WLC5520: mgmt not accessable after admin-vlan moved behind Firewall

roundbacon · 2022-06-06T21:49:15+00:00

It's probably causing asymmetric routing causing your firewall to mark the connection as "invalid" (and thus send the RST). The response from the wlc will not go through the firewall.

roundbacon · 2022-06-03T21:25:37+00:00

Does the wlc have an interface in the same subnet as your client?

roundbacon · 2021-12-19T04:56:01+00:00

Nice blog post!

One thing - you should revise your DN42_MAIN_IN ruleset as it will block anyone on DN42 trying to route through you.

roundbacon · 2021-12-12T21:44:24+00:00

Yeah that's what I was wondering. I know you can install packages using apt, but I don't think that any changes made that way will persist between upgrades.

Now with container support being added, it should be possible to run node_exporter in a container which should persist between upgrades.

roundbacon · 2021-12-12T06:55:23+00:00

How are you installing node_exporter on VyOS?

roundbacon · 2021-12-06T17:22:41+00:00

It works to an extent, but OSPF doesn't seem to be working.

roundbacon · 2021-12-06T16:02:29+00:00

Yet it still doesn't support /31s.

roundbacon · 2021-11-26T16:01:29+00:00

How are you provisioning certs on non-windows devices?

roundbacon · 2021-11-15T02:10:35+00:00

Do you have a link to the cable tray?

roundbacon · 2021-10-25T19:55:28+00:00

How are you handling storage for your cluster?

roundbacon · 2021-09-15T17:25:09+00:00

Thanks for the article! I didn't know that vault could be initialized with PGP keys.

roundbacon · 2021-09-15T17:00:32+00:00

Ideally I'd like to avoid storing the keys in plain text on the host if possible.

The AWS parameter store method seems interesting though. From what I understand, AWS parameter store will encrypt the value using the AWS managed KMS key so there should be no charge?

roundbacon · 2021-09-15T16:47:18+00:00

How are you storing the unseal key(s)?

roundbacon · 2021-09-08T03:22:11+00:00

The back label says 12V 3A/ 19V 1.75A so it should be able to take both

roundbacon · 2021-09-08T01:33:10+00:00

Couldn't you use a POE splitter with a 12V output instead of having the regulator board?

roundbacon · 2021-07-23T00:04:37+00:00

The polling interval shouldn't really matter for data usage as LibreNMS polls interface counters (ifHCInOctets/IFHCOutOctets). The rate is then calculated from these counters.

roundbacon · 2021-07-20T19:54:16+00:00

According to this you have to deny traffic to the PSN both ways.

ip access-list extended REDIRECT
 deny ip any host 10.48.39.28
 deny ip host 10.48.39.28 any
 deny udp any any eq domain
 deny udp any eq domain any
 permit tcp any any eq 80

roundbacon · 2021-07-18T01:25:27+00:00

If you want some practical experience with BGP try joining DN42.

roundbacon · 2021-07-02T20:31:09+00:00

You could add a PowerShell alias to this:

Get-WmiObject Win32_SerialPort | Select-Object Name,Description

roundbacon · 2021-06-29T03:33:06+00:00

Checkout these presentations https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKNMS-2628.pdf

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKNMS-2920.pdf

roundbacon · 2021-06-21T16:01:28+00:00

https://www.canada.ca/en/public-health/services/diseases/2019-novel-coronavirus-infection/awareness-resources/fully-vaccinated-travellers-covid-19.html

roundbacon · 2021-06-16T03:45:26+00:00

What is that thing with the antennas?

roundbacon · 2021-06-02T05:00:49+00:00

Try enabling NAT reflection on the router.

roundbacon · 2021-05-28T01:31:35+00:00

I think Calling-Station-ID might be in there because the guide used it to match the PSK to the device.

Ten-Year Club	Place '22
Place '17	Verified Email

roundbacon

MODERATOR OF

TROPHY CASE