points along, whilst fishing?

Or some other explanation?

(I did punch it down to the patch panel at the other end again, but to the same jack - however, that is the other end of the cable approximately 50m from the alleged open - I'm assuming it can't be the jack there)

How to tell which ports are being used

I'd like to start off by saying I'm not a networking person, so sorry if this is dumb.

I build and install flight simulators and I've been contracted to setup a few at a local high school running Microsoft Flight Simulator 2020. This new version of MS Flight Simulator is a digital download from the Microsoft store, there is an "offline" mode, but MS support has told me it still does require an internet connection in order to do a DRM check when the software is starting. The high school has a very strict firewall and basically everything is blocked (MS Store, xbox gaming, even logging into microsoft account) The county IT person is asking me which "port" I need access to for the software to run.

I have no idea how to figure that out? Is there some sort of freeware program I can use that will tell me which ports are being used for communication in real time so that I can just start up the software and see which ports are being used?

Servers with Public IP from ASN

Hey Everyone,

First time poster here but really just want to understand how ISPs, particular web/server providers, provision VPS or dedicated servers with public IPs internally and how the SNAT/DNAT is configured.

We have a /24 ASN with is announced via BGP to our data centre router (Sophos UTM). Currently we have a subnet with a private IP range (192.168.0.0/24) and then DNAT rule from public IP to private internal IP and same with SNAT.

If I wanted to setup a VLAN/Subnet say with a /26 or /28 how can I assign a public IP to a server or VPS etc?

Just trying to understand how the routing works. Do we need a static route that goes to the default gateway of the Sophos UTM?

Thanks!

Redesigning core networking

Hi everyone,

We are working on refreshing our network infrastructure and implementing a redesign that will allow us additional flexibility and scalability in the future. This is more of a larger dev environment so we have the flexibility to take down the parts we need to make the changes when the time comes.

First we are upgrading all of our switches to latest gen hardware. One model we are looking at support a max of 2.5G on each port, but looking at enterprise networking ports on servers I'm not finding much of any that support that speed. The only places that I'm seeing 2.5G exists is in some residential stuff. Is 2.5G mostly marketing?

We are upgrading a portion of our core to at least 10G and maybe 40G if we can get the funding. This would mainly be supporting our virtual infrastructure that's running fully on 1GB at the moment.

Second, we are doing a major redesign of our VLAN methodology to get away from the hodgepodge of VLANs and to stop dumping the world onto VLAN 1. We are doing the mapping now to keep admin related traffic on a defined set of VLANs and then dev/production split out. Any major pitfalls to watch out for?

Any additional thoughts or comments are welcome since we are in planning and have plenty of time to make changes.

Best Cisco Alternative

This has probably been asked several times, but I thought I'd ask again in case there are new players. So for those of us that are Cisco poor, what are the best options out there for networking equipment?

Aruba, Arista, Juniper, Ruckus? What is everyone using these days when they can't afford Cisco? Who is on the bleeding edge and always innovating?

Full stack

1. L2
2. L3
3. stackable
4. wifi
5. single pane of glass management
6. Cisco like CLI
7. SD-WAN offering
8. some kind of network segmentation
9. zero touch provisioning
10. config templates

need a hand with policy-based routing for Ubiquiti

Network layout is here: https://imgur.com/a/psnGzvj For purposes of testing, I'm redirecting traffic to 4.2.2.2 from the Fortigate FW to 192.168.99.1, the other side of the VPN gateway connector. I can confirm that traffic to 4.2.2.2 ceases once the PBR on the Fortigate is in place, so that's working. What I can't quite work out is the PBR and NAT necessary on the Edgerouter.

Here's the Edgerouter config:

firewall {

all-ping enable broadcast-ping disable group { } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable modify PBR { rule 10 { action modify description Gateway_to_WAN modify { table 11 } source { address 192.168.99.0/30 } } rule 20 { action modify description User_to_VPN modify { table 12 } source { address 192.168.10.0/24 } } }

interfaces {

ethernet eth0 { disable duplex auto speed auto } ethernet eth1 { duplex auto speed auto vif 99 { address 192.168.99.1/30 description "VPN Connector" firewall { in { modify PBR } } } } protocols {

static { bfd { } route 0.0.0.0/0 { next-hop 192.168.99.2 { } } table 11 { route 0.0.0.0/0 { next-hop 192.168.99.2 { } } } table 12 { interface-route 0.0.0.0/0 { next-hop-interface vtun0 { } } } } }

service {

dns { } gui { http-port 80 https-port 443 older-ciphers enable } nat { rule 5000 { description "masquerade for PIA VPN" destination { group { } } log enable outbound-interface vtun0 protocol all source { address 192.168.10.0/24 group { } } type masquerade } } I can confirm the tunnel builds itself fine, I can also confirm that pings and traces out the vtun0 interface (initiated from the VPN gateway) also make it outside using the VPN and not the regular WAN, so I'm pretty sure this is a NAT/PBR problem. I have this set for 192.168.10.0 for testing since that's the subnet I'm on. Any idears?

Better config formatting is here: https://www.reddit.com/r/homelab/comments/plpaz2/need_a_hand_with_policybased_routing_for_ubiquiti/

Price of Cat 5e/6 cable going up

I was in Home Depot to get a 1000 ft box of Southwire Cat 6 CMR Riser cable. The price was $178, way higher than I remember it being. Back in March I paid $130 for the same exact SKU. What a price hike. I immediately figured this must be because of the economic recovery from covod or supply chain issues. Apparently the price of copper has gone up. And with no end to the pandemic in sight I wouldn't be surprised to see more price hikes.

Combine Dual Datacenters with VRRP?

I have 2 datacenters in separate buildings, and I'd like move to a design that provides less L2 overhead, adds some resiliency, and makes it easy to transition to a better architecture over time. Unfortunately a complete redesign is out of the question, so I'm limited to working with equipment we have on-hand.

DC1 currently lives directly on building 1's semi-collapsed core, and DC2 lives in a ToR/access switch connected to building 2's distribution switch. Layer 2 server and storage vlans are stretched across the core and distribution. Routing is handled by OSPF.

My goal is to remove L2 from the core & distribution and eventually consolidate to a single DC through attrition. I've been thinking about moving each DC onto two L3 switches on each side, and connecting them with VRRP for server VLANs. There's enough fiber to cross connect them (i.e. each router connects both to the core & distribution switch) for a some additional resiliency, but I'm getting confused of how I'd handle that config or if the design is viable.

Unfortunately VSF isn't an option because it's not supported on the hardware I have available. VxLAN was another option I was thinking about, but it's also not supported on current hardware.

Let me know if you have any resources or suggestions, thanks!

NX-OS Multicast Issue

While I wait to get TAC back on to assist on this...

Had an issue where our multicast stopped passing to remote sites (running SD-WAN). Basically AutoRP was intermittently stopping to work after any policy pushes to routers.

Anyways, we ended up just ripping out AutoRP and did it static, not a big deal and we could see group traffic reaching our destinations. I couldn't be arsed at 4am to go through debugging to validate it, so took a nap and got up this morning to find out while it's working...only for some groups.

​

At my source end:

N7K-1 connects to R1 for WAN

N7K-2 connects to R2 for WAN

Any PIM joins coming across the WAN through R1, no problem. Through R2? Doesn't work. R2 has *,G but no S,G. N7K-2 does.

(The RP is on a L3 device cross connected to both N7K and is fully reachable from entire network, no loops or RPF failure, PIM neighbors are up)

​

I've stumbled across some output I'm curious for comments on:

N7K-1# sh ip mroute 239.192.0.50
IP Multicast Routing Table for VRF "default"(*, 239.192.0.50/32), uptime: 12w6d, ip pim igmp
  Incoming interface: Ethernet1/5, RPF nbr: 172.20.10.2
  Outgoing interface list: (count: 4)
    Vlan991, uptime: 00:02:49, pim
    Vlan3103, uptime: 00:33:20, igmp
    Vlan1010, uptime: 07:30:38, pim
    Vlan1024, uptime: 9w1d, igmp

(172.20.22.225/32, 239.192.0.50/32), uptime: 2d17h, ip mrib pim
  Incoming interface: Ethernet1/5, RPF nbr: 172.20.10.2
  Outgoing interface list: (count: 4)
    Vlan991, uptime: 00:02:53, pim
    Vlan3103, uptime: 00:33:20, mrib
    Vlan1010, uptime: 07:30:38, pim
    Vlan1024, uptime: 2d17h, mrib

thats a working channel.  notice the outgoing list under the S,G

​

N7K-2# sh ip mroute 239.192.0.47
IP Multicast Routing Table for VRF "default"(*, 239.192.0.47/32), uptime: 3d22h, igmp ip pim
  Incoming interface: Vlan991, RPF nbr: 172.20.7.17
  Outgoing interface list: (count: 5)
    Vlan1011, uptime: 00:06:03, pim
    Vlan3103, uptime: 00:31:28, igmp
    Vlan3123, uptime: 00:33:03, igmp
    Vlan3143, uptime: 00:33:03, igmp
    Vlan1024, uptime: 21:08:19, igmp

(172.20.22.225/32, 239.192.0.47/32), uptime: 2d16h, ip mrib pim
  Incoming interface: Vlan991, RPF nbr: 172.20.7.17
  Outgoing interface list: (count: 5)

thats it. It never lists anything below it's S,G route in the outgoing list output although the count appears correct. I would expect Vlan1011 to be in the list as that's how it gets to R2..

​

R2 has the *,G and is trying..

R2# sh ip mroute 239.192.0.47

Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 239.192.0.47), 00:41:11/stopped, RP 172.20.22.241, flags: SG
  Incoming interface: Te0/0/4.1011, RPF nbr 192.168.181.1
  Outgoing interface list:
    Lspvif0, Forward/Sparse, 00:41:11/stopped

​

Any thoughts on to what could be going on here?

Ip Question

Is there a reason why IPs do not typically have an octet start with a 0? For example, let’s say an IP was 124.205.52.9 as a gateway address with a /30 subnet. The usable IP would 124.205.52.10. How come the gateway address isn’t 124.205.52.09?

Static IPs Reservations ISP

I work for an ISP. I want to see if there is a more effective way to accomplish static IP reservation for customers. Currently we assign a /29 or a /30 to our static IP customers. I build a VLAN between our core router and their ONT. Their gateway resides on our core router. I am wondering if there is a more effective way to accomplish this than to build out a VLAN for every customer that wants a static IP address. Our DHCP customers have their own VLAN. My understanding is that you don't want your DHCP and static IP customers on the same VLAN is because someone could manually assign themselves a static IP address of a customer who is suppose to have that IP address reserved.

Failover ISP with single IP on HA setup.

Switch-Router Diagram Most likely SonicWall routers (am a pF guy but don't really have a say).

Sonicwall docs say HA can be setup with or without WAN Management IPs (without you loose NTP sync). The Primary ISP has /29 subnet so they will have them.

ISP2 is just a backup cellular connection (Logitech modem) with a single IP, do I need to do anything special on the ISP2 switch to make this work?

I seen This this pfsense single IP workaround, they use internal IPs on the same subnet for the management IPs (WAN IP) and use the real WAN ip for the CARP IP. - Supposedly wont work with DHCP which I think I'll have to use on the cellular connection. Assuming Sonicwall has the same limitation maybe I'll have to double NAT ISP2 into both routers (Double NAT is frowned on i know, but for backup ISP seems ok?)

Need someone to point me in the right direction. Thanks!

DNS Resolution: Cloudflare vs Route 53

growing ecommerce site, and started looking to move out of shopify

As far as DDoS protection is concerned, I am guessing we will have to go in for Cloudflare. More than likely we will be hosting on AWS unless there is something really specific GCP or Azure can offer us.

I was wondering what would be a better DNS resolution tool, Route 53 or 1.1.1.1 ? Hearing mixed responses.. maybe the reddit world can give their opinions?

Cisco Router for FTTC in Germany

Hello All,

Not sure if this is the best place to ask this, but I have a customer opening an office in Frankfurt, and they are getting FTTC installed by deutsche telekom. However this customer is already linked into my companies core WAN via layer 2 circuits, but pricing for a layer 2 circuit in Germany is more than they want to pay currently.
So I am wanting to fire a cisco router on the end of the FTTC connection and spin up a VPN back to the customer, however I am struggling to find out what Router would be compatible in Frankfurt. From what I can see it looks like the FTTC is VDSL over ISDN and not POTS, but I can actually confirm if that is the case or not.

Does anyone here have any idea's or know about German FTTC etc?

Microtik-based botnet on the rise - being used for DDoS

Devices in the botnet apparently running latest stable too. Some excerpts from Qrators blog post include:

"In the last couple of weeks, we have seen devastating attacks towards New Zealand, United States and Russia, which we all attribute to this botnet species. Now it can overwhelm almost any infrastructure, including some highly robust networks. All this is due to the enormous RPS power that it brings along."

Specific features of Mēris botnet:

• Socks4 proxy at the affected device (unconfirmed, although Mikrotik devices use socks4)
• Use of HTTP pipelining (http/1.1) technique for DDoS attacks (confirmed)
• Making the DDoS attacks themselves RPS-based (confirmed)
• Open port 5678 (confirmed)

​

More info:

https://blog.qrator.net/en/meris-botnet-climbing-to-the-record_142/

Cloudflare blog on an attack:

https://blog.cloudflare.com/cloudflare-thwarts-17-2m-rps-ddos-attack-the-largest-ever-reported/

​

Elastic bandwidth for a rural area

Hello I know somewhat about networking. We are located in rural alaska, which bandwidth is insanely expensive and limited. So at my school we have 100mbps up/down aggregate. We have over 450 students and about 50 staff. I want to use our bandwidth more efficiently and give priority to certain apps at certain times.

The problem

Without going into the weeds, we have 2 different vlans that share the bandwidth, student (very limited) staff (mostly open). We allow one person to be able to take the whole bandwidth if they can. The problem is that sometimes unknowingly they do or many users just bog down the wan connection.

​

The solution we have right now

We are constantly monitoring the network, we have some QOS for VOIP programs, and try to constantly open and close yt, fb, and different video sites due to need. This gets cumbersome for tech staff and inefficient.

​

The solution we hope

Is there a way (it can be expensive) that the network can be elastic, scheduled, and give priority to certain ips. So when school is open someone can take the full bandwidth but if other devices show up it splits the bandwidth evenly, So we are taking advantage of the whole pipe the whole time. And then when the many people jump on split the network evenly or in a set order that we desire. How do you guys suggest this can be done, in the router or firewall side or do we need other servers or appliances to do so. We are thinking of hiring this out, but every company has their own solution.

​

TLDR: BAndwidth is only 100mbps for 50 people, is there a way to make the network elastic to use the whole pipe or less when need it?

Introducing my brand

Gvztavo is a brand that is influenced by life experiences, we understand how it feels to be lost in life and a black sheep, which is why this brand was formed to help the lost ones realize their true selves and stay true to the ideals they have established in life.

DHCP over LACP Trunk

Cisco switch connection to a blade chassis using a LACP trunk where all Vlans are allowed through. The LACP is up, there is a DHCP relay set on the switch vlans but DHCP is not going through. Why? Am I missing a setting?

Blogpost Friday!

It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts.

Feel free to submit your blog post and as well a nice description to this thread.

Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it.

Stop data buffering somewhere in a connection with WireGuard VPN and cellular networks

Hello, I have a setup like this:
PC behind a NAT, connected to a WireGuard VPN server hosted in a GCP and another PC connected via cellular network to the same VPN.

Sometimes, when the GSM connection is marginal, or it drops all together I experience something like a packet buffering. I can observe it when pinging a remote PC: I don't get any response, and after a while my console is spammed with all buffered packets (I can see no drops in `icmp_seq`). I also have a `mjpeg` stream, that gets delayed by a whooping 10-20 seconds!

The question is: where is the data stored, and is there a way to stop the buffering? My knowledge is limited, so please point me in to the right direction :)

I need help getting a new router

Good day fellow redditors. I've come here in the hopes that I'm in the correct subreddit and to ask for people's help and opinions about something I have no clue about. I would like to buy a new cellular router for myself and I have a budget of around 200 - 250€. As to what I need I really just want something with a good range out of the box and something reliable that doesn't crash. I'm from Germany and the router I got with my contract at my provider, while it's fine, I really would like to have something more reliable. Thanks for any suggestions and have a nice day!

Inter-VLAN Routing

Hey guys,

So I recently implemented VLANs into our organization since we were running out of IPs in our single subnet and many of our switches needed updated to managed switches. After installing all of the switches and working with our managed firewall service team I was able to get all of the VLANs I needed to configured. For the sake of simplicity, since all of our access list between networks already went through our firewall I decided to keep it that way when I separated out our servers, workstations, and printers onto different VLANs. Instead of using our new layer 3 switch at our core. After moving a bunch of the workstations over to the new VLAN with the correct access list in place for those computers to be able to access the file server on a separate VLAN. I found that the users who were on the new VLAN had issues opening documents on the file server with it taking on average 20 seconds to open a 25kb file. Users who were on the same VLAN as the file server did not notice any slow down in their connection. after doing some test with iperf I noticed that there was a 200mbit connection between the file server and the workstations which should be plenty fast for the 25kb file to open. I copied the files from the fileserver to the workstation and that was fast. but when opening, saving, and closing the file across the VLANs. it was pretty slow. I also tried it between 2 PCs on the new VLAN and it was fast as well. It's only between 2 separate VLANs. Do you guys have any ideas on why that might be?

Our edge switches are Aruba 1930s which all connect to an Aruba 2930f which then go into our cisco asa 5525 firewall. I'm pretty confident that this equipment should be able to handle this considering it was doing it before I separated devices. The managed firewall team said that both networks have the same security level and they verified there is no extra packet filtering or anything happening.

Thanks in advance!

Opinions regarding juniper EX4650-48Y

Hello redditors,

Currently we are installing a 100Gbps link between two places, our needs are pretty much simple ones, a switch that can support this throughput, has 10/25ge ports and can make use of QinQ and L2-protocol tunneling and also simple traffic shaping/policing out and into the port.

We have a pretty small network in term of equipment, Juniper approached us offering the ex4650-48y for this, the price seems to be good and all in all the assure us it meets our needs.

However I have zero experience with this platform, so I come here asking for inputs about it, any complain or problem you might have faced using it?

Thank you in advance

Anyone experienced with WSA proxy? How can I exclude an internal IP or destination website from the proxy?

I'm having a problem with licensing AUTOCAD software via the proxy. (https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/No-Let-s-Get-Started-Window-or-System-Error-Repair.html)

Without proxy it works, but all traffic has to go through the proxy in my organization.

There are is DENIED traffic in the logs. I've allowed ANY destination from the specific source IP. Yet it doesnt communicate with autodesk.com to license.

I thought it was a problem with SSL inspection and Autodesk says specifically to bypass SSL inspection for *.autodesk.com. I did that, set ALL the traffic to PASSTHROUGH (instead of DECRYPT), but still doesnt work.

Is there a setting to exclude an IP from being proxied? I dont want to apply any policy to a specific IP

Cable from modem to router

I’m running 300/300 service speeds, will a cat5e cable be sufficient between the modem and wireless router or should I get a cat6 or better cable?

Vehicle mag mount antenna for Cisco 819 (C819G-4G-V-K9)

We are looking at deploying a fleet of Cisco 819s for a DMVPN back to our branch office.

Cisco makes the 4G-LTE-ANTM-D, which is an indoor dipole 4G LTE antenna for the Cisco 819, along with the antenna base and extension (4G-AE010-R), but it's A) for indoor use, and B) doesn't have a mag mount to put it outside on a vehicle.

Is there another company that makes a good mag mount and I can use the Cisco 4G antenna with it, or is there another part entirely with the antenna and mag mount that will work well with the Cisco 819?

Software Defined Access (SDA) from DNA Center

I have a lot of questions about deploying SDA, please help if you have any experience with the solution. I know there are a lot of questions below, feel free to respond to any of them… thanks in advance for any input.

What requirements exist that may not be apparent day0?

Is anyone out there deploying SDA in a large environment with >100 locations and >10,000 endpoints?

What are some low level pointers to be successful?

What overall advice do you have?

Are you satisfied with the solution?

Are there better alternatives to microseg and macroseg from Cisco or any other vendor?

What are the hidden challeneges?

How do you manage device onboarding from a network access control standpoint?

What version of DNA Center are you running? What version of ISE? What version of IOS-XE?

How are you provisioning your fabrics? LAN Automation or Manual?

Are you doing Fabric wireless?

What challenges have you faced with fabric wireless?

Are you running fabric wireless from imbedded controllers in cat9k? Which models, which version?

Are you using Zero Touch Provisioning(ZTP) or are you building in a provisioning location first? What process are you using at a high level?

What options are you configuring for your Virtual Networks(VN)?

Are you seeing any show stopping bugs or traffic impacting issues with things like L2 Flooding failing?

Three simultaneous network connections, medical device stops working

Please note that I only have very basic knowledge on networking.

Our medical staff work remote on laptops when they see patients and have three network connections at the same time which they all need to do their jobs:

​

1. 4G router for internet access (DHCP)
2. Medical device that sends images to a shared folder on the laptop (based on fixed IP via USB-UTP Dongle)
3. VPN connection (Cisco Anyconnect software)

The issue we have is that the medical device stops working when we enable VPN.

Our best guess is that the medical device no longer "sees" the laptop in the network. When we disable the VPN and restart the medical device it is working again.

See the image below for more information.

sdfsd345.png

Sample real world networking business proposal?

Hey all I am studying CS and in a networking class atm. we have to make a pitch/report to propose a network for a business of 400 people and have been given some requirements. while I have found some good Cisco docs and network tools to pick hardware i have found it almost impossible to find a real world example of a doc that say a network consultant would provide to a prospective client?

After a lot of searching all I can find is generic teaching materials but nothing that shows how you would actually create a mock floor plan or network topology besides the standard graphics, and an analysis of speed / security requirements.

Is there some resource I haven't heard of or would somebody be okay with sending an old document that I could view?

Thank you for any help!

How to connect a firewall to SD-WAN pop

Hi everybody

Currently, I have a PoP that connects several tenants to the internet and the cloud. I want to set a DPI SaaS firewall in the PoP so I could provide this security component to the tenant.

My question is how do I integrate a firewall on top of the PoP with minimum latency?

edit: I know it is possible with VNF, but I wanna know if there is any better way.

APIC Cluster with a single APIC Server

Is it possible to build an ACI fabric with a single APIC but with cluster size 3? Will it be in read-only mode? The other two APIC will be added later. This is only for temporary before the other two APIC servers are delivered.

Translate config to junos

I am having trouble translating this config from brocade to Junos. I am building each l3 interface vlan.xxx

interface ve 620

port-name VLAN_620

ip bootp-gateway 192.3.11.145

ip helper-address 1 192.3.9.162

Dumb question Access Point Throughout

Hi,

When an AP says that it has 1.5 Gb of throughout and I connect it to a 1 GB Switch port, does it means that 500Mb is wasted?

Azure VNet to UDR Redundant Routing

Hi Guys,

Just wanted to get some feedback on what's the best way to setup redundant routing on a UDR in Azure. We currently have 8 or so VNets that are pointing to 1 of the 2 FortiGateVMs(currently have redundant ExpressRoutes connecting to 2 Fortigates).

So my question is - is there a way to setup redundant routes in a UDR for the same destination network but just with a higher Administrative Distance for the duplicate route? - If that's not how you would approach it, does anyone know what the recommended approach would be to solve this issue in Azure.

Our concerns are just around the possibility of the primary FortiGate going down and clients losing all access to the servers that sit behind that FortiGate.

Thanks

What are the firewall features difference between Cisco and Fortinet?

I haven’t worked with their fw units before and I’m checking the main differences of firewall feature between them.

Routing Subtleties - Passive vs Delay to Remove Traffic

I have a mesh of 4 pairs of EIGRP nodes in a circle and I need to remove a single pair from the group and break the circle. I'm leaning towards setting the delay to a really high value and effectively costing out the pair, link by link, vs setting each link to passive. I'm looking for the least interruptive method. What's your take?

Nexus vrf routing issue?

Hey guys, another issue I'm having and couldn't get much help on from the cisco community forum:

I'm having a weird issue with the below topology. I have a Nexus 9k with an additional (besides the default) vrf created to isolate some LANs (represented by loopbacks for my testing). I'm not trying to route directly from one vrf to the other, but rather through another device and a firewall. The issue I'm running into is that traffic seems to die when it tries to go from one Loopback to the other.

Picture of topology: https://imgur.com/a/Ur9UU3B

As configured in the topology Lo72 can ping both interfaces on the router and the outside firewall interface, but not the loopback201 in vrf RED or the physical interface in vrf RED. However, if I shut down lo72 on the nexus and move it down to the router, everything works just fine. Which leads me to believe that the firewall is not the issue.

​

​

N9K vrf default

***************

ip route 10.0.10.0/24 10.1.1.1

ip route 10.0.20.0/24 10.1.1.1

!

interface Ethernet1/9

 description Connection to BORDER

 ip address 10.1.1.2/30

 no shut

!

interface loopback72

 ip address 192.168.21.1/24

***************************************************************************
ROUTER

************

hostname BORDER
!
boot-start-marker
boot-end-marker
!
crypto ikev2 proposal PROP
encryption aes-gcm-128
prf sha256
group 5
!
crypto ikev2 policy IKEV2_POLICY
proposal PROP
!
crypto ikev2 keyring KEYRING
peer ALL
address 0.0.0.0 0.0.0.0
pre-shared-key local TEST
pre-shared-key remote TEST
!
crypto ikev2 profile IKEV2_PROFILE
match identity remote address 10.0.0.2 255.255.255.255
identity local address 10.0.0.1
authentication remote pre-share
authentication local pre-share
keyring local KEYRING
!
crypto ipsec transform-set TSET esp-aes 192 esp-sha256-hmac
mode tunnel
!
crypto map CM 10 ipsec-isakmp
set peer 10.0.0.2
set transform-set TSET
set ikev2-profile IKEV2_PROFILE
match address AC_GRAY
!
interface GigabitEthernet0/1
no switchport
ip address 10.1.1.1 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/8
no switchport
ip address 10.0.0.1 255.255.255.252
duplex auto
speed auto
crypto map CM

!
ip forward-protocol nd
!
ip route 192.168.20.0 255.255.255.0 10.1.1.2
ip route 192.168.21.0 255.255.255.0 10.1.1.2
ip route 10.0.10.0 255.255.255.0 10.0.0.2
ip route 10.0.20.0 255.255.255.0 10.0.0.2
!
ip access-list extended AC_GRAY
permit ip 192.168.20.0 0.0.0.255 10.0.10.0 0.0.0.255
permit ip 192.168.20.0 0.0.0.255 10.0.20.0 0.0.0.255
permit ip 192.168.21.0 0.0.0.255 10.0.10.0 0.0.0.255
permit ip 192.168.21.0 0.0.0.255 10.0.20.0 0.0.0.255
!

*******************************************************************************

FIREWALL

***********

interface GigabitEthernet1/1
nameif inside
security-level 100
ip address 10.2.2.1 255.255.255.0
!
interface GigabitEthernet1/8
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.252
!
interface Management1/1
management-only
nameif MGT
security-level 0
ip address 1.0.0.1 255.255.255.252
!
access-list RED extended permit ip 10.0.10.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list RED extended permit ip 10.0.20.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list RED extended permit ip 10.0.10.0 255.255.255.0 192.168.21.0 255.255.255.0
access-list RED extended permit ip 10.0.20.0 255.255.255.0 192.168.21.0 255.255.255.0
access-list TESTICMPIN extended permit icmp host 10.0.10.1 host 192.168.21.1
access-list TESTICMPOUT extended permit icmp host 192.168.21.1 host 10.0.10.1
access-group TESTICMPIN in interface inside
access-group TESTICMPOUT in interface outside
mtu inside 1500
mtu outside 1500
mtu MGT 1500
icmp unreachable rate-limit 1 burst-size 1
route outside 192.168.20.0 255.255.255.0 10.0.0.1 1
route outside 192.168.21.0 255.255.255.0 10.0.0.1 1
route inside 10.0.10.0 255.255.255.0 10.2.2.2 1
route inside 10.0.20.0 255.255.255.0 10.2.2.2 1
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication login-history
http server enable
http 10.100.26.0 255.255.255.0 outside
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec ikev2 ipsec-proposal TSET
protocol esp encryption aes-192
protocol esp integrity sha-256
crypto ipsec security-association pmtu-aging infinite
crypto map CM 10 match address RED
crypto map CM 10 set peer 10.0.0.1
crypto map CM 10 set ikev2 ipsec-proposal TSET
crypto map CM interface outside
crypto ca trustpool policy
crypto ikev2 policy 10
encryption aes-gcm
integrity null
group 5
prf sha256
lifetime seconds 86400
crypto ikev2 enable outside
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev2
dynamic-access-policy-record DfltAccessPolicy
tunnel-group 10.0.0.1 type ipsec-l2l
tunnel-group 10.0.0.1 ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!

*****************************************************************************

N9K vrf RED

*************

interface Ethernet1/11

 description Connection to FW Inside

 vrf member RED

 ip address 10.2.2.2/30

 no shutdown

interface loopback201

 vrf member RED

 ip address 10.0.10.1/24

vrf context RED

 ip route 192.168.20.0/24 10.2.2.1

 ip route 192.168.21.0/24 10.2.2.1

 address-family ipv4 unicast

838 radios! That's impressive! What's your biggest?

Investigating "wifi drops" in a college building and came across this.

They're hosting a job fair and didn't tell us beforehand.

https://imgur.com/a/jMlWDbZ

Prefix filtering on IXP

Hello,

I’m thinking about announce received by peer on IXP.

Actually, we filter only with max-pref and bogons.

When we peer with a downstream, we import only prefix of the AS with BGPQ3.

Which filters do you use on IXP ? It seems to be too hard to verify each prefix for each AS we peer…

WiFi router logs weird intrusions when Wavlink extender is connected

I'm trying to get a Wavlink wifi extender working. When I power it up wirelessly my router logs a ton of intrusion attempts. Examples:

Intrusion -> IN=ppp0.1 OUT= SRC=205.185.118.222 DST=97.126.23.107 PROTO=TCP SPT=55062 DPT=22 Intrusion -> IN=ppp0.1 OUT= SRC=104.140.188.30 DST=97.126.23.107 PROTO=TCP SPT=62924 DPT=9000 

Notice that the DST is always 97.126.23.107. The SRC IP is all over the place and seems random. If I try to connect to 97.126.23.107 with a web browser nothing comes up. I suspect this IP might be a hard-coded Wavlink thing, but I don't understand what this activity is about and why the router thinks these are intrusions. Basically I'm just wondering what's going on.

Can anybody give me any clues?

Meraki APs with a lot of Authentication Step failures

I've just taken on a charter school with 800 students which means about 1200 devices. They are primarily wireless so they are fully dependent on their MR53 APs which there are 21 of them.

I'm not too familiar with Meraki but at this scale, I don't believe I should be seeing as much as 10% of devices with connection problems. All of which are at the Authentication step.

A little background on the current config:

• 2.4Ghz disabled across the board.
• 20Mhz channel width on 5Ghz for maximum channel availability. Channel utilization for 5Ghz reports healthy.
• 10Mbps bandwidth limit for students (20Mbps Global) with average WAN usage as 160Mbps (1Gbps Fiber from ISP)
• 1 Staff SSID/VLAN and 1 Student SSID/VLAN on /22 (with no wireless isolation enabled). I am not seeing any alerts regarding a shortage in the DHCP IP pool.

I've already opened a ticket with Cisco and am waiting but am not a Cisco preferred vendor so I don't know just how responsive or helpful they are these days.

In summary, I'm hoping you guys could confirm that 10% is within the expected failure rate and I'm on a wild goose chase, or maybe there is a factor I haven't considered. While I am waiting for support, I have also noted that we do not have control over these devices (most are BYOD) and it is well within the realm of possibility we are looking at a bunch of outdated drivers and firmware out there. Any input is appreciated!!

Bad school marks

I did the basics like a+ and my n+. I am currently 18 and still in school but my marks don't look very good in school will this play a massive part in my future career path? :/ have no idea what steps I need to take. I wanna go to college but have no idea if that would be worth it

Moving in to 3-floor building, landlord provides the internet, doesn't let us run LAN cables between the floors.

I work in an SMB with ~100 employees and we got three offices with one of them being the main office where all our servers sit at (emails, AD, file serers etc.)

Each of the secondary offices is connected with its own subnet, through a VPN tunnel to the main office and we only got seperate phone system servers and WSUSs in each of them, nothing else.

We are now moving one of the secondary offices to a new building which will be 3 floors big. The floors are not wired to see each other but they have two cables each, going to a data cabinnet on the ground floor. These cables are being used by the landlord to provide an internet connection to each floor (one cable for internet and one backup). Our lease contract is for 750Mbps internet spread at a fixed ratio of our liking for each floor.

The problem I see here is that each floor has to be treated as a whole office, requiring us to install a router, a WSUS server, a phone system server and a different subnet for the new VPN tunnel to the main office ... for each floor.

I've proposed that we should use one of the two cables from each floor, to install a switch on the landlord's data cabinet, right before their router, to create a link between the floors. Then we can use one of the backup cables on one floor to connect it to the landlor's router for internet access.

https://imgur.com/a/CfPOfg7

Our company doesn't mind installing seperate servers/routers on each floor but I think it adds unnecessary complexity.

What do you guys think? Do you see any other selling points here?

VPN appliance/hardware performance

I'm a SOHO tech and have setup a number of vpn's over the years but can't figure out how hardware specs affect speed and performance of the vpn. I didn't realize until recently that some routers only allow so much vpn throughput, I assume this is hard coded and can't be changed? Would this be a decision based on hardware or a coding thing?

So I'm looking to build a vpn appliance that will allow as much speed as possible and I'm not sure what to expect if both sites are running at 300Mbps down and 50Mbps up. I've talked to other tech's and some insist you need lots of RAM and others have said no you need processing power.

Favorite CAT Cable Strippers?

What are your favorite CAT5e/6/6A strippers? The one built into my crimper tends to cut into the copper strands, so I have to start over. Let me know!

Comparable Alternatives to Cisco C2960x

Hello r/networking!

I am looking for suggestions for a new access switch model that is comparable to the Cisco C2960x platform. Some background- my employer has been using 2960x's forever, and this switch model has reached end of life. We're considered the Cisco C9200, but are not in love with the licensing/subscription model Cisco is requiring. We've been a Cisco shop for a long time, and aren't too familiar with other vendors unfortunately. But now we're looking around to see what other vendors have to offer.

Basic requirements (nothing too fancy):

• [48] 1G copper access ports
• [2-4] 1G SFP uplink ports

1. What non-Cisco vendors do you recommend? HPE/Aruba? Extreme Networks?
2. Do you know of any models of switch that are relatively new (not near end-of-life) that would be a similar replacement for the 2960x?
3. Is it pretty standard for all major vendors to have a "subscription" type licensing model?

Thanks in advance for any suggestions you can provide!

Transfer host IP through proxy tunnel

Can I use a local DNS to resolve IP address of host and then transfer it through a proxy tunnel instead of transfer the URL through the proxy tunnel?

VPN connection is slow as molasses. UniFi USG

Our office setup is all UniFi hardware, using a USG and G2 plus controller with ver 6.1.7 I configured VPN access but VPN connections are ridiculously slow. Unusable for anything.

I have tried both PPTP and L2TP configurations and get the same results. The office has a 1GB synchronous fiber connection. We move large files using aspera without issue. At home I have a 400/50 connection but while its a consumer network, it is on the same ISP as the office.

When I connect to the VPN I cannot even transfer a small file across the network, browser based speed test usually fails to connect and when it does it comes in less than 1 Mbps.

RDP connections to systems on my office network barely work. I really don't see anything from a configuration standpoint that should be causing this kind of issue.

Conversely Chrome Remote Desktop works fine when I'm not connected to the VPN. I'm really at a loss for ideas and I'm hoping someone here has encountered this kind of problem before and has an idea. Recently updated all the UniFi firmware too.

Is this a known problem with UniFi USG?

ipv6 and stopping torrenting - Send help - please 😂

I am 19 with a background in computers and engineering, as of later this month i am due to start with a local isp that uses ubiquiti uisp to distribute to rural communities and business. During the interview it was revealed that my first tasks would be implementing ipv6 and combating torrenting, two things i have minimal experience with.

Has anyone any experience in either of these feilds that could advise and direct me towards resources appropriate.

Networking Project

I have a project in school where we're suppose to "build a network infrastructure for a hospital" and one of the requirements is to show where the routers , switches, portplates etc are located but I have no clue where that stuff would be in a hospital. I have the floor plan of the hospital we made if anyone wants to dm me and help show me where that stuff would go

Do ISPs typically implement failover on end user connectivity?

Recently set up failover/backup cellular connectivity on my personal network.

And it got me thinking:

Cellular connectivity, or another form of dual-WAN, maximizes availability/uptime. Which is something consumers and businesses commonly really care about.

Is this something that ISPs already typically provision for end users?

If not - then why not?

Perhaps because service interruptions typically occur downstream of the ISP?

Do ISPs who pass on traffic from multiple upstream sources already exist?

Or is multi-WAN networking something that it's always the responsibility of the end user to implement?

Meaning of Same ASN Different Domain

Can someone with more knowledge please explain to meme what it means when a website has "the same ASN but a different domain.".. does that mean the websites are all owned by the same person, hosted on the same server, or no correlate ? Help thanks!

Cisco Smart Licensing for ISE

I work on a number of air-gapped networks with no internet access. I'm testing out an ISE deployment for 802.1x and reached out to Cisco TAC about licensing and was told ISE version 3.0 and higher has no way of having licenses manually installed. Their response was to get an On-Prem server, again however these networks have 0 internet access, On-Prem server or not. Is there literally no other solution?

Recommendation for ethernet surge protection?

We have enough remote offices that use of cable modems is common and fried ethernet ports on routers can happen during bad weather. Before I just buy something that looks like it will work, I’m wondering if anyone has any ethernet surge protectors that have worked or even failed miserably?

IPSec VPN problems Fortigate <-> ASAv

Hi there,

We just set up a new VPN (IPsec IKEv2) between a Fortigate 60E (we're on FortiOS 6.4.4) and an ASAv (9.14) on Azure.

Phase 1 comes up and the first of the phase 2 interfaces configured on the Fortigate. We have five subnets on our side but only the one that is top of the list will come up. Traffic flow works for that subnet.

We had the exact same problem with a VPN between that ASAv and a Checkpoint so I think the Fortigate might be innocent in this case. We installed a hotfix on the Checkpoint and after that the VPN worked for all subnets. I have no idea though if anything was changed on the Azure ASA.

The cooperation of the ASA's admin is not the best so that might limit the information I can provide.

Anyone seen something like that and found a solution?

Quick question about broadcast storms.

If I were to cause one of these within my own office, just using a mini switch plugged into the wall, would it affect everyone else on the network throughout the building or stay within my office on my looping switch?

Switch C3560-G Netflow giving dropped traffic only !!!!

Hi

I tried to configure Netflow on cisco switch WS-C3560G-24TS version 15.0(2)SE11 with ELK Stack (Elasticsearch, Logstash, Kibana) Netflow analyzer, but after I finished the configuration I didn't receive correct traffic the ELK receives NetFlow traffic from the switch but the traffic looks like fake traffic or dropped traffic but the real traffic didn't appear on the ELK

The Configuration:

flow exporter Netflow-exporter
destination 10.10.30.100
source Vlan30
transport udp 2055
template data timeout 60

flow record Netflow-recorder
match datalink dot1q vlan input
match datalink dot1q vlan output
match datalink mac source address input
match datalink mac source address output
match datalink mac destination address input
match datalink mac destination address output
match ipv4 version
match ipv4 tos
match ipv4 ttl
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match transport tcp flags
match interface input
collect interface output
collect counter bytes long
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last

flow monitor Netflow-monitor
record netflow-recorder
exporter netflow-exporter
cache timeout active 60

interface Vlan 20
ip flow monitor Netflow-monitor input

interface Vlan 30
ip flow monitor Netflow-monitor input

show flow monitor NetFlow-monitor cache

Cache type: Normal
Cache size: 4096
Current entries: 16
High Watermark: 607

Flows added: 9508
Flows aged: 9492
- Active timeout ( 60 secs) 280
- Inactive timeout ( 15 secs) 9212
- Event aged 0
- Watermark aged 0
- Emergency aged 0

DATALINK DOT1Q VLAN INPUT: 0
DATALINK DOT1Q VLAN OUTPUT: 0
DATALINK MAC SOURCE ADDRESS INPUT: 34E4.D768.4502
DATALINK MAC SOURCE ADDRESS OUTPUT: 0000.0000.0000
DATALINK MAC DESTINATION ADDRESS INPUT: 0024.6042.DA5C
DATALINK MAC DESTINATION ADDRESS OUTPUT: 0000.0000.0000
IPV4 SOURCE ADDRESS: 10.10.20.60
IPV4 DESTINATION ADDRESS: 10.10.110.7
TRNS SOURCE PORT: 58237
TRNS DESTINATION PORT: 161
TCP FLAGS: 0x00
INTERFACE INPUT: Vl20
IP VERSION: 4
IP TOS: 0x00
IP PROTOCOL: 17
IP TTL: 127
interface output: Null
counter bytes long: 431
counter packets: 5
timestamp first: 14:25:18.307
timestamp last: 14:25:50.545

DELL S4048-ON doesn't send bandwidth utilization via SNMP

Hi engineers!

My DELL S4048-ON (ver 2.0 - 9.14(2.7)) doesn't send bandwidth utilization via SNMP.
What i could do?

sh run | find snmp show me:
snmp-server community xyz
snmp-server enable traps bgp
snmp-server enable traps snmp authentication coldstart linkdown linkup syslog-reachable syslog-unreachable
snmp-server enable traps vrrp
snmp-server enable traps lacp
snmp-server enable traps entity
snmp-server enable traps stack
snmp-server enable traps stp
snmp-server enable traps ecfm
snmp-server enable traps vlt
snmp-server enable traps fips
snmp-server enable traps ets
snmp-server enable traps xstp
snmp-server enable traps isis
snmp-server enable traps config
snmp-server enable traps pfc
snmp-server enable traps envmon cam-utilization fan supply temperature
snmp-server enable traps ecmp
snmp-server enable traps mac

#snmp-server enable traps ?
bgp Enable BGP state change traps
config Enable copy-config trap
ecfm Enable ECFM state change traps
ecmp Enable ecmp traps
entity Enable entity change traps
envmon Enable SNMP environmental monitor traps
ets Enable ets traps
fips Enable FIP Snooping state change traps
isis Enable ISIS adjacency change traps
lacp Enable LACP state change traps
mac Enable MAC address notification traps
pfc Enable pfc traps
snmp Enable SNMP traps
stack Enable stacking role change traps
stp Enable 802.1d state change traps
vlt Enable VLT traps
vrrp Enable VRRP state change traps
xstp Enable 802.1s, 802.1w, and PVST+ state change traps

Networking Project

Hello,

I am currently looking for a project idea for my last year at a technical highschool. The Project shouldn't be too hard but also not too easy as we aren't entry-level. We are a group of 3 so the project should have at least 100 hours of "work" to do.

The possible "fields" for our project are:

Networking (obviously) with some type of LAN-Game

Local management of smart security device like security doorbell cams

Something that has to do with an arduino

Or any other idea that you might think of.

We as a group would be very thankful if somebody would recommend us a good project or even push us in the right direction.

DIA or MPLS between HQ and Branch Offices

Hi Folks

I need your valuable advice on picking DIA or MPLS.

We want to connect our eight branch offices with HQ and each office would have 70-100 computers. We will mainly have data and voice traffic, no streaming. I'm not really sure which one to go with. I would rather go with the better solution since the budget is not a problem.

Let me know if you need any further information.

Difference between port and sockets

What's the difference between port and sockets I searched but didn't get any clear explanation quite confusing. Appreciate your help

Small business server/security advise

Hi I have a small business (six employees) currently have our own server managed by IT company. I want to move to a cloud based system given that everyone is working more remotely and when traveling for work accessing files has been challenging. I have two questions: 1) best recommendations for cloud based server? 2) what is best way to protect against ransomware when users are going directly to cloud based server system? Thanks I’m advance for any advice!

Rant Wednesday!

It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related.

There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves!

Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it.

Aruba vs. Meraki

Planning on refreshing a branch office of network gear next year (switching and wireless). Was previously all Cisco Catalyst & Aironet. Was planning on going all Aruba this time around. Before I go dropping the six figure PO, figured I’d put feelers out to see if anyone’s got a compelling argument for Cisco Meraki (wireless only) instead of Aruba…?

Thanks!

ClearPass / generic NAC deployment planning resources

I'm working on getting myself up to speed on ClearPass after our previous in-house resource for it moved on and I inherited a deployment project for one of our customers. We're going to be authenticating everything, using it for wireless 802.1x, wired 802.1x and MAC auth (for headless devices), OnGuard for posture enforcement, and TACACS for network devices. Most of the technical stuff is straightforward enough to slog through labbing out with the videos / documentation, but the one thing that bothers me is the lack of 'here's the best way to do things' resources on ClearPass....either straight from HPE/Aruba or otherwise. Like, I can look at ClearPass and say "Yep, I can make it do XYZ, technically, no problem" but as far as actually making the decisions as to how we're going to make it behave, I'm struggling with.

Some of it is easy enough to think through in terms of device fingerprinting and returning roles / VLAN assignments, but are there any good resources either ClearPass specific or general NAC guides about the best way to approach enforcement anybody can share? I know there are some real slick ClearPass implementations out there but no VRDs I've seen, good "Here's what our policies look like" resources, etc.

What UPS brand do you guys trust?

I have been searching like a madman for a great UPS for strictly networking gear. I have 4 closets that are just my POE switches that run all the doors, cameras, and security. 5 switches in each closet. I have had 3 Eatons die on me in the last year. So I am looking to replace them all.

Is TLS offload now considered bad practice?

So I just read this Microsoft blog post, albeit from 2018, basically saying that TLS offloading should be avoided. Here's a snippet (it's in the section about Application Gateway):

​

Prior to 2017, TLS Offload was recommended, however, Microsoft changed its internal security controls requirements for the use of TLS for all connections from recommended to mandatory. Hence TLS Offloading is not the recommended best practice and should be avoided.

Googling around a bit I found some stuff from around 2013 talking about the NSA's 'MUSCULAR' project and how they were snooping on internal traffic at Google (and elsewhere). So maybe this is the reason why?

So I wondered if this is, or is becoming, prevailing opinion? With more power at the server level, is there still the need to offload the processing that TLS requires? And with certificate automation using the likes of Let's Encrypt, is central management not so necessary any more?

OSPF Sanity Check

Slightly weird scenario, hoping you guys have maybe tried or seen this before.

We have an existing ASA with it's inside interface on a VLAN that lets it reach the firewall. They discover/broadcast to each other and establish an OSPF adjacency. The ASA is the DR, FW(Checkpoint) is DROther.

What I want to do is add a new router on the same network north of the FW on the same FW interface. The caveat is, I don't want that router to see routes from the ASA to prevent any weird scenarios where traffic to weird destinations skips the firewall.

My "simple" solution was to just bring up the new router as a non-broadcast OSPF and configure the FW as a neighbor to send unicast hellos (so no adjacency with the ASA). Anyone have any ideas/experience as to why that will/won't work?

If it doesn't work I'll just bring the new router up and filter the ASA's OSPF tag out.

Thanks!

Show interface status equivalent command ASR920

We are rolling out ASR-920's at cell towers, and i notice that show interface status doesn't work on these boxes (ASR-920-12SZ-IM-CC), probably because that's a command for a switch.

Is there an equivalent command that gives you the same output?

Namely interface number - up/down status - description if possible and the connection state/speed and or duplex?

I've done some googling on this and i'm coming up empty i'm probably just not using google correctly.

CAT6a crimp job makes ethernet pins fall out occasionally

Hey guys I am looking for some information here since I am not able to find anything about this subject.

At work we use spools of outdoor shielded CAT6a for our cable runs.

We find that after we put ends on the cable that sometime the gold pins on the cable end with pop out.

What would cause this? We are going to switch up the tools and ends we use but I wanted to see if anyone has experienced this before.

Server not releasing RDC sessions?

I have a virtual production server that office workers RDC in to use certain programs. After they disconnect though, the session is still active? I cant seem to find any documenting for this particular issue, has anyone dealt with it before?

PBR, NATTING AND VRF Issue on return traffic ?

Hi All,

We have a LAN and Isolation network(under VRF), From LAN network I want to route a specific client to to Isolated/VRF to reach the internet.

Requirement:

- Route from LAN to VRF using PBR

- Nat the source IP from lan to isolated network segment

I'm able to see that IP is being translated and being forwarded to tunnel however it seems like the client is not receiving any response. Here's the topology and configuration:

https://ibb.co/WfyMv1B

## FROM EDGE ROUTER interface Ethernet0/1.501 encapsulation dot1Q 501 ip address 10.67.96.2 255.255.255.252 ip nat inside ip virtual-reassembly in ip policy route-map V301TOZSCALER ! interface Ethernet0/1.689 encapsulation dot1Q 689 ip vrf forwarding ZSCALER ip address 192.168.0.2 255.255.255.0 ! ip access-list standard NAT:VOIP_IP permit 10.67.101.11 ip access-list standard VOIP_IP permit 10.67.101.11 ! route-map V301TOZSCALER permit 10 match ip address VOIP_IP set vrf ZSCALER route-map V301TOZSCALER permit 20 ! ip nat inside source list NAT:VOIP_IP interface Ethernet0/1.689 vrf ZSCALER overload ! ip route 10.67.101.0 255.255.255.0 10.67.96.1 ip route vrf ZSCALER 0.0.0.0 0.0.0.0 Tunnel1001 

Any inputs?

Thank you

Burried network cables and electrical wires interferencies over 80m+

Hi

I'm helping a friend setup a workshop on his property and extending/remaking some wiring for a dependency. We have to lay and burry electrical cables for all that, some simple 2.5mm² wires and some larger 16mm² for the workshop.

We would like to add some network cable in a differents sheath in the same trench ( 10 cm wide ) but are worried that it may be too close and generate to much noise to have a good connection. The whole length will be somewhere between 60m and 100m long.

Is there some network guru that can help me with this I'm just a dev so way out of my league here :D

Thank guys!

Dell S4048-ON HOW TO UPGRADE OS9 TO OS10 !

I HAVE NO IDEA HOW TO UPGRADE DELL EMC s4048-ON SWITCH FROM V 9.12.0.1 to 9.14.0.1

and then i need to upgrade to OS9 to OS10 !!! i read the realse note but its getting to complicated

Networking Student Looking for Projects

Hello! I am a student currently pursuing 2 degrees (Networking and IT Support Specialist) and am trying to plan ahead for my spring semster, which includes an internship. I already work an internship at a local school district doing IT Support, but am having trouble finding the networking experience I need to graduate. I spoke with my employer and they said that if I came up with a few ideas, I could totally do some networking for them to meet the requirements for my degree.

Do any of you all know some networking projects that a student like me could handle? Also, any advice on things I could do now to build up a resume for networking?

Arista 7280 FlexRoute BGP Route Withdrawal Issue

Hey Folks,

I wanted to see if anyone has seen the behavior I'm currently seeing with my 7280 Internet Routing POC.

Topology Overview:

(2) Tier 1 ISP's, 10G Circuits

(2) 7280R2-48YC6-F, 100G iBGP Peering between

Enterprise edge is a unique public AS, we have an eBGP peering with each carrier, Full table + Default Peering profile. Between the two 7280's we have an iBGP Peering.

​

The Issue:

When I do failover testing its taking upwards of 3 - 3.5 minutes for the routes to withdraw from the iBGP connection between the 7280's. I will fail one of the circuits (hard down L1 in this instance), and you can see the iBGP peering slowly withdraw the routes on the 7280 with the active circuits. From the end user standpoint traffic is getting black holed if the failed circuit was the preferred path over the iBGP peering link.

For reference this topology is normally Cisco ASR-1001HX and it takes less than 30 seconds for the iBGP peering to withdraw the routes of the failed peer. We've been working with Arista TAC and they are saying this is expected and they have no one else who has seen this issue.

The internet topology itself is pretty standard and is used by enterprises all over, so I was looking to see if anyone has seen this in their travels or testing when using these in this topology.

IP SLA Responder can save the statics?

Hello people, i am reading the IP SLA RFC but i cant see the response about my query.

Can i see the IP SLA statics on the Responder Router or only on the Server IP SLA Router?

If i try to see the statics on the responder cisco router i see that:

clientrouteripsla(config)#do show ip sla statistics IPSLAs Latest Operation Statistics clientrouteripsla(config)# 

On the server side i can see all the statics:

serverrouteripsla>show ip sla statistics 97382 details IPSLAs Latest Operation Statistics IPSLA operation id: 97382 Type of operation: udp-jitter Latest RTT: 1 milliseconds Latest operation start time: 12:25:05 UYU Tue Sep 7 2021 Latest operation return code: OK Over thresholds occurred: FALSE RTT Values: Number Of RTT: 1000 RTT Min/Avg/Max: 1/1/3 milliseconds Latency one-way time: Number of Latency one-way Samples: 0 Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds Source to Destination Latency one way Sum/Sum2: 0/0 Destination to Source Latency one way Sum/Sum2: 0/0 Jitter Time: Number of SD Jitter Samples: 999 Number of DS Jitter Samples: 999 Source to Destination Jitter Min/Avg/Max: 0/1/1 milliseconds Destination to Source Jitter Min/Avg/Max: 0/1/1 milliseconds Source to destination positive jitter Min/Avg/Max: 1/1/1 milliseconds Source to destination positive jitter Number/Sum/Sum2: 128/128/128 Source to destination negative jitter Min/Avg/Max: 1/1/1 milliseconds Source to destination negative jitter Number/Sum/Sum2: 127/127/127 Destination to Source positive jitter Min/Avg/Max: 1/1/1 milliseconds Destination to Source positive jitter Number/Sum/Sum2: 191/191/191 Destination to Source negative jitter Min/Avg/Max: 1/1/1 milliseconds Destination to Source negative jitter Number/Sum/Sum2: 192/192/192 Interarrival jitterout: 0 Interarrival jitterin: 0 Jitter AVG: 1 Over Threshold: Number Of RTT Over Threshold: 0 (0%) Packet Loss Values: Loss Source to Destination: 0 Source to Destination Loss Periods Number: 0 Source to Destination Loss Period Length Min/Max: 0/0 Source to Destination Inter Loss Period Length Min/Max: 0/0 Loss Destination to Source: 0 Destination to Source Loss Periods Number: 0 Destination to Source Loss Period Length Min/Max: 0/0 Destination to Source Inter Loss Period Length Min/Max: 0/0 Out Of Sequence: 0 Tail Drop: 0 Packet Late Arrival: 0 Packet Skipped: 0 Voice Score Values: Calculated Planning Impairment Factor (ICPIF): 11 MOS score: 4.06 Number of successes: 10 Number of failures: 0 Operation time to live: Forever Operational state of entry: Active Last time this entry was reset: Never 

Transitioning from networking to cyber security

I’m going to be transitioning soon to cyber security after 20 years as a network engineer. Has anyone done this? Can I get any pointers to help with new role? I’m eyeing CISSP knowing fully that certs aren’t everything.

Mac wifi issue

I have macs that connect to wifi via radius access. it seems most of them work fine. Some of them connect to the radius wifi. They get an IP address but can't connect to anything on the network. They cant ping the gateway or anything. If I remove the wifi adapted in system preferences and then add it back everything works fine until the issue comes back for them. I don't see any reason for this.

How to set preferred band to 2.4Ghz

Hi,

i'm trying to figure out how to force a PC Client to connect to an AP via 2.4Ghz band instead of 5Ghz: the network has multiple access point (2.4G and 5G) under the same SSID but there's bad signal for 5ghz ; Windows is ignoring that and it is still trying to connect to those bad-signal 5ghz APs.

The Client runs Windows 10 Pro and its NIC is an Intel AX200 Wifi 6
Until now i tried:

• Driver Update (22.70)
• Device Manager : Changed settings to "Prefer 2.4Ghz", but nothing changes
• NetSetMan : When manually switching to a 2.4Ghz AP the software almost crashes ; still, no issues encountered when switching between 5Ghz APs. Here is a screen from NetSet https://imgur.com/a/7zNugnh

At this point i'm thinking of setting minimum RSSI of APs via UniFI panel (minimum RSSI for 5Ghz access point only) so that they don't allow client to connect if signal is below -70dbm.

Anyway, it seems REALLY STRANGE to me that i can't manually set band preference client-side. Do you know any other method? Via cmd maybe? Or Powershell Network config?

Whitelists for load balanced endpoints (Azure and Z-Scaler)

Hi all. I have a SaaS product for B2B. Client is upgrading to Z-scaler security. We currently have issues with some parts of our Azure cloud communicating within their region, ever since Microsoft added Dynamic DNS load balancing on the host global.azure-devices-provisioning.net. I really want to send Z-Scaler a list they will understand and apply the first time correctly.

Hoping that someone can clarify how best I should communicate the whitelist requirements of my product to a client per region. Up to this point, they have had to whitelist every single host and cannot use any kind of wildcard/ FQDN rules to cover many at once.

My columns in the spreadsheet cover URL, dest IP, Port(s), Protocols, and descriptions.

1. Any info on how Z-Scaler executes their whitelists? Any gotchas or things to be wary of?
2. Should I list the primary Azure endpoint (global.azure-devices-provisioning.net) with a N/A IP column but still include all the ports? The URL is just the front-door for Azure now.
3. Directly below the previous whitelist, should I just include the full details for each region endpoint? My thought is to just add in the description that the region endpoints are directly connected to the primary Azure devices endpoint.

Sorry if it seems like I am overcomplicating this. Our client has multiple regions, and not all our rules work all the time right now due to different firewall technologies and rule requirements across regions. I am hoping Z-Scaler will make things easier for us.

Switching brain power requirements

Let's say I was asked to replace a switch at work. I know what most of the requirements are:

• Fixed Configuration • Stackable • Either 24 and 48 port density • 1 GigabitEthernet line speed • High PoE Budget • 2 to 4 SFP ports with 1 GigabitEthernet line speed • QoS • IP Routing capability 

So far, so good. Easy. But how the hell do I know what the correct new model is I should buy based on the horsepower of the old unit, the brain power of it and stuff relating to its actual switching capability. What are the usual bits of info you're measuring to gauge the correct level of switching power?

What exactly is Forwarding bandwidth?

What exactly is Switching bandwidth?

What's the difference between the two?

Also, what exactly is meant by Stack Bandwidth? What is Stack Bandwidth in Gigabytes/Gigabits a measurement of?

Have you ever made any mistakes in relation to any of these things?

New one for me: Customer wants us to NAT a host to particular IP over a VPN tunnel (ASA) that's also in another customer's tunnel. Possible?

So we have a server that external customers access over site-to-site tunnels with is true IP.

A new customer wants to establish a tunnel with us but wants us to NAT the server IP as it goes out to something specific for them. Is it possible on a Cisco ASA to NAT an IP for only one specific tunnel and not others?

My pushback was for them to NAT our IP on their side as it comes in (not sure what device they have yet, waiting for that info)

Any good resources for learning the basics of cisco ISE?

For bureaucratic reasons, I've been tasked with setting up 2 ISE VMs to handle authenticating about ~30 network devices across 2 small (connected) sites.

I recognise there are probably more suitable products for this scenario, but frankly I'd quite like to learn ISE anyway so not going to dissuade anybody.

Anyone know any good resources for learning the basics of this? It seems there's very little material out there for ISE 3.0, and not much about setting things up from scratch for standalone nodes.

Would appreciate it!

Packet Analyzer for macOS

I am looking for a packet analyzer for my M1 mac. I know about Wireshark and Tcpdump, but they are not optimized for mac, and some features are also broken. So kindly suggest me an excellent alternative to monitor network traffic on macOS.

Cross network routing issue, specifically for ports 80 and 22

Running into a problem that I think is a simple solution that I'm just missing.

This concerns two networks, network A is 1.1.1.x, network B is 2.2.2.x.

I have a computer (1) on network B, that is trying to communicate to another machine (2) that has adaptors for both networks A and B. This is routed through our router which is also on both A and B. The router has its iptables configured to accept and forward all requests to the destination computer on both networks.

I can ping (by name and IP) from computer 1 to 2 on both of computer 2's addresses/names (on networks A/B). However, I cannot ssh, or access its webpage (ports 22 and 80) when trying to go from computer 1 to 2, on network B to A. Both services work when going from computer 1 to 2 on network B to B.

Since I know thats mildly confusing wording, example:

user@computer1_netB ssh user@computer2_netB = success

user@computer1_netB ssh user@computer2_netA = fail (kex error)

user@computer1_netB ping computer2_netB = success

user@computer1_netB ping computer2_netA = success

Pings work with both DNS and IP.

Any help on where to look would be awesome, thanks!

Comparison checklist for access points

In my line of work as presales from a distributor, requirements keep coming in from vendors we don't deal with. In these cases I have to find equivalent models from the vendors we have.

I would like to know what are some important specs or factor to look at when comparing APs from different vendors? Basics I look at are: AC or AX, direction, outdoor or indoor, small-med-high density.

Flw file editor

Hi, anyone know any flw/flow editor application? The flw file is genarate by penta scan machine (Fluke Network), if anyone know kindly help, i searched and found that koffice support flw extension but the application is obsolete now.

Help with HP 3150 el series switch

I have the switch but I can't load the ipe file to flash, and there are no files in flash. Any help is appreciated.

Cisco L2VPN xconnect to Huawei L2VPN VSI

Hi, we have a Huawei network today and we are moving over to Cisco. To make the transition from Huawei to Cisco less “expensive” I was wondering that is possible to to a L2VPN between Cisco and Huawei. Cisco NCS540X as a distribution switch and Huawei as Core terminating the L2VPN?

All new distribution switches I can buy Cisco and when I have build the new Cisco core with SRv6 and EVPN I can move the traffic away.

Best pass through crimper?

Just noticed my cheapo pass through crimper was breaking the little tab off that presses against the cable jacket. So looking for a new better one.

I want to get the best crimper there is. Money is no object. Tired of messed up cable crimps.

I Am thinking about getting the platinum tools ezex crimper. Can anyone recommend this crimper?

https://www.platinumtools.com/products/connectors/ezex-starter-kit-90188/

Thanks!

ASN Usage for Independent Sites

I'm not the most familiar with eBGP or AS usage, so apologizes if this is a simple question.

We currently own a single ASN and a large-ish (/19) IPv4 space. We currently use the same AS at all our geographically separate sites but advertise unique networks from each to our upstream. This means that we end up dropping inbound routes advertised by our other sites.

This isn't causing any current problem, and any service that needs site-site connectivity should be using private addressing which will route across our private WAN links. However, it's always bothered me that we ignore the best paths to ourselves.

Is there a traditional solution to this issue? Do organizations use unique ASNs at each site? Is there a BGP setting to accept these routes without causing loops?

Alternative for Cisco ACI

Hi,

Is there any commercial alternative for Cisco ACI ? We think that ACI may be too restrictive for our organisation but I am not sure if we are already locked-in in our current ACI solution

Round 3 Interview Advice with a CEO

Hello everyone,

I've been looking for a job in the industry for a little over a month now and had little success having no previous industry experience, just the A+ certification and now working towards my CCNA.

Furthest I've been so far has been through 2 rounds of interviews with this dream of a company for a Help Desk position. Tomorrow I will be having breakfast with the CEO of that MSP. Do you all have any advice on what I should prepare? What deep diving questions should I ask to really wow him? Really anything you find might be helpful will be greatly appreciated.

He recommended some books to read and I've read them to help with conversation, but other than talking about how little experienced I am (which isn't helpful) I have no idea what to talk about.

Thanks for anyone who comments. You can dm as well if you don't want to make a public comment, I'd love to chat with you.

Why choose IPsec over MPLS or SD-WAN ?

Hello, why would a company choose to connect 2 sites with IPsec VPN instead of MPLS or SD-WAN ?

Fiber distribution panel

Can anyone recommend a distribution box/panel to terminate some 72-96 count armored outside plant cable to preferably sc/apc connectors? This will be indoors. I've used the smaller wall mount boxes in the past for 12-24 but I'm not having much luck figuring out what to use for the higher count cables.

Thanks!

Ruckus Wi-Fi network experiencing latency spike and unstable wifi connection

our company is suffering from the latency spike and unstable wifi connection.

We have tried the following action to improve the situation:
- adjust Tx Power to "Auto" or "full" or "Min"
- Adjust radio channel range from all to 36-112, 149-161
- channelization from "auto" to 20
- only use 5GHz radio
- switch off some AP
- tune PoE power mode to 802.3bt/class5
- use WPA2 encryption method only
- disable RADIUS authenticate SSID
- Isolate wireless client traffic from other clients on the same AP
- Enable "Rate Limiting" to 80Mbps per client
- Disable Proxy ARP
- Enable Background scanning
- Enable OFDM
- Enable 802.11k

- test ping with same vlan as AP network

but seems no improvement and issue still exists.

we are using top of the line R850 AP with ZD1200, Cisco C9200L-48PXG-4X for PoE switch.

What is the problem? does the AP network too crowd? or the switch settings is wrong?

below are the switchport config:
interface TenGigabitEthernet1/0/37
switchport trunk native vlan 122
switchport mode trunk
power inline port priority high
power inline port 2x-mode
power inline port perpetual-poe-ha
power inline port 2-event
power inline port poe-ha
power inline police action log

end

the latency spike:
https://imgur.com/a/myZ6cnm

the simplify network diagram:
https://imgur.com/a/v1aFjN8

Unidentified network… Window 10 Cisco 9200

Hi

I have a 9200 switch which when connecting any windows devices to it comes back with unidentified network - no internet.

I have removed 802.1x from the port however this was passing in NPS and on the switch.

Windows machines appear to have all the correct setting it is assigned an IP from DHCP and has the correct domain sufficix

Any idea?

Anaog signals over ethernet

I work a lot with analog gear as a lighting artist for venues and galleries, and sometimes my work consists of running 10s or 100s of meters of cabling which im getting tired of.

I was wondering if theres a way to transmit analog signals be it video or controll data for lights over wifi with the ethernet protocol?

for example if i need to transmit data from my led controller to its reciever i need to connect the controller and reciever via an cat5 cable, but the communication between them are analog so it just uses the rj45 connector but theres only analog signals runig oover the cable

Is there any device that converts analog signals into digital, packs it in an ethernet frame sends and sends it over wifi to a decoder which translates the data back to analog?

Automation Optimization - simultaneous netmiko ssh connections

I'm writing a python script to get the interface names of the management interfaces. Basically it's "show ip interface brief | include mgmt_ip" and from there, I get my interface name (Vlan100, or GigabitEthernet2/0). Thing is, it takes 2-5 seconds to connect issue the command, get the data and close the connection. For a few hundred devices, this will take a few hours to run, and 99.999% of that is waiting for the switches to respond.

​

Is there a way to "hyperthread" this? As in, run ~10 or so simultaneous SSH connections and not have each of them wait for the previous to finish? Preferably without getting a PHD in Python first. I don't care much about reordering the data, I can just sort it afterwards.

OSPF design for Branch Office / Datacentre connectivity

Although I'm pretty clued in to the workings of OSPF - I'm looking for some advice on a new OSPF implementation.

Details :

6 datacentres

20 Office locations

Connectivity is all via ipsec tunnels over the internet - via Cisco ISR 4000 routers.

Typical current office connectivity is via 2 ipsec tunnels each on 2 routers each with their own isp - to the 2 'nearest' Datacentres.

Current WAN routing is all static * - ( An office router has 2 ipsec tunnels to 2 diferent datacentres and uses floating static routes for redundancy )

An office core switch has a static route to the 2 office routers HSRP ip address

The ip design is such that the second octet represents an Office or DC ( eg DC1 = 10.1.0.0 /16, DC2 = 10.2.0.0 /16, Office1 = 10.10.0.0 /16, Office2 = 10.11.0.0 /16 etc

​

I'm not too worried about DR / BDR election - i believe i can implement that via OSPF priority.

I guess the main question is area design - will area 0 suffice for router tunnel interfaces - maybe each office internal network could be its own (stub ) area ???

Most likely i'll be using ospf cost on a router that has 2 tunnels to the same DC - to prefer the routes received on one of the tunnels.

Router count = approx 50 - there will be growth but i wouldn't expect to reach 100 anytime soon.

( Current routing is all static * = not quite true. I notice one office has its own OSPF area 0 within itself i.e between router and core switch - mostly likely will need reconfiguring ! )

We do host customer services at our datacentres - customers connect via ipsec tunnels to our Firewall devices - this new OSPF implementation is solely for our office branch connectivity to DC routers.

Any advice much appreciated.

plz help freezing network

we have 10 of routers in our network and sometimes it’s freeze all of client devices network and ive found 3 of routers have same 2.4ghz , 5ghz mac addresses, is it cause of freeze? thx

Half speeds of wifi 6 and iphone 11

I have a problem where my iphone only gets half speeds from the router. My internet is 500mbps but my iphone 11 gets 250-300. After restarting the phone it goes back to normal and I get 500mbps, some time passes and I’m back to 300.

Creating a multi simcard network that is mobile

i work in film and often move locations but need to offer up clients/ crew internet wherever i go. Right now i use a very expensive device called Dejero, which offers 3x sim card bonded networking anywhere in my province of ontario.
i am looking for either one, or multiple devices that would accommodate my needs. Right now i know several other who offer a service similar to Dejero but not the same. One of which uses three cellular modems, one goes into his ethernet hub and the other two go ethernet into usb into his devices.

i suppose i am curious what other use/ would suggest to remedy this need. Any and all device suggestions are welcome as i am combing the internet for anything that may help!

Moronic Monday!

It's Monday, you've not yet had coffee and the week ahead is gonna suck. Let's open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarrassed to ask!

Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected.

Note: This post is created at 01:00 UTC. It may not be Monday where you are in the world, no need to comment on it.

Need wireshark book ?

Hello networking Nerds,

I am trying to find a good and well explained wireshark book ?! got recommendation from one of my friend that Laura chappell book wireshark 101 is good with her course aswell but unfourtunetly could not have it on oreilly as i have oreilly subscribtion any other good recommendation?
looking for well structured books not random free staffs on internet.

Cisco WS-C3750G Web GUI

I can't login to my switch using web GUI, I've done the switch reset and I have full access via console port. However, I can't find a way to reset the Web GUI password.
I've tried looking for "config.text" in switch filesystem, but it's not there.
I'm I doing something wrong or how can a switch run without a config file?

Login page I get: (screenshot) https://cdn.discordapp.com/attachments/877672009352503436/884134441860100108/unknown.png