RE: AP Recommendation

100 units - are these LWAPs? Do you have a controller somewhere that manages all these guys? If so, it's possible, your controller just went offline and killed the units in the process. Aaron Rohyans IT Coordinator, IDC-USA [EMAIL PROTECTED] 317.244.8307 (V) 317

RE: Cisco help

I don't believe you can use SYSLOG to track logins via AAA on an IOS router (however you can with a PIX/ASA). You'll need to setup aaa accounting to your radius server to track that: aaa authentication ppp VTYAUTH group radius local aaa authorization network VTYPRIV group radius local aaa account

OT: Cisco CCIE

Hey all, Way off topic for an NT list, but I thought I'd just share with everyone (cause I'm stoked right now) that I passed my Cisco CCIE lab exam. I'm officially a Cisco Certified Internetwork Expert in Security - #21945. Gone are the days of studying for 4-5 hours every night and 10-12 hours o

RE: VPN and Routing Question

RIP will not work across an IPSec VPN as it uses broadcast/multicast - you'd have to setup unicast neighbor statements (but now that I think about it, this may not be possible on the PIX). You'll have to use static routes to point each branch to the Hub when trying to reach other branches. You'll

RE: Remote power cycling

Check out http://www.digital-loggers.com/ They have both rack mounted and wall mounted units ranging from $109 to $300. They're reliable and sturdy. I haven't had any issues with the few that I've bought. The web interface is a bit finicky sometimes, but it gets the job done. Also, they off

RE: Need to take away internet access for a user..

Couple options 1. Find out what port s/he is plugged into on the 3560. Being a Layer 3 switch, you can apply a Layer 3 ACL directly to the port they live on (see below). Switch(config)# access-list 101 deny tcp any any eq 80 Switch(config)# access-list 101 permit ip any

RE: Cisco ASA with bad console port?

Yes I have seen the issue on PIX before. Typically b/c the unit didn't boot all the way up and froze during POST. Does anything appear on the console during bootup? Is there a valid image on Flash? Thanks! Aaron Rohyans IT Coordinator, IDC-USA [EMAIL PROTECTED]

PDF Editing Software

Anyone know of some (preferably free) PDF editing software? I don't necessarily need to manipulate an original document, just make notes over the top of it and add text to blank fields. Am I stuck with Adobe Standard? Will Adobe Pro/Pro Extended do the same thing? Thoughts? Thanks! Aaron Rohy

RE: PIX mungles SMTP headers

PIX(config)# no fixup protocol smtp 25 HTH, Aaron Rohyans IT Coordinator, IDC-USA [EMAIL PROTECTED] 317.244.8307 (V) 317.244.4600 (F) From: Klint Price - ArizonaITPro [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 200

RE: Cisco ASA 5500

For small to mid-size business, perhaps. It's all personal preference really. That being said, somehow I doubt that ISA has 10Gbps (cleartext) and 1Gbps (encrypted) throughput when sitting on a backbone Service Provider network. Packet Filter Firewalls still serve a purpose :) Aaron Rohyans IT

Exchange (Serverside) Auto Forwarding

Hi all, I setup a rule within Outlook to autoforward specific e-mails to an offsite address and move the message to a specific Inbox folder. The rule is not marked as "Client-only," however, only part of it runs if left unattended with Outlook closed. The message gets moved to the specified fold

RE: ASA VPN device

What are you looking to spend? Do you want new or used equipment? If you don't mind used, $50-75 will buy you a Cisco 1700 series router w/ crypto image that'll do the job nicely (1700 series routers were rock solid - which is why a lot are still in production today). Or even an 831 w/ crypto

RE: ASA VPN device

/products/default.aspx?EDC=889253 That said, I don't know if they will actually solve the OP's problem, but he doesn't need to resort to eBay to find them.  - Andy O. ____ From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008

RE: INTERNET SLOWNESS

I have had one user complain of exactly what you're describing. Can't put my finger on it, but it's not bad enough that she's complaining daily. Aaron From: Tom Strader - NCBPAC Systems Administrator [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 200

RE: VPN question

If using PPTP - nothing is encrypted (except for the MSCHAPv2 exchange for authentication). You're using MS's flavor of a GRE tunnel which does not provide any flavor of encryption - only Data Origin authentication, Anti-replay protection, Data pattern confidentiality, and Data Integrity. I do be

RE: VPN question

ing of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] ________ From:

RE: Verizon BES down?

Mine's working out of Indianapolis - we're running BES 4.1 w/ Verizon service. HTH, Aaron From: Benjamin Zachary - Lists [mailto:[EMAIL PROTECTED] Sent: Monday, June 16, 2008 10:40 AM To: NT System Admin Issues Subject: Verizon BES down? I have two

RE: VPN Client's vs. Hardware

I wouldn't so much worry about tying up the bandwidth with multiple software clients. At least, no more than a hardware client would. In other words, 2 software clients talking using separate clients will generate the same amount of traffic as two clients talking through a hardware client. Also,

RE: [OT] Home VoIP

Being the geek that I am (and a Cisco bigot)... I'm running Call Manager Express out of a 2600 at home with 2 inbound phone lines. Every phone in the house has an extension (and yes, you must dial 9 to get out) :-) Aaron From: Christopher J. Bosak [mai

RE: Increasing Sockets

You can't forget that UDP is a connectionless protocol and hence unreliable. It has no method of retransmission and/or mechanism for discovering dropped packets. The advantage being that it has much lower overhead than TCP and is highly flexible regarding payload types (sacrificing efficiency).

Re: PIX Acl's

ACL hit count logging on the PIX/ASA is based on traffic flow matching rather than individual packet matching. Flow being a session between Src IP, Dst IP, and possibly Port Pair. My guess is that the traffic flow initiated on one port (the one where the hit count goes up), then got redirected to

RE: My Docs Redirection

Same issue here If the clients have VPN, you can have them VPN back in and resynch... I've watched my "vanished" documents re-appear before my very eyes while doing a resynch over the VPN. HTH, Aaron From: Jon Harris [mailto:[EMAIL PROTECTED]

RE: ASA question...how to auth to AD

What are you wanting to authenticate? Telnet/SSH connections, or VPN tunnels? My suggestion would be to use LDAP or Radius. ASA v7.x now supports authentication directly via LDAP. I can provide sample configs if need be. HTH, Aaron Rohyans IT Coordinator, IDC-USA [EMAIL PROTECTED

RE: ASA question...how to auth to AD

OS. Yes I would like to see the sample configs. Thanks! Todd Lemmiksoo Network Administrator All-Mode Communications, Inc. 1725 Dryden Road Freeville, New York 13068 (607) 347-4164 x440 1-877-ALLMODE (toll free) http://www.all-mode.com <http://www.all-mode.com/> ______

RE: ASA question...how to auth to AD

am I misinterpreting what I am reading here? (Which wouldn't be any surprise, my Cisco skills are getting rusty.) Regards, Michael B. Smith MCITP:SA,EMA/MCSE/Exchange MVP http://TheEssentialExchange.com From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2008

RE: People that keep scanning my firewall

Depending on how many IP's your talking about... try shunning them from the ASA, and removing the syslog message from being "logged" shun 11.22.33.44 no logging message 401004 That'll at least clean up the logs without sacrificing legitimate logging output. Aaron Rohyans IT Coordinator,

RE: Recommendation of a firewall with these features ?

net--^ HTH, Aaron T. Rohyans Director of Information Systems IDC-USA [EMAIL PROTECTED] -Original Message- From: Kurt Buff [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 02, 2008 11:06 AM To: NT System Admin Issues Subject: Re: Recommendation of a firewall with these features ? BSD with

RE: Cisco ASA5520

Get up to at least 7.2(x) code. That should help out. Aaron T. Rohyans Director of Information Systems IDC-USA [EMAIL PROTECTED] From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 09, 2008 1:45 PM To: NT System Admin Issues Subject: RE: Cisco ASA5520 We have

RE: Cisco 3560 switch configuration help

What do you need to know? Yes, it is possible to do what you want on the 3560 as long as it doesn't involve advanced routing protocols (EIGRP/BGP/IS-IS - unless you have the EMI image on it). Let me know what you need! Hope this helps! Aaron T. Rohyans IT Coordinator ID

Question about TCP/IP properties in Terminal Services

. doesn't show the address I entered from the console). Am I missing something here? Wouldn't want this guy to get a new address without me knowing it J Thanks for any help! Aaron T. Rohyans Director of Information Systems IDC-USA [EMAIL PROTECTED] ~ Upgrade to Next

SQL help...

lts to say something else. Will the "select replace" function do that, or will it modify the table? Or is there a better way to do it? Thanks for any help! Aaron T. Rohyans Director of Information Systems IDC-USA [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/

RE: Cisco VPN Client - auto reconnect

the user, but starts when the VPN client is started up. If you kept your pings small (ping -l 64 XXX.XXX.XXX.XXX), you wouldn't have to worry about killing your bandwidth. Just my two cents HTH, Aaron T. Rohyans Director of Information Systems IDC-USA [EMAIL PROTECTED]

Application Virtualization using TS?

Hi all, I've been doing a bit of Googling and, not finding too much, thought I'd pose the question here. Is it possible to "virtualize" an application through TS? Basically, I want the entire window locked down - no Start menu, no Desktop icons, etc. All the users should be able to do is access

RE: Quick Cisco test network question..

Two options - VLAN interfaces, or turning your Layer2 ports into Routed interfaces: 1. Switch(config)# ip routing Switch(config)# int vlan 100 Switch(config-if)# ip add 1.1.1.1 255.255.255.0 Switch(config-if)# exit Switch(config)# ip route 0.0.0.0 0.0.0.0 1.1.1.254 2. Switch(config)#

RE: Quick Cisco test network question..

then nothing gets plugged into the actual f0/1 port right? It is just a routable interface? ____ From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2008 3:01 PM To: NT System Admin Issues Subject: RE: Quick Cisco test network question..

RE: Network core switch

Well... I'm biased to Cisco, but I do believe some of the Extreme Networks and Foundry (maybe even HP) boxes beat Cisco's high end "core" switches hands down. That being said, I believe this was based purely on L2 switching speed/capacity. Sounds like you need a box that not only switches at L2 q

RE: What could cause this VPN issue?

Could be a number of things really I'm assuming you're using GRE/PPTP? 1. His provider could be blocking GRE (IP Protocol #47). This would allow the VPN to establish (via PPTP), but no traffic would pass as GRE is being blocked. 2. His router doesn't un

RE: vlan tagging

Do all your transit switches have knowledge of VLAN3? Are any of the transit switches "dumb" - i.e. don't support tagging/trunking? Is there a Layer3 device somewhere in the transit path to perform Inter-VLAN routing? Aaron Rohyans IT Coordinator, IDC-USA [EMAIL PROTECTED]

RE: Quick Cisco test network question..

ROTECTED] Sent: Wednesday, November 12, 2008 3:04 PM To: NT System Admin Issues Subject: RE: Quick Cisco test network question.. Sorry to sound dumb... if I use option #2 then nothing gets plugged into the actual f0/1 port right? It is just a routable interface?

RE: Quick Cisco test network question..

line to the int vlan 3 correct? And make the scope etc from the subnet vlan 3 is defined for? I appreciate all your insight.. ________ From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 25, 2008 2:29 PM To: NT System Admin Issues Subject:

RE: Quick Cisco test network question..

g thanks again..im starting to get it.. ________ From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 25, 2008 1:31 PM To: NT System Admin Issues Subject: RE: Quick Cisco test network question.. Depends - For the switch itself, you'll want the default gateway to be

RE: Wireless DHCP Attack [7:133469]

What kind of switches are they using? DHCP Snooping is exactly what you want to use to counter such an attack as it will only allow 1 DHCP offer back to the client to prevent a host from accepting multiple offers. Also, consider coupling in ARP Snooping (if it is a Layer 3 switch or above) to p

RE: testing Speed Reliably between datacenters

I'd say FTP is your best bet since it is such a low overhead "raw" TCP protocol. If you have a Linux distro that you can setup on both ends to test, that would be optimal as Windows periodically has problems with TCP Window Scaling. HTH, Aaron Rohyans IT Coordinator, IDC-USA [EMAIL PROTECTE

RE: testing Speed Reliably between datacenters

E, CCA, Security +, Network + From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2008 9:36 AM To: NT System Admin Issues Subject: RE: testing Speed Reliably between datacenters I'd say FTP is your best bet since it is such a low ov

Domain Controller HD setup

Ok folks - question time... Being the "just good enough to be dangerous" type at anything other than Cisco, I thought I would pose this question to the group for some insight. I am in the process of building our new DC. We are a small shop of about 75 employees, so we host AD, Exchange, File

RE: Domain Controller HD setup

RAID. Bob Fronk From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 09, 2008 9:08 AM To: NT System Admin Issues Subject: Domain Controller HD setup Ok folks - question time... Being the "just good enough to be dangerous" type at anything other than C

RE: Internet issues?

Good lord man, where were you sitting at the beginning of this traceroute? You aren't above 10ms timeout until hop 7... are you running 100Mb MetroE? Anyway... Global Crossing seems to be the only Tier I carrier having issues right now: http://www.internetpulse.net/ Aaron ___

Re: Degraded Internet Access today from Verizon

We had a bit of voice quality issues with our Verizon PRI. Aaron - Original Message - From: Phil Guevara <[EMAIL PROTECTED]> To: NT System Admin Issues Sent: Tue Apr 22 20:55:05 2008 Subject: Degraded Internet Access today from Verizon Anyone else experiencing dropouts and slowness wi