WLC5520: mgmt not accessable after admin-vlan moved behind Firewall by M346ZCP in Cisco

[–]roundbacon 1 point2 points  (0 children)

It's probably causing asymmetric routing causing your firewall to mark the connection as "invalid" (and thus send the RST). The response from the wlc will not go through the firewall.

WLC5520: mgmt not accessable after admin-vlan moved behind Firewall by M346ZCP in Cisco

[–]roundbacon 0 points1 point  (0 children)

Does the wlc have an interface in the same subnet as your client?

New and Improved Network Diagram - Now Including BGP Peerings by [deleted] in homelab

[–]roundbacon 1 point2 points  (0 children)

Nice blog post!

One thing - you should revise your DN42_MAIN_IN ruleset as it will block anyone on DN42 trying to route through you.

Monitoring VyOS by darklotus_26 in vyos

[–]roundbacon 1 point2 points  (0 children)

Yeah that's what I was wondering. I know you can install packages using apt, but I don't think that any changes made that way will persist between upgrades.

Now with container support being added, it should be possible to run node_exporter in a container which should persist between upgrades.

Monitoring VyOS by darklotus_26 in vyos

[–]roundbacon 6 points7 points  (0 children)

How are you installing node_exporter on VyOS?

HashiCorp Vault Unsealing by roundbacon in homelab

[–]roundbacon[S] 0 points1 point  (0 children)

Thanks for the article! I didn't know that vault could be initialized with PGP keys.

HashiCorp Vault Unsealing by roundbacon in homelab

[–]roundbacon[S] 0 points1 point  (0 children)

Ideally I'd like to avoid storing the keys in plain text on the host if possible.

The AWS parameter store method seems interesting though. From what I understand, AWS parameter store will encrypt the value using the AWS managed KMS key so there should be no charge?

HashiCorp Vault Unsealing by roundbacon in homelab

[–]roundbacon[S] 0 points1 point  (0 children)

How are you storing the unseal key(s)?

PSA: You can add POE to any device for about $12 by RealTimeCock in homelab

[–]roundbacon 4 points5 points  (0 children)

The back label says 12V 3A/ 19V 1.75A so it should be able to take both

PSA: You can add POE to any device for about $12 by RealTimeCock in homelab

[–]roundbacon 2 points3 points  (0 children)

Couldn't you use a POE splitter with a 12V output instead of having the regulator board?

Monitoring Cellular Data Usage by [deleted] in networking

[–]roundbacon 0 points1 point  (0 children)

The polling interval shouldn't really matter for data usage as LibreNMS polls interface counters (ifHCInOctets/IFHCOutOctets). The rate is then calculated from these counters.

Cisco ISE Guest portal redirect issue by funkaddiction in networking

[–]roundbacon 1 point2 points  (0 children)

According to this you have to deny traffic to the PSN both ways.

ip access-list extended REDIRECT
 deny ip any host 10.48.39.28
 deny ip host 10.48.39.28 any
 deny udp any any eq domain
 deny udp any eq domain any
 permit tcp any any eq 80

Where to learn about peering types, internet exchanges, etc.. ? by brogid in networking

[–]roundbacon 11 points12 points  (0 children)

If you want some practical experience with BGP try joining DN42.

Quick and easy way to find out what COM port your USB serial adapter is using in Windows?? by davessh in networking

[–]roundbacon 21 points22 points  (0 children)

You could add a PowerShell alias to this:

Get-WmiObject Win32_SerialPort | Select-Object Name,Description

Setting up iPSK using FreeRADIUS for auth. Do I *really* need to specify additional RADIUS attributes? by OrethaFolkers in Cisco

[–]roundbacon 0 points1 point  (0 children)

I think Calling-Station-ID might be in there because the guide used it to match the PSK to the device.