Problem while Connecting two wifi routers using lan cable.

Hello, I wanted to connect my primary router which is in my bedroom to my secondary router which is in another room. For this purpose what I did was, I connected my primary router to my secondary router with lan cable ( LAN port of primary router to LAN port of secondary router ).

Then I changed the IP of my secondary router to 192.168.1.2 ( it was 192.168.1.1 earlier ). My primary router IP is 192.168.1.1

Then I disabled the DHCP server from my secondary router and change the IP range of my primary router ( So it excludes IP 192.168.1.2 while assigning IP to devices.)

Now, I am able to access internet from my secondary router but there is substantial speed loss. ( Speed test on primary router results - around 105 Mbps Download and upload speed )

While speed test on secondary router results around 48 Mbps Download and upload speed.

So I want to know why there is nearly 50 % loss in speed.

Can I get similar speed in my secondary router.

Mounting WAP with magnets

I've inherited a rather large network and discovered that most of the WAPs were mounted to different metal surfaces using pretty strong magnets. During my time at this company we seem to have various wifi issues (par for the course, I know) but I want to make sure that this mounting solution isn't causing some of the issues we are seeing.

A quick google search doesn't seem to have much info on the topic. Any insight on this would be much appreciated.

Network Transfer Speeds

I am trying to move files from another computer on my network, but when writing the speeds MAX around 110MB/s. However in task manager it shows that I am receiving the data at gigabit speeds. Both computers have gigabit ethernet as well as router/switch. Both computers also have NVMe SSDs which are capable of reading/writing at 3GB/s.

How can I speed up the transfer? Is windows capping the write speed for some reason?

​

Here is a screenshot. https://imgur.com/a/hyWOOab

Question on securing Server Management Interfaces with out ACLs or Firewalls

I work for a large organization (University) that is in the process of moving from public IP Ranges to private IP Ranges and in the process the organization has decided to move away from Access Control Lists (ACLs) on the internal routers. As a result, all of the internal networks will now be able to communicate with all other internal networks.

For the most part, this will not be an issue as we can use local firewalls to stop any unwanted network traffic that comes from networks that we do not want to access our assigned networks and devices.

The problem that I have is that I have 50+ servers of various ages (1 to 10 years) that are now accessible from any other network in the organization.

In the past, we would use ACLs to restrict access to these server's management interfaces (IPMI/iDRAC/IMM). With the ACLs being removed I am trying to find an alternative to the ACLs as a means of restricting access.

Most server management interfaces have rudimentary firewall capabilities (i.e. you can whitelist one IP range)

I have no access to the routers/firewalls/switches, and all requests for ACLs have been denied.

I am looking for a way to restrict access to these servers so I can lock them down so that they can only be accessed from three different sub-nets.

Does anyone have any ideas that would allow me to secure my servers without using ACLs or network firewalls?

SFP to SFP compatibility question

I have a question regarding SFP+ compatibility when it comes to connecting, for example, a server to a switch.

I know certain brand/vendor switches and network adapters prefer certain SFP+ modules but I would like to know if this applies to when you connect two devices together?

For example let's say I have a nexus 9k series switch with Cisco SFP+ modules
and an HP server with HP SFP+ modules. Both are 850nm but will the server be able to connect to the switch? Theoretically it should work but I've come across situations where a server doesn't connect at all unless the switch and server have the exact same modules.

NSX LAB misunderstanding of some concepts PLEASE HELP

TOPOLOGY : https://ibb.co/9bFcXK0

Hello Guys, Please this NSX-T will make me crazy, I manage a lab topology based on my understanding in order to do it as real lab and exercise, after doing the lab topology I found that I still have some misunderstanding regarding some pieces, Can you please check my lab topology and questions bellow please.

Please if you can help refer your answer to my topology just to make it clear to me. Also mention the question number, Thank you <3

- Please ignore the management interfaces, it's not yet in the diagram.

1 - In which Step the the NVDS virtual uplinks are mapped to the Physical NIC ? And how to do it ?

2 – What’s the relationship/deference between uplink profile and transport node profile ? And where we are using each of them ?

3 – I know that the Edge node should be connected to all transport zones (Overlay + VLAN) the TZ-Overlay will create a N-VDS in the edge host, right ? But the Edge VM ports will be connected to which segment? App or WEB ?

4 - How to map the Physical ports the Transport + Edge nodes(ESXi) to the NVDS created by NSX ? :(

5 - The TZ-Overlay will transport traffic generated by Web-Segment and App-Segment on Vlan 110 (based on my topology) is that correct ? or every segment should be in deferent vlan (means I should create a TZ for each segment :O ? and add this vlans to the physical switch and make the port between the physical switch and esxi a trunk port ?)

6 - the vlan tagging is done logically on the Transport zone level or Segment level ?

7 - I heard about TEP, should use a vlan for it ? but I should create a separate TZ for the TEP traffics ? a vlan on physical link a dedicated physical port on the ESXi edge and Physical switch ? where this TEP as an interface or tunnel or traffic is sitting

8 - My design is correct ? any suggestions ?

I really appreciate and need your help to proceed with this LAB.

GNS3 Siemens switches

Hi Reddit,

I have setup a GNS3 lab. I would like to emulate some Siemens swtiches. Is it possible to just somehow import the firmware file and thats it?

Arizona - DIA Build Times

Here in my state we always give a 90-120 build time for carriers to deliver new DIA circuits. Even in metro areas.

What is reasonable to expect in Arizona? Cox is the carrier if that is of any importance.

I will say that permitting was VERY fast(less than 2 weeks) in Georgia, and it still took Spectrum and their contractors 90 days to complete a 100 foot build. So permitting windows alone may not be the best indicator of expectations.

Coursework asks us to connect debian VM only to internal virtual network, but this seems to kill network connectivity

I hope this is OK, to ask here; I an see the rules say "No Homework Topics without detailed, and specific questions", so hopefully this will be specific enough.

Our assignment says...

After any software installation and configuration required, ‘Desktop’ should be configured to be connected only to an internal virtual network called internal’; it should use the IP address 192.168.64.10/24 on this network

But I seem to be missing something here, as when I connect to the internal adaptor instead of NAT, I lose connectivity, as shown in the second screencap...

https://i.imgur.com/oDDwYjb.png

https://i.imgur.com/MOcLUdX.png

So I guess Desktop's network connection must be made via the Server machine that we also set up, but I don't understand how we can configure that, especially when there is no IP address shown for the enp0s3 adapter when connecting to the internal adaptor. I'm really confused, because none of the machines we set up when we were doing the labs are connected like that. It seems they want us to do something that we weren't taught how to do, but maybe I am missing something basic.

Any help please? TIA

What actually happens if you forget to pay ARIN

I had a client almost miss their arin payment for their AS and IP space.

What would happen if that actually happened? It seems itd be difficult to reclaim the space and get someone to stop advertising. I guess IRR objects would be pulled, but would that be effective enough?

(this is strictly a theoretical and I don't suggest not paying)

Wifi Router with Physical Lock

For work related reasons I'm looking for a portable pocket router which I can carry around from plant to plant.
On the plant I want to connect to the networkswitch so I can have acces to all the different devices over the network with wifi. (Robots, Applications, ...).

Because almost everyone has a key to this networkswitch I want to be able to physically lock it. So that it cannot be stolen.
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcToEu0B1HOaSgbCyYd6vjLgi_nRIZZG8962Dp2d8XQuv8oDh1_P92qf7kTwg8kiaJkbtpc&usqp=CAU

Anyone can point me out in a good direction on where to find routers that have this or just the locks on its own?
Thanks!

I need help with Kerberos

I have a presentation about kerberos , I just completed the theoretical part , In practice, I don't know what to do. I setup Mit kerberos, but I found a problem with realm and username .. I looked at many sources that I could not deal with.. Someone help me and tell me what I can do in the practical side to show them how it works kerberos and gow to get tickets ! in the windows system and how to deal with the Mit kerberos program

Adtran TA5000 refurbished equipment?

I know that there are many companies that deal in used Cisco and Juniper equipment and have both bought and sold from them. We have quite a bit of Adtran TA5000 series gear and I'm looking for a source for used equipment as well as to offload some kit that we no longer need. Does anyone have recommendations beyond Ebay?

Juniper networks

Juniper networks just received the top score in the Gartner magic quadrant

Why do I know nothing about this company, are you all keeping secrets from me

So what makes them so good?

Looking for help. Need a service that allows guests to upgrade their internet speed/data allowance. (please let me know if this is the wrong place)

Background

I have charter boats that need a WiFi service. Guests spend weeks at a time at sea (in cellular range), and I need to provide them with a minimal service for free. The problem is I need to charge extra if they want to stream or do heavy interneting. So I would like for them to be able to log into a portal, and pay to upgrade.

Hoping there is a cellular router and online service that will communicate with each other, to allow guests to pay, and upgrade the routers speed and/or daily data allotment.

I am in the Caribbean.

Routers need to be able to run on usb power

LTE is the fastest speed available (no 5g)

Please let me know if this is the wrong place for this question, im very new to this. Any help pointing me in the right direction is greatly appreciated.

Route every local ip of a network on different public ip addresses

So basically I have a bunch of machines (5-10) that need to have different public adresses but they are all in the same local network. They all use linux so I could buy some vpn services and setup openvpn on each of them but I'm looking to do it in a more centralized way. Like setup a linux computer as a router that could relay all the traffic to different vpn server. I don't seems to find the right ressources to understand if it's feasible or not and if vpn is the actual solution

Lumen’s IRR was insecure

And maybe they knew it, but didn’t fix it for years because “because many of its customers still relied on it due to legacy systems.”

I guess Krebs publishing a story — about a proof of concept that could have removed the ~23% of the IPv4 prefixes which Lumen announces to the global table by deleting all those prefixes from IRR and thus removing them from BGP filters automatically built from that IRR data — was motivation enough to finally disable MAIL-FROM “authentication”

https://krebsonsecurity.com/2021/11/the-internet-is-held-together-with-spit-baling-wire/

Trying to learn more about networking SONET MPLS-TP

So I'm a junior engineer and trying to learn more about networking, i really just know the basis, well my boss is on vacation till December, so I don't have much to do these days. So in my free time I'm trying to learn more, I was checking the new projects. The clients wants us to replicate one of their networks in a different location but this old one uses SONET/Sdh, but they want to start using MPLS-TP. I realized their old site has a MUX(Junglemux), would the new site need a mux. Are all router and switches compatible with Mpls-Tp is that sometime to consider.

Routing Traffic through PC connected to VPN

Hi - I have a side PC connected to a VPN. Can I route my traffic from my main PC through this side PC in order to 'psuedo' use that VPN? Main's Windows 11, Side PC's Windows 10.

Recomendation for SOHO Mesh Device, that actuallly use our network range, not own mesh ip range.

Hi all.

A lot of SOHO wireless device create its own ip range on the mesh wifi SSID.

For example our offices have the range 192.168.1.0-254 and the mesh devices give to the clients 10.0.0.1-254 .

We need that the wireless clients are on the same network.

My investigation:
Ubnt devices works fine. Use the same ip range that our network.
Ruckus devices too, but are dseinged for big enterprise and are too expensive.

Could you tell me other options/recomendations that works on the same way?Regards.

EAP-TLS Fragmentation over IPSec VPN Tunnels

You guys are my last resort here. This is my third day on this and I'm pulling my hair out trying to figure out what is going wrong and where.

We have a Windows 2016 NPS server acting as a RADIUS server for wifi traffic. When this guy was local in the office, it worked beautifully. Client machines have a cert, they authenticate to wifi, all is right with the world.

The problems started when we moved this server up into the cloud last week with an IPSec Site to Site VPN connection.

EAP-TLS packets are not being registered by the NPS server. I can see them make it through the VPN tunnel, but they are never registered in NPS logs (yes, I have advanced logging turned on). If i switch this to PEAP, things work fine - just EAP-TLS due to cert size, I am guessing.

In testing MTU Thresholds over the VPN tunnel with a do-not-fragment ping switch, the max MTU that gets me a reply is 1472. 1473 fails with a message that it needs to be fragmented.

I have NPS with a custom MTU rule set to 1344 (also tried this at 1400, no go).

The IPSec Tunnel has an MTU of 1400 set on it (This is Barracuda <-> Pfsense).

APs are Unifi, switches are Meraki (This client is not brand-loyal)

Here is the output from a packet capture on the AP's switch port.

16:11:25.931050 IP (tos 0x0, ttl 64, id 39144, offset 0, flags [+], proto UDP (17), length 1500) 172.16.1.242.60808 > 10.2.34.10.1812: RADIUS, length: 1472 Access-Request (1), id: 0xb5, Authenticator: 6649788cadda9431fdef46d132dcd5f2 User-Name Attribute (1), length: 9, Value: CENSORED NAS-Identifier Attribute (32), length: 14, Value: c6fbe4c25386 Called-Station-Id Attribute (30), length: 23, Value: C6-FB-E4-C9-51-87:CORPORATE NAS-Port-Type Attribute (61), length: 6, Value: Wireless - IEEE 802.11 Service-Type Attribute (6), length: 6, Value: Framed Calling-Station-Id Attribute (31), length: 19, Value: 64-5D-86-46-6D-C8 Connect-Info Attribute (77), length: 23, Value: CONNECT 0Mbps 802.11b Acct-Session-Id Attribute (44), length: 18, Value: DC46B5523AE7683F Acct-Multi-Session-Id Attribute (50), length: 18, Value: 73D2557C01ED5ED7 Unknown Attribute (186), length: 6, Value: Unknown Attribute (187), length: 6, Value: Unknown Attribute (188), length: 6, Value: Framed-MTU Attribute (12), length: 6, Value: 1400 EAP-Message Attribute (79), length: 255, Value: [|radius] EAP-Message Attribute (79), length: 255, Value: [|radius] EAP-Message Attribute (79), length: 255, Value: [|radius] EAP-Message Attribute (79), length: 255, Value: [|radius] EAP-Message Attribute (79), length: 255, Value: [|radius] EAP-Message Attribute (79), length: 229 (bogus, goes past end of packet) 16:11:25.931091 IP (tos 0x0, ttl 64, id 39144, offset 1480, flags [none], proto UDP (17), length 288) 

And from Wireshark opening the PCAP file -

[2 IPv4 Fragments (1748 bytes): #23(1480), #24(268)] [Frame: 23, payload: 0-1479 (1480 bytes)] [Frame: 24, payload: 1480-1747 (268 bytes)] [Fragment count: 2] [Reassembled IPv4 length: 1748] [Reassembled IPv4 data: e9ea071406d46e99012c06ccf4bc3bbf4d09625bbf3f83ed5e236a270109616365746563…] 

I need this first frame to be under 1472 bytes in size - I don't know where else I'd need to configure this MTU to get the packets fragmented correctly.

Wireshark - Filter Out (Reject) Only One Protocol And View All Other Protocols

I find it easy to filter Wireshark's output to see only one protocol. I can't seem to find a way to filter OUT (reject) only one protocol, but view all other protocols. Help? Thanks!

Juniper QFX <-> Linux server BGP over GRE not working

I have a QFX 5100 and a Linux server running Debian 11 (kernel 5.10.70). I set up a GRE tunnel with 192.168.0.0/31 as the subnet, the QFX is .0 and the server is .1.

I can ping the other end from each side, so no connectivity issues. I can telnet and connect on TCP port 179 on each side, so no firewall issues that I can think of.

However, when I try to BGP peer (the server is running GoBGP) them the sessions are stuck in OpenSent/OpenConfirm, eventually the hold timer expires and then the cycle repeats. I captured a pcap on the server and found a bunch of retransmits for keepalive packets sent by the server, so figured that it might be a MTU/MSS issue.

Things I've tried that haven't seemed to fix it:
- Clamped MSS on both sides to 1300 bytes, I've been able to get (at maximum) 1456 byte IP+ICMP packets with the DF bit set through with no issue
- Lowered the MTU on both sides to 1400, did not help so reverted

Configuration on QFX:

interfaces { gr-0/0/0 { tunnel { source <snip>; destination <snip>; } family inet { address 192.168.78.0/31; } } } ... group HOME { accept-remote-nexthop; local-address 192.168.78.0; hold-time 300; mtu-discovery; import DEV-IN; export DEV-OUT; peer-as 64599; local-as <snip>; tcp-mss 1300; neighbor 192.168.78.1; } 

Configuration on the Linux server:

$ ip route | grep gre1 192.168.78.0/31 dev gre1 proto kernel scope link src 192.168.78.1 advmss 1300 $ cat /etc/gobgp/gobgpd.conf [global.config] as = 64599 router-id = "192.168.78.1" port = 179 [[neighbors]] [neighbors.config] neighbor-address = "192.168.78.0" peer-as = "<snip>" [neighbors.timers.config] hold-time = 300 

Has anyone run into this before?

Thanks!

How to Set the priority of traffic on a gateway having two gateways for upstream?

I will have two upstream one is in Delhi (nearest to me) and another is in Mumbai. Will get 1 gig of bandwidth from Delhi if I found a solution and 3 gigs is ongoing from Mumbai (Two different ISPs). I currently have near 2000 users. What I want to do is set priority to Mumbai Bandwidth port so that if it gets near full usage then users will start getting speed from Delhi port. I don't want to move users to any single port. Is it possible to set a priority? Currently, I am using Mikrotik CHR as a router.

What could printers that are connected to the network to experience delays when printing?

A lot of printers that are connected to the network face delays from 1 minute to 15 minutes when printing. The printers have their own VLAN and are connected to Cisco 3850 switches. There is no printer server. Each printer has its own IP. Could someone help me with troubleshooting this issue?

Blogpost Friday!

It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts.

Feel free to submit your blog post and as well a nice description to this thread.

Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it.

Azure Express Route Question

Hi There, Have been doing a bit of reading around Express Route/BGP etc, I am familiar with Azure/IaaS/Wintel in general but not so much Networking I know basic networking about BGP, user defined routes in azure etc.

My Questions is,

If I have 2x ER Circuits, say they're both 1GB links, and both going back to the same on-premises network. I understand the routers will be advertised via BGP.

I've had a look around and i can't figure out how i direct certain traffic down one of the routes, and other traffic down the other. I'd like to do this at a subnet level

Say I want all traffic in Azure to use one of the circuits, APART from a couple of servers in Azure relating to a web application, i want those 2 servers to be the only thing going down the second route.

on the Azure side how do i direct traffic back on-premises for those two servers, telling them to use only circuit number 2.

Is this done via some BGP magic I need our network guys to do, user defined routes, as in i can some how route the traffic of those servers (in their own subnet) using a UDR, or something else?

Please forgive me if i've missed it, but i've read a bit of MS doco on ER and Routing/BGP/Peering etc but its still not clear to me. I've done alot of googling and see people asking the same question but no solid answers

thanks in advance!

10Gb Ethernet Switch

Hey hey, hope everyone’s having a happy holiday for those that celebrate it~

I’ve been searching around for a 12-16 port 10gb Ethernet switch and I have really only been able to find SFP+ switches.

I would really prefer to not have to get one of those and the Ethernet transceivers. One of the best that I have found so far is the Buffalo BS-MP2012.

Do you guys have any better recommendations?

EDIT: This is for a small photography business with multiple users using a NAS.

Easy way to Factory Reset a Cisco 9300 stack?

Hey all, just wondering if there is an easy way to factory reset a 9300 stack - I'll be doing the work remotely (not ideal) so wanted to know if there was an easy 'one-hit' way of doing this - Checked the documentation and the 'factory-reset' command is not supported whilst stacked. I was going to go into each flash and manually delete the nvram_config file, but I can't imagine the stack will appreciate that too much... Not sure if the 'Write erase' before pulling all power cables and unstacking the switches would do the trick?

understanding switch behaviour

I got following Setup:

camera -> switch -> target

My camera streams udp with a strict destination to the target.
I'm interested in the intended behaviour when the target loses physical connection.

Expected behaviour:
camera is still streaming but switch doesnt forward any of it's data because the MAC-adress is not present anymore.

Actual behaviour:
camera is still streaming and the switch broadcasts the camera data to all ports, while the destination is still the same as before. (confirmed through wireshark)

Problems
Some devices on the network are not reachable anymore because they are overwhelmed with the broadcast traffic. (10Mbit device is barely reachable when the 15Mbit udp stream turns to broadcast)

My workaround:
I put the setup with camera and target on it's own vlan, so they dont disturb with the broadcast.

My questions:
Is the actual behaviour the intended behaviour of a switch?
If so, who's responsible to stop the camera stream so the network doesn't get flodded with data?

Summary
I got a problem where a udp stream turns to a broadcast when physical connection(unplugging network cable, turning device off) to the destination is lost. According to https://www.homenethowto.com/switching/switches/ the actual behaviour is the intended behaviour. How do i avoid my network getting flooded in this case or who is responsible to stop the udp stream?

Print Delay Possible Network issue

A lot of printers that are connected to the network face delays from 1 minute to 15 minutes when printing. The printers have their own VLAN and are connected to Cisco 3850 switches. Could someone help me with troubleshooting this issue? Not sure what to check or look for.

FreeRADIUS & AD Auth

Hi All,

We currently have freeradius running on a linux box, doing auth for our network devices (set up by my predecessor).

What I'm wondering is, if I can use freeradius to proxy auth requests back to AD. Is that possible or am I barking up the wrong tree?

I did some searching online, but only found stuff related to windows auth for wireless. Hoping someone here can save me some time and point me in the right direction.

Thanks in advance.

Netbox for HA groups and Failover clusters

I'm working for a while now with Netbox. Really like it as IPAM documentation. But there is one thing, I don't really get so far. How to document an HA SQL listener? In my case, the listener has two IPs and one DNS name. I really like to add it as a service to two VM's in two different subnets. How can this be achieved?

Cisco ap with non-cisco power injector

Is DPE-301GI Gigabit PoE+ power injector compatible with cisco aironet 1832i?

What's more green?

Hi, noob here. I understand the answer is, it depends.

But, in general is the carbon footprint lower by compressing (server) then decompressing (client) a file over long distances, for example cross state ? Or is it more green to just straight send the whole file.

Bridged LTE to firewall setup - need help

So, last minute our ISP cancelled our cable connection for our new branch office.

Best thing I came up with is pair of LTE modem x Firewall devices, to bridge the LTE connection over to WAN of Firewall to estabilish VPN tunel with our central FW.

I did this many times, except not with cellular. Our tele company promissed my data sim card has a "public static IP" of 195.XX.XX.XX. When I set up LTE modem I, however, got resolved WAN IP of 100.XX.XX.XX instead. On top of that, a public IP reports back as 195.YY.YY.YY (different as supposed!).

I verified with tele company they confirmed it's indeed set up correctly with the SIM card, my settings are probably off.

I don't see what could be set up wrong on WAN part of LTE modem but anyways I picked up USB LTE dongle, put SIM in it and tried locally on my computer. Whatsmyip returned 195.ZZ.ZZ.ZZ (again, different from XX and YY!).

I am pretty much convinced it has to be on tele company part, something is not right with this static-o-dynamic ip. Anyways, it also made me think how it's supposed to work. Especially the WAN IP resolved by modem (100.XX.XX.XX) differs from actual public IP. Shouldn't it be supposed to be the same? Because that's the goal pretty much, if I can't bridge static public WAN IP to WAN of my Firewall i am pretty much done.

Any ideas, explanations, experience much appreciated. Running out of time :(

How to connect ASR9000 to NCS2000, and add to CTC

Hi,

I work for a research lab, and we have a couple of NCS2006 switches and two ASR9904 routers. We would like to transmit between the routers through the switches.  I am struggling to add the ASR9000 to CTC; The documentation says that a direct connection (aside from the fiber connections) between the asr9000 and ncs2000 is required in order to setup LMP or an optical channel (https://www.cisco.com/c/en/us/td/docs/optical/15000r10_0/ncs/network_config/guide/b_ncs_network_configuration/b_ncs_network_configuration_chapter_01110.html#ID1484).

I don't understand what ports need to be connected between the NCS2000 and the ASR9000? I have tried the management port on the ASR9000 and the ethernet port on the TNC card. Any clues here would be appreciated

Recommendation on an open source syslog server

I need an open source syslog server for my network. And i'm looking for recommendations on what is 'good' in this space.

I need something that is open source (no free trials, nothing free if you have less than x sources etc)

It will be deployed on a service provider network taking in a large number of syslogs messages a day.

I would prefer it be linux based, but i'm open to anything that would work.

I would also prefer that it be user friendly as possible, as i'm going to have users with a variety of technical skills accessing it.

I realize that i've just descripted Solarwinds or any number of paid syslog servers, but i'm hoping there is something out there that will meet the requirements above that I won't need CAPEX dollars for.

Writing control protocol for SDN

Hello all,

I graduated from college this year & now work as a cpp Dev who is interested in systems programming. Apart from work, I'm willing to write a paper. Upon talking to my former professor, I told him that I'm interested in doing research related to OS, System/network programming, parallel computing etc. He suggested that we can work on writing SDN controllers which involves system programming. Now I've seen some open source controllers and writing one of those looks quite challenging. My questions;

1. Is it possible to write a controller given that I've a full time job and I'm graduated recently?

2. What are the open and less time consuming research areas for someone of my experience & interest?

3. I'm also interested in algorithms. Does writing a new algorithm or modifying existing network protocols sounds too ambitious?

Thanks.

I only have one fiber but need multiple devices to expand?

I only have one fiber but need multiple devices to expand?

1. Save fiber

​

Only one optical fiber is used to transmit the 1-40 wave signal, which is more commonly used at present; it has a greater cost advantage compared with direct laying of optical cables. The multiplexed signals are relatively independent and do not interfere with each other. The single channel rate of DWDM can reach 100G, and the total capacity can reach 4000G.

​

​

​

1. Easy for users to install

​

​

​

As a new FTTH/FTTP access solution, this solution uses rack-mounted DWDM equipment at the site, and can insert up to 16 different CWDM transceiver module cards. It supports hot-swappable functions. Need to do complex debugging and opening

​

​

​

1. Information confidentiality is good

​

​

​

Each signal is independent of each other, does not interfere with each other, and can be accessed as a private network for different unit users at the same time

​

​

​

1. Flexible business interface

​

​

​

In this solution, according to the user's business needs, the CWDM rack can provide multiple different business interfaces at the same time, including telecommunication and data services such as SONET/SDH, ATM, Ethernet, FiberChannel, etc., combined with W520X/W510X and other CWDM module cards to form one A complete CWDM access system.

​

Whatsapp/skype: +8613713622076

Pretty excited not even going to lie

Have been working as a net admin for about 2 months now! Making my own home lab with virtualbox has helped in so many ways. I created a windows server 2019 image and a windows 10 image with the end goal of giving them static IPs and setting up a Domain Controller and connecting the windows 10 to it. After 3 days of messing around alittle after work. I just connected it to the Domain! File and web server next. This is an addicting thing I have noticed🤩

Need Help with network diagramming

So I have a group project for which I am doing all of the work. We basically are just doing a network design proposal for a specific situation. I've finished what I think is an ok physical diagram given the parameters (low cost), and now I need to do a logical diagram. We haven't really gone over logical diagrams so I'm pretty in the dark. I don't think I'll need any subnetting for this network as it is small but I really just don't know where to start for the logical diagram. I've looked for online resources to no avail and the text books doesn't have any good breakdowns of logical diagrams either so any help or resources would be greatly appreciated!

Remote office connection troubleshooting

Hi All

I am working for a small company and I have inherited a network configuration from an MSP who had a bit of a run in with the companies CEO. They decided to go internal ( me ) however the MSP are very difficult to get any information out of them.

We have a series of regional offices interconnected via Branch-office VPN running on Watchguard routers. I can no longer access several of the Watchguard routers from head office however the 3CX phone system is still running fine - which is a bit of a mystery. I can't manage the switches to really troubleshoot properly but I am sure the Watchguards are handling the DHCP anyway. .

When I do a tracert to a Watchguard that I can connect to, it goes to out from my local watchguard IP>remote office static ip>remote office watchguard. This office happens to be down the road, but when I tracert to any regional office it gets stopped at 10.XX.XX.XX. Could this be the switch ?

I'm unsure how to get the switches IP address if I cannot access it.

Appreciate the help in advance :)

If my site is able to be accessed externally why can't I access it internally via domain name?

I can access it internally by <ip\_address>:portnumber but not with the link of https://mywebsite.com.

However this is the opposite for external access.

SysAd trying to solve a network problem, help!

I've been given a problem to solve and I'm at my wits end for what is snagging. I'll try to describe it as best as possible:

The provided topology is: PC <-> Switch <-> Router <-> Router <-> Router <-> Switch <-> PC

The cabling is correct (all but the Rtr-Rtr conx are ST cables, the R-R are XO).

The IPs appear to be properly set up (one side of the network is 192.168.1.x to the first router, the other side is 192.168.2.x - the routers are internally connected across 10.1.1.x on the one side and 10.2.2.x on the other).

All the ports are enabled on the routers/switches/PCs.

The problem lies within the routers - I can ping from either PC to its own router's interface connecting to the central router (10.1.1.1 or 10.2.2.1), but no further. The central router can ping the router interfaces facing it, but not the outbound interfaces to the 192.168 sides.

I'm at a loss for how to get the data (simple pings at this point) to traverse the central router conx.

Best Solution for Temporary Wireless Extension for Businesses?

One of the services that my work offers is extension of WiFi and internet services. Sometimes this is as simple as running a temporary Ethernet cable from a switch room to a UniFi AP and then chaining the APs. Other times there are already, say, UniFi APs preinstalled on-site and the signals from these APs don't reach target areas for events being held on-site. We have a job coming up similar to the ladder scenario. The requirement for this event is that a specific room at the hotel/spa needs a switch in their room that is on the same network that the UniFi APs is transmitting. We are currently going to use a TP Link router to WDS Bridge it to the existing WiFi signal that is being transmitted from preinstalled UniFi APs. From the bridged router, an ethernet cable is going to be ran to a PoE switch, which will be the available switch for the user within the room.

I'm here because my employer had me come up with this solution and would like me to also find out what the professional/better alternatives to this might be. Should I be looking at any specific Ubiquiti devices that are capable of accomplishing this same task? Are there other brands or devices that can accomplish this more effectively/more simply?

Thanks all in advance!

Which wireless app can handle 35-40 user ?

Hello, im really newbie in this world but I want learn networking. My trouble is which wireless Access point can handle that much user? We need this because we want teach english course and we want let student to connect their phone maximum 35 member has. Which device we need to buy ? I have ubiquiti ac pro and I only get 2.4ghz 55mbps and 115mbps with 5ghz. We are okey with enterprise accesspoints. Please help to me. Thank you really. I found this ap can do guest wifi its okey for us.

Networking Equipment Shortages/Delays

Has anyone found network gear from a particular vendor or brand without substantial delays? I am in the US.

My standard branch office is a Meraki MX67C firewall, Meraki MR36 access point, Cisco C9200L-48 switch, Cisco ISR 4321 router

My vendor just provided an update on an order that I placed at the end of October.

No ETA on the Meraki MX67C or MR36, Aug-2022 ETA for the C9200L-48, Mar-2022 for the ISR 4321.

I want to stick with the Meraki's for the firewall and APs because of their integration in to the existing dashboard, and want to stick with the ISR 4321 because of it's config with our Call Manager PBX, but I suppose I am flexible with the switches since those are standard config without much complexity or integrations.

My org is expecting to go through multiple acquisitions in the near future, where we normally do a rip-and-replace of all of their network gear, but it looks like I wont be able to do that.

Anyone else having any luck?

ASA inside interface stopped working, now DR site is down

Hello - I'm currently troubleshooting an ongoing outage, on about 4 hours of sleep, so I apologize for the brevity and/or ranting (and several things I'm leaving out - I can provide some config snippets, but need to know what I'm grabbing as my options are limited at the moment).
To make matters worse, our reseller (and myself) didn't realize that our SmartNet contracts are all sorts of jumbled up, so I can't get Cisco help until that's resolved, and my rep is on vacation all week. So I'm hoping someone here has some ideas of what to check, otherwise, I'm a bit up a creek atm.

• I have two ASAs, both 5508 running single context, active/standby failover on 9.15(1)1.
• Yesterday, while connected to the site via IPSec site-to-site VPN, I lost connection to some servers I had been working on (nothing network related). I checked my logs and confirmed with others that have access to the site that I was the only one connected to it at the time.
• We utilize 3 interfaces (technically a 4th for the failover connection) - outside, inside (10.91.x.x sub), and development (10.31.x.x subnet). These subnets are segregated from one another due to contractual reasons.
• Inside is blocking nearly all(? from what I can tell) traffic, even traffic from 10.91.x.x to 10.91.x.x IPs. EXCEPT on one server, I was able to ping its DNS server consistently(???). Couldn't ping the gateway IP (I do have ICMP allowed, and 10.31.x.x can ping its gateway interface).
• ACLs look good (I have inside_in and inside_out any/any set up with tcp, ip, udp, icmp, and gre permitted, outside_in set up with inside-network/any), FW rules look good, IPs look good. Even though it looks good to me, I have a feeling this is where the issue lies.
• I can access the URL for my RA VPN, but login fails as authentication server is inaccessible.

Troubleshooting I've done up to this point:

• Failed over to the secondary unit
• Rebooted both units
• Swapped cables and ports on the ASAs (including reconfiguring temporarily to test)
• Bypassed switches to rule out failure, also rebooted them just in case
• Tried to check through the logs, didn't really find anything* though I'm not 100% sure what I'm looking for
• Ran packet-tracer on 10.91.x.x to various IPs, internal and external, and I did see drops from implicit rule, but I'm not sure why this would occur since I have explicit rules to allow traffic
• Went to restore a previously known-good config - except that server has crashed on me (this is my utility server I was working on replacing, my fault for not having multiple backups, but it's considered sensitive data and I have a limited budget/resources to work with)
• Compared config to my production setup, and aside from differing IPs and associated rules, I can't find where the discrepancy is.
• Did a lot of 'toggling' of rules and settings to make sure they were actually applying appropriately (like same security and intra-interface)
• Scoured the hell out of Google, Spiceworks, reddit, etc. Hard to find this specific issue since many of the terms lead to things like 'can't ping firewall interface' or 'can't ping from subnet A to subnet B across interfaces' etc.
• I know there's more, brain is mush right now, again, apologies.

*I did notice I'm getting recurring syslogs -

• 105005 (Primary) Lost Failover communications with mate on interface inside
• 105008 (Primary) Testing Interface inside
• 105009 (Primary) Testing on interface inside Passed

A few things for this; failover is working as intended, I did it several times while troubleshooting/replacing cables. The fact this is showing on the inside interface is a bit of a head-scratcher to me, as I have a dedicated interface for this (1/8). Config is synchronizing between the two as intended.

I have a jank remote setup right now, and it is painfully slow (sometimes up to 30 second input delay/latency). I mention this because my project manager noticed slowness/instability while trying to copy some files to development. Not sure if it's a symptom or result, but figured it best to mention it.

Here's the inside interface summary. I forced full-duplex just to test, it was on auto. I'm seeing a very large number/percentage of packets dropped here, but there are also 36k frame input errors:

Interface GigabitEthernet1/2 "inside", is up, line protocol is up Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec Full-Duplex(Full-duplex), Auto-Speed(1000 Mbps) Input flow control is unsupported, output flow control is off MAC address [redacted], MTU 1500 IP address 10.91.0.1, subnet mask 255.255.0.0 17298289513 packets input, 1018497271172 bytes, 0 no buffer Received 10078447114 broadcasts, 0 runts, 0 giants 36646 input errors, 0 CRC, 36646 frame, 0 overrun, 0 ignored, 0 abort 0 pause input, 0 resume input 0 L2 decode drops 28498570 packets output, 1863301746 bytes, 0 underruns 0 pause output, 0 resume output 0 output errors, 0 collisions, 0 interface resets 0 late collisions, 0 deferred 0 input reset drops, 137 output reset drops input queue (blocks free curr/low): hardware (1936/1819) output queue (blocks free curr/low): hardware (2047/1880) Traffic Statistics for "inside": 10068774740 packets input, 565640511567 bytes 28498570 packets output, 841532575 bytes 9042963696 packets dropped 1 minute input rate 155031 pkts/sec, 8612806 bytes/sec 1 minute output rate 309 pkts/sec, 8925 bytes/sec 1 minute drop rate, 138571 pkts/sec 5 minute input rate 170719 pkts/sec, 9507231 bytes/sec 5 minute output rate 387 pkts/sec, 11070 bytes/sec 5 minute drop rate, 154315 pkts/sec 

Any help would be incredibly appreciated. Even if you don't have any suggestions, thank you for taking the time to read.

Side note - what are you guys doing for logging? My logs always seem to fall short of my expectations. I've tried to look into best practices for this, but I couldn't find much. I also had issues trying to send these logs to our SIEM, but that's a different can of worms.

Switch Suggestions (8P, SFP, 1G)

Hi Reddit,

I‘m currently designing an industrial network for one of our customers industrial plant. We have a network with approx. 500 devices.

We have one computer located 350m apart from the main building. We‘ll need to run fiber to that machine, obviously. So for that machine I‘m looking for a switch. Currently we would use some kind of HP OfficeConnect switch, but this seems to be a quite cheap device, not ment for 24:7 industrial applications.

The switch must meet zhe following criteria: - not to many ports. Preferably 8 - equipped with a SFP port - support VLAN - not some BS cloud management

I found an Aruba switch. Which looks promising: https://buy.hpe.com/ch/de/networking/switches/fixed-port-web-managed-ethernet-switches/aruba-1900-switch-products/aruba-instant-on-1930-switch-series/aruba-instant-on-1930-8g-2sfp-switch/p/JL680A

Any suggestions?

How does edge computing work?

I'm curious about how things like CDN's work (or any global geo caching mechanism), how is the user's request routed to the closest edge node, how does an architecture for this whole thing look like and where can I learn more?

Networking Re-Design

Hello Networking-Redditors,

i am tasked with the challenge of re-design an entire companies network.

The company currently consists out of 3 Sites with the following Subnets in Place

Site A: 172. 16. 50.0 /24

Site B: 172.16. 51.0 /24

Site C: 172.16.60 .0 /24

Those Companies were managed by a MSP before who has defined that ranges 10 Years ago.

Back then there was no budget for a Layer 3 switch they said.

In each of those Subnets are multiple Servers, VMs, Storage Devices, Clients and Printers.

Layer 3 Switches have been approved now we need to talk about the addressing design.

I would have liked to start from the scratch by defining three new 10.X.X.X/16 Networks but after suggesting this i was told i should keep the administrative overhead as small as possible. They want to leave one site entirely untouched. Site A are 80-90 Static devices, Site B consits out of 100-120 static devices, Site 3 out of 30-50. I appreciate any ideas, Thanks

airmagnet predicted survey certification

does anyone know how to get your airmagnet predictive survey certification?

What IP addresses does an application use

I do IT support at a large organisation and one of out network engineers asked me to go check what IP addresses are in use for one of our clients.

We have some users that work only for this client, but we have multiple /24 ranges that needs to be routed through a S2S VPN just for one java-application and one webbased tool. He has send me 3 ip addresses that he can see are being used, but wants me to check if there are more.

I don't really know how where to start, should I just install wireshark and open the tools? Or should I go and try to filter in our gateway for IP addresses that are within the /24 ranges that go to the S2S VPN.

We use Windows computers, Cisco switches and Palo Alto routers.

Migration of workloads in a DC environment. Is this really a problem?

Hello,

I am learning EVPN/VXLAN technology from scratch. I have figured out the basic concepts of how these protocols work. I understand that L2 traffic is transmitted over L3 underlay between VTEPs, that VXLAN = data plane and EVPN = control plane, understand how they work together, etc. But there is one thing whose value I cannot understand.

One of the features explicitly mentioned in almost every EVPN/VXLAN book is the ability to "migrate workloads (BMS, VM, container)". But I can't figure out what the actual pluses are compared to the legacy VLAN technology. Ok it's done via control plane, not via data plane. I undestand it. But what are the pros of this for say DevOps or network engineers in terms of operations tasks?

Let's say if we migrate a VM from one physical server to another which is connected to legacy network (without using EVPN/VXLAN), the new mac address location will simply be updated through a normal "flood and learn" process = the VM will send traffic, mac tables will be updated, etc. Give your opinion, please, maybe I just don't understand the problems faced by DevOps and system administrators in large DCs.

Is this normal?

A friend of mine opened a business where there was no good internet. So he had paid at&t to install a fiber line to his building. I believe he spent around $20k for everything including equipment, and pays around $600/month. Only to get 40mb/s down and 20mb/a up. He wants me to help him figure out a way to fix this. Is this normal for a custom installation to have such a high monthly cost for such low performance? Just seems a bit ridiculous.

Digi wr11 Verizon super slow

I recently purchased a Digi wr11 and got it setup with a Verizon sim card. I used the default configuration and updated the firmware to the lastest version. The latency is looking very good and has a good cell signal. The signal light blinks 6 times indicating it's connected to LTE. When I run a speed test I am only getting 2-3Mbps down. It I run a speed test from my cell phone witch is also connected to Verizon LTE I am getting 90Mbps. I am wondering if I need change any settings in the digi device or if I should call Verizon?

Help with troubleshooting ISP service; only have access to client's ONT and my own laptop

Hello guys, really would appreciate some help. I'm working as an HeadEnd Technician for an ISP that's rn currently transitioning from HFC to Fiber. We are a franchise company and all our routers, OLTs, Mikrotiks, etc are configured remotely from another city. All I do is taking care of all electric, fiber cables, A/Cs and other physical elements of the HeadEnd, as well as helping from the HE when there is an optical node in construction or a fiber cut.

Recently our department have been assigned other function: We must visit all clients that complain about the internet speed. What are some test and tools I can use to discern the cause of packet loss, high latency, wireless problems and slow internet issues that I can make with only the client's ONT and my laptop or my smartphone. Any guidance, book, video, blog or tip you can give me will be highly appreciated. Please remember that I can't access any of the network devices on the Head end.

Thank you in advance.

Can you safely power a device with a PoE splitter that's the same voltage but at a higher current & power?

I have a device I want to power via PoE. The adapter that came with it lists +12vdc, 0.5A, 6.0W. Barrel connector 2.5/5.5 mm.

To power it with a PoE splitter, I know getting the voltage is important but what about the amperage and wattage?

Ideally, I would find a PoE splitter that matches it perfectly and I'd call it a day but I'm having a hard time finding one.

Will it break the unit to use something that has the adequate voltage (12vdc) but additional current and power specs? IE 12vdc, 1.2A max, 15.4 W.

If I remember correctly, the amperage and wattage specs are just maximums and the device itself will pull whatever it requires which should be less than its maximum capacity.

Rant Wednesday!

It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related.

There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves!

Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it.

Multicast Video, IGMP from CMTS works with 'intelligent' Cisco switch off modem only

We have a weird permutation where .. if we hook an iptv multicast Set top box off a cable modem .. one works 'fine'. Two .. dont work right. We have a case where if one leaves a channel it dumps it on both STBs. odd part is .. if you put a Cisco 3750E inline.. that solves it. Were looking for insights.. we do see the 3750E sees the multicast querier coming from the CMTS. Ideally we are trying to get this to function with low cost equipment not cisco gear. Looking for some insights to troubleshoot igmp in this case..

​

Basic network summary, 10GigEs source multicast via PIM to a routed cable mac interface that is pim enabled and igmp capable the other end is a bridge only modem TM3402. Works with 3750E on the modem .. but using built in modem switch does not work properly a dumb switch does not work. we are sourcing a dumb snooping capable switch (netgear) to test further.

Microsoft RAS VPN will not work connecting from a IPv6 endpoint

I have setup a new Microsoft RAS VPN with user certificate authentication. It works great on IPv4. I have setup IPv6 in our DMZ because our phone carrier (for staff hot-spotting) is now IPv6.

The problem is that after successfully establishing a connection on a IPv6 client, traffic is sent on the connection (which is all IPv4) but nothing is ever received. Our internal servers also never receive the traffic from the RAS server. I used our Fortigate sniffer to confirm this.

Oddly, I can connect from a IPv4 network (client-side), then change to a IPv6 network, allow IKE connection to re-connect and it works fine! But if I manually disconnect and connect again traffic fails.

It is possible that this is nothing to do with IPv6. I only have one ISP with IPv6 that I can test.

$5 worth of Bitcoin Cash to anyone that can solve this for me.

Question about L3 switch within a system.

I'm doing a project to show it for a Job next week.
Anyways, I have three sites.
in all of those sites I have three L2 switches, those switches are supposed to connect to two L3 switches, but then I need to connect those switches to a router.

Do I even need to L3 switches in my topology?

And as a bonus question, how can I improve redundancy between those sites?

​

https://imgur.com/a/M5VwtMG - image of my topology

Cisco iPSK

For devices without support for Dot1x we would like to have a dynamic PSK SSID. Meaning that based on PSK entered you get different authorization results. But it seems to me that maybe I misunderstood this, because still you need to relay on MAB and Identity Groups to match the condition on the authorization policy. That is because ISE does not know the password entered. It will simply send the WLC the expected password and then it’s up to it allowing or rejecting the client.

What I don’t understand is the real benefit of this. If you still relay on MAB why having multiple PSKs would be beneficial?

Also, is there any hidden tip to achieve different authorization results based on PSK? Not really sure how mPSK would play here neither.

elegant way to attack and disable traffic to network node

what would be the most elegant way to block all traffic to local network node (computer) which may be connected trough LAN or WIFI with known IP address. Without reconfiguring the router. This should affect one particular node while allowing other to work. Attack is going to be performed from other computer on the same LAN.

So my question which is the most elegant way? IP address duplicate or MAC duplicate or ARP spoofing or anything else? Just point me out.

Lumen or Verizon for DIA

Hi guys

I know I am dealing with two albatrosses and each one is going to give me a headache.

I can't stand dealing with Verizon, and everything going over to Manila. They don't reply without being prodded multiple times and then I get a reply in tattered English. However, my dealings with them are such that if the service is up there really is never ever an issue. Just pray you never need to deal with a billing concern.

I see here that people say lumen is only for people who have off-the-charts pain tolerance.

Whichever provider we select, and they are similarly priced, will serve as a backup circuit to our circuit from First Light.

So I guess actually it does not really matter. But I am looking for feedback if there is a compelling reason to go with one over the other

Fiber test certification

I have a request from the project manager.

We have a new facility that will get a bunch of fiber run, and when we've done this in the past we've asked the contractors to certify everything. Honestly I've never really paid a ton of attention to it, as long as we get light through the cables it's fine.

What is being asked of me now is what is the "certification" defined as? Is there a particular certification level for testing OM4? We want to run 25G over it and I am being asked for standard that we're testing against.

Ikev2 IPSec VPN Between Cisco ISR Router and ASA

I am trying to establish a VPN on a P2P link between an ISR 1100 router and an ASA. I realize P2P is inherently secure because it is private, however this data needs to be encrypted regardless.

I am having an issue I just cant seem to figure out. The router interface 192.168.244.2 connects directly with the ASA interface 192.168.244.1 however after I configure my VPN and crypto maps on both sides, the SA will not establish. My crypto map is applied to interface gi0/0/0 with ip 192.168.244.2 and the ACL allows any any.

show crypto session shows the shows the session on the router is DOWN. A debug of ikev2 shows the vpn getting past the IKE_SA_INIT stage and getting to the IKE_AUTH phase. However, it fails at that point. It creates an IKE session with ID Pair (192.168.244.1, 192.168.244.2) UP but then a few lines later sends a Queuing SA IKE Delete Request Reason: Unknown and then sends a Delete packet to kill the SA.

Does anyone have experience with this that can help me out? This is my first time configuring a Router to ASA VPN over a P2P and I could really use some insight.

Career transition to Sales Engineer (and back?)

Hi all,

I was hoping to get another perspective on what it's like to transition from a technical role in an organization to a presales SE role for a large vendor. I might have an offer coming down the pipe and want to be able to make an informed decision.

I have over 10 years of experience in a "pure" networking role. I've always been on the customer side of the table when it comes to sales and so on. It seems like it could be an interesting new challenge for me, but I feel a little blind as well.

Would anyone who's made the transition be able to share a bit about your experience? How's work/life balance compared to a support role in your experience? The pay, opportunity for advancement? Anything else you wish you knew?

And in case it ends up being something I don't enjoy, what about the path back? Will organizations see such a role on a resume and run the other way? Is it possible to successfully transition back to the other side after a year or two or am I handicapping myself?

Sorry for the rambling and maybe silly questions. It's been a long time since I've entertained such a career change. Just hoping for some guidance and maybe a sanity check. Thanks in advance!

Orhan Ergun CCDE v3 boot camp worthy it?

Hi, I am thinking of give it a new try to CCDE on it's new version 3. I've attempted v2, attended Jeremy Filliben's bootcamp, and I am thinking now of trying Orhan's self-paced training. Has anyone taken it? Is it good? Any other suggestions?

Where to decrypt https traffic?

If you have a NG firewall and load balancer with WAF in the path of the traffic and both have capability to decrypt traffic to allow for inspection.

NTP Issue?

I can ping ip addresses everywhere, externally and internally, but when I try pinging a hostname like facebook.com or google.com I can't. This is only on the Cisco device. Clients can ping everything. Do you know whats wrong?

The plague of $25hr.

This is mainly for the technician side but I have seen Network Engineer positions paying the same.

Is anyone else experiencing this? For background I am Network Technician for a large Telecom in the Kansas city market. Currently I make a little more than $34hr.

Almost every job I see or a head hunter contacts me about is $25hr. I feel like the companies have decided that is the new pay rate they are willing to pay and won't budge. Luckily for me I have a job and I can be picky. The pay may be different in your area but are you seeing this same trend?

GRE or L2TP

Our new anti-DDoS provider has asked me what tunnel I prefer to use. Does BGP works better with gRE or L2TP? Can someone help me on this ?

Multi-Site Subnet Scheme

A while back I remember reading a post that I believe was in this subreddit discussing subnetting at multiple sites. One person was discussing how instead of using the second octet as the site identifier (10.site.X.X) they use the third octet (10.X.site.X). And then what they do is use the same second octet for each purpose at each site. so (10.1.site.X) would be for users at all sites. I believe their stated purpose was that this would allow an easier time making ACL's if all networks of a certain type at multiple sites needed ACL's set. So you just allow 10.1.0.0/16 and you're set if that was needed.

Would anyone care to discuss the merits of this vs using the second octet as the site identifier and give any pros/cons of both?

Extending Fiber - Repeaters or Switches?

Looking for some input on the best practice to handle this. Working on a project to where I'm needing to extend 20, 10Gbps, 1510nm fiber runs. These units will need to use 100km optics to get the signals to where I need them to go. I might be able to mux/demux them, but I haven't explored that route yet. They will also be house in climate controlled outdoor telo cabinets. And cost is a huge factor in this.

I have not found very many rack mounted repeaters out there. The few that I did find (fs.com) but after adding all the bits needed, it's nearly the same cost of a decent 10Gbps switch.

Has any worked this kind of situation before? Essentially, I need to extended 10 fibers to 180Km and the other 10 to 275Km.

Career transition to Sales Engineer (and back?)

Hi all,

I was hoping to get another perspective on what it's like to transition from a technical role in an organization to a presales SE role for a large vendor. I might have an offer coming down the pipe and want to be able to make an informed decision.

I have over 10 years of experience in a "pure" networking role. I've always been on the customer side of the table when it comes to sales and so on. It seems like it could be an interesting new challenge for me, but I feel a little blind as well.

Would anyone who's made the transition be able to share a bit about your experience? How's work/life balance compared to a support role in your experience? The pay, opportunity for advancement? Anything else you wish you knew?

And in case it ends up being something I don't enjoy, what about the path back? Will organizations see such a role on a resume and run the other way? Is it possible to successfully transition back to the other side after a year or two or am I handicapping myself?

Sorry for the rambling and maybe silly questions. It's been a long time since I've entertained such a career change. Just hoping for some guidance and maybe a sanity check. Thanks in advance!

Orhan Ergun CCDE v3 boot camp worthy it?

Hi, I am thinking of give it a new try to CCDE on it's new version 3. I've attempted v2, attended Jeremy Filliben's bootcamp, and I am thinking now of trying Orhan's self-paced training. Has anyone taken it? Is it good? Any other suggestions?

Dedicated Server for VMWare Workstation running GNS3

Hey everyone,

I'm looking to build a lab on a dedicated server which involved many devices (routers, switches, load balancers, firewalls). I currently have separate instances for firewall setups, load balancing setups, etc on my laptop, and it's just messy and my machine doesn't support everything running at the same time (not enough memory, cpu, etc).

I was just wondering if anyone has any complex setups with a lot of devices running simultaneously, and what recommendation they have to run it smoothly? I was thinking about getting a simple power edge like the below:

Poweredge T420
Dual Socket w 2x Xeon CPU E5-2407
32 GB Memory (may need upgrade to 64gb)
16x 2.5” Drive Slots w: 2x600GB 10,000 RPM HDD
sPERC H710P RAID Card

Thanks!

High amounts of data transferred between Web and Database Server - how to identify source ?

I hope this is the right forum to post in ... apologies if it's not.

My IT infrastructure personnel showed firewall logs capturing huge amounts of data transfer between Webservers(2 Windows 2019 servers load balanced)and Database server (SQLServer 2019 with multiple databases). We are talking 500 GB, 900 GB data transfer spikes in 30 mins interval approximately once in 5 days at random (happened twice in one week). When there is a data transfer spikes like these eCommerce sites hosted on the web server go down and they recover automatically without any intervention.

CPU & Memory on both web server and database server looks fine when this happens. The eCommerce sites that are hosted on the web server are not very high traffic sites(max 700 users). Checked the event logs and database server logs nothing unusual that jumps. Same set of jobs run on the servers everyday. Total size of all databases combined is 200 GB.

So how to find what is causing the large data transfers between the database server and web server ? We have no visibility into what this data is other than total bytes sent and received through firewall log.

Any pointers would be highly appreciated. Have already checked for malicious activity - nothing we can find.

Remote Desktop Protocol

Anyone here with leads or links about where I can get RDP for Philippines?

Firewall died, replacement is going to be a week or so. Looking for a FOSS firewall/VPN solution that can do "dial up" style connections.

Hey everyone, I'm a sysadmin looking to cobble something together that will last a week tops!

It's been a Monday for sure!

We had a Fortigate dedicated as a phone vpn server. It had an IPSEC tunnel configured and our VPN phones can tunnel in to it. Similar to how a SonicWall GVC setup would work.

The fortigate is dead and I've tried to get a similar setup working with Pfsense and Opnsense with no luck. It seems the fortigate also took care of assigning virtual IPs to the connecting peers/phones as well.

You guys know a solution I can build to get us by? I can't think of any more firewall/vpn solutions off the top of my head that can do this sort of configuration like the fortigate could... I was able to build the tunnel with pfsense/opnsense but I couldn't quite figure out how to get the phone a private IP.

Thank you!

Why no 1550nm optics for 100Gb/QSFP28?

Maybe this is a really dumb question, but why are there no 1550 extended range optics for 100Gb? They existed up until SFP+, but for whatever reason it seems like 100Gb extended range optics use 1310 now?

The reason I ask, is because I have a leased pair of dark fiber that has been CWDM'd by the provider to be only 1550. It's been 10Gb for awhile now, but we're looking to move to 100Gb and there doesn't seem to be any option here.

Route public IPs to different servers

I have 5 public IP addresses .160 -.165. The internet is DSL using a Zyxel C1100z modem that is then connected to a Linksys EA3500 router.

We have only ever used 1 of these IP addresses for basic internet and VPN connections to our office server. I would now like to use .162 to connect a second server to the internet so that it is directly addressable and will have a domain name etc…

I can not figure out what I need to do to make this happen. Can anyone give some guidance on how to do this?

What caveats exist for modifying the MAC address table aging value?

TL;DR: Are there any concerns/caveats with changing the MAC address table aging value when using 802.1X or otherwise?

 

The default value is 300 seconds (at least on the Cisco 2960X platform, I think that value is pretty common across the board though) and I'm thinking of bumping it up just a bit to try to accommodate a weird issue we're having with some security system controllers.

 

We have these particular controllers at several of our locations but only a handful are having issues where the security company can't communicate to them to push new access rules. We have to bounce the ports and then the device is reachable again. When the device is unreachable the port shows up/up, there's usually an ARP entry that hasn't aged out yet in the upstream router, and there's no MAC address listed in the table on the switch BUT there is still an auth session for the MAC on that port.

 

As for why I'm looking at the aging value, according to the security company the panels check in every 6 minutes and whenever a badge reader is used. One of the common denominators that the afflicted locations have is that they don't have a lot of readers on interior doors, so it's totally plausible that depending on whether or not employees at that location brought their lunch with them that day that it could be hours until a given badge reader is used again. Which brings me back to the regular check-in. Even if the MAC has aged out it I would think it gets repopulated as soon as the panel goes to check in again, but this doesn't appear to be happening.

 

My current hunch is it has something to do with our 802.1X configuration on the port because I took it off one of them and there hasn't been a problem with that panel since. We have to have it though so I've got to figure out what part of that configuration is the problem and how to fix it, and since whether the panel is reachable or not is tied to the presence of the MAC address in the table I'm thinking of changing the aging value for that VLAN.

 

I may be worried about nothing regarding the aging value but I imagine those values are a way for a reason and I've never been in a situation where I needed to change this one so I'm trying to make sure I'm not doing something completely stupid by bumping it to say 400 seconds instead of 300.

Bonjour across an L3 Boundary

I am running into a bit of a brick wall, and I wonder what solutions this wonderful Brain-Trust has to offer.

I have been tasked with allowing users in our “Guest” network to see and print to devices in our “Secure” network and to be discoverable via AirPrint. No big deal, right?

We are a Cisco shop. The locations for this request run on 2960X or 9K switches, 4K ISRs, IOS Firewall, 3802 or 9130 APs in FlexConnect, Centralized WLC, DMVPN to Core.

Here’s the rub:

· I can’t turn on mDNS snooping since no actual traffic will hit the controller meaning the services table will never populate.

· I can’t enable mDNS-AP since the APs are in FlexConnect.

· I can’t rely on multicast routing since Bonjour’s TTL=1. (or CAN I get away with this using PIM?)

· I don’t believe that placing a gateway appliance at each location is the most scalable solution.

Are there other options that I haven’t thought of? Any help is greatly appreciated.

Amplified Butt set that isn’t a freaking heavy brick that I can keep on my person at all times?

Also a micro laptop that I can keep in my shoulder bag. Doesn’t have to be a tough book just needs Ethernet.

Wireless dBm confusion on Meraki

Hi, I have a question regarding the readings on a Meraki wireless estate when seeing a clients signal strength versus other readings from other devices such as my phone when using apps such as WiFi-Analyser. According to Meraki, the SNR is used to determine the signal strength of a client, so the higher the final dBm reading the better. However, when using other apps or platforms, they show the lower the dBm, the "better". What do these measure to determine the signal strength? Just the received signal?

Thanks again

Best way to deal with connecting 2 sites via fibre

I currently have 2 sites which are independent and I use a VPN to connect the 2 and each has it's own subnet.

I am getting a fibre link by my provider which will be plugged straight into my switches and will essentially connect them up, I am not sure what the technical term for this is but they have assured me that is how it will work.

Given the following subnets, how do I get them to talk to each other? Will it just work because of the routing that is already in place at each end or do I need to do anything else?

Site A 192.168.1.0/24
Site B 192.168.2.0/24

Thanks

filling the knowledge gap

i work with complex networks from basic ospf config to very advanced ospf and bgp troubleshooting, I'm good at my work, but here is the thing i skipped a step i never took the time to really learn what ip packet look like, well i know some of the field src/dst mac/ip obviously, but i need to go deep i don't know what tcp packet looks like beside some stuff, i need to learn http in boring details, what RFCs or anything else should i read? the material i got hold of are simple stuff for network noobs, i know im seeking very basic knowledge but still i would rather something straight forward given my technical knowledge

Spectrum port forwarding for OpenVPN server

Hello everyone,

I have an ubuntu server holding an OpenVPN server. I have set a static IP and have opened up port 1194 UDP. When going through the spectrum app to port forward, it has me set an "IP reservation". This is only for a device on my network. I have port forwarded through that device and when I try to connect via VPN, it shows that it is trying through my router public IP address. It then follows with TLS Error: TLS key negotiation failed.

Any advice on this?

Regional Internet registry matters?

Does Regional Internet registry matters? RIPE is Europe based, but can i use them for US? They seems to be cheaper than ARIN, can I use RIR instead of ARIN if I am US based? Any idea what would be the down side?

Configure Juniper MX104 for in-line NAT on a specific routing-instance, outbound NAT not working

Problem:

I am able to get inbound NAT to work, however outbound nat refuses to work no matter what I try.

System: - MX104 v20.4R3.8

L2/L3 configuration:

• L3 to next hop router is routing via eBGP. Routes are being advertised to me properly.
• I am advertising our NAT pool (222.5.7.0/25) properly (I think). to get the NAT pool to advertise I needed to build a static route in the routing-instance. To do this I built a simple drop statement with the NAT pool subnet.
• All BGP routes are in their own routing-instance.
• I built an internal subnet (172.30.0.0/25) net just for testing NAT and put the irb gateway interface into the BGP routing-instance. The IRB is where our default gateway lives and I used bridged domains to connect to other interfaces (kind of mimicking vlan interfaces in Cisco in this way)

Trouble shooting:

• I read though all of this link, did not help.
• service interface is built, and confirmed the built in MPC should support static 1-to-1 nat.
• I tried using the service interface on unit 0, as well as configured for route based nat via next-hop service domains in two separate units, neither worked same results for each method. Currently set to a single unit 0 service interface.
• I have not found any easy to view trace logs for NAT.
• tried swapping service interface units, source-prefixes and pools, nothing works.
• the current configuration does not include a nat pool, want to make sure 1-to-1 /32 ips work first.
• When I did try using a nat pool, performing a show services inline nat pool or show services inline nat statistics always showed no results, I dont understand why.
• No matter what, the MX104 refuses to translate outgoing packets, so far end hosts will always see the original IP. What am I missing here?

Config: Be aware this is a slimmed down config, if you need more let me know.

set chassis fpc 0 pic 0 inline-services bandwidth 1g set interfaces si-0/0/0 unit 0 family inet set services nat rule SVC_NAT_RULES_01 match-direction input set services nat rule SVC_NAT_RULES_01 term rule01 from source-address 172.30.0.47/32 set services nat rule SVC_NAT_RULES_01 term rule01 then translated source-prefix 222.5.7.47/32 set services nat rule SVC_NAT_RULES_01 term rule01 then translated translation-type basic-nat44 set services service-set SS_NAT01 nat-rules SVC_NAT_RULES_01 set services service-set SS_NAT01 interface-service service-interface si-0/0/0.0 set interfaces ge-0/0/3 unit 22 family inet service input service-set SS_NAT01 set interfaces ge-0/0/3 unit 22 family inet service output service-set SS_NAT01 set routing-instances bgp-net routing-options static route 222.5.7.0/25 discard set routing-instances bgp-net instance-type virtual-router set routing-instances bgp-net interface si-0/0/0.0 set routing-instances bgp-net interface ge-0/0/3.22 set routing-instances bgp-net interface irb.111 

Azure AD as Primary Mode of authentication

Hi I currently have a project wherein we are migration from the onprem AD to Azure AD. As onprem and Azure AD and Azure AD DS are very complete different services im wondering how can we integrate it to be used as mode of authentication.

The setup that most engineers are familiar are using NPS and using windows security group to provide rbac. With Azure AD is this still possible? Ive read that SAML SSO is one option but have not read much into it yet. So if any of you have similar setup or experience, knowledge base would be a great help. To sum it up is use the Azure as primary mode of authentication to device login(AuthC) like switches routers firewall, etc. and use it for WiFi Auth.

RouterOS to end all

I see ML accelerated software, I see DPU, I see switches with HW I see AI Acces Points, I see GPU encode/decode I see GPU accelerated reality.

WHERE IS MY GPU ACCELERATED ROUTER/FIREWALL????????!!!!

If there are NVIDIA-Mellanox Software DEVS/Managers here please look into it or anybody for the love of price/performance.

Noob Question for the non-initiated

Our church just bought a new building, and I’m trying to help it get out of the networking Stone Age. My technical background was radars, so I’m familiar with the networking interfaces, but have never really designed a commercial network from the ground up before, so I’m here begging for help.

I need WiFi6/802.11.ax over four access points (MESH is a must). And I need a PoE router that can handle it while being simple enough to be managed from a dashboard. And being a church, I’ll be using a DNS for filtering out adult content. We will be uploading the livestream feed via hardline.

I have found several access points that handle the bandwidth 3600+, but they don’t advertise MESH. Is that something that will be handled by the router? What am I missing here?

Thank in advance. The help is greatly appreciated.

Sophos might be a good AV but not a good firewall/router appliance.

Three months before a previous network admin left he signed us into a 5 year agreement with Sophos and our org. It has not gone well. This is a post to advise others to not buy into the sophos appliance hellscape I have found myself in.

We had bought 2 XG 750 (Top model in the XG lineup) 2 XG 450 and 20 XG 210. The only difference between the devices is the throughput of internal hardware, the 750 and 450 are modular devices.

Reasons why to buy a 150$ netgear router from wallmart. 1. 1st 750 failed to perform proper L3 functions and had to RMA the entire unit and modules. (Confirmed by ISP and Sophos Support). 2. RMA unit received for the 750 had dust around the exhaust fans and the vents it goes through showing I had received a used device to my new. 3. all 210's I have received with firmware must be manually updated to latest firmware before use as it will factory default the device and you cannot use backups from that device to restore it. you must reconfigure from scratch. 4. Quality difference between Sophos pro support and general support. If you are having a problem with your firewall and you need assistance good luck with the general support line as the person you get may or may not be the first time he has seen the appliance. Compared to pro support to where they do know what they are doing as they are certified network engineers themselves but support with them MUST be a scheduled event and cannot be contacted in the event of an emergency. 5. Site-to-Site VPN are not interfaces... WHY? 6. Router on a stick does not work as there is no way to set up dot1q properly. (you cannot specify a native/untagged vlan) 7. End device VPN is not close to other providers. (I have to have users preauth before the log into the windows OS as not all users are not at an site with a router and due to that I have to keep my Cisco 5525-x appliance for another 5 years for Cisco Anyconnect.) 8. Ports https://imgur.com/a/qJbD4no Some of these are SFP and some are copper, no they are not in order of the module, and no you cannot change the hardware identifier. The only why to know what port is what is to go through every port on the device, apply a subnet to it and plug a device into it and see what IP you get to correspond to that interface it is and label it properly. and even then there are some elements in the GUI that only looks at the hardware name of "PortB3" making your interface names useless so if you not have an external doc on hand with the mappings or have them all memorized good luck. 9. Sophos RED. (priority protocol for Site-to-Site VPN.) IF you want to use any dynamic routing protocol you cannot use Sophos RED, sorry you must use static routes for your subnets. 10. No DHCP options, if you want DHCP options you must relay them to another DHCP server.

It has been just nonstop with these devices to where a cisco 1941 would outperform them.

Just listen to every other network admin here and get a Fortinet as they actually make routers/firewalls as their backbone product.

Need help! Cables are not threading from Antenna to Modem

https://imgur.com/a/orQ4HRt Need assistance with coaxial cables not connecting. I tried my best but I don't know anything about coaxial connections.

Company needs a Panorama Antenna that is outside connected to this Modem(1st image)
both the Antenna and the Modem look to have, what I understand, an SMS-Male connector.

Seeing as this was the case, I purchased some SMS-Female connectors. To my surprise, it didn't fit because it wouldn't thread. The size looks correct, but the thread is wrong? What kind of adapter should we purchase?

Thank you for all your help!

SoftEther VPN server → client ping stops working after 30 seconds

I'm setting up a VPN server for a project where clients need to be able to contact each other and the services on the server.

Most works fine and dandy, and all clients can ping each other. The strange part is that after connecting, the server is able to ping the client for about 30 seconds, and then stops. See example below (ran server-side).

$ ping 10.0.0.10 PING 10.0.0.10 (10.0.0.10) 56(84) bytes of data. 64 bytes from 10.0.0.10: icmp_seq=1 ttl=64 time=48.2 ms 64 bytes from 10.0.0.10: icmp_seq=2 ttl=64 time=24.6 ms 64 bytes from 10.0.0.10: icmp_seq=3 ttl=64 time=22.9 ms 64 bytes from 10.0.0.10: icmp_seq=4 ttl=64 time=23.7 ms ^C --- 10.0.0.10 ping statistics --- 48 packets transmitted, 4 received, 91.6667% packet loss, time 48044ms rtt min/avg/max/mdev = 22.948/29.857/48.190/10.599 ms 

So pinging works fine until it suddenly stops. Pinging client to server remains functional. Same behaviour for both Linux and Windows clients and other traffic such as HTTP. Works for a short time and then stops. The routes present in both clients and server seem okay to me (see below).

The SoftEther VPN server is running in docker as a privileged container and host networking mode. It has a TAP adapter called tap_soft with a systemd-networkd configuration. The SoftEther virtual DHCP server is enabled and serves IP's between 10.0.0.10 and 10.0.0.200, subnet 255.255.255.0 where the virtual host itself has 10.0.0.1.

networkd tap conf (/etc/systemd/network/tap_soft.netdev):

[NetDev] Name=tap_soft Kind=tap 

networkd network conf (/etc/systemd/network/tap_soft.network):

[Match] Name=tap_soft [Address] Address=10.0.0.1/24 

docker-compose:

version: '3' services: softether: container_name: softether image: siomiz/softethervpn:4.38-alpine volumes: - ./vpn_server.config:/usr/vpnserver/vpn_server.config restart: always ports: # L2TP/IPSec - "500:500/udp" - "4500:4500/udp" - "1701:1701/tcp" # OpenVPN - "1194:1194/udp" - "443:443/tcp" # Over https # SoftEther VPN - "5555:5555/tcp" - "992:992/tcp" network_mode: host environment: - PSK=${IPSec_PSK} - SPW=${server_management_password} cap_add: - NET_ADMIN privileged: true ... 

Routes:
Sever: 10.0.0.0/24 dev tap_soft proto kernel scope link src 10.0.0.1
Client: 10.0.0.0/24 dev vpn_vpn proto kernel scope link src 10.0.0.10
(These are automatically created upon connecting it seems)

Does anyone have any idea where the problem lies? Any help is welcome!

TIFU installing 1Gbps uplink switches

I recently designed the network infrastructure for a new build and installed all Cisco 9300 switches with 1Gbps uplinks. There are 4 IDFs each with their own 5 switch stack so the intention was to MLAG the uplinks to the core to allow scalability as internal traffic rarely ever got over 1Gbps.

This was also working fine and everyone was happy until just today I get told they’ve kitted out the whole building with Crestron AV kit. Specifically, NVX encoders and decoders for sending AV around the building to and from numerous rooms. I wasn’t made aware of that at the design stage but now I’m absolutely ruined because EACH encoder uses 1Gbps and multicasts. I’ve now got about 15Gbps constantly flying around the entire network to reach the decoders.

Lucky for me I got the modular uplink model switches so I just need to swap out the modules for 10Gbps but it was a very bad time when those encoders were switched on.

Golang ssh client - scrapligo vs gornir

Hello All,

I have just started to get my feet wet in Golang. I think I know its basic data structure, file IO operation, conditional logic etc.. I am ready to start interacting with network devices using Go. How are you guys making ssh connection to network devices? I see two packages gornir and scapligo. Any preference? I am leaning towards using gornir, as scapligo says "this is a work in progress, use with caution!" I also understand that gornir is sort of framework so gornir vs scapligo is not apple to apple comparison. At this stage I am just exploring and would like to found out what other community members are using ?

Thanks,

BGP between two switch VPCs at different DCs

Hey All,

I am trying to share routes over BGP between two DCs.

The connectivity between the DCs is two L2 DCI links configured with point to point networks.

The switches are Nexus 9ks and have a few server networks running HSRP in the VPC.

What I'm trying to achieve in terms of sharing routes between DCs: https://i.imgur.com/13xeB6i.png

Is this the design https://i.imgur.com/R1LZ7hR.png that would be required in terms of individual device peering?

Looking at this document https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/217099-ebgp-peering-over-vpc-on-nexus.html it kinda matches what I'm thinking is required in that second diagram I made.

So on the firewall there would be two separate iBGP peers as you would treat each switch as if they are standalone routers and not in a VPC.

If this was the design that would be required, how would the iBGP peering between the Nexus switches inside the VPC be done?

Would I need a new L3 connection between the Nexus switches? Currently the peer link is a trunked port-channel of two ports. So would I need to create a new transit VLAN on that peer link with SVIs on each switch which I can then use to peer between the two switches?

Would there be any issues in using the same VLAN currently in use between the firewall and the Nexus switches?

I could also technically remove HSRP in this VLAN as well once the BGP routing is implemented.

Are there any other things to consider when setting up this kind of configuration?

There also shouldn't be any reason I couldn't enable ECMP on the Nexus switches either to load-balance between the two DCI links. Right?

We also have VXLAN enabled to extend one of the VLANs between both VPCs, not sure if that would affect anything.

Would be great to hear from anyone who has implemented this type of configuration before and has any advice relating to this scenario or just in general about BGP on VPCs.

Thanks!

Effective ways of measuring packet loss rate

Hi, sorry this might be a dumb question, but I would like to know what do you think are the effective ways of measuring the packet loss rate of a network when TCP is used. Thank you very much in advance!

Essentially, I am simulating a linear network topology using Mininet, where two users at the two ends of the network are transmitting data through TCP using iPerf. To measure the packet loss rate, I am thinking either I can use Wireshark that sniffs at some point in the network, so I can get the number of packets that are not delivered successfully and the number of packets that are delivered. The loss rate is simply their ratio. However, if I understand correctly, the Wireshark will output all its monitored data to the disk, and given the simulated link has a bandwidth of 1gbps, the disk in my laptop (the device I use for simulation) should quickly go full. If I would like to run the simulation for hours, I guess Wireshark may not be a good solution. Or I am thinking maybe I can do some logging in the TCP kernel, so whenever the TCP receives an ack or a timeout/transmission is triggered, I can log correspondingly. In the end, I can just count the number of log lines. However, I think this might also be unnecessary and there should be a better solution for my case.

WPA2-Enterprise vs 802.1x

Is there any real different between those above two ? When I add wireless profile in windows 10 , those two option are listed as well.

Secondly , I remember for all 802.1x wireless authentication , we require to manually add the wifi SSID profile. Is this been changed in windows 10 ? Because I tested to just click connect the SSID , and key in username /password, it works as well.

Any explanation is welcomed

Wireless bridge or fiber for offices 300m apart?

Hi all,

I am building a Wi-Fi network for a location which has an upper office and a lower office about 300m apart. I am planning to have two or three Eero Pros providing Wi-Fi at each office, with the two offices connected by either hand-laid fiber—it is in a forested area of California and I reckon i could dig a trough between the two sites and lay fiber—or use a wireless bridge.

Internet will be provided by Starlink, but I would like the network to be able to handle up to about 1Gbps in case Starlink delivers on its promise of increased speeds.

I have a few questions:

1. If I were to go with fiber, what goes in between the RJ45 cable and the fiber cable? Is it a switch with ports for both types of cable ?

2. I have also heard GigaBeams are good. Would a GigaBeam or other Ubiquity wireless bridge be appropriate for this—and less of a headache than fiber?

Any guidance much appreciated!

What should I learn?

Goal : To interface with Cisco ,Junipe or Vendor agnosticr Routers and switches and get network Data ( this i am able to do barely using python and their native libraries but Just have that data in raw format only. ).

And build a website that displays real time data pulled from these Devices on Demand and real time also using SNMP/Telemetry, that can possibly also sit in a database somewhere. ......

What courses do I need to learn?. This seems a lot of resources, I would love a structured approach.

TOP, Dr.Angela 100 days python course, React course , freecodecamp, fullstackopen.

I understand it's a very vague question without the knowledge of what kind of data etc.

Note : I have other things in my list like telegraph, grafana, Prometheus ,influx DB which I'm also learning, it feels like a tutorial hell right now with all these things.

Moronic Monday!

It's Monday, you've not yet had coffee and the week ahead is gonna suck. Let's open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarrassed to ask!

Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected.

Note: This post is created at 01:00 UTC. It may not be Monday where you are in the world, no need to comment on it.

How to set priority or apply qos for voice and audio on cisco 3850 switch?

There will be an important meeting via zoom and I want to make sure everything works fine (audio, video, no delays etc). I was gonna create a policy map and set police to 10 mb. Is there something else that I should do? If so, please share. The switch the laptops will connect to is 3850 and ios 16.3.

Looking for recommendations regarding low-power high thread-count server for small ISP

I believe I'm looking for suggestions for low-power high thread-count servers (a pair) for a small ISP's DNS servers.

Low-power because one has to sit on a smaller amp circuit, high thread-count because that's what i currently believe is more suited for the application (powerdns or unbound, linux).

But if your experience says my assumptions are not so good, i'd love to hear what i should be looking for instead. This is entirely caching/forwarding DNS servers, not authoritative. For less than 10k customers.

Thank you for your time!

Dell Vs Cisco Small Bis Vs Netgear

I know many wouldn't want to select one of these three, but I am interested. Back story, we are going out to look at new campus edge switching and dell are very eager to push their power switch n series kit, I know I've heard horror stories of dell kit but it's cheap and that's obviously getting attention.

So back to the question, if you had to play snog, marry, avoid on the following three what would your gut say for a 300 user site:

Dell power switch n series

Cisco small business 350

Netgear M4300

Or other dell priced competition??

Thanks

Anyone want an extra Extreme AP?

I have an extra Extreme AP305C that I got from a training that I took at my old job. It’s literally been sitting in a box for almost a year and I have no use for it. Before I recycle it I figured I’d ask if anyone could use it. If you pay the shipping it’s yours I just feel bad throwing it out. Pm me for pictures.

Anyone use Astaro Gateway / Sophos at the workplace?

I have a humbling question.

If my employer uses Astaro/Sophos to filter their Wifi. I'm curious as to how much of my browsing history/activity is visible to my employer as I use the reddit app throughout the day. Can they see the subreddits I visit, every meme, every image, all my posts, all my upvotes, everything I search for?

I've spent more time browsing in the reddit app recently, sometimes for hours a day. My feeds are full of a variety of content some work appropriate some not. One subreddit in particular is a private support group I'd rather my employer not know about. Every once in a while I forget to disconnect from the wifi if I intend to browse social media or reddit thus leaving open a spot for my employer to see my history.

If they are using Astaro/Sophos to filter Wifi, can they see everything to the very fine detail? Please note that searching has been done on the IOS Reddit app. Also, there is no MIIM software on my phone.

I've taken advice from other forums to always be under assumption that employers can see everything you can do when connected to their wifi.