About aok

aok · 02-03-2021

Hello We are setting up a new SIEM and one of the requirements is to track accounting information, such as users logging in to the devices and making configuration changes. On the Cisco N9Ks, the output of the "show accounting log" is what we need to...

aok · 12-30-2020

Hello We're migrating off our legacy 3750 core and need to get an idea of current throughput so we can size our new devices correctly. What's a simple way to see overall throughput without having to set up external monitoring? Thanks

aok · 11-29-2020

Hello We have 2 data centers with Direct Connects to AWS running BGP. The US DC advertises it's private /19 range and the CA DC advertises a /12, the problem is that the /19 falls within the range of the /12. Is there a way to prevent the CA DC from ...

aok · 11-25-2020

Hello We are in the process of migrating off our old 3750 core switches and onto Nexus 3ks. Currently, all of our Layer 3 networks are on the 3750s, there is a trunk between the 3750s and N3Ks and our rack switches are connected to the N3Ks. So Layer...

aok · 07-23-2019

We’re connecting uplinks from a new pair of N9K-C93108TC-EX rack switches to our core, however the new switches only have QSPF ports for fiber and the core side has limited 10G ports and no spare 40G ports. What are our options for cabling? We have s...

aok · 09-27-2021

We ended up linking the Nexus device aaa to a Radius server, so the accounting logs would go to the Radius server and then directly from Radius server to the SIEM

aok · 05-07-2019

Thanks for the info, we'll likely go with the 32Ts. We currently have two stacked switches in each rack and would like to keep redundancy with the 32Ts, what are our options for that?

aok · 01-03-2019

To add to the complexity, we want to allow all traffic on ports 80 and 443 but block all other ports except for this small subset of users, which all traffic should be allowed for. We thought about using sticky mac-address port-security but I don't t...

aok · 01-03-2019

Just to provide some more information, we only want traffic going over the port from the internal network to the data centre to be tested for authenticated users. We don't want to specify IP addresses or anything like that so a layer 3/4 access-list ...

aok · 01-03-2019

Hi Jason Thanks for the recommendation, I have looked at ISE and it seems to be quite involved. We only have about 5 users that we want to allow access across the switch port, is there a simpler way to achieve this? Thanks A

Member Since	‎04-03-2018 03:10 PM
Date Last Visited	‎10-20-2021 12:05 AM
Posts	61
Total Helpful Votes Received	15

User Statistics

User Activity

How to send accounting logs to remote syslog server - Nexus 9k

Throughput stats from 3750 switch

Overlapping networks advertised in BGP

Connectivity between two L3 switches

Cabling QSFP to SFP options - Cisco Nexus

Re: How to send accounting logs to remote syslog server - Nexus 9k

Re: Nexus 3K C31108TC-V vs 31108TCV-32T

Re: Authenticate users from internal to data centre network

Re: Authenticate users from internal to data centre network

Re: Authenticate users from internal to data centre network