27 Mar

Add new interface to vSRX on VMWare Workstation

Sometimes you want to add a new interface to existing virtual router. I am sure everyone will agree with me that creating new virtual router from scratch and then moving the running configuration on it is far away from flexible approach – you want to modify existing instance. Adding new interface on vSRX on VMWare Workstation should be as simple as adding new PIC card on the physical device. There is just one thing you need to remember about.

First, you need to power off your virtual machine. At such point, I usually also make a snapshot of the VM in case of any problems. Then add new Network Interface in VM settings like for any other virtual device running on VMWare Workstation hypervisor, and assign all parameters as required. If you boot the vSRX now, you will get stuck at Wind River Linux login prompt

Wind River Linux login prompt

Wind River Linux login prompt on vSRX – remember that vSRX run as a process on Linux operating system

It is hard to guess at this point why it is not booting into JunOS. The only thing we changes is the new NIC we add. Indeed this is the source of the problem. vSRX requires NIC type defined as vmxnet3 device type, while for VMWare Workstation it does not default.

To fix this go to the folder where you store your virtual machine and find the file with .vmx extension. That is configuration file of the VM. In the end, you will see latest entries which cover newly added NIC. The index will differ depending on how many NICs you already have.

ethernet3.pciSlotNumber = "256"
ethernet3.connectionType = "custom"
ethernet3.addressType = "generated"
ethernet3.vnet = "VMnet19"
ethernet3.displayName = "VMnet19"
ethernet3.present = "TRUE"
ethernet3.generatedAddress = "00:0c:29:b1:f5:c4"
ethernet3.generatedAddressOffset = "30"

To define NIC type, you need to add one line to the configuration file

ethernet3.virtualDev = "vmxnet3"

Now vSRX will boot as expected and you will find the new interface in show interface terse output.

06 Mar

Response attributes on Synology RADIUS server

Secure Your Network

You can use Synology NAS products not only as file storage. The DSM system provides a broad spectrum of additional services via packages – either signed by Synology or provided by third-party communities – the SynoCommunity repository is the most known. The only limitation you have is your NAS hardware platform and its performance. I own DS211 model which reached its End of Sale status already. I run several network services like DNS server there, and I use it as remote storage for SMB and AFP shares as well as for iSCSI LUNs. It also provides some services for my home network and lab. One of them is RADIUS server.

I want to show you how you can use the Synology products as RADIUS server which will use LDAP database for user authentication. This way local accounts that I use for network shares authentication remains separated from any additional accounts dedicated to RADIUS service. Both RADIUS and LDAP runs on the NAS itself.

Read More