Network Operations

9K

Solutions

11K

Contributors

Network Operations includes asset management, help-desk supervision, security and user policies, infrastructure administration and anything else that affects the operation of your network. Discussions will include those of best practices in platforms, configurations, performance, security and accounting.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello Experts,

I am at a customer site and I see that they have fiber connectivity  from distribution switch to access switches. When I look at the configuration I do not see any UDLD protocol applied.

My question is can I apply the UDLD protocol on the distribution switch and access switch globally and will that affect the uplinks. I am hoping to not have any distruption on the network.

Please assist
0
CompTIA Security+
LVL 13
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Does anyone know what RADB routes are?  We are requesting a LAN public IP from the Internet carrier that was promised.  Now they give us run around saying the route set belongs to RADB and they cannot update RADB route sets.  If the customer wants their prefix [1.1.1.0/24] to be routed via BGP, they would need to contact RADB to have them update their route set.  
We do not need a BGP.  Just requesting a public LAN IP address.

Does anyone know what does prefix belongs to radb mean?  I'm running the Whois and looks like the prefix belongs to my internet carrier.  Not to radb some sort.
Does the carrier give me a BS runaround on this?  It feels like it :)
0
Hi

When adding an IP to an outside interface on a Cisco ASA,  what IP information do i need from my ISP

I believe its just an public IP address and subnet mask? Do I need a gateway address?
0
My contractor ran fiber cables between floors.  Today I noticed there's an interesting transition connection from thicker cable to the thinner one.  Taped over with while electrical tape.
I didn't have that fiber patch panel.  They install it all.  Taped like that on both end of terminations.

  Does anyone know if this is how its done normally and should I worry about it?  Thanks.
20181226_121026.jpg
20181226_121022.jpg
0
HI Experts.

I have this policy map on most of the switches at my organization.  
Policy Map AUTOQOSPOLICY

    Class AUTOQOS_VOIP_DATA_CLASS
      set dscp ef
      police 128000 8000 exceed-action policed-dscp-transmit
    Class AUTOQOS_VOIP_SIGNAL_CLASS
      set dscp cs3
      police 32000 8000 exceed-action policed-dscp-transmit
    Class AUTOQOS_DEFAULT_CLASS
      set dscp default
      police 10000000 8000 exceed-action policed-dscp-transmit

We are now replacing the existing phones with a new cloud base phone system and they sent me these requirement for QOS and the vendor gave me this policy to use on the switches

policy-map PM-ASW-IB-User
class CM-ASW-IB-RC-Voice-RTP
set ip dscp ef
police 512000 16000 exceed-action drop
class CM-ASW-IB-RC-Video-RTP
set ip dscp af41
police 768000 8000 exceed-action policed-dscp-transmit
class CM-ASW-IB-RC-GeneralSIP
set ip dscp af31
police 32000 8000 exceed-action policed-dscp-transmit
class CM-ASW-IB-RC-Meetings-Control
set ip dscp af31
police 32000 8000 exceed-action policed-dscp-transmit
class CM-ASW-IB-RC-Other
set ip dscp af21
class CM-ASW-IB-Cust-AF13
set ip dscp af13
class CM-ASW-IB-Cust-AF12
set ip dscp af12
class CM-ASW-IB-Cust-AF11
set ip dscp af11
class class-default
set ip dscp default

Apply on the ports :

interface range Gi1/0/9-20
! no mls qos trust device cisco-phone
! no auto qos voip cisco-phone
! no mls qos trust cos
! mls qos trust dscp
! priority-queue out
! …
0
Hello Experts,

I am at a client site and he has a bluecoat packetshaper s200, the client has ordered a replacement hard disk and it has arrived, I would like to replace the hard drive on this device. I am hoping someone can guide me through the process,

I know that I have to open the box and remove the old drive and put the new drive. I need help in backing up the configuration file and IOS, One more thing I like to know is to determine which drive needs a replacement, I do have access to the gui but need the right steps to do that.

Thanks,
0
We use Cisco StealthWatch and are disturbed at some of the activity we're seeing.

What's the best technique to research large downloads/uploads from a particular IP address, such as:  168.62.9.111 transferring 3 gigs?

Per https://myip.ms/info/whois/168.62.9.111 , I see this is registered to Microsoft so I don't think it's malicious.

The only IP's I've been able to figure out so are:
OneDrive:                   13.107.136.9
Windows Update:     13.107.4.50

Is there good site that knows what IPs microsoft uses and for what purpose?

Thanks,
Mike
0
I'm listing out IT Infra changes that require CR / change control ie subject to CAB.
1. OS, network device OS patching/update/upgrade
2. Installing or configuring a software/feature
3. Adding/deleting/amending an ACL or firewall rule for Production purpose
4. Configuring DB changes : to list out ...
5. Hardenings & OS changes (permission changes etc)
6. OS/device tunings (including migrating services behind WAF, ...)
7. changing account/object privileges

However, I think the following just require an SR/email:
a. blocking of IOCs (from threat Intels)
b. unlocking accounts/password resets
c. login to check/extract information (Cisco 'show run')
d. restarting / rebooting a service or OS due to fix a problem
0
Dear Experts,

I am at a client location today and they have a local server that will be accessing different sites with various ports. The client has ASA firewall and Cisco Firepower my question is do I add the access rules in Firepower or directly in ASA?

I am always not sure and the client has no preference.

Please let me know from your experience how to tackle this .

Thanks,
0
1.pngso all of a sudden some emails stop flowing and my connector is not validating, been setup for years and we did not change any server or network settings

i have Office 365 and a hybrid server - exchange 2010

the emails that are failing are coming from my mercury server and flows thru my exchange to office 365. i have contacted microsoft support but they are saying its an internal issue.
0
Introduction to R
LVL 13
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

Hello gents,

I am at a customer site and they have a server in the internal zone, the network has Cisco ASA firewall.

They have a developer and on the server he wants to open ports 7000-7200, Do I use the Cisco ASA to open these ports ? or is this done on the server only.

I am not sure how to address this I need clarity on such type of requests from clients,

Thanks,
0
Hello Experts,

I have 2 sites connected via OSPF neighbor relationship using MPLS  and I also have direct connect between the two sites. I had issue with the point to point connection and I removed the static routes between the two sites and OSPF was able to pick the routes again.

Now my Point - to - point connection is up again and I added the static routes but the issue I have now is that the traffic is still going through the ospf and not using the point-to-point path.

How can I make sure the path is reverting back to the point-to-point path, I thought by adding the static path it would pick it up again.

Thanks,
0
Hello Experts,

I have these SIP audio alerter devices on site, and we use CUCM, what is the best  way to find the phone numbers of extensions assign these devices , I only have a sample Mac address of a device but need help.

Thank you,
0
Hello Experts,

I am at a site location and they have BlueCoat Packet shapper S200 , I know the management IP and I know the port number and switch that the management IP is connected too.

I see there are other 2 ethernet cables connected to it and I want to find out their IP addresses and neighboring devices. Is there a way I can find the info from the portal? what will be the best way. I could go to the datacenter and find out but just want to know if there is in anyway I can do this from the portal.

Thanks,
0
Wonder your folks opinion.  How do you approach this questions from executives.  
 "what do you think is better 74Mb DSL or 60Mb cable?"  :)
0
We have some older model Siemens PLCs that I'm told have an IP address, but no gateway. Can anyone confirm if they have seen something like that?

Second and more important is my part in this challenge: If it is possible that a device has no gateway, how to get it to talk/route to a different subnet?

Edit: I see some Siemens documentation that talks about using subnets and supernets to get around the issue. So if it helps, my destination subnet is 10.1.179.0/24 and my PLC is 10.107.151.10.
0
What's the best way to setup Cisco 3850 switches by copying configs over the new one. 2 identicals are already in place.  
The additional will server same functions as access switches.
0
I have a brand new Cisco 9300 access layer switch that is trunked to a Dell Force 10 core switch.  The core switch is a VTP Server for several VLANs.  While the 9300 ports were configured for hosts, it was NOT a VTP client yet so it had no knowledge of our current VLAN structure.  To give an example, I had a port configured "switchport access vlan 14."  Once the server was brought online as an active access layer switch, it was configured as a VTP Client in our custom VTP domain.  However, any device on vlan 14 cannot communicate past the 9300 switch even though the port channel tagged on the Force 10.  In fact, I am simply re-using the port channel configured on the core switch to connect the trunk ports to the new 9300 switch. If I do a "show vlan" on the 9300 it shows my vlan 14 with the proper name as it is configured on the VTP server.

My question is, if a port was configured to exist on a particular VLAN before the switch was a VTP client, are there two conflicting VTP entries in the vtp.dat database on my 9300, one local and one obtained from the VTP server? It doesn't seem like this could be happening since "show vlan" looks identical to a different access layer switch that is a vtp client in the same environment.
0
With Solar Winds NPM v12.1 I want to get an alert via email if the following snmp
trap is received:

snmpTrapOID = PAN-TRAPS:p​anROUTINGR​outedBGPPe​erEnterEst​ablishedTr​ap

I don't see a specific direct means in Orion for creating an alert from a trap. But
perhaps this could be done with a custom SQL query? Any insight appreciated.
0
Build an E-Commerce Site with Angular 5
LVL 13
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

I'm drafting an SOP doc & need to spell out the specific roles/duties of
Firewall admins vs IT Security (governance) :

I'm not sure if RBAC (Role Based Access Control) comes into play here
but my view is:

a) all Firewall rules requests as well as proxy requests (say to whitelist
    a URL or permit certain file types to be saved/downloaded) are to
    be reviewed & approved by the IT Security governance as well as
    requestor's managers  while Firewall admins implement them:
    is this what's generally practised?

b) reviews of Firewall logs/events are jointly done by a network admin
     or lead or manager who is not an implementer of firewall rules &
     counter-reviewed by IT Security gov : certainly we hope to automate
     this by SIEM with UEBA but Audit still requires such events/logs reviews
     to be signed off by 2 parties

c) What about firewall rules review : which parties should review them?
    Certainly not firewall admins as they're the creator of the rules so
     they'll just sign off as "No issue" : it's a conflict of interest.  We had
     run into case where a critical & sensitive Prod server was permitted
     for access to entire organization.  Tools like Tuffin only review for
     "dormant" rules but not such rules created for "testing" but forgot
     to be removed.   Any tools could help with such detection?
0
What are some free proxies out there that could do blacklisting (& possibly greylisting)
as well as auto-block by know malicious sources (eg: get updates from SpamHaus,
AlienVault, bad Reputation sites & known sources of malwares).

Ideally the free proxies could also stop users from downloading executables or
a specified file types.  No plan to go for commercial ones like Bluecoat.
0
We would like to monitor when a server, switch, router, and firewall goes down. We have a remote site that's "unattended", however, we would like to keep an eye when a device mentioned before goes down?

Do you have a suggestion that we can consider? Thanks so much.

Regards,
0
Fortigate 200D in HA cluster

i have a problem (user "accidentaly started wizard" to change gateway)....

and fortinet stoped routing as expected, as it seems nothing has changed.
static routes are the same as before, route lookup hits the right route, traffic seems to hit the right policy.

Monitoring the traffic it says       "Accept: session timeout" for everything

i can ping port to internal network from CLI, i can ping something on Internet (WAN) from CLI

but nothing gets thru from external(WAN) to internal network (PORT1) or viceversa
0
Configuring NAT

in the LAB configuration below:
I have R1 and R2 in subnet 192.168.12.0/24 ----R3 in subnet 10.10.13.0/16  and R4 in subnet 10.10.24.0/16

I would like to have R3 be able to ping R4

The NAT configuration does not seem to work as it is supposed to.
Any Help ?

Thank you

n




R1#sh run 
Building configuration...

Current configuration : 2199 bytes
!
! Last configuration change at 02:39:42 CET Sun Sep 2 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!         
!
!
redundancy
!
!
! 
!
!
!
!
crypto isakmp policy 5
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key cisco@123 address 192.168.12.2   
!
!
crypto ipsec transform-set MY-SET esp-aes esp-md5-hmac 
 mode tunnel
!
!
!
crypto map IPSEC-SITE-TO-SITE-VPN 10 ipsec-isakmp 
 ! Incomplete
 set transform-set MY-SET 
 match address VPN-TRAFFIC
!
!
!
!
!
interface Ethernet0/0
 ip address 192.168.12.1 255.255.255.0
 crypto map IPSEC-SITE-TO-SITE-VPN
!
interface Ethernet0/1
 ip address 10.10.13.1 255.255.0.0
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown

Open in new window

0
ac
in the topology above , I have 2 routers with 2 loopbacks.
on R2 I configured an access list to permit only 192.168.12.0 which is the link between R1 and R2, for some reason I cannot ping loopback 1.1.1.1 of R1 which makes sense,  but I can ping from R1 to loopback of R2.  I thought both loopbacks cannot be ping because of the access list:

configuration below:

R1:
R1#sh run 
Building configuration...

Current configuration : 1792 bytes
!
! Last configuration change at 16:05:15 CET Sat Aug 18 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!         
!
!
redundancy
!
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0/0
 ip address 192.168.12.1 255.255.255.0
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Serial2/0
 no ip address

Open in new window

0

Network Operations

9K

Solutions

11K

Contributors

Network Operations includes asset management, help-desk supervision, security and user policies, infrastructure administration and anything else that affects the operation of your network. Discussions will include those of best practices in platforms, configurations, performance, security and accounting.