An ARP broadcast storm with a single, CenturyLink-provided all-in-one internet gateway was the final straw. The entire network would become unusable multiple times a day without warning. With multiple people trying to work from home, and others just trying to use the internet normally, it was time for a refresh. Here’s how I upgraded from a single WiFi-6 WAP/Gateway/Switch to a whole-home mesh system powered by eero.
advertisingemergency.net Posts
I needed to implement 802.1x MAC-Based Authentication on some Arista switches for both macOS and Windows supplicants. The macOS clients were still being sent EAP requests, presenting the user with a 802.1x login screen.
One of the more important hardening items for switches is restricting management access with an ACL. In a true zero-trust environment, a fully air-gapped network may exist for switch management. And while full AAA should also be implemented, adding an ACL for the users and systems that should be allowed to interact with a switch is equally important.
Configure a Dell Force10 switch edgeport for single-nic devices with multiple interfaces (e.g.: VoIP, shared IPMI).
Sure, OneFS clusters will periodically send up a full log gather (monthly health-check, after a parts failure, manually when Support uses ESRS…), but I’ve found that having consistent log gathers run on a schedule to be extremely beneficial. Therefore, I like to run the isi_gather_info
command as a cron job.