IP Networks. Datacenter. Security. Open Source. My Blog.
5 Comments
I attended the Cisco Plus Canada Roadshow in Calgary recently and sat in on a day of presentations related to Cisco’s data center/cloud offerings. The sessions where quite good and I ended up taking quite a few notes. I thought I’d blog my notes in order to share what was presented.
The four sessions were:
No Comments
A great little “feature” of Cisco’s Identity Services Engine is that out of the box, the administrator account expires after 45 days if the password is not changed during that time. The documentation says that if you have trouble logging in you should click the “Problem logging in?” link and use the default administrative user/pass. This is of course ridiculous and does not work.
Below are the steps for properly resetting an admin password and for changing the security policy so the lockout doesn’t happen again.
No Comments
Two of the WordPress plugins I use on this site are Twitter Mentions as Comments and Growmap Anti Spambot Plugin. The first, TMAC, watches Twitter for any tweets that link to a post somewhere on this blog and submits those tweets as new comments on that particular post. GASP’s job is to keep spammers from submitting spammy comments by placing a Javascript-driven checkbox in the comment form. A user must check the box to confirm they are not a spambot before submitting their comment (you can see this in action if you leave a comment).
Both of these plugins are great and work really well on their own.
However, when both plugins are in use and TMAC submits a comment, GASP inspects the comment to see if the checkbox has been marked, finds that it hasn’t been, and silently rejects the comment. (Aside: the exception to this is if you are a logged-in user and you initiate a manual TMAC check, any new tweets will successfully pass through GASP). Read More >>
1 Comment
This post is going to provide a very basic introduction to configuring VRFs on Cisco IOS and Juniper’s Junos. There’s so many configuration combinations and options for virtual routing that it would be impossible to go through everything in great detail. At the end of the post I’ll provide links to documentation where you can get detail if you want it.
This post is the second in my series on virtual routing. The first, An Introduction to Layer 3 Traffic Isolation, provides an overview of what VRFs are and the concepts necessary to deploy them. Read More >>
1 Comment
Here’s a summary of interesting articles/posts that I’ve come across in the last couple of weeks.
1 Comment
All network engineers should be familiar with the method for virtualizing the network at Layer 2: the VLAN. VLANs are used to virtualize the bridging table of Layer 2 switches and create virtual switching topologies that overlay the physical network. Traffic traveling in one topology (ie VLAN) cannot bleed through into another topology. In this way, traffic from one group of users or devices can be kept isolated from other users or devices.
Traffic Isolation Using VLANs
VLANs work great in a Layer 2 switched network, but what happens when you need to maintain this traffic separation across a Layer 3 boundary such as a router or firewall? Read More >>
5 Comments
The last time I upgraded Net-SNMP it wasn’t reporting the hrSystemProcesses OID. I wrote about that here. This time around I’ve upgraded to v5.7 and discovered two issues so far.
No Comments
I read two interesting articles on VTP (Cisco’s VLAN Trunking Protocol) this week.
The first is an older article from networkworld.com that reminds us all that VTP clients are also capable of updating VLANs on the network, not just servers.
When I first heard that a VTP client can update a VTP server under the right conditions, I was frankly a non-believer. No way. I’d seen evidence to the contrary in several documents at cisco.com and in Cisco courses – but all the evidence was written, without my doing any experiments. So, I spent some time experimenting a few years ago, and found that it’s true – clients can overwrite VTP server’s VLAN databases.
Full article is here http://www.networkworld.com/community/node/19931.
The second article comes from etherealmind.com and is one of the only positive articles I’ve ever read about VTP. Greg’s take is that VTP is not inherently bad but instead the way network engineers deploy it is the reason it’s capable of causing so much damage.
A lot of people regard Cisco’s Virtual Trunking Protocol(VTP) as nothing but trouble. Frankly it’s hard to find many people who will implement it on their network and most people have war stories about full site outages caused by VTP and switch installs. I find this baffling – it’s a great technology that dramatically reduces time, configuration errors, and improves troubleshooting – features that we should all embrace and use wherever we can. In this post, I want to suggest a different design method for effectively using VTP in your network.
Full post is here http://etherealmind.com/vtp-design-fate-sharing-failure-domains/.
No Comments
This post is for anyone who administers a Juniper SSL VPN. I saw an issue in our environment recently that was created by an unexpected interaction between two different systems that were working to enforce our computer security policy. Because the way the systems were configured is pretty common and because the issue is not specifically warned against by Juniper, I’m going to share it here.
No Comments
The OpenBSD SNMP MIBs are now updated to compile under OpenBSD 5.0. Full details of how to install and use the MIBs are on the SNMP MIBs page.
There is no functional change in this release.
Download: obsd-mibs50.tar
As usual, if you find OpenBSD valuable, please make a donation to the project as they are dependent upon donations to cover many of their costs.
Joel Knight is the Technical Architect for Infrastructure at an energy producer in Calgary, Alberta, specializing in campus network design, data center design, and WAN and Internet connectivity.