Profile

CommunityPlatform_1350x900.jpg

Hunter Fuller

Edit My Profile

My Content

1 to 20 of 50+ total

RE: Naming Convention for computers

Posted By Hunter Fuller 04-23-2024 10:21:55 AM
Found In Egroup: IT Support Services \ view thread
Our Wi-Fi and wired networks each have a pretty good idea of where a device is (within 1 room of its exact location for Wi-Fi, and exact location for wired). And as you suspected, there is also a policy difference. Technically at UAH the machines belong to their department, and we can't really tell ...

RE: Naming Convention for computers

Posted By Hunter Fuller 04-22-2024 11:04:27 AM
Found In Egroup: IT Support Services \ view thread
We use [BUILDING][ROOM]-[SERVICE TAG] So for instance, my PC might be VBHM1C-A47F18H However, we regret the building and room number thing. The network knows where the device is, so there is no need for it in the hostname. And users often move their PCs, so then the hostname is inaccurate. I've heard ...

RE: VLAN Pruning AP Ports

Posted By Hunter Fuller 04-17-2024 02:09:52 PM
Found In Egroup: Network Management \ view thread
We are also sticking with tunneling to avoid this problem. -- Hunter Fuller (they) Lead Router Jockey VBH M-1C +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Network Engineering

RE: More Athletic Field Questions

Posted By Hunter Fuller 04-10-2024 10:52:45 AM
Found In Egroup: Network Management \ view thread
I didn't see the PTP question, but we are doing PTP for most of our stuff. Ubiquiti AirFiber for the bigger lifts, and NanoBeam ac gen2 for the rest. We experimented with LTU and it worked but performance wasn't as good, low hundreds of megabits. I think we will likely stick with the NanoBeams. Like ...

RE: OSPF Areas

Posted By Hunter Fuller 03-05-2024 09:23:04 AM
Found In Egroup: Network Management \ view thread
We have one router per building, and we have about 100 routers. Everything is in area 0. The firewall and core LAN router both speak OSPF (the firewall needs to be able to leak routes into campus from other VRFs). I could draw a diagram but it's about as simple as you can imagine. The MDF switches of ...

RE: Best DHCP Lease duration Practice for Small-Medium CANs?

Posted By Hunter Fuller 02-23-2024 08:34:52 AM
Found In Egroup: Network Management \ view thread
You are welcome. I think the design of splitting clients out into per-building VLANs is the correct one for 2024. But /23 is really tight. A building would have to be pretty damn small to have fewer than 500 student wireless devices in it at any given time. Remember, a single student could carry a laptop, ...

RE: Best DHCP Lease duration Practice for Small-Medium CANs?

Posted By Hunter Fuller 02-23-2024 08:00:10 AM
Found In Egroup: Network Management \ view thread
If you don't have metrics on scope usage or server load, I'd start there. CPU load on the DHCP server would be a good place to start but I highly doubt that's the problem. Scope exhaustion could be a concern and measuring that depends on your software. BlueCat shows a little graph and can generate alerts ...

RE: Best DHCP Lease duration Practice for Small-Medium CANs?

Posted By Hunter Fuller 02-23-2024 07:51:14 AM
Found In Egroup: Network Management \ view thread
We just do 2 hours for the entire campus. Doesn't matter what the network is. Even the ones that are reservation only - still 2 hours. It's long enough to not be too much load or noise, but if we have to re-address something, it's not a "now go home and wait til tomorrow" affair. I honestly think it ...

RE: Google: Less Secure Apps timeline

Posted By Hunter Fuller 02-20-2024 08:47:06 AM
Found In Egroup: Google Workspace \ view thread
Josh, "Does this mean that the same functionality can be retained by just creating an app password instead?" Yes. "What's the difference between an LSA and an application that relies on app passwords?" The former will stop working while the latter will continue. :)Real answer: You can't use an app password ...

RE: HPE/Juniper

Posted By Hunter Fuller 02-20-2024 07:54:04 AM
Found In Egroup: Wireless Local Area Networking \ view thread
Funnily enough, we were piloting both Aruba and Mist APs at the time of the merger. No matter what happens, Mist already works well with ClearPass. We are currently a Cisco+ClearPass shop. If a vendor didn't work well with ClearPass they would be eliminated from our calculus. I don't have any more info ...

RE: eSports Network design

Posted By Hunter Fuller 02-06-2024 02:47:51 PM
Found In Egroup: Network Management \ view thread
Our Resnet and our gaming areas are public addresses with default deny inbound and this seems to be fine. People can also request the same setup via Wi-Fi and if they do this, we use ClearPass Guest to register the device, then ClearPass Policy Manager gives them a different Wi-Fi VLAN to accomplish ...

RE: SPF record setting

Posted By Hunter Fuller 01-29-2024 08:36:00 AM
Found In Egroup: Network Management \ view thread
We are using subdomains, but not how everyone else seems to be (although it's not clear to me). We have a few like list.uah.edu, email.uah.edu, etc. - and when people source email from them, it really shows as coming from these subdomains. Because the SPF lookup takes place against the actual list.uah.edu ...

RE: Working with other networks on campus

Posted By Hunter Fuller 01-25-2024 12:31:35 PM
Found In Egroup: Network Management \ view thread
We used to permit that use case. We kind of realized that, as compared to connecting them outside of our firewall, connecting them to a separate Internet connection was just more expensive, it didn't provide any security benefit. Nowadays we work with them to spec a (usually Juniper SRX) firewall. They ...

RE: Wired and Wifi network registration and captive portal

Posted By Hunter Fuller 01-23-2024 07:05:14 PM
Found In Egroup: Network Management \ view thread
Shayne, I will tell you our methods right now, and I don't mind sharing with the list either, because they're awesome. However, they are based on a config that you import into ISC DHCP, which is what BlueCat uses internally. This software is EoL, so I am sure we will have to move to something else when ...

RE: Wired and Wifi network registration and captive portal

Posted By Hunter Fuller 01-23-2024 03:03:34 PM
Found In Egroup: Network Management \ view thread
We removed wired registration on resnet about 10 years ago. We just send the user's switch port and record that in our DHCP server which is BlueCat. Then we know which room it is, and we already know who lives in each room, so we're done. Wireless captive portal and MAB is done by ClearPass. We evaluated ...

RE: Working with other networks on campus

Posted By Hunter Fuller 01-23-2024 02:57:09 PM
Found In Egroup: Network Management \ view thread
Establishing a separate environment to that degree is not something we permit. We have worked to eliminate all other Internet connections and the angle we took was the security angle (it provides an unsupervised back channel into University systems that OIT cannot control or safeguard). Continuing ...

RE: Wifi 6 deployment

Posted By Hunter Fuller 01-23-2024 02:48:06 PM
Found In Egroup: Wireless Local Area Networking \ view thread
Ahhhh the old minifridge/mirror in front of the AP. A certified resnet classic. We do one port per pillow so we always have the ability to increase density if it comes to that (which I'm sure it will some day). -- Hunter Fuller (they) Router Jockey VBH M-1C +1 256 824 5331 Office of Information Technology ...

RE: Wifi 6 deployment

Posted By Hunter Fuller 01-23-2024 12:58:37 PM
Found In Egroup: Wireless Local Area Networking \ view thread
I just realized your initial email said that you were going to use an AP per room (or two), not per suite. Are your dorms made of walls that are especially RF opaque? We are finding the 5GHz permeability to be pretty good between rooms in a suite, except for the one residence hall that has concrete block ...

RE: Wifi 6 deployment

Posted By Hunter Fuller 01-23-2024 12:53:37 PM
Found In Egroup: Wireless Local Area Networking \ view thread
We will be utilizing our existing 5GHz design which is 1 hospitality AP per suite (we have suites of 4). Our next refresh is looking like it is going to be the Mist AP12 which is Wi-Fi 6. -- Hunter Fuller (they) Router Jockey VBH M-1C +1 256 824 5331 Office of Information Technology The University ...

RE: Large scale NAT for LAN/WLAN clients

Posted By Hunter Fuller 01-18-2024 07:37:33 PM
Found In Egroup: Network Management \ view thread
Today we give them public IPs. Before that, we did one to one NAT. We also do very minimal filtering on the traffic. It turns out it's very hard for a gaming console to get a virus, so we have not (yet...) seen negative side effects from this. Sorry! Not a very fun or flashy answer but it sure has made ...