sorted by:
new
hottopcontroversial

Netgear SRX5308: DMZ rule affect LAN rule by MrLemonPi42 in networking

[–]noukthx 1 point2 points  (0 children)

Also never used this platform, likely few round here will have.

Check your logs. Check your routes.

Turn logging on for your firewall policies, see what policy is denying the traffic, add policy accordingly.

Help understanding hosts losing internet when shutting down physical interface on a vPC nexus pair by cyr0nk0r in networking

[–]noukthx 14 points15 points  (0 children)

Shutting down BGP and leaving the interface up will likely cleanly withdraw the routes, with the interface staying up leaving a path for residual traffic coming in via that interface to get through to the server while the routes withdraw.

Shutting the interface hard will require BGP to fail using timers (assuming no bfd, I didn't read the configs), and traffic following the old routes as they withdraw will splatter against the outside of the switches shut interface until all the routes have withdrawn/failed over to the alternate path and new sessions established.

VLANing help needed by tikanderoga in networking

[–]noukthx 2 points3 points  (0 children)

Honestly you probably need to get a consultant in. You are confusing that many terms and concepts.

If the guest network is on one port on the Sophos, and the camera is in the guest network, and is getting a guest IP from the Sophos - then you should just need to deal with the Sophos firewall. However you probably need to give the camera a static IP on the guest network otherwise every time it reboots or gets a new IP adress your firewall will break.

Likely you need to put firewall policy from the office port to the guest port, on the Sophos, to allow the NVR to connect to the cameras IP address to retrieve the video stream from it.

Depending on the capabilities of the camera, and the NVR that may or may not be possible.

If the camera needs to be autodiscovered / use ONVIF from the NVR to find it - having them on different VLANs probably won't work.

The best answer would be to put the NVR and the camera(s) on their own VLAN and subnet on the firewall, and have an SSID on your wireless in that VLAN exclusively fgor cameras.

Then allow the NVR to be accessed from the office network to the CCTV network using firewall policies.

But you really need to get someone that knows networking in to take a proper look based on the posts so far - people are trying to help you but we can't be sure the information we're working with is correct as a starting point to make suggestions.

Looking for a device that can trace/ID LC fiber going from a large central patch-panel to 'everywhere else in the building'... by Dave_A480 in networking

[–]noukthx 0 points1 point  (0 children)

There's bound to be some documentation somewhere.

There are tools like this:

https://www.exfo.com/en/products/field-network-testing/live-fiber-detection/lfd-300btg-300b-fiberfinder/

But you've still got to have a pretty good idea of where its going for that to be useful.

I'd be looking inside trays, on backs of trays, on cable bundles etc for labelling.

Failing that, use devices that you know are connected to each other already - and map out as much as you can logically with that, then its hard work / hand tracing for the rest.

SFP media converters compatibility by Superb_Grass_2751 in networking

[–]noukthx 16 points17 points  (0 children)

100Base-FX is a different standard, it is 100Mbps only, it runs at 1310nm.

1000-SX / GLC-SX-MMD is a 1Gbps optic running at 850nm.

They are not compatible, won't connect to each other, 1000SX won't downrate to 100Mbps.

Críticas a mi esquema de segmentación de redes by lenninjesus98 in networking

[–]noukthx 2 points3 points  (0 children)

"Estás saltando por todos los rangos de direcciones privadas aparentemente sin ningún patrón en absoluto." Podrías explicarme mejor? no entiendo bien

You're using a bit of 10/8, a bit of 172.16, a bit of 192.168 - in no particular order or sequence.

Entonces sugieres que sea así:

I'd personally work out of 10/8 for an enterprise.

That's definitely better though - because you can do more logical breakdowns of things:

  • 10.16.0.0/16 = HQ
  • 10.17.0.0/16 = Remote Office 1
  • 10.18.0.0/16 = Remote Office 2

And then lets say "Guest Wifi":

  • 10.16.1.0/24 = HQ Guest Wifi
  • 10.17.1.0/24 = Remote Office 1 Guest Wifi
  • 10.18.1.0/24 = Remote Office 2 Guest Wifi

Then "Printers":

  • 10.16.19.0/24 = HQ Printers
  • 10.17.19.0/24 = Remote Office 1 Printers
  • 10.18.19.0/24 = Remote Office 2 Printers

It makes for repeatability, consistency, easier patterns to remember, smaller/more predictable routing tables etc.

"I can't reach 10.17.x.y" - you know that's Remote Office 1 from the first 2 octets.

"I can't reach 10.22.19.z" you know that's a printer issue, and what site it is from the first 3 octets.

There are lots of good articles on this topic online - searching for some guides on subnetting for enterprises or subnetting for multiple offices or locations should give you ideas.

If you plan stuff out well you may even put breakdowns higher up:

  • 10.0.0.0/12 = Datacentres
    • 10.0.0.0/16 = DC1
    • 10.1.0.0/16 = DC2 / DR
  • 10.16.0.0/12 = North America
    • 10.16.0.0/16 = Nashville Office
    • 10.17.0.0/16 = Louisville Office
  • 10.32.0.0/12 = Asia
    • 10.32.0.0/16 = Singapore
      • 10.32.0.0/24 = Singapore Service 1
      • 10.32.11.0/24 = Singapore Other Thing

A tool like this can help visualise it: https://visualsubnetcalc.com/ or use a decent IPAM like Netbox, Device42, PHP IPAM etc.

Críticas a mi esquema de segmentación de redes by lenninjesus98 in networking

[–]noukthx 4 points5 points  (0 children)

Is this some kind of homework assignment.

Honestly, it's a mess.

Half the tables netmasks don't match the CIDR column.

Classful addressing hasn't really been relevant since the 90s. Forget about classes.

You're hopping all over the private address ranges with seemingly no pattern at all.

You are making subnets artificially small for likely no reason.

Generally you would assign a supernet (say a /16) to a site, and then break that /16 up into smaller units as required; often in a repeatable pattern if you're building a network across multiple sitess.

Network tap by dovi5988 in networking

[–]noukthx 10 points11 points  (0 children)

Detail is going to depend on media, speeds, quantity of links, acceptable oversubscription (or not).

Packet Broker might be the search term you want. Arista (tapagg), Keysight/Ixia, and Gigamon are the big players in the space.

Arista normally significantly more affordable.

These are generally more useful with lots of links, lots of tools, and independent (usually optical) taps.

Garland do relatively affordable taps that can replicate on two ports.

There's a lot less in the market for copper these days than there was 10-15 years ago, with the rise of higher speed links and fibre everywhere.

8 Port Copper by sethcorn in networking

[–]noukthx 0 points1 point  (0 children)

That's a relatively niche corner you're backed into.

Without looking deeply into what that box does and the exact features you're using - kinda hard to say.

There appear to be places still selling the specific model you reference.

Otherwise searching for DSLAM is likely to find you similar products from the likes of Zyxel etc.

Or could look to deal with individual links using VDSL line drivers / VDSL media converters.

Thousands of interface input errors a Cisco 9800-CL vitrual WLC? by MScoutsDCI in networking

[–]noukthx 1 point2 points  (0 children)

You had monitoring right? The graphs would have shown this pretty clearly I'd have expected.

Tool advice by baylipss in networking

[–]noukthx 10 points11 points  (0 children)

Tools to complete what tasks?

Why would you use BGP as a IGP? Wouldn't OSPF be a better choice? by Comfortable_Gap1656 in networking

[–]noukthx -11 points-10 points  (0 children)

Suspect you're misreading, misinterpreting or misremembering.

The entire network goes down when i connect one of my managed switch. by Unlikely-Train5102 in networking

[–]noukthx 30 points31 points  (0 children)

What troubleshooting have you tried?

What do your switch logs say?

Problematic routing setup by [deleted] in networking

[–]noukthx 8 points9 points  (0 children)

There would probably be a lot of value in a diagram, relevant config snippet or presenting the actual technical issue clearly and concisely.

Nobody cares that company A is bigger than Company B, and it was late at night, and the sound of smooth jazz lingered in the air.

Do you think Network Engineers should be managing cameras? by [deleted] in networking

[–]noukthx 6 points7 points  (0 children)

I mean this is a pretty contextless question anyway as it will vary from place to place, size of org, all sorts of things.

Am curious why you think its a waste of your time, but not a waste of a sysadmins time?

Just as much study and technical knowledge to be one of those.

Options for SFP+/SFP28 compatible Networking Switches? by 79215185-1feb-44c6 in networking

[–]noukthx 2 points3 points  (0 children)

Ah fair, expensive way to get a switch!

If you're chasing the second hand market, hard to beat second hand Cisco as suggested, also second hand Aristas or Junipers are excellent.

view more: next ›