The Network Stack

May 17, 2017 0 Comments cisco

Found a great blog post on installing a demo license on the CSR router (http://www.burningnode.com/2016/02/08/the-csr1000v-license-and-the-100kbps/), but I came across one additional (and important step below).

TL;DR - Make sure to accept the end user agreement and SAVE before reloading!

ip-10-128-228-209#reload
% Unfortunately EULA is not detected for following feature/features:
% security
% Please configure 'license accept end user agreement' and
% use 'write' command to ensure license configurations take effect
% Continue reload will cause
April 13, 2017 0 Comments adfs, windows

If you use ADFS as your primary IdP, you may have noticed that before your users sign in, they have the option to pick the Relying Party they want to sign into under the "Sign in to one of the following sites" radio button. If ADFS is accessible from the internet (which it mostly likely is if you are using Office 365), this is a giant security concern, as it gives an attacker a view into all the external applications

April 06, 2017 0 Comments ipv6, cisco

I recently deployed a small IPv6 network to support our developers meeting Apple's IPv6 compatibility requirements (https://developer.apple.com/support/ipv6/). This was a good experience to get my feet wet with IPv6 as we have plans to dual-stack our environment in the coming year. Here are my notes:

Since this is a test/dev network, I decided to get a /48 IPv6 block from my internet provider. They routed the /48 to me via a /126 link to

April 06, 2017 0 Comments ipv6

I'm very comfortable developing an IPv4 address plan that accounts for summarization and ease of use. There are new design rules for IPv6, which I am posting here (will update this page as I go):

General Rules to Follow:

  • Allocate every site a /48 block
  • Allocate each vlan in the site a /64 (from the above /48)
  • P2P links can either be a /64 or /126 - depends if you want to keep it simple or conserve address space
  • You
February 06, 2017 0 Comments windows

Our 2012R2 DC's do DHCP and DNS for our environment, but I found that our client's DNS addresses were frequently incorrect, even though DHCP is supposed to update DNS with the correct entry.  Found this blog post that solved our problems:

http://blogs.msmvps.com/acefekay/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group/

Note: If you are unsure about running the dnscmd shown in the blog post, I found the commands to verify the setting before you change it, and how to revert:

June 03, 2016 0 Comments vmware, vcenter

After a power outage, we powered on our VMware infrastructure, and as we went through the process, we quickly realized that vCenter was not coming back online. vCenter was not reachable via icmp or http/https. Logging into the ESXi console showed the VCSA booting very slowly, but eventually it booted up.  Still no network connectivity. After enabling bash and doing an "ifconfig", I noticed the eth0 interface was missing. The "ip link show" confirmed that the VM did not

April 26, 2016 0 Comments adfs

Implemented WebEx with ADFS 3.0 (Windows 2012R2), and found these articles helpful:

https://cisco-support.webex.com/guest/articles/en_US/Usability_FAQs/WBX63102/myr=false

https://digitalglue.wordpress.com/2014/02/11/configuring-cisco-webex-meeting-server-to-work-with-adfs-2-0/

But those guides do not go over configuring the sign-out process. By default, when a user sign's out of WebEx, they are not signed out of their SSO session. This can be accomplished with the WSFederation sign-out URL:

http://social.technet.microsoft.com/wiki/contents/articles/

April 11, 2016 0 Comments office-365, powershell

Connecting to Office 365 via Powershell for the first time? Here are the steps to get started:

  1. Install the Microsoft Online Services Sign-In Assistant for IT Professionals RTW
  2. Install the Azure Active Directory Module for Windows Powershell (64-bit version)
  3. Open Powershell and run this command the first time you connect on your computer:
Set-ExecutionPolicy RemoteSigned
  1. Next, run these three commands (you'll do this everytime you want to connect):
$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/