Search results for query: *

Hi Guys, Not sure if you can answer this because it is regarding palto alto. But i was wondering how our Cisco vss would handle or can handle the scenario attached? Im afraid it might cause loops but if the fw is in transparent mode (virtual wire) can I do this scenario...

Hello, Having trouble deciding what is best for the following scenario.. If i have about 20 buildings in a campus, with 1 core in the main DC and another core 1 mile away in a DR buidling. Both have to be used. Would it be best to have a distribution in each building and connect back to...

Hello all, I am struggling to see the point of why we really need a ToR. I want to implement a solution where I have all 30 of my servers plug directly into both my cores. My cores can do ISSU and are fully redundant fabric and mgmt. However, im being pushed to place a ToR for my 30 servers...

Hi All, I have an internet router, and Im planning on placing an IPS right after my router to inspect incoming traffic. If this is the case, and I need to terminate my VPN, where would be the best place, it would have to be before the IPS because IPS wont be able to read encrypted traffic...

Hi All, I had a recommendation from a friend of mine to use use a router with a high security firewall for my internet & wan perimeter. My question is why do I need a firewall there when I have a firewall infront of my core switch which will be separated into different zones including an...

We are purchasing a second core switch and want to have them in a VSS cluster. Both 6509. However- the old 6509 has an older sup and we are upgrading the sup as well to the sup2t. Can we upgrade to sup2t without restating the 6509? To minimize downtime as much as possible. This is what I had in...

Hi All, I had a quick question I wanted to run by you. I have the attached picture for clarification. I have 2 firewalls that will both be on but in transparent mode. If that is the case from my understanding they will be as layer 2 mode. ( These are isg 1000 fw). Am i correct that the...

LOL. THanks for the input :)

Thanks. From what I understand, this fw can have 2 10gb lan int ports. Is this the same as saying it will have 20gb throughput?

Hi all, I had a question regarding a good design for a server farm. I have some juniper firewalls that I want to place before the TOR switches. These are juniper isg1000 currently only fitted with 1gb nic. There are 2 fw for redundancy.My TOR switches are all 10gb interfaces (about 10...

Thanks for the inputs. Ive decided to add bpdu gaurd and stop sending dtp to stop forming trunks. The private vlans was an interesting read. Thanks all.

Hi All, I have a current design that looks like this. Several access switches connect to many booths throughout the office. This office is used for shows and customers plug in their devices into the available slots in the booths. But the problem I am having is that loops can easily occur...

Appretiate it very much. I will go with the prefix list first and see how it works out. Will let you know how it goes. Thanks again : )

there are other sites that are also connected to the vpls. i just control the main site and one branch

Hello there, Trying to solve an issues regarding vpls. How can I stop advertising only certain subnets to a specific branch on the other side of a vpls/ipvpn cloud? Im using bgp routing with static routes as well. Any help would be appreciated.

Hello there, I had a question regarding CDP. I was trying to draw a diagram for my network, when the following problem occurs. When using "show cdp neighbor" command on my primary core switch i see the proper name and interface # of the attached secondary core switch. However, upon using the...

Never mind, simple issue with ip address, problem solved Thanks [neutral]

I have attached the access list here. ACL name is test I applied the access list group test to int fa 0/1 IN on router one If i remove the "permit any" the host 192.168.1.10 wont be able to go out. But even if i remove the deny 5 i still cannot ping from 192.168.1.10.http://tinypic.com/r/wakrih/6

Hello, I was playing around with the concept of ACL and came across some issues. Host A and Host B can ping with no problems (they are on diff subnets) What I did was creat a standard ACL named TEST and added a deny host A from pinging host B. This worked fine. When I added several other deny...

Hello, I was wondering weather it is possible to have 2 different ether channel (2 channel groups) from an access layer switch plugged in directly to the core switch.