-
Cisco AAA/802.1x Configuration Template
This post provides configuration template for a Cisco switch interacting with Clearpass NAC for AAA/802.1x setup. This has been tested out in a Cisco C9300/9500 switch running 16.12.x code version in a multi-vrf environment. Reference: https://www.ciscozine.com/dot1x-global-configuration-deployment-guide/
-
F5 Failover in AWS
F5 requires IMDSv1 in order to initiate failover between two F5 devices. IMDSv1 is susceptible to SSRF vulnerabilities as indicated in the AWS document. If IMDSv1 is disabled in AWS environment for security reasons, F5 failover will not be seamless and the F5 logs will have errors like this: err logger[15542]: /usr/libexec/aws/aws-failover-tgactive.sh (traffic-group-1): Instance sanity […]
-
Nornir – macOS Big Sur
I had a simple backup script (backup-script.py) for a multiple vendor device environment. The script was working fine before and failed after I upgraded my mac OS to Big Sur, 11.0.1. macOS Big Sur, 11.0.1Python 3.8.6 Traceback (most recent call last): File “backup-script.py”, line 2, in from nornir import InitNornir File “/Users/lib/python3.8/site-packages/nornir/__init__.py”, line 3, in […]
-
Throughput
Consider a link between two routers with bandwidth of 1Gbps and RTT of 200ms. The maximum throughput of the link is 1Gbps (Bandwidth). In a normal link, the throughput will be lower than the bandwidth because of overhead in transmission and loss. Assuming there is zero loss in the network, the maximum possible window size […]
-
Basics – IPSec VPN
The following article is a brief introduction to IPSec VPN that is utilized to provide a logical connection between 2 sites (Site to Site) or a client and a site (Client to Site). The article is written to provide the key terms behind IPSec VPN implementation in a Cisco ASA Firewall or any other similar […]
-
Juniper SRX – IDP Pattern
Usually when there is a wildcard like (““) at the beginning of the pattern, Juniper SRX expects a character before the wildcard which can be matched one or multiple times. When we use a custom pattern with nothing preceding the wildcard (““) the device will experience core dump.
-
Ansible hostfile Deprecated
While using Ansible 2.4.3 for the very first time after upgrading, I received the following error: [DEPRECATION WARNING]: [defaults]hostfile option, The key is misleading as it can also be a list of hosts, a directory or a list of paths . This feature will be removed in version 2.8. It looks like if you have […]
-
Serial Number – Viprion Blades and Chassis
# clsh tmsh show sys hardware | grep ‘Host Board Serial’ The above command is run from bash shell on the F5 in order to identify the serial number of all the blades in an F5 Viprion device. # tmsh show sys hardware | grep ‘Chassis Serial’ The above command is run from bash shell […]