[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Network Operations

9K

Solutions

11K

Contributors

Network Operations includes asset management, help-desk supervision, security and user policies, infrastructure administration and anything else that affects the operation of your network. Discussions will include those of best practices in platforms, configurations, performance, security and accounting.

Share tech news, updates, or what's on your mind.

Sign up to Post

Wonder your folks opinion.  How do you approach this questions from executives.  
 "what do you think is better 74Mb DSL or 60Mb cable?"  :)
0
Build an E-Commerce Site with Angular 5
LVL 12
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

We have some older model Siemens PLCs that I'm told have an IP address, but no gateway. Can anyone confirm if they have seen something like that?

Second and more important is my part in this challenge: If it is possible that a device has no gateway, how to get it to talk/route to a different subnet?

Edit: I see some Siemens documentation that talks about using subnets and supernets to get around the issue. So if it helps, my destination subnet is 10.1.179.0/24 and my PLC is 10.107.151.10.
0
What's the best way to setup Cisco 3850 switches by copying configs over the new one. 2 identicals are already in place.  
The additional will server same functions as access switches.
0
I have a brand new Cisco 9300 access layer switch that is trunked to a Dell Force 10 core switch.  The core switch is a VTP Server for several VLANs.  While the 9300 ports were configured for hosts, it was NOT a VTP client yet so it had no knowledge of our current VLAN structure.  To give an example, I had a port configured "switchport access vlan 14."  Once the server was brought online as an active access layer switch, it was configured as a VTP Client in our custom VTP domain.  However, any device on vlan 14 cannot communicate past the 9300 switch even though the port channel tagged on the Force 10.  In fact, I am simply re-using the port channel configured on the core switch to connect the trunk ports to the new 9300 switch. If I do a "show vlan" on the 9300 it shows my vlan 14 with the proper name as it is configured on the VTP server.

My question is, if a port was configured to exist on a particular VLAN before the switch was a VTP client, are there two conflicting VTP entries in the vtp.dat database on my 9300, one local and one obtained from the VTP server? It doesn't seem like this could be happening since "show vlan" looks identical to a different access layer switch that is a vtp client in the same environment.
0
Hi,

I’m hoping to get some ideas on this one. I’m having some intermittent latency and sometimes dropouts on the network, which consists of mostly Cisco SX300 switches.

When the latency or dropout happens, the CPU utilisation of the core SG300 Switch would be over 40%. I have been told the issue is caused by spanning tree and turning global spanning tree off on the core switch does help, however, I think it is not the spanning tree or it is more that just the spanning tree.

What other things could I look into in finding the cause?

Any help appreciated!

Jonathan
1
With Solar Winds NPM v12.1 I want to get an alert via email if the following snmp
trap is received:

snmpTrapOID = PAN-TRAPS:p​anROUTINGR​outedBGPPe​erEnterEst​ablishedTr​ap

I don't see a specific direct means in Orion for creating an alert from a trap. But
perhaps this could be done with a custom SQL query? Any insight appreciated.
0
I'm drafting an SOP doc & need to spell out the specific roles/duties of
Firewall admins vs IT Security (governance) :

I'm not sure if RBAC (Role Based Access Control) comes into play here
but my view is:

a) all Firewall rules requests as well as proxy requests (say to whitelist
    a URL or permit certain file types to be saved/downloaded) are to
    be reviewed & approved by the IT Security governance as well as
    requestor's managers  while Firewall admins implement them:
    is this what's generally practised?

b) reviews of Firewall logs/events are jointly done by a network admin
     or lead or manager who is not an implementer of firewall rules &
     counter-reviewed by IT Security gov : certainly we hope to automate
     this by SIEM with UEBA but Audit still requires such events/logs reviews
     to be signed off by 2 parties

c) What about firewall rules review : which parties should review them?
    Certainly not firewall admins as they're the creator of the rules so
     they'll just sign off as "No issue" : it's a conflict of interest.  We had
     run into case where a critical & sensitive Prod server was permitted
     for access to entire organization.  Tools like Tuffin only review for
     "dormant" rules but not such rules created for "testing" but forgot
     to be removed.   Any tools could help with such detection?
0
I have problem PXE boot from Microsoft surface 4 (UEFI) to connect to WDS server (Windows 2016). I have updated surface firmware and OS patches etc.. Getting below error

NBP filename is boot\x64\wdsmgfw.efi
NBP filename is 0 Bytes
PXE-E23: Client received TFTP eror from server

All other machines except MS surface are working fine. What step need to do resolve this issue.
0
What are some free proxies out there that could do blacklisting (& possibly greylisting)
as well as auto-block by know malicious sources (eg: get updates from SpamHaus,
AlienVault, bad Reputation sites & known sources of malwares).

Ideally the free proxies could also stop users from downloading executables or
a specified file types.  No plan to go for commercial ones like Bluecoat.
0
We would like to monitor when a server, switch, router, and firewall goes down. We have a remote site that's "unattended", however, we would like to keep an eye when a device mentioned before goes down?

Do you have a suggestion that we can consider? Thanks so much.

Regards,
0
Choose an Exciting Career in Cybersecurity
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Fortigate 200D in HA cluster

i have a problem (user "accidentaly started wizard" to change gateway)....

and fortinet stoped routing as expected, as it seems nothing has changed.
static routes are the same as before, route lookup hits the right route, traffic seems to hit the right policy.

Monitoring the traffic it says       "Accept: session timeout" for everything

i can ping port to internal network from CLI, i can ping something on Internet (WAN) from CLI

but nothing gets thru from external(WAN) to internal network (PORT1) or viceversa
0
Configuring NAT

in the LAB configuration below:
I have R1 and R2 in subnet 192.168.12.0/24 ----R3 in subnet 10.10.13.0/16  and R4 in subnet 10.10.24.0/16

I would like to have R3 be able to ping R4

The NAT configuration does not seem to work as it is supposed to.
Any Help ?

Thank you

n




R1#sh run 
Building configuration...

Current configuration : 2199 bytes
!
! Last configuration change at 02:39:42 CET Sun Sep 2 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!         
!
!
redundancy
!
!
! 
!
!
!
!
crypto isakmp policy 5
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key cisco@123 address 192.168.12.2   
!
!
crypto ipsec transform-set MY-SET esp-aes esp-md5-hmac 
 mode tunnel
!
!
!
crypto map IPSEC-SITE-TO-SITE-VPN 10 ipsec-isakmp 
 ! Incomplete
 set transform-set MY-SET 
 match address VPN-TRAFFIC
!
!
!
!
!
interface Ethernet0/0
 ip address 192.168.12.1 255.255.255.0
 crypto map IPSEC-SITE-TO-SITE-VPN
!
interface Ethernet0/1
 ip address 10.10.13.1 255.255.0.0
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown

Open in new window

0
ac
in the topology above , I have 2 routers with 2 loopbacks.
on R2 I configured an access list to permit only 192.168.12.0 which is the link between R1 and R2, for some reason I cannot ping loopback 1.1.1.1 of R1 which makes sense,  but I can ping from R1 to loopback of R2.  I thought both loopbacks cannot be ping because of the access list:

configuration below:

R1:
R1#sh run 
Building configuration...

Current configuration : 1792 bytes
!
! Last configuration change at 16:05:15 CET Sat Aug 18 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!         
!
!
redundancy
!
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0/0
 ip address 192.168.12.1 255.255.255.0
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Serial2/0
 no ip address

Open in new window

0
Is it Enough to configure DHCP Snooping without ARP Inspection

I would like to know if it is efficient to configure just DHCP Snooping and do not configure ARP Inspection.
 I thought DHCP snooping is enough to avoid having Rogue DHCP in the Network. So what  else that ARP Inspection adds to the DHCP Snooping ?

Thank you
0
Does anyone has experience with flashing your own fiber optics SFP?  I see some network engineers using this.  Flexoptix.  Instead of buying brand named optics from the manufacturer.  They make their own for fraction of the price.  

https://www.flexoptix.net/en/flexbox-series-configure-universal-transceivers.html?395=1357&co9424=

You need to buy a flexbox to code the optics. ~$2K/each.

I've never done this before and not sure what entails.  Is it the best player on the market?  Any risks or other issues doing it?  
Please advice.  Any info appreciated.  Thank you!
0
What are the best fiber cable manufacturers?  There're so many online and price varies and lot.
Looking for LC/LC SM and MPO MM cables.  
Please advice.  I normally buy on Amazon.
0
Hi all,

   I have a very annoying problem in which everything works like a dream, and one application is hanging almost certaintly die to lost file handles.

   The network is exemplary; certified Panduit, server 2012 R2, almost everything on the network is new and now I installed 7 new HP computer with Windows 10.

   What happens is that the application we have that runs on a flat-file database (Clarion) shared on local server is hanging up. For testing purposes on old Win 7 machines everything is working stable.

   I am pulling my hair on this one, and I don't know how to proceed.

   I tried max power management, disabling Green Ethernet, disabling AV program and Firewall, disabling all non ms services, etc. All the time the app behaves the same.

   Any ideas or diagnostic procedures are Welcome.
0
Have anyone used multi-mode to single mode fiber converters?  Are they reliable?  
I need to run 40G optics between the floors in the three building floors (floors 1,2,and3).  MM fiber is already in place.  To support 40G between these three floors we need single mode duplex LC fiber.  
Instead of doing new SM runs, can we install converters to achieve that?  Would that work reliably?
0
hi guys

I was hoping that you guys could help me with something. We have many stores across the UK. I am trying to do a revision of our network architecture. I have uploaded a very basic Visio diagram of what it looks like. Stores are connected via the MPLS to a datacentre which has our firewall and from which the internet breaks out. I have created Store A and this configuration is almost identical for all other stores. All stores have IP PDQ machines. The store network traffic goes from the PC's, Tills//PDQ's via the MPLS network to our datacentre and from there, it breaks out to the internet. PDQ's also failover to an analogue telephone line if there is an issue with the MPLS network.

We have additional internet lines at each store for other things such as footfall camera's and mobile devices which I have included on the right hand side. This is so that credit card information is going out of an entirely separate line in case of a breach. So of course, one issue we have is that if (this has not happened yet in the 4yrs I have been there) the internet side at the end of where the MPLS breaks out into the firewall and to the internet went down, then none of the 40 stores can transact properly. Well they can, but via the analogue phone lines which I think is just 20th century rather than 21st.

However, I am reviewing all of this and hoping that we can just reduce 2 to 3 internet lines into just one and introduce VLAN's and consolidate everything.

My questions …
0
PMI ACP® Project Management
LVL 12
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Need to recover passwerd for cisco switch 4507R-E without removing the configuration
0
I have created new 26 vlan in cisco switch. But when i checked spanning tree instance for those vlan i see spanning tree instance only for 4 vlan for rest of vlan i did not see any instance.

Below is the message#

INND-S-D-01-AUS#sh spanning-tree vlan 626

Spanning tree instance(s) for vlan 626 does not exist


Note: All vlan are up,At present no port assign to these Vlan.
0
Anyone knows Aruba controllers well?   They normally pass through the same VLAN on the main switch, or the management VLAN.
Wonder why Aruba not recommending doing a direct heartbeat between Active and Passive controllers.  Using 7030 controllers at this point.
Normally I do a direct heartbeat between Cisco controllers.  But Cisco has a dedicated HA port for this.  Arubas not.  7030 controllers have 8 fiber and 8 copper ports.
 Anyone knows about it and have an advice?
0
In the groups of apartment that I stay, there's  a free Wifi for the community
which I could access from my phone/laptop when I move around the vicinity.
However, a reading room right in the centre of this area, the Wifi signal is
often cut off (or intermittently at 1 bar).

Is there anything I can get/install so that I could get the signal in the reading
room (which is a 5m x 3.5m room with glazed glass panels in front, a thick
wooden door & concrete walls on the roof & other sides of walls)?  Even if
I open the wooden door, the Wifi signal strength did not improve.

Until I shift my chair & laptop & sit just 1m outside the wooden door, then
I get 3-4 bar signal.

I don't mind a USB dongle with a 4m USB extender cable (which could be
slipped under the door but do recommend specific eBay/Amazon links
to the items that could be shipped to Singapore.

Btw, I don't have access to the AP and I can't get the management/admin
of this community to boost the signal so this is not an option.
0
I have to develop a Runbook that provides operational procedures for obtaining security certs.  Can someone provide me with a template of a runbook or a website where I can find a template?  

Thanks
0
Hi,

I have a pfSense router at an office I manage.  I'm not very familiar with it but I've gone through the options on it and read up about it a bit.  I'm having a problem that I'm not sure how to resolve.  The ISP has notified the office that there has been malicious requests our IP address directed at other servers.  The information they sent shows that the "PORT HIT" was "x.x.x.x:49039->x.x.x.x:23".  I found a packet capture on the pfSense and set it to listen on the LAN interface and put 49039 in for the port number.  I started the packet capture but I don't see it reporting anything nor do I know where to find the log or output of the packet capture.  It looks like this pfSense router is from a July version in 2015 so it looks like the firmware needs to be updated.  This router looks very powerful and I'd like to learn more about it.  I'm used to using Sonicwalls routers mainly so this is a little different.  Oh, and here's a real strange thing that's going on there.  I called the ISP and told them that I wasn't sure where the IP address that is reporting the malicious activity is at.  The IP on the WAN side of the router ends in 69 and the reporting IP is 71.  They said that they were not able to see any devices ARPing to that IP address at that moment.

If I check the WAN IP on one of the networks in the office (there are 7 suites--so there are at least 8 VLANs), it ends in 71.  I've scanned all 8 of the computers on that reporting network but nothing came up …
0

Network Operations

9K

Solutions

11K

Contributors

Network Operations includes asset management, help-desk supervision, security and user policies, infrastructure administration and anything else that affects the operation of your network. Discussions will include those of best practices in platforms, configurations, performance, security and accounting.