Changing Port Speeds on a 5520-VIM-4YE VIM Module in 5520 Universal Hardware Switch

The 5520-VIM-4YE, this has 4 x SFP28 ports 10/25. You can use 10Gbit or 25Gbit speeds on these ports. On an Extreme 5520 Universal hardware switch this will be ports 57-60 (on 48port model) or 33-36 (on a 24 port model) If you want to use 4 x SFP+ modules running at 10Gbit, you need […]

More...

MTA-STS (Mail Transfer Agent Strict Transport Security)

Emails crossing the internet use secure connections encrypted using Transport Layer Security (TLS). However, there remain vulnerabilities in this method of protecting the confidentiality of emails, whereby a person-in-the-middle can trick incoming connections to send to another server and/or send information in the clear. MTA-STS is a standard designed to address these vulnerabilities and is […]

More...

Kemp Load Master – SAML via OKTA with KCD to Microsoft Exchange OWA (Outlook Web Access)

The Kemp Load Master allows for the configuration of authentication offloading to itself (from the Microsoft Exchange server supporting Kerberos) to allow for the Kemp Load Master to act as a sP (Service Provider) against an IdP (Identity Provider) for example OKTA. The use of SAML via OKTA allows for any SAML (and Kerberos KCD […]

More...

Extreme Networks X695 – 40Gbit, 100Gbit QSFP(28) Ports and Port Paritioning Explained

The Extreme Networks X695 switches have a special port configuration arrangement that you need to be aware of when configuring the switch for use. Verified on: ExtremeXOS version 30.6.1.11 30.6.1.11-patch1-4 by release-manager on Tue Jul 7 10:36:05 EDT 2020 The switch supports the following: 48 x SFP28 1Gb/10Gb/25Gb Ports 8 x QSFP28 40Gb/100Gb Ports Up […]

More...

Extreme Networks Switch – “Error: VLAN Default cannot be disabled because it is configured for an L2 Protocol.”

It is pretty standard practice to disable the default VLAN and renumber its tag ID for security reasons, from version 22.4 and above we often go this issue when performing these basic commands: We’d get the error as below. In our case we don’t want to run STP (Spanning Tree Protocol) because we’re using either […]

More...

Monitor Rx and Tx Errors on Extreme Networks Switches via SNMP Query (using NagiosXI)

It is helpful to monitor the RxErrors and TxErrors on ports on Extreme Networks switches to get a heads up on any issues before they begin to impact service. The Extreme Networks MIB can be downloaded from the Extreme Networks support portal to assist you in finding the relevant SNMP OIDs, the below is an […]

More...

Active Directory Certificate Services (ADCS) PKI Domain Admin Vulnerability

Microsoft have published a vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/ADV210003 which allows an attacker to use the NTLM authentications to begin an attack chain to make an unauthenticated NTLM connection that is then relayed to allow a connection to the Active Directory Certificate Services (ADCS), this assuming the auto-enrollment is enabled means that an attacker can make a request […]

More...

Dell Openmanage DNS Records for Server Initiated Discovery (with Microsoft DNS)

OpenManage Enterprise version 3.4 allows automatic discovery of servers that have iDRAC firmware version 4.00.00.00 or later. The appliance can be configured to allow these servers to automatically locate the console by querying the DNS and initiate their discovery. The instructions (and this) give the use of the TUI or manual creation for Dell Openmanage […]

More...