I was doing some testing on a 3750X and saw that the http and http services were enabled. I knew that you could apply an ACL to restrict HTTP access, but had assumed that the HTTP security was an optional extra on top of the VTY ACL.
I tested this … and found out I was wrong. Although http(s) uses the same inband access path as SSH, web admin is not restricted in any way by VTY ACLS.
This will be quite obvious to some readers but it wasn’t for me, so I’ll assume at least one other person on the interwebz had the same issue.
I said to a colleague recently, “you can’t get 100% link utilisation on an Ethernet link”. When I tried to explain myself I wished I could link to a simple blog post with a nice graph. So here’s a quick blog post with a nice graph. I have talked a little about link speed in a previous post, but I wanted expand on this and add a quick graph to back up the argument.
Sometimes the phrase ‘working the ticket queue’ is code for ‘doing meaningless work’. If you find yourself playing whack-a-mole with your ticket queue, then this is the post for you. You should strive to do meaningful work and this post discusses some ways to get more value out of the trouble ticketing process. Continue reading
Network automation is a hot topic right now. However, many of the automation solutions focus on edge-port provisioning. I can understand why vendors are chasing this niche; port-provisioning is a high-volume and error-prone activity.
Network Automation Ideas
Port provisioning isn’t the only cause of heartache in networking. In this post I’ve shared a few painful problems that the network industry could tackle instead. I want to get you thinking and talking about the poor processes which sap your concentration and resolve, and how we could tighten your process then automate the pain away.
An emergency switch replacement can ruin your day. However, having network config backups is not enough. Restoring full service may not be as easy as just copying the running configuration from your RANCID CVS repo, or your colleagues hard drive. Restoring the ‘identity’ of your original switch is a multi-step and somewhat complicated process.
I don’t want a software defined network, I want a software-assisted network. I want tools that will help prevent common but straightforward mistakes and make it easier to baseline a network.
These tools have to work on real networks. Those messy, brownfield, imperfect networks that everyone maintains, but not everyone admits to owning. I’ve listed five tools below that I wish I had freely available when working on enterprise networks.