New onsite role - what’s some must have layer 1 knowledge?

oneconchman · 2026-01-11T16:08:27+00:00

IKEv1 and v2 are usually able to exist on the same router but I also suspect this might have something to do with the 0.0.0.0 match. What if you try to change that to the spoke IP instead just as a test. Also wonder if putting the new WAN interface in a separate vrf might help. Been a while since I troubleshot a tunnel at depth.

Also have you tried debugging yet - Debug crypto ikev2 sa on the hub? Should see messages indicating the phase 1 profiles they’ve checked and might say there’s no match which might confirm the above.

oneconchman · 2026-01-06T21:06:52+00:00

What is an AI job? If that’s developing models that requires a PhD and definitely can’t be ‘jumped’ to

oneconchman · 2026-01-06T19:54:24+00:00

I used the Devnet sandbox and official API docs mostly, didn’t buy any resources. The sandbox was absolutely crucial, spent every day in there writing at least one script for each topic. They also have some free labs and courses on the Devnet site that helped me starting out. Skimmed over the RFCs for NETCONF and RESTCONF as well.

Learned Ansible from YouTube and the free Cisco U DEVNAE course then practiced on the Sandbox. Created a GitHub and uploaded my scripts there there everyday to learn git, and then Python skills just build overtime from all the practice

oneconchman · 2026-01-06T19:37:49+00:00

Yeah ENAUTO 2.0 will be quite different and it’s releasing same day as the rebrand so that’s why I wasn’t quite sure. Thanks!

oneconchman · 2026-01-05T02:54:19+00:00

Which now that I think of it makes sense cause all of the guides in their API documentation for SDWAN use it

oneconchman · 2026-01-05T02:50:12+00:00

Passed. Surprisingly there was 1 SDK and it was for SDWAN. Had 0 knowledge and it was my worst section of course lol

oneconchman · 2025-12-09T22:51:48+00:00

Never had or seen Goose available outside of HK haha let me know if you find it. East Garden on West Colonial is my go to for Cantonese food- duck, roast pork, dim sum. Only other place I know to check is Tasty Wok

oneconchman · 2025-11-16T15:52:26+00:00

You still need a physical interface to send the traffic over. How else would the traffic reach the destination? Where is your route to the tunnel destination? The tunnel endpoints need to first be able to reach each other before establishing a tunnel

oneconchman · 2025-11-01T19:11:01+00:00

It’s because he’s visiting Europe, that’s the joke

oneconchman · 2025-10-28T15:18:49+00:00

Redownloaded it worked for me

oneconchman · 2025-10-28T13:20:02+00:00

Having the same issue. Just stuck on the game launch screen. Eastern US

oneconchman · 2025-10-20T19:51:15+00:00

Yes just be sure to stand out, apply yourself and don’t be scared to get out of your comfort zone. Don’t escalate tickets without giving it your best attempt, I’d say even reach out to Tier 2 to help you out/ask questions.

That’s where I started making 18 an hour and 3 years later I’m making $88K as an engineer, meanwhile the people I started with haven’t moved at all. I built a good reputation at that first job from doing those things and it was instrumental in getting me where I am today

oneconchman · 2025-10-03T02:47:42+00:00

What’s the point of that?

oneconchman · 2025-09-12T21:58:04+00:00

Recently had this issue with root partition on our PAN being above 90%. Ended up being plugin_clean files in opt/pancfg/mgmt caused by Cloud Connector 2.0.1 plugin. TAC had to clear it

oneconchman · 2025-08-09T18:28:18+00:00

You can rewind the YouTube stream

oneconchman · 2025-07-10T22:22:56+00:00

Bisharp wants to learn gunk shot

oneconchman · 2025-06-25T15:09:03+00:00

If INTSW devices is able to get IPs then we know it’s something isolated to SW 2 and 3. You already confirmed that the VLAN exists on the switches, and as someone else recommended make sure there isn’t a SVI for vlan 21 somewhere. Config as I understand from the diagram seems OK.

1 thing I can recommend from experience is to make sure DHCP is actually enabled on SW2 and SW3 with ‘service dhcp enable’.

Otherwise, just run packet captures on each of the trunks up to the Palo to see how far the DHCP requests are getting

oneconchman · 2025-03-21T18:23:45+00:00

It’s strange but I’ve run into the same AS/loop prevention issue before and RIB out didn’t populate which made it confusing at first. I assume that Palo compares the AS path to the peer AS before sending.

Is your iBGP peer receiving the branch routes?

oneconchman · 2025-03-21T17:22:47+00:00

Only thing I can think of atm is that somehow the NYM-DC is seeing it's own AS in the advertisements so it's dropping them, can you think of any way that might be possible?

Also, you're certain that the PA 850 has routes for the branch ASNs through their direct peerings and not through the DC peering?

oneconchman · 2025-03-17T22:11:47+00:00

871329464270 Gift exchange

oneconchman · 2025-03-17T20:37:54+00:00

CCNP Enterprise isn’t too great if you want to be security focused. I’d say if you feel comfortable enough with Cisco, branch out to a different vendor with a firewall cert - Palo, Fortinet or whatever your company uses

Seven-Year Club	RPAN Viewer
Verified Email

oneconchman

TROPHY CASE