TLDR: Enable IP Aging fabric wide. Welcome one and all to my guide on not hating yourself. Let’s talk about the problem, you’re running ACI (great!) and your team decides they want highly available Microsoft SQL clusters (also, great!). Initially, these clusters do exactly what they say on the tin,…
COVID times have been strange for all of us I’m sure. One of the strangest things to emerge from my customer base during these times was a desire to authenticate users in Azure Active Directory with ISE. Some for VPN authentication, and even a couple of requests for 802.1X authentication.…
We’ve all been there. You desparately need to get into a router or a switch, but every username and password you try doesn’t seem to work. Or even worse, you can ping the device, see it in CDP but SSH isn’t replying and telnet is disabled (presumably because the device…
So in my last post I covered configuring FlexVPN with dynamic spoke to spoke communication using certificates for authentication. What if you wanted to use pre-shared-keys though? We can do that, it’s not nearly as secure as certificate based authentication, but we can do that. We’ll be using the exact…
Let’s talk about FlexVPN, a prime contender as a DMVPN replacement and sometimes referred to as DMVPN phase 4. In this post, I’m going to explore the nuts and bolts of getting FlexVPN up and running between (3) routers and, for added flare, I’m going to also configure dynamic spoke-2-spoke…
Alright it’s been a couple of days since the original post, so after much fanfare and exactly 0 people attempting to solve, let’s break this one down. SPOILER ALERT Issue #1 Since BGP is relying on OSPF for connectivity between peering interfaces (Loopback1), this seems like a natural place to…
So in getting ready for the CCIE Security lab this year, I’ve been spending some time trying to come up with my own troubleshooting scenarios. The process for this, if you’re curious, is normally born from practicing config and noting issues that come up when I misconfigure something. Then I’ll…
I’m changing the name, and theme of my blog and website. NetworkKnerd is no more, and I’m (slowly) moving everything to Hop16. Mostly because I was tired of NetworkKnerd, but also because my focus on Routing and Switching has been less and less over the years as I’ve transitioned into…
Congratulations, you’ve purchased one of Cisco’s shiny new Next-Generation Firewalls. It’s going inspect more packets, push bits at blazing speed, and finally lockdown your disgraceful network. You’ve built your access control policy and added a ton of rules allowing traffic outside to your inside zone. Maybe you even took this…