CISA news this morning: Cisco Releases Security Advisories for Multiple Products 03/20/2019 04:50 PM EDT Original release date: March 20, 2019 Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates. • Cisco IP Phone 8800 Series Path Traversal Vulnerability cisco-sa-20190320-ipptv https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipptv • Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability cisco-sa-20190320-ipfudos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipfudos • Cisco IP Phone 8800 Series Authorization Bypass Vulnerability cisco-sa-20190320-ipab https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipab • Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability cisco-sa-20190320-ip-phone-rce https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce • Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability cisco-sa-20190320-ip-phone-csrf https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-csrf

@jaredbusch said in Small Restaurant Network Redesign: @scottalanmiller said in Small Restaurant Network Redesign: Also worth noting, there are some problematic switches at each site. Again, because the VAR was clearly trying to add complexity to up the support bill, and I'm having them put in simple, low cost, unmanaged Netgears to make this really simple and reliable. I detest NetGear switches. They generally work, but everytime I try to use one for something even half specific, they puke. Sites this small can use the EdgeSwitch 8 https://www.ubnt.com/edgemax/edgeswitch-8-150w/ And it will report into UNMS along with the routers. Plus it's actually a switch, hardware- and software-wise. Not a breadbox which jumps over the table because you "accidentally" attached a cable to it. (yeah, I know, some NetGears also feature a metal case but it's not the same).

@scottalanmiller said in Cisco: we're not competent.: https://arstechnica.com/information-technology/2018/02/that-mega-vulnerability-cisco-dropped-is-now-under-exploit/ They can own all the ASAs!

@travisdh1 mmmmmmmmm....... piiiiiiiiie switches......

Done

For the Dell X Series look at it below: https://www.dell.com/support/article/us/en/19/how10377/how-to-enable-rapid-spanning-tree--rstp--on-d...

Someone on Spiceworks who had recently downloaded the firmware was able to send it to me (wipes sweaty brow) just so folks who read this will know. I appreciate the help. And yes, @scottalanmiller , this kind of thing is all too common these days. I don't like it, but it doesn't change the situation at hand I'm afraid.

I remember sitting with a Broadcloud rep 18 months ago and they were worried about how SFB on Office 365 would affect their business. Still find it amusing that we took it as a serious threat. I still have a lot of hope for FusionPBX and some other open source products as well.

@scottalanmiller said in Anyone with Cisco download access (firmware) can help me ?: I replaced a Cisco a few weeks ago because we could get a Ubiquiti that was new faster, delivered to the site, than we could get a cable to hook into the Cisco. Saved both time and money and got them better quality gear. Pure win. Cisco's "deal with our BS" overhead is very high and a huge factor on their TCO. Their optics division makes 2 Billion a year I hear. 3rd party optics are made by the same people so I never blinked at using them and duck taping some spares to the side of the chassis.

The esp-group encryption also, but it at least still does MD5 hash. [email protected]# set vpn ipsec esp-group Test proposal 1 encryption 3des aes128 aes128gcm128 aes256 aes256gcm128 [edit] [email protected]# set vpn ipsec esp-group Test proposal 1 hash md5 sha1 sha256 sha384 sha512 [edit]

@jaredbusch said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost: @nashbrydges said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost: @jaredbusch said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost: @nashbrydges said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost: @brandon220 said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost: I've been using an ERL at home for a while and have them deployed at several business. Zero complaints and I recommend them all the time. I wish I could use it at home. I'm on Bell Canada ftth and they use a different vlan for iptv and internet. All of the online guides I've seen haven't been able to get me to use my ERL and Bell won't give up which VLANs they use. No one hasd figured this information out yet? Sadly not yet, at least not that my Google-fu has allowed me to find. I am a bit amazed because it should only take a mirrored switch port and wireshark to find VLAN tags. This was my thinking as I was reading the posts. This is /should be pretty easy to figure out.

@dustinb3403 said in Hardware differences - what makes one less than enterprise: @scottalanmiller said in Hardware differences - what makes one less than enterprise: @dustinb3403 said in Hardware differences - what makes one less than enterprise: @scottalanmiller said in Hardware differences - what makes one less than enterprise: @jaredbusch said in Hardware differences - what makes one less than enterprise: @scottalanmiller said in Hardware differences - what makes one less than enterprise: @jaredbusch said in Hardware differences - what makes one less than enterprise: @scottalanmiller said in [Hardware differences - what makes one less than enterprise] The software. The hardware is about equal, sort of. But a $95 Ubiquiti is faster than a $3,000 CIsco. So the hardware still matters. Cisco at $3,000 is "Maybe able to handle your house." Prove this. Don't bullshit or theorize. Prove it. Get a unit and run tests or stopping stating it like a fact and predicate these statements with "in my opinion" and such. Granted I'll never buy Cisco in the SMB when Ubiquiti exists for the cost and performance that it currently exists with. But none of that invalidates the quality or functionality of Cisco hardware and software. Cost has nothing to do with that. I'm not the one making the claim, it's based off of measured PPS between the two. You are the one always making the claim and have never linked to source material to back up your claims. I've never made the claim. I've repeated Ubiquiti's performance measurements. It's nothing to do with me. I just remember the number and repeat it as it is a critical guideline for understanding where Ubiquiti falls within the Cisco product range. When people are talking $10K Ciscos, we can't talk Ubiquiti, it just doesn't make sense. But at $3K and below, I've never had anyone come up with any value proposition to Cisco gear considering that Ubiquiti is measured at better throughput until that price point. Granted, Ubiquiti did the study, but Cisco has not disputed it or claimed any other performance of which I am aware. If you're repeating it, find the source and post a link, FFS. I want to believe a lot of what you say, but I agree with @jaredbusch here. It comes out like another scott-ism. It only sounds that way because you think I don't have sources for all of my stuff. You can always go look up Cisco performance, too, and see what it is. But you're the person spouting something off as a fact, so provide the source! This is correct, it is not our job to do research when you are the one claiming a fact. It is the reader's job to verify, but the reader cannot do that without the initial facts. Yes, I know you already answered. Just closing my part of the conversation.

@whoolly said in Switchvox phone issues: Vendor insisted he has never had any VOIP issues with Sonicwall and didn't want to budge on that. Even while it doesn't work. So you know that he'll say this to other customers now, even after this one. Chances are, he's had problems at all customers. SonicWall is culprit #1 for VoIP issues. I mean that literally. I get a call that someone has VoIP audio issues, my first question is always "Do you have a SonicWall?" Nine times out of ten, the answer is yes and nine times out of those ten, the SW was the issue. It's nearly a sure bet with audio issues. Had you led this question purely with "I have these audio issues..." we'd have said "I bet you have a SonicWall."

Just for reference... To get StarWind VSAN you need to get here: StarWind VSAN https://www.starwindsoftware.com/starwind-virtual-san

@msff-amman-Itofficer said in Cisco Aironet 1830 Issue with HTTPS Interface: So much for Cisco Over Engineering products Um.... do people actually think that?

Yes NTG can do that. We have a Cicso guy on staff.

@scottalanmiller said in Meraki MX400 NAT Question: @dafyre said in Meraki MX400 NAT Question: The team that is there now are the ones that have to convince the bean counters of the need to change. It's a tiny cost though, right? We are only talking about a minuscule investment, I think. If it saves a few hours of effort, doesn't that cover the cost? No you are not. You are neglecting to add in the labor costs and only calculating on the hardware costs. Physically changing everything will add labor cost. Ordering, configuration, staging, installation. Yes, something else is cheaper. But not as cheap as you try to make it sound. The existing solution is in place and already paid for. A simple support call resolved the configuration issue. There is no reason to spend additional capital to change a working solution until you have to plan for new spend on the solution. If the existing solution was actually not functional, or some other factors were in play to offset things, then it would certainly be worth switching solutions.

@art_of_shred said in Thoughts on a Ubiquiti/Cisco comparo?: This is just a project. What's the line? "Not my circus, not my monkeys"? I think it goes "not my circus, not my Sonicwall".

@Dashrender said in Time to gut the network - thoughts?: @JaredBusch said in Time to gut the network - thoughts?: Correct you do have QoS. It is on the VLAN, that contains the voice devices. So the following is an incorrect assumption. @scottalanmiller said in Time to gut the network - thoughts?: You might want to LEAD with.... since we discovered that QoS was not set up properly and has never been a problem we can assume that QoS and ensuring call quality cannot be the reason. Let them come up with a reason if you head that off at the pass. No, it's correct. They didn't do their jobs properly. They neither did the sensible, cost effective thing for the business, which would have been to not have a VLAN at all. Nor did they properly do QoS for your VoIP traffic. So no matter what, they didn't set up QoS correctly for you.

@Kelly said in OpenDNS, Now Part of Cisco: Actually, given the comma placement it means that OpenDNS is now part of both Cisco and an entity called Forrester on Ransomware. This is a very confusing line. Great catch, I knew that something further was wrong. So wrong.

@scottalanmiller said in NSA tools leaked, Cisco patches exploits found inside the leaked tools: Read: CIsco confirms that the US was NSA's targetted enemy Surprise, surprise...

@Dashrender said in Cisco lays off nearly 20% of its work force: @StrongBad said in Cisco lays off nearly 20% of its work force: Even 7% is significant. You don't do that casually, that hits the news like a ton of bricks. Your customers see that as you having problems. Not an image anyone wants to project. Maybe customers don't like it, but Wall Street certainly often seems to. That's because Wall St. makes the most money from companies in flux, not those succeeding. Wall St. is about momentary gains, not long term survival. What's good for Wall St. isn't good for the company itself.

@scottalanmiller we have an ERP system that MOST of the companies work is done in. They could still use office and such, but without the link the ERP stuff is useless. Production could continue on paper, it would just slow down Email isnt local either, we use cloud based email which is stemmed from the datacenter. That is a good point thank you for mentioning that

Old post but just had to do this for an implementation we are rolling out. Thanks!

@scottalanmiller Yeah,the Switch started working

@Dashrender you can find OVA on vyos.net