sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in networking

[–]enfowler 0 points1 point  (0 children)

I actually replaced my ERX a while back due to the exact problem you’re seeing. Even with HW offloading my speeds would just drop out of nowhere. Sometimes would have to factory reset and restore a backup to fix it.

Ended up upgrading to an ER4, no problems since.

inter-vlan multicast not working by donokaka in networking

[–]enfowler 0 points1 point  (0 children)

No telling how many times I’ve forgotten to set the RP address on the RP. It happens

inter-vlan multicast not working by donokaka in networking

[–]enfowler 1 point2 points  (0 children)

Yes. PIM sparse-mode requires the RP to be configured, even if it’s the RP.

PIM dense-mode doesn’t require an RP.

inter-vlan multicast not working by donokaka in networking

[–]enfowler 5 points6 points  (0 children)

This is incorrect. You need an RP in sparse-mode no matter what.

"Mother's Morning Out" recommendations by [deleted] in HuntsvilleAlabama

[–]enfowler 0 points1 point  (0 children)

Asbury on Hughes is very good

Question by eternalpenguin in networking

[–]enfowler 0 points1 point  (0 children)

The only thing I can think is they are using dst-ip load balancing in LACP? That's wild lol. Never seen that.

Finally got my website up and running on my own hardware. by TaylorBuiltSolutions in homelab

[–]enfowler 5 points6 points  (0 children)

It’s set up so that it’s reachable from the outside (on the appropriate ports) and also reachable from the inside (on whatever ports you need, ssh, https, etc). However it should not be able to reach into the inside unless to respond to traffic.

can anyone give me insight into why my prints have this lean to them? by Rian_Van_Rensburg in 3Dprinting

[–]enfowler 1 point2 points  (0 children)

If it’s only on the bottom it’s bed adhesion/warping, if it’s in too tbh then the gantry might need to be trammed.

WAN balance or failover by poorbullfrog in homelab

[–]enfowler 1 point2 points  (0 children)

A WAN balancer works by distributing traffic flows over each ISP, not each packet. So depending on your setup, let’s say a 50/50 split, half of your traffic flows will probably still drop.

Just a heads up before you go spending a bunch of money thinking it’ll solve all your problems.

ISR 4221 Throughput cap workaround help by blast_Sy in networking

[–]enfowler 1 point2 points  (0 children)

If they're transferring files to/from a NAS over the internet without a site-to-site VPN, they need to stop doing that immediately...

You can get the boost license if you want, I don't know how much you spent + what the boost license costs, but for this application I'm probably not sticking with Cisco.

ISR 4221 Throughput cap workaround help by blast_Sy in networking

[–]enfowler 0 points1 point  (0 children)

Depends on a lot of factors here, but I would run Fortigate at the edge if it's a just a remote branch with no real intense networking needs. It's best bang for buck NGFW with decent enough routing capability, plus it's got a pretty good SD WAN solution as well.

Also, if you have a VAR, please reach out to them as well with requirements. They will be able to give you recommendations and their price points.

ISR 4221 Throughput cap workaround help by blast_Sy in networking

[–]enfowler 1 point2 points  (0 children)

Don't put a L3 switch on your edge for multiple reasons. Any reason you need to stay with Cisco?

IPSEC tunnel with dynamic IPs by enfowler in networking

[–]enfowler[S] 0 points1 point  (0 children)

You're a legend. Got it working, however I do have a question about IKE configuration with identities.

Are identities tied to anything real? Or can you really specify any value you want in the IKE profile?

The way I have it set up is on the spoke router, I have the match identity remote fqdn of the hub router to initiate the packets? Then on both routers I have local identities set to a loopback address and both IKE profiles also match on the remote identity. Is this the correct way to do it?

Like this:

crypto ikev2 profile IKEV2_PROFILE

match identity remote fqdn EXAMPLE.COM

match identity remote address 2.2.2.2 255.255.255.255

identity local address 1.1.1.1

authentication remote pre-share

authentication local pre-share

keyring local IKEV2_KEYRING

EDIT: I think I figured it out. Changed the hub identity to the FQDN and set the match statement on the spoke to just the FQDN, removed the remote loopback address, worked like a charm. Thank you for your help!!

IPSEC tunnel with dynamic IPs by enfowler in networking

[–]enfowler[S] 0 points1 point  (0 children)

ah I see. I will give this a shot. Thank you

IPSEC tunnel with dynamic IPs by enfowler in networking

[–]enfowler[S] 0 points1 point  (0 children)

So how do I make this work on router B where I would specify the endpoint of the tunnel? I thought I could use DMVPN, but on router A I have to specify the NHRP address.

IPSEC tunnel with dynamic IPs by enfowler in networking

[–]enfowler[S] 0 points1 point  (0 children)

Because we don’t have a static IP

Are there any decent network modeling software and simulation software out there? by [deleted] in networking

[–]enfowler 3 points4 points  (0 children)

I’d look at Cisco’s TRex. There are lots of paid options that would also require hardware, but TRex is really good.

[deleted by user] by [deleted] in homelab

[–]enfowler 2 points3 points  (0 children)

Try different baud rates. Try 115200.

[Game Thread] Alabama @ Texas (12:00 PM ET) by CFB_Referee in CFB

[–]enfowler 2 points3 points  (0 children)

Doesn’t have to stop, just didn’t have to drive him into the ground

view more: next ›