Apparently in California (home of Cisco) they dont...
http://www.networkworld.com/news/2012/102512-cisco-csu-263711.html?hpg1=bn
http://www.networkworld.com/news/2012/102512-cisco-csu-263711.html?hpg1=bn
Wednesday, October 31, 2012
Checking #Security #Compliance of your #networking equipment with @hp #imc
Keep in mind for those of you that own HP's IMC: IMC does have a compliance center function built into it that
can check, notify and provide corrective action on configuration errors and
policy verifcation. For example it could be used to determine if the
correct snmp switch hardening configuration was implemented.
For reference on how to
implement check out the great imc video on you tube that covers this very topic
and gives a reference case on how to detect and mitigate incorrect snmp
strings.
Thursday, October 25, 2012
Join @hp in #wisconsin for all business unit update!
Appleton, Madison, Brookfield, and Eau Claire
Here from all of HP...servers, storage, network, software, pcs, printers, and services
http://hpbroadband.com/program.aspx?key=PLJROQDIJG
Here from all of HP...servers, storage, network, software, pcs, printers, and services
http://hpbroadband.com/program.aspx?key=PLJROQDIJG
Monday, October 15, 2012
@hp a-series @cisco command aliases
So..you just cant unlearn all of those cisco cli commands like show or write. Honestly..it is hard jumping on different boxes... even though the industry has adopted pretty much a common cli (except juniper) there are differences. One nice thing you can do on the HP a-series boxes is do command aliases. Type a word and it issues a command. Here are a bunch that some folks like to put on so they dont flub with a cisco command on a hp switch:
command-alias enable
command-alias mapping undo no
command-alias mapping reboot reload
command-alias mapping header banner
command-alias mapping reset clear
command-alias mapping acl access-list
command-alias mapping port switchport
command-alias mapping stp spanning-tree
command-alias mapping snmp-agent snmp-server
command-alias mapping user-interface line
command-alias mapping display show
command-alias mapping undo no
command-alias mapping return end
command-alias mapping quit exit
command-alias mapping sysname hostname
command-alias mapping acl access-list
command-alias mapping save write
command-alias mapping delete erase
command-alias mapping info-center logging
command-alias mapping save wr
Thursday, October 11, 2012
@hp #msr #firewall config example
[MSR_3020]dis cur
#
version 5.20, Release 2105P02, Standard
#
sysname MSR_3020
#
clock timezone cst minus 06:00:00
#
l2tp enable
#
ike local-name h3c
#
firewall enable
firewall default deny
#
domain default enable system
#
dns resolve
dns server 150.199.1.10
#
telnet server enable
#
blacklist enable
#
acl number 2000
description NAT ACL
rule 0 permit source 192.168.1.0 0.0.0.255
acl number 2001
description HTTP ACL
rule 0 permit source 192.168.1.0 0.0.0.255
rule 1 permit source 151.104.104.0 0.0.0.255
rule 2 permit source 139.87.8.0 0.0.0.255
rule 5 deny
#
acl number 3000
description TELNET_ACCESS_CONTROL
rule 0 permit ip source 192.168.1.0 0.0.0.255
rule 5 permit ip source 151.104.104.0 0.0.0.255
rule 10 deny ip
rule 10 comment DENY ALL OTHER INPUT OTHER THAN LOCAL LAN AND 3COM
acl number 3200 name Wan_Inbound
description WAN_INBOUND_FILTER
rule 0 permit icmp
rule 5 permit udp destination-port eq 1701
rule 10 permit udp destination-port eq 4500
rule 15 permit tcp destination-port eq 1723
rule 25 permit udp destination-port eq 500
rule 35 permit udp source-port eq 1023
rule 40 permit gre
rule 45 permit 50
rule 50 permit 51
rule 55 permit udp source-port eq 67
rule 60 permit udp source-port eq 68
rule 65 deny udp
rule 70 deny tcp
#
vlan 1
#
domain system
authentication ppp local
access-limit disable
state active
idle-cut disable
self-service-url disable
ip pool 1 10.10.10.5 10.10.10.10
#
ike peer remote
exchange-mode aggressive
pre-shared-key simple sprigmaster
id-type name
remote-name remote
#
ipsec proposal remote
#
ipsec policy remote 1 isakmp
ike-peer remote
proposal remote
#
dhcp server ip-pool cable
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.254
dns-list 150.199.1.10
#
aspf-policy 1
detect RTSP
detect SMTP
detect FTP
detect TCP
detect UDP
#
user-group system
#
local-user 3Com
password simple 3com3com123
authorization-attribute level 1
service-type ppp
local-user test
password simple test
authorization-attribute level 1
service-type ppp
#
attack-defense policy 86 interface GigabitEthernet0/1
signature-detect action drop-packet
signature-detect fraggle enable
signature-detect land enable
signature-detect winnuke enable
signature-detect tcp-flag enable
signature-detect icmp-unreachable enable
signature-detect icmp-redirect enable
signature-detect tracert enable
signature-detect smurf enable
signature-detect source-route enable
signature-detect route-record enable
signature-detect large-icmp enable
defense scan enable
defense scan add-to-blacklist
defense syn-flood enable
defense syn-flood action drop-packet
defense udp-flood enable
defense udp-flood action drop-packet
defense icmp-flood enable
defense icmp-flood action drop-packet
#
l2tp-group 1
mandatory-chap
undo tunnel authentication
allow l2tp virtual-template 0
tunnel name remote
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
#
interface Serial3/0
link-protocol ppp
#
interface Virtual-Template0
ppp authentication-mode chap domain system
remote address pool 1
ip address 10.10.10.254 255.255.255.0
#
interface NULL0
#
interface GigabitEthernet0/0
port link-mode route
description LAN-INTERFACE
ip address 192.168.1.254 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
description WAN-INTERFACE
firewall packet-filter name Wan_Inbound inbound
firewall aspf 1 outbound
nat outbound 2000
ip address dhcp-alloc
ipsec policy remote
attack-defense apply policy 86
#
nqa entry imclinktopologypleaseignore ping
type icmp-echo
destination ip 192.168.1.253
frequency 270000
#
snmp-agent
snmp-agent local-engineid 8000002B03001EC16FF729
snmp-agent community read hphp
snmp-agent community write hphp123
snmp-agent sys-info contact Network Admin
snmp-agent sys-info location 3Com Lab
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 192.168.1.115 params securityname public
undo snmp-agent trap enable voice dial
#
dhcp enable
#
nqa schedule imclinktopologypleaseignore ping start-time now lifetime 630720000
nqa server enable
#
ntp-service unicast-server 132.163.4.101
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
user-interface tty 13
user-interface aux 0
user-interface vty 0 4
acl 3000 inbound
authentication-mode scheme
#
return
[MSR_3020]
@hp releases new software for K based and KA based switches
K.15.10 and KA.15.10 are now released!
Some highlights:
Openflow
OpenFlow v1.0 support (available prior, but was previously not in the general release train)
OF Matching rules: switch port, vlan id, vlan pcp, mac src, mac dest, eth type, ip src, ip dest, ip tos, ip prot, l4 sport, l4 dport
OF Actions: Forward packet to zero or more ports, encapsulate and forward to controller, send to normal processing pipeline
OF Stats: packet & byte counters
OF matches done in hardware with v1 modules: vlan pcp, in port
OF matches done in hardware with v2 modules: specified( vlan id, vlan pcp, in port) not specified ( ethertype ip, if source mac, dest mac, ethertype non-ip, if source ip, dest ip, ip tos, ip proto, source port, dest port)
OF matches done in hardware: drop, forward to single port, forward normal, modify vlan, ip tos
CLI Compatability
additional fundamental and display commands have been added that are the same as comware
Other
aaa auth for https
snmp trap enable/disable for lacp
ability to filter untagged vlan traffic, lldp, and 802.1x eapol packets
ipv6 dns via RA options
Some highlights:
Openflow
OpenFlow v1.0 support (available prior, but was previously not in the general release train)
OF Matching rules: switch port, vlan id, vlan pcp, mac src, mac dest, eth type, ip src, ip dest, ip tos, ip prot, l4 sport, l4 dport
OF Actions: Forward packet to zero or more ports, encapsulate and forward to controller, send to normal processing pipeline
OF Stats: packet & byte counters
OF matches done in hardware with v1 modules: vlan pcp, in port
OF matches done in hardware with v2 modules: specified( vlan id, vlan pcp, in port) not specified ( ethertype ip, if source mac, dest mac, ethertype non-ip, if source ip, dest ip, ip tos, ip proto, source port, dest port)
OF matches done in hardware: drop, forward to single port, forward normal, modify vlan, ip tos
CLI Compatability
additional fundamental and display commands have been added that are the same as comware
Other
aaa auth for https
snmp trap enable/disable for lacp
ability to filter untagged vlan traffic, lldp, and 802.1x eapol packets
ipv6 dns via RA options
Congrats! Another person figures out its safe to by @hp #networking
Its really not that hard...not that scary.... and as this new customer figures out, doesnt threaten their network nor their skills sets!
http://www.myteneo.net
http://www.myteneo.net
Wednesday, October 10, 2012
#milwaukee @vmware and @hp event with @arrow please join us!
Hosted at the Harley Davidson Museum in Milwaukee!
Details and registration here!
http://xactlyit.com/emails/vmware/museum/harley/invite.html
Details and registration here!
http://xactlyit.com/emails/vmware/museum/harley/invite.html
@cisco is wavering on SDN like a us politician!!!
Which way is it Cisco? You dont see value in SDN?
http://www.wired.com/wiredenterprise/2012/10/cisco-vcider/
oh wait... you just bought an SDN company....
www.vcider.com
Who's interest are you working in? yours? or your customers? Its really hard to tell because you appear to be trying to move sentiment by first downplaying SDN, then embracing it. SDN has been building for five years...and where have they been?
http://www.wired.com/wiredenterprise/2012/10/cisco-vcider/
oh wait... you just bought an SDN company....
www.vcider.com
Who's interest are you working in? yours? or your customers? Its really hard to tell because you appear to be trying to move sentiment by first downplaying SDN, then embracing it. SDN has been building for five years...and where have they been?
Tuesday, October 9, 2012
@cisco says @vmware is becoming a competitor
http://www.crn.com/news/networking/240007716/lloyd-vmwares-nicira-deal-a-competitive-threat-to-cisco.htm?cid=rssFeed
So..as this plays out.. where does it put VCE? For that matter...as Cisco looks to replace lost revenue... do they add storage and thus compete with netapp and EMC?
The whole partnership they have with these companies just doesnt make sense.
This is where HP can shine..with a complete server, storage, network solution that is integrated and adds value.
So..as this plays out.. where does it put VCE? For that matter...as Cisco looks to replace lost revenue... do they add storage and thus compete with netapp and EMC?
The whole partnership they have with these companies just doesnt make sense.
This is where HP can shine..with a complete server, storage, network solution that is integrated and adds value.
@hp adds #irf to #bladesystem
with the new 6125 series of switches that run comware.
Up to 10 in a cluster!
http://h18004.www1.hp.com/products/blades/components/ethernet/6125G-XG/index.html
Up to 10 in a cluster!
http://h18004.www1.hp.com/products/blades/components/ethernet/6125G-XG/index.html
@hp releases new switches for the #bladesystem
The new 6125 switch family is out and is very exciting because it brings the same Comware operating system that we have in the 12500, 10500, 5900, 5800, 5500, 5120 swtiches down into the Bladesystem.
It also bring innovative features like Intelligent Resilient Framework (IRF) to allow you to cluster up to TEN 6125s together.
http://h18004.www1.hp.com/products/blades/components/ethernet/6125G-XG/index.html
It also bring innovative features like Intelligent Resilient Framework (IRF) to allow you to cluster up to TEN 6125s together.
http://h18004.www1.hp.com/products/blades/components/ethernet/6125G-XG/index.html
Saturday, October 6, 2012
notably missing from @interop this year @extreme @aruba @dell @juniper @enterasys
HP was there..Cisco was there... Riverbed... F5
Not showing up says a lot.
Not showing up says a lot.
Friday, October 5, 2012
Reason #362 to buy @HPN instead of @cisco
Software licensing for the Cisco Nexus is so complex, they actually publish a 20 page guide just to understand it!
http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/licensing/guide/b_Cisco_NX-OS_Licensing_Guide.pdf
Want a routing protocols? You need a license (even eigrp)
Want some like HP's EVI You need a license (OTV)
Want something like HP Multi-tenant Device Context? You need a license (VDC)
Want MPLS? you need a license.
With HP..all of this is included and you dont need licenses!!!
http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/licensing/guide/b_Cisco_NX-OS_Licensing_Guide.pdf
Want a routing protocols? You need a license (even eigrp)
Want some like HP's EVI You need a license (OTV)
Want something like HP Multi-tenant Device Context? You need a license (VDC)
Want MPLS? you need a license.
With HP..all of this is included and you dont need licenses!!!
Thursday, October 4, 2012
Wednesday, October 3, 2012
Tuesday, October 2, 2012
@networkworld has the leak on @hp #sdn announcements
http://www.networkworld.com/news/2012/100212-hp-sdn-262928.html
Official announcements to come Thursday at Interop in NYC
Official announcements to come Thursday at Interop in NYC
Subscribe to:
Posts (Atom)