It's a Network Thing... They Don't Understand...

Nerm · January 05, 2017, 08:29:22 AM

Tech: Can you add 172.35.10.0/24 into our global WAN?
Me: That isn't rfc1918 does your location own that subnet?
Tech: What? It is in the 172.16.0.0/12 range.
Me: Go home. You're drunk.

deanwebb · January 05, 2017, 10:59:43 AM

Quote from: Nerm on January 05, 2017, 08:29:22 AM
Tech: Can you add 172.35.10.0/24 into our global WAN?
Me: That isn't rfc1918 does your location own that subnet?
Tech: What? It is in the 172.16.0.0/12 range.
Me: Go home. You're drunk.

deanwebb · April 07, 2017, 11:21:23 AM

Today's big crisis:

WE CAN'T REACH THE SERVER!!! ZOMGWTFBBQ IT MUST BE NAC!!!

No, it's not the NAC. We're only monitoring the traffic on that LAN.

THEN IT IS FIREWALL!!! TURN OFF ALL THE FIREWALL!!!

No, the path does not go through a firewall.

IT IS IPS!!! YOU MUST DEACTIVATE THE IPS AND TOSS IT INTO THE SEA!!!

Hold on, is this a physical or virtual server? They go through different segments on the DC IPS.

PHYSICAL OR VIRTUAL? WE SHALL CHECK THE THINGS...

And what did they discover?

***the reason the virtual server was unreachable was because it had not yet been installed yet***

Nerm · April 07, 2017, 12:39:53 PM

icecream-guy · April 07, 2017, 12:44:57 PM

Quote from: Nerm on April 07, 2017, 12:39:53 PM

I had to send one of those out today, but had to modify it to change 'blocking' to 'dropping'

LynK · April 07, 2017, 01:42:04 PM

@dean, when are you actually going to enforce NAC?

Had my own two issues today (both my fault). New palo alto firewalls only getting 97mbps down/94 mbps up. I swap laptops to see if it is my machine. Same thing. I call TAC and work with them for 4 hours. I go take my laptop unplug the internet uplink from the fw to the interwebs into my laptop... same speed. HUH?!?!

(LIGHTBULB) I had the speed hard set on BOTH LAPTOPS because I was messing with old firewalls. *(kill me)*

Call TAC case in because new VPN can be reached internally, but internals cannot reach external VPN user (LIGHTBULB = WINDOWS FIREWALL) *(KILL ME)*

deanwebb · April 07, 2017, 02:14:28 PM

Enforcing NAC in three of our sites, currently. I'd like to have all the rest of the system installed as designed before we turn on any more. No budget, no progress.

And now my firewall management project without a project is being looked at by two different managers, each owning half of the system.

If I don't put cover sheets on my TPS reports, I'm going to never hear the end of it.

deanwebb · April 14, 2017, 08:50:00 AM

Whenever we turn on an NMAP scan against our HP printers, they have issues.

Sent some network traces to HP and asked what can they do about it.

HP guy sends back a big mansplaining thing about how to do a network capture properly, even shares his whitepaper on the art of Wiresharking and then asks...

"By the way, what is NMAP? Is that some kind of freeware thing?"

icecream-guy · April 14, 2017, 10:37:31 AM

Quote from: deanwebb on April 14, 2017, 08:50:00 AM
Whenever we turn on an NMAP scan against our HP printers, they have issues.

Sent some network traces to HP and asked what can they do about it.

HP guy sends back a big mansplaining thing about how to do a network capture properly, even shares his whitepaper on the art of Wiresharking and then asks...

"By the way, what is NMAP? Is that some kind of freeware thing?"

Sounds like its your turn to return the favour.

deanwebb · April 14, 2017, 12:16:01 PM

Quote from: ristau5741 on April 14, 2017, 10:37:31 AM
Sounds like its your turn to return the favour.

I gave him a link. He downloaded the tool and couldn't reproduce the error, so he sent an email basically asking if it was network stuff actually causing the printers to fail and how it couldn't possibly be network stuff because HP is the diggity-bomb and and and...

I replied by explaining how, with NMAP active, the printers fail. When NMAP is inactive, the printers do not fail. Therefore, it may be wise to find out what printers we have with the worst problems in this area and set one up in your lab just like it and fire away the NMAP scan.

HP came back with, "Well, maybe it's port 9100. Stop scanning that and see if that fixes things."

No, low ports knock them out, as well... can you get the repro, pleeeeeeeeeeeeeeeeaaaaaase?

This is going to be a very long email back and forth...

SimonV · August 30, 2017, 08:44:55 AM

https://www.reddit.com/r/networking/comments/6wor0u/converting_to_a_flat_network/

dlots · August 30, 2017, 08:54:36 AM

I just saw that... poor guy.

Time for him to quit as he is about to get fired.

That just seems mean. We need you to murder this puppy you have been caring for and nurturing for the last X years. After that you will be fired.

Motley01 · September 03, 2017, 11:54:35 PM

Its always the server guys against the networking guys. I've been working in networking way too long.

But I would have to say the all time "server isn't working issue" top reason is:

No default gateway set.

So whenever a server dude asks me why his server isn't working, can't reach the network, etc. My first question is whats your IP, subnet, default gateway.

That usually fixes like 90% of server issues.

deanwebb · September 05, 2017, 09:47:50 AM

Quote from: Motley01 on September 03, 2017, 11:54:35 PM
Its always the server guys against the networking guys. I've been working in networking way too long.

But I would have to say the all time "server isn't working issue" top reason is:

No default gateway set.

So whenever a server dude asks me why his server isn't working, can't reach the network, etc. My first question is whats your IP, subnet, default gateway.

That usually fixes like 90% of server issues.

If it gets to me, it's because he thinks maybe NAC or the firewall is blocking his box... then I ask, "Can you ping the default gateway?"

If he asks, "What's a default gateway?", we got him cold.