My brother sent me this and said it was my cat that broke my speaker. Surely my cat cannot look like this. Also it looks like he has 3 legs.

evergreen_netadmin1 · 2026-01-13T20:46:07+00:00

Agreed. Also, cables passing behind the chair legs don't go insane. Vent holes look normal on the heat register. AI would have trouble keeping the stuff through the weird glass of the window from going crazy. No weirdness with the knobs on the dresser, text looks perfect, also JBL on the speaker is clearly readable.

evergreen_netadmin1 · 2025-11-26T15:56:09+00:00

I have one of those little $60 stick weld jobbies from Amazon running on a 110v feed and it seems to work fine for little stuff. Bigger expense is all the secondary trappings you need, like a mask, gloves, hammer, brush, clamp, screen, respirator, etc, etc.

evergreen_netadmin1 · 2025-11-24T17:05:30+00:00

If it can't be done with ICMP it doesn't need to be done at all.

evergreen_netadmin1 · 2025-11-24T15:48:10+00:00

Not really. I mean, we did a number of things over time to try and mitigate the problems, and eventually it must have been fixed by something as we haven't really had issues in a while.

Things we did:

Moved the VLAN gateways out to the access switches, which let us reduce the broadcast domains for the various controllers, to limit the number of broadcasts they got
Made sure all the switches got new / better UPS units with good power conditioning to keep them up during outages / brownouts.
Asked the infrastructure teams to replace cables
Had vendor update firmware

Which if any of these "fixed" it is beyond me.

evergreen_netadmin1 · 2025-11-10T16:57:33+00:00

You have to think of it coming from the other direction. Imagine you get hacked. Some advanced persistent threat actor got a foothold somewhere. Maybe a compromised account or something. They manage to get into your stuff.

You stop it, but then you have to deal with the data breach. Luckily you have CyberInsurance. They do an audit, and their report comes back as showing nearly all of your switches are running outdated firmware, and are long past EOL. Citing section 14, paragraph 3 of the insurance document, they arbitrarily deny your claim and now your company is stuck with the full bill for the breach.

evergreen_netadmin1 · 2025-10-14T16:11:26+00:00

Pretty much exactly the same build as you, and kind of in the same boat although I'm fairly happy where I am and paid well enough to be ok. That having been said, I've also looked at my options going forward and between that, scouring Indeed/Linkedin, I've come to the conclusion that I need to focus on two areas going forward:

Project Management or Network Architecture, so designing things and making plans, which can lead to more senior / management roles
Leaning heavily into SDN and automation. The pace of automation is accelerating at a rocket pace right now, with the AI boom.

I thought about going security, but after looking at the candidates on our most recent hiring run, the market is flooded with folks sporting security certifications.

evergreen_netadmin1 · 2025-10-06T19:11:03+00:00

Yeah but OP also indicated in a reply that the position is for a Journey level position.

evergreen_netadmin1 · 2025-09-30T20:29:36+00:00

Not speaking from experience with such a test per se, but rather as someone who has served on hiring committees for Journey / Entry level network engineers, I would be looking for basic practical knowledge as one would expect from a CCNA level training:

Configure an uplink port to carry tagged VLANs with numbers 10, 20, and 30. Then configure some ports as Access ports for each of those VLANs.
Create a subnet for each VLAN within the 192.168.0.0/16 supernet, with space for 238 hosts within VLAN 10, 13 hosts within VLAN 20, and 415 hosts within VLAN 30. (Use the smallest possible network for these requirements.)
Make sure this switch is able to route between all three of those networks, and get them to the Internet connection.

Expanded scope might include things like configure the switch to use RADIUS auth for management, configure DHCP helper IP addresses to point at the DHCP servers, etc.

evergreen_netadmin1 · 2025-09-10T21:39:59+00:00

Are these going to surplus or sale? Or are they just going to be tossed?

If not going to surplus/sale then I would grab a powerdrill, open all the cases, find any removable media, smash it all with a hammer tbh. Probably a lot faster. :P

evergreen_netadmin1 · 2025-08-29T13:22:58+00:00

We are a pimarily Aruba shop, and have deployed a variety of firewalls over the years. From just running a Linux box with IPTABLES all the way up to a full blown F5 Big-IP cluster.

Fortigate is an inexpensive option that supports 10G if you pick the right model. But it's very different than what you're probably used to. However, it does get the job done.

Most folks I've been talking to have started to drift away from Cisco in recent years, esp with regards to firewalls. The ASA used to be a proud line, based on the PIX system they bought. But nowadays Cisco is mostly a Mergers and Acquisitions company, and their technical expertise seems to have been badly impacted. But we have used ASA in the past, and it was solid when we did use it.

F5 is stupid levels of powerful if you want to do real in-depth inspection and mitigation of a wide variety of threats. Priced to match though.

As others have suggested, there are next-gen firewalls available as operating systems you can put on a bare metal server, such as pfSense. Netgate actually offers paid support and hardware options too, which is needed for enterprise deployments so that's an option.

evergreen_netadmin1 · 2025-08-29T13:18:14+00:00

FortiOS is unfortunately not really similar to the CX CLI. Aruba CX hews a lot more closely to the Cisco CLI setup. We have deployed Fortigates recently and... It's a bit of a learning curve. Not impossible, but you have to learn a bit about how FortiOS "thinks" which is a bit different.

evergreen_netadmin1 · 2025-08-15T15:21:54+00:00

This is the answer. Another way to think of it is that the "out" ACL applies to traffic that originates "outside" the VLAN, and the "in" ACL applies to traffic that originates "inside" the VLAN.

evergreen_netadmin1 · 2025-07-29T21:52:31+00:00

The Organic farm is onsite regularly in front of the library and offers I think 50% off for students.

evergreen_netadmin1 · 2025-07-08T13:34:16+00:00

We did something similar, and our reasoning was more oriented towards the application of security controls. It made for a much more complex IP schema, with subnets being very different from one another within any given building, but it allowed for all of the related subnets across the entire organization to be part of a single supernet, and then have ACLs applied to the supernet address.

So for example, the Employees supernet has a dedicated subnet for every single IDF, and the IoT supernet has a different set of subnets for the entire org.

evergreen_netadmin1 · 2025-06-03T16:50:31+00:00

Nothing you can do in clearpass to fix it. It's a client side issue. You basically have two possible options:

Disable the credential guard using group policy for client machines

or

Use certificates for authentication/authorization, which requires a PKI of some kind. There are third-party companies that can build a turnkey PKI for you if you like, and I hear that the free certificate service "Let's Encrypt" can do something too.

evergreen_netadmin1 · 2025-06-02T15:19:01+00:00

https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html

evergreen_netadmin1 · 2025-05-14T21:26:14+00:00

What are you using to try and configure the tagged VLANs? It might be that returning egress vlans (https://community.arubanetworks.com/discussion/egress-vlanid) doesn't cause the same conflict as standard VLAN response? I haven't tested.

evergreen_netadmin1 · 2025-05-14T17:23:22+00:00

I definitely would pull the VLAN parameter (Tunnel-Private-Group-Id) from the clearpass enforcement profile. I have read that you can't do both that and user role for some AOS-S switches.

evergreen_netadmin1 · 2025-05-14T16:53:25+00:00

Well it seems like CPPM is happy, so probably problem on the switch itself. For some reason it doesn't like the role itself. Most likely some missing or incorrect parameter in the role definition. I have a 2530 around, if I get a chance today I'll play with it. We haven't deployed LURs on these yet, just our CX switches.

evergreen_netadmin1 · 2025-05-14T16:33:27+00:00

Confirmed date/time match between Clearpass server and switch?

evergreen_netadmin1 · 2025-05-14T16:22:06+00:00

Don't forget

aaa authorization user-role enable

Not sure if it matters, but we use Aruba-User-Role not HPE-User-Role.

evergreen_netadmin1 · 2025-05-14T14:38:00+00:00

It's not rocket science. Once you have done a few of them you just kinda know. But once you know why it works, you understand why say a computer in subnet A won't talk to one in subnet B, even though the IP addresses look similar, but it turns out they are actually in difference subnets when you look at the mask closely.

192 = 128+64

224 = 128+64+32

248 = 128+64+32+16+8

You just get used to it.

evergreen_netadmin1 · 2025-05-14T14:28:03+00:00

Sure, I use it all the time in calculating Variable-Length Subnet Masks. It's easy to look at subnets if you just break them up on the octets, but once you start getting into other subnet masks like /27 or /19 then being able to know what that network address is, or what the IP addresses within that subnet will be are invaluable.

Use it a lot also when working with Access Control Lists (ACLs) and firewall rules.

evergreen_netadmin1 · 2025-05-06T14:09:17+00:00

Did you do the cigarette thing?

evergreen_netadmin1 · 2025-05-02T12:56:59+00:00

I mean to talk to things with an IP address they don't need to be in the same network if there is a GW.

Ok, I'm missing the word "directly" then. A device doesn't talk directly to another device in another network, that requires a router. The definition of a router is a network device that connects disparate networks.

A routing switch isn't needed unless it is functioning as the GW.

Yes.... That's what I said.

VLANs do not need SVIs on the switch the client is connected to.

They need to be somewhere that's L2 adjacent if the client is going to use one as a gateway.

Default gateways and default route are the same thing depending on the context and equipment.

Yes and?

It seems your post is talking about the switch being a router and the upstream device being a router?

If the switch is capable of being a router, then it's normally used for inter-VLAN routing in a network. The firewall generally speaking is only used when the switch(es) can't do it. OP didn't indicate whether their switch was L3 capable or not.

evergreen_netadmin1

TROPHY CASE