#networking

Unifi AP Lite or TP link EAP225 or EAP 245

get the cheapest. then throw it out in 1-2 years to get wifi 6e

I wonder if the ap lite 6 is worth it

go to goodwill and just get 5 AC1900 routers

If you are talking to me, No

Why would I

I'd get a zotac zbox instead

if you have 5 routers, you can simultaneously serve 5 clients

I'm loving that the new ubiquiti pro gen 2 switches use augmented reality

Hi guys, if anyone could offer any suggestions for this, it would be great.
We have a web app with a contact us page. This contact us page works when the delivery address is my work email - name@company.com, works with a distribution list - dev@company.com however does not work with another distribution list - info@company.com. I've tested info@company.com distribution list from my work email and its fine.
We've been stuck on this for a few days now.

does the sender used by the form have permission to send to that distribution list?

It used to have. I'm not in control of the smtp server so ill check

yeah. it has permissions to send to all emails and DLs

whats the wireshark say?

and the smtp log

@little schooner @clear igloo 👀 👀

and the smtp log
@burnt oasis the logs for the destination or sender? (these may be the same here. im not sure)

oh nvm

webapp to whatever smtp it connects to -- if it's just using php mail, that damn thing is pretty damn useless now days in my experience.

with all of the mail security and anti-spoofing stuff

if your using gmail as smtp server it COULD also be not allowing it because the application is "unsecure".

its all local, so im assuming exchange

ok

@rocky badge should i get a USW-Pro-24

🤔

Why not :p

do you need poe though?

technically i dont because i have 1 device using it with an injector but i guess if i put cameras in..... hmm

😄

What AP is good placed closer to the floor

Aka, basically wifi direction is good out to the sides of it

UniFi?

anything with an external antenna

FlexHD

Asus AC1300G as I have now sucks, I know that now

give some exaples

@rocky badge just the tip

lmao

The FlexHD is the only AP really designed for tabletop/floor

Too expensive

Can exchange spam filtering (if its a thing) block requests from the local network or is it only external spam blocking/filtering?

• by default

@waxen scroll I need a crash course on how to use Wireshark like a pro

Or I need to find the time to do that

What about routers put in AP mode?

@lean pollen them that is better option

But best that each AP has its own wire run

@little schooner what with Wireshark are you looking for?

@hollow marlin well, when I was trying to troubleshoot problems with 802.1x authentication between unifi AP and windows NPS server. Nothing made sense as the policies were configured right. Somehow was getting denied. I'd like to know how to better pinpoint the solution for that problem in particular. The other case is using packet filters or search filters to reduce the output results to just the things I want to look at

I know its practice in order for it to commit to memory

oh and knowing how to troubleshoot if I have a bad cable

Well, any recommendations?

just buy what ever you can afford

people suggested this and that already

That's one way to mount an AP, huh.

I don't want Asus because experience with the AC1300G have been bad

@little schooner Firstly its about knowing what you are looking for. Use the filter for protocols, ie eap, eapol as it will narrow down your search completely. Now just FYI, any protocols that uses a known dst. multicast address will not be flooded or forwarded but will be process by the switch. So when trying to troubleshoot issues such as 802.1x, you'll have to mirror the port to capture the traffic

@hollow marlin thanks for the tip

my speeds are godly

better just turn off your internet

i searched around, 0 fucks were found. Sorry 😦

thanks

@vapid dune or use someone else's wifi access

Like Comcast makes public hotspots

I mean as long as you have a VPN

or go yell at my isp

which is my current plan

anyone have any experience with plesk ?

lol your upload is better than my download

I hate plesk

it's gotten worse over the years

IMO

anyone has experience sending any type of internet connection over 400 feet through walls and trees?

sounds lowkey impossible

assuming you're talking about wireless?

yeah what i was thinking just trying to find a easy way to run internet to my shops without getting a seperate service there

Go over the top? No idea

@hidden storm 900mhz over 400ft should be cake. Dont expect 100/100 but we managed to shoot 900mhz through 1000ft of stone buildings during a disaster. Im talking about 3ft thick multiple stone/marble sides

~10mbps for emergency services

Hey that's plenty as long as it's shaped

For what they needed it was.

Point to point microwave is possible too. Just need a high enough pole

But really at that point just ask people for quotes and pay a pro

is anyone able to help answer a pacemaker/corosync and iscsi/multipath question?
I have two iscsi target servers in a pacemaker cluster connected to a Dell MD1200, I can get the scsi reservations with the multipathd key, but I can't write to the array.
Only if I shutdown everything and boot only one node can I mount and write to the array

@vapid dune I wasn't even talking best line of sight, more like 900mhz can brute force quite a bit

Ah yeah. I just mean it's possible to get fast service wirelessly too lol

And far

Someone wanna enlighten me on "NetCut"
When I turn my comp on, my internet shuts down.... For the whole house

what is your computer's ip address?

do you have it set to static?

maybe it steals the router's IP

Hi there, what would be the best way to stream my PC to my TV (same local network) at 4K 120hz ?
(Is it even possible?)

For gaming?

do you even have a 4k 144hz tv?

I mean if it's in your house why not do fiber thunderbolt or something

I was gonna suggest parsec as per the LTT video but that might not do 4k 144

I have a 4K 120hz Gsync TV

I was checking Steam Link?

And yes for gaming

I mean, if it's 60hz It would fine

Both my PC and TV are in Ethernet Cat6

the physical steam link probably can't

maybe if you got a computer and used that instead

I mean it's a waste of 120hz and gsync if you don't have both enabled imo

@heavy ember I have a Raspberry Pi 3 and a Xiaomi Mi Box S at home just in case

Curse you windows file sharing, CURSE YOU!

lol

and it works again?!?!?!

WHAT

i literally did nothing

I haven't had that happen to me

But I've run into serious problems not using fqdn for a file share. Ip address works good too

I just don't reconnect on startup

@vapid dune that would be fine, if credentials were saved

Otherwise it gets annoying fast having to type it in each boot

@hazy ivy whats the wireshark say

wireshark?

what is a wireshark?

its a shark made of wireframe

i highly doubt that

@hazy ivy network monitoring tool

I’d start with logs first, though

it works already

@hazy ivy it was worth a shot to joke around

@little schooner I appreciated it

@lean pollen Are you looking for an extension to a unifi setup or just another AP for coverage

FlexHDs are just normal access points though? no?

I just want a AP for coverage

Pretty much any consumer wifi router should be able to do that in AP mode then

@little schooner i do wireshark for you. $70/hr

You could try a UAP AC Lite if you want, it's half the price

@nocturne harness Normal APs antennas is designed to be placed on roof facing down, and from what everyone is saying, will not work that well if you are basically facing its side. While FlexHD have antennas pointing to all sides.

generally APs are designed for both wall and ceiling mount

Neiter will be the case on me

ceiling is just beneficial for a lot of reasons beyond the design

it will be placed on a shelf, closer to the floor ish

the issue you'll have with close to the floor is closer to interfering objects

not antenna design

i.e. your house furniture will be in the way of the signal and cause reflections which introduce extra noise

that's why ceiling is best--least amount of furniture for horizontal spread

I can not place it in the ceiling

Ah, well you should have no issue with pretty much any consumer device

no I understand, I was just explaining

(it was better router than some other ISP routers people seem to get)

anyway, back to your question, pretty much any decent consumer device will serve your need

But how do you find one that have stronger signal than others?

they're designed for table top use, maybe just google if the specific model has an AP mode

Stronger signal =/= better

Or whatever else

Ye, it's more of a quality question

Devices still have to have a strong enough signal to talk back

actually work in AP mode for real

and the answer generally is... more expensive devices are better

No

not across the board, I agree, but generally I think that's accurate in the consumer space

Some routers might just have a better router part I mean while the antennas is the same right?

wont use the router part I mean

@nocturne harness still dont agree. Plenty of consumer gear from Mikrotik will wreck $2-300+ consumer devices.

Ye, I wouldn't really say Mikrotik is consumer gear though

It got some issues and seems weaker than the ISP one was... but might be the little bit different placement

plenty of UBNT gear will wreck more expensive consumer gear

Just get a hAP ac2 for $60, put it in ap-bridge and call it a day

Any consumer networking above $100 is pretty much placebo

eh, idk if I agree with that

I mean the range is the priority of what I get

but generally I get your point

All those g4m3r routers are dumb IMO

but the more expensive mesh router stuffs def serve a market that you can't get < $100

Whats really better with FlexHD or whatever then?

Ubiquiti is just known for making high quality gear for their price points

It's product name of a different Ubiquiti AP

Some of the $ for the FlexHD is paying for an outdoor rated unit though

no, quality in networking gear touches other areas than just pure range and power

Again, don't focus on long range

no

all wifi gear has the same power basically

there's legal limits

^

quality = able to handle more concurrent devices, better noise filtering, etc

Then why do it seem like ISP router was more powerful than the ASUS mentioned?

sensitive antennas + good filtering + higher performance processors that can handle more IOPS + software to tie it all together = better wifi gear

(obv a basic view of it, it's more complex than that)

Agreed, there is a limit to "IOPS". After 50 devices talking you begin to reach the limit for physics

Yeah good point

even just the gear being properly designed, end to end, to work efficiently

Listening and talking with Wireless engineers changed my view on all wireless and how physically restrained they are due to the laws of physics

like imagine shit router with terrible implementations of the standards (you'd be surprised how poor companies across the board implement "standards" or how vague they are), poorly designed pipelines that get backed up etc, it's def gonna perform worse then a well designed and built unit

I like the form factor of the flex HD but don't like it's cost

Nah its way too expensive for what it is

its pretty but not $179 pretty

Also, are you saying there is zero point getting FlexHD over a consumer router no matter who you are in your home?

no

I feel like I've been saying this a lot on this discord: everything is a trade off

maybe it integrates into your ubiquiti setup == potentially worth it to you

If you just need an AP for extra coverage, most routers today in AP mode will be fine as they are not handling other services (well not supposed to) which is where they crap out

maybe you're using it outdoors == potentially worth it to you

maybe neither of those previous are true, but it seems to fit the exact feature set you need == potentially useful for you

@hollow marlin do they have a 4x4 ap yet for mikrotik

Doubt it

So the flex HD it is

very few things are bad options in absolution, only when you consider context can you make the decision

Maybe the audience?

(also some things are legit just shit and should be avoided, but I digress)

The config of mikrotik scares me a bit

It's stark change compared to spoonfed Edgerouter and edgeswitch

I only have the outdoor poe unit from them

It's been working since.... Forever

I--

go back and read

@little schooner Audience is 4x4

there are legal restrictions, by the FCC, Industry Canada, legit every government, which governs how much power your wifi router can output

And how you find out what router work better than others because some do

@hollow marlin u know what, I think I'm gonna return my flex HD

It's been giving me issues

And it is illegal for a company to sell a router with a higher-than-permitted (i.e. uncertified) transmitter

Like it takes a whole 10 minutes just to start broadcasting wifi

It's stupid

and not like minuscule bad boy pls change, like here's a giant fine illegal

@lean pollen yes, all the consumer ones

Read reviews

A lot of them don't support configurable vlans

@hollow marlin my return window closed for the flex hd

I'm disappoint

maybe just go with units that have been reviewed by well known reviewers than?

also, there is sooo many

Read the testing methodology of their review and see if it's relevant to your setup

What is well known reviewers for routers?

And read product recommendation guides from reviewers you know

I dont even know that

pretty much all the big tech review publications do wifi routers

@hollow marlin is it me or us pricing for mikrotik gear on Amazon is always higher??

Small net builder used to be good but last I checked they weren't very active

nvm they seem to be active still

what do you even mean standard settings?

the last asus router I set up will prompt you all the settings

@little schooner Always higher. Audience I think has been sold out constantly where they mark up the price. Same with the hAP ac2s that were almost $100 at one point

https://it.slashdot.org/story/20/06/17/1958227/aws-said-it-mitigated-a-23-tbps-ddos-attack-the-largest-ever

Impressive but they exclude that ISPs are also to thank because they are really the first to react to the high load and DDoS whiteboxes are finally somewhat usable

OVH did it first with the 7Tb/s DDOS attacks back in 2016/17.

@waxen scroll can't believe some of the administration staff at my university refers to us as "kids" when some complained that stuff in their dorm was broken or missing

lmao

Hello were all grown adults!!

i call people younger than me kids too

That's different

I think...

i worked for university once. ill never do it again

Im a millennial, by default you are still considered a kid

For the school, I'm usually calling them "my peers" or students when I'm having a convo with the networking teacher

But usually I get called a kid when I call out the senior engineers when they are wrong

They can't fathom that younger minds bring great ideas to the table too huh...

My prof lets me correct him all the time

Many get stuck in their ways and refuse to learn new protocols, design, methods

what are you talking about, hub and spoke is still the best design 🌚

🤣

I mean...it still is in a lot of cases

lol

Just additional ways to fix its downfalls

Mesh all the things!

Yeah, I feel like a lot of critical networks have moved away from the design though, no?

hard to make real fault-tolerant hub and spoke designs

@clear igloo Like this?

yes

Guy I know just got thrown in to fix this project. Yes, that is 30+ 2960x's in full mesh...L2

L.....2

shudder

😬

buy some gasoline

and then douse it all....

^ yes

nah, gotta use some homemade PoE injectors 😉

We want a fire, not an inferno

"And on that day the switches burned for 1000 years"

lmao

I did accidentally kill a switch once using a PoE adaptor

it's was v sad

The $25 netgear didn't know what was comin

I've killed things I was trying to power with PoE

Yeah I told him to just burn it to the ground and bail. I cannot imagine troubleshooting that dumpster fire

show tech spanning-tree detail >:D

looking for a good gigabit wireless access point

mmm imagine a broadcast storm

Spanning tree Will procent a storm.

Pfff...how about imagine the cost. Each of those is the WAN. 48 MPLS circuits per site

Yikes!

@craggy parcel Until it doesnt

It does untill someone disables it.

yo so

does anyone have any recommendations for a gigabit wireless access point?

Unifi AP

which one?

Would spanning tree prevent L3 broadcast storms?

looking for something that can do gigabit speesd

@nocturne harness You mean route loops? And no...I mean depending on setup not directly at least

Would spanning tree prevent L3 broadcast storms?
@nocturne harness Broadcast on layer 3 does not pass routers. And then we are back to layer 2.

What do you mean gigabit speeds @thick minnow

i have gigabit internet

i need to use a wireless access point that does not bottleneck my internet

Do you have a super wireless adapter?

if you think about it, wifi IS the bottleneck

If your goal is gig wifi, you're doomed to fail from the start

even if you went to wifi 6e at this point, it's just not a good solution

with AC stuff, you'd need to have 4x4 support

https://www.duckware.com/tech/wifi-in-the-us.html

Which most devices don't have. Which is why it always ends in failure

that page I just found is super comprehensive

puts the nanoHD as good value, but it's not like you'll get the speeds you're looking for really

I mean are you really going to download gigabit on wifi...

YES, I finally have set up my Minecraft server. It has a domain, I own it at home, does auto backup, runs automatically on boot AND is in Linux, so I can give it 90% of my server ram.

wait what

full mesh L2?

i cant unsee that

@waxen scroll Someone at a point in time said, yeah this look right

This is paid training:

@hollow marlin it's such a bad question right there

@hollow marlin it’s always true

You guys solder?

If the tip of my soldering irons looks like crap is it salvageable or is it done? 😛

@south blade it’s done, unless you’re solder big stuff

Tips are usually replaceable I thought

They're replaceable & not all that awfully costly. Last time I got weller tips I paid something in the 10-15€ range
Also define looks like crap? As long as you can still tin it you can do work

@burnt oasis Yea by phone I mean POTS so I know it's not data network related at all and I like to know which cables are APs so I can easily power cycle them if I have to. VOIP phone would just be general data

Tips are replaceable unless you buy a cheap solder gun that has the tip wired directly into the power supply. I’ve seen many soldering irons do this as a “you must continue buying me” f-you moment

Comcast does a lot of letter f letter u pricing to current customers

Anyone ever buy PoE analog clocks? lol

Schools use them I think right? To sync the time or time change?

Schools I went to def dont, they had to be adjusted manually

We don't have any clocks, but intercoms are PoE

One of our entire CO just went down due to power, both generators failed to kick on...yay

your building engineer was sleeping

should have been obvious it was failing

WHY U UPS for 5min?! time to run to the electrical room

@rocky badge be a building engineer. cant outsource that to india

oof

lol

or you know. test the stuff

@waxen scroll There was an issue with voltage drop that was low enough it didn't kick them over nor did many PSU fail from A to B. Shit show of try to find out why so much failed.

;\

time to ask legal about your power SLAs?

Emergency ticket has been open with our 3 power companies. Core stayed alive but everything on AC shit the bed

@waxen scroll at university, the building engineers leave the entrance to the core power station (or whatever its called) wide open for anyone to just walk right in.

I don't know if there's another doorway that asks for badge to get in further though

Maybe they are tired of opening and closing the door with things in their hands

At the same time, animals can take refuge inside

if i recall i worked on a massive campus that also had an unlocked door to the power station

ofc i went in

ofc i opened the panel to the power meter computers

i was supposed to be there but i dont recall a locked door

Well there's a weak point right there

But who is really gonna want to do that to my school?

Low risk

@little schooner i once tried to tailgate into a controlled area

it worked until the supervisor of the damn building was walking out the door when i went in without scanning

😄

Soooo close

yepppppp

pretty much told him "yeah ok, your stuffs not getting fixed if i cant get in"

i still got turned away

the building was full of drugs

soooo

xD

Dog is sitting on my network switch

My gigabit 24 port d link enterprise switch

it makes a good heated bed

Haah

He is getting dog hair all over my rack

He has not sat on a titan LINUS

Schools use them I think right? To sync the time or time change?
@hollow marlin most of ours currently are battery powered, not even atomic. New addition we are installing is concrete and steel reinforced, so doubtful atomic would work -- so i'm just doing PoE.

At my school clocks are powered by batteries and comunicate with a national radio system that tells the clocks what the time is daily at 4pm

Guys, I have a problem with my network setup(mikrotik), bascially I have connected an accesspoint and 3 vlans, vlan10(main), vlan20(guest) and vlan30(iot) on ether7, vlan10 is supposed to be connected to the normal lan and the other two are not, the problem is that sometimes on vlan10, when connected using the accesspoint, the connection sometimes works and sometimes it doesn't, meaning that packets are comming in from the target device but none are comming out from the router

also vlan10 has the same address space as normal lan without vlan

@hollow citrus I didn't think mikrotik would let you assign the same space. You cannot have two vlans with the same address space

that sucks

o.O isn't that normal to have different subnets

why would you want two vlans with the same subnet? I can't think of the practical use for that.

Yeah Me Too

it makes routing a nightmare really

it's like double NAT

It doesnt make routing a nightmare, it breaks it completely

you can do it with VRFs

linux based routers can also do VRFs but its not called that

VRFs are technically only with MPLS. Juniper VRF-lite = virtual router which since most linux routers base off them I assume a similar name?

Trying to configure an old ISP router as an Access Point? Should I turn on NAt

Yeah

or u can leave it off

Do you guys think that Windows "sharing" network is any good?

Since i wanna use one harddrive of my main pc as a storage network drive for my family.

I mean windows shared folders are fine

but really is your PC a good place to store stuff

Fortigate supports virtual as well so many VRF's per VDOM.

@vapid dune what do you mean with that? Safety concern orr...??

no, I just mean are you just dumping it to a hard drive? what's the point? it's not backup I hope

it's a harddrive that i have left over on my pc, i'd like my family to use it while my PC is on and they basically use laptops with low storage on them.
It's basically for saving images, perhaps videos, just private stuff that they need.

personally I'd go cloud with stuff like images

especially ones you don't want to risk losing

putting everything on a single hard drive isn't a good idea imo. you need some redundancy

I mean hard drives + cloud would be even better

I've thought of creating an "owncloud" service with my raspberry but idk how that would work with an HDD drive...

or offsite backup in place of cloud if you want it to be private

my point is to not use a single point of failure

ie one single hard drive

hmm, alright. thanks for the tip, perhaps i'll just install another one for backup.

even with multiple hard drives make sure you're doing checks on the data and hard drives frequently

alright

I mean you can certainly make copies of stuff into hard drives that then sit cold

not sure how long those last but at least it's not active

I've as of now have not run into a harddrive problem yet.

I mean to your initial question, shared folders are fine lol. I use em to pass stuff around and what not all the time

yeah i'd love to use them on my laptop tho lol

ran into an annoying bug.

"Hey lets do some server stuff!!!!" Wendal

I always thought about making a IPv6 only raspberry pi colo. The only problem is that unless people bought their own pis, the RoI is just too low to be worth it unless you have a huge number of them and run it for a long time. Even if people bought their own pis, there is still the power situation since supplying 5v at a high amperage is difficult to do well since not many power supplies are built for that.

and fuck ipv6

hate it

its not helpfull

ipv6 is fine

consumer tech consuming it is not

IPv6 is the way to go

it's definitely the way of the future

I think routers and what not just need to catch up

Any recommendations on what I can do with my servers? I've created a full enterprise windows infrastructure, but now, it seems I have nothing much to do to improve it

Any recommendations on projects that companies could actually use would be great

@hollow marlin i believe VRF-Lite can do it too but needs external help

theres no labels

im trying to remember if you could do statics between them

i feel like ive seen it

If you want between VRFs, static to global then static to other verf. Or in juniper land, tunnels for days!!

@cedar igloo ever get any ideas on what to do?

Every device on my network now has to use my DNS servers

Good. Pihole or some other dns black hole?

Pi hole

Now it’s time to collect all the logs

https://blob.rocks/9gVlCdTtyc.png

https://blob.rocks/xDgUjYocoX.png

Aren’t iot devices great with their heartbeats back home to the mothership?

Yeah

https://blob.rocks/rD3x06eMfC.png

That's why I'm forcing my DNS, I cba to stop direct IP though lol

iirc google hardcodes their DNS

I have it a simpler way. I just have it so that any dns request not from one of my dns servers just gets dropped at my gateway

Lol

https://blob.rocks/a3JAdP7XIZ.png

Ayyyy

I’m thinking about renaming my edge router terry crews

10.0.30.8 is the Google Home Mini in my room

https://blob.rocks/SBdYl8TxoC.png

DNS1 is the master

DNS2 & DNS3 pull their config from DNS1

All pi hole lists, domains, manually blocked/whitelisted, etc are the same across all 3

I want to replace this switch AAAAAAAAA

https://blob.rocks/YgoC9uPAqp.png

I want a Nexus 5548UP

https://www.router-switch.com/pdf/n5k-c5548up-fa-datasheet.pdf

can anyone advise on a good server rack for home. Looking at either getting a sysrack or istarusa rack, just looking on advise which way to go.

how many units do you need? @lilac tree

So... I got bored and bought a firewall. I then thought about it more and I decided I should use that with my server so I did more research and bought the stuff to do a whole rework of my network

lol

I’m gonna stop going up to the tech support channel. It’s filled with nothing but people apparently incapable of googling

In my opinion, this is the only good channel on this server. Though maybe the ones with stuff I'm not interested in are ok, but the other. pure tech ones are not so great in my opinion

##networking unite!

Seriously though, this is more of a cyber engineering channel than pure networking. Maybe we should see about getting the name changed

It's more of a general enterprise tech at home kind of channel

it's a mini homelab channel

Lol

@rocky badge I think half of us are past the mini part

lol

well I mean as in the homelab discord server

Not an entire discord for it but a channel for it

In my experience, that place is filled with snooty people just humble-bragging all the time

Yeah

Yea, I see you're in the "official" homelab server with me @thorny vector haha

Some of them are bad lol

“What do you mean you don’t color coordinate your cables, and use current gen hardware? R*10’s are so old, who uses those anymore?”

I'm not in the official homelab anymore lol

I mean, Rx10s are old lol

I muted the whole server and never look at it. I'm in like 11+ (depending on how you count) tech related servers so I just don't bother with the ones that don't have great communities

Released in 2009

Not saying they aren’t getting up there, but they nice and sturdy bois

I'm active in 4 tech servers

But I'm in more lol

I've got a R620 lol

I'm still running a bunch of stuff on a partially working Ubuntu VM on VirtualBox on macOS on an XSeve 2008 if you want to talk about things that are old and hardly working

I'm looking to replace my UniFi US-48

Maybe a Nexus 5548UP

Yoooooo, I’ve been trying to get an Xserve for my lab, so I can have a legit Apple esxi host

Since I've got a C2960S-48LPS-L

But everyone sees apple on it, and marks it up

I might keep my US-8-60W

Or I might replace it with some USW-Flex-Minis

Since I don't use the PoE on the US-8-60W anymore 😂

My Cisco access switch does PoE now

For whatever reason, the network card or macOS or something does not like promiscuous mode so I have to have the VM have the same mac address as the host which somehow works somewhat but means that I can only have one VM on it

plus these are just $29 + shipping https://store.ui.com/collections/unifi-network-routing-switching/products/usw-flex-mini

That’s really odd. Ever try throwing another network card into it, and seeing if that works?

I can get a 32 port 10 gig Cisco Nexus for around the same price as a 16 port 10 gig UniFi as well

Here is a pic with my XServe. It's not my rack, I am only rending space for the XServe and the switch above it, the rest is not mine

I need a rack lol

I actually tried both the internal network card and another PCI one but neither work for some reason

Cisco can die in a hole, their new monetization model is horrible

the little 4U mounting bracket thingy I have is too small lol
I'm looking at a 25U rack

I'm only using that UniFi switch for 10 gig now 😂

if my Cisco switch had 10 gig already, I probably wouldn't use it

If you have an ASN, a 10G router (and not just a linux VM unfortunately), then Herricane Electric will give you a free rack in their datacenter. Specifially:

Hurricane Electric will give anybody that has their own ASN and IP
address space from ARIN, RIPE, APNIC, LACNIC, or AFRNIC free colo
(cabinet + power + internet) in our Fremont 2 data center subject to the
following conditions:

* Have your own IPv4 or IPv6 address space and a public ASN registered to you.

* Install a real router with at least one 10GE port than can carry a
full IPv4 and IPv6 routing table. The router needs to be Cisco, Juniper,
Extreme, Arista, Ubiquiti, or Mikrotik and be able to carry a full IPv4
and IPv6 BGP table.

* Configure and run IPv4 and IPv6 BGP with at least one other network in
the building using a public ASN and your own address space (can be HE or
anybody).

* Connect to FCIX, SFMIX, and/or AMS-IX Bay Area. (FCIX is offering free
ports, not sure if the others will donate a port to you.)

* List your network in peeringdb.com as being present at the Hurricane
Electric Fremont 2 data center.

* You aren't already in the Fremont 2 data center running BGP.

The power included (at no cost to you) is A&B 20 amp 208 volt power.  A
gige Internet connection is included at no additional cost.

Note in order to keep this oriented towards legit networks we require
that the router actually be one of the specific router brands listed
above and not just a Linux server.```

Huh, that’s pretty cool

damn

I did their IPv6 thingy lol

They only announced it via a Reddit comment (https://www.reddit.com/r/ipv6/comments/g6v7b2/comment/foisizz?context=3) which is very suspicious but it's a real deal, I have been moving some stuff into mine

I'm wearing that T-Shirt now

I've got one of those too!

I haven't got much in my rack yet

I gave up on ipv6 on my network when I could only get a /64 from my isp

Oof

I have a /56

@rocky badge are you a blob?

🤔 maybe

Cool

I have a /56
@rocky badge I have immense anger

lol

So far I am using up a very nice 0 amps

I'm using 4 /64s out of it

Who's your ISP? @thorny vector

I think I can get a /56 or something from my ISP but I can't quite remember. I have a /48 and a /44 of my own space but I can't use it at home of course

Xfinity/Comcast

Ah

rip

someone said they can get a /60

but they had to set it and leave it for a while

https://www.reddit.com/r/ipv6/comments/94ceiu/xfinity_ipv6_prefix/

I think ISPs pretty much everywhere suck in general but the US is especially bad in my opinion

I only hate my ISP (Spectrum) for slow uploads

But IPv6 is fine, download is fine, peering is fine, no data caps, no throttling

Yea, same here, I get super slow upload even though I am paying for quite good download. They took forever to get IPv6 but now that they do, I am very happy. Since I have my own IPv6 space, I am so much more used to working with IPv6 than IPv4 so it's great to have

yeah, 200/10, 400/20, or 940/35

:/

We're switching to AT&T Gigabit sometime though

I'm visiting my parents because COVID closed down my uni, and they get symmetric speeds since they use a fiber ISP rather than a cable one

nice 😄

https://www.speedtest.net/my-result/d/199581338

I'm with Telus too

Great, now I’m not getting any ipv6 lease XD

rip

I use Shaw personally

https://www.speedtest.net/result/9634561557.png

Nice!

https://www.speedtest.net/result/9634563895.png

I'm on WiFi rn oof

But I max my internet speeds 😂

I'm getting 320/420 internally though

@cedar igloo ever get any ideas on what to do?
still no ideas really.

I have 1000/300 but that’s a speed test on my phone

Why do people bother with PfSense?

I dont like it but there are good reasons to use it

What does it do that a out of the box router doesnt or whatever?

other than feeling good because it required more work from yourself

Well you can build one that is more powerful. Many routers still can't handle over 400-600mpbs.

• updates
• IPS/IDP
• Plugins - adblocks, country block, etc

Plugins aka running pihole on it rather than just whatever else?

Not sure if pihole can be run directly on it, but there are similar plugins Ive seen

Doesnt enterprise routers have IDP?

or non cheap ones

I know nothing basically but are curious

No, enterprise firewalls with NGF (next-generation firewall) do. Its very wide in its coverage but honestly only the malware inspection is worth it. Stuff like Unify's IDS/IPS is really just a waste. I only think it does inspection on traffic trying to brute force in to itself

that's like asking why people choose this distro over that distro

or isp provided router over your own

nah, not really

To me the power consumption vs a pfsense box max little sense to me. My hAP ac2(s) handle everything I need and sip power

alllllll of it

muh ubnt tho

@hollow marlin i want the new CML: 2.0

but lurick holding out on free licenses

Just get you one of these bad boys https://amplifi.com/alien

@hollow marlin what do you not like about pfsense?

@waxen scroll haven't looked into it yet. I have to stick with EVE-NG because I need my lab with Juniper images as well as cisco

I like OPNsense better

The interface makes a lot more sense

OPNsense even makes free radius dead simple to setup

I was up and running with certs in less than 5 minutes

I use my domain controllers for RADIUS

I'm currently running pfSense lol

I'd like to replace it with a ASA or Firepower running ASA code but $$$$ for one that does gigabit

@rocky badge radius for windows clients or even mobile clients too?

It just wouldn't work for me

Main WiFi is RADIUS

So Windows/mobile/etc

What does your crp look like

IoT and guest are standard PSK

I couldn't get it to restrict it to tls only

C reactive protein?...

It kept dialing

lol

Failing

No connection request policy

Ah

Lol

Good one tho

https://blob.rocks/4uygGrE1GY.png

And then network policy https://blob.rocks/fbSvmf9UCW.png

Oh yours is allowing user+Auth though

I was trying to restrict it

Basically I only wanted eap tls

Yeah I have EAP TLS + MSCHAPv2

But I don't know how to configure it

When I didn't allow mschapv2

you have a CA and issued client certs?

Yes

It says it cannot find usable eap method something something

As the reason for decline

https://blob.rocks/vAk3q5uc1Y.png

Maybe it's just my server

Did MSCHAPv2 work

or no

Yes

Did you authorize the NPS server?

ok

Yeah to AD

So RADIUS is working just not EAP TLS

I added the CA cert to NTTrust zone thing in AD

Too

https://blob.rocks/yU2j1emv6t.png

Yeah I got that setup right too to use nps server cert

I was trying to stack Network Policy conditions

What does your conditions section look like?

Maybe the stacking of them causes it to not match the policy for me

for network policies https://blob.rocks/7AnwLxyHir.png

CRP https://blob.rocks/6LPnq86RCG.png

Oh dang so yeah your policy doesn't restrict it to only accept eap tls

It just makes sure it's Nas type Wifi

I did the conditions that restricted eap types

I forget what it's called but you can see them in there if you click add

Something something eap something something Microsoft smart card or certificate

They are two different conditions

Ah

hmm

Yeah when I have both those active

It wouldn't work

If take them out, it works

But in theory it should work

But Microsoft says a big NOPE

The work around was to add a Radius group of users that is empty and then you don't have to worry about disabling mschapv2

Because there are no users who can authenticate to get in the first place

Then, only certs would work

I gotta work on my sentence structure xD

lol

@rocky badge ahhhhhh I have so many tabs open that it shows this

Oof

why u oof

https://blob.rocks/18E1rd9EW7.png

@waxen scroll hmmm the feels are probably still raw

I just closed out all my chrome tabs

I'm a happy camper again.

good

@waxen scroll how long do you think until network troubleshooting becomes obsolete? Or never?

If they can hire AI workers instead

And by that I mean simulated people who learned the skill on their own and lives among humans but digitally

Its a little weird to imagine

A digital AI being requiring a living wage

lmao are you reading reddit?

@waxen scroll hahahahhhahh nooo

But it's a bathroom thought

Reflection time

someone made a post like that today

Ohh really?

Well it's coincidence

I didn't read any of that on reddit

I'm happy that other people are thinking the same

we have a LONG way to go IMO before we replace humans due to network automation

you'll need to know it though otherwise it might be harder to get a job

the companies who are doing automation for troubleshooting are massive networks and they need a massive amount of staff in the first place

for example, telcos have scripts that run when you open a ticket and the computer determines if a fault does exist before sending it to a human

sometimes it will automatically reset the jack and see if that fixes it

this is just my opinion, and maybe im old school, but i hate the thought of manual automation and i think its a risk to any company trying to put it in who arent hiring dev teams to specifically make a whole app for it

i dont see manual automation being used day to day in most companies

manual automation... python scripts, bash scripts, any kind of script thats not bound to a supported app like ansible tower

for example, i use python to help me do my job faster... but i dont support or share it (in most cases). i can walk away and the company network will continue to run and be supported by others. if they adopted my script, what happens when a new OS version breaks it?

...i thought we were having a conversation here

fine, whatever. lets shift gears

What does a L1/L2 network tech do at most companies who are big enough to have such a title?

I had to step out for a moment

@waxen scroll probably not much

L2 barely breaks

no no, i mean skill level

Oh

I dunno, what do they do? I haven't worked in the field yet

Since internship don't count

I've only done small labs

Includes but not limited to: cable running, rack and stack especially if gear fails, answering user tickets for "its slow" or "it doesn't work" or "i need new X", in depth tshoot... tracing paths, looking at counters and logs, maybe wireshark

an automation system might be able to go "oh, this path has errors" but how is it going to tell why and correct it?

That's true. It has to physically be present to go and fix the problem

Software can't fix real life

and troubleshoot is HARD depending on whats going on

Absolutely

I want to be better at it

But practice

for example, the other day my work had performance issues on a port. all logs and counters looked great

turns out we had to run some obscure hardware command to see that the backplane / ASIC for that port was overloaded

not enough to drop traffic

maybe the network performance issue is caused by proxy #3 in a pool of 10

could automation help catch it? maybe? depends. but you need someone smarter than that to go look into it

anyway this is before you even discuss network engineers

thats where you need lots of brain power

to properly automate, my view is either you need a dedicated dev team (good luck firing them after the product is live) or you need one or more existing solutions at a stupid high cost and it wont cover every scenario.

ive worked for a few major companies and nobody is even coming close to the automation you're worried about

its only the big telcos

my freenas won't let me open it

i dunno how to fix this

@waxen scroll what command did you need for ASIC level? Id be interested in that for even future troubleshooting

its specific to the 6500s but i think it was "show platform hardware capacity fabric"

@waxen scroll good insight

Yeah I should brush up on some python stuff

I only do automation with powershell right now

Doesn't translate well to switches and routers

But I want to do cloud administration more and specialize in something

It would be a good challenge

@waxen scroll on the Cisco exam, I think they do test on those obscure commands

But maybe like 1 or 2 and done

@waxen scroll I was scared during the simulation part because I was working with a 1024 by 768 screen

Basically a tiny screen and lots of scroll bars

It wasted so much time

@little schooner They don't ask those deep of commands until you get to the CCIE

@hollow marlin that's a relief

They ask some off the roads commands but 1 or 2 at most

Because the things rarely break for us to even use it often

It's like one off stuff

Unless or course you work in the big enterprise stuff

Well then maybe you use the commands more

Never have to go that deep. Most typical commands will show what you need. Like ASIC problems will show symptoms elsewhere like show interface with drops or output queue drops

Yeh

Wish my other cheap gear let me run command line stuff to check

The GUI is just okay at showing the stats

The netgear switch I have has one of the worst processors to run it

I think it might be causing my latency problems

Sometimes it's http web page refuses to load outright

The switch chips should be taking the load unless you have L3 running on them

Just L2. It did lockup one time. All ports were lit green, no flashing

For no reason.

I thought the cpu died

If CPU is involved in switching then its a crap switch

It really is an awful switch

I'm not lying

But like Mikrotik sometimes the switchchips are bundled in 4 and 8 which can overload them

This one @hollow marlin https://www.netgear.com/support/product/GS108Tv2.aspx#download

I never recommend it. It is sooooo slow to configure in web gui

They have v3 version now

Glad they realized it was a joke of hardware

@hollow marlin baltic networks is a vendor I see that sells mikrotik stuff at the discount price

Where do you buy yours?

Personally, Amazon. Previous job through our vendor which got them through another vendor, not sure who though

I get what I can through work at a vendor price of what we used. Still want to pick up a CSR3xx though to replaced my Juniper 2200-12c

https://www.amazon.com/Ethernet-Splitter-Optimization-Unmanaged-TL-SG105/dp/B00A128S24/ref=sr_1_4?crid=2YXAQ775BDQBC&dchild=1&keywords=5+port+gigabit+switch&qid=1592688544&sprefix=5+port%2Caps%2C194&sr=8-4

this is what i use

Again, VLAN config still drives me up the wall which is why I want to stick with Juniper but a 2300-24p is like $600

its only $15, snag 2 of them and you get an extra port @little schooner

use one of the ports to pass to the second one

@wind bison I need the vlan support from it

That one says unmanaged

@hollow marlin ohhh and netgear is the only company that thinks setting your own Management VLAN is a "feature".

If it supports vlans, it doesn't make sense for the management interface to have vlan restrictions

Literally can just piggy back right off of it

Unless of course it's more complicated then that, which is almost certainly the case. I don't build hardware

But still....

It makes sense

@waxen scroll enlighten me

MGMT is only for MGMT. You plug it into an OOB network. No vlan needed

Well yeah.... But tagging is nicer

Nahhhh

If you want to tag don't use the MGMT interface

Couldn't anyone just plug in though

@waxen scroll wait are you saying I shouldn't be tagging management vlan and just leave it on the bare vlan 1?

It caused me a huge headache before because I had trouble maintaining access to switch after making the vlan changes

But if I wrote it down on paper the order of steps, I never got locked out

I want to change my management from vlan 1

Lol

https://blob.rocks/9wdFwDAXyH.png

@rocky badge what I ended up doing was making some ports untagged into the vlan I wanted mgmt to be in, then make the mgmt vlan change and switch ports

And continue access

Hmm

Oh oops in the Google sheets it says vlan 0, but it's vlan 1

@little schooner Thats where Juniper commit confirmed makes life so much easier. Also in Mikrotik you can do secure mode where if you lose connection from a change, like VLAN management, it automatically roles back

@hollow marlin yeah like that right there is real handy

I wish Cisco would finally push that to IOS-XE as they already have it on IOS-XR

It kind of is coming in 17.3 I think but only for SD-WAN mode I believe

Of course SD-WAN only 🙄

go buy them and find out

Like mentioned before, just choose a router in your price range. AP mode should be fairly similar between most

Bet $100 there isn't any noticable difference if all you want is straight AP mode

you didnt say it wouldnt improve performance so MAKE THAT BET

@waxen scroll I'd buy both with Amazon return policy and return the one I didn't want

It's a safe bet

Unlike with Newegg, that slaps restocking fee

It's enough to make me avoid them

I always return the item back in New condition

now that newegg charges tax i dont buy there unless the base price is like $100 less

I still remember when Newegg reported everyone from CT of unpaid sale taxes

That was a dirty play

And guess what they pretended to say that CT residents didn't have to pay for it, despite the state saying, yes you HAVE to pay no matter what Newegg is telling you

Then Newegg sent another email saying sorry for saying that CT res didn't have to pay

And sorry for ratting everyone out without first asking them

A disaster. The way B&H handled it was more professional

There was no scare email

@lean pollen it's a 4x4 unit but the audience from mikrotik is probably better

And cheaper

But only get it if you really need that

You can get away with ac lites np

I don't recommend the FlexHD now because my unit has a long startup delay before wifi actually starts working

@little schooner cause you're using radar bands

@waxen scroll am I? I will double check that

If that's the case well ....

Silly me

my AP has a long delay too cause it has to scan those bands to make sure its not gonna interfere

@waxen scroll makes sense. Dang but it's signal is sooooo good

I get full speed

@hollow marlin

I'm glad that it came down to being user error

Now I am more educated

Where does it say that in the docs though

I know it says the scanning stuff

I just didn't know it affected startup

Neat

i dont know where i read it, i think its in the spec as a government requirement

I see

https://www.adriangranados.com/blog/practical-intro-dfs

When using DFS, a device selects a DFS channel to use and, prior to initiating communications, it monitors the channel for a certain time to verify no radar systems are present. If radar signals are detected during this channel start-up period, the device doesn't use the channel (and avoids it for the non-occupancy period), then selects another channel and starts again.

👀

if you locked a channel in and radar is detected, it should stop broadcasting all together and try again later

mines done it once

This is a wemo smart switch

@little schooner now that @clear igloo doesn't post on the forum and I have no account... you can only get top advice from here 😷

@thick minnow AP mode is just an AP bridge (essentially a wireless switch). You can put it behind a switch

@little schooner wtf is up with Mikrotik stock. Rb4011 is normally $169 but it's $450 on Amazon

DBag seller probably

I wish in was $169 in Canada haha

Appears to be low stock accross the board. Min2-300% markup

@waxen scroll only the best advice

@hollow marlin I know why it gotta be so expensive

I have to buy from vendor website

But the restock fee is scary

everything on amazon seems to be jacked up right now

100% markup on some EK waterblock stuff for example.

Yes because the US dollar is going to be worth nothing soon

They are throwing it left and right printing

Inflation here we come

no, it's because vendors are using covid to make more money

lol

I'm sure it's both

supply and demand and little oversight on the rules of gouging.

Hard to win all the time

@thick minnow Ethernet ports do still work if you put an Asus router in AP mode

It's basically the router part you turn off.

Why do Asus have routers that is the exact same just two different names?

so stupid

for example RT-AC2300 and RT-AC85P

They are listed as two different routers both on Asus webpage and some stores have one while others have the other, but hardware is the exact same

Ment RT-AC2400

I think the AC68U and AC1900U may also be the same internals, but there there at lest is one little difference of the outside casing

But those two, AC85P and AC2400 seem to have the same casing too

according to the compare tool theres no difference

I just dont know why Asus would do that

Hi there! Just wondering if any1 here has any experience with a home nas thinking of using one for an upcoming project, but im not sure if their suitable for high write rates (1 new file every 0.25 seconds for about 1-2 hrs straight)

Depens on the files and sizes

it would be a 69mb jpg

@lean pollen sorry forgot to tag

Then it depends on the NAS

Thinking of a diy build

One with a single HDD for example would not work I dont think

y not?

sorry am noob to nas storage

what about 2-3hdd's

If you mean 69 Mbytes 4 times a second

yup

thats 276 Mbytes/s

yup

more than a single HDD can take

oh rally

*really

what about an ssd

SSD would be fine

ok

what spec am i looking for for this?

is it write speed?

Its also faster than normal 1 Gbit networking

Yes, write speed if its going to the Nas

ok

as 1 Gbit/s is about 110 Mbytes/s ish

would a home storage server be better ?

rather than a nas

Sorry I worded that badly

Well, NAS is really a storage server

Is it from a PC or phone to the NAS/Server or from a camera or someting?

essentially im trying to take a photo every 0.25 seconds with a raspberry pi and then *read that file on another pc so im wondering if a home server with storage would be better also i dont have more than 1gb internet but they would all be had wired together so i assume it would not be a problem

Why are the images from a rasberry pi 70MB?

Raspberry Pi connected to a real camera?

no rpi cam

omfg

sorry

Why would that be 69 MB?

i was looking at the wrong figure

xD

my bad sorry about that

i was looking at the figure for another camera

the jpg file would be about 2.4mb

so thats 9.6mb a second

then its a hole other ballgame

i presume a nas could do that using a hdd

yes

Ok

thanks

any would pretty any hdd be ok (write speed)

also it would be about the same situations for reading

Should be

is that ok or an issur?

*issue

Reading is easier than Writing

ok

" also i dont have more than 1gb internet but they would all be had wired together so i assume it would not be a problem"

like ethernet cable from rpi to nas and pc to nas

Or is it a problem?

Should work fine as long as you have the software for it (I dont know much about that)

hmmm

ok thx

(I mean for the Raspberry pi to see the nas and push the photos to it)

oh ok

but the 1gb conn that a problem?

No

ok thx

Not if your photos are 2,4MB each

ahh yeahhh true

sorry (again im noob)

Actually, Rasberry pi might have a 100 Mbit ethernet port and not a 1 Gbit one, so that might be close but I dont know

yeah

nvm

it would not be the NAS that is the problem

rpi4 has gigabit

oh

yeah rpi4 got huge upgrades

8gb ram and everything

Then its fine

It was 1-3 that had 100 Mbit

Yeah I had 3 its was very limiting for lots of proj's

@lean pollen I just checked the wifi conn in the room that the nas, pc and rpi will be in and its 72.3mbps so i dont think i will even need to connect the rpi to the nas via ethernet considering its only 9.6mb/s?

plus theres loads of documentation on wifi mounting a nas to an rpi over wifi but very little for ethernet

U think wifi would be an issue? just for rpi

the rest can be ethernet connected (pc,nas)

and the rpi will have a wired internet connection

@oak prism on wifi, I get close to gigabit speed with my desktop. On the pi, it probably won't be that fast

If it uses tcp to send the files over, there's nothing really to worry about

https://blob.rocks/VAtIyIoVfu.png
FreeNAS time

first time using it @rocky badge ?

Nah

ah yeah

how much ram and storage?

10GB Just trying it out in a VM right now with my H310 passed through, 3x600GB, with those disks operating in non RAID mode

oh I see

just to play around with it?

Yeah

I'm running mine with mirrored vdev

a bit of a waste at 50% space but I don't buy my hard drives in large numbers

😄

can't be bothered to buy sets of 3-5 drives lol

I'd love to get a Synology

I can stomach 2 drives usually though

But I might go R720xd/R730xd and FreeNAS

nice nice, how many drives for each of those?

Depends on the model you get

I'm just using a desktop case lol. it's already heavy enough and it's mostly just me moving it around

There's a 2.5" and a 3.5" model

ah I see

you're probably going with 3.5?

3.5" is 12 bay

2.5" is 24 bay

lol... minus the hot swap I think I can fit ~12 3.5" drives in my desktop

but those do look nice

Lol

Yeah, 3.5" will be cheaper and comes in larger capacity

but 2.5" just looks badass lmao

I was considering getting an additional case and just running a sas cable between them

https://blob.rocks/YWvTrgf8TX.png

then again probably don't need that many hard drives. better to just upgrade my current ones or something

I always see people saying "use ECC ram"

https://blob.rocks/otoq5mL9pQ.png

do you plan on needing a lot of compute on your nas?

https://blob.rocks/W5l96DSYss.png

Not really lol

I only just moved away from an atom processor lol

All it would be is iSCSI + NFS + SMB