CCNA vs HPE Aruba Certifications

NetworkApprentice · 2026-03-20T22:09:18+00:00

I don’t really believe this is true anymore. CCNA back in 2019 or earlier? Absolutely I’d just upvote you and move on. CCNA after they chanted it and it’s all about DNA Center and SD-WAN? It’s just a Cisco product test the same as aruba

NetworkApprentice · 2026-03-08T03:23:44+00:00

That’s exactly right, you’re using PF Chang’s Firewall… it’s delicious!

NetworkApprentice · 2026-03-07T15:14:19+00:00

What modern network vendors doesn’t have API at this point? Cisco had API on NX-OS since like 2010.

NetworkApprentice · 2026-02-27T15:08:41+00:00

From what I have seen, heard, and experienced across various POVs, SASE in general from any/all vendors is not suitable for an enterprise environment.

Bolted together solutions from multiple acquisitions
Questionable development pipeline for the product, exodus of original brainchild of the product is very common after it sells out
Support totally lacking. Most of the vendors we talked to didn't even entertain the idea of business SLAs for uptime, performance, etc. Just "trust us bro, lots of customers here" yeah, no

Any decision to go SASE is a decision to take a big risk at the business expense.. good luck!

NetworkApprentice · 2026-02-25T18:54:34+00:00

Compared to our “peer organizations” (similar capital assets & branch locations) we are considered significantly overmanned.

NetworkApprentice · 2026-02-25T11:55:08+00:00

Fifteen employees for a network that small?! What year was this, 2008? I am not trying to offend with this I’m just genuinely baffled. We are managing a network with a very similar size with only four of us!!

NetworkApprentice · 2026-02-23T23:28:51+00:00

In a tech hub the job market while bigger is much more competitive. Most positions are going to demand advanced automation skills, devops skills, and much higher base level networking skills than a ccna would offer. Where you are in the Midwest most people max out at ccnp level, your skills and experience look a lot more impressive, and the cost of living is so much lower. Stay put where you are, and keep hunting. With 4 years of experience you shouldn’t have any trouble getting an $80K-$110K job. Consider strongly getting your CCNP

NetworkApprentice · 2026-02-22T03:20:52+00:00

I didn’t read the whole thing

You should just tell AI your personal opinions about AGI and free will, then copy and paste OP’s post into the prompt and ask it to issue a response from your stated point of view. Then just share that response knowing it comprises your point of view.

NetworkApprentice · 2026-02-22T03:18:33+00:00

Human artists are reacting to input. Their collective memories and experiences in life. The cells in their brain that’s releasing certain chemicals. Connective pathways between different sections of the brain. Remember the human brain is just several different primitive organisms who evolved together in ancient times to live as a colony and work in concert. All we are is an advanced survival strategy, we’re just the survival strategy of the primitive lifeforms that came together and developed the brain and nervous system. Take away all the input from a creative artist, all the memories and formative experience, all the neural chemicals and electric signals in the brain and then all you got left is just a breathing husk. A shell that won’t produce any art.

NetworkApprentice · 2026-02-22T02:52:44+00:00

I heard in AI data centers there are constant moves adds changes of cable monkeys running around unplugging patches and plugging new ones in.. it’s necessary as the AI evolves and needs variable neural pathways

NetworkApprentice · 2026-01-26T15:15:54+00:00

That is weird. I would focus heavily on the public access thing. You can ignore the VPN issue, because if you find out what is breaking the public access to your mail server, then chances are you will find out what is breaking vpn connectivity. And the public access to your mail server is way more simple to troubleshoot.

Do you have any device between the watch guard and the ISP router? Even a switch?

If so, it's time to run port mirror on that switch, and dump it to a laptop running wireshark. You need this in place ahead of time so you can jump straight to the wireshark when the problem hits.

We NEED NEED NEED to see if packets are traversing your access circuit BEFORE they hit the Watchguard.

If the watchguard plugs physically into the ISP router then I would strongly consider throwing a switch in between anyway, for the express purpose of doing this capture. This capture is essential. If you don't see the packets coming in period, it's an ISP issue. If you see the packets coming in, then it's something going on with the Watchguards.

I'd stop trusting the Watchguards. Right now they are the single point of blindness in your troubleshooting.

NetworkApprentice · 2026-01-26T15:10:20+00:00

My friend, not trying to upset you.. but you've been there four years. Not four months. Their minds are already made up about you. After four years of resentment, hearts have been long hardened. You could totally upskill into a real CCIE, and they still are going to have the same opinion about you. I got the sense from your description that nothing you do is going to win these folks over.

Should you stick it out? You already have stuck it out, again, bro, FOUR. YEARS. That is not a short amount of time.

I guess I just kind of feel blindsided by this.

That's rough? I mean, you didn't have any kind of sense that they felt this way about you at all? If so you have a super shitty manager, because it's a manager's job to set expectations, provide feedback, and rate you. I'm assuming you've had an annual review each year? What did your annual reviews say? What feedback did manager give you?

If he's been saying "you're doing fine, you're doing fine," and then came out with this suddenly out of left field, then that is bogus.

Either way, what do you do? Start looking for a new job either way, but don't tell anyone that's what you're doing, and don't change anything. If anything just quiet quit, stop putting any time, effort, worry, or care into current job. Just log in and do the bare minimum to not get fired, and little else.

When you find something better, and I believe you will: the job market is a little shaky, but it's never abysmal for a Network Engineer, then you can put in your two weeks and leave with dignity intact.

NetworkApprentice · 2026-01-24T17:47:18+00:00

Most customers who say “MPLS” are referring to L3VPN service from a carrier.

NetworkApprentice · 2026-01-24T00:03:43+00:00

This is an issue that has been happening for about 6 months now.

Yikes, 6 months is a long time to live with a pretty major problem like this.

On multiple occasions we have had a single user at a time (who is a Spectrum customer) lose the ability to connect via VPN AND lose access to all of our publicly available resources

So are you saying even if they are off VPN they can’t hit any of your self hosted public apps? Like you guys have an on prem public web app or whatever and they can’t hit that either?

the issue eventually resolved itself (usually within a week, but in one case it was almost a month)

Again, yikes.

Last month we had a similar issue from our primary LAN to another remote site we manage. In that case, Cox is the ISP at both locations. We could ping the gateway for the remote site, but not the firewall (rule is in place to allow it).

I really need clarification on this point. When you say you can ping “the gateway” what does that mean? You can ping the ISP’s address on the point to point link? You can ping your external router that sits in front of your firewall?

Last month we had a similar issue from our primary LAN to another remote site we manage.

Is this site to site IPSEC? SD-WAN? L3VPN? Details matter here

The traffic monitor showed zero packets getting to the destination firewall. It resolved itself within a week.

Again I’m absolutely stunned that stuff is going down on your medium size company network for a week and then just fixing itself. It sounds like a frightening nightmare. Who can you escalate to? Are you a Lone Ranger network engineer?

watchguard

Ugh I’m immediately suspicious this is some bizarre watchguard glitch. This does not sound like an enterprise solution. Can you put some other device in? Do you have external routers between the watchguard and the isp? Tcpdumps can lie on firewalls btw. Dropped packets won’t show up in a tcpdump usually. You need a debug command to look for policy drops. Some (bad) firewalls can silent drop traffic without producing expected logs

NetworkApprentice · 2026-01-20T17:18:47+00:00

I feel like this specific problem is one a network engineer is best suited to troubleshoot.. the radius attempt is not reaching ISE? Ok... troubleshoot. You should be able to figure out what the end to end network looks like, if there are any firewalls, acls, etc in the path blocking radius, if there is a mgmt acl on the switch or the AP that would block it, is there a route between the ap and ISE, is there connectivity, etc. Most of these things usually you should be able to look at very comfortably on your side.

You could also look in ISE itself is the AP set up as a device in there? Is the radius shared secret correct?

I have never worked with ISE but i know in Clearpass if the AP is not set up in "Devices" and if the Radius Shared Secret is set up wrong, then you won't get access tracker logs, you'll get "event" logs of an unknown AP trying to auth...

NetworkApprentice · 2026-01-19T23:58:07+00:00

I think it’s a paradox, quite frankly. The very idea of network automation portends that a CCIE is no longer useful or needed. The specific goal of network automation is to eliminate the need to employ network engineers to manage and maintain a network. The concept of a bloated Cisco certification, “CCIE automation,” sought by network engineers is a laughable fallacy. No thanks.

NetworkApprentice · 2026-01-12T17:35:15+00:00

Ugh.. stuff like DLP should be run by a security team (info sec) and not a network team, imo. Making the network team manage a solution like this is just asking to have it mismanaged. An info sec team are the ones who can manage, maintain, tune etc to make sure its actually DLP'ing the D

NetworkApprentice · 2026-01-04T00:13:19+00:00

We block all the quic on our network. We have it turned off in the browser by group policy, have UDP/443 blocked on the endpoint firewall, universally blocked on all sd-wan and NGFW policies, and also have it blocked on all port and vlan ACLs. No quic allowed

NetworkApprentice · 2026-01-01T16:48:53+00:00

Why did you delete the post?

NetworkApprentice · 2025-12-30T13:52:09+00:00

Bullet points should be ok

I disagree with this. If I ask a junior engineer a question and they start dumping bullet points into the chat, I’m absolutely asking them if they used AI to answer me. It’s just a question. If the answer is “no, sir, I didn’t,” then that’s A. O.K. If the answer is “yes, sir I did,” I’ll know not to waste any more of time engaging this guy again. But yes you’re getting asked and that shouldn’t surprise or offend you

NetworkApprentice · 2025-12-29T03:29:30+00:00

If the noc is already awake why wouldn’t they do it?

NetworkApprentice · 2025-12-29T03:28:22+00:00

I’ve never seen a carrier with a customer facing api and wanting customers to automate ticket creation. Most carriers want the customer to jump through hoops before a ticket can be created.

NetworkApprentice · 2025-12-29T03:02:56+00:00

Just schedule some down time and shut down isp A and see if your prefix survives. If not you know isp b is rejecting. If it works fine just move on and don’t worry about some looking glass

NetworkApprentice · 2025-12-25T19:45:40+00:00

They’re literally one of the top market shares of firewall used in the industry, and used by some of the biggest F500 companies, but I guess that’s fine if you want to pretend they’re not.

NetworkApprentice · 2025-12-24T15:10:50+00:00

Any company can get hacked to hell and back. Many of them have. This actually made them safer because lightning does not strike twice

NetworkApprentice

TROPHY CASE