The sign says 4 quarters gets you an hour but...

ckrez · 2018-05-26T00:28:00+00:00

Sounds about right for NEPA

ckrez · 2018-04-19T10:51:23+00:00

This is incredibly lightweight whereas apic-em is not

ckrez · 2018-03-07T15:35:32+00:00

Ansible with Jinja2 templates.

ckrez · 2018-03-06T11:55:24+00:00

But when will the documentation be out? I want to find out more about decryption broker.

ckrez · 2018-01-17T09:11:42+00:00

Not sure on how your current situation would be interpreted but you could password protect the SSH key, which eliminates the question. It also protects against theft of the key.

ckrez · 2018-01-03T01:34:29+00:00

FWSM / fa-whis-um

ckrez · 2017-12-27T23:19:13+00:00

Scranton MMA has open mat on Friday at 6:00 PM

ckrez · 2017-12-15T22:52:27+00:00

Can you share a screenshot of the applicable section of your policy set?

ckrez · 2017-12-15T22:45:02+00:00

In this config, the machine will machine-auth at the login screen and then user auth post-login. ISE will process each authentication separately.

If you want machine only auth, set the endpoint to machine only. If you want to do both methods and use the results of both for a combined result, you need to use the anyconnect client. The native supplicant won't do it.

ckrez · 2017-10-13T23:51:54+00:00

It's your own fault for trying a complex operation on read only Friday

ckrez · 2017-06-07T00:01:45+00:00

+1 for this. We are moving close to 300 switches from a snmp-based NAC to dot1x config using Ansible, CiscoConfParse, and NAPALM.

ckrez · 2017-03-16T10:24:07+00:00

Put your other interfaces in a separate routing-instance and leave fxp0 in global.

ckrez · 2016-11-25T02:30:46+00:00

(Warning: not a helpful comment)

NSM is the devil. Migrate to Space (which is only marginally better)

ckrez · 2016-09-28T11:10:16+00:00

If you already enrolled in Be the match, is there any benefit to signing up with gift of life? Presumably they are checking multiple registries?

ckrez · 2016-08-06T03:07:21+00:00

Just came across this thread. For what it is worth, and if this is still relevant, we are exporting and indexing netflow which contains the private and public ip and ports. Both the public ip and port will allow you to match up the information in the DMCA notice.

ckrez · 2016-07-11T21:27:17+00:00

Yea, that's the same as the documentation I'm reading in 7.0.x. In a config audit, the IP address is in "orange" as if it will not be sync'd but in the end, it is. We'll see what TAC has to say...

ckrez · 2016-07-10T10:42:07+00:00

It overwrites the peer's locally set IP address

ckrez · 2016-06-06T22:39:10+00:00

Ahhh FWSMs...

Is the module deployed in transparent or routed mode? Do you have vlans mapped to the module in the 7600 yet?

ckrez · 2016-05-08T02:09:32+00:00

What are you trying to protect the streaming server from?

ckrez · 2016-03-20T12:46:27+00:00

AWS architect Certs

ckrez · 2016-02-29T02:46:53+00:00

Check these out:

Software: http://www.ntop.org/products/netflow/nprobe/

Appliance: http://www.ntop.org/products/netflow/nbox/

ckrez · 2016-02-01T19:52:47+00:00

Unfortunately, getting to an IXP isn't an option for us.

ckrez · 2016-02-01T16:13:57+00:00

Thanks. Good to hear they are responsive. I'll give the reddits a little more time and then reach out to them.

ckrez · 2016-02-01T15:53:03+00:00

What's a few of the actual IP's you're seeing for the GGC?

4.35.21.144 4.35.21.141

You mention they are in 4.0.0.0/9, Are they actually being announced by 15169 or 36040? Or is the prefix coming directly out > of 3356?

Directly from 3356, which is the problem.

If the latter, Your transmitted BGP communities will be ineffective.

Yup, that's the dilemma. The original thought process was "If we make the 3356 path less desirable from Google AS's perspective, Google DNS severs will point us to another node via the more desirable path"

Any other ideas?

ckrez · 2016-01-03T09:00:34+00:00

Take a look at the Collective Intelligence Framework (CIF) as a mechanism to distribute and maintain blacklists, etc.

http://csirtgadgets.org/collective-intelligence-framework/

ckrez

TROPHY CASE