Adam Hollifield

Brooker Creek is a small waterway in Northwest Hillsborough and Pinellas Counties. Brooker Creek flows through two nature preserves, agricultural, and residential areas before eventually emptying into Lake Tarpon. Lake Tarpon then flows into Tampa Bay. Brooker Creek Headwaters Nature Preserve is a 1121 acre preserve located in the Keystone area of Hillsborough County. It is owned by the Southwest Florida Water Management District and operated by Hillsborough County Conservation and Environmental Lands Management Department . This preserve exists to protect the health of the headwaters of Brooker Creek and its contribution to Lake Tarpon and Lake Keystone. The preserve includes several miles on unpaved hiking paths and also contains portions of the paved Upper Tampa Bay Trail from Van Dyke Road to the Suncoast Parkway on Lutz Lake Fern Road. The headwaters consist of a chain of wetlands on the north side of Lutz Lake Fern Road (outside of the preserve boundary) and flow southwest until...

Below is a template for Aruba AOS-CX Switches for 802.1X and MAB. This template can be used with any standards-based RADIUS server such as Aruba ClearPass, Cisco Identity Services Engine, Fortinet FortiAuthenticator, FortiNAC, FreeRADIUS, etc. This configuration is just basic 802.1X and MAC Address Bypass, it does not cover Downloadable User Roles (DUR) or other advanced Aruba segmentation features.  The various sections of the configuration are explained prior to each as a comment denoted by !. This configuration should be valid for any version of AOS-CX and has practically been tested with both Cisco ISE and Aruba ClearPass. !Define the RADIUS servers. This can be a ClearPass VIP, a load-balancer, or the actual RADIUS servers. Replace the x.x.x.x with your RADIUS server IPs. radius-server host x.x.x.x key plain-text SuperSecureKey! radius-server host x.x.x.x key plain-text SuperSecureKey! !Place the RADIUS servers inside a AAA group. Replace [name] with the whatever name you...

I see a lot of customers continue to use PEAP/MS-CHAPv2 for 802.1X network authentication to Cisco ISE and other network access control platforms and RADIUS servers.  STOP!   MS-CHAPv2 uses broken MD4 encryption and should no longer be used to pass sensitive credentials over any network.  Microsoft has taken steps to disable PEAP/MS-CHAPv2 for Active Directory credentials in updated versions of Windows 10 and Windows 11.  You can get around this with a registry hack but it's still a BAD idea.  If you are still using MS-CHAPv2 for 802.1X authentication, it's time to migrate to certificate based authentication methods instead such as EAP-TLS.  Even better, use TEAP with user and machine authentication using certificates.   Some use-cases (like BYOD or guest access) could also transition to SAML-based authentication to your IDP of choice.  SAML Assertion sometimes can remove the need for a RADIUS server all together.  Having a secure, robus...

I'm happy to announce that I have received the Aruba Network Airheads MVP Expert designation for 2024 for my assistance in the Airheads forum around ClearPass design, implementation, and troubleshooting.  Be sure to check out all of the 2024  MVPs .

I'm pleased  to announce that I have been recognized as a Cisco Community Designated VIP for 2024 for my assistance in the Cisco Secure Network Access Control community focusing on Identity Services Engine.  Be sure to check out all of the   Cisco Community Designated VIPs .

Today Cisco Meraki announced the MS130R rugged switch .  This is the first rugged Meraki switch; it's IP30 certified with an operating temperature of -40 to 70 degrees Celsius.  This enables the cloud first Meraki configuration and support model in harsh/challenging environments.  The switch includes eight 30W POE+ capable 1GbE RJ45 ports and two 1GbE SFP ports.  As with any industrial/rugged switch it can be powered by DIN rail DC power or an external AC power supply.  The two SFP ports support a variety of Cisco ruggedized SFPs: GLC-SX-MM-RGD, GLC-LX-SM-RGD, GLC-ZX-SM-RGD, and GLC-T-RGD. One of the most exciting things to me is that the MS130-X (also announced today) and MS130R will  support Adaptative Policy in a future MS firmware update.  This will extend the Adaptive Policy boundary to harsh environments to enable micro-segmentation in even more locations.  Meraki Adaptive Policy also seamlessly integrates with Cisco Identity Services Engi...

In this article I'm going to go through updating Junos OS on an EX2300-C switch using the Mist Dashboard.  This functionality is included in the Wired Assurance Subscription.  Once the switch is claimed in your Mist organization (maybe a topic for another post?) the switch will be added to the Switches view and various statistics will be displayed. Next, check the selection box for the switch(es) to upgrade and click the Upgrade Switches button in the top right.  A new window will appear with a selection of the version of Junos to upgrade to. This pane also includes checkboxes to force a switch reboot once the image is copied.  A reboot can also be performed at later time (for example during a maintenance window) instead of automatically at the end of the Junos image download.  A recovery snapshot can also be created for easy rollback to the currently running version of Junos in case of a code related issue.  Finally, the End User License Agreement must be ...