#networking

Yes

/20 is the limit. Broadcast are not as big of a problem people make it out to be. But depends on situation

Port might not be configured correctly

Is this a managed or unmanaged switch?

What are you looking for? I don't get what you mean by recognize

If it's a managed port. Is the port no shut?

I would assume you tried another cable or pc into the same port on the router?

I still might think its a cable issue with mdix

Might not have crimped them properly.

@sudden void I think I've messed up three but I was able to notice it because the wires would always come out when I went to test them

Also I've seen the situations where one pair was broken and that caused a switch to negotiate 100mbps link instead of 1gbps

That situation was in a networking security lab and for the past 2 semesters all the computers were running on 100 mbps

@little schooner
I'd rather be looking through wireshark at 100mbps than 1gbps. :P

Nah, I can always pause the capture. I'd rather have a gigabit of throughput.

nbn co please i beg of you justify my routing and switching equipment and legitimate bandwidth requirements

Our new plan is to have every computer have all the resources needed for the semester on their local pc to cut down on downloading from the central server

It bottlenecks faster than a Ferrari driving down the Florida keys during the summer of 1993

What type of Ferrari you talking about? Maybe a Dino. lol

I think it would be less work to just fix the central server

@hollow marlin it isn't because we won't have 10gb nic on server

Just three PCs downloading brings the whole network down now

For 30min

And since they are VMs, they are static for a semester anyway

Shaping or QoS would solve that

@hollow marlin still wouldn't, it cuts into instruction time and students have to keep asking teacher for help

They wouldn't be able to follow along the lecture while it's downloading

The best solution is give all the tools local and remove the bottleneck until more money can be asked for

We're talking like 20 VM templates with isos

Oh. Well then lol

We're still hopeful for a 10g nic for the server

Then we can reconsider

Bottlenecks suck.

I should know, because my neck looks like one.

#NerdHumor™

I would recommend checking out
r/ProgrammerHumor

Decent subreddit.

I'm no network guru by any means but would caching help at all?

Caching what?

Checks?

Whoops stupid question. Didnt fully understand the scenario 😅

The bottleneck is the connection itself, not the actual server right?

If I run a 8-port gigabit switch to my router, I can plug devices into it and they'll be fully networked? just looking to get a hardline to a couple devices across my house.

Yep it will work just fine

noice

Just make sure the devices can take advantage of the gigabit speeds that you have.

Most NICs have a maximum theoretical throughout(Older NICs generally), make sure that the NIC in the devices you are plugging into the switch can utilize it, otherwise it’s kinda of pointless to do that.

100/1000/10000....doesnt matter. Wired is always better

^

Wired Ethernet if implemented, configured, and maintained correctly, Will almost always be better than any wireless standard.

Watched the LTT video on WiFi 6, sounds like an interesting upcoming technology.

Now scriptkiddies can break in your APs even quicker. 😉™

It definitely is. But until EVERY device on your network is wifi 6 enabled it will never be fully utilized. Linus really forgot to bring that up

Exactly, it’s not even that practical as of yet. Maybe only for corporate/business.

IIRC the wireless standard for that is 802,11AX?

I think it was. Then the decided to make it simpler

Good move honestly

Finally a decent decision.

Thnx WiFi Alliance, very cool. 👍

XD

I dont know why it so hard to make things simple for IEEE

b/g/n/AC/AX

what you smoking

It’s because they’re engineers, they only change the naming schematics because they think most average people are to dumb to even remember and or care about the standards.

lol

Laughs in 802.X

collision "please retransmit"

Oof

Hey don’t forget about that CDASMA

XD

Or whatever it’s called

Something like that. I stay away from wireless as much as I can lol

I feel sorry for the guy that has has to design, implement, install, configure, and manage the Wireless APs for a a corporate network(s).

Not to mention making sure that channels and frequency’s don’t overlap, and also make sure there is no EMI interference.

Oh did I forget to mention that they probably have to make separate VLANS and Subnets for each of the separate wireless networks?

That guy be like: 🙂🔫

Huh? No he not be like that? He just buy UBNT gear and call it a day. Because UBNT is ❤ is life.

I listened to a few podcast of guys designing stadium wifi. Long story short is all wireless is shit, its all the clients fault

@ornate jungle Ubi is nice but not mean fore medium to large enterprises

I agree there; didn't mean to construe that UBNT is the be-all end-all to distributed networking, because there are a bajillion companies making networking gear out there, each with their own implementation depending on your requirements.

Wireless is a popular thing only because of its convenience over traditional wired Ethernet.

But technically all wireless networks eventually connect to a wired network somewhere, so it’s really just wireless Ethernet wired networks. Woah amazing right?

Yup, something like 85% or more of cellular networks are actually wired. (I don't remember the actual %, but it's up there.)

Wireless from the standpoint of security makes me want to cry.

Big OOF.

Alright goodnight guys.

see ya dude!

I will return in:

speaking of wireless, was just reading a thread on r/sysadmin about the user wondering whats it like to be in charge/working IT on a cruise ship

@half valley trust me feels like shit

i've read the comments, doesnt look too fun

the pros/cons balance out? or is it uneven? @pine panther

Read more theres a lot of bad things and good things and its not easy :p

@thick minnow
Unless it's true mesh.

https://youtu.be/8gw0rXPMMPE

Interesting

👀

So... they are integrating ubuntu in their terminal... why?

Easier to build things on linux than windows or mac

They already did it with wsl but had some stability issues

Think it's more like live VM running.
But interesting that Microsoft have decided to openly add Linux distros to marketing their own os.

How do i get faster internet without upgrading my ISP????

You don't

@broken cosmos That’s not how that works bud, your ISP only provides you speeds with whatever plan you’re paying monthly for.

Most residents will not have an SLA where they need almost always perfect guaranteed speeds.

There are other factors to consider as well however, I would recommend watching a few videos on YouTube about optimizing your already existing SOHO network.

Just don't dig too deep. Only so much you can do with the bandwidth you have. Most of it doesn't net any performances or can hurt it

Yea, we all wish that we could get faster speeds without paying but sadly it does not work like that. The only way to truly bypass the ISP to get more speed costs ridiculous.

Here is a cool article that I like on how to get the most out of the connection you have:
https://www.speedtest.net/insights/blog/maximized-speed-non-gigabit-internet-connection/

I think Vossie probably meant how to get better connection if ISP is 24mpbs and heshe gets 8 etc

They gave almost no details so I had to assume

Assuming is how the election results were determined

There is an almost unlimited number of reasons why you might get a lower speed than you pay for with some being out of your control. I can try my best remotely but with my own customers, I always visit their home to try and solve the issue. This type of issue is hard to solve remotely due to the sheer number of possible issues and things that it depends on

Exactly, way to many variables.

People should just be glad they have internet access in the first place, there are many places and people in the world that don't. Let alone clean drinking water, or access or proper food.

🤔

that terminal is hot. Like took them years for that. Also adding debian based distros might boost security in the future

any network people here?

It's #networking so yes

That's what we are all here for

lol

im trying to get better speeds since I pay for 150 but kinda only get 43.19 as of right now download up is10.82

just had a person come in

put a new line in

but only get around the high 100's when I am next to the modem

wireless

but down in my office (which is in the basement i get around 50mbs)

on 5Ghz channel

less on 2.4

Well, there are a million reasons why that could be.
The access point could be not very good.
The device itself may not have very good wifi hardware.
The wifi channels may be congested.
There may be a lot of metal around that reflects the wifi signals causing interference.
Other devices that operate on the same frequency like microwaves and cordless phones may be causing interference.
The ISP may not actually be giving you the correct speed (which they can do unless you have an SLA which is extraordinarily unlikely).
The ISP may be congested meaning that during off peak times like the middle of the night, you get the full speeds and during more congested times you get slower speeds.
The speedtest server may be many hops from the ISP due to bad peering.
The speedtest server may not be able to handle the load for some reason.
And many many more. It's hard to do remote help with that kind of issue because it could be so many things. Those are the main issues to consider.

This article is really great for the last little bit of optimization but may not be helpful to you until you can get up to 140ish https://www.speedtest.net/insights/blog/maximized-speed-non-gigabit-internet-connection/

That is where it is at

well im on the only channel for 5ghz

and there is only one other channel on the 2.4

this is what shown to me

when I look it up in issider

That's very weird that it only gives you so few options. Usually there are 3 main channels on 2.4 and quite a few on 5 (depending on if the ap can do radar detection or not)

my 2.4 readings

@Symona#8344
Possible to add a cable?

you mean lan cable?

@unique crypt You probably are just physically to far away from AP hence why you’re getting slower speeds.

I’d recommend using 2.4GHz Bands on older devices since they typically will take better advantage over that then 5GHz.

Depends on the device though.

I would always recommend going wired over wireless if you can.

Some newer desktops come with WiFi enabled NICs but I generally just disable it for myself personally.

I prefer wired, more consistent speeds and none of the wireless problems to deal with.

What's the issue with using ookla to test network speed? I remember linus mentioning it in a video but i cant seem to find it.

@thick minnow
They can't provide high-bandwith speed tests.
Doesn't effect the general user, but for enterprise tests, and setups like linus', their servers don't have the top send/receive High enough.
If I remember correctly

@covert ibex you're correct

Oolkla did a blog post recently about 10G speed tests and they showed that in their perfect testing environment between directly connected powerful devices, the speed was only 9.9G. It gets much worse when there is actual networking gear in between and when Jumbo Frames are not used

https://www.speedtest.net/insights/blog/10-gbps-speedtest/

This 6-9% loss just on overhead can effect any speed test. There are other reasons why speedtests are not the best

Because the internet does not “come” from anywhere, you may get faster or slower speeds to the speedtest server than any specific service. That why it’s nice that fast.com is on Netflix’s servers so you know what speed you will get when accessing Netfix rather than hoping your speedtest will be accurate for that service.

Speedtest is good because you are actually using the internet. Sure a server might get bottlenecked time to time but it gives a realistic view of a network.

Iperf is good during testing but just doesn't cut it for the "feel" of the network

I just experienced the good ol reply all fail for one of my marketing classes

reply all please remove me from this coversation. Send

"send all" sorry, wrong number. "Send"

When using speedtest always be careful that it’s not a test to your own ISP’s server because many ISPs have speedtest servers. Depending on what I am testing for, I also like to try to get one that is not directly peered either which is helpful for checking if the ISP is overusing their transit link which may be why smaller sites are slow when large ones work fine.

I’ve got some annoying reply all issues before

Some guy on a mailing list I am on stoped working at their job so every time someone sent anything to the list, it would auto-reply, back to the list, that they no longer worked there

Silly bryce

Speed testing is done to confirm you aren't throttled, and that occurs near your modem usually. It's best if tested on your isp speed test server and not outside the network where anything goes

I don't pay to have 10mbit constant to level 3, I pay to have 10mbit to my own providers backbone

It depends on why you are doing the speedtest. You might be doing it to confirm you aren't throttled but it's hardly the only reason someone might do it

Anyone here participating in the boinc event?

I can if you send all the relevant info on installing and configuring. :P

Bionic event?

You can now get 1gbps connections in Australia.
Minimum cost, $878.90 a month.
Yes. A month.

Jesus. We have 10gig customers not paying that much

https://linustechtips.com/main/topic/1057597-boinc-pentathlon-2019/

best answer post for instructions

what would I do for increasing my wi fi strength so a stronger signal gets to other places of my house?

#chirp

Replace router/buy access points (APs) and cable them in/repeat the wifi.

Or some combination of these.

@clear igloo bby hi

Do you think this is a good plan?

VLAN 1 for all student desktops, printers
VLAN 10 for Servers
VLAN 11 for isolated lab environments

I was just going to use a /24 of 192.168.x.x for vlan 1 and 10

Usually VLAN 1 is usually reserved for a control or maintenance VLAN

So, should we make it vlan2 or just put the other unused ports in vlan 300 or something

@fresh copper

Also, I'm trying to find a sensible way for splitting ports to be associated for vlans

I could do 1-40 vlan 2, and 41-44 as vlan 10

Or should 1-4 be for Servers and the rest for vlan 2...

Choices choices 😶

hmmm

my isp says 30mbps

and i get 15

rolfmfao

@little schooner if this is production try to make the vlans mean something.

For any IT worker that happens to have nothing to do tomorrow in Amsterdam.
https://techtalksummits.com/event/amsterdam-netherlands/

@little schooner Usually I try to stick to VLANs above 10 because some switches decide that some of the lower ones are "special" and can't be assigned normally but if none of the switches you are dealing with have that then it's fine.

This is how to do 1 VLAN yes?

IDK why my Print Screen images always look blurry.

Snip and Sketch FTW.

So is that how one would go ahead making VLANS?

@thick minnow depends on the network. Dont just do 10 for employees, 11 for management, 12 for voice. Leave room for upgrades. Do 100, 150, 200 instead. What if next month your employees need a lab network? Well instead of making 14 antoher employee network, you can make it 101.

When designing, think about how you would handle just starting and having to grasp all those vlans

What about just increments of 10? Like: 10,20,30,40,50 etc..?

9 vlans extra per 10.

MATH 100

lol

Again all up to your design. 10 is plenty but I have seen some custom make full use of 3000+ vlans

Yeah umm, my professor said I can use the exact same subnet mask for everything so....

I don't need to do that. lol

Updated VLANS and Subnets for the Main Branch.

How does that look?

Decent I hope?

Down forget to care over you subnets also. Like vlan 5 10.0.0.0, vlan 15 10.0.10.0....so on.

And no you don't need to have the same mask throughout.

He said I could.

I want to do that. As of right now, I'm using 255.255.255.0 or /24.

That yields, 65K Subnets and 256 hosts per subnet.

I want to also use the class C network.

I could do class A or B, but meh.

Learn classes now, but know that in the real world classes are no longer a thing. And yes, /24 I'd perfectly fine. But don't shy away from using a/22, /23

I know, I know but I wanna use /24.

Thank you for the advice though.

My professor said he wanted to use /24 because he doesn't know who will inherit the network next and he doesn't like the added complexity.

But okay yes I think Ill suggest to him to use vlans 10 or above.

I do remember some net gear switches just had to have some vlans for 5, 6, etc

And it couldn't be changed which is very stupid

Please please please never use classes. A lot of people use classes for size but they also meant the range that a prefix was in. It can easily confuse people because some people know how they work and some people think that they just mean size.
Just don't do classes

@little schooner if your professor said anything other than a /24 is too complex he shouldn't be a network professor

@hollow marlin hmm, I'm not sure. I guess that's what he wanted

On the flip side, without documentation, I definitely see how dangerous this can be like Bryce explained

Basically the room is stringed together without proper docs

@hollow marlin ohh and he recently renewed his CCNA

And got the cyber security cert too so he could teach netacad courses

Does he have practical experience?

Also question for yall. Got the itch to start studying for my ccna but I have a concern about how my current resume will work if I get my ccna while I finish college while working as a concierge. I assume most companies would want you to start in help desk of some sort for experience so my question is should I get the a+ or going straight for ccent and ccna cover me to start?

Ah yes the experience paradox. Go CCNA then apply for NOC help desk.

@thick minnow Not really answering your question, but if your college has career fairs, go to every one that seems relevant. It's a great way to paper over a bad resume and make connections with people who know you have what it takes without a piece of paper to convince them.

@thick minnow well he teaches the hands on lab portion of the course too

He loves teaching Lan management with windows

But I'd argue he loves teaching ethical hacking with kali and autopsy just as much

@little schooner thats cool.

@empty flint I take classes online with the college being many states away.

oh nvm then

There might be conferences/conventions/whatever in your area you can go to, those are also good networking events

I know my university has several opportunities for work or getting experience

They have job postings and fairs time to time

hmm. I'll have to look for some. I have some IT professionals at my church that I can probe their minds for where to look for fairs and such

We had like 45 companies show up for IT

oh dang thats cool

My school's general tech career fair had roughly twenty billion companies

or at least it felt like that when I helped set up the tables

my city and its surrounding suburban areas has been dubbed the second silicon valley so there is plenty here.

Christ there were a lot of them

Yeah so that's a place to start if your looking for work

Or internship

But there's also a lot of conferences, basically everywhere

They might be small, but those are better for networking anyway

You need to pick only a few not try to be at them all

It will be exhausting going to so many

^ that's true

But if you can clone yourself then that's a different story

You can probably just Google "IT conferences [your town]" and find a dozen

Pick the ones that look the most relevant to what you want to do

Right

As IT gets more generalized, specialization will be more valuable

hmm. seems easy enough. I'm slowly narrowing down where I want to get to for now, which Im thinking is the network set up and maintenance, which i think is a network admin or engineer

Interesting information.

Technically I've been volunteering for the longest time. If you count 2 years as long

That bachelors degree should change outcomes

There is no reason you can't get an entry position then

Sure there is. Network is hard to get into

Entry positions basically don't exist in the US

Not sure about elsewhere

I had to work 2 IT jobs before getting a network job

My last job (In the US) just hired 3 people straight out of college

Enrty NOC positions are open everywhere in my area

My area isn't so lucky I guess

They have help desk and database jobs here

The positions that I actually want requires an HR requirement of a bachelors degree

Once that is checked off, it will be easier.

I'm almost done with my degree, just two more semesters

Best of luck, I'm still trying to figure out if I even want to get into networking.

¯_(ツ)_/¯

@thick minnow it's good to keep an open mind.

But in the case of my professor, he started he career in win2k and was a lab assistant for a while. Then, he was approached by his teacher to lecture a chapter from their cirriculumn for two classes

He did very well for the first one that the whole class stayed pass the class end time. The department chair asked him to teach again the next day

He did so and he knocked it out of the park again and was offered a teaching position right then and there

Since then he's been teaching his whole career and got into cloud and security related fields to increase his experience

Networking was his next biggest field to excel in

And he inspired me to pursue networking after taking his intro level course. It felt like a game I couldn't stop playing. I think packet tracer helped with that a lot

The monitoring server has been monitoring its own ping for a year.

It auto-populates with any new hosts in a given IP range, and it was within that range.

@pseudo blade
Well, at least it's doing what it's meant to be doing.

There's that.

@pseudo blade which reminds me, I tested my server backups the other day and it can't restore. It has been doing backups for the past 6 months and I'm only finding out about this today

That's less than pleasant.

It bluescreens when it tries to read the backup file

At least you found out before disaster struck?

Like wth

Yeah thankfully

@pseudo blade do you use Veeam at all?

I've toyed with it, but haven't used it seriously.

I use their free windows edition of backup software and...

It's saved me before but lately I don't know what started the problem

I had 2016 installed on this server prior and upgraded

But it seems that all my backup files are unusable

Is this a physical server or a VM?

It is physical

It says it's bluescreening from a driver used by Veeam.

Something about refs

Hm. Sounds like a support call's in order.

You can't really fix that yourself, maybe work around but not fix.

Yeah. So tomorrow I'm gonna chat with em. I really need this to work in case I am really in trouble

I almost had heart attack when Bitlocker keys were encrypted and unmounted on a drive I almost forget to save the pass for

That could of wiped everything I had

So now I've learned to keep USB drives with the recovery in a safe in case the worst comes to worst

...And to test your backups more frequently, I hope :P

Yeah xD

For sure now

I'll do those restore to VM deals

Scripted would work

The plan is to test restore the important files inside of a VM that has access to the backup file Veeam creates

That is small and can run after every backup or week or whatever

Then it will email me the result

That way I know that if it fails, the rest of the data probably can't restore either

And it won't take long to find that out

just bought the ccent book from amazon and a vid class on udemy. lets go

any study tips?

@thick minnow the biggest thing I got out of the press books was keep reading. It's a lot at first and you might feel like you are getting lost as times but just read a few pages further and they usually asnwer your problem.

hmm im not sure i consider NOC entry level networking

theres really little value for your network skillset

its mostly alert monitoring

i speak from experience. racking equipment and monitoring it, then escalating outages doesnt help your career at all and doesnt advance you to the next step

you need some kind of IT experience but its on you to self learn networks and pray that some place will go for it

the true entry level is not being on the NOC, but being in a support role (level 1) that the NOC escalates to

my first network gig i basically took escalated tickets from the help desk (user has issue) and the NOC (a network device has an issue)

if you want a laugh, even now as someone whose pretty experienced, i still have issues getting even phone screens

the expectations of employers are either extremely high or they dont know what they're looking for and think i dont fit

LZ, I'm not sure who you were responding to, but at least my plan is to seek out those who I know from my community and church who work in IT and see if I can use my connections there to get some sort of experience while I get my certs and finish college

@thick minnow what are you working on for school o_o

Finishing up a final project.

why dont you share with the discord

I did already.

@waxen scroll the NOC is the entry level. Sure you are answering calls and monitoring alarms but that is still experience. Tier 1 NOC techs still have basic access to equipment and access platforms. True entry level is not who NOC escapates to. I started in NOC and am now an engineer and the NOC experience, while entry level, did help greatly with experience

@thick minnow try physically visiting smaller ISPs or MSPs and asking. Those are you best spots for networking. Or if you live in the Northeast I could probably help

Thanks for the offer but I'm in the southwest. I'll be searching for the smaller ISP or msps. Cheers

Had youtube playing in the background while labbing and some kid that owns a WISP in UK was explaining that you need to mount your APs high because gravity causes the signal to fall. 👌 💩

To think this kid is making bank because he can click a could ubiquiti buttons

I think I know exactly who you're talking about.... while I appreciate his videos, some comments indeed make me believe he is from Marz

The videos are not bad for showing off Ubiquiti but man. If he has to go deeper than IP configuration it comes out that he doesnt know any networking. Also a lot of things he does would be illegal here in the US.

Technically, gravity does cause the signal to fall. But the earth is not a black hole so it’s not noticeable outside a very precise lab experiment

I think we've made a mistake. We didn't include redundancy in our lab planning for the lab upgrade

Business isn't going to like it when we request for a spare switch and router in case of failure

@little schooner good luck man. Those situations never go over well

Good luck

Also would gns3 enough to study for ccent in place of hardware for practice?

Ok I'm way too tired atm, what does NOC stand for? Seriously might just go back to bed heh

NVM so obvious, forget I asked

@strange silo It's the Nobody Overly Cares center 😛

^ pretty accurate

its where careers go to die

most people i know who NOC turned into lifers who escalate immediately instead of troubleshooting and suggesting how to fix

@thick minnow yes for ccent

For ccna, it will lack stuff like licensing (from my memory) that the exam has questions on

I just bought the real thing switch and router and had 0 limitations and could follow all the labs fine

Oh and stuff like checking hardware stats, those commands were physical equip

For CCENT/CCNA I highly recommend packet tracer. It covers all topics but most importantly it has a similation feature that lets you follow a packet around with detail description of what the switch/router is doing.

I have access to Cisco VIRL, but it was totally unnecessary when packet tracer was much faster and easier to deal with

Packet tracer I'd say spent 90% of my time

Good ol pt

I just got access to virl for the images. Been using it for my CCNP and wish I had it sooner... especially for my route

Yes it's very helpful for ccnp

Do you think the Gigabyte GC-WB1733D-I can replace a tp link wifi adapter and bluetooth 4.2 dongle?

Yes

Make sure to have a spare pcie slot available for it in your system

Completed Final Project Diagram.

Thoughts, feedback?

i mean whats the requiement

i agree with the vlan separations but not the values

layer 2 shouldnt be extended outside of a building

repeat the same vlan IDs across all buildings

that being said, i dont know how advanced your class is, so i also dont like the diagraming showing the WAN and how it connects

but it all depends on the assignment requirements

this could be fine, idk

VLAN ID: 2 is only for the HQ. All the other branches access it via the IPv4 address of the Server I assume.(Project Instructions state the the Server must be on it's own VLAN.)

Since I also decided to use class C private IP addressing for the entire network, that yields 254 possible hosts per network, and 65K possible networks.

More than enough for this project.

in a production network, its very important to standardize as much as possible. so in a standardized network, if you have a user vlan at all sites, its the same value at all sites

As for the diagram itself, this is a diagram of a corporate WAN that connects the geographically separated branch buildings to the main HQ.
There are also no fiber facilities between the branches and the HQ building so we can assume a T1 WAN is in use.

the subnet length does not need to be the same at all sites, but the vlan ID should

i dont think you'll get dinged for anything im brining up, but you should know how it goes IRL

:X

I decided to use a VLAN ID: 200 for the Employees VLAN. The only number that changes in the last one in the VLAN ID, which is changed to match which branch it's for.
So for branch 5 it would be VLAN ID: 205 and a subnet ID of: 10.0.205.0

Easy right?

Same goes for the others.

the problem with making vlan IDs match the subnets in some way is it may create address waste and/or create surprises if your user count needs to exceed that space

VLAN 110 = Wireless Network
VLAN 120 = VOIP
VLAN 130 = Video Surveillance
VLAN 140 = Physical Security.

my company did exactly that and we burned SO. MANY. SUBNETS.

The project instructions stated: "Plan for expansion in your design."

There are a minimum of 200 employees at each branch.

So using a 10.x.x.x based C class private IP addressed network with a subnet mask in CIDR of /24 gives me 254 possible hosts.

Which leaves ream for 54 more useable IP's.

AKA extra room.

And this is PER network.

also your internet is backwards

So if needed the network admin, could just add another subnet to the employee VLAN for building 2 and give it a subnet ID of: 10.0.222.0

usually its router, then firewall

I do have router and firewall in the diagram...

Firewall is on the perimeter.

Then again, the instructions didn't specify how to set it up.

So I don't really care.

Router/firewall can be in either direction. However, router in front is preferred. This is because while being DDoS'd the router can handle the hit while most firewalls cant.

More a side effect of all-in-one firewalls

Yes but I'm not going for a "perfect" diagram here.

Yours is fine though

No I know, I am not nit picking that

Alright, thank you for the feedback. I will now finish my report and submit the finished project to my professor for grading.

Evening, i have posted similar thing on the forum, but i think its better to ask here 😃 . I have some issue with packetloss (on upload), its similar as losing whole connection.. This happens all the time, i can fix it by turning on and off network adapter, and after that its fixed for 30-40mins untill it starts again

Still not sure if its about my PC or my net

i tested without cable (using wifi from phone to connect my pc to internet), same thing

tested with USB lan same issue

i dont have this issue when i switch to 4g on mobile

Sounds like a OS issue. Did this occur after an update by chance?

The fact that it happens wired and wireless says more software

I reinstalled windows via ingame "reset" option (removed all from system driver)

Since i dont have 2nd pc, i downloaded pubg on mobile, im getting packet loss alot, its moving me back "lagging" dew meters evry 30-40sec

@tawdry plume
Reinstalled windows via in-game "reset" option?
Elaborate on that..

@hollow marlin Agreed, router in front of firewall. Much prefer a proper router at the border of the network to handle routing tasks. For many places just a firewall is fine though.

Sry, spent too much time on gaming discords.. well theres an option inside windows that allows you to clean install it without using cd/usb

@covert ibex

Is that fast?

250Mbps is pretty fast, yah

😅

(speedtest taken from my ISP's site)

Yup, that's about in line 😃

I wonder what speeds my parents pay for

Nice ziggo you got there @broken cosmos

😅

Good speeds.

Just around what I get in wired.

@thick minnow for these types of networks, we have seen people massively abuse the Spanning Tree Protocol for managed switches, which are unmanaged. So that means selective DDoS limited to the building, or if you have layer 2 passthrough, the whole network.

???

I was talking about download speeds?

Go home Flowey you're drunk.

Referencing yesterday's chat

But why did you tag me?

I wasn't a part of that?

At least, I don't think.

IDK? Probably because I am Flowey

Ah ok, so it's not mission critical.

Undertale was a pretty decent game, the fanbase was awful though.

I'm not a fan, I just like to see how people react.

@fleet widget how are people abusing STP?

In standard setups like that, people just neglect to send STP packets to the switches from the router every second. So, an attacker could spoof an STP packet, and make whatever machienes direct all of their traffic to wherever the attacker wants. That is, only if you have managed switches.

And this lasts until the tech fix it guy resets the network, or sends out a corrective STP packet.

There is no neglecting to send STP unless you disable it

Also that is what root guard is foe

So it's basically a Buffer Overflow attack?

Interesting...

Not a buffer overflow, spoofing of identity. It's actually very common.

That is not common with STP

Plus you can't disable STP on managed switches.

*MOST OF THEM

Yes you can, on all of them

Any managed switch worth its weight can disable spanning tree

then we are talking about a different manufacturer.

I'm talking about Cisco.

Lol

Ummm, not sure where you're at but in reality any Cisco switch can disable spanning tree

Well, some techs are just too lazy to go to each individual switch and disable STP.

@clear igloo iDRAC over SSH tunnel <.<

@rocky badge staph! 😛

it's so slow

@fleet widget you don't want to disable unless you know what you are doing

I know that.

That's why you are supposed to send STP packets from the router every second.

From the switch

That's not how it works, that's not how spanning tree works. Routers don't deal with spanning tree unless we're talking about L3 switches

Yes we are talking about the big daddies, the L3 switches, that also have L2 support.

L3 switches without layer 2 support are just routers

Also, you don't have to send STP packets every second, you can adjust your timers depending on what sort of convergence you want

1 second is more of a 100% safe guard technique that minimizes downtime, and optimises performance on a gigabit network. Because the overhead is negligible.

Storm control with default timers are more effective

Storm control is also harder to implement on Cisco, and the techs are lazy, and much too busy, so the choose the faster method. Its psychology 101.

*they

@clear igloo https://pcmr.rocks/b/DirectAntiquewhiteBlob

I didn't know you could do this

You can watch a recording of the last boot

storm-control broadcast level 70

That's the whole command for cisco

If you're too lazy to do interface range Gi1/0/1-48 and two storm control commands, you're beyond lazy

@hollow marlin Don't forget if you want to set a trap or shut action 😃

That too

Still not hard to implement

But very effective

That's most techs. Especially in places other than Ontario, and BC. Because the networking industries are very centralized on the coasts.

Because there isn't much competition, since there isn't training available, so literally most people with networking certifications need to learn them in Vancouver or Toronto.

How does storm control work, in a sentence?

It just stops congestion?

@little schooner when a threshold is reached traffic is dropped

Oh dang then if my teacher were to enable that in his lab

Basically because with loops or storms you can lose manangement

He would of had no internet access

Oh that's neat that it protects management

So I asked my teacher about the redundancy options for the lab upgrade and he said "We will use one of the switches in our lab, 48 port"

But that is the 100 Meg one...

Until dell ships the replacement

Maybe that will have to do for now since business hates when we revise our purchase orders

Imagine you had the best possible network topology. Imagine you sent all of the traffic to a specific location. Storm control would still cause DDoS, because it also cuts off legitimate traffic.

Dropping broadcast isn't that risky

What is risky, dropping a bluetooth nearby advertisment on "Free Monero" in the middle of a crowd in San Fran.

I honestly don't know what that means

@fleet widget
Best possible network topology, storm control would probably cut most of the traffic enroute as it builds up at each point.
(But sending all the traffic to one point with storm control enabled wouldn't be "best possible network topology, so this idea is flawed.)

Thank you Mr. Parodox, why don't you test that logic on some Omnipotent AI. Nothing is perfect.

If you define what you are attempting to maximize properly and the available options then you could consider the global maximum of what you are maximizing as a function of those options to be the perfect solution

So defensive here....

I have to agree in a well designed network that wouldn't happen, if you have giant L2 segments you're probably doing it wrong

Well.. saying "imagine you had the best possible network topology", it's a bit of a loaded proposal.
Best possible for what purpose.

that too

no matter how good it is if you need a far too experienced expert to administer it than you can afford then it's not the best possible 😃

Even saying "best topology" what I mentioned too is best practices.

There is no such thing as perfect. All it is is a network that EVOLVES and CHANGES over time.

It’s like saying a “perfect” human exists.

LMAO

I would argue some networks are perfect, a loose sense of the word.

@strange silo @clear igloo cisco ACI

you need $100k employees to admin it

luricks being quiet cause hes getting dicked on salary

😛

The only perfect architecture is where you shutdown all the ports and unplug the switches. It's also the most secure

This is what AI firewalls are for.

So the execs don't have to pay for responsible network administration

execs are the worst

i remember one job where they gave a ton of them reserved spots near the building

but us network people had to park far away

so when there was a device failure it took way longer to replace

execs love shooting the business in the foot

they dont care

Doesn't sound like "not care". Not sure what a parking lot has to do with replacing equipment

imagine you run a fortune 1000 business that almost stops completely when the network goes down. your parking lot is the size of a small shopping mall and you have so many execs that you say fuck it and reserve a ton of parking spaces for them and ticket/fine violators

then your network dies and the IT people who keep your business running are forced to park far out and carry gear

its not a game at that point, its millions lost per minute

I'm sure in those situations you can pull right up to the door

And if it's a fortune 500 where the hells the redundency

redundancy can and does fail. having a duplicate of something doesnt mean you're safe from failure

and the more redundancy you have the more unstable it can get

....I honestly don't know how to respond to that in a civil manar. Look I don't see how parking lot sizes screw us over and redundency hurts the network

ive been doing this 10+ years at multiple fortune 1000s, you'll just have to trust me. ive seen some shit

Soo .....were you in charge of the network redundancy then. I get that redundancy has limits, but saying it adds instability and isny worth it because that can fail too is just hog wash

i never said it wasnt worth it, i said it can and does fail in response to your response about buildings not failing in the first place

Too much redundancy costs money and money today is greater than money saved from disaster tomorrow (sadly)

The chances of both failing within a time period that slim is next to 0.

more redundancy in routing also = more complex routing protocol config which can fucking burn you bad

HAH

you havent worked at a company with 40,000 devices then

you'll see it happen

I'm an engineer for an ISP with more customers than that

well i guess we're agreeing to disagree. this is my actual experience. none of these networks were configured poorly. shit happens. code bugs, failover to a node with failing hardware that wasnt known bla bla bla

The fact that something failed that was costing the company millions by the minute leads me to believe it was configured portly. Redundency and routing is not that complex. Its not like it's every device either, like access switches

@hollow marlin All I can say is have a working DR plan, I mean shit of course happens but if you don't prepare for it and know that plan works then to damn bad

Plus any decent DC has a dockway for trucks you can use

for the record, im talking about office buildings full of people whose salaries keep getting paid while its down. i am not discussing DC's or their redundancy, only campus

the "millions" is just an embelishment

im trying to make a point

Would take a lot to take out an entire building for us, would have to be a power outage basically

Most have backup power though because science stuff and cold storage etc

you work for pharma?

university

oh. i worked for pharma mostly

@strange silo shit does happen but yes, you need a plan. But it's not hard to plan for HA

Yea, I was agreeing with your point about that parking lot stuff. Not that I read most of it though

In a company down perspective realistically that can only be 2 things, power or your DC went down

unless you are a single building of course

We had 3. Power, fire and Bill.

Yes Bill was a coworker

we have a different policy for fire and natural distastes, go home 😃

power, circuits, redundancy switched over to failed device (hidden like RAM/CAM/etc failure), code caused device crash, code caused unicast flooding, the list goes on

What was cool is we had a COLO in our CO with another provider and they had a co2 bomb system for fires

my favorite was when a source couldnt communicate with a single destination when plugged into a certain switch.... vendor did debug mode and flipped a bit in the ASIC to restore communication

i feel like this is decent for a £7 network card

We're putting in a hypoxic system so the atmosphere can't sustain fire permanently

I like to say the DC is going in to the cloud

because it's like being at very high altitude

saddly i cant make the more campus WAN redundancy = more issues argument make sense cause of an NDA, but the more layer 3 redundancy you try to add for the WAN (especially if you do local DIA w/ firewalls) the more chances it can fall on its face. you really have to do a bunch of metric and tagging fuckery once you add the 3rd exit point. two isnt bad but 3+ UGH.

and again, specifically speaking about a large campus with tons of buildings and not a DC

if i could share what we did it would make perfect sense

We stick to two per campus, isn't any point here in this country because it's impossible to actually get 3 different geo paths

long and narrow surrounded by water heh

with fault lines through the country

yay us

we had large groups of buildings, 3 infact in one city... so it made sense to make local exit points, BUT it also made sense to let the other buildings use them incase their groups exit died

but with 3 you have so much complexity and if you arent careful it will just fail

last i heard the company scrapped it and went back to 2 because it caused issues

I'm fine with 2. I wasn't arguing crazy redundancy

we're not afraid of complexity, everything here is BGP and our netscalers are setup in a way the Citrix trainer was like "never seen that before" lol

But we also have 9 peers so with 100+ switches/access platforms and by law can drop phone service. So maybe I'm used to it

Things are easy we you know how and do it regularly, there's plenty of 'simple' thing I find hard 😃

Oh no doubt. Id probably shit my pants if something threw a DC network in my lap

i got thrown ACI a month ago

it made me realize dedicated network engineer jobs at large companies arent going away any time soon

even with fancy GUIs

i assumed this was supposed to make things easier

but i might argue it made them harder

Everyone...most...hate GUIs.

GUIs are ok as long as cisco isnt the one who made it

I despise them

seems like they got their act together a bit with ACIs newer versions, but APIC is still a pig

I just will stick with CLI when possible. So much faster to do everything

I just got my ccent study book. Holy crud that's a lot of book for the amount I paid for

no CCNA book library?

@thick minnow so is the book after that lol

you might have paid $20 but they'll get you for $300 later

I see

It's the ole bait and switch

@waxen scroll I'm just starting out. Studying for my ccent

I'll get there soon enough

what do you want to do as a career?

anything specific or just "dedicated networking person, dont care what"

Hmmm. As it is hard to pin point an actual name as each business has different titles, I am not sure where I eventually want to end up, but with my very limited experience with the set up and configuration of networks, i know starting with my ccna will get me in the door, and then feel around from there

Anyone know of a good way to find equipment to make a lab environment to practice? Ebay looks like a good way of doing things but I'm not sure

Use packet tracer for CCENT

Trust me

Is ccent mostly theory?

its a new version now so IDK. it was like 30% theory years ago

First 5/6 chapters are

Ah makes sense.

I'm using a course on udemy and I've just reached hexidecimal about 30 parts in out of 500 or so I think.

As well as the book that just got here

Wait a minute... I think I got the wrong book... I got the first edition released in 2016

The Cisco site for the certs show this one so I guess its okay

my CCNA expires in aug

im not sure im gonna do anything about that

lol

i hate that i need one just to get CCNP

I didnt realize I had options for the focus

This is the book you need

https://www.amazon.com/CCENT-ICND1-100-105-Official-Guide-ebook/dp/B01FXXZE3G/ref=mp_s_a_1_3?keywords=ccent&qid=1557704892&s=gateway&sr=8-3

Alright good I got the right one

Thanks for clearing my confusion!

No probs

@waxen scroll Just an idea. A truly good company should be able to swap everyone in HR and everyone in EXEC, and still be able to survive a year later.

@waxen scroll IF you just have 1 left (I assume TSHOOT) Ill be taking that soon and am willing to lab with. Dont just leave it on 1

@waxen scroll ugh they should make the cert expiration date a little longer.

I want to do ccnp but not at a fast pace

You have 3 years to do 3 test for CCNP. It's pretty reasonable

I did route in a month and same with switch and have my test this weekend. Tshoot after that.

If you are not learning at that pace in the real world, you will go no where

@hollow marlin rushing for knowledge never ends well

Doesn't that lead to burnout

Damn right it does. I work 8-5 and study 6-2

Its how I learn though.

Mikrotik support for the Quectel EC-25 suuuuuucks...

Getting it into LTE mode involves disabling LTE mode detection, configuring it in PPP mode so I can send the modem AT commands to put it in LTE mode, doing so, rebooting several times and then configuring the router correctly.

PPP mode nets you about 12mbps, LTE mode easily gets me 60. (rb912)

Writing a script that functions between reboots to configure this unattended is fantastically hacky and involves dumping a config file on for each planned reboot, so I'm probably going to deliver the entire config via the API.

The actual LTE driver's missing a bunch of stuff you might actually want to use, like detecting the SIM serial number and ICCID.

You can pull both and much more via AT commands, but claiming "support" is a bit of a stretch.

Ok so I have a question for the uber network geeks. I have to do a project in class next quarter that uses a Raspberry Pi. I was thinking of building a Linkrunner. Only problem is, I'm not sure where to begin, whether or not there is some open souce software that does what a Linkrunner does, etc...Does anyone have any suggestions? Feel free to PM me.

the project isnt network specific but needs to just use a pi?

im honestly not sure how, as someone who doesnt have access to the hardware low level, can make a link runner

you can probably do error testing and such using apps already out there, but im not sure about wire pinout detection

i kind of think you need access to the firmware of the network chip to do stuff like that

Sounds more like a SysAdmin project than a networking project

thats what i think

sounds like the class wants you to dev something on a pi and Hexi wants to do network

you can probably make a ghetto wire map detector using the PIs GPIOs lol

I reckon that'd be the limit. The GPIOs aren't fast enough for useful TDR without external hardware AFAIK, and at that point things start getting too complicated to make a good class project.

The key functionality that I want to emulate is getting the VLan information. I worked with a linkrunner at my old job on occasions and the functionality we needed was just to see what VLan a machine was on before moving it from one location to the next, so that at the new location we could be sure to put them on the same VLan, so that they would have access to their resources as normal. Some VLans were corporate general vlans, while others were departmental, or specific use vlans. If I could emulate even that functionality I'd be satisfied. Which is the "Switch" functionality on the fluke linkrunner.

https://www.rakuten.com/shop/technology-galaxy/product/LRAT-2000/?sku=LRAT-2000&scid=pla_google_technology-galaxy&gclid=CjwKCAjwq-TmBRBdEiwAaO1en-pHr3S9yl3___vLnlj4EkOcrZuNlKruult5uFEV7XBbd2Wijd6JmhoCycsQAvD_BwE

so a CDP or LLDP reader

Sure. If that is what it is called. In fact just knowing what it is called is probably the most helpful information.

@bold karma any reason why you need a dedicated device?

For mobility. Plus my previous employer use pays $1500+ for a fluke linkrunner to do that one simple task. If I could make one with a raspberry pi that does the same thing for a fraction of the cost, I could make some money selling it to them. So I get the grade for my class, as well as recouping the cost of the parts to create the device by selling it to them afterwards. Which I left them on good terms, and because there was no

room for further growth with them.

my work has two of these

imagine what we paid

fucking fluke.

its been a long time since i saw the invoice but i want to say $20,000/ea

@bold karma I still don't know why you need a physical device to determine vlans. You network Dept should give you either PCs or subnets in each vlan.

As contract labor my previous employer was responsible only for moving computers from one location to another. The linkrunner was used to ensure that the new location's ethernet jack was connected to the proper vlan as the swiches in the DDC rooms may have multiple VLans configured on them. Without having to hunt through or keep a list of what ports are connected to what VLans, you just plug in the linkrunner

and it tells you what vlan that port is connected to

So there is no documentation.... Like at all....ugh

I'm sure there is, but large corporations aren't going to share it willy nilly

You are looking at lldp. You can already see the vlans.

With large coroporate networks consisting of tens of thousands of devices, a device that will display that information in mere milliseconds is much faster than hunting through documentation.

https://www.pockethernet.com/ @bold karma Know of this?

That thing is awesome

I need to get one myself some day

Is intel 9260 good? A certain gigabyte wifi card has one for under 30GBP

@pseudo blade hey yeah that's pretty neat

Does the app still look like that though?

They should give it a face lift

It hasn't been updated since 2017

@thick minnow very good. It's the same one I have in my Dell computer

It gets max throughput via iperf easily

My AP doesn't have 160Mhz but it maxes 80 like nothing

Is it good replacement for tp link 1900

@thick minnow isn't that a router you are referring to?

Tp link 1900

no i mean the archer wifi adapter

Well yes... In the sense that with just a 2x2 antenna array and less power, you can reach 1.73gbps speeds

Since it supports the 160 MHz VHT

And has Bluetooth v5

I know some expensive routers support 160 MHz channels

The one I got is unifi AP AC pro. I would need the unifi AP nanoHD to use 160 MHz

yeah thats why I need to upgrade to reach the full 1733 mbps

I do not like troubleshooting my network for 5 hours on a Monday

@green sphinx hey I've been there before

It's a learning experience

Also helped me realize to start creating documentation

Oh yeah, but a little annoying when your router dosent get any internet

Oh yeah

@green sphinx in my case, I use the Edgerouter and it would fail to do a DHCP lease renewal on its own unless I rebooted the thing.

That took a while for me to realize just to reboot the thing

Ah, yeah mine is a whole different story

Oh oh and one other time where my modem was responsible for dropping the internet connection over and over due to firmware bug

I thought it was Comcast but it wasn't

Arris ruined their modem quality with docsis 3.1

3.0 had no problems

Huh

Yeah I think I'm going to run and update the firmware

And then there was a weird problem with my Dad's comcast-provided modem's wifi where only specific devices could connect to it and not others (TVs, rokus, etc)

As soon as I rebooted the modem, suddenly all wifi-enabled devices could now connect again

but this problem came back again within a week and comcast just replaced it with their newer model gateways

Theirs a firmware upgrade for my modem, but only the source ISP can apply it..
(My ISP pays for the connection to the source ISP)
So I'm basically waiting for them to read an email..

yeah it stinks that they dont let the consumer do it... but then again that stops people from just easily flashing their own firmware with a GUI

i think that was good enough security for them

Oh, I can flash a custom one. That's not an issue. :P

oh. I dont think mine lets me do that

i have a netgear docsis 3.1

They have this sticker on the modem that says any tampering of the unit would be illegal

Take the sticker off.

xD

If you use a heatgun, just say it must have gotten hot and came off.

true

@bold karma even with 10,000 devices you should have to manually probe ports and onlu plug certain devices into certain ports.

In one year, my future all-fiber ISP will build their infrastructure in my neighborhood

I can't wait to get rid of comcast. The bill is already $112 because for 150 mbps, they HAVE to bundle it with TV otherwise its $120 internet only

Come to Australia..

1gbps was released last week.

nice, that is some serious speed

$880 a month.

ahahahahsdasojd;oqwejido;ajsid;iajds

what??

so pricey

I'm not even kidding.

not even comcast would charge that much here

and they are sharks

You guys acted shocked but we still have customers paying $1500 for a t1

ouch

They just refuse to switch

they dont want to give up their dedicated line?

is it the latency they are worried about?

No it's just the people who managed it have been there for decades and don't like change

oh boy

resistant to change

Too many companies are

Change is good, especially from 1.5mbps

At least my teacher isn't like that for his lab. I helped him see the fact that we needed new gear instead of using the same only 100 meg equipment for CCENT/CCNA

and they didnt even have v15 software on the equipment

Now all of a sudden we are buying the latest (or almost) stuff for the lab

intel 9000 series cpu are the latest but when we bought, dell only had 8700 as their highest

The cloud courses should be interesting. He will be teaching azure and aws in a few semesters

The other teachers dont want to touch the new things since they have been there for like years and years

wow your area is so much cheaper

you also priced yours with TV

hmm, yes that I did

i did not remove the filter

regional pricing is terrible

they should let everyone get the lowest rate

max on ATT

wth they have a data cap on a plan that slow too?

whyyyyyyyyyyyyy

my house had like 4 owners

the POTS line is dangling outside

none of them ordered ATT service ever

lol.

theres no demarc box, only a cat5e cable just dangling

UK has unlimited on all fibre plans with gigabit rolling to areas like milton keynes. London hasn’t got gigabit though...

i went to london 2 weeks ago

i learned i hate pubs

gimme that american host/ess role over a UK pub any day of the week

;x

have you eaten at a pub

yeah, food was so-so

only went to two pubs tho

Ah you are probably better off at a nightclub or something... or those bar places they have.

my turnoff was the pubs were crowded and you basically had to poach tables rather than queue up

we had 5 people so that was annoying as hell

football on or something?

nope, we just tried going during peak hours

lunch time, etc

off peak better

anyway uk has cityfibre and vodafone fibre

gigabit

but virgin media has 500mbps internet including tv and calls

all cable channels and whatnot

you have to pay tv tax still?

yes

also includes sim

tv tax is £120 a year though

seperate to buying cable or whatever

Aaand 7 hours into troubleshooting my network. I only kinda know the cause now 😐

omfg what was it

I don't know yet. I only know what my dad's router's DHCP isn't working properly ( I think ) so my router isn't getting any internet

oh. home router. i was expecting enterprise and a long story

😭

Just aced my Final Exam for my networking class.

A+

YEET

Now do my calc class 😄

And now, it’s time to relax for the summer. Well, as much as I can relax.

No thanks, just use Wolfram Alpha @clear igloo. It’s a pretty decent tool.

lol

Best of luck to you Mr. Lurick.

🅱🅾ℹ👏

that feel when you dont need to go to school cause you have a job

LURICK

lol

It’s funny how it all works out, as kids we don’t want to go to school, while in school we don’t want to have to work, after school we want to work so we don’t have to go to school.

lol

It’s the cycle of hypocrisy.

I can't believe there was a day when I dreaded school. 8-2, Summers off, little hw, no bosses, no bills....

Can I forward port 80 to the IP of my Ubuntu Server Machine (192.168.x.x) that runs a web service
So I can access it via internet?

Sure. I would not use 80 though.

How do i do that?

NAT or Virtual Web Server?

Through NAT on your router. Just set in port to say 60080 and local to 80

@waxen scroll I wish :p

I'm excited to start unpacking and putting all the new equipment we're getting this summer in the lab

That can only happen on school breaks so

@hollow marlin everythings green ethernet is blinking, no internet

whats default option for NAT?

RoutedWith or Without NAT?

Where are you configuring that?

router

ethernets blinking green but no internet

idk wth

nvm got it

but the NAT doesnt work

@clear igloo ugh first day back and the first 30min im told a solutions engineer asked for something dumb on a project i put in

I wouldn't use regular http

https is much more prefered

@waxen scroll Could have been worse. I spent damn near an hour trying to talk someone through running Teamviewer so that i could remote in and fix their issues that were non-existent.

yep. thats worse

@hollow marlin had to make a DMZ

i wanted to try it but i was unsure how safe it is?

works now

I wouldn't use a DMZ for a server

its not safe

just temporary though

for demonstration

the webservice is 500MB

so im abit lazy

DMZ are safe. Used in the real world. You just need to know how to secure it.

alright

Honestly, if you needing to demo a webserver, there are plenty of cheap VPS out there that you could rent for a super small fee per month. This would serve a website much better than your home internet connection would.

True but 500 MB is alot

so i dont know about that

i started uploading it on AWS but soonly i realized its a wrong move

might do it overnight

im not sure if i have to change anything though

the 500MB most likely refers to your down speed

your up speed is usually much less

www.speedtest.net should give you a fair idea of up speed

What is the difference between using DMZ and just NATing a port to a server in the internal network? Cisco didn't touch on the topic but the security course does

Isn't it the same thing?

NAT can have firewall rules and so can DMZ

They are two different things

NAT is just address translation, DMZ is stateful firewall or lack there of

What if NAT then firewall?

Most the time they are handled at the same time

Can I then call it DMZ?

DMZ is just a zone where the firewall doesnt act on

thus the only firewall on a machine in the DMZ would be the firewall invoked by the OS if any.

NAT (specificallyPAT) and firewalls are similar in terms of statefulness but thats where the comparizon stops

I see

Our networking lab gets hit by the internet by a lot of telnet and ssh requests

Also the isp router is using some kind of. Ipv6 multicast traffic

Querying over and over again

Thats ND messages

normal

Its trying to discover neighbors and routers

Hmm yeah the first time I noticed that was on a pfsense box

I didn't know I guess

In order to get appliance support, the vendor who troubleshoots the hardware asks up to open up ssh to the internet

But as long as we just enable the vendors ip as allowed traffic, should be fine right?

Yes it you have rules just for their IP its fine

My teacher needed assistance with this and so far looks like we did the things right

He was having trouble with NAT too

Where was he configuring NAT?

From the GUI of pfsense

But he kept putting the wrong info in the wrong fields

Now for Cisco, he just used the GUI to do it fast

He said something about Asa wizards

GUI.....ewwwww

Yeah he wanted the gui

He said someone else will inherit the setup and there's no documentation for command line stuff

Its cisco....google is the documentation

Right yes

But it looks like his mind was fixated on pfsense

I havent dealt with pfsense before so I cant comment on good/bad

Now for the LAN management of the workstations I started created some powershell scripts for him to use instead of going to each machine manually

He was literally taking one master drive to each machine, opening it up and connecting them together to sata controller, run clonezilla and clone

Sooooo slow

Somehow though, that didn't bother him.

You could build a clonezilla server and put it in the vlan and just PXE boot and clone. With multicast I remember doing 30 pcs all at once without a hiccup

Yes, when I joined, we experimented with that for pushing Ubuntu 14

I liked zilla. Decent

It worked for a few semesters fine

Ahh that was during the time we had pxe problems

The solution was to change ports to portfast

The link took too long to establish

That would do it

Then he started getting annoyed with the lack of support for apps that run on Ubuntu

Like packet tracer and VMware workstation

He said the problems plagued the classroom and ruined lectures

Well VM I know now is supported. Smaller apps like packet tracer are very hit and miss

Yeah I remember we had to do this hacky fix installing gtk dependencies

Just for packet tracer to work again

I would say setup a EVE-NG VM for the class to access, but PT is much better for intro

So he teaches ccent two sections and he uses pt for all that

@bold karma 500MB is the webservice i need to upload to the host server xD

PT is perfect for CCENT/CCNA

I agree

The simulation mode alone make it worth its wieght in gold

Yah and the times where you take exams, it opens it in PT from the web

Like command practice

Hmmm...didnt know it supported that

Well, like webstart

But cool none the less

Java web start

oh

My exams had a few of those

It wasn't just multiple choice, drag drop questions

Sometimes you had to work the simulation in PT first and find the answer. Then go back to exam and mark the correct choice

All cisco exams have them

simulations are the highest points on the exam

Yes they are my favorite. Testing the working knowledge

I think I had 3 chapters that had none. I think QoS and the part about ip sla

It was just book smart questions

Well they get a bit deeper in CCNP

these are just my ip sla notes for route

Oof yes more in depth

Nice onenote

I live in one note when studying

This was my note I posted for route if you are ever interested in going that....route...Its an export of one note in gdrive

https://drive.google.com/open?id=1hJnGAqm-MBwXM0H3UFt8ITJAljmBn85u

Wow really nice guide

Ill have switch notes shortly. My test is on Sat

nervous as hell. Supposed to be much easier but so much memorization

Ironically just today I had a Junior Linux Administrator job interview yet i have 0 idea what u guys are talking about

LOL

We are talking about cisco certs

Sysadmins dont deal with networks much, mostly basics

any opinions on Mikrotik vs Ubiquiti PoE switches? (looking at the 24port variants)

Mikrotik is more CLI based but if you're familiar or comfortable with that then I would say go with Mikrotik, otherwise Ubiquiti would be better imo

I already have a Ubiquiti AP... so running the controller software. That's the only reason I'm considering Ubnt

Yah, I would go with Ubnt then

fair, thanks 😃

Mikrotik does have a gui. Hasn't been updated since 1978 though

Ah, good to know 😃

I love mikrotik but for a pure switch, if you need vlans, go Ubi. Configuring vlans on mikrotik is still pulling teeth

When I am reading the specs of a PoE switch, what's the deal about power budget? I see a trendnet switch having a 64W budget but have 8ports total on the switch

It supports 30W output per port but...

Then you'll get two ports at 30W each

and be out of budget

Omg that's awful.

Is that why it's sold cheaply

It's not targeted for 8 ports at 30w each, that's why it's a budget switch with a low power budget

So what price range should I be looking at? 150+?

Usually meant for a few 15.4w devices and some non-poe devices

If I have 4 802.3at devices

Type 1 or Type 2 802.3at?

Uhh...

What's the difference

You mean like A and B modes?

PoE or PoE+
PoE (type 1) is 15.4w max
PoE+ (type 2) is 30w max

Oh

Type 2

They are more than 19w

Yah, then look for a 150w+ PoE budget switch

Okay thanks

You could try sending an email at the LTT email

why?

dooley will BAN if we dare try to talk to staff

👺 😇 🔥

Dooley OP.

Don’t mess with Dooley, he will packet switch your frames into a T1 CSU/DSU as punishment.

🤔

i am going to remove fiber from you and put you back in the copper age with 16kb up/down

If you owned a ARIN allocated /24 IP block - (IP4) - what would you do with it? (not rent/leased or provided by an ISP)

I'd sit on.

Give it back because I don't want to make payments on it 😛

I've seen people lease out blocks for roughly $200 a month, or sell for $12k or so at auction for a /24

I mean if I could sell it without hassle for more money, then sure, I might sit on it for a bit and make payments 😃

Do you think the networking jobs could be replaced in the next 5 years?