
[{"content":"","date":"May 28 2026","externalUrl":null,"permalink":"/posts/","section":"Posts","summary":"","title":"Posts","type":"posts"},{"content":"","date":"May 23 2026","externalUrl":null,"permalink":"/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"","date":"May 23 2026","externalUrl":null,"permalink":"/vendors/cisco/","section":"Vendors","summary":"","title":"Cisco","type":"vendors"},{"content":"","date":"May 23 2026","externalUrl":null,"permalink":"/tags/cisco-sd-wan/","section":"Tags","summary":"","title":"Cisco SD-WAN","type":"tags"},{"content":"","date":"May 23 2026","externalUrl":null,"permalink":"/categories/sd-wan/","section":"Categories","summary":"","title":"SD-WAN","type":"categories"},{"content":" Use Cases # Some use cases for SD-WAN are.\nSD-WAN can allow for bandwidth augmentation. Keep one app to internet links while another uses mpls. APP SLA; Picks path based on SLA for critical apps, BFD probes can monitor each link for latency. Secure segmentation; Can be used to pick a link based sensitivity of traffic. Direct internet access and direct control access; can be used to allow internet based traffic out locally instead of out the central site. Multi-cloud connections; can be used for connection to providers such as AWS, Microsoft, and Google from the DC or remote sites Cloud on ramp interconnect; uses a single provider for connectivity into cloud providers, such as megaport or equinix. Regional Secure Perimeter; Can force traffic to traverse a firewall, either all traffic or based on application. SD-WAN Basics # Management Plane; holds all the policies and templates, allows for monitoring and troubleshooting, and provides the interface with the solution Orchestration plane; controlled by vBond. Endpoints connect to the vBond which connect to the vManage and vSmart Controllers to orchestrate connectivity. vBond can help with the detection for NAT if there is a firewall in the way of an endpoint and vBond. Control Plane; a centralized repository that contains elements for DTLS/TLS, routes, security polices, forwarding polices, and more. vSmart handles the overlay routing, facilitates the encryption between the cEdges and vEdges, pushes the polices for controlling traffic. Data Plane; this is your WAN edge router. Encrypts and decrypts traffic between endpoints. Does the data plane implementation of polices. Hosting Options # The SD-WAN can be hosted in 2 versions, either in a Cisco hosted DC which offers easier support and maintenance or on-prem. In either the customer is responsible for the configuration templates and upgrade of edge devices.\nTerminology # VPNs; a container of LAN side networks. Can be used to provide segmentation between networks. Within SD-WAN VPNs start at VPN0 ans is system defined, this VPN is used for control plane traffic, WAN transports are tied to VPN0 and IPsec tunnels terminate to these interfaces VPN512 is used for out of band management. VPN1-511 are used data traffic as defined by the system administrator. Colors; Acts as a label, it is tied to a interfaces to help identify the of transport. They can be public or private (lte, mpls, etc) System-ID; This is a like a router ID within routing protocols. Has a format of x.x.x.x TOLCS; used to identify the encapsulating interface of a remote router. This is mainly based on the system-ID but can also include interface IP and color, This can matter if you have a router with MPLS and an internet connection and run VPN\u0026rsquo;s over both. An example would be MPLS would be tagged as red and internet as silver. The TLOC acts as the route with the next hop information Overlay Management Protocol # This is the protocol that allows the advertising of networks between the vSmart and vEdge devices. This protocol is TCP based and runs inside of a TLS/DTLS Connection and is tied to VPN0.\nTLOC Route; This is the method for advertising route entries, connects locations to physical networks. Some attributes that are advertised on the TLOC Routes are Site-ID Encap-SPI Encap-Authentication Encap-Encryption Public IP Public Port Private IP Private PORT BFD-Status and more.. OMP Routes; This is used on the vEdge side to advertise to the vSmart devices. can be used to advertise attributes such as the following. TLOC Site-ID LABEL VPN-ID TAG Orginator System IP Orgin Protocol Orgin Metric Data Plane Privacy; encryptions keys are generated by the device and advertised to via the OMP update to the vSmart to other vEdges so that they can build direct tunnels. The keys are per transport, and used on a per device direction. Data Tunnels # Tunnels may not be able to be established if the SD-WAN is behind certain NAT types. Such as Symmetric NAT on one side and port /address Restricted on the other side or Symmetric and Symmetric on the other side. it depends on who is able to initiate the connection.\nNatting # Staic NAT; Addresses are a 1:1 mapping, can use the same internal ports but map to a different public port, traffic can be initiated from public or private entities. Address Restricted; based on static nat but has filtering, external hosts can communicate if that host has communicated with the internal host before. Dynamic port address translation; dynamic mapping for when private host connect to resources on the public side, external hosts cannot connect to internal hosts. Address Restricted; external hosts can communicate if that host has communicated with the internal host before. Path Selection # Load sharing is done on a per session basis in a load sharing or weighted manner. Application pinning can also be done so that links will be pinned to a certain interface. Two options are strict or loose. Strict will cause traffic to be dropped if the primary interface goes offline. The last option is application aware routing with an SLA Metric, this allows you to choose a link based of an attribute such as latency.\nSegmentation # VPN\u0026rsquo;s are containers the group of LAN Networks and if done via VRF and virtual routing. This Segmentation can be done at an interface or sub interface level. Multiple VPNs can be built within a single IPsec Tunnel. These tunnels can be built-in a number of ways.\nFull Mesh Hub and Spoke Partial Mesh Point-to-Point Data and Control Plane Connectivity # Control Management connections use UDP and use a series of ports based on the third octet. the port schema is used to help overcome limitations with NAT.\n12345, 12446, 12546, 12646, 12746, 12846, 12946, 13046 The port used for connections is the base port and the offset port combined. Note about impact if connectivity is lost\nLoss of vBond and a router reloaded it would not be able to authenticate. If vManage is lost logging and telemetry would be lost but the network would still run. If vSmart is lost the cached time for OMP and the key lift would come be used. But if down long enough the keys would expire and the tunnels would go down. These SDWAN edge devices(VPN0) do need access to all 3 Services either via the internet or a private link. Data Tunnels use a series of ports in a similar manor to the control ports but uses the forth octet.\n12346, 12366, 12386, 12406, 12426 The port used for connections is the base port and the offset port combined. Edge Design # WAN edge design has a few things that need to be kept in mind.\nOrganization-Name is unique to the whole fabric System-IP is the device identifier Site-ID is the site identifier VPN0 is considered the untrusted zone while the inside VPNs are trusted With in on VPN0 zone each interface with have a TLOC associated with each interface, This is so that the solution can identify the location of each interface(MPLS or Internet) The WAN VPN/VRF (VPN0) is the global routing table and integrates with the underlay Static routing is the most common option, BGP and OSPF are also supported. VPN512 is a separate routing domain and it does not us the overlay networks. LAN VPNs are routered using OMP and can support a number of protocols / routing. Connected, Static, BGP, OSPF, EIGRP. Connection note. the edge devices connect to the vBond and the vBond help to orchestrate the connections to the vManage and vSmart.\n","date":"May 23 2026","externalUrl":null,"permalink":"/posts/2026/05/sdwan-concepts.html","section":"Posts","summary":"","title":"SD-WAN Concepts","type":"posts"},{"content":"","date":"May 23 2026","externalUrl":null,"permalink":"/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"},{"content":"","date":"May 23 2026","externalUrl":null,"permalink":"/vendors/","section":"Vendors","summary":"","title":"Vendors","type":"vendors"},{"content":"","date":"April 18 2026","externalUrl":null,"permalink":"/vendors/oracle/","section":"Vendors","summary":"","title":"Oracle","type":"vendors"},{"content":" Booting # There are three files used in the boot process. the bootloader, the boot image, and the diagnostic image files. Files are uploaded to /code/images/. Refer to the release notes to confirm which images are compatible as a jump upgrade method maybe be needed if your software is old enough.\nBoot flags enable system boot behavior(s). The user can set a single flag, or add hex digits to set multiple flags.\n0x00000008 Bootloader ~7 seconds countdown 0x00000040 Autoconfigure wancom0 via DHCP enable - VM platforms only 0x00000080 Use TFTP protocol (instead of FTP) enable - VM platforms only 0x00000100 Bootloader ~1 seconds quick countdown - VM platforms only Networking # Some useful commands.\nshow arp used to see ip to mac bindings To manually alter the table you can use arp-add or arp-delete arp-check will force the SBC to reach out and attempt to add an entry. this command does not work if there is an already existing entry. add-hip-ip needs to be configured along with add-icmp-ip to be able to ping to and from the SBC. Multiple IP can be configured. Interface statuses can be checked with the following commands show interface show interface brief show interface ethernet show routes Show routes relevant to management traffic, it do not show routes for signaling or media traffic. host-routes can be used for sending traffic via the wancom0 interface. System Level # For boot level information there are a few varieties of show version that can be used.\nshow version boot Useful for getting the serial number. show version image Useful for getting the configured boot image. show version hardware Useful to pull hardware information. show memory usage Useful to see the consume memory or the SBC. show memory application Provides more detailed application memory usage. System Stats # Some useful commands for system level stats.\nshow ntp status Provides info on where the SBC is synchronized to. show ntp server Provides detailed info on the NTP servers. show platform Useful to determining information about where the SBC is deployed(virtual). show platform health-check Confirms if system processes are running. show platform limits Used to determine the maximum number of various functions. show platform cpu Provides information about the system CPU. show platform cpu-load Provides information about the CPU usage. show processes Used to view active processes. show processes \u0026lt;service name\u0026gt; Used to view information about a specific process. show processes top Used to get a top like view of system cpu usage. show space hard-disk Used to display disk usage. Backups # Display Backups # To display backups from the CLI\nshow dir /code/bkups Restore a backup # To restore a backup from a file use the following command.\nrestore-backup-config \u0026lt;dir(is using sub dir)/filename\u0026gt; ARP # to check the device table you can use 2 commands\nshow arp arp-check 0 1 9 10.10.9.21 command \u0026lt;media interface slot\u0026gt; \u0026lt;media interface port\u0026gt; \u0026lt;vlan\u0026gt; \u0026lt;IP\u0026gt; Basic System Checks # The following information can be used to do a basic assessment of the platform health.\nshow platform show uptime show system-state show sipd agents show memory usage show buffers show platform health-check show platform cpu-load Local Policy Routing # The Oracle Communications Session Border Controller applies preference to configured local policies in the following order: Reference\nCost (cost in local policy attributes) is always given preference. Matching media codec (media profiles option in local policy attributes). Longest matching To address (to address list in local policy). Shortest matching To address (to address list in local policy). Longest matching From address (from address list in local policy). Shortest matching From address (from address list in local policy). Narrowest/strictest day of week specification (days of week option in local policy attributes). Narrowest/strictest time of day specification (start time and end time options in local policy attributes). Wildcard matches (use of an asterisk as a wildcard value for the from address and to address lists in local policy). Wild card matches are given the least preference. A prefix value of 6 is given a higher preference than a prefix value of * even though both prefix values are, in theory, the same length. Logging # Enable logs with the following commands.\nnotify sipd siplog notify mbcd log Disable log with the following\nnotify sipd nosiplog ```notify mbcd nolog`` Debugging # View the current Log levels on the system process with show loglevel sipd verbose Enable debugs with the following commands.\nnotify all rotate-logs notify sipd rotate-logs to do a specific service notify sipd siplog log-level sipd debug notify sipd debug Reproduce the problem and turn debug off:\nnotify sipd nosiplog log-level sipd notice notify sipd nodebug display log file\nshow logfile log.sipd create log file\npackage-logfiles all show support-info Packet Capture # To preform a packet capture you can use the following.\npacket-trace local start s1p0 packet-trace local start s1p0 1.1.1.1 \u0026lt;local port\u0026gt; \u0026lt;remote port\u0026gt; packet-trace local stop s1p0 LRT Refresh # notify lrtd refresh my-lr-file notify lrtd refresh my-lr-file show lrt route-entry my-lr-file 8675309 Display Certificate Information # show run certificate-record short show security certificates detail show security certificates pem Call Processing # show sipd sessions show sipd sessions all careful with this command as it will but all calls show sipd sessions by-agent \u0026lt;SA-name\u0026gt; monitor-session show sipd errors show sipd policy SIPd Registrations # show sipd register show registration show registration sipd \u0026lt;by-realm\u0026gt; Troubleshooting Audio # show sip session by-user \u0026lt;number\u0026gt; show nat by-addr \u0026lt;contact field of the number\u0026gt; show nat by-index \u0026lt;index number of call\u0026gt; ","date":"April 18 2026","externalUrl":null,"permalink":"/posts/2026/04/oracle-sbc-troubleshooting.html","section":"Posts","summary":"","title":"Oracle SBC Troubleshooting Notes","type":"posts"},{"content":"","date":"April 18 2026","externalUrl":null,"permalink":"/tags/sbc/","section":"Tags","summary":"","title":"SBC","type":"tags"},{"content":"","date":"April 18 2026","externalUrl":null,"permalink":"/categories/unified-communications/","section":"Categories","summary":"","title":"Unified Communications","type":"categories"},{"content":"","date":"April 7 2026","externalUrl":null,"permalink":"/tags/oracle/","section":"Tags","summary":"","title":"Oracle","type":"tags"},{"content":"","date":"April 7 2026","externalUrl":null,"permalink":"/tags/oracle-communications-session-monitor/","section":"Tags","summary":"","title":"Oracle Communications Session Monitor","type":"tags"},{"content":" CLI Method # LINK\nLog in via ssh (see Document KB579370) after you have received shell access, run the following command: mysql vsp -e \u0026#34;update users set digest=md5(\u0026#39;admin:oracle\u0026#39;) where user_name=\u0026#39;admin\u0026#39;;\u0026#34; if you entered the password incorrectly too many times and got \u0026ldquo;Your account has been suspended.\u0026rdquo; run as well: mysql vsp -e \u0026#34;update users set disabled=0, login_attempts=NULL where user_name=\u0026#39;admin\u0026#39;;\u0026#34; then you will be able to login as admin with password: oracle ","date":"April 7 2026","externalUrl":null,"permalink":"/posts/2026/04/reset-ocsm-admin-account-from-cli.html","section":"Posts","summary":"","title":"Reset the OCSM Admin Account From the CLI","type":"posts"},{"content":"","date":"April 7 2026","externalUrl":null,"permalink":"/categories/systems/","section":"Categories","summary":"","title":"Systems","type":"categories"},{"content":"","date":"February 22 2026","externalUrl":null,"permalink":"/tags/comfyui/","section":"Tags","summary":"","title":"ComfyUI","type":"tags"},{"content":" Install system packages # Install the following packages if they were not already done.\nsudo apt update \u0026amp;\u0026amp; sudo apt install docker-compose-v2 docker.io linux-oem-24.04c python3.12-venv Install Ollama # ROCm # apt get install docker-buildx docker.io docker-compose-v2 git clone https://github.com/dhiltgen/ollama.git docker build --build-arg FLAVOR=rocm --tag ollama-rocm7.2 --platform=linux/amd64 . Once the project is built\nsudo docker run --restart=unless-stopped -d --device /dev/kfd --device /dev/dri -v ollama:/root/.ollama -p 11435:11434 -e OLLAMA_CONTEXT_LENGTH=250000 -e GGML_CUDA_ENABLE_UNIFIED_MEMORY1=1 -e HSA_XNACK=1 -e ROCBLAS_USE_HIPBLASLT=1 -e GPU_MAX_HW_QUEUES=2 -e OLLAMA_NUM_PARALLEL=1 -e OLLAMA_MAX_LOADED_MODELS=1 -e OLLAMA_FLASH_ATTENTION=1 -e OLLAMA_DEBUG=1 --name ollama ollama:rocm-7.2 Vulkan # curl -fsSL https://ollama.com/install.sh | sh Once Ollama is installed update the systemctl file\nsudo nano /etc/systemd/system/ollama.service [Service] Environment=\u0026#34;OLLAMA_HOST=0.0.0.0\u0026#34; Environment=\u0026#34;OLLAMA_CONTEXT_LENGTH=128000\u0026#34; #Environment=\u0026#34;HSA_OVERRIDE_GFX_VERSION=11.5.1\u0026#34; Environment=\u0026#34;OLLAMA_VULKAN=1\u0026#34; Environment=\u0026#34;ROCR_VISIBLE_DEVICES=-1\u0026#34; Environment=\u0026#34;OLLAMA_DEBUG=1\u0026#34; sudo systemctl daemon-reload \u0026amp;\u0026amp; sudo systemctl restart ollama Install Open-WebUI # sudo docker run -d -p 3000:8080 --add-host=host.docker.internal:host-gateway -v open-webui:/app/backend/data --name open-webui --restart always ghcr.io/open-webui/open-webui:main Install Orpheus-FastAPI # Up to date information can be found here\ngit clone https://github.com/Lex-au/Orpheus-FastAPI.git cd Orpheus-FastAPI/ cp .env.example .env sudo docker compose -f docker-compose-gpu-rocm.yml up Install ComfyUI # Up to date information can be found here\npython3 -m venv comfyui-venv source comfyui-venv/bin/activate wget https://repo.radeon.com/rocm/manylinux/rocm-rel-7.1/torch-2.8.0%2Brocm7.1.0.lw.git7a520360-cp312-cp312-linux_x86_64.whl wget https://repo.radeon.com/rocm/manylinux/rocm-rel-7.1/torchvision-0.23.0%2Brocm7.1.0.git824e8c87-cp312-cp312-linux_x86_64.whl wget https://repo.radeon.com/rocm/manylinux/rocm-rel-7.1/triton-3.4.0%2Brocm7.1.0.gitf9e5bf54-cp312-cp312-linux_x86_64.whl wget https://repo.radeon.com/rocm/manylinux/rocm-rel-7.1/torchaudio-2.8.0%2Brocm7.1.0.git6e1c7fe9-cp312-cp312-linux_x86_64.whl pip3 uninstall torch torchvision triton torchaudio pip3 install torch-2.8.0+rocm7.1.0.lw.git7a520360-cp312-cp312-linux_x86_64.whl torchvision-0.23.0+rocm7.1.0.git824e8c87-cp312-cp312-linux_x86_64.whl torchaudio-2.8.0+rocm7.1.0.git6e1c7fe9-cp312-cp312-linux_x86_64.whl triton-3.4.0+rocm7.1.0.gitf9e5bf54-cp312-cp312-linux_x86_64.whl git clone https://github.com/comfyanonymous/ComfyUI.git \u0026amp;\u0026amp; cd ComfyUI pip install -r requirements.txt To run it as a systemctl service\nsudo nano /etc/systemd/system/comfyui.service [Unit] Description=ComfyUI Service After=network.target [Service] Type=simple User=mike Group=mike WorkingDirectory=/home/mike/ComfyUI/ ExecStart=/home/mike/comfyui-venv/bin/python main.py --enable-manager --listen 0.0.0.0 [Install] WantedBy=multi-user.target ","date":"February 22 2026","externalUrl":null,"permalink":"/posts/2026/02/ubuntu-ollama-webui-orpheus-install.html","section":"Posts","summary":"","title":"Installing Ollama, Open-WebUI, Orpheus-FastAPI, and ComfyUI on Ubuntu w/ Strix Halo","type":"posts"},{"content":"","date":"February 22 2026","externalUrl":null,"permalink":"/tags/ms-s-max/","section":"Tags","summary":"","title":"MS-S! MAX","type":"tags"},{"content":"","date":"February 22 2026","externalUrl":null,"permalink":"/tags/ollama/","section":"Tags","summary":"","title":"Ollama","type":"tags"},{"content":"","date":"February 22 2026","externalUrl":null,"permalink":"/tags/orpheus-fastapi/","section":"Tags","summary":"","title":"Orpheus-FastAPI","type":"tags"},{"content":"","date":"February 22 2026","externalUrl":null,"permalink":"/vendors/ubuntu/","section":"Vendors","summary":"","title":"Ubuntu","type":"vendors"},{"content":" Drivers # The dual 10G nic will not work out of the box. Download Driver from here\nsudo apt update \u0026amp;\u0026amp; sudo apt install docker-compose-v2 docker.io build-essential libdrm-dev linux-oem-24.04c python3.12-venv After downloading the 10G Ethernet LINUX driver r8127 for kernel up to 6.15 driver\nunzip r8127-9.015.00.zip cd r8125-9.015.00 sudo ./autorun.sh sudo reboot More info can be found here\nInstall Rocm # Up to date information can be found here\nsudo apt update wget https://repo.radeon.com/amdgpu-install/7.2/ubuntu/noble/amdgpu-install_7.2.70200-1_all.deb sudo apt install ./amdgpu-install_7.2.70200-1_all.deb amdgpu-install -y --usecase=rocm --no-dkms sudo usermod -a -G render,video $LOGNAME sudo reboot Post reboot rocminfo should list 3 agents with one of them being\n******* Agent 2 ******* Name: gfx1151 Uuid: GPU-XX Marketing Name: Radeon 8050S Graphics Vendor Name: AMD [...] Install amdgpu_top # wget https://github.com/Umio-Yasuno/amdgpu_top/releases/download/v0.11.2/amdgpu-top_without_gui_0.11.2-1_amd64.deb sudo apt install ./amdgpu-top_without_gui_0.11.2-1_amd64.deb ","date":"February 22 2026","externalUrl":null,"permalink":"/posts/2026/02/ubuntu-on-ms-s1-max.html","section":"Posts","summary":"","title":"Installing Ubuntu on a MS-S1 MAX","type":"posts"},{"content":"","date":"February 22 2026","externalUrl":null,"permalink":"/tags/linux/","section":"Tags","summary":"","title":"Linux","type":"tags"},{"content":" Oracle Routing # The Oracle SBC has a few options available for routing calls.\nLocal-policy ENUM and Local Routing Table Trunk-group Registration Cache Service-Route Header routing Header Routing DNS Lookup Local Policy # The main method for routing calls. Matches based realm then longest match on either Request-URI or the From header. The ingress realm is determined the network interface, in the case of multiple realms the SBC will use the source IP of the session agent, then the sip interface, if none of these are unique then the addr-prefix on the realm will be used. Next hop configurations can be as follows.\nIP Addresses EMUN Servers Local Routing Tables Session-agents session-groups DNS Etc.. Notable Parameters # policy-priority Can be used to give higher matching priority to a local-policy, useful for 911. policy-attribute Is used to determine wha the next hop will be. Preference can be selected based on carrier, time, cost, SIP Methods, or Codec. With the result determining the realm used for egress(if left blank the SBC will use the realm on the session-agent) and next hop. more specific elements will be selected over less specific elements. e.g. time of day 0:00-24:00 vs 8:00-17:00(more specific). media-profile The SBC can routing incoming traffic based on Codec. terminate-recursion If set to enabled the SBC will not continue to search other policy-attributes. next-hop Defines a an object that is used as destination the that SBC will use to send a call to. This can be session\u0026ndash;agent, session-group, ldap, enum, etc. Session Constraints and Options # session-agents Can leverage constraints to influence local-policy routing decisions. With constraints enabled and max-sessions set to 1 the session agent would allow 1 call before being marks as unavailable in the local-policy evaluation. rate-constraints Can be used to limits calls based on individual methods. extra-methods-stats must be enabled to used this option. With rate-constraints you do not want to configure it to include ACK, PRACK, BYE, INFO, REFER. session-group One of a few method can be used to select a destination hunt, least busy, lowest sustained rate, round robin, and proportional distribution. proportional distribution Will distribute calls based on max-sessions configurations. Other Routing Options # Enhanced resolution of addresses can be located in the Contact header or the maddr parameter of a 3xx redirect message. The SBC will look for either a session-agent with a matching hostname or IP or session-group with a matching hostname as the group-name. This routing is enabled via the sip-interface and session-agent. redirect options are proxy, recurse, recurse-305-only Static flows is a unidirectional configuration that will allow the SBC to pass traffic from one realm to the next. DNS # There are a couple records that come into play when routing by DNS those include\nNAPTR Defines the type of service and transport protocol used. SRV Defines a target host and port to be used for connections. A(IPv4)/AAAA(IPv6) Defines a FQDN to IP mapping. When using DNS the order of operations are as follows.\nDetermine egress realm Determine egress realm network interface. From the network interface pull the configured DNS. Send a DNS request to the primary Server. If the primary fails then used the secondary. Preform a recursive lookup or additional queries depending on the NAPTR results. Setup the call based on FQDN results. With in the policy-attribute valid next hop entries are HOSTNAME:sip.oracle.com or DOMAIN:oracle.com\nENUM # Shot for E.164 number mapping. It can use DNS to locate services.\nThe number would be stored in e.164 format. Digits like + or - would then be removed. The order of the Digits would be replaced. Dots would be added in between each number. e164.arpa would be appended to the end. The domain name is queried for the records that defines the URI\u0026rsquo;s. With in the policy-attribute valid next hop entries are enum:enum-object\nLRT (Local Routing Table) # An LRT is a xml file that can be used to match a number to a destination. There can be ~500 LRT tables, 100,000 entries per LRT, and 2,000,000 per system. LRT\u0026rsquo;s use regex to parse the request-URI to find a routing match an example is below, refer to Using the Local Route Table LRT for Routing for more information.\n\u0026lt;?xml version=\u0026#34;1.0\u0026#34; encoding=\u0026#34;UTF-8\u0026#34;?\u0026gt; \u0026lt;localRoutes\u0026gt; \u0026lt;route format=”weighted”\u0026gt; \u0026lt;user type=\u0026#34;E164\u0026#34;\u0026gt;370\u0026lt;/user\u0026gt; \u0026lt;next prio=\u0026#34;0\u0026#34; weight=\u0026#34;40\u0026#34; type=\u0026#34;regex\u0026#34;\u0026gt;!^.*$!sip:\\0@SAG-CarrierA!\u0026lt;/next\u0026gt; \u0026lt;next prio=\u0026#34;0\u0026#34; weight=\u0026#34;30\u0026#34; type=\u0026#34;regex\u0026#34;\u0026gt;!^.*$!sip:\\0@SAG-CarrierB!\u0026lt;/next\u0026gt; \u0026lt;next prio=\u0026#34;0\u0026#34; weight=\u0026#34;20\u0026#34; type=\u0026#34;regex\u0026#34;\u0026gt;!^.*$!sip:\\0@SAG-CarrierC!\u0026lt;/next\u0026gt; \u0026lt;next prio=\u0026#34;1\u0026#34; weight=\u0026#34;10\u0026#34; type=\u0026#34;regex\u0026#34;\u0026gt;!^.*$!sip:\\0@SAG-CarrierD!\u0026lt;/next\u0026gt; \u0026lt;next prio=\u0026#34;2\u0026#34; weight=\u0026#34;10\u0026#34; type=\u0026#34;regex\u0026#34;\u0026gt;!^.*$!sip:\\0@SAG-CarrierE!\u0026lt;/next\u0026gt; \u0026lt;/route\u0026gt; \u0026lt;route\u0026gt; \u0026lt;user type=\u0026#34;E164\u0026#34;\u0026gt;371\u0026lt;/user\u0026gt; \u0026lt;next type=\u0026#34;regex\u0026#34;\u0026gt;!^.*$!sip:\\0@SAG-NoPrio1\u0026lt;/next\u0026gt; \u0026lt;next type=\u0026#34;regex\u0026#34;\u0026gt;!^.*$!sip:\\0@SAG-NoPrio2\u0026lt;/next\u0026gt; \u0026lt;/route\u0026gt; \u0026lt;/localRoutes\u0026gt; Type range and E164 cannot be used in the same file.\nLRT files are placed in the /code/lrt directory. When they have been updated. you must entry notify lrtd refresh \u0026lt;local-routing-config name\u0026gt; if you have HA then issue synchronize lrt /code/lrt/\u0026lt;filename\u0026gt;. The following is considered best practice.\nlocal-routing-config name lrt file-name lrt.xml.gz prefix-length 0 string-lookup disabled retarget-requests enabled match-mode best ","date":"February 7 2026","externalUrl":null,"permalink":"/posts/2026/02/oracle-sbc-routing.html","section":"Posts","summary":"","title":"Oracle SBC Routing","type":"posts"},{"content":"","date":"January 24 2026","externalUrl":null,"permalink":"/tags/kubernetes/","section":"Tags","summary":"","title":"Kubernetes","type":"tags"},{"content":"","date":"January 24 2026","externalUrl":null,"permalink":"/vendors/kubernetes/","section":"Vendors","summary":"","title":"Kubernetes","type":"vendors"},{"content":" Summary Terms # Pod: Is a wrapper that is placed around a container, Kubernetes manages pods. Nodes: Is a VM or physical machine that runs the PODS. Controller node: It is the node that manages the cluster. API Server: The broker between etcd and kubelet process running on worker nodes. Scheduler: The process that determines where pods will be ran. Controller-manager: A daemon that manages services such as the replication controller, endpoint controller, namespace controller. Kubectl: Connects to the API server and is used to control the cluster. Kubelet: Runs on all nodes, its main purpose is running pods, pods are defined by a json or yaml file refer to as a manifest. Container runtime: Kubelet is the process that runs the container runtime app to invoke a pods. Mainfest: The set of instructions that Kubernetes uses for provisioning. below is an example of a pod manifest. Resource Quota: Can be used to set a hard limit of what name space is allowed to consume. Probes: There are two types of probes liveness and readiness Liveness: Polls the pods to determine of the pod is responding. If the pod fails to respond after a period of time this probe will restart the pod. Readiness: Polls the pods to determine of the pod is responding. The readiness probe will not add the Pod to the loadBalancer unless the Pod passes the probe check. Deeper Dive # Namespaces # Kubernetes namespaces are a mechanism for logically partitioning a single physical Kubernetes cluster into multiple virtual clusters\nResource Scoping and Organization: Resources within a namespace must have unique names, but the same name can be reused in a different namespace (e.g., a \u0026ldquo;web-app\u0026rdquo; deployment can exist in both a dev and a prod namespace). Isolation: Namespaces provide logical isolation, ensuring that actions or resources in one namespace do not interfere with those in another. This separation is key to a stable multi-tenant environment. Access Control (RBAC): Namespaces are a fundamental component of Role-Based Access Control (RBAC). Administrators can define specific permissions for users or teams at the namespace level, ensuring they only have access to the resources they need. Resource Management and Quotas: Administrators can apply resource quotas and limit ranges to a namespace to control the total amount of CPU, memory, and storage that the contained pods and services can consume. This prevents any single team or application from monopolizing cluster resources. Network Policies: Network policies can be defined at the namespace level to control the flow of traffic between pods within a namespace or across different namespaces, adding an essential layer of security namespace assignment can be controlled via a manifest as well under the metadata section.\nmetadata: name: nginx namespace: demo command Function kubectl get namespace Lists all namespace kubectl create ns demo creates a namespace called demo kubectl describe ns demo Provides information about a namespace such as LimitRange resource, resource quota, and description kubectl delete ns demo removes namespace called demo Resource Quota # an API object that restricts the total amount of resources (CPU, memory, storage) and object counts (pods, services) a specific namespace can consume. If a namespace were restricted to 1Gb of memory and a series of pods have a requests value of 250m, you would be capped a 4 pods. as the 5th pod would exceed memory limits on the namespace.\nExample Resource Quota for a Namespace # The following content would be written to ResourceQuota.yaml and would apply 4 cpu and 1gb of memory\n--- apiVersion: v1 kind: ResourceQuota metadata: name: tiny-quota spec: hard: cpu: \u0026#34;4\u0026#34; memory: 1Gi command Function kubectl apply -f ResourceQuota.yaml -n demo Applies the above quota to the demo namespace kubectl describe ns demo Can be used to confirm that the quota is applied watch -n 0.1 kubectl describe ns demo Allows you to monitor kubectl output, Can be used to confirm that the quota is applied Example Resource Quota for a Pod # The following content would be written to manifest.yaml. If the following manifest were to be be used with the above resource quota, you would be capped a 4 pods. as the 5th pod would exceed both the CPU and Memory limits on the namespace.\n--- apiVersion: v1 kind: Pod metadata: name: nginx namespace: demo spec: containers: - name: nginx image: nginx:1.14.2 resources: requests: cpu: 1 core # = 1000 millicore, could be written as 250m for 1/4 a core memory: \u0026#34;250M\u0026#34; # limits: # limits must be at least the what is specified under requests cpu: 2 core memory: \u0026#34;500M\u0026#34; command Function kubectl create -f manifest.yaml Crates a Pod with the above manifest kubectl describe ns demo Can be used to confirm that the quota is applied watch -n 0.1 kubectl describe ns demo Allows you to monitor kubectl output, Can be used to confirm that the quota is applied Readiness Probes # There are two types of probes liveness and readiness for more information refer to (Configure Liveness, Readiness and Startup Probes)[https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/]\nLiveness Probe # How many consecutive failures before the container is killed?\n--- apiVersion: v1 kind: Pod metadata: name: nginx namespace: demo spec: containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80 livenessProbe: initialDelaySeconds: 2 # How soon after creation are probes being sent periodSeconds: 5 # How often there after are probes being sent timeoutSeconds: 1 # How long are we giving the container to respond to the probe failureThreshold: 3 # How many consecutive failures before the container is killed httpGet: # Method of the Probe, http GET to API /health port 80 path: /heath port: 80 Readiness Probe # How many consecutive failures before the container has traffic cut off?\n--- apiVersion: v1 kind: Pod metadata: name: nginx namespace: demo spec: containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80 readinessProbe: initialDelaySeconds: 2 # How soon after creation are probes being sent periodSeconds: 5 # How often there after are probes being sent timeoutSeconds: 1 # How long are we giving the container to respond to the probe failureThreshold: 3 # How many consecutive failures before the container has traffic cut off. httpGet: # Method of the Probe, http GET to API /health port 80 path: /heath port: 80 ConfigMap # a configMap is mounted as a volume to the pod. the Volume is mounted as a path to the container at a specific mount point. For more information refer to ConfigMaps\napiVersion: v1 kind: Pod metadata: name: nginx namespace: demo spec: containers: - name: nginx image: nginx:1.14.2 volumeMounts: - name: dc-list mountPath: \u0026#34;/config\u0026#34; # where in the container will this be mounted, This will OVERWRITE existing directories without a subpath. subPath: hero.txt # Allows you to write just a file to a directory. volumes: # You set volumes at the Pod level, then mount them into containers inside that Pod - name: config configMap: # Provide the name of the ConfigMap you want to mount. name: dc-list configMap: name: my-list For the purpose of this explanation list.txt would contain a simple list the actual content does not matter. If it would matter if was an configuration file.\ncommand Function kubectl apply -f manifest.yaml deploys a configmaps based of the above manifest kubectl get configmaps Lists configMaps kubectl create configmap my-list --from-file=list.txt Creates a configMap kubectl create cm my-list --from-file=list.txt shorthand version Creates a configMap kubectl describe cm my-list Provides detailed information about the configMap kubectl delete cm my-list removes configMap Secrets # A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. for more information refer to Secrets\nDefine a Secret # apiVersion: v1 kind: Secret metadata: name: mysql-secret type: kubernetes.io/basic-auth stringData: password: sup3rSecr3t command Function kubectl apply -f manifest.yaml deploys a Secret based of the above manifest kubectl get secrets Lists secrets kubectl create secret generic mysql-secret --type=kubernetes.io/basic-auth --from-literal=password=alta3 Creates a secret kubectl create secret -f secret.yaml Creates a secret from a file kubectl describe secret mysql-secret Provides detailed information about the secret kubectl delete secret mysql-secret removes secret Reference a Secret # To use a secret.\napiVersion: v1 kind: Pod metadata: name: mysql-locked spec: containers: - name: mysql image: mysql:8-debian env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: mysql-secret key: password ports: - containerPort: 3306 name: mysql command Function kubectl exec -it mysql -- bash Connect to the container echo $MYSQL_ROOT_PASSWORD Since secret was tied to an environment variable echo will print the password. Logs # Logging is a tool to help you troubleshoot issues in your container. More information can be found at kubectl logs\ncommand Function kubectl describe portainer-agent-7c9df8687-45m5s Gets information about the pod kubectl logs portainer-agent-7c9df8687-45m5s Gets detailed logging information about the container kubectl logs deportainer-agent-7c9df8687-45m5smo -c container2 Gets detailed logging information about the specified container when a pod has more than one container -c may be needed. kubectl logs portainer-agent-7c9df8687-45m5s --all-containers Gets detailed logging information about the all containers. kubectl logs portainer-agent-7c9df8687-45m5s -n portainer --all-containers Gets detailed logging information about the all containers in a specified namespace kubectl logs portainer-agent-7c9df8687-45m5s -n portainer --all-containers Gets detailed logging information about the all containers in a specified namespace kubectl logs portainer-agent-7c9df8687-45m5s -n portainer f Follows detailed logging information about the container in a specified namespace Labels # Labels are key/value pairs that are attached to objects such as Pods. Labels are intended to be used to specify identifying attributes of objects that are meaningful and relevant to users, but do not directly imply semantics to the core system. For more information refer to Labels and Selectors\napiVersion: v1 kind: Pod metadata: name: label-demo labels: environment: production app: nginx ver: 2 spec: containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80 command Function kubectl label pod label-demo app=nginx Can be used to add to existing labels. cannot overwrite existing labels kubectl label pod label-demo app=web --overwrite Can be used to overwrite a existing label. kubectl label pod label-demo app- Can be used to remove a existing label. kubectl get pods -L app Can be used to list Labels with a certain name kubectl get pods --selector=app=nginx Can be used to list pods that have a specified label and value Deployments # A Deployment manages a set of Pods to run an application workload, usually one that doesn\u0026rsquo;t maintain state. Deployments\nDeployments create replacasets and the replacasets create the pods\nDeployments allow for version control, zero down time, and accepts and change made to manifest yaml.\napiVersion: apps/v1 kind: Deployment metadata: # Metadata of the Deployment name: nginx-deployment # Name of the Deployment labels: app: nginx spec: # spec of the Deployment replicas: 3 selector: matchLabels: app: nginx template: # Starts the information of the Pod metadata: # Metadata of the Pod labels: app: nginx spec: # spec of the pod containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80 command Function kubectl apply -f manifest.yaml deploys a deployment based of the above manifest kubectl rollout history deploy nginx-deployment provides a list of changes to the deployment. e.g if you added a second container to the deployment kubectl rollout undo deploy nginx-deployment rolls a deployment back from the current revision to the previous revision kubectl create deployment nginx-deployment --image=nginx deploys a deployment named nginx using the image nginx kubectl scale deploy nginx -- replicas 3 can be used to increase the number of pods that a deployment is running kubectl get pods -o wide provides a list of running pods, includes IP and node information kubectl delete deployment nginx-deployment Provides detailed information about the deployment named ngnix Storage # Ways to provide both long-term and temporary storage to Pods in your cluster. For more information please refer to Storage\nhierarchy: Storage Classes -\u0026gt; Persistent Storage -\u0026gt; Volume Claim -\u0026gt; Volume\nStorage Classes # A StorageClass provides a way for administrators to describe the classes of storage they offer. Different classes might map to quality-of-service levels, or to backup policies, or to arbitrary policies determined by the cluster administrators. Kubernetes itself is unopinionated about what classes represent.\nSince a storage class is dependant on the provider a process for defining the class is being omitted from this document.\nPersistentVolume # # PersistentVolume manifest apiVersion: v1 kind: PersistentVolume metadata: name: nginx-pv spec: storageClassName: manual capacity: storage: 2Gi accessModes: - ReadWriteOnce # the Volume can only be mounted by one node at a time hostPath: path: \u0026#34;/mnt/data\u0026#34; # where on the node is the storage located --- # PersistentVolumeClaim manifest apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nginx-pvc spec: storageClassName: manual # must match storageClassName from the PersistentVolume manifest accessModes: - ReadWriteOnce resources: requests: storage: 1Gi --- # Pod manifest apiVersion: v1 kind: Pod metadata: name: nginx spec: nodeSelector: kubernetes.io/hostname: worker1 containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80 volumeMounts: name: nginx-storage mountPath: /etc/nginx/domains volumes: - name: nginx-storage persistentVolumeClaim: claimName: nginx-pvc command Function kubectl apply -f manifest.yaml deploys a deployment based of the above manifest kubectl get pv,pvc Provides a list of PersistentVolume and PersistentVolumeClaim information kubectl exec -it nginx -- bash Connect to the container to allow you to visually see the directory Networking # apiVersion: v1 kind: Pod metadata: name: nginx spec: containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80 command Function kubectl apply -f manifest.yaml deploys a deployment based of the above manifest kubectl create deployment nginx --image=nginx --port=80 --replicas=3 deploys a deployment named nginx using the image nginx kubectl expose deployment nginx deploys a service used by the deployment kubectl get service lists services kubectl describe svc nginx lists services Network Policies # If you want to control traffic flow at the IP address or port level (OSI layer 3 or 4), NetworkPolicies allow you to specify rules for traffic flow within your cluster, and also between Pods and the outside world. Your cluster must use a network plugin that supports NetworkPolicy enforcement. For more information refer to Network Policies\nThe below example work in an OR manor. ipBlock OR namespaceSelector OR podSelector\n# example allow apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: test-network-policy namespace: default # Target the namespace of the Pods this policy should apply against. spec: podSelector: # What Pods is this policy supposed to control matchLabels: role: db # If you are in the \u0026#34;default\u0026#34; namespace with the \u0026#34;db\u0026#34; label this policy would apply to you. policyTypes: - Ingress # Inbound Traffic - Egress # Outbound Traffic ingress: - from: - ipBlock: cidr: 172.17.0.0/16 # allows this from network range except: # blocks this from network range - 172.17.1.0/24 - namespaceSelector: # allow traffic from a namespace so long as it has the label \u0026#34;myproject\u0026#34; matchLabels: project: myproject - podSelector: # Allow traffic from a pod with the label \u0026#34;frontend\u0026#34; matchLabels: role: frontend ports: # Allow Traffic to this port - protocol: TCP port: 6379 egress: - to: - ipBlock: # allows this to network range cidr: 10.0.0.0/24 ports: # allows this to this port - protocol: TCP port: 5978 command Function kubectl apply -f manifest.yaml deploys a deployment based of the above manifest kubectl get pods --show-labels Displays a list of pods and the associated labels Other Examples # --- # example default deny apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-default-network-policy namespace: default # Target the namespace of the Pods this policy should apply against. spec: podSelector: {} # What Pods is this policy supposed to control policyTypes: - Ingress # Inbound Traffic - Egress # Outbound Traffic --- # example allow based off labels apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-default-network-policy namespace: default # Target the namespace of the Pods this policy should apply against. spec: podSelector: # What Pods is this policy supposed to control match labels: app: nginx # Deployment label policyTypes: - Ingress # Inbound Traffic ingress: - from: - podSelector: # What pods are allowed matchLabels: run: client # Pod with \u0026#34;client\u0026#34; label Service Manifest # In Kubernetes, a Service is a method for exposing a network application that is running as one or more Pods in your cluster. For more information refer to Service\n--- # apiVersion: networking.k8s.io/v1 kind: Service metadata: name: nginx-svc spec: selector: dem: pods ports: - protocol: TCP # Maps TCP 3423 on the service to port 80 on the container port: 3423 targetPort: 80 - protocol: TCP # Maps TCP 8080 on the service to port 4444 on the container port: 8080 targetPort: 4444 nodePort # Allows you to access a pod via a port on your node.\napiVersion: v1 kind: Service metadata: name: my-service spec: type: NodePort selector: app.kubernetes.io/name: MyApp ports: - port: 80 # By default and for convenience, the `targetPort` is set to # the same value as the `port` field. targetPort: 80 # Optional field # By default and for convenience, the Kubernetes control plane # will allocate a port from a range (default: 30000-32767) nodePort: 30007 command Function kubectl apply -f manifest.yaml deploys a deployment based of the above manifest kubectl expose pod nginx --type=\u0026quot;NodePort\u0026quot; deploys a service used by the deployment kubectl describe svc nginx Display information about the nodePort that was just created ","date":"January 24 2026","externalUrl":null,"permalink":"/posts/2026/01/kubernetes-concepts.html","section":"Posts","summary":"","title":"Kubernetes Concepts","type":"posts"},{"content":" Getting Started # Run a Pod # A Pod is a group of one or more containers that share storage (volumes) and networking resources (IP address, ports).\ncommand Function kubectl run nginx --image=nginx deploys a single Pod named nginx using the image nginx kubectl get pods -o wide provides a list of running pods, includes IP and node information kubectl describe pod nginx Provides detailed information about the pod named ngnix kubectl delete pod nginx Deletes a Pod named nginx Run a deployment # command Function kubectl create deployment nginx --image=nginx deploys a deployment named nginx using the image nginx kubectl get pods -o wide provides a list of running pods, includes IP and node information kubectl delete deployment nginx Provides detailed information about the deployment named ngnix Run a multi instance deployment # command Function kubectl create deployment nginx --image=nginx --replicas=2 deploys a deployment named nginx using the image nginx with two instances kubectl get pods -o wide provides a list of running pods, includes IP and node information kubectl delete deployment nginx Provides detailed information about the deployment named ngnix List Pods # command Function kubectl get all Lists all pods and deployments in the default namespace kubectl get pods -o wide provides a list of running pods, includes IP and node information kubectl get all -n \u0026lt;name space\u0026gt; Lists all pods and deployments in the specified namespace List Deployments # command Function kubectl get deployments.apps Lists all deployments in the default namespace kubectl get deployments --all-namespaces Lists all deployments in all namespaces kubectl get deployments -A Lists all deployments in all namespaces, just a short version kubectl get deployments -n \u0026lt;namespace-name\u0026gt; Lists all deployments in the specified namespace ConfigMaps # command Function kubectl get configmaps Lists configMaps kubectl create configmap dem-heros --from-file=heros.txt Creates a configMap kubectl create cm dem-heros --from-file=heros.txt shorthand version Creates a configMap kubectl describe cm dem-heros Provides detailed information about the configMap kubectl delete cm dem-heros removes configMap Secrets # command Function kubectl get secrets Lists secrets kubectl create secret generic mysql-secret --type=kubernetes.io/basic-auth --from-literal=password=alta3 Creates a secret from a cli command kubectl create secret -f secret.yaml Creates a secret from a file kubectl describe secret mysql-secret Provides detailed information about the secret kubectl delete secret mysql-secret removes secret Namespaces # command Function kubectl get namespace Lists all namespace kubectl create ns demo creates a namespace called demo kubectl describe ns demo Provides information about a namespace such as LimitRange resource, resource quota, and description kubectl delete ns demo removes namespace called demo Logs # command Function kubectl describe portainer-agent-7c9df8687-45m5s Gets information about the pod kubectl logs portainer-agent-7c9df8687-45m5s Gets detailed logging information about the container kubectl logs deportainer-agent-7c9df8687-45m5smo -c container2 Gets detailed logging information about the specified container when a pod has more than one container -c may be needed. kubectl logs portainer-agent-7c9df8687-45m5s --all-containers Gets detailed logging information about the all containers. kubectl logs portainer-agent-7c9df8687-45m5s -n portainer --all-containers Gets detailed logging information about the all containers in a specified namespace kubectl logs portainer-agent-7c9df8687-45m5s -n portainer --all-containers Gets detailed logging information about the all containers in a specified namespace kubectl logs portainer-agent-7c9df8687-45m5s -n portainer f Follows detailed logging information about the container in a specified namespace Labels # command Function kubectl label pod label-demo app=nginx Can be used to add to existing labels. cannot overwrite existing labels kubectl label pod label-demo app=web --overwrite Can be used to overwrite a existing label. kubectl label pod label-demo app- Can be used to remove a existing label. kubectl get pods -L app Can be used to list Labels with a certain name kubectl get pods --selector=app=nginx Can be used to list pods that have a specified label and value Remove Deployments # kubectl delete deployment \u0026lt;deployment-name\u0026gt; -n \u0026lt;namespace\u0026gt; Non Out of the box commands # Metrics # command Function kubectl top nodes Provides the memory and CPU usage for a node kubectl top pods -A Provides the memory and CPU usage for pods in all name spaces kubectl top pods -n \u0026lt;namespace\u0026gt; Provides the memory and CPU usage for pods in the specified namespace kubectl top pods -n \u0026lt;namespace\u0026gt; Provides the memory and CPU usage for pods in the specified namespace ","date":"January 24 2026","externalUrl":null,"permalink":"/posts/2026/01/kubernetes-commands-notes.html","section":"Posts","summary":"","title":"Kubernetes Commands Notes","type":"posts"},{"content":"Thanks to the following source medium\nKubernetes Install # this config is tested on Ubuntu 24.04.3 LTS\nGlobal Config # Apply updates and reboot.\nsudo apt update sudo apt upgrade sudo reboot Add settings to containerd.conf\nsudo tee /etc/modules-load.d/containerd.conf \u0026lt;\u0026lt;EOF overlay br_netfilter EOF sudo modprobe overlay sudo modprobe br_netfilter Add settings to kubernetes.conf Allow IPv4, IPv6 and IP forwarding\nsudo tee /etc/sysctl.d/kubernetes.conf \u0026lt;\u0026lt;EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF Reload updated config\nsudo sysctl --system Install required tools and CA certificates\nsudo apt install -y curl gnupg2 software-properties-common apt-transport-https ca-certificates nano Add Docker repository\nsudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/docker.gpg sudo add-apt-repository \u0026#34;deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\u0026#34; Then, install containerd\nsudo apt update sudo apt install -y containerd.io containerd config default | sudo tee /etc/containerd/config.toml \u0026gt;/dev/null 2\u0026gt;\u0026amp;1 sudo sed -i \u0026#39;s/SystemdCgroup \\= false/SystemdCgroup \\= true/g\u0026#39; /etc/containerd/config.toml sudo systemctl restart containerd sudo systemctl enable containerd a fix was needed github\necho \u0026#34;deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /\u0026#34; | sudo tee /etc/apt/sources.list.d/kubernetes.list curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg Install kubectl, kubeadmin and kublet:\nsudo apt update sudo apt install -y kubelet kubeadm kubectl sudo apt-mark hold kubelet kubeadm kubectl modify ‘/etc/hosts’ file to add hostnames of each node.\nsudo nano /etc/hosts Now, add the local IP addresses of all the computers that will be part of the cluster to the /etc/hosts file, and then save it. (Note: The following IP addresses are examples, the actual hostnames will vary depending on your environment.\n192.168.1.150 master.local master 192.168.1.151 worker1.local worker1 192.168.1.152 worker2.local worker2 192.168.1.153 worker3.local worker3 Install Docker Community Edition\nsudo apt-get install docker-ce Open TCP port for K8s API communication (default 6443)\n# Open TCP port for K8s API (default 6443) sudo iptables -A INPUT -p tcp --dport 6443 -j ACCEPT Linux nodes support swap; you need to configure each node to enable it. By default, the kubelet will not start on a Linux node that has swap enabled.\n# To diable swap sudo swapoff -a sudo sed -i \u0026#39;/ swap / s/^\\(.*\\)$/#\\1/g\u0026#39; /etc/fstab open /etc/fstab file to check swap is commented out\nsudo nano /etc/fstab Finally, reboot, and double check swap is gone.\nsudo reboot after reboot, check the swap is gone\nfree -h Master Setup # Now, it’s time for setting up Master Node. This section will take a bit to run,\n# Set hostname for each machine sudo hostnamectl set-hostname \u0026#34;master.local\u0026#34; exec bash only for master node\nsudo kubeadm config images pull sudo reboot Update control plane endpoint with your hostname or use master.local\n# note: \u0026#39;--ignore-preflight-errors=all\u0026#39; is added # due to initialization stops with some minor errors sudo kubeadm init --control-plane-endpoint=master.local --ignore-preflight-errors=all # Copy /etc/kubernetes/admin.conf for using the node # as a Non-root user # Create .kube/config mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Metric Add-on # Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.\nkubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml kubectl patch deployment metrics-server -n kube-system --type \u0026#39;json\u0026#39; -p \u0026#39;[{\u0026#34;op\u0026#34;: \u0026#34;add\u0026#34;, \u0026#34;path\u0026#34;: \u0026#34;/spec/template/spec/containers/0/args/-\u0026#34;, \u0026#34;value\u0026#34;: \u0026#34;--kubelet-insecure-tls\u0026#34;}]\u0026#39; kubectl get apiservice | grep metrics CNI Install # Now you need to install a CNI addon. Choose one, for this guide I included the steps for either Cilium or Calico.\nCilium # sudo apt-get install curl gpg apt-transport-https --yes curl -fsSL https://packages.buildkite.com/helm-linux/helm-debian/gpgkey | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg \u0026gt; /dev/null echo \u0026#34;deb [signed-by=/usr/share/keyrings/helm.gpg] https://packages.buildkite.com/helm-linux/helm-debian/any/ any main\u0026#34; | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list sudo apt-get update sudo apt-get install helm { CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt) CLI_ARCH=amd64 if [ \u0026#34;$(uname -m)\u0026#34; = \u0026#34;aarch64\u0026#34; ]; then CLI_ARCH=arm64; fi curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum} sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum} } cilium install --version 1.18.6 kubectl get pods -A cilium status --wait cilium hubble enable cilium status { HUBBLE_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/hubble/master/stable.txt) HUBBLE_ARCH=amd64 if [ \u0026#34;$(uname -m)\u0026#34; = \u0026#34;aarch64\u0026#34; ]; then HUBBLE_ARCH=arm64; fi curl -L --fail --remote-name-all https://github.com/cilium/hubble/releases/download/$HUBBLE_VERSION/hubble-linux-${HUBBLE_ARCH}.tar.gz{,.sha256sum} sha256sum --check hubble-linux-${HUBBLE_ARCH}.tar.gz.sha256sum sudo tar xzvfC hubble-linux-${HUBBLE_ARCH}.tar.gz /usr/local/bin rm hubble-linux-${HUBBLE_ARCH}.tar.gz{,.sha256sum} } hubble status -P cilium hubble port-forward\u0026amp; hubble observe cilium hubble enable --ui Calico # Download calicoctl\n# Install Calico Network Plugin # Check here https://docs.tigera.io/calico/latest/getting-started/kubernetes/self-managed-onprem/onpremises kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.31.0/manifests/calico-typha.yaml kubectl rollout status -n kube-system ds/calico-node Kubernetes Worker Node Install # Connect the Master Node with Worker Nodes # Then pull the token from the control plane node.\nsudo kubeadm token create --print-join-command Connecting worker nodes to the master node is a straightforward process. To connect a computer that will serve as a worker node, log in to that computer (either via SSH or directly) and perform the from the sudo kubeadm token create --print-join-command command.\n# \u0026#39;--ignore-preflight-errors=all\u0026#39; used to bypass on minor errors sudo kubeadm join master.local:6443 --token ...REDACTED... --discovery-token-ca-cert-hash sha256:...REDACTED... --ignore-preflight-errors=all # reboot sudo reboot After rebooting each worker nodes, verify on the master node that the connection has been established correctly.\nTroubleshooting # # node Information kubectl get nodes kubectl describe node \u0026lt;node name\u0026gt; # Pod information kubectl get pods -n kube-system -o wide kubectl describe pod \u0026lt;pod-name\u0026gt; -n kube-system # pull logs kubectl get pods -n kube-system -l k8s-app=calico-node kubectl logs \u0026lt;calico-node-pod-name\u0026gt; -n kube-system kubectl describe pod \u0026lt;calico-node-pod-name\u0026gt; -n kube-system References # github medium calico troubleshooting calico on-prem install ","date":"January 18 2026","externalUrl":null,"permalink":"/posts/2026/01/kubernetes-install-notes.html","section":"Posts","summary":"","title":"Kubernetes Install Notes","type":"posts"},{"content":"","date":"January 4 2026","externalUrl":null,"permalink":"/vendors/platform-agnostic/","section":"Vendors","summary":"","title":"Platform-Agnostic","type":"vendors"},{"content":"","date":"January 4 2026","externalUrl":null,"permalink":"/tags/sip-definitions/","section":"Tags","summary":"","title":"SIP Definitions","type":"tags"},{"content":" Definitions # Transactions # A transaction consists of a Request, any non-final (1xx) Responses received, and a final Response (2xx, 3xx, 4xx, 5xx, or 6xx), as well as the acknowledgements of the Responses (ACK or PRACK), except for ACKs to 2xx Responses. For example:\nSIP peer A sends an INVITE Request to SIP peer B SIP peer B returns a Response of 100 TRYING; this is a non-final Response, so the transaction is not completed yet SIP peer B returns 200 OK (a final response), accepting the invitation; this completes the transaction Basically, one complete Request-Response.\nStackoverflow\nDialogs # A dialog is just a series of transactions between two SIP peers. The purpose of a dialog is to setup, possibly modify, and then teardown a session. Hence the name Session Initiation Protocol. Since there could be many dialogs in progress between two SIP peers at any time (e.g. there could be many simultaneous calls in progress between two SIP servers), dialogs are identified by the From, To, and Call-ID fields in the header. So if SIP peer A gets two BYE Requests at the same time, it can look at these fields to determine which dialog they belong to. A typical set of transactions you might see in a dialog could include:\nSIP peer A invites SIP peer B to a session and suggests a certain codec, but does not include authentication and so is rejected SIP peer A again invites SIP peer B to a session, this time supplying authentication, and the invitation is accepted SIP peer B sends an invitation to change the codec used, and it is accepted SIP peer A ends the session Stackoverflow\n","date":"January 4 2026","externalUrl":null,"permalink":"/posts/2026/01/sip-notes-and-sip-definitions.html","section":"Posts","summary":"","title":"SIP Notes and SIP Definitions","type":"posts"},{"content":"","date":"January 4 2026","externalUrl":null,"permalink":"/categories/networking/","section":"Categories","summary":"","title":"Networking","type":"categories"},{"content":" Notes # This section is to help make notes for RFC\u0026rsquo;s of various topics.\nIP Addressing # Documentation # RFC 5737: IPv4 Address Blocks Reserved for Documentation: Specifies IPv4 blocks for examples: 192.0.2.0/24 (TEST-NET-1) 198.51.100.0/24 (TEST-NET-2) 203.0.113.0/24 (TEST-NET-3) RFC 3849: IPv6 Address Prefix for Documentation: Reserves the 2001:DB8::/32 prefix for IPv6 documentation. Internal Networking # RFC 1918: Address Allocation for Private Internets: Defines private, non-routable IPv4 addresses (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) for internal use, not documentation, but useful for internal examples. RFC 5735: Special Use IPv4 Addresses: A broader document that lists 169.254.0.0/16 as a \u0026ldquo;link-local\u0026rdquo; block for single-link communication. RFC 6598: To provide IP address space for large-scale CGNAT deployments by Internet Service Providers (ISPs) as IPv4 addresses deplete. DNS # Reserved # -RFC 2606: Reserved Top Level DNS Names: Reserves domain names like .test, .example, .invalid, and .localhost for documentation.\n","date":"January 4 2026","externalUrl":null,"permalink":"/posts/2026/01/notable-rfcs.html","section":"Posts","summary":"","title":"Notable RFC's","type":"posts"},{"content":"","date":"January 4 2026","externalUrl":null,"permalink":"/tags/rfcs/","section":"Tags","summary":"","title":"RFC's","type":"tags"},{"content":"","date":"January 2 2026","externalUrl":null,"permalink":"/tags/hmr/","section":"Tags","summary":"","title":"HMR","type":"tags"},{"content":" HMR Rule Notes # HMR rules are are stateless rule-sets that can edit any header, SDP in a sip message. You can only have one rule-set for inbound or outbound messages but any number of header rules or element rules in a rule-set.\nMore information can be found on the Oracle website Header Manipulation Rules Guide - for Service Provider and Enterprise\nGuide Lines # Define Storage rules first. Rules should be implemented at the element rule level and not the header-rule level. use multiple element rules to modify a header. Do not use multiple header rules. For better performance it is best to use built in variables. Avoid lengthy matches unless necessary. Constrain your SIP method and message type. Terms # Regex: short for regular expression Header-rules: used for the entire header. Element rule: used for specific parts of a header. It is a sub-element of header-rules. This option is needed to store sub-elements of a header. Header Breakdown # The following outlines the sections of a header. It is useful to keep this info in mind for identifying the sections of a header. Using the following from header as an example. The parameter breakdown would be as follows.\nFrom: \u0026#34;Test Phone Display\u0026#34; \u0026lt;sip:4085151111@10.10.9.132:5060\u0026gt;;tag=ECC78E56-382 uri-header = From: \u0026quot;Test Phone Display\u0026quot; \u0026lt;sip:4085151111@10.10.9.132:5060\u0026gt;;tag=ECC78E56-382 uri-header-name = From header-value = \u0026quot;Test Phone Display\u0026quot; \u0026lt;sip:4085151111@10.10.9.132:5060\u0026gt;;tag=ECC78E56-382 uri-display = Test Phone Display uri-user = 4085151111 uri-host = 10.10.9.132 uri-port = 5060 header-param-name = tag header-param = tag=ECC78E56-382 plus more. Order of Operations # Hardware Level processing (DDoS, ACL\u0026rsquo;s, Policers, Decryption, etc.). Software Level Processing (Dos, Authorization, Allowed Methods, etc.). Inbound Rules. HMR. Number Translation. Call Routing. Lookup Table for Media. Outbound Rules Outbound HMR. QoS. Number Translation. Hardware Level processing: transmit to port / VLAN. HMR Structure # header-rules # Edit the entire header depending on the following settings.\nheader-name: the header you wish to act on. via, request-uri, from, to, etc. Case-insensitive. Must match a actual header in the SIP message. To match a status code(e.g. 404) you can use @status-line. To manipulate the SDP body you can use content-type. action: what action you will take on the header. add, delete, manipulate (requires element-rule), store (may need an element-rule if you want to store part of a header). find-replace-all: matching on a specific value. reject: rejects requests but not responses. log: creates an entry in matched.log every time it executes. comparison-type: How you should match you header / element. Options are case-sensitive, case-insensitive, pattern-rule, boolean, refer-case-sensitive(does not work with action store), refer-case-insensitive(does not work with action store) methods: What SIP methods you want the rule to apply to. e.g. INVITE, REGISTER. If this option is left blank it will apply to all methods match-value: used with comparison-type, the actions will only be preformed if the match-value matches the value in the message. new-value: + will append. +^ will prepend. - will truncate. -^ will truncate from the front. element-rule # Edit specific parts of a header, only runs if the header-rule condition matches. sub-element of a header are header-value, uri-display, uri-user, uri-host, uri-port, header-param-name, header-param.\nyou can have multiple rules, each rule should operate on one part of the header. e.g. one rule for each of the following header-value, uri-display, uri-user, uri-host, uri-port, header-param-name, header-param parameter-name: using the below example it would be either branch or tag if type is set to header-param. \u0026quot;Test Phone Display\u0026quot; \u0026lt;sip:4085151111@10.10.9.132:5060\u0026gt;;branch=dvfs09fdas909fdsfdsf;tag=ECC78E56-382 type: This would be one of the following types. example data included. header-value = \u0026quot;Test Phone Display\u0026quot; \u0026lt;sip:4085151111@10.10.9.132:5060\u0026gt;;branch=dvfs09fdas909fdsfdsf;tag=ECC78E56-382 uri-display = Test Phone Display uri-user = 4085151111 uri-host = 10.10.9.132 uri-port = 5060 header-param = branch=dvfs09fdas909fdsfdsf;tag=ECC78E56-382 plus more. action: what action you will take. add, delete, manipulate, store. Built-In Variables # These variables are all caps and can include a _ they will begin with a $. A couple common variables are as follows.\nVariables Function $LOCAL_IP IP address of the SIP interface on which the message was received for inbound manipulation or sent on for outbound manipulation. $REMOTE_IP IP address the message was received from for inbound manipulation or sent to for outbound manipulation. $ORIGINAL Original value of element $CRLF will resolve \\r\\n For a complete list you can refer to this guide HMR Components\nBoolean Results # Boolean values are used in a similar manor to their stored regex match. if the match-value pattern matches a result then the Boolean is True. this result can be used later in other header-rules or elements-rules. a ! can be used to match on the opposite of the match value for negation match.\nDuplicate Headers # With the below example you write a head rule to look ar all headers or a subset.\nDiversion: \u0026lt;sip:fsifhjdfFDSF494+3mnrfew@10.0.0.10:5060;lrltransport=udp\u0026gt; Diversion: \u0026lt;sip:fsifhjdfFDSF494+3mnrfew@10.0.0.10:5060;lrltransport=udp\u0026gt; Diversion Looks at all Route headers Diversion[n] [n] is the Array index 0 would be first 1 would be second Diversion[~] First matched header Diversion[^] Last stored header Diversion[*] All headers Subgroups # used to replace portions of a regex pattern. the syntax is formed by adding [[:n:]] to the end of the regex pattern. n is the group to replace.\nsip:user()@host[[:1:]] would match the empty () in user() sip:user()@(host)[[:2:]] would match the host in (host) MIME Manipulations # MIME are considered an attachment to the SIP Header Message. MIME manipulations use the same header / element structure. they may use more system resources. actions like find-replace-all should only be used if there are no other options. the following escaped characters can be used. the entire SDP message is also a single string so any rule will execute against the entire SDP body.\nEscape Characters Function \\s Whitespace \\S Non-Whitespace \\d digits \\D non-digits \\n New Line \\r Carrige Return \\R Any \\r,\\n or \\r\\n \\w Word \\A Beginning of buffer \\Z End of Buffer \\f From feed \\t tab \\v Vertical Tab When matching an SDP body use of .* or .+will only match a single line of a SDP body because . exempts carriage return. To match multiple lines you can use \\,* or \\,+\nExamples # Blacklisting a Call # You can use the following configuration in a element rule to reject a call.\nheader-rule name from_1313555 header-name from action reject comparision-type pattern-rule msg-type request methods INVITE match-value ^1313555 new-value 403:Blacklisted Convert a SIP Response # header-rule name 404to200 header-name @status-line action manipulate comparision-type case-sensitive msg-type reply methods OPTIONS element-rule name updateStatus type status-code action replace match-val-type any match-value 404 new-value 200 element-rule name updateReason type reason-phrase action replace match-val-type any match-value Not Found new-value \u0026#34;Ping OK\u0026#34; Find Replace All on SDP # sip-manipulation name removePtime desciription Remoes the ptime attribute header-rule name ConentTypeManip header-name Content-Type action mainpulate comparision-type case-sensitive msg-type request methods INVITE element-rule name removePTime parameter-name application/SDP type mime action find-replace-all match-val-type any comparision-type patteren-rule match-value a=ptime: [0-9]{1,2}{\\n|\\r\\n} new-value Testing Sip Manipulations # test-sip-manipulation # This can be done from the CLI if you make changes to a sip-manipulation while testing you may need to do refresh-manipulations for changes to reflect in the tool.\ntest-sip-manipulation sip-manipulation \u0026lt;name of sip-manipulation\u0026gt; load-sip-message \u0026lt;an example SIP message\u0026gt; debugging enabled execute test-pattern-rule # test-pattern-rule allows you to check your matching logic and confirm the group that the SBC will return. This can be done from the CLI.\nexpression \u0026lt;you expression\u0026gt; string \u0026lt;sting\u0026gt; show example\nexpression \u0026#34;.*(;branch=(.+)).*\u0026#34; string \u0026#34;Test Phone Display\u0026#34; \u0026lt;sip:4085151111@10.10.9.132:5060\u0026gt;;branch=dvfs09fdas909fdsfdsf;tag=ECC78E56-382\u0026#34; show Pattern Rule: Expression : .*(;branch=(.+)).* String : Display\u0026#34; \u0026lt;sip:4085151111@10.10.9.132:5060\u0026gt;;branch=dvfs09fdas909fdsfdsf;tag=ECC78E56-382 Matched : TRUE Matches: $0 Display\u0026#34; \u0026lt;sip:4085151111@10.10.9.132:5060\u0026gt;;branch=dvfs09fdas909fdsfdsf;tag=ECC78E56-382 $1 ;branch=dvfs09fdas909fdsfdsf;tag=ECC78E56-382 $2 dvfs09fdas909fdsfdsf;tag=ECC78E56-382 ","date":"January 2 2026","externalUrl":null,"permalink":"/posts/2026/01/oracle-sbc-notes.html","section":"Posts","summary":"","title":"Oracle SBC HMR Notes","type":"posts"},{"content":" Learning Notes # This section is meant to cover notes about Oracle SBC\u0026rsquo;s and related information.\nOracle SBC\u0026rsquo;s are meant to act as a B2BUA. This means that it will re-originate traffic and rewrite fields such as the request-uri, via, contact, call-id, etc for topology hiding.\nIdeal first time setup configuration items # Set the VM RAM to a required level then change the HDD to be (RAM*2) + 12Gb.\nprompt-enable enable format hard-disk Terms # realm: is a container of resources, this must contain a sip-interface and a steering-pool. A realm can also be configured in a parent child manor. address-prefix can be used as a form of CAC to whitelist networks so that a realm will only send / receive traffic to networks defined in the prefix. steering-pool: using for binding media and signaling to a interface. When configuring a steering-pool the network interface parameter is left blank unless you are going to use a separate interface for media from your signaling. sip-config: global config, it is needed for the SBC to handle SIP traffic. operation-mode: should be \u0026ldquo;dialog\u0026rdquo; for the SBC to act as a B2BUA dialog-transparency: Control topology hiding for call ID\u0026rsquo;s. defaults to enable and does not change Call ID\u0026rsquo;s. local-policy: Call routing polices are defined with this element. use the to-address to route calls based of the request uri. session-agent: A more privileged endpoint from the SBC point of view. constraints: Set to enabled to be able to configure items like max-sessions, like max-inbound-sessions, like max-outbound-sessions, etc.. Constraints can be used un conjunction with a session-group to trigger the next routing choice when a session-group is set to hunt. Saving and Reverting configs # Taking a backup from the CLI.\nbackup-config \u0026lt;name-of-backup\u0026gt; [running | editing] Arguments\nEnter the name of the backup configuration file. running- Backup the configuration from the running configuration cache. This is an optional argument. editing- Backup the configuration from the editing configuration cache. This is an optional argument. Restoring a backup from the CLI.\nrestore-backup-config running verify-config save-config activate-config Monitor and Trace # The trace menu is limited to 50 messages per session. If a call has more than 50 messages the oldest message is over written.\nInterfaces # when deploying a VM these interfaces will not be a 1:1 match on the vmware NIC order. From the CLI you will have to run int interface-swap command in order to fix the order.\nwancom0 - Used for management wancom1 - Used for HA wancom2 - Used for HA S0P0 - Used for calling S0P1 - Used for calling S1P0 - Used for calling S1P1 - Used for calling Network-interface # system interfaces such as wancom are meant for management, not voip traffic. Media interfaces by default will only allow VoIP traffic. Traffic such as ICMP has to be permitted. usable names are as follows.\nS0P0 S0P1 S1P0 S1P1 hip-ip-list is needed to be configured as well as icmp-address to be able to ping the media interfaces, multiple addresses can be configured as well.\nOrder of operations for first time setup # system-config filter-config sip-monitoring enable media-manager sip-config phy-interface Order of operations for a basic call flow # network-interface sip-manipulation realm sip-interface steering-pool session-agent session-group(optional) local-policy Routing Logic # the SBC will look at the ingress realm. then look at all the local polices that are configured. it will ignore the policies that do not match the from and to params. Then it will look at all routes remaining, the SBC will then select the route. next it will pick lowest cost then media codec then the most specific to address then the most specific from address then the smallest day in week range then the smallest time of day range. lastly it will choose a policy with the to and from set to \u0026ldquo;*\u0026rdquo;. HA Considerations # If you are setting up HA for an existing device make sure you have a backup. Passwords and features should match Features must have HA enabled. Make sure you have the targetname set in you bootparams. Define your phy-interface virtual MAC Configure NTP and cable the wancom ports. Configure wancom port on the primary then secondary nodes. wancom1 health score should be a 8. wancom2 health score should be a 9. Addressing should be in the RFC 3330 range. wancom ports will only use the primary and secondary utility address fields. Configure HA redundancy on the primary then secondary nodes. health-threshold is the value that causes a graceful switch over. emergency-threshold causes a immediate switch over. percent-drift * advertisement-time will determine the amount of time the SBC will wait for a response. Reboot the primary node. Once the secondary node acquires the config reboot it. acquire-config 192.0.2.1 reboot force activate run show health to make sure that the cluster health is 100 ","date":"December 31 2025","externalUrl":null,"permalink":"/posts/2025/12/oracle-sbc-notes.html","section":"Posts","summary":"","title":"Oracle SBC Notes","type":"posts"},{"content":" Engineering Log \u0026amp; Infrastructure Architecture Notes # This website functions as my live engineering log and technical reference archive, updated regularly with real-world production workflows and deployment scripts. Below, you will find an overview of my core technical competencies alongside an indexed feed of my latest architectural deep-dives. Jump straight to the Recent section below to read my newest articles.\nAbout the Author: M. Curtis # Welcome to my technical engineering archive. This site serves as a live knowledge base and reference repository documenting my hands-on experience across enterprise network infrastructure, Cisco Unified Communications (UC), DevOps automation, and robust cybersecurity architectures.\nAs a seasoned infrastructure engineer, these notes capture production workflows, deployment scripts, and architectural deep-dives designed to solve complex real-world technical challenges.\nTechnical Skills \u0026amp; Core Competencies # My hands-on technical expertise spans across multiple generations of enterprise infrastructure, system administration, and software automation.\nNetwork Engineering \u0026amp; Architecture # Core Networking: Comprehensive implementation of TCP/IP, IPv4/v6 dual-stack topologies, DHCPv6, SLAAC, DNS, WINS, and NTP. Routing \u0026amp; Switching: Advanced configurations on Cisco IOS, IOS-XE, NX-OS, and Brocade FastIron OS. Expert-level deployment of OSPF, EIGRP, HSRP, Inter-VLAN routing, VTP, STP, and RSTP. Traffic Analysis \u0026amp; Monitoring: Granular network visibility utilizing SFLOW, NETFLOW, and deep-packet analysis via Wireshark. Enterprise Wireless: Full-lifecycle deployment and tuning of Cisco Wireless LAN Controllers (WLC) and Catalyst 9800 series infrastructure. Unified Communications \u0026amp; Collaboration (UC \u0026amp; C) # Cisco Collaboration Suite: End-to-end administration and design of Cisco Unified Communications Manager (CUCM / CallManager v5.x through v15.x), Unity Connection (CUC v2.x–v15.x), and Cisco IM \u0026amp; Presence (IM\u0026amp;P v8.x–v12.x). Contact Center Systems: Advanced deployment of UCCX (including custom workflow scripting), UCCE, IP/IVR, CVP, and Cisco Interaction Manager (EIM/WIM). Voice Gateways \u0026amp; Protocols: Comprehensive handling of SIP, H323, MGCP, and SCCP signaling, alongside Digital PRI/T1 lines and analog FXO/FXS interfaces. Paging \u0026amp; Endpoints: Integration of Informacast (Cisco Paging Server), Cisco VCS, Jabber, and Cisco Collaboration on UCS hardware (BE6000), alongside Microsoft Teams and Webex cloud migrations. Emergency Services: Design and provisioning of enterprise E911 architectures. Cybersecurity \u0026amp; Access Control # Firewall Infrastructure: Implementation of Next-Generation Firewalls (NGFW) including Cisco Firepower Threat Defense (FTDv) managed via Firepower Management Center (FMC), legacy Cisco ASA appliances, Fortigate, and Palo Alto Networks. Identity \u0026amp; Access Management: Hardening environments using AAA protocols, TACACS+, RADIUS, DUO Multi-Factor Authentication, and Active Directory. Traffic Security \u0026amp; Encryption: Deployment of Secure Sockets Layer (SSL/TLS), automated certificate management with Let’s Encrypt, Web Application Firewalls (WAF), Reflexive Access Control Lists (ACLs), and secure VPN tunnels. Infrastructure Automation \u0026amp; Operating Systems # DevOps \u0026amp; Programming: Building automation playbooks and infrastructure-as-code using Ansible, Python, Bash scripting, Java, and C#. Containerization \u0026amp; Web Services: Microservice deployment via Docker, reverse proxy and web serving with NGINX, and domain name management via BIND. Operating System Administration: System hardening and maintenance across Linux distributions (AlmaLinux, CentOS, Debian) and Microsoft environments ranging from Windows Server 2003 through 2019, alongside legacy DOS and enterprise client operating systems. Storage \u0026amp; Enterprise Virtualization # Hypervisors: Virtualizing mission-critical environments using VMware ESXi and vSphere infrastructure management. Storage \u0026amp; Utilities: Management of FreeNAS storage arrays, NFS shares, SMTP relays, backup automation with GhettoVCB, and Network UPS Tools (NUT) for power resilience. Enterprise Tools: Git-based workflows via GitHub, agile tracking in Jira, and enterprise ITSM delivery through ServiceNow and the Microsoft Office suite (including advanced Visio mapping). Industry Certifications # To validate my technical competencies, I maintain an active portfolio of rigorous industry credentials alongside a strong foundation in legacy technologies.\nActive Cisco Credentials # CCNP Collaboration: Cisco Certified Network Professional validating advanced skills in designing, implementing, and troubleshooting complex collaboration solutions. CCNA DevNet: Validation of software development capabilities, API integrations, and automation workflows within Cisco ecosystems. Cisco Certified Specialist Core Designations: Specialist - Collaboration Core Specialist - Enterprise Core Specialist - Security Core Specialist - Collaboration Applications Specialist - Collaboration Call Control \u0026amp; Mobility Implementation Specialist - Collaboration Cloud \u0026amp; Edge Implementation Cisco Architecture Representatives: Cisco Video Network Representative Express Collaboration Systems Engineer Representative Express Collaboration Systems Engineer Representative v2 Historical \u0026amp; Expired Certifications # These credentials represent historical milestones and deep foundations in foundational networking paradigms:\nCisco Engineering \u0026amp; Design: CCDA (Cisco Certified Design Associate), CCNA Routing and Switching, CCNA Security, and Unified Call Center Enterprise Support Specialist. Wireless \u0026amp; Broadband: Certified Wireless Network Administrator (CWNA), Bridgewave Certified Engineer (BCE), Proxim Certified Wi-Fi Engineer (PCWE), Proxim Certified Broadband Associate (PCWA), and Proxim Certified Broadband Engineer (PCBE). Higher Education \u0026amp; Academic Background # My technical expertise is supported by structured academic training in systems engineering and software development.\nAssociate Degree in Technology Services – Oakland Community College Associate Degree in General Education – Oakland Community College Specialized Academic Coursework: Advanced Java Programming and Object-Oriented Software Design. ","date":"December 21 2025","externalUrl":null,"permalink":"/","section":"Mike Curtis - Networking and UC Blog","summary":"Notes on Cisco networking, CCNP, VoIP/SBC, Kubernetes, Linux, and security infrastructure from a seasoned collaboration engineer","title":"Mike Curtis - Networking and UC Blog","type":"page"},{"content":"","date":"August 29 2025","externalUrl":null,"permalink":"/tags/bfd/","section":"Tags","summary":"","title":"BFD","type":"tags"},{"content":"","date":"August 29 2025","externalUrl":null,"permalink":"/vendors/fortinet/","section":"Vendors","summary":"","title":"Fortinet","type":"vendors"},{"content":"This article is for troubleshooting BFD on multiple platforms.\nFortinet # Check BFD neighbors:\nget router info bfd neighbor Check BFD requests: get router info bfd requests Cisco # This command provides details of the configured BFD neighbors. This includes all neighbors independent of current state.\nshow bfd neighbor details The show bfd summary command provides multiple quick outputs of the active client protocols.\nshow bfd summary client This command shows BFD packets dropped on the local device and the reason. If local drops are incremented, this can cause sessions to flap.\nshow bfd drops ","date":"August 29 2025","externalUrl":null,"permalink":"/posts/2025/08/troubleshootbfd.html","section":"Posts","summary":"","title":"Troubleshoot BFD","type":"posts"},{"content":"","date":"November 26 2024","externalUrl":null,"permalink":"/tags/aci/","section":"Tags","summary":"","title":"ACI","type":"tags"},{"content":" This article goes over interface provisioning for ACI.\nDefine and create policies such as CDP, LLDP, Netflow, or 802.1x policies. These can be later attached to an interface. This can be done under Fabric -\u0026gt; Access Policies -\u0026gt; Policies -\u0026gt; Interface Now, with the created Interface Policies you can now create you Policy Groups. These are used to create configs such as vPC\u0026rsquo;s and PC\u0026rsquo;s This can be done under Fabric -\u0026gt; Access Policies -\u0026gt; Interface -\u0026gt; Leaf Interfaces -\u0026gt; Policy Group Now, These created Policies you can now create you can map them to interfaces on the Leaf\u0026rsquo;s. This can be done under Fabric -\u0026gt; Access Policies -\u0026gt; Switches -\u0026gt; Leaf Interfaces -\u0026gt; Profile. Once the Profiles are created then apply it to Fabric -\u0026gt; Access Policies -\u0026gt; Switches -\u0026gt; Leaf Switches -\u0026gt; Profiles { width=100% }\nOnce the polices have been applied you can verify the interface status from under the following path. Fabric -\u0026gt; Inventory -\u0026gt; Pod # -\u0026gt; Leaf # -\u0026gt; Interfaces -\u0026gt; PC Interfaces or vPC Interfaces. ","date":"November 26 2024","externalUrl":null,"permalink":"/posts/2024/11/cisco-aci-interface-provisioning.html","section":"Posts","summary":"","title":"ACI Interface Provisioning","type":"posts"},{"content":"these steps are for resetting the admin password then updating a Fortigate firewall for basic connectivity. first reboot the device. once it has rebooted login with the following.\nuser: maintainer pass: bcpb\u0026lt;SN\u0026gt; config system admin edit admin set password log out by exiting then log back in with the admin account. You can now set the inside interface that will allow you to reach the GUI.\nedit \u0026#34;inside\u0026#34; set vdom \u0026#34;root\u0026#34; set ip 172.16.10.4 255.255.255.0 set allowaccess ping https ssh http fgfm fabric set alias \u0026#34;inside\u0026#34; set stp enable set role lan set interface \u0026#34;internal\u0026#34; set vlanid 172 config ipv6 set ip6-address fdd9:e6d4:147d:172::4/64 set ip6-allowaccess ping https ssh http fgfm end Enable features Define a vlan switch, then vlans Ipv6 example Define routes Define firewall policies for base NAT ","date":"October 20 2024","externalUrl":null,"permalink":"/posts/2024/10/basic-provisioning-of-fortigate-fw.html","section":"Posts","summary":"","title":"Basic Provisioning of Fortigate FW","type":"posts"},{"content":"","date":"October 20 2024","externalUrl":null,"permalink":"/vendors/fortigate/","section":"Vendors","summary":"","title":"Fortigate","type":"vendors"},{"content":"","date":"October 20 2024","externalUrl":null,"permalink":"/tags/nat/","section":"Tags","summary":"","title":"NAT","type":"tags"},{"content":"","date":"October 20 2024","externalUrl":null,"permalink":"/categories/security/","section":"Categories","summary":"","title":"Security","type":"categories"},{"content":"","date":"October 20 2024","externalUrl":null,"permalink":"/tags/security/","section":"Tags","summary":"","title":"Security","type":"tags"},{"content":"Status: published\nThis post will cover the step to get basic network reachability and traffic flow for a PaloAlto FW.\nFirst you must define you vlans. Then create your zones. Then define your interfaces. Once these are created you can provision your routing. the above has been completed NAT\u0026rsquo;s can be created followed by you security rules(Think ACL\u0026rsquo;s) ","date":"September 29 2024","externalUrl":null,"permalink":"/posts/2024/09/basic-provisioning-of-palo-alto-fw.html","section":"Posts","summary":"","title":"Basic Provisioning of PaloAlto FW","type":"posts"},{"content":"","date":"September 29 2024","externalUrl":null,"permalink":"/vendors/palo-alto/","section":"Vendors","summary":"","title":"Palo Alto","type":"vendors"},{"content":"","date":"July 7 2024","externalUrl":null,"permalink":"/tags/duo/","section":"Tags","summary":"","title":"DUO","type":"tags"},{"content":" Setup # wget --content-disposition https://dl.duosecurity.com/duo_unix-latest.tar.gz tar zxf duo_unix-latest.tar.gz cd duo_unix-2.0.3 ./configure --prefix=/usr \u0026amp;\u0026amp; make \u0026amp;\u0026amp; sudo make install The login_duo.conf configuration file uses the INI format.\nOnce duo_unix is installed, edit login_duo.conf (in /etc/duo or /etc/security) to add the integration key, secret key, and API hostname from your Duo Unix application.\nYou may also add optional Duo configuration options to login_duo.conf. See the table below for all available settings.\n[duo] ; Duo integration key ikey = INTEGRATION_KEY ; Duo secret key skey = SECRET_KEY ; Duo API hostname host = API_HOSTNAME http_proxy=1.1.1.1 ; `failmode = safe` In the event of errors with this configuration file or connection to the Duo service ; this mode will allow login without 2FA. ; `failmode = secure` This mode will deny access in the above cases. Misconfigurations with this setting ; enabled may result in you being locked out of your system. failmode = safe ; Send command for Duo Push authentication ;pushinfo = yes Test login_duo\nAs a regular user, test login_duo manually by running\n/usr/sbin/login_duo to enable two-factor authentication for any SSH login method (password, pubkey, etc.) for any user, edit your sshd_config (usually in /etc or /etc/ssh) to add the following line:\nMatch Group \u0026#34;domain users\u0026#34; ForceCommand /usr/sbin/login_duo PermitTunnel no AllowTcpForwarding no For more info refer to the Cisco DUO Site\n","date":"July 7 2024","externalUrl":null,"permalink":"/posts/2024/07/duo-mfa-linux-application-setup.html","section":"Posts","summary":"","title":"Setting Up DUO MFA on Linux login_duo","type":"posts"},{"content":"","date":"June 23 2024","externalUrl":null,"permalink":"/vendors/arista/","section":"Vendors","summary":"","title":"Arista","type":"vendors"},{"content":" VXLAN is used to extend a layer 2 domain over a layer 3 network. refer to the Arista documentation for more information. eos vxlan configuration\nPer the documentation, the following is needed to step a layer2 VXLAN connection.\nswitch(config)# interface vxlan 1 switch(config-if-Vx1)# show active interface Vxlan1 vxlan udp-port 4789 switch(config-if-Vx1)# The VXLAN source-interface command specifies the loopback interface from which the VTEP derives the source address (IP) that it uses when exchanging VXLAN frames.\nswitch(config)# interface loopback 15 switch(config-if-Lo15)# ip address 10.25.25.3/24 switch(config-if-Lo15)# exit switch(config)# interface vxlan 1 switch(config-if-Vx1)# vxlan source-interface loopback 15 switch(config-if-Vx1)# show active interface Vxlan1 vxlan source-interface Loopback15 vxlan udp-port 4789 switch(config-if-Vx1)# The VTI requires a one-to-one correspondence between specified VLANs and VNI values.\nswitch(config)# interface vxlan 1 switch(config-if-Vx1)# vxlan vlan 100 vni 100 switch(config-if-Vx1)# vxlan vlan 200 vni 10.10.200 switch(config-if-Vx1)# show active interface Vxlan1 vxlan udp-port 4789 vxlan vlan 200 vni 658120 vxlan vlan 100 vni 100 switch(config-if-Vx1)# vxlan vni notation dotted switch(config-if-Vx1)# show active interface Vxlan1 vxlan udp-port 4789 vxlan vlan 100 vni 0.0.100 vxlan vlan 200 vni 10.10.200 switch(config-if-Vx1)# Actual example and verify # Switch A\nhostname arista-a ! interface Loopback1 ip address 10.11.255.3/32 ! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 7 vni 10.11.7 vxlan flood vtep 10.11.255.2 ! vxlan vni notation dotted Switch B\nhostname arista-b ! interface Loopback1 ip address 10.11.255.2/32 ! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 7 vni 10.11.7 vxlan flood vtep 10.11.255.3 ! vxlan vni notation dotted If all went well you should not be able to see mac address entries\narista-a#show mac add Mac Address Table ------------------------------------------------------------------ Vlan Mac Address Type Ports Moves Last Move ---- ----------- ---- ----- ----- --------- 7 0050.7966.681b DYNAMIC Vx1 1 0:00:05 ago 7 5017.e100.0600 DYNAMIC Et7 1 0:20:20 ago 7 505f.f600.0900 DYNAMIC Et7 1 0:20:55 ago 8 5007.5d0d.a0d4 DYNAMIC Et8 1 0:21:06 ago 8 5053.0b00.0507 DYNAMIC Et8 1 0:26:29 ago Total Mac Addresses for this criterion: 5 Multicast Mac Address Table ------------------------------------------------------------------ Vlan Mac Address Type Ports ---- ----------- ---- ----- Total Mac Addresses for this criterion: 0 -------------------------------------------------------------------------------------- arista-b#show mac add Mac Address Table ------------------------------------------------------------------ Vlan Mac Address Type Ports Moves Last Move ---- ----------- ---- ----- ----- --------- 7 0050.7966.681b DYNAMIC Et7 1 0:00:09 ago 7 505f.f600.0900 DYNAMIC Vx1 1 0:20:55 ago 7 507e.229b.911c DYNAMIC Vx1 1 0:00:09 ago 8 5053.0b00.0506 DYNAMIC Et8 1 0:20:36 ago 8 507e.229b.911c DYNAMIC Et8 1 0:21:02 ago Total Mac Addresses for this criterion: 5 Multicast Mac Address Table ------------------------------------------------------------------ Vlan Mac Address Type Ports ---- ----------- ---- ----- Total Mac Addresses for this criterion: 0 ","date":"June 23 2024","externalUrl":null,"permalink":"/posts/2024/06/arista-vxlan-config-example.html","section":"Posts","summary":"","title":"Arista Configuration Example for VXLAN","type":"posts"},{"content":"","date":"June 23 2024","externalUrl":null,"permalink":"/tags/vxlan/","section":"Tags","summary":"","title":"VXLAN","type":"tags"},{"content":"","date":"June 19 2024","externalUrl":null,"permalink":"/tags/ftd/","section":"Tags","summary":"","title":"FTD","type":"tags"},{"content":"According to Cisco. NAT66—Translates IPv6 packets to a different IPv6 address. We recommend using static NAT. Although you can use dynamic NAT or PAT, IPv6 addresses are in such large supply, you do not have to use dynamic NAT.\nFirepower Management Center Configuration Guide, Version 7.0\nhowever, this does mean that for host to host NAT you must use auto-nat to create a usable address.\nonce this is setup you should be able to start seeing hits from the CLI\nshow nat Auto NAT Policies (Section 2) 1 (dmz) to (outside) source static WebServerv6 ipv6-att-slaac translate_hits = 586, untranslate_hits = 145 ","date":"June 19 2024","externalUrl":null,"permalink":"/posts/2024/06/cisco-fmc-ftd-ipv6-natting.html","section":"Posts","summary":"","title":"Setting up host NAT with a Cisco FTD","type":"posts"},{"content":"","date":"June 15 2024","externalUrl":null,"permalink":"/tags/certbot/","section":"Tags","summary":"","title":"Certbot","type":"tags"},{"content":"","date":"June 15 2024","externalUrl":null,"permalink":"/tags/lets-encrypt/","section":"Tags","summary":"","title":"Let's Encrypt","type":"tags"},{"content":"Using the following project really/nginx-modsecurity\nDocker container providing nginx with [modsecurity] (https://www.modsecurity.org), lua and certbot for Let\u0026rsquo;s Encrypt SSL certificates\nThe readme leaves a few things out\nsudo mkdir -p /data/nginx/conf.d/ sudo nano /data/nginx/conf.d/webex.mbcurtis.com.conf upstream dev.mbcurtis.com { server 1.1.1.1; } server { listen 80; server_name dev.mbcurtis.com; modsecurity on; location / { proxy_pass http://dev.mbcurtis.com/; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; proxy_buffering off; proxy_force_ranges on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } then start the docker\ndocker run --name nginx-modsecurity \\ --restart=always \\ --net=host \\ -v /data/nginx/conf.d:/etc/nginx/conf.d:rw \\ -v /data/letsencrypt:/etc/letsencrypt:rw \\ -p 80:80 -p 443:443 -d \\ really/nginx-modsecurity after which you can run certbot which will add the SSL config to your site file\ndocker exec -it nginx-modsecurity certbot --no-redirect --nginx -d example.com ","date":"June 15 2024","externalUrl":null,"permalink":"/posts/2024/06/letsencrypt-certs-with-nginx.html","section":"Posts","summary":"","title":"Let's Encrypt Certs with NGINX","type":"posts"},{"content":"","date":"June 15 2024","externalUrl":null,"permalink":"/tags/nginx/","section":"Tags","summary":"","title":"Nginx","type":"tags"},{"content":"","date":"June 15 2024","externalUrl":null,"permalink":"/tags/freenas/","section":"Tags","summary":"","title":"FreeNAS","type":"tags"},{"content":"zpool iostat are very low level tools that offer concrete information about the throughput, latency, and some of the usage patterns of individual disks\nroot@freenas[~]# zpool iostat capacity operations bandwidth pool alloc free read write read write ------------ ----- ----- ----- ----- ----- ----- Pool 5.68T 3.38T 50 778 3.67M 12.9M freenas-boot 1.01G 38.5G 0 0 1.96K 346 ------------ ----- ----- ----- ----- ----- ----- Monitoring individual disks\nroot@freenas[~]# zpool iostat -v capacity operations bandwidth pool alloc free read write read write -------------------------------------- ----- ----- ----- ----- ----- ----- Pool 5.68T 3.38T 50 778 3.69M 12.9M raidz2 5.68T 3.38T 50 455 3.69M 7.40M gptid/be57f952-1145-11ea-b476-005056ae2464 - - 18 118 1.20M 3.00M gptid/c3a79619-1145-11ea-b476-005056ae2464 - - 18 117 1.20M 3.00M gptid/c8fa5764-1145-11ea-b476-005056ae2464 - - 18 117 1.20M 3.00M gptid/ce5801c2-1145-11ea-b476-005056ae2464 - - 18 117 1.20M 3.00M gptid/d3afdfa5-1145-11ea-b476-005056ae2464 - - 18 118 1.20M 3.00M logs - - - - - - gptid/d57dfe4d-1145-11ea-b476-005056ae2464 254M 92.8G 0 322 0 5.52M -------------------------------------- ----- ----- ----- ----- ----- ----- freenas-boot 1.01G 38.5G 0 0 1.96K 346 da0p2 1.01G 38.5G 0 0 1.96K 346 -------------------------------------- ----- ----- ----- ----- ----- ----- root@freenas[~]# get pool status\nroot@freenas[~]# zpool status -v Pool pool: Pool state: ONLINE status: Some supported features are not enabled on the pool. The pool can still be used, but some features are unavailable. action: Enable all features using \u0026#39;zpool upgrade\u0026#39;. Once this is done, the pool may no longer be accessible by software that does not support the features. See zpool-features(7) for details. scan: scrub in progress since Sat Jun 15 00:00:04 2024 4.69T scanned at 179M/s, 3.85T issued at 146M/s, 5.66T total 0 repaired, 67.96% done, 0 days 03:36:22 to go config: NAME STATE READ WRITE CKSUM Pool ONLINE 0 0 0 raidz2-0 ONLINE 0 0 0 gptid/be57f952-1145-11ea-b476-005056ae2464 ONLINE 0 0 0 gptid/c3a79619-1145-11ea-b476-005056ae2464 ONLINE 0 0 0 gptid/c8fa5764-1145-11ea-b476-005056ae2464 ONLINE 0 0 0 gptid/ce5801c2-1145-11ea-b476-005056ae2464 ONLINE 0 0 0 gptid/d3afdfa5-1145-11ea-b476-005056ae2464 ONLINE 0 0 0 logs gptid/d57dfe4d-1145-11ea-b476-005056ae2464 ONLINE 0 0 0 errors: No known data errors root@freenas[~]# ","date":"June 15 2024","externalUrl":null,"permalink":"/posts/2024/06/freenas-using-iostat-notes.html","section":"Posts","summary":"","title":"Using FreeNAS IOstat","type":"posts"},{"content":"","date":"June 9 2024","externalUrl":null,"permalink":"/tags/aaa/","section":"Tags","summary":"","title":"AAA","type":"tags"},{"content":" NPS Config # Arista switches use the following attribute values:\nArista Vendor number: 30065 Attribute: Arista-AVPair 1 string Acceptable string values for Arista-AVPair include:\nshell:priv-lvl=(privilege level of a user, 0-15) shell:roles=(list of roles for a user) For more information refer to Arista Documentation\nThe NPS Example would look like this. Basic Config # Radius config to allow only the use of radius with local as a backup when radius is down. authentication flow -\u0026gt; radius -\u0026gt; local\nradius-server key radius-password radius-server host 10.10.8.4 ! aaa authentication login default group radius local aaa authorization exec default group radius local ! Radius config to allow the use of radius or local. authentication flow -\u0026gt; local -\u0026gt; radius\nradius-server key 7 070C285F4D06 radius-server host 10.10.8.4 ! aaa authentication login default local group radius aaa authorization exec default local group radius ! ","date":"June 9 2024","externalUrl":null,"permalink":"/posts/2024/06/arista-eos-user-security.html","section":"Posts","summary":"","title":"Arista AAA Config","type":"posts"},{"content":"","date":"June 9 2024","externalUrl":null,"permalink":"/tags/radius/","section":"Tags","summary":"","title":"Radius","type":"tags"},{"content":"You have to start by defining the alert type\nPolicies - \u0026gt; Alerts # define the email alert type. in the case it is an email type Gear - \u0026gt; Monitor Alerts # define your Alert Name, Severity, Module, and pick your previously defined Alert. ","date":"June 2 2024","externalUrl":null,"permalink":"/posts/2024/06/cisco-fmc-ftd-alerting.html","section":"Posts","summary":"","title":"Basic Setup of Alerting for FTD","type":"posts"},{"content":"The sequence of events are the following:\nDefine you VLANs. Define your Flex Profiles. Define your Policies. Define your WLANs. Define your Tags. Assign the policy Tag. Assign the site Tag. Assign the AP Policy/Tags. Configuration Configuration -\u0026gt; VLANs Configuration -\u0026gt; FLEX Configuration -\u0026gt; Policy This is where you can enable flex config, passive client, QOS, Assign a VLAN Mapping, IPv4 Flow Monitor Configuration -\u0026gt; WLANs Define your security settings such as WPA2. Configuration -\u0026gt; Tags Define your Tags Policy, Site and AP settings are needed here. Configuration -\u0026gt; Tags -\u0026gt; Policy Configuration -\u0026gt; Tags -\u0026gt; Site Configuration -\u0026gt; Tags -\u0026gt; AP ","date":"June 2 2024","externalUrl":null,"permalink":"/posts/2024/06/basic-setup-of-a-c9800-cl.html","section":"Posts","summary":"","title":"Basic Setup of a C9800-CL ","type":"posts"},{"content":"There are 3 types of NATs on a FTD:\nNAT Rules Before. This is equivalent to Twice NAT (section 1) on classic ASA. Auto NAT Rules. Section 2 on classic ASA NAT Rules After. This is equivalent to Twice NAT (section 3) on classic ASA. https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212702-configure-and-verify-nat-on-ftd.html\nNAT Rules After - \u0026gt; PAT Overload # This is where you want to place your PAT Overload statements for Internet access. Translations view NAT Rules Before - \u0026gt; PAT # This is a config for doing PAT with inbound connections. Translations view NAT Rules Before - \u0026gt; 1 to 1 NAT # This is a config for doing a 1:10 with inbound/outbound connections. Translations view ","date":"June 2 2024","externalUrl":null,"permalink":"/posts/2024/06/cisco-fmc-ftd-natting.html","section":"Posts","summary":"","title":"Basic Setup of an FTD NAT","type":"posts"},{"content":"","date":"June 2 2024","externalUrl":null,"permalink":"/tags/c9800-cl/","section":"Tags","summary":"","title":"C9800-CL","type":"tags"},{"content":"","date":"June 2 2024","externalUrl":null,"permalink":"/categories/wireless/","section":"Categories","summary":"","title":"Wireless","type":"categories"},{"content":"","date":"June 1 2024","externalUrl":null,"permalink":"/tags/ebgp/","section":"Tags","summary":"","title":"EBGP","type":"tags"},{"content":" Setting up simple eBGP on a Cisco FTD # Start by going to Devices -\u0026gt; Device Management -\u0026gt; The FTD in question and hit edit -\u0026gt; Then Routing Set the AS and Router ID.\nAfter this you can configure you IPv4 BGP Settings define your neighbor Then you can select what networks you want to redistribute ","date":"June 1 2024","externalUrl":null,"permalink":"/posts/2024/06/cisco-ftd-basic-ebgp.html","section":"Posts","summary":"","title":"Setting up simple eBGP on a Cisco FTD","type":"posts"},{"content":"","date":"June 1 2024","externalUrl":null,"permalink":"/tags/osmc/","section":"Tags","summary":"","title":"OSMC","type":"tags"},{"content":"","date":"June 1 2024","externalUrl":null,"permalink":"/tags/raspberry-pi/","section":"Tags","summary":"","title":"Raspberry Pi","type":"tags"},{"content":" Setting up OSMC for PWN fan control # edit /boot/config-user.txt and add these lines (70000 means starting the fan at 70 degrees Celsius) :\n[pi4] dtoverlay=gpio-fan,gpiopin=14,temp=70000 reboot\n","date":"June 1 2024","externalUrl":null,"permalink":"/posts/2024/06/raspberrypi-osmc-pwm-fan-control.html","section":"Posts","summary":"","title":"Setting up OSMC for PWN fan control ","type":"posts"},{"content":" Sample Arista eBGP Config # ip route 10.10.0.1/32 10.10.1.1 ! ip routing ! router bgp 65112 router-id 10.11.0.1 neighbor 10.10.1.1 remote-as 65111 neighbor 10.10.1.1 maximum-routes 12000 network 10.11.0.0/16 redistribute connected ! end ","date":"May 29 2024","externalUrl":null,"permalink":"/posts/2024/05/arista-ebgp.html","section":"Posts","summary":"","title":"Sample Arista eBGP Config","type":"posts"},{"content":"","date":"May 29 2024","externalUrl":null,"permalink":"/tags/esxi/","section":"Tags","summary":"","title":"ESXi","type":"tags"},{"content":"","date":"May 29 2024","externalUrl":null,"permalink":"/tags/ghettovcb/","section":"Tags","summary":"","title":"GhettoVCB","type":"tags"},{"content":" GhettoVCB Notes # /opt/ghettovcb/bin/ghettoVCB.sh -g /vmfs/volumes/datastore/ghettovcb.conf -a\nghettovcb.conf VM_BACKUP_VOLUME=/vmfs/volumes/Backup DISK_BACKUP_FORMAT=thin VM_BACKUP_ROTATION_COUNT=3 POWER_VM_DOWN_BEFORE_BACKUP=0 ENABLE_HARD_POWER_OFF=0 ITER_TO_WAIT_SHUTDOWN=3 POWER_DOWN_TIMEOUT=5 ENABLE_COMPRESSION=0 VM_SNAPSHOT_MEMORY=0 VM_SNAPSHOT_QUIESCE=0 ALLOW_VMS_WITH_SNAPSHOTS_TO_BE_BACKEDUP=0 ENABLE_NON_PERSISTENT_NFS=1 UNMOUNT_NFS=1 NFS_SERVER=10.10.10.4 NFS_VERSION=nfs NFS_MOUNT=/mnt/disk NFS_LOCAL_NAME=Backup NFS_VM_BACKUP_DIR=/ SNAPSHOT_TIMEOUT=15 EMAIL_ALERT=1 EMAIL_LOG=1 EMAIL_SERVER=10.10.8.33 EMAIL_SERVER_PORT=25 EMAIL_DELAY_INTERVAL=1 EMAIL_USER_NAME= EMAIL_USER_PASSWORD= EMAIL_TO=\u0026lt;your email\u0026gt; EMAIL_ERRORS_TO=\u0026lt;your email\u0026gt; EMAIL_FROM=yourserver@mbcurtis.com WORKDIR_DEBUG=0 VM_SHUTDOWN_ORDER= VM_STARTUP_ORDER= ","date":"May 29 2024","externalUrl":null,"permalink":"/posts/2024/05/esxi-ghettovcb-notes.html","section":"Posts","summary":"","title":"GhettoVCB Notes","type":"posts"},{"content":"","date":"May 29 2024","externalUrl":null,"permalink":"/vendors/vmware/","section":"Vendors","summary":"","title":"VMWare","type":"vendors"},{"content":"","date":"May 29 2024","externalUrl":null,"permalink":"/vendors/brocade/","section":"Vendors","summary":"","title":"Brocade","type":"vendors"},{"content":" Default system Passwords # StealthWatch # Default Username Default Password admin lan411cope root lan1cope sysadmin lan1cope Cisco SDWAN # Default Username Default Password admin admin Arista # Default Username Default Password admin (initially without a password, but can be assigned one later) FTDv # Default Username Default Password admin Admin123 ","date":"May 29 2024","externalUrl":null,"permalink":"/posts/2024/05/security-default-passwords.html","section":"Posts","summary":"","title":"Default Passwords for Devices","type":"posts"},{"content":"","date":"May 29 2024","externalUrl":null,"permalink":"/tags/dhcp/","section":"Tags","summary":"","title":"DHCP","type":"tags"},{"content":"","date":"May 29 2024","externalUrl":null,"permalink":"/tags/passwords/","section":"Tags","summary":"","title":"Passwords","type":"tags"},{"content":" Sample Brocade DHCP Config # Sample config of have a Brocade switch serve DCHP requests.\nip dhcp-server pool iot-wireless dhcp-default-router 10.10.5.1 dns-server 10.10.8.4 10.10.8.3 lease 1 0 0 network 10.10.5.0 255.255.255.0 static-mac-ip-mapping 10.10.5.44 4ceb.d68f.83fc deploy ! Ruckus FastIron 08.0.90 DHCP Configuration Guide\n","date":"May 29 2024","externalUrl":null,"permalink":"/posts/2024/05/brocade-dhcp.html","section":"Posts","summary":"","title":"Sample Brocade DHCP Config","type":"posts"},{"content":" Sample Brocade eBGP Config # router bgp local-as 65111 neighbor 10.10.1.60 remote-as 65112 address-family ipv4 unicast network 10.10.0.0/16 redistribute connected exit-address-family address-family ipv6 unicast exit-address-family ! ","date":"May 29 2024","externalUrl":null,"permalink":"/posts/2024/05/brocade-ebgp.html","section":"Posts","summary":"","title":"Sample Brocade eBGP Config","type":"posts"},{"content":" Sample Brocade SFlow Config # interface ethernet 1/3/6 sflow forwarding ! sflow sample 512 sflow polling-interval 30 sflow destination 10.10.8.61 2055 sflow enable ","date":"May 29 2024","externalUrl":null,"permalink":"/posts/2024/05/brocade-sflow.html","section":"Posts","summary":"","title":"Sample Brocade SFlow Config","type":"posts"},{"content":"","date":"May 29 2024","externalUrl":null,"permalink":"/tags/sflow/","section":"Tags","summary":"","title":"Sflow","type":"tags"},{"content":" Changing the Flow Settings in a Flow Collector # The following steps require a reboot of your Flow Collector to apply these changes. Follow the steps below to change the flow settings in a Flow Collector.\nLog in to the Flow Collector. Click Support \u0026gt; Advanced Settings. In the engine_startup_mode field, enter one of the following values: Default value from the model file - 0 NetFlow -1 sFlow - 2 If the engine_startup_mode field does not appear in the Advanced Settings list, you can add it at the bottom of the page by using the Add New Option and Option Value fields. Click Apply and then click OK. Reboot your Flow Collector to apply your changes. Log in to your Manager. Select Configure \u0026gt; SYSTEM Flow Collectors. Enter one of the following numeric values in the Monitor Port field. these are industry standard default port numbers for NetFlow and sFlow. If your exporters are configured to use a non-standard port, you must use that port number instead: 2055 - NetFlow 6343 - sFlow Click Save to save your changes. Once the mode switch (NetFlow to sFlow or sFlow to NetFlow) completes, the following items that are based on flows from the previous mode are cleared: Caches: host cache, flow cache, security event cache Saved baseline files ","date":"May 27 2024","externalUrl":null,"permalink":"/posts/2024/05/stealthwatch-change-flow-settings-for-sflow.html","section":"Posts","summary":"","title":"Changing the Flow Settings in a Flow Collector for SFLOW","type":"posts"},{"content":"","date":"May 27 2024","externalUrl":null,"permalink":"/tags/stealth-watch/","section":"Tags","summary":"","title":"Stealth Watch","type":"tags"},{"content":"","date":"May 19 2024","externalUrl":null,"permalink":"/tags/adafruit/","section":"Tags","summary":"","title":"Adafruit","type":"tags"},{"content":"","date":"May 19 2024","externalUrl":null,"permalink":"/tags/dht22/","section":"Tags","summary":"","title":"DHT22","type":"tags"},{"content":"","date":"May 19 2024","externalUrl":null,"permalink":"/tags/mqtt/","section":"Tags","summary":"","title":"MqTT","type":"tags"},{"content":"","date":"May 19 2024","externalUrl":null,"permalink":"/tags/paho/","section":"Tags","summary":"","title":"PAHO","type":"tags"},{"content":"","date":"May 19 2024","externalUrl":null,"permalink":"/categories/programming/","section":"Categories","summary":"","title":"Programming","type":"categories"},{"content":"","date":"May 19 2024","externalUrl":null,"permalink":"/tags/programming/","section":"Tags","summary":"","title":"Programming","type":"tags"},{"content":" Pulling APC RMS data via SSH # this is a simple script to pull RMS data from an APC AP7901.\nimport paramiko import time import sys import re def get(): # 1- Device Manager\\n -\u0026gt; 1- Phase Management\\n commandlist = [\u0026#39;1\\r\u0026#39;,\u0026#39;1\\r\u0026#39;] # VARIABLES THAT NEED CHANGED ip = \u0026#39;\u0026#39; username = \u0026#39;\u0026#39; password = \u0026#39;\u0026#39; rms = \u0026#39;\u0026#39; try: # Create instance of SSHClient object remote_conn_pre = paramiko.SSHClient() # Automatically add untrusted hosts (make sure okay for security policy in your environment) remote_conn_pre.set_missing_host_key_policy( paramiko.AutoAddPolicy()) print (\u0026#39;connecting to \u0026#39;+ ip) # initiate SSH connection remote_conn_pre.connect(ip, username=username, password=password, look_for_keys=False, allow_agent=False) print( \u0026#34;SSH connection established to %s\u0026#34; % ip) # Use invoke_shell to establish an \u0026#39;interactive session\u0026#39; remote_conn = remote_conn_pre.invoke_shell() print (\u0026#34;Interactive SSH session established\u0026#34;) # Strip the initial router prompt output = remote_conn.recv(1000) data = \u0026#39;\u0026#39; # See what we have #print (output) #remote_conn.send(\u0026#34;\\n\u0026#34;) for c in commandlist: print(\u0026#39;Sending \u0026#39;+c) remote_conn.send(c) time.sleep(2) if remote_conn.recv_ready(): output = remote_conn.recv(5000) data += str(output) #regex #Phase Load : [0-9].[0-9] v = re.search(r\u0026#34;Phase Load : [0-9].[0-9]\u0026#34;, data) rms = v.group(0) rms = rms.replace(\u0026#39;Phase Load : \u0026#39;,\u0026#39;\u0026#39;) except: rms = \u0026#34;0.0\u0026#34; return rms ","date":"May 19 2024","externalUrl":null,"permalink":"/posts/2024/05/python-pulling-rms-paramiko.html","section":"Posts","summary":"","title":"Pulling APC RMS data via SSH","type":"posts"},{"content":" Pulling instantaneous demand using paho # this is a simple script to pull instantaneous demand using paho\nimport sys import json import paho.mqtt.subscribe as subscribe def get(): d=\u0026#39;\u0026#39; try: #r = requests.get(url = URL) #d=r.text msg = subscribe.simple(\u0026#34;event/metering/instantaneous_demand\u0026#34;, hostname=\u0026#34;10.10.10.59\u0026#34;, port=2883) data = json.loads(msg.payload) d=str(data[\u0026#39;demand\u0026#39;]) except: d= \u0026#34;0.000\u0026#34; return d subscription topics according to https://github.com/timothyf/dte-eb-connect/blob/master/src/config-topics.js\nsummation remote/summation event/metering/# event/metering/summation/minute remote/event/metering/summation/minute event/metering/instantaneous_demand remote/event/metering/instantaneous_demand remote/request/metering/summation/minute remote/response/metering/summation/minute/# remote/request/announce remote/response/announce/# remote/request/metering/polling_mode/set remote/request/metering/configure remote/response/metering/configure remote/response/metering/polling_mode/set remote/request/wifi/current remote/response/wifi/current/# remote/request/timezone/set remote/response/timezone/set remote/request/ha_device/device_list remote/response/ha_device/device_list/# remote/request/demand_response/enlisted_devices remote/response/demand_response/enlisted_devices request/metering/polling_mode/get response/metering/polling_mode/get/ble_data2 request/diagnostics/heartbeat_stats response/diagnostics/heartbeat_stats/heartbeat273 event/diagnostics/zigbee remote/event/diagnostics/zigbee remote/request/is_app_open remote/response/is_app_open/# request/ebapi/post_minute_summations request/ebapi/post_realtime response/ebapi/post_minute_summations/minute_summations274 response/ebapi/post_realtime/realtime275 ","date":"May 19 2024","externalUrl":null,"permalink":"/posts/2024/05/python-paho-dte.html","section":"Posts","summary":"","title":"Pulling Instantaneous Demand Using Paho","type":"posts"},{"content":"","date":"May 19 2024","externalUrl":null,"permalink":"/tags/python/","section":"Tags","summary":"","title":"Python","type":"tags"},{"content":"","date":"May 19 2024","externalUrl":null,"permalink":"/tags/active-directory/","section":"Tags","summary":"","title":"Active Directory","type":"tags"},{"content":" Joining a Linux Machine to Active Directory. # the following guide will your users to simply use the username to login. it will also allow members of network access to have sudo access.\nstart by installing the following packages.\nsudo apt-get install realmd oddjobd sssd-tools sssd adcli -y then join to the domain\nsudo realm join --user=administrator contoso.local after joining edit the following file\nsudo vi /etc/sssd/sssd.conf the finished file should look like this\n[sssd] domains = contoso.local config_file_version = 2 services = nss, pam [domain/contoso.local] ad_domain = contoso.local krb5_realm = CONTOSO.LOCAL realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad access_provider = simple krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = False fallback_homedir = /home/%u simple_allow_groups = Domain Users ldap_use_tokengroups = false dyndns_update = true dyndns_refresh_interval = 43200 dyndns_update_ptr = true dyndns_ttl = 3600 dyndns_auth = GSS-TSIG restart the sssd service\nsudo /etc/init.d/sssd restart update the sudoers file to all elevated access. in this case the following is an AD group\nvisudo %NetworkAccess ALL=(ALL:ALL) ALL #References Red Hat: join a Linux system to an Active Directory domain\nRed Hat: Additional Configuration for Identity and Authentication Providers\nDebian: Join Debian to AD\n","date":"May 19 2024","externalUrl":null,"permalink":"/posts/2024/05/linux-alma-join-ad.html","section":"Posts","summary":"","title":"Join a Linux Machine to AD","type":"posts"},{"content":"","date":"May 19 2024","externalUrl":null,"permalink":"/tags/sssd/","section":"Tags","summary":"","title":"SSSD","type":"tags"},{"content":" DHCP example for the Cisco IOS # DHCP Pool for phones and some DHCP leases. allow a client to pull an address to confirm how the DHCP lease table populates. then use either hardware-address or client-id.\nip dhcp pool Computers network 10.10.10.0 255.255.255.0 default-router 10.10.10.1 dns-server 10.10.8.4 10.10.8.3 domain-name ccg.local option 150 ip 10.10.9.21 10.10.9.22 address 10.10.10.41 hardware-address 840d.8e4a.54b3 address 10.10.10.30 client-id 012c.aa8e.0c97.48 ","date":"May 19 2024","externalUrl":null,"permalink":"/posts/2024/05/cisco-ios-dhcp-example.html","section":"Posts","summary":"","title":"Cisco IOS DHCP Examples","type":"posts"},{"content":" Netflow example for the Cisco IOS # flow record NETFLOW_REC_IN match ipv4 tos match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match flow direction match interface input match ipv6 protocol collect counter bytes long collect counter packets long ! ! flow record NETFLOW_REC_OUT match ipv4 tos match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match flow direction match interface output match ipv6 protocol collect counter bytes long collect counter packets long ! ! flow exporter NETFLOW_EXP destination 10.10.8.61 source Vlan8 transport udp 2055 ! ! flow monitor NETFLOW_MON_IN exporter NETFLOW_EXP record NETFLOW_REC_IN ! ! flow monitor NETFLOW_MON_OUT exporter NETFLOW_EXP record NETFLOW_REC_OUT ! sampler NETFLOW_SAM mode random 1 out-of 2 ! interface GigabitEthernet1/0/24 ip flow monitor NETFLOW_MON_IN sampler NETFLOW_SAM input ip flow monitor NETFLOW_MON_OUT sampler NETFLOW_SAM output ","date":"May 19 2024","externalUrl":null,"permalink":"/posts/2024/05/cisco-ios-netflow-example.html","section":"Posts","summary":"","title":"Cisco IOS Netflow Examples","type":"posts"},{"content":" Linux # In Linux you will need to create a couple of bash scripts. But first by installing task spooler\nsudo apt-get install task-spooler Then create a couple of bash scripts.\n/var/opt/nextpvr/scripts/PostProcessing.sh #!/bin/bash #!/usr/bin/env bash #Input arguments SOURCEFILENAME=$1 #full path + filename CH_OID=$2 #Channel ID OID=$3 # DEV_OID=$4 # REC_TITLE=$5 # # Locally generated variables # # Change extensions to .mp4 and .xml OUTFILE=`echo \u0026#34;$1\u0026#34; | sed s/\\.ts/\\.mp4/g` XMLFILE=`echo \u0026#34;$1\u0026#34; | sed s/\\.ts/\\.xml/g` TEMPDIR=\u0026#34;/tmp\u0026#34; MYPID=$$ echo \u0026#34;Calling Handbrake! .....................\\r\u0026#34; echo \u0026#34;Filename \u0026#34;$SOURCEFILENAME echo \u0026#34;Vars \u0026#34;$@ tsp /var/opt/nextpvr/scripts/HandbrakeCLI.sh \u0026#34;$SOURCEFILENAME\u0026#34; \u0026#34;$CH_OID\u0026#34; \u0026#34;$OID\u0026#34; \u0026#34;$DEV_OID\u0026#34; \u0026#34;$REC_TITLE\u0026#34; echo \u0026#34;Task Added to task-spooler.\\r\u0026#34; /var/opt/nextpvr/scripts/HandbrakeCLI.sh #!/bin/bash #!/usr/bin/env bash #Input arguments SOURCEFILENAME=$1 #full path + filename CH_OID=$2 #Channel ID OID=$3 # DEV_OID=$4 # REC_TITLE=$5 # # Locally generated variables # # Change extensions to .mp4 and .xml # \u0026#39;s/\\(.*\\)\\/\\(.*\\)\\.\\(.*\\)$/\\1\\/\\2.mp4/ # s/\\.ts/\\.mp4/g OUTFILE=`echo \u0026#34;$1\u0026#34; | sed \u0026#39;s/\\(.*\\)\\/\\(.*\\)\\.\\(.*\\)$/\\1\\/\\2.mp4/\u0026#39;` XMLFILE=`echo \u0026#34;$1\u0026#34; | sed s/\\.ts/\\.xml/g` TEMPDIR=\u0026#34;/tmp\u0026#34; MYPID=$$ echo \u0026#34;Starting transcode ! .....................\\r\u0026#34; echo \u0026#34;Source file ! \u0026#34;$SOURCEFILENAME echo \u0026#34;Output file ! \u0026#34;$OUTFILE echo \u0026#34;PID ! \u0026#34;$MYPID echo \u0026#34;Variable CH_OID ! \u0026#34;$CH_OID echo \u0026#34;Variable OID ! \u0026#34;$OID echo \u0026#34;Variable DEV_OID ! \u0026#34;$DEV_OID echo \u0026#34;Variable REC_TITLE ! \u0026#34;$REC_TITLE # run handbrakecli with a nice level of 19 so other processes can still use the CPU if needed nice -n 19 HandBrakeCLI -i \u0026#34;$SOURCEFILENAME\u0026#34; -o \u0026#34;$OUTFILE\u0026#34; -e x264 -q 21 -O -r 30 --pfr \\ -x ref=6:bframes=5:vbv-maxrate=62000:vbv-bufsize=62000 -X 720 --decomb --loose-anamorphic \\ --modulus 2 --x264-tune film --x264-preset medium --h264-profile main --h264-level 4.1 -a 1,1 \\ -E copy:ac3,faac -B auto,160 -R auto,auto -6 auto,dpl2 --audio-copy-mask aac,ac3,dtshd,dts,mp3 \\ --audio-fallback ffac3 -f mp4 --verbose 1 2 #nice -n 19 HandBrakeCLI -i \u0026#34;$SOURCEFILENAME\u0026#34; -o \u0026#34;$OUTFILE\u0026#34; -e x264 -q 21 -O -r 30 --pfr \\ #-x ref=6:bframes=5:vbv-maxrate=62000:vbv-bufsize=62000 -X 720 --decomb --loose-anamorphic \\ #--modulus 2 --x264-tune film --x264-preset medium --h264-profile main --h264-level 4.1 -a 1,1 \\ #-E copy:aac,ac3 -B auto,160 -R auto,auto -6 auto,dpl2 --audio-copy-mask aac,ac3,dtshd,dts,mp3 \\ #--audio-fallback aac -f mp4 --all-subtitles --verbose 1 2 #HandbrakeCLI Result handbrakeresult=$? echo \u0026#34;HandBrakeCLI exited! exit code is:\u0026#34; echo $handbrakeresult if [ $handbrakeresult -eq 0 ] then #Cleanup echo \u0026#34;Completed transcode! Cleaning up original recording and temp files.\\r\u0026#34; #rm -f /tmp/pp-$MYPID.log rm -f \u0026#34;$SOURCEFILENAME\u0026#34; else echo \u0026#34;Handbrake did not return a exit code of 0, not cleaning up...\u0026#34; fi Then you can add some helper scripts to help manage the queue.\ncheckqueue.sh #!/bin/bash runuser -l nextpvr -c tsp clearqueue.sh #!/bin/bash runuser -l nextpvr -c \u0026#34;tsp -C\u0026#34; addjob.sh #!/bin/bash runuser -l nextpvr -c \u0026#34;/var/opt/nextpvr/scripts/PostProcessing.sh \u0026#39;$1\u0026#39;\u0026#34; ","date":"May 17 2024","externalUrl":null,"permalink":"/posts/2024/05/nextpvr-job-scheduling.html","section":"Posts","summary":"","title":"How To Schedule Jobs in NextPVR","type":"posts"},{"content":"","date":"May 17 2024","externalUrl":null,"permalink":"/tags/nextpvr/","section":"Tags","summary":"","title":"NextPVR","type":"tags"},{"content":" Pulling temperature and humidity with a DHT22 # this script will log current readings to a CSV file and send an email if the temperature exceeds a given threshold.\n#!/usr/bin/python # Copyright (c) 2014 Adafruit Industries # Author: Tony DiCola # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the \u0026#34;Software\u0026#34;), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # The above copyright notice and this permission notice shall be included in all # copies or substantial portions of the Software. # THE SOFTWARE IS PROVIDED \u0026#34;AS IS\u0026#34;, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. import sys import time import datetime import Adafruit_DHT import smtplib # Import the email modules we\u0026#39;ll need from email.mime.text import MIMEText # Parse command line parameters. sensor = Adafruit_DHT.DHT22 pin = \u0026#39;4\u0026#39; # Try to grab a sensor reading. Use the read_retry method which will retry up # to 15 times to get a sensor reading (waiting 2 seconds between each retry). humidity, temperature = Adafruit_DHT.read_retry(sensor, pin) # Un-comment the line below to convert the temperature to Fahrenheit. # temperature = temperature * 9/5.0 + 32 # Note that sometimes you won\u0026#39;t get a reading and # the results will be null (because Linux can\u0026#39;t # guarantee the timing of calls to read the sensor). # If this happens try again! if humidity is not None and temperature is not None: print(\u0026#39;Temp={0:0.1f}* Humidity={1:0.1f}%\u0026#39;.format(temperature, humidity)) f = open(\u0026#34;temp-log.csv\u0026#34;, \u0026#34;a\u0026#34;) f.write(str(datetime.datetime.now())+\u0026#39;,\u0026#39;+\u0026#34;{0:0.1f}, {1:0.1f}%\u0026#34;.format(temperature, humidity)+\u0026#39;\\n\u0026#39;) if temperature \u0026gt;= 32: msg = MIMEText(\u0026#39;Alert the garage temperature is: \u0026#39;+str(temperature)) to = \u0026#39;\u0026#39; rom = \u0026#39;\u0026#39; msg[\u0026#39;Subject\u0026#39;] = \u0026#39;Garage Temperature Alert: \u0026#39;+str(temperature) msg[\u0026#39;From\u0026#39;] = rom msg[\u0026#39;To\u0026#39;] = to s = smtplib.SMTP(\u0026#39;10.10.8.44\u0026#39;) s.sendmail(rom, to, msg.as_string()) s.quit() print(\u0026#39;email sent\u0026#39;) sys.exit(1) else: print(\u0026#39;Failed to get reading. Try again!\u0026#39;) sys.exit(1) ","date":"May 17 2024","externalUrl":null,"permalink":"/posts/2024/05/python-adafruit-dht.html","section":"Posts","summary":"","title":"Pulling temperature and humidity with a DHT22","type":"posts"},{"content":"","date":"May 17 2024","externalUrl":null,"permalink":"/tags/systems/","section":"Tags","summary":"","title":"Systems","type":"tags"},{"content":" Converting SSSD to Winbind # After following the steps fro mmy last post to install and configure Winbind and Samba the following changes are needed to all users to log in via Winbind and not SSSD.\nYou need to remove references of pam_sss.so from the following 4 files. You will either need to comment out or delete the offending lines.\nsudo nano /etc/nsswitch.conf\npasswd: compat winbind group: compat winbind shadow: compat gshadow: files hosts: files myhostname mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis sudo nano /etc/pam.d/common-auth\nauth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 auth [success=2 default=ignore] pam_unix.so nullok try_first_pass auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass sudo nano /etc/pam.d/common-session\nsession optional pam_krb5.so minimum_uid=1000 session required pam_unix.so session optional pam_winbind.so session optional pam_systemd.so sudo nano /etc/pam.d/common-account\naccount required pam_krb5.so minimum_uid=1000 ","date":"January 1 2024","externalUrl":null,"permalink":"/posts/2024/01/linux-convert-sssd-to-winbind.html","section":"Posts","summary":"","title":"Convert SSSD to Winbind","type":"posts"},{"content":"","date":"January 1 2024","externalUrl":null,"permalink":"/tags/samba/","section":"Tags","summary":"","title":"Samba","type":"tags"},{"content":"","date":"January 1 2024","externalUrl":null,"permalink":"/tags/winbind/","section":"Tags","summary":"","title":"Winbind","type":"tags"},{"content":" AD for authentication with Samba # Thanks to /u/cheerwiner on reddit. Archiving post here https://old.reddit.com/r/debian/comments/jdf7oe/debian_samba_sssd_and_active_directory/\nRemove sssd and install other packages for Samba:\nsudo apt purge sssd sudo apt-get install winbind libnss-winbind libpam-winbind libpam-krb5 samba cifs-utils Edit /etc/krb5.conf:\n[libdefaults] default_realm = HQ.MYCOMPANY.COM dns_lookup_realm = false dns_lookup_kdc = true Edit /etc/samba/smb.conf:\n[global] workgroup = MYCOMPANY security = ADS realm = HQ.MYCOMPANY.COM winbind refresh tickets = Yes vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind use default domain = yes winbind enum users = yes winbind enum groups = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes idmap config * : backend = autorid idmap config * : range = 10000-24999999 template shell = /bin/bash template homedir = /home/%U [myshare] path = /opt/blah/myshare/ public = no writable = yes guest ok = no valid users = johndoe,janedoe,administrator create mask = 0770 directory mask = 0770 read only = no browseable = yes inherit permissions = Yes inherit acls = Yes inherit owner = Yes Join the Active Directory domain- change \u0026lsquo;administrator\u0026rsquo; to the domain admin account you use:\nnet ads join -U administrator Edit /etc/nsswitch.conf and add winbind lines to the end of passwd and group:\npasswd: files systemd winbind group: files systemd winbind Restart all of the samba services:\nsystemctl restart smbd nmbd winbind ","date":"December 27 2023","externalUrl":null,"permalink":"/posts/2023/12/ad-user-auth-with-samba.html","section":"Posts","summary":"","title":"Use AD for authentication with Samba","type":"posts"},{"content":" Starting the DUO MFA Proxy installation # wget --content-disposition https://dl.duosecurity.com/duoauthproxy-latest-src.tgz tar xzf duoauthproxy-5.7.1-src.tgz cd duoauthproxy-5.7.1-41087a5-src/ make cd duoauthproxy-build/ ls ./install ./install --install-dir /opt/duoauthproxy --service-user duo_authproxy_svc --log-group duo_authproxy_grp --create-init-script yesnano /opt/duoauthproxy/conf/authproxy.cfg The following config can be used for authproxy.cfg this example will allow you to do MFA with an FTD firewall in this example.\n[ad_client] host=10.10.8.4 host_2=10.10.8.3 service_account_username=\u0026lt;user\u0026gt; service_account_password=\u0026lt;password\u0026gt; search_dn=\u0026lt;dn of your domain\u0026gt; security_group_dn=\u0026lt;dn of your group\u0026gt; [http_proxy] api_host=\u0026lt;api gateway url\u0026gt; port=80 client_ip=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 ;Home-FTDv [radius_server_auto] ikey=\u0026lt;your ikey\u0026gt; skey=\u0026lt;your skey\u0026gt; api_host=\u0026lt;api gateway url\u0026gt; radius_ip_1=\u0026lt;ftd ip\u0026gt; radius_secret_1=\u0026lt;radius secret key\u0026gt; failmode=safe client=ad_client port=1812 Start the service.\n/opt/duoauthproxy/bin/authproxyctl start ","date":"December 24 2023","externalUrl":null,"permalink":"/posts/2023/12/duo-mfa-proxy-setup.html","section":"Posts","summary":"","title":"Setting Up DUO MFA Proxy","type":"posts"},{"content":" Joining a Linux Machine to Active Directory. # the following guide will your users to simply use the username to login. it will also allow members of network access to have sudo access.\nstart by installing the following packages.\nsudo apt-get install realmd packagekit sssd-tools sssd libnss-sss libpam-sss adcli -y then join the domain\nsudo realm join --user=administrator contoso.local after joining edit the following file\nsudo nano /etc/sssd/sssd.conf the finished file should look like this\n[sssd] domains = contoso.local config_file_version = 2 services = nss, pam [domain/contoso.local] ad_domain = contoso.local krb5_realm = CONTOSO.LOCAL realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad access_provider = simple krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = False fallback_homedir = /home/%u simple_allow_groups = Domain Users ldap_use_tokengroups = false dyndns_update = true dyndns_refresh_interval = 43200 dyndns_update_ptr = true dyndns_ttl = 3600 dyndns_auth = GSS-TSIG restart the sssd service\nsudo /etc/init.d/sssd restart Update the sudoers file to all elevated access. in this case, the following is an AD group\nnano /etc/sudoers %NetworkAccess ALL=(ALL:ALL) ALL #References Red Hat: join a Linux system to an Active Directory domain\nRed Hat: Additional Configuration for Identity and Authentication Providers\nDebian: Join Debian to AD\n","date":"April 10 2022","externalUrl":null,"permalink":"/posts/2022/04/linux-join-ad.html","section":"Posts","summary":"","title":"Join a Linux Machine to AD","type":"posts"},{"content":"","date":"January 7 2022","externalUrl":null,"permalink":"/tags/imp/","section":"Tags","summary":"","title":"IMP","type":"tags"},{"content":"","date":"January 7 2022","externalUrl":null,"permalink":"/tags/postgresql/","section":"Tags","summary":"","title":"PostgreSQL","type":"tags"},{"content":" Setup PostgreSQL for IM\u0026amp;P # docker pull bitnami/postgresql:latest docker run --name postgresql -d --restart=always -p 5432:5432 -e POSTGRESQL_PASSWORD=password123 bitnami/postgresql:latest install psql and connect\npsql -h 127.0.0.1 -p 5432 -d template1 -U postgres CREATE ROLE tcuser LOGIN CREATEDB; ALTER ROLE tcuser WITH SUPERUSER; CREATE DATABASE tcmadb WITH OWNER tcuser ENCODING \u0026#39;SQL_ASCII\u0026#39; TEMPLATE template0; ALTER ROLE tcuser WITH PASSWORD \u0026#39;password123\u0026#39;; connect to tcamdb via psql\npsql -h 127.0.0.1 -p 5432 -d tcmadb -U tcuser CREATE FUNCTION plpgsql_call_handler () RETURNS LANGUAGE_HANDLER AS \u0026#39;$libdir/plpgsql\u0026#39; LANGUAGE C; ","date":"January 7 2022","externalUrl":null,"permalink":"/posts/2022/01/setup-postgresql-for-imp.html","section":"Posts","summary":"","title":"Setup PostgreSQL for IM\u0026P","type":"posts"},{"content":"","date":"July 19 2021","externalUrl":null,"permalink":"/tags/jabber/","section":"Tags","summary":"","title":"Jabber","type":"tags"},{"content":"in cases where the local machine displays jabbers with an incorrect time stamp it may be worth checking\nStart \u0026gt;\u0026gt; Run \u0026gt;\u0026gt; msinfo32 \u0026gt;\u0026gt; Software Environment \u0026gt;\u0026gt; Environment Variable \u0026gt;\u0026gt; look for “TZ” ","date":"July 19 2021","externalUrl":null,"permalink":"/posts/2021/07/jabber-timestamp-issue.html","section":"Posts","summary":"","title":"Jabber Time Stamp Issue","type":"posts"},{"content":"","date":"July 15 2021","externalUrl":null,"permalink":"/tags/cube/","section":"Tags","summary":"","title":"CUBE","type":"tags"},{"content":"","date":"July 15 2021","externalUrl":null,"permalink":"/tags/debugging/","section":"Tags","summary":"","title":"Debugging","type":"tags"},{"content":" IOS Script # Service sequence-numbers service timestamps debug datetime localtime msec logging buffered 2000000 debug no logging console no logging monitor no logging rate-limit no logging queue-limit voice iec syslog ","date":"July 15 2021","externalUrl":null,"permalink":"/posts/2021/07/cisco-ios-debugging-best-practices.html","section":"Posts","summary":"","title":"Debugging Best Practices","type":"posts"},{"content":"","date":"July 15 2021","externalUrl":null,"permalink":"/tags/ios/","section":"Tags","summary":"","title":"IoS","type":"tags"},{"content":"after certbot is installed on your system you can run the following command\nsudo certbot -d www.domain.com --manual --preferred-challenges dns certonly you should see this output\nPlease deploy a DNS TXT record under the name: _acme-challenge.www.domain.com. with the following value: \u0026lt;TOKEN\u0026gt; (This must be set up in addition to the previous challenges; do not remove, replace, or undo the previous challenge tasks yet. Note that you might be asked to create multiple distinct TXT records with the same name. This is permitted by DNS standards.) Before continuing, verify the TXT record has been deployed. Depending on the DNS provider, this may take some time, from a few seconds to multiple minutes. You can check if it has finished deploying with aid of online tools, such as the Google Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.vcse-01.mbcurtis.com. Look for one or more bolded line(s) below the line \u0026#39;;ANSWER\u0026#39;. It should show the value(s) you\u0026#39;ve just added. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue NOTE: you will likely need to wait a while for DNS to propagate to hit enter otherwise this will fail\n","date":"July 9 2021","externalUrl":null,"permalink":"/posts/2021/07/letsencrypt-cert-process-by-dns-txt.html","section":"Posts","summary":"","title":"Get a Let's Encrypt SSL cert via TXT record","type":"posts"},{"content":"","date":"July 9 2021","externalUrl":null,"permalink":"/tags/asa/","section":"Tags","summary":"","title":"ASA","type":"tags"},{"content":"","date":"July 9 2021","externalUrl":null,"permalink":"/tags/ssl/","section":"Tags","summary":"","title":"SSL","type":"tags"},{"content":"copy the files local\nsudo cp /etc/letsencrypt/privkey.pem privkey.pem sudo cp /etc/letsencrypt/chain.pem chain.pem sudo cp /etc/letsencrypt/cert.pem cert.pem sudo openssl pkcs12 -export -in cert.pem -inkey privkey.pem -certfile chain.pem -out bundle.p12 password clean up your files\nsudo rm privkey.pem sudo rm chain.pem sudo rm cert.pem get output from bundle then clean up\nsudo cat bundle.p12 | base64 sudo rm bundle.p12 on the asa import the bundle\ncrypto ca import star.domain.com pkcs12 password paste in the key once done type quit\nquit if you see this message answer yes\n% The CA cert is not self-signed.\n% Do you also want to create trustpoints for CAs higher in % the hierarchy? [yes/no]: yes\nssl trust-point star.domain.com outside ","date":"July 9 2021","externalUrl":null,"permalink":"/posts/2021/07/cisco-asa-wildcard-cert.html","section":"Posts","summary":"","title":"Use a wildcard with a Cisco ASA","type":"posts"},{"content":" Config # the following would be a port forward config on the Cisco ASA 9.x code\n! To use PAT with specific ports range: object network obj-10.0.10.2 host 10.0.10.2 object service obj-udp_3478-3483 service udp source range 3478 3483 object service obj-udp_24000-29999 service udp source range 24000 29999 object service obj-udp_36002-59999 service udp source range 36002 59999 object service obj-tcp_5222 service tcp source eq 5222 object service obj-tcp_8443 service tcp source eq 8443 object service obj-tcp_5061 service tcp source eq 5061 object service obj-udp_5061 service udp source eq 5061 nat (inside,outside) source static obj-10.0.10.2 interface service obj-udp_3478-3483 obj-udp_3478-3483 nat (inside,outside) source static obj-10.0.10.2 interface service obj-udp_24000-29999 obj-udp_24000-29999 nat (inside,outside) source static obj-10.0.10.2 interface service obj-udp_36002-59999 obj-udp_36002-59999 nat (inside,outside) source static obj-10.0.10.2 interface service obj-tcp_5222 obj-tcp_5222 nat (inside,outside) source static obj-10.0.10.2 interface service obj-tcp_8443 obj-tcp_8443 nat (inside,outside) source static obj-10.0.10.2 interface service obj-tcp_5061 obj-tcp_5061 nat (inside,outside) source static obj-10.0.10.2 interface service obj-udp_5061 obj-udp_5061 ","date":"July 6 2021","externalUrl":null,"permalink":"/posts/2021/07/cisco-asa-expressway-port-forward.html","section":"Posts","summary":"","title":"Port Forward on a Cisco ASA","type":"posts"},{"content":"","date":"June 24 2021","externalUrl":null,"permalink":"/tags/devnet/","section":"Tags","summary":"","title":"Devnet","type":"tags"},{"content":" Functions and Methods # Methods are functions defined as a part of a class and invoked by instances of that class\nclass Human: life = 5 revives = 3 def revive(self): if self.life \u0026gt;= 0: print(\u0026#34;Player has life, they do not need to be revived!\u0026#34;) return elif self.revives \u0026lt;= 0: print(\u0026#34;This human is out of first aid, sorry :(\u0026#34;) return self.revives = self.revives - 1 self.health = 10 human1 = Player() human.revive() Methods can reference the object instance they\u0026rsquo;re being invoked from.\nMethods describe the behavior of a class/object in OOP code\nobjects = classes objects in OOP can be created, destroyed and manipulated in isolation from one another\n","date":"June 24 2021","externalUrl":null,"permalink":"/posts/2021/06/python-notes.html","section":"Posts","summary":"","title":"Python Devnet Notes","type":"posts"},{"content":"#Resizing (Growing) the Partition\nTo grow your partition you can do it with the root mounted. To do this simply do:\nsudo resize2fs /dev/sda1 Provided you already have the empty space ready to be merged. Afterward, I recommend rebooting for the changes to take effect correctly. The command above would resize to the maximum permitted. If you wish to resize to a particular size then simply add the size at the end:\nsudo resize2fs /dev/sda1 25G ","date":"June 18 2021","externalUrl":null,"permalink":"/posts/2021/06/linux-resize-cloned-disk.html","section":"Posts","summary":"","title":"Resize a Cloned Disk via the CLI","type":"posts"},{"content":"","date":"June 17 2021","externalUrl":null,"permalink":"/tags/cac/","section":"Tags","summary":"","title":"CAC","type":"tags"},{"content":" Cisco CAC CUBE # Configures the Call Spike Call Admission Control feature at the device level to reject SIP calls when the call spike is detected as per the configuration (10 incoming call requests per 300 milliseconds)\nDevice(config)# call spike 10 steps 3 size 100 Configures the Call Admission Control feature based on the total calls, cpu, and memory usage at the interface level to reject SIP calls when the bandwidth that is required for the calls exceed the aggregate bandwidth threshold. Note:\nBy default, the system rejects incoming calls if the 5-second CPU utilization on the gateway exceeds 95%, and if the in-use process memory on the gateway exceeds 98%.\nDevice(config)# call threshold global total-calls low 1 high 1 or Device(config)# call threshold global cupu-avg low 75 high 85 or Device(config)# call threshold global toal-mem low 75 high 85 ref:https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/voi-cube-call-admission-control.html\n","date":"June 17 2021","externalUrl":null,"permalink":"/posts/2021/06/cisco-cube-cac.html","section":"Posts","summary":"","title":"Cisco CUBE CAC Config","type":"posts"},{"content":" Bridged VM Connections on a Cisco 9800 # Enable Passive Client on WLAN policy profile\nConfiguration-\u0026gt;-\u0026gt;Policies-\u0026gt;Your policy * Passive Client – Set Enabled Enable ARP Broadcast on VLAN * Configuration-\u0026gt;Layer2-\u0026gt;VLAN-\u0026gt;Your VLAN\nARP Broadcast – Set to Enabled Reference - https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/16-12/config-guide/b_wl_16_12_cg/passive-client.html\n","date":"June 11 2021","externalUrl":null,"permalink":"/posts/2021/06/multiple-ips-vmware-cl9800.html","section":"Posts","summary":"","title":"Bridged VM Connections on a Cisco 9800","type":"posts"},{"content":"","date":"June 11 2021","externalUrl":null,"permalink":"/tags/vmware/","section":"Tags","summary":"","title":"VMware","type":"tags"},{"content":"","date":"June 10 2021","externalUrl":null,"permalink":"/tags/cucm/","section":"Tags","summary":"","title":"CUCM","type":"tags"},{"content":" Process for existing Jabber installation. # Open a text editor such as notepad++. The text editor should have administrator permissions. You can give it administrator permissions by opening it by right-clicking it and selecting run as administrator and then clicking yes on the user account control window that pops up.\nOpen the following file\nC:\\ProgramData\\Cisco Systems\\Cisco Jabber\\jabber-bootstrap.properties On line 30 replace this text \u0026lsquo;NOT_SPECIFIED\u0026rsquo;, with this text \u0026lsquo;upnDiscoveryEnabled: false\u0026rsquo;\nIf Jabber is running, sign out, and click reset Jabber\nRun jabber again and confirm you can login.\n#Process for new Jabber installation\nNote: This will only work on a machine that has never had jabber installed before. Confirm by checking to see if the following file exists.\n\u0026lsquo;C:\\ProgramData\\Cisco Systems\\Cisco Jabber\\jabber-bootstrap.properties\u0026rsquo;\nPlace the CiscoJabberSetup.msi installation file in the C:\\WINDOWS\\system32 directory. The installation file must be named \u0026lsquo;CiscoJabberSetup.msi\u0026rsquo; It is case sensitive.\nRun command line as administrator.\nInstall Jabber using the following command.\nmsiexec.exe /i CiscoJabberSetup.msi UPN_DISCOVERY_ENABLED=false CLEAR=1 Follow the normal installation process.\nOpen the following file with a text editor and confirm that line 30 is set to \u0026lsquo;upnDiscoveryEnabled: false\u0026rsquo;\nStart jabber and sign in with any valid account.\n","date":"June 10 2021","externalUrl":null,"permalink":"/posts/2021/06/disable-jabber-upn.html","section":"Posts","summary":"","title":"Disable Jabber UPN Setting","type":"posts"},{"content":" MGRL Selection Process # Cisco CallManager uses the MRGL concept in order to select resources. The selection depends on the geographical assignment of the resources\nMRGs are logical groupings of media resources. A single MRG can contain hardware conference resources, software conference resources, transcoder resources, MOH servers, and software Media Termination Points. An MRG has no user-defined order. All resources in an MRG are considered equal. Therefore, Cisco CallManager loads share between resources of each type in one MRG.\nWhen transcoding is used with a conference, the transcoder is selected based on the MRGL of the Conference Bridge.\nNote: You cannot explicitly configure an MRGL for a Conference Bridge. Therefore, the MRGL is taken first from the Device Pool, and then from the MRG default pool.\nWhen a phone is put on hold, the MRGL of the device that it put on hold (could be a gateway for offnet calls) determines which MOH server is used to play music to the held device.\nConference Bridges are chosen based on the MRGL of the conference controller (the party that initiates the conference).\nIf a call goes out through a gateway, and Media Termination Point (MTP) is required. The MRGL of the gateway is then used to select the MTP.\nMRGLs are an ordered list of MRGs. All resources in one MRG must be exhausted before Cisco CallManager attempts to use a media resource from another MRG in the same MRGL.\nMRGLs can be associated on a per-device basis, which means that you can give specific devices access to media resources on an individual basis. A second MRGL can also be configured at the device pool level.\nIf a device has an MRGL configured at the device pool level as well as on the device itself, the MRGL configured at the device level is searched first, followed by the MRGL on the device pool.\nThe last MRGL is the default MRGL. A media resource that is not assigned to an MRG is automatically assigned to the default MRGL. The default MRGL is always searched and it is the last resort if no resources are available in the device-based MRGL and the device pool MRGL or if no MRGLs are configured at any level.\nhttps://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/213261-understanding-media-resource-groups-and.html ","date":"May 22 2021","externalUrl":null,"permalink":"/posts/2021/05/ciscco-cucm-mrgl.html","section":"Posts","summary":"","title":"Cisco MRGL Notes","type":"posts"},{"content":"","date":"April 23 2021","externalUrl":null,"permalink":"/tags/cme/","section":"Tags","summary":"","title":"CME","type":"tags"},{"content":" CME SCCP Phones Registration # ip dhcp excluded-address 10.10.10.1 10.10.10.10 ip dhcp excluded-address 192.168.10.1 192.168.10.10 ! ip dhcp pool data network 10.10.10.0 255.255.255.0 default-router 10.10.10.1 ! ip dhcp pool voice network 192.168.10.0 255.255.255.0 option 150 ip 192.168.10.1 default-router 192.168.10.1 ! ===============Configure Voice Service parameters======================= voice service voip allow-connections sip to sip sip registrar server expires max 1200 min 300 ! ===============Configure Voice Register Global Parameters=============== voice register global mode cme source-address 192.168.10.1 port 5060 max-dn 20 max-pool 10 authenticate register authenticate realm cisco.com tftp-path flash: create profile dialplan-pattern 1 4085251... extension-length 3 ! ================Configure Extension and Parameters====================== voice register dn 1 name Phone1 label 4085251001 number 101 call-forward b2bua noan 100 timeout 20 call-forward b2bua busy 100 timeout 20 ! voice register dn 2 name Phone2 label 4085251002 number 102 call-forward b2bua noan 100 timeout 20 call-forward b2bua busy 100 timeout 20 ! voice register dn 3 name Phone3 label 4085251003 number 103 call-forward b2bua noan 100 timeout 20 call-forward b2bua busy 100 timeout 20 ! voice register dn 4 name Phone4 label 4085251004 number 104 call-forward b2bua noan 100 timeout 20 call-forward b2bua busy 100 timeout 20 ! =============Configure SIP Phone=========================== voice register pool 3 id mac 001A.A11B.500E type 3911 number 1 dn 3 dtmf-relay sip-notify codec g711ulaw username user1 password cisco ! =============Configure SNR=============================== ephone-dn 3 octo-line number 645 label 645 description User name User mobility snr 998180433 delay 5 timeout 15 ! ephone-template 1 softkeys idle Redial Newcall Mobility Cfwdall Pickup Dnd softkeys connected Endcall Hold Mobility ! ephone 3 device-security-mode none mac-address 0023.5EB7.2949 ephone-template 1 type 7961 button 1:3 ","date":"April 23 2021","externalUrl":null,"permalink":"/posts/2021/04/cucme-sccp-phones-registration.html","section":"Posts","summary":"","title":"CME SCCP Phones Registration","type":"posts"},{"content":"","date":"April 23 2021","externalUrl":null,"permalink":"/tags/sccp/","section":"Tags","summary":"","title":"SCCP","type":"tags"},{"content":"","date":"April 23 2021","externalUrl":null,"permalink":"/tags/ucce/","section":"Tags","summary":"","title":"UCCE","type":"tags"},{"content":" UCCE Notes # Random Notes\nCUIC Admin Setup URL is https://\u0026#39;ServerIP\u0026#39;/oamp CVP Admin Setup URL is https://\u0026#39;ServerIP\u0026#39;:9443/oamp Finesse Admin Setup URL is https://\u0026#39;ServerIP\u0026#39;/cfadmin Requirement for RONA\nAgent Desk Settings must be set to 12\nCVP must have \u0026ldquo;RNA timeout\u0026rdquo; of 16 under Device Management -\u0026gt; CVP Call Server -\u0026gt; \u0026lsquo;Your Server\u0026rsquo; -\u0026gt; SIP Tab -\u0026gt; Advance Configuration\nThe phones Ring No Answer Time must be set for 20 CVP Setup with in ICM\nyou need 4 set variable nodes\nobject type - Call ===== variable - user.microapp.media_server \u0026#34;http://10.7.16.208:7000/CVP\u0026#34; object type - Call ===== variable - user.microapp.app_media_lib \u0026#34;..\u0026#34; object type - Call ===== variable - user.microapp.toExtVXML concatenate(\u0026#34;callid=\u0026#34;,Call.user.media.id) object type - Call ===== variable - user.microapp.useVXMLparams \u0026#34;N\u0026#34; #Troubleshooting\nThe dumplog utility converts binary log files written by Cisco ICM processes into readable format. Once converted, the log file contents can be referenced to gain insight into ICM operation. Typically, dumplog is used as a troubleshooting tool, but it can be educational as well.\nCdlog ucce pg1a Dumplog mds /bd 10/16/2013 /bt 13:00 /ed 10/16/2013 /et 16:30 /ms /o Dumplog pgag /bd 10/16/2013 /bt 13:00 /ed 10/16/2013 /et 16:30 /ms /o The vrutrace utility enables you to retrieve specified log files related to the PIM process of a PG when it is connected to a VRU.\nrttest utility, which allows you to view and set various parameters on an ICM Call Router. You can run the rttest utility in one of three ways: From a command prompt directly on one of the Cisco ICM Call Router nodes From a Telnet session into one of the Cisco ICM Call Router nodes rttest /cust ucce /node routera rttest: status \u0026lt; The Open Peripheral Controller (OPC) Test (opctest) command-line utility allows you to view and set various parameters in a Cisco Intelligent Contact Management (ICM) Peripheral Gateway (PG) OPC process\nopctest /node ucce pg1a opctet: status The Diagnostic Portal (Run from ICM)\nhttps://localhost:7890/icm-dp/rest/DiagnosticPortal/GetMenu CVP Diagnostic Portal\nhttps://localhost:8000/cvp/diag Keep CVP from Crashing due to memory issue\nEdit C:\\Cisco\\CallStudio\\eclipse\\eclipse.ini with a decent editor like GVIM or NOTEPAD++ and have something like the following on separate lines\n-vmargs -Xms128m -Xmx512m -XX:MaxPermSize=256m ","date":"April 23 2021","externalUrl":null,"permalink":"/posts/2021/04/ucce-notes.html","section":"Posts","summary":"","title":"UCCE Tech Notes","type":"posts"},{"content":"","date":"April 21 2021","externalUrl":null,"permalink":"/tags/webex/","section":"Tags","summary":"","title":"Webex","type":"tags"},{"content":" Mailbox Settings # -DeleteComments The DeleteComments parameter specifies whether to remove or keep any text in the message body of incoming meeting requests. Valid values are: $true: Remove any text in the message body of incoming meeting requests. This is the default value. $false: Preserve any text in the message body of incoming meeting requests. This parameter is used only on resource mailboxes where the AutomateProcessing parameter is set to AutoAccept. Please check if -DeleteComments is set to true, if yes then it needs to be changed to false.\nhttps://docs.microsoft.com/en-us/powershell/module/exchange/set-calendarprocessing?view=exchange-ps Additionally ensure that the meeting invite after it auto accepts - is present in the inbox and not sent to deleted items\n","date":"April 21 2021","externalUrl":null,"permalink":"/posts/2021/04/webex-obtp-random-notes.html","section":"Posts","summary":"","title":"WebEx Edge OBTP Notes","type":"posts"},{"content":"","date":"February 8 2021","externalUrl":null,"permalink":"/tags/dnac/","section":"Tags","summary":"","title":"DNAC","type":"tags"},{"content":" Remove a switch # while this remove the switch there can still be problems if your switch was orphaned.\ndocker exec -it $(docker ps | awk \u0026#39;/s_postgres/ {print $1}\u0026#39;) bash -c \u0026#39;psql -d campus -U apic_em_user -h localhost -P pager service\u0026#39;\u0026#39;off select * from deviceinfo where networkdeviceid in(select instanceuuid from networkdevice where managementipaddress like \u0026#39;10.0.255.2\u0026#39;); select * from deviceinterfaceinfo where deviceinfo_id=1674676; select * from dvcintrfcinfshssgmnts where deviceinterfaceinfo_id=2349347; delete from dvcintrfcinfshssgmnts where deviceinterfaceinfo_id=2349347; delete from deviceinterfaceinfo where deviceinfo_id=1674676; delete from customerfacingservice where id=1674676; select * from deletedeviceblacklist where deviceuuid=\u0026#39;51c5a0d8-6de0-4d7d-9aa2-f06625e4ba81\u0026#39;; delete from deletedeviceblacklist where deviceuuid=\u0026#39;51c5a0d8-6de0-4d7d-9aa2-f06625e4ba81\u0026#39;; ","date":"February 8 2021","externalUrl":null,"permalink":"/posts/2021/02/remove-switch-from-dnac-database.html","section":"Posts","summary":"","title":"Remove a switch from the DNAC database","type":"posts"},{"content":"","date":"January 13 2021","externalUrl":null,"permalink":"/tags/google-fi/","section":"Tags","summary":"","title":"Google Fi","type":"tags"},{"content":"","date":"January 13 2021","externalUrl":null,"permalink":"/tags/netgear-lb1120/","section":"Tags","summary":"","title":"Netgear LB1120","type":"tags"},{"content":"Head over to Settings \u0026gt; General \u0026gt; APN:\nnetgear-apn\nClick Add to create a new cellular profile\nnetgear-add-gfi\nFor the network Name, enter Google Fi. For the APN enter h2g2.\nClick Save to add the profile\nThen make sure to select the correct radio button to activate the new profile:\nnetgear-activate-profile\nAt this point, I would recommend deleting the old/default T-Mobile profile. I would also suggest rebooting the device to force it to switch to Google Fi.\n","date":"January 13 2021","externalUrl":null,"permalink":"/posts/2021/01/netgear-lb1120-googlefi.html","section":"Posts","summary":"","title":"Setup Google Fi on a LB1120","type":"posts"},{"content":"I had issues with booting FreeNAS when a 3108 controller was installed. The system would get stuck booting with a message like follows.\nrun_interrupt_driven_hooks: still waiting after 60 seconds for xpt_config add the following to the system tunables\nhw.pci.honor_msi_blacklist=0 ","date":"January 3 2021","externalUrl":null,"permalink":"/posts/2021/01/freenas-3108-raid-card.html","section":"Posts","summary":"","title":"FreeNAS MRSAS Boot Issues","type":"posts"},{"content":"","date":"September 21 2020","externalUrl":null,"permalink":"/vendors/aws/","section":"Vendors","summary":"","title":"AWS","type":"vendors"},{"content":"","date":"September 21 2020","externalUrl":null,"permalink":"/tags/aws-advanced-networking/","section":"Tags","summary":"","title":"AWS Advanced Networking","type":"tags"},{"content":" VPC Peering # VPC’s can be connected via a VPC Peering connection. VPC peering has no aggregate bandwidth limits. This can be done across regions. VPC peering is a one-to-one relationship. Meaning that traffic cannot follow to another VPC via a newly linked VPC. If communication is needed you would have to create a mesh design. An environment with 10 VPC would have up to 100 peering connections or a full mesh. To get around this you can use a Transit Gateway to cut down on the peering connections but does have bandwidth tradeoffs.\n","date":"September 21 2020","externalUrl":null,"permalink":"/posts/2020/09/aws-vpc-peering.html","section":"Posts","summary":"","title":"AWS VPC Peering","type":"posts"},{"content":"","date":"September 21 2020","externalUrl":null,"permalink":"/tags/vpc-peering/","section":"Tags","summary":"","title":"VPC Peering","type":"tags"},{"content":" AWS Acronyms # VPC = Virtual Private Cloud VGW = Virtual Private Gateway EIGW = Egress Only Internet Gateway IAM = Identity and Access Management VPC Hierarchy # A VPC Consists of the following hierarchy\nAWS Regions VPC Availability Zone A VPC also contains\nSubnets Security Group Routing Table ACLs Internet Gateway NAT Gateways Egress Only Internet Gateways VPN Gateway VGW Gateway VPC Endpoint Palcement Groups Elastic Netwrok Interfaces DHCP,DNS VPC Flow Log The network assigned to the VPC can be no larger /16 and cannot be modified once created. If modification is needed you must delete the VPC then recreate it.\nPlacement Groups to influence the placement of a group of interdependent instances to meet the needs of your workload. This can be 1 of 3 categories Cluster (low latency), Partition (do not share underlying hardware from other Partitions), Spread (don’t share hardware at all)\nRemote Networks are not able to access VPC endpoints, this is related to transitive routing, which is not supported\n","date":"September 8 2020","externalUrl":null,"permalink":"/posts/2020/09/aws-vpc-basics.html","section":"Posts","summary":"","title":"AWS VPC Basics","type":"posts"},{"content":" Export Privatekey From Expressway # After running the following commands you can push the private key to other servers\n~ # cd /tandberg/persistent/certs ~/persistent/certs # ls -a ~/persistent/certs # cat privkey.pem upload the private key with a SAN cert via the normal web page GUI.\n","date":"August 10 2020","externalUrl":null,"permalink":"/posts/2020/08/expressway-private-key-export.html","section":"Posts","summary":"","title":"Export Your Private Key from Expressway","type":"posts"},{"content":"","date":"August 10 2020","externalUrl":null,"permalink":"/tags/expressway/","section":"Tags","summary":"","title":"Expressway","type":"tags"},{"content":"","date":"August 10 2020","externalUrl":null,"permalink":"/tags/mra/","section":"Tags","summary":"","title":"MRA","type":"tags"},{"content":"","date":"August 10 2020","externalUrl":null,"permalink":"/tags/e911/","section":"Tags","summary":"","title":"E911","type":"tags"},{"content":" Test Number # The test number for RedSky is 3126670195\n","date":"August 10 2020","externalUrl":null,"permalink":"/posts/2020/08/redsky-test-number.html","section":"Posts","summary":"","title":"Redsky Test Number","type":"posts"},{"content":"","date":"June 25 2020","externalUrl":null,"permalink":"/tags/ccnp/","section":"Tags","summary":"","title":"CCNP","type":"tags"},{"content":"","date":"June 25 2020","externalUrl":null,"permalink":"/tags/ip-routing/","section":"Tags","summary":"","title":"IP Routing","type":"tags"},{"content":"","date":"June 25 2020","externalUrl":null,"permalink":"/tags/ospf/","section":"Tags","summary":"","title":"OSPF","type":"tags"},{"content":"","date":"June 25 2020","externalUrl":null,"permalink":"/tags/ospfv3/","section":"Tags","summary":"","title":"OSPFv3","type":"tags"},{"content":" OSPFv3 # OSPFv3 offer support for ipv4 and 6, there are new LSA’s types for ipv6, LSA flooding is changed as well. The changes eliminate the need for router to perform a full SPF every time a new prix is added. OSPFv3 uses protocol ID 89and routers will use the link local interface in ipv6. Base configuration is as follows\nInterface gi0/0 Ipv6 address 2001::1 Ospfv3 1 ipv6 area 0 ! Router ospfv3 1 Router-id 192.168.1.1 You can verify neighbor adjacency with the following\nShow ospfv3 ipv6 neighbor Passive interfaces can be configured as follows\nRouter ospfv3 1 Passive-interface default No passive interface gi0/1 To summarize routes you can use the following command\nRouter ospfv3 1 Address-family ipv6 unicast Area 0 range 2001:db::1/65 ","date":"June 25 2020","externalUrl":null,"permalink":"/posts/2020/06/ccnp-enterprise-part-10.html","section":"Posts","summary":"","title":"Path to the CCNP Enterprise","type":"posts"},{"content":"","date":"June 24 2020","externalUrl":null,"permalink":"/tags/mythtv/","section":"Tags","summary":"","title":"MythTv","type":"tags"},{"content":" Handbrake Script # mythbrake.sh\n#!/bin/sh # Commercial Removal and transcode script for MythTV, updated 11/10/14 # Input arguments are passed to this user job from mythtv-setup # Invoke using: postProcessRecording.sh %DIR% %FILE% %CHANID% %STARTTIMEUTC% # # Pre-requisites: # 0. A working MythTV backend setup # 1. HandBrakeCLI installed. If you need to install this on a Ubuntu system, # try: sudo apt-get install handbrake-cli # 2. Your MythTV database username and password: # -- Add these to DBUSER and DBPASSWD lines below. Keep quotes. # # Script functions: # 0. Invoked as a user-job after a MythTV recording completes # 1. Query database to check if invoked for a commercial-free channel # 2. If commercial-free channel, go to step 7 # 3. Flag commercials using \u0026#34;All\u0026#34; methods, copy flagged commercials to cutlist # 4. Lossless transcode to remove commercials from the file # 5. Rebuild the seek table. Clear cutlist # 6. Update database to point to recording with no commercials # 7. Remove stale bookmarking and seek information from the database # 8. Use Handbrake to transcode recording to H.264 (MPEG-4): # -- preserve original audio track (5.1, dts etc.) # -- preserve subtitles # -- Use x264 encoder for HD-quality video with much reduced file-size # -- deinterlace video if necessary # -- create .mp4 file format compatible with Roku or Apple/Android devices # 9. Update database to point to the new .mp4 transcoded file # 10. Rebuild seektable for new .mp4 transcoded file # 11. Remove original recording and cleanup temp files # Update these based on your setup # DBUSER=\u0026#34;mythtv\u0026#34; DBPASSWD=\u0026#34;6jaw0P3s\u0026#34; # Input arguments # VIDEODIR=$1 # %DIR% INFILE=$2 # %FILE% CHAN=$3 # %CHANID% START=$4 # %STARTTIMEUTC% # Locally generated variables # # Change extension to .mp4 #OUTFILE=`echo \u0026#34;$2\u0026#34; | sed s/\\.mpg/\\.mp4/g | sed s/\\.ts/\\.mp4/g` OUTFILE=`echo \u0026#34;$2\u0026#34; | sed s/\\.ts/\\.mp4/g` TEMPDIR=\u0026#34;/tmp\u0026#34; MYPID=$$ # Run at a lower priority renice 19 $MYPID ionice -c 3 -p $MYPID # Sanity check usage and file existence if [ -z \u0026#34;$VIDEODIR\u0026#34; -o -z \u0026#34;$INFILE\u0026#34; -o -z \u0026#34;$CHAN\u0026#34; -o -z \u0026#34;$START\u0026#34; ]; then echo \u0026#34;Usage: $0 \u0026lt;VideoDir\u0026gt; \u0026lt;FileName\u0026gt; \u0026lt;ChannelID\u0026gt; \u0026lt;StartTime\u0026gt;\\r\u0026#34; \u0026gt;\u0026gt; pp.log exit 5 fi if [ ! -f \u0026#34;$VIDEODIR/$INFILE\u0026#34; ]; then echo \u0026#34;$0: File does not exist: $VIDEODIR/$INFILE\\r\u0026#34; \u0026gt;\u0026gt; pp.log exit 6 fi # Work from a temporary directory mkdir $TEMPDIR/postProcess-$MYPID cd $TEMPDIR/postProcess-$MYPID # Only go through commercial flagging if this isn\u0026#39;t a commercial-free # channel. This can be determined by querying the channel table. COMMFREE=0 mkfifo sqlpipe.$MYPID # needed to preserve scope of COMMFREE variable mysql --user=$DBUSER --password=$DBPASSWD mythconverg --column-names=0 -ss \\ -e \u0026#39;SELECT chanid FROM channel WHERE commmethod=\u0026#39;-2\u0026#39;;\u0026#39; \u0026gt; sqlpipe.$MYPID \u0026amp; while read -r LINE do if [ \u0026#34;$CHAN\u0026#34; -eq \u0026#34;$LINE\u0026#34; ]; then COMMFREE=1 echo \u0026#34;$0: Commercial-free channel. Skipping commercial flagging.\\r\u0026#34; \u0026gt;\u0026gt; pp.log fi done \u0026lt; sqlpipe.$MYPID if [ $COMMFREE -eq 0 ]; then # Flag commercials, copy the flagged commercials to the cutlist, and # transcode the video to remove the commercials from the file. mythcommflag --chanid $CHAN --starttime $START --method 7 --quiet ERROR=$? if [ $ERROR -gt 126 ]; then echo \u0026#34;Commercial flagging failed for ${INFILE} with error $ERROR\\r\u0026#34; \u0026gt;\u0026gt; pp.log exit $ERROR fi echo -n \u0026#34;$0: Generating cutlist for $INFILE...\\r\u0026#34; \u0026gt; pp.log mythutil --gencutlist --chanid $CHAN --starttime $START --quiet ERROR=$? if [ $ERROR -ne 0 ]; then echo \u0026#34;Copying cutlist failed for ${INFILE} with error $ERROR\\r\u0026#34; \u0026gt;\u0026gt; pp.log exit $ERROR fi echo -n \u0026#34;$0: Removing commercials... \\r\u0026#34; \u0026gt;\u0026gt; pp.log # Remove commercials in a .tmp file, replace original recording echo \u0026#34;starting mythtranscode\\r\u0026#34; \u0026gt;\u0026gt; pp.log # mythtranscode --honorcutlist --mpeg2 --showprogress -i $VIDEODIR/$INFILE \\ mythtranscode --mpeg2 --showprogress -i $VIDEODIR/$INFILE \\ -o $TEMPDIR/postProcess-$MYPID/$INFILE.tmp --quiet mv -f $TEMPDIR/postProcess-$MYPID/$INFILE.tmp $VIDEODIR/$INFILE echo \u0026#34;replaced $INFILE.tmp with $INFILE. Rebuilding seek table...\\r \u0026#34; \u0026gt;\u0026gt; pp.log # This will rebuild the seek table mythcommflag --chanid $CHAN --starttime $START --rebuild --quiet ERROR=$? if [ $ERROR -ne 0 ]; then echo \u0026#34;Rebuilding seek list failed for ${INFILE} with error $ERROR\\r\u0026#34; \u0026gt;\u0026gt; pp.log exit $ERROR fi # Remove the cutlist from the program # mythutil --clearcutlist --chanid $CHAN --starttime $START --quiet ERROR=$? # If successful, fix up the database to point to the transcoded mpeg-2 file if [ $ERROR -eq 0 ]; then echo \u0026#34;UPDATE recorded SET cutlist=0, \\ filesize = $(ls -l $VIDEODIR/$INFILE | awk \u0026#39;{print $5}\u0026#39;) \\ WHERE basename = \u0026#39;$INFILE\u0026#39;;\u0026#34; \u0026gt; update-db-$MYPID.sql mysql --user=$DBUSER --password=$DBPASSWD mythconverg \\ \u0026lt; update-db-$MYPID.sql else echo \u0026#34;Clearing cutlist failed for ${INFILE} with error $ERROR\\r\u0026#34; \u0026gt;\u0026gt; pp.log rm -f $VIDEODIR/$INFILE.tmp exit $ERROR fi fi # ENDIF for channels with commercials # Remove stale bookmarking and seeking info in the database echo \u0026#34;DELETE FROM recordedseek WHERE chanid=\u0026#39;$CHAN\u0026#39; AND \\ starttime=\u0026#39;$START\u0026#39;;\u0026#34; \u0026gt; update-db-$MYPID.sql mysql --user=$DBUSER --password=$DBPASSWD mythconverg \u0026lt; update-db-$MYPID.sql echo \u0026#34;DELETE FROM recordedmarkup WHERE chanid=\u0026#39;$CHAN\u0026#39; AND \\ starttime=\u0026#39;$START\u0026#39;;\u0026#34; \u0026gt; update-db-$MYPID.sql mysql --user=$DBUSER --password=$DBPASSWD mythconverg \u0026lt; update-db-$MYPID.sql # Transcode the file to .mp4 echo \u0026#34;Transcoding $INFILE to $OUTFILE\\r\u0026#34; \u0026gt;\u0026gt; pp.log #HandBrakeCLI -i $VIDEODIR/$INFILE -o $VIDEODIR/$OUTFILE --format mp4 \\ # --no-dvdnav --optimize --markers --encoder x264 \\ # --h264-profile main --x264-preset medium --audio 1 --aencoder copy \\ # --audio-fallback aac --arate Auto --ab 160 --maxWidth 1280 \\ # --maxHeight 720 --loose-anamorphic --loose-crop --modulus 2 --decomb \\ # --quality 20 --rate 30 --pfr --verbose 0 2 \u0026gt; hb-log$MYPID.txt HandBrakeCLI -i $VIDEODIR/$INFILE -o $VIDEODIR/$OUTFILE -e x264 -q 21 -O \\ -r 30 --pfr -x ref=6:bframes=5:vbv-maxrate=62000:vbv-bufsize=62000 \\ -X 720 --decomb --loose-anamorphic --modulus 2 --x264-tune film \\ # --x264-preset medium --h264-profile high --h264-level 4.1 -a 1,1 \\ --x264-preset medium --h264-profile main --h264-level 4.1 -a 1,1 \\ -E copy:ac3,faac -B auto,160 -R auto,auto -6 auto,dpl2 \\ --audio-copy-mask aac,ac3,dtshd,dts,mp3 --audio-fallback ffac3 \\ -f mp4 --verbose 1 2 \u0026gt; hb-log$MYPID.txt # Update the database to point to the transcoded file echo \u0026#34;UPDATE recorded SET basename=\u0026#39;$OUTFILE\u0026#39;, \\ filesize = $(ls -l $VIDEODIR/$OUTFILE | awk \u0026#39;{print $5}\u0026#39;), \\ transcoded=\u0026#39;1\u0026#39; WHERE chanid=\u0026#39;$CHAN\u0026#39; AND \\ starttime=\u0026#39;$START\u0026#39;;\u0026#34; \u0026gt; update-db-$MYPID.sql mysql --user=$DBUSER --password=$DBPASSWD mythconverg \u0026lt; update-db-$MYPID.sql # Rebuild the seektable for new MP4 file mythcommflag --chanid $CHAN --starttime $START --rebuild --quiet ERROR=$? if [ $ERROR -ne 0 ]; then echo \u0026#34;Rebuilding seek list failed for ${OUTFILE} with error $ERROR\\r\u0026#34; \u0026gt;\u0026gt; pp.log exit $ERROR fi # Cleanup echo \u0026#34;Completed transcode! Cleaning up original recording and temp files.\\r\u0026#34; \u0026gt;\u0026gt; pp.log rm -f $VIDEODIR/$INFILE* cd .. rm -rf $TEMPDIR/postProcess-$MYPID cd ","date":"June 24 2020","externalUrl":null,"permalink":"/posts/2020/06/mythtv-handbrake-transcode.html","section":"Posts","summary":"","title":"Transcode mythtv with Handbrake","type":"posts"},{"content":"","date":"May 24 2020","externalUrl":null,"permalink":"/tags/cuac-advance/","section":"Tags","summary":"","title":"CUAC Advance","type":"tags"},{"content":" Restore Process # Setup new server using OVA Install the same Windows OS Ensure the hostname of the new server matches the name of the old server Restore the CUACA crypto keys including aeskey.dat - these need to be taken from the live publisher by clicking Help / Export Crypto Key File otherwise you will not be able to restore the databases onto the restored server as it will complain of a crypto key failure in the logs Install the same version of CUACA\nextra step outlined here\nhttp://squirrelsuccess.blogspot.com/2018/06/restoring-cisco-unified-attendant.html ","date":"May 24 2020","externalUrl":null,"permalink":"/posts/2020/05/cisco-cuac-advance-restore.html","section":"Posts","summary":"","title":"Restoring CUAC Advance v12","type":"posts"},{"content":"","date":"May 15 2020","externalUrl":null,"permalink":"/tags/bgp/","section":"Tags","summary":"","title":"BGP","type":"tags"},{"content":" BGP # From the BGP perspective an autonomous system(AS) is a group of router under another organization’s control using one or more GP and metrics within that AS. RFC 4893 expended the byte field to allow for 4,294,967,295 unique ASN. There are 2 blocks of rivet ASN’s that can be used 64,512-65,535 and 4,200,000,000-4,294,967,294(this range is only for RFC 4893). IANA is reasonable for assigning all public ASN’s you will have to prove the following • Publicly allocated range • Multiple internet connections • Unique routing policy from providers ## you must use ASN’s that are assigned by IANA or your service provider or a private ASN using another organizations ASN could cause havoc. # Path Attributes # BGP uses path attributes these provide control of routing policies within BGP. There are 4 types •\tWell-known Mandatory •\tWell-known discretionary •\tOptional transitive •\tOptional non-transitive\nWell known attributes must be used by all BGP implementations. well known mandatory must be included in every prefix advertisement.\nLoop Prevention # BGP is a path vector protocol and does not maintain a complete topology of the network. AS_Path is a well known attribute that includes a complete list of all the ASNs that a prefix advertisement has traveled from its source.\nInter-routing communication # BGP does not discover neighbors dynamically. It was designed to be a protocol that doesn’t see many frequent changes and are coordinated. BGP uses TCP port 179. BGP uses the ARP table for locally connected peers and the routing table for multi-hop BGP a static route can be used for multi-hop BGP.\nThere are 2 sessions types iBGP and eBGP. iBGP is used for routers with the same AS. eBGP is used for routers with different AS\nThere are 4 BGP packet types •\tOpen; setup BGP peering •\tUpdate; updates routes •\tNotification; error with neighbor •\tKeepalive; makes sure neighbors are alive\nThere are 6 states •\tIdle; no communication •\tConnect; tcp session is started •\tActive; three way hand shake is preformed •\tOpenSent; check for bgp version, ip addresses, AS number, security and RID •\tOpenConfrim; wait for keepalive of notification •\tEstablished; the BGP session is established and working\nExample BGP config with EIGRP redistribution.\nrouter eigrp 50 network 10.81.0.0 0.0.255.255 network 10.81.225.0 0.0.0.255 redistribute bgp 65105 metric 100000 500 255 1 1500 ! router bgp 65105 bgp log-neighbor-changes neighbor 192.168.32.9 remote-as 65980 ! address-family ipv4 network 10.81.0.0 mask 255.255.255.0 network 10.81.225.0 mask 255.255.255.0 network 192.168.32.8 mask 255.255.255.252 redistribute eigrp 50 neighbor 192.168.32.9 activate exit-address-family ! prefix advertisement # BGP network statement identify specified networks. After setting the network statement the BGP process will search in the global routing table to find the exact network match(e.g. connected vs static/dynamic route).\nRoute summarization # Route summarization can increase stability by hiding down steam route flaps as the route table may not need to be recomputed.\nRouter bgp 61500 Aggregate-address 172.16.0.0 255.255.0.0 The above code would would tell the router to advertise all 172.16.0.0 network as a single /20 instead of many /24. The atomic aggregate attribute indicates that a loss of loop prevention has occurred. When a route is summarized it does not advertise the AS from before the aggregation. The atomic aggregate attribute indicates that a loss of loop prevention has occurred. When a route is summarized it does not advertise the AS from before the aggregation.\nWith IPV6 the bgp router-id must be statically defined in order for a neighbor relationship to form. Using link local addressing creates rick as hardware failure or moving cables will cause the session to fail. If doing ipv6 only ipv4 must be turned off as it is on by default.\nNo bgp ipv4-unicast ","date":"May 15 2020","externalUrl":null,"permalink":"/posts/2020/05/ccnp-enterprise-part-11.html","section":"Posts","summary":"","title":"Path to the CCNP Enterprise","type":"posts"},{"content":"","date":"May 9 2020","externalUrl":null,"permalink":"/tags/cucm-database/","section":"Tags","summary":"","title":"CUCM Database","type":"tags"},{"content":"After running ‘utils dbreplication status’ you can sometimes run into errors or mismatches. If it is a minor issue you you can try the following.\nRun the following command to see what tables are out of sync\nadmin:file view activelog cm/trace/dbl/sdi/ReplicationStatus.2020_05_08_19_58_32.out It should give you a fair amount of output but the section you want to look is ‘Suspect Replication Summary’\nFri May 8 19:58:32 2020 main() DEBUG: --\u0026gt; Fri May 8 19:58:37 2020 main() DEBUG: Replication cluster summary: SERVER ID STATE STATUS QUEUE CONNECTION CHANGED ----------------------------------------------------------------------- g_2_ccm11_0_1_22900_14 2 Active Local 0 g_3_ccm11_0_1_22900_14 3 Active Connected 0 May 8 19:23:58 g_7_ccm11_0_1_22900_14 7 Active Connected 0 May 8 19:48:27 Fri May 8 19:58:46 2020 main() DEBUG: \u0026lt;-- ---------- Suspect Replication Summary ---------- For table: ccmdbtemplate_g_2_ccm11_0_1_22900_14_1_604_devicerelatedversionstamp replication is suspect for node(s): g_7_ccm11_0_1_22900_14 For table: ccmdbtemplate_g_2_ccm11_0_1_22900_14_1_627_mediaresourcegroupmember replication is suspect for node(s): g_7_ccm11_0_1_22900_14 In this case there are 2 table on the g7 node. ‘utils dbreplication runtimestate’ will allow you to confirm which node is which by looking at the ‘Replication Group ID’.\nPING DB/RPC/ REPL. Replication REPLICATION SETUP SERVER-NAME IP ADDRESS (msec) DbMon? QUEUE Group ID (RTMT) \u0026amp; Details ----------- ---------- ------ ------- ----- ----------- ------------------ CCMSUB 172.17.1.11 0.234 Y/Y/Y 1426 (g_3) (2) Setup Completed ccmsub2 172.17.55.10 51.131 Y/Y/Y 1426 (g_7) (2) Setup Completed CCMPUB 172.17.1.10 0.009 Y/Y/Y 0 (g_2) (2) Setup Completed You can then run each command one at a time\nutils dbreplication repairtable devicerelatedversionstamp 172.17.55.10 utils dbreplication repairtable mediaresourcegroupmember 172.17.55.10 utils dbreplication status ","date":"May 9 2020","externalUrl":null,"permalink":"/posts/2020/05/cisco-cucm-db-replication-fixes.html","section":"Posts","summary":"","title":"Fixing Minor Sync Issues in the CUCM Database","type":"posts"},{"content":" OSPF Continued # Areas # An OSPF Area is a logical grouping of routers membership is set at the interface level and the ID is a part of the hello packet. An i nterface can only belong to one area. There can be issues as an OSPF area grows full SPF calculations occur with link flaps, the LSDB can increase in size and become unmanageable, more memory and CPU is consumed, no route summarization occurs.\nArea Border Routers(ABR) advertise a router from one area to the next and all ABR ‘s have to participate in area 0. When looking at th e routing table O routes are intra-area routes and O IA are inter-area routes.\nLink-State Announcements # There are 6 LSA types • Type 1, Router LSA; indicates the RID for the advertising router, age ,sequence, link count, and link ID • Type 2, Network LSA; represents a multi a multi-access segment used by a DR • Type 3, Summary LSA; represents networks from other areas • Type 4, ASBR Summary LSA; • Type 5, AS External LSA • Type 7, NSSA External LSA LSA Sequences is used to overcome problems with delay in propagation of LSA’s. LSA Age and flooding are used to help ensure that LSDB entries stay current,\nAn ABR will only advertise one type 3 LSA for a link even if it is aware of multiple paths.\nPath Selection # OSPF uses an algorithm to create a loop free network paths are prioritized by the following fashion intra-area, inter-area, external routes. Type 1 routes are always preferred over type 3 routes. If multiple intra-area routes exist the lowest metric is installed. If OSPF identifies multi paths those routes are installed as equal-cost multipathing(default max number of entries is 4)\nSummarization of route will reduce the number of LSA’s. all routers share a copy of the LSDB but all routers must accommodate the smallest / slowest router in the environment\nRoute filtering with OSPF would have to be performed on the ABR router as every router with in the area contains a complete copy of the LSDB. The easiest way to do this is with the not-advertise keyword\nArea 1 range 192.168.0.0 255.255.255.0 not-advertise area filtering is done on a area border router using the following syntax\nIp prefix-list filter seq 5 deny 172.16.1.0/24 ! Router ospf 1 Area 0 filter-list prefix filter in Local OSPF filtering is possible with the following commands\nip access-list standard ACL-OSPF-FILTER deny 172.16.1.0 permit any ! Router ospf 1 Distribute-list ACL-OSPF-FILTER in ","date":"May 7 2020","externalUrl":null,"permalink":"/posts/2020/05/ccnp-enterprise-part-9.html","section":"Posts","summary":"","title":"Path to the CCNP Enterprise ","type":"posts"},{"content":" OSPF # Open Shortest Path Frist(OSPF) sends to its neighbor routers via link-state advertisements(LSA’s) these contain link state and link metric. LSAs are stored in a local database(LSDB) and they are flooded throughout a OSPF routing domain just as the originating router advertised them. All OSPF routers have a synced copy of the LSDB for an area. The LSDB provides each router with a complete topology of the network the router can then calculate the best path based off on the LSDB. When looking at an OSPF topology the shortest path will be shown as the protocol calculates the shortest path. Redundant links may not display until there is a link failure at which point a topology change would occur.\nArea 0 is considered the backbone area that all others must connect to. Area 0 is the backbone transit between non-backbone areas\nWhen a network is segmented into multiple areas routers will not have a complete LSDB of the network just their area. Doing this can save on router resources such as RAM and CPU. Router can run multiple OSPF instances these instance numbers are locally significant and routes do not advertise from one instance to another.\nOSPF has 5 main packet types. Hello, Database Description DBD or DDP, Link-state report, Link-state update, Link-sate ACK. Hello packets are responsible for discovering and maintaining neighbors. The router ID must be unique.\nThe following are OSPF neighbor states; down, attempt, init, 2-way, exstart, exchange, loading, full. In networks with multiple routers connecting via a multi-access LAN segment such as a switch all routers will form adjacencies however this is not scalable LSAs traffic will become excessive. The routers may behave as if they are in a full mesh. OSPF can overcome this by creating a pseudonode to act as the Designated Router(DR). the DR can reduce the number of adjacencies on a LAN segment. There can also be a Backup DR(BDR)\nOSPF Configuration # The OSPF process ID is only locally significant but should be kept the same for operationally consistent. It can be configured via 2 methods a network area statement or interface-specific configuration.\nNetwork Statement # Explicit IPs\nRouter ospf 1 Network 192.168.0.1 0.0.0.0 area 0 Network 192.168.1.1 0.0.0.0 area 0 Network 192.168.2.1 0.0.0.0 area 0 Network 192.168.10.1 0.0.0.0 area 0 Configurations for All Interfaces\nRouter ospf 1 Network 0.0.0.0 255.255.255.255 area 0 Configure via interface\nInterface gi1/0 Ip address 192.168.0.1 255.255.255.0 Ip ospf 1 area 0 By default the router ID is dynamic using the highest IP on any ip loopback interface if there are no loopback interfaces it will use any active physical interfaces. You can set a static ID via ‘router-id’ the OSPF process will need to be reset after this\nrouter ospf 1 router-id 172.16.10.1 ! clear ip ospf process Passive interface can be turned on\nrouter ospf 1 passive-interface default no passive-interface gi1/0/1 ! For a neighbor adjacency to form the following must be true. Router ID must be unique, the interface must share a common interface, MTU must match, area ID must match, DR enablement must match, hello and dead must match, authentication must match, area type flags must match.\nVerify neighbor relationship\nswitch#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.1.1 1 FULL/DR 00:00:36 172.16.10.2 Vlan172 switch# Advertise the Default Route # Ip route 0.0.0.0 0.0.0.0 64.25.25.1 ! Router ospf 1 Default-information originate OSPF cost on links 100mbit and above is the same value to get around this you can configure ‘auto-cost reference-bandwidth 100‘ this command must be set on all routers to ensure the same logic is used in an area.\nRouter ospf 1 auto-cost reference-bandwidth 100 The DR/BDR election occurs during the 2-wayneighbor state and just before the exstart state. any router with an OSPF priority of 1 to 255 tries to become the DR. by default interfaces have a value of 1. This election cannot be preempted. Raising the priority value to a value higher than 1 makes an interface more favorable.\nConf t Int gi1/0/1 Ip ospf priority 100 ! Clear ip ospf process ! Show ip ospf neighbor Cisco also allows for defining the type of link that a interface belongs too; broadcast, non-broadcast, point-to-point, point-to-multipoint, lookback.\nConf t Int lo1 Ip add 192.168.0.1 255.255.255.0 Ip ospf network point-to-point ","date":"May 7 2020","externalUrl":null,"permalink":"/posts/2020/05/ccnp-enterprise-part-8.html","section":"Posts","summary":"","title":"Path to the CCNP Enterprise","type":"posts"},{"content":" Cisco Unity Connection Password Reset # the following command is used for password reset of the Unity Connection install account.\nutils cuc reset password \u0026lt;Username\u0026gt; ","date":"May 5 2020","externalUrl":null,"permalink":"/posts/2020/05/cisco-unity-password-reset.html","section":"Posts","summary":"","title":"Cisco Collaboration Password Reset","type":"posts"},{"content":"","date":"May 5 2020","externalUrl":null,"permalink":"/tags/password-reset/","section":"Tags","summary":"","title":"Password Reset","type":"tags"},{"content":"","date":"May 4 2020","externalUrl":null,"permalink":"/tags/eigrp/","section":"Tags","summary":"","title":"EIGRP","type":"tags"},{"content":" EIGRP Fundamentals # EIGRP uses diffusing update algorithm(DUAL) to identify network paths. EIGRP uses hop count, link speed and delay to factor into metrics for picking routes\nAutonomous Systems # Each EIGRP process is assigned an autonomous systems(AS) number this represents a common routing domain. A router can participate in more than one AS but by default does not distribute routes learned from one AS to another AS(e.g.AS 1 will not know about routes from AS 2)\n#EIGRP Terms # •\tSuccessor Route; route with the lowest path metric •\tSuccessor; first next hop router for the successor route •\tFeasible Distance; the metric value for the lowest metric path to reach a destination. •\tReported Distance; the distance reported by a router to reach a prefix. •\tFeasibility Condition; a condition under which a route can be considered a backup path. •\tFeasible Successor; a route that satisfies the feasibility condition. Topology Table # The topology contains all network prefixes with in a AS. Each entry has a network prefix, EIGRP Neighbors, Metrics, Values for obtaining the metric\nIn the topology table output P means the topology is stable it would switch to A when computing a new path.\nHomeGarage#sh ip eigrp topology EIGRP-IPv4 Topology Table for AS(1)/ID(172.16.10.1) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status P 10.10.0.0/16, 1 successors, FD is 3072 via 172.16.10.2 (3072/2816), Vlan172 EIGRP Neighbors # Neighbors advertise only incremental changes in the network. Then are 5 packet types. Hello, Request, Update, Query, Reply.\nPath Metric # In general the higher the bandwidth of a connection the lower the metric of the link. The original EIGRP spec did not scale for multi-gigabit links. Wide Metrics allow support of multi-gigabit links\nLoad Balancing # EIGRP allows multiple Successor Routes(with the same metric) to be added to the routing table. This will allow for equal cost load balancing by default.\nFailure Detection and Timers # EIGRP has a normal timer and slow speed link timer. 5 seconds for normal links and 60 for slow links for hello packets to be sent. The hold timer is 15 seconds for normal links and 180 seconds for slow links. If the hold timer reaches 0 a topology changes occurs. When a failure is detected a feasible successor will become the successor instantly.\nRoute Summarization # Scalability of an EIGRP AS depends on summarization as the size of an AS grows convergence may take longer. 192.168.0.1/24 and 192.168.1.1/24 exist on R1 and advertise to R2, R2 could tell R3 of the networks by advertising 192.168.0.0/16\n","date":"May 4 2020","externalUrl":null,"permalink":"/posts/2020/05/ccnp-enterprise-part-7.html","section":"Posts","summary":"","title":"Path to the CCNP Enterprise","type":"posts"},{"content":" IP routing # the point of a router is to move packets from one IP network to another and learn about nonattached networks. this can be done via static routes or dynamic routes.\nCommon dynamic protocols are as follows •\tOSPF •\tEIGRP •\tBGP •\tIS-IS •\tRIPv2\nThe protocols listed above(except for BGP) they are meant for interior Gateway Protocols(IGP) BGP is an exterior Gateway Protocol(EGP)\nDistance Vector Algorithms # Protocols such as RIP advertise routes as vectors and distance is a metric or cost (e.g hop count) the vector would be the next hop router IP. Interface speed is not taken into account.\nEnhanced Distance Vector Algorithms # EIGRP has enhancements over distance vector protocols •\tHas rapid convergence •\tSends updates only when there is a change in the network •\tIt uses hellos and forms neighbor relationships similar to that of link state protocols •\tUses bandwidth, delay, reliability, load, and MTU instead of hop count •\tCan load balance across equal and unequal paths\nLink-State Algorithms # Link-state protocols advertise the state and metrics for each of its connected links and routers(e.g. OSPF and IS-IS). link state information is flooded through the network unchanged just as the originating router advertised it. This allows router to have an identical and in-sync map of the network that each router can run Dijkstra shortest path first against.\nPath Vector Algorithm # Protocols such as BGP. Instead of looking at distance they look at the best loop-free path. Path properties include autonomous System Number, multi-exit discriminator, origin, next hope, local preference. A path vector protocol can guarantee a loop-free path by keeping track of each autonomous system that the routing advertisement traverses\nPath Selection # A router will use the forward information base(FIB) to evaluate the prefix length when determining what path should be used. The FIB is programmed from the routing in$ • Prefix length; E.g. 192.168.0.1/25 and 192.168.0.128/25 are to separate networks with separate paths and would be more preferred of a 192.168.0.1/24 route • Administrative distance; Route Source Default Distance Values Connected interface 0 Static route 1 Enhanced Interior Gateway Routing Protocol (EIGRP) summary route 5 External Border Gateway Protocol (BGP) 20 Internal EIGRP 90 IGRP 100 OSPF 110 Intermediate System-to-Intermediate System (IS-IS) 115 Routing Information Protocol (RIP) 120 Exterior Gateway Protocol (EGP) 140 On Demand Routing (ODR) 160 External EIGRP 170 Internal BGP 200 Unknown* 255 • Metrics; in the case of multiple paths to a destination metrics are used to determine which path is best. Metrics are also used with equal cost multipathing / unequal cost load balancing. The 3072 value below is the metric\nswitch#sh ip route eigrp D EX 10.10.0.0/16 [170/3072] via 172.16.10.2, 4w4d, Vlan172 D 10.10.2.0/24 [90/3072] via 172.16.10.2, 4w4d, Vlan172 Static Routes # Static routes provide precise control over a network but can create a burden as these are managed on a device by device basis. Static routes come in 3 types •\tDirectly Attached [ip route 192.168.0.0 255.255.255.0 serial1/0] •\tRecursive [this is dependent on the router knowing how to find the next hop router(not directly connected)] •\tFully Specified [192.168.0.0 255.255.255.0 192.168.1.1]\nFloating static route example. This sets a metric so that the higher metric route will be used only if the lower metric route is removed from the RIB.\nIp route 192.168.0.0 255.255.255.0 172.16.0.1 1 Ip route 192.168.0.0 255.255.255.0 172.16.1.1 210 Null routes can be used to reduce CPU overhead on a router\n#IPv6 Routes # IPv6 static routes work in the same way as IPv4 routes ipv6 routing does need to be enabled.\nipv6 unicast-routing Virtual Routing and Forwarding # Virtual Routing and Forwarding(VRF) create wholly separate routing tables, interfaces, and forwarding tables on one physical router. Networks can overlap.\nvrf definition MYVRF address-family ipv4 ! Int gi0/0 Ip add 192.168.0.1 255.255.255.0 ! Int gi1/0 Ip add 192.168.0.1 255.255.255.0 vrf forwarding MYVRF ! ","date":"May 2 2020","externalUrl":null,"permalink":"/posts/2020/05/ccnp-enterprise-part-6.html","section":"Posts","summary":"","title":"Path to the CCNP Enterprise","type":"posts"},{"content":"","date":"April 29 2020","externalUrl":null,"permalink":"/tags/etherchannel/","section":"Tags","summary":"","title":"EtherChannel","type":"tags"},{"content":" VLAN Trunks and EtherChannels # VLAN Trunking Protocol (VTP) allows for a server client approach at provisioning VLANs in a topology. There are 4 modes Server, Client, Transparent, and Off(with Off a switch will not forward VTP traffic)\nVTP mode 1 and 2 are limited to VLANs 1 – 1005 VTP mode 3 can use VLANs 1 – 4094\nThere can be multiple VTP servers in an environment. If using version 3 the primary VTP server must use the following command.\nvtp primary Sample configuration VTP Primary server config\nvtp primary ! conf t vtp version 3 vtp domain DOMAIN_NAME vtp mode server vtp password password Sample configuration VTP client config\nconf t vtp version 3 vtp domain DOMAIN_NAME vtp mode client vtp password password Dynamic Trunking Protocol (DTP) allows 2 ports to dynamically set switch ports to a trunk port. requires that the VTP domain matches between switches. The following table outlines possible states depending on port configuration.\nDTP Negotiated Interface Modes Dynamic Auto\tDynamic Desirable\tTrunk\tAccess Dynamic Auto\tAccess\tTrunk\tTrunk\tAccess Dynamic Desirable\tTrunk\tTrunk\tTrunk\tAccess Trunk\tTrunk\tTrunk\tTrunk\tLimited connectivity Access\tAccess\tAccess\tLimited connectivity\tAccess Configuration\nconf t int gi1/0/1 switchport mode dynamic auto conf t int gi1/0/1 switchport mode dynamic desirable To disable use the following negotiation of trunking\nconf t int gi1/0/1 switchport nonegotiate Best practice is to configure both sides of a link the same to remove any question about the ports function.\nEtherChannels # 802.3AD or link aggregation specification. There are 2 common link aggregation protocols; Link Aggregation Control Protocol(LACP) and Por Aggregation Protocol(PAgP) LACP is an open standard and PAgP is a Cisco proprietary protocol. PAgP Mode; uses multicast MAC 0100:0CCCC:CCCC Auto: the interface does not initiate the etherchannel Desirable: the interface does try initiate the etherchannel\nLACP Mode; uses multicast MAC 0180:C200:0002 Passive: the interface does not initiate the etherchannel Active: the interface does try initiate the etherchannel\nStatic Mode Static mode is configured with the use of the “mode on” keyword.\nThe following command shows detailed information about the port-channel\nShow etherchannel port For information useful to LCAP\nShow lacp neighbor For information useful to PAgP\nShow pagp neighbor LACP Tuning # LACP fast: is an amendment to the LACP standard to send LACP packets every second instead of every 30 seconds. This way a link can be removed with in 3 seconds instead of 90 seconds. All ports must be configured the same. Example config below\nConf t Int ran gi1/0/1 – 2 lcap rate fast You can configure a minimum numbers of links needed to consider the port channel up\nConf t Int port-channel 1 Port-channel min-links 2 You can also set the max number of links allowed in a port channel\nConf t Int port-channel 1 lacp max-bundle 1 LACP system priority identifies which switch is the master for a port channel. This can be defined as follows\nConf t Lacp system-priority 1 Show lacp sys-id #to verify change Load Balancing # Traffic is not forwarded via a round robin per packet basis. Packets are consistently sent down the same link based on a hash that is calculated. This can be configured via the following commands\nPort-channel load-balance {dst-ip | dst-mac | src-dst-ip | src-dst-mac | src-ip | src-mac} ! Show etherchannel load-balance ","date":"April 29 2020","externalUrl":null,"permalink":"/posts/2020/04/ccnp-enterprise-part-5.html","section":"Posts","summary":"","title":"Path to the CCNP Enterprise","type":"posts"},{"content":"","date":"April 29 2020","externalUrl":null,"permalink":"/tags/vlan/","section":"Tags","summary":"","title":"VLAN","type":"tags"},{"content":" Multiple Spanning Tree # The original 802.1D only supports 1 instance of STP for the whole of the network. All VLANs had the same topology. This means that all VLANs would have to follow the same path through the network(no load balancing). PVST allowed for a per VLAN spanning tree topology.\nMSTI: multiple spanning tree instance IST: internal spanning tree\nCisco supports up to 16 instances of MST. Configuration is as follows\nConf t Spanning-tree mode mst Spanning-tree mst 0 root primary Spanning-tree mst 1 root primary Spanning-tree mst 2 root primary Spanning-tree mst configuration Name Ent_Core Revision 2 Instance 1 vlan 10, 20 Instance 2 vlan 99 This config would create 3 instances, instance 2 holding VLAN 99, instance 1 holding VLANs 10 and 20, and instance 0 holding the remainder of VLANs\nCommon misconfiguration issues are VLAN assignment to a IST and trunk pruning\nMST region boundary is any port that connects to another MST region, 802.1D or 802.1W BPDU. MST switches can detect PVST+ at a region boundary\nMST as the root bridge that all region boundaries flood the same IST instance to all VLANs in the PVST topology. This allows the PVST switch to detect the alternate link and block the port on its end.\nMST is not the root bridge. There is no option to load balance traffic as all IST’s must remain consistent.\n","date":"April 28 2020","externalUrl":null,"permalink":"/posts/2020/04/ccnp-enterprise-part-4.md.html","section":"Posts","summary":"","title":"Path to the CCNP Enterprise","type":"posts"},{"content":"","date":"April 28 2020","externalUrl":null,"permalink":"/tags/spanning-tree/","section":"Tags","summary":"","title":"Spanning-Tree","type":"tags"},{"content":" Spanning Tree Tuning # Ideally the root bridge should be the core switch. but the root bridge placement shoult try to minimize the number of hops to the furthest switch. A secondary bridge should be specified to limit the number of overall changes. This secondary would the next down stream device.\nCommands to set priority\nspanning-tree vlan 1-4095 root primary diameter 7 The diameter key word makes it possible to tune the STP convergence and set the max number of hops in a layer 2 domain. This command would only need to be set on the root bridge. This command will also set the priority to 24576, secondary would be 28672\nPrimary\nspanning-tree vlan 1-4094 priority 0 Secondary\nspanning-tree vlan 1-4094 priority 4096 To set the port priority use the following command. This command can be used to help a switch prefer a link when multiple links exist between 2 switches\nConf t Int gi1/0/1 Spanning-tree port-priority 64 Mac flapping should be looked into as this can indicate there is a loop\nRoot Guard: is a feature that prevents a configured port from becoming a root port. this should be configured on downstream devices. If a superior BPDU is received the port is put into a err-disabled state.\nConf t Int gi1/0/1 Spanning-tree guard root Port Fast: generation of a TCN doesn’t make sense if a host only has one connection to the network. Enabling port-fast will disable TCN’s\nConf t Int gi1/0/1 Spanning-tree port-fast BPDU Guard: will shut down a port with port fast configured if a BPDU is received\nConf t Int gi1/0/1 Spanning-tree bpduguard enable BPDU Filter: will block BPDU from being sent out a port, most network designs should not require the use of this command.\nConf t Int gi1/0/1 Spanning-tree bpdufilter enable Loop Guard: this will prevent any alternate or root port from becoming a designated port. this should not be configured with ports running portfast\nConf t Int gi1/0/1 Spanning-tree guard loop Unidirectional Link Direction: looks for bi-directional monitoring of a fiber optic cable. There are 2 modes. Normal; if a frame is not acknowledged the link is undetermined and the port will remain up. Aggressive if a frame is not acknowledged the switch will send another 8 packets in a 1-second duration. If there is no acknowledgment the port is error disabled. Udld must be on both the local and remote switch.\nConf t udld enable [mode] ","date":"April 28 2020","externalUrl":null,"permalink":"/posts/2020/04/ccnp-enterprise-part-3.html","section":"Posts","summary":"","title":"Path to the CCNP Enterprise","type":"posts"},{"content":" Spanning-Tree # 802.1D or STP is used to help provide a loop-free network. Possible states:\n•Disabled: port is admin down\n•Blocking: port is enabled but not forwarding traffic\n•Listening: the switch has moved from a blocking state and can send and receive BPDU’s\n•Learning: the port can now modify the MAC address table with traffic it receives\n•Forwarding: the port can forward all network traffic\n•Broken: a configuration or operational problem with the port\nspanning-tree path cost comes into modes short and long short-mode allows up to unique path costs up to 20Gbps and long-mode unique path costs up to 10Tbps\nSpanning tree pathcost method long This command must be configured on every device in the layer 2 topology\nRoot election by default will use the lowest MAC in the environment.\n•This can be overridden by setting the priority of the root bridge. •If a switch receives an inferior BPDU it will disregard it •If a switch receives a BPDU that is preferred it will update its BPDU to include the new root bridge\nThe following command allow you to see information to verify the root bridge\nSwitch#sh spanning-tree root Root Hello Max Fwd Vlan Root ID Cost Time Age Dly Root Port ---------------- -------------------- --------- ----- --- --- ------------ VLAN0001 1 001d.7034.8100 4 2 20 15 Gi0/1 VLAN0002 2 001d.7034.8100 4 2 20 15 Gi0/1 VLAN0003 32771 aca0.1649.5d80 0 2 20 15 The following process is used to determine which ports should be blocked between 2 non-root bridges\nThe interface is a designated port The switch with the lowest path cost to the root will win The system priority of the local switch compared to the priority of the remote switch traffic is blocked if the remote switch is lower The system MAC of the local switch is compared to the remote switch. Traffic is blocked if the remote switch is lower command to help track topology changes\nSwitch#show spanning-tree detail | i ieee|from|occur|exec VLAN0001 is executing the rstp compatible Spanning Tree protocol Number of topology changes 6 last change occurred 2w4d ago from GigabitEthernet1/0/4 VLAN0002 is executing the rstp compatible Spanning Tree protocol Number of topology changes 3 last change occurred 3w5d ago from GigabitEthernet1/0/24 802.1W RSTP Rapid Spanning Tree Possible states:\n•Discarding: port is enabled but not forwarding any traffic.\n•Learning: the port can now modify the MAC address table with traffic it receives\n•Forwarding: the port can forward all network traffic\nPort types: Edge port: a port where a host connects and cannot form a loop. Directly correlates to spanning-tree port fast being enabled. Root port: port with the best path cost to the root bridge Point to point: any port that connects to another RSTP switch with full duplex\n","date":"April 28 2020","externalUrl":null,"permalink":"/posts/2020/04/ccnp-enterprise-part-2.html","section":"Posts","summary":"","title":"Path to the CCNP Enterprise","type":"posts"},{"content":" Getting started with DNAC # Define your sites Define your network settings ⋅⋅⋅* IP Pools ⋅⋅⋅* DNS, DHCP, and credentials Import your devices ","date":"April 27 2020","externalUrl":null,"permalink":"/posts/2020/04/cisco-dnac-getting-started.html","section":"Posts","summary":"","title":"Getting Started with DNAC","type":"posts"},{"content":" Packet Forwarding # CEF: Cisco Proprietary, used in general CPU platforms and ASIC’s with NPU’s\nTCAM: Ternary Content Addressable Memory allows for upper layer processing Layer2/3 source/destination addresses, Protocol, QoS Markings, Etc. it can provide a true, false, or do not care result (ternary)\nCentralized forwarding is when a route process engine is equipped with a forwarding engine.\nDistributed forwarding the local forwarding engine will send information about he pack to the forwarding engine the route process engine / switch fabric maybe invoked if the egress port is on another switch / line card\nSoftware CEF holds the forwarding information base (FIB) and Adjacency Table / a Information Base(AIB). The FIB is a copy of the routing table and the Adjacency table keeps next-hop information. Packets will be rate-limited if processed by the CPU and have an incomplete adjacency table TTL is a loop-prevention mechanism\nWhen using SDM template every switch must use the same template which for the Cat 9k there are 2 commands\nConf t Sdm prefer (vlan|advance) ","date":"April 27 2020","externalUrl":null,"permalink":"/posts/2020/04/ccnp-enterprise-part-1.html","section":"Posts","summary":"","title":"Path to the CCNP Enterprise","type":"posts"},{"content":" how to remove drivers from VMware # ~ # esxcli software vib list | grep Emulex elxnet 10.0.783.13-1OEM.550.0.0.1331820 Emulex VMwareCertified 2015-02-27 ima-be2iscsi 10.0.727.4401-1OEM.550.0.0.1331820 Emulex VMwareCertified 2015-02-27 lpfc 10.0.727.44-1OEM.550.0.0.1331820 Emulex VMwareCertified 2015-02-27 scsi-be2iscsi 10.0.727.4401-1OEM.550.0.0.1331820 Emulex VMwareCertified 2015-02-27 scsi-lpfc820 10.0.727.24-1OEM.500.0.0.472560 Emulex VMwareCertified 2015-02-27 ~ # ~ # ~ # esxcli software vib list | grep QLogic ima-qla4xxx 500.2.01.31-1vmw.0.3.100400 QLogic VMwareCertified 2015-02-27 net-qlcnic 5.5.164-1OEM.550.0.0.1198611 QLogic VMwareCertified 2015-02-27 qlnativefc 1.1.7.0-1OEM.550.0.0.1198610 QLogic VMwareCertified 2015-02-27 scsi-qla2xxx 934.5.29.0-1OEM.500.0.0.472560 QLogic VMwareCertified 2015-02-27 scsi-qla4xxx 634.55.20.0-1OEM.550.0.0.1198610 QLogic VMwareCertified 2015-02-27 ~ # ~ # ~ # esxcli software vib remove -n scsi-lpfc820 Removal Result Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective. Reboot Required: true VIBs Installed: VIBs Removed: Emulex_bootbank_scsi-lpfc820_10.0.727.24-1OEM.500.0.0.472560 VIBs Skipped: ~ # esxcli software vib remove -n scsi-qla2xxx Removal Result Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective. Reboot Required: true VIBs Installed: VIBs Removed: QLogic_bootbank_scsi-qla2xxx_934.5.29.0-1OEM.500.0.0.472560 VIBs Skipped: ~ # ","date":"March 7 2020","externalUrl":null,"permalink":"/posts/2020/03/removing-vmware-drivers.html","section":"Posts","summary":"","title":"How To Remove Drivers From VMware","type":"posts"},{"content":" Upgrading a Cisco 9300 # the following code snippet is the process for upgrading the Catalyst 9300\ncopy tftp://192.168.0.1/cat9k_iosxe.16.09.04.SPA.bin flash: verify /md5 flash:cat9k_iosxe.16.09.04.SPA.bin request platform software package install switch all file flash:cat9k_iosxe.16.09.04.SPA.bin auto-copy reload request platform software package clean ","date":"January 28 2020","externalUrl":null,"permalink":"/posts/2020/01/cisco-9300-upgrade.html","section":"Posts","summary":"","title":"Upgrading the Cisco 9300 Switch","type":"posts"},{"content":" Activation \u0026amp; Verification # after applying the license and making sure is is active.\nROUTER1#show license | beg boos Index 11 Feature: booster_performance Period left: Life time License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium you will need to apply the following command then reload the router.\nconf t platform hardware throughput level boost ","date":"October 4 2019","externalUrl":null,"permalink":"/posts/2019/10/cisco-ios-boostlicense.html","section":"Posts","summary":"","title":"Activation of the IOS Boost License","type":"posts"},{"content":"","date":"October 4 2019","externalUrl":null,"permalink":"/tags/licensing/","section":"Tags","summary":"","title":"Licensing","type":"tags"},{"content":"","date":"September 12 2019","externalUrl":null,"permalink":"/tags/bash/","section":"Tags","summary":"","title":"Bash","type":"tags"},{"content":" Open a TCP/UDP connection without telnet # Bash can access TCP and UDP port\n/dev/tcp/host/port If host is a valid hostname or Internet address, and port is an integer port number or service name, bash attempts to open a TCP connection to the corresponding socket. /dev/udp/host/port If host is a valid hostname or Internet address, and port is an integer port number or service name, bash attempts to open a UDP connection to the corresponding socket.\ncat \u0026lt; /dev/tcp/127.0.0.1/22 SSH-2.0-OpenSSH_6.2p2 Debian-6 ^C pressed here ","date":"September 12 2019","externalUrl":null,"permalink":"/posts/2019/09/linux-telnet-test-without-telnet.html","section":"Posts","summary":"","title":"Open a TCP/UDP connection without telnet","type":"posts"},{"content":" Cisco Upgrade Issues # if you are running into the \u0026lsquo;Upgrades are prohibited during License Grace Period\u0026rsquo; error you can use a live CD and delete the following file.\n/usr/local/platform/conf/licexpiry.txt since there are 2 partitions you may have to look in both sda1 and sda2 depending on which is the active partition.\n","date":"July 23 2019","externalUrl":null,"permalink":"/posts/2019/07/cisco-cucm-upgrades-issues.html","section":"Posts","summary":"","title":"CUCM Upgrade Issues","type":"posts"},{"content":" Random Notes # Error Code: -206 Error Description: The specified table (owneruserid) is not in the database. This error occurs if your template device has a Subscribe CSS configured, the Cisco AC troubleshooting guide says \u0026ldquo;To prevent this error, edit the Phone Template Configuration to include an Owner User ID under the Device Information. We recommend that you use the Application User ID allocated for Cisco Unified Attendant Console Advanced for the Owner User ID\u0026rdquo;. However this is incorrect as it isn\u0026rsquo;t possible to assign an Application User as the owner of a phone, therefore the solution is either to have no Subscribe CSS configured or assign an End User (not Anonymous).\n","date":"July 23 2019","externalUrl":null,"permalink":"/posts/2019/07/cisco-cuac-notes.html","section":"Posts","summary":"","title":"Cisco CUAC Notes","type":"posts"},{"content":"","date":"July 23 2019","externalUrl":null,"permalink":"/tags/cuac/","section":"Tags","summary":"","title":"CUAC","type":"tags"},{"content":"","date":"July 11 2019","externalUrl":null,"permalink":"/tags/docker/","section":"Tags","summary":"","title":"Docker","type":"tags"},{"content":" Docker Commands # # Images docker build -t friendlyname . # Create image using this directory\u0026#39;s Dockerfile docker image ls -a # List all images on this machine docker image rm \u0026lt;image id\u0026gt; # Remove specified image from this machine docker image rm $(docker image ls -a -q) # Remove all images from this machine docker image prune # remove dangling images docker tag \u0026lt;image\u0026gt; username/repository:tag # Tag \u0026lt;image\u0026gt; for upload to registry docker push username/repository:tag # Upload tagged image to registry docker run username/repository:tag # Run image from a registry docker run --restart=always #added a restart policy so the container will auto start on system reboot docker logs -f \u0026lt;name\u0026gt; #capture logs from the docker # Containers docker run -p 4000:80 friendlyname # Run \u0026#34;friendlyname\u0026#34; mapping port 4000 to 80 docker run -d -p 4000:80 friendlyname # Same thing, but in detached mode docker run --net=host #container will bond to the host network docker container ls # List all running containers docker container ls -a # List all containers, even those not running docker container stop \u0026lt;hash\u0026gt; # Gracefully stop the specified container docker container kill \u0026lt;hash\u0026gt; # Force shutdown of the specified container docker container rm \u0026lt;hash\u0026gt; # Remove specified container from this machine docker container rm $(docker container ls -a -q) # Remove all containers docker login # Log in this CLI session using your Docker credentials # Services docker stack ls # List stacks or apps docker stack deploy -c \u0026lt;composefile\u0026gt; \u0026lt;appname\u0026gt; # Run the specified Compose file docker service ls # List running services associated with an app docker service ps \u0026lt;service\u0026gt; # List tasks associated with an app docker inspect \u0026lt;task or container\u0026gt; # Inspect task or container docker container ls -q # List container IDs docker stack rm \u0026lt;appname\u0026gt; # Tear down an application docker swarm init docker swarm leave --force # Take down a single node swarm from the manager # Swarm docker-machine create --driver virtualbox myvm1 # Create a VM (Mac, Win7, Linux) docker-machine create -d hyperv --hyperv-virtual-switch \u0026#34;myswitch\u0026#34; myvm1 # Win10 docker-machine env myvm1 # View basic information about your node docker-machine ssh myvm1 \u0026#34;docker swarm init --advertise-addr \u0026lt;myvm1 ip\u0026gt;\u0026#34; docker-machine installssh myvm1 \u0026#34;docker node ls\u0026#34; # List the nodes in your swarm docker-machine ssh myvm1 \u0026#34;docker node inspect \u0026lt;node ID\u0026gt;\u0026#34; # Inspect a node docker-machine ssh myvm1 \u0026#34;docker swarm join-token -q worker\u0026#34; # View worker join token docker-machine ssh myvm1 \u0026#34;docker swarm join-token -q manager\u0026#34; # View manager join token docker-machine ssh myvm1 # Open an SSH session with the VM; type \u0026#34;exit\u0026#34; to end docker node ls # View nodes in swarm (while logged on to manager) docker-machine ssh myvm2 \u0026#34;docker swarm join --token \u0026lt;token\u0026gt; \u0026lt;manager IP\u0026gt;:2377\u0026#34; # Join the swarm as a worker/manager depending on the token value docker-machine ssh myvm2 \u0026#34;docker swarm leave\u0026#34; # Make the worker leave the swarm docker-machine ssh myvm1 \u0026#34;docker swarm leave -f\u0026#34; # Make master leave, kill swarm docker-machine ls # list VMs, asterisk shows which VM this shell is talking to docker-machine stop myvm1 # Stop a VM that is currently running docker-machine start myvm1 # Start a VM that is currently not running docker-machine restart myvm1 # Restart a VM that is currently running docker-machine env myvm1 # show environment variables and command for myvm1 eval $(docker-machine env myvm1) # Mac command to connect shell to myvm1 eval $(docker-machine env -u) # Disconnect shell from VMs, use native docker \u0026amp; \u0026#34;C:\\Program Files\\Docker\\Docker\\Resources\\bin\\docker-machine.exe\u0026#34; env myvm1 | Invoke-Expression # Windows command to connect shell to myvm1 docker stack deploy -c \u0026lt;file\u0026gt; \u0026lt;app\u0026gt; # Deploy an app; command shell must be set to talk to manager (myvm1), uses local Compose file docker-machine scp docker-compose.yml myvm1:~ # Copy file to node\u0026#39;s home dir (only required if you use ssh to connect to manager and deploy the app) docker-machine ssh myvm1 \u0026#34;docker stack deploy -c \u0026lt;file\u0026gt; \u0026lt;app\u0026gt;\u0026#34; # Deploy an app using ssh (you must have first copied the Compose file to myvm1) docker-machine stop $(docker-machine ls -q) # Stop all running VMs docker-machine rm $(docker-machine ls -q) # Delete all VMs and their disk images # Network docker network ls docker network inspect \u0026lt;network_id\u0026gt; #Other clean up options sudo docker rm -vf $(sudo docker ps -aq) sudo docker rmi -f $(sudo docker images -aq) ","date":"July 11 2019","externalUrl":null,"permalink":"/posts/2019/07/docker-cheat-sheet.html","section":"Posts","summary":"","title":"Docker Commands","type":"posts"},{"content":"","date":"May 26 2019","externalUrl":null,"permalink":"/tags/git/","section":"Tags","summary":"","title":"GIT","type":"tags"},{"content":" Using GIT # GIT works in the following life cycle unmodified -\u0026gt; modified -\u0026gt; staged -\u0026gt; repeat the following is an example of pulling a repo making changes then pushing the changes Global Setup\ngit config --global user.name \u0026#34;Curtis\u0026#34; git config --global user.email \u0026#34;email@yahoo.com\u0026#34; git config --list get the status of the git\ngit status On branch master Your branch is up to date with \u0026#39;origin/master\u0026#39;. nothing to commit, working tree clean example create and push\ngit init Initialized empty Git repository in /Kodi-NPR-One/.git/ git remote add origin https://github.com/mcurtis789/Kodi-NPR-One.git git pull origin master remote: Enumerating objects: 13, done. remote: Counting objects: 100% (13/13), done. remote: Compressing objects: 100% (10/10), done. remote: Total 13 (delta 0), reused 13 (delta 0), pack-reused 0 Unpacking objects: 100% (13/13), done. From https://github.com/mcurtis789/Kodi-NPR-One * branch master -\u0026gt; FETCH_HEAD * [new branch] master -\u0026gt; origin/master git push -u origin master Everything up-to-date Branch \u0026#39;master\u0026#39; set up to track remote branch \u0026#39;master\u0026#39; from \u0026#39;origin\u0026#39;. Make Changes\nadd all files\ngit add . warning: LF will be replaced by CRLF in default.py. The file will have its original line endings in your working directory. or add a single file\ngit add default.py git add npr.py warning: LF will be replaced by CRLF in default.py. The file will have its original line endings in your working directory. git commit [master a96d41f] lastmod: default.py lastmod: npr.py 2 files changed, 51 insertions(+), 39 deletions(-) git push origin manpr.pyster Counting objects: 4, done. Delta compression using up to 4 threads. Compressing objects: 100% (4/4), done. Writing objects: 100% (4/4), 1.04 KiB | 1.04 MiB/s, done. Total 4 (delta 3), reused 0 (delta 0) remote: Resolving deltas: 100% (3/3), completed with 3 local objects. To https://github.com/mcurtis789/Kodi-NPR-One.git 7076050..a96d41f master -\u0026gt; master ","date":"May 26 2019","externalUrl":null,"permalink":"/posts/2019/05/using-git.html","section":"Posts","summary":"","title":"Using GIT","type":"posts"},{"content":" NAT example for the Cisco IOS # PAT\ninterface FastEthernet0/0 ip address 20.20.20.1 255.255.255.0 ip nat outside ! interface FastEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside ! access-list 1 permit 192.168.1.0 0.0.0.255 ip nat inside source list 1 interface FastEthernet0/0 overload Static PAT\ninterface FastEthernet0/0 ip address 20.20.20.1 255.255.255.0 ip nat outside ! interface FastEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside ! ip nat inside source static tcp 192.168.1.10 80 20.20.20.1 80 ","date":"May 24 2019","externalUrl":null,"permalink":"/posts/2019/05/cisco-ios-nat-example.html","section":"Posts","summary":"","title":"Cisco IOS NAT Examples","type":"posts"},{"content":" Troubleshooting Cisco VPN\u0026rsquo;s on the IOS # ran into an issue where the VPN tunnel was reporting up but traffic failed to flow. the following commands can allow you to check for an invalid SPI key\n- show platform hardware qfp active statistics drop ------------------------------------------------------------------------- Global Drop Stats Packets Octets ------------------------------------------------------------------------- AttnInvalidSpid 469 1876 - show platform hardware qfp active feature ipsec datapath drops ------------------------------------------------------------------------ Drop Type Name Packets ------------------------------------------------------------------------ 58 UNEXP_CRYPTO_DEVICE_DROP_TYPE 489 ","date":"May 24 2019","externalUrl":null,"permalink":"/posts/2019/05/cisco-vpn-troubleshooting.html","section":"Posts","summary":"","title":"Cisco VPN Troubleshooting","type":"posts"},{"content":"","date":"May 24 2019","externalUrl":null,"permalink":"/tags/vpn/","section":"Tags","summary":"","title":"VPN","type":"tags"},{"content":"If you are running into issues with resolving hostnames from a Linux machine you might need to adjust your nsswitch.conf file.\nthe hosts section may need the DNS keyword added or moved. example below\n# /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference\u0026#39; and `info\u0026#39; packages installed, try: # `info libc \u0026#34;Name Service Switch\u0026#34;\u0026#39; for information about this file. passwd: compat winbind group: compat winbind shadow: compat gshadow: files hosts: files mdns4_minimal dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ","date":"May 23 2019","externalUrl":null,"permalink":"/posts/2019/05/linux-dns-lookup.html","section":"Posts","summary":"","title":"Linux Not Resloving Hostnames","type":"posts"},{"content":" Fixing Mythtv ASX streaming with transcoding to MKV # update the following file\nsudo nano /usr/share/mythtv/mythweb/modules/stream/stream_raw.pl then add the following to the hashtag File type section\nelsif ($basename =~ /\\.mkv$/) { $type = \u0026#39;video/x-matroska\u0026#39;; $suffix = \u0026#39;.mkv\u0026#39;; } ","date":"May 14 2019","externalUrl":null,"permalink":"/posts/2019/05/update-mythtv-to-stream-mkv.html","section":"Posts","summary":"","title":"Fixing Mythtv ASX streaming with transcoding to MKV","type":"posts"},{"content":" Basic AAA config for the Cisco ASA # The following will allow for full access with a correctly configured NPS server\naaa-server NPS_RADIUS_SERVERS protocol radius aaa-server NPS_RADIUS_SERVERS (inside) host 1.1.1.1 key ***** ! aaa authentication ssh console NPS_RADIUS_SERVERS LOCAL aaa authentication enable console NPS_RADIUS_SERVERS LOCAL aaa authentication http console NPS_RADIUS_SERVERS LOCAL aaa authorization exec authentication-server auto-enable aaa authentication login-history ! ","date":"April 8 2019","externalUrl":null,"permalink":"/posts/2019/04/cisco-aaa-for-asa.html","section":"Posts","summary":"","title":"Basic AAA config for a cisco ASA","type":"posts"},{"content":"","date":"April 6 2019","externalUrl":null,"permalink":"/categories/3dprinting/","section":"Categories","summary":"","title":"3dPrinting","type":"categories"},{"content":"","date":"April 6 2019","externalUrl":null,"permalink":"/tags/3dprinting/","section":"Tags","summary":"","title":"3dPrinting","type":"tags"},{"content":"","date":"April 6 2019","externalUrl":null,"permalink":"/vendors/prusa/","section":"Vendors","summary":"","title":"Prusa","type":"vendors"},{"content":" Purge Volumes # below are suggested volumes for your purge setting for different materials\nColor Unloaded Loaded Black 100 60 White 70 100 Yellow 80 80 Silver 70 70 High Gloss Filaments 90 70 PVA/BVOH 120 100 ","date":"April 6 2019","externalUrl":null,"permalink":"/posts/2019/04/3dprinting-purge-volumes.html","section":"Posts","summary":"","title":"Suggested Purge Volumes for MMU Printing","type":"posts"},{"content":" locating the UUId of a disk on Linux # the following command will return the UUID of a disk which can be used for ensuring that the correct disk is used for bootup.\nosmc@osmc:~$ sudo blkid /dev/sda /dev/sda: UUID=\u0026#34;fcfdb740-7a55-4327-b78e-797691e1c4d6\u0026#34; TYPE=\u0026#34;ext4\u0026#34; in the device example we are using a raspberry-pi.\nosmc@osmc:~$ cat /boot/cmdline.txt root=UUID=002abe1f-7fc0-4bc6-b654-fec3fcb2496e rootfstype=ext4 rootwait quiet osmcdev=rbp2 ","date":"April 6 2019","externalUrl":null,"permalink":"/posts/2019/04/linux-find-uuid-of-disk.html","section":"Posts","summary":"","title":"Find the UUID of a disk on Linux","type":"posts"},{"content":" A simple Radius Config # the following script uses a NPS server as the Radius server. after logging in you will have full access to the device. it will fall back to the local user account if the NPS server is not on-line.\naaa new-model ! aaa group server radius NPS_RADIUS_SERVERS server-private 1.1.1.1 auth-port 1812 acct-port 1813 key cisco ! aaa authentication login default group NPS_RADIUS_SERVERS local aaa authorization console aaa authorization exec default group NPS_RADIUS_SERVERS local if-authenticated ! aaa session-id common ","date":"April 6 2019","externalUrl":null,"permalink":"/posts/2019/04/cisco-simple-radius-config.html","section":"Posts","summary":"","title":"Simple AAA Radius Config for Cisco","type":"posts"},{"content":"#Quick start for FMC and ASA with firepower module\naccess-list sfr_redirect extended permit ip any any class-map sfr match access-list sfr_redirect Specify the deployment mode. You can configure your device in either a passive (monitor-only) or inline (normal) deployment mode.\nNote: You cannot configure both a passive mode and inline mode at the same time on the ASA. Only one type of security policy is allowed.\nIn an inline deployment, after the undesired traffic is dropped and any other actions that are applied by policy are performed, the traffic is returned to the ASA for further processing and ultimate transmission. This example shows how to create a policy-map and configure the ASA SFR module in the inline mode:\npolicy-map global_policy class sfr sfr fail-open In a passive deployment, a copy of the traffic is sent to the SFR service module, but it is not returned to the ASA. Passive mode allows you to view the actions that the SFR module would have completed in regards to the traffic. It also allows you to evaluate the content of the traffic, without an impact to the network.\nIf you want to configure the SFR module in passive mode, use the monitor-only keyword (as shown in the next example). If you do not include the keyword, the traffic is sent in inline mode.\npolicy-map global_policy class sfr sfr fail-open monitor-only to Register a Firepower module # session sfr login in with your username and password then run the following\nconfigure manager add \u0026lt;IP ADDRESS\u0026gt; \u0026lt;reg_key\u0026gt; ","date":"April 2 2019","externalUrl":null,"permalink":"/posts/2019/04/cisco-fmc-notes.html","section":"Posts","summary":"","title":"Cisco FMC Notes","type":"posts"},{"content":"","date":"April 2 2019","externalUrl":null,"permalink":"/tags/firepower/","section":"Tags","summary":"","title":"FirePOWER","type":"tags"},{"content":"","date":"April 2 2019","externalUrl":null,"permalink":"/tags/fmc/","section":"Tags","summary":"","title":"FMC","type":"tags"},{"content":" Using the cisco IOS to black list domain names # this configuration can be used to to black list domains by redirecting the request to an inactive IP\nip dns view BLOCK logging dns forwarder 10.0.0.254 ip dns view COMPANY domain list company.local dns forwarder 10.10.8.4 dns forwarding source-interface FastEthernet0/1 ip dns view default dns forwarder 8.8.8.8 dns forwarding source-interface FastEthernet0/1 ip dns view-list DNS view BLOCK 1 restrict name-group 2 view COMPANY 10 restrict name-group 1 view default 1000 ip dns name-list 1 permit .*.company.LOCAL ip dns name-list 1 permit \\.company\\.LOCAL ip dns name-list 1 permit 10\\.IN-ADDR ip dns name-list 1 permit company.LOCAL ip dns name-list 2 permit AMZDIGITAL-A.AKAMAIHD.NET ip dns name-list 2 permit AMZDIGITALDOWNLOADS.EDGESUITE.NET ip dns name-list 2 permit SOFTWAREUPDATES.AMAZON.COM ip dns name-list 2 permit UPDATES.AMAZON.COM ip dns server view-group DNS ip dns server ","date":"March 23 2019","externalUrl":null,"permalink":"/posts/2019/03/cisco-dns-blacklist.html","section":"Posts","summary":"","title":"Doing Cisco DNS Black Listing","type":"posts"},{"content":"","date":"January 7 2019","externalUrl":null,"permalink":"/tags/lua/","section":"Tags","summary":"","title":"LUA","type":"tags"},{"content":"the following LUA script can be used to over write a diversion header from CUCM.\nM={} function M.outbound_INVITE(msg) msg:applyNumberMask(\u0026#34;Diversion\u0026#34;, \u0026#34;4078222000\u0026#34;) end return M this same script can also be used for other SIP headers as well such as \u0026ldquo;P-Asserted-Identity\u0026rdquo;\n","date":"January 7 2019","externalUrl":null,"permalink":"/posts/2019/01/cisco-lua.html","section":"Posts","summary":"","title":"Modify Diversion Header with LUA","type":"posts"},{"content":"","date":"January 7 2019","externalUrl":null,"permalink":"/tags/voip/","section":"Tags","summary":"","title":"VoIP","type":"tags"},{"content":" Mid-Call Signalling # The purpose of Mid-call Re-INVITE Consumption is to ensure smooth interoperability of supplementary services like audio Hold/Resume and call transfer. This feature should be used as a last resort only when there is no other option in Cisco UBE. This is because configuring this feature can break video-related features. For Delay-offer Re-INVITE, the configured codec will be passed as an offer in 200 message to change the codec, the transcoder is added in the answer.\nCUBE can alter the contents of any header in any SIP or SDL header of any request or response (SDL or \u0026ldquo;Session Description Language\u0026rdquo; is where things like media, DTMF relay, etc are negotiated - you see a SDL sub-component of the above SIP INVITE message - which is known as a \u0026ldquo;SIP Early Offer\u0026rdquo;). So let\u0026rsquo;s tell CUBE to alter that Contact header of that particular INVITE message, but only out to AT\u0026amp;T. As a preface to our configuration example, it is worth noting that SIP Profiles allow for pattern matching and replacement in a similar (but not exact) method to that of Voice Translation Rules, and like them, are based (loosely) on the GNU SED stream editor. We will use this to match and replace a few possible dynamic values of the string. Like Voice Translation Rules, reference \u0026ldquo;sets\u0026rdquo; of matched information in the replacement string with \\1 which calls Set 1 from the matched pattern to the replacement pattern. Also like Voice Translation Rules, any part of the string (beginning or end) that we don\u0026rsquo;t match, passes through to the replacement pattern, unaltered\nSIP Profiles # Protocol translation and repair is a key Cisco Unified Border Element (CUBE) function. CUBE can be deployed between two devices that support the same VoIP protocol (SIP), but do not interwork because of differences in how the protocol is implemented or interpreted. CUBE can customize the SIP messaging on either side to what the devices in that segment of the network expect to see by normalizing the SIP messaging on the network border, or between two non-interoperable devices within the network.\nService providers may have policies for which SIP messaging fields should be present (or what constitutes valid values for the header fields) before a SIP call enters their network. Similarly, enterprises and small businesses may have policies for the information that can enter or exit their networks for policy or security reasons from a service provider SIP trunk.\nIn order to customize SIP messaging in both directions, you can place CUBE with a SIP normalization configuration at the boundary of these networks as shown in this image:\nSIP Early Offer # SIP negotiates media exchange by means of the Session Description Protocol (SDP), where one side offers a set of capabilities to which the other side answers, thus converging on a set of media characteristics. SIP allows the initial offer to be sent either by the caller in the initial INVITE message (Early Offer) or, if the caller chooses not to, the called party can send the initial offer in the first reliable response (Delayed Offer).\nBy default, Unified CM SIP trunks send the INVITE without an initial offer (Delayed Offer). In general SIP Delayed Offer is preferred for Unified CM SIP trunks because MTPs are not needed to establish a Delayed Offer call for voice, video, or encrypted media. If SIP Early Offer is desired, Unified CM has two configurable options to enable a SIP trunk to send the offer in the INVITE:\nEarly Offer Support for Voice and Video Calls (Insert MTP If Needed) Enabling Early Offer support for voice and video calls (insert MTP if needed) on the SIP Profile associated with the SIP trunk inserts an MTP only if the calling device cannot provide Unified CM with the media characteristics required to create the Early Offer. In general, Early Offer support for voice and video calls (insert MTP if needed) is recommended over Media Termination Point Required because this configuration option reduces MTP usage (see Figure 14-4). Calls from older SCCP-based phones registered to Unified CM over SIP Early Offer trunks configured with this option will use an MTP to create the Offer SDP, and these calls support voice, video, and encrypted media. Inbound calls to Unified CM from SIP Delayed Offer trunks or H.323 Slow Start trunks that are extended over an outbound SIP Early Offer trunk will use an MTP to create the Offer SDP; however, these calls support audio only in the initial call set up but can be escalated mid-call to support video and SRTP if the call media is renegotiated (for example, after hold/resume). For guidance on when to use Early Offer support for voice and video calls (insert MTP if needed)\nDTMF interworking # One of the features of Cisco Unified Border Element (SP Edition) is the ability to interwork between the various dual-tone multifrequency (DTMF) signaling types. DTMF interworking is used when the two endpoints do not use the same type for relaying DTMF tones.\nDTMF dialing consists of simultaneous voice-band tones generated when a button is pressed on a telephone. The challenge comes from a scenario where one side uses Real-time Transport Protocol (RTP) and the other uses Session Initiation Protocol (SIP) signaling to enable advanced telephony services. Examples of the types of services and platforms that are supported by DTMF interworking are various voice web browser services, Centrex switches or business service platforms, calling card services, and unified message servers. All of these applications require DTMF interworking for the user to communicate with the application outside of the media connection.\nBox-to-box failover and redundancy # The Cisco Unified Border Element (CUBE) provides high availability (HA) via box-to-box redundancy configurations when implemented on a Cisco Integrated Services Router Generation 2 router (ISR G2) platform. CUBE box-to-box redundancy leverages the long available router-based Hot Standby Routing Protocol (HSRP) router technology.\nHSRP technology provides high network availability by routing IP traffic from hosts on networks without relying on the availability of any single router. HSRP is used in a group of routers for selecting an Active router and a Standby router. HSRP monitors both the inside and outside interfaces - if any interface goes down, the whole device is considered down, the Standby device becomes active and takes over the responsibilities of the Active router.\n","date":"January 6 2019","externalUrl":null,"permalink":"/posts/2019/01/cisco-cube.html","section":"Posts","summary":"","title":"Cisco CUBE","type":"posts"},{"content":" Call Features # Call Park # The Call Park feature allows you to place a call on hold, so it can be retrieved from another phone in the Cisco Unified Communications Manager system (for example, a phone in another office or in a conference room). If you are on an active call at your phone, you can park the call to a call park extension by pressing the Park softkey or the Call Park button. Someone on another phone in your system can then dial the call park extension to retrieve the cal\nl. Call Routing -\u0026gt; Call Park Group -\u0026gt; Call Park Number Configuration Call Pickup and Group Call Pickup\nThe Call Pickup feature allows users to pick up incoming calls within their own group. Cisco Unified Communications Manager automatically dials the appropriate call pickup group number when the user activates this feature from a Cisco Unified IP Phone. Use the softkey, PickUp, for this type of call pickup.\nThe Other Group Pickup feature allows users to pick up incoming calls in a group that is associated with their own group. The Cisco Unified Communications Manager automatically searches for the incoming call in the associated groups to make the call connection when the user activates this feature from a Cisco Unified IP Phone. Use the softkey, OPickUp, for this type of call pickup.\nBLF Speed Dial # system -\u0026gt; Enterprise parameters -\u0026gt; BLF for Call List (Enable) BLF call list is just a plus of the configuration, the intention is when going into the Missed/Placed calls or Corporate Directory and see the status of the phones. Presence will show a small phone icon on the extension.\nWe can leave the default Presence Group. We can play around with this only if you want to configure Monitoring more in-depth.\notherwise system -\u0026gt; BLF Presence Groups\nDevice -\u0026gt; Phone -\u0026gt; Search for Subscribe Calling Search Space.\nset the BLF on the phone make sure you check call pick up for auto answer\nthen set your call pickup group under the DN\nNative Queuing # For releases prior to Cisco Unified Communications Manager 9.0, it was very common in a Unified CM deployment that a hunt pilot had more calls distributed through the call distribution feature than its hunt members could handle at any given time. Native Queuing feature holds the calls in a queue until they are answered. When a hunt member is available, the call is removed from the queue and offered to the hunt member.\nHunt Lists # The hunt list devices may be a combination of 1500 hunt lists with 10 IP phones in each hunt list, or a combination of 750 hunt lists with 20 IP phones in each hunt list.\nCisco recommends having a maximum of 35 directory numbers in a single line group configured to send the calls simultaneously to all DNs. Additionally, the number of broadcast line groups depends on the BHCC. If there are multiple broadcast line groups in a Unified CM system, the number of maximum directory numbers in a line group must be less than 35. The number of busy hour call attempts (BHCA) for all the broadcast line groups should not exceed 35 calls set up per second.\nPhone -\u0026gt; Line Group -\u0026gt; Hunt List -\u0026gt; Hunt Pilot\nLine group members are user extension numbers that are controlled by Unified CM. Thus, when the call is being distributed through the line group members, Unified CM is in control of the call.\nA hunt list is a prioritized list of eligible paths (line groups) for call coverage. Hunt lists have the following characteristics:\nHunt pilots are strings of digits and wildcards similar to route patterns, such as 9.[2-9]XXXXXX, configured in Unified CM to route calls to directory numbers. The hunt pilot points directly to a hunt list. Hunt lists point to line groups, which finally point to SCCP endpoints.\nMeet-Me # Meet-me conferences require that a range of directory numbers be allocated for exclusive use of the conference. When a meet-me conference is set up, the conference controller chooses a directory number and advertises it to members of the group.\nTo Start a Meet-ME\npress the Meet-Me softkey then dial a number in the Meet-Me range Meet-Me Video\nFor meet-me video conferencing, the conference initiator creates the conference prior to it by invoking the MeetMe function of the IP phone. The conference initiator then distributes the MeetMe number to the attendees so they can dial in. Unified CM 9.x supports SCCP and SIP MCU integrations for meet-me video conferencing. The MCU needs to be defined as a media resource in Unified CM for it to be available during the bridge selection process.\n","date":"January 6 2019","externalUrl":null,"permalink":"/posts/2019/01/cisco-ccie-call-features.html","section":"Posts","summary":"","title":"Cisco Calling Features","type":"posts"},{"content":" MMU v1 # Uses the following gcode so the filament will be removed.\nG1 E-1 F7200\tG91 G1 Z5 F1200 G90 M220 S100\t; Set override speed to 100% G1 X0 Y200 F2400\tG1 E5 F150 G1 E-15 F5600\t; Initial retract to get filament out without stringing G1 E-10 F1000\t; retract filament in PTFE tube ( stages) G1 E-10 F240 G1 E-10 F100 G1 E-10 F40 G1 E-10 F2000 G1 E-30 F2000\t; Remove filament to above drive pulley M702 C\t; Unload filament G4 S1\t; pause 1 second M107\t; turn off fan M104 S0 ; turn off temperature M140 S0 ; turn off heatbed M84 ; disable motors MMU v2 # use the following gcode so the filament will be removed.\nG1 E-1 F7200\tG91 G1 Z5 F1200 G90 M220 S100\t; Set override speed to 100% G1 X0 Y200 F2400\tG1 E5 F150 G1 E-15 F5600\t; Initial retract to get filament out without stringing G1 E-10 F1000\t; retract filament in PTFE tube ( stages) G1 E-10 F240 G1 E-10 F100 G1 E-10 F40 G1 E-10 F2000 G1 E-30 F2000\t; Remove filament to above drive pulley M702 C\t; Unload filament G4 S1\t; pause 1 second M107\t; turn off fan M104 S0 ; turn off temperature M140 S0 ; turn off heatbed M84 ; disable motors ","date":"January 5 2019","externalUrl":null,"permalink":"/posts/2019/01/prusa-mmuv1-octoprint-cancel-gcode.html","section":"Posts","summary":"","title":"Prusa Gcode to Cancel octoprint","type":"posts"},{"content":" DynDNS Setup # you will have to press ctrl+v then ? to add the question mark Tested\nip ddns update method DynDNS HTTP add http://username:password@members.dyndns.org/nic/update?system=dyndns\u0026amp;hostname=\u0026lt;h\u0026gt;\u0026amp;myip=\u0026lt;a\u0026gt; interval maximum 0 1 0 0 interval minimum 0 1 0 0 ! hostname host ! ip domain name dyndns.org ip name-server 4.2.2.2 ! interface FastEthernet4 ip ddns update hostname host.dyndns.org ip ddns update DynDNS ","date":"January 4 2019","externalUrl":null,"permalink":"/posts/2019/01/cisco-dyndns.html","section":"Posts","summary":"","title":"Cisco DynDNS Configuration","type":"posts"},{"content":"","date":"January 4 2019","externalUrl":null,"permalink":"/tags/dyndns/","section":"Tags","summary":"","title":"DynDNS","type":"tags"},{"content":"To expand on the \u0026ldquo;use JAXB\u0026rdquo; comments above,\nIn Windows \u0026ldquo;%java_home%\\bin\\xjc\u0026rdquo; -p [your namespace] [xsd_file].xsd\ne.g., \u0026ldquo;%java_home%\\bin\\xjc\u0026rdquo; -p com.mycompany.quickbooks.obj quickbooks.xsd\nWait a bit, and if you had a well-formed XSD file, you will get some well-formed Java classes\n","date":"January 4 2019","externalUrl":null,"permalink":"/posts/2019/01/java-xsd.html","section":"Posts","summary":"","title":"Creating Java Classes with XSD","type":"posts"},{"content":"","date":"January 4 2019","externalUrl":null,"permalink":"/tags/java/","section":"Tags","summary":"","title":"Java","type":"tags"},{"content":"sample code to pull the distinguished name of a user and then update its password with a random new password\nimport javax.naming.*; import javax.naming.directory.*; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import java.util.*; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; public class ADPasswordReset { //DirContext ldapContext; public static String updatePassword(String serverIP, String Principal,String PrincipalPassword, String username) { try { trustSelfSignedSSL(); Hashtable ldapEnv = new Hashtable(11); ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, \u0026#34;com.sun.jndi.ldap.LdapCtxFactory\u0026#34;); ldapEnv.put(Context.PROVIDER_URL, \u0026#34;ldap://\u0026#34; + serverIP + \u0026#34;:636\u0026#34;); ldapEnv.put(Context.SECURITY_AUTHENTICATION, \u0026#34;simple\u0026#34;); ldapEnv.put(Context.SECURITY_PRINCIPAL, Principal); ldapEnv.put(Context.SECURITY_CREDENTIALS, PrincipalPassword); ldapEnv.put(Context.SECURITY_PROTOCOL, \u0026#34;ssl\u0026#34;); DirContext ldapContext = new InitialDirContext(ldapEnv); int codeCount = 8; String allChar = \u0026#34;0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z\u0026#34;; String[] allCharArray = allChar.split(\u0026#34;,\u0026#34;); String randomCode = \u0026#34;\u0026#34;; int temp = -1; java.util.Random rand = new java.util.Random(); int ii = 0; for (ii=0; ii \u0026lt; codeCount; ii++) { if (temp != -1) { rand = new java.util.Random(ii * temp * ((int)System.currentTimeMillis())); } int t = rand.nextInt(36); temp = t; randomCode += allCharArray[t]; } char quotes =\u0026#39;\u0026#34;\u0026#39;; String quotedPassword = quotes + randomCode + quotes; char[] unicodePwd=new char[quotedPassword.length()]; unicodePwd = quotedPassword.toCharArray();\tbyte[] pwdArray = new byte[unicodePwd.length * 2]; int i = 0; for (i=0; i\u0026lt;unicodePwd.length; i++) { pwdArray[i*2 + 1] = (byte) (unicodePwd[i] \u0026gt;\u0026gt;\u0026gt; 8); pwdArray[i*2 + 0] = (byte) (unicodePwd[i] \u0026amp; 0xff); } javax.naming.directory.ModificationItem[] mods = new javax.naming.directory.ModificationItem[1]; mods[0] = new javax.naming.directory.ModificationItem(javax.naming.directory.DirContext.REPLACE_ATTRIBUTE, new javax.naming.directory.BasicAttribute(\u0026#34;UnicodePwd\u0026#34;, pwdArray)); ldapContext.modifyAttributes(username , mods); return randomCode; } catch (Exception e) { return e.toString(); } } public static String pullUserDn(String serverIP, String Principal,String PrincipalPassword, String domain,String query){ try{ trustSelfSignedSSL(); Hashtable ldapEnv = new Hashtable(11); ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, \u0026#34;com.sun.jndi.ldap.LdapCtxFactory\u0026#34;); ldapEnv.put(Context.PROVIDER_URL, \u0026#34;ldap://\u0026#34; + serverIP + \u0026#34;:636\u0026#34;); ldapEnv.put(Context.SECURITY_AUTHENTICATION, \u0026#34;simple\u0026#34;); ldapEnv.put(Context.SECURITY_PRINCIPAL, Principal); ldapEnv.put(Context.SECURITY_CREDENTIALS, PrincipalPassword); ldapEnv.put(Context.SECURITY_PROTOCOL, \u0026#34;ssl\u0026#34;); DirContext ldapContext = new InitialDirContext(ldapEnv); SearchControls ctrl = new SearchControls(); ctrl.setSearchScope(SearchControls.SUBTREE_SCOPE); NamingEnumeration enumeration = ldapContext.search(domain, query, ctrl); SearchResult result = (SearchResult) enumeration.next(); Attributes attribs = result.getAttributes(); return (String) attribs.get(\u0026#34;distinguishedname\u0026#34;).get(0); }catch(Exception ex) { return ex.toString(); } } public static String pullUserSamAName(String serverIP, String Principal,String PrincipalPassword, String domain, String query){ try{ trustSelfSignedSSL(); Hashtable ldapEnv = new Hashtable(11); ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, \u0026#34;com.sun.jndi.ldap.LdapCtxFactory\u0026#34;); ldapEnv.put(Context.PROVIDER_URL, \u0026#34;ldap://\u0026#34; + serverIP + \u0026#34;:636\u0026#34;); ldapEnv.put(Context.SECURITY_AUTHENTICATION, \u0026#34;simple\u0026#34;); ldapEnv.put(Context.SECURITY_PRINCIPAL, Principal); ldapEnv.put(Context.SECURITY_CREDENTIALS, PrincipalPassword); ldapEnv.put(Context.SECURITY_PROTOCOL, \u0026#34;ssl\u0026#34;); DirContext ldapContext = new InitialDirContext(ldapEnv); SearchControls ctrl = new SearchControls(); ctrl.setSearchScope(SearchControls.SUBTREE_SCOPE); NamingEnumeration enumeration = ldapContext.search(domain, query, ctrl); SearchResult result = (SearchResult) enumeration.next(); Attributes attribs = result.getAttributes(); System.out.println(attribs); return (String) attribs.get(\u0026#34;samaccountname\u0026#34;).get(0); }catch(Exception ex) { return ex.toString(); } } public static void trustSelfSignedSSL() { try { SSLContext ctx = SSLContext.getInstance(\u0026#34;TLS\u0026#34;); X509TrustManager tm = new X509TrustManager() { public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException { } public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() { return null; } }; ctx.init(null, new TrustManager[]{tm}, null); SSLContext.setDefault(ctx); } catch (Exception ex) { ex.printStackTrace(); } } public static void main (String[] args){ String Pn = \u0026#34;dn of service account\u0026#34;; String Ss = \u0026#34;dn of your domain\u0026#34;; String Pp = \u0026#34;service account password\u0026#34;; String Sip = \u0026#34;server ip\u0026#34;; String s = \u0026#34;LDAP attribute to search by\u0026#34;; String DnofUser = pullUserDn(Sip, Pn, Pp, Ss, s); System.out.println(\u0026#34;Got: \u0026#34;+DnofUser); String samUser = pullUserSamAName(Sip, Pn, Pp, Ss, s); System.out.println(\u0026#34;Got: \u0026#34;+samUser); System.out.println(updatePassword(Sip, Pn, Pp, DnofUser)); } } ","date":"January 4 2019","externalUrl":null,"permalink":"/posts/2019/01/java-ad-reset.html","section":"Posts","summary":"","title":"Using Java To Reset AD Password","type":"posts"},{"content":" Useful Gateway Commands # H.323 # to get a in-progress calls dial-peer\nshow voice call status to get call stats such as voice port and dest IP address. you can refine this based on the calling number or called number.\nshow call active voice brief to inject a tone on the wire of an active\ntest voice port 1/1 inject-tone network 500hz ","date":"January 4 2019","externalUrl":null,"permalink":"/posts/2019/01/gatewaycommands.html","section":"Posts","summary":"","title":"Useful Gateway Commands","type":"posts"},{"content":" DTMF Notes # DTMF Relay H.323 # H.245 Alphanumeric used with H.323 In this method DTMF signals are carried as H.245 messages (OOB) debug voice rtp session named-event debug h245 asn1\nRTP-NTE or RFC2833 In this method DTMF tones are transported in RTP streams based on RFC2833 debug voice rtp session named-event debug h245 asn1\nDTMF Relay SIP # RFC 2833 (RTP-NTE)\nKPML (RFC 4730) KPML procedures use a SIP SUBSCRIBE message to register for DTMF digits. The digits themselves are delivered in NOTIFY messages containing an XML-encoded body.\nSIP Notify (RFC 3265) Unlike KPML, these NOTIFY messages are unsolicited, and there is no prior registration to receive these messages using a SIP SUBSCRIBE message. But like KPML, Unsolicited Notify messages are out-of-band.\nSIP Info (RFC 2976) The SIP INFO method is used by a UA to send call signaling information to another UA with which it has an established media session\ndebug ccsip messages INFO sip:2143302100@172.17.2.33 SIP/2.0 Via: SIP/2.0/UDP 172.80.2.100:5060 From: ;tag=43 To: ;tag=9753.0207 Call-ID: 984072_15401962@172.80.2.100 CSeq: 25634 INFO Supported: 100rel Supported: timer Content-Length: 26 Content-Type: application/dtmf-relay Signal= 1 Duration= 160 ","date":"January 4 2019","externalUrl":null,"permalink":"/posts/2019/01/ciscodtmf.html","section":"Posts","summary":"","title":"Cisco Dtmf","type":"posts"},{"content":" Cisco QoS # Switch Verify Commands # show mls qos show mls qos interface gi0/1 statistics show platform port-asic stats drop gi0/1 Router Verify Commands # show service policy-map interface gi0/1 Switch Commands # the command \u0026lsquo;mls qos map cos-dscp\u0026rsquo; allows you to map COS to DSCP. the auto qos command will map a range of COS values to DSCP values. mls qos map cos-dscp 0 8 16 24 32 46 48 56\nthis maps COS 0 to DSCP 0-7, then COS 1 to DSCP 8-15, COS 2 to DSCP 16-23, COS 3 to DSCP 24-31, and so on. Policing Notes\nOn trunks ports \u0026lsquo;mls qos trust dscp\u0026rsquo; The single bucket would be viewed as a conform action where once the bucket has been consumed traffic will be dropped. In the two bucket model the first bucket remains for your conform action, and the second bucket will be for the exceed action. Bucket one is known as Bc bucket two is known as Be\nPolicy-map restrict-traffic Class restricted-traffic Police 15000 conform-action transmit exceed-action set-prec-transmit 0 vilate-action drop The router will auto-fill Bc=4687 bytes Be=4687 bytes\nThis is an example of a three-bucket model where we allow up to 15000bps if exceed we reset the ip precedence, if the traffic continues to exceed the set limit we drop traffic\nShaping Notes\nShaping will put traffic into the memory buffers and cannot reclassify traffic, shaping can be done per class of traffic. CIR = Tc * Bc or Bc = CIR / Tc Tc = time committed Bc = committed Burst = translates to the CIR Be = exceeded burst The router will transmit your CIR per time frame. Would see a burst of traffic per time increment then nothing for the remainder of the time increment The committed burst is accessible if a given Tc went unused and the following Tc needed more traffic. the Be is the cap that the ISP will enforce for any given Tc Shaping Graph\nIf you shape based off the peak the traffic can / will be dropped Shaping based on the average put traffic into the discard-eligible\nThis would be a method to shape data that can be re-transmitted (at a 500kbs rate)\nPolicy-map Shape Class Data Shape peak 500000 This would be a method to shape data at a peak rate (that cannot be re-transmitted (at a 500kbs rate)) this will use Bc Priority can be given to voice traffic with win the shape map\nClass-map Data match ip dscp 0 Class-map Voice match ip dscp ef ! class-map All-Data match class data match class voice ! policy-map Priority class Voice priority 50000 class Data bandwidth 50000 class class-default fair-queue ! Policy-map Shape Class All-Data Shape average 500000 Service-policy Priority ! Interface X Servicei-policy output Shape ","date":"January 4 2019","externalUrl":null,"permalink":"/posts/2019/01/ciscoqos.html","section":"Posts","summary":"","title":"Cisco Qos","type":"posts"},{"content":"","date":"January 4 2019","externalUrl":null,"permalink":"/tags/qos/","section":"Tags","summary":"","title":"Qos","type":"tags"},{"content":" ASA Commands # Run commands on remote ASA\nfailover exec mate show run ","date":"January 2 2019","externalUrl":null,"permalink":"/posts/2019/01/ciscoasacommands.html","section":"Posts","summary":"","title":"Cisco ASA Commands","type":"posts"},{"content":" Enabling DSP Farm Services for a Voice Card # voice-card 0 dsp services dspfarm ! dspfarm profile 1 conference codec g711ulaw conference-join custom-cptone jointone conference-leave custom-cptone leavetone maximum conference-participants 32 maximum sessions 8 associate application sccp ! Configuring Join and Leave Tones # ! voice class custom-cptone dualtone conference frequency 600 900 cadence 300 150 300 100 300 50 ! sccp local FastEthernet0/0 sccp ccm 192.168.10.1 identifier 100 version 4.0 ! sccp ccm group 123 bind interface fastethernet 0/0 associate ccm 100 priority 1 associate profile 1 register confdsp1 ! #set conference globally\n! telephony-service max-conferences 5 gain -6 conference hardware transfer-system full-consult sdspfarm units 1 sdspfarm tag 2 confdsp1 sdspfarm conference mute-on *1 mute-off *2 ! ## Configuring Multi-Party Ad Hoc Conferencing and Meet-Me Numbers ```bash ! ephone-dn 1 dual-line number 1000 conference [ad-hoc] [meetme] ! ## Configuring Conferencing Options for a Phone ```bash ! ephone-template 1 conference add-mode creator conference admin softkeys hold Join Newcall Resume Select softkeys idle ConfList Gpickup Join Login Newcall Pickup Redial RmLstC softkeys seized Redial Endcall Cfwdall Pickup Gpickup Callback Meetme ! ephone 1 ephone-dn-template 1 ! set conference behavior # ! ephone 1 button 1:1 ephone-dn-template 1 keep-conference [drop-last] [endcall] [local-only] ! *****************OR******************** ! voice register pool pool-tag keep-conference [drop-last] [endcall] [local-only] ! ! ! ! ! ! ! ! ! ! Transcoding on CME # voice-card 0 dsp services dspfarm ! sccp local Vlan48 sccp ccm 192.168.10.1 identifier 1 sccp ! dspfarm profile 1 transcode codec g711ulaw codec g711alaw codec g729ar8 codec g729abr8 codec g729r8 maximum sessions 4 associate application SCCP ! sccp ccm group 1 associate ccm 1 priority 1 associate profile 1 register MTP123456782012 keepalive retries 5 switchover method immediate switchback method immediate switchback interval 15 ! telephony-service sdspfarm units 1 sdspfarm transcode sessions 4 sdspfarm tag 1 MTP123456782012 ip source-address 192.168.10.1 port 2000 ! ","date":"January 2 2019","externalUrl":null,"permalink":"/posts/2019/01/ciscoiosdspcommands.html","section":"Posts","summary":"","title":"Cisco IOS DSP Commands","type":"posts"},{"content":" Do this to start the ipvms module(CUCM and UCCX) # At the \u0026ldquo;boot:\u0026rdquo; prompt type \u0026ldquo;linux rescue\u0026rdquo;\nThen after it finishes booting up type \u0026ldquo;chroot /mnt/sysimage\u0026rdquo;\nThat will try to mount the CUCM file system to the root directory.\nThen navigate to /lib/modules/cm_ipvms/ and identify directory xyz.i686 Create a new directory called xyz.athlon and copy all contents from xyz.i686 to the new directory xyz.athlon\nDo the same for all directories ending .i686, so there is a .athlon equivalent for each i686 folder.\nRestart CUCM VMware and boot normally\nDo this to bypass the hardware check browse to /usr/local/bin/base_scripts/hardware_check.sh then make the following changes\nfunction check_deployment() { local tmp_deployment initProductLibrary tmp_deployment=\u0026#34;$deployment\u0026#34; # Check the deployment # isHardwareValidForDeployment $tmp_deployment # rc=$? # if [ $rc -ne 0 ]; then # log info \u0026#34;$tmp_deployment deployment Not Supported\u0026#34; # return 1 # fi # Deployment is supported by this hardware log info \u0026#34;$tmp_deployment deployment Is Supported\u0026#34; return 0 } to change the system license mac # Using WinSCP move over to, /usr/local/bin/base_scripts Right click on LicenseMac.sh and Edit uccx licensemacsh root file\nSearch for below string,\nFinalString=`expr substr \u0026#34;$SHA1sum\u0026#34; 1 12` And change the value as shown below.\nFinalString=\u0026#34;FFFFFFFFFFFF\u0026#34; ","date":"January 2 2019","externalUrl":null,"permalink":"/posts/2019/01/ciscovmtricks.html","section":"Posts","summary":"","title":"Cisco VM Tricks","type":"posts"},{"content":" Linux Commands # Pull Harddrive Model and Vendor Info # cat /sys/class/block/sdc/device/{model,vendor} Find a String within a file # grep \u0026#39;string\u0026#39; /etc/ Find a String within a file and write to a file # grep \u0026#39;string\u0026#39; /etc/ \u0026gt; /etc/search.txt mdadm commands # sudo mdadm -E /dev/sdb sudo mdadm --query --detail /dev/md0 sudo mdadm --manage --add /dev/md0 /dev/sdb sudo mdadm --assemble --scan To grow a raid array # remove the smaller disk\nsudo mdadm --manage --remove /dev/sdb mdadm --grow /dev/md0 --size=max resize2fs /dev/md0 sudo mdadm --manage --add /dev/md0 /dev/sdb ","date":"January 2 2019","externalUrl":null,"permalink":"/posts/2019/01/linuxcommands.html","section":"Posts","summary":"","title":"Linux Commands","type":"posts"},{"content":"","date":"January 2 2019","externalUrl":null,"permalink":"/tags/vos/","section":"Tags","summary":"","title":"VOS","type":"tags"},{"content":" plug for fixing tables # use pelican-bootstrapify https://github.com/getpelican/pelican/issues/1421\ncontent for bootstarp2 # #!/usr/bin/env python # -*- coding: utf-8 -*- # from __future__ import unicode_literals AUTHOR = u\u0026#39;Mike Curtis\u0026#39; SITENAME = u\u0026#39;My Blog\u0026#39; SITEURL = \u0026#39;\u0026#39; PATH = \u0026#39;content\u0026#39; TIMEZONE = \u0026#39;America/New_York\u0026#39; THEME=\u0026#34;/home/mike/pelican-themes/bootstrap2\u0026#34; PLUGIN_PATHS = [\u0026#39;/home/mike/pelican-plugins/\u0026#39;] PLUGINS = [\u0026#39;tag_cloud\u0026#39;,\u0026#39;autopages\u0026#39;, \u0026#39;neighbors\u0026#39;, \u0026#39;summary\u0026#39;] DEFAULT_LANG = u\u0026#39;en\u0026#39; # Feed generation is usually not desired when developing FEED_ALL_ATOM = None CATEGORY_FEED_ATOM = None TRANSLATION_FEED_ATOM = None AUTHOR_FEED_ATOM = None AUTHOR_FEED_RSS = None # Formatting for dates DEFAULT_DATE_FORMAT = (\u0026#39;%a %d %B %Y\u0026#39;) # Formatting for urls ARTICLE_URL = \u0026#34;posts/{date:%Y}/{date:%m}/{slug}/\u0026#34; ARTICLE_SAVE_AS = \u0026#34;posts/{date:%Y}/{date:%m}/{slug}/index.html\u0026#34; CATEGORY_URL = \u0026#34;category/{slug}/index.html\u0026#34; CATEGORY_SAVE_AS = \u0026#34;category/{slug}/index.html\u0026#34; TAG_URL = \u0026#34;tag/{slug}/index.html\u0026#34; TAG_SAVE_AS = \u0026#34;tag/{slug}/index.html\u0026#34; # Generate yearly archive YEAR_ARCHIVE_SAVE_AS = \u0026#39;posts/{date:%Y}/index.html\u0026#39; # Show most recent posts first NEWEST_FIRST_ARCHIVES = False # Blogroll LINKS = ((\u0026#39;Pelican\u0026#39;, \u0026#39;http://getpelican.com/\u0026#39;), (\u0026#39;RegEx Checker\u0026#39;, \u0026#39;https://regex101.com/\u0026#39;), (\u0026#39;Github\u0026#39;,\u0026#39;https://github.com/mcurtis789\u0026#39;), ) # Social widget #SOCIAL = ((\u0026#39;You can add links in your config file\u0026#39;, \u0026#39;#\u0026#39;), # (\u0026#39;Another social link\u0026#39;, \u0026#39;#\u0026#39;),) DEFAULT_PAGINATION = 3 # Uncomment following line if you want document-relative URLs when developing #RELATIVE_URLS = True #pelicanconf.py file for bootstarp3\nAUTHOR = \u0026#39;Mike Curtis\u0026#39; SITENAME = \u0026#39;My Blog\u0026#39; SITEURL = \u0026#39;http://blog.mbcurtis.com\u0026#39; PATH = \u0026#34;content\u0026#34; #set date format and language DEFAULT_LANG = u\u0026#39;en\u0026#39; TIMEZONE = \u0026#39;America/Detroit\u0026#39; DEFAULT_DATE_FORMAT = (\u0026#39;%a %d %B %Y\u0026#39;) # Feed generation is usually not desired when developing FEED_ALL_ATOM = None CATEGORY_FEED_ATOM = None TRANSLATION_FEED_ATOM = None AUTHOR_FEED_ATOM = None AUTHOR_FEED_RSS = None # Uncomment following line if you want document-relative URLs when developing #RELATIVE_URLS = True #https://github.com/mterzo/pelican-bootstrap3 # his is a Bootstrap 3 theme for Pelican, originally developed by DandyDev. # It\u0026#39;s fully responsive and contains sub-themes from the Bootswatch project. # Pelican-bootstrap3 is compatible with Pelican 3.3.0 and higher. THEME=\u0026#34;/home/mike/Workspace/pelican-themes/pelican-bootstrap3\u0026#34; PLUGIN_PATHS = [\u0026#39;/home/mike/Workspace/pelican-plugins\u0026#39;] # bootstrapify - fixes table formatting. # summary - control summary display on the index pages. # sitemap - create site map of your site. # i18n_subsites - needed by pelican-bootstrap3 #PLUGINS = [\u0026#39;tag_cloud\u0026#39;,\u0026#39;autopages\u0026#39;, \u0026#39;neighbors\u0026#39;, \u0026#39;summary\u0026#39;] PLUGINS = [\u0026#39;tag_cloud\u0026#39;,\u0026#39;autopages\u0026#39;, \u0026#39;neighbors\u0026#39;, \u0026#39;i18n_subsites\u0026#39;, \u0026#39;bootstrapify\u0026#39;, \u0026#39;summary\u0026#39;, \u0026#39;sitemap\u0026#39;] # needed by pelican-bootstrap3 JINJA_ENVIRONMENT = { \u0026#39;extensions\u0026#39;: [\u0026#39;jinja2.ext.i18n\u0026#39;], } # The URL to refer to an article. ARTICLE_URL = \u0026#34;posts/{date:%Y}/{date:%m}/{slug}.html\u0026#34; # The place where we will save an article. ARTICLE_SAVE_AS = \u0026#34;posts/{date:%Y}/{date:%m}/{slug}.html\u0026#34; # The location to save per-year archives of your posts. YEAR_ARCHIVE_SAVE_AS = \u0026#39;posts/{date:%Y}/archives.html\u0026#39; # The location to save the article archives page. ARCHIVES_SAVE_AS = \u0026#39;archives.html\u0026#39; # The URL to use for a category. CATEGORY_URL = \u0026#34;category/{slug}/index.html\u0026#34; # The location to save a category. CATEGORY_SAVE_AS = \u0026#34;category/{slug}/index.html\u0026#34; # Formatting for TAG urls TAG_URL = \u0026#34;tag/{slug}/index.html\u0026#34; TAG_SAVE_AS = \u0026#34;tag/{slug}/index.html\u0026#34; # TAG_CLOUD_STEPS Count of different font sizes in the tag cloud # TAG_CLOUD_MAX_ITEMS Maximum number of tags in the cloud # TAG_CLOUD_SORTING Tag cloud ordering scheme. Valid values: random, alphabetically, alphabetically-rev, size, and size-rev # TAG_CLOUD_BADGE Optional setting: turn on badges, displaying the number of articles using each tag TAG_CLOUD_STEPS = 4 TAG_CLOUD_MAX_ITEMS = 100 TAG_CLOUD_SORTING = \u0026#34;random\u0026#34; DISPLAY_TAGS_INLINE = True # List of templates that are used directly to render content. # Typically direct templates are used to generate index pages for collections of content (e.g., category and tag index pages). # If the author, category and tag collections are not needed, set DIRECT_TEMPLATES = [\u0026#39;index\u0026#39;, \u0026#39;archives\u0026#39;] #DIRECT_TEMPLATES = (\u0026#39;index\u0026#39;, \u0026#39;categories\u0026#39;, \u0026#39;authors\u0026#39;, \u0026#39;archives\u0026#39;, \u0026#39;search\u0026#39;) DIRECT_TEMPLATES = (\u0026#39;index\u0026#39;, \u0026#39;categories\u0026#39;, \u0026#39;authors\u0026#39;, \u0026#39;archives\u0026#39;) # Set SHOW_ARTICLE_AUTHOR to True to show the author of the article at the top of the article and in the index of articles. # Set SHOW_ARTICLE_CATEGORY to show the Category of each article. # Set SHOW_DATE_MODIFIED to True to show the article modified date next to the published date. SHOW_DATE_MODIFIED = True SHOW_ARTICLE_AUTHOR = True SHOW_ARTICLE_CATEGORY = True # Show most recent posts first NEWEST_FIRST_ARCHIVES = True # https://github.com/getpelican/pelican-themes/blob/master/pelican-bootstrap3/README.md DISPLAY_ARTICLE_INFO_ON_INDEX = True # Number of articles to show on the index pages DEFAULT_PAGINATION = 3 # A list of tuples (Title, URL) for links to appear on the header. LINKS = ((\u0026#39;github\u0026#39;,\u0026#39;https://github.com/mcurtis789\u0026#39;), (\u0026#39;Pelican\u0026#39;, \u0026#39;http://getpelican.com/\u0026#39;), (\u0026#39;RegEx Checker\u0026#39;, \u0026#39;https://regex101.com/\u0026#39;), ) # static paths will be copied without parsing their contents STATIC_PATHS = [ \u0026#34;robots.txt\u0026#34;, ] #https://github.com/pelican-plugins/sitemap SITEMAP = { \u0026#34;format\u0026#34;: \u0026#34;xml\u0026#34;, \u0026#34;exclude\u0026#34;: [\u0026#34;tag/\u0026#34;, \u0026#34;category/\u0026#34;, \u0026#34;author/\u0026#34;], \u0026#34;priorities\u0026#34;: { \u0026#34;articles\u0026#34;: 0.5, \u0026#34;indexes\u0026#34;: 0.5, \u0026#34;pages\u0026#34;: 0.5 }, \u0026#34;changefreqs\u0026#34;: { \u0026#34;articles\u0026#34;: \u0026#34;monthly\u0026#34;, \u0026#34;indexes\u0026#34;: \u0026#34;weekly\u0026#34;, \u0026#34;pages\u0026#34;: \u0026#34;monthly\u0026#34; } } ","date":"December 31 2018","externalUrl":null,"permalink":"/posts/2018/12/pelicansetup.html","section":"Posts","summary":"","title":"Getting Started with Pelican","type":"posts"},{"content":"","date":"December 31 2018","externalUrl":null,"permalink":"/tags/pelican/","section":"Tags","summary":"","title":"Pelican","type":"tags"},{"content":"","externalUrl":null,"permalink":"/authors/","section":"Authors","summary":"","title":"Authors","type":"authors"},{"content":"","externalUrl":null,"permalink":"/series/","section":"Series","summary":"","title":"Series","type":"series"}]