Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About Polymathink
Polymathink
Getting noticed
Member since Sep 21, 2017
Nov 1 2022
Community Record
35
Posts
19
Kudos
2
Solutions
Badges
Nov 1 2022
8:03 AM
I'd like to thank the academy....Hey, is this thing on?
... View more
Oct 21 2022
12:54 PM
3 Kudos
I had just been hired as a consulting IT Director. My first task was to review everything in place and to comment on what needed to be done. Concurrently, I was told that we would under no circumstances be changing anything. It turned out the servers were generations behind, operating systems aged, and desktop systems antiquated. There may as well have been cobwebs holding the entire lot together. Never mind security, the front door was practically unlocked. Upon bringing this to the attention of the Firm Administrator, I was told, "Well, no one is interested in us; we're not IBM", yet they must have thought we were Oracle because the internal IP address scheme was not private but instead set to a public address range assigned to Oracle. This place was haunted by the spirits of poor IT decisions past and present. We were destined to a doomed future if attitudes could not be changed, and fast! So I set about making the small changes I could. First was insuring we had backups, closing outward facing ports, shoring up Citrix security, running updates, adjusting firewall rules. With the low hanging (and no to low cost) fruit picked and having earned a bit of trust and now hired full time, it was time to move on to software licensing, aging hardware, and outdated firewalls, bringing Meraki and MDM into the picture and to bear on the previously untamed hybrid BYOD and firm issued endpoints. The ghosts of IT past finally fell once we renewed the iron (chains) in the rack and began our move to the cloud. Meraki PoE switches were installed to support our eventual move to IP telephony from a decrepit Avaya system. Meraki meshed WiFi access points unshackled (towns)folk from their desktops, their pitchforks giving way to tablets. We were able to segment the network to keep visitor device traffic apart from internal devices. No longer were we at the mercy of the banshee-like updates of visitor devices bringing down external connectivity. We've made it well past midnight in this haunting and can just see the dawn through the clouds. We've got a spell to go until we reach full daybreak, but we're well on a way to a rosy future.
... View more
Jan 27 2022
1:30 PM
1 Kudo
Pretty cool that Meraki does this.
... View more
Jan 13 2022
5:52 AM
1 Kudo
One of my predecessors may not have realised that he misconfigured our internal address scheme by using a public IP address range that happens to be used by a very large publicly traded company. He started it with 192, but not 192.168.xxx.xxx. I knew we'd run into potential problems down the road, and we were able to avoid one this past year, but we really need to get this corrected. This is the year we do so, which will require a host of changes from DNS to DHCP to routing, switching, you know the drill, across all locations. Funny thing, no one here and none of our sub contractors can remember who did this or when it was done. Thanks, dude.
... View more
Jul 6 2021
9:15 AM
I have a new avatar!
... View more
May 21 2021
5:29 AM
In '97, I started working for a law firm. I told them that I didn't see working there as a career move. Coming out of consulting, I figured I'd get them straightened out in a year and be scratching around to look somewhere else. To give you an idea of where they were, they'd call in a VAR to move a computer from one attorney's office to another when someone left and they wanted to shuffle offices. Apart from also bringing on board an entire real estate department from another firm (about 20 people) the day I arrived, and finding a Netware server that abended literally every night, I found that they'd tolerated emails taking 8 hour round trips. They'd send an email out and get an answer 8 hours later. I couldn't believe they'd tolerated that. As I looked into the reason behind the 8 hour round trip, I discovered that the Netopia router they were using connected to the Internet every four hours for just a few minutes via DSL. So email would queue up for four hours, go out, and then the router would open up and let emails come in and send new emails out again before it shut down the connection. No, they weren't using the Internet yet for anything but sending and receiving emails! I ended up at that firm through 2001 when it was bought by another national firm and then became IT Director of that firm until 2005 when I finally went back out to consulting. As of 2009, I'm back in law firm IT and expect to retire here. When I got to my current firm, I found their internal addresses were set using another very big company's Internet routable IP address range. The fun never stops!
... View more
Jan 21 2020
11:14 AM
Using 8.8.8.8 (google DNS) did not work, nor did using Umbrella DNS. Not all machines had the issue, either, so it (very likely) wasn't firewall related, after all. Odd that it was only google.com.
... View more
Jan 21 2020
11:11 AM
It seems a restart worked. Not a simple reboot, but a complete shutdown and fire the machine back up was what worked. When we simply restarted the machine, it still would not connect to Google.com
... View more
Jan 16 2020
9:04 AM
Hahahaha, we tried that. Did not work. Curiously, two machines that exhibited this beahviour yesterday in the office with the MX64 can access google.com fine, today. The machine identified with this issue in the office with the MX80 still has the issue. Looking to not be a firewall issue at all, I think but perhaps a DNS issue. Allowing DoH did not resolve the issue. Still digging and will try packet sniffing next.
... View more
Jan 16 2020
7:25 AM
I can tracert to google.com fine. When using any browser I get a variation (browser dependent) of https connection error. i.e. from Firefox: An error occurred during a connection to www.google.com. PR_CONNECT_RESET_ERROR The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.
... View more
Jan 16 2020
6:42 AM
Anyone else starting to see issues reaching google.com through an MX device? This is looking curiously like the incident(s) in 2017 when we had trouble reaching google.com through the firewalls. There is nothing in the logs that I can see. There have been no config changes. This surfaced yesterday in one of our offices using an MX64 device and has started, today, in another office using an MX 80. The errors we're getting seem to be related to https but we can attach to other sites using https such as Amazon, Microsoft, and anything else we try....except for google. Google.com has been whitelisted since the issue in 2017.
... View more
Dec 11 2019
4:46 AM
1 Kudo
I would build a graphical representation of what's going over the wire at a given moment for the MX devices. Sure, I can look at the packet data, but I'd like to know, at a glance, who's using bandwidth and what sites and or applications are consuming that bandwidth per host in real time or near real time, not just for the last two hours.
... View more
Jul 1 2019
5:39 AM
1 Kudo
I have a new avatar!
... View more
Jun 11 2019
1:24 PM
1 Kudo
You may know that a Local Area Network (LAN) segment can address up to 254 end points or devices. You may have seen this noted in various ways such as: 192.1.1.1-254 192.1.1.0/24 192.1.1.1 - 192.9.1.1.254 or by the subnet mask 255.255.255.0 This limits communication between devices to 254 devices or fewer if we discount network devices that may be employed such as a firewall, a managed switch, and or a router. 254 devices sounds great for a small business which may have just a few phones, a smattering or laptops and desktops, some tablets and cellular phones, and perhaps some Internet of Things (IoT) devices such as cameras and thermostats. But what if you have 100 employees in one building? Salespeople may have a desktop and a laptop in addition to their mobile devices which may also connect to Wi-Fi when in the office. If we have an IP phone on each desk and one in the breakroom, another in the kitchen, and one in each copy room, well, you may see how we quickly run out of addresses for our end-points! We have a couple of ways to improve density. One would be to employ more network equipment to segment all those devices. We could use a router and more Wi-Fi access points to separate all those mobile devices into their own segment, for example. But as we do this, we add complexity to the physical network and cost, both in terms of initial cost as well as maintenance and support. Another way to segment the network would be to use a Virtual LAN, or vLAN. A vLAN allows us to use the equipment we have in place and segment the network by using another address scheme "on top of" the same network cabling and equipment. In Meraki's MX80, for example, we can define a vLAN by telling the equipment that we'd like to use the address scheme of 10.10.10.0/24 (254 more addresses!) for all of the IP phones. Assuming there were, oh say, 110 phones on our network, we've just freed up 110 more addresses to use on our 192.1.1.0/24 network (YAY, Notebooks for everyone!). But how does this work? Each vLAN is assigned a number. We can assign the number 23 to our IP phone vLAN. When we configure the addresses on our IP phones, we tell them to use vLAN 23. Assuming we've correctly set up our network devices (switches, firewall, etc.) for vLAN 23 to handle the traffic for our phones, all of that traffic will run over the same wires and equipment we've already got! Segmenting networks also has a security bonus. vLAN 14 can (and probably should) be set up to never communicate with vLAN 27. Thus, you can have departments (IT, Accounting, C-level) separated form one another even though they are on the same physical network. A person working on a computer on the shop floor on vLAN 14 would never be able to glean accounting data from a computer on vLAN 27. Placing all IoT devices on a separate vLAN both frees up address space for computers and makes it harder for a would-be attacker to snag information from a database by gaining access through a device such as a thermostat, camera, or fish tank. If you're a very small business with few visitors in your office, a vLAN may not be for you. It does add a bit of complexity to your setup. As your business, and your network, grows, segmenting your network via a vLAN may be a more secure, low-cost alternative to more equipment.
... View more
May 30 2019
7:52 AM
Looking forward to better and more secure access across devices when we have larger numbers of people in a conference room for depositions and better hand-offs when they break for side-meetings during bargaining or mediation.
... View more
Jan 9 2019
12:39 PM
2 Kudos
This is not necessarily related to Chrome. I have a number of machines with no Chrome installations where this activity manifests. Beachfront Media serves up video and advertising. This is likely related to one of the apps Win10 will sometimes add seemingly at random. As stated further up the thread, a good ad-blocker should resolve the issue. Alternatively, manually set the domain in the Blocked URL patterns if you don't mind it clotting up the logs and want to be sure it continues to be blocked.
... View more
Jan 9 2019
10:45 AM
We've started getting this, as well. A little digging points to Beachfront Media LLC on Amazon servers, which isn't saying much. Not sure what the root of this is, yet, or why machines are trying to reach and ostensibly sync with them. Domain Name: BFMIO.COM Registry Domain ID: 1906911790_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2015-03-03T19:29:09Z Creation Date: 2015-03-03T19:29:09Z Registrar Registration Expiration Date: 2020-03-03T19:29:09Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited Registrant Organization: Beachfront Media LLC Registrant State/Province: Florida Registrant Country: US Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=BFMIO.COM Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=BFMIO.COM Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=BFMIO.COM Name Server: NS-381.AWSDNS-47.COM Name Server: NS-663.AWSDNS-18.NET Name Server: NS-1494.AWSDNS-58.ORG Name Server: NS-1643.AWSDNS-13.CO.UK DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
... View more
Jan 7 2019
7:01 AM
"the similuation [sic] environment would need to be able to talk to the Internet and the Cisco Meraki cloud." Packet Tracer simulates the GUI interfaces of many products and doesn't have to reach out to the Internet to do so. I could see where the Dashboard screens could be generated and the inputs directed to the simulation environment without having to interface with the Internet. To keep these Dashboard screens updated in Packet Tracer shouldn't take too much work. Looks like a relatively simple port of the essential items needed for routing, Switching, VLAN, SD-WAN, wi-fi. Full Dashboard functionality needn't be extended. VIRL would be great, as well. Not sure which is more prevalently used, PT or VIRL. PT is pretty lightweight for quick modeling of essential network connectivity.
... View more
Jan 4 2019
9:52 AM
7 Kudos
Any chance that Meraki will create something like Cisco Packet Tracer or that Meraki equipment and configs will be integrated into Packet Tracer, or add-on packages for Packet Tracer made available, so we can create and test blended Meraki and Cisco environments?
I'd love to be able to use Packet Tracer (or the like) for an upcoming converged, fully-meshed, SD-WAN VOIP/Data project that will eventually include vMX for Azure. We've got both Meraki and (more traditional?) Cisco equipment.
... View more
Jun 26 2018
9:55 AM
1 Kudo
I did some more sleuthing based on a user request. She reported the inability to reach doodle.com. I couldn't find any reason why that site was blocked, so I did a WHOIS lookup. It's based in Ireland. I had blocked Ireland in our firewall. Turns out, if you block Ireland in your firewall, you can't reach cisco.com. This also breaks facebook.com and the aforementioned doodle.com. I removed the Ireland block from the firewall, and all is right with the world again.
... View more
May 22 2018
5:05 AM
Yep, confirmed today, no access via Edge at work. So odd. Just to cover bases, whitelisted cisco.com in AMP and Content Filtering, as well. Still the same TLS error. So far, it's only manifested at cisco.com. Also turned off Web caching on the MX 80 running MX 14.25.
... View more
May 21 2018
5:08 AM
While doing some after hours maintenance from a remote location, I found I could access everything through Edge. During the maintenance, I found a Meraki patch note that some IP addresses were set to change and to be sure my Firewall rules were updated to match and to go to Help > Firewall Info to get the latest rules. I input the rules, and I can access the site again through Edge while at work. Not sure why that would happen in Edge and IE and not in Firefox, or if this is merely coincidence, but I now have access in Edge. While typing this, I tried in IE and failed, getting the same error...So this is looking like intermittent access. ::Sad Trombone::
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 7782 | Jun 26 2018 9:55 AM | |
| 5928 | Sep 21 2017 5:55 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 7 | 21644 | |
| 3 | 7464 | |
| 2 | 15355 | |
| 1 | 5404 | |
| 1 | 9247 |
© 2024 Cisco Systems, Inc.
