Category: Networking

  • Windows 10 1607 IPv6 DHCP Clients

    Noticed IPv6 DHCP was broken on all my Windows 10 clients after I upgraded to the anniversary edition (1607).  Had to run a couple powershell commands to get them pulling addresses: Wired: Set-NetIPInterface ethernet -AddressFamily ipv6 -RouterDiscovery Enabled Set-NetIPInterface ethernet -AddressFamily ipv6 -ManagedAddressConfiguration Enabled Wireless: Set-NetIPInterface wi-fi -AddressFamily ipv6 -RouterDiscovery Enabled Set-NetIPInterface wi-fi -AddressFamily ipv6…

  • nat for remote management

    So I had an issue at work that went like this:  We recently put in new managed switches at our remote sites.  One of them failed and was replaced by our 3rd party subcontractor.  They just do a hardware replacement and my team does the configuration.  By default, the switches are configured to use…

  • HE DDNS on SSG

    This is a copy/paste from  I’m keeping it here in case that post ever disappears and I need a reference. This isn’t something people do often, so I figured I would add a post about it (mostly so I can Google it myself in a few years…) To configure Dynamic DNS (DDNS) updates on…

  • traffic policing

    The antivirus server at work was pissing me off and saturating our OC3.  I policed it down to 50mbps. ip access-list extended traffic-police permit ip host any class-map traffic-police match access-group name traffic-police policy-map traffic-police     class traffic-police         police 50000000 conform-action transmit exceed-action drop int po1/0 service-policy output traffic-police

  • WCCP w/Websense and GRE

    ip wccp version 2 ip access-list standard WCCP_Proxies 10 permit host 20 permit host ip access-list extended WCCP_Redirect 10 deny ip host any 20 deny ip host any 30 permit ip any ip wccp 0 group-list WCCP_Proxies redirect-list WCCP_Redirect int vlan 10 ip wccp 0 redirect in

  • So I don’t forget

    … My dad changed ISPs and took the SSG5 I gave him offline.  I had to disable the VPN on my side because it was spamming the logs.  If I ever need to re-enable it, all I need to do is bind it to tunnel.1 and re-enable monitor, optimized, and rekey.

  • hostname and ip from ipconfig files

    i’m currently working on a wireless deployment with a requirement to use mac filtering.  There are over 600 laptops being deployed to a unique location per laptop.  Part of the imaging process doesan ipconfig and dumps the output to a text file which I can then use to copy/paste the hostname and mac into the…

  • ASDM 6.4(5)204

    I upgraded ASDM from 6.4.(5)106 to 6.4(5)204 and the launcher broke.  Running it as a web app still worked though, so I figured it had to do with the way the shortcut was setup.  Here’s a comparison of the two: 106: C:\Windows\SysWOW64\javaw.exe -Xms64m -Xmx512m -Dsun.swing.enableImprovedDragGesture=true -classpath lzma.jar;jploader.jar;asdm-launcher.jar;retroweaver-rt-2.0.jar 204: "C:\Program Files (x86)\Cisco Systems\ASDM\asdm-launcher.jar" -Xms64m -Xmx512m…

  • ping sweep with windows cli

    for /L %x in (1,1,255) do @ping -n 1 192.168.0.%x -w 100 | find “Reply” This works right in CLI

  • argh! nic team/etherchannel with management port group

    A few weeks ago, I was banging my head on the table trying to get the management port group working on a nic team/etherchannel for a client.  They use Netgear switches, so I was kinda feeling my way through the GUI to make it work.  Everything looked right, but I still couldn’t get the stupid…

  • OpenVPN and VMware

    Promiscuous mode needs to be enabled on the vSwitch if you are using bridge mode.  Remember that before you facepalm.

  • VPN with ScreenOS 6.2 and ASA 8.3

    Setting up VPNs is always a PIA, but Juniper really dumbs it down and I have to say really spoiled me.  So when it came time to setup another VPN with a partner who is running an ASA, I had to shake off the rust and think of what could go wrong.  Most of the…