Main Menu
Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Nerm

#1
Forum Lobby / Welcoming myself back
March 02, 2023, 08:59:02 AM
Been a while since I was on this site last. I am just here to say "Hello World" again lol.
#2
Certifications and Careers / Which CCNP
November 04, 2020, 09:19:27 PM
With all the Cisco cert changes my plans kind of got reset. I am now looking at whether to do CCNP Enterprise or CCNP Data Center. I plan to eventually hold both but my question is which do you think is better to do first. Does one demand higher market value?
#3
I ran across this article today and to be honest I felt it to be a bit harsh. I personally have never been in a contract-to-hire situation so I can't really agree or disagree with the article on personal experience. On the surface I do however think that contract-to-hire is intended to be heavily weighted in the employers favor.

https://blog.storagecraft.com/contract-hire-positons/
#4
Certifications and Careers / Cisco Cert Changes
June 10, 2019, 08:21:25 PM
Anyone else catch the cert changes announced today? I am still reading up on all the changes so not sure how I feel about them yet.
#5
Security / NAC Solutions
July 16, 2018, 01:55:09 PM
Just curious how others here are handling NAC in their environments. What solution are you using? Is it managed regionally or globally, etc?

I know at least one of you will mention a specific <INSERT VENDOR HERE> blurb. ;)
#6
Routing and Switching / H3C Switches
April 06, 2018, 10:33:43 AM
Well I have been tasked with a project in China that has a requirement to use H3C brand switches at the distribution and access layers. I have a few "test" boxes but haven't booted them yet. They look and feel as cheap as their price tag indicates. Anyone have any experience with this brand they would like to share?
#7
Bear with me as this is going to be a long post. It has been a little over two years now since I was put in a situation where I had to get up close and personal with the entire Meraki product platform. What I mean by "put in a situation" is the company I work for had decided to abandon their existing traditional Cisco infrastructure and go all Meraki before I was hired. Once I was hired I was handed the Meraki keys and told to make it work. This post is a few of the things I have learned along the way in hopes that someone else might find this entertaining or even useful.

A little background for understanding my perspective: My title is Sr. Network Administrator but my role is more Global Network Architect in reality. I work for a medium sized enterprise that employs 10,000+ globally. We have an interesting mix of location types. We support small sales office and retail locations with less than 20 users and also large campus locations with thousands of users. The majority of our locations however are large manufacturing and warehousing facilities where wireless can be a challenge at times. We have 5 main data centers (3 in the US, 1 in Europe, and 1 in China).

Meraki Cloud Platform

The Meraki cloud platform itself is actually quite stable. The dashboard is easy to navigate and understand which is great when your day-to-day network admins are of the more junior variety. Most of my problems start with the fact that Meraki knows and anticipates this reality. They know who their customers are and expect the majority of their users to not be experienced network engineers. Advanced features and outside the norm configurations are not readily available. No BGP or PBR for example.
One thing I really like about the Meraki cloud platform is the "single pane of glass" for management when you have lots of locations. The firmware updating process couldn't be any easier IMO.

Meraki Security Appliances

Good:
Analytics, client tracking, content filtering/etc, and HA functionality on the MX series of products is pretty good.

Bad:
Static routing is your only option on Meraki firewalls. Actually routing in general (outside of default routes) is one of the biggest weaknesses of the entire Meraki product family.

Ugly:
VPN, VPN, VPN!!! Unless you are doing Meraki-to-Meraki their VPN solution is absolutely painful. The slogan for this product line should be "does not play well with others". Also if you need a client VPN solution stay very far away IMO.

Meraki Switches

The Meraki switch product lines are good for the access layer, however trying to use them any higher has proven to be difficult in a large enterprise environment. Given more time to mature they will get better in the distribution layer. IMO however the Meraki switches at this time have no business in the enterprise core or data center space. My biggest issue here is the cost. Meraki isn't necessarily cheap to use at the access layer, but if your everyday network admins are not experienced it is much easier for them to manage the network stack. Things like switch stacking, port aggregations, and large port density management are pretty good.

Meraki AP's

If there is one place where the Meraki platform has not only been acceptable but has even impressed is in the wireless spectrum. The AP's themselves are high quality/performance and durable. Most of my supported environments are manufacturing/warehousing and they have held up to the harsh conditions quite well. Just about all of the features you would expect from an enterprise class wireless product is available to you. One cool thing is the AP's can mesh backhaul through each other in the event of an uplink failure to the AP. Roaming handoff is also excellent compared to other products I have worked with.

One place we have experienced issues is legacy RF support. For example, if you still have to support some ancient legacy RF warehousing equipment that only supports 802.11b and WEP you might run into some challenges.

Summary

In summary here are some use cases where I think Meraki is a good or even ideal solution and some use cases where I would consider other solutions.

Ideal Use Case:
-Small/Medium business with minimal IT workforce resources.
-Managed Service Providers. This platform was clearly designed with the MSP that supports small/medium sized businesses in mind.
-Environments that have lots of smaller locations to manage like in the retail or food industry.
-Remote locations where there is little to know onsite IT presence.
-Just about any scale wireless deployment.

Good Use Case:
-Medium/Large enterprise switching at the access layer only or maybe at the distribution layer also if you are a 100% OSPF shop.
-Environments where the network team is not highly experienced and could benefit from some hand holding.

Bad Use Case:
-Unless your environment is small enough that you only do static routing and do not have an onPrem data center then I recommend staying away from Meraki at the core layer.
-Speaking of the data center just don't put Meraki in a data center environment.
-VPN anything! Probably the only situation I would recommend Meraki VPN is if you are a 100% Meraki shop.
-China! The Meraki dashboard just doesn't work well from within China.

Summary 2:

In the end the people responsible for the decision to abandon traditional Cisco and go 100% Meraki are no longer with the company and I am now tasked with an initiative to go back to more enterprise traditional product solutions and back out some of the Meraki decisions where they just don't fit.
#8
Routing and Switching / IPDT bug
January 15, 2018, 08:29:05 AM
One of my locations is dealing with the IPDT bug in IOS 15. The local guys have already implemented the "probe delay" workaround without any luck. They even went as far as turning off gratuitous ARP on the Windows boxes and still no luck.

I am curious if anyone else here has dealt with this and what luck you had if any.
#9
I currently have a need to create a way to automate pulling configs from a list of switches and generating individual text files of the config with the name of the switch as the name of the file. Keep in mind I am quite the scripting noob so was hoping for some pointers and maybe some reading suggestions to accomplish this.

Here are my thoughts:
1.) Make text/excel file with a list of switch ip addresses.
2.) Make a python (or whatever is best) script to read the ip addresses from the list.
2a.) The script would connect to each switch via telnet (I know, I know).
2b.) The script would then basically do a "show run" to a text file with the name of the switch and put it in a folder I designate.

I am sure this is light years behind what most of you are already doing, but I already do something very similar in a powershell script to pull stuff from AD so this shouldn't be that much of a stretch.
#10
Routing and Switching / OSPF route selection
June 30, 2017, 01:03:32 PM
I am hoping someone with deeper knowledge of OSPF can answer this for me.

In a hypothetical situation you have two OSPF routers in the same area and both learn the same subnet let's say 10.100.10.0/24. Both routes learned are of equal distance and equal links across both paths. They also have equal metrics/etc. Essentially the routes are identical. When this happens how does OSPF select which route to inject into the routing table? My assumption is that each one will inject the one with the shorter hop count like a distance vector protocol would do. I haven't labbed it yet and I realize to most of you this is probably a pretty rookie question, but it is something I am struggling getting my mind wrapped around it.
#11
Forum Lobby / Monitoring Solutions
December 12, 2016, 08:02:54 AM
I am in the process of looking into some new monitoring solutions for work. What we currently have is kind of reaching the wall of its capabilities with our size and projected growth. My boss is wanting me to research solutions that can monitor/event log/alert on all aspects of the network not just the infrastructure which is all we currently monitor with our existing solution. For example we monitor infrastructure devices (routers/switches/etc) and VM host infrastructure, but we don't really monitor the individual VM servers currently.

I am curious as to what some of you guys have used and what you liked or didn't about them.
#12
Forum Lobby / Good read
November 21, 2016, 08:48:45 AM
I came across this post this morning and thought it was a good read. I am curious to see how some of you feel in regards to what the author is saying.

https://www.linkedin.com/pulse/new-rfc1925-amendment-may-impact-future-industry-terry-jenkins
#13
Forum Lobby / Hobbies "Non-IT" Discussion
August 26, 2016, 08:25:28 AM
Just curious what others in the field do as hobbies when not working. Could be sports, gaming, fishing, model airplanes, or whatever.

Me:
I am a big sports guy. Basketball, football, baseball, and recently I have taken up golf. I personally love to do just about anything outdoors. Hunting, fishing, shooting, camping, etc. I also enjoy cooking/grilling or as my wife calls it "experimenting" lol. I also like history from just about any time period and region.
#14
Forum Lobby / Podcasts
July 29, 2016, 08:17:31 AM
Looking for some new podcasts to listen to on my daily commute. I was curious what some of you are listening to. Doesn't have to be networking or even IT specific, just whatever people find interesting.
#15
Routing and Switching / Odd route statements
June 23, 2016, 10:04:58 AM
Maybe I am missing something, but I have been seeing others doing default routes and then specific routes to the same destination and I can't figure out why.

Example:

ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.0.0 255.255.0.0 192.168.1.1
ip route 172.16.0.0 255.240.0.0 192.168.1.1
ip route 10.0.0.0 255.0.0.0 192.168.1.1


I know I haven't been in the game as long as you guys so I was hoping someone can elaborate on why anyone would do this. If I already have a default route to a specific router what is the point of routing other specific subnets to the same router? Doesn't this just bloat the config?
#16
Forum Lobby / I am still alive
June 20, 2016, 08:56:20 AM
I am sure nobody noticed (lol), but I have been gone for a while. I took the family to Panama City Beach for a little over a week and as a relax/detox I left the laptop in the condo while I sat on the beach. :)

btw, the drive from Indiana to PCB and back is a bitch.
#17
Routing and Switching / Switchport setup
April 01, 2016, 09:07:18 AM
I have been working on creating a template for switchports to throw on new switches that enter our environment. One template for access ports and one for trunk ports. I was curious if anyone else has done similar and what has and hasn't worked for you? As an example here is what I have so far for access ports. Also if anyone sees any "that's stupid, don't do that" in this example let me know. I haven't deployed anything yet just toying with ideas.


switchport mode access
switchport nonegotiate
storm-control broadcast level 30
storm-control multicast level 50
storm-control action shutdown
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
#18
Routing and Switching / OSPF question
March 22, 2016, 07:48:38 AM
I have a unique situation (at least for me) where I have two OSPF routers on each side of a static routing only device. Is it possible to do any kind of OSPF transit across/through a device that doesn't support OSPF? I thought about doing something like a GRE tunnel but the static device is a firewall and I want it to be able to see into the traffic.
#19
Everything Else in the Data Center / Thoughts on Meraki
February 22, 2016, 11:39:25 AM
My *new* employer is planning a complete network overhaul of one of our locations. Existing gear is all ancient Cisco and they want to rip it all out and replace with Meraki. Now I personally have only touched one Meraki device (AP) in my life and was wondering what others thoughts and opinions was of these "Cisco owned" products.
#20
Wireless / iPhone 6's on wifi
January 04, 2016, 10:44:09 AM
Anyone else having issues with iPhone 6 devices connecting to wifi but not using? I have a client that is having issues with 3 users (all iphone 6's on verizon). The phones connect to the wifi network fine, pull an address, and can even communicate with the edge router across the network. The phone however never shows the "wifi" icon in the top and shows still connected to LTE.

I just wanted to see if anyone else had ran into this before I go chasing my tail. Onsite techs have already verified connectivity between the phones and the rest of the network so wifi is "working" but it is like the phone refuses to use wifi for internet traffic.