Use Azure MFA With Microsoft NPS (RADIUS) Server
Jul20

Use Azure MFA With Microsoft NPS (RADIUS) Server

  KB ID 0001759 Problem I was in a forum last week and someone asked, “Can I enable Azure MFA, on my RADIUS server, to secure access to my switches and routers etc”. It turns out if you want to enable Azure MFA with Microsoft NPS it’s actually quite  simple. So, I’m using RADIUS auth (above) on my NPS server, and it’s simply checking the authenticating user is a member of a domain security group....

Read More
macOS – SSH Error ‘No Matching Exchange Method Found’
Mar24

macOS – SSH Error ‘No Matching Exchange Method Found’

KB ID 0001245  Problem Note Certified working all the way up to macOS Big Sur version 11.2.3 I thought my RoyalTSX had broken today, I upgraded it a couple of weeks ago, and I upgraded to macOS Catalina 10.15 the other day. After this, all my SSH sessions refused to connect with this error;   Unable to negotiate with x.x.x.x port 22: no matching key exchange found. Their offer diffie-hellman-group1-sha1 Note: You may also see the...

Read More
Cisco: Getting a SKU (Product ID) From a Serial Number
Apr28

Cisco: Getting a SKU (Product ID) From a Serial Number

KB ID 0001674 Problem I had a situation a couple of weeks ago where I had the serial numbers for a bunch of Cisco switches, I needed to get some extended cover for them, but what I didn’t have were the Cisco SKU (Stock Keeping Unit) codes. Solution You will need to have a Cisco CCO login, once you have that go here > Add devices. Give the device a name, (it does not matter what) > Paste in the serial number > Add. Boom,...

Read More
Configuring Cisco HSRP
Feb08

Configuring Cisco HSRP

KB ID 0000946  Problem Cisco HSRP: Normally your client machines have one route off the network, (their default gateway). But what if that goes down? HSRP aims to solve this problem by assigning a ‘Virtual IP address’ to your default gateway (or default route). So that IP can be shared amongst two or more possible devices (routers, or layer 3 switches). Above, we have a client 192.168.1.10 that has two possible routes off...

Read More
Cisco IOS: Ether-Channel Trunks
Apr08

Cisco IOS: Ether-Channel Trunks

KB ID 0001533 Problem This is a subject that every time I need to create an Ether-Channel I end up checking beforehand, so it’s about time I wrote it up. We are combining two different things, an Ether-channel, (an aggregation of links) and a Trunk (the ability to carry many VLANS). If you are NOT from a Cisco background then you might want to read though the following post first to avoid confusion about the world...

Read More
Cisco ASA VPN to Cisco Router “MM_WAIT_MSG3”
Mar27

Cisco ASA VPN to Cisco Router “MM_WAIT_MSG3”

KB ID 0001531 Problem While migrating a VPN tunnel from an ASA 5520 firewall to a new 5516-X I got this problem. The other end was a Cisco router (2900). As soon as I swapped it over, it was stuck at MM_WAIT_MSG3, and phase 1 would not establish; NUFC-ASA5516x(config-tunnel-ipsec)# show crypto isa IKEv1 SAs: Active SA: 6 Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey) Total IKE SA: 6 1 IKE Peer: 1.1.1.1 Type :...

Read More