Microsoft – NDES Site Shows ‘HTTP Error 500.0 – Internal Server Error’
KB ID 0001181 Problem I was doing some testing for a client this week, a while ago I had deployed a three tier PKI solution for them, and as part of the rollout we deployed NDES for their network devices, (they were going to use certificates to secure site to site VPNs). The client was concerned, and wanted the auto renewal process testing. This could not be done on the live system. So myself and a colleague went to the test bench, I...
Cisco – Testing AAA Authentication (Cisco ASA and IOS)
KB ID 0001175 Problem I always forget the syntax for this, and I’ve been meaning to publish this for a while so here you go. If you have AAA setup and people can’t log in, then the ability to test authentication against a user’s username and password is a good troubleshooting step! Usually I’m on a Cisco ASA but I’ll tag on the syntax for IOS as well. Solution Cisco ASA Test AAA Authentication From...
Cisco IOS – DHCP Helper (DHCP Relay) – IP-Helper Setup
KB ID 0001168 Problem Cisco documentation calls this a ‘DHCP Relay’, and uses the command IP-Helper, and I usually call this DHCP Helper, just to confuse everyone. To be fair the term DHCP Relay is an industry standard, it’s not particular to Cisco (as you will see later when I Wireshark the traffic). So If you are reading this you have a DHCP server and you want to use it to lease addresses to clients that are on a...
Cisco IOS – An interface whose trunk encapsulation is “Auto” can not be configured to “trunk” mode.
KB ID0001167 Problem If you try and change a ports status, to make it a trunk port, you may see this error; Petes-Switch(config-if)#switchport mode trunk Command rejected: An interface whose trunk encapsulation is “Auto” can not be configured to “trunk” mode. Trunk Settings I don’t know if this is a throwback to when we had ISL trunking and 802.1q, but you need to specify the encapsulation before you can...
Cisco Small Business (SG500) Link Aggregation (LAG) With LACP
KB ID 0001277 Problem At work a client was having trouble with a NAS Drive (Buffalo Terastation). It was being used as a backup target and some of the servers were dropping connections. I knew the client had some Catalist 3750’s So I suggested going and creating an Ether Channel to the two NICs in the NAS box, to try and cure the problem. However when I went onsite, I noticed the 3750 didn’t have any spare Gigabit ports...
Using OSPF over DMVPN
KB ID 0001151 Dtd 03/02/16 Problem This article is a supplement to the earlier one on Setting Up DMVPN. It covers how to use OSPF over the top of DMVPN. This is the topology I’m going to use; As I’ve said (above) this is not a run though on setting up DMVPN, but if you want to spin it up in GNS3, or on the test bench, here’s the DMVPN config; Hub Site configure terminal interface Tunnel10 ip address 192.168.254.1...
Cisco ASA – Reverse Route Injection with EIGRP
KB ID 0001137 Problem I’ve followed your Reverse Route Injection article and its not working? This email dropped in my mailbox a while back As it turns out the article I had written was for OSPF, and this chap was using EIGRP. So I ran it up with EIGRP as well to test. Heres my topology, I want to inject the route for the remote site, into my internal EIGRP routing table. Solution Assuming EIGRP is already setup between the ASA...
Cisco IOS – “configuration not allowed when device is not the primary server for vlan database.”
KB ID 0001127 Problem I was trying to delete a VLAN from a client switch, and this was happening; Core-3560#conf t Enter configuration commands, one per line. End with CNTL/Z. Core-3560(config)#no vlan 30 VTP VLAN configuration not allowed when device is not the primary server for vlan database. Solution Now as far as I was aware there was only one switch, (certainly on this LAN segment anyway). What you need to do is change the VTP...
Cisco IOS – Setting Up DHCP Scopes
KB ID 0001112 I usually only have to do this on very small sites, or occasionally on the test bench. Most of the time we will have a server sat doing DHCP. The procedure below was carried out on a router, but the procedure is the same for a catalyst switch. By default DHCP is disabled, you have to turn it on, then create a ‘dhcp pool.’ Petes-Router(config)#service dhcp Petes-Router(config)#ip dhcp pool DATA-VLAN-10 Then...
Cisco Catalyst Switches – Adding Licenses
KB ID 0001012 Problem I had a load of Cisco Catalyst 3560 switches that needed ‘ipbase’ licenses adding to them today. I’ve messed about with plenty of ASA license upgrades before, but not switches. Solution 1. First thing you need is a Cisco PAK, this may be in an email or turn up in a cardboard envelope. 2. Go to http://www.cisco.com/go/license and log in (if you don’t already have a Cisco CCO account you...