Need some advice on learning networking

**BillyCarpenter** · 12-22-2021, 02:52 AM

Re: Need some advice on learning networking

I feel like I went from wireless being a weakness of mine to a strength. I learned everything about wireless that the CCNA course offered and then took it to the CCIE level because I actually bought a Cisco WLC and implemented RADIUS.

To recap, RAIDUS integrates wireless security with Active Directory. It's VERY cool. I have it set up here at my office and I'm gonna leave it in place. My company is MUCH too small to be using this but it's just cool as hell and I can use it to further educate myself. RADIUS is designed more for a corporate network. Hell, I've never even seen one. That's probably because I had never heard of it before.

PS - I now look at using a pre-shared key as a big ol' security risk. Especially if everyone is logging in on the default vlan.

**BillyCarpenter** · 12-23-2021, 02:34 PM

Re: Need some advice on learning networking

Being new to the world of networking, I expect to encounter my fair share of growing pains. There's an old saying: "you don't know what you don't know."

Yesterday I experienced some of those growing pains. My mini-usb console cable arrived and finally I could configure my layer-3 switch. I plug in the console cable and nothing!! After a little research, I discover that I need to download a driver. I downloaded the driver and once again - nothing!!! After a little more research, I finally got it to work. But not so fast...the console kept freezing and that wasn't going to work.

Once again I did more research. I was about at my wit's end and I stumbled upon another Terminal Emulator called: Tera Term. It works great. That's about 4-hours of my life that I will never get back.

**BillyCarpenter** · 12-23-2021, 06:05 PM

Re: Need some advice on learning networking

Well, I finally finished setting up my Wireless Lan Controller with VLANS.

I created 3 vlans.

Vlan 10 - Staff

Vlan 20 - Corporate

Vlan 30 - Guests (There's nothing on VLAN 30)

I'll make this short and sweet.

I also created 3 SSID's. When you log on to "staff", you'll be placed in vlan 10. When you log into "corporate", you'll be placed in vlan 20. And when you log into "guest", you'll be placed in vlan 30.

This was an incredibly labor intensive setup. However, I think I could do it in about an hour now that I know what I'm doing.

**slimslob** · 12-23-2021, 06:45 PM

Re: Need some advice on learning networking

Originally posted by BillyCarpenter

Being new to the world of networking, I expect to encounter my fair share of growing pains. There's an old saying: "you don't know what you don't know."

Yesterday I experienced some of those growing pains. My mini-usb console cable arrived and finally I could configure my layer-3 switch. I plug in the console cable and nothing!! After a little research, I discover that I need to download a driver. I downloaded the driver and once again - nothing!!! After a little more research, I finally got it to work. But not so fast...the console kept freezing and that wasn't going to work.

Once again I did more research. I was about at my wit's end and I stumbled upon another Terminal Emulator called: Tera Term. It works great. That's about 4-hours of my life that I will never get back.

Tera Term is a handy little program. I have used it in the past to collect engine performance data from Ricoh production machines to send to engineering for diagnosis. Provides them a lot more data than can be obtained from the Debug Log in the Service Program, SP mode.

And if I remember correctly it was what I had to use to update firmware on Plockmatic.

**BillyCarpenter** · 12-24-2021, 11:09 PM

Re: Need some advice on learning networking

Welp, I finally installed my first virtual machines on bare metal. I used ESXI. Now I need to figure out some practical uses for them. So far I only have Server 2019 and a windows 10 machine.

**rthonpm** · 12-25-2021, 12:32 AM

Re: Need some advice on learning networking

Originally posted by BillyCarpenter

Welp, I finally installed my first virtual machines on bare metal. I used ESXI. Now I need to figure out some practical uses for them. So far I only have Server 2019 and a windows 10 machine.

Run your entire infrastructure off them. The only physical servers I have are hosts for my VM's. With your Server 2019 Standard license, you're entitled to two virtual instances of the OS. Beyond that, you can always download the evaluation ISO or use your existing one without activating the system for 180 days of use.

You could also just build out a lab environment that's not connected to your production network.

There hasn't been a need for a physical server for any workload beyond the requirement for a connection to another piece of hardware for well over a decade.

Sent from my BlackBerry using Tapatalk

**BillyCarpenter** · 12-25-2021, 01:08 AM

Re: Need some advice on learning networking

Originally posted by rthonpm

Run your entire infrastructure off them. The only physical servers I have are hosts for my VM's. With your Server 2019 Standard license, you're entitled to two virtual instances of the OS. Beyond that, you can always download the evaluation ISO or use your existing one without activating the system for 180 days of use.

You could also just build out a lab environment that's not connected to your production network.

There hasn't been a need for a physical server for any workload beyond the requirement for a connection to another piece of hardware for well over a decade.

Sent from my BlackBerry using Tapatalk

First things first, this is freaking awesome. I didn't get at first, but do now.

I just set up a backup domain controller using the virtual server. To test it out, I created a test GPO on the secondary domain and then checked on the primary to make sure it replicated. I then I did the vice-vera to make sure it was replicating in the opposite direction.

You told me this in the beginning but it wasn't sinking in. The reason for running a virtual server is because it cuts down on the number of physical servers needed and we're better able to utilize resources that were otherwise unused.

I can't thank you enough. I'm like a kid in a candy store.

**BillyCarpenter** · 12-25-2021, 01:27 AM

Re: Need some advice on learning networking

BY the way, I'm running ESXI on a PC. See specs below. I can't believe how fast the server is running.
Dell Inc.

Model
OptiPlex 790

CPU
4 CPUs x Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz

Memory
15.88 GB

**rthonpm** · 12-25-2021, 03:04 AM

Re: Need some advice on learning networking

Just wait until you get it on a real server and actually have enough processor cores, RAM, and disk speed to do some real work.

For most of our customers, going the VM route has turned racks of servers into one, depending on the backup strategy. The cost savings of power and cooling alone can often justify the higher cost of denser hardware. There's no real reason for 99% of workloads to ever have a dedicated server, especially as light as many server roles actually run. Buying a physical box for a domain controller is a waste as it will barely need more than 4-8 GB of RAM, and very little storage if that's its only role (which it should be). Same with a file server, which only needs storage as opposed to any kind of serious memory.

Sent from my BlackBerry using Tapatalk

**BillyCarpenter** · 12-28-2021, 02:05 PM

Re: Need some advice on learning networking

Windows 11 is starting to get on my nerves.

I have a new (used) core Cisco switch and I'm getting ready to trunk it to a Cisco distribution switch and I wanted to test out inter vlan routing on the core switch before trunking to the distribution switch.

Well, it turned into quite the experience.

The core switch is Layer 3, so routing is built in.

I created 2 vlans: vlan 10 and vlan 20
I assigned IP addresses for both.
I enabled routing on the layer 3 switch.

I hooked up a window 10 PC on vlan 10
I hooked up a windos 11 PC on vlan 20

That's all that is needed. It should work. But it didn't.

At first I couldn't ping from PC to PC in either direction. I disabled windows defender on the windows 10 PC and now I could ping in one direction but not the other.

So, I disabled windows defender on the windows 11 PC. Still couldn't ping from the Windows 11 PC to the Windows 10 machine.

Turns out that I had to to enable a rule. See below:

Open Windows Defender Firewall and select Advanced Settings in the sidebar. Switch to Inbound Rules via the Getting Started page or the sidebar. Find the rule named "Core Networking Diagnostics - ICMP Echo Request (ICMPv4-In)" with Profile of "Private, Public" (unless you're on a corporate domain...). You can right-click the rule and Enable Rule.

**rthonpm** · 12-28-2021, 02:31 PM

Re: Need some advice on learning networking

Originally posted by BillyCarpenter

Windows 11 is starting to get on my nerves.

Turns out that I had to to enable a rule. See below:

What was the network profile on your Windows 11 machine set to? If it was Public, then by default ping, SMB and a lot of other features are disabled by the firewall.

To make all of the various firewall rules easier, I just set them through Group Policy as needed, that way as soon as a system is bound to AD, it gets any standard firewall rules it will need. As an example, anything in my Server OU's get firewall rules enabled by default for Remote Management in the Domain firewall profile, as well as all of the necessary ports for my monitoring and compliance server agents. Workstations don't need those, but they get a different set of default rules, and test systems get a different set beyond that. It doesn't change the ability to add rules manually to any individual system, but it makes configuration a lot easier.

**BillyCarpenter** · 12-28-2021, 05:59 PM

Re: Need some advice on learning networking

Originally posted by rthonpm

What was the network profile on your Windows 11 machine set to? If it was Public, then by default ping, SMB and a lot of other features are disabled by the firewall.

To make all of the various firewall rules easier, I just set them through Group Policy as needed, that way as soon as a system is bound to AD, it gets any standard firewall rules it will need. As an example, anything in my Server OU's get firewall rules enabled by default for Remote Management in the Domain firewall profile, as well as all of the necessary ports for my monitoring and compliance server agents. Workstations don't need those, but they get a different set of default rules, and test systems get a different set beyond that. It doesn't change the ability to add rules manually to any individual system, but it makes configuration a lot easier.

No, it was set for private network. I bought this Windows 11 Laptop off Ebay, so it's no telling what settings had been changed.

**BillyCarpenter** · 12-28-2021, 06:05 PM

Re: Need some advice on learning networking

How difficult do you think it is to create 3 vlans that have inter vlan connectivity and get all 3 internet access?

Answer: Pretty difficult.

Note: It involved 802.1q trunking, a couple of static routes and I had to use a dynamic routing protocol - EIGRP.

It's much different networking real gear as opposed to using a emulator.

**BillyCarpenter** · 12-29-2021, 12:17 AM

Re: Need some advice on learning networking

In the previous post I talked about creating 3 vlans and getting all of them out to the internet. This posed a couple of problems.

1. Here are the 3 networks for the vlans:

-192.168.10.0 /24
-192.168.20.0 /24
-192.168.30.0 /24

Keep in mind that these are all private IP ranges and they're not routable over the internet...they must be NAT'd.

So, I had to go into my edge router and set up nat'ing for all of those networks.

2. The other challenge is that when I created the 3 vlans, none of them had connectivity to the edge router.

There's a couple of ways to solve this.

- I could have created a bunch of static routes but that's more work than I wanted to do.

- Instead I used EIGRP...which is a routing protocol that does most of the work for me.

To put the cherry on top, I set up inter-vlan routing where all the PC's could talk to each other but would be safe from a broadcast storm.

**BillyCarpenter** · 12-29-2021, 02:30 AM

Re: Need some advice on learning networking

Continuing on with my Vlan set up....

Everything is working fine except for one missing detail. There was no DHCP scope on the server for the following networks.

-192.168.10.0
-192.168.20.0
-192.168.30.0

I quickly whipped up 3 scopes for those networks. I go to the PC on vlan 10 and change from static to DHCP and it doesn't work. I got no DHCP address. But why?

This was easy to figure out from my Packet Tracer Labs.

Remember DORA?

D-iscover
O-ffer
R-equest
A- cknowledge

Discover is a broadcast signal and they can't go past the router. They are blocked. So, I had to enable DHCP Helper on the router and now it's working.

Need some advice on learning networking

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment