2021-11-29

ClearPass, Read-only Domain Controller (RODC) and PEAP-MSCHAPv2

Today we're having a look at how to use a ClearPass Subscriber with a Read-Only Domain Controller.
This setup is typically for branch offices where the Activate Directory and NAC services should be hosted locally to overcome WAN failures. 

 

This post will primarily cover the "AD status:No trusted SAM account (0xc000018b)" error, when using PEAP-MSCHAPv2.

2021-04-25

Aruba Instant Mesh for point-to-point links


In this post I will explain my best practices in using Aruba APs as an point to point link. This is based on using Aruba Instant in version 8.4 or higher. This will not cover meshing in a controller based environment. 

 
I wrote this post, because in the last month I had a few customer facing problems with their point to point Access Point links. None of these problems were with the APs or Instant itself, but with the network environment or circumstances they were working in. My best practices below fix these problems.
These recommendations are applicable to all APs running Instant OS 8.4 or higher including the AP-387 with it's 60GHz 802.11ad radio. 


2021-04-18

Homelab setup - part 2 - software

In this second part of my homelab series I will tell you about the software configurations used to remote access my lab and features like remote power toggle and remote console access.
Features and software used are Palo Alto Global Protect (Client VPN), Apache Guacamole, ser2net, and one cURL call for controlling the Philips Hue power socket.  


You can read the first part about the hardware setup here.

2021-04-11

Homelab setup - part 1 - hardware

Today I will share some details about the hardware in my private test setup.

I had a few key features in mind before building this setup:

  • rack mounted (in the past everything was laying around on my desk)
  • self contained (only one power cord and one uplink should leave the rack)
  • remote access to console interfaces
  • remote power toggle for some equipment
  • remote access