Raspberry Pi NAT64/DNS64 router

I am currently experimenting running an IPv6 only WLAN at work, so thought I'd try experimenting at home. Whereas at work we have a CSR1000v to perform the NAT64 and a separate Linux VM for DNS64, the config below details combining both functions on a Raspberry Pi (RPi). The topology looks like this: apt-get install... Continue Reading →

Advertisements

IOS SSL VPN – tunnel mode

This configuration details how to setup an SSL VPN in 'tunnel mode' on a router running v15 IOS. Such a configuration could be run implemented on a small to mid-size remote site utilising an ISR router. Firstly install the AnyConnect package onto the router: ! webvpn install svc flash:/anyconnect-linux-64-4.2.01035-k9.pkg sequence 1 ! Confirm the package... Continue Reading →

IPv6 conntrack and munin

Argh, my beloved linux IPv6 firewall was suffering, too many connections, munin graphs not updating; this needed looking at... Firstly I noticed multiple entries of the following in kern.log: nf_conntrack: table full, dropping packet After checking the existing table size: # /sbin/sysctl net.netfilter.nf_conntrack_count net.netfilter.nf_conntrack_count = 76768 ...it seemed sensible to double it: # cat /proc/sys/net/nf_conntrack_max... Continue Reading →

Cisco ISE 1.4 – Configuring Eduroam

This document details the steps for using ISE to authenticate Eduroam users. Janet is the name of the UK provider of Eduroam, please replace this with your own reference. Three rules cover the authentication scenarios which will be encountered: Rule 1: User is not a member of the institution Rule 2: User is a member... Continue Reading →

IPv6 on NX-OS

So you thought you'd enable IPv6 on your new Nexus chassis and get ready for the future of the internet? Create some IPv6 SVIs and away you'd go? Wrong! Out of the box the Nexus is configured such that Neighbor Discrovery will not work. A bit of googling will eventually lead you to this command:... Continue Reading →

Cisco WLC Mobility Groups

Cisco WLC Mobility Groups - Data Path down/ Control Path down Cisco Mobility Group – Anchor : Data Path Down The path of the mobility group EtherIP tunnel between WLCs passes through a single CheckPoint firewall (R77.20), requiring that rules be defined to allow UDP/16666 and TCP/97 traffic to and from the WLCs. I created... Continue Reading →

Cisco ASA 5505 RAM – compatible modules

I'm a big fan of the ASA 5505 and deploy them in various scenarios, so I am regularly sourcing them off ebay and upgrading them. They supposedly take 148pin DDR 400MHz modules, but not all are alike. Below is a table showing the compatibles that I have found: ConfirmedCisco partManf.P/NdetailvoltageCAS latencymemory timingASA v02ASA v03ASA v04ASA... Continue Reading →

Create a free website or blog at WordPress.com.

Up ↑