Improve company productivity with a Business Account.Sign Up

x

Network Operations

9K

Solutions

11K

Contributors

Network Operations includes asset management, help-desk supervision, security and user policies, infrastructure administration and anything else that affects the operation of your network. Discussions will include those of best practices in platforms, configurations, performance, security and accounting.

Share tech news, updates, or what's on your mind.

Sign up to Post

I am employed in one ISP,  I am trying to do redudant link between my pop Cisco switch to my customer end MIKROTEK Router but it cause loop of the network,  any body have solution to do work proper RSTP between MIKROTEK & CISCO switch???
0
Worried about phishing attacks?
LVL 1
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

I have these SFP mini-GBIC modules for LX/LH1 Part# GLC-LH-SMD
Would these work for 10Gb ISP fibre handoff?
0
I'm setting up a set of SG300 switches to support an added VLAN and to support  LAGs.
The LAGs should trunk the VLANs.
A simple case would be like this
Upstream (3-port) LAG Trunked <> Switch <> All of the other ports Trunked.

This is what I see::THis looks OKYet, when I've tried to set this up, the Port VLAN Membership shows like this:VLAN 100 is Tagged in LAG1 - seems rightAnd, it appears that the VLAN 100 is tagged on LAG1
But, the ports belonging to the LAG (16,17,18) are sowing Excluded in Port to VLAN hereIs this normal?Is this last one normal?
0
Just bought a new Windows 10 laptop and need to install some VPN client software on it so that I can connect to my clients' networks. I have the products installed on my old laptop but don't have any installation media for them. I'm also not able to download the clients from the web or what I have downloaded isn't installing correctly. The products that I need are as follows:

Cisco AnyConnect Secure Mobility Client (version 4.5.04029)
NetExtender Windows Client (MSI) ... version 7.0.196

Does anyone know where I might get these? I can probably get them from my clients who will host these connections but it would be much easier to just download them from somewhere.
0
I upgraded our SonicWall at the beginning of the year and have some confusion regarding SonicOS's  CFS.  The device is running SonicOS Enhanced 6.5.0.2-8n.

(1) Is there a way to get a log of *ALL* CFS entries?  When I look under:

Log Settings > Base Setup > Security Services > Content Filter

It shows:

CFS Alert = 1461
Website Accessed = 16
Website Blocked = 14

However, I can't figure out how to get to that log.

(2) Is there a way for me to be emailed anytime someone gets the "blocked" screen with the details shown on the block screen they see?

TIA.
0
We have 3 wan connections going into a bonder - Bell (200mbps) Rogers (200mbps) and Shaw (150mbps) and then from the bonder into X1 interface of the sonicwal (NSA 3500). From the bonder direct out we are getting about 320mbps (which is not great and we are working with Rogers & Shaw to improve their connections) but from the clients we are only getting a max of 95mbps up and down no matter how many tests we run. I have tried this on the X1 and X2 interface as well as change to the secondary HA unit and I get the same results.

I also plugged in my laptop directly to the Bell connection and was getting about 180 up and down. Plugged into the sonicwall X2 interface and changed my client to use that route and again I was getting a best of 95mbps.

Seems like this problem points to the sonicwall

I have a case open with them but wanted to try and resolve this sooner than later so any help/insight you have would be appreciated!
0
am new to ccna ..i had small scenario attached and config mentioned below

Switch#show running-config
Building configuration...

Current configuration : 1565 bytes
!
version 12.2(37)SE1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
!
ip routing
!
!
!
spanning-tree mode pvst
!
!
!
interface FastEthernet0/1
 no switchport
 ip address 192.168.1.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/2
 switchport access vlan 10
 switchport mode access
 switchport nonegotiate
!
interface FastEthernet0/3
 switchport access vlan 20
 switchport mode access
 switchport nonegotiate
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 …
0
Normally VPN DHCP scope is always setup on DHCP server or device.  At this place I see the scope is completely separate on corporate AD DHCP.
Is there a benefit to have the VPN DHCP scope outside of the DHCP device.

For now I configured it right on OpenVPN server unless i hear otherwise fro myou guys.  Thanks!
0
Hi,

 

I have got one LAN behind NAT and two ISP connections. I want to route five prefixes through the First-ISP and the rest traffic through the Second-ISP. I tried configuring route-maps but still unsuccessful. Please view the config below. Help would be appreciated.

 

interface GigabitEthernet0/0

no ip address

ip flow ingress

duplex auto

speed auto

no cdp enable

no mop enabled

!

interface GigabitEthernet0/0.10

description LAN

encapsulation dot1Q 10

ip address 192.168.0.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat enable

ip virtual-reassembly in

ip verify unicast reverse-path

no cdp enable

ip policy route-map 1

!

interface GigabitEthernet0/1

description First-ISP

ip address 1.1.1.2 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat enable

ip virtual-reassembly in

ip verify unicast reverse-path

duplex auto

speed auto

no lldp transmit

no lldp receive

no cdp enable

no mop enabled

!

interface GigabitEthernet0/2

description Second-ISP

ip address 9.9.9.2 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat enable

ip virtual-reassembly in

ip verify unicast reverse-path

duplex auto

speed auto

no lldp transmit

no lldp receive

no cdp enable

no mop enabled

!

ip forward-protocol nd

!

no …
0
Maybe a bit of a phylosophical question. Is there a benefit to have a miltiple scopes in DHCP?  This place has at least 8-9 scopes.
voip, corp, eng, no-eng, prod,eng-wifi,no-engwifi, guest-wifi, etc, etc,
I never setup that many multiple scopes. Always thought if you do then you doing broadcast thru multiple VLAN and killing the purpose of having a VLAN.

Thoughts?
0
Prepare for an Exciting Career in Cybersecurity
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Software-defined infrastructure is the buzz these days gaining a lot of importance. With software-defined infrastructure companies can be more agile and proficient. Nonetheless, a complete re-engineering of IT procedures is required to gain agility and efficiency.


The adoption of software-defined data centres is also increasing as it offers rapid delivery of services and cloud-like services to organisations. Another objective of organisations is to save money which can be achieved by delivering IT services in a restructured and coordinated method. Components and services of infrastructure are fully automated, triggered by business policies, amalgamated and centrally managed for performance.


A software-defined data centre can trace demand and responds automatically within no time by scaling up suitable resources. Software-defined solutions for considerations associated with computers; networking and storage predict results like 55% Opex savings and 75% Capex savings. Software-defined data centre’s technology help in eliminating traditional data centre silos and has a concrete server virtualisation infrastructure which has matured and improved in several medium and large companies.

 

Nothing can be achieved if anything simply has been deployed. Some of the other support is required to gain full fledge results. Similarly, Software-defined Data centres require some robust re-engineering of IT processes to achieve cost savings, business agility and productivity gains. Let’s have a look at five strategies which will help in reaping benefits of successful deployment of software-defined data centres.

Initiate Small

One of the biggest hurdles in deploying software-defined data centres is lethargy. Many people have a wrong assumption that organisations should transform complete data operations simultaneously. This is not at all necessary.

Rather, begin software-defined data centres with one, a small project which is related to low profile activity or service addressing one aspect of software-defined data centre environment that is computed, storage and networking.

Shifting storage capability which is inclusive of a database service is a seamless project to start with. To move VM’s vigorously without causing any disruptions can be achieved by using certain technology like VMware Live Migration. With this, the organisation can absorb Software-defined data centres and reap measurable benefits.

On the other hand, targeting e-commerce websites for the first experiment into a software-defined data centre can be risky. Multiple application services is a must for such projects like shipping, inventory, order management etc. and therefore there should be solutions which enables seamless working of computes, networking and software-defined cloud storage.

If any delay or failure is detected in new infrastructure which has high chances when something new is being implemented then this result is quite noticeable to senior management. Such top management people don’t like systems to go down especially those which are revenue generating. Initiating with something small, a non-mission critical project will enable decision makers in the IT to learn rapidly and can help in refining the processes for the subsequent project and can easily build a software-defined data centre expertise without any risk.

Necessary Skills

While deploying a software-defined data centre, the IT team should possess resources that are capable enough to understand systems orchestration and automation. Such skills are found in individuals who have worked closely with business, with some external service providers or ones who have experienced cross-departmental roles.

It is very important that software-defined data centre technologies are extremely vendor specific. If you are choosing Cisco solution, then you will be in need of people who have expertise in Cisco networking. It will be very easy and less risky if you have skills in-house as per your chosen platform rather than having another set of resources or retrofitting people to unfamiliar technology. Even if you have an excellent team with high capabilities and skills, software-defined data centres require spending money on training and development, support etc.

Evaluation of Vendor Contracts and Legacy Technologies

An intelligent IT leader will never replace vendor relationships and all systems just to deploy software-defined data centre capabilities. IT should consider business priorities for vendors which are based on purchasing power and long-term contracts and then accordingly align software-defined data centres purchases. Evaluation of hardware’s end of life status is also very necessary. If an organisation wishes to deploy Cisco software-defined data centre although has networking infrastructure of HP which is just two years old, choosing HP makes better sense.

Reconsideration of the IT Enterprise

Silos are already on the verge of a software-defined data centre. In this world of technology, it is very difficult to run IT with separate groups of networking, storage, applications and server. For a software-defined data centre, the technology barrier is maintaining silos. With a software-defined data centre, data must run spontaneously and a high level of coordination is required. Software-defined data centres offer more significant information from all the constituents which are then distributed across IT for better management and decision making.

With time roles also change. If a software-defined compute product is deployed like VMware, it will affect the network or storage group. Such organisations will have to deliver virtualised infrastructure based services as well as on standards which are optimised for a software-defined data centre. Moreover, it is important to initiate change and collaborate in new ways.

Deploy Metrics for Business

Monitoring performance as a task is done in manual and automated ways since years. However, then also such metrics don’t give much value to the business. Don’t use a lot of metrics. Overloading of metrics will cause a lot of confusion and no concrete conclusion can be derived. Select some few metrics which will help in deriving clear and measurable conclusions which will define success for the new infrastructure so deployed.

Metrics sometimes vary from project to project. Metrics should be chosen that have the ability to demonstrate how much more efficient, effective one can be in assisting users in new software-defined data centre oriented location. Common metric are the speed of deployment, agility, the capability to shift storage possessions with zero downtime, ease of use, user satisfaction, and total costs incurred.

Many conversations and debates have occurred whether the software-defined data centre is a methodology or technology. Truly speaking, it is a combination of both. A new alignment for delivering and managing IT is a prerequisite for software-defined data centre which is based on collaboration, business prioritisation and speed.



0
Installed a new SonicWall SOHO wireless router and the other computers at home cannot be viewed over the network.

How do I change this?
0
We currently have a Sonicwall NSA 2600.  We also have a Small Business Server 2011 running Exchange 2010.  The Sonicwall has NAT and firewall configured to pass the mail to the server.  That is working fine.

I have activated a 30 day trial of Sonicwall's Anti-Spam Service.  During the initial configuration I received the following pop up error: "Mail Server Auto-Detect Failed.  The system detects there are one or more NAT and/or Rule policies that use a service group of a service port range that includes SMTP and non-SMTPservice ports.  The system could not enable the Anti-Spam service using the current configuration.

The user guide for enabling Anti-Spam lists a step where you identify the mail server.  I am assuming I need to delete the current NAT and Firewall rules forwarding mail to the server and let the Anti-Spam setup configure them again.  Am I correct?

Any help is appreciated.
0
home network devices not finding new SonicWall SOHO Wireless.  It also is not being detected on my phone.
0
I am using Quickbooks Enterprise in multi mode on my network. The Database manager and files are all stored on a local server. When I am on my LAN everything works great. I am trying to use my Sonicwall/ Netextender vpn connection into my LAN. I connect fine and open files and folders on the server no issue. I launch Quickbooks, select the company to open and sign in with username and password. Thats when Quickbooks locks up and stops responding. Anyone have any ideas on this one? The only thing I cant get to work on the vpn is Quickbooks.
0
We have a internal zone server holding financial data.

Users would like to load ACL (Audit Command Language) into it to analyse the data but ACL
requires periodic (think can be daily) connection to Internet (& possibly incoming ports but
I'm not certain about incoming) for license validation.

Q1:
For a server that goes out to Internet, shouldn't it be placed in DMZ rather than internal zone?

Q2:
Or it does not matter for outgoing;  it's more for incoming connections (eg: web server) that
needs to be placed in DMZ?

Q3:
If we don't move the server to DMZ, what are the mitigations we can consider?
Let this server connect to a proxy to go out to Internet?
Use firewall to permit it to a specific destination IP for license validation only?
If the ACL component can't go by proxy, but it requires a non Tcp80/non Tcp443,
is this considered safe to permit (without going thru proxy)?

Q4:
If an internal zone server (Prod) goes out via proxy on Tcp80/443, isn't this
akin to a sysadmin being allowed to browse Internet from an internal server
which is risky?
0
How do I setup a Sonicwall TZ300 to allow me to telnet into a server on the local lan behind the sonicwall?
0
difference between the single layer switches and multi layer switches?
0
Hi,

I'm trying to add an Aruba POE Switch to a network which includes an Extreme 8810 Black Diamond switch chassis.

Can anyone assist please
0
Get your problem seen by more experts
LVL 12
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Can I use this chart to calculate as a current bandwidth utilization in the office?    I want to look at what bandwidth utilization I have now and estimate it's max growth based on new headcount / office expansion.

This is from the palo alto firewall in network monitor option.  The only thing its in bytes.  So if shows 1,200,000M bytes.  Not sure how to translate into Gigabit.
 Network monitor in Palo fw
Please advice.
0
Last week, Github was hit with the largest DDOS ever recorded:
https://githubengineering.com/ddos-incident-report/

Akamai Prolexic is who they use for DDOS mitigation and they apparently handled it in stride:
https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html
0
Hi Experts,
I want support in configuring a new Cisco 1921 K9 Router. I bought this router two days back to replace linksys router which was provided by the ISP. I have to replace Linksys Router because we have upgraded Internet to 300 Mbps from 100 Mbps. I have setup this router in a test lab with basic settings with one Port with private IP and the WAN Port with DHCP (In Production WAN Connection is PPoE) and configured the NAT also. But it is not working. Below is the running config of the router.

Building configuration...

Current configuration : 5346 bytes
!
! Last configuration change at 04:39:58 UTC Sat Mar 3 2018 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ABCD
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
!
!
!
ip domain name abcd.com
ip name-server 8.8.8.8
ip name-server 4.2.2.2
no ipv6 cef
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-550796933
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-550796933
 revocation-check none
 rsakeypair TP-self-signed-550796933
!
!
crypto pki certificate chain TP-self-signed-550796933
 certificate self-signed 01
  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    480B33AF F9916BED 3DF321D7 9CD387D3 114D14A4 97DAF759 …
0
Increase/Decrease MTU

I would like to know when should we  manually increase or decrease MTU.
I  have seen some examples when there is an extra header for instance when using PPoE , they decrease the MTU.

Any clarification will be very much appreciated

Thank you
0
VPN site-to-site considerations.  Remote office users need to access two different data centers and the Main office.  So at least three different IP addresses.  In addition they also need to access their own machine back in the remote office when working from home.  There are two remote offices (15-20 users each)  and the one Main HQ office.  

Would it be better to design with one single VPN Concentrator hub or build individual tunnels from every office to every data center and remote location?  I'm leaning towards the 'one hub' VPN Concetrator with different profiles directing to remote offices.  
I need to hear pros, cons, drawbacks for each.  Thanks guys!!
0
I have been doing some research into setting up redundant ISPs on the PANs (Palo Alto firewalls), and it seems that if we don't want to run BGP for that site, the best alternative seems to be PBF.  Am I on the right track with that?  Are there other alternatives?
0

Network Operations

9K

Solutions

11K

Contributors

Network Operations includes asset management, help-desk supervision, security and user policies, infrastructure administration and anything else that affects the operation of your network. Discussions will include those of best practices in platforms, configurations, performance, security and accounting.