/r/networking

Photograph via snooOG

Enterprise Networking Design, Support, and Discussion.

Enterprise Networking --

Routers, switches, wireless, and firewalls. Cisco, Juniper, Arista, Fortinet, and more are welcome.

Enterprise Networking

Routers, Switches, Firewalls and other Data Networking infrastructure discussions welcomed.

New Visitors are encouraged to read our wiki.

This subreddit allows:

  • Enterprise & Business Networking topics such as:

  • Design
  • Troubleshooting
  • Best Practices
  • Educational Topics & Questions are allowed with following guidelines:

    • Enterprise /Data Center /SP /Business networking related.
    • No Homework Topics without detailed, and specific questions.
  • Networking Career Topics are allowed with following guidelines:

    • Topics asking for information about getting into the networking field will be removed. This topic has been discussed at length, please use the search feature.
    • Topics regarding senior-level networking career progression are permitted.

    This subreddit does NOT allow:

    • Home Networking Topics.

    • We aren't here to troubleshoot your "advanced" video game latency issues.
    • Home Networks, even complex ones are best discussed elsewhere like /r/homenetworking
    • Home Lab discussions, as a tool for learning & certifications are welcomed.
    • Home Lab hardware discussions, as in "what do I buy for a homelab" are not permitted.
  • Braindump / Certification Cheating.

    • These topics pollute our industry and devalue the hard work of others.
    • These posts will be deleted without mercy.
  • Blogspam / Traffic Redirection.

    • This sub prefers to share knowledge within the sub community.
    • Directing our members to resources elsewhere is closely monitored.
      -- You may share a URL to a blog that answers questions already in discussion.
      -- But harassing members to check out your content will not be tolerated.
    • Surveys may be approved with the moderators' permission
  • Low-quality posts.

    • Any post that fails to display a minimal level of effort prior to asking for help is at risk of being Locked or Deleted.
    • We expect our members to treat each other as fellow professionals. Professionals research & troubleshoot before they ask others for help.
    • Please review How to ask intelligent questions to avoid this issue.
  • Early-Career Advice.

  • We don't do your homework for you.

    • Don't ask us what we would buy for a given project.
    • Don't ask us how to subnet.
    • ELI5 questions are not permitted. Please use /r/explainlikeimfive instead.
    • Show us how you think you should solve those issues, and we will validate or offer enhancement to your initial attempt.
  • Political Posts.

    • This subreddit invites redditors from all around the globe to discuss enterprise networking.
    • Political posts tend to attract the wrong crowd and overly aggressive vocalization.
    • Topics that may affect one locale does not contribute enterprise networking discussions.
  • ChatGPT/LLM Prompts.

    • Content produced by ChatGPT/LLM is not permitted here.
    • ChatGPT is not a source of truth; rather it is a word-projection model.
    • Discussions about ChatGPT and its impact to networking may be allowed.

    Recommended & Related Sub-Reddits:

    /r/NetworkingJobs
    /r/sysadmin
    /r/ITCareerQuestions
    /r/CSCareerQuestions
    /r/ccna
    /r/juniper
    /r/jncia
    /r/ccnp
    /r/jncis
    /r/ccdp
    /r/jncip
    /r/ccie
    /r/ccde
    /r/cisco
    /r/jncie
    /r/HomeNetworking
    /r/TechSupport
    /r/Network
    /r/ipv6
    /r/networkautomation
    /r/outages


    Related IRC Channels


    Rule #1: No Home Networking.

    Rule #2: No Certification Brain Dumps / Cheating.

    Rule #3: No BlogSpam / Traffic re-direction.

    Rule #4: No Low Quality Posts.

    Rule #5: No Early Career Advice.

    Rule #6: Homework / Educational Questions must display effort.

    Rule #7: No Political Posts.

    Rule #8: No ChatGPT/LLM Prompts.

    /r/networking

    361,358 Subscribers

    0

    I can't write in the serial console of my Dell powercomnect 8024f

    I just bought this switch used from Facebook marketplace for 100 bucks and was trying to get it setup but it won't let me type in the serial console. I can see the console and have tried different baud rates parity and different flow controls. The cable works on other devices just fine. Anyone have any ideas?

    1 Comment
    2024/12/21
    20:34 UTC

    2

    Replacing to-link omada sdn with enterprise grade equipment

    I am a web developer by trade and own a small business doing websites and web apps for local businesses in my area BUT I love to dabble in IT related stuff as well. This has lead to me doing some of my clients networks and IT setup for their SMBs.

    I have PFsense in my own rack for my firewall/router then pretty much all else is tp-link hardware from wap, controller, and switches. For my clients though for ease of use and management I have setup a full omada sdn by tp-link. However with the recent scrutiny by US government on tp-link and just general interest in enterprise gear to use for existing and new clients, I want to switch away from prosumer tp-link. From my understanding enterprise hardware is expected to work with high stability, load, and longevity (correct me if I’m wrong lol) which is very appealing as well as the feature sets for even EOL hardware on eBay. One example being the brocade icx7250 on eBay which even a used model that seems in decent shape can go for as low as 70 bucks on eBay and has 4 sfp+ ports which on a tp-link switch used or new would run $500 easy. My clients are not mission critical business so at those prices keeping a spare on hand is a cheaper option for those prices. The only concerned I had was is EOL a security concern but I’d love to hear feedback on that.

    So what I am hoping to do is to understand if there is a good enterprise grade replacement for tp-link omada sdn and if not for a reasonable price what’s your recommendations for the following:

    Router: PFsense works great for my own business and is feature rich but does break the idea of SDN so if there’s a better solution I’d love to hear it.

    Switch: need 4 sfp+ ports for uplink and the usual server or NAS, L3 to route between vlans so PFsense doesn’t need to manage this, 24 ports minimum, POE for ip phones, ip cameras, and desktops. Max 15 employees for most of my clients and not all usually desktop so 24 ports has been a good number. I liked the brocade Icx7250 l-24p but I hate the idea of using the cli. I need a web GUI. I know real network engineers cringe at that but I know I need to be able to see a full config tk make editable a gui. Just how my brain works to catch issues and implement stuff. This is a must and is throwing the monkey wrench in my research.

    Wireless access points: most businesses I do work for are 2000-3000 sq ft max with drywall walls. Two eap670 have been working well for me coverage wise. Have heard ruckus r650 are a solid wap so that was what I was thinking if no sdn solution exists for my case.

    Controller: this is where I get even more confused. For tp-link omada the sdn is managed via the controller and it controls every aspect of the network from the router to the wireless access points but for the enterprise controllers i researched their specific to a single aspect of the network such as the wap for example.

    So hopefully you get the point of this post. I am looking for a good one size fits all solution for what I will use for my clients moving forward. I know that might sound crazy as every business is different but for my clients they’re all very similar setups.

    Also if I am completely coming at this the wrong way I am open to suggestions. Im here to learn and expand my knowledge and offerings. I am a nerd and consider myself a smart guy but I have never worked in the industry and I am always envious of people who have to see the tried and true methods of what works at scale. I love overkill solutions for the learning experience but it’s hard sometimes to know what’s actually used.

    Also might be worth noting from my research unifi seems similar to omada and many do not consider enterprise grade so I’d probably consider it moving sideways in my scenario. But feel free to discuss otherwise if so.

    16 Comments
    2024/12/21
    19:38 UTC

    0

    ConnectX-6 too slow

    Hi, I'm experimenting with two servers that have a connectx-6 Dx each. The NICs are connected to a switch and they have two 100Gbps ports each. I don't expect to have exactly 100Gbps of throughput, but with iperf3 -c SERVER_IP -t 30 -P 16 I get around 30Gbps. Is that normal? Do I have to configure something?

    15 Comments
    2024/12/21
    18:10 UTC

    5

    Rubber ducking a to improve processes

    So I'm familiar with the coding solution of having a rubber duck you explain the issue to, and in so doing the problem makes more sense.

    We hired a new contractor to help me cause I was drowning in work. The past week of stepping the contractor through my process and explaining it to him led to some big changes on how we'll be handling SDWAN rollouts going forward.

    Easy example: I didn't realize how much critical information about projects I was keeping in my own email, having to work with someone else forced me to update our project tracking software with all the relevant information.

    It feels like I made more progress in my work in the past week than in the last 2 months and the new guy is just in the learning phase. It makes me wonder if I could have accomplished the same results 6 months ago if I had explained everything I was doing to a rubber duck like they were going to work with me. Not sad to have the additional help though.

    8 Comments
    2024/12/21
    17:29 UTC

    10

    EVPN imet and smet

    All this post is for now experimental in a lab and trying to understand the theory and limits of this approach. I know I may have identified some issues in my testing methods or that I may not know yet of some other limitations.

    In a VXLAN EVPN topology with head-end replication, I am trying to limit the flooding of L2 multicast to only the VTEPs that have interested hosts in the L2VNI.

    If I understand correctly about altering the broadcast domain, unicast should continue working with rt-2 routes in the L2VNI (considering no silent hosts), and each vtep should handle IGMP queries (with PIM enabled on the IRB associated to the L2VNI) and report/join/leave messages (with snooping) on their own for their connected L2 segments to bring intelligence via EVPN routes.

    I successfully did the following on an Arista vEOS lab, but failed on racked Nexus 9k devices in my physical lab: IGMP snooping is enabled, and IGMP proxy is enabled for redistribution as EVPN RT-6 smet routes in BGP. No IRB configured yet or PIM enabled to see if snooping might suffice.

    I will likely be able to test on physical Juniper devices later. For Arista, I may be able to have some physical lab time from a friend to verify if VMs behave differently than physical switches (it is known that Nexus9000v treats L2 multicast as broadcast for example)

    While correctly seeing smet routes on each vtep, traffic is still sent to the VTEP not having interested hosts and sent in the connected L2 segment. I am wondering if the behaviour of the imet rt-3 route is for something here, and if I am able to filter EVPN route via a route-map to disable this rt-3 for lab purposes (haven't found proper method yet on Arista EOS).

    If so, is there any implementation to still treat the RT-3 as vtep discovery for L2VNI and for a limited set of BUUM, while handling the traffic for 224.0.0.0-239.255.255.255 with information learned with smet routes?

    I set aside for the moment RT-7 and RT-8 (I am not even sure Nexus 9000 devices implement them), IPv6 multicast and MLD, and what Cisco introduces as Tenant Routed Multicast with the MVPN address-family, I think there is already a lot of things to cover with all the above (plus me being probably wrong on theory), that is why I am curious about what you think about this.

    4 Comments
    2024/12/21
    15:20 UTC

    0

    DNS Help!!

    Hello all

    I hope you're well and looking forward to the a well deserved break!

    I wonder if you can help me.... I am starting to look at our DNS strategy and I just have a few queries. In summary, we have a hybrid cloud / on-prem environment and some rather annoying DNS requirements from our lovely Devs....for example, they need us to return a Private IP if the client is deemed 'internal' and an external IP if the client is deemed 'external' - for the same fqdn. I am keen to use SaaS services wherever possible to minimise the feeding and watering.

    Anyway, my questions are:

    1. Is it acceptable to use a DNS SaaS service like F5, for example, for private IP resolution?

    2. Does F5 or cloudflare etc offer dynamic DNS resolution based on the origin of the request?

    3. If you have any advice on industry trends and best practise for modern DNS services I would be most grateful!

    4. Am I entirely barking up the wrong tree here?!

    Thank you so much for any assistance!

    10 Comments
    2024/12/21
    14:51 UTC

    7

    Firewall Zone Design and Best Practices

    Hi Folks,

    We are a healthcare organization implementing a Palo Alto firewall for both east-west and north-south traffic control. All server VLANs have their gateways (SVIs or sub-interfaces) terminated on the firewall.

    Having some trouble deciding how to design the zones:

    1.	Should every VLAN be its own zone, with a dedicated policy for each (e.g., a zero-trust approach)?
    
    2.	Or should we group VLANs into broader zones like “Prod,” “Test,” etc., and assign policies based on these logical groupings?

    Given our environment compliance and security needs, what approach have others used in similar scenarios

    Thanks in advance for your insights!

    5 Comments
    2024/12/21
    13:28 UTC

    2

    Able to see unexpected traffic flows in Embedded Packet Capture

    Network Diagram

    In the embedded packet capture (EPC), I am able to see traffic from the source server (10.2.2.2) to destination server IP (10.1.1.2).

    The Core Switch's interface to Access Switch is a trunk port allowing all vlans by default.

    Isn't this unexpected behaviour?

    I should only see such traffic between servers on the Core Switch's interfaces connecting to either the TOR switch or Switch B?

    What I am expecting is this traffic flow:

    Source Server > TOR switch >--Layer 3--> Core Switch >--Layer 3--> Switch B > Destination Server

    Source server (10.2.2.2) is connected to TOR switch, SVI 710.

    TOR Switch has SVI 710 (10.2.2.1/24) & 700 (10.10.1.2/24).

    TOR Switch has a static route to destination server:

    ip route 10.1.1.0 255.255.255.0 10.100.1.2

    TOR Switch has a static route to switch B SVI 900:

    ip route 10.100.0.0 255.255.0.0 10.10.1.1

    Access switch has SVI 300 (192.168.1.6/24).

    Access switch has VLAN 710.

    Access switch does not have VLAN 900 and 700.

    Core Switch has SVI 900 (10.100.1.1/24) & 700 (10.10.1.1/24).

    Core Switch does not have VLAN 710.

    Core Switch has a static route to destination server:

    ip route 10.1.1.0 255.255.255.0 10.100.1.2

    Switch B has SVI 900 (10.100.1.2/24).

    Switch B has SVI 909 (10.2.2.0/24).

    Destination server (10.2.2.2) is connected to Switch B, SVI 909.

    0 Comments
    2024/12/21
    11:48 UTC

    6

    Network going down

    Hi all, hope ypur week went well! I just joined this group, seems like a good place to be!

    Okay, let me get to it. So at work we have a 3 switch setup. The setup goes like this, Comcast Modem > Sonicwall Gateway/Firewall > to Switch 1. I just learned tonight that Switch 1 is connected to both Switch 2 and Switch 3. Switch 3 is also linked to Switch 2.

    So today I spent quite a bit of time overhauling the network. When it came time to update the IP config on the gateway, I was unable to communicate on the network when my laptop was plugged directly into Switch 1. After some extensive troubleshooting, I found out that disconnecting the link between Switch 1 and Switch 2 instantly resolved the issue.

    After more troubleshooting, I noticed Switch 2 did not have SPT enabled. Switch 1 and 3 both did, RSTP. I enabled RSTP on Switch 2, reboot, but the issue still remains. Everytime I plug in the ethernet to link Switch 1 and 2, the network goes down.

    Worth noting, I did factory reset both, Switch 1 and Switch 3 but not Switch 2. All 3 switches are on a static IP and they are all accessible (as long as the link between 1 and 2 is disconnected). I haven't reset Switch 2 because our wifi controller (which we don't have admin credentials for) is connected to it, and it was late at night so I didn't want to open that can of worms just yet. Tomorrow I plan on overhauling the AP setup, so I may just factory reset Switch 2. Before I get to that point, any ideas on what may be causing the network to go down when I link Switch 1 and 2?

    24 Comments
    2024/12/21
    07:25 UTC

    1

    Aruba Layer 2+ issue?

    Hey guys,

    Excuse my networking knowledge but I haven’t found an answer anywhere else.

    Co-workers deployed a Watchguard (T45) and Aruba switching based network, multiple vlans. It seems that the Aruba switch (Aruba Instant On Switch Series 1930 48-Port Gb Smart-Managed) is not able to see IPs of any clients that aren’t the Unifi access points (U6 Pro) (client didn’t like the look of Aruba, hence the switch) or native Vlan or wireless. I’m assuming this is because it’s operating in Layer 2.

    I can provide more info if needed. Just curious from an educational standpoint.

    Thanks

    7 Comments
    2024/12/21
    02:31 UTC

    23

    VRF's, service provider vs enterprise

    I've only ever worked at a service provider where we configure vrf's on PE routers and then send the routes across the globe using bgp with route reflectors. We use route distinguishes and route targets so routes are sent to correct PE's and from there the vrf has import/export RT configurations to pull the routes into the vrf. The vrf is just configured on the interface that is peering with the customer.

    I was reading about how this is used in an enterprise environment, and correct me if I'm wrong but is the vrf just added to an unbroken sequence of router interfaces all connected with each other? Like a vlan? Do you still need route targets and route distinguishes? Sounds way simpler but I'm not sure.

    25 Comments
    2024/12/20
    22:35 UTC

    9

    Firewall Management Network

    Hi Folks,

    We are currently reviewing the network design and need some advice. We have an internet-facing firewall HA that handles external traffic and unsure of the practice for where the firewall management network should reside of these firewalls

    I understand management interfaces be placed on a dedicated VLAN but physically where should it connect in the network as per this design?

    https://imgur.com/a/TXx5aAT

    I’d appreciate any suggestions

    18 Comments
    2024/12/20
    20:12 UTC

    6

    High End, Midrange, and Basic Appliance Industrial Firewalls

    Hi all. I am doing some research on the market for next-generation firewalls deployed in industrial applications. It seems evident to me that the primary segmentation of this market is high-end, midrange, and low-end or basic appliance firewalls with some industrial protocol DPI capability. I was hoping to get some feedback from the community, does this make sense? how do you define high-end versus midrange and low-end? It seems like the high-end devices can cost up to several hundred thousand dollars, and these of course offer the highest level of throughput and advanced software functionality such as IDS and IPS capabilities, etc. Midrange devices typically cost in the tens of thousands and still offer much of the advanced software functionality, while appliances cost around 2K and offer more basic software functionality such as industrial DPI capabilities. The primary suppliers I am looking at include Fortinet, Cisco, PAN, Siemens, Belden, Phoenix, and MOXA. I appreciate any comments or feedback you might have.

    4 Comments
    2024/12/20
    17:49 UTC

    22

    AI Datacenters

    Has anyone figured out how to ramp up on these as a network engineer? For example learn infiniband, bgp evpn vxlan, linux, Kubernetes, etc? What do your arista and nvidia system engineers are telling you?

    27 Comments
    2024/12/20
    17:31 UTC

    4

    SNMP issue with one Extreme X460G2 switch - almost no stats

    I am not very familiar with Extreme brand switches. I work for an MSP who recently picked up a client with 40+ EXtreme switches on their infrastructure. I am having an issue with SNMP with one particular stack of switches. All other stacks/switches are reporting. The issue is it looks like the SNMP service is not actually generating messages. There's barely any stats. I've restarted the snmpmaster service as well during troubleshooting. The rest of the switches are not having this issue. Any help would be appreciated.

    Here are the stats in the show management command:

    SNMP access                      : Enabled

    : Access Profile : not set

    SNMP Notifications               : Enabled

    SNMP Notification Receivers  : None

    SNMP stats:     InPkts 6       OutPkts   4       Errors 0       AuthErrors 2

    Gets   2       GetNexts  2       Sets   0       Drops      0

    SNMP traps:     Sent   0       AuthTraps Enabled

    SNMP inform:    Sent   0       Retries   0       Failed 0

    Here is the show configuration snmp detail to see the current snmp settings (used on all of the switches):

    #

    # Module snmpMaster configuration.

    #

    configure snmpv3 engine-id 03:00:04:96:ec:4c:31

    configure snmpv3 add group "v1v2c_ro" user "v1v2c_ro" sec-model snmpv1

    configure snmpv3 add group "v1v2c_rw" user "v1v2c_rw" sec-model snmpv1

    configure snmpv3 add group "v1v2c_ro" user "v1v2c_ro" sec-model snmpv2c

    configure snmpv3 add group "v1v2c_rw" user "v1v2c_rw" sec-model snmpv2c

    configure snmpv3 add group "v1v2cNotifyGroup" user "v1v2cNotifyUser1" sec-model snmpv2c

    configure snmpv3 add access "admin" sec-model usm sec-level priv read-view "defaultAdminView" write-view "defaultAdminView" notify-view "defaultNotifyView"

    configure snmpv3 add access "initial" sec-model usm sec-level noauth read-view "defaultUserView" notify-view "defaultNotifyView"

    configure snmpv3 add access "initial" sec-model usm sec-level authnopriv read-view "defaultUserView" write-view "defaultUserView" notify-view "defaultNotifyView"

    configure snmpv3 add access "v1v2c_ro" sec-model snmpv1 sec-level noauth read-view "defaultUserView" notify-view "defaultNotifyView"

    configure snmpv3 add access "v1v2c_ro" sec-model snmpv2c sec-level noauth read-view "defaultUserView" notify-view "defaultNotifyView"

    configure snmpv3 add access "v1v2c_rw" sec-model snmpv1 sec-level noauth read-view "defaultUserView" write-view "defaultUserView" notify-view "defaultNotifyView"

    configure snmpv3 add access "v1v2c_rw" sec-model snmpv2c sec-level noauth read-view "defaultUserView" write-view "defaultUserView" notify-view "defaultNotifyView"

    configure snmpv3 add access "v1v2cNotifyGroup" sec-model snmpv1 sec-level noauth notify-view "defaultNotifyView"

    configure snmpv3 add access "v1v2cNotifyGroup" sec-model snmpv2c sec-level noauth notify-view "defaultNotifyView"

    configure snmpv3 add mib-view "defaultUserView" subtree 1.0/00 type included

    configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.16 type excluded

    configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.18 type excluded

    configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.4 type excluded

    configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.6 type excluded

    configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.9 type excluded

    configure snmpv3 add mib-view "defaultAdminView" subtree 1.0/00 type included

    configure snmpv3 add mib-view "defaultNotifyView" subtree 1.0/00 type included

    configure snmpv3 add community "public" name "public" user "v1v2c_ro"

    configure snmpv3 add notify "defaultNotify" tag "defaultNotify"

    enable snmp access

    enable snmp access snmp-v1v2c

    enable snmp access snmpv3

    enable snmpv3 default-group

    enable snmp traps

    enable snmp access vr "VR-Default"

    enable snmp access vr "VR-Mgmt"

    configure snmp notification-log global-entry-limit 16000

    configure snmp notification-log global-age-out 1440

     

    5 Comments
    2024/12/20
    13:57 UTC

    3

    Cisco ASA - multiple ACL for multiple NAT port forwards?

    I'm doing a custom NAT port forward, but I need two ports on my public side to forward to a single port on a server on the inside. Each port on the public side needs different ACLs, but I can't seem to make sense if this is possible?

    We have in place a single port forward at the moment from 3.3.3.3:10035 to 10.0.0.1:5432, allowed from source ext-grp-2, which works fine.

    object network host-10.0.0.1
     nat (Inside,Outside) static ext-host-3.3.3.3 service tcp 5432 10035
    access-list Outside_access_in extended permit tcp object-group ext-grp-2 object host 10.0.0.1 object-group Postgress

    This ACL is for the endpoint of the server, and not for the access to port 10035, so how do I add second port forward (let's say 20035) to the same 10.0.01:5432 and assign a different ACL?

    4 Comments
    2024/12/20
    11:09 UTC

    4

    Cisco Network advantage /DNA advantage

    So im building estimates to check the price of 9200L-48T-4X-A , every time i choose network advantage switch im required to add DNA advantage license, to save some money can i choose network advantage with DNA essential

    5 Comments
    2024/12/20
    10:37 UTC

    1

    NOKIA MPLS Question

    Hello everyone,

    I'm kinda new to MPLS. I know how it works, but I have a practical question when it comes to activating it on Nokia routers.

    I see that on Nokia, you can activate MPLS globally on the router, and then you need to specify the interfaces to participate in MPLS. this can be done under:

     mpls

    interface "x"

    no shutdown

    exit

    no shutdown

    exit

    then you need to setup LDP:

       ldp

    interface-parameters

    interface "x" dual-stack

    no shutdown

    exit

    no shutdown

    exit

    and also you need to setup the label range:

    mpls-labels

    bgp-labels-hold-timer xx

    exit

    Question 1: is this enough to activate MPLS (given that RSVP is also configured)?

    Question 2: When it comes to VPRNs/VPLS, I see that there you can also specify MPLS to work.

    example 1:
     

     vprn xx name "xx" customer 1 create

    autonomous-systemxx

    route-distinguisher xxxx:xxxxxx

    auto-bind-tunnel

    resolution-filter

    ldp

    exit

    resolution filter

    exit

    vrf-target target:xxxx:xxxx

    no shutdown

    exit

    here, will MPLS be activated on any interface that I specify under the vprn? or do I need to activate it on each one separately? will they follow the global MPLS settings? is activating ldp on the whole vprn enough to make it participate in mpls?

    example 2:

    vprn zzzz name "zzzz" customer 2 create

    autonomous-system zzzz

    route-distinguisher zzzz:zzzz

    auto-bind-tunnel

    resolution-filter

    ldp

    exit

    resolution filter

    exit

    vrf-target target:zzzz:zzzz

    interface "zzzzz" create

    address zzzzz

    vpls "zzzzzzz"

    exit

    exit
    here, there is a vpls configured. does that mean that this interface belongs to this vpls, which in turn belongs to a vprn, which will participate in MPLS?

    Thanks for the help in advance.

    4 Comments
    2024/12/20
    10:36 UTC

    3

    Suggestions for a P2P wireless bridge

    Hi - I need to present an option for a P2P wireless connection for an area where running fibre is a challenge. Even after reading some previous threads here, I'm not sure what to suggest. The requirements are:

    • 1Gb preferably - could make do with less - we will support maybe up to 20 users at maximum, a VoIP phone and maybe 3 or 4 CCTV cameras.

    • Distance is about 300m.

    • It's a very windy location so something that doesn't need precise alignment might be good.

    • Must not require any kind of license to operate (in the UK).

    • Inexpensive.

    I've seen a few recommendations for Ubiquiti / Unifi gear, but when I look I'm seeing "Note. Cannot be set up standalone and must be managed by a UniFi Console, Official UniFi Hosting, or a Self-Hosted UniFi Network Server."

    This is very off-putting and seems like a big disadvantage.

    24 Comments
    2024/12/20
    09:26 UTC

    4

    Cisco IOS Firmware Upgrade Through Whatsupgold

    We currently using Whatsupgold to push a script to upgrade to many switches , wondering if anyone was able to make it work

    u/login

     

    u/enable

     

    copy tftp flash

     

    # PROMPT: Address or name of remote host []?

    $(TFTPServerAddress)

     

    # PROMPT: Source filename []?

    $(SourceFilename)

     

    # PROMPT: Destination filename [SOURCE-FILENAME]?

    $(DestinationFilename)

    # QUERY PROMPT: Do you want to over write? [confirm]

    {/over write.+confirm\]/, "$(OverWrite)"}

     

    # PROMPT: Erase flash: before copying? [confirm]

    $(EraseFlash)

    # QUERY PROMPT: Erasing the flash filesystem will remove all files! Continue? [confirm]

    # Shown if ErasePrompt is y or yes

    { /.*continue.*\]/, "y" }

     

    u/if ImagePath

     

     verify $(ImagePath)

     # Exit if the image doesn't verify

     {/warning.*/, "exit"}

     

    u/endif

     

    u/if BootLocation

     

     config t

     

     no boot system

     

     boot system $(BootLocation)

     

     exit

     

     write memory

     

    u/endif

     

    u/if RestartDevice

     

     # RESTART the device

     [-] reload {/.+\[yes//no\]:\s+/, "n"}

     

     # PROMPT: Proceed with reload? [confirm]

     [-] y

     

    u/endif

    3 Comments
    2024/12/20
    05:23 UTC

    5

    PC Based CAT certified, anyone?..

    Large job coming up to cert 400+ drops. Have regular certified, but takes what seems like time to run through the tests. It does retain for printout but real pain to type in each drop ID.

    So…anyone know of a cert package that will attach to a notebook or tablet? USB or even Bluetooth. Send/ rec heads would run the tests and send results back to PC, I figured. The results could be handed to the client.

    Thanks for any ideas.

    4 Comments
    2024/12/20
    03:57 UTC

    2

    SVI Help

    PC1-D1(L3 switch) - R1 - R2 - R3 - D2(L3 switch)= PC3/PC4

    Long story short, I got vlan 1 SVI setup with ip address and default gateway on both D1 (10.0.0.2/24) and D2 (10.1.0.2/24). I can ping SVIs on both D1 and D2 from directly connected Routers (R1-D1, R3-D2 respectively). I can Also ping SVIs on both D1 and D2 from directly connected PCs. However, once I try to ping D1 SVI from R2 and out(R3, D2, PC3/PC4) I don't get pings, and vice versa (can't ping D2 from R2, R1, D1, or PC1). I do have my static routes on R2 to D1 SVI subnet (10.0.0.0/24) and D2 SVI subnet (10.1.0.0/24). Weirdest part is I can ping any of the PCs from each other - PC1 from PC3 and PC4, and I can ping PC3 and PC4 from PC1, so it seems routing is okay, I just cannot ping the SVI interfaces. Not sure what else I'm doing wrong. I tried enabling 'ip routing' on the L3 switches, i also stated '(config)#vlan 1' on both D1 and D2 and still nothing. I do 'show ip int bri' and I show both Vlan1 on D1 and D2 as 'up'. Not sure whats going on, please help. thanks.

    7 Comments
    2024/12/20
    03:04 UTC

    116

    Throw in the towel

    Has anyone else become so exhausted by the corporate nonsense that it starts to feel like the work just isn’t worth it anymore?

    I’m fascinated by networks and signaling, and IT pays well, but the amount of waste and just human nonsense makes me want to go back to a job I don’t care about.

    70 Comments
    2024/12/20
    02:58 UTC

    3

    Blogpost Friday!

    It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts.

    Feel free to submit your blog post and as well a nice description to this thread.

    Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it.

    1 Comment
    2024/12/20
    00:00 UTC

    11

    MDF refresh: New APC UPSes can't be rack mounted on two-post racks?

    Spec sheet says "two post mountable 0". User manual only shows rail mounts on four-post racks.

    Looks like I have to go with Eaton?

    19 Comments
    2024/12/19
    21:45 UTC

    5

    What are you guys using for toners these days?

    I've gotten tasked with a project at work recently that is going to require me to tag and identify lines that we have running around the shop. I realized that in order to trace these lines I'm going to have to get a toner to be able to trace the lines. Our environment is a mix of UTP and STP terminating into patch panels and bundled with about 25-40 lines each. I've done some looking around at what's available and the options are wide and I'm not too sure what would be worth purchasing as I will be spending my own money to buy this (I know that my employer should be paying for it, but I'm not interested in getting into that debate). So my question is what would you guys recommend from your personal experience that would fit the requirements of what I need?

    18 Comments
    2024/12/19
    16:16 UTC

    13

    Juniper Career vs Arista Career

    Hello!

    Who would you rather work for as far as TAC and SE roles with either company and why? Both are good companies but looks like they are going in different directions at this point.

    53 Comments
    2024/12/19
    16:14 UTC

    1

    Small business upgrading - Need firewall help

    We're switching our VOIP system from T1 to fiber. Doing this requires us to purchase hardware for our network whereas prior we had leased equipment from the telco. We had a Cisco IAD2400 and a Cisco SG300-28PP switch. I've been told by the telco I will need an unmanaged switch (I need at least an 8 port, would prefer 16 for future expansion). I'd like to incorporate a hardware firewall into our system. We don't need VLAN, but it would be a nice option in the future for remote work. We don't have a local server. Just 6 PC's on a wired LAN and a few wireless devices. VOIP doesn't *require* POE but I would prefer it.

    Looking for recommendations on hardware. Ideally something all-in-on firewall and switch. I have zero knowledge of hardware firewalls. Networking I can handle. Cost isn't a huge factor, I'd prefer enterprise quality stuff that works (our Cisco equipment above has been rock-solid for 10 years). I don't want to spend 10k on this, but I'm not opposed to a couple of thousand for stuff that's better than consumer grade.

    13 Comments
    2024/12/19
    15:25 UTC

    57

    10GBase-T or SFP+ for servers?

    Got asked an oddball question, and kind of wanted to take the temperature of the industry.

    My Server team is switching platforms, and asked if I would prefer 10GBase-T or SFP+ on the hardware.

    I'm still in shock of being asked my preference. Existing network hardware will be refreshed at the same time, so previous investment doesn't hold a lot of weight.

    That being said, does anyone use 10GBase-T, or is everyone pretty much SFP+'s and DAC's at this point?

    160 Comments
    2024/12/19
    13:18 UTC

    5

    Self-laminating labels - are Brady's crazy cartridge prices really worth it? Alternatives?

    Hello!

    I've been looking into solutions for labeling cabels, using self-laminating labels. For the uninitiated, self-laminating labels are labels that have a printable area and a transparent area, and you stick the printed area along the cable, and then wrap around the cable with the transparent area, giving you a label that will stay on a cable without falling off, and preserving the print on the cable.

    We have a legacy brownfield datacenter with an eclectic mix of cable types, and while we now have a good inventory through Netbox as for what's connected to where, labelling the cables is still very useful for when equipment has to be replaced, or for cross-verifying the information that's actually in Netbox against reality.

    We need to label a wide variety of cables, everything from the thinnest simplex fiber patch cables, with a cable diameter of 2-3 mm, as well as modern "slim patch" style CAT6 patch cables with a diameter of 3.5-4.5 mm, as well as older "full thickness" cat5/cat6 cables with outer diameters of 6.0-6.5 mm. There may of course also be outliers, like DAC cables and power cables that may be even thicker, but for those cables, it probably makes more sense to use standard labels and using a printer in flag mode. (This is what we do now for most cables, but it's very finicky, time-consuming and the result isn't that great honestly. Which is why most cables aren't labeled.)

    I've been looking at different label maker solutions, and I've come across Brady's system with the M210 printer, and the M21-750-427, M21-1000-427, M21-1250-427 and M21-1500-427 labels between them should be able to cover cable diameters between 2.0 and 8.1 mm. The system itself seems fine on paper at least, I've never worked with an actual label maker, but I got sticker shock when I looked at what the labels themselves cost.

    We're looking at prices of around 800 SEK (70 € or so) for 4 meters of label tape in a cartridge, giving an eye-watering price of 200 SEK per meter (17,50 € per meter) of printed label. I have a feeling that's going to add up really fast.

    Meanwhile, I've not looked too closely into other options yet, we initially rejected Dymo XTL out of hand initially because of the high purchase price of the printer itself without diving too deep. Right now, Brother P-touch is looking attractive. I can get a cartridge of Brother's self-laminating 24 mm tape (TZe-SK251) for about 239 SEK (20 €) at the first retailer I looked at, and that's for 8 meters of label, giving a meter price of 30 SEK/meter (2.5 € per meter) which is around a seventh(!) of the cost.

    From what I understand it though, Brother's design means that there's more wastage of the labels because you end with a lot of white space before and after each label, but even if I have to use twice as much tape it's a lot cheaper still.

    I'm hoping from this post to hear from those of you who label these types of cables, and what machines you use, because ultimately there are more factors in play than price. Material cost is of course going to not be the most important factor in consideration, because ultimately labels provide a lot of value, and if the Brady system is so much better that it ends up saving time and frustration, that would in itself possibly be worth some money.

    My primary goal isn't neccesarilly to reduce cost, but to just make sure that if we're going to end up getting fucked on stupidly expensive label tape, that it's actually *good* compared to the alternatives. If these expensive labels really reduce frustration and difficulty, it might still be worth it.

    I've briefly looked into third party cartridges, the ones I found quickly were not that much cheaper, and the self-laminating ones weren't compatible with the M210 anyway, and buying into third party cartridges from the start doesn't seem like the right play.

    32 Comments
    2024/12/19
    11:23 UTC

    Back To Top