|
Hooray Friday! Network Eng is on vacation today after making some changes to the DHCP range on the VPN tunnel late last night. I come in this morning and none of the phones work. But they all have IP's. Looks like there's no route from the network the phones are on, to the network the phone server is on. tracert... oh hey look at that they're not using the VPN oh hey look at that the tunnel is using a subnet mask that doesn't include the new dhcp range Well played network dude. Enjoy your vacation. 
|
#
?
Aug 31, 2018 18:59
|
|
|
|
| # ? May 23, 2024 09:33 |
|
|
GnarlyCharlie4u posted:Hooray Friday! "I made huge changes overnight, barely documented, validated nothing and I'm turning my phone off for vacation as soon as I send this, have fun!" Those are the best
|
|
#
?
Aug 31, 2018 19:03
|
|
|
MF_James posted:"I made huge changes overnight, barely documented, validated nothing and I'm turning my phone off for vacation as soon as I send this, have fun!" "Gotta keep you on your toes"
|
|
#
?
Aug 31, 2018 19:04
|
|
|
MF_James posted:"I made huge changes overnight, barely documented, validated nothing and I'm turning my phone off for vacation as soon as I send this, have fun!" We have a specific operating rule named after two engineers, the 'James Frank Rule', that urges people to not make changes before going on vacation. I think you can guess what those two engineers did to earn the title. Everybody is constantly reminded of the rule if they plan on any time-off.
|
|
#
?
Aug 31, 2018 19:09
|
|
|
Judge Schnoopy posted:We have a specific operating rule named after two engineers, the 'James Frank Rule', that urges people to not make changes before going on vacation. I think you can guess what those two engineers did to earn the title. To be fair to the Engineer in question... He was out sick, and came in to do whatever my boss BEGGED him to do before going on vacation.
|
|
#
?
Aug 31, 2018 19:40
|
|
|
GnarlyCharlie4u posted:To be fair to the Engineer in question... He was out sick, and came in to do whatever my boss BEGGED him to do before going on vacation. Still a dick move by the engineer as far as its impacts on you, but definitely a lot more justifiable as moderate malicious compliance against the boss in that case if he was brought in from at least mentally having already clocked out for vacation.
|
|
#
?
Aug 31, 2018 22:09
|
|
|
A ticket came in: Put McCain Tribute Video on the Intranet
|
|
#
?
Aug 31, 2018 23:08
|
|
|
Save it as a wmv
|
|
#
?
Aug 31, 2018 23:09
|
|
|
.rm
|
|
#
?
Aug 31, 2018 23:10
|
|
|
I saw that and cringed but it's unsurprising coming from it being a military subcontractor.
|
|
#
?
Aug 31, 2018 23:12
|
|
|
GreenBuckanneer posted:A ticket came in: Put McCain Tribute Video on the Intranet did you say 'tribute.avi'?
|
|
#
?
Sep 1, 2018 01:00
|
|
|
We're having a terrible time filling a Network Engineer 1 slot, the guy interviewed today was nice but no where near an entry network person. Ugh. Portland Job market is on fire.
|
|
#
?
Sep 1, 2018 01:58
|
|
|
kensei posted:We're having a terrible time filling a Network Engineer 1 slot, the guy interviewed today was nice but no where near an entry network person. Ugh. Point me to the posting I have a CCENT aiming for the CCNA by the end of the month with very little practical experience.
|
|
#
?
Sep 1, 2018 15:08
|
|
|
I was going to post this in the Home Networking thread, but it's about an enterprise piece of gear so I think someone in here might be more likely to know. I'm trying to set up an Aruba IAP-225 at home. I plug it into the POE switch on Ethernet 0, the power comes on green, the ethernet port light turns green. Then after a bit the 5ghz and 2.4ghz lights come on orange, and the power light turns orange too. Looking on my phone, I can't see the Instant SSID that should be coming up. I need to find my laptop in my moving boxes, but I should at least be able to see the SSID on my phone, right? Does the orange power mean that I need to be using both Ethernet 0 and Ethernet 1? I remember it powering on just fine when I reset the configuration, and I thought I only used one cable then. The POE switch is 80211.at compatible, so it should provide more than enough power from just one port. Does anyone know what I could be doing wrong?
|
|
#
?
Sep 1, 2018 17:18
|
|
|
I'm not familiar with Aruba products specifically but some Googling indicates that the orange power light means it's in PoE power-saving mode, which probably means it's not getting enough power from the switch. It doesn't look like that should prevent it from working or prevent you from seeing the SSID regardless of band, but if your switch should be supplying enough power and the AP isn't receiving it, perhaps there's something causing both problems? Offhand, some things you might want to check: 1. Are you plugging directly into the switch, or into a cable elsewhere in the house? If the latter, try plugging it directly into the switch port to rule out a cabling issue with the horizontal run, with a known-good patch cord. 2. Can you pull information from the switch's CLI on PoE budget, per-port and overall, to see if those numbers are what they should be? The problem could be the switch, or its PoE module, or a specific switch port. 3. Is this thing brand new? Have you tried resetting it to default? There's probably a hole for a paper clip or something to reset it, you would probably have to hold it in. You can probably console in to monitor the output, our APs (different vendor) let you know when you've held it long enough to reset it. (EDIT: I see now you've already done this.) 4. Not sure what kind of switch you're using, but one guy said on an Avaya switch an LLDP configuration was limiting the power available to each port: https://community.arubanetworks.com/t5/Wireless-Access/AP-225-in-Powersave-mode-performance/td-p/221221/page/3 quote:I had similar issue using Avaya 4850 switches. I've seen similar stuff on switches from other vendors. 5. Same thread mentions a PoE bug in an older version of the AP's firmware, no idea what version you're running. guppy fucked around with this message at 18:50 on Sep 1, 2018 |
|
#
?
Sep 1, 2018 18:36
|
|
|
Okay. I haven't tried using a different cable yet, I need to figure out where the rest of them are. I've got poo poo all over the place since I moved. It could be it's not getting enough power. I'm on an unmanaged POE switch, a TP-Link (I think) 5 port one. It's getting a light flashing saying it's getting POE (It's got one of those things where the link / activity for the port and the POE status are their own lights above each other), but it's orange. I should check and see if that's supposed to be green as well. I got this thing like a month or more ago and haven't finished setting it up after doing a factory reset on the Aruba. I got it for free from a coworker who got it for free when his old company decommissioned these. It's old-ish, but it's still getting security updates until 2021 or something like that so I'm not complaining. I'll try different ports, and I'll check to see if the switch is on the surge protector or going straight into the wall socket. Hopefully being in the surge protector isn't a problem. The switch itself isn't particularly expensive, but considering how expensive the IAP it is powering is I would rather have some security there. I'm plugging straight in. I need to pull the panel, but I'm pretty sure the jackasses that wired this place in 2012 didn't even remember to actually hook up the jacks in the living room. I think that the cables are probably run to the box but not even plugged in. This place is a mess, there's 12-13 cables and maybe 3 are labeled in smeared illegible sharpie. Speaking of, anywhere to get a cheap network toner so I can figure out where everything goes?
|
|
#
?
Sep 1, 2018 19:34
|
|
|
22 Eargesplitten posted:Okay. I haven't tried using a different cable yet, I need to figure out where the rest of them are. I've got poo poo all over the place since I moved. It could be it's not getting enough power. Nvm, just read your original post. No idea. I know with enterprise class 2.4GHz/5Ghz APs I’ve worked with, devices would boot fine but as soon as the antennas tried to draw power it would basically poo poo down. It was usually because the power was over subscribed on the switch so the solution was to add another switch and distribute the APs evenly. Since you said it’s unmanaged, I suppose that means you can’t look and see what’s happening PoE wise on the switchport. I’m not sure what more you can do other than seeing if you can console into the AP in question and up the logging level to see why it’s not firing up the antennas. Also, you can get toners/cable testers from Amazon for cheap. Proteus Jones fucked around with this message at 19:50 on Sep 1, 2018 |
|
#
?
Sep 1, 2018 19:43
|
|
|
It was at least supplying enough for the SSID to show up when I was starting to set it up, but that was a different part of the house. I’ll try a different cable and then a different port on the switch, and then maybe try it straight into the wall socket (assuming it’s not already in there).
|
|
#
?
Sep 1, 2018 19:46
|
|
|
I haven't worked with these specifically but from what I know from talking to my Aruba guys you want to get a console cable on it or you'll not learn much . The APs used to ship with a paper that explained the lights. It may want 20A but if it's class 4 it should get it regardless of LLDP.
|
|
#
?
Sep 1, 2018 20:00
|
|
|
Also it's not uncommon to see switches that will happily tell devices they do 802.3at PoE but have a total power budget that means no device can actually draw the full 30W.
|
|
#
?
Sep 1, 2018 20:06
|
|
|
I hope that's not the issue. It's a low budget, but I only have one POE device. Once I get the cables figured out my goal is to have the wifi devices on the POE switch and the wired stuff on the non-POE switch. Maybe the Aruba just takes forever to boot properly. I had it plugged in and it was showing the orange lights even with a new cable. Then after unplugging some of the other cables the 2.4 light came on and the SSID showed up. I plugged them back in, and it's still there and the 2.4ghz light is green. I'm going to log in and configure that way, I'm hoping there's just no 5ghz network set up by default and you just need to configure everything. That seems likely. I was really worried that it was trying to provide POE to every cable on there despite not having any devices asking for it, since that's something that no POE switch should ever do. E: It's alive! It's even working up on the top floor from the basement, although not too well. I need to see about getting it set up somewhere not in the basement. It looks like someone must just have screwed up punching down the ports in the living room, because they're set up. It's just not getting any signal to any device I've plugged in there. I'm guessing there's not going to be any way to do a smooth handoff between an Aruba device and an old TP-Link router that's set to AP mode is there 
22 Eargesplitten fucked around with this message at 21:09 on Sep 1, 2018 |
|
#
?
Sep 1, 2018 20:39
|
|
|
22 Eargesplitten posted:I hope that's not the issue. It's a low budget, but I only have one POE device. Once I get the cables figured out my goal is to have the wifi devices on the POE switch and the wired stuff on the non-POE switch. In theory, setting both to use the same SSID should let devices migrate as they lose connection to one, but its not clean. I helped a friend put wireless in a old church, and initially we used some TP-Link wireless routers set to AP mode. While it worked, it wasn't great, and one of the routers needed to be rebooted every month for some reason. We swapped them out for some Ubiquiti gear that has so far been running extremely well.
|
|
#
?
Sep 1, 2018 22:22
|
|
|
spog posted:I am sure they all came to you later and apologised for their bad attitude and shared their gratitde for your help and I can't keep a straight face anymore. I had to practically order a tech that works for me to go and check the part he told me had changed to make him fix an issue because he believed it was some other random failure... I had to point out I haven’t even looked at this problem and was just going off the info he told me. He came back and said thanks for making him do what he didn’t want to do after - I laughed, I cried
|
|
#
?
Sep 2, 2018 22:10
|
|
|
GreenBuckanneer posted:A ticket came in: Put McCain Tribute Video on the Intranet Tell me you "misunderstood" and put the clip with the Dolphin Love Story up.
|
|
#
?
Sep 3, 2018 08:00
|
|
|
Ticket: When making internal calls, person A and B don't hear each other. Easy, just repatch them. It's been a common occurrence since we deployed Checkpoint. Patching looks correct. Test that Phone works in our office. New cables for every step, new spot on the switch, nothing. I come back to check the patching with a tone generator and what do you know, the ports in the room are not labeled correctly. Not even close; none of them give the tone. Every step along the way the user makes small jokes that are less than helpful. I factory reset a different phone and assign the number. I patch through a good half dozen spots on the switch to God knows where and leave them. I try ports in the room until something boots. Tested, works, user knows. I get back to the office to a new ticket. New ticket: The same user does not like their new phone. While it is the same model and is cleaner, the handset cord is too long. The user also 'accidentally' took the LAN cable out of the phone and so wants us to come to their office and fix both problems. Solution: Clearly there is a language barrier. Back in the queue it goes with all the helpful notes.
|
|
#
?
Sep 4, 2018 16:37
|
|
|
Cisco 7962 are the best phones.
|
|
#
?
Sep 4, 2018 17:07
|
|
|
Interoffice mail a 6 inch handset cord, close ticket.
|
|
#
?
Sep 4, 2018 18:51
|
|
|
duz posted:Interoffice mail a
|
|
#
?
Sep 4, 2018 20:28
|
|
|
An email came in... Good on the user who didn't just blindly click the link :3
|
|
#
?
Sep 4, 2018 21:22
|
|
|
Hah they even faked a "this email is from a trusted sender" box. I'm convinced the only way to have any hope of securing your data is to tag every external message with a huge warning, do whatever setting changes you need to make to prevent people from being able to connect third-party apps (that also grant API access) to their Office 365 accounts, enable two-factor authentication, and relentlessly hammer home the idea that you will never get asked to confirm your password by a website. Having a responsive support team when people have questions can't hurt either. There's no effective way that I can see to filter this stuff out, especially when it's not even spoofing an email address but people don't look where a message has come from.
|
|
#
?
Sep 4, 2018 21:32
|
|
|
Are you saying Juicycafe.com is NOT a legit microsoft sanctioned password checking system?
|
|
#
?
Sep 4, 2018 21:41
|
|
|
Thanks Ants posted:Hah they even faked a "this email is from a trusted sender" box. The only effective way to secure your data is to disable external email and unplug the WAN router. Beyond that, turning off all of the computers is a great option. The next best methods include what you detailed. You could also strip links from email and break everybody's super-pretty and meticulously designed signatures. Two-factor from outside of the org (VPN and Webmail) is great because most employees will never have to deal with it, and those that do will have the extra security protection from password leaks.
|
|
#
?
Sep 4, 2018 22:10
|
|
|
Conditional access is great and I've been getting to grips with it in Azure AD - like you say, people who set their devices up in the office and never use a home device or whatever to log in never get prompted. I would like a way to have a small percentage of logins go through the multi-factor workflow though regardless of where they are, just to ensure people have all their tokens etc. up to date.
|
|
#
?
Sep 4, 2018 22:13
|
|
|
Steakandchips posted:Cisco 7962 are the best phones. Until they all fail due to bad flash
|
|
#
?
Sep 4, 2018 22:37
|
|
|
So the company I quit wants to hire me back as a contractor to work on the tool that helped their front line agents cut calls down by 10 to 45 minutes ... Funny as they wanted me to take calls all day and work on it. The tool is spaghetti code of CSS and JavaScript. I don't know JavaScript but I learned it. Preparing an invoice as we speak.
|
|
#
?
Sep 5, 2018 02:12
|
|
|
welcome to $$Boat$$
|
|
#
?
Sep 5, 2018 02:41
|
|
|
Thanks Ants posted:I'm convinced the only way to have any hope of securing your data is to tag every external message with a huge warning, do whatever setting changes you need to make to prevent people from being able to connect third-party apps (that also grant API access) to their Office 365 accounts, enable two-factor authentication, and relentlessly hammer home the idea that you will never get asked to confirm your password by a website. Having a responsive support team when people have questions can't hurt either. - Limit number of users with e-mail access to the outside world. (Internal is OK). - Require VPN access for anyone who wants to get to company assets off site. Brownie points if all mobile devices are prohibited from accessing ANY unauthorized IP/domain/service, ever. - Multi-factor authentication everywhere. - E-mail security gateway with Anti-Phishing Sandbox, URL rewriting/removal, attachment stripping/sandboxing, context-sensitive DLP. - Perimeter (and internal) firewalls with sandboxing, application control, content filtering, IPS/IDS, Geo-IP filtering, and context-sensitive DLP. - Add subject and body flags to all e-mails from the outside. - Constant training and re-training of simulated Phishing attacks (KnowBe4, PhishMe) with HR buy-in for training enforcement. - Have a support team (and an executive/senior management group) that understands that people are going to be pissed as all poo poo that you're not letting them access a secure message from their great-grandmother that they're sure is legit. I've got almost all of these things implemented. People still click. They just don't care. It's not their gear. There comes a point in the sisyphean goal of "perfect security" when you realize that it's all gone adversarial and people are going to click just to spite your draconian rear end. Then some other org in your vertical gets breached, the execs freak out, and you start pushing the boulder uphill again. 
|
|
#
?
Sep 5, 2018 02:54
|
|
|
An email came in asking if a ticket had been created to deal with this user's request. Knowing that the ticketing system sends an email to the user when a ticket is created, I dutifully check to make sure the ball was not dropped. I discover a ticket was, in fact, made, and email the user stating so as well as advising the ticketing system sends them an email with the ticket number and topic when the ticket is created. For tickets created via email, the topic is always the subject line of the email the user sent in. The user responds that it takes too much time to look in their inbox for the incoming ticket notification and read it. Never before have I more desired the invention of Smack Over IP than this moment. I advise the
|
|
#
?
Sep 5, 2018 03:48
|
|
|
Lord Dudeguy posted:- Limit number of users with e-mail access to the outside world. (Internal is OK). Pretty much. My org is still small enough that I can make many of these decisions myself, and I choose to do damage control rather than prevention. People are going to click, nothing I do or pay for will change that. My goal is that when it happens (not if) the damage is contained to a single machine that I can wipe and reinstall. It's a lot less stressful.
|
|
#
?
Sep 5, 2018 14:41
|
|
|
|
| # ? May 23, 2024 09:33 |
|
|
PING WAN - Down ended (now: Paused, "It went down, down down / And the flames went higher") A fire completely gutted one of our remote sites. I hope they got some tapes out, but they probably didn't even think of it. This won't be my problem but I'm sad for the folks over there. (We have 200+ remote sites and lol if you think we can herd random office admins into rotating backups offsite regularly, we're lucky if they even change the tape more than once a week.)
|
|
#
?
Sep 5, 2018 15:03
|
|