Re: Cisco ISE

2017-10-06 Thread Scott Morris
There are other products out there that give more successful results much quicker and with much less effort. While I won’t spam the list with things, I’d be happy to share my experience off-list if desired. Scott -Original Message- From: NANOG on behalf of

Re: Cisco ISE

2017-10-06 Thread Smoot Carl-Mitchell
On Fri, 2017-10-06 at 20:41 +, Christopher J. Wolff wrote: > Is anyone successfully deploying ISE 2.X?  I’m six months into it on > about 10,000 endpoints and it seems like it’s a highly challenged > product.  I’d love to hear your experiences on or off-list.  Thanks > in advance. ISE is

Re: Hurricane Maria: Summary of communication status - and lack of

2017-10-06 Thread Jean-Francois Mezei
I have not ound the official announcements, but the press is reporting that the FCC has granted Google rights to fly 30 of its "Loon" high altitude ballons to provide cellular cervice in Puerto Rico for up to 6 months. (From my readings, there are glorified relays of ground based signals (which I

Re: Hurricane Maria: Summary of communication status - and lack of

2017-10-06 Thread Sean Donelan
In addition to government and carriers working on the large-scale infrastructure to restore telecommunications in Puerto Rico, U.S. Virgin Islands and other Caribbean islands; I've found the following non-government organizations with people on the ground in the disaster areas working on

Re: Cisco ISE

2017-10-06 Thread Darin Herteen
Any particular part of the product giving you trouble or just the migration to the product itself ? Running 5.7 here a multi-vendor endpoint environment using both TACACS+ & RADIUS for device administration and have been curious about the pain I may or may not have ahead of me...

Re: Cisco ISE

2017-10-06 Thread Christopher J. Wolff
Proceed with extreme caution. You may want to have that end of life ACS deployment bake for another six months. You will want to have the highest level of Cisco engineering engaged should you choose to go this direction. On Oct 6, 2017, at 3:48 PM, Mann, Jason

RE: Cisco ISE

2017-10-06 Thread Mann, Jason
As would I. We are going to start a project that is replacing ACS 5.7 with ISE 2.X -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Christopher J. Wolff Sent: Friday, October 6, 2017 2:41 PM To: nanog@nanog.org Subject: Cisco ISE Is anyone successfully

Cisco ISE

2017-10-06 Thread Christopher J. Wolff
Is anyone successfully deploying ISE 2.X? I’m six months into it on about 10,000 endpoints and it seems like it’s a highly challenged product. I’d love to hear your experiences on or off-list. Thanks in advance.

Re: RFC 1918 network range choices

2017-10-06 Thread Ryan Harden
Interesting you call sections 2,4,5 a security model when section 6 explicitly states "Security issues are not addressed in this memo.” Sections 2, 4, and 5 are motivational and design considerations. Using RFC1918 space is not and should not be considered a security practice. /Ryan Ryan

Re: RFC 1918 network range choices

2017-10-06 Thread Daniel Karrenberg
On 05/10/2017 13:28, Randy Bush wrote: >>> The answer seems to be "no, Jon's not answering his email anymore". > > jon was not a big supporter of rfc1918 If I recall correctly not one of the authors was a "big supporter". Some things are not full of beauty and glory; yet they have to be done. I

Re: RFC 1918 network range choices

2017-10-06 Thread Daniel Karrenberg
On 05/10/2017 07:40, Jay R. Ashworth wrote: > Does anyone have a pointer to an *authoritative* source on why > > 10/8 > 172.16/12 and > 192.168/16 > > were the ranges chosen to enshrine in the RFC? ... The RFC explains the reason why we chose three ranges from "Class A,B & C" respectively: CIDR

Weekly Routing Table Report

2017-10-06 Thread Routing Analysis Role Account
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG MENOG, BJNOG, SDNOG, CMNOG, LACNOG, IRNOG and the RIPE Routing WG. Daily listings are sent to

Re: RFC 1918 network range choices

2017-10-06 Thread Owen DeLong
> On Oct 5, 2017, at 5:14 PM, Lyndon Nerenberg wrote: > > >> On Oct 5, 2017, at 4:52 PM, Steve Feldman wrote: >> >> I have a vague recollection of parts of 192.168.0.0/16 being used as default >> addresses on early Sun systems. If that's actually

Re: RFC 1918 network range choices

2017-10-06 Thread Joe Klein
Which part? The allocation of the addresses or the security model (section 2, 4 & 5)? Note: Very few system, network, or security professionals have even read anything besides section 3, the private address allocation. Could be why we have some many compromises --- just saying. Joe Klein

Re: RFC 1918 network range choices

2017-10-06 Thread Alain Hebert
    Well,     Some HP unixes, and documentation, still uses 192.1.1.x.     Hey free publicity for BBN.     I have a client still using 192.1.10/24 just because of it. Been 4 years and they still won't change it :( - Alain Hebertaheb...@pubnix.net PubNIX