#networking

Na

Not that I know of

The teacher can give us then

Them*

Like they can generate them

But we can’t

Probs because of that exact reason 😂

i just use an old windows laptop as a server

its cheap af

I mean like

Oof I’m really excited

Did consider calling in sick for work

Then though not to

Plenty of time to play tomorrow, when you're fresh. Gimme a ping if you want any ideas of what to do with a domain at home

Will do

Going to do it tonight as I need it tomorrow for files and that

And my discord bot 😂

lol

Anyone who has set up a WSUS server before, do you need both an upstream and downstream server? or can you download the patches from microsoft through a single WSUS server, and link the devices to update through the same server?

@cedar igloo Literally just set this up, actually. You only need the one. Downstream is for stuff like load balancing, or shooting it to a more locked down LAN

i have a subnet that is completely shut off from WAN (no internet at all). Would i need a downstream one for this?

Yes, unless that subnet does have connectivity with the WSUS server

the subnet can see the wsus server, and the wsus server has access to https.

👍

We now have the server

Running with a domain controller running with no issues

Hey, one of my friends has the problem, that his lan connection drops randomly... Has anyone help? (The cable is ca. 70 meters (229 feet) long)

@forest phoenix woop woooop!

@earnest depot Cable is still within the limits of CAT, so that shouldn't be the issue unless its crossing a lot of live wires

could be driver related, or some weird traffic on the net causing the drops

I have bad internet please buy me internet

@earnest depot is it cat5e or better?

I've seen unmanaged switches also fail

i don´t know exactly but i will ask him

I come bearing a gift of the nightmare that is my networking setup

jezus

to be organized

but at the time i just wanted it functional

@little schooner It is cat 7

Then its probably fake and where his problems lie. Tell him to replace it with Cat5e/6a

@clear igloo

LUL @rocky badge

@earnest depot I had a cable that was actually sold as a fake. It would drop the internet connection for no reason

I made my own and the problems disappeared

So the third party reseller I bought from didn't make them good

Cable Tester didn't detect the fault but with an expensive one, I probably would of discovered it

I thought my Edgerouter port was going bad

Heh.. Yeah, simple continuity testers usually don't tell you about bad connections.

@little schooner Most Cat7 is. Its barely considered a standard but people dont realize Cat7 is incredibly expensive and requires special crimpers and caps. But people will still buy it when its really aluminum core cat5 which is cheap and breaks incredibly easily

My Laptop Wi-Fi keeps cutting out until I go into the my modem and restart the WAN interface, It happens quite regularly at least once a day

Does the wifi really cut out, or are you just unable to access the internet, but your own network (like your router) is still available?

I can still access the network and its only my laptop, my phone works ok

Most modern phones use the cell network as fallback, if wifi is not working properly. Are you sure the phone is actually using your WiFi?

Yep I have the cell network turned off

How many WiFi devices do you have connected?

2, my phone and laptop, I have tried setting up my laptop with a static IP

Anyone can recommend me a alternative to FreeNAS that is still free for NAS use only

There are a few options..

• Your router cuts the internet connection completely.
• Your laptop has DNS problems.

apparently my Q6600 system hates FreeBSD

How do I find out which it is?

even downgrading to FreeNAS 9 causes kernel panics

Haven't seen a NAS distro not based on BSD.

@quasi cliff When you have the problem, try accessing something outside your network, only using the IP address. (Eg. ping 8.8.8.8)

Ok will do thanks 🙂

Rockstor looks to be CentOS based

I did wished this repurposed PC could just run BSD with no issues but IDK why Dell hates it

and unraid is not something my dad wants to buy for just me

what's wrong with freenas @keen ermine

what about OMV? https://www.openmediavault.org/

FreeNAS' USB installer locks up the bios and if I install it externally and put the HDD with FreeNAS on it, it goes kernel panic. Tried even FreeNAS 8 and just kernel panics during install or python errors

@keen ermine you could just spin up Ubuntu, and run docker with pydio, smb shares, and an nfs share for fun

And do a software raid. Ubuntu also supports zfs

ah true'

Never forget, everything can be homebrewed

I mean if you're just doing a simple zfs pool then doing it via command line isn't too bad

And pydio give people the nice little web client a lot of people like 👍

Or nextcloud, but I don't like nextcloud

Lads, we require more pr0n in this channel

Should be put down. We office space'd our 6500 last year

Alright I know I am a rookie at the networking but is there a way to get two separate networks off of just one line coming in? I ask because I like to get dropcams onto a different network so they aren't killing the bandwidth.

If they're coming across the same cable, no amount of networking voodoory will get you back bandwidth

@hot patrol

Guess we need a higher speed then lol my gaming needs must be met

Thanks for the reply appreciate it

Is it a gigabit link?

I mean you can use QoS to limit the bandwidth but... you probably want the cameras to upload continuously

How many cameras though? I can't imagine it's enough to saturate a gig link.

My 4 2mp cameras only send like 32 mbps of upload speed

But if it's doing that local, that shouldn't affect

Camera packets go brrrrrrrrrrrt

Must be jumbo packets 😉

Setting it to Wumbo usually does the trick

internet connection: no you can't just utilize all the upload bandwidth th-

cameras: upload go brrrrrrr

Here's a question

Was legally obtaining legal Linux isos from a legal and trusted legal torrenting site

Without a VPN or proxy which is top stupid in hindsight

And my internet creeped to a halt

It had never done that before

Went downstairs

And modem lights were off, but the Ethernet activity lights were still on

And there was some data still being sent

Did my isp nuke me?

Or is my modem conveniently failing?

It did it with a proxy too so I don't know what to say

Could be some sort of bandwidth limitation

Or throttling

I'll be quiet now lol

@amber oxide could be some sort DoS by your ISP, or just random connectivity issues

Hard to tell without an eye on the traffic

Indeed, my guess is probably that something somewhere determined I was too much of a strain on their already decrepit WiMAX towers

5mbps is fun

Whenever I did anything throughout the night it went okay

Additionally the torrents actually kept going even though the rest of the traffic on my network screeched to a hault

I checked and I wasn't hitting my 5mbps smart que in my edgerouter so it could actually be a setting inside the modem QOS wise

I'll have to do a lookover at what the firewall settings are

maybe it was the seeding dude

who knows

Is there any decent windows server security?

Like im willing to pay

But like damn they make it hard to fund what you need

find*

You can always lock your windows server in a vault, with the power disconnected.. That'll make it quite secure. 😛

Na

Went with malwarebytes for businesses

How do i make computers use my WSUS server? the GPO is linked and applied to all computers, and shows up correctly. In WSUS Update Services, i can only see my WSUS server under computers.

I keep getting this when i force check for updates

@cedar igloo you also have to force enable automatic updates in gpo, and set wsus to use gpo/registry to see computers

Yes, wsus is a pain to configure, and if you have a product broad environment, the initial update sync takes forever

@forest phoenix don't discount windows defender itself. I let it run on my hosts, and use nessus and snort at the network level to really drill down security

Thanks. Gotta wait another 3 or so hours to change the computer assignment. initial sync 75% done

Isn't it fun?

Well

I have malwarebytes for business now

just payed for a full year

Gosh dang

I love this server

lol

Also love the domain

Like

Next level been wanting to do this for ages

It always seems like a huge step at first

I mean like

atm

I had a Active Directory, DNS, File Storage services, IIS, WDS

As the roles

And I have a media server running

Discord bot

And some other stuff running

With like 5tb of raw storage

Just running windows off of wds?

Why not use linux for exactly that?

Domain

@crimson otter Easy integration with windows AD

Yes

Ah yes if its required

Yes it is

Well no but yes

lol

I run a mix of windows and linux in my lab. AD is just so convenient for authentication, especially linux integration.

What are some good linux infrastructure machines? i want to learn more about linux, but so far i only know how to make docker machines

i guess i do not need AD for my authentications, never really got the idea of integrating nodes all in one spot

@cedar igloo I would get a redhat dev license. It's free, and is good for up to 16 instances of it

Alpine linux is also another good OS to learn, because of how lightweight it is, and it also is used in a lot of docker images

is there a difference between redhat and centos? i thought centos was almost an exact clone

Full send

redhat has better support through their customer portal, and has a lot of enterprise related features that are good to learn

There's also some enterprise products I use that only run on redhat. And if its free either way, why not?

@crimson otter management. If I had to manage all my individual hosts one at a time, it would be a nightmare

i only have 6 servers to manage, no big deal but at times i wish i had it setup different, password nightmare sometimes, then again VLAN'ed the backend so its no big deal

Even if they are linux servers, you can use PAM modules for a unified authentication experience

Using windows for all that is a nice start to learn beign sysadmin

linux can always be added later if you want to optimize

except exchange, fuck exchange

exchange can go die in a hole. I only had to deal with it once on a consult, but never again

gonna pass that shit on next time

i started off with linux back in the days and never got the grasp of windows server as server OS

long live exchange online

or anything mail related not self hosted

I just really like my mixed environment in my lab. Windows up front, all nice and pretty, linux lifting behind the scenes

so what sort of stuff is your linux doing?

Security focused. I run nessus, a splunk environment, pihole, serving applications (file servers, website hosting, docker swarm)

and snort agents everywhere

and I guess my esxi hosts technically count

we'll count that too lol

using windows auth in my vsphere sso alone is worth it

im still using the default administrator@vsphere.local. I wish chrome offers to save the login creds.

Firefox saves the creds but many features just dont load, such as updates

Definitely add your AD to your SSO

then you can use the vmware auth plugin, and one click login

the problem is my whole domain is in vsphere. fully contained so my main pc isnt connected

Ah, ok. That does make it a pain

just found out you can change the default domain. This makes life much easier

Service Host: Network Service is using like all my internet bandwidth in task manager, any idea how to make it stop? windows isn't downloading updates, i checked... it's been going for HOURS pls help me make it stop bc i just want to use my pc

It also might be BITS, I'd kill those services if its that big a problem

@thorny vector it says it will like shut down my pc or something if i end it

Splunk only let's 500 MB of traffic per day but graylog offers 5GB

Also graylog used to be free

splunk dev license, 10gig ingest

I also have a 50 gig license from work I can use, but haven't needed to yet

I changed the WSUS to Use Group Policy, however there are still no computers showing up.

it takes a lot of tinkering

i wish i had a more useful answer tham that

no worries, you have given me a good place to start from

@thorny vector oh right you mentioned this before. I already forgot

Need to work on my memory

No worries, I shall forever spout the goodness that are dev licenses

@thorny vector I'm totally going to get one. I've been meaning to install something like splunk to monitor router logs

Figured out whats wrong with it. A few weeks ago, i tried making a wsus server, failed and deleted the vm. I also removed it from AD but not DNS. the current vm has the same hostname as the last one, but a different ip so the computers were trying to connect to an old server.

that'll do it

about as good as me trying to use http to connect to https 😉

i did that too at first, except i thought just using the https port would work straight out of the box. as you can tell, im new to this stuff

It's where we all start. Only way to go is forward!

@little schooner Lemme know when you do. I love splunk, all my logs from my everything get sent to it

alright folks

i know we do a lot of career advice here

https://www.reddit.com/r/sysadmin/comments/goisu6/you_might_not_have_imposter_syndrome/

sage advice from the OP

@waxen scroll So I should email the CEO every 15 minutes AND proclaim to my coworkers they should bow before me?

believe it or not, being a chad at your job helps

is the base router that atat gives good for gigabit?

Anyone know how to give DHCP clients a description on PFSense?

android-654vdfghe984qwf4q doesn't tell me anything. LOL

@south blade yeah, give it a dhcp lease reservation and I think it let's you assign the name

Or on your android phone, set your profile name

I tried to do that but it had to be outside the range of where my devices are? :/

The profile name often sets the hostname of the device

My devices are on 192.168.10.100-150, it says I have to be outside of that to reserve it.

@south blade yeah. That is a weird limitation

It should still let you make it and be smart and look at the reservation

My Poco F1 does show it's host name as Pocophone F1, so that's convenient...how do I do the same on older Android devices?

I guess you have to temporarily reduce the range to like 3 devices, make the dhcp reservation and add the normal range back

To see if you can trick pfsense to accept it

Why don't you assign it 192.168.10.99 or 192.168.10.151?

That would be the method requiring the least effort, yes

Hmmm, well one device is a printer and the other is a desktop with my Emby server, both auto discovered by the rest of my devices on my network.

That's something I wish Edgerouter did better. Allow broadcasting of specific l3 packets to other networks

Is that even a thing for auto discovery

?

The Android devices I was hoping to be able to give descriptions to so as to know what exactly is connected, cause I think I see more devices than I have. LOL

BRB, gonna go around the house logging MACs of all these devices cause I don't like fishy stuff on my network going on. LOL

Anyone else use pfBlockerNG?

@south blade yes but it only works best if your router has like more than 1GB of ram

I've seen it crash the sg3100 easily

I'm using a computer that I installed PFSense on. But the thing is I'm not sure just how well it's blocking ads. I've tried Pi-Hole and I could see it putting in work on ads with that, but the Pi Zero I was trying it on came damaged I guess as it'd often crash/lockup. I already had PFSense setup so thought I'd try that, but like I said, not sure I'm seeing it block that much. I did use the Wizard though.

I see this on my log actually: https://pastebin.com/iqXGv163

@south blade it looks like its having trouble downloading the block lists

Are the list urls accurate and not dead?

reboot

I love the fact that windows server allows more then one anti-virus

Like it allows windows defender to do it stuff and malwarebytes to do its stuff

With no complaining or saying that the device is protected with a different program

oof

Anyone know of any way to set up your own upnp thing to forward ports on your router without admin access to said router?

@cedar igloo that's definitely a "need admin access" kind of thing

except for the phone complaining about power usage, it didnt seem to mind that i connected two ethernet ports to eachother via a usb C USB hub

Any ways to improve my homelab network? Its meant to be as close to a real enterprise environment as possible. Also, any ideas of better ways of visualizing this would be great

@cedar igloo looks good to me. Visualization looks good to me to

I need some help with a unifi firewall

I have two networks and they are both segregated. I want to let an ip/mac address through. I have tried putting a firewall rule before and after m y network rules and it doesn't wanna work. How can I fix this?

I just saw a duckduckgo highway ad. Thought it was neat that they decided to advertise privacy here

https://community.ui.com/questions/Laymans-firewall-explanation/2dafa379-3269-4749-b224-0dee15374de9 @heavy cedar

use that to figure out if your rules make sense in the direction you're trying to do

@vapid dune dang I think this was the diagram I had been looking for last month that I didn't find

I guess there's this too but no good diagram lol https://help.ui.com/hc/en-us/articles/115003173168-UniFi-USG-UDM-Introduction-to-Firewall-Rules

I was trying to troubleshoot firewall order operation

haha yeah that one is quite useful

Okay, so for Unifi's port forwarding, they have an option that is called "from". There is limited and any. I assume that this is for "what ip is it coming from?" but people say that unifi doesn't support multiple wan ips. Does it really not support any more than 2 wan ips (2 for the 2 ports)?

@heavy cedar the from should be all, unless it's specific IPs that you know are going to be the same coming in

So it doesn’t have functionality for out but It does for in?

maybe not in the UI but the config should have a lot more functionality

ex https://help.ui.com/hc/en-us/articles/215458888-UniFi-Advanced-USG-Configuration

I'm new to Ubiquiti UniFi hardware, tired of my current old setup and going to need to be able to send signal at least 120 yards to 2 different buildings in the future. So getting rid of everything except the starting point, a PFSense box, what would I need to get?

why not wires

or fiber

Well, what's the legality of burying cable through a power line easement on my property?

@south blade if you have to dig, my state says you have to call first

If you don't call and break something, that is where I would be in big trouble

But if you think nothing is really there and succeed, well no one has to know

Building on left is 120 meters away from main, other one is maybe 70 meters from main. What could be buried under a power line anyways? This is outside the city.

is the intel pentium j3710 usweable for a mc server of somewhat low sepc???

@thick minnow https://ark.intel.com/content/www/us/en/ark/products/91532/intel-pentium-processor-j3710-2m-cache-up-to-2-64-ghz.html

i have one lieing around i just wanted to know if it would work

i know its specs i wanted to see what people thought of it

it would replace an intel core i7 860

there's gas and water pipes underground

but either way you could probably install conduit and run cables to the buildings. dunno if that's cheaper than wireless or not

but if you want good wireless then you're basically looking at point to point microwave

yummy

it's more designed for like km ranges though I think

As far as I know this land has never had anything but this power line ran across it. Water line is on the road infront.

ok

I mean you could probably DIY if you just call to figure out where you can dig/cover

that is what i was gona say

best to do it with fiber and conduit

less hassle of potential hazards like lightning lol

and if you keep a pull cable in there you can add more

Fiber, like optical fiber?

yeah

What kind of hardware do I need between that and my devices to send and receive through it?

curious how does the power get there

Power on the land?

something that converts fiber to ethernet =p

I'm just thinking something that works on fiber can't be cheap.

But I've never looked so what do I know. lol

I mean you could run ethernet instead since you said it's ~100m

just gotta plan for stuff like lightning

the cheapest is probably direct bury cable

assuming you can dig / cover a line straight to the building lol

oh didn't know they had kits like this. more in your range category: https://store.ui.com/collections/unifi-network-routing-switching/products/unifi-building-to-building-bridge

but yeah I was gonna say the other option is wifi but you need to make sure it's both directional and a clear line of sight

there's cheaper kits out there

I'm working on the line of sight. xD Nothing built yet.

lol in that case. back to the cables

This is old though.

Lots of trees coming down.

cables and conduit I'd say

Oh dang, I just tested my 10gbps cable and it has several cable faults

Ughhhhh

It's such a long run to replace

55ft

welp

@vapid dune they are cat 7, before I knew they were fake

Welp, time to replace them with the real deal

shit, copper coated crap that's being peddled online?

Amazon

amazon has a supply problem

Third party seller

they have real mixed with fake sometimes

Oh damn, that's even worse than "scoring" a deal on eBay just to find out it's fake.

third party is the worst

xD I'm going to have to be sure I lay out my cable to test before burying 500 ft of it just to find out it doesn't work. LOL

Is this normal?

The last line

that's apparently a shield indicator

Ahh

Yeah it's shielded

seems fine in that case? lol

Yeah this was another server cable I have plugged in

So that's good that this one isn't bad

But my 10g one is completely bad

I can't even browse my file shares anymore

ouch

it's not just the ends that are bad?

@vapid dune yes just the ends, but it's a shielded cable and everything

ah

I don't think I wanna do all that stuff

haven't crimped that kind myself

but depends if it's cheaper to try it yourself before buying a new one lol

Yeh

certainly more involved

Id like to have access to the fluke cable certifier tool

Maybe my net admin at my old college can let me borrow one

Just for giggles

https://www.youtube.com/watch?v=44v1dTq1YMw

oh it's not that bad

@vapid dune oh that's neat

guess it depends on the connectors you're using

Looks that way

Hey, does anything think they can help me with some cloudflare hosting issues im having?

is this safe? Is there any way to trace back to my IP given my URL?
https://i.imgur.com/xSZnRYE.png (black is my website URL, and red is my home public IP)

Are you running that mc (minecraft) server on a computer running through your home internet connection?

CloudFlare can't proxy Minecraft, or TCP/UDP for free, you have yo pay for Spectrum

@ornate jungle my server PC which is on my home network

Your origin IP will be exposed by that SRV record

then yes, your home IP is exposed

uh

what can i use

a dedicated server

for an at home server

i mean

um, as far as i know, you can't use anything (free) -- see what blob said

@rocky badge wait so how can i host this?

There's not much you can really do

(That's free)

@rocky badge what are the payed options (for keeping it at home)

An external server running bungeecord/waterfall or something proxying Minecraft

@rocky badge i asked someone and they said to buy a simple cloud hosted VM, and route all traffic to that

You could pick up a nanode for $5 from linode, its one core, one gig. Thats what we use for our vpn at work

Or just host the MC server in the cloud and get a DDoS protected IP

I mean regardless I'd get a protected one

2G ram is like 7/month on a VPS

Add DDoS IP for a few more dollars

2g for a minecraft server is garbage

Depends what you're trying to host

for a bungeecord/waterfall/proxy 2gb is plenty

@rocky badge should I always be using fqdn for servers?

yeet

yes

even for a fileserver?

I've been having some resolution errors lately

yea

I use fqdn

i see

okay. well I only got a few of them to change

luckily it won't cause outage

i was a smart boyo

When i setup the domain i needed all trafic to point to the DNS on the domain controller but when it went down for updates or be being stupid i would loose internet access

So i set 2 DNS servers with the domain controller as the main

Also learnt to not apply group policy updates to the server epically when it include "sleep after 30mins"

Also am looking into some new ap's that would be able to use the domain for login

Does anyone know any good ones?

@forest phoenix for that problem, I am using dnsmasq to forward any requests for internal domains to a different dns server while the rest end up going to the router to resolve

that solves the no internet problem if the server is ever down for updates

I mean like i also jsut cut updates

do they download and then it sends me a notifcation

on my phone

yes they can do that

but an unpatched system gets me nervous

unless if its at a college lab

then im resting easier

i have openvpn open over here

well i mean like

i have enterprise security

like anti-maleware

and my switch also drops a lot of the crap before it makes it into the network

i feel safe

I have the basic junk

but i also remote into it at least daily and check anyways

I got buisness antimalware and antivirus for it

I moved from crashplan to idrive and so far its not what I thought it seemed

and full protection for every computer on the network

I use the built in antivirus

oh nice

it will go a long way, im sure

yea it does

saved me many times

also what is the crashplan?

its a cloud backup solution

for businesses now

it used to have a home version

it was literally a set and forget system though

I really loved it

just cost too much money and slow download performance

Oh nice

um

now I might be regretting it though

Google provides rlly good unlimited backups for like 13 dollars

and dedicated software thats set and forget

that was the problem though, it cost as much as crashplan

yea fair enough

I had mine running when there were the big aussie bushfires

and they were getting close so it was chilling

and just left it because it dosent hurt

yeah

I just bought a Cat5e Ethernet cable and the speeds are only 80 Mbps when I should be getting 250+ what is the problem? How can I fix it?

Well usually you'd want to plug the cable into something

First up, how long is the cable run & have you confirmed that the interfaces in all devices on the chain run at gigabit speed?

well yes, plugged it into my pc and my router

the cable is 10 Metres long (32 feet) of Cat5e

my pc does have a gigabit port

not 100% sure about my router

what model router?

let me check right now

Look at router specs and confirm and also confirm that the port on your PC is actually running at Gigabit
It being capable of gigabit doesn't necessarily mean that the automatic configuration got it set at that rate

Technicolor CGA2121

google says it's got gigabit ports

can confirm looking at some sort of manual/documentation

but check to make sure your port is operating at gigabit
Control Panel\Network and Internet\Network Connections
Right click on the Ethernet port and click Status and it should say 1.0Gbps

100.0 Mbps

found the problem

where/how do i change that?

uhhh know where to change to a static IP?
The option for speed & duplex is in that menu somewhere

I dont have a windows pc handy right now to show you

Keep in mind though, failing speed autonegotiation is an indicator of a faulty cable/port connector

Instead of Status click on Properties > Configure > Advanced > then it's Speed & Duplex

found a speed & duplex option in the settings

Set it to Auto first if it's not already

if auto doesn't work ... check your cable

If it is auto and you force gigabit then you'll either lose internet and need to drop it back to Auto or you'll be good

it is on auto negotiation

can you link the cable?

your router might also have duplex settings

don't think i'll be able to @clear igloo

im not keeping up. should i change it from auto negotiation to 1.0 gbps?

yes

if you lose connection just revert to auto

I mean you can, but auto should just work

auto sets it to 100 mbps

well...

its still on 100.0 mbps

but the settings are on 1.0 gbps full duplex

do you have another cable you can use?

apply the settings then disconnect/reconnect the connection

alright

gimme a sec

Though, if it was just an autonegotiation misconfig I'd expect it to run pinned at 100mbps
Given that he only gets 80 mbps out of it, I'd suspect a fault in the cable
Would be neat if he had an extra PC we could do an iperf3 test with

Depending on overhead 80-ish can be about right

especially if Windows is eating up bandwidth 😛

true true

hello

ahoy

i could test it on a laptop i have laying around

I would do that

Did you buy the cable or did you make it?

not sure if that has gigabit ports though

bought the cable

Can you link it by chance?

i'll look at the store i bought it from website

unless your device is like 10 years old. most things have gigabit these days

@clear igloo found the cable

https://www.dpm.eu/kabel-utp-cat-5e-10-m,3,26644,6939

no information about it

Yah, lol, I was going to see if it said CCA or something and maybe it got damaged

dont think it's damaged

try another cable

or another device

I'd try to see what the laptop has to say & if it gets up to gigabit
I remember a few cases on fairly decent x470 motherboards the onboard gigabit NIC had a faulty driver that locked it down to 100 mbps

don't have another cable, i'll try on the laptop

wait.

i have another cable

but its way too short

also cat5e

i'll try the laptop first

could possibly be the router too

If the laptop also doesn't get the proper speed, try a neighbouring port on the router
Could just be corroded contacts

or just bad settings on the router lol

^

laptop got 75 down

I'll try a different cable

same ports

less likely but you might also have multiple coincidental failures too lol

cable is faulty

the other cable got nearly 200 down

ah yeah

same ports and everything

time for a new cable

does length have anything to do with it?

nah

not at that length

cat 5e can be like 25m without problems

100m for gigabit or 2.5Gb for cat5e

looks like I'm getting a refund then

hmm yes 100m. lol that's such a long cable

Yah, I've only run into a distance limitation a couple times when making some patches between different floors in the building

do you guys reccomend any companies/cables themselves?

Cable Matters has always served me well

@little schooner yes? hello! who just joined?

@waxen scroll huh

My cat 7 cables are fakes ik

But what do you know... I actually had some spare runs already there that I forgot about

I'm so happy it was an easy replacement

The other cables I got were cat 6

dislike

@little schooner u getting paid yet?

does anyone know of any other bandwidth limiter programs other than "Selfishnet"? it just seems a bit sketchy

Because my router does not have QOS

@waxen scroll not yet but he also hasn't asked me for anything too

I tried pushing for the grant money to be used to help fund my efforts

But of course covid had hit as soon as the meeting was scheduled just two weeks out

I have to look for a paid internship for this fall anyway

@obsidian hamlet I've used this one previously https://www.netlimiter.com/

Thanks! I will check it out

@vapid dune does it only work for pc or does it work for every device on the network

just your pc

ok thanks

np. you can't really do it for all your devices centrally without something on the router

what's a good/easy way to let someone download some files off my computer

@vapid dune maybe syncthing or resilo sync?

more like if I needed to send some files to my parents

use onedrive or google drive then

its probably the easiest

hmm maybe. I was hoping for less cloud

@vapid dune less cloud you say?

You can self host your own!

@vapid dune yes owncloud or something

Or western digital cloud thing

I like Synology's quick share lol

I mean I could set up an ftp server

but that's not really secure heh

someone suggested teamviewer to me. that might be good enough

How is teamviewer easier than drive

But yes that works they encrypt the transfers

@rocky badge I was pulling my hair out with windows CA

Revocation list error... Blah blah blah it couldn't find it or it's crl was expired

Such a pain to login to server core and fix all the stuff

I should of never used server core for offline root ca

Lots of hurdles to jump through for no reason

And they don't support mmc cert authority module

All stupid decisions

lol rip

it's easier because I just have to send a link to my parents and tell them to read a code off the damn screen

Hello you all, i would like to start my journey with unifi and their protect and wifi. What hardware, switch wise would I need for both cameras and AC's? I was wondering about Ubiquiti UniFi nanoHD, Ubiquiti UniFi Video G3 Flex , Ubiquiti UniFi Protect G4-PRO (in the future, that camera costs so much) and Ubiquiti UniFi 24-Port PoE Switch (USW-24-POE). Is having one POE switch good enough to start wifi and protect systems or do I need the UDM-PRO as well? I know that I would need to store the footage from the cameras somewhere so storing it on UDM would be ideal I think. But, is having a poe switch and poe cameras good enough to start using it as wifi? I currently have a router/modem from Virgin Media (UK).

Anyone who knows a decent network switch (gbit), that has a decent interface to manage it (manageble), that also is rackmountable, has option for POE (I'd like to have it addressable per port, or go automatic when it has to feed power, but POE is NOT a must) and has enought ports (about 24 - 48 - 52) (I think 24 would be enough (for now)), SFP is something I don't need, except if I'd "need" to extend the switch to another one? Any recommendations? I like a good design too and currently have a 8-port tplink switch. Budget would be around 200€

@crimson trench CSS326-24G-2S+RM. For PoE you're looking around double your budget with the CRS328-24P-4S+RM

I'll second a CRS328-24P-4S+RM

Mikrotec, I have never ever heard of that

Mikrotik, its a Latvian company. They are in the prosumer space competing with Ubiquiti. However, unlike Ubi, the have some equipment that is not frowned upon for enterprise use

@hollow marlin real talk. i was in a job interview once and was asked about my wireless experience. i asked if ubnt counted and was told no lol

lol, I mean it should count. AP wise, setup and tweaks are not far off enterprise APs. Still follow the same physics.

agree

I would never deploy it but Id also never dismiss it as experience 👍

some how 10 years in and i only messed with extreme/motorola, meraki(not deep), and ubnt

v_v

i usually work for places where wireless is not my problem

you never want wireless to be your problem, especially if you have warehouses

lots of support incidents

Wireless is a whole nother world. I avoid it and give respect to engineer knowing what they are doing

Cisco and now Mist is what I deal with at a high level

I tend to not get involved in areas where the problem 99% of the time is on the far end of my equipment

i dislike support so much im about to quit a job one month in cause i figured out theres a little too much of it. hopefully have a job offer for a place that wouldnt fathom wasting my time with a support request

lol

do you have that luxury?

I was only in support for about a year getting into networking. Never going back. Luckily I work on the side of the ISP that is with business only so support isnt too bad when I need to step into an escalated ticket

current place grew so they're kind of big but the problem is the IT team didnt mature fast enough, so they barely have a NOC and we get passed requests to work like "why is this power supply down?"

when i say support i mean level 1-2 network support

Previous jobs grew like that. It gets out of hand quick.

Oh, I'll look in MikroTik ;o

Especially when new products for "testing for a new service to offer" just keeps piling on with no time to understand it or train the NOC

my concern about the NOC part is that ive worked at another company and have seen what a bad NOC can do, so i worry its going to be years before this place is not giving engineers tickets

they essentially decided they wanted a NOC one day, moved a manager to the NOC and then stole what appear to be average people across the IT teams and staffed the NOC with them. none of them know networking well v_v

^ current place, not past place

Thats what happened to the NOC at my last ISP job as I was leaving. They were getting into MSP and hired on more generic IT which were thrown into the NOC because lack of MSP need for support at the time.

IT, server admin, voice, networking, wireless....yes they all follow under the umbrella of IT but too many managers think it can be supported at the same level

@crimson trench It has a learning curve but if you need help there are a handful of people here who use it to help

How do you mean it has a learnincurve? To set everything up?

Its so popular because how powerful the OS is. Downside is this means you need to configure more than you would on consumer gear. For example if you want to add a VLAN you do not just click the port and choose the VLAN like other vendors.

Do you ba accident have a picture of the OS?

Youtube a quick video on RouterOS. It will give you are feel. UI is straight out of 1995 so heads up.

What the heck is that

1999 software

Its just looks

Its really all you have under your budget for a decent L3 24p switch. Else if you are looking for a pretty interface you will need to go Ubi and spend some more money unless you go used

i sprung for the edgeswitch 24 and i dont even use the L3 #blessed

Isnt Ubi still trying to figure out L3 for the Unify switches?

dunno, mines not unifi

I remember seeing a reddit post of the new switches and promised L3 but never delivered. Much difficult

I still don't like how it isn't feature parity with the edge line stuff

@hollow marlin do you know offhand if mikrotik has something like ip helper

For Edgerouter, they are recommending bcast package for similar functionality

@little schooner This you are looking for? https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Relay

Tiks only have DHCP relay

@craggy parcel except not for dhcp

@hollow marlin stinks.

I have this scanner that only works if you connect to it by broadcast packet

it refuses to connect any other way

What else would you use it for, and is that possible while ALSO using it for DHCP relay?

for chromecast, roku and scanner

where guests aren't part of the same vlan

but they still want to use the chromecast in the room

i tell router to forward that specific broadcast over to their vlan so they can see it without extra steps

like manual ip entry and the like

Hmm.. How exactly would you do that?

well I found a forum post on ubnt today that says you can use bcast package to get that functionality

https://community.ui.com/questions/Chromecast-Discovery-Across-VLANs/b4916fcb-5806-4969-a730-9d2d82780b33

Oh, I thought you were doing it with a cisco router.

sorry this one https://community.ui.com/questions/Multicast-Sonos-Phorus-and-Play-Fi-Broadcast-255-255-255-255-lessportgreater-Discovery-Solution/1ce890c2-5e7e-4ef2-a42a-e9c59444fd3f

oh, with cisco, they have the command ip helper ready to use to make it easy to do

And that works perfectly for both DHCP, printers, scanners and whatever? At the same time.

I thought Chromecast was multicast based? If so you could use PIM

@hollow marlin that im actaully not too sure, but i still have issues with my scanner being only broadcast

Don't chromecast use broadcast for discovery, and something else for actual casting?

i didnt research enough on chromecast

@little schooner Just did a wireshark. Chromecast discovery is multicast

Client sends multicast to 239.255.255.250

Chromecast looks like it response unicast

TTL is 1 so forget PIM

Hmm alright that is good to know

Ttl 1 meaning after it hits the first router, it is dropped yes?

Yep. If you tried routing with PIM it would drop it

Hey guys I have a network cable and need it to go to two systems. Can I use a splitter from one to two cables?

I know i should use a switch or bring in a another port on the modem/router/switch combo but that is impossible cus the cable is coming thru a wall that will be a royal heck task to do

Main task for these cables is to be wired for network and gaming ie low latency

@lost charm would a wall mounted switch work for you? or is power deliver still an issue

I would like to avoid a switch as i can only get 5 port ones

and i need a 3 port one

and no one makes those that are from good companies

5 port unmanaged switches are like < $20. Just take the cable from the wall to the switch then a cable to each PC

Odd issue after figuring out how to get pfBlockerNG to work right and fixing a DNS leak. I have this thing called AudioRelay and Unified Remote allowing me to control and hear my PC from my phone, but since fixing the above I'm not getting automatically connected to them, where do I start looking for the issue? :/ I can still connect manually with the IP, so the port must be open, and both apps are broadcasting/receiving once I do connect.

Are you sure it's broadcasting? Are they in the same broadcast domain?

I didn't change anything on them, same IP to the desktop, same ports, not the same as pfBlocker.

Hmmm, just noticed AudioRelay says "Local IP address not found." LOL

Welp, restarted AudioRelay in administrator mode for a mode with more Firewall settings and that made that one work....edit: Just did some port forwarding for Unified Remote, worked without it before but easy enough.

5 port managed ones are pretty cheap even

the USW Flex mini is 30 USD I think

https://store.ui.com/collections/unifi-network-routing-switching/products/usw-flex-mini

Hey guys I have a network cable and need it to go to two systems. Can I use a splitter from one to two cables?
@lost charm no that's impossible

You quite literally need a switch, there's no way around it

Actually, if you only need 100 Mbit, you can use 4 wires for one system, and 4 for the other.

Essentially splitting the one cable in two, but you need to do the same in both ends, that is, you can not connect 2 computer to 1 computer this way.

Sure, maybe it's possible

no guarantee you'd even get 100bT

If you use the right pairs, you'll get 100 Mbit for sure, as the crosstalk in the cable is not too high.

But I've never seen it used in the real world, for anything but IP phones.

Well that will super depend on the in-wall cable

Sure, but for most cat5 and up it should not be a problem.

Honestly I'm not sure how you can assure that

There's no cable that's been rated for this

for a reason

Actually the single port on the other side would need to be broken into two 4-wire jacks

And to expand on this, you lose all the cancellation of inner-cable crosstalk when you only use sets of pairs

You can't combine the signals into a single port on the receiving side, it won't work

So even a cable with a decent NEXT might fail when you use them as two cables

8 wire jacks will do just fine, with only 4 wires in place. 😉

Anywho, if you care about reliability don't bother

lol

splitting a cable into two

would require two plugs at each end

it's sketchy af

just buy a switch

Damn. Any solution?

yes. buy a switch

A switch will not always be the right solution, in an office environment, where you would need a new workstation. A user accessible switch would be asking for trouble. 😛

you don't need a hackjob network solution when you can easily solve your problem with a switch

You can macgyver if you really want

sure you'd need to pull cables, to a switch in an office environment

But don't assume it'll be fast nor reliable

lol they pulled 2x ports per desk at my office for that reason

Lol if someone did that hack-job at any office I've ever worked at they'd be fired on the spot

We're a company not a frat house

oh god, you haven't seen fiber ninja videos have you

there's like DIY PoE injectors you can make by splicing into an ethernet cable

also how poor is your network security that a user-accessible switch (short term) wouldn't be acceptable?

Whitelist the workstation MAC, disable the other ports

Mac address whitelisting? Yeah, because that's super secure. 😛

switches are fine

I need to get 802.1x wired setup

802.1x

yeah

but creates other headaches

I have it for wireless now

I mean, I also assume you have secure-access and some existing security beyond

so for temp yeah it's fine

Long term 802.1x sure

If the number of available ports matches the needed number, sure, but open available ports (I assume you'd use an unmanaged switch near the workstations in that case) is a security risk.

lol my office doesn't use 802.1x or white listing afaik

they do scanning and quarantine

Honestly if your security solution relies entirely on white lists or 802.1x you need to revisit the design

if they don't recognize your device, they put you off the network

Zero trust corp networks 👍

^ bingo

Well, the fewer entry points, the better, and unused ports, are an entry point.

Just be my school

leave every port active and no auth

Or

Segment your sensitive devices to another network

And have gateways between networks

@clear igloo https://blob.pcmr.rocks/HotMuddyBlob.png

I like 802.1x for wireless lol

Noice!

I work in finance, all the companies I've worked at have super segemented networks with layers of security depending on what you're trying to access

corp is not trusted

Managed Windows devices use the device's machine cert

Google MDM devices use GoogleWiFi

I think it was this one with the POE injector https://www.youtube.com/watch?v=amdfzcqaTIQ

I need to setup cert enrollment

Since AD handles that

Layer 7 gateways between segments

VPN to corp when remote

Anything not privileged goes through specific DMZ

I need to segment my home network more lol

well, not need, but want to lol

I have no segments on my home, too much effort lol

https://blob.pcmr.rocks/PopularOrangeredBlob.png

I've thought about VLAN'ing my "smart" devices

I want to setup a No Internet of Things

anyone here using Nest Wifi and NOT happy with it?

NGL I use HomeKit for a reason

Probably the most secure smart home system I've seen

https://blob.pcmr.rocks/LimpingGiftedBlob.png

@nocturne harness care to defend your position on that? I'm curious.

HomeKit is nice for IoT

it's all local

NVR is local

control is local API

Basically the whole design of homekit is let's only have devices use local network for control, and then have a local controller that can connect out to the internet

I'm pretty invested in the claws of the Google overlords

interesting

https://blob.pcmr.rocks/LightcoralSnappyBlob.png

I need an IPAM....

much smaller attack surface vs. others like Google which basically require your device to be open to the internet

How well would that integrate in a hybrid environment I wonder

@nocturne harness How much of your network is mDNS

lol

😬

We don't need to talk about that

uh oh

https://blob.pcmr.rocks/SuperiorIdioticBlobdat.gif

😆

Wireshark doesn't scroll/update fast enough

lmao

mood

This edgerouter X is in a switch config with nothing plugged into it, this is purely broadcast https://blob.pcmr.rocks/LoyalPointlessBlob.png

36.2GB of broadcast in 7 days

Let me enable DPI on my edgerouter

I think it has an mDNS category

most of this is wrong, but lol https://blob.pcmr.rocks/LimeShortBlob.png

ok hot take

UniFi annoys me

I don't mind the config

but stats

Their APs are "good" but not "great"

I hate the stats

I had so many reliability issues with their stuff

rip

Even the edgerouter

(lite)

my USG dies with avahi

they have reliability issues with the internal storage

Soooo many of them died after a few years

which is ridiculous for enterprise gear

and their warrant is not that good

My HP switch died randomly and HP overnighted me

My ERL died and Ubiquiti went 🤷‍♂️ buy another

rip

lol I mean. The ERL uses a USB key inside it

You can replace it but yeah it's not durable

@vapid dune oh hmm I didn't realize it was servicable

@nocturne harness yeah it's just an internal USB https://web.rory.co.nz/wp-content/uploads/2018/02/Screen-Shot-2018-02-18-at-4.46.14-PM-1024x600.png

damn I might still have the old one kicking around

I can prob refurb it

@vapid dune my server boots from USB lol

I used to run freenas that way

the usb stick randomly died and I got fed up with it

so I switch to SSD and haven't looked back

rip

ESXi is fine on a USB

I mean everything is fine until you either try to reboot or it locks up and reboots

and then you find out the install is corrupt

rip

I could get a SD card module

that has two SD cards in RAID 1

lol SD is worse

Ehhh

SD is fine for ESXi as well

oh maybe two

ESXi is only 1GB, loads it all to RAM

hmm I don't think I've had my Pi card die yet

https://kb.vmware.com/s/article/2004784

but I read it's common too

I switched those to USB boot ... to SSD once again LOL

plus

the actual vms and datastores are on somewhere else

it won't allow you to use it as storage

I might consider switching my RPi to PXE but seems less good for my use case

I use the pi to monitor my ups and then shut down the NAS

I want a Synology RackStation

(among other things like pihole)

iSCSI for ESXi storage

across multiple hosts

https://blob.pcmr.rocks/VioletAcrobaticBlob.png

Although RIP RAM usage

I wrote the initial article on upgrading an erl usb

🥰

It's not my best work but good enough

@waxen scroll good enough is exactly what my professor likes

"yeah, let's just keep it Password 123 because what are the chances that any student is going to be destructive in the lab?"

"the best networks are ones with the least complexity."

"leave it the way it is its going to be too much work and the doctor wants this done now. We don't have time"

"forget the domain, we'll let them login to local users and install the software manually at every machine"

@rocky badge hey quick question, if I had a new http CRL update location to a enterprise CA, it only applies to new certificates issued right?

Or do I have to reissue the intermediate CA cert again and then reissue client certs again?

iirc, yes?

Because the latter would be such a pain

to the first question

Oh well that's good enough for me then

I just reissue the server certs

Yesterday it drove me nuts but I fixed it

I setup httpd like quick fast and it just works

I love Linux stuff that just works

Another good package is chronyd

Ntp package

"the best networks are ones with the least complexity."
@little schooner Wait this is actually a good point

people over engineer and complicate stuff way too often

@nocturne harness those were the professors quotes

To the best of my recollection

No I got that

I was saying they were making a good point 🙂

As someone whos sat through a few different architecture meetings (at some non-insignificant companies), people love to create overly complicated convoluted designs, which end up being very hard to maintain and upgrade long-term

simple can result in convoluted workarounds too

it's a fine balance or art really

I speak more so from a dev background

Too simple can cause problems, mostly when no what ifs are taken in account. Doesnt have to be complicated what ifs like additional routers/switches people never anticipate then run out of ports and need some wack af solution to implement the new equipment.

People that tend to go complex typically only do it because its this cool new toy they just learned about.

🤔 Should I try to get NVIDIA consumer cards working in a VM with ESXi or cough up an unRAID license....

I'd really love to stay with ESXi and VMware so I can manage it from vCenter....but I'd also like it to work

Okay here's a question for all you networking nerds

I have a TP-Link Archer C3200 V1 I think it was. Router obviously. One day the router restarted and suddenly my DHCP settings were all changed. The IP Address Pool was set to 101.100 - 101.199 when it was previously set to something else, default gateway was 101.1, and my subnet mask was changed as well. Do you think it's time for me to replace my router with something else?

Before then I had all my settings where I wanted them and whatnot, but I have had this router for quite some time, and the last time a firmware update was pushed for it was around 2017. Do you think it's time for an upgrade?

Are there any well regarded consumer priced mesh access points that can be powered over Ethernet? I was starting to look at ubiquiti APs but some earlier conversations here suggested the quality and support (and warranty) are lacking in their offerings

@rocky badge dang I would love to pass-through my GPU to my vm

Doesn't Linus use kvm though or something

unraid

Or at home it's still unraid?

Ohh

But would you say it's easier than kvm?

Like you get paid support and everything

Worth it I think.

yeah

@rocky badge You probably already know you can do it, but its an ass pain

I just ended up trading someone for an AMD card that was more or less equivalent

With wifi 6e I wonder if 10gigE will become cheaper

this gets my hormones going ❤️

wat, warship can chat?

lol

this gets my hormones going ❤️
@thick minnow WOW

Warship likes hormones

The face you make when someone tells you to do something not

https://i.imgur.com/zH6KYHG.png

With wifi 6e I wonder if 10gigE will become cheaper
@vapid dune that probably will happen

im the guy from yesterday who had problems with his ethernet cable

bought a new cable

same thing 80 mbps

but the cable i got from my isp runs normally

(around 300 mbps)

what cat is the cable?

cat 5e at 10 meters (32 feet)

ALSO quick question for the network nerds here (I love ya all)
but what rack mountable switch with at least 24 ports would I buy? I want:

• easy to use (web) GUI
• tplink or netgear
• as silent as possible
• not getting to hot
• 1gbps on each port (if that is even possible? 🤔 )

Any recommendations? The price; as low as possible :x

@tall glen and what switch is between it?

just my router

router is fine though, the cable i got from my isp runs fine

same ports, same router, same device

just the cable

im getting 80 mbps on the cable i bought

and the 300 mbps on the cable from the isp

are there any coloured lights on the switch or pc ethernet ports? if so, what colour are they?

let me look

router has the traditional light at the front which is green

my pc has a green light and a blinking orange/brown light

that orange light should be green when its working properly. Do you remember changing any settings on your network interface recently?

• someone please step in if im going off track. just going off of little past experience i have

i was fiddling about in the properties of my ethernet controller trying to get it work

mostly on my own

someone/people told me to change duplex settings

and i did

but still nothing helped

did you revert the changes that didnt help? When i had this issue, duplex was set wrong

i dont think so, they stayed the way they are

do you know the name and model of the router?

technicolor cga1121 i believe

let me check

2121 sorry

technicolor cga2121

Have you tried the old windows fix? Turning it off and on again?

the router or the pc?

if so yes

Both?

yes

router does have gigabit

and so does my pc

Did you pull out the plug of the router? Like setting it without power for 5-10 minutes?

yes

If you have this page in your router settings, can you let me know what the link duplex is set to for your port?

now, you see

i dont have a login

its locked

i've tried every possibility

admin admin

technicolor

admin

How did you modify anything on the router then?

Or was it not on the router?

i've looked at spanish tutorials

@crimson trench windows ethernet settings

So you haven't done anything to the router? (settings)

no

try no username and password "default"

nothing

Try

"username": "admin",
"password": "technicolor"

Then try to use the modem with another device that should have the full speed, if it's better, then it's a windows misconfig

what do you mean by that?

@charred meadow nothing

Do you have any other device (laptop?) that has 1gbit ethernet?

Some routers have the password on a label attached to the device.

if yes, then use that to test the speed, if the speed is faster, then there is a misconfiguration in your windows

@crimson trench i've determined that it's the cable im pretty sure

but they're the same types of cables

i got a cat5e from the isp which works fine

but i've bought 2 other cat5e cables which limit themselves at 80 mbps

i cant read. last suggestion, no username, no password?

@cedar igloo nope

@charred meadow doesn't have any info on the bottom

it only has a serial number, mac address etc etc

no login info

my isp doesn't let customers log into it

translation: Due to the provision of services depending on the specific configuration of the modem, Vectra does not allow configuration access from the device level.
To configure the basic parameters, i.e. broadcasting channel, password or network name, use the panel on the page

(vectra is my isp)

and the only settings available to change on the website they give is super basic

name, password and the channels

I'm pretty sure it is your pc 🙂

why does the cable not work on the laptop then?

Do you have by accident a cable tester?

unfortunately not

but the cable i got from the isp works fine

so, i have a router provided by my ISP. it doesn't cover the house enough, so we're thinking of swapping over to a mesh system (specifically, this one: https://www.amazon.co.uk/Tenda-Nova-Coverage-Ethernet-Configured/dp/B07CTKHRG8/ref=sr_1_4?dchild=1&keywords=tenda+nova+mv3&qid=1590588307&sr=8-4) will this replace my current router, or will it just be an addition?

depends on your current system. with mine, i needed the original router to act as a modem, converting whatever cable it was to an ethernet cable which the new router supports

so i have the singular router/modem combo, which connects to the wall directly

so... i'm assuming i'd run an ethernet cable from my current router/modem into one of the mesh thingies

then whack the others in other places around the house and then i'd have to do the app work?

so this is a terrible picture

thats what i would have thought.