r/networking

Help using cables

Some people who stayed at my dad's Airbnb left behind a couple boxes of 1000 feet lanmark 6 cables. Its been a while since so I assume they aren't gonna ask for them back.

I have no experience in this, but would want to use it. What would I need?

reddit.com
u/JuggernautSad — 4 hours ago

Cause of interference?

Anyone have any suggestions for locating the cause of interference on both the 2.4 and 5ghz band on an AP? We have Cisco MR-55 access points and one in particular is reporting 100% non-802.11 Interference. Ive asked everyone in the area if they've brought in any always-on devices but haven't gotten anywhere. Could it be coming from the floor above/below? Just trying to narrow it down as best i can.

ETA bands experiencing the interference

reddit.com
u/enterreturn — 5 hours ago

RouterOS for Edge BGP routing

Hi everyone,

I'm looking for some architectural advice on redesigning the edge of my datacenter ASN.

Currently, I have two main edge routers running plain Ubuntu 22.04 + BIRD. This handles BGP perfectly, but my requirements have grown. I now need to introduce stateful firewalling, HA default gateway routing for the internal network, and IPsec tunnels. Managing BIRD, nftables, keepalived, and strongSwan as loosely coupled packages is becoming an administrative nightmare, so I want to move to a unified router OS.

The Hardware:

  • CPU: AMD EPYC (multi-core, NUMA architecture)
  • RAM: 64GB
  • Throughput Target: Pushing 10Gbps at peak.

Strict Requirements:

  1. Must be Open-Source.
  2. Highly prefer first-class Terraform support (manageable via code).
  3. BGP support (handling transit tables).
  4. HA support for internal gateways (VRRP/CARP) and state syncing.
  5. IPsec tunnel termination.

The Dilemma: I am currently weighing three main options: VyOS, OPNsense, and pfSense. My main concern is hitting 10Gbps of stateful throughput (Firewall + NAT + IPsec) on AMD EPYC hardware, alongside the automation requirements.

  • VyOS (Linux): Seems like the safest bet for high-throughput, multi-core EPYC hardware because of how the Linux kernel handles RSS (Receive Side Scaling) and netfilter across many cores. It also has great Terraform API support.
  • OPNsense (FreeBSD): I love the idea of having a web GUI for quick troubleshooting and a highly mature Terraform provider via its REST API, but I am worried about the pf firewall bottlenecking on single EPYC cores at 10Gbps without heavy sysctl tuning.
  • pfSense (FreeBSD): I am still strongly considering pfSense because it is the industry standard for this type of deployment. However, the lack of a native REST API makes my Terraform requirement tricky, and I'm unsure how well it scales to 10Gbps stateful on EPYC compared to Linux.

My Questions for the Community:

  1. Has anyone pushed 10Gbps of stateful traffic + IPsec through pfSense or OPNsense on an EPYC? Did it require heavy FreeBSD driver/queue tuning, or did it handle it out of the box?
  2. For those using VyOS via Terraform in a datacenter, how robust is the state sync (conntrack-sync) and VRRP under heavy load?
  3. If I go with pfSense, how are you guys managing it via Terraform in production? Are the community XML-RPC wrappers stable enough, or is it a headache?
  4. Are there any other hidden caveats with these OSs at this scale that I should be aware of before committing?

Thanks in advance for any insights!

reddit.com
u/WindowReasonable6802 — 9 hours ago

Cato SASE done - what are you using for on-prem NAC?

We just finished rolling out Cato SASE and things are in a much better place on the edge/VPN side.

Now I’m looking at what to do next on-prem to tighten things up.

Environment is ~250 users / ~400 devices across 3 sites. Small IT team (2 people), already have VLANs in place, and we’re using Microsoft Intune / Microsoft Entra ID / Microsoft Defender XDR.

I have a counterpart in Europe deploying the full Cisco SASE, ISE, EDR stack—

From the ISE aspect, what how can I level up?

Note, were a 2-man team....

reddit.com
u/Streetblaze804 — 3 hours ago

Approaches and tooling for Infrastructure Automation, not just IaC, in real life?

If this is off-topic for the sub, please remove.

I want to understand what do you use in your on-prem environment for infrastructure automation: provisioning, configuring, and managing infrastructure including Networking, Network Security and Compute/Virtualization components? I am kinda looking for a solution/tool to rule-them-all to cover infrastructure day0/1/2...Trying to get a as-centralized-as-possible model instead of distributed among several tools to accomplish the tasks.

I am semi-good on Terraform with Git to build/provision the infrastructure but I keep hearing I am wrong to use Terraform for Day 2 or configuration management...I need Ansible...But I never get the sense of why...In my mind, with the state built-in with Terraform, would it be more suitable solution for configuration management?

Anyway, what do you guys use or apply in reallife or production on-prem? no public IaaS.

reddit.com
u/m1xed0s — 4 hours ago

Help with IP cameras NVR

So this office I am currently working at has 2 NVR, one with 32 capacity and the other with 16 capacity. Now we are already working on a very tight budget, please help suggest how i can pull footage from both nvr into the same monitor.

Also if the credentials for an IP camera such as Dahua has been lost (username and password) due to switching IT guys in the office and forgetting and now it won't show anything when connected. Is there any way to fix this?

reddit.com
u/nasmohd2020 — 9 hours ago

Why would an ISP disable MSS clamping, break PMTUD, and silently drop fragmented TCP after 600s – resource conservation, security policy, or neglect?

Hello everyone!

First of all I'd like to say I am not a network engineer and everything stated here is something I spent time learning about in the past month (which may also include incorrect interpretations), so my understanding and knowledge is extremely limited. Please do correct me if I am wrong or making incorrect assumptions.

TL;DR:

ISP doesn't clamp MSS on PPPoE → PMTUD fails → TCP fragmentation → fragmented flows hit 600s stateful firewall timeout → silent drops. Trying to understand if this is neglect, resource-saving, or a valid security policy.

The problem:

I'm a streamer on a residential 500 Mbps upload plan. My RTMP/RTMPS streams to Twitch, Kick, Trovo, or Restream would drop exactly at ~600 seconds with OBS "WriteN, RTMP send error 10060." YouTube and VPN streams were perfectly stable.

Original findings:

  • Disconnecting streams – Direct streams to Twitch, Kick, Trovo, Restream (both RTMP and RTMPS) died at ~600s. Ping to gateway and 8.8.8.8 stayed 0% packet loss; tcping to ingest server port 1935/443 remained 100% open even after OBS reported disconnect. Wireshark showed server sending Dup ACKs (with SACK) right before silence, then client retransmissions for ~15–20s, then client sends RST. No FIN from server.
  • Working streams – YouTube (both RTMP and RTMPS) and as a control test, Twitch RTMP with VPN. All three stayed solid without disconnects at 600s, no retransmissions with a clean FIN when I manually ended the stream.

ISP ticket:

After gathering all the evidence, logs and Wireshark captures, I sent a support ticket to my ISP with a request to check if there are any interreferences in traffic management that times out my connection due to CGNAT/NAT/DPI/stateful firewall.

After 30+ days of waiting for their response (with occasional check-ins from my side so the ticket doesn't get closed), they said they performed a basic remote checks, concluded their network uses only stateless equipment with no timers, incorrectly claimed Twitch streams use QUIC for video and RTMP only for signaling, mischaracterized my Wireshark evidence, claimed VPN only works because it's changing the ingest server, ignored the reproducible issue on the vast majority of platforms and ultimately suggested I update OBS, lower my bitrate, or try a different ingest server—all while failing to address my specific questions about the 600-second timeout. After realizing they are refusing to engage and provide support, I dove deeper.

Latest findings:

  • MTU – Path MTU is 1492 (confirmed with ping -f -l). Typical PPPoE overhead.
  • MSS Clamping – SYN from my PC advertises MSS=1460. No MSS clamping by ISP router.
  • PMTUD – First RTMP Handshake (~1500 IP) is sent with DF flag set. Router fragments it anyway (maybe RFC 1191 not operating as intended?) and forwards; ICMP "Fragmentation needed" (MTU=1492) arrives after the packet is forwarded. Server SACK proves partial delivery, so Windows never reduces MTU. Fragmentation persists for the entire stream.
  • Why YouTube and VPN work:
    • VPN works because MSS gets lowered to ~1380 by the tunnel, packets stay under 1492 bytes.
    • YouTube works because Google's ingest edge clamps MSS to 1412 in SYN-ACK.
  • The fix – Manually setting Windows MTU to 1492 fixes everything permanently.
  • The conclusion – The observed fragmentation correlates with the stream failures. The resulting TCP instability appears to coincide with session expiration around ~600 seconds — behavior consistent with stateful network handling (firewall/BNG/DPI systems or similar mechanisms). Note: I obviously can’t confirm the exact internal classification or trigger mechanism; I’m only observing that when MTU is fixed and fragmentation disappears, the issue disappears as well.

The questions:

The technical mechanism is clear. What I'm trying to wrap my head around is why an ISP would operate like this. I've read that 600s is a common default timeout for fragmented or "unclassified" flows. I also understand that non-initial IP fragments lack TCP headers, so a firewall may not be able to reliably refresh state – essentially treating a still-active stream as idle.

But this situation appears to originate from how the ISP handles MTU constraints:

  1. MSS clamping not enabled – Is this usually a conscious decision to save router CPU (clamping rewrites every SYN) or just neglect? Would enabling it on CPE/BNG be considered a "normal" and expected configuration for PPPoE customers?
  2. PMTUD broken (fragmentation despite DF, ICMP delivered but late) – Is this a common misconfiguration, or might it be deliberate (e.g., allowing fragments to reduce ICMP processing load)? Could it be an artifact of some hardware offloading?
  3. 600s silent drop of fragmented TCP – My research suggests this is often a resource-protection measure: VFR is expensive, and applying a short timeout prevents state-table bloat. But also that fragmented traffic is a common attack vector.
    • In your experience, is a 600s timeout on fragmented flows more likely a security policy (mitigating fragment attacks), a resource conservation measure (saving TCAM/RAM) or neglect (set it and forget it)?
    • If the ISP's own equipment causes the fragmentation by not clamping MSS and PMTUD failing, can they still legitimately claim it's a security measure?
    • Is the silent drop (no RST to client or server) standard practice, or just bad implementation?

Extra context for those who are curios:

I'm asking these questions because I'm currently in a formal complaints process. The ISP is refusing to engage with the evidence and deflecting blame to my OBS settings, which I've already proven are not the cause. I've filed a first‑level complaint and expect it to be rejected, especially since I explicitly asked how their traffic management practices might affect the use of applications under EU net neutrality transparency rules (Article 4), and they have simply ignored those questions. I plan to continue escalating it to the ISP commission and possibly the regulatory authority if they keep being dismissive and uncooperative. The answers to these questions will directly strengthen my complaint. Whether the cause is resource conservation, security policy, or neglect. all could represent a failure to comply with EU net neutrality rules depending on how it's framed—and understanding the ISP's internal reasoning will help me challenge their refusal to engage with the evidence.

reddit.com
u/Venattrix — 2 hours ago
▲ 5 r/networking+2 crossposts

RHEL IPXE Boot Troubles

I'm a newbie to this, but I've set up a RHEL img to boot from a PXE server on an Ubuntu machine. The PXE menu successfully comes up, but every time it boots I get a "kernel panic - not syncing: vfs unable to mount root fs on unknown block (0,0)". Countless hrs online and with AI has not helped. Could it be my image? If so, does anyone know of a good resource to build a proper rhel 9 img to boot from? I've rebuilt this thing using the rhel image builder, virt-build, converted a vmdk to a qcow2, and nothing has worked.

reddit.com
u/jgh601 — 1 hour ago

CCNA and CCNP Encor, still no job.

Hello everyone, I'm a 20 years old guy with an help desk and network technician experience. I have the CCNA and the CCNP Encor certification but companies still ignoring me.

Can anyone give me an explanation, this job market just sucks...

reddit.com

Alternatives to Vultr for BGP/BYOIP with IPv6 /32 (or smaller) prefixes?

Hi everyone, I’m currently hitting a bit of a wall with my current setup and could use some professional insight. For the last few months, I’ve been running a project where I lease an IPv6 /32 prefix and announce it via BGP through Vu͏ltr. It worked fine for a while, but as my traffic grows, I’m running into performance issues and some routing oddities that their support hasn’t been able to clear up. I need more horsepower and better network stability. I’ve looked into a few options, but most have deal-breake͏rs: Het͏zner: great for price, but they are notoriously restrictive about announcing your own space unless you have a massive footprint. A͏WS: their BYOIP requirements are pretty rigid - as far as I can tell, they really want you to own the whole prefix range, and the integration process for leased assets is a headache. Equ͏inix: amaz͏ing, but overkill for my current budget. I’m looking for a provider that offers BGP sessions as a service or native BYOIP support without requiring a full rack or an enterprise-grade contract. Has anyone had experience with Serve͏rspace? I noticed they offer BGP sessions and seem more flexible with BYOIP setups than the big hyperscalers. If you’ve used them for custom routing, how is their edge stability? Alternatively, if there are other providers that don't make you jump through hoops to announce a /32 IPv6, I’m all ears. Appreciate the help!

reddit.com
u/ig_LaKsHyA — 9 hours ago

Networking Noob Question Regarding PoE Class and Max Wattage

I have been researching regarding setting up IP Cameras for my business and have been looking at using PoE for the cameras, I am confused regarding some details regarding this.

I am currently looking at the TP-Link SL1226P PoE switch (max PoE: 250w) and the VIGI C230 IP Cameras. The VIGI cameras have a max wattage of 5.5W but has a PoE class of 0. From my research, if computing only the 5.5W max wattage, even if I populate all 24 ports of the SL1226P with C230 cameras, I will still be under the power limit. However, researching PoE classes, since it is a class 0 device, an unmanaged switch will usually reserve the max of 15.4W, which means I will not be able to populate all 24 ports as power allocation will not be enough.

Does anybody know if the unmanaged switch will automatically adjust the reserved wattage of each port to around 7W for the cameras or will it just reserve the max wattage of the PoE class?

Some google results have shown that going managed is better at this as you can set PoE to power limits, e.g. setting all ports to 7W, instead of using the base PoE class 0 of 15.4W. Any advice about this?

Thank you.

reddit.com
u/Lol102097 — 18 hours ago

Split tunnelling and improving Zoom/Teams

For anyone struggling with slow VPNs while working from home, check if your router supports “split tunnelling”. It lets your Zoom/Teams traffic go direct to the web while keeping your secure work data on the VPN. Saves a lot of lag..

reddit.com
u/HostComplex1371 — 19 hours ago

Wi-Fi Survey and Planning - Ekahau vs Hamina?

I was looking at Ekahau solution for my offices wifi and came across Hamina when looking up alternatives.

Most of the post I found on Hamina were from 2 years ago and was wondering if anyone here has trialed both and has opinions on them within the past year.

Software wise Hamina feels better

Hardware wise the Sidekick2 is better, spectrum analyzer requires a third party tool, another $1000, for Hamina.

Ekahau Augmented reality phone integration is slick if I can’t get a floor plan

Pricing wise even with a spectrum analyzer tacked on to Hamina significantly undercuts Ekahau pricing.

Got budget approval on the Ekahau but Hamina demo and software has me debating the pricing saving here. wish I could fully trial hands on both solutions for a week to make up my mind.

I'm the sole network engineer at my job, and the original wifi deployment was done before my time by low voltages guys and needless to say its a terrible deployment I desperately want to fix.

I Deal with Warehouses and manufacturing environment along with 4 floor HQ office

reddit.com
u/Black_Gold_ — 1 day ago

Anyone build a long-term lifestyle around contract travel/field engineering instead of traditional office work?

Hey all

32M in IT considering a contract/travel “portfolio” lifestyle instead of returning to traditional office work — anyone living this long-term?

Looking for perspective from people who’ve actually done this.

Background:
I’ve been in networking / infrastructure for almost 10 years. I have smart hands / field deployment / network engineer experience from earlier in my career and honestly… I loved it. Travel, autonomy, project-based work, points, being left alone to execute — it fit me much better than office life.

I’m about to start a 2-month smart hands travel contract (deployments, up to 3 sites/week, home weekends), and it has me seriously questioning whether I even want to go back to a traditional office career.

I’m very introverted, low expenses, very frugal, large savings cushion, and I’m honestly not very drawn to the standard “go back in office 3–5 days a week forever” model. No kids or major family obligations, so travel flexibility is unusually easy for me

I also have enough financial cushion that gaps between contracts wouldn’t be a crisis.

So I’m wondering…

Has anyone built a lifestyle around chaining contracts / field engineering / deployments / smart hands work on and off throughout the year?

Maybe:

  • contract for 6–12 months
  • take a break
  • pick up another project
  • repeat

Questions:

  • Is this realistic long term or am I romanticizing it?
  • What are the hidden downsides people don’t think about?
  • Does travel fatigue eventually outweigh the freedom?
  • Is it possible to make a decent living doing this without chasing a traditional “stable” role?
  • Has anyone preferred this over conventional corporate life and stuck with it?

I’m especially interested in hearing from people who are more autonomy-oriented / don’t love office politics.

I know there are retirement/benefits considerations, and I’m thinking about those too — I’m more asking about the lifestyle itself.

Would love honest takes, especially from people who’ve actually done field-heavy contract work.

reddit.com
u/Front_Cup8779 — 1 day ago
🔥 Hot ▲ 93 r/networking

Has anyone had to deal with applicants obviously using AI during interviews?

My company is in the process of hiring a Cisco network engineer with a minimum of 7 years experience. In the past, we have had interviewees who were obviously Googling answers during an interview. You could see them on cam stealthily typing or even reciting the question out loud so they could speech-to-text their answers. Unfortunately, it's getting harder to detect with AI integrations such as "Interview Co-pilot" which listens to the video call, searches for an answer on Claude, Gemini, and ChatGPT, and displays an answer.

I generally do the first round of interviews along with an HR rep to explain the specifics of the job and ensure they understand some of the unique responsibilities that the job entails. We had one particularly good candidate that answered some of my softball tech questions thoroughly and accurately. I sent her on to my lead engineers for a more detailed interview with troublehsooting scenarios and asking her to walkthrough a design approach for a specific network.

Initially we were very happy with the answers but since I had a backseat role in this interview, I noticed that the applicant was definitely reading answers from the screen. Even though the call quality was excellent, she would sometimes ask for a repeat of the question from the beginning. We asked a specific question about how a Cisco AP goes about finding the controller and registering and I already had the ChatGPT answer pulled up and it was 99% verbatim.

I was trying to find a question that would generate a hallucination from AI, but in the short period of time left, I came up empty-handed. When asked if she preferred CLI or GUI when configuring equipment, she said she mostly uses CLI, but will sometimes use SecureCRT to configure them. That's like asking if you fix your own car or take it to the shop and saying you mostly fix it yourself, but sometimes use a wrench to fix it.

The last question involved my engineer sharing his terminal window while logged into a switch. He displayed an access port and a trunk port with very specific commands on each port. The applicant was asked to review the ports and explain what each command does. This was the one time that they could not use AI to obtain their answers. It would have been too suspicious to read out all 8-10 lines and wait for a prompt, so they simply said "one is an access port, the other is a trunk port, what else do you need to know about them?" I am sure these AI apps will eventually be trained to read screens in the future, if not already existing in some way.

Has anyone had to deal with anything like this? I could screenshare all of our questions but I feel that could make for an awkward interview. One suggestion was to ask about a non-existent product or technical term or one that has nothing to do with Cisco networking (or networking in general) to see if they try to take the AI output and formulate a networking answer.

reddit.com
u/Cornloaf — 2 days ago

23 y/o with real ISP experience but no certs

​

I’m 23 and I’ve basically loved networking since I was a kid.

I got into studying the ccna at 14 not for the cert but to learn how networks work, and ive been studying more since then

For the past few years, I’ve been working in real ISP environments:

ISP owned by my dad. Started with field work (CPE installs, troubleshooting client connectivity) then progressed into managing parts of the network OSPF design and troubleshooting aswell MPLS (L2/L3 VPNs).

Used Python scripts to automate repetitive tasks (config generation, checks, etc.)

Heavy homelab use (Proxmox, virtualized labs, testing routing scenarios).

Then in 2023 i worked at another WISP and the role wasn’t well-defined, but I ended up wearing multiple hats .Acting lead for technical support (while still taking calls myself) .Configuring and deploying wireless infrastructure (PtP / PtMP across multiple vendors), troubleshooting rf issues. Automated many things aswell , selfhosted some stuff like a ticketing system, an IPAM and something for inventory tracking to introduce them which none got adopted by the team

(They dont wanna learn),Essentially tried to bring structure and scalability into a pretty unstructured environment

Currently I'm studying for CCNP SPCOR so ive done extensive labs on such networks and how they operate.When i get it itll still feel as though it's not enough to get a strong cv

I know i still lack alot of knowledge but confused where to head.

Even when applying to jobs, what level should i be aiming for?

Would you prioritize getting certs ASAP, or doubling down on documenting/projectizing what I’ve already done?

I’d really appreciate honest advice especially from people working in ISPs or service providers

reddit.com

Cisco Secure Router Licensing

We have a lot of sites connected with C921-4P ISRs. Since they reach EoS soon we have to check for a successor. Our Cisco rep is suggesting 8120 G2 routers. They also told us that we need the Cisco Routing Advantage License in order to use IPsec properly. It has a 84 month licensing time.

Since i am not really familiar with Cisco licensing. What happens after the 84 months? Will the functions suddenly stop working because the license is not valid anymore?

Has anyone experience with the 8100 G2 Secure Router series? Are they reliable? Are there better alternatives?

I don't like the external power supply, but the bigger models with internal power supply are not within our price range.

reddit.com
u/andre_1632 — 1 day ago
▲ 3 r/networking+1 crossposts

Need help with Cisco ISE redirect in EVE-NG lab

Hey everyone i hope u are doing great !

Setup: ISE + AD integration works, 802.1X authentication succeeds, switch receives authorization profile, dynamic VLAN assignment works correctly (client moves to VLAN 200). In session details, URL redirect attributes appear on the switch.

Problem: client is not redirected to portal. Browser just opens normally / no redirect page.

Using virtual switch image in EVE-NG (IOU/IOL style IOS 15.2 image).

DHCP, VLANs, gateway, and connectivity are working. Authentication works. Only redirect enforcement fails.

Question: is this a known limitation of IOU/IOL images in EVE-NG, or is there a specific config required for posture redirect in lab environments?

reddit.com

Unstable Network Printer, Help diagnose

For the office, we have an imagerunner 2520 printer, for some reason today it has issues with printing, I have everything and changed from the wire, to the switch it is connected to. When I connect a computer to the same switch and ping to an address such as the server, i get perfect continuous pings without timeouts, but when i ping from the printer, it sometimes gets a response from host, sometimes doesn't.

So it sometimes prints when a print job is in queue and sometimes doesn't, I most certainly think it's the printer with an issue, because how could the computer ping perfectly but the printer has issue? Any suggestions are welcomed, thanks

reddit.com
u/nasmohd2020 — 1 day ago