#networking

Could be for a smartboard, but even then I'd want it offset.

loopback plug on 40km optics Crispy.

@thick minnow 👀

@unreal wedge Sup?

@pseudo blade is there such thing as an affordable 24 rj45 port, full poe af/at with 2 or 4 sfp+?

@little schooner Mikrotik CRS328-24p4s

@hollow marlin thanks. I'm happy it is all wire speed too

That's like awesome

I noticed it mentions sending power on the B pins. What is that supposed to mean?

That it doesn't support type A devices?

Or that doesn't matter as long as the device itself supports the true 802.3af/at?

It's all after negotiation. Auto MDI-x will handle type A/b then PoE takes it's turn

Alright thanks @hollow marlin

No probs

Can someone tell me if it is these squares or one up i am supposed to use... 1 of 3 parts wont fit this way, rest fit perfectly... :/

It's every 3 = 1 RU so if it's like that then it's correct

Also make sure they are spaced every 3 from the top. There are spacing differences throughout. This could lead to alignment issues too

Thanks both. Will take it apart again. Hopefully getting it right 3rd time 😄

One thing I found out when I did my rack, getting the screw holes in when the tabs went up down was much harder than if they went left right, just something to try if you have issues with yours 😃

@clear igloo I still want an explanation on why that is true. Perfect squares and they plop in so easily left to right.

@clear igloo ... that fixed the new issue 😄 It doesnt fit when they are up / down 😄

best place to get help is here 😄 ❤

That's bizarre that it doesn't fit that way but it works so yay 😄

@hollow marlin Yah, I've always been puzzled by that, I wonder if it's because the nut shifts a bit and gets in the way of the tab bending back as easy

They small metal part hits ot one above here when they where up/down. Making the screws go in at an angle.

everything moved in minutes. So much easier now 😛

Nice!

Still need to get the switches, NVR and 2nd server in now. Just enough room for it all now 😄

Looking good. What switches?

D-Link DGS-1100-08P Smart Switch PoE and a Linksys LGS105

The Dlink is not the one i wanted, but ordered wrong one (Too many tabs opened so i clicked the wrong one) 😄 and the linksys is just extra. @hollow marlin

Cable management is the worst thing I know. 50 minutes and it still looks awful https://imgur.com/a/xylWUbr

I mean, I don't even want to do cable management like that. Sure I want to keep check if what cable goes where etc but I don't want to zip tie it etc for example when adding a Ethernet cable or removing one

@green sphinx You could use the fabric style "zip ties" , then you can reuse them when adding more cables 😃

Oh yeah, but should I really just hide the cables? Can't I just show them but sort them better etc?

4 cisco 1841 routers for $150.
Good/bad?

@green sphinx
Could use something like this, and flex self sealing wraps to run above the sideskirts.
Wouldnt look bad.
Chuck some led lines to space them and it'll look sick for home.

Something like those.

I like those

Can't decide if I wanna visually and properly hardware setup my home network, or demolish my house, build a new one and dedicate a room for server stuff, fiber the house and be done with it..

Hey Guys,

I'm trying to pass port 9091 over my PIA VPN instance, but for some reason, I can't get it to route traffic from that port over the VPN.

I've tried creating an alias, and passing that through a lan rule with the gateway set as the VPN but it just won't happen.

Could someone please guide me, or link me to an article which I could follow. My google-fu is not helping, as all the articles show how to route entire IP over the VPN, and not just the specific port from an IP.

Im using pfsense, since I forgot to mention it above

nice pfsense is great

took like 5min to setup ipsec

Yeah, it's pretty good

But this one thing has gotten me stuck

I'm not pfsense master, but I thought it would simple enough. Guess I was wrong

@naive meadow 😮

sorry just saw it contained private info

did it?

like where I live

ah

That aint no problem to share here 😂 😂

😛

@covert ibex If you can get them for less, I would try to pay no more than $100 for 4 of them

my question is whats consiedered a fine line between good and bad internet

id say between 30mbps down 5-10up and 50mbps down and 10up

since mine is 20 down and 1 up its big big big shit

@pine panther 30 is the border line and 100 is the sweet spot as 99% of people never sustain even 100mbps.

@vast coral You just want to route traffic for the remote network over the vpn right? not all internet traffic of the client?

@covert ibex 1841's throughput is pretty trash (~40mbps/75kpps with 64 byte packets and literally no features in use, even NAT) and Cisco have obsoleted them.

At work they seem to handle our 50mbps NAT, VLANs and ACLs with real-world use (it's kinda pushing it, so I couldn't recommend them for anything faster), and their lack of support makes them a hard sell for training also.

@steady loom yes, thats exactly what i wanted to do

i pretty much gave up on that, and just got the transmission-vpn docker file

That's called "split tunneling"

but im wondering how i could have done it throiugh pfsense

it's pretty easy to set up

I haven't setup openvpn through pfsense, but basically for split tunelling you make sure that the redirect-gateway line isn't in the server config.

and then with the server config you push your lan as a route

and then the client will be able to talk to the remote lan through the tunnel

but wouldnt that route all traffic from that IP over the said route?

my best speeds for up and down each on a different test are 493.46 down and 444.07 up

wireless

Hey guys, I don't know where else to ask this since I'm a tech noob so

Can anyone help me out with a hosting solution for wordpress
Reading tons of negative reviews about bluehost and am really confused what to go with, since it's my first time creating a website

I'm a student so the hosting services which don't cost a fortune would be appreciated since this is just a side project

@agile verge It depends on what you are using wordpress for

It's basically for educational purposes as in helping with what school you wanna go to

so you are wanting it as a static website and not a blog?

Sorry but irdk what's the difference between them

Static: homepage with menu bar to take you to different sections/pages
Blog: typically one page with links to stories/entries

I think it'd be a lil more comprehensive

kinda like makemytrip's interface

that would be considered a static website

ohk then

this is an example of a blog https://smartblogger.com/blog/

nah def not a blog

generally for wordpress hosting it just comes down to the amount of storage and traffic you need. personally i have used namecheap in the past without any problems

This would be a new website altogether, so I assume not many people would come through as first

Does namecheap give you host with domain too?

if you go shared hosting they give you a free .website domain

it just comes down to the features for small websites majority of hosts will be fine

Does that fall under the EIG group or should I just stay away from all hosting services under EIG

tbh ive never used any of the hosts under the EIG group ive used Domain.com and namecheap both without any issues before which i currently have 7 domains between them. the problem is no matter who you go with to a degree. the average person/site will all be fine. when you start getting to a 1,000+ viewers a day then you start to worry about the host a little more

scratch that domain.com is in the group so yes i have but i dont notice it

oooh

someone recommended siteground to me for this too

Anyway, thanks for all the help man really appreciate it

yea for the size your site just find a cheap host with good features that looks respectable

Will do

Or rent an Indian VM for $2 a month, and a DNS name for $30 a year, and host your own. :P

^ thats one way to learn

Amazon Lightsail starts at $3.50/month and is quite good if you can handle patching your own Wordpress box, technical people might find lowendbox deals interesting, but if so caveat emptor applies, do your own research.

Alternatively, Wordpress themselves offer hosting.

But isn't wordpress.com quite limiting in functionality

think domain from godaddy and siteground would prolly work fine tho lets see

For my wordpress site, I use XAMPP on a Ubuntu server, a domain purchased from Cloudflare

On xampp I have the MySQL and Apache module enabled

i never realised how many radio towers there actually are around my area, they blend in really well

@agile verge Most people who would consider managed Wordpress aren't super technical and the service is more performant than many of the dodgier hosts out there.

And I'd rather someone use Wordpress.com than spin up/get provided yet another unpatched/secured instance to have hacked later.

ohk thanks for the info

If you know your stuff host your own.

are namecheap and siteground considered in the dodgier hosts

nah I'm just starting out so don't have much know how

Namecheap are good for domain hosting, I know little of Siteground.

My stuff all lives in AWS.

ah amz

I use static hosting wherever possible for performance, cost and maintenance reasons, but none of my stuff needs to look pretty.

@pseudo blade static hosting meaning its not dynamic ip and stuff?

I am considering going with UniFi cat6 cable

Am i losing much using cat6 instead of cat6a?

Ive read cat6a is much harder to install

Just takes a little bit longer that's all.
@remote kernel
Not really a difference under around 30m lines if I remember

@little schooner
Yes.

so would you go cat6 utp or cat6a s/ftp?

Well if you have heavy interference, shielded. Otherwise, unshielded is fine.

Who can help me with a networking problem?

Many people are plenty capable of helping, however, it's better to actually be specific about your question or inquiry so we know what we're helping with in case it something out of our support scope. Can you clarify?

okay how braindead are u actually @thick minnow

uh, really

Thanks for asking

Anyway, I need help with VDSL.

it was said so many times even a dog would remmember it specify a damn problem..

I just did

k.... c'mon now. letsa be nice-sa. What about VDSL do you need help with?

Okay, so we just upgraded to VDSL last week and I have noticed that download speed is actually worse than what it was with ADSL. (Also, I can't get fibre down my street)

So I was wondering, isn't VDSL meant to be faster than ADSL?

And please, dumb the answer down a bit so I understand

Apparently, it is according to Wikipedia https://en.wikipedia.org/wiki/VDSL

probably a ISP problem

contact them

Unfortunately, I know little of DSL because I only accept FTTP or DOCSIS 3.1 compatible modems. All other modems are burned on site in my house.

Yeah I got 10mbs on ADSL and I get 9mbs on VDSL.

thast still pretty bad lol

Agreed, I would be contacting your ISPs support department to have them check things remotely, especially if your DSL equipment has changed, and verify speeds. However, when you upgraded to VDSL, did you speed plan change? And what speed are you supposedly paying for?

mines really bad and its 20mbps and im upgrading to 30mbps

resolve it with contacting ISP and see what can they do

The speed wasn't specific, only that it was unlimited data usage

On Ethernet the speed is 20mbs

So... your ISP doesn't even tell you the "up to" speed you're paying for or....? Oh, so it's possibly a WiFi related problem then - don't test speeds over WiFi to find out your line speed. Always ethernet.

I have

It's still somehow slower

20mbps ADSL, Close to 20 Mbps VDSL

And that's with a 'super speed' modem.

Gotcha, so yeah first steps are find out what speeds your plan offers you, and keep in mind these are always advertised as "up to" this amount. If your plan hasn't changed, then there's no reason for your modem to receive a higher provisioned speed rating just because it's been upgraded to VDSL.

Okay

Let me check

That would be like all the old people around here paying for 15mbps down from the old DOCSIS 1.x days suddenly expecting to receive 150mbps down for free just because the ISP gave them a DOCSIS 3.0 modem.... that's not how that works. Speed increases can be sold for profit so....

Who's your ISP?

Telstra Australia

They don't tell you a lot about the speed.

Ah, alrighty, let me just get my running boots because I'm nope.jpg-ing right out of this conversation now. /s But really.... from everything I hear, unless you live in a highly populated area where Cable or FTTP is available, AUS has shit internet because nbn™ network is "best" network. 😦

Do you know if you're on the nbn™ network, or actual xDSL?

Uh

nbn I think

Sorry

Not VDSL

Im really sorry

I thought it was

I don't know a lot about internet.

no no its fine. I've seen some of the shit that AUS ISPs advertise as their "marketing" materials down there - they REALLY DO INDEED not want people knowing jack about how the connection comes to their home, because they know they can't even come close to advertised speeds in many cases.

I live in Melbourne

By the way

Go here and click on More about nbn™ speeds then scroll down and click on the links under the Got a question? See our FAQs text, then call your ISP and ask to have them run speedtests with you to determine a baseline speed, then ask them to either improve it or switch ISPs.... although other ISPs will be limited by the same nbn™ network most likely. https://www.telstra.com.au/internet

Okay

Wow that is slow

So there's no VDSL in AU?

At all?

No idea, I don't live there, you'd want to check with Telstra to confirm the exact service they're supposedly providing.

Oh...

Sorry

Are you in USA?

I will say this is pretty damn awesome though:
Your Smart Modem switches to the 4G mobile network if there's an internet dropout.

Wish we had that in western Canada, but alas, we don't.

Yeah I have noticed that.

Oh.. Canada...

Okay

Thank you for your help

Welcome, happy to help. They have more on nbn™ here, but again, I'd call and ask so you can get the right info for the connection type + equipment you have. https://www.telstra.com.au/internet/nbn/nbn-speeds-explained

Okay

I'ma go sleepy now because its 230am 😛 Hopefully they can get you sorted out.

Okay

Thank you

My friend in NZ gets 5gb a second lol

And compared to me

Oof

@thick minnow
Aus has xdsl, with 4g backup as the fastest public plans available.

Fastest home connections are 78mbps down - 30mbps upload.

Wh-5gbps? I assume your firstborn gets you your first week paid for?

I would assume the 5gig is his work's connection?

I've got 5gig connections......
To my APs 😄

With the Catalyst 9k?

Yah, lol

I really want to get my hands on a 9300 or 9500 for testing...and the new fancy pants APs

Yah, I don't get my Catalyst 9100 APs until mid-June 😦

I'm wondering if I'll be doing any Catalyst 9600 testing or if the customer I deal with will pass on those. I doubt they'll go that route though but never know if they'll have a need somewhere

@@clear igloo Do you work at a VAR ?

I do not

Good day everyone, how are you all doing?

Good, how about you?

Decent, finals are fast approaching.

I have to brush up on previous course textbook chapters and course materials.

™

Fun

would spanning-tree bpdugaurd enable shut the port if an AP was plugged in to it?

I'm on a cisco switch

I would hate to ping anthony but I feel like he would know

Yes, I believe it will until the AP gets it's image from the controller

The only reason I'm asking is because at my propery I manage I didn't set up the switches. One of them allowed me to hook up a crappy linksys in AP mode while the other immediately shut the port. Comparing both configs I see that bpduguard is the only thing enabled differently

I thought it had something to do with port-security

Yah, if the AP is spending out BPDUs then it will shut down. Depends on the device but if I remember correctly most APs will (or should) send out a BPDU at least until configured otherwise

so if i remove that line from the interface it shouldn't have an issue with future AP's being hooked up?

Correct

thank you!

So i found a dell powervault on ebay

What do i need to use it?

And do dell servers have sas ports

Depends on the model @remote kernel

Its a MD1000

@clear igloo

You need a compatible server then, it's Direct Attach Storage so it's supposed to connect directly to a a Dell server

Is there a list somewhere of compatible servers?

PowerVault MD1000 to PowerEdge R910

Anything that supports a PERC5/E or PERC6/E RAID card will work

Looks like the R910 and MD1000 will work with one of those raid cards, https://store.flagshiptech.com/dell-poweredge-r910-external-raid-controllers/

He gets a 5gb connection to his work.

Or his school

Idk

So to do a storage array i need to buy:

A server (R910)

A PowerVault (MD1000)

A Perc 6 card

2 SAS cables

Correct?

@remote kernel Sounds correct to me. But note you can only use 2tb drives in the MD1000 with a perc6

Oh, what should I use if i want more storage per drive?

@remote kernel MD1400 can handle 4TB if i remember correctly.

I got a T30 and need more space (only 12TB). and have been looking at the Md100 too, so that why i know it wont officially wont work with larger drives. I am currenetly looking at this to expand my storage: https://www.startech.com/uk/HDD/Enclosures/4-Bay-Rackmount-Enclosure-for-SATA-SAS-HDDs~SAT35401U

help with what?

His "Bitcoin Generator" hahahahahahaha

That cable management 😮

mapped network drives are a thing

but can I map a disk drive? I wish to be able to access a CD in my NAS from another machine

It’s possible but I can’t say how to do it as it highly depends on the NAS

i think i've worked it out actually

just grabbing some disks to test with

I made a shortcut to the drive and then mapped that lmao

it works i guess

¯_(ツ)_/¯

shows up as "i" and I can't rename it
but it working is enough for me

@native seal change the share name in Advanced sharing properties window

If you right click CD > properties > sharing > advanced it will have a place where you can add a share name

ayyy thanks dude

@little schooner <3

No problem happy to help

Though I have been feeling a little stressed out by school... In the final stretch lol

I want to know what grade @thick minnow got on his diagram

Same.

Yup, we must know @thick minnow

Hi. Do you have CCTV ? I would like a software that runs on a Linux server (Debian) to interact with my IP cameras. Do you guys know / use one ?

Do you want to just store the camera data, just view it from a linux server or both?

@formal fossil

Both

You can do that with ZoneMinder or you could just have the footage store on the server via FTP and then view live footage with something like Home Assistant and the appropriate plugin for your cameras. The section option is less clean and you don't have a way to scrub footage though so ZoneMinder is probably your best bet

@clear igloo Is ZoneMinder an OS ? Cant really see what it is. My NVR is **** (cant even download recordings) and have tried to find something else for it.

@outer nexus It's not, it goes on top of a Linux OS. One thing I've seen is that you need to get the packages from zoneminder.com and not use the native OS repos as they seem to be out of date

@clear igloo thanks! Good to hear. Then ican try it on my PI and see how it works.

@waxen scroll @clear igloo Got an A. or 100/100 on BB.

Nice!

Yup.

can i talk here about some vm labbing ?

i mean network labbing

No, no networking talk here 😛

kidding, yes, ask away or chat away

Only Nerd™ talk is allowed here.

🅱🅾ℹ™

™™™

I trademarked my trademark that’s been trademarked.

🤔

@thick minnow congrats dude

Thanks

So can somebody explain to me how can i make PfSense VM to only filtter traffic and not make any subnets?

Like i client machines should receive ip from router dhcp or switch but traffic from that would go trough pfsense

is it even possible?

Not sure if pfSense supports bridged L2 mode but I would search around. Maybe they call it passthrough or something as well

well i found some guides for transparent brigde/firewall but it doesnt work or i am dumb

like one VM acts as default router (Wan is in brigde mode with host, Lan is internal network) another VM has wan on that internal network and has another interface that creates another network, third VM is connected to that 2nd internal network (ofc in Wan) and has its own lan (which i am not sure that giving it different address than first machine gives via DHCP is good idea)

all of the Machines are using Pfsense

yet after creating brigde and removing types in WAN and LAN for 2nd machine i lose access to that Pfsense webGUI (even tho i gave some address to that brigde interface to access it)

and the traffic is not on the 3rd machine (doesnt get even addres on WAN)

@clear igloo

although my production setup will be different. like i will buy some nuc to install pfsense on it and get some man switch (unless i get some netgate gear here but i doubt it)

Hmmmm, that all sounds right, been a while since I messed with bridge mode for a firewall but the bridge interface should allow it to be accessible unless the side the second machine is on is considered "untrusted" and has a different security level that's lower OR you're not allow intra or inter interface communication for the different or same security levels

so its better to drop brigde ?

hmm

okay now question regarding my true production setup i want

how can i set a nuc with pfsense with 1 NIC + man switch with VLANs to work?

like thats one advice i got if i want pfsense on 1 NIC device anyway

You'd need to do a router on a stick style setup in that case

?

You could do multiple sub-interfaces on the pfsense box and a trunk port on the switch port. Have the default gateway for each VLAN on the pfsense box and then a default route off the pfsense box out it's own VLAN pointed to the external gateway or a L3 sub-interface in the same subnet as the external gateway's internal facing interface

Really haven't dealt with single ingress/egress interface in a while, I usually deal with L2 stitching or passthrough mode at least. I might be missing something though

oookkkaaayy...well my network knowlegde doesnt comprehand this

xd

how can i make multiple sub-interfaces

Search up "router on a stick", should give you a good graphical representation of what it looks like

on nuc that has only one NIC

I haven't ever done anything with pfsense so I'm not sure of the exact commands but you're basically breaking one interface into several logical interfaces

oh

pfsense doesnt do much with commands

webGUI is mostly used

i take it back

pfsense has command line and PHP shell

hmm i have different question. Router will give LAN access to the switch (because now i have modem -> router -> clients and i dont want to mess our family network with putting pfsense between them)

how pfsense will know that it has Wan from that port and gives Lan to others??

Thats where you begin assigning trusted/untrusted interface or what the PFsense equivalent is. Like Lurik I havent toyed around with PFsense in a while but you assigned trusted zones (LAN) to certain ports

you can do that even with one ethernet port?

because thats how many nuc will have

If you are able to create sub interfaces, yes. If not, no.

This isnt include a ton of configuration on a managed switch if you dont have one already

okay serious question now.. is there a way to simulate such switch on VM or in Virtualbox?

so that i just buy stuff, make little adjustments to what i did in VMs, and go live?

Technically yes but not for production use. Its used in lab applications like GNS3 and EVE-NG. Switching is the hardest thing to emulate because how much it relies on hardware.

Its why PFsense lack so much L2

Why was LTT server down? Maintenance I assume?

Yup, makes sense.

Next server outage:

Btw where can i seek more help with networking stuff except here?

LTT discord is always the first one down for some reason

I've seen at least 7 outages when I tried to login to discord

And it's always LTT down

It's so annoying

The more members a Discord Server has on it, the higher chances there are for it to become unreachable at times. Good thing Discord is still a free service though.

I need to order 50-100 ft of Cat 6 to run at my parents house..... Amazon's pricing is crazy cheap - getting cat 7 isn't much more - confirm to me that there is zero gain by integrating cat7 wiring for a portion of this house while the rest/majority of the infrastructure balances between cat5e and cat6

just in case you are curious - https://www.amazon.com/dp/B07KWSS11Z/ref=sspa_dk_detail_1?pd_rd_i=B07KX1KTD6&pd_rd_w=ivT70&pf_rd_p=8a8f3917-7900-4ce8-ad90-adf0d53c0985&pd_rd_wg=7eorM&pf_rd_r=BQA7BTNBFDYDENQKJ2QM&pd_rd_r=f6efe981-69f6-11e9-af2b-df456cd2a423&th=1

ugh the reviews are cringeworthy

"Thin and easy to set up, CAT7 fixed my Netflix/Amazon Prime performance issues on my smart TV."

@thick minnow CAT 6a is good enough yeah

I've heard that when people try and market networking cables as CAT6E that it's a lie and that it's probably just 6a?

Cat6e is like Cat7, junk with only an ISO standard and no electrical standard to follow

@clear igloo how come some people market some CAT 6a cables that look like CAT 7?

They have shielding and all that good stuff around the connector and inside

Depends on the seller and how much they care about adhering to the spec, some will use CCA or other crap cable and not adhere to the official standards as much. Unfortunately Amazon and other sellers aren't going to test and verify every cable is up to par

Makes sense, why should Amazon check? It's up too you as the buyer to check and do your research, not the sellers.

@thick minnow Because in order for you to check you need to purchase the cable. You can only do so much research with the plethora of vendors. Its the sellers responsibility

Maybe, but it's mostly on the buyer.

It's primarily up to the Buyer NOT the seller to do the research.

I get that but the seller is also responsible for selling the actual product they are advertising.

Again there is only so much research you can do especially on a niche of little reviews, even less of that properly test the wires

@hollow marlin on ebay, if you arent responsibly representing the product you are seller, that is grounds for a eBay buyer case. So yes I agree, it's the seller responsibility to make sure the item is described accurately

The same should apply on Amazon but they are more lienent

Sooo i have a question. Im currently taking a course in programming and management of informatic systems and in my networks of communication class the teacher is saying that wireless networks are more secure are more noise immune that wired ones.i think this is false but i can't argue with him because these "facts" are in the "book" that we are using at class. So is it true or false??

Wireless sucks 😬

More secure maybe unless somebody with Kali, nethunter or any other of the distros are in range..

or a WiFi pineapple lmao

u can pull anything with that

@wraith plank
I'd love to hear the points why a wireless network would be more secure than an ethernet network..

Wpa3 has been out publicly for a few months and theirs already PoC vulns that work...

Because our teacher is God

And no one can say anything agains him

@covert ibex the problem is that he says that because it is in the book its correct and doesn't even bother with justifying it

Or he will be mad 😂

Books can be wrong. Throw a Bible at him.

He makes us watch yt videos about classes...

Brazilian videos

Nope

Nvm. :P

Nop

It's Delgado

Something similar

Were portuguese and he makes us watch videos

It's just a weird ass name

Well, he's wrong.
As long as you's understand that, don't worry about it.

K thnks

Yeah, but we need to say that wireless is safer on the exam..

The struggle it real

@wraith plank @stoic moon Don't your teacher explain why he thinks its safer?

Doesn’t sound like that teacher is all that good at teaching, or networking. Just get through the exam and get on with life. Education is like that a lot of the time unfortunately.

yea :P in electrical installations were told alot of stuff which is rather irrelevant on actual construction sites

id say if an attacker has physical access to wired ports in an environment where properly designed and executed vlans/subnets and 802.1x isnt implemented, WPA protected wlan is more secure. because at that point, you at least need a password to get in. If you want to compare a more apples to apples approach, open wireless is more secure than open wireless because you have "protection" by default because you have physical control over where the ports are. But almost nobody does open wifi anymore. Tons of places run unauthenticated wired networks. Even less do firewalled vlans and subnetting properly if at all.

@outer nexus nope, he says "go search it.."
Or he kick out of the class

😮

great teacher .... lol

lol, that's a horrible teacher

He doesn't even know to check the tests

I think that he sees the answer and be like: "this is 4 points, that one 0, that one 3"...

Because he doesn't know shit about this

😦 that makes me sad

I'm going to fill a complaint

yes do that.

He's really rude too

Probably knows he doesn't know jack and just hopes he can bully people to be quiet

You can't even ask what a word means

Or u get out

Yah, he needs to go =/

He's on this school for 20 years I think

Or 15

ah, one of those "I've been here forever so I deserve to not care"

He needs some VACation

Needs a learning vacation 😛

😂

meh, ive had teachers like that. just nod, smile, and then move on with your life.

its not worth the stress

teachers, customers, employers

smile, move on, and forget the bullshit. you cant fix people on a power trip

What annoys me about those teachers is then you move to a higher level class without the proper knowledge to succeed there =/

the thing is stuff is changing super fast. youre even going to run into official documentation for things you are tasked with implementing in the future that is entirely wrong

if you keep on your game, youre even going to end up fixing products that the developers own specialists didnt understand well enough to implement correctly

my recommendation if you really want to understand what you are learning is to build a lab to implement, break, and fix the things you are learning

most linux stuff is free, microsoft gives out 180 day licenses to their products, there are cisco emulators for network stuff

use your education to supplement your actual learning by doing

ask teachers for guidance, and stick around the teachers that really know their stuff and the ones that really listen and want to learn with you

use the ones that wont as a lesson in dealing with beaurocracy

Also, if you ask nicely, and don't pester them too much, your school I.T guys will more than likely answer questions too.

@thick minnow i do agree with u. My favourite subject of technology is networking and this is kind of a let down for me.

@covert ibex Can confirm, am IT guy at a college

@radiant crane
Can confirm, was one for 4 years. :P

And if i was given the option, would happily do it again.

Yeah, it's gonna take a pretty big pay bump to make me leave lol

He(the teacher) could do much more in terms of pratical stuff like making networks and simulating real cases like debugging a network, the school has the everything we need to do that. And he just sticks with powerpoints and pdf of written stuff

@wraith plank I understand, I had classes like that too. But remember, there is still good information in these classes, and sometimes the teacher is even bound by some preset curriculum they have no control over

@wraith plank You mess around with a virtual lab? VIRL and GNS3 are both free

Oh and packet tracer

We've worked with a packet tracer a operating systems class. Never tried virtual lab though

You could get a book for the CCENT and do labs in Packet Tracer. That could satisfy that networking itch, plus CCENT is a great cert to have on your resume

My introduction to VM's was my second I.T teacher giving an IP range, credentials and a task for us to connect to a telnet server on his pc, without connecting directly to his pc.

Little guidance besides "see google for help" written on the whiteboard.

its hard to go wrong in the networking profession with any sort of cisco cert

@thick minnow and by the way he does have control over the curriculum. supposedly next chapter should be "advanced networking" but he has already confirmed that hes going to teach us html css and php... Makes sense doesn't it??

Yah, if you want to go further (CCNA and CCNP) then VIRL is great as well for the more advanced stuff

Even some CCIE studies VIRL is good for

@clear igloo @thick minnow @covert ibex @radiant crane btw thanks for the advice guys

Yeah no probs!

@wraith plank is this a web development class?

also yeah, no worries

No its the same teacher same class:"networks of communicatio"

Sounds like it's more of an overview course, just to give you an idea how websites and computers work on a network

i was thinking the same

I just now that next year he is going to give us the same stuff html css php

im trying to think of the last time i heard a web developer use the word "packet"

Meanwhile were doing other stuff on other classes. C# in programming
Raspberry pi and Arduino in computer architecture
Windows server ubunto server and debian command line in operating systems

@thick minnow I have a dev say "VLAN" to me and I was shook

@radiant crane I have to be careful, where I live "VLAN" and WLAN" are pronounced the same

lmao

What a problem to have

@thick minnow yeah, but the grades go down as hell

he fucks up all the grades, and that sucks, cuz we want to get into Uni

@stoic moon I think eivarin at least has a better idea now about the topic than before. Just because they have more input from the community doesn't mean they still cant write whatever the teacher wants on homework or a test to placate them.

hm

The, people around you, other professionals, the internet, even official documentation is filled with bad or sometimes completely wrong information.

yeah

I do understand that and that's why i asked here just to be sure @thick minnow.

yeah, we were like "wtf"

how the hell is wireless safer..

Well you can auth with wireless

easily and cheaply at that

WLAN is not at secure as LAN.

Or just Wireless APs in general.

exactly

i think

If implemented correctly, and configured properly WLAN has the potential to be safe-ish.

I guess we have to clearly define "secure" to give a definitive answer

^ +1

and then figure out what assumptions we are making about the default wireless and wired connection

WLAN is not secure. All traffic is broadcast.

Anything that’s “wireless”gets transmitted over the air, so as long as someone even has just a standard laptop wireless NIC in monitor mode it can be bad news bears.

exaclty, wlan cant be totally secure, because its a broadcast, its just...impossible to secure it?

That AND Wi-Fi is a shared resource. So the more people connect to the AP the more devices are sharing the bandwidth.

how does that differ from wired networks?

It is secured but its such weak encryption it can be easily broke. Not including how easy it is to just do a man in the middle

^

I’ve cracked my own home router in like < 5 minutes

Thanks Comcast.

O-O´

What was it using? WEP or WPA2?

O_o

WPA2.

If any of you are using WPS, turn that shit off now!

lmao

😂🔫

assuming i can connect to a wired network, where does it become more secure?

mine needs to be enabled on the settings

like, u go to setings, it enables, searches and disables right away

Yeah I'm thinking secure in the sense that you can get access to my secure resources

but i had a router with it turned on the whole time, just in standby

guys, i have a question

@radiant crane im with you on this one

@thick minnow the thing is that for wired network u need phisical access and wireless u dont

my ISP gave me a router but it doesnt have an settings page

i have to go to their website

You have to be physically in a build to use WiFi

building*

that they made to access router settings

is there a workaround?

@stoic moon Google your ISP default login

It's normally a default

not the login

@radiant crane yah but you dont need tl go to the lan ports to do it so it wont be so obvious

the page doesnt exist

it gives a 404

they removed the page and created a website to access settings

@wraith plank, if i manage an enterprise where the public has access to ethernet ports and access to wireless access points, which is more secure

@radiant crane

or is one more secure

@stoic moon What's your default gateway?

they blocked it for everyone

im not the only one

its right there⬆

i mean, i can check literally everything on the website they made but...still

WiFi is less secure for the end user I get that. You can spoof my network and service users. But in terms of getting to my servers, it's the same as wired. Once you're on, you're only on the network I setup for that SSID or wired port.

@stoic moon they probably turned off HTTP/HTTPS access to the router

You can try SSH or telnet, but that's a long shot lol

i'm just trying to figure out why, do they have better control over the routers?

because i can change everything, and with a much better UI

:p

Yeah that's why I just use my own router for my home

@thick minnow if u manage an enterprise lets say u have a main 48 port switch for the wall ethernet plugs (thats the only way im seeing u having public access to the ethernet ports). Just block the access to the main devices on the network(servers with important data) on the port that leads to switch on the router

i think this would work. would it??

You can block access to servers and stuff with Wireless too

yah i know but he was asking about the security of having public access to the ethernet ports

Just do 802.1x authentication and have a guest VLAN for non-authenticated users

thats simpler

^ Lurick said it

💯

https://tenor.com/view/shia-la-beouf-clap-clapping-applause-impressed-gif-4427576

we have a winner here bois

it sounds simple, but its not the easiest solution, and definitely not something you can just turn on like security features on a wireless access point

is there any way to use a key fob to authenticate the access to the router

?

the simplest answer is probably "it depends on the router"

Clearpass does two factor, I don't know if you can use an actual key

But I also dunno if that works for switch/router logins

You can do 2FA for VPN access but SSH access to devices, no

if it doesnt it should because it is the way to get into an network and lock it down

i mean, you could use a keyfob to authenticate against something else and then configure SSO to get to the router if youve got the backend

not really, it's a much larger point of failure, more traffic to manage, and most enterprise gear is SSO with TACACS or Radius login

@clear igloo Yeah I have everyone VPN if they want SSH access

Yup, VPN with SSO and 2FA to a DMZ network for out of band access to the box if possible is best

I would love out of band

I agree with Lurick, 802.1X is a good idea. That and separate VLANs on your WAP.

Network Security doesn’t just happen on its own, it’s a constant thing that must be done everyday.

Whenever our network messes up, I have to run to my routers with a console cable lol

That's always fun 😛

i rarely had to use a console cable, usually only to verify something was stuck

It's the one thing I love about labs, you can do term servers and oob to everything 😃

then sweat as i wait for the thing to reboot behing a rats nest someone else made decades ago

We have pretty good network techs here thank god

No rats nests

People that claim that something is secure, and is foolproof are the ones that understand security the least.

Like one of my professors said: “If you think you’re too smart to get attacked or hacked, than you’re not so smart.”

Change my mind. ™

i run stuff across a geographic range about the size of a US state and a lot of it was done by techs from places we acquired ove rtime

so there are all sorts of weird rats nest designs

I could image

I work next to my tech, so I could throw something at them if they did something weird

How to secure your laptop: Put it through a chipper repeatedly, burn the result, mix that into a large block of cement and dump the result into the ocean.

@clear igloo I'm proud of our boy

If you could choose between Dell, Aruba, unifi and HP for networking switch, which one would you pick for a small business who cares about reliability?

Two of any of the above.

Redundant everything.

Unifi is ubiquity right?

Yes

Yes.

@pseudo blade which ones?

Small business, Unifi is cheaper I think

What's my budget?

im in security now, i have accepted that i am screwed seven ways sideways and every mole i wack just means someone found 7 more

I feel like unifi is lacking in the quality department for switches

Maybe $1.2

Thousand

Lol

A Dollar twenty? 10mbit hub.

:P

Lool

No 1200

you get one ethernet cable to share

Access or core?

And how many users?

Access

Uh 50 users

50?

Hm.

Yes for now

More than 50 later?

Until the room destruction

Yeah

Do I need 10 gig uplinks?

Yes at least 2

Is this your previous scenario?

Sort of

But we had a budget increase

The business department is listening to all our demands

Aruba 48 port starts at $1K

So that's out

How many vlans can it see?

We don't use any vlans here

Mhm.

But we'd prefer a very reliable switch that isn't frustrating to configure

Or suddenly stop working from misconfiguration

Or have broken igmp

Which switch did you have trouble with?

We were testing edgeswitch before

i think juniper switches have the ability to test config changes before commit?

Yeah and rollback

I miss my Junipers

That sounds pretty cool

All switches should have that

i only got to touch one once when we were testing it out

Cisco's right out at that price range and feature set.

Yeah and money for updates is tight too

Have you considered used/refurb at that price range?

I'd legit consider Mikrotik, but more redundancy.

@clear igloo we have actually

Like ebay

What's the eBay prices?

Maybe we can start there

In class right now

I'll bbl

Going refurb seems undesirable considering the typical level of vendor spite.

My only problem with refurb is I like everything to match

I'm kinda spoiled by MT. They have some legitimately nice stuff if you know what you're looking for. Downside: If you get stuck you have less options, can't just pull a CCNA out of a hat and get it fixed in an hour.

Is the CLI for MT different than IOS?

Different, absolutely. Harder... Maybe not.

I use both.

We have all cisco stuff and one Aruba distribution switch. Aruba OS and IOS and pretty similar

We're demoing to move to Aruba distro and access

Most vendors just clone IOS.

ive noticed a lot of new techs out of school are taught solely how to use the Aruba "GUI" if faced with CLI

Some things make more sense in RouterOS as a result.

The GUI isn't bad

Some things don't.

Aruba's GUI?

It's also nice to have that option

Never got to play with Aruba kit.

But if you know IOS, your know ArubaOS

you*

Yeah. Same with Force10 switches.

Straight clone.

Huawei's half-and-half.

The only diff I saw was "sh int status" is "sh int brief" for Aruba

i havent touched anythign but hp->aruba since school

I'd like Cisco as an option for anything more than I do if it were priced logically.

Yuppers

That's kinda where Aruba comes in

There's nothing special inside them.

We're gonna mess with the Clearpass and hopefully assign wired VLANs by 802.1x

fingers crossed though

That might just be vendor talk

man, its been a while since ive had to deal with a lot of this, the last year, i've mostly been developer wrangling and knee deep in bash and powershell script

I found out about Netmiko and Python about a couple months ago

Boy howdy

i really need to get more into python, its easy enough to read that if i disappeared, someone would at least be able ot figure out what was going on.

It’s easy to write Python that no one will ever be able to read

Yah, you can definitely make it hard to read 😛

i do try my best to make things easy to read and document harder concepts

also try to make tools rather than one off scripts

unless someone is an ass to me

😛

It’s easy to write Python that no one will ever be able to read Easy. Delete it.

If you want to distribute it, making it so nobody will want to read it after seeing it is probably easier :P

^this

nah, i try to go with standards and such so people can hopefully learn from me, or at least my mistakes at a miminum

I always follow PEP 8 but I can still have some crazy things

@radiant crane I've seen some Aruba 2540 48 port switches go for $890 on ebay

And they have 4 sfp+ and meet the requirements

But i don't know if it's reliable

Updates are free I think...

@little schooner I think it's HP that provide free updates but I could be wrong. I don't know of really any other vendors that do by default unless it's a critical issue or security problem

You could also look at something like the WS-C4948E-S which are about $150 on ebay right now but used in most cases

Aruba and Cisco are enterprise level, so they're reliable or at least should be

Which managable switch company should i look for when buying this stuff? Ofc not Cisco since its too damn expensive

What sort of features do you need? If it's not enterprise level stuff then Ubiquiti is usually pretty good for prosumer level stuff

Like if you just need ports and vlans then even a TP-Link or similar managed switch is plenty

was about to watch this cisco presentation

is it on in 5 mins?

More like home\small business @clear igloo

@chrome raptor Yah then TP-Link, Ubqiuiti, etc. are going to be more than capable

@thick minnow I believe so, 1pm EST

But security wise? Is tp-link up to the challenge?

@thick minnow They're probably going to do a lot of talking about the Catalyst 9600 switch, Catalyst 9100 APs (WiFi 6), and some 5G stuff

What sort of security, I believe they do have several that offer dot1x and whatnot

I am beginner in that stuff tho i have encountered tplink in some articles about vurnelabilities

Do you think it's possible to replace the Cisco fans with quieter ones? In a personal use setting

yes

go find the noctua equivalent fans

@little schooner in most cases no

Unless you don't mind some janky fans and turning off the fan notifications 😃

@clear igloo oh gosh I remember this actually. My supermicro server keeps bothering me that the fan speeds are too low and in the red zone for some reason

Any of you guys mess around with the Aruba/HP switch? What's with this "dual personality" ports?

How’s it going Networking Nerds™?

What are the chances of the Cisco switches being fake on ebay

@little schooner Depends on the seller, price, etc.
Like if they are selling a Catalyst 9300 or something for $100 then it's a fake but if it's old hardware for that price then it's likely good

@clear igloo so I'd imagine this one is fine then, based on feedback and the description
https://rover.ebay.com/rover/0/0/0?mpre=https%3A%2F%2Fwww.ebay.com%2Fulk%2Fitm%2F253640891185

@little schooner Yah, that looks legit

Hi guys! I'm looking for somebody who have some knowledge about setting up the "Pihole". Send Priv message pls!

when does contention-based media access control protocol outperform control access protocols and vice versa? Please send in DM's

@timber pulsar are you referring to wireless?

Looking into ip cameras and saw that ubiquity has some that works with their enterprise system. Anyone have experience using their systems? Currently use gigabit Asus triband wireless router. RT ac3100

Cameras are...ok.. decent quality in day light and Unify makes setup a breeze. Not enterprise.

But they are wicked expensive and can build a better system for half the cost

I just tested my ethernet speeds and I think these are good

👀

Not bad at all

@hollow marlin do you have any suggestions on where to start? We are building a new house and in the house we have now someone lived through a home invasion and to make things feel safer I want to have cameras up.

okay so mesh looks like a good way to go with things now but Im not sure if unifi is the way to go. We will have gig speeds so any suggestions?

i wonder if swapping a long cable for a smaller one would help the speeds go up

i mean

i think it wouldnt matter

since all the cables have some distance before the speed degrades

and im like 2 meters away from router

and i use like 10meter one

just wondering

I think mine is a couple of meter it runs on a diagonal angle across the floor

not sure what type it is

i mean if the speed downgrades from like 1 meter cable to 10 meter cable

becouse it needs to travel further distance

u know

shorter cable = better speed (stable-er speed)

yeah I have no ports in my room

@pine panther Ethernet will run the same speed up to 100m before you see degradation

yeah thought so

ethernet cable

the smaller ones just help the looks

and declutter things

Yah, they look cleaner when you don't have excess

but idk if this is some black magic

as i used a smaller cable from the switch to my pc i dont get 15mbps i get 17mbps

xd

not a big difference but there is some

now i use a meter one and the worse one was like 15meter

That is a bad quality cable then

It could be the longer cable is damaged or just crap quality

^

But you also have to see if you ran the same number of tests over the same period of the day did the average make any difference or was it just a couple of tests?

avg with the old was like 14.3 and with new 17.8

20mbps ISP

@clear igloo
I thought it started a little over 30m.

30m for 10gig on Cat5/6

*cat5e

cat6a is 10gig over 100m right?

is 47% humidty and 19.1 °C is okay enviorment for a server?

thats within in the safe range so yes?

okay great. Thank you. 😃

I think humidity is 40-60% and temp is 10-27 but i could be wrong. I know the ideal temps are between 20-22

anything around that is fine though imo

Is this for a small home server or a larger server room?

Currently 1 9u rack with 3 servers in for work related stuff. Expanding later this year (hopefully) to many more servers.

@thick minnow yeah 6a is 10gig over 100m

real expensive though. Any reputable companies with decent prices?

Like cable is expensive?

Last time I checked prices it was waaaay more than cat6

Also is cat7 a thing now??

cat7 is very close to same price as cat6 where i live. Sometimes its the same.

i wish i could get c7 tho

but idk if i can plug it in normal etherpnet port on motherboard

or i need a external ethernet card

@pine panther You can. cat7 works justlike a cat6. 😃

i got cat5e

@outer nexus Just keep in mind there isn't any official electrical TIA/EIA spec for Cat7, it's only an ISO standard so quality can vary a large amount

True

What do you all think is the time scale for when 10 GB ethernet will be needed?

In a home I mean

@thick minnow never. People don't realize that people can even reliably saturate 150mpbs let alone a gig. (I'm not talking large downloads)

*cant

So trying to run 6a isnt worth the extra cost

6a really isn't much more. Cat5e will last a long time. Other than streaming we are not pushing more bandwidth on day to day activities

like the standard internet is like 50-100mbps

speed*

100 is the sweet spot for a typical family. Heavy streaming I see max spikes around 120mbps. That was the flow of ~1200 homes

We have the gig package and get around 500 to 600 down on a 14 year old connection from the street. I'm assuming the new house will have a higher percentage of the supposed gig speeds I hope

@thick minnow of course it's worth the cost, it's so minor and has all the extra benefits of future proofing

Do you really want to rerun everything again

And one way to saturate the connection is to simply host a file share on an SSD and download big files like videos or isos

Then you will see how clear the benefit becomes

@little schooner that's not the average. Like I said, large files are the only reliable way to saturate over a 100mbps.

Day to day browsing/streaming. You wouldbt notice anything

Hmm. Well so far in my life I havent needed to transfer anything like that but if I create a lab for myself I might.

@hollow marlin
Are you saying average doesn't include the people with a NAS?

Average doesn't include people downloading ISOs nonstop from the internet or redownloading a 500 game steam library every week 😛

@covert ibex the average person doesn't have a NAS. Again NAS, large files, steam....those are outliers.

Steam... had an issue with them trying to get back into my account after I did a fresh windows install. Got in now and have the info stashed somewhere now.

Steam is hella slow when it comes to downloading games and update patches sometimes.

Even with pretty good download speeds, I still find Steam to be a sub-par sometimes when it comes to downloading updates, let alone full games.

Then again it could just be me, perhaps I should optimize my home network.

lol

It's not your network, steam uses a ton of CPU and time unpacking the downloads. This tends to feel like steam is slow

@hollow marlin I kinda wish Comcast would bump their upload speed to at least 20 mbps

The upload speed can kill a home connection if you have cloud backup running in background

It's happened to me too many times

Optic limitations are finally becoming a thing of the past and sysmetic connections just make more sense

Upload is a silent killer for networks

I finally have a new competitor in the area that can provide 150 mbps symmetric for $50

But I have to wait until next year for the full rollout in the state

That's very bothering that Comcast can still basically rip me off for another year

Govt. here made it so that the only way to sell symmetric connections via the NBN is to pay them for a faster connection and artificially limit the download speed...

I mean, almost all downlads are artificially limited from 1/2.4/10gig

Hey can someone tell me The difference between a MoCa and a modem. Modems with coaxial cable input seem to do the same thing that MoCa’s do what’s the difference?

Moca are typically used to convert Ethernet to cable. Say your house has cable run to every room but not Ethernet. You could get two moca adapters and just attach your devices. Modems actually convert the signal from the ISP. Each use different frequencies

Could a modem do the same thing as a MoCa. MoCa’s seem so expensive for what they do and I’m trying to save money

Theoretically yes, but they are not designed to do so. Moca is quite expensive for what it is and it can get complex in some situations

Sigh Might as well try both and then return the one that doesn’t work or is most expensive

What is your goal?

Don't usea MoCa unless your ISP gives you one. And don't use a modem if your ISP gives you a MoCa, use a router.

Well strap yourself in for a long story.

I already have Internet in my house but I want Internet in my room because gaming has been extremely annoying for me on a wireless connection. So I went out to my cable box and the main cable only plugs in to the room where are my router is. My plan is to use a splitter and have one going to my router and one going to my room. And since MoCas are so expensive I was thinking about getting a router or a modem to switch it to ethernet

@unreal wedge why would the ISP give a moca? Only DOCSIS will provide a connection

They use two different frequecies. There is no harm using your own with DOCISIS

I'm skimming and trying to give a simple answer. My ISP gave me a MoCa for my fiber setup.

K

@subtle nacelle While many people here dislike power line adapters they are not bad for what they are. Sure you wont pull close to a gig like Moca but you will get 100-150mbps and much lower latency than wireless.

Plus they are a bit cheaper

But people like to focus on the pure throughput

Hmm something to think about...

I’m still leaning towards getting a modem though

What's a moCa?

Its a coax to ethernet converter

Hmm. Dont modems just do that in general? Or am I wrong

Technically yes, but there are differences with DOCSIS and MoCa.

Ah. I'll have to do more research.

Apparently my Cox one is a docsis

MoCa master race.

Nah, fiber master race fam

My MoCa is part of a in-home fiber network, fite me.

No need, already hurting yourself.....waaa pow

whats moca @unreal wedge

@winged lynx It's internet over Coax cable, the same cable you use for TV stuff

Not too long after I decided to run cat5e, my ISP decided to upgrade my modem to one that has MoCa built in so I could have just got a MoCa adapter (my house has Coax everywhere). It’s meant for their multiroom tv (which I don’t have since I get tv from someone else) but you can use it for whatever

Is there a real difference between sfp and dac connected cables for 10G communication? I've read online that DAC is more cost efficient but shorter distance than it's sfp+ counterpart. Is that the main reason or are there more?

i dont think so

Yea. DAC cables mainly have the length limitation and are also huge and don’t bend well. The can be a lot less expensive in many cases though. They are also not suitable for places with huge amounts of EMF but at that point any computer may also have issues.

Usually they are used for interrack comms with fiber for external connections

Interrack meaning inside rack rather than between racks

Is it normal that infiniband has higher latecy than ethernet?
I'm not sure if I set it up correctly

@pastel dew possible just a chipset difference? I mean those results are almost negligible in real world use.

I would almost call those results margin of error even

exactly

why is AAA documentation so fragmented between whitepapers 👺

@hollow marlin well I guess more reason for companies to pay that support cost so they don't have to deal with the problem

So looking for recommendations for home network planning, I want 2 individual 10gb connections from my unraid server to computers so each computer has dedi 10gb probably through nic teaming I imagine so there's 20gb of bandwidth, I was looking at using one of the new microtek 10gb sfp+ switches that's only like 100$ and has 4 10gb ports and can use last gb eth port on the switch to run to a pfsense router for my gb internet. I have not used sfp based connections before and was curious if there was like keystone's or anything for them I could use for like a wall plate termination for a cleaner aesthetic in my computer area on other side of wall from the server? Or just run a wall plate that has like the whisker biscuit type thing for feeding random cables through be my best bet?

@topaz cove what will you use the 10gig for? It would work but you really need experience for mikrotik. It's not the most user friendly but they are Rock solid for the cost. Heads up is you might have 20gbps total you can only have 1 max stream of 10gig. Finally they do make wall plates which are essentially bulk heads in a outlet cover

I've got some experience with networking in Cisco and work with network environments, biggest concern for me is the cable networking

@topaz cove the commands are very different but at least the documentation is decent

Also the reason for 10gb dedicated for each computer is in hopes that I could use the unraid server as a Nas for game and document storage for 2 sff computers. And with the 1 max stream do you mean each computer can only have 10gb or total both computers can only use 10gb between them even with nic teaming?

I mean device to device 10gig max. The other 10gig nic can be used for other things. Thats how LACP on the Tik will handle it.

Ah okay, good to know thanks

I really hope Mikrotik ups the base amount of flash space they ship, and soon. Watching flash usage crawl up quite rapidly, this is pretty much only essential packages and doesn't include the base package...

This would have left me with about 5MB free at the beginning of the year.

LTAP mini with advanced-tools,dhcp,gps,ipv6,lte,ppp,security,system and wireless on 6.44.3.

Not sure if this belongs in Networking or Deals channel, are Ali Express Wifi cards worth the hassle?

How long's a piece of string?

|------------------------|

@short spire I would not buy from Ali Express. I do not trust the quality 😃

@short spire
You get exactly what you pay for.
No more, sometimes less.

--oftopic

|------------------------|
I actually hate MySQL always doing that, they have a way to ignore that. Just had to say that 🤔

@pseudo blade I still despise that they do that. No reason to have 16mb. But if you manually push packages through netinstall you can get some space. I just have a small flash drive in my AC2 for logging

Netinstall isn't generally necessary for that as unless the device uses SMIPS, packages just load and install from RAM, and 64MB RAM is enough to make that happen.

It's just that Mikrotik are reaching the point where even that's not enough, growing by a few hundred kilobytes per month of patches on MIPSBE.

The base package under 6.44 for MIPSBE uses about 1MB more disk than the last 6.43 build.

Because the SMIPS packages are effectively limited to half of flash if you wish for OTA upgrade support, those devices are an absolute pain in the ass to manage.

When it comes to per package installation, netinstall is the only way to go. The bigger problem with package s are still a ton of decent routers with 16mb of RAM also that cannot upgrade without farting around with it.

@hollow marlin No arch for us yet outside of SMIPS requiring Netinstall, plus Netinstall's given us enough issues that I was tasked at work to write an alternative.

Never had a problem with it

Plus our devices are up poles all over the country, so netinstall isn't practical regardless.

PSA: Unless you're on a really, really tight budget... Don't buy SMIPS stuff, it's cheap for a reason.

All we deploy I'd ac2. Not deploying $19.95 routers to customers

Good plan :P

We've got well over 100 of varying models outdoors, going very heavy on automating configuration and management.

Anyone know if dLink managed switches have issued with powerfailure and afterwards not working (no internet connection, all LEDs show up correctly, just no connection)...

@outer nexus I've seen that happen on my net gear switch. All LEDs were lit and it was doing nothing. A reboot with the power cable disconnected for 1 minute solved the problem

@little schooner okay. Will try disconnecting it for one-two minutes 😃

@little schooner thank you it worked. Now getting pings from the servers again 😃

No problem

it RARELY happens but when it does

its very noticable when the internet is down lol

Anyone here familiar with setting up NAT Reflection in pfSense?

I am inside my network trying to access my port forwards, but it's just giving me my pfSense Web Interface
Because it's figuring out like -> no need to go outside the network since wan ip == router ip -> i'll just give you the web interface
but i want to forward port 80 for example, and be able to access it from inside the network with the external wan ip

Ok guys, so I have an install of KDE Neon (based on Ubuntu 18.04) and it's running many processes with weird names, run as root. 192.168.1.65 is my phone's IP on the local network, but my phone isn't even on. This isn't normal behaviour, right?

Plus the random IPs, other than my phones one

@celest geyser
iptables -t nat -A POSTROUTING -o <interface
which can access wan> -s <private ip subnet> -j MASQUERADE

@pastel dew what exactly will that do? I am not too familiar with low-level iptables.

@celest geyser https://unix.stackexchange.com/questions/78320/how-does-iptables-masquerade-work-on-the-incoming-side

wait...
I misunderstood what you mean

I think so

I can show you in a screenshare if you want

@celest geyser
iptables -t nat -A PREROUTING -p tcp -i <interface> --dport <port listen on public ip> -j DNAT --to-destination <private ip>:<port listen on private ip>

if you connect to public ip:port it will forward to private ip:port

I just want to disable the wan -> internal ip routing, want it to go outside the network and actually reach the port forward rules

where is the service you want to access
I thought it's inside NAT. is it?
and want to access service which inside NAT using public ip?

Well, I want to check if something is port forwarded

I start thinking, is my English really that bad? (´；д；`)

I'm probably just stupid for the way I am explaining it

I think what @celest geyser is saying is that he sees these process making connections to the IP of his phone even when his phone is not on and does not know what they do and why they are making these connections.
In my quick research, I have no idea either. All the ones going to port 443 are probably https connections but I don’t know about the ones to your phone. Maybe there is some sort of service that I don’t know about for remote syncing or something.

Sorry Bryce I have no clue what you mean. My problem doesn't involve a phone or processes connecting to some daemon.

Oh

Wait

I look on the wrong person

I’m so sorry

Haha

No worries

It was some other person that just posted right in the middle of the conversation and I got confused

I think you meant @thick minnow

Yea

are shielded ethernet calbles worth it?

and if they are what are the benefit from them

@pine panther
Good for high interference locations.
Like.. radio towers, MRI machines, bigger than personal servers.

how about i buy these for my pc and personal use around the house?

https://www.amazon.com/gp/cart/view.html?ref_=nav_cart like this

@pine panther
Without links, that's showing my cart, not yours.

looking at this but different lenghts https://www.amazon.com/gp/product/B004NPL4YE/ref=ox_sc_act_title_1?smid=A1AMUYYA3CT6HJ&psc=1

so does anyone here have experiance with SuperMicro's IPMI system and ovh's implementation for ikvm as i am trying to install windows server 2019 mounted as a virtual disk over ikvm (Java iKVM viewer) and getting a max send of 1.2-1.5Mbps would restarting the ipmi possibly a fix throughput issues

Can anyone as simply as possible tell me the easiest way to have each of the seven different branch locations to be on different VLANs but use the 10.x.x.x A class network with a /16 CIDR block notation?

It's for my networking class final project. Figured I'd ask for some advice.

IP Subnet Stuff:

10.1.0.0/16
10.2.0.0/16
10.3.0.0/16
etc

Or are you saying you have a 10.0.0.0/16 network to subnet up?

2. The main location has a server which is required to be accessed by all users in the other locations. The server is on its own VLAN.

3. The network should use either Class A, B or C private IP Addresses and is to be subnetted for the required number of networks and hosts.

4. There should be a wireless network in all 7 locations and that wireless network should be a separate subnet at each location.

5. The company has an enterprise VOIP phone system, which should be on a separate VLAN at each location with a phone gateway at the main location.

6. All buildings have network video surveillance and that should be a separate network as well.

7. There is a physical door access security system that uses badges for entry. This should be on a separate network at each location.

8. Internet access all comes through the WAN to the main branch and there is a firewall at this location.

9. There are no fiber facilities between these branches due to geographical distances. We will assume a T1 WAN has been setup.

That's my assignment.

😂 🔫

💥

☠

lmao

I'm using Lucid Chart, so that's good at least.

https://www.lucidchart.com/invitations/accept/992211d1-a01c-479a-b386-ce3e9adf029e

You can collaborate if you want.

You need at least a /23 for the users and a /24 for wireless, and maybe a /25 for surveillance and another /26 for other security and one /26 for VoIP. So subnet out the original /16 so that each site has a /21

Vlan 10 - Server
Vlan 5x - Wireless Site x
Vlan 6x - VoIP Site x
Vlan 7x - Surveillance Site x
etc

@thick minnow yo how do u make like a separet kind of winow like u did there

I kind of get what you're saying but what do you mean by VLAN 6x etc?

@pine panther Seperate Window?

6x = 6 + Site number
Site 1 would be 51, 61, 71, etc
Site 2 would be 52, 62, 72, etc.
And so on

If you really want to blow their minds set it up with hundreds instead of tens so 5xx, 6xx, 7xx, etc. so Site 1 would be 501, 601, 701, etc. to allow for more than 10 sites

I mean you could just have the same Vlan ID for each site and just use the IP address space to denote site as well since it's routed the VLAN ID won't be carried out of the local site

So like Branch 1: would be Hosts VLAN 1, WAP VLAN 2, IP -CAM VLAN 3...

"youre assignment"

Oh that, code block thing? Just do the gravies key. to get

three on top and three on bottom.

@clear igloo I don't want more complexity, I just want a simple solution that works. I don't need real world examples or principles to follow here for this assignment.

If we collaborate you can edit my document and show me what you mean.

5x, 6x, 7x, is simple to me

What are you using double numbers for vlans?

why cant just VLAN ID for branch one be just 1?

Site two would be 2 etc...

And then within those vlans just have different subnets?

Because you need at least 4 VLANs per site

So B1 would be VLAN ID's 1,2,3,4?

The first digit signifies if it's user, wireless, voice, video, or security. The second digit signifies the site number

Interesting... so if I wanted I could say that 11 is users, 22 is WAP, 33 is voice, 44 is security, and 55 is Physical Sec?

And all that is just on one branch?

And each of those VLANS will have multiple subnets?

11, 21, 31, 41, 51 for site 1. Each VLAN has it's own subnet per what I mentioned earlier. You can, depending on your teacher, just keep it simple and reuse the same VLANs at each site but change the subnet IPs around

The VLANs are just local to the site but not sure how much of a stickler they might be about that if you don't mention it somewhere that the VLAN tag is stripped when it's routed to corporate

Nah, my professor isn't a stickler.

If I just make the diagram with an ok explanation it will be good enough.

Then just use 10 through 15 for each site. I avoid using VLAN 1 at all costs just out of habit and give each site a /21 and then subnet as mentioned before.

/21 CIDR for each site? What about like /22 for WAP or /23 etc..?

Hey, if /21 works, I'll take it.

I'll just have 4 separate VLANs and 4 subnets per building that's easy.

Simple would be this:
Site 1:
Users - Vlan 10 - 10.0.0.1/23
Wireless - Vlan 11 - 10.0.2.1/24
Voice - Vlan 12 - 10.0.3.1/24
Video - Vlan 13 - 10.0.4.1/24
Security - Vlan 14 - 10.0.5.1/24

Site 2:
Users - Vlan 10 - 10.0.8.1/23
Wireless - Vlan 11 - 10.0.9.1/24
Voice - Vlan 12 - 10.0.10.1/24
Video - Vlan 13 - 10.0.11.1/24
Security - Vlan 14 - 10.0.12.1/24

Site 3:
10.0.16.0/21 and so on

Makes sense, thanks for the help my friend.

Sorry if I'm dumb about this all.

lol

I miscounted, you need 5 and a /21 works

I still have 9 days left.

So I'm not too worried timing wise.

5 VLANS per building?

Yes, 5 per building

I was thinking wrong, forgot that a /21 gives you 10.0.0.0 through 10.0.7.255 so just /24s and a /23 for the users and you're set

This lists all the possible 10.0.X.X networks possible with /21 CIDR.

Yup, I wasn't subnetting right in my head 😛

Updated the example 😃

254 hosts per each network is fine. it gives me enough wiggle worm.

Remember it's 200 people per branch.

But with expansion

200x8(I included the main branch.) comes out to 1,600 users.

254x32 =

~8,000 hosts.

are shielded cables worth for home use?

And those all are just on one VLAN right?

@pine panther Unless you're running next to high voltage power, not really

@thick minnow The are on the same VLAN id but different subnets

1: Right so, that means I will need 5 VLANs per branch buildings. HQ will need 6 VLANS because there is a server at HQ that needs to be accessible to everyone and needs to be on it's own VLAN.
2: Since each location needs room for a minimum of 200 users, that means that I will need a subnet capable of holding at minimum 254 hosts PER network on the subnet.(We have concluded that subnet with CIDR prefix of /21 should be more than enough.)

Correct

I was just curious though, in the IP-Subnet-Calculator it says the the usable host range starts from 10.0.0.1 to 10.0.7.254.

Does that mean that 1.0.2.254 would be valid? Since it goes up to 10.0.7.254, does that also mean that there really is a total of 7x254 = 5,278 hosts just in that network range alone?

Or am I just make this more complicated than it needs to be?

Making it more complex. Remember, within that /21 you break it out further per VLAN

This is literally the only channel i have unmuted here lol

Currently learning about subnetting in my networking class, gonna take awhile for my brain to wrap around. We’ve practiced with PacketTracer and soon to be our lab machines

@half valley super easy once you get the hang of it. Just dont over think it, its how people get lost

thanks!

Also lurick is right. That's a sane design. Don't listen to books where they make vlans for every group. Like marketing, sales, hr, etc. It's just not needed unless you're doing firewall segmenting, which almost nobody does

@waxen scroll is 1000 clients a good spot to start using another vlan?

That broadcast domain would be getting big

1000 clients is nothing

So i got a hotel should i invest into a separate server or use adsl with switches

/22 is biggest I'd use I think

@waxen scroll that's around 1000 is it not?