Access locally hosted website from LAN?

I have a Ubuntu web server running locally on 192.168.0.x. I have port forwarded my public IP to to this local IP. I have configured my DNS servers to point to my public IP, and now the web server is accessible through domain example.com.

However, when I want to access example.com on a local computer on the network, it doesn't work. Of course, the server is always accessible through 192.168.0.x, but I need for it to be accessible through the domain.

Is there any way I could get this to work?

IPV4 address waiting list

Hi Redditor’s,

Giving that the ripe is running out of IPV4 address space, is there anyway that I can access the Non-allocated waiting to list to understand where I would be in the queue?

Any help and advice would be great!

Thanks in advance

Simulating connectivity issues

I work for a software company that wants the ability to simulate network errors. For example, we might want to block traffic on specific ports (eg 1883) for certain IP-addresses to test the system under different scenarios. We are testing a closed system so the "blocking-functionality" is only needed on one single LAN. No changes to incoming or outgoing traffic. Current gear is Unifi combined with some Cisco Firewalls.

How would you go about this? A completely separate piece of gear that developers can have unlimited access to? Any tips would be much appreciated!

Why is my flask website thats hosted on Virtualbox unreachable to other devices outside of network?

i made a flask website on the virtualbox Virtual machine that i can access on the virtual machine but on other computers i cannot access the website because it says "website is unreachable" ive tried many different ip addressess still nothing is working, any clues why and any solutions? maybe i have to do port forwarding? or i have to allow trafffic of a certain port coz its blocked? i dont know alot about networks.

Also whenever i run my flask website, i notice instead of running at "0.0.0.0" it runs at "10.0.2.15", which is strange coz i set it to run "0.0.0.0" in the code of the flask app, so coz its a virtual machine for some reason its running at "10.0.2.15" which i think is the guest ip address of the virtual machine so maybe thats why the website aint accessible outside the virtual machine.

Nornir multiple different task concurrency?

Nornir looks great for concurrently running the same command to your selection of inventory devices but what about having the same concurrency but with different tasks for each device? I take a stack of different tasks meant for different switches. Does that mean I'd have to implement threading on top of nornir tasks?

Example:

I want switch 192.168.150.10 to set port te0/0 - down and switch 192.168.150.20 to set port te0/7 up. Those are two different tasks that I would like to run concurrently.

Reliable repeater solutions?

So a client needs a solution for office/storage containers. There should be some sort of antenna or repeater, no big range required, which would be on the outstide (because of Faraday cage effect obviously), receiving an external Wifi network, and an internal part which would be repeating the network on the inside.

Also, the parts need to be very reliable. Price is no issue.

Any suggestions?

Router swap for transit peer

I've inherited responsibility for a small network that resells fiber connections for some local business and commercial customers. The previous network guy just up and left one day and cannot be contacted. Naturally, documentation is sparse. I've been tasked with cleaning up and rebuilding the network to prepare for a new hire or onboard.

My last task is to replace the core router, which advertises the local public network to the transit peer. I do not have access to this router nor do I have access to the account from the transit provider as the previous guy was the only person named. The company is working on that.

In the meantime, my plan is to replace the router with something I can access. I have enough information to mirror the BGP configuration to a new device, mostly. I was given the port IPs, peer IP/gateway, subnets.

I don't have the AS numbers for the local network or the peer listed. I've got the local AS from a quick WHOIS but the peer IP is a private address. If I do a WHOIS on the next hop IP, is it safe to assume that is the target AS?

Should I just wait until I can confirm the peering info with the ISP? I'm not really expecting that to happen any time soon.

***Seeking SFP+/QSFP/CFP2 EEPROM Programming Solution***

Seeking a solution for read/write EEPROM info to CFP2 devices.

So far I have only encountered solutions with DC powered boards and software that takes 20-30 min to perform a change on a single pluggable.

FWIW I also do a lot of SFP+/QSFP programming and currently use Elnec and find myself frequently longing for an easier solution. Even being able to copy/paste into the "view/edit" part of the software would greatly increase productivity!

Cisco SDA - Custom Config on Edge Node?

Hello folks,

We've got a site with a switch stack that's part of our SDA deployment, but only over a single 10G link. the second 10G link is on it's way, but is a few months away from being installed.

As a backup, we're looking at getting a 5G link to connect back to the VPN in the main site, but there's no way I can find in the SDA to make a backup link with a floating static, and the remote site is part of the shared address pool for the SDA.

Could I manually build a VRF and VLAN's on the Edge stack, so that in the event of the main 10G link dropping, I could move VLAN's manually (by going in over the VPN) and have the edge users connected to the new vrf and connect through the VPN.

Has anyone attempted anything like that? Will DNAC be rather upset that I've put that sort of config on an edge switch? Or will DNAC not care because it's not its config?

Best,

CC

Looking for a canadian supplier to replace CDW

It's taken over a week to get branded optics; like I couldn't get fs.com stuff tomorrow. Need Cisco, Dell, Arista, Fortinet, and Palo Alto (and Ubiquity, but let's not talk about that....) in a one stop shop, with access to vendor SE's on the table too. Softchoice comes to mind? Anyone else you want to recommend?

How to route to remote VPN machines by hostname?

I have two sites connected peer-to-peer through OpenVPN. How can I access machines at the remote site using their hostnames? For example I would like to access service1.siteB.domain.com while I am at siteA. Somehow the local DNS at siteA needs to know about the DNS table at siteB. I am able to access all machines by IP.

10G Connection to Provider not working

I have a 2Gb Layer 2 circuit that I am picking up in a carrier hotel from a Data Center provider in another market. I have elected to have this handed off as a 10G Connection instead of a 2x1G LAG to save on cross-connect costs and to be able to grow this circuit without physical changes in the future.

The issue that I am having is that I can't get the darn thing to come up! I have multiple 10G circuits from other providers and none of the others are having issues. The optics are 10G-LR (10KM) on either side. I have verified that I have light, and the provider has light. I am terminating the Circuit on a Nexus93180-YC FX with 10G-LR optics from FS.com. I have done loopback tests on the optic as well as patched the optic to another optic on a different switch to make sure that it would come up, and the optics checked out, no issue. I also hard-coded speed and duplex, however the Nexus platform does not allow the "no negotiate auto" command at 10GB. I have good light levels from the Provider (-5db) and the provider has the same levels. I have had the Meet-me-room manager clean all cables and bulkheads. The Provider was originally using FS.com optics and has now switched to Cisco Genuine. The PE router is giving a "far-end error" message (I believe this is an ASR 9K Chassis?) They have also changed optics, ports, etc to no avail. To just see if I could get the circuit to come up, I changed the optics on my side and the PE side down to 1Gb and the circuit came up with no issue (Both Cisco Genuine). Is there something blatantly obvious that I am missing? I can post sanitized configs from both the CE and PE devices if that would help connect the dots.

TIA

App suggestion for wireless network optimization

Guys is there any application for network optimization? plz suggest me any (preferably) iPhone app (if there is any) for wireless network optimization. I am asked to install few WAPs in new office and then optimize the coverage.

Networking upgrade to 10gb SMB 250 users.

Sysadmin here responsible for a site with 250 end users and about 300 endpoints in total. Looking for advice on a core switch upgrade…

Currently I have 8x 2540 SFP+ (10gbe capable) edge switches fed into a stacked HP 2920 core switch. All trunks are 1GB uplinks cat6 ethernet. I use this switch for routing / ACLs but I’m probably going to take the opportunity to offload VLAN routing to our firewall.

Our network is exclusively 1gb and is in dire need of upgrading to 10GB. I am interested to know what people would recommend as a ‘core switch’ replacement. I think 2x HP 3810 16SFP+ would be an ideal choice however my boss has severely underestimated the cost of the project without input from his technical team. This will easily be circa £15k – that’s another matter.

Cisco Nexus Multiple VRFs to share same MPLS uplink

We're looking to run multiple VRFs at one location on our Nexus to keep logical separation between two separate server farms.

Each server farm has a dedicated Firewall + internet connection but share the same Core Nexus switch. The idea being that we can maintain separate routing instances for each Farm.

The catch is we need both VRFs to access the same uplink to our MPLS.

MPLS comes in on a single Fiber plugged into the Nexus Directly.

Since the MPLS comes into a single VLAN, I can't make that VLAN a part of both VRFs?

I can make separate virtual IPs and OSPF instances for the 2 VRFs easily enough, but I need an elegant way to split the MPLS feed between both VRFs.

Designing VLANS and subnetting (FOR SCHOOL PROJECT)

I could use some help with a few of the VLANs I need to design. I need to subnet a class C network -192.168.234.0/24 I just need to figure out how to get Number of Hosts, CIDR, and IP address for two VLANS: First -8 computers and two printers Second -3 servers with 3 NICs each

Even some resources that would help me learn to solve this would be amazing

EPL Link working only 1 way

Hello folks,

I've been working for a while on this configuration but I can't seem to make it work somehow. I am totally alone trying to make it work and I need help. Thanks in advance for your input. Basically, EPL is like a very long cable and it seemed easy to setup but i'm stuck. Here is the topology:https://imgur.com/gallery/aPKyeJQ

On site B, I can reach a server in the 10.37.20.0/24 network from the 192.168.100.0/24 network but I can't reach anything from site A to anything in site B. There's an address object group including the lan networks from site A including 10.37.100.0/29. There's also a routing policy from X0 to X3.

Even though I looked through the Meraki documentation, I haven't found anything related to an EPL connection or routing to non-meraki router. There are mostly MPLS or VPN walkthrough. There's a routing subnet from the L3 switch MS250-48. If I create a DHCP server in the 10.37.100.0/29 network and plug my PC in in site B, I get an dhcp IP and can reach everything in the site A. It seems the rest of the Routing configuration that I found can be done on the firewall side in "adressing and VLANS" but in order to maximize the bandwidth I'd like not to use the MX if possible.

So, what I am missing? any idea is welcome!

Equipment woes

My cisco switch orders from August just got pushed back again, now to February.

I know with the chip shortage, this is probably affecting everyone but is anyone having luck with aruba or juniper orders? I've been itching for an excuse to change our standard.

Ubiquiti edgeswitch dhcp conflict issue with ping and host declined errors

We have an edgeswitch at one of our locations that runs the dhcp server. And almost 2/3 of the pool is coming back with a conflict of mostly "ping" or sometimes "host declined"

Any help would be appreciated...I am stumped on why this is happening.

Traceroute % Loss

When I perform a trace route to a host behind the firewall (FortiGate 601E)

- i see a 75 % loss at hop 19 which is the external port of the firewall . Should I be concerned about this ?

19.|-- 203.126.222.xxx 75.0% 4 260.6 260.6 260.6 260.6 0.0

20.|-- 203.126.222.yyy 0.0% 4 259.1 262.1 259.1 267.2 3.6

However, if I traceroute only up to the firewall external port, I see 0% loss.

17.|-- 203.126.222.xxx 0.0% 4 263.5 262.5 262.0 263.5 0.7

Ubiquity Dream Machine Pro (and my small business use case)

Hi,

Looking for suggestions as to whether the Ubiquiti Dream Machine Pro / line of products fits my use case, or whether I should be looking elsewhere. If anyone has any experience with Ubiquiti or would love to hear alternatives.

My small business has about 20 people across quite a large, 2 level office with sizeable meeting spaces.

Will solve:

• guest wifi accounts + scalable wifi access points
• ability to integrate basic security cameras (secure my server room and front entrance)
• managed switch capabilities (currently all network is through unmanaged switch!)
• cheap and cheerful

I've been keen on a managed switch to help create VLANs, prioritise traffic, troubleshoot likes of broadcast storms. But other than that stuff like guest accounts, wifi APs, cameras seems like creating a lot of extra work when it comes out the box with Ubiquiti.

The downsides I'm assuming is cheap/unrealiable(?) kit aimed more at the homelab than corporate...

Don't get me wrong, I'm happy to learn more and go down more technical avenues if required - any guidance would be greatly appreciated.

*edit, just to confirm that I've done a lot of googling on reddit which tends to be the ubiquity sub (very very positive) to other subs quite negative, but it's been difficult picking out alternate suggestions...

MikroTik has released a stable RouterOS version supporting MLAG

Just noticed they have released there first stable version of RouterOS that includes MLAG.

​

RouterOS 7.1 [Stable]

NETWORKING ---------------------- !) CHR FastPath support for "vmxnet3" and "virtio-net" drivers; !) support for "Cake" and "FQ_Codel" type queues; !) support for IPv6 NAT; !) support for Layer 3 hardware acceleration on all CRS3xx devices; !) support for MBIM driver with basic functionality support for all modems with MBIM mode; !) support for MLAG on CRS3xx devices; !) support for VRRP grouping and connection tracking data synchronization between nodes; !) support for Virtual eXtensible Local Area Network (VXLAN); 

Not to many budget friendly options that have MLAG so pretty awesome to see this.

Would be interested to know how reliable this is in production.

VLAN through MPLS

Hi guys,

We have two offices in the same country connected through MPLS provided by an ISP. It looks like the diagram here: https://i.ibb.co/dj1hFLN/image.png.

My question is, is there any way I can stretch VLAN 20, which is terminated in Office 1, to Office 2 through this MPLS? The uplinks to the ISP routers are access ports, so I'm thinking of some kind of tunneling, but I could do with a few pointers where to look, or if it's even worth it.

Thank you for the help in advance.

One dedicated firewall per subnet/securityzone VS one firewall connected with dedicated interfaces to different subnets

We are running a highly restricted intranet with different networks attached to it.

DMZ, VOIP, RECOBS webbrowsing, facility mgmnt, network administration subnet and so on.

Right now we are using dedicated firewalls for each of these networks so if one firewall is misconfigured, not all networks are open for attackers. All of these firewalls are linked together in a routing subnet to route from the intranet to these firewalls via layer 3 Switch.

I‘m rethinking that structure to reduce the number of firewalls - but i think it will be more vulnerable for misconfiguration to connected networks…

If an attacker can attack the firewall (iptables) he would have instant access to all subnets…

How to make iperf3 run indefinitely?

Hello guys,

I dont know if this is has been discussed before but i cannot find it in the internet. Do you guys know how to run iperf3 indefinitely? Im testing reliability and im sending data from client to server but I do need it to run at a very long time. Im thinking of just making test duration very big like -t 10000000000000000000000000000000000000000000. Do you think it is OK?

C9300 Licensing Confusion

Hi guys,

So I just noticed that some of our switches display this output for "show license all"

License Authorization:
Status: EVAL MODE

License Usage

(C9300-48 Network Essentials)
Description:
Count: 1
Version: 1.0
Status: EVAL MODE
Export status: NOT RESTRICTED

(C9300-48 DNA Essentials):
Description:
Count: 1
Version: 1.0
Status: EVAL MODE
Export status: NOT RESTRICTED

​

We always buy DNA essentials for our switches but we don't really activate it from smart account because we don't use those features yet. I also see the network essentials licenses on my smart account but we didn't activate them either. What is weird that those switches that I upgraded to IOS 17.3.3 display a different output.

​

License Usage

network-essentials (C9300-48 Network Essentials):
Description: C9300-48 Network Essentials
Count: 1
Version: 1.0
Status: IN USE
Export status: NOT RESTRICTED
Feature Name: network-essentials
Feature Description: C9300-48 Network Essentials
Enforcement type: NOT ENFORCED
License type: Perpetual

dna-essentials (C9300-48 DNA Essentials):
Description: C9300-48 DNA Essentials
Count: 1
Version: 1.0
Status: IN USE
Export status: NOT RESTRICTED
Feature Name: dna-essentials
Feature Description: C9300-48 DNA Essentials
Enforcement type: NOT ENFORCED
License type: Subscription

There is no longer any word about the Eval and no counter running there. So is it really needed to activate those licenses? Does anybody know what happened there between the 16.12 releases and 17.3 with regards to the licensing?

10G Peering on L3 Switch (Cisco, maybe N9K?)

Hey all,

This is a somewhat-recurring theme but here goes again...

I've got a need to do wire-speed peering @ 10gig and our existing transit gear isn't cutting it (ASR1K with 1G uplinks).

Peering is ~150k ipv4, ipv6 we just take defaults and is not likely to change for a few years at least. To be honest we could probably kill off Hurricane and drop that down to <50k ipv4 total, but I want something that will scale to at least 200k ipv4 reliably, do 10g and last ~3 years.

I'm looking at the Nexus 9K, specifically the 9348GC-FXP. It seem to have a validated capacity of 471k ipv4 routes in "LPM mode"... Anyone know if this is a Cisco marketting trap and in real-world transit prefixes are going to grenade it? These can be picked up for ~$3k on eBay and look like a bargain option for my needs (2 x 25G uplinks to core and walk away?)

Anyone have experience doing this sort of think on the N9K, or any other product line? In an ideal world I'd buy a couple of ASR 1KX's and call it a day but that isn't an option at this very moment sadly.

I know the answer is probably jump ship to Junicade/*insert brand here* but in-house knowledge is all Cisco so I've gotta make this work...

Any and all opinions welcome :)))

802.1x user experience

Hi, I'm still new to networks and I'm struggling to understand what 802.1x looks like from the end user perspective.

So as I understand it, 802.1x will check the username and pw against a RADIUS server and grant or deny access. But where does the user put in those credentials?

I have never been asked for that when connecting to any network except for SSID password which I assume is not 802.1x but rather just a password.

Doubt in this Computer Networks Question

Q. In a block of addresses, we know the IP address of one host is 182.44.82.16/26. What is the last address (Limited Broadcast Address) in this block ?

I got the broadcast address as 182.44.82.63. Is it Limited Broadcast address ? I don’t think it is limited as it should be 255.255.255.255. Then what type of Broadcast Address it is ?

Moronic Monday!

It's Monday, you've not yet had coffee and the week ahead is gonna suck. Let's open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarrassed to ask!

Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected.

Note: This post is created at 01:00 UTC. It may not be Monday where you are in the world, no need to comment on it.

Default route inter-vrf

Attaching a diagram for better understanding.

- VRF A is just containing the two Ptp SVIs between the WAN Router and the Firepower.
- Default route is statically configured in VRF A routing table pointing towards WAN Router IP.
- Firepower learns the default route from OSPF Neighbor as next hop - 10.1.2.1.
- GRT default route is learnt from OSPF Neighbor as next hop 10.1.3.2.
- For the sake of it, let's say the entire branch LAN subnet is 10.1.9.0/24.

All of this works fine and the traffic between the entire LAN either Firepower or Other L3 devices is sent via the Firepower still.

Even tho some might suggest this would be easier by just moving the WAN Route to the Firepower, well, this is why my next question.

How can we achieve some redundancy by sending the default route also between VRFs as backup scenario in case Firepower fails or ends up in some kind of issue?

I've seen some documentation around this but usually about the opposite direction or even using multiple devices.

Cores are regular IOS-XE with old IP Services or DNA Advantage.

Any help would be appreciated.

Diagram -> https://imgur.com/teyaf5L

QoS not applying question

I am just configuring QoS in its basic form. I have two interfaces on a Cisco CAT3750x switch and two PC's running iperf to test throughput.

Interface configs are as follows:

interface GigabitEthernet1/0/9 description PC-1 switchport access vlan 999 switchport mode access spanning-tree portfast edge ! interface GigabitEthernet1/0/10 description PC-2 switchport access vlan 999 switchport mode access srr-queue bandwidth share 1 70 25 5 srr-queue bandwidth shape 30 0 0 0 priority-queue out mls qos trust dscp spanning-tree portfast edge ! 

At the moment PC-1 is acting as the server and PC-2 is the client pushing the data. As it stands now, when I push data via iperf marked as DSCP value 46, it gets shaped to about 37mbps and then the other "data" stream caps out at about 902mbps (which is what I expected). Keeping the configuration the same, if I swap the roles of the PC's and make PC-2 the server and PC-1 the client they both the data and voice streams get about 477mbps each. I assumed this was because I didn't have a QoS config on port 9. However, the commands on port 8 should apply QoS on traffic coming out of it so it should be doing 30/902 like before?

At that point in my mind, I think "maybe I need to configure the same QoS settings on port 9". So I do:

interface GigabitEthernet1/0/9 description PC-1 switchport access vlan 999 switchport mode access srr-queue bandwidth share 1 70 25 5 srr-queue bandwidth shape 30 0 0 0 priority-queue out mls qos trust dscp spanning-tree portfast edge ! interface GigabitEthernet1/0/10 description PC-2 switchport access vlan 999 switchport mode access srr-queue bandwidth share 1 70 25 5 srr-queue bandwidth shape 30 0 0 0 priority-queue out mls qos trust dscp spanning-tree portfast edge ! 

Now, no matter which PC is the server and which one is the client. Both the data and voice streams are getting about 477mbps each. Despite there being QoS settings on both interfaces. If I take the QoS settings back off port 9 and do the initial test again where PC-1 is acting as the server and PC-2 is the client. It goes back to 30mbps voice and 902mbps data.

Am I misunderstanding something here? I have a feeling it may be related to the difference between input and output queues?

The only other QoS command on the switch is the 'mls qos' command to enable QoS globally.

Im new to QoS so have probably misunderstood something!

Cisco VPN Error

The error is "Anyconnect cannot connect to the secure gateway"

Ubuntu DHCP relay agent

I need some help in understanding and solving a sample network deployment for a project.

I have to setup a DHCP server via Windows and have it assign addresses to another network with my client machines. I have setup my DHCP server correctly and I am using an Ubuntu box as a router between the two networks.

I have a basic iptables rule to allow communication between the two networks and I am able to ping the DHCP server from the client and vice versa using static addresses.

However if I attempt to use DHCP via ipconfig /renew, it is unable to procure an IP and yields a timeout error.

Examining the the tcpdump on the router, I can see the request come and I see a reply come in on the other interface but nothing happens after that.

My networks are 192.168.3.0/29 and 192.168.3.8/29 respectively

Does a VPN work with a network that blocks encrypted DNS traffic?

Just as the title says. My iphone gives me a privacy warning whenever I'm on the university's wifi, saying it's blocking encrypted DNS traffic and everything I access may be monitored blah blah. I'm always on a VPN, but was just wondering if it hides my traffic since the warning is still there.

Cisco Aironet 9130 Convert 10GBase-T to mGig?

Unfortunately the mGig capable uplink port on new Cisco Aironet 9130 AP’s is not a full mGig spec port that supports 2.5/5/10. It only supports upto 5.

Whether they did that to force people into also buying mGig capable switches, regardless of their existing 10GBaseT capacity or whether it was simply to cover the required uplink capacity only…. We’ll never know, read into that how you wish.

Anyway….. is there a device sort of like a media convertor or adapter that will take me a 10GBaseT in from the switch, and give me an mGig capable port on the other side?