|
Reiz posted:I'm guilty of switchport trunk allowed vlan add x. But that's the safe way to not wipe everything off the trunk ? "switchport trunk allowed vlan X" will definitely gently caress up your day if you don't realize what you've done.
|
#
?
Dec 7, 2015 01:43
|
|
|
|
| # ? Apr 24, 2024 06:27 |
|
|
I read it as the bolded part was not in the command, and with disaster in hindsight, the emphasis on the crucial word to prevent future similar mistakes.
|
|
#
?
Dec 7, 2015 03:01
|
|
|
Soo I'm trying to build a smalish network for our next office move and I'm considering Ubiquiti gear. Our only budget is the difference in price we'd save versus remaining with the lovely service provided by "the building". ISP is telling me they'd provide a Cisco 7206. Network is a single floor space with VOIP, 100Mb internet, and an internal server (we may potentially host internet facing services in the future, sFTP or similar in the DMZ). Scaling isn't too much of a concern right now. We have about ~100 desktops, and a few dozen floating laptops and phones on a single floor space. What I pray will be sufficient: • UniFi Security Gateway/Firewall • Ubiquiti ES-48-750W *or* US-48-750W • Ubiquity Edgerouter Pro • [2x] Aironet 1850 APs I have rudimentary networking/IP/OSI education, and it sounds like Ubiquiti has built in auto VOIP QoS settings, so my main concern is how much of a fool I might be to try and build and configure a new network for ~150 users. Access point configuration is a major concern, and I'm wondering if CCI is only a matter of dialing in broadcast signal strength on multiple APs or if there's enterprise APs with a built in tool for automatically adjusting multiple APs to work nice together. It's a single office floor, with a satellite office space a couple hundred feet away, so I imagine that'd entail running a SFP(+) line between two switches? I'm concerned there's something I may not be aware of that will lead to trainwrecks 
|
|
#
?
Dec 7, 2015 03:24
|
|
|
Working on CCENT and I'm missing something stupid. I've got three routers up in GNS3, and they're connected via their serial interfaces on 10.0.0.0/30. Router 1 can ping Router 2, but not Router 3. Router 3 can ping Router 2, but not Router 1. I've (I think) narrowed the issue down to the fact that Router 2 can't ping Router 3 if I use the interface that's connected to R1 as the source. I'm not sure if this is problem with how I've set up the static routers, or the ip address of the serial ports, or what. If anyone wants to spend a couple of minutes explaining what I've done wrong (or just pointing me where to look) I'd be pretty grateful.code:code:code: Edit: This is a DCE/DTE thing, isn't it? Looking in that direction. Japanese Dating Sim fucked around with this message at 03:58 on Dec 7, 2015 |
|
#
?
Dec 7, 2015 03:53
|
|
|
Panda Time posted:Soo I'm trying to build a smalish network for our next office move and I'm considering Ubiquiti gear. Our only budget is the difference in price we'd save versus remaining with the lovely service provided by "the building". If you are going all UBNT gear, why not go with some UBNT APs?
|
|
#
?
Dec 7, 2015 04:10
|
|
|
Japanese Dating Sim posted:Working on CCENT and I'm missing something stupid. I've got three routers up in GNS3, and they're connected via their serial interfaces on 10.0.0.0/30. Router 1 can ping Router 2, but not Router 3. Router 3 can ping Router 2, but not Router 1. I've (I think) narrowed the issue down to the fact that Router 2 can't ping Router 3 if I use the interface that's connected to R1 as the source. I'm not sure if this is problem with how I've set up the static routers, or the ip address of the serial ports, or what. If anyone wants to spend a couple of minutes explaining what I've done wrong (or just pointing me where to look) I'd be pretty grateful. r3 needs to be aware of r1's networks and vice versa. [from r3] ip route 192.168.10.0 255.255.255.0 10.0.0.5 If you wanted you could make a default route and tell R3 that any time he wants to find something you haven't explicitly defined, send it to R2 and hope he knows where to go. ip route ip route 0.0.0.0 0.0.0.0 10.0.0.5 Methanar fucked around with this message at 04:17 on Dec 7, 2015 |
|
#
?
Dec 7, 2015 04:15
|
|
|
Methanar posted:r3 needs to be aware of r1's networks and vice versa. I was about to tell you that I did already have that configured, and then I looked at R3 and nope, no routing configuration of any kind done. Christ. Thanks for explaining the obvious to me.  Working now, like you'd guess.
|
|
#
?
Dec 7, 2015 04:26
|
|
|
Panda Time posted:Soo I'm trying to build a smalish network for our next office move and I'm considering Ubiquiti gear. Our only budget is the difference in price we'd save versus remaining with the lovely service provided by "the building". The USGs are absolute poo poo, there's no more of a firewall/security function in them over what you can do on the EdgeRouter.
|
|
#
?
Dec 7, 2015 20:57
|
|
|
Japanese Dating Sim posted:I was about to tell you that I did already have that configured, and then I looked at R3 and nope, no routing configuration of any kind done. Christ. If you'd done show ip route on all the routers ready to paste here you'd probably have spotted that it looked off. It's all learning
|
|
#
?
Dec 7, 2015 20:59
|
|
|
Thanks Ants posted:The USGs are absolute poo poo, there's no more of a firewall/security function in them over what you can do on the EdgeRouter. Eh, they're the same hardware as the ER-Lite internally, but they have different software that's dumbed down so that it can be centrally managed in the UniFi provisioning server. Panda Time posted:Soo I'm trying to build a smalish network *etc* Let me start off by reiterating that you really need to hire a network designer and wifi planner to at least develop the plan for your network. The USG is inappropriate for your setup. You're potentially looking at >300 hosts on your network, and the USG is designed for the SOHO or remote office in mind. You should probably look at the Edgerouter Pro at a minimum, but that's going to require you to have some networking knowledge to really get it setup right for a network that large. I suggest that you look at Meraki for the firewall, starting with the Meraki MX84. At least with Meraki you're getting a more consistent vendor support contract in place with your software maintenance subscription. You should also probably use Meraki for the access points, which won't be as expensive as Cisco, but won't require you to know quite as much about how to do WiFi as the UniFi platform requires. You can still use the Ubiquiti switches as your back-end PoE switches, but if you're going to mix PCs and phones together on the same switch then you won't need 750W power budgets across the board. You can probably get the 48-port/500W units instead. If you're separating out your network into non-PoE data and PoE VOIP networks, then you can buy PoE switches for the VOIP network, and get unpowered switches for the rest. 192 ports is not going to be enough. You've got 100+ desktops, roughly an equal number of phones, plus laptops that will want to plug in at random points. You should count on 3 jacks per station: 2 data + 1 PoE voip jack. You don't -NEED- to plug in every port from the beginning, but if you're going to get poo poo wired, you might as well put it on a switch anyways. You're still in for a very large network cabling bill since you've got 150 stations to setup. Might as well pay the small pittance on top of that to make it work properly from the start instead of trying to fix poo poo later. For the remote office, how are you going to run the fiber over there? SFP+ (10g-base fiber) has a really limited transmission distance unless you start paying for really expensive optics. Run the fiber, but hedge your plans on possibly running a 1gigabit fiber link since you can get single mode 1000base LX modules for a hell of a lot less money. For WiFi, everyone's going to have a smartphone (likely) and/or a laptop that they're going to want to roam around with. Count on no more than 30 users per AP, and mount the access points on the ceilings, preferably spread out to cover all users. If need be, turn off the 2.4ghz radio on most of them and use only the 5ghz radios.
|
|
#
?
Dec 8, 2015 02:35
|
|
|
CrazyLittle posted:Eh, they're the same hardware as the ER-Lite internally, but they have different software that's dumbed down so that it can be centrally managed in the UniFi provisioning server. drat, thank you for this CrazyLittle.  I have a basic understanding of networks/routing/ip/subnets/arp from a lovely community college course and tinkering with a wireshark/PF rules utility, but I've never dealt with enterprise firewalls and wireless. I cleeearly need to read more up on enterprise networking. I naively assumed our network was simple enough to be comparable to home network. CrazyLittle posted:You should also probably use Meraki for the access points, which won't be as expensive as Cisco, but won't require you to know quite as much about how to do WiFi as the UniFi platform requires. The satellite office is 12 floors down, and while I was hoping to justify installing 10g-base cabling infrastructure now (4K video editing), it's not mission critical to go full 10g right now because I can't say with certainty that we'd have a 1g+ file server soon (going to attempt to assemble a homelab to try and build a proof of concept for a SSD video server rig that can push beyond 1g). Thanks for the Meraki suggestions, I wish I could bring something to the table here other than "welp gotta do research now". I'll report back if chaos erupts and I lose my job because I'm a charlatan 
|
|
#
?
Dec 8, 2015 04:46
|
|
|
Where are you located? Because as has been mentioned, you really should get someone to help you with this, even if it's just an architectural overview . Hell, I'll even do it remotely on the cheap if you can't find someone nearby.
|
|
#
?
Dec 8, 2015 04:55
|
|
|
Panda Time posted:Looking at APs, I now see all of them mention clustering / hand off automation / RF optimization. Panda Time posted:The UniFi AC is about 1/4 the price of the Meraki and the Cisco AC APs and seems to have a good comprehensive config interface. Meshing is supported on the Cisco and Meraki hardware, but we'll have enough ethernet lines installed across the office so meshing wouldn't be needed. I'll take the 30 user per AP number into account with the cable install. Panda Time posted:The satellite office is 12 floors down, and while I was hoping to justify installing 10g-base cabling infrastructure now (4K video editing), code:CrazyLittle fucked around with this message at 08:25 on Dec 8, 2015 |
|
#
?
Dec 8, 2015 08:22
|
|
|
psydude posted:Where are you located? Because as has been mentioned, you really should get someone to help you with this, even if it's just an architectural overview . Hell, I'll even do it remotely on the cheap if you can't find someone nearby. Panda Time posted:Anyone here know anyone in the LA area who would be interested in giving a bid for installation of a buncha Cat6a cables?
|
|
#
?
Dec 8, 2015 08:23
|
|
|
CrazyLittle posted:
Eh, 10gbase-LR spec is fairly tolerant, minimum margin (at -8.2dBm launch and -14.4dBm rx sensitivity) gives you a budget of 6.2dB loss, and that 10km of g.652 fiber is only 3dB at 1310 so you have 3dB for connector and splice losses. All the 'non-standard' LR20 stuff is just binning the parts based on the launch power (easy way to make a few extra percent by testing the lasers and throwing all the -1.5 to -2dBm launching ones into the LR20 pile).
|
|
#
?
Dec 8, 2015 13:53
|
|
|
ragzilla posted:Eh, 10gbase-LR spec is fairly tolerant, minimum margin (at -8.2dBm launch and -14.4dBm rx sensitivity) gives you a budget of 6.2dB loss, and that 10km of g.652 fiber is only 3dB at 1310 so you have 3dB for connector and splice losses. All the 'non-standard' LR20 stuff is just binning the parts based on the launch power (easy way to make a few extra percent by testing the lasers and throwing all the -1.5 to -2dBm launching ones into the LR20 pile). Mostly I'm talking about human error in pulling the fiber, or reusing patch cords, or dirty connectors etc
|
|
#
?
Dec 8, 2015 18:02
|
|
|
You'll be fine. LR is good for 10km in ideal conditions. I have some LR running to One Wilshire from a building about a block and a half away. Going through God knows how many patch panels as it makes its way from Equnix to Telx to the fiber provider then to Coresite and whatever patching the customer has as well. I don't remember offhand how much of the budget was consumed but it was very comftorable. There was enough extra budget that the growth plan for this circuit is to put in Chinese WDM muxes with 10km CWDM optics.
|
|
#
?
Dec 8, 2015 18:19
|
|
|
CrazyLittle posted:192 ports is not going to be enough. You've got 100+ desktops, roughly an equal number of phones, plus laptops that will want to plug in at random points. You should count on 3 jacks per station: 2 data + 1 PoE voip jack. You don't -NEED- to plug in every port from the beginning, but if you're going to get poo poo wired, you might as well put it on a switch anyways. You're still in for a very large network cabling bill since you've got 150 stations to setup. Might as well pay the small pittance on top of that to make it work properly from the start instead of trying to fix poo poo later. I question this. Why would you not use the passthrough port on the phones to connect up PCs? One port per desk, plus printer ports, should be plenty. Two at most. If you're not buying phones with gigabit switchports on them, and you're running extra cable and burning extra switchports instead, that's a really poor trade off. CrazyLittle posted:For the remote office, how are you going to run the fiber over there? SFP+ (10g-base fiber) has a really limited transmission distance unless you start paying for really expensive optics. Run the fiber, but hedge your plans on possibly running a 1gigabit fiber link since you can get single mode 1000base LX modules for a hell of a lot less money. Also question this. I've bought about 50 of the genuine Cisco SFP-10G-LR v04 modules good up to 10KM on SMF for an average price of $130 on ebay. The part number is 10-2457-04. 10 gbit trunks are totally worth it, and ebayed transceivers fall under support as soon as you plug them into a switch with support. Agree on the Meraki -- you should be able to talk the MR34s down below $600 each if you're buying in quantity, so don't let the list price scare you off. Consider Meraki switches too -- they're pretty nice. KS fucked around with this message at 00:14 on Dec 9, 2015 |
|
#
?
Dec 8, 2015 23:54
|
|
|
I have somewhere around 100 of these in my network, they all work fine. Pretty sure I got this vendor from this thread. They almost always ship same day out of Dallas. http://www.fluxlight.com/sfp-10g-lr/
|
|
#
?
Dec 9, 2015 00:25
|
|
|
Flexoptix always perform well in my experience
|
|
#
?
Dec 9, 2015 00:40
|
|
|
KS posted:I question this. Why would you not use the passthrough port on the phones to connect up PCs? One port per desk, plus printer ports, should be plenty. Two at most. Depends on the handsets they get, and assumes that nobody has a second dev machine or laptop or network widget that they want to plug in on top of their pc + voip-set. It's better to put the extra jack in up front than to deploy a bucket of 5-port switches. KS posted:Also question this. I've bought about 50 of the genuine Cisco SFP-10G-LR v04 modules good up to 10KM on SMF for an average price of $130 on ebay. The part number is 10-2457-04. 10 gbit trunks are totally worth it, and ebayed transceivers fall under support as soon as you plug them into a switch with support. Without specifics an ambiguous answer could mean anything. "Running fiber" could mean 62.5/125 mmf. Congrats on 10gig over 25 meters. "Remote office" could also mean 50 miles away. Once he nailed it down to a 12-story difference then it made a whole lot more sense: Run 50/125 OM4 MMF and get 400m or use SMF and get 10km.
|
|
#
?
Dec 9, 2015 02:53
|
|
|
FatCow posted:I have somewhere around 100 of these in my network, they all work fine. Pretty sure I got this vendor from this thread. They almost always ship same day out of Dallas. Thanks Ants posted:Flexoptix always perform well in my experience I always used to pimp fluxlight, but have since become a flexoptix convert. Great packaging and shipping (after an initial hurdle setting things up with customs) , and a better variety than almost anyone else (programmable Xenpak and X2 backpacks for SFP+ optics? Yes please). Plus they'll give you a programmer for free, and can work with you on additional transceiver encodings if you have a vendor they don't support yet.
|
|
#
?
Dec 9, 2015 13:53
|
|
|
I have been using Hummingbird Networks for my "compatible" optics. Quick shipping and no issues so far. Running stuff from multimode USR to singlemode ER.
|
|
#
?
Dec 9, 2015 17:03
|
|
|
I could be out of my element here and am looking for help. We acquired another business a few months ago and today comcast was able to turn up our data circuit to them. It's just another spur off of the existing comcast network they had. It is an ens metro Ethernet network. I am seeing the below traffic as an example. 21:45:03.602236 IP 192.168.75.10.646 > all-routers.mcast.net.646: LDP, Label-Space-ID: 192.168.75.10:0, pdu-length: 30 It feels to me like comcast is not stripping off their encapsulation but they insist it must be customer traffic. The acquired company has a fully outsourced it team, so asking them is difficult. Is what I am seeing normal, is comcast screwing up the hand off (php?), or am I too inexperienced to know what I am seeing?
|
|
#
?
Dec 9, 2015 23:09
|
|
|
Good info on the link budget for 10G LR. Just dealing with that myself, as we have a bunch of hand terminated ST singlemode with a bunch of loss. It has been causing me trouble. The spec lists a value for TX min/max, how can you determine what it is going to be? Show int x transceiver shows various values. I have a ton of old rear end 90s 62.5mmf which lol.
|
|
#
?
Dec 10, 2015 00:01
|
|
|
Partycat posted:I have a ton of old rear end 90s 62.5mmf which lol. I have a ton of this poo poo interconnecting closets and close buildings. 
|
|
#
?
Dec 10, 2015 00:49
|
|
|
adorai posted:I could be out of my element here and am looking for help. We acquired another business a few months ago and today comcast was able to turn up our data circuit to them. It's just another spur off of the existing comcast network they had. It is an ens metro Ethernet network. I am seeing the below traffic as an example. Looks like a screwed up handoff to me, they're looking for something to establish an LDP neighbor to (and you usually don't do that outside your own AS). Is there anything else sending hellos like OSPF or ISIS?
|
|
#
?
Dec 10, 2015 00:59
|
|
|
You shouldn't be seeing MPLS LDP messages spilling out of your side of the connection.
|
|
#
?
Dec 10, 2015 01:03
|
|
|
Moey posted:I have a ton of this poo poo interconnecting closets and close buildings. I put a req in for a mmf fiber run at a building, and they pulled "new" 62.5/125. I wanted to scream so bad. ALWAYS get specific.
|
|
#
?
Dec 10, 2015 01:23
|
|
|
ragzilla posted:Looks like a screwed up handoff to me, they're looking for something to establish an LDP neighbor to (and you usually don't do that outside your own AS). Is there anything else sending hellos like OSPF or ISIS? That line I posted is the other end sending an ospf hello. I see nothing else other than a few more of our devices showing the same traffic. You both more or less seem to have confirmed what I thought, comcast messed up. Generally their enterprise support is great, I am hoping I have better luck tomorrow.
|
|
#
?
Dec 10, 2015 01:24
|
|
|
CrazyLittle posted:I put a req in for a mmf fiber run at a building, and they pulled "new" 62.5/125. I wanted to scream so bad. It's fine for gig E. It can do 10G but at comically useless distances for anywhere where you would be bothered with fiber. 50 micron is better but, if I recall correctly, still not going to be great if you can run 9u singlemode instead.
|
|
#
?
Dec 10, 2015 17:06
|
|
|
adorai posted:That line I posted is the other end sending an ospf hello. I see nothing else other than a few more of our devices showing the same traffic.
|
|
#
?
Dec 11, 2015 20:12
|
|
|
Partycat posted:The spec lists a value for TX min/max, how can you determine what it is going to be? Show int x transceiver shows various values. For TX the laser has a minimum brightness it can transmit at as well as a maximum brightness. For LR this isn't as big a deal because the transmit min is darker than the receive max. When you start looking at high range optics you end up with optics where the minimum of the transmit is brighter than the brightest you can receive at. Those optics require a certain amount of attenuation between tx and rx to prevent damage. For the link budget you take the range between the max transmit and the min receive.
|
|
#
?
Dec 12, 2015 03:57
|
|
|
Does anyone know why some Aironet 3702i would trigger BPDU guard on a connected Cisco 2960-X, while most others don't? As far as I can see the configuration in the APs are identical.
|
|
#
?
Dec 15, 2015 10:27
|
|
|
Alright just for fun I'm playing with BGP and set up a simple network. All the basic configuration is done with ospf/eigrp redistributed into the bgp. Everything works. I want to try and force the AS 200 router to send traffic destined for 30.30.30.0/24 over to AS 300 and then let AS 300 handle the traffic, instead of how it currently is where AS 200 sends directly to AS 100.  On the AS 200 router I set a weighting for the 86.55.14.2 neighbour so ALL traffic will be sent down that link, except for directly connected stuff. That's pretty cool but it's not quite what I wanted. code:code:
|
|
#
?
Dec 15, 2015 22:01
|
|
|
Methanar posted:Now, both of these worked, but if I had several hundred preferences with and across multiple AS's, with meaningful internal routing occurring this would be a nightmare. What is the proper way of handling bgp preferences? Do you you have to phone other network admins responsible for other AS numbers to request changes? Welcome to bgp - you never can assume the other ASN will do what you want. That's why they're called autonomous. You can give hints in the form of MEDs and path length (prepending), but ultimately: their network == their rules.
|
|
#
?
Dec 15, 2015 22:34
|
|
|
Methanar posted:Now, both of these worked, but if I had several hundred preferences with and across multiple AS's, with meaningful internal routing occurring this would be a nightmare. What is the proper way of handling bgp preferences? Do you you have to phone other network admins responsible for other AS numbers to request changes? Lots of/very big route maps are the answer. Welcome to BGP.
|
|
#
?
Dec 15, 2015 22:47
|
|
|
Sadly the best solution here is AS_PATH poisoning.
|
|
#
?
Dec 15, 2015 22:51
|
|
|
Something else to keep in mind in your scenario is that you are only affecting the egress traffic from AS200. The return traffic from the 30.30.30.0/24 network in AS100 are still coming in across the direct connection between AS100 and AS200.
|
|
#
?
Dec 15, 2015 23:44
|
|
|
|
| # ? Apr 24, 2024 06:27 |
|
|
On the internet you can use published communities to do traffic engineering with your peers (ISPs).
|
|
#
?
Dec 16, 2015 02:27
|
|
