Author Archives: Ruben

vSphere 6.7 VMUG Roadshow 2019 London UK

LonVMUG_LogoTuesday, September 10th

Hilton London Kensington – 179-199 Holland Park Avenue

London, W11 4UL

Google Maps

In collaboration with VMware, VMUG is bringing back an opportunity for members to participate in a technical roadshow focused on vSphere 6.7. This event is complimentary to all VMUG members, so make sure you register today!

VMware vSphere is the foundation of VMware’s Software Defined Datacenter and Cloud vision. No matter where you are in your digital transformation journey, getting current on VMware vSphere can best position you to gain maximum value from your VMware SDDC solution. Whether you are implementing new technologies or are looking at hybrid cloud or Bi-modal IT, upgrading vSphere can help you get there faster.

Kev Johnson will be the event facilitator

This is a good opportunity to hear back from peers, networking  and be more close with the VMware community.

Redundant interfaces not supported on FXOS platforms

The documentation might get you a bit confused, but after have a chat with Cisco TAC they shed some light…..Unfortunately this design is not supported, so if you are migrating from a Old Cisco ASA platform it’s time to redesign and avoid redundant interfaces. So i had to move those interfaces to port-channel, so the trade-off was the failover if the principal switch died.
Cisco Firepower
And here is the bug reported
Redundant interfaces are not supported on all FXOS platforms
CSCvg30354
Symptom:
“Firepower Management Center Configuration Guide, Version 6.1”
Chapter: Interfaces for Firepower Threat DefenseInformation related to Redundant interfaces should be changed
FROM
Redundant interfaces are not supported on the Firepower 9300
TO
Redundant interfaces are not supported on the Firepower 9300, 4100, 2100Conditions:
Currently Redundant interfaces are not supported on all FXOS Platforms

Workaround:

Graylog Syslog Input Failed to start on port 514

Probably you are having the same issue as me, so let me clarify. You can use lower ports when you run Graylog as root, since this is not the case how can we fix this? The catch is redirecting traffic from a different port 1514 to port 514 UDP/TCP.

Assuming that you are using Two Input Streams

[email protected]:~$ sudo iptables -t nat -A PREROUTING -p tcp –dport 514 -j REDIRECT –to 1514
[email protected]:~$ sudo iptables -t nat -A PREROUTING -p udp –dport 514 -j REDIRECT –to 1514

[email protected]:~$ netstat -nutlp
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN –
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN –
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN –
tcp6 0 0 :::22 :::* LISTEN –
tcp6 0 0 10.4.252.246:9000 :::* LISTEN –
udp 0 0 127.0.0.53:53 0.0.0.0:* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –

[email protected]:~$ sudo iptables-save
# Generated by iptables-save v1.6.1 on Tue Jul 23 13:04:56 2019
*nat
:PREROUTING ACCEPT [33:2312]
:INPUT ACCEPT [84:11215]
:OUTPUT ACCEPT [33:2344]
:POSTROUTING ACCEPT [33:2344]
-A PREROUTING -p udp -m udp –dport 514 -j REDIRECT –to-ports 1514
-A PREROUTING -p tcp -m tcp –dport 514 -j REDIRECT –to-ports 1514
COMMIT
# Completed on Tue Jul 23 13:04:56 2019
# Generated by iptables-save v1.6.1 on Tue Jul 23 13:04:56 2019
*filter
:INPUT ACCEPT [111065:37834236]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [106771:36862434]
COMMIT
# Completed on Tue Jul 23 13:04:56 2019

Below you can confirm if the Policy is working, in this case the Chain OUTPUT.

[email protected]:~$ sudo iptables -L -v -n
Chain INPUT (policy ACCEPT 124K packets, 42M bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 119K packets, 41M bytes)
pkts bytes target prot opt in out source destination

Juniper Open Learning: JNCIE-ENT Certification Exam Preparation

Tuesday, June 11, 2019 7:00 AM PST If you are considering taking or actively preparing for the Enterprise Routing and Switching, Expert (JNCIE-ENT) exam (and joining the #JNCIEClub2019), then join us for a free certification prep session. This session will address many of the common questions candidates have prior to taking a JNCIE exam and it will give you an opportunity to ask your own questions. As a BONUS, registrants will also receive a 25% discount voucher for the purchase of a JNCIE-ENT Self-Study Bundle. You will receive your discount voucher via email within 1-2 days after the event has run. Hurry up, seats re filling fast.

To register for the webcast follow this ink https://learningportal.juniper.net/juniper/user_activity_schedule_info.aspx?id=153691&activity=11121


No tags for this post.

CLEUR Barcelona 2019 Day 1

A very exciting first day with swags, Cisco Champion giffs, and do networking with really nice people about new trends and challenges in the industry. Why Cisco Live? it’s the opportunity to talk with your peers, explore, connect, and be inspired by Cisco’s top experts, partners, and customers. It’s an event you don’t want to miss.

CCIE Security Techtorial – TECCCIE-3202

I was really interested on this session, but it turns out that it was just a lecture instead of a hands-on session like in other tracks. The session went smooth with some questions about ISE, ESA and WSA. A few videos were provided as well on how to configure certain tasks on some of the platforms mentioned before, not a big deal.

It was awesome to meet all the team and have some chat. I would like to say thank you to Yusuf Bhaiji, Ziaul Hussain, Vivek Santuka, Ana Peric

If you are looking to start your CCIE Security journey find here CCIE Security Study Material  the most relevant materials for study.