Author Archives: scotia

IPSEC – Freebsd (StrongSwan) – Cisco IOS-XE – VTI & IKEv2/PSK

Router configuration FreeBSD/StrongSwan configuration

Posted in Uncategorized | Leave a comment

JunOS and SNMPv3 into VRFs and Logical Systems

Without addition configuration, SNMP elements that lie without the scope of the base logical system and default routing instance (aka master) are not visible to SNMP agents. This means routes, BGP neighbours, etc that are configured in routing instances and … Continue reading

Posted in Uncategorized | Tagged , , , , , | Leave a comment

10G Ethernet NIC in a HP Microserver N40L

I’m thinking of moving my storage for my NAS (N40L) from DAS to iSCSI. My current set-up is trivial (and not performant): the N40L has 4 local SATA drives and an LSI2008 in IT mode connected to 6 SATA drives. … Continue reading

Posted in Uncategorized | Leave a comment

Juniper MX10003: Port speeds and ASICs

Each MX10003 comes with two MPC slots, each with two MIC slots. One slot is pre-populated with a fixed, 6-port PIC, while the other slot is free to accept a MIC. Keen-eyed readers will point out that a PIC goes … Continue reading

Posted in Uncategorized | Tagged | Leave a comment

Cisco WLC, MAC authentication and Passthrough WebAuth

While Passthrough WebAuth upon MAC authentication failure is not supported on Cisco WLCs, it is easy to workaround this by doing the following. The first step is to create a user to be used as a dummy account that the … Continue reading

Posted in Uncategorized | Leave a comment

FreeRADIUS, MySQL and Cisco WLC AAA Override

Here’s how to get AAA Override working on a Cisco WLC using FreeRadius backed with MySQL: Enable AAA Override on the WLAN on the WLC Create a Dynamic Interface on the WLC with a vLAN and IP address Add the … Continue reading

Posted in Uncategorized | Tagged , , , , , , | Leave a comment

Cisco password type 7 Vigenère cipher seed/keyword

If you were ever wondering what the seed (keyword) is for Cisco’s password encryption type 7 (which uses the Vigenère cipher), in ASCII it’s: or in hex:

Posted in Uncategorized | Tagged , , | Leave a comment

Private vLANs

Having just implemented private vLANs on a Cisco 3750X switch I thought I’d share some findings. A private vLAN configuration consists of a primary vLAN, zero or one isolated vLANs, and zero or more community vLANs. When associated with each … Continue reading

Posted in Uncategorized | Tagged , , , | Leave a comment

Using LetsEncrypt certificates with Cisco WLC WebAuth

Assuming you’ve got a nice fresh certificate from LetsEncrypt and are in the directory where it, your key, and the LE root certificate (TrustID X3) lives: Check the logs to make sure the import was successful. If so you will … Continue reading

Posted in Uncategorized | Leave a comment

Cisco ACLs and the ‘established’ keyword

While writing software to convert Cisco ACLs to VyOS’s firewall syntax I got to wondering what the ‘established’ keyword meant on TCP ACLs. Although my Internet facing ACL is connected to CBAC (and therefore stateful), my inter-vLAN ACLs are stateless, … Continue reading

Posted in Uncategorized | Leave a comment