Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
1 point · 1 month ago · edited 1 month ago


Cisco Umbrella


See: This link

no IPv6

  • 2620:119:53::53
  • 2620:119:35::35



Not sure what but it may be a remnant of OpenDNS. It's definitely not their primary resolver.

CloudFlare: (preferred + enforces DNSSEC) Google: (preferred HA!! + enforces DNSSEC)

You might want to add that Umbrella resolver gets all the benefits of the Talos Security Organization which is also pooling data from Ironport, CWS, CES, AMP, and others to have a holistic look at bad domains. The choice is clear: avoid google and don't pretend like cloudflare is doing you any favors.


x-post /r/iphone

Has anyone experienced this after restoring from a backup on a previously jb phone?

Iphone 6+.

I updated to 11.3.1 in iTunes using the IPSW from 10.3.1.

I used iTunes to restore from my backup. The restore complete successfully and the device goes to the hello screen and the "Update Completed. Your iPhone was updated successfully..." It says there are just a couple of additional steps and to press the continue button.

Once I do that, the indicator spins and the nothing ever happens. I waited a full 7 hours and the device would never leave this screen. I have tried two additional times to re-install the IPSW in iTunes and restore from backup with the same results.

The backup is not corrupted, as I can read it using third-party programs.


Yeah, I don’t know what I had in my backup anymore. It’s been ported through four devices since my iPhone 4. No idea why the iCloud one worked and iTunes didn’t though. Hope you can find a workable solution.

see more
Original Poster1 point · 4 months ago

It's really strange. iTunes recognizes it, shows me my home pages and my apps, and I can pull my photos using standard windows explorer. I just cannot get the phone to drop to the home page.

Same, the farthest along I could get it was to select and log in to WiFi but it would eventually freeze along the way. Could you manually create a new backup in iTunes and restore again from that instead of the one you’ve been trying?

see more
Original Poster1 point · 4 months ago

It won't back up because iTunes doesn't think the phone is setup yet.

Load more comments


Iphone 6+.

I updated to 11.3.1 in iTunes using the IPSW from 10.3.1.

The phone successfully updated and allowed me to access it. I went through the basic setup on device to at least get to the home screen.

I used iTunes to restore from my backup. After the grueling 3+ hours, the restore complete successfully and the device goes to the hello screen and the "Update Completed. Your iPhone was updated successfully..." It says there are just a couple of additional steps and to press the** continu**e button.

Once I do that, the indicator spins and the nothing ever happens. I waited a full 7 hours and the device would never leave this screen. I have tried two additional times to re-install the IPSW in iTunes and restore from backup with the same results.

The odd thing is that even though the phone was still on the ""Update Completed." screen, my alarm still went off at the normal time. And iTunes can identify the device without any problem. Why can't I move past this screen?

Has anyone seen this before?

3 points · 4 months ago

I would try to restore again... Possibly to 11.4

see more
Original Poster1 point · 4 months ago

Neither of these worked.

Coff coff jailbreak

see more
Original Poster3 points · 4 months ago

coff coff managed device

Load more comments

boot system bootflash:/isr4300-universalk9.<ver>.bin

You need to specify the filesystem, and the image tag isn't a thing. It's in the wrong format, so it's trying to boot, can't find the image, and finally picks an image from flash.

see more

This is still not right.

boot system flash bootflash:/isr4300-universalk9.<ver>.bin


My understanding is that Meltdown is worse than Spectre. Meltdown is the one that will cause the performance hits to fix.

Meltdown is worse but easier to fix, Spectre is a problem and hard to fix. Both have performance impact when patched, though Meltdown the higher hit.

see more

And still very little fixes coming form the various vendors.

First off, if you're thinking about Cisco ISE don't get it.

It is really unfortunate to see someone just hate on a product simply because they do not know how to use it. The use of a throw-away account is particularly telling.

My biggest worry is one day the system will actually crash and it'll take rebuilding the server from an OVA

Your post never once told us what version of ISE you are on.

Misconfigured NAS error

Are you still on ISE 1.2???

Misconfigured Supplicant Detected and Misconfigured Supplicant Detected

Serious question here: Do you know how to use ISE?

Misconfigured Supplicant Detected

I assume you are using AnyConnect as your supplicant. What version? What version of each module are you using?

SCCM Posturing

See above question.

See: See: Additional Reference

Version Upgrades

These are challenging and time consuming. There were some additional issues in early builds with database corruption.

I assume if you have access to upgrade ISE, you have access to TAC as well.

btw and I checked with my sales rep about this

Try asking your technical support instead of your sales support.

agreed lol oh well a learning experience.

There should be no guess work in deploying multihomed BGP.

CCNP taught me how to multihome with a public AS and provider independent space and to use at least /24s or there will be issues.

The configuration is simple and you should be able to predict the routing before the deployment.

see more

I do not remember this from CCNP (using a /24). Can you go into more details, please?

Its in the CCNP route book for sure. The BGP section. :)

see more

300-301? Page?

Load more comments

Your device is having some issue with AAA.

show run | include aaa

What do you see?

From what I have seen, that %AAA-3- BADSERVERTYPEERROR is displayed if you have configured authentication to be done against tacacs+ server but no tacacs+ server is configured.

When uploading pictures to facebook, all EXIF data is stripped from the photo. This doesn't stop facebook from downloading the data itself though I guess. If you don't want apps to have access to your location through your photos you can download apps that can wipe EXIF data from your photos. It would be kinda pointless though for someone to spoof the data to facebook since it would be a very slow process, having to modify every photo when the camera roll is loaded (location data is stored within the photo, not as a separate file).

see more
1 point · 12 months ago · edited 11 months ago
Original Poster0 points · 12 months ago

Agreed; however, they don't have TAC, as expected and he just wants to get it up and running before upgrade.

see more

Get is up and running

Get what up and running? An ASA with multiple CVSS 9 and above? Why?

And you do you really think that 3DES and SHA1 with IKEV1 is doing you any good? Sure... that will protect you. Ha!

You don't have a slow router or a security device. You have a giant open door to your network. You need to advise your customer to upgrade. You have NO security.

You can't run the 1242s and the 2800/3800 on the same WLC.

Check your matrix.

1242 uses 8.0 code. 2800/3800 needs 8.2 code. 1242 will get out of 8.0 code. It is EOL/EOS

Is your router the one actually doing the VRF configuration and the labeling popping and pushing? Generally that is the responsibility of the PE router. Is that what you need?

If not, you just need a router that supports the handoff, which is more than likely Ethernet.

In either case the ISR-G2s, in fact all Cisco routers are scaled and positioned based on functional throughput. Whether the ISR-1900 can do MPLS (it can) is inconsequential when it is only rated at 15-25 Mbps throughput.

Official Cert Guide, Kevin Wallace videos and labbing. I had a fair amount of on the job experience and had just passed CCNA R&S a year before so doing Switch wasn't a big leap.

see more

Second for LiveLessons with Kevin Wallace.

I passed all three CCNP R/S within 3 months. I guess it depends on how much time you have.

I would like 4x WS-C3850-12X48U0-E with dual power supplies and C3850-NM-8-10G.

The reality is that you need 3x switches to do SWITCH. At minimum a legacy 3550. I would recommend the 3560 because of how it deals with SPAN and QoS.

Original Poster1 point · 1 year ago

Doesn't "Framed" stand for Framed protocol like PPP?

What's it have to do with Radius authentication?

And does this attribute have to be sent by the Radius server?

see more

In the initial RFC, yes, framed included things like PPP. Like someone else said, you have to understand the history of what RADIUS is and what it stood for.

In modern networks, framed means 802.1x.

And does this attribute have to be sent by the Radius server? And yes, it is a mandatory TLV.

What's it have to do with Radius authentication?

EAPOL or EAP over LAN is the communication that happens between the supplicant and the NAD (the switch). The switch wraps that EAP request in a RADIUS packet and sends it to the authentication server. Without that TLV, then the server has no way to interpret what the 1s and 0s are supposed to mean.

Type - Tell the devices how to interpret the payload. Length - How long is the payload. Value - The payload.

I'm curious why this seems to be distressing you so much.

Original Poster0 points · 1 year ago

The switch wraps that EAP request in a RADIUS packet and sends it to the authentication server. Without that TLV, then the server has no way to interpret what the 1s and 0s are supposed to mean.

So I do have to send it?

timmy I said I should ignore it.

I'm distressed cause I can't find any clear guide on what radius attributes should be sent or for what reason they should be sent, besides those useless RFCs.

see more

Is the sending of this attribute some how affecting you or your network?

That is what /u/timmyc123 meant. Ignore it because it is not affecting you or your network. The only effect is that it is making your network work.

I gave you very detailed information on the RADIUS attribute. If you are not going to take the time to read it, to read the TL;DR: that I provided you or bother to read the "useless RFCs" how do you expect anyone to help you?


Load more comments

You should really ask your teacher for clarification on your homework assignments....

A virtual network would not be a loopback. That is a virtual INTERFACE.

A virtual network might be a VLAN. It might be a VRF. It could be a VPN of any of the half-dozen varieties.

Not enough information is provided.

This isn't true. We have 12x Catalyst 9Ks sitting in boxes in our office ready for action.. they are absolutely shipping.

see more

They are FCS. They are not openly shipping to everyone.
And chances are by the time some other person jumps on here to prove me wrong or prove how much they know, they will be fully available.

Shaking my head.

2 points · 1 year ago

It represents a 40 percent price increase. That is a lot of money. When you are working with 100s of switches 100k for the back end hardware isn't that big of a deal compared to 400k+ in extra licensing fees.

see more

$100k is the entry point to get your started with hardware appliances for Stealthwatch.

That isn't going to cover hundreds of switches. I can't even price it out for you, as I do not know your topology, but I assume you a single FlowCollector is not going to be enough for hundreds of switches. And let's not forget about the FPS Licenses.

I think you are shutting down this project over the issue with the 9k licenses. It's a tiny investment compared to Stealthwatch. At least be angry over the right thing.

Load more comments

Original Poster1 point · 1 year ago

I have reloaded. This did not help. The module is NM-16ESW

edit: ios version Version 15.1(4)M

see more


That was my guess.

Look at this Module Comparison.

Etherchannel is only compatible across stack. Cross stack or stacking is the ability to have multiple Cisco EtherSwitch network modules or Cisco EtherSwitch HWICs connected through the Gigabit Ethernet or Fast Ethernet connection in the same router.

You cannot EC etherswitch module to Catalyst switch.

The etherswitch module is a pseudo switch at best, even in the newest equipment.

24 points · 1 year ago
  • RFSM will do your job for you, no real understanding of the RF medium necessary
  • Treat the WLAN as a bolt-on afterthought to the LAN, no site survey needed
  • When in doubt, more APs
  • Drinking vendor Kool aid without really understanding how the tech works (e.g. how beamforming works, and which use cases it doesn't work in)
  • Just overall ignorance of things like multipath, diffraction/refraction, fresnel zones, scattering, antenna alignment, H/E plane graphs and how to use them, cell sizing, interference, etc
  • Just because you're a networking expert doesn't automatically make you a WiFi expert
see more

When in doubt, more APs

Treating wireless like wired.

The other misinformation is that a R/S engineer can be a wireless engineer. I see it happen all of the time. And I see a lot of posts here and /r/Cisco with lots of "wireless experts" chiming in on every wireless post.

Drinking vendor Kool aid

When your Vendor has 60 % market share and the next closet competitor has like 6-8%, they are probably doing something right. However, you have to understand how the technology works.

That's the funnies thing about all the people heralding automation and programming. There are not enough people that understand the technology that is being automated. So what if you can throw a script at it.

Learn the foundations. That is what will carry you. Learn foundations; learn the intermediates; learn how everything works together. Then worry about automating it. That's at the end of a very long road.

  • If it is an access port the VLAN tag is added on ingress.

  • If it is an access port, the VLAN assigned to that port is stripped from the packet on egress.

  • If your packet already has a VLAN tag 20 and reaches the ingress interface that has VLAN 10, the packet is dropped. The access port will only accept tagged packets that are the same VLAN it is assigned to (one of the basis for the vlan hopping attack).

The exception to this rule is 802.1q tunneling. What you are looking to do with a breakout switch is 802.1q tunneling. However, you should really not be using a Virtual Switch in GNS3 to do anything VLAN related. Those virtual switches should just be used to interconnect a bunch of routers. Don't even change their settings.

  • Your ESXi vSwitch can actually put a tag on the packet. Will your physical NIC support it? Maybe, but it depends on your OS and your NIC.

When you get into this level of complication and too many devices trying to tag and mess with the packet, it is better to bring it back as simply as possible. I have often found that getting a USB NIC (or a 4port NIC card on ESXi server) and dedicated a physical NIC to a virtual device helps avoid all this confusion (and often the need for the breakout 802.1q tunneling switch).

Hopefully this answers your question.

ISE is a really solid product that works. Take any Cisco flagship product and this sub will say it is bad.

Cisco 7206? Garabage.... even though its used everywhere.
Cisco 6500? Garbage.... even though it is used everwhere. Cisco CBR8? Garbage... even though it is used everwhere? Cisco ASR9k? Garbage... even though it runs internet backbone.. Cisco ONS15454? Garbage.... even though its the defacto standard in Optical networking.

All those products are awesome. People here hate on Cisco because that hate and somehow "scotch and kitty gifs" are what /r/networking is about.

Honestly, the ClearPass will probably interoperate with your cisco switches better than ISE will

see more

I am just curious where this is coming from. It seems to be more opinion than anything. ISE works really well, and the interoperability, particularly with VSA will always be better across the same vendor. That's a no brainer.

Do you have any validation to your post?

Load more comments

Original Poster1 point · 1 year ago

do you deal with allowing the public use public wifi like a hospital, chain stores, starbucks?

see more

Again, unless you have a purely dedicated guest network, end to end, then at some point your guest traffic is riding the same hardware as your corporate (non-guest) traffic.

Even still, this is a question about stopping rogue's from joining the WLC. I have no idea what your question means.

wIPS with MSE 8.0?

The OP asked how others deploy switches... that's how I deploy switches. It at least gives him or her something to google. My other option of a pic-em is more within reach...

see more

It doesn't give someone "something to google."

Telling someone to look up ansible to deploy switches is like telling someone to go make their own paper from scratch before they write on it.

It's a sad day when "giving someone something to google" is considered a valid answer. You would be screwed without google.

Been playing with PnP in Apic-em... otherwise templating with ansible

see more

I think if someone is asking how to mass deploy a switch that ansible might be a little outside of their wheel house.

I love how on here and /r/networking the answer is always "ansible." Guess what, not everyone uses it. And, that's just a product, not a solution. I think a more detailed description of what and how you are using ansible would be better. Otherwise it looks like part of the regular copy-pasta.

Setting up the attack does require physical access to the network, so in some respects this attack is a bit esoteric.

Physical access to the network is almost always a guaranteed hack.

  • Lock down your ports fully. Only DHCP, 802.1x, and DNS are allows through pre-authentication.

  • Use profiling and posturing to further protect your network

  • Use EAP-TLS for machine and user authentication.

It's not hard to prevent a physical network attack.

WSA actually has more innovation (and stability and history) than FTD. I am not sure why you are comparing the two products. They are not even closely related or solving the same problems.

FTD is an IPS. It is Snort integrated with AMP. It just happens to have some very light web-filtering capabilities through integration with Bright Cloud URL categories.

WSA is a full web proxy with granular reporting and policy. If you are using your FTD to do all your web filtering, you are using the wrong product. The web filter is only trigger through the IPS policy. And it's not a proxy.

WSA is alive and well and not going anywhere. FTD is alive and well and not going anywhere. They are two, independent platforms with a 1% overlap.

I think the bigger internal "competitor" is actually their CWS product and Umbrella (formerly OpenDNS). This has been said by cisco actually they want to move to more cloud protection than physical onprem products.

That said, theres many organizations that have physical requirements (banks/financial institutions) that absolutely can not be in the cloud. So I think we will continue to see something physical for a while.

I agree with your thoughts, they will need to catchup in features to make a full push to FTD/FP over the WSA if thats the end goal for physical devices.

see more

CWS multi-year went End of sale at least six months ago. It has been rapidly replaced by Umbrella. However, the cloud solution (Umbrella) and the on-prem solution (WSA) are not a one-to-one match. They do different things.

Cake day
June 20, 2015
Trophy Case (1)
Three-Year Club

sale-70-410-exam    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-HP2-B118-date    | It-Exam-000-056-Date    | Vces-C9510-052-Date-Exam    | Answer-70-354-Certs    | Answer-210-065-Dumps    | Answer-E20-510-Vces    | It-Exam-G2700-Answer    | It-Exam-200-125-Exam    | Full-HP2-B95-Vces    | Dump-VCP510PSE-Marks    | It-Exam-500-285-Marks    | It-Cert-MB4-212-Marks    | It-Pass-SPS-200-Cert    | Pass-3300-Exam-Apply    | 24h-200-105-Dumps    | 365-Online-101-Exam-Cert    | Pass-EX300-Exam    | 24h-Help-HP2-Z14-Dump    | Professional-VCP510-Exam    | It-3301-Cert-Pass    | Certs-C-TBW60-74-Plan    | Training-200-125-Current    | New-Exam-CCNA-Dumps    | CISCO-Exam-200-125-Online    | UDEMY-CCNA-Video    | Learn-CCNA-200-125-Exam    | Network-CCNA-Dumps    | Practice-200-125-Exam    | CCNA-It-Exam    | Gratis-2V0-621D-Exam    | Test-2V0-621D-king    | Cert-Killer-2V0-621D-Exam    | Exam-300-070-Test    | Brain-300-207-Exam    | Exam-CCNP-Learning    | Education-1Z0-062-Exam    | Certification-Exam-Prep    | 1Z0-062-Certification    | Becoming-1Z0-062-Exam    | For-All-N10-006-Exam    | Tech-300-115-Exam    | Exam-300-115-Labs    | Training-300-320-Dumps    | Press-640-916-Exam    | Brown-640-916-Exam    | Vces-640-916-Exam    | Exams-640-916-Help    | Course-200-355-Online    | IT-Exam-CCNA-    | Dumps-200-355-Training    | Dumps-200-355-Collection    | Dumps-200-355-Exam    | Pass-200-355-Easy    | CCNA-200-355-Dump    | Exam-400-101-PDF    | Exam-98-363-Collection    | Pass-300-070-Exam-Cert    | IT-Exam-300-070-Answers    | Exams-300-070-Cert    | Pass-300-070-Online-Exam    | Best-Dumps-300-070-Exam    | Testing-300-070-Online    | Latestp-300-070-Exam    | 2017-Online-300-070-Exam    | Guaranteed-300-070-Pass    | Exam-200-125-Exam-Vce    | Pass-210-065-Cert    | Exam-300-101-Pass    | IT-Cert-400-101-Exam    | 2017-Latest-70-410-Exam    | Get-Latest-70-461-Exam    | Questions-300-206-Answers    | Test-100-101-Exam    | Exam-Tips-300-206-Online    | IT-Test-300-070-Exam    | IT-Exam-300-070-Win    | Cert-400-101-Leader-Dumps    | Exam-400-101-For-All    | Crack-400-101-Exam    | Exam-Hub-IT-Exam    | Get-Free-300-101-Dumps    |    |    |