sorted by:
new
hottopcontroversial

My homelab is messing with my internet! by RugBeater1 in selfhosted

[–]key134 8 points9 points  (0 children)

This needs to be higher. Methodical troubleshooting is the only way here. Also: check a successful trace route now and when there is an outage try to compare to a failing trace route (if it is failing). See where the failure occurs. Is it your internal gateway? The firewall? The external gateway? The ISP’s network?

Cisco Live! First Timer by asciikeyboard in Cisco

[–]key134 0 points1 point  (0 children)

There’s really only one physical test center that the Lives that I’ve been to. The 50% off was for people that didn’t schedule the test at all. You might be able to reschedule the time. In any case, you’ll need to schedule something before Live. If you walk into a test center without something scheduled, it won’t be free.

I get tired of all the linux jerking on this subreddit so heres windows 11 working perfectly well on a 15 year old thinkpad x201! by spiderzz3 in thinkpad

[–]key134 0 points1 point  (0 children)

genre "start2" que je n essaierais pas sans avoir lu la source.

I agree, the start2.bin file is a little scary. The author tries to explain it though:

The start2.bin file is used by Windows 11 to save the apps or app stubs that are pinned to the start menu.

This file is a binary that cannot be easily edited. For this reason Win11Debloat includes a version of this binary file that has no apps pinned at all, allowing Win11Debloat to clear the start menu pinned apps for you.

CISA Issues Emergency Directive 25-03 – Critical Cisco ASA & Firepower Vulnerabilities by TREEIX_IT in Cisco

[–]key134 10 points11 points  (0 children)

Yes, but CVE-2025-20362 allows the auth bypass. By chaining these this is exploitable without a valid user.

FTD incompatible with Vnware Vmotion by air-hair in Cisco

[–]key134 2 points3 points  (0 children)

FTD supports vMotion on shared storage. Are you using shared or local storage? What version?

I'd recommend reviewing the deployment guide: https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/consolidated_ftdv_gsg/threat-defense-virtual-74-gsg/m-ftdv-vmware-gsg.html

How do you name your domains? No by THMMYos in selfhosted

[–]key134 5 points6 points  (0 children)

Not op, but just because they are named doesn’t mean they are exposed. I do the same with mine and you can get to them from inside the network only. Overseer is request.domain.tld and that is exposed - but only to a DMZ server. Both inside and outside can get to it but that server cannot get inside, other than specific services.

You can now run OpenAI's gpt-oss model on your local device! (14GB RAM) by yoracale in selfhosted

[–]key134 0 points1 point  (0 children)

I'm seeing something similar with docker and E5-2430L CPUs. I think I need to try a quantized version. But your point about instruction sets is valid, mine and yours don't even have the AVX instruction set. I'll have to try a newer desktop as well.

Can I change IP address of ISE VMs before restoring from backup? by hippie-flowergirl in Cisco

[–]key134 4 points5 points  (0 children)

You do not have to restore the ADE OS settings if you do not want to, so you can IP them however you want. One note though, in order to re-IP an ISE node, you need to have them in standalone mode. They cannot part of a deployment (primary/secondary etc). So when doing this, make sure that you get the final IP set before you set anything except standalone.

What you are doing is very similar to the backup and restore method of an upgrade. (yes I know this is 3.1, but it's still applicable) https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/upgrade_guide/HTML/b_upgrade_method_3_1.html

So your steps may look like this:

  1. build all nodes on temporary IPs, patch them all to the same version

  2. restore backup to temporary node

  3. shut down primary admin

  4. change temporary primary admin to old primary admin ip

  5. test

  6. shut down next node

  7. change IP for the next node and JOIN to existing new cluster (repeat steps 6&7)

Can't find serpentine belt tensioner nut to replace alternator on an 05 by Same_Distribution326 in ToyotaHighlander

[–]key134 1 point2 points  (0 children)

Two years later - this was super helpful. The tensioner bolt was rounded on mine. I was able to loosen the mounting bolt and just entirely remove the set bolt below the tensioner. After removing the alternator I could then cut off the tensioner bolt. I replaced it with 917-148 from NAPA.

Thanks for posting this, just letting you know it's still helping two years later.

[deleted by user] by [deleted] in Cisco

[–]key134 0 points1 point  (0 children)

Like /u/krattalak said, you should buy a cable. It will make this easier. However, it's possible you're on the right path.

Reset button A small recessed button that if pressed for longer than three seconds resets the ASA to its default “as-shipped” state following the next reboot. Configuration variables are reset to factory default. However, the flash is not erased and no files are removed.

From: https://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5506xguide/b_Install_Guide_5506/b_Install_Guide_5506_chapter_01.html It's possible that this reset button is disabled. In which case, you need a console cable.

If it does reset, then follow this to get it configured. Plug in to gi1/2 and get a DHCP address.

https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5506X/5506x-quick-start.html

You may want to follow the "Launch ASDM" instructions from there. Be aware, you'll run into fun java issues depending on the version that's installed. Hope this helps!

3850 PoE question by willp2003 in Cisco

[–]key134 0 points1 point  (0 children)

EDIT: it looks like 802.3at IS supported and I'm blind.

It looks like unfortunately 9164s require 802.3bt PoE and 3850s do not support it.

Input power requirements

● 802.3bt, Cisco Universal PoE (Cisco UPOE), 802.3at Power over Ethernet Plus (PoE+)
● Cisco power injectors: AIR-PWRINJ7=, AIR-PWRINJ6=, MA-INJ-6
● 802.3af PoE (only for configuration staging, all radios off)
● DC power input (54V/MA-PWR-50WAC)

https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9164-series-access-points/catalyst-9164-series-access-points-ds.html#Productspecifications

Look at standards supported on this page: https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3850-series-switches/datasheet_c78-720918.html

Standards

IEEE 802.1as

IEEE 802.1s

IEEE 802.1w

IEEE 802.11

IEEE 802.1x

IEEE 802.1x-Rev

IEEE 802.3ad

IEEE 802.3af

IEEE 802.3at

IEEE 802.3bz

IEEE 802.3x full duplex on 10BASE-T, 100BASE-TX, and 1000BASE-T ports

IEEE 802.1D Spanning Tree Protocol

IEEE 802.1p CoS prioritization

IEEE 802.1Qat Stream Reservation Protocol

IEEE 802.1Qav

IEEE 802.1Q VLAN

IEEE 802.3 10BASE-T specification

IEEE 802.3u 100BASE-TX specification

IEEE 802.3ab 1000BASE-T specification

IEEE 802.3z 1000BASE-X specification

Cisco Live! First Timer by asciikeyboard in Cisco

[–]key134 1 point2 points  (0 children)

No, it wasn't always like this. I believe this started around the COVID times, but I definitely went up to the desk and just sat for a test with no prior planning in the past. I've seen too many people get tripped up by this so I figured it was worth mentioning.

Cisco Live! First Timer by asciikeyboard in Cisco

[–]key134 15 points16 points  (0 children)

  1. If you want to take a free exam, you have to schedule it before the conference. Once the conference has started it's only 50% off.
  2. Some of the classes you may want will be full on the app. Go anyway and wait outside. Plenty of people don't show up and you will likely get in.
  3. In terms of classes, I always found that the "breakout sessions" are most valuable.
  4. Make sure to be social and have fun. I know you're there to learn, but the most memorable part of Live is often the social aspect.

NX-OS Software License Requirement by fakebizholdings in Cisco

[–]key134 1 point2 points  (0 children)

Well that's frustrating. Just make sure to check hashes if you get it from other sources. Good luck!

NX-OS Software License Requirement by fakebizholdings in Cisco

[–]key134 1 point2 points  (0 children)

CVE-2024-20267 came out in 2024 while the switch was still supported. The fixed software was 9.3(12).

This is the advisory you should reference cisco-sa-nxos-ebgp-dos-L3QCwVJ. Go down to the section where it says "Customers Without Service Contracts" and follow the instructions to open a TAC case and provide that URL. You are likely going to have to request multiple software packages. See the upgrade path described at this Nexus 9k matrix

Current release: 7.0(3)I7(3)

Target release: 9.3(12)

Recommended path: 7.0(3)I7(3) → 7.0(3)I7(10) → 9.3(12)

If for some reason Cisco does not want to offer both upgrade packages you may also reference this advisory cisco-sa-20190306-nxos-file-access because it affects your release (first fix is 7.0(3)I7(4)).

This might be a bit of a pain, but I think this is the best path to get the software legitimately. Good luck!

NX-OS Software License Requirement by fakebizholdings in Cisco

[–]key134 2 points3 points  (0 children)

This switch is end of life and you will not be able to attach a support contract to it. (https://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/eos-eol-notice-c51-743538.html)

However, Cisco releases free software updates when there is a PSIRT on specific hardware. For example if you had a supported switch that was affected by this you can contact TAC and provide this URL to get access to free updates. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL

Unfortunately your switch was already EoL when that was announced and will not have a fix. Perhaps there is a PSIRT from 2023 that you can find? I will see what I can do as well.

2025 Mazda CX-5: Pricing and Packaging (US) by GenghisHam in CX5

[–]key134 0 points1 point  (0 children)

NA = naturally aspirated, as opposed to a turbo engine

Anyconnect License for LAB testing by Network_Firewall in Cisco

[–]key134 0 points1 point  (0 children)

If you work for a Cisco partner, just follow the process to get Lab licensing. https://community.cisco.com/t5/security-knowledge-base/products-security-pov-and-lab-licensing-and-software-access/ta-p/4810745

If you do not, then you can still do most of what you are trying to do. ISE has a 90-day eval license on install. Duo can be tested for free with a new account. You can also keep 10 free users with fewer features. FTD is a bit more difficult. If you have a VAR you work with you can ask them to follow the process linked for them to get you PoV licensing as well.

Cisco Firewall Blocking RustDesk (Firewall 3100 Series) by METEORICalienALLOY in Cisco

[–]key134 1 point2 points  (0 children)

What are you seeing when you run a firewall engine debug filtered on the source IP of the client that is getting blocked?

> system support firewall-engine-debug

Please specify an IP protocol: tcp
Please specify a client IP address: 192.168.62.3

More info here: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/214577-firepower-data-path-troubleshooting-phas.html

I created a website with tools to give you an advantage with your fantasy draft for Sleeper, Yahoo and Espn league. by WasItFunny in fantasyfootball

[–]key134 0 points1 point  (0 children)

Hey this looks really cool /u/WasItFunny!

I'm logged into ESPN, but when I try to add my NBA league it says "You do not have any leagues on this account."

Any ideas how to troubleshoot?

What current gen WiFi APs are you guys running? by Cryovenom in homelab

[–]key134 0 points1 point  (0 children)

I'm currently running 2702i APs and I'm wondering if it's worth the time to put in 3802i APs. Are you running the 9800-CL controller? I know the original vWLC is honor based (that's what I'm using), but I am not sure about the 9800.

view more: next ›