Cisco ISE Security TACACS+

CISCO ISE: TACACS+ Configuration

Beyond the well known RADIUS service, Cisco ISE includes a module for performing TACACS+ authentication, authorization and accounting. Take into account that TACACS+ operation consumes appliance resources that might be necessary for RADIUS purposes so, depending on the size…

Cisco ISE Security

Cisco ISE: 802.1x AP Authentication

Following my previous ISE post on phones authentication using EAP-TLS, in this new post I’ll show you how to quickly configure the access points for 802.1x authC. This require some specific configurations: They need to enable EAP-FAST as authentication…

Cisco ISE Security

Cisco ISE: IP Phones and EAP-TLS Authentication

In this post I’m gonna show you the steps for authenticating your IP phones using 802.1x and certificates. I encourage you reading the “IP Telephony for 802.1X Design Guide” before for a better understanding. Let’s start with some background…

AMP Cisco Security

AMP For Endpoints: Running IoC Scans

One cool feature included in AMP4E is the capability of running IoC scans. Once you’ve rolled out the connector among the users’ computers you just need to upload the IoC files to your AMP4E dashboard and then choose whether…

AMP Cisco Security

AMP for Endpoints: Configuration Basics

Setting up AMP for endpoints is pretty straightforward as most of the configuration is already in place and administrators just need to fine tune those parameters that best fit into their organizations. The configuration fundamentals are: Exclusions. Application Control Whitelisting.…

Cisco Routing & Switching

EEM, HSRP and BGP for HA and load balancing

This post describes how to use EEM to monitor BGP changes and trigger automatic configurations to remediate failures. Cisco IOS Embedded Event Manager (EEM) is a powerful and flexible subsystem that provides real-time network event detection and on-board automation.…

Cisco Events

Cisco Live Berlin 2017

After attending the Cisco Live in Berlin I just can say that it’s been an amazing week. There’s plenty of things to do. Sometimes you wish you were able to split yourself and attend to multiple sessions at the same…

Events

VMworld 2012 Barcelona: Tuesday. VMware and Cisco

Today was the first day for attendants. We arrived early to get the best seats on the first general session. The kick-off was amazing! drums, beat box, color lights all over the stage, over 8000 registered people, all that…

Events

VMworld 2012 Barcelona: Sunday. Registration day

Finally yesterday I registered for the event. Got my attendee card and, as usual, a cool bag full of items from vendors and, of course vmware. Among them there is the typical tshirt, an usefull notebook and a canteen…

Security

Palo Alto or Checkpoint

Here is a few funny videos from Palo Alto showing why their firewalls are better than Checkpoint’s. Of course this is not an independent comparison, but can help to gather information for any of those looking for differences between…

Cisco VoIP

Restricting calls on CME: COR

            Understanding COR lists: In this post I’ll show you how to restrict extensions on CME from placing calls to not allowed numbers. CME has a great tool called Class Of Restriction (COR) which…

Security

Man-In-The-Middle. A practical case.

Hi there, Today I am going to show you how insecure our homes and certain enterprises LANs are. The basics of this issue is to perform a Man-In-The-Middle attack, just together with SSL sniffing, so we can just see…

Cisco

Cisco trick recovery password

There is a easy way to get the plain text password from an encrypted one. We just need the router itself. For example, create an username with its corresponding encrypted password: C891(config)#username ipstorming password oops! C891(config)#do sh run |…

Cisco

Automated backups

Do you need to ensure that you have an updated backup of your network devices? Backup tasks are easilly forgetful, so manually backups are not the best idea. As always, we should configure automated copy tasks in order to make…

Cisco Events

ITQ Evaluation Passed!

Cisco started months ago an organizational change in its Academy program. It is called the “Academy Evolution”. With this new model, Cisco seeks high quality academies and an improved student experience. Regarding to the academies, the most important change is…

Cisco Routing & Switching

DHCP Relay and giaddr

In large networks, DHCP Servers are located on remote subnets, sometimes far from where the clients requesting the ip are located. In these cases, relays agents are needed to carry the DHCP Discover packets sourced from clients to the data center where the…

Cisco Routing & Switching

Setting Up a DHCP Server

Configuring a DHCP Server on a Cisco router is a very common task on SOHO enviroments. In small companies with a small number of hosts, there is no need of a separate DHCP Server, taking advantage of the DHCP Service avaliable…

Cisco Routing & Switching

EIGRP Summarization Issues

A common issue we can find when we doing summarization in EIGRP is the lost of the optimum path towards a remote network. This is due to the fact that EIGRP supress the most specific subnets, that is, those network…

Cisco Routing & Switching

High Availability using IP SLAs

Nowadays, with the arrival of converged networks where data, voice and video go through IP, the use of backup internet connections is mandatory for bussines continuity. Depending where we want to deploy this high availability, we have several options, if our company is large…