My thought process is to at the end of business day, disable those scopes, rebuild them, reboot equipment and then confirm things work as intended.
I assume I need to build a new super scope and properly put in 10.10.0.0/22 and define each scope. I'm getting 0 issues from my 10.10.2.x scope and 10.10.3.x scope. However the 10.10.4.x yea that is where all the problems are ( that I know of).
@jaredbusch said in UBNT EdgeRouter LAN Config Issue:
@krisleslie said in UBNT EdgeRouter LAN Config Issue:
So, to fix the issue, we have reset the router to defaults and reconfigured it by CLI.
This will not clean your router. A reset does not nuke everything.
The only proper way to know you have a clean router is to use the EMRK process that totally wipes your flash drive.
Brother thank you, I will go head and do this on downtime since the CLI wasn't as hard as I imagined. Thanks. I also posted some new photos in the original post.
@jaredbusch said in UBNT EdgeRouter LAN Config Issue:
It is overlapping, and makes little sense. But there are valid cases for having more than one IP on a port. Just not in overlapping ranges.
How do you post photos? I have a few I need to show.
Good morning all!
I wanted to run this by the Mangolassi team first 
. So over the weekend, I determined that our router was compromised. Scott, this answers a lot of questions that we have been wondering for months! So I determined that after my assistant set up the router he never changed the default password (I know what you wanna say trust me). Well our router got probed, and eventually, someone set up a shadow process.
I worked with UBNT support and here is what I got told:
EdgeOS uses rsyslogd that runs as root, not syslogd that runs as an unprivileged user ('ubnt' here). This is likely a malicious executable that was installed after a compromise.
So, to fix the issue, we have reset the router to defaults and reconfigured it by CLI. Which now that I feel a little more comfortable with it, I don't see a point in some cases for using the GUI. Upon review of the config my assistant used, we noticed a configuration that I'm not sure about.
ethernet eth1 {
address 10.10.2.1/22
address 10.10.3.1/22
address 10.10.4.1/22
description Local
duplex auto
poe {
output off
}
speed auto
So just to give a little backstory, we are 100% virtualized for our servers. Our Active Directory server also is the host for dns and dhcp scopes. We have a super scope of 10.10.0.1 through 10.10.4.254. I'm not sure if the EdgeMax should have all 3 ip's on one interface. That raised a few questions from people at UBNT forums. What exactly is that "doing" in a case like this? As I'm under the impression all the work should be done with the Windows Server handling the scope.
As I dig a little deeper, this issue seems to get worse and worse. When I open up the DHCP Manager, we have the superscope setup. However, for the router properties, he programmed 10.10.2.1, 10.10.3.1, 10.10.4.1, 8.8.8.8, 4.2.2.2. UMM excuse me for not paying attention to this sooner, but why would the DNS servers be in the router option on Windows Server?
To be honest, this is making me wanna throw up 
Yes I know about the .loc (I walked out the room when this was set up to my disgust.) What's happening is, if anyone uses for instance the wireless and it goes over to the 10.10.4.x network, they can't get online. So no big deal I know it's just not talking to 10.10.4.1. I'm not sure how or rather WTF would cause that at this point other than this config.
Pretty much I came back and checked my data from my iphone (which was cool). Wish they had an actual ios app.
It's still an expense for us. The only sticking point is the AD Connect which of course is awesome.
@scottalanmiller said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
just took a look at ZT and I like th
Scott is there a use case for Pertino anymore ? I still have them.
So far it's pretty nice! I can monitor it remotely at home 
@scottalanmiller said in Dell DPACK vs Dell Live Optics:
ve not seen Live Op
It appears to be replacing DPACK.
What's the difference? I am new to the Live Optics... Anyone used it?
@spiral i guess the way I look at the situation, I am an a CPA and said tool is flawed, then it shouldnt matter what tool is used since i know finance. Provided the tool can give me what i need i would use whatever works.
Quickbooks by far and wide is NOT technically the best system, yet we run to it blindly.
Surely someone makes systems better technically and realistically to meet needs.
@stacksofplates said in How to monitor 100 cloud VM's:
Prometheus
I think any tool that can handle it would be of use.
If it's graphical and can do the job so be it. If it is a table and can do the job so be it.
I've tried suggesting and using Comodo ONE in this use case and I don't think it's up to the task for the job. It can monitor, and notify sure. But a visualization I'm not 100% sure about.
Same could be said about Spiceworks.
I like the direction your going it would be totally cool to see 25 at a time. Its digestable.
@dashrender Even if not on one, just enough to be able to break from having to manually check 100 machines.
@scottalanmiller Comodo ONE can't handle it from the aspect of giving him visibility to all them at one time.