Search results for query: *

I had a chance to recently configure four 9ks with TACACS and I found that setting up the key was interesting. I could use type 0 or 7 ( encrypted/unencrypted ) keys.. but the resulting type 7 key didnt look like the normal type 7 encryption. And it didnt decrypt using the normal type 7 tools...

Keep in mind the config listed will only watch for router failover, not link failure. To look for a link failure, you need to "monitor" the links R1 interface GigabitEthernet0/0 description Connection to datacenter ip address 10.1.212.252 255.255.255.248 duplex auto speed auto media-type...

Who's services have you used? Personally, I've used Amazon's S3 service and some of their other offerings for the past three years. I have not yet tried to spin up any sql boxes directly in the cloud.

I built my own racks and also rented them out. I ended up dumping all of it after a few years. Unless you have dedicated space in your home away from living spaces, others will not be happy with the noise, heat and electric bill of running a fully equiped lab. I rent what I need now or I make...

Sophos.. not perfect but better than Symantec. We got hit by a zero day exploit two years ago and I watched as Symantec got hacked by the worm. When I told Symantec this on the phone and denied it could happen and would not help us. I've pulled every piece of symantec software out of the...

It's funny to read this because I flipped a PIX 515 from 6.3 to 7.1 pretty easily but I had to take it to 7.2(4), some access lists that worked fine suddenly "broke" under 7.2. I notice the GUI has a different way of making the access lists now and I wonder if there have been other subtle...

The keepalive is used by the routers as a "are you there?" packet. When the "are you there" does not come back or is seen, the routers assume there is a failure and try to failover. Once failed over, if the keepalive still does not come back, the routers can not fail back. www.packetattack.com...

SSH is fine, and if you configure the router to only accept SSH connections from your local network and your companies IP address, it will be very safe. I do this on my own firewall where my SSH sessions on the outside are only allowed from two subnets, one from my companies outside IP address...

VTP is your friend. One switch will be the "server" of VLAN info and the others will be "clients". As a client, the switch knows about the VLANs even if ports are not used. There is also a transparent setting but that does not apply here based on what you have said. MikeS www.packetattack.com...

Inline is best with a passive tap. That way the bad guys even if they run a scan will never see you :D I normally just run a monitor (span) port and flip between the VLANs as needed but you also need to remember that hooking to a switch in a chain of switches will not give you all the data...

Costly? Why do you say that? Ethereal or whatever they call it now, Wireshark I think, is free and works very well. A couple of the best features is that you can colorize the packet types and rebuild the streams. Wildpackets has a sniffer that is around 2K which is a bargin given how much...

Keep in mind that on most decent network equipment, ICMP packets do not have the priority in a congested moment of time. So even if the TCP packets make it, the ICMP may not and make you think there is a problem. Buckweet (long time no speak) has the right of it with the suggestion of looking at...

Do your basic troubleshooting, I use the Cisco client all the time on my multiple Macs, both G5 and Intel. The biggest problem is that Macs do not use WINS so all shares need to be FQDN or an IP address. Macs also do not like the builtin Cisco firewall on the VPN concentrator. Also, Macs do NOT...

Actually there is an easier way to do it. Set up a static route for the 2nd line with a cost of 250. It will not route to that link unless the first link which has a lower "cost" is down and not reachable. OSPF and policy routing is good way to load balance between the two links if you want to...

LT0-3 HP branded drives. IBM tweaks theirs to get a slight bit of increase in throughput at the expensive of being able to use anyone's tapes. The NEO series from Overland Technology is awesome. I've used them for three years now in three different networks. MikeS www.packetattack.com...

You need a device like "Bluecoat" which is a very sophiscated proxy applicance. It will redirect based on content, it can actually rewrite the HTTP headers, it can either block IM or "reflect" IMs which allow you to login to Yahoo for example, and even send IMs but only to an approved list of...

If your budget is very small, then get the simulator from Boson and work on the CCNA first. Then once you have a better grip on your weak areas, worry about some hardware. The sims are every bit as good as the hardware and if you really, really need to touch hardware for a while, rent it. MikeS...

A router is like a roundabout. Three stores with the roundabout between them. YOu gotta go through the roundabout (router) to get to the any one of the stores from the other. A firewall is like a bank vault door. If you got permission, you can go in. No permission, they shoot you down at the...

You can buy rails from anyone who supplies parts for DJs and people building portable mixing/amps etc. Build your own "rack" from 1x2s (or whatever) The rails are cheap like this: http://www.zzounds.com/item--RAXRKRL Here is a good place to start with the directions...