On Sat, Feb 12, 2022 at 12:26 PM Grant Taylor via NANOG wrote:
> On 2/11/22 12:35 PM, William Herrin wrote:
> > The thing to understand is that IPSec has two modes: transport and
> > but you can deconstruct it: it's built up from transport mode +
> > a tunnel protocol (gre or ipip I don't
You're correct.
This the lab setup and rstp was set to the default, so I only got the commit
check to pass only when I deleted [protocols rstp].
On Fri, Feb 11, 2022, at 8:09 PM, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote:
> Nick Suan via NANOG writes:
>> I was actually interested to see if the
On Sat, 2022-02-12 at 13:24 -0700, Grant Taylor via NANOG wrote:
> On 2/11/22 12:35 PM, William Herrin wrote:
> > The thing to understand is that IPSec has two modes: transport and
> > tunnel. Transport is between exactly two IP addresses while tunnel
> > expects a broader network to exist on at
On 2/11/22 12:35 PM, William Herrin wrote:
The thing to understand is that IPSec has two modes: transport and
tunnel. Transport is between exactly two IP addresses while tunnel
expects a broader network to exist on at least one end.
That is (syntactically) correct. However, it is possible to
I have also developed Free Radius based AAA (Authentication , Authorisation and
Accounting) solution , and we have replaced Cisco ISE with our in-house
developed product.
More than 30K clients are getting authenticated and managed through this portal.
In case, if anyone needs any help or
Not long enough to have drive to the DC in the middle of the night :)
Even "commit confirmed x" is a shield, a better one.
Regards
Paschal Masha | Engineering
Skype ID: paschal.masha
From: "Dale Shaw"
To: "Mark Tinka"
Cc: "nanog"
Sent: Saturday, February 12, 2022 12:39:28 PM
More like driving with the hand break still engaged.
Always, after changing the candidate config, run " show | compare" - loving
junos.
Regards
Paschal Masha | Engineering
Skype ID: paschal.masha
From: "Mark Tinka"
To: "nanog"
Sent: Saturday, February 12, 2022 12:23:09 PM
Subject:
Late reply, but I had https://www.zerodbcomm.com do a decent sized splice
project out in Liberty Lake for us and they did greatwork.
Not sure if they do dirt work, but they might have a local recommendation
or partner for trenching or bore.
-Matt
On Wed, 9 Feb 2022, Aaron C. de Bruyn via
For posterity, finally went with Splynx.
Really awesome product, covering not only RADIUS but also CRM, billing,
invoicing, remote integration, e.t.c.
Just in case anyone else ends up having the same requirement.
Mark.
On 9/20/21 09:19, Mark Tinka wrote:
On 9/20/21 02:16, Philip
Intriguing. This week I started to look around for new wireguard
implementation tools and appliances. I've used openvpn and ipsec
in the main although last month put together a 10x and IPv6
wireguard net in my home and out to two vps hosts which is
handy. For my own use this is ok -ish, but
On 2/12/22 16:43, Mike Lewinski via NANOG wrote:
Yes, I'm sure it was.
Then probably rhymes with the days of "admin/admin".
If they have been pushing out security and OS updates since then, and
still keep 1.1.1.1 coded, that is purely their fault.
Mark.
> Do you know if this was codified prior to 1.1.1.1 being taken over by
> Cloudflare?
Yes, I'm sure it was.
Hey Mark,
On Sat, 12 Feb 2022 at 8:25 pm, Mark Tinka wrote:
>
> I have often found it interesting how many folk have muscle memory for
> "commit and-quit", including Juniper's own staff when I've had the
> pleasure of being with them on a PoC. It's almost as if I missed an
> entire period of
On 2/11/22 14:27, Mike Hammett wrote:
The device that caused this whole conversation has failover
functionality. Both interfaces ping an FQDN (that resolves to 8.8.8.8
and 1.1.1.1, with the device only latching on to one of those). If any
of those meet the failure threshold, that interface
On 2/12/22 00:54, Jon Lewis wrote:
Also, get into the habit of never doing a commit without first doing
top show | compare
so you can see what your change is actually doing to the whole config.
i.e. if you did a show | compare at the top of the config and saw the
entire interfaces section
On 2/11/22 22:43, Mike Lewinski via NANOG wrote:
On a related note, I just discovered a NID that has 1.1.1.1 assigned to the outband
interface by default, and it is apparently not user modifiable. So, not only can these
devices never use 1.1.1.1 for name resolution, but attempts to
On 2/11/22 16:58, Jon Lewis wrote:
I have to admit, I haven't read most of this thread, but I am well
aware of the issues with both end users and "routers" / firewalls
pinging 8.8.8.8 as a means of verifying "that path to the Internet is
working". I know GOOG doesn't appreciate the
On 2/11/22 15:33, Tom Beecher wrote:
I respectfully strongly disagree on 'need'.
Let's perform a thought experiment. Assert that 8.8.8.8 was expressly
codified by Google to be a designated ICMP endpoint, and that for 100%
of ICMP echo requests they receive, they guarantee an echo-reply
18 matches
Mail list logo
