Just a quick post on filtering outbound OSPF advertisements. I had some struggle with this config today.
config router prefix-list
set prefix 10.10.0.0 255.255.0.0
set prefix 10.20.0.0 255.255.0.0
set action deny
set prefix any
config router ospf
set router-id 184.108.40.206
set list “filter-outbound”
set direction out
Like a said: a quick-and-dirty note
The management of wireless networks can be done via the Windows command “netsh wlan”. This command is especially useful when using Windows 8. You can use other “netsh” subcommands to retrieve other system information, like “netsh lan” to get information about your Wired AutoConfig Service settings.
The following table describes some options for “netsh wlan”.
||show all save profiles
|delete profile name=”profile name”
||delete a specific profile
|show profile name=”profile name” key=clear
||retrieve saved WPA2 PSK
|export profile “profile name” folder=c:\export
||export a profile with all settings to the directory c:\export
|add profile filename=”c:\export\filename” user=all
||import a profile with all settings to all users profiles
|show profile “profile name”
||display information on the specific wifi network
||shows a list of the wireless LAN interfaces on the system
||display information on all currently available wifi networks
There are a lot more useful commands available. You can always use the question mark to get more options.
I am fairly new to NetScaler to I tried to upgrade the software via CLI. This is what I if done.
- Download the upgrade firmware via MyCitrix.com
- Backup the configuration
- Upgrade the software to the NetScaler appliance (I used pscp.exe on a Windows machine to upload the software to the directory /var/nsinstall/11.0/63.16. I created the directories 11.0/63.16 before uploading the firmware)
- Untar the software
- Install the software (relax and take your time)
- Reboot the appliance
- Verify the upgrade (show version)
When everything goes according to plan, you would see the following output:
root@netscaler# tar zxvf build-11.0-63.16_nc.tgz
installns: : BEGIN_TIME 1444387063 Fri Oct 9 12:37:43 2015
installns: : VERSION ns-11.0-63.16.gz
installns: : VARIANT v
installns: : No options
installns: : prompting for reboot
installns: : END_TIME 1444387469 Fri Oct 9 12:44:29 2015
Installation has completed.
Reboot NOW? [Y/N]
I would like to upgrade my current NetScaler VPX Express configuration via GUI. For some security reason Internet Explorer and FireFox aren’t able to access the GUI. They return the error message that the NetScaler is using a wrong SSL certificate.
The default SSL self-signed certificate is installed on the appliance. I have uploaded a “real” certificate to content switch and load balancing. I would like to use the same certificate for GUI management. To change the certificate, access the NetScaler via SSH.
Check the current certificate run the following command and you will get the following output.
sh run | grep “bind ssl service”
bind ssl service nshttps-::1l-443 -certkeyName ns-server-certificate
bind ssl service nsrpcs-::1l-3008 -certkeyName ns-server-certificate
bind ssl service nskrpcs-127.0.0.1-3009 -certkeyName ns-server-certificate
bind ssl service nshttps-127.0.0.1-443 -certkeyName ns-server-certificate
bind ssl service nsrpcs-127.0.0.1-3008 -certkeyName ns-server-certificate
If you would like to see all your available certificate enter the following command.
> sh run | grep “ssl certKey”
add ssl certKey ns-server-certificate -cert ns-server.cert -key ns-server.key
add ssl certKey wildcart-booches-nl -cert sslcert-wildcard-booches-nl.pem -key passwd-private-wildcard-1route-nl.pem -passcrypt “adfadf&*fU=”
add ssl certKey root-booches -cert cacert.pem
I would like to bind the certificate “wildcard-booches-nl”, so I use the following commands to bind the certificate to the different management services.
bind ssl service nskrpcs-127.0.0.1-3009 -certkeyName wildcard-booches-nl
bind ssl service nshttps-127.0.0.1-443 -certkeyName wildcard-booches-nl
bind ssl service nsrpcs-127.0.0.1-3008 -certkeyName wildcard-booches-nl
While configuring Office365 as the messaging (SMTP) server within Aruba ClearPass, I needed to upload the certificate from the StartTLS session to the certificate trust list from ClearPass. I had to export the certificate for smtp.office365.com via the following OpenSSL command:
openssl s_client -showcerts -starttls smtp -crlf -connect smtp.office365.com:587
After running the command, you will see some output like shown in the image.
I copied the both parts between BEGIN CERTIFICATE and END CERTIFICATE to two different text editore files and saved them with the extension .cer. Next I was able to upload both certificates to the certificate trust list in ClearPass and configure the message server with StartTLS Connection Security