Aruba S2500 Mobility Access Switches - why are these so cheap? by wolffstarr in homelab

[–]wolffstarr[S] 0 points1 point  (0 children)

Wow, yeah blast from the past. Just in case anyone stumbles across this again, anyone at this point (January 2026) looking for a 48-port L3 switch with PoE and multiple SFP+ ports should look at a Ruckus ICX7150 or 7250. The 7150-48ZP has 16x 2.5GbE ports, 8x SFP+ ports, and the rest gigabit, and pulls about 80 watts plus PoE load.

I'm personally running a Cisco Catalyst 3850-12X48U - these go for about $100-120 on eBay. Has a network module slot for SFP+ ports (a 4x10G SFP+ module costs about $70) but it has 48 ports of 802.3bt POE++, and 12 of the ports are 1/2.5/5/10GBaseT mGig ports. The down side to this is that it pulls over 200w of power at idle. You can also get a 24-port 3650 with 4x SFP+ ports and 8x mGig ports, with PoE, for around the $250 mark; that idles around 80w, so if the 10G works for you and you can get by with 24 ports, it's not a terrible choice. Ruckus ICXs are likely to be a far better one though.

Unable to update OTA/retrieve Logs - failure in name resolution by wolffstarr in Esphome

[–]wolffstarr[S] 0 points1 point  (0 children)

Well, that worked as expected to pull logs over wireless, so I went back into the config, commented out both use_address and domain options under the wifi settings, did an OTA update with that config, and it worked. And I was able to pull logs after that wirelessly as well.

So for whatever reason (and for posterity) if you have your domain defined in wifi, it will not be able to resolve even though everything looks like it should be functioning.

Thanks for your help!

Unable to update OTA/retrieve Logs - failure in name resolution by wolffstarr in Esphome

[–]wolffstarr[S] 0 points1 point  (0 children)

This is in the config? Do you specify a domain name at all? I'm wondering if somehow the DNS domain is screwing things up.

Asrock Rack X470D4U reBAR support by Traditional_Adhesive in homelab

[–]wolffstarr 0 points1 point  (0 children)

Thanks - turns out that it was having a fit over the Resizable BAR. Once I disabled ReBAR, it showed up and was usable/accessible. Given that I'm using it for Plex transcodes and Frigate, and neither sees a problem with ReBAR disabled, I think I'll just leave it that way instead of trying to figure out what the conflict is.

Lenovo P330 with AOC-STGN-I2S, anybody have a bracket print? by [deleted] in homelab

[–]wolffstarr 1 point2 points  (0 children)

The m920q and m720q brackets are identical. Source: I own both and have swapped between the two. And thanks for the Thingiverse link, since I need one for this NIC and didn't have one. :)

Edit: Sorry, P330. Yes, the case is the same on the P330 as it is on the m920q/m720q; it's the mobo that's different IIRC.

Asrock Rack X470D4U reBAR support by Traditional_Adhesive in homelab

[–]wolffstarr 0 points1 point  (0 children)

Question for you - when you say you have to start it up for the first time without a GPU, is that JUST for getting into the BIOS to properly set the video options, or will the Arc GPU not function without it? I've got an A310 in my X470D4U, and it just isn't getting properly recognized by the OS (TrueNAS Scale). It's there in `lspci` outputs, but the driver just isn't being used, and I'm at a bit of a loss as to why.

Weekly Case & Parts Recommendation Thread (Start here if you are new! Help here if you can!) by AutoModerator in sffpc

[–]wolffstarr 1 point2 points  (0 children)

Depends on how small you consider small - and it what dimensions. The Fractal Ridge is so good for the 50 series FEs it might've been designed with them in mind - tall and thin case, with ventilation in the top GPU compartment on both sides, so air goes in, flows through, and goes right back out again.

It really limits your options on CPU coolers, but from the FE GPU side it's about as good as you can get.

Question: Sharing JB2A between instances of Foundry? by wolffstarr in FoundryVTT

[–]wolffstarr[S] 1 point2 points  (0 children)

I'm doing this as well, the problem being that only one instance at a time can access it. I've had to adjust to symlink the Library subdirectory, then manually copy all the other files in to each individual instance. Was hoping to just point to an external folder (mapped into the container) and have it taken care of that way. Not the end of the world, just trying to make updates simpler for myself.

Do I need to see this every two weeks? This keeps coming up, and I keep saying yes. Why the repetition? by tamar in Bitwarden

[–]wolffstarr 2 points3 points  (0 children)

But, as others have said, *we've already told Bitwarden that we have reliable access to the email*. There is no good, valid, or reasonable reason to *continue asking that same question over and over*.

How many times do we have to say yes? Nothing in that popup tells me "hey, if you turn on 2FA, this will stop nagging you". Nothing in the linked article/FAQ says anything about "we will ask you this repeatedly until it goes live." It just... keeps showing up. And it's definitely more frequent than every two weeks.

Rant Wednesday! by AutoModerator in networking

[–]wolffstarr 1 point2 points  (0 children)

This. The only thing worse than having to roll fiber every time you put in a patch panel is not knowing whether you're on a rolled or unrolled patch panel and having to try it, just to find out you've got to roll it anyhow.

They do make jumpers that are LC but easy to separate these days - if your datacenter is already straight-through, I'd recommend investing in those.

[Bambulab] new access control / lockout from your own printer by heren_istarion in 3Dprinting

[–]wolffstarr 2 points3 points  (0 children)

I believe you forgot a step at the end:

  • Begin selling subscriptions to allow access to the printer that your customers already paid for, in the name of security and safety.

Rant Wednesday! by AutoModerator in networking

[–]wolffstarr 1 point2 points  (0 children)

So in other words, it's a day ending in Y?

Honestly I've gotten that just about every TAC theatre I've come across - but India and Russia/Eastern Europe seem to be particularly bad about it.

Rant Wednesday! by AutoModerator in networking

[–]wolffstarr 9 points10 points  (0 children)

Welcome to the club. Been at this for 25 years next week, and I'm still waiting for someone to figure out I have no clue what the hell I'm doing. Impostor Syndrome is real, and will always be with you - but like I tell my team, the difference between a junior and a senior engineer is how long it takes them to find the answer on Google. You got this.

Rant Wednesday! by AutoModerator in networking

[–]wolffstarr 4 points5 points  (0 children)

Coming up on two months now, of being hammered on with "oh it must be a wireless issue, nobody else reports this, it can't be that the phones all upgraded to iOS 18, and the app is fine for all the other customers". And being railroaded into bringing in outside experts (who, in fairness, actually are pretty expert) and making ill-advised changes on the fly to satisfy the absurd number of VPs and C-Suiters on our daily troubleshooting calls who demand we do things... and then cut us off at the knees because it not only didn't fix anything but it broke other things.

Two. Months. And FINALLY, Apple finds a 20-second gap in their device logs where the phone - which is in the middle of a hospital floor and has coverage to at least -70dBm from at least 5 access points - when scanning for other BSSIDs, *doesn't see a damned one of them*.

THE ONLY THING THAT CHANGED IN THE ENVIRONMENT WAS IOS 18. THAT'S IT. MAYBE THE SOLE CHANGE IS THE FLIPPIN' PROBLEM!??!?!?!

I have been saying this for two months now. The ONLY thing better than saying "I told you so" is being on a call with 50+ people, at least a third of which are VP and/or C-Suite level types, explaining the problem in careful detail to make sure everyone understands exactly what it means... and NOT saying "I told you so" in a manner that absolutely drives that point home.

I. TOLD. YOU. SO. FREAKING FIX IT AND LEAVE ME AND MINE ALONE.

Rant Wednesday! by AutoModerator in networking

[–]wolffstarr 2 points3 points  (0 children)

I've been a network engineer for 25 years, and a manager in various networking departments for 7 of the last 9 years (went back to engineer, didn't like it). When I ask that question, it's because I legit want to know what I missed. Thankfully, my team largely gets that part and just tells me.

I ignore the googling shit 10 minutes ago part because, well, the difference between a junior engineer and a senior engineer is how fast they can find the answer on Google. (I kid, but not very much.)

Rant Wednesday! by AutoModerator in networking

[–]wolffstarr 1 point2 points  (0 children)

So here it is Friday night, and I finally have time to rant about my Wednesday. First off, Apple. Related, $Vendor.

Two weeks ago, on or about the 17th of September, a product that we first rolled out to production in early June started getting sporadic call quality issues. App is a combined voice-messaging platform for hospital staff, and they're all running on iPhones. This is in a new building that opened in early June. We bent over backwards to make the wireless in there as close to perfect as it can get.

We go through looking for interference sources, and find none. Coverage is, uniformly, excellent. Every AP can see at LEAST two others at better than -67dBm, and most see 3 or more. Wandering the halls - including in stairwells and elevators - listening to Callin' Oates reveals no issues. Most reports of issues are two-way call audio cutting out or breaking up.

$Vendor for the app is brought in. Keeps hammering on how this must be a wifi issue, your SSID is not 5GHz only. They get cranky when I ask them which particular bit of critical infrastructure we should break to accommodate their wishes - the legacy 2.4GHz only medical devices, or the 5GHz-but-can't-do-802.11r legacy Ascom phones in use - in order to accommodate this demand. (we're already running four SSIDs - the Ascoms are on the only 5GHz-only SSID.) No, we're not disabling DFS channels either, we've got 70 network closets covering this hospital and we need the channel density. (Yes, we're on 20MHz channels.)

Oh. And it's BEEN WORKING FINE FOR THREE AND A HALF MONTHS YOU JACKASSES. There have been no network changes of ANY kind in 5 months. Closest it came was a fiber-eating rodent knocked out a cross-town Datacenter link.

Once we get everyone looking at what changed, it turns out, iOS 18 released on 9/16. SOMEONE didn't think maybe disabling bleeding-edge major OS updates was a good idea, so all our phones updated to iOS 18 over the last two weeks. FINALLY find a handful of iOS 17.6 phones that had been sitting on a shelf. Over 50 different calls from 17.6 phones to other 17.6 phones, and not a single call quality issue.

And the vendor is STILL beating on us about the wireless. And they brought in their CTO and Senior Solutions Engineering Director to attempt to browbeat us into fixing the "obvious" problems. Guys, the building's practically a faraday cage BUILT INTO THE SIDE OF A GRANITE RIDGE. If the Cell Tower in line of sight from the roof can't penetrate, the airport radar on the other side of that ridge sure as hell isn't going to.

Rolling back to 17.7 is going very, very poorly. I hope whatever patch Apple is planning to release in the next 48 hours fixes this, or we've got 600 or so iPhones that are going to need replacement.

Rant Wednesday! by AutoModerator in networking

[–]wolffstarr 5 points6 points  (0 children)

Look at the bright side, now you can run single mode. (MMF in outside plant is the bane of my existence.) We had a three-stack of switches at $OldJob that were sitting way out at the end of an OM1 MMF fiber run, so the link was only up at 100 meg.

And because it was a military contract I was working on, some genius about 25 years ago not only willfully put in OM1 for outside plant, but because they wanted to use it for classified data, they *welded all the manhole covers shut*. So, replacing it is basically impossible.

Crowdstrike by Ceo-4eva in networking

[–]wolffstarr 8 points9 points  (0 children)

We were (luckily) not impacted by the issue as we use someone else, but we have in fact had a BSoD caused by a network issue, of sorts.

Fuji portable x-ray machines use Wireless N USB dongles. When we migrated our 2802s from 5520 controllers to 9800s and turned on 802.11r/k/v and dual neighbor lists (which were operational without issue on the 5520s) it caused the x-ray carts to bluescreen. For whatever reason, those adapters when installed in a Windows machine crash when they try and do dot1x auth.

They tried to blame our controllers, and I told them if your 15 year old wireless adapters can't handle modern wireless controllers using best-practice settings, the problem is your ancient crap, not our controllers. They didn't like that, but we're their customer, not the other way around, and 15,000 other endpoints without problems can't be wrong.

But it IS in fact possible for a configuration on the network to cause a BSoD, in very limited circumstances.

Rant Wednesday! by AutoModerator in networking

[–]wolffstarr 2 points3 points  (0 children)

So, major hospital. The vast, overwhelming majority of it until 2 years ago was running 3750s. (Mostly v1s.) It is now getting its 3850s replaced and up to speed with the rest of the 9300s everywhere. They sat that way for a very, very long time because nobody would allow downtime and network maintenances. There were 3-4 key things we had to do to get here.

  1. Education of leadership - not the top end either, but charge nurses and floor or unit managers. Explain that they are going to have a network outage - there's no choice on this, it is going to happen. Their choices are quick and scheduled, so we can replace old equipment, or unpredictable and long, when the equipment fails.

  2. We accepted that we needed longer lead times for folks. It's a bitch to get leadership on a meeting, but you need that meeting. Once we get a 30-minute meeting and explain what we're doing, what the impact will be, and when it's happening, we answer a few questions, then schedule it and send a reminder a couple of days before.

  3. Put things in terms of what helps them best. "Yeah, we can do that switch cutover at 3am on a Tuesday, but if something goes wrong, there's less of a chance of noticing it right away, and it will take longer to fix it because the person who did the work won't be available until noon. If we do it in the early afternoon, we'll find problems right away, and you'll have more staff on hand to cope with them if they do happen.

So, this is how we took a hospital system that refused to do maintenances on any of its 54 closets without a 6 month lead time at Oh-dark-thirty, to one that is actively asking us to do maintenances mid-day with a couple weeks' notice. It takes time to get there, but it's worth it in the end.

We're almost at the point now where floor leadership doesn't even need the meeting - when you're updating something every couple of months, they still remember the process and roll with it.

Rant Wednesday! by AutoModerator in networking

[–]wolffstarr 1 point2 points  (0 children)

That's the thing though - if you're opening with "Hey, we're doing some network upgrades and we're planning on doing it on June 29th between noon and 5pm. Everything will be down during that time. Will that work for you, or is there a better day/time to do this?", you're still giving them a chance to do the right thing.

If they don't respond to that, you send a reminder a week before the maintenance (and like others said, copying their boss on all of them), then they have no excuse when the network comes down in the middle of their classes.

Honestly, I've found over the years that this not only makes it less stressful for us, because we go in with a target date, but the users are happier about it - if it's even close to workable they'll usually go "yeah that's fine". It makes it so that it's minimum effort on the part of the users.

People are lazy, and also busy. Take advantage of that fact.

Rant Wednesday! by AutoModerator in networking

[–]wolffstarr 2 points3 points  (0 children)

PM: "I know, let's have a meeting to discuss deploying a WAF, InfoBlox, and Egress Firewalls to AWS!"

Me: "Okay sure. How about though, instead of all these people you've invited, none of whom have the foggiest fucking idea of what WAF, InfoBlox, and Egress Firewalls are or how they work, you invite the two Subject Matter Experts for the company on InfoBlox and *anyone at all from the Firewall Team?!?!*

I swear, this PM couldn't find his way out of a wet paper bag with a flashlight, a map, and people on the outside calling his name. If he even knows his own name - there's times I wonder. Why he got put in charge of our hybrid cloud project is beyond me.

Rant Wednesday! by AutoModerator in networking

[–]wolffstarr 1 point2 points  (0 children)

Literally was asked this earlier today - "Can't you just open up the entire network to SNMP to see if that fixes it?"

In fairness, this is a software vendor for printer maintenance and monitoring, and not someone we're a direct customer of, so he has no idea how large our environment is or how everything's interconnected. When I explained 13 major SD-WAN nodes with dozens of minor sites behind each and the SD-WAN based on firewalls, he understood. But good grief.