TLDR: Enable IP Aging fabric wide. Welcome one and all to my guide on not hating yourself. Let’s talk about the problem, you’re running ACI (great!) and your team decides they want highly available Microsoft SQL clusters (also, great!). Initially, these clusters do exactly what they say on the tin,…
-
-
First post in a long while, so I did a video on EIGRP OTP and GETVPN.
-
Cisco ISE and Azure AD – Part 1
COVID times have been strange for all of us I’m sure. One of the strangest things to emerge from my customer base during these times was a desire to authenticate users in Azure Active Directory with ISE. Some for VPN authentication, and even a couple of requests for 802.1X authentication.…
-
Cisco IOS & SNMP: A backdoor into devices you can’t access.
We’ve all been there. You desparately need to get into a router or a switch, but every username and password you try doesn’t seem to work. Or even worse, you can ping the device, see it in CDP but SSH isn’t replying and telnet is disabled (presumably because the device…
-
FlexVPN: Spoke-2-Spoke PSK
So in my last post I covered configuring FlexVPN with dynamic spoke to spoke communication using certificates for authentication. What if you wanted to use pre-shared-keys though? We can do that, it’s not nearly as secure as certificate based authentication, but we can do that. We’ll be using the exact…
-
FlexVPN: Spoke-2-Spoke Tunnels
Let’s talk about FlexVPN, a prime contender as a DMVPN replacement and sometimes referred to as DMVPN phase 4. In this post, I’m going to explore the nuts and bolts of getting FlexVPN up and running between (3) routers and, for added flare, I’m going to also configure dynamic spoke-2-spoke…
-
CCIE Security: Troubleshooting (Ticket #1) – Solution
Alright it’s been a couple of days since the original post, so after much fanfare and exactly 0 people attempting to solve, let’s break this one down. SPOILER ALERT Issue #1 Since BGP is relying on OSPF for connectivity between peering interfaces (Loopback1), this seems like a natural place to…
-
CCIE Security: Troubleshooting (Ticket #1)
So in getting ready for the CCIE Security lab this year, I’ve been spending some time trying to come up with my own troubleshooting scenarios. The process for this, if you’re curious, is normally born from practicing config and noting issues that come up when I misconfigure something. Then I’ll…
-
This Blog is getting an overhaul
I’m changing the name, and theme of my blog and website. NetworkKnerd is no more, and I’m (slowly) moving everything to Hop16. Mostly because I was tired of NetworkKnerd, but also because my focus on Routing and Switching has been less and less over the years as I’ve transitioned into…
-
Firepower Threat Defense AVC and SmartCLI
Congratulations, you’ve purchased one of Cisco’s shiny new Next-Generation Firewalls. It’s going inspect more packets, push bits at blazing speed, and finally lockdown your disgraceful network. You’ve built your access control policy and added a ton of rules allowing traffic outside to your inside zone. Maybe you even took this…