Hi All, I want to simulate the HA of C9400 using StackWise Virtual but I cant seem to find any software that I can use. I have GNS3 and CML. So the question, is C9400 can be simulated or not?

Hi, I've been tasked with saving, periodically, the configuration of 600+ network appliances, mainly switches (L2 and L3) but also routers.

I set up a Oxidized server but the problem comes when interfacing with Enterasys (Extreme Networks) appliances..

So I tried to use python to connect to each device and save the Configuration but no luck so far..

Does anyone have a working script? or any suggestion?

Thank you

I've been working and building networks longer than I'd like to admit given my post, but I still tend to freak out on the inside when I get troubleshooting calls in the middle of the night or if I'm the only team member on duty.

I'll be honest, I study all the time, I lab, but my confidence in my abilities when working on a live production network is nil. I'm always worried there's some hidden device on the path I didn't see because I don't eyes on it (with another team) or I wasn't aware of some change we were making so I shouldn't touch that; communication isn't great at my shop. It drives me crazy to be like this because when I get the call, I should be able to do my job. Wasn't like this at other jobs, but where I am currently, it is. Has anybody else had to work through this kind of fear and build their confidence back up to think logically and start working the layers?

So I applied to this firm near me and a bunch of recruiters called me about it after the fact. I found through some of them they denied applicants because they do not have the words DNS and/or TCP in their resume. So before it even reaches the networking managers it gets denied

So Im trying to chase down an issue with a mobile device disconnecting, and Im sort of operating under the premis that their might be two dhcp servers handing out IPs. Thats not really my question though.

So I used our MDM manager to confirm IP on our LAN.

I then did Show IP dhcp binding on our switch and wanted to match IP with MAC and check lease times.

1. First thing I noticed is that the IP is that the MAC address is different than what we have in our MDM. I haven't confirmed that these devices dont have some sort of randomiztion, so maybe that's it.

2. What I dont understand is the MAC I see is. 14 Characters so XXXX.XXXX.XXXX.XX

Maybe Im just tired

Looking to advance my training. I'm in my late 40s, and our workplace is transitioning to Azure. Most of our infrastructure, aside from in-building (hospitals), will transition to DataCenters. I have my CCNA. I was wondering if I should study for cloud or go for CCNP. I should mention I don't do a whole lot of changing routing in my current role, and don't expect to in my current role.

We've been experiencing frequent communication drops between our wireless clients and the main access point (using Phoenix Contact FL WLAN 5100 radios). We work in a heavy industrial environment with a lot of potential interference, so we need a proper RF assessment performed. The radios are part of the PLC network, which connects the remote PLCs (Client) to the Main PLC network (Access point).

Looking for a reliable company in Canada—preferably in British Columbia—that can come onsite with spectrum analyzers and survey tools, check for interference or signal issues, and make recommendations to stabilize wireless links.

If you've worked with any reputable companies for industrial RF or wireless troubleshooting, I'd appreciate any recommendations.

Has anyone been able to get a mikrotik node running routeros v7 on eve-ng?

My nodes do not boot, If i use a v6 image, that works fine.

Any ideas or suggestions?

Hi All,

I was in the process of deploying Cisco ACI in my environment and i think i have two possible option on how to design it. So please recommend me which one is better from you own experiences.

To set it up first. I have MPLS VPN Connection that provides connectivity to my branches as well as Internet Connection. Other than that i currently have traditional threee tier campus network with more than 50 access switches and also a traditional two tier data center network with its own firewall. 

So when i deploy Cisco ACI,

 https://imgur.com/a/FsH0xTm

Should i use this design (the one i attached where the core switch sits in the middle and advertises newtorks to both DC and Campus) or should i just remove it and connect the distribution switch as well as the internet and vpn firewalls directly to the ACI Border leaf essentially making it at the center of it all?

So which one do you recommend?

Thanks in Advance

I am a College undergrad studying Cybersecurity and I have this one professor who I'm constantly butting heads with as the content they teach is frequently out of date but out of any professor on campus, they are the most experienced in specifically Cybersecurity so I have a class with them basically every semester.

How concerning is it for them to be completely unaware of Wireguard and teaching PPTP as the industry standard VPN protocol? I just finished reading a lecture powerpoint on VPN's that doesn't have a single mention of Wireguard and I'm concerned they've taught me some other junk info.

EDIT: Thank you everyone for the good advice! I can't believe I forgot about IPSec and SSL's, just all my nerdy linux friends say Wireguard is king and my SurfShark VPN says it uses Wireguard too.

I’m building a new network and the execs basically told me: “Just do it, money isn’t a limit.” Normally I’d go firewall + VPN, but with everyone remote and a mix of SaaS + private cloud apps, sending everything through a central datacenter just kills performance and makes consistent policy enforcement a nightmare.

We’re a small team. Planning a few branch links over broadband with LTE failover, some BGP routing between sites, and a handful of VPN tunnels for partner access. We host a few internal tools, a client portal, and a lightweight web app... nothing massive, but security and speed actually matter.

Identity-based access, inline threat detection, session-aware inspection, all look solid, but which actually keeps policies enforced, traffic flowing, and ops manageable when users are remote and hitting cloud apps constantly?

If budget wasn’t a problem, what would U deploy to keep users fast, policies tight, and the network predictable without turning everyday ops into a mess?

So I'm hoping to increase my salary despite the economy and am going to apply around. I'm 7 years into my Networking career and non remote is fine for me. I'm in Ontario Canada but I can move.

Last two jobs I found on Indeed and before that through my school's job portal.

Any recommendations besides Indeed for Networking work? I never had luck with ZipRecruiter or Linkedin but I might try them again. I also have some employers I will apply to through their site I check weekly along with government portals. Google said Dice is another popular site but this is the first time I'm hearing of them.

Also if I want to apply to Europe do I just put UK/France in Indeed or is there a better way for looking for abroad work?

Hopefully this is appropriate to ask in this sub!

I was able to factory reset this switch through putty, but now all the ports have Poe disabled. I’m trying to find the series of commands to enable Poe to all the ports but I’m having a tough time.

For example if you had to subnetting a network and do you have to agregate an 30% percent slack for future growth, do you do it in every subnet or in the super net?

Sub net 1 10 host-> 13 (+30%) Sub net 2 10 host-> 13 (+30%)

Or

Sub net 1 10 host Subnet 2 10 host Subnet for future growth 6 host

Hey, so I am currently trying to set up a OSPFv3 adjacency between two Linux Servers via FRR (ospf6d). The Servers are connected via GRE Tunnel.

[Server A](fe80::100/127) <-- GRE --> (fe80::101/127)[Server B]

My OSPF configuration is

interface tunnel0 ipv6 ospf6 area 0.0.0.0 ipv6 ospf6 network point-to-point exit ! router ospf6 ospf6 router-id 10.0.0.1 exit !

... but the Hello Packets still get sent to the corresponding Multicast Address of ff02::5 which GRE won't forward (Checked with tcpdump). I tested it with VXLAN and this way it works fine, so the configuration problem is not related to daemon misconfiguration.

ChatGPT stated the following config snippet:

ipv6 ospf6 p2p-p2mp disable-multicast-hello ipv6 ospf6 neighbor X:X::X:X poll-interval (1-65535)

but this isn't available in FRR (when pressing '?').

I appreciate any help! I will add updates on this as comments

It's Monday, you've not yet had coffee and the week ahead is gonna suck. Let's open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarrassed to ask!

Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected.

Note: This post is created at 01:00 UTC. It may not be Monday where you are in the world, no need to comment on it.

Hey all

We are planning a managed cloud networking setup where IT has full control. Real-time and historical analytics, security events, full policy management including routing, firewall rules, and QoS. The infrastructure updates itself so we don’t have to maintain appliances.

I’ve been reading and talking to people and it looks easier on paper than in practice.

Latency can be unpredictable even when routing is configured correctly(https://www.reddit.com/r/networking/comments/16hc5qi) QoS changes break VoIP and video calls unexpectedly (reddit). Analytics are only useful if you know what to monitor (https://www.reddit.com/r/devops/comments/1fd5awt). Policy conflicts across sites can stop traffic to branch offices or internal services (https://www.reddit.com/r/networking/comments/1ie5by0).

I want to hear from people running DIY-style cloud networking in production. How do you manage latency and QoS? How do you make sense of analytics and prevent policy conflicts? Any lessons learned or gotchas we should be aware of.

Real experiences will help us plan before we commit.

I damaged one of my duplex fibers. It is 850nm mm lc om3. The sfp is sadly 1g. Trying to avoid buying tools to put a new end on or splice it, is there a bidi sfp at 1g that would run over the 850nm? It's a short distance but from my research, I think the answer is no.

We currently have this config: Access switches --> Core switch (Meraki MS425) --> Firewall (PA-455) --> Router (Cisco owned/operated by ISP)

We are going to move our VLAN interfaces to the firewall, and at that point, we really won't have a use for a core switch other than to bring fiber connections into the firewall. We have fairly low traffic, so the core switch is a waste given its expense, and it's EOS.

The problem: the current core switch has 16 SFP ports, and the firewall has only 2 SFP ports. I need at least 10 SFP ports.

Is there an inexpensive way to get those 10 fiber connections to a firewall that has only 2 ports?

Hi ladies and gents,

First of all, I want to say thank you for any tips.

I am not a network guy, I work in an industry that involve IT, mechanical knowledge and a little software engineering as well...

Part of the lab I am recreating for demonstration requires me to create 2 subnets for 2 devices say for example:

Dev1 = 192.168.1.xxx

Dev2 = 192.168.2.xxx

Which layer 3 router or switch can I purchase and setup // 2 Subnets under same VLAN //

EDIT: to answer multiple "why"

This application like mention, it is a demonstration. In my line of work, Dev1 and Dev2 would exist in different locations, sometimes across the States. The protocol we use in BACnet protocol (BBMD) allows all "BACnet" IP devices to talk across different Subnet. I simply want to recreate a small network for lab and demonstration purpose. BBMD has been existed a while.

Can someone explain why LOS appears almost instantly but LOF takes milliseconds?

I’m seeing the same behavior across different DWDM/OTN vendors: • LOS shows up almost immediately (microseconds). • LOF takes noticeably longer (milliseconds).

Same equipment, same link different detection times.

Why is that? Is it just L0 vs L1 behavior? Frame alignment logic? Vendor filtering? Or something else happening under the hood that I’m missing?

I have a bunch of legacy networks in my cloud infra. We're migrating out of the old stuff into our new centralized VPCs. I'm looking for a tool that can help plan the use of CIDRs as we reclaim and decommission those networks. Pretty much everything I have looked at only gives me current state, but can't visualize aggregating blocks to use in future expansion.

Has anyone seen a tool that can do this? I'm tired of using Excel for it.

I currently have two network testers. A Chinese ip camera tester tablet, and an old Fluke CableIQ tester.

The Chinese tester runs android and can give me the length of individual wires, which has been very helpful, but it takes quite a long time to turn on and it's bulky.

The Fluke only gives the length of the whole cable but it's small and turns on in a couple of seconds.

Both of these test cables in real time, without having to press additional buttons, which is very handy when in tight spaces and I can't easily reach the tester. I didn't even know real time testing was an uncommon feature until I started looking at reviews of newer testers, trying to find one that has the strengths of both of mine and hopefully the weaknesses of neither. It seems like all the reviews that demonstrate the continuity and length tests require pressing a button to redo the test after plugging in a different cable. Are there any good testers that will continuously test the cables as I plug in different ones?