Tuesday, 22 June 2021

show all NAT's for a public IP on palo alto firewall CLI

 show session all filter nat destination | match 100.200.200.10

Posted by at No comments:
Labels: , , ,

Monday, 21 June 2021

new upgrade commands on 9200 and 9300 switch

Looks like the install/upgrade process has changed a bit on cisco 9200 switch. 


install add file flash:cat9k_lite_iosxe.16.10.01.SPA.bin activate commit

*This command will copy the file to other switches in the stack

If you forget the last 2 keywords you will need to run:

install inactive remove


Full guide

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/16-10/release_notes/ol-16-10-9200.html#id_67613


Needed this command when there was no space on the local disk

install add file tftp://172.30.180.160//cat9k_iosxe.17.06.05.SPA.bin activate commit




****

check for this before reboot

#show romvar | in STARTUP

SWITCH_IGNORE_STARTUP_CFG=0


If the variable is set, please:

no system ignore startupconfig switch all


Posted by at No comments:
Labels: , , , ,

Monday, 14 June 2021

enable advipservices license on ASR 1001-X

Check if its available in your image:

show license all

StoreIndex: 1   Feature: advipservices                     Version: 1.0

        License Type: EvalRightToUse

        License State: Active, Not in Use, EULA not accepted

            Evaluation total period: 8  weeks 4  days 

            Evaluation period left: 8  weeks 4  days 

            Period used: 0  minute  0  second  

        License Count: Non-Counted

        License Priority: None


Enable the license level you need, needs a reboot:

conf t

license boot level advipservices

Once you changed the boot variable, the CLI will ask you to change and accept the EULA agreement, so you need to enter YES, and then save configuration and perform a reload on the ASR.

Once the ASR boots up again, you should now see that the license level is advipservices and you can confirm that using the command “Router# show version | i Lice”


EVAL license will last for 60 days after that it will switch to right to use. You should buy the right license from cisco but it sounds like RTU will continue to work without but I have not tested it.



Posted by at No comments:
Labels: , ,

Tuesday, 8 June 2021

setup duo with RDP on windows server

1 - Make sure you have a windows username who is enrolled/activated in duo and has phone number attached, good idea to test logging in with this user on your working duo install. I would say ensure you have a back way in. Physical console or VMware console and a local user setup.

2 - Docs/instructions are here www.duo.com/docs/rdp

4 - Log into duo portal on the PC you are going to protect so you can download files and copy paste some details

5 - Log into duo portal -> applications -> protect and app. Select MS RDP

Record details

  • ikey
  • skey
  • api

6 - Run the installer, fill in the recorded details. In my case I chose to only protect RDP not windows logins.

7 - After install is complete test logging in with RDP, make sure to use RDP (MSTSC) and not local console you have been working on.

Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)