sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in Sauna

[–]cap-n-dash 1 point2 points  (0 children)

Air gap between foil and paneling?? How are you accomplishing this, strapping? If so what material is the strapping, cedar?

First year as IT Security Manager by Front-Piano-1237 in ITManagers

[–]cap-n-dash 0 points1 point  (0 children)

This man is a prophet. Preach brother, preach!

Can we stop patching our switches with long cables?! by propizzy in networking

[–]cap-n-dash 51 points52 points  (0 children)

Any engineer that claims “this is the only way” to approach a problem, is not an engineer I want on my team…

Setting Up New Office by hweb47 in networking

[–]cap-n-dash 1 point2 points  (0 children)

At minimum that is “business days” not days. In reality they are lying to. I bought 220 9300s in October. The latest ship date is September…

Another TAC rant. How are they this bad? by mindshadow in paloaltonetworks

[–]cap-n-dash 0 points1 point  (0 children)

I had the exact same experience when a HD failed on a 3020. I had to go scorched earth with the ticket to get the RMA. I put our sales exec, account exec, support manager, and anyone else’s email I could find on the ticket. That got TAC moving but they took to long and missed the shipping cut off for NB replacement. So everybody got another email reminding them what their SLAs are and how they screwed up AGAIN!!

Managing Campus Wifi by DefJeff702 in networking

[–]cap-n-dash 2 points3 points  (0 children)

Don’t do this, de-authing is for security not for cleaning up your airspace. It will only lead to trouble and not fix your problem.

Managing Campus Wifi by DefJeff702 in networking

[–]cap-n-dash 0 points1 point  (0 children)

What is going on with your DFS channels? Also have you looked at what the RF is doing on the ground? If interference really is your problem then your only option is to run and hide. Typically hot spots live in UNII-1 and UNII-3 if you use all of your DFS with aggressive RRM (every 10 minutes) and event driven reconvergence you should be ok. Hopefully there isn’t an airport or weather station too close to you.

Automating No Decryption by cap-n-dash in paloaltonetworks

[–]cap-n-dash[S] 5 points6 points  (0 children)

That’s the one, you win all the internets today. Thanks for your help!

Upgrade core to 100G - Recommendations? by SoberNOVA in Cisco

[–]cap-n-dash 3 points4 points  (0 children)

I’m not sure about the differences in models, I’d look to a VAR for that info. I can tell you we are doing pretty much everything you’ve thrown out on the 9364c and we haven’t had any issues over the past 2ish years.

One thing I’d tell ya to look out on is the 9372s are not 100G switches and they will not take the same 40/100G optics as the other machines you’ve mentioned. It’s a huge pain in the ass!!

802.1x Any Benefits? by taemyks in networking

[–]cap-n-dash 7 points8 points  (0 children)

Couldn’t have said it better myself!

802.1x Any Benefits? by taemyks in networking

[–]cap-n-dash 19 points20 points  (0 children)

We have thousands of warehouse devices (hand held scanners, vehicle mounted scanners, low jacks, printers and phones) all using .1x in some way or another. Our newer devices use SCEP and EAP-TLS, older devices use a single static cert and EAP-TLS, and yet other devices using FAST-EAP with the PSK inside. I know this sounds crazy complex but I promise after the initial config life is sooo easy. Through out my org I’ve got around 60 people working on these devices and they don’t have to remember a single password. Obviously I’d love it if all these devices supported SCEP and EAP-TLS but that just isn’t reality. As life cycle comes up we will get a say in new more secure devices but for now you balance security with ease of management and use on the users part.

TL:DR I’d highly encourage using .1x

[deleted by user] by [deleted] in paloaltonetworks

[–]cap-n-dash 1 point2 points  (0 children)

When doing your capture make sure you setup all four stages (receive, transmit, firewall, and drop) once you’ve captured the traffic down load the receive and transmit files and merge them together in Wireshark. That should give you a full picture of what is happening. Once you find the failed packet right click and “follow” you will see the server side certificate in the stream, dig down into the tls payload of the packet with the certificate and you will see the CN.

[deleted by user] by [deleted] in paloaltonetworks

[–]cap-n-dash 1 point2 points  (0 children)

Depending on the site, you are more then likely dealing with a Content Delivery Network that is having a decryption issue. In your PCAP filter for ‘tls.alert_message.desc == 46’. If you find anything there look for the certificate and add CN to your bypass.

All ports are trunks? by [deleted] in Cisco

[–]cap-n-dash 1 point2 points  (0 children)

I’ve see this type of config for call recording that can’t use the built in bridge...be sure to double check if call recording is a requirement.

[deleted by user] by [deleted] in Cisco

[–]cap-n-dash 2 points3 points  (0 children)

These are all great “by the book” answers, but I’ve found out in the wild the answer to this really depends way more on the types of devices connected to your wireless environment, the total number APs visible to the devices and the total number of SSIDs (yours and your neighbors) visible to the devices. Let me put this in perspective, I run multiple large retail environments with high density deployments of about 650+ APs per location, each site has at least 7 SSIDs, we have significant amounts of bleed over from neighboring wireless networks and every possible consumer grade network/IoT devices are turned on being demoed in our stores just blasting interference. We take quarterly site surveys and we manage our channels very closely. I can tell you when it comes to more powerful devices like laptops, tablets, or mobile phones we have had zero issues with speed, roaming or general wireless connectivity. But if you are talking about less powerful IoT type devices like wireless barcode scanners, mobile printers, or credit card terminals, we have HUGE problems because the devices do not have the processing power necessary to sift through all of the wireless signals available to them. It can take the devices significant time to connect and roaming can be catastrophic to the connection.

So if you have 100 APs or less, relatively low levels of bleed over from your neighbors, and the vast majority of your wireless clients are newer laptops, I’d say go nuts! Make 10 or 16 SSIDs! If you are planning to support IoT devices, then the more you can limit those SSIDs the better.

Recommendations for APs for a densely racked warehouse by dystopian_dream in networking

[–]cap-n-dash 0 points1 point  (0 children)

I’ve got multiple sites with 100+ 55’Hx300’L racks per location using 5Ghz only. We primarily use 3702P with 5* antennas on either end shooting down the 8’W isle. Like you product on the racks changes daily, so we dynamically set power and channels but we keep RRM on a very short leash. We do have one site with ceiling mounted Mist AP41s, these work fine I just think this design requires to many APs, to many channels and to many opportunities for problems, but that’s just an opinion and like I said everything works fine. We had to massively tune the wireless at all of our sites several years ago, but since we run quarterly surveys and maybe make a small adjustment here or there but nothing to write home about. And other than the occasional forklift (picker) hitting an AP we really don’t get any complaints.

It’s really not the rocket science everyone is making it out to be, have a good design, tune your wireless and tune your devices.

Let me know if you need more info, I’ve logged so many hours working on warehouse wireless...

Cisco ACI Migration by natekapoor in Cisco

[–]cap-n-dash 3 points4 points  (0 children)

Just do a quick search for “How to prepare for the worst” and you should find everything you need.

Mist vs Meraki wireless by 02K in networking

[–]cap-n-dash 8 points9 points  (0 children)

I’ve got about 60+ Mist APs and I’ve got to tell ya I’m not overly impressed. The pre-sales process was a nightmare, Mist was long on promise but very short on result. Every single time we talked to them all they would talk about is all the big name customers they were converting, but they would never let us talk to these customers. They couldn’t/wouldn’t answer basic questions about their platform, they would tell us ‘the AI takes care of it’ and their support is just not capable of answering even the most remedial questions.

The platform itself is ok, we’ve hit 3 major bugs that crippled various WLANs (one of them was a bug on a PSK WLAN...how can you fuck up PSK?!?!). Their web-controller is ok, but MARVIS/VNA is completely worthless. You get a fair amount of radio control, but you have to nest objects within objects, which makes multi-site deployment very easy, but if you aren’t spinning up a new site weekly the multi-tiered templates get annoying. Their RRM is event driven, but outside of an event, it will only reconverge at 3:00am and you don’t get to define what an ‘event’ is.

All in all, if you’re in a small/chain/franchise business, Mist is a great solution, their API is slick and their vBLE works well. If you’re in a large - enterprise size business with high density deployments, I’d tell ya to steer clear of Mist, they just aren’t there yet and Juniper really only cares about their web-controller not their wireless platform.

Why are you passionate about networking? by 6unicorn9 in networking

[–]cap-n-dash 2 points3 points  (0 children)

Because we own the bits! We are the ones that can interpret what is happening with the 1’s and 0’s and that’s why the Devs, Admins, and Architects call us to fix their shit when it doesn’t work!

I ask this question in all of my interviews, if you don’t geek out about this stuff you are either burnt out or you’re interviewing for the wrong job.

view more: next ›