Cisco Archive

Setting up a PPPoE headend

Posted May 23, 2016 By Landis V

May come in handy.

Be the first to comment

Antenna Patterns and Their Meaning – Cisco

Posted January 23, 2015 By Landis V

This was a good read, probably somewhere a little north of basic, but some very good and helpful detail.  Not what I had been searching for, but well worth the pause to read before continuing to research good short-hop, high throughput antennas and the noise effects of horizontally and vertically polarized noise sources on oppositely polarized antennas.

Be the first to comment

It seems somehow I’ve never managed to run across this particular article describing path MTU discovery (PMTUD) in conjunction with IPSec and GRE tunnels.  Scenario 10 is a particularly good and detailed description of how it can go, even taking into account situations common to PPPoE DSL connections which have an MTU of 1492 (the 1400-byte MTU link in the scenario would have the same effect).

Ran across this one while looking for any documentation/information about AT&T ignoring the DF/”don’t fragment” bit and proceeding to fragment at will, breaking path MTU discovery.  I’d love to find a way to get them to stop doing that on my connections, and just let the protocol work as it is supposed to.

Be the first to comment

Tacacs + AD + CentOS = FREE | packetroute

Posted October 21, 2013 By Landis V

Pretty complete guide to getting Marc Huber’s tac_plus set up on a CentOS box. Need to give this a shot in an LXC container at some point.

Be the first to comment

DNS questions for Cisco IOS DNS server

Posted October 13, 2013 By Landis V
  • Caching:  Does the IOS DNS server cache TXT and SRV records?  How about negative caching (DNS NCACHE, RFC2308)?
    • ANSWER (partial):  Yes, it appears that at the very least it supports caching of TXT and SRV records.
  • Which provides better DNS behavior for clients – assigning a search list to the client, or having the router act as a forwarder and check the search domains itself?  Pros and cons for each?
    • ANSWER (partial):  It doesn’t appear that IOS actually postpends the search suffixes for some reason.  Eventually I will go back and attempt to address this; at the moment I suspect it’s my configuration rather than a Cisco bug, but as easy as it seems to be to hit bugs in IOS code anymore, I won’t completely rule that out.
Be the first to comment’t-shield-customers-patent-suits-court-affirms

Be the first to comment

stack your knowledge: IOS IPsec ezVPN server – part I

Posted September 11, 2013 By Landis V

Helpful article, though I wasn’t working with ezVPN.  The ‘reverse-route’ component was a critical one I was missing, though I’m pretty sure it’s still not going to get me where I need to go.   I’m attempting to get a software VPN client configuration to work with a router that’s also performing IPSec VPN in conjunction with VRF and zone firewall.  We’ve already encountered one show-stopping bug between ZBF/ZFW and NAT virtual interface (NVI), and I’m fairly sure about five steps down the road from reverse route injection that we’ve encountered yet another bug that will prove fatal in this endeavor as well.


No matter I guess.  Probably need to get this lab back to a more standard configuration in any case.  If you do happen to encounter a problem with ZFW, VRF, and software VPN client I’d love to hear about it in the comments.  Always nice to know you’re not the only one Cisco’s feature sets are leaving up a creek. If I get time, I’ll try to post a more detailed configuration example and steps that lead me to this conclusion.  I still haven’t completely disproven it, and haven’t run any debugs at all yet, so there’s still a slim possibility it could actually function.

Be the first to comment