Monday, December 27, 2010

Juniper extending its Virtualization portfolio

SUNNYVALE, Calif., Dec. 6, 2010 — Juniper Networks (NYSE: JNPR) today announced it has acquired Altor Networks, a leading provider of virtualization security technology that enables organizations to secure the virtualized world. This acquisition will allow Juniper to extend its market-leading security position by delivering an integrated, highly-scalable security architecture that protects physical and virtual systems. Under the terms of the agreement, Juniper acquired Altor for a cash purchase price of approximately $95 million, net of Altor shares already owned by Juniper.

For more details please click here

Saturday, November 6, 2010

Gartner UTM Results for 2010


Gartner Magic quadrant for UTM is just released. Fortinet rocks again. Cisco and juniper are are utilizing 3rd party UTM component. Juniper has teamed up with Kaspersky and Sophos while Cisco partnered with trend micro to offer the same. Fortinet clearly has an edge of developing integrated technologies. SonicWALL along with checkpoints solutions do also look impressive


The full report is available at

Monday, April 26, 2010

Do Write Memory and DHCP !!! Not always Best Bet

Lets go to IOS and experience an interesting case

R1(config)#ip dhcp pool Strange


Oh wait a min, I want to save my Config !!! Lets use write mem or do wr

R1(dhcp-config)#do wr
R1(dhcp-config)#end


Now My Config is save, let see show run output

Sh run
Output ommited....
!
ip dhcp pool Strange
domain-name wr------------> Ooops watch that.....where the domain name comes!!!!
!


My God this made me totally mad during an implementation, i were able to figure out this after sometime. So beware of shorcuts they are not always good (:

Wednesday, April 21, 2010

IOS privilege and Show Running Dispute:

One of my client has requested to implement role based access using IOS privilege level and AAA local Database. I encounter an interesting problem. The customer requested to make a user with only show running-configuration access



When this particular user is created with a privilege level 10, and only show running-config is assigned to that privelege but to my surprise it only shows blank configuration Initially it was considered to be cisco Bug. When i dig it further, it found out that it is Cisco design and not any bug.

Please refer below for details
IOS Privilege Levels Cannot See Complete Running Configuration

Cisco IOS comes with 16 privialege level from 0-15 By default, Cisco assigns commands to only three of these privilege levels: zero, user, and enable. There are five commands with privilege level zero: disable, enable, exit, help, and logout. User EXEC mode — privilege level 1 (when you login this is default level). Privileged EXEC mode — privilege level 15 (when you are in enable mode, equivalent to root access of linux)

To assign a privilege level to a user:
2801(config)# username support password abc privilege 5
2801# show privilege
Current privilege level is 5

To assign a privilege level to a particular command
Router1#configure terminal
Router1(config)#privilege exec level 1 show running-config


Problem Finding:
The show running configuration only displays all of the commands that the current user is able to modify. i.e. in other words, only shows configuration section that is below the user's current privilege level.

Solution:
1- Instead of using show run, we may use show startup but it may show steal configuration and might not be actual replica of running configuration.
2- We may use command
username printconfig privilege 10 password test

username printconfig privilege 15 autocommand show running

By doing when the user is login the show running config command will be executed immediately but immediately logut the user. SO we will leave with configuration but need some other account to perform troubleshooting etc.



Reference:
How to Configure Local Username Database in Cisco IOS
http://www.petri.co.il/csc_how_to_configure_local_username_database_cisco_ios.htm

IOS Privilege Levels Cannot See Complete Running Configuration
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml