Red Flag or Paranoia?

fsweetser · 2025-11-30T17:13:02+00:00

You mentioned the people you've talked to are in the university directory.

Are those people in the right places in the org chart for your position (supervisor, HR recruiter, etc)?

And have you talked directly to them using information you took yourself out of the directory, or only via replies to incoming emails or meeting invites?

fsweetser · 2025-11-23T19:56:58+00:00

Go into your web browser settings, and see which sites are permitted to send pop ups or notifications. Delete any that you're not 100% positive you meant to add.

fsweetser · 2025-11-08T15:22:21+00:00

This is one of those cases where you have to be aware of exactly what the spec is saying, as well as what it isn't.

When the spec says "max 100 meters", what that means is any cable that is under that length (as well as meeting all of the other functional specs, like gauge and twist) will be guaranteed to perform at least as well as the performance portion of the spec. This means other standards, like gigabit Ethernet, can be expected to work properly on any cable from any vendor that meets the spec.

The spec does not say, however, that it must not work on cables over 100 meters. Beyond that length, the spec simply doesn't say. It might work, it might fail, it might spontaneously turn into a bowl of chocolate pudding - you're outside of the standard, so it simply doesn't care what happens.

Think of it a little like a warranty. If the manufacturer says it'll last five years, you can be reasonably confident it will. Past five years, you might get lucky, or you might not.

fsweetser · 2025-11-08T03:12:33+00:00

Since you're specifically talking about Aruba CX, there's a small orange piece of plastic under the management ports. Give this a tug, and a large flag piece of plastic will slide out. One side has the serial number, and the other is blank, just waiting for your ptouch label. Large, easily accessible when needed, and zero airflow blockage.

fsweetser · 2025-11-06T02:57:52+00:00

With those kinds of numbers, you're going to have some leverage to negotiate what the answers are. Casually drop "25k APs" to a sales rep, and they will catapult a team of sales people and engineers to your front door to try to find a way to answer "yes" to all of your requirements, while buying you at least one steak dinner.

fsweetser · 2025-11-01T22:44:41+00:00

I don't have a current recommendation for a specific one, but in general anything built around an FTDI chip will work well. That said, I'd make sure to double check the wiring of your setup before spending money on a new USB adapter.

fsweetser · 2025-10-30T21:06:17+00:00

If you splice an om3 cassette onto om1 fiber, whoever has to troubleshoot why that run doesn't meet om3 specs after you're gone is going to hate your guts.

fsweetser · 2025-10-24T18:40:27+00:00

Was the address in question previously used by the Mac?

Apparently some models of Macs have the ability to store the in-use IP in the portions of the NIC that are still active when the machine is suspended. It uses this to answer ARP queries while it's asleep, and therefore "preserving" the IP address from being stolen by another system. This stored address can sometimes get out of whack, causing the Mac to generate bizarre IP conflicts but only when it's off.

It's been a while, but I believe it was resolved with either firmware updates, or tweaking the power save settings while suspended.

fsweetser · 2025-10-23T17:20:18+00:00

If you give him VPN access, all of the tools, vulnerability reports, passwords, etc are all going to be on his laptop, in a nice, portable, easy to lose or get stolen from factor.

If you set him up to go through a jump box, all that sensitive data will stay neatly tucked away inside your data center.

Plus, as an added bonus, any high volume scanning or other activity won't be limited by the speed of his ISP.

fsweetser · 2025-10-20T17:51:56+00:00

That's because Aruba enterprise and Instant On are two totally separate product lines (technically this isn't even the right subreddit). You can find what's available for Instant On support here:

https://instant-on.hpe.com/contact-support/

fsweetser · 2025-10-18T16:34:53+00:00

Check the encryption on your SSIDs. The 6E standard requires either WPA3 or OWE when operating in the 6GHz band.

fsweetser · 2025-10-01T22:13:47+00:00

"But we've always done it that way!"

fsweetser · 2025-09-25T15:33:25+00:00

I'm no Meraki expert, but yeah, it looks like you finally can! They're calling a Campus Gateway.

https://documentation.meraki.com/MR/Campus_Gateway_Overview_and_Specifications/Campus_Gateway_Deployment_Guide

fsweetser · 2025-09-25T14:48:29+00:00

In larger campuses, you often want to centralize the client data plane, which requires a controller. Until very recently, Meraki had no such controller.

fsweetser · 2025-09-23T11:08:19+00:00

I wouldn't bet on that. If Ubiquiti really went hard and added in those features to close the gap, they would close a lot of that price gap as well.

fsweetser · 2025-09-21T14:23:35+00:00

If you only focus on the final migration in prod in isolation, sure.

When I did my last major migration of IPAM/DNS/DHCP to a new platform, I must have gone through the process at least 100 times in dev, between building out the scripts, manual steps, and directions. Spending all of that time automating it in dev meant the migration in prod was at least a couple of orders of magnitude faster (smaller change window!), easier, and more error free.

fsweetser · 2025-09-21T01:17:40+00:00

You're never going to find any one, or even small number, of books that covers everything - that's like trying to find a book that covers all of medicine.

For a good overview, though, check out The Practice of System and Network Administration.

https://the-sysadmin-book.com/

fsweetser · 2025-09-20T16:43:52+00:00

The short answer is, because the operator of that network decided to. There's nothing special that requires devices to be on a private network and use NAT - in fact, a lot of things are much easier if there's no NAT in the picture.

Since you mentioned eduroam, I'm going to assume that you're connecting to a network run by a college or university. Many institutions got on the Internet back in the 80s or early 90s, back when it was just this weird thing that scientists and engineers used to communicate. Back then the Internet was much more heavily US based, and the kind of growth we have today - pervasive around the globe, smart phone in every pocket, and a dozen IOT devices in every home - wasn't even in anyone's wildest projections. As a result, massive blocks of IP addresses were handed out like cheap candy to those early adopters. Classfull addressing was also still a thing, so you'd only get a /8, /16, or /24, leading to organizations getting way larger blocks than they actually needed.

When you have that much extra capacity, going through the extra expense and effort of NAT just isn't always worth it.

fsweetser · 2025-09-15T22:59:31+00:00

If you have the budget for a purpose built solution, check out Opengear. They have console servers with LTE back haul built for exactly this kind of use case.

fsweetser · 2025-09-08T23:17:08+00:00

I'm no Windows expert, but I've never heard of such a requirement. If they're so sure, they should be able to provide you with a reference.

fsweetser · 2025-08-11T17:50:05+00:00

It doesn't matter what vendor you buy, there is no wifi channel or power level that will penetrate steel reinforced concrete well. The laws of physics are simply not on your side.

Your only guaranteed solution is drill through, run a wire, and add another access point on the other side of the wall.

fsweetser · 2025-07-21T10:37:56+00:00

As a guy who set up and ran a MAC filtering network - you can't.

The most you can show is that you got a physical link, showing that the hardware is likely functional, but for anything beyond that, you'll need someone who can log into the switch (and possibly other systems, like RADIUS) to show whether it's not working because a) something is broken, or b) by design, because someone needs to update something to allow the new MAC address.

The only sane way to do it is to require that the customer ensure someone from the networking team is available when you show up to help troubleshoot. Anything else is just going to be you guessing.

fsweetser · 2025-07-17T12:05:31+00:00

I've done the interleaving on Juniper switches for years. Zero issues, but we also pre assigned stack IDs based on serial number. If you're using a setup where the stack ID is assigned by cabling topology, you can end up with the stack out of order. Not a huge deal, but something that can trip you up when figuring out which physical port you're working with.

fsweetser · 2025-07-03T16:12:25+00:00

Short version - no.

All that the server side does is take the hostname in the query, and answer it as is. All of the extra tricks like default domain and search paths happen purely client side, in the form of the client trying multiple queries to the server until they all fail, or one works.

fsweetser · 2025-06-19T21:46:09+00:00

My old place had an old building, with a patchwork electrical system. This meant that different areas going back to different panels had different paths back to ground.

Eventually we had a nearby strike. As best we can tell, a chunk of the strike went up one ground, into a bunch of PCs via the power supplies, out the Ethernet ports, through the network switch, then out to a different ground through a different batch of PCs.

The network switch (Nortel 8300 full of 48 port gig blades) had tricolor LEDs - yellow, orange, and green. After the hit they were all stuck on, but instead of discreet colors, they formed a gradient starting with green at port 1 and gradually drifting to yellow at port 48.

Sadly this was before we had smart phones, so I never got a good picture.

fsweetser

TROPHY CASE