Comments for Braindump

Comment on Windows / IIS SSL - Restrict Weak Ciphers by clamasters

clamasters — Mon, 13 Oct 2008 13:55:26 +0000

@Matt Yes, I would 100% agree. Thank you.

Comment on Windows / IIS SSL - Restrict Weak Ciphers by Matt

Matt — Mon, 13 Oct 2008 13:28:07 +0000

Great post. Along the same lines, admins should also look into disabling SSL 2.0, forcing users to connect w/ 3.0 or TLS 1.0.

Comment on Cisco vs. Extreme Networks Switching Commands by Ramesh

Ramesh — Mon, 06 Oct 2008 17:10:00 +0000

Hi,

I am Ramesh again. Just to add to the last request of mine.

I wish to configure the Juniper SSG140 to issue DHCP IPs and route accordingly based on tags.

Thanx again,
Cheers,
Ramesh

Comment on Cisco vs. Extreme Networks Switching Commands by Ramesh

Ramesh — Mon, 06 Oct 2008 17:06:44 +0000

Hi,
I happen to come accross this thread which has been really helpful.

I have an Juniper SSG140 with 2 ADSL Ports (Intend to create 2 VPN tunnels use each ADSL line to our Main Office and dedicate 1 tunnel for voice and 1 for Data) and 8 managed ethernet ports.

I have 2 summit 450e 24p and 1 summit 450e 48p switches stacked.

I want to do the following:

1. have the PCs and Laptops (Data Group) access the Data VPN Tunnel.
2. have Avaya phones (Voice Group) access the Voice VPN Tunnel.
3. have 5 APs on a Summit 300-24p switch (this switch acts as the WLAN Controller) to provide guest access and should be allowed to access internet (i.e. deny access to the Data and Voice networks).

I would appreciate if you could help me configure the Extreme stack switches to achieve this above. What would be the best practice to do this and what would need to do on the juniper SSG140 to achieve the overall effect?

Thanx in Advance,
Best Regards,
Ramesh

Comment on Apache2 on Ubuntu - OpenSSL CSR / Self Signed Cert by Daniel Craig

Daniel Craig — Sat, 04 Oct 2008 03:59:15 +0000

Hello, I was looking around for a while searching for cheap ssl certificate and I happened upon this site and your post regarding Apache2 on Ubuntu - OpenSSL CSR / Self Signed Cert, I will definitely this to my cheap ssl certificate bookmarks!

Comment on Cisco vs. Extreme Networks Switching Commands by clamasters

clamasters — Fri, 03 Oct 2008 15:25:18 +0000

They both will accomplish the same goal. As far as ease of use, I have a lot more key time in front of Cisco Switches than I do Extreme, however, I like the tagged/untagged methodology of Extreme and HP vs. the “Switchport Trunk Allowed VLAN” command on the Cisco switches. It really comes down to price and preference. If I had to choose at this point in time in my life, I would go with Cisco.

Comment on Cisco vs. Extreme Networks Switching Commands by Kirk

Kirk — Fri, 03 Oct 2008 15:13:16 +0000

So which is better in your opinion for running voice and data across the same port for an office? Extreme of Cisco? Using and Avaya phone system.

Comment on Cisco vs. Extreme Networks Switching Commands by Martin

Martin — Tue, 16 Sep 2008 12:55:46 +0000

Thanks again. It makes sense. I just started working with extreme after working with cisco for 2 years. A little different but not too bad.

Comment on Cisco vs. Extreme Networks Switching Commands by clamasters

clamasters — Sat, 13 Sep 2008 03:32:30 +0000

Think of it as running “ip routing” on a Cisco router. Though it’s a bit more granular on Extreme equipment “per vlan” so if you had VLAN 1-2 with ip forwarding enabled and 3 not, you would effectively have VLAN 3 that could not route beyond the switch network (L2), while VLAN 1-2 could route just fine. To be honest, it’s been 10+ months since I have touched Extreme so I could be a little of in the memory department but in my experience this is it’s effect.

Comment on Update - Nothing new here… by clamasters

clamasters — Sat, 13 Sep 2008 03:28:07 +0000

Yeah, I have it up and running on 2 machines now. It’s pretty slick but it needs some polishing. I’ll probably just stick with FreeNAS for right now as my home server and try ebox again when it reaches a higher revision and I actually need more than just a file server. The project looks promising though.