Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
HelloWondering if anyone had a common practice of which inbound ports I should block on the edge internet router that is connected to the ISP. I will block any host from the WWW to IP addresses on my L3 device, like the circuit interfaces and SVIs. I...
HiStill trying to find a way to send Netflow through the mgmt port that I put in the mgmt-vrf. Is there a software rev that allows Netflow to be sent through the mgmt-vrf? I am at 16.12.4 Since it is my public facing ISP edge switchstack, I'd rather ...
Hello So I'm able to request NTP through the mgmt-vrf with gig0/0 as the mgmt physical interface: ntp source GigabitEthernet0/0ntp server vrf Mgmt-vrf 10.12.17.20ntp server vrf Mgmt-vrf 10.12.16.61 But it does not seem to allow TACACS or RADIUS throu...
Helloflexible flow says the management interface is not an authorized interfaced to send netflow data. This is my internet router for the organization and I am trying to just manage everything through the MGMT-vrf so the data plane is only exposed to...
Yes, the Checkpoint Firewalls will do most of the blocking but the internet edge L3 switchstack sits in between the WWW and the Firewalls. Therefore, I would just need to block somethings in ACL format that will prtect the switch since it is exposed ...
We'll let the FW do most of the blocking but the internet edge router will deny any snmp, telnet, and 9996 Netflow traffic from coming inbound or outbound from the edge router. The edge router is the first device, then the Firewall. Thanks all...
I'm on a Cisco CAT 9500-16x IOS-XE Gibraltar 16.12.x and I also get this error too. How may I stop this as well? DRF312cisco-WWW#show ntp informationNtp Software Name : Cisco-ntpv4Ntp Software Version : Cisco-ntpv4-1.0Ntp Software Vendor : CISCONtp S...
Hi Paul - being that these commands are global level, won't they overwrite the Type 9 passwords I have for local username and also for the enable secret. Currently I have these set: enable secret 9 "encrypted password right here"username hphnetadm se...
Thanks Seb - how can we encrypt the password after the word key? If I use type 6 it is invalid. Would be nice to encrypt "foobar". aaa group server tacacs+ ClearPassserver-private 10.120.0.85 key 9 foobarserver-private 10.12.16.137 key 9 foobarip vr...
