Moronic Monday! Networking |
- Moronic Monday!
- ASA dropping 1.1.1.1 traffic outbound
- Ideas for wireless media streaming setup with wifi wan link.
- Anyone on here using Cisco Stealthwatch? If wo what are your thoughts on it?
- Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
- Watchguard vs. Meraki vs. security vendor in relation to implementation?
- Shaping on my Router vs ISP Router
- Two new RFC's released today.
- I've managed to lock myself out of a 6509. :( How screwed am I?
| Posted: 02 Apr 2018 05:13 AM PDT It's Monday, you've not yet had coffee and the week ahead is gonna suck. Lets open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. [link] [comments]  |
| ASA dropping 1.1.1.1 traffic outbound Posted: 02 Apr 2018 07:59 AM PDT Yes, this is related to the new 1.1.1.1 dns service. I have read that there are some parts of the internet still having trouble routing this space, but I'm not even making it out of my own network. I did the same test for both 8.8.8.8 and 1.1.1.1, and 8.8.8.8 works fine. Even though 1.1.1.1 hits the same rule, it's saying in a later phase that it's denied by the implicit drop rule. Code version is Cisco Adaptive Security Appliance Software Version 8.2(5) Packet-tracer to 8.8.8.8: Packet-tracer to 1.1.1.1: [link] [comments]  |
| Ideas for wireless media streaming setup with wifi wan link. Posted: 02 Apr 2018 07:21 AM PDT BLUF: US Army, deployment in the next 12 months, expecting little to no MWR services, looking to wirelessly deliver media to the masses. In the past, I've used devices like the HOOTOO Titan to serve myself and the guys in my hooch, and it's worked ok for that purpose. What I'm looking to do is expand and simplify that capability so I can get 30-50 non-techy people connected to a read-only DLNA and/or SMB server with the ability to mooch off a wired or wireless WAN connection if available (aka someone else's wifi). What I'm looking at right now:
Obviously I'm a fan of Ubiquiti, but I can also work with Cisco gear if the benefits outweigh the extra cash. My main question is: what device and configuration works well to mooch off a wifi signal? Preferably it would be something with enough power and sensitivity to grab weak signals. Other than that, if anyone has recommendations or tips on the setup as a whole, I'm all ears. [link] [comments]  |
| Anyone on here using Cisco Stealthwatch? If wo what are your thoughts on it? Posted: 02 Apr 2018 09:01 AM PDT Like the title says, I'm curious of peoples opinion who've used this product. [link] [comments]  |
| Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability Posted: 02 Apr 2018 07:40 AM PDT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2 I think I may have to update a lot of my devices. However the output of my Vstack config shows Operation mode: auto (default) I don't know if I am vulnerable to this exploit. [link] [comments]  |
| Watchguard vs. Meraki vs. security vendor in relation to implementation? Posted: 02 Apr 2018 11:26 AM PDT I'm getting close to a decision on what should be rolled out to 45+ locations. No locations need to talk to each other whatsoever, less than 15 devices total connect, and the max MBps is 75. Right now it's between Watchguard(T35's), Meraki(MX64's), or CATO networks(using their nodes to connect to their cloud based security). It seems the costs of both watchguard and Meraki are going to be similar, but the merakis are most likely easiest to implement at a large amount of locations, and I don't believe I'll need to be present. Since they all have static IPs, I believe I will probably need to be present at each location in order to get all the Watchguards configured, even with their RapidDeploy sytem. CATO Networks will be either as easy or easier than meraki to deploy, however the cost of subscription I believe will be the most out of all of them. Three main questions: 1: Has anyone used CATO networks and are they happy with their service/cost/efficiency? Not needing to worry about licensing sounds pretty nice. 2: I've been reading some bad comments about WatchGuard, why might this be? I've worked with their firebox devices many times with a diverse amount of companies and have never truly seen much of an issue with them. 3: I have not deployed Meraki firewalls, are they really as easy as they seen to configure, in a plug and play sort of way? All employees at each location are not in the slightest bit tech savvy, so this is important. Also feel free to say that my final 3 options are all dumb, and suggest something you feel is better :p Thanks for the insight. [link] [comments]  |
| Shaping on my Router vs ISP Router Posted: 02 Apr 2018 10:27 AM PDT I'm wondering if or how this matters. Customer called ISP directly, they say they are seeing microbursts which causes drops. (20mbp circuit on 100mbp interface). Internet circuit, no qos or priority setup/needed. Is there really any benefit to me shaping the traffic in my router or the ISP shaping it in theirs? Someone is still just going to drop traffic. Of course if we were prioritizing certain things or this was an MPLS or other private circuit, I'd want to be doing shaping, just trying to see if there is really any benefit in the above scenario. [link] [comments]  |
| Posted: 01 Apr 2018 06:34 PM PDT Wrongful Termination of Internet Protocol (IP) Packets Summary: This memo recommends that every router and middlebox be an Equal Opportunity Device, which does not discriminate on the basis of actual or perceived rate, color, age, origin, length, IP version, fragmentation characteristics, higher-layer protocols, or any other IP characteristic. Internationalizing IPv6 Using 128-Bit Unicode Summary: There is still much to be decided on, most of which is frankly rather boring. It is clear, however, that 128-bit Unicode code points will be needed eventually, and IPv6 addressing MUST be migrated to it. Thus, the time to act is now! [link] [comments]  |
| I've managed to lock myself out of a 6509. :( How screwed am I? Posted: 01 Apr 2018 08:34 PM PDT NPS is returning Denys for reasons that I can't figure out but suspect to me a mis-matched shared secret, and none of the potential local accounts that I've been able to find documentation for work. :( The supervisor engines in this switch do have CF cards in them, but when I pulled out those cards they were both blank and didn't have anything on them. I was hoping I'd be able to pull at least the startup config off of them or something to verify the local account name and shared secret for RAIDUS, but no such luck. There's no documented backup of the config because it turns out that my backup logging system hasn't actually been working for the last month. What are my options here? How screwed am I? This switch is currently running our small company's datacenter, and while I can probably beg some downtime it's not going to be pretty. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment