hi does anyone have link videos explaining this protocol ?
Saturday, November 6, 2021
Verizon ONT with multiple public static IP's
Got a really weird issue, and just wanted to make sure I wasn't going crazy.
Last Friday one of my offices got hit by a storm that knocked out my internet for a few hours. Before this storm, my network config was the Verizon ONT box plugged into a switch, and from there I had 2 firewalls plugged in to the switch each with their own static IP. This was a solid stable connection for 5+ years.
After the storm passed and our internet came back up, we started facing intermittent outages. I called ISP TS, and their immediate response was that my network config was wrong and I needed to have a Verizon router in bridge mode between my firewalls and the ONT. I set this up and had an immediate outage. The next engineer I got a hold of told me to get a managed switch, and set it in to a MTU VLAN mode so that one of the ports was uplink, and have that connected to the ONT. I did this and also had an immediate outage. The last TS I spoke to finally said they would have a tech come out to replace the ONT unit altogether.
The one thing that does work is if I have my firewall directly plugged into the ONT, I have no issues and a stable connection. The problem is that I have 2 firewalls that both require their own public static IP. I don't particularly feel confident that replacing the ONT will fix my problems, but I also don't know what next steps to take.
Cisco Nexus 9000 - VLANs Not Working
Hi,
We are currently attempting to move from Dell PowerConnect switches to Cisco Nexus 9000. We are currently utilizing the switches in L2 mode, but trying to pass VLANs from firewall. Currently, I have one firewall connected to the PowerConnect stack, and one connected to the Cisco via LACP. The native VLAN is working just fine, but for some reason, other VLANs are having trouble.
If I run, sh vlan, port 2 (lacp) shows all vlans. But I do not get any response when trying to ping a vlan across to the other switch. I know I am missing something, just hoping that someone might be able to tell me where to go next. Thanks!
Is it worth taking a deep dive into PPP and HDLC?
I'm reading some texts and they only give a high overview of the protocols.
Is it worth taking a deeper dive into these protocols and other serial line protocols?
VMware cpu hog issue with Cisco ise image
So I have a lab setup on gns3 on my laptop to practice Cisco ise.
Diagram shown below:
Just a simple topology with the Cisco ise connected to a layer 3 switch and a mgmt PC connected to switch via which it will access the ise.
Now the problem is that the link between the ise and the switch (e0 to e2/11) is completely saturated as when I do a "show interface gigabitethernet 0" on the ise I get the following:
Interface is going crazy as you can see the RX packets is like 517gb (and keeps increasing as i keep the interface turned on), this is what I believe is causing the error that I see on the switch (cpu hog errors) and the switch becomes unusable which means I cannot access the gui from the mgmt PC.
I have some other screenshots below which show the settings of the VMware workstation:
Also when I do a packet capture on the link between the ise and switch (e0 to e2/11) this is what I see:
Bunch of connections from 192.168.117.1 to 192.168.117.30 which is what I'm assuming the 517gb data is. The 192.168.117.0/24 subnet belongs to the vmnet2 as shown in the one of the links that I shared above. No idea what the hell is going on here.
All I want to do is be able to lab the Cisco ise. It was actually working fine the first time I set it up with no such issues and I was able to access the gui from the mgmt PC. Then I put the laptop to sleep and when I logged in the next day could never access it again. I reimaged the ise multiple times but to no effect. Know for sure that this is not an issue with resource allocation(cpu,ram, etc) as it was working flawlessly before. I tried recreating the switch as well multiple times to no effect.
So please help!!
What Networking concepts should a Software Engineer learn?
And what are the best ways to learn them. It's hard to find any resources specific for software developers. Like I doubt I need to learn about switches and stuff right?
Do I just need to learn networking then? What modern resources are there to learn.
How to securely allow RDP and SSH access to DMZ
I am looking to create a new VMware cluster on a new network and need to be able to securely provide RDP and SSH access to both myself and potentially a third party.
The whole setup will be set up in a data centre with a number of esxi hosts, firewalls and and switches (L3)
The expected configuration will be something like;
VMware management on 192.168.1.0/24 on vlan 1 connected to interface 1 on firewalls DMZ on 192.168.2.0/24 on vlan 2 connected to interface 2 on firewalls
All access is via the internet, there is no internal lan to speak of, the only segregation at this point is management away from DMZ.
Access to everything on vlan 1 is through a VPN and there is no need for any ports to be open to the public.
Servers in DMZ only currently expose 443 and 80 and this is provided by reverse proxy, web servers themselves are not directly accessible.
I will need to manage these servers and at some point may need to provide third party access to them.
What is going to be the best way to provide access in both scenarios?
Thanks
Those using campus VxLAN, how extensively?
We're coming up on our next campus network refresh, which of course involves having fun with wild speculation over what the network will look like in a 5 to 10 year timeframe, and our biggest question is around EVPN/VxLAN. We've had good luck with it in a simple leaf/spine deployment in our data center, but nothing beyond that. Our two leading vendors, Juniper and Aruba, are both pushing it as the foundation of next gen campus networking, and it absolutely has a lot of benefits, but not without trade offs, like operational complexity (so much BGP...) and licensing costs.
Has anyone out there jumped into the campus VxLAN pool, and if so, how well did it go? Any details you'd be willing to share, such as experience with code quality, ease of troubleshooting, and how extensively throughout your network you extended VxLAN would be greatly appreciated!
Networking Question
I am not very tech savvy, but my boss has asked me to find a way to monitor what employees are doing on our WiFi. I just started here and he mentioned there was an incident, but didn't elaborate. Is there a way I can see what employees are doing on our Network? I appreciate any help. Sorry if this is not the right place to ask this.
How are AWS/GCP/Digital Ocean metadata services implemented?
I poked around some AWS EC2 and GCP compute instances. Noticed a 169.254.169.254 addresses. I was wondering how they implement their meta data service at scale.
There's some literature and some videos that explains how AWS VPC is implemented from a low level perspective. I was wondering if there's any other talk like that for AWS Metadata service.
I found literature explaining an open stack implementation of a metadata service. This picture basically sums up the explanation.
Is the way aws and other cloud providers do it similar? Some insight would be grateful.
Is Cat8 Real?
I was looking at having my router in cupboard 10 meters away from main room that has my pc. I can use the cable in trunking so will not be seen.
Was looking and came across Cat8 cable, this is something never heard of, so is it real?
https://www.amazon.co.uk/Primewire-Ethernet-Standard-Gigabit-Shielding-black/dp/B08736TQRM
My internet speed is 1GB down and 1GB up so yes I know Cat5e and Cat6 would be fine but if Cat8 is real I could still use it
(the link above is just an example and not the one I would buy)
Is it possible to change port mid connection?
I am considering using a hosting service, however their basic plan does not allow me to use the application's default port, I need to pay extra to have it available to me.
Is it possible to have the client connect using my domain on the default port and then have something like the SRV record or a proxy change the port to the one my server is listening on?
I'm a complete noob when it comes to networking so excuse me if any of this is confusing or flat out wrong.
Calculate the minimum length of packet size required to detect collision section in an ethernet section having following specifications: Link Capacity: 150 Mbps Maximum Distance: 200 Meters
- Propagation delay = 150 meters / (2310^8/3) =0.25 us
- Round Trip time=2* Propagation Delay =0.5 us
- minimum frame size=bandwidthdelay(round trip time)
- minimum frame size=150Mbps0.5 us=75 bits
- I have done this way, plz check
Friday, November 5, 2021
Is this normal?
Is it normal for ISP employees to not know what Latency and ping is? I've called my ISP to complain about massive ping spikes and they played dumb. This same employee I've spoken to months prior knew about latency and ping and fixed my issue. Are they told to play dumb? Bell Canada in a nutshell.
Recommendation of an SFP+ module for RB5009UG+S+IN?
At the moment I have a 2011UiAS with an SFP module OPWAY OP5420D-35 and a fibre that's terminated with an LC connector.
Can somebody recommend some high-quality SFP+ modules for simplex LC terminated fibres that can negotiate 1G without problems?
(No duplex LC setup in my case)
Questions regarding VMware Esxi & Hyper V infrastructure
I had couple questions.
If you've built/upgraded network by implementing VMware Esxi or Hyper-V
I'll DM you
What are the advantages and disadvantages of MP BGP eVPN over flood and learning with VXLAN?
The only thing that comes to my mind is the fact that flood and learning has no scalability.
Good refresher course after taking 2 years off of networking? (maybe something around 10 hours long)
I got my CCNA years ago, got a job at an ISP, but then had to quit and I've been out of the game for about 2 years. CCNA expired a year ago or so. Needless to say, a lot of that knowledge has gone dark. (I have terrible memory) Might have an interview soon for another net engineer role. What do y'all think is a good refresher course/book etc? The company uses Cisco.
Any ISP people offer advice?
I've been on the Enterprise side of things my 5 year networking career. Have an interview at a national ISP for a net Engineer position. I'm expecting the position to deal with BGP - anything else I should consider?
Finding infected device on guest wifi network?
My threat management appliance keeps warning me about command and control activity on my guest wlan. All the devices on that network are mobile devices. The threat management appliance is blocking the traffic, but it's still annoying me.
I have guest isolation enabled, and don't have any visibility inside the actual guest wlan... I just monitor the traffic it's sending out. The wlan is managed by an Aruba Instant virtual controller, using the built in "guest network" feature.
Any suggestions where to start to identify what device is infected and blacklist it from the network completely?
Rate Hikes, Economy, Recruiting, Etc.
I have a question regarding salary in the IT/Engineering field. There has been a significant rise in the hourly rate for unskilled work. I know many people that are now making $20-30/hr doing entry level or moderately skilled positions. How has this impacted IT/Engineering? Have the rates increased as well, or is it normal to be offered a similar rate as unskilled labor in the current market?
Personally, it feels weird being offered a salary that my local pizza delivery or uber driver makes. Are recruiters just trying to take advantge or has our salary as network engineers risen as well?
Router responding to all ARP requests.
I have an industrial router (like Moxa or Phoenix) in a machine that is doing basic NAT to allow the machine controller to talk to a file server.
After updating the IP of the router and Nat to a new address the router now responds to all ARP requests on that subnet, essentially creating ip conflicts for every address on the subnet.
Have any of you ever seen anything like it?
Is it possible to have 2 devices with same IP communicate on 1 3 layer switch ?
Imagine 2 PLC with same IP cross paths at the same time on a 3 layer switch. Is this possible without one getting knocked off the network ? I only have 1 switch to make this work somehow. This happening is highly unlikely, but it’s possible. Is it possible to send these through VLANs ? I connected 2 PLC in my lab that had the same IP but of course one got knocked off.
What are the certifications required to break into an IT support/system administrator/network engineer role in Canada?
Title is pretty self-explanatory. I am currently going to school for something unrelated and I am trying to break into this industry.
I have a technical diploma in computer science (so I have a background) from abroad, but here employers are quite fussy about credentials.
Any advice?
EVE-NG Community shows all interfaces as Up/Up even when they are not connected to anything and also can't see full "show run" configs. Is this expected behavior?
I recently started testing out EVE-NG Community edition and labs seem to run fine but one annoying thing is that all interfaces that I turn on will show Up/Up no matter what, even if they aren't connected to anything. Also, when running a "show run" to view the full config, it only shows the timestamp, hostname and AAA config and nothing else. In GNS3 interfaces will correctly show as down if not connected to anything and I can view the entire config with "show run". Tested with iosv, iosv_l2 and csr1000v images - all the same.
Is this just a function of only having the Community edition and not the Pro version or is this just how EVE is?
Disabling Printer traffic by default
Good evening,
I'm new to the reddit and kind of new to networking. I took CCNP classes and currently testing for CCNA while working as an IT Desktop support role. One of the main issues I've run across in while working tickets is that we restrict ports from doing VoIP and Printing, and these have to be enabled on ports that only allow network connectivity for desktops. I'm curious as I never get a reasonable response from our network team. Is there any logistical reason to prevent a printer from being connected to any port? I feel like network connectivity should be restricted moreso than printing or VoIP. I'm just trying to understand why there's extra steps to move a networked printer that could seemingly be alleviated by just allowing printer traffic by default. Please help me understand more.
How do I peer with someone on the same exchange, but different region?
We are looking to jump onto the Equinix exchange in San Jose. (SV10 specifically).
According to PeeringDB the main carrier we want to peer with is on the Equinix exchange, but only in Equinix Dallas and Equinix Chicago.
My question is, if we jump on the Equinix IX in San Jose, can we get to this specific carrier over in Dallas or Chicago? Or do we need to order another transit circuit from San Jose to Dallas and then jump on the Equinix IX in Dallas also?
Moving off LibreNMS advice
My organization wants to move off of LibreNMS and bring it all to Kentik. Has anyone here done this? Looking for some advice. Thanks in advance.
Wired connectivity is going out intermittently on one of our DHCP’s subnet
I apologize in advance if I’m not using the correct terms. Our network admin quit in the middle of an ongoing network issue and he’s got no notes on it so I’m just trying to figure it out. To break it down the best I can - We have a DHCP server with different VLANs and subnets. The DHCP server works as intended and is assigning the right IPs depending on the location and devices. There is one VLAN that is having issues though and it’s the wired one in one of our buildings. It assigns the IPs fine, but then the wired Internet on the device it assigns them randomly goes out and they’ll switch over to wifi. It appears to be completely random. Some days there’s no issues and others there are. Some days my computer is having the issue and the next day it’s someone else. Any suggestions on what I can try? Anything helps. Thanks
1 hostaname, 2 possible IP addresses
Hello, i came here looking for advice… y have one computer with 2 network cards, one is connected to a vpn, and the other is connected to internet (public ip) Also i have 1 piece of software sending data to a remote host, using the vpn, since the vpn goes thru a radio link, is unstable, and i need to get the conection to use the other network card when the vpn is disconnected.
Can anyone advise me the best way to do this?
Making a DHCP server work for multiple subnets
Last week I posted this thread about some VLAN woes I was having and a few of the members here were extremely helpful. Now I am hoping someone can help me in the next step of troubleshooting this absolute dumpsterfire.
Here is a simplified topology that will help illustrate the situation
I have multiple VLANs with ip routing enabled on the layer 3 switch. Right now I am chiefly concerned with VLANs 1 and 22. There is a DHCP server on VLAN 1 with a /23 subnet. When I plug a device in on VLAN 1 it gets DHCP no problem. I would like it to be able to also serve DHCP on the VLAN 22 subnet so I edited the dhcpd.conf file on the DHCP server to include a second pool that matches the VLAN 22 subnet.
When I plug my laptop into a VLAN 22 access port on a layer 2 switch that is trunked to the core I am able to set a static IP in the laptop and ping the VLAN 22 gateway, get internet, etc. I am also able to ping the DHCP server on VLAN 1 no problem. However, I when I tell the same laptop to obtain it's IP address automatically I get no IP.
The DHCP server has subnets on it for both the ip pools in VLAN 1 and VLAN 22 but it will only serve DHCP to the devices on it's same VLAN (1). How can I get this to work? What is stopping the DHCP server from serving IPs to a different VLAN?
I noticed VLAN 1 has "no ip proxy-arp" on it. Is that the reason?
I looked at the ACL on the core switch and I don't see anything about denying UDP between the subnets so shouldn't DHCP work between them?
I have a feeling I may be going wrong somewhere on a more fundamental level. Maybe I am misunderstanding how DHCP works. Any help would be greatly appreciated.
Smart TVs, Fire Sticks, Apple TVs etc. on a corporate network
My organization's network uses APs with a EAP-TLS authentication for the company laptops, tablets, and there is a free guest network in some locations that has a splash page where you must agree to the T&Cs before being allowed to go to the Internet.
A group here has come up with a business use case for displaying web pages on large displays 24x7...big dashboards. They are requesting to use Smart TVs, Fire Sticks, or Apple TVs (or something cheap) to constantly display these dashboards. Do these devices typically support Enterprise type of authentication on the Wi-Fi network? I'm not sure if I should be landing these on my corporate network for cybersecurity reasons. How should these things be handled? Do they typically require a Wi-Fi network with a PSK? If that is the case, I might have to set up another SSID just for these devices.
K.ostenlose Leads für Dein Business
Ich wollte mich bei dir melden, um zu sehen, ob du meinen letzten Post schon gelesen hast.
Ich weiß, dass wir unsichere Zeiten haben und dass selbst der Gedanke, nach neuen Möglichkeiten zu suchen, um mehr neue Kunden zu gewinnen und den Umsatz zu steigern, die meisten Online Marketer verunsichert.
Aber unser Prozess funktioniert sehr, sehr gut - und das möchte ich dir beweisen.
Ich bin so hartnäckig, weil ich weiß, dass dies das Spiel für dich verändern wird.
Willst Du MEHR Interessenten, MEHR Provisionen und MEHR Einfachheit?
K.ostenlose Leads für Dein Business
** Das Highlight im digitalen Marketing **
Du möchtest lieber FAKTEN, als wieder nur Versprechungen und weitere Online Kurse?
Solltest Du selber als Online Marketer da mitten drin stecken, dann sollte Dein Erfolgs-Motto für 2022 lauten:
„Raus aus der Masse und rein die Expertenliga!“
Lass uns darüber reden, wie du die gleichen Ergebnisse erzielen kannst (wenn nicht sogar bessere).
Was würde sich für Dich, ändern wenn du auf einmal mehr Zeit und Geld zur Verfügung hättest?
Hier direkt ein persönliches Gespräch für die Strategie deines Business vereinbaren.
Weitere Infos immer aktuell in unserer Facebook Gruppe:
www.facebook.com/groups/1211178136009656/
Ich freue mich auf dich.
ISP routing /29 over /30 P2P, IP wastage
So we have a /30 P2P link from our ISP and an additional /29 routed over the /30 with static routes on their side.
1.1.1.2 being our side of the /30 link
1.1.2.8/29 being the /29 routed over the /30
Static route from them:
1.1.2.8 255.255.255.248 1.1.1.2
This results in us being able to use only 6 IPs from the 8 in the block. 1.1.2.9 - 1.1.2.14
Instead of that, can we ask them to route each individual IP from that block as a /32 so that we can use all 8 IPs?
eg:
1.1.2.8 255.255.255.255 1.1.1.2
1.1.2.9 255.255.255.255 1.1.1.2
...and so on
How to get to shared folder sitting in another domain with trust
I have created two domains, let's call them Alpha and Beta.I made one-way trust so that people from Beta can login to Alpha and I made sure they can access the shared folder.
I now want to make a more convenient way so people from Beta wouldn't need to RDP into a machine in Alpha in order to view the shared folder.
How do I do this?
Is there a way I can just type an address into explorer and they will get there? How this address would look like?
Office Network (30+ PCs) - How to setup an administrator network?
This is going to sound ridiculously amateur but unfortunately, we do not have a network specialist, so I am trying to figure out how to do this myself. I've done quite a bit of research, but I am struggling to find what I am specifically after, probably because I don't know what exactly to search for, if someone could point me in the right direction then I will take it from there.
Basically, we have 30+ PCs in the office, all I want to be able to do, as the business owner, in control of all the PCs, turn on/off, and when necessary access the PCs (for example, when people exit the business).
Appreciate this is probably very basic, if someone could simply let me know the software, or the guide I need to read, or something like that I'd be very appreciative.
Help me identify this diagram making software
Years ago circa 2014 I used some software for making network diagrams that were dynamically generated by manually entering network inventory information into some software. You could then manipulate the diagram and label it accordingly to produce cable schedules, network topology diagrams, interconnectivity diagrams etc.
Here's a diagram output (some parts redacted).
IkPPDyt.png (1034×1700) (imgur.com)
Does anybody recognise this software at all? Killing me trying to remember what it was called. I believe there was a "free for home use" and a commercial variant, but I could be wrong.
Thursday, November 4, 2021
RFC1918 is not for MPLS usage?
Hi all I have an mold network with a mix of Juniper ACX and Cisco ASR 1004 as core and edge routers We are using 10.200.0.0/24 and 10.200.1.0/24 prefixes for p2p and loopback interfaces respectively (/30 and /32)
I have been advised to use public routable IP address
Can anyone comment on this?
Low Port Density 10gbs SFP+ switch
I only need 8-10 SFP+ 10gbps ports for some servers. Most switches I see that have SFP+ are 24 port plus. Any suggestions? Also they need to be either stackable or a line card in a modular chassis for MLAG
Thanks
Blogpost Friday!
It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts.
Feel free to submit your blog post and as well a nice description to this thread.
Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it.
Recommendations for TACACS+ server?
I nearly titled this "Sell me on a TACACS+ server or alternative"
I've been aware of TACACS forever but I've never had a need to set it up. But recently my manager and I have been discussing wanting to:
1) Log every command entered on our Cisco gear by whom - this has arisen from a couple times when a device has mysteriously restarted, and the 'sh ver' output says it was rebooted by reload command, but nobody will own up to doing it.
2) Give us the ability to assign each employee their own login - ideally, to use their AD credentials - instead of having to share one or two logins.
I believe this is exactly what AAA & a TACACS+ server will give me. Feel free to correct me if I'm wrong.
I've been browsing around a bit today and right now I'm not sure what direction to go.
We're a mostly Windows shop, so a Linux solution is not preferred (but possible, if there's strong justification). I've also seen cloud-based solutions, I wouldn't be opposed to that if folks here can endorse them.
We're not necessarily looking for a free one (I think tacacs.net is free, with some limitations?) but obviously want something reasonably priced.
The question of what will happen if the server goes down will inevitably be asked, so any tips on setting up a backup at another site or experience with cloud solutions would be great.
Any help greatly appreciated - thanks in advance.
Cisco WLC 9800 CoA Vlan assignment from FreeRadius
Hello,
I am attempting to set up a Freeradius server using daloradius gui. Ive got the basics setup and auth is fine to my juniper switch, and router, etc so the last part is getting my WLAN users to auth through it. Currently everything is pointing to an Aruba Clearpass server however, im tired of applying new eval licenses ever 180 days.
Has anybody been able to get this type of setup working? It worked using clearpass just by sending:
Tunnel-Private-Group-Id = WLAN-VLAN-2
I set up the same attribute in freeradius and its authenticating but the vlan assignment is hitting my default vlan.
Tunnel-Type = VLAN
Tunnel-Medium-Type = 802
Tunnel-Private-Group-Id = WLAN-VLAN-2
Did a packet capture on the WLC and it all goes through but still no vlan assignment. I have tried with just the group id attribute, ive tried with just the vlan number instead of the name. The name is what worked with Clearpass.
[LFSwitch] Anyone have experience with blackbox networking, need -40C -> +40C POE+ 6-10 port switch with management
As title states we have an environment where the switch will be exposed inside a non heated shed (and a cabinet right now is out of the question due to urgent need for the switch to keep production going).
I saw this switch https://www.cdw.ca/product/black-box-industrial-extreme-temperature-switch-8-ports-managed-taa/5471411?pfm=srh which seems to check all the boxes, however I don't know anything about this brand.
Our needs are basic
-
6-10 ports
-
POE+ as it drives access points
-
gigabit for futureproofing, although we can get a cisco 10/100 industrial but in this day and age its better to go with gig minimum
-
-40 to +40 celsius or more weather rating, the dust/sleet/rain/ice rating doesn't matter too much, really just the temperature harshness/survivability.
-
Managed and VLAN capable, web management is a plus
All patch cables (from patch panel to switch in same two post rack, not to floor) cut by LV workers during a renovation project that required moving the network rack. Is this normal?
The patch paneling is at the top of the two post rack in which we have two 48 port switches below with patch between. I understand cutting the cabling to the rack from the floor. I do not understand cutting all the patch from the panels to the switches.
Their current explanation is that it was so the could leave the cable ends in the switch to prevent dust from getting in during renovation. I call BS. We've done this before and can simply unplug the cables if you need to remove the switches (which they were removed anyway after cutting the cables). If you're going to remove the switches you literally have any number of ways to prevent dust during reno getting in them.
I'm of the opinion someone was trying to save a headache while removing the switches and simply cut them all and now they're backpedaling.
Need guidance on replacing Cisco SD WAN router (1121x-8p) with another.
Took over a shop that uses Cisco SD-WAN managed through VManage templates. We had a router go south that needs replacing. Can someone please tell me if my plan will work? I was given almost no documentation on their processes so I've managed to pull together these steps from the cisco docs I read through (links below).
1.) Generate bootstrap configuration file from the existing router in vmanage and copy it over to the flash of the new router
2.) Take down old router and invalidate its certificate in Vmanage
3.) Bring up new router and make sure that it loads the configuration from the bootstrap file properly.
4.) Validate the certificate for new router inside Vmanage. At this point I'm thinking it should be manageable by VManage.
Cost to build a small tower for a ubiquity repeater ?
Hi- I would like to bring high speed internet to a remote location in a valley 12km from the nearest cell tower. We will need 2TB per month.
Unfortunately, the location is behind a ridge, and does not have line of sight to the tower. I was thinking that the best option might be to lease some bandwidth from the tower owner and place a ubiquity dish on their tower, beam internet to another ubiquity dish mounted on a small tower on the ridge that we will we'll construct on the ridge, then beam it the last 2km to the location.
Is that a reasonable solution?
If so, what costs might be involved?
Buying 2TB per month from the tower owner Building our own small tower 10km away, with its own solar or propane power unit ubiquity dishes
Any advice or cost estimates much appreciated !
Wildcard Mask Sanity Check
Hi all, I'm trying to permit GRE traffic to two IPs:
- 10.137.1.254
- 10.138.1.254
I believe this would be a valid ACL entry:
permit gre any 10.137.1.254 0.1.0.0
I believe that mask which is the following in binary means that we don't care about the least significant bit of the second octet (source)
00000000.00000001.00000000.00000000
Can anyone give me a sanity check on this? You don't see this configuration much because most people would just do two ACL entries but I'm super tight on TCAM and have to be very precise in what I allow.
Thanks!
Help advertising a default route with prepends to a BGP neighbor
Any way I can advertise a default route to a specific neighbor with prepends?
I have a private wireless carrier that we have multiple wireless devices on and we peer with them in 2 locations on Cisco ASRs. I have import and export route-maps with a default-originate setup in BGP. When I test this in my lab the export route-map that has the AS prepends and ip prefix-list permit for 0.0.0.0 doesn't seem to be sending the prepends across. It appears the default-originate is it's own special thing and wont add the prepends even if there is a route-map setup to do it.
HA LAN Setup Across Datacenters
Hello Everyone,
I need to wrap my head around some basic design and possibly choose routing protocols for a project. Basically we will have DC a and DC b which are connected together over a direct fiber link, with the intention that DC a will be primary site. DC b the backup site. At the WAN level failover between sites will be handled by BGP. My questions surround the lan side. I have two switches at each site and a fiber link connecting those switch pairs with a trunk between them. How do I go about setting up the Lan so that of site a goes down site b takes over in the same way almost like a mirrored config. What routing protocols should I use as well ospf or vrrp? Should I put all switches into a quad vrrp setup? I can provide any other details needed but I just wanted to throw something out to start.
Spanning Tree Protocol
I find this very helpful!
Spanning Tree Protocol
Types of STP
\- Original STP \- STP / 802.1D \- PVST+ \- Cisco improvement adding a per VLAN feature \- Cisco default \- RSTP / 802.1w \- Improved STP with much faster convergence \- Rapid PVST+ \- Cisco improvement of RSTP adding per VLAN feature \- Makes a large network more efficient
Why STP?
\- STP is used to prevent loops when using redundant switches \- Broadcast messages are sent all the time and Broadcast Storms are easy to trigger \- Loops also cause unstable MAC address tables because they're constantly being changed/updated \- Duplicate frames are being sent to the same host
How STP Works
\- Switches in a loop 'drop' one of the ports \- Switch with the blocked port still receives the data but it ignores it \- Simple but how the switches choose the port to block can be tricky
Choosing the blocked port
\- 1) Elect a root bridge \- King of switches \- 2) Place root bridge interfaces into a Forwarding state \- 3) Each non-root switch selects its Root Port \- This is the best route to the bridge \- 4) Remaining links choose a Designated Port \- 5) All other ports are put into a Blocking state
Roles
\- Root Ports \- The best port to reach the Root Bridge \- Designated Port \- Port with the best route to the Root Bridge on a link \- Non-Designated Ports \- All other ports that are in a blocking state
States
\- Disabled \- Port that is shutdown \- Blocking \- A port that is blocking traffic \- Must move to Listening state before moving to Forwarding \- Listening \- Not forwarding traffic and not learning MAC addresses \- Transitional State while changing from 1 role to another \- Held in this state for the Forward Delay timer (15 sec default) \- Learning \- Not forwarding traffic but learning MAC addresses \- Transitional State while changing from 1 role to another \- Held in this state for the Forward Delay timer (15 sec default) \- After this, the port can now move to a Forwarding state \- Forwarding \- Sending and receiving traffic like normal \- Can move directly to Blocking
Root Bridge Election
\- Each switch has a BPDU. BPDU contains: \- Root Cost \- Cost of the root bridge \- BID (Bridge ID) \- The switch with the lowest overall BID will become the root bridge \- They look something like: 32769aaaa:aaaa:aaaa \- BID is made up of: - STP priority
- Default value of 32768 + VLAN number
- For VLAN 1, the STP priority would be 32769
- MAC Address
\- Each switch thinks it should be the root bridge \- They share their BPDUs with each other \- Once they all agree, the root bridge has been elected \- All ports on the root bridge enter a Forwarding State \- Each non-root switch will now choose the best path to the root bridge \- This is the Root Port \- This is based on Port Cost \- Cost is based on port speed \- Better speed, lower cost \- Each outgoing port to the root added together \- Can be set manually \- If a tie happens, they look at lowest neighbor BID - If they tie, they use lowest neighbor port priority
- If they tie, lowest neighbor port number
\- Select a Designated Port \- Look at lowest root cost to the bridge \- If that ties, lowest BID - If that ties, lowest neighbor port priority
- If that ties, lowest neighbor port number
\- Every port that is not a root port of designated port is put in a Blocking State
Downfall of STP -- Convergence
\- The time it takes to do the work and become stable
Timers - Default (RSTP addresses the delay of convergence)
\- Hello \- Every 2 seconds \- Lets everyone know everything is still alive \- MaxAge \- 10x Hello timer by default (20 seconds) \- The time the switch will wait before it realizes something is wrong \- Forward Delay \- 15 seconds \- The time between the Listening and Learning state HP Comware Switch - Aggregation with single interface?
Question to the layer 2 experts.
Knocked one of our core switches out by adding a single interface to a vlan.
After adding the interface to the vlan the switch stopped operating instantly.
After rebooting I checked the config and saw that this interface is the single member of an aggregation. I think this doesn’t make any sense… could the different vlan membership of aggregation and interface the reason of the error?
Confusion on AnycastGateway in EVPN-VXLAN nework
Hello
I'm confused about Anycast GW in an EVPN-VXLAN fabric. Do all leafs carrying the virtual GW IP should be able to ping a host belonging to the subnet?
I'm wondering because in the test environement i have (based on Nexus), only the leaf carrying the host can ping (so the host is directly connected to that leaf).
I we take that basic topology below, does LEAF2 can ping 192.168.1.1?
Thanks
What is it like to go from a network engineer to a manager?
I've been an network engineer for many years and am at a point where I don't see much room to advance without getting into management. I saw a management job open up which I think I'll apply for even though I really have no management experience. I guess in most people's career you reach a point where you have to say "Do I switch over to management or just keep doing this the rest of my life?"
Anybody want to share your experience with this situation?
Windows Domain Strange Issue
Hello,
Recently at the company that I work at we have undergone a network redesign to modernize hardware and implement redundancy. One of the issues we have faced has been a connection between our windows domain controller and the 2 clients that connect to it. The 2 client machines were moved from the firewall down to the router level and the domain controller remained at the dmz level on the firewall. All of the machines can ping one another and the domain controller can see the 2 client machines, however the 2 client machines cannot communicate on the domain level.
Anybody have any obvious ideas that I happen to be missing? Thank you for any help you provide.
Simple NAT device
We have a very old piece of equipment that has an static IP that cannot be changed. We want to put it on our network but have a different IP. Is there a simple NAT device that can go in between the equipment and the network that changes its IP. I know routers can do this, just wondering if there was a specific device. Thanks. FYI I’m not a networking expert!
Will replacing an RJ45 in a switch interface cause it to flap?
Sorry for basic question, cannot find this online.
Is there a GUI ansible(or ansible competitor) for Windows?
A quick google tells me Ansible doesn't even run on windows(well not natively).
Something that would let me mass manage Mikrotiks, Ciscos, Aristas and Ubiquiti(edgemax) but doesn't force me too learn much of the tools logic or any coding. Or rather the coding should be 101% optional for the tool.
Something like you import the devices by ip address. Then you can select devices, right click and you have options like do x, do y, open terminal and upload script(this being as far as I am willing to go with codin atm).
It does not need to 'read the state' of a device more tha what SNMP can do, alrhough it would be a nice to have.
Need some help configuring a VPN using IKEV2 protocol
Hello!
I need some help configuring a VPN. I’m really new to networking / virtual networks so please bear with me.
We have a relatively small network using an Ubiquiti US-24-250W switch and a server running VMs. I want to configure a client using Ikev2 protocol but the authentication fails. This is where I’m at a loss. Our provider reports that on their side of the VPN tunnel the packets are coming with a source IP address of a local client (VM) instead of our global static IP that we provided. Could it be configured a way that the packets are encrypted with the correct IP and routed internally to and from a random client? Or we just give the wrong IP to our provider?
Thanks!
D.
AWS VPN with VPG question
I am a developer that got stuck with a task of solving this, and this is as far as I got. I am still struggling with terminology, but here is my best attempt at explaining the issue.
I have an AWS VPN with static routes connection with customer established, both tunnels are up. I can as well ping few IP's on their part of the network. And they can ping my EC2 instance on my side.
However, the customer want to be able to ping IP's inside the VPN tunnel, my guess is for monitoring, but that does not work:
ping vrf PUBLIC_VPN3 169.254.166.169 source 169.254.166.170
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 169.254.166.169, timeout is 2 seconds:
Packet sent with a source address of 169.254.166.170
.....
Any idea what in AWS is blocking it?
NACL allows all from 0.0.0.0/0 inbound and outbound. There is no firewall.
Please point me in the right direction!
Wednesday, November 3, 2021
HPE Layer 2 Multicast Nightmare.
Hive mind, please help, I am desperate.
I'm banging my head against a wall trying to get a multicast video network to stabilize. Currently have 4x 5510 (JH147A and JH148A) 24 and 48 port switches and a single HPE5940 (JH390A) with roughly 60 encoders running to 30 decoders. I have video flowing and is somewhat stable.... Somewhat being key. There is instability whenever a decoder joins a multicast group, all the decoders will "flash" as a result of lost packets. Switch configs are attached. the 24 and 48 port 5510 switches have 4x10G uplinks to the 5940. Ill take any ideas. I've re-built this network from the ground up 4x in the last 3 days. Firmware is all current. Have a deployment of the same multicast video devices on another switch MFR and no issues.
QoS is configured as per MFR specs, IGMP and IGMP snooping are enabled. Only one querier is defined. All multicast devices are static'd inside vlan100.
Multicast Traffic from Crestron NVX and AES67 Audio
Multicast range is 232.1.X.X
Thank you in advance for any ideas you may have.
5940 Config:
# version 7.1.070, Release 2702P01-US # sysname A2C2 Core # clock timezone Alaska minus 09:00:00 clock summer-time FDT 02:00:00 March second Sunday 02:00:00 November first Sunday 01:00:00 clock protocol none # telnet server enable # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # igmp-snooping # lldp global enable # system-working-mode standard hardware-resource switch-mode 0 hardware-resource routing-mode ipv6-64 hardware-resource vxlan l2gw fan prefer-direction slot 1 port-to-power password-recovery enable # vlan 1 # vlan 100 igmp-snooping enable igmp-snooping drop-unknown igmp-snooping querier igmp-snooping query-interval 30 igmp-snooping general-query source-ip 192.168.1.1 igmp-snooping special-query source-ip 192.168.1.1 # qos map-table dscp-dot1p import 8 export 5 import 9 export 0 import 10 export 0 import 11 export 0 import 12 export 0 import 13 export 0 import 14 export 0 import 15 export 0 import 16 export 0 import 17 export 0 import 18 export 0 import 19 export 0 import 20 export 0 import 21 export 0 import 22 export 0 import 23 export 0 import 24 export 0 import 25 export 0 import 26 export 5 import 27 export 0 import 28 export 0 import 29 export 0 import 30 export 0 import 31 export 0 import 32 export 6 import 33 export 0 import 34 export 0 import 35 export 0 import 36 export 0 import 37 export 0 import 38 export 0 import 39 export 0 import 40 export 0 import 41 export 0 import 42 export 0 import 43 export 0 import 44 export 0 import 45 export 0 import 46 export 6 import 47 export 0 import 48 export 0 import 49 export 0 import 50 export 0 import 51 export 0 import 52 export 0 import 53 export 0 import 54 export 0 import 55 export 0 import 57 export 0 import 58 export 0 import 59 export 0 import 60 export 0 import 61 export 0 import 62 export 0 import 63 export 0 # stp global enable # interface Bridge-Aggregation3 port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 link-aggregation mode dynamic # interface Bridge-Aggregation4 port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 link-aggregation mode dynamic # interface Bridge-Aggregation5 port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 link-aggregation mode dynamic # interface Bridge-Aggregation6 port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 link-aggregation mode dynamic # interface NULL0 # interface Vlan-interface1 ip address 192.168.0.1 255.255.255.0 dhcp client identifier ascii 4caea3ec1578-VLAN0001 # interface Vlan-interface100 ip address 192.168.1.1 255.255.255.0 igmp enable # interface HundredGigE1/0/49 port link-mode bridge # interface HundredGigE1/0/50 port link-mode bridge # interface HundredGigE1/0/51 port link-mode bridge # interface HundredGigE1/0/52 port link-mode bridge # interface HundredGigE1/0/53 port link-mode bridge # interface HundredGigE1/0/54 port link-mode bridge # interface M-GigabitEthernet0/0/0 dhcp client identifier hex 024caea3ec1578 # interface M-GigabitEthernet0/0/1 dhcp client identifier hex 024caea3ec1578 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 3 # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 3 # interface Ten-GigabitEthernet1/0/3 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 3 # interface Ten-GigabitEthernet1/0/4 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 3 # interface Ten-GigabitEthernet1/0/5 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 4 # interface Ten-GigabitEthernet1/0/6 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 4 # interface Ten-GigabitEthernet1/0/7 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 4 # interface Ten-GigabitEthernet1/0/8 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 4 # interface Ten-GigabitEthernet1/0/9 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/10 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/11 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/12 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/13 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 6 # interface Ten-GigabitEthernet1/0/14 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 6 # interface Ten-GigabitEthernet1/0/15 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 6 # interface Ten-GigabitEthernet1/0/16 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 6 # interface Ten-GigabitEthernet1/0/17 port link-mode bridge # interface Ten-GigabitEthernet1/0/18 port link-mode bridge # interface Ten-GigabitEthernet1/0/19 port link-mode bridge # interface Ten-GigabitEthernet1/0/20 port link-mode bridge # interface Ten-GigabitEthernet1/0/21 port link-mode bridge # interface Ten-GigabitEthernet1/0/22 port link-mode bridge # interface Ten-GigabitEthernet1/0/23 port link-mode bridge # interface Ten-GigabitEthernet1/0/24 port link-mode bridge # interface Ten-GigabitEthernet1/0/25 port link-mode bridge # interface Ten-GigabitEthernet1/0/26 port link-mode bridge # interface Ten-GigabitEthernet1/0/27 port link-mode bridge # interface Ten-GigabitEthernet1/0/28 port link-mode bridge # interface Ten-GigabitEthernet1/0/29 port link-mode bridge # interface Ten-GigabitEthernet1/0/30 port link-mode bridge # interface Ten-GigabitEthernet1/0/31 port link-mode bridge # interface Ten-GigabitEthernet1/0/32 port link-mode bridge # interface Ten-GigabitEthernet1/0/33 port link-mode bridge # interface Ten-GigabitEthernet1/0/34 port link-mode bridge # interface Ten-GigabitEthernet1/0/35 port link-mode bridge # interface Ten-GigabitEthernet1/0/36 port link-mode bridge # interface Ten-GigabitEthernet1/0/37 port link-mode bridge # interface Ten-GigabitEthernet1/0/38 port link-mode bridge # interface Ten-GigabitEthernet1/0/39 port link-mode bridge # interface Ten-GigabitEthernet1/0/40 port link-mode bridge # interface Ten-GigabitEthernet1/0/41 port link-mode bridge # interface Ten-GigabitEthernet1/0/42 port link-mode bridge # interface Ten-GigabitEthernet1/0/43 port link-mode bridge # interface Ten-GigabitEthernet1/0/44 port link-mode bridge # interface Ten-GigabitEthernet1/0/45 port link-mode bridge # interface Ten-GigabitEthernet1/0/46 port link-mode bridge # interface Ten-GigabitEthernet1/0/47 port link-mode bridge # interface Ten-GigabitEthernet1/0/48 port link-mode bridge # scheduler logfile size 16 # line class aux authentication-mode scheme user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line vty 0 authentication-mode scheme user-role network-operator protocol inbound ssh # line vty 1 62 user-role network-operator # line vty 63 authentication-mode scheme user-role network-operator protocol inbound telnet # ssh server enable ssh user admin service-type stelnet authentication-type password # undo password-control aging enable undo password-control length enable undo password-control composition enable undo password-control history enable password-control login-attempt 3 exceed unlock password-control update-interval 0 password-control login idle-time 0 # radius scheme system user-name-format without-domain # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$1GKzJLJLsaVwOiY+$ZevZUhVJqlCrxhpEgJVWXZSMOCsbRjKI2b3g+yLsRT01syV8G4a11VaTEcIFT5JJtL2yMEUioSwECHErqp8WDQ== service-type ftp service-type telnet http https ssh terminal authorization-attribute user-profile admin authorization-attribute user-role netowrk-admin authorization-attribute user-role network-admin authorization-attribute user-role network-operator # ssl version ssl3.0 disable # ftp server enable # ip http enable ip https enable # return 5510 (Front) Config 24X Encoders, 8X Decoders
# version 7.1.070, Release 3507-US # sysname FRONT # telnet server enable # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # igmp-snooping # lldp global enable # password-recovery enable # vlan 1 # vlan 100 igmp-snooping enable igmp-snooping drop-unknown igmp-snooping query-interval 30 igmp-snooping general-query source-ip 192.168.1.1 igmp-snooping special-query source-ip 192.168.1.1 # qos map-table dscp-dot1p import 8 export 5 import 9 export 0 import 10 export 0 import 11 export 0 import 12 export 0 import 13 export 0 import 14 export 0 import 15 export 0 import 16 export 0 import 17 export 0 import 18 export 0 import 19 export 0 import 20 export 0 import 21 export 0 import 22 export 0 import 23 export 0 import 24 export 0 import 25 export 0 import 26 export 5 import 27 export 0 import 28 export 0 import 29 export 0 import 30 export 0 import 31 export 0 import 32 export 6 import 33 export 0 import 34 export 0 import 35 export 0 import 36 export 0 import 37 export 0 import 38 export 0 import 39 export 0 import 40 export 0 import 41 export 0 import 42 export 0 import 43 export 0 import 44 export 0 import 45 export 0 import 46 export 6 import 47 export 0 import 48 export 0 import 49 export 0 import 50 export 0 import 51 export 0 import 52 export 0 import 53 export 0 import 54 export 0 import 55 export 0 import 57 export 0 import 58 export 0 import 59 export 0 import 60 export 0 import 61 export 0 import 62 export 0 import 63 export 0 # stp global enable # interface Bridge-Aggregation5 port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 link-aggregation mode dynamic # interface NULL0 # interface Vlan-interface1 ip address 192.168.0.5 255.255.255.0 dhcp client identifier ascii 004caea3cd433e-VLAN0001 # interface Vlan-interface100 ip address 192.168.1.5 255.255.255.0 igmp enable # interface GigabitEthernet1/0/1 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/2 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/3 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/4 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/5 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/6 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/7 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/8 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/9 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/10 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/11 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/12 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/13 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/14 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/15 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/16 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/17 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/18 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/19 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/20 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/21 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/22 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/23 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/24 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/25 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/26 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/27 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/28 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/29 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/30 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/31 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/32 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/33 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/34 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/35 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/36 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/37 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/38 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/39 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/40 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port # interface GigabitEthernet1/0/41 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/42 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/43 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/44 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/45 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/46 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/47 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/48 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface M-GigabitEthernet0/0/0 ip address dhcp-alloc dhcp client identifier hex 024caea3cd433e ipv6 address auto ipv6 address dhcp-alloc ipv6 dhcp client duid mac M-GigabitEthernet0/0/0 # interface Ten-GigabitEthernet1/0/49 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/50 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/51 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/52 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 5 # scheduler logfile size 16 # line class aux authentication-mode scheme user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line vty 0 authentication-mode scheme user-role network-operator protocol inbound telnet # line vty 1 62 user-role network-operator # line vty 63 authentication-mode scheme user-role network-operator protocol inbound telnet # ssh server enable ssh user admin service-type stelnet authentication-type password # password-control enable undo password-control aging enable undo password-control length enable undo password-control composition enable undo password-control history enable password-control login-attempt 3 exceed unlock password-control update-interval 0 password-control login idle-time 0 # radius scheme system user-name-format without-domain # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage service-type ftp service-type telnet http https ssh terminal authorization-attribute user-profile admin authorization-attribute user-role netowrk-admin authorization-attribute user-role network-admin authorization-attribute user-role netowrk-operator # ip http enable ip https enable # return
5510 (Display) Config oX Encoders, 12X Decoders
# version 7.1.070, Release 3507-US # sysname Display # clock timezone Alaska minus 09:00:00 clock summer-time FDT 02:00:00 March second Sunday 02:00:00 November first Sunday 01:00:00 clock protocol none # telnet server enable # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # igmp-snooping # lldp global enable # password-recovery enable # vlan 1 # vlan 100 igmp-snooping enable igmp-snooping drop-unknown igmp-snooping query-interval 30 igmp-snooping general-query source-ip 192.168.1.1 igmp-snooping special-query source-ip 192.168.1.1 # qos map-table dscp-dot1p import 8 export 5 import 9 export 0 import 10 export 0 import 11 export 0 import 12 export 0 import 13 export 0 import 14 export 0 import 15 export 0 import 16 export 0 import 17 export 0 import 18 export 0 import 19 export 0 import 20 export 0 import 21 export 0 import 22 export 0 import 23 export 0 import 24 export 0 import 25 export 0 import 26 export 5 import 27 export 0 import 28 export 0 import 29 export 0 import 30 export 0 import 31 export 0 import 32 export 6 import 33 export 0 import 34 export 0 import 35 export 0 import 36 export 0 import 37 export 0 import 38 export 0 import 39 export 0 import 40 export 0 import 41 export 0 import 42 export 0 import 43 export 0 import 44 export 0 import 45 export 0 import 46 export 6 import 47 export 0 import 48 export 0 import 49 export 0 import 50 export 0 import 51 export 0 import 52 export 0 import 53 export 0 import 54 export 0 import 55 export 0 import 57 export 0 import 58 export 0 import 59 export 0 import 60 export 0 import 61 export 0 import 62 export 0 import 63 export 0 # stp global enable # interface Bridge-Aggregation5 port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 link-aggregation mode dynamic # interface NULL0 # interface Vlan-interface1 ip address 192.168.0.4 255.255.255.0 # interface Vlan-interface100 ip address 192.168.1.4 255.255.255.0 pim dm igmp enable # interface GigabitEthernet1/0/1 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/2 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/3 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/4 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/5 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/6 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/7 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/8 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/9 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/10 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/11 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/12 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/13 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/14 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/15 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/16 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/17 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/18 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/19 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/20 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/21 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/22 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/23 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface GigabitEthernet1/0/24 port link-mode bridge port access vlan 100 igmp-snooping fast-leave vlan 100 stp edged-port poe enable # interface M-GigabitEthernet0/0/0 ip address dhcp-alloc dhcp client identifier hex 024caea3cd433e ipv6 address auto ipv6 address dhcp-alloc ipv6 dhcp client duid mac M-GigabitEthernet0/0/0 # interface Ten-GigabitEthernet1/0/25 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/26 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/27 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/28 port link-mode bridge port link-type trunk port trunk permit vlan all port trunk pvid vlan 100 port link-aggregation group 5 # scheduler logfile size 16 # line class aux authentication-mode scheme user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line vty 0 authentication-mode scheme user-role network-operator protocol inbound telnet # line vty 1 62 user-role network-operator # line vty 63 authentication-mode scheme user-role network-operator protocol inbound telnet # ssh server enable ssh user admin service-type stelnet authentication-type password # password-control enable undo password-control aging enable undo password-control length enable undo password-control composition enable undo password-control history enable password-control login-attempt 3 exceed unlock password-control update-interval 0 password-control login idle-time 0 # radius scheme system user-name-format without-domain # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage service-type ftp service-type telnet http https ssh terminal authorization-attribute user-profile admin authorization-attribute user-role netowrk-admin authorization-attribute user-role network-admin authorization-attribute user-role netowrk-operator # ip http enable ip https enable # return Cisco FTD booting to rommon mode
Hello all,
So I have a weird issue, we bought a new cisco ftd , the first time I booted it the ftd went directly to rommon mode.
I used to "boot" command in the rommon mode and it booted using the right image.
The issue is everytime a reboot happens, the ftd go directly to the rommon and I have to enter the boot command to run it.
Any advise in order to solve this.
Thanks.
Stress Test New SD-WAN with multiple video meeting streams
Hello all-
After spending the past few hours searching through prev. discussions and google searches, see if there is a to stress test our SD-WAN locations.
1) We use Microsoft Teams as a collaboration platform and are heavy "video meeting" users
2) HR would like to conduct "in-person" training sessions for some of our staff using Microsoft Teams meeting (not Teams Live Event or Webinar function), but standard interactive meeting as there are needs for use of Breakout rooms. To promote "safe distancing", staff will be required to attend training from their desk locations instead of congregating in large conference rooms.
3) Our staff is not 100% back in the office so we do not have a great baseline of what traffic patterns/utilization looks like; we transitioned to SD-WAN and Microsoft Teams over COVID.
4) We would like to simulate multiple video/data streams to each of our offices to emulate simultaneous Teams meeting. We have QoS polices on our SD-WAN but would like to see if and when congestion starts occurring i.e. as we crank up the number of sessions, when do we see policies fails and/or network packet loss occurring. If there is an online paid service, we are willing to look into this simulation.
Looked at TREx tool https://trex-tgn.cisco.com/ along with testing setup video https://www.youtube.com/watch?v=_09jKCPatis , but seeing there are alternative methods and/or vendors that provide this as a one-time service.
TIA
Cisco USB Console Woes
I'm currently on the road trying to configure a simple Cisco 2960X switch. Two weeks ago my maintenance laptop could connect just fine using a USB A-to-mini cable. Now I get no serial ports in device manager, but the Cisco USB to Serial device still shows up. I think the difference is my laptop updated to Windows 10 21H1. I've tried manually installing the port as a legacy device, but Windows fails to load the drivers with error code 31 (which is about as helpful as woop dee fricken doo).
My Google-fu must be weak because I can't find anything other than old results saying "Install the Cisco driver." Yeah, I did that already. Like 5 years ago. And this morning. It was working but now it's making like a video card in Windows 95.
I even did a full uninstall of the device, the driver files, and the program. Windows just doesn't like it anymore. I think it's a driver signing issue, so I tried the built-in Microsoft USB-Serial driver - which is definitely signed. Still no go. Anybody else been having troubles with their USB cables lately or is it just me and my crappy laptop?
Portfast command question
What single command both enables portfast and sets the port to access mode?
MAC Address - Virtual Question
What is the virtual mac address used by a Master device for group 35?
DHCPDISCOVER message question
When a DHCPDISCOVER message has been sent from the client to the DHCP server, does all information including a formal request for the offered IP address, confirmation that the IP address has been allocated to the client, denial message to reject the first offer from the DHCP server and initial message to locate a DHCP server come in the message? Which ones don't?
Cambium Client Micro cnVision
I’m having a hard time finding any info on the forums, so I am hoping someone here has some ideas.
I have a client that has a P2MP Cambium setup. They have one Hub360 for the main bridge with 2 Client Micro clients. They bought another and want to add it to the parent.
The nee bridge however, will not join. The logs show it’s rejected due to incompatible software version. I don’t recall the exact error but I’ll post it if it helps.
The UI is clearly different in the new unit. It says, it is a Force-300 and it does have a different firmware train. The others show they are cnVision. The new one isnt.
Should I be able to change the firmware to cnVision or do I need a different SKU all together? The model of the new unit is CV-D13SPUSA-US.
Best design for world wide company accessing clients infrastructure
Small to medium size business, with offices popping up around the world. Need to VPN into client infrastructure to access certain servers, which are in various parts of the world as well.
I'm trying to think of a good solution that provides low latency and quick access for staff, but least management and complexity involved for the VPN.
I'm tempted with setting up an Azure VPN closest to each client in order to setup a S2S VPN, but then we would eventually end up with many different Azure VPNs..
What do you guys recommend or use? I'm not sure what might be out there that can help with such a design requirement.
Make use of unused port in router
I have a router and connected to a layer 2 switch to which a firewall is connected. The layer 2 switch rebooted once and the entire branch was down.I would like to make use of the avilable lan port in the router and connect it to another switch for redundancy. Is that possible? I have thought of using port channel,but need to have basic idea on how does that work.
Difference between Rockwell re-branded Cisco switches and IE series switches?
I'm having a problem with some of my manufacturing automation sites consistently buying Rockwell switches and Rockwell botching the configurations and not having latest stable releases on their Cisco re-branded switches. Most recently they dropped in switches that were doing RSTP instead of PVST or RPVST. All of my switching infrastructure runs on RPVST+
Is there really anything better that the Rockwell re-brands do that the Cisco IE series don't?
Do organizations still shape traffic going to the internet?
There was a time where devices like Packetshaper/Bluecoat where popular for prioritizing traffic going out to the internet. I have worked for two enterprise organization now that have decided to pull these devices out. I now am doing work with a large enterprise org that still has there in. The devices are no longer supported and they are looking for a alternative. However, given that bandwidth is relatively cheap I feel that solution is just throw more bandwidth at it. Also with more applications becoming SaaS based, especially unified communication apps like Teams. I feel that these types of devices cause more headaches then they are suppose to alleviate. What do you all think or what are you experiences?
What technical skills for a MVNO company?
I'm considering starting my own MVNO company. Since I do not have a background in network engineering, I'm not sure about what technical knowledge – and thus technical figures, would be necessary
Do you have any advice in this regard?
How to extend wifi outdoors?
I want to setup a camera system outside. I have a large 20 acre property and was looking at solar powered cameras. Only problem is that the network won't reach as far as I need it to.
I can't find any solar powered wifi repeaters. Do they make such a thing?
Has anyone else successfully extended wifi range outdoors? I need about .17 miles range in 1 direction through some trees. Possible or not?
Edit: please don't go into detail about cell/4G cameras. I could do that if necessary and am familiar with it, I am trying to figure out if the wifi is an option because AT&T rips people off big time for a simple camera to be added to their network and Verizon doesn't get any service here. Thanks!
Guidance on PTP/wireless bridge for non-profit
Hello everyone, I am looking for some guidance on a project for a local non-profit, looking to provide Ethernet and wifi to a few outbuildings 500-750ft away from their dmarc via a wireless bridge. We have clear line of sight and power at both ends but cannot run a hard line from dmarc to outbuildings, in addition I need local routing at the outbuildings in the event the bridge goes down.
Since I am doing this free of charge as a favor to the non-profit I would like to spend as little time implementing and troubleshooting as possible. We do have a budget for reasonable hardware provided by some other benefactors, I just need to help them decide and implement a plan.
My thoughts are:
ISP modem > ubiquiti edge router > ubiquiti nanobeam AC <> ubiquiti nanobeam AC > managed switch > endpoints
I’m not a huge ubiquiti fanboy but I do think their solutions would work well in this instance, but am absolutely open to other suggestions. Am I roughly on track? Greatly appreciate any input
VeloCloud Enhanced High Availability
Hi,
I was going through VeloCloud Admin Guide. I have certain doubts to clarify to understand the two HA options.
According to VeloCloud, If the active edge detects a different WAN connection on the standby edge it enters into "enhanced HA mode" and it leverages the HA failover link to establish an overlay tunnel over it. Else if the WAN links are mirrored on both edges it operates in "standard HA mode".
My question is that for standard HA mode, you don't need to configure anything on the standby edge device. We will only configure the active device enable the HA and connect both edges via LAN1/GE1 port.
But for enhanced HA, since we will be connecting a different WAN link on standby device, do we need to configure static IP address (initial configuration) on standby device and then enable HA on active device?
Can enhanced HA achieved in MPLS only network?
The network diagram that I have shared is for MPLS only branch site.
Thank you
phpIPAM import addresses and update everything
Hello Folks.
I'ts been a while that I am using phpIPAM to manage my subnets. However, there is a annoying issue that bothers me since I started using phpIPAM: The xls import function doesn't update the records on PowerDNS server.
If I import the xls with records that doesn't exist, it's fine, phpIPAM create the records on PowerDNS DB, but if I import a range with new PTR records, phpIPAM doesn't update them. Worse! It creates duplicate entries on PowerDNS.
It's been now 4 days that I am searching the code to know how to fix this out without luck and I came here to ask if someone has fixed it, or at least, knows where to search.
Any help is appreciated.
Cheers
Looking for a switch with a good CLI
We have a Dell N3048 as the core L3 switch on our small in-house server rack, and I'm looking to upgrade. I absolutely hate the CLI on the DELL switch, and am looking for something better. As I am familiar with Cisco ASA's and IOS, my first choice is catalyst. I just got word from our vendor that the back order is 6 months. Can anyone recommend a line of switches with good terminal configuration, tftp backup, layer 3 functions, PBR and 1-10G RJ45 interfaces that isn't Cisco? Nothing cloud-based or centrally managed. I was going to research further with Dell since they have EMC now to see if there are any better options, but I wanted to get a broader perspective first.
One Workstation with No Browser Internet But Can Reach via TeamViewer
Hey guys,
Have some weirdness going on that I wanted to see if I could get some ideas for. I am the network engineer for a small company and recently deployed a new Fortigate in one of our branch offices.
The FortiGate is up and running and has successful connections to the internet via our ISP and is allocating DHCP addresses and DNS for our office workstations. Everything is up and running as normal, except for one workstation.
This station for whatever reason cannot access the internet through a browser or email applications, but we have a TeamViewer style application that is used over the internet and this is working just fine.
I can ping our internal servers and resources but anything external is not reachable, only for this one workstation. All the others in the office are working just fine and they are all using the same Fortigate device. This station is supposed to be directly connected to our Fortigate but I have not actually been to this office so I don’t know what the physical connection and setup is like.
Any thoughts or ideas? I am pretty puzzled here. Imagining there may be some sort of DNS issue that’s going on but just not sure what since the station is able to ping our DNS server and even RDP to other servers on the network.
Thanks for any advice!
Where to find paid remote interns?
My (small) company has been trying to find remote interns with a networking background to hire but has had zero luck. Craigslist and Dice haven't brought us anyone with a networking background.. We prefer to stay away from recruiters and staffing agencies as they take a generous piece of the money we're offering the interns.
Any recommendations? Maybe technical schools/colleges?
Transceiver Polarity and polish
Hi there,
A customer asked me some details about a QSFP+ transceiver and even after reading the datasheet I'm not able to get the info:
- Polarity
- Polish APC or UPC
- Male or female (this is the only information that is clear in the datasheet)
Could someone help me??
I really apreciate any help.
This is the transceiver and the datasheet:
https://media.digikey.com/pdf/Data%20Sheets/Finisar/FTL410QE4C_Spec_RevD1_3-17-17.pdf
Where can I find the startup config of N9k?
I am looking for the specific file and location in the file system.
Tuesday, November 2, 2021
Help me resolve this problem - and lets all learn from it
TOPOLOGY :
- 10GbE Switch Mikrotik CRS326-24S+20+RM
- ISILON NAS with 3 nodes and 2 10GbE NIC each on a round robin system
- SYNOLOGY NAS with 1 10GbE NIC
- WORKSTATION with 1 10GbE NIC
GOAL: to transfer data via rsync from ISILON to SYNOLOGY
PROBLEM: Synology doesn't mark a higher than 70MB/s (560Mb/s) download rate, very far from a 10GbE capable network
TROUBLESHOOTING:
- iperf test from workstation to ISILON:
- iperf test from workstation to SYNOLOGY:
1. WS to ISILON [ ID] Interval Transfer Bandwidth [ 5] 0.0-10.0 sec 4.67 GBytes 4.00 Gbits/sec 2.WS to SYNOLOGY [ ID] Interval Transfer Bitrate [ 5] 0.00-10.03 sec 7.32 GBytes 6.27 Gbits/sec I am unable to test connectivity directly from SYNOLOGY to ISILON because the latter has an old iperf version (2.x) while synology is already on 3.x. I can't seem to downgrade or upgrade any of them
Please join the combo and lets debate!
Multiple VTP domains within a Network
Can you have multiple VTP domains within a Network? So basically I'll have some internal switches and dmz switches. For ease of vlan management for all of the switches. I want to deploy a vtp domain in each section.
They will be running on cisco 9300s on vtp v3
Is this possible or anyone has done this?
Bird and multihop BGP
Hello,
I was attempting to setup a lab for a work project.
I had two cloud VPC networks (GCP in this case) which each had a Bird instance running with a public IP.
I attempted to peer them over the internet and have them share a private address range in first VPC network.
I was able to write a filter which successfully changed routes "next_hop" to the public address of the Bird instance which is advertising the private routes.
The issue is, on the second bird instance, which is receiving the routes (this is EBGP, a new AS number). I could not make the routes "reachable".
I have the configuration for multihop working, and again it does appear like the actual peering and sharing of the routes works.
I googled around a bit and I saw a few suggestions saying "every hop between both peers must have a static route in linux's routing table"
Is this true? If so, I think this lab cannot happen since I'm going thru the cloud and a traceroute does not identify every hop.
Help with setting up a small office
Hello, I am helping out with setting up the networking for a small office that is currently getting renovated. I have a quick question, the router they have is a TZ370, and they have a SWS14-24 managed switch.
I need to run new cabling through the roof/walls, and I was hoping to only need to run one cable per room. Each room will have multiple devices that need ethernet access, for example every employee workspace will have a computer and a voip phone, and some will have a printer. If I have a small switch in every room that then connects to the wall, which then connects to the SWS14-24, and then onto the TZ370 router, will I still be able to setup simple access rules when if multiple devices traffic will be coming through the same cable? Do I need to take any special steps, or will the router/switch be able to distinguish the traffic by itself? Or will I need to setup VLANS for this to work?
Rant Wednesday!
It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related.
There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves!
Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it.
Network Device Naming Conventions
I've been trying to figure out what naming convention would work best for our networking equipment. What do you guys use for naming conventions?
CGNAT deployment as observed by traceroutes
Hey folks,
I am an applied mathematics grad student working on coming up with better Internet models, so I apologize preemptively, as my way of thinking about network configuration is very possibly wrong/inaccurate and my vocabulary clumsy.
Anyway, as part of a research project, I am interested in detecting whether some clients are hosted behind a CGNAT. The only information I have access to is the source IP address as observed by my server and traceroutes from the clients to my server at a random interval. I do not have a ground truth to validate the quality of my inferences, which makes the problem even more challenging. I thought the best way to get a better understanding of what I could potentially observe from my traceroute is to ask directly the people behind those configurations, so I am hoping that there are people that might have answers to my questions on this Subreddit!
I have started by eyeballing my traceroutes and noticed a few interesting patterns that I would like to validate:
1) Observing two different sets of private IP addresses (e.g. 192.x.x.x followed by 10.x.x.x) does not always imply the existence of a CGNAT. Clients can configure their NAT the way they want, and large networks such as companies are sometimes leveraging those IP addresses to set up their own topology.
2) The number of clients is exponentially higher behind a CGNAT than behind a standard customer NAT resulting in a more complex IP-level topology before the first public IP address observed by a traceroute.
3) It is possible to configure the routers between the router doing the client NAT translation and the one doing the carrier-grade NAT translation with public IP address, but it is very unlikely and defeats the purpose of CGNATing (reducing public IP address used).
4) It is safe to say that every private IP address at the beginning of a traceroute correspond to routers and devices that are hosted by the AS of the source IP address observed by my server.
5) Building on 4 and 5, that means by extension that detecting CGNAT requires only to look at the private IP addresses portion of my traceroute.
6) Assuming that I could run traceroute measurements from all the devices behind a CGNAT and that we had no shenanigans from my traceroute measurements. I can build a graph $G$ where the nodes are the first few private IP addresses and the first public IP address of a set of traceroute, and the edges are corresponding to adjacent hops. A CGNAT deployment would result in a tree-like structure where the first layer would consist of the client premise NAT, the second layer would be the internal topology of the ISP, the third layer would funnel toward the ingress of the routers hosting the IP addresses used for the CGNAT pooling (i.e. the public addresses observed by my server).
Do those assumptions make sense? As people deploying CGNAT in the wild, what are your expectations from this set of measurements? I would love to hear all of your opinions!
Thanks in advance, and thanks again to this Subreddit for helping me to better understand a lot of networking concepts through the prism of the operators (versus pure academic reading)!
Assistance with Network Layout
I am attempting to setup a businesses network that was started by another technician, but halfway through they had a medical indigent and I had to take over, and I am a bit lost on what they were trying to do.
The computers need access to the main office via a direct line required by that office. The printers need to be accessible to all the computers. I am unsure why all the machines are connected to the DSL modem and not the switch (if it should be).
I'm not sure where their new cable internet and firewall should integrate, the DSL modem used to be their main internet and I have no idea how they originally had it configured.
Any assistance would be greatly appreciated
Network Map: https://ibb.co/RhBFrWZ
vPC config with a IOS 3850 switched Port-Channel
I have two Cisco Nexus 9Ks and a downstream 3850 access switch. I want to configure a port-channel on the 3850 with two member-trunks which will be dual-homed up to the 9K Nexus pair with a vPC config on the 9K's
Below is the config I would use on each switch to do this, but my question is this, should I do channel-group mode ON or ACTIVE? What is the default if I just say channel-group 1 on the member interface configs?
Example Config
9K-1
interface port-channel 1
Switchport mode trunk
vpc 1
!
interface eth1/1
switchport mode trunk
channel-group 1
9K-2
interface port-channel 1
Switchport mode trunk
vpc 1
!
interface eth1/1
switchport mode trunk
channel-group 1
3850_Switch
interface port-channel 1
Switchport mode trunk
!
interface G1/0/1
switchport mode trunk
channel-group 1 mode on
Velo-Cloud List OSPF Routes vs Show OSPF Route Table
In test and troubleshoot, what is the difference between List OSPF Routes and Show OSPF Route Table?
I have a single VCE device with a connection to two cores on the LAN side but we are setting the LAN interfaces on the VCE (GE1 and GE2) as routed interfaces that route via OSPF to the cores - GE1 has an adjacency with Core-1 and GE2 has an adjacency with Core-2.
When I run List OSPF Routes I see routes to both cores but Core-2 shows it's routes as TRUE and CORE-1 routes as FALSE. But under Show OSPF Route Table I see both core switch IPs listed for routes to each LAN subnet.
And we lose all OSPF connectivity if I shut the VCE interface GE2 going to CORE-2. SHouldn't traffic reroute over GE1 to CORE-1?
Subscribe to:
Posts (Atom)