Club PA 2.0 has arrived! If you'd like to access some extra PA content and help support the forums, check it out at patreon.com/ClubPA
The image size limit has been raised to 1mb! Anything larger than that should be linked to. This is a HARD limit, please do not abuse it.
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

[Sysadmin] Hi.

1252627282931»

Posts

  • lwt1973lwt1973 King of Thieves SyndicationRegistered User regular
    You might just have to remember a password someday as your auto-fill might fail.

    "He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
  • EntaruEntaru Goddess with a blade Registered User regular
    Easy way to get me to mute you on slack. Ask me to reset your password after I have already told you the platform is on fire and we don't have time.

    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
  • lwt1973lwt1973 King of Thieves SyndicationRegistered User regular
    Anyone have a recommendation for a good wireless mic/headset for use with Zoom? A user is asking for one.

    "He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
  • wunderbarwunderbar What Have I Done? Registered User regular
    I think I've mentioned this before but are our shop we have the more senior guys cover the tier 1/ticket system for one morning or afternoon a week to give the entry level guy a break to work on other stuff uninterrupted. I don't mind it, it's only a few hours a week and we average like 4 tier 1 tickets a day so it's generally not a big deal.

    My shift is this morning. there have been 10 tickets in 3 hours. I want to die.

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
    EntaruThawmuschrishallett83Bendery It Like BeckhamShadowfireDarkewolfeMugsley
  • Bendery It Like BeckhamBendery It Like Beckham Hopeless Registered User regular
    edited September 12
    Disclaimer: I'm shite when it comes to network hardware
    I'm working with an HP Aruba J9774A and trying to figure out how to enroll it in 8021x. I know how to do the actual enrolling part but figuring out the best method here is causing me to scratch my head. This application seems to be a little too specific for the googling.

    The goal is to create an authorized switch in a small engineering lab that the user can connect an authorized PC to for domain network access, while also being able to communicate with unauthorized embedded linux devices on the local switch.
    I just found out the solution that has been put in place is to just force auth the port... so basically rendering 8021x pointless because all a user needs to do is unhook the switch and connect a PED. I do not like this.

    Any of y'all running HP Network switches and know if this is possible? The other option is I just set them up with a secondary nic and give them their 30 dollar netgear switch back. I don't like this either because then there is a rogue switch running around and some chuckle head might put us in a routing loop again.

    Bendery It Like Beckham on
  • LD50LD50 Registered User regular
    This is your friendly reminder that its always DNS.

    ThawmusDrovekwunderbarShadowfireDarkewolfechrishallett83SniperGuyzerzhulthatassemblyguy
  • SiliconStewSiliconStew Registered User regular
    Disclaimer: I'm shite when it comes to network hardware
    I'm working with an HP Aruba J9774A and trying to figure out how to enroll it in 8021x. I know how to do the actual enrolling part but figuring out the best method here is causing me to scratch my head. This application seems to be a little too specific for the googling.

    The goal is to create an authorized switch in a small engineering lab that the user can connect an authorized PC to for domain network access, while also being able to communicate with unauthorized embedded linux devices on the local switch.
    I just found out the solution that has been put in place is to just force auth the port... so basically rendering 8021x pointless because all a user needs to do is unhook the switch and connect a PED. I do not like this.

    Any of y'all running HP Network switches and know if this is possible? The other option is I just set them up with a secondary nic and give them their 30 dollar netgear switch back. I don't like this either because then there is a rogue switch running around and some chuckle head might put us in a routing loop again.

    You set up your access ports as an 802.1x authenticator on one VLAN and also configure the second, unauthorized VLAN for 802.1x. Devices that successfully authenticate get put on the first VLAN, the linux devices that can't authenticate stay on the second VLAN.

    The trunk port used as an uplink to the upstream network needs to be configured as an 802.1x supplicant so the switch can authenticate itself to the upstream switch. This would prevent someone swapping out the entire lab switch to gain unauthorized access.

    Then you'd need to configure a route between the authenticated VLAN and the unauthorized VLAN to allow the PC's to talk to the linux devices. Put traffic ACL's in place to prevent the unauthorized devices from sending traffic anywhere you don't want it.

    Just remember that half the people you meet are below average intelligence.
    Bendery It Like Beckham
  • MyiagrosMyiagros Registered User regular
    Stay the hell away from anything from GoAnywhere software. Download one free program and I've been spammed with email and calls for the past two months.

    iRevert wrote: »
    Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
    Steam: MyiagrosX27
  • Bendery It Like BeckhamBendery It Like Beckham Hopeless Registered User regular
    Disclaimer: I'm shite when it comes to network hardware
    I'm working with an HP Aruba J9774A and trying to figure out how to enroll it in 8021x. I know how to do the actual enrolling part but figuring out the best method here is causing me to scratch my head. This application seems to be a little too specific for the googling.

    The goal is to create an authorized switch in a small engineering lab that the user can connect an authorized PC to for domain network access, while also being able to communicate with unauthorized embedded linux devices on the local switch.
    I just found out the solution that has been put in place is to just force auth the port... so basically rendering 8021x pointless because all a user needs to do is unhook the switch and connect a PED. I do not like this.

    Any of y'all running HP Network switches and know if this is possible? The other option is I just set them up with a secondary nic and give them their 30 dollar netgear switch back. I don't like this either because then there is a rogue switch running around and some chuckle head might put us in a routing loop again.

    You set up your access ports as an 802.1x authenticator on one VLAN and also configure the second, unauthorized VLAN for 802.1x. Devices that successfully authenticate get put on the first VLAN, the linux devices that can't authenticate stay on the second VLAN.

    The trunk port used as an uplink to the upstream network needs to be configured as an 802.1x supplicant so the switch can authenticate itself to the upstream switch. This would prevent someone swapping out the entire lab switch to gain unauthorized access.

    Then you'd need to configure a route between the authenticated VLAN and the unauthorized VLAN to allow the PC's to talk to the linux devices. Put traffic ACL's in place to prevent the unauthorized devices from sending traffic anywhere you don't want it.

    I really appreciate your response, I'll be trying to convince my network admin we need to revisit this and try again. he uh... doesn't like when I suggest he may have done something incorrectly.

  • ThawmusThawmus Registered User regular
    People who can't accept that there's always a better way to do shit shouldn't be in IT

    steam_sig.png
    Bendery It Like BeckhamDarkewolfeschussmcpInquisitor77
  • EntaruEntaru Goddess with a blade Registered User regular
    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
    Dizzy Da5ehren
  • ThawmusThawmus Registered User regular
    Entaru wrote: »

    I had a friend who would send sms messages to people in this manner.

    You'll note I said "had" because the entire township decided to murder him in the street for it.

    steam_sig.png
    Entarubowen
  • a5ehrena5ehren AtlantaRegistered User regular
    Entaru wrote: »

    Someone posted this in our internal Yammer...and some people actually came out and said they disagree with this. I can't even imagine that thought process.

  • EchoEcho Moderator mod
    I do my best to teach people the miracle of shift-enter for line breaks in messages.

    Echo wrote: »
    Let they who have not posted about their balls in the wrong thread cast the first stone.
    DrovekLaOsMyiagros
  • EntaruEntaru Goddess with a blade Registered User regular
    a5ehren wrote: »
    Entaru wrote: »

    Someone posted this in our internal Yammer...and some people actually came out and said they disagree with this. I can't even imagine that thought process.

    It was a honey pot to see who you were kicking off Yammer, right?

    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
  • twmjrtwmjr Registered User regular
    I generally just don't reply until they get to the actual question; they usually figure it out after awhile.

    Also, I'm extremely on board with someone having purchased a domain to have only that post shown.

    Entarumcp
  • lwt1973lwt1973 King of Thieves SyndicationRegistered User regular
    No, I have no idea how your predecessor programmed your router/firewall/device. So if you change something on it, you might want to figure that out.

    "He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
  • LD50LD50 Registered User regular
    I feel bad because this is one holy war I legit don't have an opinion of. I don't do it myself but it doesn't bother me if someone else does it to me.

  • EntaruEntaru Goddess with a blade Registered User regular
    LD50 wrote: »
    I feel bad because this is one holy war I legit don't have an opinion of. I don't do it myself but it doesn't bother me if someone else does it to me.

    Hi.

    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
    MugsleyBlackDragon480Thawmus
  • SniperGuySniperGuy Also known as Dohaeris Registered User regular
    We have a server that manages the cameras for our building and when we got the DNS server installed, we organized the cabling better in that room and rearranged things. Which of course meant that we had to unplug stuff and when we plugged it back in, the camera server didn't have internet access. Network access yes, but no internet. Made a static IP in the DHCP server and all that, checked the IP settings of the device, all seemed good. Oh well, cameras are working, so I left it alone. Then a week or two later I was told it needed to have internet access by the guy that runs the cameras, and he had no idea how it had been setup previously. Turns out the machine had two NICs for some reason and we had both ethernets plugged in, which was apparently supposed to happen.

    So I swapped the ethernet cords and oh hey look at that it works now. Sometimes my job feels silly.

    Twitch Streaming W/TH/F and more
    Dohaeris210 on PSN / SniperGuy710 on Xbone Live
    Sometimes, I make YouTube videos
  • DarkewolfeDarkewolfe Registered User regular
    Being a vendor now rather than operations means that 80% of my life is now diagnosing that the issue is decidedly not my product but something their ops team has messed up. It's actually a really frustrating thing, because I still do most of the heavy lifting of analysis, and then never get to fix it since it's inevitably something else.

    What is this I don't even.
    EntaruRadiationThawmus
  • EntaruEntaru Goddess with a blade Registered User regular
    Darkewolfe wrote: »
    Being a vendor now rather than operations means that 80% of my life is now diagnosing that the issue is decidedly not my product but something their ops team has messed up. It's actually a really frustrating thing, because I still do most of the heavy lifting of analysis, and then never get to fix it since it's inevitably something else.

    Living the dream!

    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
    DrovekRadiationDarkewolfeThawmus
  • RadiationRadiation Registered User regular
    Darkewolfe wrote: »
    Being a vendor now rather than operations means that 80% of my life is now diagnosing that the issue is decidedly not my product but something their ops team has messed up. It's actually a really frustrating thing, because I still do most of the heavy lifting of analysis, and then never get to fix it since it's inevitably something else.

    Just had my first taste of that a bit yesterday. Its usually pretty easy to determine its not my area and send the customer off, but I had someone asking how to get our tool to work with Cisco ISE, so I have to churn on that next week. I'll likely write an integration guide for the rest of the team to reference or other customers.

    PSN: jfrofl
  • LD50LD50 Registered User regular
    Entaru wrote: »
    LD50 wrote: »
    I feel bad because this is one holy war I legit don't have an opinion of. I don't do it myself but it doesn't bother me if someone else does it to me.

    Hi.

    Hi!

  • mcpmcp Registered User regular
    If I respond to 'hi' they'll know I'm watching and I can't later pretend I didn't see their question.

    walrus.png
    Drovektwmjr
  • Bendery It Like BeckhamBendery It Like Beckham Hopeless Registered User regular
    edited 2:04AM
    Disclaimer: I'm shite when it comes to network hardware
    I'm working with an HP Aruba J9774A and trying to figure out how to enroll it in 8021x. I know how to do the actual enrolling part but figuring out the best method here is causing me to scratch my head. This application seems to be a little too specific for the googling.

    The goal is to create an authorized switch in a small engineering lab that the user can connect an authorized PC to for domain network access, while also being able to communicate with unauthorized embedded linux devices on the local switch.
    I just found out the solution that has been put in place is to just force auth the port... so basically rendering 8021x pointless because all a user needs to do is unhook the switch and connect a PED. I do not like this.

    Any of y'all running HP Network switches and know if this is possible? The other option is I just set them up with a secondary nic and give them their 30 dollar netgear switch back. I don't like this either because then there is a rogue switch running around and some chuckle head might put us in a routing loop again.

    You set up your access ports as an 802.1x authenticator on one VLAN and also configure the second, unauthorized VLAN for 802.1x. Devices that successfully authenticate get put on the first VLAN, the linux devices that can't authenticate stay on the second VLAN.

    The trunk port used as an uplink to the upstream network needs to be configured as an 802.1x supplicant so the switch can authenticate itself to the upstream switch. This would prevent someone swapping out the entire lab switch to gain unauthorized access.

    Then you'd need to configure a route between the authenticated VLAN and the unauthorized VLAN to allow the PC's to talk to the linux devices. Put traffic ACL's in place to prevent the unauthorized devices from sending traffic anywhere you don't want it.

    I really appreciate your response, I'll be trying to convince my network admin we need to revisit this and try again. he uh... doesn't like when I suggest he may have done something incorrectly.

    For those who would like an update on this issue, I framed it as, "Hey, this is what the lab would look like, from everything I've read and the discussions I've had around this, this should work. If our current hardware just isn't able to support this because Vlaning, or something else I think we should investigate a hardware solution that does" My director and network administrators take on this request "It doesn't work that way" and "you don't know how it works".

    Interview tomorrow with another company.

    Bendery It Like Beckham at
    Drovek
  • mcpmcp Registered User regular
    Everytime I try to do anything with these Cisco Meraki MX's there's some kind of bullshit involved.

    Using the API to export all the group policy l3 rules we have for an audit.

    They have some prewritten scripts that will do that for the default l3 rules, but not the group policy rules.

    Not a huge deal, I write my own.

    Looking through the output, there's no source or source port for any of these rules. Double check the json file the API gives you, and yeah... They just left that info out.

    What the fuck man

    walrus.png
  • MyiagrosMyiagros Registered User regular
    At my normal Wednesday client and a guy comes and asks me if I got his message the other day. Tell him no, never saw one. Then it dawned on me that it was probably the phone call I ignored because it was 5:30pm and I am off the clock. One more reason to call our office and not my personal cell number.

    iRevert wrote: »
    Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
    Steam: MyiagrosX27
  • MyiagrosMyiagros Registered User regular
    mcp wrote: »
    Everytime I try to do anything with these Cisco Meraki MX's there's some kind of bullshit involved.

    Using the API to export all the group policy l3 rules we have for an audit.

    They have some prewritten scripts that will do that for the default l3 rules, but not the group policy rules.

    Not a huge deal, I write my own.

    Looking through the output, there's no source or source port for any of these rules. Double check the json file the API gives you, and yeah... They just left that info out.

    What the fuck man

    I like Meraki for setting up basic stuff but it gets tedious I find with content filtering. A client has full on filtering in place where they can only access sites on the whitelist and every few months I have to dick around with the Office 365 portal login for an hour because a URL somewhere changed.

    iRevert wrote: »
    Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
    Steam: MyiagrosX27
  • mcpmcp Registered User regular
    I'm not sure what the use case for Meraki firewalls is, but it's gotta be razor thin.

    The client VPN fails pci compliance, and there's nothing you can do about it.
    The active directory integration requires ntlmv1.
    You can't set up groups for sources, destinations, ports. On group policy l3 rules you can't even put multiple ports into a rule, so creating a group policy for a domain controller takes like 20 rules.
    The site to site VPN firewall has a section for inbound rules. It doesn't do anything. In the documentation it says it doesn't do anything and will be removed at some point. The fuck is that about?
    Still have to test more, but it seems like the whole sd-wan is torn down when one site to site tunnel goes down and has to be rebuilt.
    If you type 'konami' into their suggestion box, it loads a god damn browser game.

    They call their shit enterprise, it is not.

    walrus.png
    Infidel
  • MyiagrosMyiagros Registered User regular
    At an old job my boss sent me to a day long course on Meraki stuff as we needed someone that knew something about them. At that time we had one or two clients with Meraki APs but no firewalls, switches, etc.

    Got back to work the following day and was telling them about some of the features and how it could be useful having a firewall in place instead of just the APs and was met with, "ya, maybe, but we don't make any money off of the subscription renewals so there's no point".

    Then why the fuck did I go do this course?!?!

    iRevert wrote: »
    Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
    Steam: MyiagrosX27
Sign In or Register to comment.