Friday, 7 March 2025

export user cert from windows cert store

Open MMC 

Add certs snap-in

user account and computer store

Check certificates > personal

exported the user cert from user store (use PKCS12 or DER base-64 encoded)

imported user cert into machine

switch aaa and radius authentication settings for duo etc

 aaa group server radius DUO-AUTH

aaa authentication login default group DUO-AUTH local

aaa authentication login CON-LOCAL local



aaa group server radius DUO-AUTH

 server name DUO-AUTH-PROXY

 ip radius source-interface Vlan2


radius server DUO-AUTH-PROXY

 address ipv4 192.168.1.1 auth-port 18122 acct-port 18122

 pac key 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


Wednesday, 5 March 2025

find what DH group an ikev1 S2S VPN is using in ASA

 sh crypto isakmp sa detail | i Grp:


Looking for groups 2 and 5

 sh crypto isakmp sa detail | i Grp:2,

 sh crypto isakmp sa detail | i Grp:5,


Can copy the full output of " sh crypto isakmp sa detail" to a text file and search

Tuesday, 4 March 2025

QoS palo alto

Make QoS policies

Policies > QoS


Assign policies to a profile:

Network > Network Profiles > QoS Profile


Assign a profile to interfaces

Network > QoS



Thursday, 27 February 2025

why speed test results are usually lower than advertised speed

Overhead

  • Your internet speed is measured in raw bits per second (bps), but real-world data transfer includes additional information like headers, acknowledgments, and error checking.

  • TCP/IP, Ethernet, and other protocols add packet overhead, meaning some portion of the bandwidth is used for network management rather than your actual data.
  • This overhead typically accounts for 5-15% of the total bandwidth, which explains why you rarely see a full 1 Gbps in speed tests.

Speed test client and server

  • The speed test server’s capacity can impact results. Some servers may be congested or unable to fully utilize your bandwidth.
  • The distance between you and the test server affects latency, which can slightly reduce speeds.
  • The speed test client needs to have a good NIC (intel if possible) and good spec (RAM and CPU) because it needs to make many connections to test the connection. For example if you test with a 100mbps NIC that is the max speed you can see. You need a 1gig NIC or better to test a 1gig connection.

  • ISP and firewall/network management and contention

    • ISPs often use network shaping, congestion control, and peering agreements that affect speed.
    • During peak times, ISPs may limit speeds slightly to ensure fair distribution of bandwidth among users.
    • Your internal network/firewall may do the same
    • Its best to test out of hours with just your test laptop plugged into the internet connection to give the best results

    Thursday, 20 February 2025

    check a DNS TXT record

     

    https://mxtoolbox.com/SuperTool.aspx?action=txt%3a%40.dlrcoco.ie&run=toolpage#

    nslookup -type=TXT mail._domainkey.domain.com


    dig TXT domain.com +short


    Powershell

    Resolve-DnsName -Type TXT domain.com

    Wednesday, 12 February 2025

    Meraki monitoring pages

    Organisation -> Alerts

    Network-wide > clients

    Network wide > Traffic