Cisco ISE REST API & Python

I've been faced with a fun little challenge on how to make sure our ISE deployment has every NAD (Network Access Device) configured appropriately to allow for successful EAP communications. Originally I was planning on utilizing a CSV and the bulk import tool to regularly import new devices into ISE as they were built. This allows … Continue reading Cisco ISE REST API & Python

Advertisements

IKEv2 with RSA Signatures

Currently my studies have taken me on an adventure into the wonderful world of Cisco Security. I am studying for the 300-209 (SIMOS) certification exam which is VPN technologies including DMVPN, FlexVPN, and a few other flavors of VPN.I find it interesting that so many try very hard to avoid having to implement security because its … Continue reading IKEv2 with RSA Signatures

Hiding (filtering) a specific user from reporting in Cisco ISE

I ran into an interesting problem preparing for an 802.1x deployment - the authentications report in Cisco ISE was full of all the network devices checking to make sure ISE was still available (health checks). As seen below the load balancer's keep alive fill the logs pretty much on their own, imagine trying to troubleshoot a … Continue reading Hiding (filtering) a specific user from reporting in Cisco ISE

Controlling Traffic to a Virtual Server on F5

There are multiple ways to control what traffic is allowed or not allowed through a BIG-IP F5 system or for specific Virtual Servers (VS). The following method uses F5's AFM (Application Firewall Manager) module to create security policies which are then applied to a specific VS. For this method example, traffic from three specific hosts … Continue reading Controlling Traffic to a Virtual Server on F5

Attacking HSRP and how to protect it

I covered HSRP (Hot Standby Router Protocol) in a previous post that went into great detail on how HSRP functioned and a few enhancements to it. This time around I figured it would be fun to see what we could do to a typical HSRP deployment, and then research ways to further protect it. For this scenario … Continue reading Attacking HSRP and how to protect it

CCIE Homelab Tips, Tricks, & Thoughts CSR1000V memory optimization

With the completion of my Master's degree I now have more free time to start preparing for my deep dive into my CCIE studies. Recently I've been working on getting my lab environment together. What I've decided was to do a mixture of both physical hardware and virtual instances which includes a few "pods" of … Continue reading CCIE Homelab Tips, Tricks, & Thoughts CSR1000V memory optimization

Sending commands to multiple Terminal Sessions at one time

A few weeks ago I had to hunt down PCs but had no idea where they physically were or what switchports they were connected to. To determine the location of a PC the following steps were taken: Ping the PC IP address - This refreshes the ARP and MAC-Address tables with the current MAC address and … Continue reading Sending commands to multiple Terminal Sessions at one time