|
I think it's 5 minute average by default. We just use it to capture source/dest traffic data and push it back to the client saying, "Stop complaining that it's slow - you have 10 people streaming Pandora and they're pegging the bandwidth out."
|
# ¿ Mar 2, 2013 00:09 |
|
|
# ¿ May 14, 2024 21:47 |
|
I work on Cisco firewalls every day of my life and primarily use the ADSM. I can use the CLI but prefer not to in most cases. There are exceptions.
|
# ¿ Mar 16, 2013 02:21 |
|
Partycat posted:So with the Cisco SG300 throw<snip> these things into the incinerator? Yep, do that with a quickness. We have a handful of these out in the field and they are terrible. Just terrible...
|
# ¿ Mar 20, 2013 21:01 |
|
They're junk. I've seen a few in the field that locked up, bricked, lost configurations, etc. They're also a right pain in the rear end to configure compared to a normal Catalyst.
|
# ¿ Apr 22, 2013 20:48 |
|
Jedi425 posted:I'm about to. I work at a big hosting provider, and we're about to start selling ASA-Xs. Alongside ASAs running pre-8.2. Alongside PIXes. Sounds like the place I work. Add in Fortigates of several firmware flavors, Juniper Netscreens of varying sizes, etc. I'm the old wizard that people come to for knowledge re: the Netscreens. I don't want to be the old wizard.
|
# ¿ Apr 23, 2013 23:22 |
|
pretend to care posted:Not sure where to put this, and apologies for being a moron, but I finally have to ask...can someone clearly explain subnetting? The Magic Number is what made it click for me long ago... There are many, many ways to explain it but this seemed to be an easy one for just about anybody to understand. This video also touches on CIDR (/32, /30, etc.) notation briefly.
|
# ¿ Apr 26, 2013 16:01 |
|
Am I missing something? Why don't they just get a public /30 and put one of the public hosts on the ADSL router, turn off NAT, and give you the other usable host - point at your ADSL router as your WAN gateway. Problem solved, turn up the IPSec VPN. I work for a regional ISP and we do this all the time.
|
# ¿ May 6, 2013 01:30 |
|
Sepist posted:Your interface is auto/auto, when I had an ASA spiking cpu and overruns it was due to a speed mismatch with the other side that wasn't negotiating correctly. Yep, hard code each side to gig/full and you'll see those errors go away. I just fixed an issue like this earlier this morning.
|
# ¿ May 14, 2013 22:17 |
|
Just use Packet Tracer unless you absolutely need physical access to gear.
|
# ¿ Jul 25, 2013 17:30 |
|
Herv posted:Its been forever but doesn't the CCNA focus on layer 2 switching? Yeah, it's just layer two on the CCNA.
|
# ¿ Jul 29, 2013 22:44 |
|
Filthy Lucre posted:I had EIGRP questions/troubleshooting when I took mine last year. He's talking about just switching content on the CCNA. EIGRP is covered under dynamic routing protocols.
|
# ¿ Jul 30, 2013 00:33 |
|
psydude posted:4500s because we're dumb and management things that Cisco is the only network vendor ever. I noticed this at my new place. They're all 4500's.
|
# ¿ Aug 1, 2013 14:43 |
|
Why don't you just use VRFs? Sure, there's some effort in the initial provisioning for them but it's possible. It's not that hard to explain to the front line folks how a VRF works in basic terms. I worked for a MSP that was able to communicate how to do basic troubleshooting for VRFs. After some initial thrashing the non-necessary ticket escalations slowed down to nothing. There are always growing pains. "Potentially 2000 sites" - what's the realistic deployment out of the gates? GOOCHY fucked around with this message at 01:38 on Aug 28, 2013 |
# ¿ Aug 28, 2013 01:33 |
|
You can manage an ASA via both ASDM and CLI interchangeably if you so wish. Most people do one or the other for the most part, though. ASDM generally will drop strange group names into your config that you'd probably not use if you were configuring it via CLI.
|
# ¿ Mar 8, 2014 18:30 |
|
All I can suggest is to take each question on the test at face value. Do not try to read into it. There is no nuance. You'll drive yourself crazy trying to figure out what they're trying to get at with their questions. I started wondering if the questions were worded by a non-native English speaker.
|
# ¿ Mar 23, 2014 17:53 |
|
I worked for a MSP that deployed a lot of the 60C devices to customers. The hard drives failed all the time. It was infuriating.
|
# ¿ May 10, 2014 17:46 |
|
falz posted:Set VTP to transparent mode and never look back. Yes it will require more work adding vlans to all devices but you will avoid horrendous outages due to silly operator error. This is the correct path.
|
# ¿ Jun 11, 2014 15:25 |
|
Those ACLs and NAT exemption statements look proper to me. This isn't something goofy with the far end network hosts and Windows firewall is it?
|
# ¿ Jun 27, 2014 00:33 |
|
QPZIL posted:God drat it. I need a stiff drink now. Ugh. loving Windows firewall. Glad to hear it's just that - coming from a grizzled veteran who is four Deschutes Fresh Squeezed in after a day of IT soul crushing.
|
# ¿ Jun 27, 2014 01:27 |
|
The MSP I used to work for sold Fortigates and they definitely had a high rate of failure with the hard disks.
|
# ¿ Jul 5, 2014 01:30 |
|
gently caress spanning tree. That is all.
|
# ¿ Aug 18, 2014 21:57 |
|
adorai posted:My assumption is that it worked as intended, but not as expected. Pretty much. An issue was reported and I went down that troubleshooting path for quite awhile before it presented itself as a spanning tree root priority issue and not the issue as described. So I guess it would be more accurate to say gently caress the prior network administrators, not spanning tree. :-D
|
# ¿ Aug 19, 2014 14:21 |
|
0.0.0.0/0 basically says "match all" - so if there's a packet destined for an IP address that is not already in the routing table it will follow the default route out. Typically, a default route is your internet bound route in a lot of networks.
|
# ¿ Sep 7, 2014 03:58 |
|
It's not a broadcast. Your typical static default route would look like - 0.0.0.0 0.0.0.0 10.1.1.1 - meaning, any packet that contains a destination IP address that I don't have a specific route for in my routing table, I'm going to send to 10.1.1.1. Usually, this will be the router where the ISP Internet circuit terminates. That packet gets forwarded on toward your ISP's network. Say you also have routes for - 192.168.1.0 255.255.255.0 10.1.1.2 (some other router in the nework) 172.16.1.0 255.255.255.0 10.1.1.2 You send a packet that contains destination IP address 192.168.1.10 in it and it's going to follow the static route for 192.168.1.0/24 toward router 10.1.1.2. You send a packet that contains destination IP address 172.16.1.168 in it and it's going to follow the static route for 172.16.1.0/24 toward router 10.1.1.2. You send a packet that contains destination IP address 64.127.54.9 in it and this router doesn't have a route for that IP address so it follows the default route to 10.1.1.1 (ISP) and onward through the ISP network to wherever that host lives out in public Internet land. GOOCHY fucked around with this message at 04:14 on Sep 7, 2014 |
# ¿ Sep 7, 2014 04:12 |
|
I've used this one for years and years. It just works. No screwing around at all. Mine doesn't look exactly like that since it's so old. I'm sure there has been a physical revision or two in between. But it's the same drivers, I'm sure, and they just work.
|
# ¿ Nov 25, 2014 23:17 |
|
inignot posted:VIRL has been released to the public. It would be more useful to us if we could also emulate our layer 2 connections.
|
# ¿ Dec 1, 2014 18:58 |
|
Yep. 1:1 NAT your public host to a private host of your choice, configure the private host on the NAS management interface, TCP 80 outside, 5000 inside, build the inbound access rule and you're good to go.
|
# ¿ Jan 28, 2015 23:33 |
|
You'd need to disable split tunneling on the 5505.
|
# ¿ Feb 12, 2015 10:59 |
|
|
# ¿ May 14, 2024 21:47 |
|
ragzilla posted:Block everything outbound except for explicitly allowed ports. Sounds like a way to get called about every ticky tack service anybody wants to use.
|
# ¿ Mar 6, 2015 23:27 |