Hello,
Quite a while back I inquired regarding universities that deal with
networking and telecomms for postgraduate (taught). I remember someone
from this list replied back privately, but I can't recall who and I
didn't retain that particular message.
Come out come out wherever you are! Just wa
How will the audit be focused? If you are looking for security then I would
start from the design board and look at a more general view of the network
with focus on end to end security and device to device. You would obviously
have to build a very precise topological image of the network (even in t
Zenoss has syslog and snmp traps , its actually quite nice due to it's
integration with the rest of the monitoring system (hierarchies ,
notification settings) and it also takes repetitions in a time lapse in
order to avoid sending you hundreds of notifications and just sends a more
reasonable amou
Dear all,
I understand this isn't the usual topic found in this mailing list however
I felt more answers and hints would come out of here than anywhere else.
I am looking for a networking related university within the EU (preferably
U.K) for postgraduate studies. I am currently a Computer Networ
I would say Zenoss is looking good because of the inventory management you
can do and because of the logical structure it puts everything in. I wrote
an old dusty article a long long time ago on NMSs , maybe you can take a
peak.
http://www.spinthiras.org/2008/07/network-monitoring/
Everything else
Haven't had much DSLAM hands on but the Allied Telesis iMAP range is nice.
Regards,
Mario
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
I know on the Allied Telesis boxes you can do VLAN translations from
one vlan to another. Is there no way of doing multiple translations on
a Cisco? Havent really had the need to do something like this before
however I guess bridge groups could be useful. How would you overcome
the STP problems tha
use a gre tunnel. i have a tutorial here on it.
http://www.spinthiras.net/2007/11/24/vpn-via-tunnel-interfaces/
do that n run ospf on top.
remember that tunnel ifaces are to be treated like normal ifaces,
regards,
mario
___
cisco-nsp mailing list ci
If you have a default rule for NAT then have you tried adding an
exemption in the NAT list for th eparticular network?
Can you give me more of an insight on the network , addressing ,
interfaces , routes and security rules?
Regards,
Mario A. Spinthiras
http://www.spinthiras.net/
___
I dont think thats the problem. It looks like the transform sets don't
match. Don't forget that ACLs come prior to phase 2.
Regards,
Mario A. Spinthiras
http://www.spinthiras.net/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.
How about the actual problem so we can help there? Logs , errors?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Jeremy,
I don't know if your looking for Cisco DSLAMS but I Allied Telesis
make the iMAPs which are very well designed DSLAMS. I used them for
basic xDSL testing back in the days I was in industry but they were
incompatible with a SS so we didnt buy them for that. We did however
use them for metro
And please forgive the bad spelling and grammar. It happens sometimes.
Regards,
Mario A. Spinthiras
http://www.spinthiras.net/
On Wed, Dec 10, 2008 at 7:48 PM, Mario Spinthiras
<[EMAIL PROTECTED]> wrote:
> Dear all,
>
> I posted an email to this list a while back regarding netwo
Dear all,
I posted an email to this list a while back regarding network
monitoring. I came up with a theory which I would like to share with
the world which might be something interested though I dont know due
to the diversity of network design today. My question are essentially
the following , W
Hello guys n gals,
Honestly , this is coffee number 4 , and I hate decaf.
I have a proposal to write at uni and obviously I want it related to
Cisco networking. I was thinking something on monitoring and
management systems. Any ideas thrown at me are more than welcome.
Regards,
Mario A. Spinthir
Do you want to do trunking or manage vlans automatically over a trunk? Dot1Q
should take care of the trunk part. I could have sworn Ive used GVRP on a
3560 before but I am not sure , it could have been a 3570 or something.
Regards,
Mario.
___
cisco-nsp m
thats very true. If you rely on etherchanneling then you are effectively
relying on lower layer redundancy. If you go higher , then you rely on the
normal operation of L3 , etc...
Regards,
Mario A. Spinthiras
http://www.spinthiras.net/
___
cisco-nsp mail
Most beneficial is to port-channel the interfaces. This is clever in many
ways. Handling the interface redundancy any other way complicates things
IMHO. With a port-channel interface you have more bandwidth and redundancy.
Regards,
Mario
http://www.spinthiras.net/
On Fri, Nov 7, 2008 at 8:30 PM,
Zenoss by far!
You can also read my own pain on systems like this at :
http://www.spinthiras.net/2008/07/17/network-monitoring/
Hope zenoss fit's your setup.
Regards,
Mario
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/
Why cant he leave his acl for the crypto map alone and simply apply the
relevant access list on the interface to restrict specific entries? Will
this affect his vpn (don't think so) ?
Regards,
Mario
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
h
Hello All,
Since I have dug in to find a respectable monitoring/management system
in the past , I might as well shre my 2p with you all.
To begin with no monitoring system out there really cuts it simply
because they are based on bad design. All of them including the top
notch ones which I will n
have you tried zenoss?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Nbar is more sensible since you don't only have to pass ftp via your
access-list to match the route-map but ftp-data also.
Regards,
Mario
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
Dont want to be going too off topic here but is there an OID that can return
the number of IPSEC tunnels active and RA users logged on? When I used to
work for an ISP in Cyprus that did a lot of work with IPSEC I had to prepare
an automated shell script that logged on to the routers and retrieved t
Note: Not that I'm badmouthing Vista or anything. Wouldn't want to spoil a
carrer oportunity at MS when Im done with Uni :)
I am preparing a little something on IPSEC troubleshooting with a few
example scenarios (basic and advanced) to perhaps help people focus on the
important bits in IPSEC (we a
Ive found that Vista in the past has given me issues. What you can try doing
is disabling unnecessary protocols on the relevant adapters while as keeping
the specific one required by the virtual VPN adapter that it creates. To be
honest I found a viable solution by rebooting into Ubuntu , deleting
Does traffic which has specific mac addys (in band mgmt traffic , vtp ,
etc..) have something to do with this?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/piper
So if I wanted my VLAN db to be on a server , i.e a nice web interface
implemented in an IPAM , are you saying I cant run a software that generates
VTP messages for propagation simply because VTP is proprietary? Do all IOS
not implement GVRP ?
___
cisco-n
Hello All,
Before planning a small deployment I wanted to know if any of you had made
use of GVRP (via GARP) on production Cisco machines. Do they provide the
same result as does VTP?
Regards,
Mario.
http://www.blupenguin.com/
___
cisco-nsp mailing lis
Wouldn't it be a lot wiser to migrate to IOS ? I know this is possible and
I'm sure it's a step forward than anything else. Can anyone shed some light
on the worthiness of migrating to IOS other than the obvious (consistency ,
easier)
Regards,
Mario
___
I presume the only difference in setting up vlans would show in CatOS which
I haven't used and not sure people do today compared to IOS.
If I remember correctly through my Cisco training CatOS is something like
set vlan %x while as it should be straight forward with IOS using vlan %x in
global con
Greetings,
First off forgive me if I am a bit off topic but I needed a list where
people from the ISP/NSP sector reside and what better place than the cisco
mailing list. I am currently in the works of developing an open source ipv6
IPAM with extensive features aimed at the ISP/NSP userbase. Worki
Plus it would be great if you could run a packet-trace and paste it here.
--
Warm Regards,
Mario A. Spinthiras
http://www.spinthiras.net/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive a
crypto ip-sec df-bit clear/set ?
If you have mismatches on either ends you can see "unencrypted" traffic on
one end while normal signs of operation on the other.
Warm Regards,
Mario A. Spinthiras
http://www.spinthiras.net/
___
cisco-nsp mailing list ci
Since it is PPPoE and IPSEC on the top then I would say play a little with
your MTU since IPSEC and PPPoE demand a chunk from it. Then you have to
consider the size of your encrypted packets. Do you do payload or datagram
encryption (mode)?
A really good way I recently tuned an IPSEC tunnel was wi
/ps6537/ps6586/ps6642
> /prod_white_paper0900aecd80313fac.pdf<http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd80313fac.pdf>
>
> Let me know if you require further info.
>
> Arie
>
> -Original Message-
> From: [EMAIL
Greetings to everyone,
I recently looked into the minimal resource usage of a Cisco router in the
case of a denial of service attack. In such cases what is the minimal
configuration one can apply to a router to make sure that a certain range of
IPs attacking you keeps the router alive and uses mu
It will not. If you are looking into something along the lines of DPI or
even standard filtering per ip/port it will still work. PPPoE is L2
encapsulation. It will still look for the L3 information inside the frame.
On Thu, Jul 24, 2008 at 11:29 PM, Masood Ahmad Shah <[EMAIL PROTECTED]>
wrote:
>
deny ip any 10.1.1.1 0.0.0.0
On Fri, Jul 25, 2008 at 2:15 AM, Dan Letkeman <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I have a router that is doing some route-map's for various
> destinations. On the fa0/0 port I have "ip policy route-map inet" and
> the route-map's are done like this
>
> route-map
I am not aware of specific NMSs that do this but a best bet would be to
explore Zenoss which might be able to help you out with their zenpack
plugins and a few external binaries.
Regards,
Mario.
On Thu, Jul 24, 2008 at 11:30 AM, Sergey Voropaev <[EMAIL PROTECTED]>
wrote:
> Salute guys!
>
> Could
Plenty to be honest. Paste a "show run | sec snmp" . Do you declare an ACL
to protect snmp? Is the host you checked from authorized to access snmp? Is
snmp configured correctly?
Regards,
Mario
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https:/
I would like to see both (physical) ports configuration , and I would also
like to see a summary of your etherchannels (show etherchannel 1 summary).
did you set both modes on both physical interfaces to on ? Are you doing
PagP on both ? I would suggest LACP (channel-protocol lacp). I also notice
y
42 matches
Mail list logo
