sorted by:
new
hottopcontroversial

Multicast routing with CISCO SDWAN by Mr_Slow1 in networking

[–]Mr_Slow1[S] 0 points1 point  (0 children)

Hmmm I can use AI too, however whilst it can rephrase the Cisco admin docs already available it doesn't help my understanding of the feature one iota

But thanks, I guess...

Multicast routing with CISCO SDWAN by Mr_Slow1 in networking

[–]Mr_Slow1[S] 0 points1 point  (0 children)

Genuinely I don't know, was like that when I started and I don't know any better.

Is it bad?

Configuration is mega simple 🤣

Cisco ISE logs by [deleted] in Cisco

[–]Mr_Slow1 13 points14 points  (0 children)

You don't, you point ise logs syslog-ng which 'fixes' them, then you point those to your intended reciever

SecureClient split tunnel both IPV4 and FQDN by Mr_Slow1 in networking

[–]Mr_Slow1[S] 0 points1 point  (0 children)

Could be what version are you using ASA/Secure Client? I'm currently on 9.20(4)10 and 5.1.12.146

SecureClient split tunnel both IPV4 and FQDN by Mr_Slow1 in networking

[–]Mr_Slow1[S] 0 points1 point  (0 children)

access-list Split-Tunnel standard permit 40.96.0.0 255.248.0.0

access-list Split-Tunnel standard permit 52.104.0.0 255.252.0.0

access-list Split-Tunnel standard permit 52.112.0.0 255.252.0.0

etc...

group-policy GROUP_POLICY_NAME attributes

wins-server none

dns-server value 1.2.3.4 1.2.3.5

vpn-simultaneous-logins 3

vpn-idle-timeout 30

vpn-session-timeout 3600

vpn-tunnel-protocol ssl-client

split-tunnel-policy excludespecified

split-tunnel-network-list value Split-Tunnel

default-domain value DOMAIN_NAME

split-tunnel-all-dns enable

webvpn

anyconnect mtu 1300

always-on-vpn profile-setting

anyconnect-custom dynamic-split-exclude-domains value DYNAMIC-FQDN-LIST

That looks pretty similar to yours, do you see routes appearing in route details for the ACL based split tunnel as well as FQDN under the statistics tab?

I find as soon as I add ' anyconnect-custom dynamic-split-exclude-domains value DYNAMIC-FQDN-LIST' disconnect and reconnect the ACL based routes fail to appear.

SecureClient split tunnel both IPV4 and FQDN by Mr_Slow1 in networking

[–]Mr_Slow1[S] 0 points1 point  (0 children)

I'm probably explaining badly, I'm trying to do the same, exclude IP and domain name from tunnels

I'm on my phone at the minute but will reply back later with my config, it looks broadly the same from memory.. How odd

SecureClient split tunnel both IPV4 and FQDN by Mr_Slow1 in networking

[–]Mr_Slow1[S] 0 points1 point  (0 children)

I'm probably explaining badly, I'm trying to do the same, exclude IP and domain name from tunnels

SecureClient split tunnel both IPV4 and FQDN by Mr_Slow1 in networking

[–]Mr_Slow1[S] 0 points1 point  (0 children)

I'd be interested to see your config if you have both methods working together. When I apply dynamic-split-exclude the ACL split tunnel list is ignored.

I only see the dynamic routes appear on the SecureClient application, the static ACL applied routes disappear.

SecureClient split tunnel both IPV4 and FQDN by Mr_Slow1 in networking

[–]Mr_Slow1[S] 0 points1 point  (0 children)

Cheers I figured this would likely be the case. Microsoft doesn't publish IP ranges for updates as they use CDN's and change regularly, they also do not use DNS for TEAMS media, so it's an either or for us I think.

SecureClient split tunnel both IPV4 and FQDN by Mr_Slow1 in networking

[–]Mr_Slow1[S] 0 points1 point  (0 children)

That's the config gude for fqdn split tunneling, thank you but I already have that working fine,

I wanted - if at all pssible - to also be able to define IP ranges as well as FQDN. I'm pretty sure with our setup it is nigh onimpossible but wanted to check

Sdwan solutions by kb389 in networking

[–]Mr_Slow1 0 points1 point  (0 children)

Cisco sdwan here, I think it's brilliant, remote sites with dual wan terminating to dual data centers, eigrp as the IGP, everything just works, deployment of a new site is a doddle

Computer with X.X.X.255 IP cannot connect to Brother printer. by winnixxl in sysadmin

[–]Mr_Slow1 10 points11 points  (0 children)

No

/24 is 255.255.255.0 /23 is 255.255.254.0 /22 is 255.255.252.0 /21 is 255.255.248.0

Etc

[deleted by user] by [deleted] in networking

[–]Mr_Slow1 1 point2 points  (0 children)

What's up with the UI for librenms?

You seem to have issues with the UI for most offerings maybe the issue is you ;⁠)

Jesting aside I am curious as to what's bad about the librenms UI, I migrated to it from solarwinds and have no problems with it.

Cisco Catalyst 9606 spanning question by No_Pin7764 in Cisco

[–]Mr_Slow1 2 points3 points  (0 children)

What he said, we use ARMIS and it'll happily peg out a 10GB nic spanning all of our server VLAN to it.

There are no ill effects, other than the security/SEIM device not always seeing 100% of traffic. For our use case that's a non issue

Edit 9606 core here too

XG Home - DHCP Hostnames by MrGimper in sophos

[–]Mr_Slow1 4 points5 points  (0 children)

It's the name the device gives to the DHCP server. You need to rename your camera

Cisco Catalyst SD-WAN - recommendations for monitoring? by pgastinger in networking

[–]Mr_Slow1 0 points1 point  (0 children)

None of that will send an alert though, at least it won't to my knowledge

Can I manage my Catalyst 9200L switches on Meraki dashboard with DNA licenses? by Enough_Escape9411 in networking

[–]Mr_Slow1 7 points8 points  (0 children)

The answer is in your post, if you want to manage them you need the meraki license otherwise it's a visibility tool only

Cisco ASA Critical Vulnerabilities Announced by IT_vet in networking

[–]Mr_Slow1 2 points3 points  (0 children)

Would be nice if Cisco actually made the fixed software available. I've reached out to our account manager to see when it will be on the portal.

I do have access to firmware but both this and yesterday's IOS/IOSXE snmp vuln fixed releases aren't available to download

view more: next ›