About me

My name Rob Rademakers and I live in the province “Limburg” in the south of the Netherlands.

ihN2CCne

I’m working as a network infrastructure consultant for Open Line Consultancy in the Netherlands since 2007, I started right after my graduation. I’m mostly working on integrating customers to (our) datacenters

I’m Cisco certified as CCNP Routing & Switchting, CCNP Security, CCDP and I’ve a lot of Cisco Specialist certifications. Mostly in the datacenter networking area. At this moment, I’m also studying for the CCIE R&S lab exam. Besides these certifications, I’ve experience in designing datacenter networks and architectures with products and technologies like Nexus 1000v, 2000, 5000, 7000, ASR, OTV etc.

My current Cisco certifications:

Data Center Networking Infrastructure Design Specialist
Data Center Application Services Design Specialist
Cisco Certified Network Professional (CCNP)
Cisco Certified Designing Professional (CCDP)
Cisco Certified Security Professional (CCSP / CCNP Security)
Cisco ASA Specialist
Cisco Securing Networks With Cisco Routers and Switches (SNRS)
Cisco IPS Specialist (IPS)
Cisco Certified Design Associate (CCDA)
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Associate Security (CCNA Security)

 

  • Ted

    Heuy Rob,

    Ik had het linkje van Rob K gezien en niet geschakeld dat het jouw site was…. doh :mrgreen:

    *bookmarked

    kom ik je ook na werk lastige vragen stellen ­čśë

    Groeten, Ted

    • RRR

      Schaam je

  • Hi,
    Thanks for this post.I like this.I will come back and read again and get more information about this.

  • Hilman Firmansyah

    Hi…how to get password for your ISE Guide 2 – 10, drop me email at [email protected]

  • TC Hayri Sezer

    Hi,

    Thanks for ise documents. But part 7,8,9 can not see nothing. Please help.

  • shahul hameed

    Hi Rob, Thanks alot for the ISE Documents. But Part 7 unable to view. Also are there any updated ISE documents

  • Anees Mohiuddin

    Hi Rob,
    any plans for doing a ISE 1.3 series ?

    • Hi,
      I do have plans for a new series or upgrading the 1.1 series. But I’m receiving a lot of requests for a new series, so I’m going to start a new one soon ­čÖé

  • majnu

    Hi Rob
    Do you have anything for ESA configuration guideline?
    Thanks

    • Hi,
      I’m sorry to tell you that I’ve no blogs for ESA planned yet.

  • Muthu Arun

    Hello Rob,
    wsa section
    Part 7: Defending malware needs to be checked. not opening

  • Andre Rizal Sinaga

    Hello Rob,

    I’m doing an 802.1X authentication implementation with a server radius using multi-host mode.

    for server radius, I use windows server 2008 R2 Enterprise with installed roles like AD DS, AD CS, DNS Server, DHCP Server, Network Policy and Access Services (NPS). I use PEAP -MsChapV2 method.

    for authentication when successfully will be redirected to vlan 10, and if failed will be directed to vlan 30.

    for authenticator and supplicant switches, I use Cisco Catalyst 2960-CX series.

    network topology:

    3 clients — g0/2, g0/3, g0/4 — suplicant switch (switch2) — g0/1 (supplicant switch) to g0/3 — switch authenticator (switch1) – g0/1 – server radius.

    script authenticator:

    Switch1#sh run

    Building configuration…

    Current configuration : 3391 bytes

    !

    ! Last configuration change at 06:17:02 UTC Fri Nov 3 2017

    ! NVRAM config last updated at 06:17:09 UTC Fri Nov 3 2017

    !

    version 15.2

    no service pad

    service timestamps debug datetime msec

    service timestamps log datetime msec

    no service password-encryption

    !

    hostname Switch

    !

    boot-start-marker

    boot-end-marker

    !

    !

    aaa new-model

    !

    !

    aaa authentication dot1x default group radius

    aaa authorization network default group radius

    aaa accounting network default start-stop group radius

    !

    !

    !

    !

    !

    !

    aaa session-id common

    system mtu routing 1500

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    crypto pki trustpoint TP-self-signed-375xxxx

    enrollment selfsigned

    subject-name cn=IOS-Self-Signed-Certificate-375xxxxxxxx

    revocation-check none

    rsakeypair TP-self-signed-3753xxxxxxxx

    !

    !

    crypto pki certificate chain TP-self-signed-3753304576

    certificate self-signed 01

    3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

    31312F30 2D060355 040xxx6 494F532D 53656C66 2D536967 6E65642D 43657274

    69666963 6174652D 33373533 33303435 3736301E 170D3137 31303235 30373031

    31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37xxx333

    30343537 3630819F 300D0609 2A864886 F70D0101 01050003 8xxxx030 81890281

    8100C5DB 3CB9DFF2 77BDF4BA 5A9A2842 B7xxx4A0 58FC948F EF638567 64FCCDC0

    F842FB87 D1A7509F CF178E66 81578924 AA24C583 F6F82921 898DA3A5 826F81B5

    4DB19C29 35ECE681 D8A60EFF 2587AA24 F87A606D B1645B14 8F8CCBA5 2441947C

    2F646F38 AB657A8D 2E2A7EED F716FF61 147A875D 654C2180 3B6C5789 3618C7FE

    BCF30203 010001A3 53305130 0F0xxxx 1D130101 FF040530 030101FF 301F0603

    551D2304 18301680 147771B2 F7F18xxx 1E7361EF E18B497D DEDDxxxx C301D06

    03551D0E 04160414 7771B2F7 F18FB41E 7361EFE1 8B497DDE DDD572CC xxxxD0609

    2A864886 F70D0101 05050003 81810085 2E8424AF 2FE7AEFC 74D07E7C BE1E141F

    79F2E7EC 263877AE F6532F13 4D069CDA 80C7A219 8AEACB31 443CC054 9466502F

    40317CF6 4D5F7409 D05590CE D74E29C4 F0A95E69 D4B26372 0086C7E9 14A37DBE

    3DE0BBB7 355DF39B 5169479C 24Bxx0B 91E13BEE 99C46D24 1A00CFDC 0D5C60A0

    2BEEA481 0C60152E xxA59BCC 0E7D62

    quit

    dot1x system-auth-control

    !

    spanning-tree mode rapid-pvst

    spanning-tree extend system-id

    !

    !

    !

    !

    vlan internal allocation policy ascending

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    interface GigabitEthernet0/1

    switchport mode access

    !

    interface GigabitEthernet0/2

    !

    interface GigabitEthernet0/3

    switchport mode access

    authentication event fail action authorize vlan 30

    authentication event no-response action authorize vlan 30

    authentication host-mode multi-host

    authentication port-control auto

    dot1x pae authenticator

    !

    interface GigabitEthernet0/4

    !

    interface GigabitEthernet0/5

    !

    interface GigabitEthernet0/6

    !

    interface GigabitEthernet0/7

    !

    interface GigabitEthernet0/8

    !

    interface GigabitEthernet0/9

    !

    interface GigabitEthernet0/10

    !

    interface GigabitEthernet0/11

    !

    interface GigabitEthernet0/12

    !

    interface Vlan1

    ip address 10.123.10.250 255.255.255.0

    !

    interface Vlan10

    ip address 172.16.10.250 255.255.255.0

    ip helper-address 10.123.10.10

    !

    interface Vlan30

    ip address 172.16.30.250 255.255.255.0

    ip helper-address 10.123.10.10

    !

    ip forward-protocol nd

    ip http server

    ip http secure-server

    !

    !

    !

    !

    !

    !

    radius server host

    address ipv4 10.123.10.10 auth-port 1812 acct-port 1813

    key 12345

    !

    !

    line con 0

    line vty 5 15

    !

    end

    ============================================================================

    script switch supplicant:

    Switch2#sh run

    Building configuration…

    Current configuration : 973 bytes

    !

    ! Last configuration change at 06:17:51 UTC Fri Nov 3 2017

    !

    version 15.2

    no service pad

    service timestamps debug datetime msec

    service timestamps log datetime msec

    no service password-encryption

    !

    hostname Switch

    !

    boot-start-marker

    boot-end-marker

    !

    !

    no aaa new-model

    system mtu routing 1500

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    spanning-tree mode rapid-pvst

    spanning-tree extend system-id

    !

    !

    !

    !

    vlan internal allocation policy ascending

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    interface GigabitEthernet0/1

    !

    interface GigabitEthernet0/2

    !

    interface GigabitEthernet0/3

    !

    interface GigabitEthernet0/4

    !

    interface GigabitEthernet0/5

    !

    interface GigabitEthernet0/6

    !

    interface GigabitEthernet0/7

    !

    interface GigabitEthernet0/8

    !

    interface GigabitEthernet0/9

    !

    interface GigabitEthernet0/10

    !

    interface GigabitEthernet0/11

    !

    interface GigabitEthernet0/12

    !

    interface Vlan1

    no ip address

    !

    ip forward-protocol nd

    ip http server

    ip http secure-server

    !

    !

    !

    !

    !

    line con 0

    line vty 5 15

    !

    end

    Switch#

    i found the problem, when my authenticator connect to switch supplicant then the authentication notification does not appear to client. direct authentication failed.

    from my configuration above, is there anything wrong or need to be added?

    I beg for his help, thank you very much.