|
falz posted:The traffic is unicast, not multicast or broadcast? The purple color on those observium graphs is a bit different from mine, usually associated with non- unicast. Unicast. Mostly camera traffic from 4-5 hosts.
|
# ¿ Feb 17, 2020 17:30 |
|
|
# ¿ Apr 25, 2024 08:24 |
|
Cyks posted:I assume you meant having a second voice vlan with 172.27.31.0 /24 scope and yes, that would work. You aren't limited to one voice vlan per device, just a switchport can only be on one voice vlan. Or expand the current DHCP scope if you only need a few more and you don't need 28 statics on that scope. I could only expand the current scope by... ten? And it turns out like 30 machines are getting DHCP from Windows (and aren't on the 30 vlan, they're on the same VLAN as the PC on that particular port...not sure why the hell that's happening)
|
# ¿ Feb 17, 2020 17:38 |
|
Partycat posted:Is it destined to a NLB host or something that isn’t replying with its own MAC? That would cause flooding. dst mac is in the table where you’d expect ? Yea, the mac address is in the table for both the src and dst [timg]https://i.imgur.com/X9tZgLQ.png[/img] Wireshark PC is 172.27.15.185 fwiw
|
# ¿ Feb 17, 2020 18:55 |
|
Pile Of Garbage posted:Why is DHCP configured on this switch at all? It's not - dhcp server is on the phone system (vlan 30) and the windows server
|
# ¿ Feb 20, 2020 00:01 |
|
You don't need a L3 switch in each telco closet on every floor of the building, as long as they each run back to your core stack of switches (that are L3), right? L2 switches are like 1/3rd the price and when you're replacing ~20 of them... Someone here bought 1 HP Aruba 2930 instead a 2540, and we're not going to be replacing all the others just yet, but want to plan for it.
|
# ¿ Feb 27, 2020 21:57 |
|
Thanks Ants posted:If I wanted an Aruba L3 switch I'd be looking at the CX models now, I get the impression that the ProVision stuff (29xx, 38xx from the HPE days) isn't going to be what new things are built on. 6300M is twice as much as a 2930F quote:WHY CHOOSE ARUBA CX SWITCHES?
|
# ¿ Feb 28, 2020 13:56 |
|
We have a Fortinet, but I guess this is a generic networking/failover question: Two internet connections, and the firewall is configured for failover, basically checking if 8.8.8.8 is reachable. Our ISP had an issue last weekend where one of the cards in their core router went down, so certain other networks were not reachable. So maybe 80% of stuff worked still, but we got a few emails about things being down etc. One of them being a cloud-based piece of software that is pretty important to the daily operations (Matrixcare EHR) An order came in from above to have the failover operate on whether we can reach that website. I'm not going to change anything because that's ridiculous and every time that website has a hiccup we're going to switch connections... So just as a brainstorming session, what are some other suggestions? In all honesty, this is something that should have been investigated by the on-call person, and once identified, manually failed over. It's such a rare thing to happen. One time last year we had something similar where a bug or something screwed up a routing table and we had all kinds of goofy poo poo happen, so we just used the other connection until they got it cleared up.
|
# ¿ Aug 20, 2020 13:44 |
|
GreatGreen posted:If I rename a Cisco switch, will that require a switch reboot or can I just enter: You should see the prompt change to: newname (config)# Right after you enter that command
|
# ¿ Sep 8, 2020 15:20 |
|
GreatGreen posted:Thanks! Not 100% sure on the stack but it should behave the same as a single switch
|
# ¿ Sep 8, 2020 15:50 |
|
Otis Reddit posted:Desktop Support guy here at a medium sized MSP that is a Cisco Meraki shop. Looking to make the jump to sys admin hopefully as part of an in-house IT team. Is the CCNA still a good cert to go for? Since we mostly replace ASAs with MX equipment, the overall vibe at my current company is 'not worth it anymore' -- but MSPs love their own partners and discourage all else. What do you goons think? CCNA doesn't hurt, but companies are moving towards more CLOUD EVERYTHING. Companies will still have a LAN of some sort but as people start moving to WFH, servers move to the cloud, networks will get less and less complicated on the LAN side. If you know what kind of equipment you'll be working with, get certified in that (Fortinet NSE or Meraki ECMS or whatever, for example)
|
# ¿ Sep 21, 2020 20:56 |
|
BaseballPCHiker posted:I also think the demise of sysadmin work in general is over exaggerated. I've heard too many managers say, "I care more about jobs, I won't move that to the cloud", to think that.
|
# ¿ Sep 22, 2020 18:58 |
|
Trying to figure out how the HA on this Fortigate 300D cluster works on the ISP side. The Cisco 3600X is from the ISP. Are they just using it to split the circuit into two physical links? I can't view the configuration of it at all. On the HP 5500 (LAN) side, isn't port mirroring a very odd way of doing this? I mean I guess it works... We're getting a new ISP and they asked if we want to do a LAG or LACP. They can give us two ports, but they just have one router and not a router + switch. Can't find the Fortinet docs that really say much. Diagram attached, image hosts are blocked.
|
# ¿ Dec 10, 2020 18:30 |
|
MF_James posted:I forget if the D line of devices has an HA port, but are you sure they're doing heartbeat through the switch and not actually doing HA with a cable connecting the 2 devices together? Active/passive
|
# ¿ Dec 10, 2020 22:00 |
|
The mirror port being on the switch in the core that our SAN is connected to might be part of why backups ran slow when we use our cloud repository :facepalm:
|
# ¿ Dec 11, 2020 03:29 |
|
Also I don't know if we've ever done a failover test since I've been here. Not sure if taking a fortigate out will end catastrophically or not.
|
# ¿ Dec 11, 2020 03:30 |
|
MF_James posted:I just had a thought about the mirrored port. Yea I figured the mirrored port was some hillbilly failover they read about on some website Last weeks backup speeds to the cloud:
|
# ¿ Dec 11, 2020 13:46 |
|
Last night:
|
# ¿ Dec 11, 2020 13:47 |
|
Thanks Ants posted:Watchguard, you still admin them through some awful windows app. They aren't using BARRACUDA CLOUD CONTROL?
|
# ¿ Dec 15, 2020 14:22 |
|
Most firewalls are just pretty front-ends for pf/iptables right? Have any of those companies invented their own poo poo, or are they just all slapping linux/bsd on a whiteboxed system?
|
# ¿ Dec 15, 2020 21:08 |
|
ior posted:Depends on how you define most. The big players are definitely not using pf/iptables (Palo, Check Point, Fortinet, Cisco). Keep in mind that both pf/iptables only do ip/port. Whilst a modern NGFW does everything from appcontrol, ips dns security, sd-wan, sandboxing etc. I realize that, but I guess I thought the base rules were still comparable to something like pfsense and all the IPS stuff was their own engine. So they're all using their own tech for that?
|
# ¿ Dec 16, 2020 21:12 |
|
Looking to replace our 5-switch core stack of HP A5500's (the old Comware ones) 2 of the switches have 24 copper ports, and 4 SFP ports The other 3 have 8 copper ports and 24 SFP ports I don't see many switches split this way. One of the switches with 24 SFP ports, we're using 8 media converters to go over to ethernet... That one would need about 16 copper ports. Anyone know of any that are still configured like this? We're limited to $10k/switch which probably won't be enough. I mentioned FS.com and I might as well have said Netgear. We had 2x the budget last year (right before COVID so that went *poof*), and the place we bought all our Aruba wireless stuff was going to get us Aruba switches, but there isn't a quote anywhere with actual models etc.
|
# ¿ Apr 12, 2021 13:00 |
|
Pile Of Garbage posted:What and how many SFPs do you have in the SFP ports of the current switches? Maybe easier just to break-down your actual port requirements as copper/SFP? Currently in use: 1/2 - 10 sfp 8 copper (comm room) 3/4 - 0 sfp, 20 coppers (server room) 5 - 4 copper, 8 sfp (actuall copper, using media converters), would really want at least 4 more copper here maybe 8. Don't actually need any SFP ports (backup server room) Also it looks like on most switches we'd need two SFP ports for stacking unless they have dedicated stacking ports on the back. Actual picture of 1/2. Fibers are all redundant pairs going to MDF's in other areas of the building and the coppers are going to our wireless controllers, phone system, and firewall pair. Bob Morales fucked around with this message at 13:24 on Apr 12, 2021 |
# ¿ Apr 12, 2021 13:19 |
|
Thanks Ants posted:Do you need any of the L3 features that the Comware stuff could be made to do? Agreed, but they are physically located in 3 different areas. Two are about 50 feet apart and the other is like 1000 feet away We aren't doing anything funny with it other than VLAN routing.
|
# ¿ Apr 12, 2021 13:20 |
|
Thanks Ants posted:Are you actually running a stack over that distance, or just an IRF? IRF What is the difference?
|
# ¿ Apr 12, 2021 13:50 |
|
Pile Of Garbage posted:What you're describing sounds less like a pair of redundant switches and more an actual network core (As the labels on those switches seem to indicate). I'm not exactly fully across the Cisco product line (Really only Fortinet firewalls) but as I understand the only thing that is only going to give you the same amount of density and expansion is a 9400 or a 6500 (Are they even a thing anymore?) quote:Looking to replace our 5-switch core stack of HP A5500's (the old Comware ones) I'm not sure if we're calling them back or what. They for some reason allocated half the money this time around so I'm not sure if it will even be possible.
|
# ¿ Apr 12, 2021 14:13 |
|
Pile Of Garbage posted:I'm not exactly familiar with the HP A5500 series but at a glance they look just like regular stack switches. I may be extremely wrong here but as I understand stacks are exclusively a thing for access switching and cores at a certain size are almost always built with with chassis configurations where capability is provided via line-cards. For example, one of our previous customers had the top four floors of an office tower so they had 10Gb P2P from the DCs to the top floor IDF where a 6500 was installed that then connected to 3850 stacks in the IDFs on the other three floors. 20M and maybe 300M?
|
# ¿ Apr 12, 2021 14:43 |
|
BaseballPCHiker posted:Just to pile on, Im just a Cisco guy, but for Cisco we'd have dedicated stacking cables in the back of the switches, not using SFP or copper ports for that. You can use HP IRF technology to connect and virtualize A5500 EI switches or A5500 SI switches into a virtual switch called an “IRF fabric” or “IRF virtual device” for flattened network topology, and high availability, scalability, and manageability. You can do a LAG across two different physical switches so I would call it a 'stack'. There are 'stacking ports' but they seem to just be 10GBe interfaces on the rear, it's not a dedicated stacking cable like you mention you'd see with other vendors. The newer Aruba stuff seems to work the same way with their VRF or whatever they call it (we have two closets converted over to the Aruba 2650(?)) We've been converting some closets over to the HPE 5130's, which are newer Comwares, which we have been getting as warranty replacements.
|
# ¿ Apr 12, 2021 14:47 |
|
Thanks Ants posted:I think a pair of Aruba CX 6300 24 port SFP+ switches will do for your 'core', then just use CX 6100s for your copper access. This is kind of where I was going, trying to figure out why we need it to be all one stack. We are using Aruba Central now, actually. And guess why we can't replace the fan in switch #2 that's giving us errors! Because we have to bring the whole thing down.
|
# ¿ Apr 12, 2021 14:49 |
|
Pile Of Garbage posted:Assuming they're 1Gb the 20M runs could be done with CAT6 but it's kinda pointless if you've also got 300M runs. Office building
|
# ¿ Apr 12, 2021 15:20 |
|
In our server room, our main switch stack is made of 2960's, and then we had a 3750 core which has been replaced by Fortiswitch (ugh but that is another post). They are mounted in a 4-post telco rack, and then we have a 48u server cabinet about 5 feet from that. That means we have about 40 cables dangling across. I at least bundled them all together so it doesn't look like complete poo poo. Started replacing cables on the patch panels with shorter ones and grouping them so no more cables on the floor. Also got the last of the computers off the floor. There are other issues in this room as well, but again, that's another post. This picture is about 25% as bad as it was. I'd like to reduce this to like, 4 cables, so I want to buy a top of rack switch. Actually two, one fiber and one copper. I talked to our VAR, who got a networking guy on the call, and they basically quoted us: Cisco 9300 48 port 1Gb copper $3,700 Cisco 9300 24 port 10Gb SFP $10,000 $1,000 for redundant power supplies $1,200 each for stacking modules $1,000 in transceivers and cables $3,700 in SmartNet So why don't I just go over to fs.com and buy: https://www.fs.com/products/100969.html and https://www.fs.com/products/108710.html ? $1,399 and $1,149
|
# ¿ Jul 23, 2021 13:29 |
|
GreenNight posted:Yeah Cisco has been telling us they've been hit hard by the chip shortages too. We just purchased 12 48-port Meraki switches with 10 gig uplinks. FS actually has this in stock while the Cisco stuff is all backordered. We have been waiting like 2 months on a whole new Cisco wireless system. Don't know about FS's support. They seem to have a decent rep on Reddit (lol). At these prices I could buy spares. Edit: No coffee yet Bob Morales fucked around with this message at 14:14 on Jul 23, 2021 |
# ¿ Jul 23, 2021 13:45 |
|
GreenNight posted:No, we have 20 other Meraki switches and about 60 AP's. We also have Meraki SD-WAN devices at the edge. Sorry, somehow I read that as Ubiquiti
|
# ¿ Jul 23, 2021 14:15 |
|
Cisco book recommendation? I don't need a chapter on subnetting or T1's and ISDN or OSI models. Just real-world examples cookbook type poo poo. O'reilly IOS Cookbook is like 14 years old.
|
# ¿ Sep 10, 2021 15:49 |
|
falz posted:Are thinking you don't need this because it's old stuff and you don't care ORr because you already know about that stuff? A little of both. I mean if they have chapters on that, fine, I just have those parts covered. I have some old Odom books (2003?) but they don't cover some security-related things and other newer stuff. I can do most of the stuff I want on our gear but I want to read more about the stuff and a lot of the model-specific documentation doesn't cover things. Like our 2960's work a bit different than our 4500. And then we'll probably get some 9300's or something in the near future.
|
# ¿ Sep 10, 2021 21:55 |
|
BaseballPCHiker posted:You’d probably be better off just reading the config guide for the models you have honestly. Methanar posted:Just buy Arista instead and you won't need to deal with any of the ancient lovely parts of ios. We are getting all Fortinet to replace them
|
# ¿ Sep 11, 2021 03:17 |
|
I have two interfaces on this 2960 One is a 10.x.x.x, the other is a 192.168.x.x If I set the default route to 192.168, instead of 10., RADIUS auth times out Is this on my firewall (new company and old company networks, but on the same firewall etc) or where should I look on the switch config? I don't see anything that jumps out at me but I have other switches with that default route that work fine. I didn't check the radius server yet.
|
# ¿ Sep 15, 2021 21:51 |
|
Thanks Ants posted:What interface is the switch communicating from? You need a route back from whatever is upstream of your switch, so if your RADIUS requests are coming from 10.1.2.3 but the thing your switch is connected to thinks that it's on-net for that subnet it won't be forwarding packets to the correct place. It's connected to both...I can ssh to either address and connect. Not on-site today so I don't want to gently caress with it when I'm not able to console in.
|
# ¿ Sep 16, 2021 15:13 |
|
Thanks Ants posted:I meant this Don't have a line like that on any of our switches. I can see they are coming from the right address on the firewall though. I think that's where the issue lies.
|
# ¿ Sep 16, 2021 15:40 |
|
Actually I need to just remove all the 10. Interfaces on these...since we are abandoning that network
|
# ¿ Sep 16, 2021 21:17 |
|
|
# ¿ Apr 25, 2024 08:24 |
|
Partycat posted:Maybe the radius server is behind something that won’t allow return traffic ? Seems pretty straight forward . Doesn't make sense since I have other switches on that same network using radius with similar IP's. We enabled MFA on 20-some people without setting up their devices first so I will probably have to wait another day...
|
# ¿ Sep 17, 2021 13:54 |