We help IT Professionals succeed at work.

Network Operations





Network Operations includes asset management, help-desk supervision, security and user policies, infrastructure administration and anything else that affects the operation of your network. Discussions will include those of best practices in platforms, configurations, performance, security and accounting.

I am working with a simple ACL, denying traffic to a subnet, outside of DNS services. However I am unable to get it to work correctly unless I use IP instead of TCP or UDP

The DNS server is a simple BIND server

This does not work:

ip access-list extended "Guest Vlan Access"
     10 permit udp eq 53
     20 permit tcp eq 53
     30 deny ip log
     40 permit ip

This works but opens up more than I want:

ip access-list extended "Guest Vlan Access"
     11 permit ip
     30 deny ip log
     40 permit ip

We have multiple smaller type ISP providers in the city using microwave technologies.  Basically installing antennas on buildings and pointing to their HQ location.  Trying to figure which one to pick based on their building location, etc.

What's the max distance they can go without the hop/repeater?
Can you see the light directly from an HBA card that’s connected to a transceiver (looking through the transceiver back of the servers hba) or do you need a FC cable-connected to be able to see the light on the end of the cable?
if we're taking backups daily ie every 24 hours (timings
of the backups (the backups can end between 1am to
4am, depending on how much is there to backup),
what's the RPO (Recovery Point Objective) we can
commit to?  24hrs or 30 hrs or it's 48hrs?

In the current risk management doc, it's indicated
 as 48 hrs but since I joined not long ago, checking
if this is correct?
What "Network discovery .... software" do you recommend that will do something like https://www.solarwinds.com/engineers-toolset ?

 1. Users =50
 2. VLAN = 1
 3. OS = Windows 10 Pro
 4. Switches = HP, willing to purchase NEWER models since mine are OLD
 5. Cost = under $500 if possible, but OK if more
Dear experts, is there any way to do a speedtest and send the result via email each few hours? In business hours, sometimes we suffer very slow Internet speed.
Dear Experts

I am looking for the best practice network design to connect 03 offices which is 3 different locations with secured links with redundant links. Below explained
Data center where business applications are hosted in the location 1 here the business applications which are web-based applications, windows AD for authentication, file server, email server are maintained, cisco 1010 FTD and Cisco FMC is in place and two ISP’s.
Location 2 which is far of distance is going to be connected to location 1 data center with MPLS VPN link and for redundancy broad band link planning for SD WAN solution. Finalized and implementation is in progress.
Now that all the employees who were so far working in location 1 that is at data center location to be shifted to the location 3 which is of little distance from location 1.  However, we are not shifting data center and our employess are of 20 users who is going to work from location 3 and they have to login for authentication to location 1 where the windows AD and file server for their document store and business application they use CRM.
1.      Please suggest the best network design to connect location 3 to location 1, should I have to plan for MPLS VPN as one link and secondary link as leased line and use SD WAN solution here or any other best practice please.
2.      How much bandwidth would be needed between location 3 to location 1 for web-based and store documents in the folder
3.  as we have 20 users is it required to setup …
I have  cisco switch, a 3850 and created a port channel for 3 ports.  Each port is a 10G port.  On the other side, I'm using a synology with 4 (1G) ports. I did a LACP on that side as well and bonded 3 of the ports.  It shows the link at 3000 Mbps.

On the cisco switch, the port channel shows a speed of a-1000

Not sure why it's only connecting at 1000, but when I did a speed ?, it only gives me the options of 10, 100,1000, auto and nonegotiate.  I tried auto and it puts it back to a-1000.  I tried nonegotiate and it didn't take that command.  So how do I get the port channel to run at 10G, so it can at least transfer at 3G?

We have 2 x Aruba 8320s (Core Switches) We also have 11 x Aruba 2540 edge switches

Each switch has 2 x 10Gbe SFP modules which connect to the cores via fibre in a LAG.

The switches are split up in 5 separate racks across our building. We also have 1 x Meraki switch in each of the cabinets capable of have 10Gbe SFP modules.

My question is what is the best way to get the Meraki switches to communicate with our Cores? We want to utilise them.

1. Direct connection to the Cores (like the Aruba's)
2. Setup a trunk 10Gbe between the edge switches and Aruba's
3. Any other way?

Could you please advise?

Dear Experts,

I need your assistance regarding 40net/40gate firewalls, i need to know a list of CLI commands that are commonly used for daily operations to troubleshoot end users issues.

Thanks for your attention to this question.
Hello Experts,

I have ASA firewalls and when I putty to them I get this message, I like to use SSH Version 2 and want to know how to configure that on the ASA with out disturbing the production environment.
Dear All,

- Have two Access Points configured in Client mode with following Static IP addresses :
1) /
2) /

The  Above Two clients should be connected to Access Point

- on the other hand Computer will connect to the same Access Point in order to download data and access the two Clients

Need to know Network Configuration (IP /Mask / Gateway) for Laptop & Access Point in order to access clients by laptop ?

Thank You
Hi Experts,

what is difference b/w source-nat and destination-nat? i believe source nat is just hiding your internal IP behind the public IP address, and destination NAt we use in mainframe system or headless devices that do not have a default gateway. this concept driving me bananas. i really appreciate your clear answer.
We have a SonicWall 2650 with Content Filtering enabled to restrict website activity for those on the physical network and those on VPN. We are having problems with folks using their company devices to go to non-authorized sites when they are not on VPN or on the physical network. They are using a company-issued wireless device or their home ISP to gain internet access. It would be great if we can somehow force all of their traffic to go to our SonicWall for filtering without having to create a VPN connection (tends to slow things down on these machines).  Perhaps a proxy server (but only for external users since our internal users are already protected by the SonicWall?  Would it be best to install a third party product to block site access (would have to work on all possible browsers)? Maybe something else? Looking forward to your suggestions.
Hi, I ran this wireshark network protocol analyzer with no programs open, including no background programs. I ran it for three minutes. I have the report in csv and in pcapng format.(I've changed the latter to a .txt extension to upload).

Can someone let me know if there's any odd network activity going on? Thanks. If you need more information, let me know, this is way over my head.
The Cisco 2960x includes a management port. Reading the Cisco literature states this port should be on its own network that can be accessed remotely. The port is it's own vlan. That separate network accessed remotely would require another Internet connection and some sort of vpn to securely assess the management network. How practical is it to set up another Internet connection and a means to access the Cisco management ports?
Our organization has deployed couples of Cisco 2960x switches stacked with Flexstack plus. Whenever our end users and application team experiencing slowness on the application, they always blame the root cause is related to Cisco switches network devices. Our question is what command can we use on the switches which can provide evidence/reports to prove that the bottleneck or the root cause of the slowness is not related to the Cisco network switches (e.g. CPU, interface utilization, errors etc.) ? Not sure if there is any guideline from Cisco as far as network switches performance is concerned?

Thank you for your kind advice in advance.

I am looking for  software solutions  that will allow me to Visualize Network Traffic .
The aim is to quickly pick up on network isssues .

What do you guys recommend?
Hello Experts,

I am at a customer site and I see that they have fiber connectivity  from distribution switch to access switches. When I look at the configuration I do not see any UDLD protocol applied.

My question is can I apply the UDLD protocol on the distribution switch and access switch globally and will that affect the uplinks. I am hoping to not have any distruption on the network.

Please assist
Does anyone know what RADB routes are?  We are requesting a LAN public IP from the Internet carrier that was promised.  Now they give us run around saying the route set belongs to RADB and they cannot update RADB route sets.  If the customer wants their prefix [] to be routed via BGP, they would need to contact RADB to have them update their route set.  
We do not need a BGP.  Just requesting a public LAN IP address.

Does anyone know what does prefix belongs to radb mean?  I'm running the Whois and looks like the prefix belongs to my internet carrier.  Not to radb some sort.
Does the carrier give me a BS runaround on this?  It feels like it :)

When adding an IP to an outside interface on a Cisco ASA,  what IP information do i need from my ISP

I believe its just an public IP address and subnet mask? Do I need a gateway address?
My contractor ran fiber cables between floors.  Today I noticed there's an interesting transition connection from thicker cable to the thinner one.  Taped over with while electrical tape.
I didn't have that fiber patch panel.  They install it all.  Taped like that on both end of terminations.

  Does anyone know if this is how its done normally and should I worry about it?  Thanks.
HI Experts.

I have this policy map on most of the switches at my organization.  

      set dscp ef
      police 128000 8000 exceed-action policed-dscp-transmit
      set dscp cs3
      police 32000 8000 exceed-action policed-dscp-transmit
      set dscp default
      police 10000000 8000 exceed-action policed-dscp-transmit

We are now replacing the existing phones with a new cloud base phone system and they sent me these requirement for QOS and the vendor gave me this policy to use on the switches

policy-map PM-ASW-IB-User
class CM-ASW-IB-RC-Voice-RTP
set ip dscp ef
police 512000 16000 exceed-action drop
class CM-ASW-IB-RC-Video-RTP
set ip dscp af41
police 768000 8000 exceed-action policed-dscp-transmit
class CM-ASW-IB-RC-GeneralSIP
set ip dscp af31
police 32000 8000 exceed-action policed-dscp-transmit
class CM-ASW-IB-RC-Meetings-Control
set ip dscp af31
police 32000 8000 exceed-action policed-dscp-transmit
class CM-ASW-IB-RC-Other
set ip dscp af21
class CM-ASW-IB-Cust-AF13
set ip dscp af13
class CM-ASW-IB-Cust-AF12
set ip dscp af12
class CM-ASW-IB-Cust-AF11
set ip dscp af11
class class-default
set ip dscp default

Apply on the ports :

interface range Gi1/0/9-20
! no mls qos trust device cisco-phone
! no auto qos voip cisco-phone
! no mls qos trust cos
! mls qos trust dscp
! priority-queue out
! …
Hello Experts,

I am at a client site and he has a bluecoat packetshaper s200, the client has ordered a replacement hard disk and it has arrived, I would like to replace the hard drive on this device. I am hoping someone can guide me through the process,

I know that I have to open the box and remove the old drive and put the new drive. I need help in backing up the configuration file and IOS, One more thing I like to know is to determine which drive needs a replacement, I do have access to the gui but need the right steps to do that.

We use Cisco StealthWatch and are disturbed at some of the activity we're seeing.

What's the best technique to research large downloads/uploads from a particular IP address, such as: transferring 3 gigs?

Per https://myip.ms/info/whois/ , I see this is registered to Microsoft so I don't think it's malicious.

The only IP's I've been able to figure out so are:
Windows Update:

Is there good site that knows what IPs microsoft uses and for what purpose?


Network Operations





Network Operations includes asset management, help-desk supervision, security and user policies, infrastructure administration and anything else that affects the operation of your network. Discussions will include those of best practices in platforms, configurations, performance, security and accounting.