Some wireless routers support a client mode/infrastructure mode where they can be a client to a wireless network. I would not go that route. I would buy a purpose-specific adapter: <a class="postlink" href="http://www.amazon.com/TRENDnet-Wireless-Gaming-Adapter-TEW-647GA/dp/B0024G48VA/ref=sr_1_2?ie=UTF8&qid=1297877177&sr=8-2-spell" onclick="window.open(this.href);return false;">http://www.amazon.com/TRENDnet-Wireless ... =8-2-spell</a>
So I got my first DMCA notice in my email today, thats great. So I'm thinking about paying monthly for Usenet, or maybe a VPN service. I just don't know which one to use. Any suggestions? Would a VPN be enough, or just Encrypted Usenet? Or both? Suggestions?
I wouldn't go much past 75 yards or so without a repeater. Theoretically, the distance is about 100 yards, but unless you're running good gear (which yours is not), you can get an increase in errors and retransmissions due to signal loss at that length. It also depends on where the cable is routed (near power sources, under water, etc), and how well the cable is shielded.
Thanks. It should be well under 75 yards. Probably going to try to go under the floor (conventional foundation), through some kind of plastic pipe, and just hang a box a few inches off of the floor. Might end up being 40 feet... maximum.
Yep, under water. I mention this because of experience. I used to co-locate my servers at a friend's IT shop, which was part of one of those industrial complexes. The guys who built the thing thought ahead, and ran underground conduit from every unit to each building's telephone/power demarcation rooms, where the ISP's/phone companies/etc would connect your service. They also had the pull-strings in the conduits. Basically, you'd call up the service provider you wanted to use, they'd come out and install their gear in the demarc room, and then you'd run a cable from that room, through the conduit, into your unit in the complex, and plug it into your router/firewall, and you're good to go. Well, after it working fine for about a year, we started having problems with a whole bunch of errors, and the signal strength coming into our router dropped hugely and was barely working. We got the ISP in and started testing the gear, and it all tested fine, and we isolated it to the cable. So, we started to run a replacement cable. And it came up covered in mud and water. But wait, it wasn't mud and water, it was shit and piss. Seems that the sewage line had taken a dump and taken out our conduit, and everything was flooded beneath the complex. Took them a week of serious construction to dig it up and replace it all.
I actually have found that 100 meters is a fairly conservative estimate, which you'd expect given that it's the standard's measurement so it's the expectation that 100m is always good, all of the time. Interference sources play a huge role in that, though. The switches don't matter quite as much but exceptionally cheap cable, terminators or bad crimpers/patch panels will all reduce the distance you can get. If you're installing cable in the floor or the walls, use solid core cable if it's available. 40 feet is nothing, though. Just avoid running it tightly against existing power cables.
I've just walked into the deep end of a new job - and found out that I have to maintain some Cisco ASA's and some reasonably recent and reasonably high end Switches. On a conceptual level, I know what I'm doing. But I'm fucking rusty with the Cisco CLI - any suggestions for good ebooks/references?
Cisco's website actually has a tremendous amount of instructional information. Virtually every time you need to do something, if you Google <task> + <router/switch model> it'll come up with Cisco's website and step-by-step instructions. Other than that, just pick up any old CCNA book or the two routing and switching CCNP books from Cisco. The command line structure on the ASA is a little different from the big brother IOS versions, but it's pretty similar and if you're rusty with command line IOS, chances are you could use a little brushing up on some of the concepts behind it too. CCNP routing: <a class="postlink" href="http://www.amazon.com/ROUTE-642-902-Official-Certification-Guide/dp/1587202530/" onclick="window.open(this.href);return false;">http://www.amazon.com/ROUTE-642-902-Off ... 587202530/</a> CCNP switching: <a class="postlink" href="http://www.amazon.com/SWITCH-642-813-Official-Certification-Guide/dp/1587202433/" onclick="window.open(this.href);return false;">http://www.amazon.com/SWITCH-642-813-Of ... 587202433/</a> Cisco really does have good literature for their products.
They also compile a command reference library. I just had to use it today. Google "<model> command reference".
If you're looking into design, Cisco has SRNDs which are basically huge documents detailing everything from high level to low level. Could easily be overkill, but simply learning individual commands can be confusing when they are part of a larger system. If you want to spend the money and get a fairly quick high level idea the books are pretty good. However, they're really just a rehash of almost everything Cisco has out on the documentation. The products, design, and IOS can change really fast though which is a risk with books. Campus Design <a class="postlink" href="http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1.0/Borderless_Campus_1.0_Design_Guide.html" onclick="window.open(this.href);return false;">http://www.cisco.com/en/US/docs/solutio ... Guide.html</a> WAN Security <a class="postlink" href="http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/landing_wan_security.html" onclick="window.open(this.href);return false;">http://www.cisco.com/en/US/solutions/ns ... urity.html</a> Design guides for Borderless. Basically everything that isn't datacenter or voice is borderless, thank you marketing. <a class="postlink" href="http://www.cisco.com/en/US/netsol/ns1063/networking_solutions_program_home.html" onclick="window.open(this.href);return false;">http://www.cisco.com/en/US/netsol/ns106 ... _home.html</a> If you're looking for something lower-level with the commands, the SBA (smart business architecture) is the idea of putting all the best practices in one place and showing full configs of devices. Again, really detailed but best practices for a lot of scenarios. CVDs (Cisco validated designs) are very similar to this. They may be the same thing, I haven't gotten my bi-weekly cisco marketing email this week to keep me updated. SBAs <a class="postlink" href="http://www.cisco.com/en/US/netsol/ns982/networking_solutions_program_home.html#bn" onclick="window.open(this.href);return false;">http://www.cisco.com/en/US/netsol/ns982 ... me.html#bn</a> This is a really good starting point to avoid web-crawling to get to what you want. Good for downloads and product documentation. <a class="postlink" href="http://www.cisco.com/cisco/web/psa/default.html?mode=prod" onclick="window.open(this.href);return false;">http://www.cisco.com/cisco/web/psa/defa ... ?mode=prod</a> This is kind of just scratching the surface. Also know that if you're messing around in NX-OS (Nexus, MDS, UCS) it's going to be about 5-15% different than normal IOS. Same with IOS-XE and IOS-XR (ASRs, routers) Also if your ASA is on firmware 8.3 or later the entire CLI has been overhauled and the old documentation won't get you very far.
SFP cable testers - Anyone know if there are any cheap / readily available options? Everywhere I'm looking they're $2k or more and have months of lead time between order and delivery. Is there a better way to test cable continuity? I suspect patching error or cable damage - but it's going to be really embarrassing if I get someone in to fix that, and it turns out that I just fucked up config.
Ok, this one might be a longshot but maybe someone here has some ideas. I've been banging my head against the wall for a week now. We just replaced two adtran routers connecting a primary site (Windows2003 SBS DC) to a remote site (no servers) with two Sonicwall TZ210s, and even though the IPSEC vpn tunnels are showing as up and healthy, Active directory authentication appears to have stopped working at the remote site. Fucking Punjab at Sonicwall support was zero help. DNS is working perfectly, AD is working fine at the primary site, but something just isn't passing correctly with kerberos it seems from the remote site back to the HQ. I can ping and NS lookup from the remote site, but no group policy or domain authentication is available. Netbios broadcast is allowed on on both sides of the VPN tunnel. I've tried doing both UDP and TCP Kerberos, but still no go. After doing some packet captures on both sides, it appears that the packets are leaving the gateway just fine at the remote site, but once they arrive to the headquarters something goes wrong and they appear to be getting dumped by that Sonicwall due to fragmentation or bad TCP packets. Also worth mentioning, each site has a bonded T-1 connection. VPN is IKE/DH1/DES/MD5, AH/DES/MD5 My only guess at this point into this on would be that there was an underlying condition that was being masked by the Adtran Netvanta routers, that was uncovered by installing the SonicWall appliances. I've currently got a trouble ticket into the ISP to check their routers for errors.
Check your MTU size on both sides. Often packets over a WAN are encapsulated inside forwarding protocols, making the packet larger than the MTU of the link. That results in the packet being split up, which doesn't end well for encrypted packets - they can't always be reassembled normally. Easy test: ping <host> -f -l <size> Ping a host on the other side of the WAN link. Set the <size> to 1500, and decrement until you find a packet that fits. -f says "don't fragment this even if it needs it" - you'll get an error back if the packet is too large to fit in the MTU size.
Ok, this might be the issue. I double checked the MTUs on both the SonicWalls, and they are set to 1500, but any DF ping larger than 1375 is getting dropped because it wants to fragment it. Could this be the ISP?
Yep, it's the ISP. When the packet hits your ISP, they use special forwarding protocols like MPLS that encapsulate your data inside forwarding information to efficiently route data across their network without actually having to rewrite any destination information in your packet. That makes the packet size larger, which means it needs to get fragmented to pass over the network. It won't necessarily fix your problem (that is, there may be other issues here), but it's pretty common to have problems over a WAN link if both sides are expecting to send 1500 byte packets. Try lowering it to like 1350 and see if your problems go away.
ok, that kind of worked. It solved my authentication problem but now I am getting "Windows System Error - A duplicate name exists on the network" error at the login screen when I reboot. That is typically a NetBIOS error, which is strange because we are not using WINS.
I'm not a big domain guy, I just know enough to get by, but I believe you have to have unique computer names across a domain. Not using WINS doesn't mean machines aren't identified by name. Most domains have their members registered in a DNS server, so you obviously can't have duplicate DNS entries for the domain.
Are you certain that there are no duplicate machine names? Also, it throws the error, but does it actually have an affect on the machine's functionality? Is it still joining the domain, updating its DNS record, authenticating normally, etc.?