Wednesday, October 31, 2012

Does @cisco have your back? Are they giving you the best price possible?

Apparently in California (home of Cisco) they dont...

Checking #Security #Compliance of your #networking equipment with @hp #imc

Keep in mind for those of  you that own HP's IMC:  IMC does have a compliance center function built into it that can check, notify and provide corrective action on configuration errors and policy verifcation.  For example it could be used to determine if the correct snmp switch hardening configuration was implemented.

For reference on how to implement check out the great imc video on you tube that covers this very topic and gives a reference case on how to detect and mitigate incorrect snmp strings.

Thursday, October 25, 2012

Join @hp in #wisconsin for all business unit update!

Appleton, Madison, Brookfield, and Eau Claire

Here from all of HP...servers, storage, network, software, pcs, printers, and services

Monday, October 15, 2012

@hp a-series @cisco command aliases just cant unlearn all of those cisco cli commands like show or write. is hard jumping on different boxes...   even though the industry has adopted pretty much a common cli (except juniper) there are differences.     One nice thing you can do on the HP a-series boxes is do command aliases.  Type a word and it issues a command.  Here are a bunch that some folks like to put on so they dont flub with a cisco command on a hp switch:

command-alias enable
command-alias mapping undo no
command-alias mapping reboot reload
command-alias mapping header banner
command-alias mapping reset clear
command-alias mapping acl access-list
command-alias mapping port switchport
command-alias mapping stp spanning-tree
command-alias mapping snmp-agent snmp-server
command-alias mapping user-interface line
command-alias mapping display show
command-alias mapping undo no
command-alias mapping return end
command-alias mapping quit exit
command-alias mapping sysname hostname
command-alias mapping acl access-list
command-alias mapping save write
command-alias mapping delete erase
command-alias mapping info-center logging
command-alias mapping save wr

Thursday, October 11, 2012

@hp #msr #firewall config example

[MSR_3020]dis cur
 version 5.20, Release 2105P02, Standard
 sysname MSR_3020
 clock timezone cst minus 06:00:00
 l2tp enable
 ike local-name h3c
 firewall enable
 firewall default deny
 domain default enable system
 dns resolve
 dns server
 telnet server enable
 blacklist enable
acl number 2000
 description NAT ACL
 rule 0 permit source
acl number 2001
 description HTTP ACL
 rule 0 permit source
 rule 1 permit source
 rule 2 permit source
 rule 5 deny
acl number 3000
 rule 0 permit ip source
 rule 5 permit ip source
 rule 10 deny ip
acl number 3200 name Wan_Inbound
 rule 0 permit icmp
 rule 5 permit udp destination-port eq 1701
 rule 10 permit udp destination-port eq 4500
 rule 15 permit tcp destination-port eq 1723
 rule 25 permit udp destination-port eq 500
 rule 35 permit udp source-port eq 1023
 rule 40 permit gre
 rule 45 permit 50
 rule 50 permit 51
 rule 55 permit udp source-port eq 67
 rule 60 permit udp source-port eq 68
 rule 65 deny udp
 rule 70 deny tcp
vlan 1
domain system
 authentication ppp local
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
 ip pool 1
ike peer remote
 exchange-mode aggressive
 pre-shared-key simple sprigmaster
 id-type name
 remote-name remote
ipsec proposal remote
ipsec policy remote 1 isakmp
 ike-peer remote
 proposal remote
dhcp server ip-pool cable
 network mask
aspf-policy 1
 detect RTSP
 detect SMTP
 detect FTP
 detect TCP
 detect UDP
user-group system
local-user 3Com
 password simple 3com3com123
 authorization-attribute level 1
 service-type ppp
local-user test
 password simple test
 authorization-attribute level 1
 service-type ppp

attack-defense policy 86 interface GigabitEthernet0/1
 signature-detect action drop-packet
 signature-detect fraggle enable
 signature-detect land enable
 signature-detect winnuke enable
 signature-detect tcp-flag enable
 signature-detect icmp-unreachable enable
 signature-detect icmp-redirect enable
 signature-detect tracert enable
 signature-detect smurf enable
 signature-detect source-route enable
 signature-detect route-record enable
 signature-detect large-icmp enable
 defense scan enable
  defense scan add-to-blacklist
 defense syn-flood enable
  defense syn-flood action drop-packet
 defense udp-flood enable
  defense udp-flood action drop-packet
 defense icmp-flood enable
  defense icmp-flood action drop-packet
l2tp-group 1
 undo tunnel authentication
 allow l2tp virtual-template 0
 tunnel name remote
interface Aux0
 async mode flow
 link-protocol ppp
interface Cellular0/0
 async mode protocol
 link-protocol ppp
interface Serial3/0
 link-protocol ppp
interface Virtual-Template0
 ppp authentication-mode chap domain system
 remote address pool 1
 ip address
interface NULL0
interface GigabitEthernet0/0
 port link-mode route
 description LAN-INTERFACE
 ip address
interface GigabitEthernet0/1
 port link-mode route
 description WAN-INTERFACE
 firewall packet-filter name Wan_Inbound inbound
 firewall aspf 1 outbound
 nat outbound 2000
 ip address dhcp-alloc
 ipsec policy remote
 attack-defense apply policy 86
nqa entry imclinktopologypleaseignore ping
 type icmp-echo
  destination ip
  frequency 270000
 snmp-agent local-engineid 8000002B03001EC16FF729
 snmp-agent community read hphp
 snmp-agent community write hphp123
 snmp-agent sys-info contact Network Admin
 snmp-agent sys-info location 3Com Lab
 snmp-agent sys-info version all
 snmp-agent target-host trap address udp-domain params securityname public
 undo snmp-agent trap enable voice dial
 dhcp enable
 nqa schedule imclinktopologypleaseignore ping start-time now lifetime 630720000
 nqa server enable
 ntp-service unicast-server
 load xml-configuration
 load tr069-configuration
user-interface con 0
user-interface tty 13
user-interface aux 0
user-interface vty 0 4
 acl 3000 inbound
 authentication-mode scheme

@hp releases new software for K based and KA based switches

K.15.10  and KA.15.10   are now released!

Some highlights:

OpenFlow v1.0 support (available prior, but was previously not in the general release train)

OF Matching rules:    switch port, vlan id, vlan pcp, mac src, mac dest, eth type, ip src, ip dest, ip tos, ip prot, l4 sport, l4 dport

OF Actions:  Forward packet to zero or more ports, encapsulate and forward to controller, send to normal processing pipeline

OF Stats:  packet & byte counters

OF matches done in hardware with v1 modules:  vlan pcp, in port

OF matches done in hardware with v2 modules:  specified( vlan id, vlan pcp, in port)  not specified ( ethertype ip, if source mac, dest mac, ethertype non-ip, if source ip, dest ip, ip tos, ip proto, source port, dest port)

OF matches done in hardware:  drop, forward to single port, forward normal, modify vlan, ip tos

CLI Compatability

additional fundamental and display commands have been added that are the same as comware


aaa auth for https
snmp trap enable/disable for lacp
ability to filter untagged vlan traffic, lldp, and 802.1x eapol packets
ipv6 dns via RA options

@sdncentral comments on recent @hp #networking #sdn announcements

Congrats! Another person figures out its safe to by @hp #networking

Its really not that hard...not that scary.... and as this new customer figures out, doesnt threaten their network nor their skills sets!

Wednesday, October 10, 2012

#milwaukee @vmware and @hp event with @arrow please join us!

Hosted at the Harley Davidson Museum in Milwaukee!

Details and registration here!

@cisco is wavering on SDN like a us politician!!!

Which way is it Cisco?  You dont see value in SDN?

oh wait... you just bought an SDN company....

Who's interest are you working in?  yours? or your customers?  Its really hard to tell because you appear to be trying to move sentiment by first downplaying SDN, then embracing it.  SDN has been building for five years...and where have they been?

Tuesday, October 9, 2012

@cisco says @vmware is becoming a competitor this plays out.. where does it put VCE?  For that Cisco looks to replace lost revenue... do they add storage and thus compete with netapp and EMC?

The whole partnership they have with these companies just doesnt make sense.

This is where HP can shine..with a complete server, storage, network solution that is integrated and adds value.

@hp adds #irf to #bladesystem

with the new 6125 series of switches that run comware.

Up to 10 in a cluster!

@hp releases new switches for the #bladesystem

The new 6125 switch family is out and is very exciting because it brings the same Comware operating system that we have in the 12500, 10500, 5900, 5800, 5500, 5120 swtiches down into the Bladesystem.

It also bring innovative features like Intelligent Resilient Framework (IRF) to allow you to cluster up to TEN 6125s together.

Is @juniper #qfabric at risk?

@juniper to #layoff 500 people?

Friday, October 5, 2012

Reason #362 to buy @HPN instead of @cisco

Software licensing for the Cisco Nexus is so complex, they actually publish a 20 page guide just to understand it!

Want a routing protocols?  You need a license (even eigrp)

Want some like HP's EVI You need a license (OTV)

Want something like HP Multi-tenant Device Context?  You need a license (VDC)

Want MPLS?  you need a license.

With HP..all of this is included and you dont need licenses!!!