[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Network Operations

9K

Solutions

11K

Contributors

Network Operations includes asset management, help-desk supervision, security and user policies, infrastructure administration and anything else that affects the operation of your network. Discussions will include those of best practices in platforms, configurations, performance, security and accounting.

Share tech news, updates, or what's on your mind.

Sign up to Post

am new to ccna ..i had small scenario attached and config mentioned below

Switch#show running-config
Building configuration...

Current configuration : 1565 bytes
!
version 12.2(37)SE1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
!
ip routing
!
!
!
spanning-tree mode pvst
!
!
!
interface FastEthernet0/1
 no switchport
 ip address 192.168.1.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/2
 switchport access vlan 10
 switchport mode access
 switchport nonegotiate
!
interface FastEthernet0/3
 switchport access vlan 20
 switchport mode access
 switchport nonegotiate
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 …
0
Normally VPN DHCP scope is always setup on DHCP server or device.  At this place I see the scope is completely separate on corporate AD DHCP.
Is there a benefit to have the VPN DHCP scope outside of the DHCP device.

For now I configured it right on OpenVPN server unless i hear otherwise fro myou guys.  Thanks!
0
Hi,

 

I have got one LAN behind NAT and two ISP connections. I want to route five prefixes through the First-ISP and the rest traffic through the Second-ISP. I tried configuring route-maps but still unsuccessful. Please view the config below. Help would be appreciated.

 

interface GigabitEthernet0/0

no ip address

ip flow ingress

duplex auto

speed auto

no cdp enable

no mop enabled

!

interface GigabitEthernet0/0.10

description LAN

encapsulation dot1Q 10

ip address 192.168.0.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat enable

ip virtual-reassembly in

ip verify unicast reverse-path

no cdp enable

ip policy route-map 1

!

interface GigabitEthernet0/1

description First-ISP

ip address 1.1.1.2 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat enable

ip virtual-reassembly in

ip verify unicast reverse-path

duplex auto

speed auto

no lldp transmit

no lldp receive

no cdp enable

no mop enabled

!

interface GigabitEthernet0/2

description Second-ISP

ip address 9.9.9.2 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat enable

ip virtual-reassembly in

ip verify unicast reverse-path

duplex auto

speed auto

no lldp transmit

no lldp receive

no cdp enable

no mop enabled

!

ip forward-protocol nd

!

no …
0
Maybe a bit of a phylosophical question. Is there a benefit to have a miltiple scopes in DHCP?  This place has at least 8-9 scopes.
voip, corp, eng, no-eng, prod,eng-wifi,no-engwifi, guest-wifi, etc, etc,
I never setup that many multiple scopes. Always thought if you do then you doing broadcast thru multiple VLAN and killing the purpose of having a VLAN.

Thoughts?
0

Software-defined infrastructure is the buzz these days gaining a lot of importance. With software-defined infrastructure companies can be more agile and proficient. Nonetheless, a complete re-engineering of IT procedures is required to gain agility and efficiency.


The adoption of software-defined data centres is also increasing as it offers rapid delivery of services and cloud-like services to organisations. Another objective of organisations is to save money which can be achieved by delivering IT services in a restructured and coordinated method. Components and services of infrastructure are fully automated, triggered by business policies, amalgamated and centrally managed for performance.


A software-defined data centre can trace demand and responds automatically within no time by scaling up suitable resources. Software-defined solutions for considerations associated with computers; networking and storage predict results like 55% Opex savings and 75% Capex savings. Software-defined data centre’s technology help in eliminating traditional data centre silos and has a concrete server virtualisation infrastructure which has matured and improved in several medium and large companies.

 

Nothing can be achieved if anything simply has been deployed. Some of the other support is required to gain full fledge results. Similarly, Software-defined Data centres require some robust re-engineering of IT processes to achieve cost savings, business agility and productivity gains. Let’s have a look at five strategies which will help in reaping benefits of successful deployment of software-defined data centres.

Initiate Small

One of the biggest hurdles in deploying software-defined data centres is lethargy. Many people have a wrong assumption that organisations should transform complete data operations simultaneously. This is not at all necessary.

Rather, begin software-defined data centres with one, a small project which is related to low profile activity or service addressing one aspect of software-defined data centre environment that is computed, storage and networking.

Shifting storage capability which is inclusive of a database service is a seamless project to start with. To move VM’s vigorously without causing any disruptions can be achieved by using certain technology like VMware Live Migration. With this, the organisation can absorb Software-defined data centres and reap measurable benefits.

On the other hand, targeting e-commerce websites for the first experiment into a software-defined data centre can be risky. Multiple application services is a must for such projects like shipping, inventory, order management etc. and therefore there should be solutions which enables seamless working of computes, networking and software-defined cloud storage.

If any delay or failure is detected in new infrastructure which has high chances when something new is being implemented then this result is quite noticeable to senior management. Such top management people don’t like systems to go down especially those which are revenue generating. Initiating with something small, a non-mission critical project will enable decision makers in the IT to learn rapidly and can help in refining the processes for the subsequent project and can easily build a software-defined data centre expertise without any risk.

Necessary Skills

While deploying a software-defined data centre, the IT team should possess resources that are capable enough to understand systems orchestration and automation. Such skills are found in individuals who have worked closely with business, with some external service providers or ones who have experienced cross-departmental roles.

It is very important that software-defined data centre technologies are extremely vendor specific. If you are choosing Cisco solution, then you will be in need of people who have expertise in Cisco networking. It will be very easy and less risky if you have skills in-house as per your chosen platform rather than having another set of resources or retrofitting people to unfamiliar technology. Even if you have an excellent team with high capabilities and skills, software-defined data centres require spending money on training and development, support etc.

Evaluation of Vendor Contracts and Legacy Technologies

An intelligent IT leader will never replace vendor relationships and all systems just to deploy software-defined data centre capabilities. IT should consider business priorities for vendors which are based on purchasing power and long-term contracts and then accordingly align software-defined data centres purchases. Evaluation of hardware’s end of life status is also very necessary. If an organisation wishes to deploy Cisco software-defined data centre although has networking infrastructure of HP which is just two years old, choosing HP makes better sense.

Reconsideration of the IT Enterprise

Silos are already on the verge of a software-defined data centre. In this world of technology, it is very difficult to run IT with separate groups of networking, storage, applications and server. For a software-defined data centre, the technology barrier is maintaining silos. With a software-defined data centre, data must run spontaneously and a high level of coordination is required. Software-defined data centres offer more significant information from all the constituents which are then distributed across IT for better management and decision making.

With time roles also change. If a software-defined compute product is deployed like VMware, it will affect the network or storage group. Such organisations will have to deliver virtualised infrastructure based services as well as on standards which are optimised for a software-defined data centre. Moreover, it is important to initiate change and collaborate in new ways.

Deploy Metrics for Business

Monitoring performance as a task is done in manual and automated ways since years. However, then also such metrics don’t give much value to the business. Don’t use a lot of metrics. Overloading of metrics will cause a lot of confusion and no concrete conclusion can be derived. Select some few metrics which will help in deriving clear and measurable conclusions which will define success for the new infrastructure so deployed.

Metrics sometimes vary from project to project. Metrics should be chosen that have the ability to demonstrate how much more efficient, effective one can be in assisting users in new software-defined data centre oriented location. Common metric are the speed of deployment, agility, the capability to shift storage possessions with zero downtime, ease of use, user satisfaction, and total costs incurred.

Many conversations and debates have occurred whether the software-defined data centre is a methodology or technology. Truly speaking, it is a combination of both. A new alignment for delivering and managing IT is a prerequisite for software-defined data centre which is based on collaboration, business prioritisation and speed.



0
Installed a new SonicWall SOHO wireless router and the other computers at home cannot be viewed over the network.

How do I change this?
0
We currently have a Sonicwall NSA 2600.  We also have a Small Business Server 2011 running Exchange 2010.  The Sonicwall has NAT and firewall configured to pass the mail to the server.  That is working fine.

I have activated a 30 day trial of Sonicwall's Anti-Spam Service.  During the initial configuration I received the following pop up error: "Mail Server Auto-Detect Failed.  The system detects there are one or more NAT and/or Rule policies that use a service group of a service port range that includes SMTP and non-SMTPservice ports.  The system could not enable the Anti-Spam service using the current configuration.

The user guide for enabling Anti-Spam lists a step where you identify the mail server.  I am assuming I need to delete the current NAT and Firewall rules forwarding mail to the server and let the Anti-Spam setup configure them again.  Am I correct?

Any help is appreciated.
0
home network devices not finding new SonicWall SOHO Wireless.  It also is not being detected on my phone.
0
I am using Quickbooks Enterprise in multi mode on my network. The Database manager and files are all stored on a local server. When I am on my LAN everything works great. I am trying to use my Sonicwall/ Netextender vpn connection into my LAN. I connect fine and open files and folders on the server no issue. I launch Quickbooks, select the company to open and sign in with username and password. Thats when Quickbooks locks up and stops responding. Anyone have any ideas on this one? The only thing I cant get to work on the vpn is Quickbooks.
0
We have a internal zone server holding financial data.

Users would like to load ACL (Audit Command Language) into it to analyse the data but ACL
requires periodic (think can be daily) connection to Internet (& possibly incoming ports but
I'm not certain about incoming) for license validation.

Q1:
For a server that goes out to Internet, shouldn't it be placed in DMZ rather than internal zone?

Q2:
Or it does not matter for outgoing;  it's more for incoming connections (eg: web server) that
needs to be placed in DMZ?

Q3:
If we don't move the server to DMZ, what are the mitigations we can consider?
Let this server connect to a proxy to go out to Internet?
Use firewall to permit it to a specific destination IP for license validation only?
If the ACL component can't go by proxy, but it requires a non Tcp80/non Tcp443,
is this considered safe to permit (without going thru proxy)?

Q4:
If an internal zone server (Prod) goes out via proxy on Tcp80/443, isn't this
akin to a sysadmin being allowed to browse Internet from an internal server
which is risky?
0
How do I setup a Sonicwall TZ300 to allow me to telnet into a server on the local lan behind the sonicwall?
0
difference between the single layer switches and multi layer switches?
0
Hi,

I'm trying to add an Aruba POE Switch to a network which includes an Extreme 8810 Black Diamond switch chassis.

Can anyone assist please
0
Can I use this chart to calculate as a current bandwidth utilization in the office?    I want to look at what bandwidth utilization I have now and estimate it's max growth based on new headcount / office expansion.

This is from the palo alto firewall in network monitor option.  The only thing its in bytes.  So if shows 1,200,000M bytes.  Not sure how to translate into Gigabit.
 Network monitor in Palo fw
Please advice.
0
Last week, Github was hit with the largest DDOS ever recorded:
https://githubengineering.com/ddos-incident-report/

Akamai Prolexic is who they use for DDOS mitigation and they apparently handled it in stride:
https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html
0
Hi Experts,
I want support in configuring a new Cisco 1921 K9 Router. I bought this router two days back to replace linksys router which was provided by the ISP. I have to replace Linksys Router because we have upgraded Internet to 300 Mbps from 100 Mbps. I have setup this router in a test lab with basic settings with one Port with private IP and the WAN Port with DHCP (In Production WAN Connection is PPoE) and configured the NAT also. But it is not working. Below is the running config of the router.

Building configuration...

Current configuration : 5346 bytes
!
! Last configuration change at 04:39:58 UTC Sat Mar 3 2018 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ABCD
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
!
!
!
ip domain name abcd.com
ip name-server 8.8.8.8
ip name-server 4.2.2.2
no ipv6 cef
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-550796933
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-550796933
 revocation-check none
 rsakeypair TP-self-signed-550796933
!
!
crypto pki certificate chain TP-self-signed-550796933
 certificate self-signed 01
  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    480B33AF F9916BED 3DF321D7 9CD387D3 114D14A4 97DAF759 …
0
Increase/Decrease MTU

I would like to know when should we  manually increase or decrease MTU.
I  have seen some examples when there is an extra header for instance when using PPoE , they decrease the MTU.

Any clarification will be very much appreciated

Thank you
0
VPN site-to-site considerations.  Remote office users need to access two different data centers and the Main office.  So at least three different IP addresses.  In addition they also need to access their own machine back in the remote office when working from home.  There are two remote offices (15-20 users each)  and the one Main HQ office.  

Would it be better to design with one single VPN Concentrator hub or build individual tunnels from every office to every data center and remote location?  I'm leaning towards the 'one hub' VPN Concetrator with different profiles directing to remote offices.  
I need to hear pros, cons, drawbacks for each.  Thanks guys!!
0
I have been doing some research into setting up redundant ISPs on the PANs (Palo Alto firewalls), and it seems that if we don't want to run BGP for that site, the best alternative seems to be PBF.  Am I on the right track with that?  Are there other alternatives?
0
Hi expert

How fo write a schedule task for a powershell restart script that able to automate without putting password during restart?


Thanks
Alan Lam
0
I'm sure this question asked before.  Need to hire a sr. network engineer.   Specialized on pans, junipers, aruba, network design and architecture, etc.
What things should i look for and specific questions should be asked.  
Thanks in advance.
0
Dear Experts, please help us this case:

We are using Cisco Router 3925 as the gateway for LAN users, users' IP addresses were NAT overload via the interface that connect to the ISP; however we got a network (192.168.50.0) that could not access a website.

If we NAT static a PC inside that network to a static public IP address (or a pool of public addresses), the PC could access the website; but if we did not NAT static and using NAT overload via gateway interface, PC could not access website.

Do you know why? Please suggest
0
For PAN FW's OS upgrades in HA active/passive mode.  Can anyone point to the process steps?
Does it required to suspend HA first or doing passive first then failover to the active node?  
Please advice or point to the right link.  Planning to upgrade to the latest 8.0.8 release for PA-850 models.
0
Hello Everyone,

I have a SoniWALL NSA 3500 that I am trying to configure to open port 8000 for a Network Video Recorder (Hikvision). I want to port forward.  I created an object for port 8000 and then for the internal IP address that the recorder is going to use. I then went through the Public Server Wizard and and entered the internal IP and then the wizard went ahead and added our WAN address and then created the inside, outside and loopback parameters.  For all intents and purposes this should have opened port 8000 once I went through the wizard.  

Issue is when I try accessing from outside (or even inside my LAN network) using our WAN IP and then adding the 8000 suffix (x.x.x.x:8000) it's not reachable.  I believe I should receive at least a SonicWALL test page, correct?  Even if the device is not plugged into the switch yet I should still get something from the SonicWALL I believe.

Can anyone tell me if there is anything else I can do to make sure that port is open?  Web tests still say the port is closed.

Any help would be most appreciated!

Thanks!
0
I have configured UDP jitter SLA on my test lab. What do the below counters indicate of my connection? Why is there no latency numbers?
How am I supposed to read this?


ip sla 90
 udp-jitter 38.69.52.4 65050 num-packets 20
 request-data-size 100
 tos 128
 frequency 30
ip sla schedule 90 life forever start-time now


Test_Lab_Router_Place#sh ip sla statistics  de
IPSLAs Latest Operation Statistics

IPSLA operation id: 90
Type of operation: udp-jitter
        Latest RTT: 11 milliseconds
Latest operation start time: 12:03:15 cst Wed Feb 21 2018
Latest operation return code: OK
Over thresholds occurred: FALSE
RTT Values:
        Number Of RTT: 20               RTT Min/Avg/Max: 9/11/17 milliseconds
Latency one-way time:
        Number of Latency one-way Samples: 0
        Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds
        Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds
        Source to Destination Latency one way Sum/Sum2: 0/0
        Destination to Source Latency one way Sum/Sum2: 0/0
Jitter Time:
        Number of SD Jitter Samples: 19
        Number of DS Jitter Samples: 19
        Source to Destination Jitter Min/Avg/Max: 0/2/8 milliseconds
        Destination to Source Jitter Min/Avg/Max: 0/1/1 milliseconds
        Source to destination positive jitter Min/Avg/Max: 1/3/8 milliseconds
        Source to destination positive jitter Number/Sum/Sum2: 5/19/119
        Source to destination negative jitter Min/Avg/Max: 

Open in new window

0

Network Operations

9K

Solutions

11K

Contributors

Network Operations includes asset management, help-desk supervision, security and user policies, infrastructure administration and anything else that affects the operation of your network. Discussions will include those of best practices in platforms, configurations, performance, security and accounting.