Clik here to view.
DMVPN Phase 3: a complete guide
In a previous article, I explained what is and how it works DMVPN technology. In this article you see how to configure DMVPN phase3. This phase allows spokes to build a spoke-to-spoke tunnel and to...
View ArticleClik here to view.
Troubleshoot a DMVPN phase 3 architecture
In the last article, I explained how to configure DMVPN phase3, but what are the most useful commands to troubleshoot this type of network architecture? Five are the main group of commands used to...
View ArticleClik here to view.
Critical SSH flaw affects Nexus 9000
The first of May, Cisco has revealed that its Nexus 9000 fabric switches have a critical flaw that could allow anyone to remotely connect to a vulnerable device using Secure Shell (SSH) and control it...
View ArticleClik here to view.
StackWise Virtual on Catalyst 9500
During the Cisco Live 2016 in Las Vegas, Cisco presented the new feature named “StackWise virtual” supported by the IOS XE Denali in the 3850 switch series and later, in the new Cisco Catalyst 9500...
View ArticleClik here to view.
BGP route leak sends European traffic via China
On Thursday June 6, 2019, traffic destined to some of Europe’s biggest mobile providers was misdirected in a roundabout path through the Chinese-government-controlled China Telecom, in some cases for...
View ArticleClik here to view.
How to set up raid on Cisco ISE appliance
Recently, I have installed an ISE 2.6 cluster based by two SNS3615 appliances. After some months, the customer asked me to redundant each hard disk with RAID1. To accomplish this request, it is...
View ArticleClik here to view.
802.1x: Introduction and general principles
IEEE 802.1X is an IEEE Standard for port-based Network Access Control to prevent unauthorized devices from gaining access to the network. It defines the encapsulation of the Extensible Authentication...
View ArticleClik here to view.
How to configure PassiveID in Cisco ISE
Starting from ISE 2.2, PassiveID is a feature to gather user-to-IP mapping information with or without having 802.1X deployed. PassiveID gathers information from the Microsoft Active Directory...
View ArticleClik here to view.
An overview to Cisco ISE-PIC
The Cisco ISE Passive Identity Connector aka Cisco ISE-PIC is a software designed to gather authentication data (user-ip mapping) from numerous sources (active directory, Syslog, SPAN, …) and...
View ArticleClik here to view.
802.1X Deployment Guide: Global configuration
In the previous article, I illustrated what are the dot1x and the benefits related to it. Just to remember that 802.1X authentication involves three parties: a supplicant, an authenticator, and an...
View ArticleClik here to view.
Cisco FMC user control with ISE-PIC
In the article “How to configure PassiveID in Cisco ISE“, I explained how PassiveID gathers information from the Microsoft Active Directory environment allowing user-to-IP mapping information with or...
View ArticleClik here to view.
12 high-severity bugs in ASA and Firepower
Few days ago, Cisco Psirt published twelve Cisco ASA and FTD vulnerabilities with “high” score. Eight of them can cause denial of service, while three can bypass authentication. Below the details of...
View ArticleClik here to view.
An overview to Cisco DUO
On October 1, 2018, Cisco announced the completion of its acquisition of Duo Security, a privately-held, unified access security and multi-factor authentication company headquartered in Ann Arbor. What...
View ArticleClik here to view.
How to configure SNMP On FirePower Using FDM
The Cisco Firepower can be managed with two different solutions: Firepower Device Manager (FDM) Firepower Management Center (FMC) FDM lets you configure the basic features of the software that are most...
View ArticleClik here to view.
Using NPS to manage Cisco devices
In a a previous article, I illustated how to configure Radius server on Cisco switch/router. In this tutorial, I explain how to install and configure a free radius server (Microsoft NPS) to control...
View ArticleClik here to view.
How to build a console server with Raspberry
In the last years, one of my passions are raspberry and arduino projects. Recently, surfing the linkedin articles, I noticed one: build a console server with a raspberry. Nowadays, there are several...
View ArticleClik here to view.
Upgrade Catalyst 9000 series
In the past, upgrade a switch was very easy: upload the IOS file (a .bin file), change the bootvar and reload the switch; then Cisco introduced the tar file using the “archive download-sw” command. The...
View ArticleClik here to view.
Cisco ISE 2.7 upgrade guide
One year ago, Cisco published the Cisco ISE 2.7 release. Now, this release is the suggested one. It is possible to upgrade directly from release 2.2, 2.3, 2.4 or 2.6 and upgrading process can be done...
View ArticleClik here to view.
How to decapsule ERSPAN tunnel
Recently, I needed to send SPAN traffic to a network analyzer, but I had to resolve two problems: The network analyzer was installed on a virtual machine. I could not manage the virtual switch. For...
View ArticleClik here to view.
How to allow multi IP address from the same wireless client
Few days ago, my customer called me for a strange wifi problem. When two or more devices with static IP address are bridged behind a wifi client adapter, only one of these devices can reach the...
View Article
