Search found 1474 matches

Return to advanced search

by killabee

Thu Jan 15, 2015 10:05 pm
 
Forum: Cisco Routing and Switching
Topic: using Local Pref for part of the prefix
Replies: 7
Views: 3501

Re: using Local Pref for part of the prefix

Sent! :-)
by killabee

Sat Jan 10, 2015 3:22 am
 
Forum: Cisco Routing and Switching
Topic: using Local Pref for part of the prefix
Replies: 7
Views: 3501

Re: using Local Pref for part of the prefix

@askobilv
Can you have the upstream router send you the unsummarized subnet (assuming they're aggregating it in the first place)? Alternatively, go with an inject map.

@writeerase
Can I send you a PM? You have it disabled.
by killabee

Tue Dec 16, 2014 1:42 pm
 
Forum: Juniper Networking
Topic: Junos syslogs
Replies: 6
Views: 2543

Re: Junos syslogs

timhalo wrote:I just tested on Firefly/SRX. Not seeing ospf bounce in log at syslog = emergency but I am at syslog = notice.


That's exactly what I was looking for! Thanks!
by killabee

Mon Dec 15, 2014 10:24 pm
 
Forum: Juniper Networking
Topic: Junos syslogs
Replies: 6
Views: 2543

Re: Junos syslogs

Hah, I didn't know there was a virtual SRX....that's pretty cool.

We use SRX210s, 240s, and some lingering Netscreens. We mainly use NSM (Network Security Manager) to manage them, but troubleshooting usually calls for CLI-action
by killabee

Mon Dec 15, 2014 7:35 pm
 
Forum: Juniper Networking
Topic: Junos syslogs
Replies: 6
Views: 2543

Junos syslogs

Whenever a routing protocol adjacency is formed or dropped in IOS I get a syslog telling me what happened. In working with Juniper SRXs (that run an IGP) I can't seem to find the comparable place where these syslogs are stored. I started off by checking "show log messages" but didn't see t...
by killabee

Mon Dec 08, 2014 1:40 pm
 
Forum: General Tech
Topic: Cisco Sues Arista
Replies: 20
Views: 4886

Re: Cisco Sues Arista

As usual, different articles will have different tones. Here's Cisco:

http://blogs.cisco.com/news/protecting-innovation
by killabee

Fri Nov 14, 2014 10:49 am
 
Forum: Cisco Wireless
Topic: So my 2504/3700 combo can detect Rogue AP's......AND?
Replies: 3
Views: 4242

Re: So my 2504/3700 combo can detect Rogue AP's......AND?

Perfect example of what recently happened when Marriott blocked guests' wifi:
http://www.cnn.com/2014/10/03/travel/ma ... i-fi-fine/
by killabee

Sat Nov 08, 2014 8:37 am
 
Forum: Cisco Security
Topic: Web Authentication With Cisco ISE
Replies: 5
Views: 3192

Re: Web Authentication With Cisco ISE

by killabee

Fri Nov 07, 2014 6:49 pm
 
Forum: Cisco Security
Topic: Optimizing ASA tcp flows
Replies: 3
Views: 2841

Re: Optimizing ASA tcp flows

Look for CiscoLive preso BRKSEC-3021, slide 114. It specifies a queue limit of 100 and timeout of 5 for TCP OOO. If you're looking for generals ways to enhance performance and follow best practices, look at that PDF and this (http://www.cisco.com/web/about/security/intelligence/firewall-best-practic...
by killabee

Tue Nov 04, 2014 6:19 pm
 
Forum: Cisco Security
Topic: Using ASA crypto ACL with ports
Replies: 6
Views: 3248

Re: Using ASA crypto ACL with ports

Isn't this what the "no sysopt connection permit-vpn" does? By default VPN traffic bypasses the ACL on the outside interface. By using the "no sysopt connection permit-vpn" it forces the traffic to match the outside ACL. I can't remember if I saw that in the config guide or else...
by killabee

Fri Oct 31, 2014 6:21 pm
 
Forum: Cisco Security
Topic: Using ASA crypto ACL with ports
Replies: 6
Views: 3248

Re: Using ASA crypto ACL with ports

On a related note, would my peer's crypto ACLs have to be a mirrored match for each ACE/SA, or would the VPN still work if just a subset of the ACEs match on both sides? Assuming that crypto ACLs can be used with ports, then getting both sides to match (on every new VPN turn up and for maintenance) ...
by killabee

Fri Oct 31, 2014 4:20 pm
 
Forum: Cisco Security
Topic: Using ASA crypto ACL with ports
Replies: 6
Views: 3248

Using ASA crypto ACL with ports

Our VPN connections terminate on an ASA 5510 and the post-decryption VPN traffic is passed to a backend firewall. The crypto ACL on the ASA is used for identifying "interesting traffic" on the VPN and only specifies source/destination subnets with no ports. The backend firewall does the gr...
by killabee

Thu Oct 30, 2014 9:42 am
 
Forum: Forum Lobby
Topic: hang in or quit
Replies: 11
Views: 2365

Re: hang in or quit

Sorry you're in that situation, mate. Stick with it till the end of the year and see what comes of it, but keep an eye out on the market so you know what's out there. That's one reason why I'm questioning working for an MSP in the future. You could be in a really cool design role, or you could be th...
by killabee

Wed Oct 29, 2014 5:27 pm
 
Forum: Cisco Security
Topic: AAA w/ Radius and NPS - Client IP address used?
Replies: 1
Views: 2014

Re: AAA w/ Radius and NPS - Client IP address used?

Something like "ip radius source-interface"
by killabee

Mon Oct 27, 2014 6:02 pm
 
Forum: Cisco Security
Topic: Transparent ASA in DC
Replies: 5
Views: 3121

Re: Transparent ASA in DC

Thanks guys. Your explanations are in line with what I've read. And considering some of its other limitations... -Up to 8 bridge groups per device (one IP per bridge group) -Only two interfaces (inside and outside) -Only two data interfaces -Directly connected interfaces must be on the same subnet ....
by killabee

Sat Oct 25, 2014 3:50 pm
 
Forum: Cisco Security
Topic: Transparent ASA in DC
Replies: 5
Views: 3121

Transparent ASA in DC

I'm trying to wrap my head around how a transparent ASA would be placed in a datacenter (i.e. configuration, traffic flow, etc). Does anyone have a design doc they followed? I've been looking through CiscoLive PDFs and general Cisco docs on the matter and all seem to repeat themselves by saying &quo...
by killabee

Sat Oct 18, 2014 7:30 pm
 
Forum: Cisco Security
Topic: QOS RFC 3580 Radius attribute.
Replies: 4
Views: 2677

Re: QOS RFC 3580 Radius attribute.

Dynamically apply a QoS policy via RADIUS attrib.?
by killabee

Wed Oct 15, 2014 8:54 pm
 
Forum: General Tech
Topic: Etherchannel maxes at 800mbs
Replies: 9
Views: 3111

Re: Etherchannel maxes at 800mbs

I don't see "show etherchannel load-balance" in that output. Only thing that looks odd is the output of g3/25 because it has zero output rate for the past 5 minutes, meaning the switch isn't load balancing output traffic across those port-channel links. But that doesn't mean it's not worki...
by killabee

Tue Oct 14, 2014 10:09 pm
 
Forum: General Tech
Topic: Etherchannel maxes at 800mbs
Replies: 9
Views: 3111

Re: Etherchannel maxes at 800mbs

I have tried both the dynamic setting and the address hashing. Dynamic setting? Address hashing? Run the following commands and post the results: -show etherchannel load-balance -show interface gX/Y (for the port-channel members) -show interface port-channel X (for the port-channel) If you're getti...
by killabee

Sun Oct 05, 2014 10:41 pm
 
Forum: Forum Lobby
Topic: "We're not making the decision based on dollars..."
Replies: 5
Views: 1811

Re: "We're not making the decision based on dollars..."

So, as you endure marketing pitches for various products, ask yourself - or the sales guy if you want to watch an elaborate dance - ask yourself how much of that install base for the product is due to its technical excellence and how much is due to the fact that it came in as the low bid. I'll defi...
Next

Return to advanced search
cron