Adica lucruri pe care le fac/vreau sa le fac/nu le fac besides job and networking:
Unul dintre evenimentele care s-a apropiat rapid-rapid si a trecut si mai rapid a fost deschiderea expozitiei de gravuri ale lui Grigorescu, la Muzeul National de Arta; defapt, doar 8 sunt gravuri ale artistului, restul sunt ale mai multor artisti ai Scolii de la Barbizon. Am ratat expozitia din motive de alocare de resurse pentru probleme profesionale si regret asta, pentru ca peste tot pe unde am fost, am gasit picturi de Grigorescu, dar nu gravura.
In fine, second chance: Un secol de pictura sarba. Trebuie sa recunosc ca informatiile mele referitoare la pictorii sarbi sunt undeva la minus infinit, dar sper sa ma pun la punct. Leti, hai tu cu mine la muzeu, cat mai suntem aproape de el 
.
Asa cum scria si Alex Burlacu pe blogul sau, ar fi si ceva concerte cool de vazut in perioada urmatoare: AC/DC, Phoenix si …mai ales: GOREFEST (da, nostalgia perioadei cand lucram in BitDefender si ascultam Gorefest de la xcyborg) – sper sa nu ma paraseasca, si sa merg macar la Phoenix si la AC/DC, Gorefest-ul e in Brasov si imi vine cam peste mana sa merg…
Addenda : la 10 minute dupa ce publicam postul a venit mail de la MetalHead ca AC/DC nu mai vin in .ro 
Tags: fun, spare time, viata
* Platit rata la RBS -> dat faliment pe luna aprilie 
* Oprit curent in firma -> refacut confige si .xml-uri bushite: ETA: 2-3 ore – sa vedem la cat plec azi spre casa
* No time to learn OSPF on Juniper -> task for tomorrow – canceled
* Marius a luat CCNA -> unii stiu sa-si gestioneze timpul, unii != Cristina
* Noroc ca avem 2 sarbatoriti si nu tre sa dau bani pe dulciuri -> rezolvat depresia pe ziua de azi
1. Se dau 3 bucati routere 7200, cu EIGRP si autentificare pe ele, legate intre ele cu cate o seriala;
2. Se configureaza un chain de chei pe fiecare router, chain-uri cu nume diferite de la un router la altul;
3. Se configureaza in fiecare chain, key
- perechile id de cheie si string-ul cheii sunt la fel pe toate routerele, dar fiecare router are cate o pereche de chei diferite per interfata
* diferite (din inerenta configului) sunt pozitiile cheilor in chain
Problema: pentru interfetele pentru care pozitiile cheilor in chain sunt diferite, EIGRP-ul nu face adiacente. Cum rezolv asta?
Ne-am inscris si noi in criza economica si reducem costurile. Asa se face ca azi stateam si eu, ca omul, la toaleta, si deodata ma trezesc pe intuneric; nu sunt ferestre, ci doar aerisiri, si era intuneric bezna. Am inceput sa dau din maini sa triggerez senzorul de miscare si sa se aprinda lumina.
Ok, este criza, ok, reducem costurile, dar sa nu poti sta 2 minute la toaleta, ca ramai pe intuneric…mi se pare penibil.
Doamnelor si Domnilor,
Monsieur a ramas, efectiv, in ultima perioada de timp, in pana de idei de a ma tiraniza si are nevoie, efectiv, de ajutor pentru a nu se mai plictisi.
Efectiv, s-a ajuns la aceasta situatie fara precedent in urma eforturilor mele sustinute, efectiv, de a invata sa gatesc, efectiv, de a face curat in casa, efectiv, de a calca/spala (cu masina efectiv ) si, mai ales, de a omori toate goangele efectiv si a-i aduce tiranului berea la pat…pardon, comp, efectiv – adica acolo unde-si petrece cea mai mare parte a timpului, cand refuza constant, continuu si efectiv sa mearga la teatru, de exemplu
Efectiv, orice idee care ar duce la demararea unui proces efectiv de tiranizare la adresa mea, poate fi trimis, efectiv, pe casuta mea de mail publicata efectiv in pagina de About sau lasata ca un comentariu efectiv la acest post.
Multumiri,
Semnat efectiv Cristina
Tags: fun
Dupa o zi in care m-am chinuit big time (si am chinuit si persoane binevoitoare de pe #mumu) sa fac un Web-Auth sa mearga pe un Cisco 3750, am constatat ca minunea de Web-Auth merge pe Cisco 3750 (cel putin pe imaginea pe care o am eu), NUMAI ca fallback profile la 802.1x… (chit ca documentatia Cisco prezenta bine-mersi Web-Auth/auth-proxy fara a pomeni nimic de 802.1x)… am ajuns in minunile oferite cu darnicie si gratie de ACS.
Anume: erori de genul “Internal Error” sau “Authetication (Cisco’s typo) invalidated” – documentate la modul: “see logs”…care “logs” zic fix aceeasi cheste ca si GUI-ul (da, am pus verbose pe unde am vazut cu ochii)
Buuuuuun, inseamna ca a gresit Cristinica ceva prin Posture Validation…sau poate cand a configurat protocoalele de FAST…sau poate pe cel de PEAPv1…sau poate a gresit cand a definit minunatul Downloadable ACL…etc…AAAAAAAAAAAAAAARSSSSSSHHHHH Ti-ai gasit! Tenth run: auth passed???!!!!?!?!?!!!??!?!. Minunea de ACS recunoaste si valideaza TOTI userii: si aia de EoU, si pe-aia de Web-Auth.
Now tell me: am I crazy? I give up 
I HATE Cisco
web-auth pe 3750
ca sa fiu precisa: nu merge! – asta pentru ca dut-ul nici macar nu incearca sa il verifice pe user against ACS, da din prima HTTP: Auth-proxy Authentication failed
R-3750-ST#
2d18h: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/18, changed state to up
2d18h: AUTH-PROXY: Allocate Unique_id 4D1
2d18h: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/13, changed state to up
2d18h: AUTH-PROXY INIT infi on Pak Wait :
cliaddr – 61.203.100.1, cliport – 32788
seraddr – 40.40.0.1, serport – 80
ip-srcaddr 61.203.100.1
pak-srcaddr 0.0.0.0
2d18h: timetag 240607482
2d18h: uname jean
2d18h: HTTP: Authentication for url ‘/’ ‘/’ level 15 privless ‘/’
2d18h: HTTP: Authenti
R-3750-ST#cation proxy_username = ‘jean’ priv-level = 15 auth-type = aaa
2d18h: HTTP: Auth-proxy Authentication failed
2d18h: timetag 240607565
2d18h: uname jean
2d18h: HTTP: Authentication for url ‘/’ ‘/’ level 15 privless ‘/’
2d18h: HTTP: Authentication proxy_username = ‘jean’ priv-level = 15 auth-type = aaa
2d18h: HTTP: Auth-proxy Authentication failed
2d18h: timetag 240607666
2d18h: uname jean
2d18h: HTTP: Authentication for url ‘/’ ‘/’ level 15 privless ‘/’
2d18h: HTTP: Authentication proxy_username
R-3750-ST# = ‘jean’ priv-level = 15 auth-type = aaa
2d18h: HTTP: Auth-proxy Authentication failed
2d18h: timetag 240607767
2d18h: uname jean
2d18h: HTTP: Authentication for url ‘/’ ‘/’ level 15 privless ‘/’
2d18h: HTTP: Authentication proxy_username = ‘jean’ priv-level = 15 auth-type = aaa
2d18h: HTTP: Auth-proxy Authentication failed
2d18h: timetag 240607867
2d18h: uname jean
2d18h: HTTP: Authentication for url ‘/’ ‘/’ level 15 privless ‘/’
2d18h: HTTP: Authentication proxy_username = ‘jean’ priv-level
R-3750-ST#= 15 auth-type = aaa
2d18h: HTTP: Auth-proxy Authentication failed
2d18h: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/18, changed state to up
2d18h: timetag 240607968
2d18h: uname jean
2d18h: HTTP: Authentication for url ‘/’ ‘/’ level 15 privless ‘/’
2d18h: HTTP: Authentication proxy_username = ‘jean’ priv-level = 15 auth-type = aaa
2d18h: HTTP: Auth-proxy Authentication failed
aaa new-model
aaa authentication login default local enable
aaa authentication dot1x default group radius
aaa authentication eou default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
!
aaa session-id common
switch 1 provision ws-c3750g-24ts
system mtu routing 1500
ip subnet-zero
ip routing
ip domain-name abc.com
ip host w2k3-ca 10.205.17.112
ip admission source-interface Vlan502
ip admission auth-proxy-banner http ^Cabc^C
ip admission watch-list enable
ip admission watch-list expiry-time 3
ip admission max-login-attempts 10
ip admission init-state-time 30
ip admission name WebAuth proxy http
ip admission name EoU eapoudp
ip admission name webauth-fallback proxy http
ip admission name webauth proxy http
ip admission name webauth-lpip proxy http
ip admission name webauth-lpip eapoudp
!
ip device tracking probe count 2
ip device tracking probe interval 300
ip device tracking
!
dot1x system-auth-control
!
!
!
errdisable recovery interval 30
!
!
identity profile default
auth-type authorize policy www
auth-type not-authorize policy nrh
identity policy web
access-group WA
identity policy nrh
access-group nrh
identity policy www
access-group www
!
fallback profile dot1x-web
ip access-group default-policy in
ip admission web-fallback
!
fallback profile dot1x-www
ip access-group default-policy in
ip admission webauth-fallback
!
spanning-tree mode pvst
spanning-tree extend system-id
eou allow ip-station-id
eou allow clientless
eou timeout status-query 200
eou timeout revalidation 601
eou logging
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet1/0/13
no switchport
ip address 40.40.40.40 255.255.0.0
speed 100
duplex full
!
interface GigabitEthernet1/0/18
switchport access vlan 502
switchport mode access
ip access-group www in
speed 100
duplex full
no cdp enable
spanning-tree portfast
spanning-tree bpdufilter enable
ip admission webauth
!
interface GigabitEthernet1/0/24
no switchport
ip address 60.60.60.9 255.255.255.0
!
interface Vlan502
ip address 61.203.0.1 255.255.0.0
!
ip classless
ip route 61.203.0.0 255.255.0.0 Vlan502
ip http server
ip http authentication aaa
ip http secure-server
!
ip radius source-interface GigabitEthernet1/0/24
!
ip access-list extended EoU-ACL
permit udp any any eq 21862
permit udp any eq bootpc any eq bootps
permit udp any any eq domain
deny icmp any any
ip access-list extended OK
permit tcp any any
permit ip any any
deny ip any any
ip access-list extended WA
permit tcp any host 61.203.0.1 eq www
permit tcp host 61.203.0.1 any eq www
permit tcp any any eq 2000 dscp cs4
deny ip any any
ip access-list extended default-policy
permit udp any eq domain any
permit udp any eq bootpc any
permit udp any any eq bootps
permit icmp any any
permit tcp any any
deny ip any any
permit udp any eq 21862 any eq 21862
ip access-list extended nrh
permit udp any any eq 2000 dscp cs7
deny udp any any dscp cs7
permit ip any any
ip access-list extended www
permit ip any any
permit tcp any any
!
no cdp run
radius-server host 60.60.60.1 auth-port 1645 acct-port 1646 key VAA
radius-server host 60.60.60.1 auth-port 1812 acct-port 1813 key VAA
radius-server source-ports 1645-1646
radius-server timeout 1000
radius-server key VAA
radius-server vsa send authentication
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 5 15
Razvan Rughinis rules