Recent content by wybnormal

I had a chance to recently configure four 9ks with TACACS and I found that setting up the key was interesting. I could use type 0 or 7 ( encrypted/unencrypted ) keys.. but the resulting type 7 key didnt look like the normal type 7 encryption. And it didnt decrypt using the normal type 7 tools...

Keep in mind the config listed will only watch for router failover, not link failure. To look for a link failure, you need to "monitor" the links R1 interface GigabitEthernet0/0 description Connection to datacenter ip address 10.1.212.252 255.255.255.248 duplex auto speed auto media-type...

Who's services have you used? Personally, I've used Amazon's S3 service and some of their other offerings for the past three years. I have not yet tried to spin up any sql boxes directly in the cloud.

I built my own racks and also rented them out. I ended up dumping all of it after a few years. Unless you have dedicated space in your home away from living spaces, others will not be happy with the noise, heat and electric bill of running a fully equiped lab. I rent what I need now or I make...

Sophos.. not perfect but better than Symantec. We got hit by a zero day exploit two years ago and I watched as Symantec got hacked by the worm. When I told Symantec this on the phone and denied it could happen and would not help us. I've pulled every piece of symantec software out of the...

It's funny to read this because I flipped a PIX 515 from 6.3 to 7.1 pretty easily but I had to take it to 7.2(4), some access lists that worked fine suddenly "broke" under 7.2. I notice the GUI has a different way of making the access lists now and I wonder if there have been other subtle...

The keepalive is used by the routers as a "are you there?" packet. When the "are you there" does not come back or is seen, the routers assume there is a failure and try to failover. Once failed over, if the keepalive still does not come back, the routers can not fail back. www.packetattack.com...

SSH is fine, and if you configure the router to only accept SSH connections from your local network and your companies IP address, it will be very safe. I do this on my own firewall where my SSH sessions on the outside are only allowed from two subnets, one from my companies outside IP address...

VTP is your friend. One switch will be the "server" of VLAN info and the others will be "clients". As a client, the switch knows about the VLANs even if ports are not used. There is also a transparent setting but that does not apply here based on what you have said. MikeS www.packetattack.com...

Inline is best with a passive tap. That way the bad guys even if they run a scan will never see you :D I normally just run a monitor (span) port and flip between the VLANs as needed but you also need to remember that hooking to a switch in a chain of switches will not give you all the data...

Costly? Why do you say that? Ethereal or whatever they call it now, Wireshark I think, is free and works very well. A couple of the best features is that you can colorize the packet types and rebuild the streams. Wildpackets has a sniffer that is around 2K which is a bargin given how much...

Keep in mind that on most decent network equipment, ICMP packets do not have the priority in a congested moment of time. So even if the TCP packets make it, the ICMP may not and make you think there is a problem. Buckweet (long time no speak) has the right of it with the suggestion of looking at...

Do your basic troubleshooting, I use the Cisco client all the time on my multiple Macs, both G5 and Intel. The biggest problem is that Macs do not use WINS so all shares need to be FQDN or an IP address. Macs also do not like the builtin Cisco firewall on the VPN concentrator. Also, Macs do NOT...

Actually there is an easier way to do it. Set up a static route for the 2nd line with a cost of 250. It will not route to that link unless the first link which has a lower "cost" is down and not reachable. OSPF and policy routing is good way to load balance between the two links if you want to...