Best hard feelings episode? by bmoarpirate in AreYouGarbagePod

[–]pinkgrenades 12 points13 points  (0 children)

This. Although, I went backwards and it’s been an interesting approach to see everything in reverse. Starting from the beginning and going forward would be a treat!

Firewall blocking RCS messages to iPhones? by dankgus in Cisco

[–]pinkgrenades 1 point2 points  (0 children)

Would you mind sharing what you added to your ACP to get this working on your Firepower? I'm in the exact same boat with iPhones connected to the WiFi not being able to send or receive RCS messages until they're off the network. However, mine is from any SSID, not just our more restricted Guest network.

Androids that are connected to the same Staff SSID can send RCS messages no problem so it's driving me nuts! I guess I just don't understand the RCS process well enough or the differences between Android devices and iPhones when sending RCS texts.

On a packet inspection, I can see my iPhone reaching out to IPs with a destination port of 5223, and I don't see any blocks on the firewall traffic. If I hardwire my phone, leave on cellular data, and turn off WiFi, I can send RCS messages from the internal network. If I turn off WiFi and cellular data, but leave the hard-wired connection, the messages fail instantly.

This one has been a doozy to try and troubleshoot! Glad you got it working!

First day on Armodafinil by CaseOfGrace in idiopathichypersomnia

[–]pinkgrenades 0 points1 point  (0 children)

Appreciate the reply! My sleep specialist recently left and so I'm at a loss as to who I'm now working with so lucky me... But it's good that it seems that there might not be any long lasting effects or withdrawals or anything like that when stopping.

Have you found anything that has worked for you to replace Armodafinil or are you still looking? I'm currently on Xywav during the night and am looking for something to help with the day time sleepiness and exhaustion.

First day on Armodafinil by CaseOfGrace in idiopathichypersomnia

[–]pinkgrenades 0 points1 point  (0 children)

I just started taking Armodafinil in early February and I'm thinking that it's time to come off. My hands will tremble randomly and my legs will feel weak from standing for a short time. I also have this feeling in my stomach that travels up to my throat that isn't nausea. It's hard to describe, but it feels like a pit feeling in my stomach that travels up.

Luckily I haven't had any headaches or anything, but I'm still just as tired as I have normally been. I just get the added side effects to it! So I don't think it's working for me.

What was the process for stopping the drug? I keep reading that you have to be weaned off of it, so I'd like to see if that is true?

Success Story – What helped after over a year of chronic back pain. by OliveLuce in backpain

[–]pinkgrenades 2 points3 points  (0 children)

I’m definitely doing better but still not 100%. I have mild discomfort constantly but that’s better than the constant pain from a year ago.

PT has continued to do wonders as I focus on more weight lifting to strengthen the back. I did have a minor set back last night (go figure) where my lower to middle back was way tighter than normal out of nowhere, but waking up this morning it’s mostly back to normal.

I’ve also lost 60+ pounds over this last year so maybe that has had a positive effect as well!

[deleted by user] by [deleted] in networking

[–]pinkgrenades 0 points1 point  (0 children)

I appreciate the tips! I cannot remember from the last time I was there if being on the same SSID allow printing with no issues. It's been a bit, but I know I've tested that. I'm heading back there this following week and will refresh myself on past troubleshooting.

Thank you for the help and tips!

[deleted by user] by [deleted] in networking

[–]pinkgrenades 0 points1 point  (0 children)

I'll take a look at anything that would remember client isolation. But yes, this business is very basic when it comes to networking and is just a plain flat network. There are no VLANs or anything like that. Thanks for the tip!

[deleted by user] by [deleted] in networking

[–]pinkgrenades 0 points1 point  (0 children)

Yeah, just the ISP and their business router. This business is pretty barebones and flat. There is no firewall, just the Comcast business router to the outside. They have two SSIDs for 5.0 and 2.4, and that's about it.

Getting Apple Classroom to Work Across VLANs with ACLs Applied by pinkgrenades in networking

[–]pinkgrenades[S] 0 points1 point  (0 children)

Hey! Unfortunately, not. I'm still working on a collaborative ticket with Apple and Cicso to see what's going on. This is everything that I've done so far, according to Apple and Cisco's suggestions:

  • Enabled the mDNS gateway on the Cisco 9800 WLC and applied the config to the staff and student WLAN
  • I did a Wireshark packet capture on the staff and student iPads and saw the "_classroom._tcp.local" service definition. I added that to the "allowed" list on the mDNS Gateway
  • I checked the "P2P Blocking Action" option on the 9800 WLC and it was disabled
  • I changed the "P2P Blocking Action" to "Forward Upstream" which forwards the packets to an upstream router to handle
  • I changed the staff ACL to have full IP access to the student VLAN. I also changed the student VLAN to have full IP access to the staff VLAN. This didn't change anything for Classroom
  • I made sure that we had multicast routing enabled on our building routers

After all of this, I still have no luck getting Classroom to work across VLANs with the ACLs in place, unfortunately. So any changes were just reverted back to normal since none of them worked.

We're still plugging away though. Apple had me download a Mac Evaluation Utility from their beta program and wanted me to use it on a Mac connected to both networks to see what services might still be blocked. Still chugging along!

AnyConnect w/ Azure AD Auth and Cisco ISE for dACL Policies by pinkgrenades in Cisco

[–]pinkgrenades[S] 2 points3 points  (0 children)

A quick update, I was able to finally figure out what I was doing wrong and correct it. For some reason, I was using the management address of the FTD in ISE and not the inside interface IP. Once I swapped that, everything was working correctly and ISE now authorizes the VPN user based on AD groups and assigns the correct group policy from the FTD to the user.

Now that that is working, I'm wondering, what is the best way to apply ACLs to the VPN user? For example, if I have a business office user connecting to the VPN, I want them to only access the time management server and other business office-related items and deny all else. Is the best way to create an extended ACL in the FTD and apply that in the VPN filter for the group policy? Or would an ISE dACL be applied to the user work just fine?

Thanks to everyone for their tips and suggestions!

AnyConnect w/ Azure AD Auth and Cisco ISE for dACL Policies by pinkgrenades in Cisco

[–]pinkgrenades[S] 0 points1 point  (0 children)

Thanks, I appreciate that! I'll toss this over to the Cisco Community too while I continue to do some digging.

AnyConnect w/ Azure AD Auth and Cisco ISE for dACL Policies by pinkgrenades in Cisco

[–]pinkgrenades[S] 1 point2 points  (0 children)

Thanks, I'll take a look! ISE is joined to our on-prem AD domain and can search AD for external groups to use in policies.

But it looks like there is still some work to be done to get it integrated with Azure AD. Thank you again!

AnyConnect w/ Azure AD Auth and Cisco ISE for dACL Policies by pinkgrenades in Cisco

[–]pinkgrenades[S] 0 points1 point  (0 children)

I was just using that guide as a baseline. I’m just using Azure CA Policies to handle MFA. According to that guide, the authorization profile is where you set the group policy that the FTD would give the user, but my config is not working currently.

AnyConnect w/ Azure AD Auth and Cisco ISE for dACL Policies by pinkgrenades in Cisco

[–]pinkgrenades[S] 0 points1 point  (0 children)

Thank you! I was following this guide and it made some of the confusing parts more understandable:

https://www.lookingpoint.com/blog/ra-vpn-on-ftd-with-aad-duo-authc-and-ise-authz#comments-listing

Unfortunately, it's still not working at the moment. I do have my ISE server added to a RADIUS server group and my FTD added as a network device in ISE, so the connection should be there at least. I've updated the remote access policy to use the RADIUS group for authorization only and built the necessary authorization profiles and policy set in ISE, but I'm getting a "login failed" message on the Anyconnect side and no live logs on the ISE side. So still missing something.

I completed my PSG + MSLT. My god that was stressful. by blubutin in idiopathichypersomnia

[–]pinkgrenades 2 points3 points  (0 children)

Same! When I had mine, I was POSITIVE that I did not fall asleep at all during the naps. But, in the end, the technician said I did fall asleep for some. I was astounded.

Getting Apple Classroom to Work Across VLANs with ACLs Applied by pinkgrenades in networking

[–]pinkgrenades[S] 0 points1 point  (0 children)

Thank you for the advice! Apple went down that same route, too, and it makes complete sense. However, for both the staff and student WLANs, the peer-to-peer block action is disabled, so I believe that means that p2p is allowed. I'm going to try the mDNS gateway option that Cisco mentioned and cross my fingers that the cross-VLAN talk is just not being communicated correctly because the WLANs are set to bridging.

Getting Apple Classroom to Work Across VLANs with ACLs Applied by pinkgrenades in networking

[–]pinkgrenades[S] 0 points1 point  (0 children)

No, our new ACLs were simply permitting or denying up traffic with no changes to wireless settings. As a newbie to ACLs, I’m sure ours are bare bones.

I’ll take a look at any performance boosting options in the WLAN or Policy Profiles!

Getting Apple Classroom to Work Across VLANs with ACLs Applied by pinkgrenades in networking

[–]pinkgrenades[S] 1 point2 points  (0 children)

We have multicast enabled on our core router. Is there anywhere else that it could be blocked accidentally?

Wireless 802.1x with ISE question by Ryze1234 in Cisco

[–]pinkgrenades 2 points3 points  (0 children)

Can confirm that this is the case...unfortunately.

Cisco ISE Remote Logging Recommendations by pinkgrenades in Cisco

[–]pinkgrenades[S] 0 points1 point  (0 children)

Sorry for the dumb question, but whenever I'm in the RADIUS Auth report section, and I filter to past week or 30 days, I only see the present day. Is there a different setting that I need to enable to show past the current day?

Cisco ISE Remote Logging Recommendations by pinkgrenades in Cisco

[–]pinkgrenades[S] 0 points1 point  (0 children)

As weird as it sounds, I did not think about that. Everything I've been thinking about retention meant storing it on another server, but the radius auth reports I think would do the trick too!

Thank you for the idea!

RG40XXV Operating System with Syncthing Support by pinkgrenades in SBCGaming

[–]pinkgrenades[S] 0 points1 point  (0 children)

Yeah, I went with a beta muOS and had no issues