Network Management





Network Management involves issues that are independent of specific hardware or software, including email policies, upgrade planning, backup scheduling and working with managed service providers for Desktop-As-A-Service (DaaS), Software-As-A-Service (SaaS) and the like through the use of tools, coupled with manufacturer standards, best practice guidelines, policies and procedures plus all other relevant documentation. Network management also includes monitoring, alerting and reporting, management reporting, planning for device or service updates, the backup of configurations, the setting of key performance indicators and measures (KPIs/KPMs), associated service level agreements and problem records as part of the IT Service Management (ITSM) framework.

Share tech news, updates, or what's on your mind.

Sign up to Post

Anyone knows Aruba controllers well?   They normally pass through the same VLAN on the main switch, or the management VLAN.
Wonder why Aruba not recommending doing a direct heartbeat between Active and Passive controllers.  Using 7030 controllers at this point.
Normally I do a direct heartbeat between Cisco controllers.  But Cisco has a dedicated HA port for this.  Arubas not.  7030 controllers have 8 fiber and 8 copper ports.
 Anyone knows about it and have an advice?
How do you know if your security is working?
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Does anyone know what MIB to use on a NetGear switch to gain the port and MAC address (of the connected server) via snmpget?  Snmpwalk gives me pages and pages of info but does not include what I'm looking for.

Thanks in advance.
-Steve Carpenter

UPDATE:  The short story is that you cannot get this info via snmp from a NetGear Pro series.

I built a new office in Chicago, but our staff is always play games and watch movies in office, I banned many address in the firewall, but too many address, it needs to be set so many rules in the firewall, obviously can't do that, who knows what kind of equipment or service can do it, I want to buy it.

Many thanks,
I have a Windows 10 PC (Version 10.0.17134 Build 17134) where a VMware is installed (Version 12.5.9 build-7535481) with Windows 10 (Enterprise N 2015 LTSB). We have a problem with the IP address of this "VMware PC". The "hosts" file in C:\Windows\System32\drivers\etc, there is the entry for the VMware PC as WIN10PC (see attachements). There is a second "hosts" file in C:\WinSxS\amd64_microsoft-windows… without any entries, but trying to add the WIN10PC entry also there fails because of the message:

Cannot save "amd64" hosts fileHowever, I have opened this hosts file only in the Notepad++ app. A ping on WIN10PC cannot find the address of and returns the own IP address of the Windows 10 PC, which is The arp command does not enlist the WIN10PC address of 172.10.153 at all, and an "arp -s" command will not add this IP address (see attachements). Interestingly, my colleagues can "see" the VMware machine from their PCs!

Do you have any idea what's going wrong?
We have total 7 scope configured in DHCP out of which 3 is showing blue exclamatory mark, when I click on display statistics for these 3 scopes all value is showing zero only. Event logs showing error messages like "DHCP client request from C42F909FAB66 was dropped since the applicable IP address ranges in scope/superscope VLAN40 are out of available IP addresses. This could be because of IP address ranges of a policy being out of available IP addresses." for all these 3 scopes only. However all these scopes are not more that 50% occupied.

DHCP lease is 10 hours for all scopes except scope for mobile user.

In DHCP properties DNS Tab
""Dynamically update DNS record only if requested by the DHCP clients"" is checked.
""Discard A and PTR records when lease is deleted"" is also checked.

Assign IP addresses dynamically to clients of: is DHCP

In DNS Scavenge stale resource records are set as No-refresh interval 3 days and Refresh interval 4 days for all the zones and scavenging Period is 1 Day.

I performed the reconciliation and restarted the DHCP services in both DC and is ADC. Also I checked by restarting our ADC as it was also showing the same thing but it also doesn't work however I have not cheeked  by restarting our DC yet.

Please suggest if anyone having the solution for this.
Dear Experts, I'm testing the SPAN feature in Switch Cisco 3750. This is the diagram:

This is configuration on Core SW:

monitor session 1 source vlan 55 both
monitor session 1 destination interface g1/0/13

Open in new window

It seems like working but the whole vlan 18 was hang, so I could NOT access the PC which was installed wireshark. How can I fix it? Can we just mirror traffic from some IP addresses, not all VLAN?

Many thanks as always!
Hi Everyone,

I am using the Fortimanager 400C (v5.2.10-build0786 170112 (GA)) Some fortigate units are not adding  I am not able to ping them from Fortimanager while I am able to ping Fortimanager from Fortigateunit I am trying to add Fortigate60D (v5.2.9,build736 (GA)) I have adrteady check the FMG_Access is enable on the Fortigate 60D.

Please asssit me.
Dear experts,

I am new to the DNS and DNS load test. Now i have task to test Load Test on two BIND9 servers [RHEL6]. I had googled it and i found dnspref is good tool to evaluate throughput and latency. However, I need a script to do this task. I will be very helpful for me if any one share the info.

I have mikrotik 951
I have internet router with ip  and the mikrotik ip Is I add a route to with pref also i have dhcp server on that give the client getaway and dns  as to point it to mikrotik.
till now the internet work on the client without any problem.
when i try to add a hotspot the internet stoped , the client login but no internet.
please note that i setup the hotsport from wizard. and also i disabled the dhcp server after that
so where is the problem ?
I have a security requirement for my network to alert us via email when windows event logs and switches, firewalls etc, stop sending logs.

I do use Netwrix and I have been testing various syslog servers.

The requirement is:
" Where possible, configure the and network device log collectors to generate an alert in the event a device stops sending logs to the centralized log collector for 24 hours."

Does anyone have any experience with accomplishing this? What tools are you using to automatically generate alerts when logs stop?

I am open to using any Microsoft or 3rd party tool to make this happen.

Cloud Class® Course: Certified Penetration Testing
LVL 12
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

1. Can someone explain me if there is any changes in .cloginrc file, I need to run the rancid-cvs and rancid-run,
2. When i am trying to login i can see that the username is not pulling from what is there in .cloginrc.

For Eg:
(Under my clogin file)
I have mentioned
add user 1x.x.x User1
add password 1x.x.x       {password}
add method 1x.x.x telnet ssh

But when i am trying to login, i can see that username is in rancid. I am not sure why its happening. And to make sure that if try firewall login or normal login, its going with actual username only
Would the following configuration elements be sufficient to export netflow information from  Nexus switch from a particular vlan?

feature netflow

flow exporter splunk
  transport udp 20066
  source loopback0
  version 9

flow record netflow-record
  match ipv4 source address
  match ipv4 destination address
  match ip protocol
  match transport source-port
  match transport destination-port
  collect counter bytes
  collect counter packets

sampler netflow-sampler
  mode 1 out-of 4956

flow monitor flows01-monitor
  record netflow-record
  exporter splunk

interface vlan 100
 ip flow monitor flows01-monitor input sampler netflow-sampler

(cisco Nexus 6004 Chassis; Version System version: 7.1(3)N1(2))
Hi ,

we have subsidiary company with around 150 Users . it is linked to us (HO ) over IPVPN (1 MB)  and services getted from Us are :

1- CISCO IP telephone ( currently around 75 Users)
2- ERP ( about 50 USers)

thier existign Setup :

1- Domain COntroller ( seprate totally from us ) + Antivirus server ( 1 physical box)
2-finance system
3-Backup Server
4-Sonicwall NSA2600
7-Router for IPVPN

the managment is thinking to host the setup for the subsidary company so my questions are:

1- how I can do the proper sizing for the link ? so i ensure the users are not feeling slowness
2-what equipment should i move from there and what i should not ? best desing fro myour experince
3- how the internet should be provided to thier users ? from us or locally ?
4- what are the adv and disadvanage for such plan? should we recommend this plan or let them continue as they are
5- risks?
6- what are the pre requisits needed in the HO Data Center for hosting those equipment
It seems that the documentation about IPsec/IKE setup on an SRX to Azure s2s VPN is conflicting.  There are 3 pain points:

1.  Can IPsec/IKE be used on a policy-based VPN for Azure? It seems that Azure is clear about "no" but the suggested Azure config includes IPsec & IKE config
2.  Which IKE version is best for SRX to Azure - v1 or v2, when using Policy Based or Route-Based VPN? (see attachment)
3.  If a trust sec zone (internal interf.) and an unstrust sec. zone (exter. interf.) already exists, how can I add interfaces that are in one of those zones already to a new "Internal & Internet Zone" for the Azure VPN Tunnel as documentation suggests?  I receive an SRX error about adding interfaces to multiple zones prohibited and if using PB VPN there is no st0.x to that config and/or I don't understand how to utilize or place the traditional interface under the st0.x iface.


commit check
[edit security zones security-zone Internal]
  'interfaces ge-0/0/1.0'
    Interface ge-0/0/1.0 already assigned to another zone
error: configuration check-out failed

I found this on Azure's site -

Azure IKE Doc found on Azure Site
Azure States no IPsec for Policy-Based
Azure IKE Doc found on Azure Sitejuniper-no-ikev2.png
I have a block of public IP addresses from my ISP, and I'm only using one (small operation here). I need to use a second one and have the incoming traffic pointed at a specific server (runs our video security system), and I have no idea how to do that. Can anyone give me step-by-step instructions?

I have a Sonicwall NSA-3600 running SonicOS Enhanced

I had this question after viewing Do we need to upgrade the Boot Loader image on cisco switches.

I have a cisco3560  switch  and with show version BootLDR is pointing to an image the does not exist on flash , noting that switch is working  fine
with another IOS.
So how can i change it safely ?
how would this affect my environment ?
Does it  have effect in switch recovery and rommon mode ?
Hi we have a thousand of switches in the network. and Orion has been configured on each switches. Now we have a few of commands that need to be implemented on each of switches. How can we add these commands to each switches via Orion? Or you can send me a link for this issue. Thank you
A few years back I had SolarWinds Real-Time NetFlow Analyzer working with my Cisco 3750x switch. Recently we had some suspicious traffic so I installed a new version of the software on a Win 10 machine. I can connect through the software to my switch, I can see all of the interfaces but none of them show NetFlow enabled. When I click on the interface I want to monitor then click "Start Flow Capture" I get a 'NetFlow is not detected on the selected interface'.

How do I get this port configured correctly to capture NetFlow data?

Additional Facts:
IOS version 15.0(2)SE6

Config on switch:
int gig <port to be monitored>
ip flow ingress
ip flow egress

ip flow-export source <port to be monitored>
ip flow-export version 5
ip flow-export destination <IP of my Win 10 machine> 2055

Open in new window

Per this thread- 
I tried to run the ip nbar protocol-discovery and the ip route-cache flow on the port to be monitored. Neither of those commands were accepted on that port.

Any help is appreciated.

I've had users on other forums attempt to help me by pointing me to towards flexible netflow configurations that use the command ip flow monitor <name of monitor> input applied to the interface they want to monitor. My switch does not allow flexible netflow to be applied to non-service module ports. What I'm trying to monitor are the standard gigabit interfaces.

The netflow commands I can apply to those standard interfaces are those listed above: ip flow ingress and ip flow egress. How do I get netflow analysis that way?
Hello ,

We have a serious issue here . We are unable to access vcenter with cac authentication but able to access vsphere web client with user name and password only. Can you please assist how to get the cac Authentication to log into vcenter vsphere 6.0.
Cloud Class® Course: Microsoft Exchange Server
LVL 12
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

Hi Guys,

 I am trying to use hyper-v extended port acl's as a basic form of firewalling for vms on hyper-v server 2016

My goal is simply to limit incoming connections while generally allowing outgoing traffic (and return traffic).

In essence we are allowing incoming http(s) and dns replies. All outgoing tcp traffic is marked as stateful.

We use the following acl's (cleaned up slightly for readability)
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Deny" -Direction "Inbound" -Weight 20
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -Weight 30 -Protocol 1
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -LocalPort 80  -Protocol "TCP" -Weight 60
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -LocalPort 443  -Protocol "TCP" -Weight 70
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -RemoteIPAddress "" -RemotePort "53" -Weight 130
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Outbound" -Protocol "TCP" -Stateful $True -Weight 150

Open in new window

The issue is as soon as the last stateful entry is added significant latency is observed to the point of things becoming useless.

In the cisco switch acl world you would simply look for the established flag for the packet.

Is there a way we can achieve the same here without incurring these severe performance penalties? Am I doing it completely wrong?

thanks for any insight.
Can a POE injector be plugged into any port on a (POE enabled) Switch?

This is the POE injector btw
I have a Cisco 3650 running 16.3.5b Lan base. I want do disable the login but prompt for the enable password with connecting via the console cable. I am using AAA for ssh access. The "no login local" command isn't an option.

aaa group server tacacs+ Clear_Pass
 server-private XXX.XXX.XXX.XXX timeout 3 key 7 PASSWORD
 ip vrf forwarding Mgmt-vrf
 ip tacacs source-interface Loopback1
aaa authentication login default group tacacs+ local enable
aaa authorization exec default if-authenticated
aaa authorization network default if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+

username cisco privilege 15 password 7 CISCO

line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 privilege level 15
 logging synchronous
 transport input ssh
line vty 5 15
 privilege level 15
 logging synchronous
 transport input ssh
I have configured UDP jitter SLA on my test lab. What do the below counters indicate of my connection? Why is there no latency numbers?
How am I supposed to read this?

ip sla 90
 udp-jitter 65050 num-packets 20
 request-data-size 100
 tos 128
 frequency 30
ip sla schedule 90 life forever start-time now

Test_Lab_Router_Place#sh ip sla statistics  de
IPSLAs Latest Operation Statistics

IPSLA operation id: 90
Type of operation: udp-jitter
        Latest RTT: 11 milliseconds
Latest operation start time: 12:03:15 cst Wed Feb 21 2018
Latest operation return code: OK
Over thresholds occurred: FALSE
RTT Values:
        Number Of RTT: 20               RTT Min/Avg/Max: 9/11/17 milliseconds
Latency one-way time:
        Number of Latency one-way Samples: 0
        Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds
        Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds
        Source to Destination Latency one way Sum/Sum2: 0/0
        Destination to Source Latency one way Sum/Sum2: 0/0
Jitter Time:
        Number of SD Jitter Samples: 19
        Number of DS Jitter Samples: 19
        Source to Destination Jitter Min/Avg/Max: 0/2/8 milliseconds
        Destination to Source Jitter Min/Avg/Max: 0/1/1 milliseconds
        Source to destination positive jitter Min/Avg/Max: 1/3/8 milliseconds
        Source to destination positive jitter Number/Sum/Sum2: 5/19/119
        Source to destination negative jitter Min/Avg/Max: 

Open in new window

I am trying to setup a Cisco monitor session. The source ports are g1/4 which is the inside interface for my Cisco ASA. The destination port G7/41 is on vlan 254. This is what I have so far.

interface GigabitEthernet1/4
 description ASA5515X-Primary-Inside
 switchport access vlan 256
 switchport mode access
 spanning-tree portfast

interface GigabitEthernet7/41
 description FP Network Agent
 switchport access vlan 254
 switchport mode access

monitor session 1 source interface Gi1/4
monitor session 1 destination interface Gi7/41
monitor session 1 filter packet-type good rx

For testing purpose I have a user going to an outside ftp site and I have Wireshark on G7/41 which shows no ftp activity. I am also not seeing any http or https activity. So I know I am missing something. Any assistance will be greatly apperciated.
i have mikrotik 951 with capsman.
is wifi speed is slow it's about 3 to 4mb
the tx power is 17.
the client is 4....
the freq is 2442,
distanse: indoor
ht tx chain 0,1
ht rx chan 0,1
ht guard long
channel width 20
band  2 bgn
ext ec
rates : basic all
supported rate all,
security wp2psk aes
so where is the problem ?

Network Management





Network Management involves issues that are independent of specific hardware or software, including email policies, upgrade planning, backup scheduling and working with managed service providers for Desktop-As-A-Service (DaaS), Software-As-A-Service (SaaS) and the like through the use of tools, coupled with manufacturer standards, best practice guidelines, policies and procedures plus all other relevant documentation. Network management also includes monitoring, alerting and reporting, management reporting, planning for device or service updates, the backup of configurations, the setting of key performance indicators and measures (KPIs/KPMs), associated service level agreements and problem records as part of the IT Service Management (ITSM) framework.