Daniel Dib

I haven't seen many enterprise uses of it. I know there is some proxy auto configuration you can do. You could argue to use it for some collab apps, I guess, but what use cases have you seen?

Yeah, often you'll see same message on both v4 and v6 which means you have 2x the traffic.

Have you heard about #mDNS? It's one of those protocols that go under the radar, but that can really wreak havoc on your network if you don't manage it.

While mainly used for consumer stuff, expect to see it in your network. It uses link local multicast so gets flooded at L2.

Daniel Dib on LinkedIn: #project Every #project has risks. It’s always better to identify them up front if possible. There are various tools to work with risk. Use at least one! What is a…

In today's LinkedIn post, I talk about risks as they relate to projects.

You need to understand the impact, probability, and triggers.

1. Find the risk.
2. Analyze it.
3. Develop a risk plan.
4. Mitigate.

Read more at www.linkedin.com/posts/daniel...

Thanks, Pete!

Very good!

Gathering requirements is an interesting process because like you alluded to, it's both about gathering, but also understanding the organization, where they're coming from, and what their current infra looks like.

Excellent! These are all great things to ask.

In infrastructure projects, business requirements are often overlooked.

What are some of your favorite questions to ask when collecting business requirements? 🤔

Recording a podcast tonight with some friends. Stay tuned!

Why do we love networking? My friend Brad with one of the best explanations I've seen.

I've been super busy lately, but trying to make some progress on that IBNS 2.0 blog post. Here's a sneak peek.

It all comes down to an event triggering, then based on matching different things in the classes, taking an action.

It will take time to put this together, but it will be unique content.

To all my US friends, and anyone celebrating Thanksgiving, Happy Thanksgiving!

I am thankful for the opportunity to build an inclusive community with you all. I see you and appreciate you.

🙏

I found the missing debug!

You can get this data from show logging process smd internal if you have the proper debugs enabled. I'm going to use this in my IBNS 2.0 post to show how you can see the flow of the policy.

I recently upgraded to CML 2.8 and there's a new refplat that gives access to Catalyst 9000v running IOS-XE 17.15.1. The 9000v emulates the ASIC, which makes it comparable to HW.
I'm now running my ISE lab and have a Win 10 WM successfully using EAP-TLS to authenticate.

2024 Black Friday Cyber Monday Sale – Practical Networking .net The Black Friday / Cyber Monday promotion for my SSL & TLS deep dive course (Practical TLS) is officially live: Use code BFCM2024 to receive 85% off the course price — only $50 (originally $297): To s...

I'm all about highlighting people that deserve to be highlighted. Certificates and TLS can be difficult to grasp and no one does a better job at explaining it than my friend Ed Harmoush.

Great deal on his course right now.

www.practicalnetworking.net/announcement...

Am I a person that will spend hours finding how to do a specific debug for control policies in 802.1X on Catalyst 9000? Yes, yes I am 😅

I'm writing several blog posts on IBNS, policy sets, etc., and I NEED to know how it all works. Then hopefully I can share what I learned with you all ☺️

CML 2.8 is out! Time to upgrade the lab.

Some of the new features include smart annotations, support for FMC and FTDv, LDAP group support, and custom MAC addresses.

I'm going to see what's new with the Catalyst9000v, should be running 17.15 as opposed to 17.12 in earlier versions of CML.

If you want to learn more about TACACS+ on ISE, this post is for you!

It's a super deep dive on everything you need to know to set it up, to verify, getting nerdy with packet captures, debugs ,and live logs.

Enjoy!

lostintransit.se/2024/11/20/t...

The containerization movement has been contained.

As always, it turns out that new solutions fit some use cases, some not so much. There is no one size fits all in IT.

It's been interesting to read the posts coming out recently on what people learned by deploying them.

Can you be successful in IT with a poor memory? Most likely, you're not that much worse than anyone else, what you're experiencing, is called impostor syndrome.

Here's how I responded to a Reddit user with some of my advice on combating it.

New blog post out on leveraging GPO in my ISE lab to distribute computer- and user certificates, as well as configure the 802.1X supplicant settings.

Happy reading!

lostintransit.se/2024/11/07/l...

I would consider self hosting the norm still for RADIUS. People typically have less on-prem than they used to. Putting stuff in public cloud can also be a way to get access to regions you don't have DCs in, or services you don't have natively, such as LBs.

Yeah, unless you use RadSec, then it runs over TLS or DTLS.

Exactly, haven't found an easy way of avoiding these type of fragments. Should work with RadSec if it's using TCP, because then you don't need IP to chop the data.

Running RADIUS in public cloud or SaaS, what do think? Are you seeing a push for this? What has been your experience of deploying it?

Good job mate!

Thanks mate!

Segmentation, IP schemes, 802.1X, SD-WAN deployment, SD-WAN migration. Lots of stuff going on :)

a man is walking into a room with boxes in it and the words `` i have arrived '' . ALT: a man is walking into a room with boxes in it and the words `` i have arrived '' .

Hey buddy!

Let's do our best to build something new and fresh and hope that a billionaire doesn't come along and ruin our work 😅

You working on some interesting WAN projects, Jason?

Out of order packets is indeed common and to be expected.

Would you expect the UDP fragments to make it to their destination?

Many people seem to think all fragments are bad and filter them. Especially FWs are notorious for this.