:goku:
I asked for a certificate on Thursday. Come Monday morning, still no response.
So I sent a follow-up email and CC'd the project management team.
Within the hour, I got the certificate.
Just installed it, and it's working perfectly. Also the weekend upgrades went well after I suggested that the upgrade may have changed the file structure, which would be why the backup restore didn't work. My counterpart took that suggestion, set up the folders needed and stuffed them with goodies, and it's all good.
:bole:
(Please feel free to use this thread at any time when you need to crow about when things are just going your way and you'd like to brag a little.)
Quote from: deanwebb on October 26, 2015, 09:10:39 AM
:goku:
I asked for a certificate on Thursday. Come Monday morning, still no response.
So I sent a follow-up email and CC'd the project management team.
Within the hour, I got the certificate.
Just installed it, and it's working perfectly. Also the weekend upgrades went well after I suggested that the upgrade may have changed the file structure, which would be why the backup restore didn't work. My counterpart took that suggestion, set up the folders needed and stuffed them with goodies, and it's all good.
:bole:
(Please feel free to use this thread at any time when you need to crow about when things are just going your way and you'd like to brag a little.)
Haha - way to go Dean. ;)
I'm totally on a roll today. I just finished doing my health benefits enrollment and I'm squaring away my Tipping Point classes in December. AND I'm going to a vendor-provided luncheon at a really nice steakhouse next Tuesday, just found out.
Damn, it feels good to be a gangsta.
:gangsta:
Sometimes, you solve a network problem by solving a Linux config problem.
If there's a delay between entering your username and being prompted for your password on a Linux box, turn off GSSAPI and reverse DNS lookup. BAM.
http://ask.xmodulo.com/fix-slow-ssh-login-issue-linux.html
:banana:
Just got a big, big issue with our guest wireless network cleared up.
YESH
:matrix:
PROTIP: If the device doing a DNS capture is blocking DNS traffic to itself, that block will interfere with the function of the DNS capture, even if the vendor insists it's not his gear that's misconfigured.
Quote from: deanwebb on December 02, 2015, 10:18:39 AM
Just got a big, big issue with our guest wireless network cleared up.
YESH
:matrix:
PROTIP: If the device doing a DNS capture is blocking DNS traffic to itself, that block will interfere with the function of the DNS capture, even if the vendor insists it's not his gear that's misconfigured.
So .... the block is blocking... sounds like working as intended!
The block was blocking everything, even the block. :problem?:
deny ip any any is secure.
-Otanx
<Fixed your modify there, Dean... way to Ninja Otanx's post... :P >
Quote from: Otanx on December 02, 2015, 10:42:04 AM
deny ip any any is secure.
-Otanx
deny ip any any log is secure, and provides full forensic information.
:professorcat:
And a nice control plane workout / cpu punt on many platforms
Found and cleared up a networking issue, I noticed my SSH sessions were a little sluggy so I did some digging and found the traffic between a bunch of our routers was loosing ~30% of it's traffic! Found the switched port that was the issue even though there were no indicators like errors, drops, etc on the port or the port it was connecting to. Moved spanning-tree to one of it's alt ports and it's good to go now. About half an hour into the process I had 3 other people notice stuff was slow and they weren't happy with my broken network and no thanks for finding and fixing the issue quite quickly (even without any network monitoring software).
We need an "I did something bad and I am ashamed" section, cause when I moved off the port that was working poorly I moved it off to a port... a port that was blocking a very important vlan and killed a bunch of stuff.
:doh:
I think there is a thread for big mistakes already here... I could sticky it for you. :lol:
Quote from: dlots on December 08, 2015, 04:07:28 PM
We need an "I did something bad and I am ashamed" section, cause when I moved off the port that was working poorly I moved it off to a port... a port that was blocking a very important vlan and killed a bunch of stuff.
Errmm... sounds like you have an odd network setup...
Quote from: AspiringNetworker on December 08, 2015, 04:48:29 PM
Errmm... sounds like you have an odd network setup...
Like you wouldn't believe!!! It's kind of a weird cloud setup. We have 40+ areas using the same single IP space, and I am the only one who does up-keep on it in my spair time, and it's kinda a hack job right now just cause I don't have time :-[.
I would have been fine if we were doing PVST, but we have way to many vlans for that so the MSTP got me :-(
Quote from: dlots on December 09, 2015, 07:19:02 AM
Like you wouldn't believe!!! It's kind of a weird cloud setup. We have 40+ areas using the same single IP space, and I am the only one who does up-keep on it in my spair time, and it's kinda a hack job right now just cause I don't have time :-[.
I would have been fine if we were doing PVST, but we have way to many vlans for that so the MSTP got me :-(
Woooo wee - that sounds like fun times. Not that you ever have time, but it sounds like the network is really touchy - it may behoove you, although I understand likely completely impossible, to re-evaluate things and see if you can make it more stable, understandable, and behave in a manner that makes sense and doesn't take a simple port change to break so much stuff. Easier said than done, I know. MSTP can be tricky sometimes, ESPECIALLY if you're running multi-region - please tell me you're not doing that...
The changing a port screwed me up because years ago when we set this up we had a vlan, lets say 10, vlan 10 was used for tones of crap in the old setup and we pruned the hell out of it and we said "you can use any vlan you want other than vlan 10, vlan 10 is a mess and we don't want it in our new pretty network area... Needless to say a couple weeks ago I was told "we have to have vlan 10". So I went though and got rid of vlan 10 on all the old stuff and permited it though on most of the new stuff... but I missed a port that was still pruning vlan 10.
Not multi-region MSTP... because in the other region we are using PVST, but there is a L3 router between them so as long as nothing crazy happens it's still good.
Honestly this is by far the best setup I could come up with. We are a development lab for new products, each team wants their own area (group of servers) to do their development working around other teams scheduled and other stuff. However we have a limited amount of hardware that everyone wants to use. So we were given the task of coming up with a network where you unplug from one teams system and plug it into the other teams system and it all just works with no differences, no spending hours re-configuring the gear, and it works great. We actually get complaints that they can't tell which system they are actually working in (can't make everyone happy it seems). So everyone's VM servers are just a clone of a "Perfect" system, if they screw it up to much we just re-clone the system.
It's a crazy cool system, and I have a Visio document that describes how each peace of odd gear works and how it fits in the big picture and documented the hell out of this thing, but I still pity the person who comes after me. I have a tool that generates a new VRF, all you have to do is type in some IP address that are unique to each system. Templates for each system's DMVPN spokes for the people doing off site work.
It really is (IMO) a great setup given the requirements I was given.
Ah - sounds great then. I incorrectly assumed it was something set up already that you walked into. Dynamic labs are always challenging environments I imagine.
What I walked into was way worse
No account to get into any of the gear, or Radius or anything like that
No documentation or CDP
No config backups or network monitoring (still don't have any good network monitoring :doh:)
Nothing labeled
Over lapping subnets (No VRFs: as this wasn't intended when it happened, but no one made the guy who took the over lapping IP spaces stop using them)
4 EIGRP ASs redistributed between one another
Everything crapping out due to stuck in active issues
The core of the network was a 2800 with so much NATing thrown in there with no plan for the directions it wasn't even funny.
Quote from: dlots on December 09, 2015, 10:49:23 AM
What I walked into was way worse
No account to get into any of the gear, or Radius or anything like that
No documentation or CDP
No config backups or network monitoring (still don't have any good network monitoring :doh:)
Nothing labeled
Over lapping subnets (No VRFs: as this wasn't intended when it happened, but no one made the guy who took the over lapping IP spaces stop using them)
4 EIGRP ASs redistributed between one another
Everything crapping out due to stuck in active issues
The core of the network was a 2800 with so much NATing thrown in there with no plan for the directions it wasn't even funny.
:phone:
found a terminal server connected to console ports on devices, but has no Ethernet uplink, :wtf: so I'm re-configuring the terminal server and reconnecting it to the network, we will soon have console access into those switches, since who knows how many years.....
:joy:
Quote from: ristau5741 on December 09, 2015, 03:06:41 PM
found a terminal server connected to console ports on devices, but has no Ethernet uplink, :wtf: so I'm re-configuring the terminal server and reconnecting it to the network, we will soon have console access into those switches, since who knows how many years.....
:joy:
:goku:
Quote from: ristau5741 on December 09, 2015, 03:06:41 PM
found a terminal server connected to console ports on devices, but has no Ethernet uplink, :wtf: so I'm re-configuring the terminal server and reconnecting it to the network, we will soon have console access into those switches, since who knows how many years.....
:joy:
Lol.... that's hilarious.
It's like... "SCORE!"
Quote from: dlots on December 09, 2015, 10:49:23 AM
What I walked into was way worse
No account to get into any of the gear, or Radius or anything like that
No documentation or CDP
No config backups or network monitoring (still don't have any good network monitoring :doh:)
Nothing labeled
Over lapping subnets (No VRFs: as this wasn't intended when it happened, but no one made the guy who took the over lapping IP spaces stop using them)
4 EIGRP ASs redistributed between one another
Everything crapping out due to stuck in active issues
The core of the network was a 2800 with so much NATing thrown in there with no plan for the directions it wasn't even funny.
Lol wow.... damn.... even when I was just barely learning what a VLAN was, one of the first things I did when I was a desktop support guy wanting to learn networking was map out all the ports and diagram it. It turned out to help when a port on a switch was link-flapping repeatedly, and I found the culprit was an unused desk phone constantly rebooting. Would have taken forever to find that had I not had it mapped out. Granted, this was a smaller company.
I just wrote thank-you notes and follow-up conversation requests to the interesting people I met at RSAC. :)
Now to put together my RSAC 2016 reading list. There's some good stuff on it, and I hope you lot will enjoy at least some of it.
We turned on NAC yesterday.
We caught a haxxor today.
Well, it was more just a consultant plugging his laptop into the LAN, BUT THAT IS HOW THEY START!
:kiwf: