Messages

Should work from the PT side. Some of the information you can pull is sensitive like key expiration.

For the mibs they give you info on all the custom info you can pull and the formats it gets returned in. The key expiration stuff I remember being weird. Something like it was returned in mmyyyy but in hex.

Next week I will be back home and can get better info rather than going on memory.

-Otanx

Yes you can. On the KG configure your SNMP server as a GEM server. It only does SNMPv3. I don't remember for sure but I think it was using AES128/SHA for protocols. Also the MIBS can be found on one of the CDs either the KG firmware one or the GEM install one.

-Otanx

They also stated they are collapsing their network, security, and collaboration teams into one. I feel the collaboration group will end up with the short end of the stick on that one.

-Otanx

I don't know about any practice exams, but what I would do is start labbing stuff up based on the certification blueprint. GNS3 has come a long way in usability, but you do need to get your own copies of the images. CML is the official way, but isn't free. Doing hands on labs is much more interesting than just reading a book. If you find yourself stuck on the lab then you know what to spend time reading about.

-Otanx

Yep, woke up to this. Glad we didn't get hit ourselves. Several of my wife's coworkers are supposed to be traveling today, but can't. The airline told them probably tomorrow... maybe. The only good thing was that for one of her coworkers they still had their hotel room because the hotel couldn't check them out when they left.

-Otanx

Sounds like there is a misconfiguration in the IAM system. I can see valid use cases for someone that can create or write to S3 not being allowed to delete. However, I will agree with you on the lack of support from AWS. I never get responses to emails. I had two users locked out of training. Emailed support, and never heard back. Luckily it wasn't important training, and a few weeks later it just started working. If you are not big enough to have a named point of contact the team monitoring the generic email addresses seem to not exist. Same with their documentation which is what the AI support is using. They change things so fast that the documentation is always outdated.

-Otanx

Forgot you were down that way. Glad you guys got skipped. I did see an article that people were tracking the power outages using the Whataburger app. Apparently the power company does not have an outage map, but the Whataburger app shows which stores are open or closed and because they are normally 24x7 they could track where the power outages were.

-Otanx

My old place is finishing up their migrations. They have to do STIG instead of CIS, and they are doing ASA to Palo, but it is all the same at the end of the day. If it wasn't for those details I would guess you worked there. They had a window to do a big cut over on Saturday after the 4th. It took them a little longer than expected, but it was successful. I think they only have two HA pairs left to migrate which will close out a 2 year plus migration. Then they get to move on to the switching refresh. Both data center and access are hitting at EOL near the same time so it will be a lot of work.

Are you planning to migrate to FTD at some point? We looked at it when it first came out as the obvious replacement for ASA and it was missing a lot of features, but I heard it is much more feature complete now.

-Otanx

I like it. That was what I was planning for my old gig before I moved to the dark side. If they end up hiring my new company it will still be what I suggest. The goal was to use the same technologies for both access and data center. The same team is managing both parts of the network so making them match helps with operations.

Using spine/leaf does not really change much for monitoring. If you have a requirement for FPC or DPI you probably already have everything in place already. Depending on the details of where the existing capture points are it may just mean making sure the monitoring tools understand the new vxlan headers, and how to parse/strip/inspect them.

-Otanx

That would be a crazy bug. I try to always do all caps for stuff because it helps stand out in the config as an admin assigned name instead of a key word, or config. At my old gig we did use lowercase for our SNMP stuff, but I don't remember why we did it. I wonder if we had a similar issue, but I don't remember it.

Thanks,
-Otanx

It was pretty good, but not as good as pre COVID years. Still worth going, but my biggest complaint was the keynotes. The keynotes are not interesting for me. I don't care what Tom Brady has to say, but they don't offer anything else to do during the two keynotes. No sessions, no vendor hall, just the keynote. So both Tuesday and Wednesday mornings there isn't much to do besides breakfast until about 10AM. I went out to the Casino and found somewhere to sit for the first one, and ended up chatting with a Cisco employee who was also avoiding the keynote. I ended up learning some interesting items from him, but going to be vague so he can't be identified, and get in trouble for skipping the keynote. It would have helped with some stuff I did at the previous job, and I am going to find the tech notes now that I know what to search for, and send em over to my old coworkers.

Other than the keynote blocks the sessions were really good. I did a bunch of automation and security stuff. Only made it to the DevNet hall once, but that is pretty normal for me. It is usually packed, and standing room only. One session I had I was expecting a high level demo on how to use NDFC, but instead got a deep dive on proper architecture on VXLAN multi site deployment which was awesome. Then at the end a quick demo that shows as long as you had the architecture right you used NDFC and it deployed your design. I really liked that as it covered the NDFC tool, but also showed that while NDFC can fix simple issues with a design it can't fix everything, and if you have a bad design it will just deploy a bad design.

World of Solutions seems to be growing again. The last few years they didn't have many vendors. This year it was a good size. The one vendor that I noticed that was absent was VMWare. Nutanix had a booth, and I had a good talk with one of their engineers on some road map items they are working. Chatted with the Netbox Labs team for a little as well. I am a big supporter of source of truth and automation so it is nice to see more options in this space. Not much swag being given out. I got a mug and a friend got a pair of socks. Overall I felt I got some good info out of the vendors. It wasn't just sales people in the booths, and I was able to have good technical discussions about the products.

Failed my exam, but that was expected. I treat the free test attempt as just that, and didn't study. However, I think I can get it next time. About 3/4 of the way through the test was a question that made me realize I had mixed up two things in my head which made me answer 3 or 4 questions wrong. Also a few other items on the exam I didn't know would be tested for that I have never touched. I should have at least read the exam blueprint.

Finally the customer appreciation event was good. Never going to get a chance to see Sir Elton John in concert so took the wife. They had a really good turn out for the concert. More that previous years. We left after Rocket Man because I had to get up early for my exam.

Next year is in San Diego so hopefully I will be able to make it. I guess the rumor I heard was wrong that they were only going to do Vegas for the US date.

-Otanx

Starts this weekend. Anyone else going? If so we can try to do a forum meet somewhere. I am also a local so if you have questions about what to do or where to go feel free to ask.

-Otanx

Note to self; If you forget your password and try to brute force back into it send dean a note so he doesn't think you are a hacker.

Good tip. This also reminded me to make sure I updated my email address here. I heard the other week that my old email provider is gone so even if I can remember my password for my old email account it no longer exists. Last year I had to get back into it to do a password reset on something.

Not the weekend, but I got my new Lego set delivered yesterday so time to put that together. It will take a few days, and then I need to figure out where I will display it. Has to stand up, and is 24" tall so it won't fit with the rest of em.

-Otanx

Saw the eclipse yesterday in Dallas, it was fantastic. Just enough breaks in the clouds to get the full effect.

Someone brought in a bunch of the glasses so most of the office went outside to check it out. We only got a partial, but it was still cool. Then someone created a Jira task for watching the eclipse to make sure we could all record our time correctly.

-Otanx

Don't you live in the desert?

Yes, I do, and it is becoming more and more desert every day with the lake drying up. There are still some places to dive near by. Nothing that comes close to the Caribbean, but still good enough. I didn't get the generator done. I was missing parts I thought I had. Hardware store helped out, but there are a couple items I had to order. Supposed to be delivered this week.

This is my last week at the old job. So this weekend will be filled with small get togethers with coworkers that couldn't get together during the week. Then the wife leaves for another work trip on Sunday night.

-Otanx