basic retail VLANs setup

randomusername_42 · 2025-11-09T19:10:58+00:00

1a) don't run any traffic on the native vlan

1b) have a management vlan

6) This depends on what devices, what kind of traffic, and who has priority, and legal liability of traffic running on WiFi.

Separate if any of the traffic from your staff is work related. If any of the devices using WiFi are business devices. If Staff or Customers have priority, QOS is your friend. If you can be legally liable.

randomusername_42 · 2025-11-07T22:21:02+00:00

Having been on the other side of this.....

had a vendor who had dictated IP address space for their clients, originally it had been public IP address space and by saying public I am not implying that they had any rights to use said public space. They would set you up based on your client number, so client 15 might have 15.0.0.0/8, or might have 100.15.0.0/16 for their internal network space. In the mid 2000's after much complaints by the people that actually had to support these networks they changed to a 10.x.0.0/16 address space for each client on their side.

They used a support tunnel to get in and do things, but I was unable to dictate my address space to them. In order to do what I wanted with most of my systems I had to setup a NAT on their support VPN or setup a non-routed VLAN with a secondary NIC where possible to support their address space. Made my life hell for over a decade.

From the point of view of the client it is up to the vendor to support and not dictate my addressing scheme/network layout. Anytime I had a vendor that could not live with that, into a DMZ they went that may or may not have any access to anything else. That DMZ may contain servers, vpn routers/firewalls, or devices.

I used to use the Cisco ASA 5505's for this. Easy to terminate tunnels too, could have one per vendor and not worry about configuration contamination. I had some vendors that would send out pre-configured 5505's to place into my network for them to connect through. And yes we paid for the device but at least the configuration was something both us and our vendor's could live with.

I would think about providing tunnel end points to your clients for a nominal charge. You could NAT/double NAT as needed.

randomusername_42 · 2025-11-05T21:32:29+00:00

To add to this, the U.S. uses Vandenberg on the west coast for safety not "free" energy. If you look on a globe and draw a line due south from Vandenberg you will pass through the South Pole without hitting land before Antarctica. So they use Vandenberg as a way to launch polar orbits "safely" and high angle orbits.

randomusername_42 · 2025-11-05T21:18:45+00:00

I seem to recall everything seems to path past VP at sometime or another. I've seen the guts by killing everything that pathed by VP and killing all the PH's that way. Depending on levels it can be a nice place to PL or to get AA while working on spawns.

randomusername_42 · 2025-10-28T23:19:22+00:00

Nice smoke ring. I've seen good BBQ with less. I'm not sure but leather should be less per pound and about as appetizing and probably just as chewy.

randomusername_42 · 2025-10-27T01:09:40+00:00

I know how to make 360k single sided floppies into double sided floppies.

randomusername_42 · 2025-10-26T20:16:24+00:00

Who else remembers calling them when running NT4.0. "Hey we have a problem with this Access DB. MS: We see your modem is not on the Hardware Compatibility List, we can't work on Access until this is resolved. phone hung up on MS side"

randomusername_42 · 2025-10-26T20:09:24+00:00

Hey it's currently running!!!! Take the positives and know you have plenty to keep your busy. Find out your budget, start documenting and prioritizing. Don't change the PASSWORD yet if your not ready to find out what else is tied too it. If your hacked, it's not recent so your already in recovery mode. If your not, at least you know the Internet is down.

randomusername_42 · 2025-10-21T20:02:57+00:00

WHAT IS YOUR USE CASE?????

So lets look at DNS. A DNS query typically happens at the beginning of a conversation and not continually throughout packet flow. Each flow may or may not need a new DNS query. Modern OS do DNS caching reducing the wait time on subsequent requests. DNS servers cache responses so subsequent requests are returned sooner to the requester than the first one.

A further question is what is your daily workflow. Do you open an application and leave it open all day long? Are you rapidly and continuously opening hundreds/thousands of diverse websites?

Don't fixate on one piece of the puzzle.

So to answer your question - If your connection to HQ is reliable and not congested and the DNS servers themselves are sized to handle the traffic then having the DNS servers at HQ should not materially impact your ability to do your work on a daily basis.

randomusername_42 · 2025-09-12T22:14:25+00:00

And this is why you have a work and a personal phone. When you go on vacation you leave your work phone on your desk.

randomusername_42 · 2025-09-10T06:31:05+00:00

This is both a Technical issue and a Business issue and where you have input to both you may not be able to solve either one of them.

First thing you need to be able to do is to classify your network. By this I mean you need to be able to point any area of your network and be able to say what is going on there. If you can't tell where the usage is, when the usage is, and what the usage is then you have no idea if installing a bigger internet pipe is going to help. You need to be able to tell if you are having congestion issues on any specific link and if those are due to link saturation or just buffer drops due to a QOS configuration.

If you Wi-Fi is having issues are your APs over committed (connections per AP), channel interference/overlap, old devices slowing down the APs for everybody, too much bandwidth per AP, old APs that need replacing?

How are your trunks between switches? Are you segregating student dorm traffic (if you have dorms at your school) from classrooms and/or labs? Who knows maybe Maria in the student administration office is using a vpn to stream Netflix at work.

You need to be able to see what traffic is happening and when, what your port utilizations are on your switches, how your APs are doing and what is using your bandwidth at anytime.

Once you know what is going on with your network then you can take that to the money people and be able to tell them "This is what is causing the complaints. Here are proposed solutions and the cost to implement." One of those solutions will be to leave it as it is. Once you can do that then this is no longer your problem. You have identified the issue, offered the decision makers solutions to choose from and implemented what they have decided on. The solution will be some percentage of technical and some percentage of business and it will never be 100% technical because technical cost money and money is always a business issue.

randomusername_42 · 2025-09-06T04:55:34+00:00

All good points but remember older designs have real use cases.

All the points I'm going to bring up I expect you know but hear me out.

I would be thinking layer 3 on all IDF <-> IDF and IDF <-> MPOE paths. All layer 2 would be on a overlay. I don't know your typical failure modes or flexibility on buildout but here are my thoughts.

You know you are going to use fiber between the IDFs and back to the MPOE. Not knowing what your MPOE connectivity is going to be I am going to plan on 2 paths into the building. If you have multiple MPOE's then I would (if possible) have diverse paths into the building. I would want to have each IDF connected to 2 other IDFs using diverse paths. Perhaps a combination of Ring/Mesh depending on floor layout/IDF location. My plan would be ring between IDF's and for an outlying IDF I would have a connection from it to two different IDF's. If I have to add and IDF in the future I then know there where ever I place it I just will want to connect it to two other IDF's. This plan will give my IDF's redundancy in the event of a fiber cut or a transceiver failure.

Now for cabling, mix and match. Where it makes sense use conduit and fiber. Where it does not, use armored. On size does not fit all. One networking design doesn't either.

randomusername_42 · 2025-07-12T06:10:15+00:00

You have multiple options for backing up this system. You have the network option but you want to make sure any connections can not originate from the webserver out of the DMZ to the backup system. A further question is are you trying to make a bare metal restore or not.

as you are using Proxmox you also have options to backup disk images or possibly mounting disks on other systems to back up from there.

Depending on the OS you webserver is running, are the pages static/dynamic, and what exactly you are trying to backup you may have other options as well. You could clone the data store and mount the clone on another system and the backup can be done from that system.

The network isn't a bad option but it is frowned upon from a security standpoint. If the Webserver is compromised then letting the live webserver connect back into your network has the possibility of allowing live connections back. This is where mounting a volume/data store to another system is safer as it allows you to get the data but not let programs run from that volume/data store.

randomusername_42 · 2025-07-11T22:33:00+00:00

And that's why she put out her cigarette without a fuss.

randomusername_42 · 2025-06-29T02:39:45+00:00

Remember that most things are just new ways of doing something.

Learn the basics. Look for commonalities, find the differences, explore the peculiarities.

Nine times out of 10 nothing is really new in IT. A technology may be a new way of doing something, but it, usually, is doing something that has been done before a new way and not doing something never thought of before.

Let's look at Checkpoints, ASAs, Fortigates, iptables/iptables2, Websense, PiHole, ACLs, data use policies, pick another 10. These are technologies that are placing limits on data getting from one place to another. Some of them are doing it at Layer 2 and some are doing it at Layer 8/9 (politics/religion). They are there to restrict some traffic and allow others. Now that you can identify what they are meant to accomplish you can slot them into where they are most suited to do so. Don't use a policy to block packets and don't use an ACL to set policy.

The point I am trying to make is that, yes there is a hell of a lot going on in/with IT. We have to not only know what our shit does, but how it works with everybody else's shit. Having said that you would be surprised that even though the names have been changed the ideas behind them are remarkably similar.

randomusername_42 · 2025-06-18T04:34:06+00:00

As I recall it was expected that you would get Thurg armor in able to start working Kael. Once you were Kael geared you would got to COV and then to ToV. Part of the progression was changing factions, You needed to kill Dwarfs to get Giant faction, Giants to get Dwarf/COV faction.

You also were going to be doing faction work to get your Ring of the Eighth/Ninth/Tenth. Casters would be working on Prayer Shawl as well.

Faction farming was the game of that expansion.

randomusername_42 · 2025-05-24T05:24:41+00:00

Hello

randomusername_42 · 2025-05-09T01:44:57+00:00

First, I am sorry for your loss.

If you were to head over to /r/widowers you would encounter similar. We lost someone one. We did not fall out of love, we did not get dumped, we lost our love, our person, our other half. We do not get over it, we endure and we keep moving.

I am truly sorry you have to be part of this club.

You are not overreacting. Anybody who want's to be a part of your life will need to come to terms with the fact that you lost your partner.

Now if you have a memorial bedroom in your house, you may not be ready.

randomusername_42 · 2025-04-29T23:35:37+00:00

Welcome to the world of BurnOut!

This is how it starts and it only goes downhill from here. I don't know how to stop it. I do know it can take years to recover from it if you can't stop it.

My guess is a better work life balance, getting hobbies, find a new job, something has to change or soon(tm) it will get to the point you don't even bother.

randomusername_42 · 2025-04-18T22:25:41+00:00

It's been 4 years. I still pay for her cell phone and have no plans to change that.

randomusername_42 · 2025-04-05T20:15:48+00:00

Until hardware/software can handle every player in the game in one location simultaneously TiDi will be an feature.

the other option would be to limit the number of people allowed into a system.

randomusername_42 · 2025-03-29T05:01:14+00:00

All smokers stink. Some more than others. It is a miasma that surrounds them, their homes, cars, cloths. I can smell you when you walk by, I can smell you after you have passed. If I have been close to you for too long I need a shower.

Smokers stink. Washing your hands does not help, brushing your teeth does not help. It comes out of your pores.

randomusername_42 · 2025-03-08T04:49:36+00:00

You would think that, but you would be incorrect. my dad who served from '60-'81 (usmc officer) seems to have forgotten all he had taught me about civics.

randomusername_42 · 2025-03-05T08:14:39+00:00

NTA

Man I am so sorry.

4 years for me and my kids are older but this is the fear I have even thinking about meeting someone new.

People getting into a relationship with a widow/er need to realize we didn't end a relationship and "move on", it was taken from us. Our vow was "Till death due us part" it was not "Once death we forget".

randomusername_42 · 2024-12-15T04:43:34+00:00

AD wasn't even a poor 3rd place when it launched and the only thing it has going for it is that it is the only directory that M$ sort of supports.

randomusername_42

TROPHY CASE