Network Management





Network Management involves issues that are independent of specific hardware or software, including email policies, upgrade planning, backup scheduling and working with managed service providers for Desktop-As-A-Service (DaaS), Software-As-A-Service (SaaS) and the like through the use of tools, coupled with manufacturer standards, best practice guidelines, policies and procedures plus all other relevant documentation. Network management also includes monitoring, alerting and reporting, management reporting, planning for device or service updates, the backup of configurations, the setting of key performance indicators and measures (KPIs/KPMs), associated service level agreements and problem records as part of the IT Service Management (ITSM) framework.

Share tech news, updates, or what's on your mind.

Sign up to Post

I know this sound silly, we have an appliance which has option to community string and sm
mp trap .
My understanding is better to send the device trap than letting the management station yo monitor the device. Am I correct in this ?
Dies trap send information about cpu memory usage or just send the distress message?
Cloud Class® Course: MCSA MCSE Windows Server 2012
LVL 12
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

1. Can someone explain me if there is any changes in .cloginrc file, I need to run the rancid-cvs and rancid-run,
2. When i am trying to login i can see that the username is not pulling from what is there in .cloginrc.

For Eg:
(Under my clogin file)
I have mentioned
add user 1x.x.x User1
add password 1x.x.x       {password}
add method 1x.x.x telnet ssh

But when i am trying to login, i can see that username is in rancid. I am not sure why its happening. And to make sure that if try firewall login or normal login, its going with actual username only
Would the following configuration elements be sufficient to export netflow information from  Nexus switch from a particular vlan?

feature netflow

flow exporter splunk
  transport udp 20066
  source loopback0
  version 9

flow record netflow-record
  match ipv4 source address
  match ipv4 destination address
  match ip protocol
  match transport source-port
  match transport destination-port
  collect counter bytes
  collect counter packets

sampler netflow-sampler
  mode 1 out-of 4956

flow monitor flows01-monitor
  record netflow-record
  exporter splunk

interface vlan 100
 ip flow monitor flows01-monitor input sampler netflow-sampler

(cisco Nexus 6004 Chassis; Version System version: 7.1(3)N1(2))
Hi ,

we have subsidiary company with around 150 Users . it is linked to us (HO ) over IPVPN (1 MB)  and services getted from Us are :

1- CISCO IP telephone ( currently around 75 Users)
2- ERP ( about 50 USers)

thier existign Setup :

1- Domain COntroller ( seprate totally from us ) + Antivirus server ( 1 physical box)
2-finance system
3-Backup Server
4-Sonicwall NSA2600
7-Router for IPVPN

the managment is thinking to host the setup for the subsidary company so my questions are:

1- how I can do the proper sizing for the link ? so i ensure the users are not feeling slowness
2-what equipment should i move from there and what i should not ? best desing fro myour experince
3- how the internet should be provided to thier users ? from us or locally ?
4- what are the adv and disadvanage for such plan? should we recommend this plan or let them continue as they are
5- risks?
6- what are the pre requisits needed in the HO Data Center for hosting those equipment
It seems that the documentation about IPsec/IKE setup on an SRX to Azure s2s VPN is conflicting.  There are 3 pain points:

1.  Can IPsec/IKE be used on a policy-based VPN for Azure? It seems that Azure is clear about "no" but the suggested Azure config includes IPsec & IKE config
2.  Which IKE version is best for SRX to Azure - v1 or v2, when using Policy Based or Route-Based VPN? (see attachment)
3.  If a trust sec zone (internal interf.) and an unstrust sec. zone (exter. interf.) already exists, how can I add interfaces that are in one of those zones already to a new "Internal & Internet Zone" for the Azure VPN Tunnel as documentation suggests?  I receive an SRX error about adding interfaces to multiple zones prohibited and if using PB VPN there is no st0.x to that config and/or I don't understand how to utilize or place the traditional interface under the st0.x iface.


commit check
[edit security zones security-zone Internal]
  'interfaces ge-0/0/1.0'
    Interface ge-0/0/1.0 already assigned to another zone
error: configuration check-out failed

I found this on Azure's site -

Azure IKE Doc found on Azure Site
Azure States no IPsec for Policy-Based
Azure IKE Doc found on Azure Sitejuniper-no-ikev2.png
I have a block of public IP addresses from my ISP, and I'm only using one (small operation here). I need to use a second one and have the incoming traffic pointed at a specific server (runs our video security system), and I have no idea how to do that. Can anyone give me step-by-step instructions?

I have a Sonicwall NSA-3600 running SonicOS Enhanced

I had this question after viewing Do we need to upgrade the Boot Loader image on cisco switches.

I have a cisco3560  switch  and with show version BootLDR is pointing to an image the does not exist on flash , noting that switch is working  fine
with another IOS.
So how can i change it safely ?
how would this affect my environment ?
Does it  have effect in switch recovery and rommon mode ?
Hi we have a thousand of switches in the network. and Orion has been configured on each switches. Now we have a few of commands that need to be implemented on each of switches. How can we add these commands to each switches via Orion? Or you can send me a link for this issue. Thank you
A few years back I had SolarWinds Real-Time NetFlow Analyzer working with my Cisco 3750x switch. Recently we had some suspicious traffic so I installed a new version of the software on a Win 10 machine. I can connect through the software to my switch, I can see all of the interfaces but none of them show NetFlow enabled. When I click on the interface I want to monitor then click "Start Flow Capture" I get a 'NetFlow is not detected on the selected interface'.

How do I get this port configured correctly to capture NetFlow data?

Additional Facts:
IOS version 15.0(2)SE6

Config on switch:
int gig <port to be monitored>
ip flow ingress
ip flow egress

ip flow-export source <port to be monitored>
ip flow-export version 5
ip flow-export destination <IP of my Win 10 machine> 2055

Open in new window

Per this thread- 
I tried to run the ip nbar protocol-discovery and the ip route-cache flow on the port to be monitored. Neither of those commands were accepted on that port.

Any help is appreciated.

I've had users on other forums attempt to help me by pointing me to towards flexible netflow configurations that use the command ip flow monitor <name of monitor> input applied to the interface they want to monitor. My switch does not allow flexible netflow to be applied to non-service module ports. What I'm trying to monitor are the standard gigabit interfaces.

The netflow commands I can apply to those standard interfaces are those listed above: ip flow ingress and ip flow egress. How do I get netflow analysis that way?
In the Microsoft Call Quality reports - there is an option to view call quality
for Mobile LTE calls. How does MS Skype know that the calls are going over
Mobile LTE? Is the Skype mobile client running on a cell phone and transported
over TCP/IP over the carrier's LTE network? Or are  cell phone calls into
a Skype conference bridge but not over IP? I'm not sure what these calls are.
Their call quality percentage is by far the worst of any other classification of calls
and could contribute to the perception of Skype not being so hot.

We are using Skype for Business Online - Office 365. Thanks.
Worried about phishing attacks?
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Hello ,

We have a serious issue here . We are unable to access vcenter with cac authentication but able to access vsphere web client with user name and password only. Can you please assist how to get the cac Authentication to log into vcenter vsphere 6.0.
Can a POE injector be plugged into any port on a (POE enabled) Switch?

This is the POE injector btw
I have a Cisco 3650 running 16.3.5b Lan base. I want do disable the login but prompt for the enable password with connecting via the console cable. I am using AAA for ssh access. The "no login local" command isn't an option.

aaa group server tacacs+ Clear_Pass
 server-private XXX.XXX.XXX.XXX timeout 3 key 7 PASSWORD
 ip vrf forwarding Mgmt-vrf
 ip tacacs source-interface Loopback1
aaa authentication login default group tacacs+ local enable
aaa authorization exec default if-authenticated
aaa authorization network default if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+

username cisco privilege 15 password 7 CISCO

line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 privilege level 15
 logging synchronous
 transport input ssh
line vty 5 15
 privilege level 15
 logging synchronous
 transport input ssh
I have configured UDP jitter SLA on my test lab. What do the below counters indicate of my connection? Why is there no latency numbers?
How am I supposed to read this?

ip sla 90
 udp-jitter 65050 num-packets 20
 request-data-size 100
 tos 128
 frequency 30
ip sla schedule 90 life forever start-time now

Test_Lab_Router_Place#sh ip sla statistics  de
IPSLAs Latest Operation Statistics

IPSLA operation id: 90
Type of operation: udp-jitter
        Latest RTT: 11 milliseconds
Latest operation start time: 12:03:15 cst Wed Feb 21 2018
Latest operation return code: OK
Over thresholds occurred: FALSE
RTT Values:
        Number Of RTT: 20               RTT Min/Avg/Max: 9/11/17 milliseconds
Latency one-way time:
        Number of Latency one-way Samples: 0
        Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds
        Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds
        Source to Destination Latency one way Sum/Sum2: 0/0
        Destination to Source Latency one way Sum/Sum2: 0/0
Jitter Time:
        Number of SD Jitter Samples: 19
        Number of DS Jitter Samples: 19
        Source to Destination Jitter Min/Avg/Max: 0/2/8 milliseconds
        Destination to Source Jitter Min/Avg/Max: 0/1/1 milliseconds
        Source to destination positive jitter Min/Avg/Max: 1/3/8 milliseconds
        Source to destination positive jitter Number/Sum/Sum2: 5/19/119
        Source to destination negative jitter Min/Avg/Max: 

Open in new window

I am trying to add a host route as a test to my routing table in AWS to make it go over my DX connection. However for some reason I seem to not be able to get
the route to propagate as can be seen in the attached image. Traceroute fails to make it beyond even the first hop. What can cause this?
I am trying to setup a Cisco monitor session. The source ports are g1/4 which is the inside interface for my Cisco ASA. The destination port G7/41 is on vlan 254. This is what I have so far.

interface GigabitEthernet1/4
 description ASA5515X-Primary-Inside
 switchport access vlan 256
 switchport mode access
 spanning-tree portfast

interface GigabitEthernet7/41
 description FP Network Agent
 switchport access vlan 254
 switchport mode access

monitor session 1 source interface Gi1/4
monitor session 1 destination interface Gi7/41
monitor session 1 filter packet-type good rx

For testing purpose I have a user going to an outside ftp site and I have Wireshark on G7/41 which shows no ftp activity. I am also not seeing any http or https activity. So I know I am missing something. Any assistance will be greatly apperciated.
i have mikrotik 951 with capsman.
is wifi speed is slow it's about 3 to 4mb
the tx power is 17.
the client is 4....
the freq is 2442,
distanse: indoor
ht tx chain 0,1
ht rx chan 0,1
ht guard long
channel width 20
band  2 bgn
ext ec
rates : basic all
supported rate all,
security wp2psk aes
so where is the problem ?
How do I open a UDP port on a Cisco Router? I have checked my firewall and the rule is allowing traffic, I think the router is blocking it.

My current config is as follows:
Config Type Running
Downloaded 1/5/2018 12:01:06 PM
Modified never modified

001:  !

002:  ! No configuration change since last restart

003:  !

004:  version 12.2

005:  no service pad

006:  service tcp-keepalives-in

007:  service tcp-keepalives-out

008:  service timestamps debug uptime

009:  service timestamps log uptime

010:  service password-encryption

011:  !

012:  hostname BMCRT1A

013:  !

014:  boot-start-marker

015:  boot-end-marker

016:  !

017:  !

018:  logging buffered 10240

019:  no logging console

020:  enable secret 5 $1$mFes$1zoJpoV9IaR0oIZdg6acx/

021:  enable password 7 15250E00072526217A1A3B271C14

022:  !

023:  username leerx privilege 15 secret 5 $1$Y3g0$w3Ij1PdfU/f4Z/R2MyiGl1

024:  username alcodl privilege 15 secret 5 $1$TFf3$2ukvwNNI8xlB0TTRlOURj0

025:  username admin privilege 15 secret 5 $1$5dwD$p8GRyRnLAMP6WCMGU9fhd1

026:  no aaa new-model

027:  switch 1 provision ws-c3750x-12s

028:  system mtu routing 1500

029:  ip routing

030:  no ip gratuitous-arps

031:  !

032:  !

033:  !

034:  no ip domain-lookup

035:  ip multicast-routing distributed

036:  ip multicast…
We are about to install a pair of S4048-ON switches on our current environment. We are currently have 20 iBGP sessions via 20 xconnects with the other vendors in the same data center. I wanted to find out the best to migrate the existing bgp connections without causing any disruptions to the counter parties.

Thank you, Experts
Protect Your Employees from Wi-Fi Threats
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

I'm in the process of migrating to a new Aruba 2930F 28 port switch which will replace the current 3Com 4500 PWR core switch. There are a few lines in the config of the 3Com switch for which I cannot find the corresponding ArubaOS command. I am also unclear as to what these lines actually do. Any help would be appreciated. See below;

acl number 4999
 rule 0 deny dest 0000-0000-0000 ffff-ffff-ffff

From my research this has something to do with "telling" the switch that any device which has a mac address in this range is an IP phone but I cannot be sure about this.

packet-filter inbound link-group 4999 rule 0 - no idea what this means.... some sort of QoS?

So essentially my questions are...

1) What do the above lines mean aka what do they do?
2) What are the equivalent ArubaOS commands to implement the same config... assuming I have to do this on the Aruba switch at all... in case the above is a "default" setting for Aruba.

Thanks in Advance.

Here is the 3Com switch config in its entirety to give perspective...

 sysname CORE
 local-server nas-ip key 3com
 dhcp-server 0 ip  
 igmp-snooping enable
radius scheme system
domain system
acl number 4999
 rule 0 deny dest 0000-0000-0000 ffff-ffff-ffff
vlan 1
 igmp-snooping enable
vlan 2
interface Vlan-interface1
 ip address
interface Vlan-interface2
 ip address
Hai frnds,
i have cisco 4321 router , there are only 2 gi etharnet ports,can i convert wan port into Lan port ?
Dear Experts.

I have two HPE 1950 Series switches.
Both seitches are 12XGE + 4 SFP+.

I used 2 SFP+ ports on each to create an IRF between them which works great.

Here's my question, using the CLI rather than the Web Interface, is it possible to change the settings on several non-consecutive ports?

I know that there's the following command:
interface range Ten-Gigabitethernet 1/0/1 to Ten-Gigabitethernet 1/0/10

Open in new window

Which will then allow me to provide the same settings to all ports from XGE 1/0/1 to XGE 1/0/10.
but what if I wanted to put the same settings on 1/0/5 and 2/0/5 ?
is there a way to do so?
My sonicwall is dropping my connection from a second subnet. I understand why, as it is identifying this 96... ip address as a WAN on the LAN. However I just simply want to allow all traffic from that IP to get through. How would I go about configuring the sonicwall?

I tried disabling IP Spoof Checking from the diag.html page, but it refuses to save and only says "there were no changes made".

01/15/2018 12:07:25.640      Alert      Intrusion Prevention      IP spoof dropped      96.67.165.X, 49873, X1      209.63.225.X, 80, X1      


We are running an intranet in our we are thinking to provide the access of our intranet to the users even through their mobile..How can we do this... and is this possible?

Thanks in advance,
Srikanth Nandyala.
I have been trying to work with Sonicwall support on this issue and have made no progress.  We have been using the appliance in the past with split tunnel enabled but, due to security requirements, we can no longer allow split tunnel.  If we turn it off,  remote users can access internal resources we have configured, but cannot access anything on the Internet. It seems that we need to create a resource which is "anything" on the Internet but we don't know how to do that. We don't see any kind of wild card options.  We have not given our users access to "Any" resource.  We need to specifically define the resource they have access to.  We need an "Internet" resource and then we can give them access to that.  Is this possible.  Or, is there some other way to approach this?

Sonicwall support had us upgrade the firmware to 11.40-468 with the 708 hotfixes but that did not create an options for resolving this requirement.

Network Management





Network Management involves issues that are independent of specific hardware or software, including email policies, upgrade planning, backup scheduling and working with managed service providers for Desktop-As-A-Service (DaaS), Software-As-A-Service (SaaS) and the like through the use of tools, coupled with manufacturer standards, best practice guidelines, policies and procedures plus all other relevant documentation. Network management also includes monitoring, alerting and reporting, management reporting, planning for device or service updates, the backup of configurations, the setting of key performance indicators and measures (KPIs/KPMs), associated service level agreements and problem records as part of the IT Service Management (ITSM) framework.