Cisco ISE 2.0 – Guest Authentication

This is a 4 part blog series about configuring Cisco ISE 2.0 for WLAN authentication and WLAN Guest authentication (split into two parts) on a Cisco Wireless LAN Controller (WLC).ISEimage

For more guides about configuring (previous) Cisco ISE, see this page.This is part 3, configuring the Cisco WLC for guest access.

Configure WLAN’s on WLC

  1. Navigate to WLAN’s, Create new

Picture12. Configure General Settings:

(more…)

Cisco Tetration Analytics introduction

Cisco introduced a new datacenter product yesterday (june 15 2016): Tetration Analytics.

Tetration1

Cisco Tetration Analytics. Monitoring everything, analyze in real time, actionable insights

Tetration Analytics is an solution to monitoring, analyzing and replaying datacenter traffic. If you’ve had a attack a few weeks ago and a fix is available now, the traffic of the attack can be replayed to verify if the fix is working (awesome!). A few slides to introduce the product:

Tetration2

(more…)

Cisco ISE 2.0 – Employee Authentication Based on 802.1x (User auth)

This is a 4 part blog series about configuring Cisco ISE 2.0 for WLAN authentication and WLAN Guest authentication (split into two parts) on a Cisco Wireless LAN Controller (WLC).ISEimage

For more guides about configuring (previous) Cisco ISE, see this page.This is part 2, creating authentication and authorization policies.

Create authentication policy

  1. Navigate to Policy, Authentication
  2. Edit, Wired_802.1X to include Wireless_802.1X, and select “ehlo.lan” domain store.

Picture1

(more…)

Cisco ISE 2.0 Active Directory & Radius

This is a 4 part blog series about configuring Cisco ISE 2.0 for WLAN authentication and WLAN Guest authentication (split into two parts) on a Cisco Wireless LAN Controller (WLC).

ISEimageFor more guides about configuring (previous) Cisco ISE, see this page.This is part 1, the prerequisites before you can start configuring any authentication method.

Add ISE to Active Directory domain

Login into ISE and add ISE to the Active Directory domain by following these steps:

(more…)

Cisco ACI Naming convention thoughts

As you might know, Cisco ACI is a object related product. Every object you will create has to be named with a unique name so it can be identified later. Because of the simple fact that you cannot rename objects (it’s not implemented yet) it’s highly recommended to think of a good naming convention before you start creating the first one.

If you really want to rename an earlier created object, you have to remove and recreate the object and link it again to all other linked object.

To give you a head start on the naming convention, you have to think about the following objects:

Fabric naming

  • SPINE / LEAF switch naming
  • APIC Naming
  • VLAN-pools
  • Domains
  • Attachable Access Entity Profile
  • Link Level Policy
  • Interface policy group
  • Interface Selector
  • Switch Selector
  • Switch Profile

Creating a naming convention is network specific, but try to take the following tips in consideration:

(more…)