About jayu

jayu · 07-07-2023

We have three series of Cisco Catalyst switches (2960, 1000 and 9300). The 2960 and 1000 units don't appear to support TLS 1.3 (very annoying). On a recent scan, our 2960 and 1000 series switches show failing grades on the TLS 1.2 ciphers. However...

jayu · 09-01-2022

We currently have an old AdTran L3 device pulling from a Fortigate firewall and feeding old switches. To replace these old things we got two new Cisco C9300L units, one L3 one L2. I'm trying to configure the L3 to be as closely matching to the old ...

jayu · 08-26-2022

Got in some new C9300L units, one L3 the other L2. Setup VTP server on the L3 and all four VLAN's are showing up fine in the L2. However, the L2 can't ping anything or be pinged by anything but the L3 switch it's directly connected to. Both switch...

jayu · 07-15-2022

I started here a couple weeks ago and the networking leaves much to be desired...the previous network admin had a "Management" VLAN used to run all the servers and a "Data" VLAN used for pretty much everything else...actually, on the L3 switch (Adtra...

jayu · 07-07-2022

We're looking into a three-switch solution. 9300L series, all three. We're wanting to run this in a stack with one being a Layer 3 device and the other two standard Layer 2 switches. Need to know if it's possible to run all three in one stack or i...

jayu · 07-20-2023

Anything with 3DES or CBC are considered obsolete.

jayu · 07-20-2023

@Melove - Recently, I found a similar issue with our pen tests. Using NMAP I saw that our switches were all using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256 but getting a failing grade while our servers were using the exact same string and getting an A....

jayu · 07-20-2023

Both the 2960 and 1100 series are on the latest recommended release for their series.

jayu · 07-20-2023

Update: Found what I was looking for:https://mwhubbard.blogspot.com/2020/06/disable-weak-sshssl-ciphers-in-cisco-ios.htmlgives all the commands I was after, especially important are the ones that will tell you what the switch supports as well as the ...

jayu · 07-20-2023

HTTP/S GUI access among other things...SSH being another. Before we restrict the servers and end user machines via gpo to only use TLS 1.2 (since 1.3 isn't widely supported yet) we need to make sure the switches are capable of handling the same ciph...

Member Since	‎07-07-2022 01:00 PM
Date Last Visited	‎10-09-2024 11:07 AM
Posts	55
Total Helpful Votes Received	21

User Statistics

User Activity

TLS Confusion

L3 as a Router - Questions and advice

New switches and VTP headaches

Connecting a Cisco C1000L to an Adtran VPN

Stacked Switching and Layer 3 devices

Re: Can I disable Weak Encryption Algorithms on SSH

Re: SSH Weak Key Exchange Algorithms Enabled

Re: TLS Confusion

Re: TLS Confusion

Re: TLS Confusion