Been struggling to figure this out for awhile. By far the best most thorough video series on KZbin to detail this process. Thanks to you I have 8021x up and running now. Many thanks to you!
@riccardorighetti5632Ай бұрын
Hey man, next time zoom in the windows you focus in. Text was totally unreadable! You had a ton of viewport space totally useless and the space you were working was totally unreadable!
@leosieczka3724Ай бұрын
So when I do this, the SYSVOL folders dont replicate. It's just empty on the 2019 server. Any ideas why?
@DJSammy69.Ай бұрын
You good Sir are my new Hero!!! I spend hours browsing the webs and then found this!!! Thanks You MIllion times over!! Finally have fully utilized root.
@JimmyBuchanan-z6cАй бұрын
Great video - very helpful! Thank you for posting!
@vuyisilebhengu79102 ай бұрын
This is thee BEST I've seen, watched all vids. You also covered the DHCP issue I couldnt find in others. DANKO!!
@kevinallamby97302 ай бұрын
Hi Chris, how did you configure Gi0/2 on the access switch? Also, I have the ospf feature enabled but I don't think it is working because I am not seeing any ospf neighbors established.
@greenpill8102 ай бұрын
This is would have been a great video tutorial only if it was easy to view
@mariob47352 ай бұрын
For the first time I have 2-tier PKI in my homelab with easy to follow instructions. It's funny to type it out, but I'm really glad this finally works in my homelab. Thanks! :)
@mariob47352 ай бұрын
Awesome guide, thank you very much on this, and thankfully on easy to understand English!
@omolayo_ojo2 ай бұрын
can you make a video on how to add new network to policy based vpn
@vitaliisharapov62563 ай бұрын
hey Chris. Are you using EVE NG or PNETlab?
@richcruz89243 ай бұрын
@chris.. I know its been a while, but do you have the video showing how you uploaded the CPPM ISO image to even-ng? You show above from the point of adding it to your lab. I could use some help with actual prior steps.. much appreciated..
@sameerchauhan16163 ай бұрын
Is it possible to have one side local VPN host as natted. For example from my VPN end the ip 10.1.1.50 should be natted to a static public ip. This is a requirement from one of my client
@sergerobin72343 ай бұрын
Thanks for your tutorials. I've started studying networking, and it's a great source of information!
@emekaobizuluigbo19254 ай бұрын
Hello Chris, thanks for the video and the troubleshooting process. Do you have a link to download the EVE-NG FTD?
@PraveenRai4 ай бұрын
Can we have this eve topology file load in eve and play with it ?
@VFRMan4 ай бұрын
Thanks for the great 2 part video. However, at time stamp 13:15 you said something about registering the dll file to be able to view the AD Scheme. What is the command? The screen is too small to be able to read what you typed out. Disregard I found it online.
@PraveenRai5 ай бұрын
Nice topology do you keep these labs somewhere to we can use the lab file in our eve to play with it
@rajeshnanavat5 ай бұрын
thank you for sharing amazing content, Can you also share the details of basic configuration for other network devices ? or may be a video series where you have started building this topology
@gaz19785 ай бұрын
What a great video! New subscriber
@bhnane6 ай бұрын
very good guide, and it is even better on 1.25 speed
@ericneo27 ай бұрын
Thank you for the heads up about the enterprise admins membership and the periods, they solved my "cannot verify certificate chain" error.
@mariob47352 ай бұрын
Hello, I'm facing the same issue here, I'm installing everything with default Administrator account that's already in Enterprise Admins group. This is my homelab infastructure so I think it's fine :) I still have the issue though, I even started rootCA back if it matters but it didn't help. Any ideas? EDIT: I found it! It was DNS, or rather typo in CNAME that pointed to "clr" instead of "crl". Setting this up at 1AM is not the best idea haha
@ericneo22 ай бұрын
@@mariob4735 Double check your rootca url points to your intermediate, put DNS entries for both, add "Enterprise Admins group" to your Domain Admin account and on the rootca before signing the request set the following: certutil -setreg CA\CRLPeriodUnits 6 certutil -setreg CA\CRLPeriod "Months" certutil -setreg CA\ValidityPeriodUnits 5 certutil -setreg CA\ValidityPeriod "Years"
@nareshdink92297 ай бұрын
screen size is very small, please try to screen size of whatever u are sharing
@kendalwhite17257 ай бұрын
Thanks for the video. One issue I'm running into is when importing the subordinate certificate into the Certification Authority, I get an error message "Cannot verify certificate chain. The revocation function was unable to check revocation because the revocation server was offline." Any thoughts?
@ericneo27 ай бұрын
Same. No one seems to have an answer online. The only thing that makes sense to me is the URL for the root CA in the signed certificate is unreachable or some service that is suppose to respond isn't doing so. Possible solution: The Domain Admin account that you use on the sub/intermediate CA at 4:24 needs to have Enterprise Admins group added. By default Domain Admin accounts are missing the Enterprise Admins membership.
@serge20397 ай бұрын
Hi Chris, fantastic series! Thank you for documenting this. The only thing missing here is how to tie this up with Account Factory and deploy these stacks as customizations.
@sh.ku37 ай бұрын
Hi Chris, amazing content. thanks a lot for this effort! please keep them coming.
@brandonunger16897 ай бұрын
Hey Chris, can you detail your EVE-NG Pro server specs?
@wgalafassijr27 ай бұрын
Great videos. Thank you
@wgalafassijr27 ай бұрын
about the ntp registry why you dont do the same on the other domain server?
@anhtruongbao768 ай бұрын
Hi Sir, can I have both tacacs+ and local ssh? I'm using aruba cx600 and aruba clearpass
@tonymasse38878 ай бұрын
Thanks! Sorted me out :)
@arturit0_8 ай бұрын
Great job Chris can you do one for PBR using FDM as well?
@arturit0_8 ай бұрын
Can you cover the Certificate https for FDM please?
@pit0nka9 ай бұрын
Thank you to share your videos with us. This poweshell makes this possible too: Move-ADDirectoryServerOperationMasterRole -Identity YourDCServerName -OperationMasterRole 0,1,2,3,4 -Force names of roles with numbers from 0 to 4: PDCEmulator 0 RIDMaster 1 InfrastructureMaster 2 SchemaMaster 3 DomainNamingMaster 4
@cynthiamoricordova50999 ай бұрын
Great video. Are you using eve-ng professional or free version?
@networkconfigchris40029 ай бұрын
professional
@redhatcertified9 ай бұрын
Use Ctrl+shift++ to increase the size of terminal so it would be easier to read.
@legokid2019 ай бұрын
What the hell is with the pauses in between words. Were you kicked in the head? I mean this is a great video. But OMG you are killing me with these pauses. Also your resolution is way to high.
@overproof14609 ай бұрын
Nice! FDM interface looks a lot more detailed than FMC though 😅
@shuihaibshadulyponnan215510 ай бұрын
Hi Chris, could you please share the lab?
@hahahaha702310 ай бұрын
Correct me if I'm wrong, can't we just go certutil publish on the root cert that should propagate to all AD joined machines?
@roohax10 ай бұрын
Great video! Thanks for the helpful tutorial
@ferdiugude968910 ай бұрын
Putting the four windows on one screen makes it difficult to see what you are doing
@mrjazze152010 ай бұрын
your screen resolution is far too high .
@networkconfigchris400210 ай бұрын
yes it is. Get a 4k monitor :)
@LeadBariBass10 ай бұрын
It makes an otherwise great video somewhat pointless. We can't see what is on your screen. I have dual 32" monitors and still can't read the text in your video.@@networkconfigchris4002
@vcp936 ай бұрын
Playing it on a 4k, 55inch TV... Still pretty small. Were you unable to maximize the VM screens while you were working on them? Also, what's the topology tool you are using? It looks like something I'd love to test drive. Cheers! @@networkconfigchris4002
@captaink11811 ай бұрын
Why not use the fully qualified domain name for the crl http path?
@networkconfigchris400211 ай бұрын
I would agree that I should have used the fqdn
@floriantdoungmene549211 ай бұрын
Hi Chris. Many thanks again for your videos. For terraform authentication, you used the config file and defined the profile with aliases in the provider blocks. However you need to log in using the sso user credentials and therefore generated temporary credentials valid for one hour. This works perfectly when working locally. is it possible to integrate this authentication method to deploy in multiple accounts in CI / CD pipeline? if yes any suggestion? if no which way should I go?
@networkconfigchris400211 ай бұрын
Yes, you are correct that using AWS SSO is really not for a CI/CD pipeline. The best way would be to create a role in each account and then use an assume_role block in the Terraform AWS provider to assume the role in the account.
@floriantdoungmene5492 Жыл бұрын
Hi Chris, I watched all your videos and shared it with my colleagues. They are really really awesome. Please updload the remaining videos of the series. I have been waiting for them. I look forward to watching them. Thanks again for the hard work!
@networkconfigchris4002 Жыл бұрын
Thank you, I will upload them soon. Really appreciate it.