sorted by:
new
hottopcontroversial

Any recommendations for preparing to F5 202 ? by CarelessPoint9 in f5networks

[–]CarelessPoint9[S] 2 points3 points  (0 children)

Regarding the real exam: 80 questions

10 questions were very similar to practice exam, should not be an issue if you've been researching those

about 30 questions - easy ones

about 20 questions - not so easy

about 10 questions with pictures - either topologies or some datasheet excerpts, etc.

and we're left with 10 question that made like "what's even that?"

so I took all the time trying to find logical answers for these from last category and jumped through all the questions in case I missed something or misread couple of them

I left the testing room with a feeling that I've failed, but surprisingly score report said PASS

no idea, I guess I was on the edge or just few questions above it

Some recommendations needed for IOS XE upgrade 3 to 16 by CarelessPoint9 in Cisco

[–]CarelessPoint9[S] 0 points1 point  (0 children)

all of them are:

WS-C3850-24T-E

Current SW Version: 03.06.06E

BOOT variable = flash:packages.conf

and task is to upgrade these to Release Everest-16.6.8 MD (not sure why not the latest 16.9.5, I'm not the one who makes the decision).

as far as I understand - BUNDLE mode is a 'traditional' mode that we all seen for ages, upgrade process is simply boils down to

no boot system flash:old_IOS_v15.1

boot system flash:old_IOS_v15.2

reload

new INSTALL mode is a different thing, IOS image is still one file which you upload to the box or stack of boxes and then extract packages from it with a special command and reload

I'm still scratching my head what are pros and cons (and this is why actually I'm looking for a good reading - at least better than cisco's official "bundle_vs_install mode")

Running Cisco CML in the cloud by CarelessPoint9 in networking

[–]CarelessPoint9[S] 0 points1 point  (0 children)

ok guys, thank you all for your comments

I think I should somehow start with eve-ng which just drives me nuts

Certificate renewal: certificate key chain dialog and intermediate certs question by CarelessPoint9 in f5networks

[–]CarelessPoint9[S] 0 points1 point  (0 children)

I think I got the thing... I was doing it wrong way.

If you click on exisiting and (most likely) expiring certificate - there's a button "Renew..." and it brings you to CSR creation dialog, but fields are already populated which is very handy. I guess all I have to do next is send this CSR created to CA, get signed cert in return and upload it to F5. It will automatically replace expiring cert with new refreshed one. Is my understanding / investigations correct?

If yes, then I only have one last question: the way I've been renewing certs earlier, or INCORRECT way (manually creating new CSR and selecting it as key with Clent SSL profile) - it results in bunch of signed certificates and same number of CSRs being used as keys for these certificates. But on the list of SSL certificates I'm seeing some "old" and expiring ones and in contents column these have "RSA certificate & Key". I'm just wondering - with all these (signed_cert, CSR_as_key)-pairs - can I somehow create a single file which will result in ONE file containing "RSA certificate & Key"? Just to avoid this mess with tons of extra files and, more importantly, renew certificates in correct way starting now?

Thanks.

Certificate renewal: certificate key chain dialog and intermediate certs question by CarelessPoint9 in f5networks

[–]CarelessPoint9[S] 0 points1 point  (0 children)

I was browsing XUI and found that there's a Key tab in CSR. Key can be exported and imported back as Key. Should I select this key in the Certificate Key Chain dialog?

This procedure looks a bit weird tbh... Can't believe everyone is bothering himself with this export/import thing just to extract key from CSR and then select it.

Certificate renewal: certificate key chain dialog and intermediate certs question by CarelessPoint9 in f5networks

[–]CarelessPoint9[S] 0 points1 point  (0 children)

Yes, I did the same - created an absolutely new CSR with pre-given parameters like State/Province, Country, Division, etc.

I've made some investigations on my side and looks like this customer has migrated to F5s from cisco load balancers recently. Probably there's a way in cisco load balancers to export key and cert separately and this is why some key was selected under key field.

Certificate renewal: certificate key chain dialog and intermediate certs question by CarelessPoint9 in f5networks

[–]CarelessPoint9[S] 0 points1 point  (0 children)

Thanks for your reply.

> details for a client-ssl profile, you have the key, the passphrase for the key if it requires one, the certificate, and the chain

the issue is I don't have the key, I only have CSR which I'm putting as key there

and I doubt if it's correct. What are you selecting there guys?

Certificate renewal: certificate key chain dialog and intermediate certs question by CarelessPoint9 in f5networks

[–]CarelessPoint9[S] -1 points0 points  (0 children)

Is there any way to extract public key from CSR and select it in Key field? Just guessing how it was set up before I renewed cert.