3com WIDMAN or alternative?

Hello, might not be the right place to ask, but basically I need a copy of 3coms wireless infrastructure device manager or something similar. I have some wireless scales (mettler toledo UCST) that I need to configure after changing our wifi password. There is no way to do it on the scale itself. There is no support for these devices because they're defunct. I had a mettler toledo technician come and do it, and saw that he was using 3com widman, but I couldn't find a link anywhere. Have also looked at alternatives from HPE, but their website is garbage. ​ Thanks submitted by /u/wannabake [link] [comments] Read more: reddit.com

Ubiquiti’s 2nd Gen Switches released

The 2nd generation unifi switches are out of hardware beta. Link New features include quieter cooling, 4 x SFP+ ports on the 48 model, redundant power supplies with an extra 1U device (ew…). Nice update but one of the top comments says it well I think. They're OK but not great. Disappointing that they don't hit redundant hot-swap PSU baseline. They could have at least done a pair of 40G interfaces on the back for stacking. The PoE budget is very very low across all models. The power redundancy model is bad and something most vendors threw out 10 years ago. For the price point you're really better off going with Cisco 2960-L if we're being honest. Sure you get …

L3 switch or no in smaller corp network?

Working in a network with about 200 PCs, 10 servers, VOIP (100 phones), and a couple remote locations. All routing is handled by the FW. It's the GW for the network. Device handles inter-vLAN routing (we have 5 vLANs), internet traffic, and a few site to site VPNs. Not all vLANs need routed but a couple will. I'm considering adding a L3 switch to handle vLANs/internal routing where it becomes the GW and hands external traffic off to the FW. We have some performance issues with the FW, and upgrading it would help. I intend to do that, but adding the L3 offloads some work and, in my head, separates internal from external. The network isn't huge and neither is …

Sonicwall SSL-VPN short lease time causing havoc on my DNS.

ISSUE: Duplicate DNS entries for the same IP address but different host names. This is most definitely being caused by the SonicWall SSL-VPN IP Pool having a one or two hour lease time because it is only affecting the subnet that is handed out by the SW. All my other DHCP scopes are working just fine and AD is getting the expected updates from the DHCP. DNS is configured per MS best practices so I believe I'm looking at 14 days before the records are updated, unless DHCP updates the record before then. As you might guess, these duplicate records are causing some serious problems with PDQ providing me with accurate device information, and I'm getting far too many scan …

FreeRadius EAP types

Trying to setup a Radius server that can be used (at some point) for WPA3-Enterprise authentication. What are the best practices for such a setup in terms of EAP type? I am seeing some threads that seem to imply EAP-TLS is required for WPA3-Enterprise, but I think I'm misinterpreting that. I think the most secure is probably EAP-TLS with only certificates that can be revoked on each and every device, fully trusted. However, that requires a lot of implementation work – what would the most secure implementation be that does not require an installed certificate on the client device? Between TTLS, PEAP, MSCHAPv2 – which is the most secure? From my (limited) research, it appears that some of these methods …

Cisco ISE Wireless 802.1x Compute Auth

Cisco ISE Wireless 802.1x Computer Auth*** I’m setting up Cisco ISE with a Cisco WLC to allow only Domain Joined Computers on the the Network (That single SSID). It’s a Windows 7 native supplicant which I configured for WPA2 enterprise AES and used the Computer Authentication Only (in the new wireless network setup). The client is unable to connect. ISE is showing the following error: “client didn't provide suitable ciphers that are allowed on ise” I have my policy admission criteria configured to Radius called station ends with [ssid name]. Inside of the policy AuthC is set to check AD and AuthZ is configured to PEAP and Member of domain Computer. This is on ISE 2.6 patch 2. Any idea …

Finding prices for research

I'm working on a risk review / case study for a security class and part of it is estimating prices for what I want to recommend to install. I'm having trouble tracking down legitimate prices of solutions as everyone wants to sit down with you and give you their pitch before they'll discus price. As a full time night student, father, and full time employee, I don't have time to go through that with every little device. Is there somewhere I can quickly go and find prices for common solutions? For example, I want to install an IDS, Computer World says a CISCO Secure IDS starts at $8000, but I can't find where to verify that price, or what model …

Creative users against network security…

Hey guys, story of today: We installed 95 APs in the last months to offer wifi in our two buildings and all 6 floors. After that we created 3 ssids. One for customers, one for our internal Wifi (Radius, policy based) and one for the business mobile phones. All that just to add some more security in the network. Today a teammate told me that one of our users said that he dont need "that wifi access". It turned out that he used the mobile hotspot in windows of his notebook, so he could add any wifi device he want to the internal Wifi. What should I say? Some users are really bastards… 10 Minutes later we add a gpo …

Is there a context where SHA128 exists?

Hi, I am setting up a site-to-site VPN between a customer and its partner company. The partner company sends us a VPN form where it requires the auth protocol to be SHA128 (phase 1 and 2), but, as far as I know, SHA is 160-bit (SHA1) or more (SHA2). I told them this could be an error, but they said that's what they always use to establish their VPN connections, so they are not going to change those settings. I'm guessing they are using some template or naming convention that I don't know. The only info about their device is the brand name: Palo Alto Networks (our side device is a Watchguard Firebox). Any idea what it could mean? …

Basic question about (M)STP with non-STP capable devices in path and link cost calculation

Hi, stupid question but if I have devices (wireless point-to-point microwave links in this instance I'm thinking of) that don't actively participate in STP but do forward BPDUs, this should be transparent to the switches processing STP BPDUs at different ends of the wireless link? So they simply see it as switch1 <—BPDUs –> switch2 when it is in fact switch 1 <– BPDUs –> microwave link device 1 <– BPDUs –> microwave link device 2 <– BPDUs –> switch2 Even though there is a BPDU forwarding device that does not participate in STP between switch1 and switch2? I'm thinking about the way they calculate cost here, and which path would take precedence? My guess is that the switches would …

Need help finding a loop

So this thing has been at me all day ​ We have a warehouse satellite office that has been giving me issues the whole day. The problem: I installed a 48P+4SFP ubiquiti switch as the main switch, there are four other switches in the warehouse that have fiber running to this switch on the SFP ports. When all four ports are active, Port 49/50 simulteanously go on and off – it might be all of them but I definitely see it happening to these two. ​ I don't see any loops. I have traced out each interface and the device attached to them. I turned off any devices that could cause issues. There are some switches connected to those four …

Any tweaks I should make to my 12 month plan?

Computer information systems major graduating with my bachelors in 18 months. Disclaimer: I am 30 years old making a career change into IT/Networking/Security. Ideal career field would be security but I know I will need to work my way to that. Here is my plan: In the process of applying for internships for Spring of 2020. This internship will account for 3 credits towards my major. Currently studying for my Network + certification with any free time that I have once I have finished my studying/homework. Plan to test in December. Once I complete my spring 2020 internship I would like to look for a summer 2020 internship that is a step up from my entry level spring 2020 internship. …

Cisco SG350 Host Mapping

Can anybody explain what the host mapping feature on a Cisco SG-350 would be used for? Switches are being used just for LAN access to different device Webgui's. No DNS server nor internet present. What I would love to be able to do is, after setting up a switch, give users an easy to remember host name or domain address to get to a webgui instead of having to remember an IP address. Ideally I could do this without additional DNS server or changing local host files. ​ Host mapping seems like it may fit the bill but I can't get it to work. submitted by /u/Orca320 [link] [comments] Read more: reddit.com

Authentication on the network with FreeRADIUS and LDAP

Hi everyone, So in my company we are trying to restrict the access to the network (Ethernet only) to only known computers. The configuration is pretty simple, n clients and 1 server which acts as a DHCP server and a LDAP server. My plan so far is to setup FreeRADIUS to act as a DHCP server and assign an IP to a newly connected device only if it has the appropriate certificate. What I'm wondering is, in the LDAP, should I put the certificate for each device, against which each device certificate will be compared. Or should I just publish the CA certificate, and then FreeRADIUS will check if the client certificate has been signed by the CA? Also, is …

Seamless ap set up

I will be installing two unifi ap's in a large building. The two should cover the area well, but I am wondering what the best way to manage the two ap's will be. I am looking for the most seamless transitions from on ap to the next, and initially considered going with a mesh network, but was basically told it would be more of a pain than it was worth. How can I set this up so that as a device moves from one location of the building to the next (with a large amount of overlap in the ap's coverage area) it transitions to the strongest signal as quickly and seamlessly as possible. Most mobile devices will be mobile …

Power notifications in the field

Looking for thoughts/opinions. I manage about 170 warehouses throughout the country and have a staff of 7, most residing in our HQ. In these 170 massive buildings, my IDFs are located on the ceiling and can only be reached with a lift which most places don't have on hand (cost a few hundred to rent). My main problem occurs when a switch goes offline in one of these IDFs, how do we figure out what the problem is. Sometimes it's power, sometimes it's the device itself. Either way it can take up to a week to get the answer. I'm thinking about putting a magnetic light on the IDF to tell me when the power is out. How much maintenance …