|
Might require a little glue code, but I think Kismet + GPS + floorplans/GIS data would do the trick.
|
#
?
Feb 8, 2023 15:13
|
|
|
|
| # ? May 28, 2024 04:54 |
|
|
The real answer to this is something like that AirCheck or an Ekahau Sidekick. It's not going to happen because that stuff costs money and then you have to teach people how to use it, which also costs money. None of the actual "testing" results you're going to get without them are going to be worth much, and if they were, the users wouldn't believe them anyway. Real talk: the answer to every, and I mean every wireless question is "it depends." Wireless deployments are designed to support specific applications in specific locations with a whole bunch of specific parameters. Nobody except you cares about that and everyone else assumes that wifi is magic that exists everywhere and functions perfectly, and if whatever they're trying to do isn't working, they think the wireless is "broken." This is the opposite of the truth: 802.11 is built on all kinds of compromises and assumptions, and it's a miracle it works at all, much less as well as it does. This is a thankless, unfunded mandate that will accomplish literally nothing. The only actually-useful thing you can do with student workers who don't know much about wireless technologies is to send them to go talk to the people complaining and gather much, much more specific information. When did this problem start? Any changes or new equipment around that time? What specifically are you trying to do, and what happens when it doesn't work? Are they associating but not getting an IP address? Are they getting an IP address but DNS doesn't work? Can they not associate at all? What specific error message, if any, are they getting? Is it possible that they're trying to use a particular application, and it's that application that has a problem? Are there any commonalities or distinctions between the users having problems? Does everyone in this area have a problem? If not, what's different about the people who don't? Expect getting these answers from anyone to be like pulling teeth, but unless your student goes there, tests, and finds that they, too, are unable to associate to an AP, you aren't getting anywhere until you play 20 Questions. There can absolutely be real wifi problems. But a lot of "wifi problems" aren't really and you gotta start by determining what the actual point of failure is. EDIT: I know you already know that their effectiveness will be limited. But they may actually be able to help you accomplish if they know the right questions to ask.
|
|
#
?
Feb 9, 2023 02:21
|
|
|
guppy posted:The real answer to this is something like that AirCheck or an Ekahau Sidekick. It's not going to happen because that stuff costs money and then you have to teach people how to use it, which also costs money. None of the actual "testing" results you're going to get without them are going to be worth much, and if they were, the users wouldn't believe them anyway. Oh yeah you basically nailed it. To me it’s kind of a show and my immediate boss understands it. Users are unhappy with the vendor because to them it doesn’t work right 100% of the time or probably they are not getting end user support that takes the time to find out those questions. Even just looking at inssider I was like well it what I can see with it looks fine to me I’d have to see what users are trying to do and in which specific area they are doing it in. The real solution they could hope for is bringing back more student end user support for computing but nobody ever wants to run it correctly which makes it miserable to do ie spending your time working on personal devices. The most positive part of the whole deal is showing people new to IT how to troubleshoot these types of issues and encourage them to specialize in something so they don’t end up doing it as a career like me lol.
|
|
#
?
Feb 9, 2023 06:01
|
|
|
If it makes you feel better, we have that stuff and the training and certifications to use it, and the users and even other support groups still don't believe us.
guppy fucked around with this message at 10:21 on Feb 9, 2023 |
|
#
?
Feb 9, 2023 09:25
|
|
|
I miss netstumbler for it’s built in beeping options. You could turn it on and walk in the room and the customer would hear the beeping improve with the better signal . The aircheck G1 at least does that. And I was wrong there’s a G3 out now as the latest that does WiFi 6 and 6E. Got a couple at the job I can’t wait to poke at.
|
|
#
?
Feb 9, 2023 13:22
|
|
|
We have a pair of Firepower 2140's and I'm trying to figure out if it will support a 10 gig internet pipe. https://www.cisco.com/c/en/us/products/collateral/security/firepower-2100-series/datasheet-c78-742473.html This looks like yes, but am I missing something?
|
|
#
?
Feb 14, 2023 22:47
|
|
|
Yes as long as you don't try to do TLS MITM stuff on the edge of your network like it's 2005. Those will be marketing numbers though, best case scenario stuff.
|
|
#
?
Feb 14, 2023 22:59
|
|
|
Thanks Ants posted:Yes as long as you don't try to do TLS MITM stuff on the edge of your network like it's 2005. Those will be marketing numbers though, best case scenario stuff. Well right, but even if it does 8 out of 10 gig that's still better than the 1 gig we have now.
|
|
#
?
Feb 14, 2023 23:03
|
|
|
It seems like I looked away for half a second and now every Wi-Fi vendor is really expensive for access points. I currently have some Wi-Fi 5 Aruba APs that could do with being replaced, recently renewed Aruba Central which is coming in at ~£220 per AP for a three year foundation license which is a bit mad considering they used to be a fair bit cheaper than Meraki and now I can buy Meraki AP licenses for about 20% less. Anyway, we use Aruba Cloud Auth (https://www.arubanetworks.com/techdocs/central/latest/content/nms/policy/ca-overview.htm) which is a feature where users can connect to a guest SSID or wired connection and use an Aruba portal to auth with their Azure AD credentials, and then Aruba Onboard would handing configuring the device to use certificate auth, all managed by Central. This is a good feature, I don't want to go back to running RADIUS myself or paying $5/month to someone else to do it when I already have a system that works better. My question is, do any other vendors do this because if they don't then I'll just have to pay Aruba prices, and are all APs expensive now or are there vendors I should be considering?
|
|
#
?
Feb 15, 2023 13:20
|
|
|
Is that £220 the total cost or excluding hardware cost? I remember a couple of jobs ago the Cisco APs we used cost like £800-£1k each.
|
|
#
?
Feb 15, 2023 14:48
|
|
|
That's just the license. They're about 40% more than a few years ago. I get inflation but there's also a piss take.
|
|
#
?
Feb 15, 2023 15:55
|
|
|
Alright, after about 12 years since my last foray into Cisco world the programmer has to come hat in hand to the networking gurus. Just trying to do some home lab stuff, got a cisco catalyst 3750e that I'm trying to flash the firmware on. I got a vlan up, and it all appears to be working. Connected to the eth2/0/2 port and can telnet in. Trying to use solarwinds tftp server on my client that's running the telnet session but when I run "copy tftp flash" and put in my client/server IP and the filename it times out. Steps so far: Verified tftp has my client ip on the /32 subnet Can ping switch from client (and telnet in from client) Can ping client from switch (via telnet) Tried to set router interface for tftp by following instructions here: http://www.cisco.com/c/en/us/td/docs/ios/fundamentals/command/reference/cf_book/cf_f1.html#wp1011436 to no effect. What in the blue blazes am I not thinking of here?
|
|
#
?
Feb 27, 2023 19:44
|
|
|
what's the full tftp command you're putting in and the folder on the tftp server?
|
|
#
?
Feb 27, 2023 20:29
|
|
|
Check for 'ip source interface' commands too, it could be using the loopback ip by default which your PC may not have a route to.
|
|
#
?
Feb 27, 2023 21:59
|
|
|
uhhhhahhhhohahhh posted:what's the full tftp command you're putting in and the folder on the tftp server? I'll attach screenshots of everything I think might be relevant, so whatever idiocy I've accomplished might bubble up faster. falz posted:Check for 'ip source interface' commands too, it could be using the loopback ip by default which your PC may not have a route to. Not sure exactly all the implications of that would be but I've successfully reached the internet in a Client -> Switch -> Router setup. I don't think it's a problem because I can telnet in from my PC and do all the regular things... which seems like it would indicate that the routing is all there?
|
|
#
?
Feb 27, 2023 22:44
|
|
|
Windows firewall?
|
|
#
?
Feb 27, 2023 22:50
|
|
|
Thanks Ants posted:Windows firewall? No, got that turned off for sure. EDIT: BUT This did scratch something in the back of my head and I had some things on my PC that were also doing poo poo on the port! Clearing that and it works! So thanks for helping, I knew it had to be something really stupid. Double Edit: Update finally went and I'm now running the "latest" firmware, even if it did come out 5 years ago. Now all I gotta do is fix that whole situation where cisco doesn't like my "good enough for the Ubiquiti poo poo" sfp+ cables I have and I should be good to go! Anubis fucked around with this message at 23:42 on Feb 27, 2023 |
|
#
?
Feb 27, 2023 22:55
|
|
|
Anubis posted:Double Edit: Update finally went and I'm now running the "latest" firmware, even if it did come out 5 years ago. Now all I gotta do is fix that whole situation where cisco doesn't like my "good enough for the Ubiquiti poo poo" sfp+ cables I have and I should be good to go! The config commands you want are service unsupported-transciever and no errdisable detect cause gbic-invalid. Both of these commands are hidden so you can't tab-complete or question mark them.
|
|
#
?
Feb 28, 2023 00:20
|
|
|
Anubis posted:Not sure exactly all the implications of that would be but I've successfully reached the internet in a Client -> Switch -> Router setup. I don't think it's a problem because I can telnet in from my PC and do all the regular things... which seems like it would indicate that the routing is all there? The command I'm referring to is used by the device and is set per protocol - http, tftp, and so on. It has nothing to do with it routing packets through but deals with traffic sourced from the device itself. To confirm it's not a problem set 'ip source interface tftp (blah)' for whatever interface you're attempting to tftp to and from. Since you're windows, you should also just install Wireshark and sniff for tftp packets and see what's the what.
|
|
#
?
Feb 28, 2023 03:58
|
|
|
Can anyone point me towards somewhere that I can get an IOS image for my Cisco 897VA router? IIRC there was a few sites around that were just big old folders of IOS images. I just use the device in my home network and don't have a support contract or anything. I'm looking for c800-universalk9-mz.SPA.159-3.M7.bin specifically. Thanks in advance!
|
|
#
?
Mar 1, 2023 02:38
|
|
|
IOS on the 3750G/E/X at least should source properly if he configured VLAN 1 SVI. Block size , MTU , etc need configured but it will source from that fine on its own
|
|
#
?
Mar 3, 2023 13:02
|
|
|
Pile Of Garbage posted:Can anyone point me towards somewhere that I can get an IOS image for my Cisco 897VA router? IIRC there was a few sites around that were just big old folders of IOS images. I just use the device in my home network and don't have a support contract or anything. I'm looking for c800-universalk9-mz.SPA.159-3.M7.bin specifically. Sent you a PM
|
|
#
?
Mar 3, 2023 19:29
|
|
|
Prescription Combs posted:Sent you a PM Huge thanks friend!
|
|
#
?
Mar 6, 2023 11:38
|
|
|
I'm trying to get wired 802.1x implemented in a Cisco environment, currently in the very early testing stage. I have a mix of device types, but I am currently working with a 9200L running IOS-XE 17.6.3. I watched a Pluralsight video on the topic; the video series assumes you're using ISE, which I'm not, but I'm not even to the point of caring about the RADIUS auth source. I'm trying to get a sample interface configured. I'm starting from an existing port configuration. I have successfully entered the following:code:code:
|
|
#
?
Mar 6, 2023 18:35
|
|
|
This might sound stupid but was the Pluralsight video definitely talking about IOS-XE?
|
|
#
?
Mar 6, 2023 18:55
|
|
|
The C3PL style config for 802.1x is also sometimes called the IBNS 2.0 style config. Lots of the interface configuration was moved to service policies that have similar syntax to QoS policies I think. Some of the 802.1x config still exists on the ports, and I think there's some global config you need to enable 802.1x also. Katherine McNamara's blog is the best place for this, she has an article about the CPL style config that should have everything you need: http://www.network-node.com/blog/2017/10/7/ise-c3pl-switch-configuration I did a roll out of this config years ago and I'm pretty sure I used her example config with a couple of tweaks here and there. All her stuff on 802.1x and ISE (a lot of it will carry over to whatever RADIUS you end up using) is really good. uhhhhahhhhohahhh fucked around with this message at 19:28 on Mar 6, 2023 |
|
#
?
Mar 6, 2023 19:24
|
|
|
Thanks! Not a stupid question, I think the Plurasight video was about IOS, but all the other stuff I've found suggests that this stuff should still work in XE. However, it appears that someone has at some point configured this device to use "new-style" configuration, which is what the post right above me is talking about. This is not a revertable change, apparently; I'd have to wipe the switch to revert to legacy. Which, happily, I can do, because this is a test switch!
|
|
#
?
Mar 6, 2023 20:23
|
|
|
Echoing above, Katherine’s blog is excellent. She also did the SISE cert guide which, even if you’re not going for your CCNP Security, is an awesome all around ISE resource. https://www.ciscopress.com/store/ccnp-security-identity-management-sise-300-715-official-9780136642947 I typically use Brad Johnson’s switch templates when doing ISE projects. Most of the commands are commented so you know what you’re entering. The new policy map based configs cut down on individual port config bloat by a ton and allow for more advanced features suck as running dot1x and MAB simultaneously. Check them out here: https://www.ise-support.com/cisco-ise-nad-configuration-templates/
|
|
#
?
Mar 7, 2023 13:44
|
|
|
Anyone going to Live this year? Just found out this morning that I apparently am, lol.
|
|
#
?
Mar 10, 2023 00:35
|
|
|
Anyone ever see a c9606r just make very specific UDP traffic disappear? Been tracking this down for a week now and can see the traffic make it across the WAN link, leave the firewall, ingress the switch interface, then absolutely nothing leaves to the server switch interface.  Kind of reminds me how every once in a while you see ESP traffic issues.There are no ACLs applied to interfaces or vlan interfaces. Arp maps to the correct interface, and all the routing is sound. Been fighting why servers in a DR environment can't join an active directory domain and have narrowed it down to the switch. DNS queries are fine but LDAP server responses just disappear. 
|
|
#
?
Mar 13, 2023 19:35
|
|
|
Prescription Combs posted:Anyone ever see a c9606r just make very specific UDP traffic disappear? Been tracking this down for a week now and can see the traffic make it across the WAN link, leave the firewall, ingress the switch interface, then absolutely nothing leaves to the server switch interface. Is it standalone or stackwise virtual? What features are configured on ingress/egress ports? The following Cisco live preso has some stuff to look at: https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKARC-2008.pdf
|
|
#
?
Mar 13, 2023 19:55
|
|
|
DeNofa posted:Is it standalone or stackwise virtual? What features are configured on ingress/egress ports? The following Cisco live preso has some stuff to look at: https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKARC-2008.pdf E: none of this was the switch at alllll go figure. Standby firewall was occasionally forwarding packets and happened to catch it when running a capture on the standby firewall switch port. What a strange bug. Thanks Checkpoint! Prescription Combs fucked around with this message at 04:53 on Mar 16, 2023 |
|
#
?
Mar 13, 2023 21:00
|
|
|
 Your move, Cisco.
|
|
#
?
Mar 17, 2023 17:38
|
|
|
If Fortinet is a pale ale, Cisco is a plastic cup of Budweiser someone’s been using as an ashtray
|
|
|
#
?
Mar 17, 2023 17:54
|
|
|
Cisco TAC told me that their beer has no alcohol. This is a bug which will be fixed(?) Also waiting for Palo Alto to release Pale-o Ale-to.
|
|
#
?
Mar 17, 2023 17:58
|
|
|
Pile Of Garbage posted:Cisco TAC told me that their beer has no alcohol. This is a bug which will be fixed(?) Sometimes, if you drink the beer, your body instead becomes sober. This is a feature that will be inexplicably removed in the next revision on this code train..
|
|
#
?
Mar 18, 2023 10:08
|
|
|
Jedi425 posted:Sometimes, if you drink the beer, your body instead becomes sober. This is a feature that will be inexplicably removed in the next revision on this code train.. Alcohol intoxication is not supported on this platform. You'll need to buy a perimeter body from this other platform in order to be intoxicated. Thanks for your $300k!
|
|
#
?
Mar 18, 2023 10:13
|
|
|
You need to deploy $4000 of virtual machine infrastructure to manage the beer, otherwise it just falls through you and onto the floor
|
|
#
?
Mar 18, 2023 12:34
|
|
|
Any of you Cisco TAC folk know a secret way of resetting the admin password on a FPR-2110 running FTD WITHOUT reimagine the entire thing? TACACS works and all that, can get to the expert shell.
|
|
#
?
Mar 20, 2023 17:44
|
|
|
|
| # ? May 28, 2024 04:54 |
|
|
Prescription Combs posted:Any of you Cisco TAC folk know a secret way of resetting the admin password on a FPR-2110 running FTD WITHOUT reimagine the entire thing? TACACS works and all that, can get to the expert shell. I've not worked with that device in particular but that's kinda a by-design thing tbh.
|
|
#
?
Mar 20, 2023 17:49
|
|