Cisco Firepower Chassis Manager Radius Configuration

There are many configuration guides on the Cisco website with details about configuring RADIUS and TACACS+ on a Cisco Firepower Chassis Manager. See this link for the configuration guide for 2.0(1).

In this document, you can read the following comment:

Remote User Role Policy Controls what happens when a user attempts to log in and the remote authentication provider does not supply a user role with the authentication information:

  • Assign Default Role—The user is allowed to log in with a read-only user role.
  • No-Login—The user is not allowed to log in to the system, even if the username and password are correct.

But… it’s very hard to find what attributes are needed to assign a user the administrator role.

(more…)

Cisco Nexus 9000 update 2016

This blog is about recent updates on the Cisco Nexus 9000 series datacenter switches. This describes my view on the switches and technologies.Nexus9k

Nexus 9000 series is currently Cisco’s flagship on datacenter networking. This is today and still for tomorrow.  Mounting the Nexus 9000 switches should be the last physical and configuration work you’ve done in the (future?) datacenter. All upcoming tasks (aka.. Configuring and provisioning the switches) should be done automatically by any automation tool. We have to move from our traditional networking tools to more automating and orchestration tools from today on. Nobody wants or has time to manually configure all these switches like in the old days.

The Nexus 9000 series switches are ready to achieve this with many on-the-box features like automation with PoAP, REST CALL with NXAPI and the “unix-way of management”. This, to program and configure the network / fabric.

(more…)

Cisco ISE 2.0 – Guest authentication ISE configuration

This is a 4 part blog series about configuring Cisco ISE 2.0 for WLAN authentication and WLAN Guest authentication (split into two parts) on a Cisco Wireless LAN Controller (WLC).

ISEimageFor more guides about configuring (previous) Cisco ISE, see this page.This is part 4, the ISE configuration for guest access

Configure Cisco ISE

The Authorization profile will be created first, then the authentication and authorization policies are configured.

(more…)

Cisco ISE 2.0 – Guest Authentication

This is a 4 part blog series about configuring Cisco ISE 2.0 for WLAN authentication and WLAN Guest authentication (split into two parts) on a Cisco Wireless LAN Controller (WLC).ISEimage

For more guides about configuring (previous) Cisco ISE, see this page.This is part 3, configuring the Cisco WLC for guest access.

Configure WLAN’s on WLC

  1. Navigate to WLAN’s, Create new

Picture12. Configure General Settings:

(more…)

Cisco Tetration Analytics introduction

Cisco introduced a new datacenter product yesterday (june 15 2016): Tetration Analytics.

Tetration1

Cisco Tetration Analytics. Monitoring everything, analyze in real time, actionable insights

Tetration Analytics is an solution to monitoring, analyzing and replaying datacenter traffic. If you’ve had a attack a few weeks ago and a fix is available now, the traffic of the attack can be replayed to verify if the fix is working (awesome!). A few slides to introduce the product:

Tetration2

(more…)