The Cisco saga continues….

Posted on by

The one step forwards two steps back tango is a dance I am becoming all too familiar with, as I learn more and more about the intricate nuances of PKI in relation to certain Cisco devices. I have been struggling for some time now, to get a guest nac server to support a chained publically signed certificate – it’s still ongoing with Cisco TAC, so I will refrain from jumping on any more soap-boxes until it has been resolved, so far their instructions have completely killed the SSL functionality on the box, forcing me to backtrack slightly. Then again when I am being advised by a vendor to log into the CLI and edit the ssl.conf file to get a certificate to work on the box, does fill me with some trepidation.

In other news I’m moving house again – still in the heart of Wellington City; but one step closer to the burbs :) – Rachael is currently bevering away with the rest of the family making the place good to go for move in date which will either be Christmas Eve or Boxing Day!! we know how to choose moving dates lol!

As a part of this move I was investigating moving my telecom phone-line – I filled in the online form with the details, and they emailed me back saying yeah sure we can move your line, and keep the same number – SCORE!! *BUT* it’ll cost me $132 for the privilige? This consisted of two charges, one for an engineer visit, and a connection fee… I sent an email complaining since I am an existing customer requesting a move of an existing connection why should I be paying a connection charge? Suffice to say after some haggling this will be credited back to me, and Telecom have kept me as a customer (by the skin of their teeth)…

Will update you on how the move goes closer to the time – for now I must be gone and get back to beating my head against the Cisco wall that seems to exist here in NZ….

Fast falling out with Cisco :(

Posted on by

I’m not posting here to rant but it’ll sound like that anyway so here goes….

I’m after a simple nicety. A public certificate for web-authentication on a Cisco anchor controller. It shouldn’t be rocket science and yet first of all, the address I chose – 192.0.2.1 (as opposed to the poorly chosen 1.1.1.1 in Cisco documentation) is unable to be signed by Public CA’s thanks to restrictions in policy set through IANA – apparently this address can only be used in documentation.

This address is for a “virtual” interface that is never actually routed onto a real network, it’s more of a capture mechanism within the controller itself for things like DHCP and Web Authentication/Redirection.

So I have gone for the next best thing – an RFC1918 address in the 192.168.x.x space. Got it signed by a Public CA – I even managed to bind the chained, signed cert with the private key through OpenSSL (version 0.9.8 according to Cisco’s instructions – the fact I have to use a version this specific is a worry in itself) and uploaded successfully to the wireless controller – reloaded the box and this should have been it.

So why does my controller persist in telling me on wireless device(s) that the website I am connected to, does not match my certificate? ….over to you Cisco… I await your reply. Though to date my experience of trying to do guest wireless in a best practice way is being met by a rather problematic platform. I remember the day when Cisco stuff just worked – you could rely on the fact that the code on the box was design for the purpose you chose. My doubts increase with each passing day.

I’m not saying Cisco should be a Pariah, just that I am increasingly having to lean on TAC to get things done. It’s becoming more of an uphill struggle to do some of the simplest things.

Is it me? Am I becoming more of an idiot with technology?

Latest Quake to hit Wellington!!

Posted on by

Reference Number 3620927
Universal Time December 3 2011 at 6:19
NZ Daylight Time Saturday, December 3 2011 at 7:19 pm
Latitude, Longitude 41.35°S, 174.29°E
Focal Depth 60 km
Richter magnitude 5.7
Region Marlborough
Location

30 km east of Picton
30 km north-east of Blenheim
40 km west of Wellington

This is the most powerful jolt I have felt in the last four years of being here, it was enough to knock a few ornament over, and also one of our vases which I managed to catch before it hit the ground – FUN!! Exciting!! I’m off for another stiff drink now…. ;p

Happy Halloween…..

Posted on by

< ... Insert creepy meniacal laughter here, echooing away ...>

Don’t know why but I am pretty much over Halloween, most of the folks in town celebrated it over the weekend, whilst the appartment fridge-freezer hung on for dear life after having what I can only describe as a choronary; luckily we have fantastic landlords who promptly went in search of a replacement which arrived this morning. So all is well with the world once more :)

Lucky also for use we live in a secure apartment so shouldn’t have to deal with random kids (or adults) knocking the door and trick-or-treating….

In other news? It’ll be Kiwicon 5 this weekend, and knowing 2 of the speakers personally I’ll definately be there. All in all it’s sizing up to be one heck of a conference – just have to make sure I remember which queue to join when I get there….

Hey! It’s Friday :)

Posted on by

Thought I would get in early with my posting today. I’ve decided to join a “kinship” on lord of the Rings online – something I told myself long ago I would never do. However with the upcoming ‘Rise of Isengard’ expansion I am rethinking my approach slightly – I have plumped for the Aeon Knights, they have a well presented website and look likley to be a good fit socially.

In other news… the sun – it shines!!