- Welcome to Networking-Forums.com.
We're Here to Help!
Recent posts
#51
Security / Re: NAC VDI inspection issues
Last post by deanwebb - June 16, 2024, 08:28:02 AMYes, Forescout will hammer with retries. Like a golden retriever going at Venetian blinds after you step out to get the mail because he is the bestest boy and KNOWS that if he keeps tearing down the blinds (and the furniture next), you eventually WILL come back through the door.
This is why I like the agent better.
This is why I like the agent better.
#52
Routing and Switching / Re: Switches incorrectly loadi...
Last post by deanwebb - June 16, 2024, 08:24:27 AMWe're hitting a similar issue in one of my agency customers and it looks like getting SNMP group and view names to lowercase is the way to resolve it.
#53
Security / NAC VDI inspection issues
Last post by config t - June 15, 2024, 04:26:32 PMThis is mostly just a rant to see if anyone has any ideas.
Our HBSS team has a trap set up to capture remote system login and it turns out our NAC solution is generating 1000+ logs on some hosts on a daily basis. I had them send me an example and it's what I would expect to see; vbs scripts and smb calls from NAC but a huge amount. It actually crashed their database server over a weekend.
Forescout inspects hosts on admission and whenever the policy recheck timers expire (usually 8-hours). There are exceptions to that which can be created thru policy but I am not currently running anything like that. Just discovery and interrogation and a few auto-remediation actions.
I suspect an issue with the vSphere integration or the VDI hosts themselves. When I look at the live host logs for the host entry I see a crazy amount of "host online" entries and noticed they are very slow to resolve LDAP info and populate host attributes in general.
In my mind NAC may be attempting to inspect but failing so just hammering it with retries.
Our HBSS team has a trap set up to capture remote system login and it turns out our NAC solution is generating 1000+ logs on some hosts on a daily basis. I had them send me an example and it's what I would expect to see; vbs scripts and smb calls from NAC but a huge amount. It actually crashed their database server over a weekend.
Forescout inspects hosts on admission and whenever the policy recheck timers expire (usually 8-hours). There are exceptions to that which can be created thru policy but I am not currently running anything like that. Just discovery and interrogation and a few auto-remediation actions.
I suspect an issue with the vSphere integration or the VDI hosts themselves. When I look at the live host logs for the host entry I see a crazy amount of "host online" entries and noticed they are very slow to resolve LDAP info and populate host attributes in general.
In my mind NAC may be attempting to inspect but failing so just hammering it with retries.
#54
Routing and Switching / Re: Switches incorrectly loadi...
Last post by config t - June 15, 2024, 04:11:15 PMHaven't had a chance to test it yet. NETOPS is done with upgrades for now so not a lot of switch reboots to replicate the issue.
We are thinking about implementing the call home post-boot script (or whatever it's called).. and just calling it a day.
We are thinking about implementing the call home post-boot script (or whatever it's called).. and just calling it a day.
#55
Information/Announcements / Re: OUTAGE REPORTS
Last post by deanwebb - June 09, 2024, 08:23:13 AMHad a wee tiny outage yesterday when the host introduced an error in the Apache configuration. It's now corrected and back up.
#56
Forum Lobby / Re: Cisco Live 2024
Last post by deanwebb - June 07, 2024, 02:28:16 PMI'd listen to a keynote speaker if the speaker was someone that would normally do a session.
Tom Brady: I'm already as motivated as I can be from what I know of him and avocado ice cream. I'm good to go, there.
Tom Brady: I'm already as motivated as I can be from what I know of him and avocado ice cream. I'm good to go, there.
#57
Routing and Switching / Re: Switches incorrectly loadi...
Last post by Otanx - June 07, 2024, 11:15:24 AMThat would be a crazy bug. I try to always do all caps for stuff because it helps stand out in the config as an admin assigned name instead of a key word, or config. At my old gig we did use lowercase for our SNMP stuff, but I don't remember why we did it. I wonder if we had a similar issue, but I don't remember it.
Thanks,
-Otanx
Thanks,
-Otanx
#58
Forum Lobby / Re: Cisco Live 2024
Last post by Otanx - June 07, 2024, 10:31:15 AMIt was pretty good, but not as good as pre COVID years. Still worth going, but my biggest complaint was the keynotes. The keynotes are not interesting for me. I don't care what Tom Brady has to say, but they don't offer anything else to do during the two keynotes. No sessions, no vendor hall, just the keynote. So both Tuesday and Wednesday mornings there isn't much to do besides breakfast until about 10AM. I went out to the Casino and found somewhere to sit for the first one, and ended up chatting with a Cisco employee who was also avoiding the keynote. I ended up learning some interesting items from him, but going to be vague so he can't be identified, and get in trouble for skipping the keynote. It would have helped with some stuff I did at the previous job, and I am going to find the tech notes now that I know what to search for, and send em over to my old coworkers.
Other than the keynote blocks the sessions were really good. I did a bunch of automation and security stuff. Only made it to the DevNet hall once, but that is pretty normal for me. It is usually packed, and standing room only. One session I had I was expecting a high level demo on how to use NDFC, but instead got a deep dive on proper architecture on VXLAN multi site deployment which was awesome. Then at the end a quick demo that shows as long as you had the architecture right you used NDFC and it deployed your design. I really liked that as it covered the NDFC tool, but also showed that while NDFC can fix simple issues with a design it can't fix everything, and if you have a bad design it will just deploy a bad design.
World of Solutions seems to be growing again. The last few years they didn't have many vendors. This year it was a good size. The one vendor that I noticed that was absent was VMWare. Nutanix had a booth, and I had a good talk with one of their engineers on some road map items they are working. Chatted with the Netbox Labs team for a little as well. I am a big supporter of source of truth and automation so it is nice to see more options in this space. Not much swag being given out. I got a mug and a friend got a pair of socks. Overall I felt I got some good info out of the vendors. It wasn't just sales people in the booths, and I was able to have good technical discussions about the products.
Failed my exam, but that was expected. I treat the free test attempt as just that, and didn't study. However, I think I can get it next time. About 3/4 of the way through the test was a question that made me realize I had mixed up two things in my head which made me answer 3 or 4 questions wrong. Also a few other items on the exam I didn't know would be tested for that I have never touched. I should have at least read the exam blueprint.
Finally the customer appreciation event was good. Never going to get a chance to see Sir Elton John in concert so took the wife. They had a really good turn out for the concert. More that previous years. We left after Rocket Man because I had to get up early for my exam.
Next year is in San Diego so hopefully I will be able to make it. I guess the rumor I heard was wrong that they were only going to do Vegas for the US date.
-Otanx
Other than the keynote blocks the sessions were really good. I did a bunch of automation and security stuff. Only made it to the DevNet hall once, but that is pretty normal for me. It is usually packed, and standing room only. One session I had I was expecting a high level demo on how to use NDFC, but instead got a deep dive on proper architecture on VXLAN multi site deployment which was awesome. Then at the end a quick demo that shows as long as you had the architecture right you used NDFC and it deployed your design. I really liked that as it covered the NDFC tool, but also showed that while NDFC can fix simple issues with a design it can't fix everything, and if you have a bad design it will just deploy a bad design.
World of Solutions seems to be growing again. The last few years they didn't have many vendors. This year it was a good size. The one vendor that I noticed that was absent was VMWare. Nutanix had a booth, and I had a good talk with one of their engineers on some road map items they are working. Chatted with the Netbox Labs team for a little as well. I am a big supporter of source of truth and automation so it is nice to see more options in this space. Not much swag being given out. I got a mug and a friend got a pair of socks. Overall I felt I got some good info out of the vendors. It wasn't just sales people in the booths, and I was able to have good technical discussions about the products.
Failed my exam, but that was expected. I treat the free test attempt as just that, and didn't study. However, I think I can get it next time. About 3/4 of the way through the test was a question that made me realize I had mixed up two things in my head which made me answer 3 or 4 questions wrong. Also a few other items on the exam I didn't know would be tested for that I have never touched. I should have at least read the exam blueprint.
Finally the customer appreciation event was good. Never going to get a chance to see Sir Elton John in concert so took the wife. They had a really good turn out for the concert. More that previous years. We left after Rocket Man because I had to get up early for my exam.
Next year is in San Diego so hopefully I will be able to make it. I guess the rumor I heard was wrong that they were only going to do Vegas for the US date.
-Otanx
#59
Routing and Switching / Re: Switches incorrectly loadi...
Last post by deanwebb - June 06, 2024, 02:32:27 PMCisco can be very very picky about SNMP group names.
#60
Routing and Switching / Re: Switches incorrectly loadi...
Last post by config t - June 05, 2024, 04:47:27 PMNice my group and view names are all caps and I had (very) briefly considered at least lower-casing the views since that's the part that always breaks.
I am now deeply suspicious..
*Edit
NETOPS team is going to love me if this is the issue.. their Solarwinds SNMP groups are always breaking and wouldn't ya know it.. those views are all caps as well.
my group and view names are all caps and I had (very) briefly considered at least lower-casing the views since that's the part that always breaks.I am now deeply suspicious..
*Edit
NETOPS team is going to love me if this is the issue.. their Solarwinds SNMP groups are always breaking and wouldn't ya know it.. those views are all caps as well.