Network Management





Network Management involves issues that are independent of specific hardware or software, including email policies, upgrade planning, backup scheduling and working with managed service providers for Desktop-As-A-Service (DaaS), Software-As-A-Service (SaaS) and the like through the use of tools, coupled with manufacturer standards, best practice guidelines, policies and procedures plus all other relevant documentation. Network management also includes monitoring, alerting and reporting, management reporting, planning for device or service updates, the backup of configurations, the setting of key performance indicators and measures (KPIs/KPMs), associated service level agreements and problem records as part of the IT Service Management (ITSM) framework.

Share tech news, updates, or what's on your mind.

Sign up to Post

Dear Experts, I saw this error in logging of Cisco Router C3925. Could you please suggest and explain?

The Src address is the Public IP address of this Router (and it was hidden), a Dest address is the Access point's private IP address. This is a diagram:

ISP --------- Router C3925 ------------ Core switch 3750 -------------- Access switch 2960 ------------- Access point Meraki

Many thanks as always!
The 14th Annual Expert Award Winners
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Dear Experts, is there any way to monitor the Hardware's status (status of array, of disk, temporature, ....) of a IBM or HP servers?

We are using Zabbix 3.4. Many thanks!
I have a Cisco 3650 running 16.3.5b Lan base. I want do disable the login but prompt for the enable password with connecting via the console cable. I am using AAA for ssh access. The "no login local" command isn't an option.

aaa group server tacacs+ Clear_Pass
 server-private XXX.XXX.XXX.XXX timeout 3 key 7 PASSWORD
 ip vrf forwarding Mgmt-vrf
 ip tacacs source-interface Loopback1
aaa authentication login default group tacacs+ local enable
aaa authorization exec default if-authenticated
aaa authorization network default if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+

username cisco privilege 15 password 7 CISCO

line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 privilege level 15
 logging synchronous
 transport input ssh
line vty 5 15
 privilege level 15
 logging synchronous
 transport input ssh
Currently we have TMG as web proxy and websense as web filtering
We are going to replace TMG with Bluecoat SG Appliance.

Hence I need to know which design is considered as best in terms of secure and efficiency.

We have 1500 users.

Any help would be appreciated.
i want configure snmpv3 in my project i am using jdmk( snmpAdaptor.snmpV3UsmTrap(gent1, serverUpOid, varList, new SnmpTimeticks(1))) , while sending trap while giving error while preparing message from pdu for sending trap (SNMPSECURITYEXCEPTION),  what is the reason for this any one can help me pease, i am struggling from past two days.
I have configured UDP jitter SLA on my test lab. What do the below counters indicate of my connection? Why is there no latency numbers?
How am I supposed to read this?

ip sla 90
 udp-jitter 65050 num-packets 20
 request-data-size 100
 tos 128
 frequency 30
ip sla schedule 90 life forever start-time now

Test_Lab_Router_Place#sh ip sla statistics  de
IPSLAs Latest Operation Statistics

IPSLA operation id: 90
Type of operation: udp-jitter
        Latest RTT: 11 milliseconds
Latest operation start time: 12:03:15 cst Wed Feb 21 2018
Latest operation return code: OK
Over thresholds occurred: FALSE
RTT Values:
        Number Of RTT: 20               RTT Min/Avg/Max: 9/11/17 milliseconds
Latency one-way time:
        Number of Latency one-way Samples: 0
        Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds
        Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds
        Source to Destination Latency one way Sum/Sum2: 0/0
        Destination to Source Latency one way Sum/Sum2: 0/0
Jitter Time:
        Number of SD Jitter Samples: 19
        Number of DS Jitter Samples: 19
        Source to Destination Jitter Min/Avg/Max: 0/2/8 milliseconds
        Destination to Source Jitter Min/Avg/Max: 0/1/1 milliseconds
        Source to destination positive jitter Min/Avg/Max: 1/3/8 milliseconds
        Source to destination positive jitter Number/Sum/Sum2: 5/19/119
        Source to destination negative jitter Min/Avg/Max: 

Open in new window

What is the best software for auto-generating nice network diagrams
with least effort for busy network engineer? I really like Netbrain but
I couldn't afford that as an individual (used it at a large company).
Plus I don't need the monitoring and troubleshooting parts of
netbrain. I just need excellent discovery and map drawing. Any
I am trying to setup a Cisco monitor session. The source ports are g1/4 which is the inside interface for my Cisco ASA. The destination port G7/41 is on vlan 254. This is what I have so far.

interface GigabitEthernet1/4
 description ASA5515X-Primary-Inside
 switchport access vlan 256
 switchport mode access
 spanning-tree portfast

interface GigabitEthernet7/41
 description FP Network Agent
 switchport access vlan 254
 switchport mode access

monitor session 1 source interface Gi1/4
monitor session 1 destination interface Gi7/41
monitor session 1 filter packet-type good rx

For testing purpose I have a user going to an outside ftp site and I have Wireshark on G7/41 which shows no ftp activity. I am also not seeing any http or https activity. So I know I am missing something. Any assistance will be greatly apperciated.
How do I open a UDP port on a Cisco Router? I have checked my firewall and the rule is allowing traffic, I think the router is blocking it.

My current config is as follows:
Config Type Running
Downloaded 1/5/2018 12:01:06 PM
Modified never modified

001:  !

002:  ! No configuration change since last restart

003:  !

004:  version 12.2

005:  no service pad

006:  service tcp-keepalives-in

007:  service tcp-keepalives-out

008:  service timestamps debug uptime

009:  service timestamps log uptime

010:  service password-encryption

011:  !

012:  hostname BMCRT1A

013:  !

014:  boot-start-marker

015:  boot-end-marker

016:  !

017:  !

018:  logging buffered 10240

019:  no logging console

020:  enable secret 5 $1$mFes$1zoJpoV9IaR0oIZdg6acx/

021:  enable password 7 15250E00072526217A1A3B271C14

022:  !

023:  username leerx privilege 15 secret 5 $1$Y3g0$w3Ij1PdfU/f4Z/R2MyiGl1

024:  username alcodl privilege 15 secret 5 $1$TFf3$2ukvwNNI8xlB0TTRlOURj0

025:  username admin privilege 15 secret 5 $1$5dwD$p8GRyRnLAMP6WCMGU9fhd1

026:  no aaa new-model

027:  switch 1 provision ws-c3750x-12s

028:  system mtu routing 1500

029:  ip routing

030:  no ip gratuitous-arps

031:  !

032:  !

033:  !

034:  no ip domain-lookup

035:  ip multicast-routing distributed

036:  ip multicast…
We are about to install a pair of S4048-ON switches on our current environment. We are currently have 20 iBGP sessions via 20 xconnects with the other vendors in the same data center. I wanted to find out the best to migrate the existing bgp connections without causing any disruptions to the counter parties.

Thank you, Experts
Will You Be GDPR Compliant by 5/28/2018?
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

I'm in the process of migrating to a new Aruba 2930F 28 port switch which will replace the current 3Com 4500 PWR core switch. There are a few lines in the config of the 3Com switch for which I cannot find the corresponding ArubaOS command. I am also unclear as to what these lines actually do. Any help would be appreciated. See below;

acl number 4999
 rule 0 deny dest 0000-0000-0000 ffff-ffff-ffff

From my research this has something to do with "telling" the switch that any device which has a mac address in this range is an IP phone but I cannot be sure about this.

packet-filter inbound link-group 4999 rule 0 - no idea what this means.... some sort of QoS?

So essentially my questions are...

1) What do the above lines mean aka what do they do?
2) What are the equivalent ArubaOS commands to implement the same config... assuming I have to do this on the Aruba switch at all... in case the above is a "default" setting for Aruba.

Thanks in Advance.

Here is the 3Com switch config in its entirety to give perspective...

 sysname CORE
 local-server nas-ip key 3com
 dhcp-server 0 ip  
 igmp-snooping enable
radius scheme system
domain system
acl number 4999
 rule 0 deny dest 0000-0000-0000 ffff-ffff-ffff
vlan 1
 igmp-snooping enable
vlan 2
interface Vlan-interface1
 ip address
interface Vlan-interface2
 ip address
Hai frnds,
i have cisco 4321 router , there are only 2 gi etharnet ports,can i convert wan port into Lan port ?
Dear Experts.

I have two HPE 1950 Series switches.
Both seitches are 12XGE + 4 SFP+.

I used 2 SFP+ ports on each to create an IRF between them which works great.

Here's my question, using the CLI rather than the Web Interface, is it possible to change the settings on several non-consecutive ports?

I know that there's the following command:
interface range Ten-Gigabitethernet 1/0/1 to Ten-Gigabitethernet 1/0/10

Open in new window

Which will then allow me to provide the same settings to all ports from XGE 1/0/1 to XGE 1/0/10.
but what if I wanted to put the same settings on 1/0/5 and 2/0/5 ?
is there a way to do so?
My sonicwall is dropping my connection from a second subnet. I understand why, as it is identifying this 96... ip address as a WAN on the LAN. However I just simply want to allow all traffic from that IP to get through. How would I go about configuring the sonicwall?

I tried disabling IP Spoof Checking from the diag.html page, but it refuses to save and only says "there were no changes made".

01/15/2018 12:07:25.640      Alert      Intrusion Prevention      IP spoof dropped      96.67.165.X, 49873, X1      209.63.225.X, 80, X1      


We are running an intranet in our we are thinking to provide the access of our intranet to the users even through their mobile..How can we do this... and is this possible?

Thanks in advance,
Srikanth Nandyala.
I have been trying to work with Sonicwall support on this issue and have made no progress.  We have been using the appliance in the past with split tunnel enabled but, due to security requirements, we can no longer allow split tunnel.  If we turn it off,  remote users can access internal resources we have configured, but cannot access anything on the Internet. It seems that we need to create a resource which is "anything" on the Internet but we don't know how to do that. We don't see any kind of wild card options.  We have not given our users access to "Any" resource.  We need to specifically define the resource they have access to.  We need an "Internet" resource and then we can give them access to that.  Is this possible.  Or, is there some other way to approach this?

Sonicwall support had us upgrade the firmware to 11.40-468 with the 708 hotfixes but that did not create an options for resolving this requirement.
hello, scom 2016 and need to specify some service that i need to show using the visio to make dashboard. so if i need to check health of the DNS service in my 3 domains how can i do that and shall i choose. also if  i need to check the status of my DHCP subnets can i do that?
i'm using visio 2013 and the scom addin installed but it's for system centre 2012 does it make any effect?
also if i need to just click on the service from the visio should it gives me the status of this object only?
Hi Guys,

Last week I tried to upgrade our edge 3750X switch (two switches in a stack), from c3750e-universalk9-mz.152-2.E.bin to c3750e-universalk9-mz.152-4.E5.bin.

Previously I copied the new IOS to both flash: and flash2: from TFTP, ran command 'boot system switch all flash:c3750e-universalk9-mz.152-4.E5.bin, and then 'wr mem'.

Later I consoled into the master switch and reloaded. The master switch booted into the new image successfully, but the member switch got stuck in a booting loop. The new IOS was loading, and went nearly to the end, and the master switch could see the member at some point. Then the process started all over again, and it was endless!

I tried powering the member switch off, and then on again - still the same. Tried removing stacking cables, and restarting - still no joy. Then booted the member into SWITCH: prompt, and then into the previous IOS - still a loop! I didn't know what else I could try, so at the end I powered the offending switch off and left it as it was (as the master switch was providing all the services).

Please could you advise how to resolve this issue? Any advice would be appreciated.


On a Cisco ASA, how can send only logging from a single access control list rule to a syslog server.?
Configuration with ASDM please

- Jac
Hire Technology Freelancers with Gigs
LVL 12
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Hi Experts,

This is kinda a two part question, so I apologize in advance for that.

I’ve been tasked with implementing a monitoring/reporting system for the internet usage at our company.  What we want to see is the basic stats of all our ingress & egress internet traffic (volume in & volume out), with the ability to drill down to the type of traffic (L7 level), and the associated inside client/ip.

Our network consists of a Cisco ISR 4331 (app-x license) router, which routes between our various vlans (Cisco ESW500 & SG500 switches, and Cisco wlan), and a dedicated 100Mb internet connection.  The management system we are using is Cisco Prime Infrastructure 3.2 (with all the appropriate assurance licenses for our devices).  For sake of better understanding, I’ve attached a topology diagram of our current layout.  We have about 100 end users, don’t run any special services on our network, and the majority of our internet traffic (in & out) is just basic web traffic, with one webserver and an ip camera server.

So the first part of my question is what would be the best way (using netflow, I assume) to have our Prime Infrastructure monitor the traffic stats we’re looking for? (In particular, how can I get around the NAT/PAT issue for the inbound web traffic?)

Which leads to the second part question……I was thinking on stacking all the SG500 switches into a L3 stack, to offload some of the L3 switching between vlans, to that L3 stack.  Would that allow me to monitor …
We have an old Asterisk (v.2.x) phone server in our office.  I'm new to the system and need to change an extension number from a rapid busy signal to a working extension.  Also, we have several extension that simple hang-up when dialed (no tones of any sort).  How do we edit those extensions?

I'm new to Linux, but I've figured out how to browse directories and edit conf files.
I have 77 printers on different sites I would like to have a report on whats going on with them from week to week. For example, if the ADF scanner is jamming often it reported so I can order a part.

I'm working with Lexmark Printers, I  currently have it set to email me when something happens. I need a way to create a report via graph or visually.  Three key pieces I really care about is the site  location, Asset, and the alert type

If I can have the emails to another address and create reports on the fly that's ideal I'm working with a company laptop that might restrict installed programs I prefer web-based application if possible.

Heres the subject title example Paper Handling Alert from Lexmark MX611de at (IP is same for each site)

The Body of email
Your Lexmark printer has sent you an automated status alert. Please review the following information:
Printer Location: City Site here, MI | ET
Serial Number: 701632HH01WT9
Asset Tag Number: Printer name here

Paper Handling Alert:
  Paper jam, open rear door. [230.03]
Hello, I started to configure a PFSense, version 2.4.1. I want to know if it is possible to configure an IPsec multi-WAN failover

Has anyone had any experience configuring this? I already configured the DUAL WAN Failover on the PFSense

I would like that the VPN tunnel can be able to stay up if the WAN fails over.

Thanks in advance

Has anyone managed to get Cisco 7942G to work with RingCentral.  If so could you share the XML file, ours is just stuck on registering.

Hi, I need to install the program on all the user's machines. it's a lot of users, how to do without install individually, one time install for every one.Any idea highly appriciated

Network Management





Network Management involves issues that are independent of specific hardware or software, including email policies, upgrade planning, backup scheduling and working with managed service providers for Desktop-As-A-Service (DaaS), Software-As-A-Service (SaaS) and the like through the use of tools, coupled with manufacturer standards, best practice guidelines, policies and procedures plus all other relevant documentation. Network management also includes monitoring, alerting and reporting, management reporting, planning for device or service updates, the backup of configurations, the setting of key performance indicators and measures (KPIs/KPMs), associated service level agreements and problem records as part of the IT Service Management (ITSM) framework.