Posts

Showing posts with the label Cisco

Cisco Meraki MS130R Ruggedized Switch

Today Cisco Meraki announced the MS130R rugged switch .  This is the first rugged Meraki switch; it's IP30 certified with an operating temperature of -40 to 70 degrees Celsius.  This enables the cloud first Meraki configuration and support model in harsh/challenging environments.  The switch includes eight 30W POE+ capable 1GbE RJ45 ports and two 1GbE SFP ports.  As with any industrial/rugged switch it can be powered by DIN rail DC power or an external AC power supply.  The two SFP ports support a variety of Cisco ruggedized SFPs: GLC-SX-MM-RGD, GLC-LX-SM-RGD, GLC-ZX-SM-RGD, and GLC-T-RGD. One of the most exciting things to me is that the MS130-X (also announced today) and MS130R will  support Adaptative Policy in a future MS firmware update.  This will extend the Adaptive Policy boundary to harsh environments to enable micro-segmentation in even more locations.  Meraki Adaptive Policy also seamlessly integrates with Cisco Identity Services Engi...
Post a Comment
Read more

How To: Cisco ISE Captive Portals with Aruba Wireless

See myself and Brad Johnson's   Cisco Community post .
Post a Comment
Read more

Cisco Cloud-scale Switching Innovations

Image
Cisco recently announced 800G capable switches focused on hyperscalers, financials, service providers, and other large organizations requiring high speeds and low latency. The 800G capable switches currently come in two flavors: the Nexus 9232E and the Cisco 8111.  Both are 1RU and powered by Cisco's Silicone One G100 ASIC (more on that below).  They support 32 QSFP-DD800 800G ports with the ability to break out to 2x400G or 8x100G offering even more port density from a compact 1RU platform.   What I think is really special about this launch surrounds the Cisco 8111.  While the Nexus 9232E supports running NX-OS; the Cisco 8111 supports third-party operating systems such as SONiC as well as IOS-XR.  This is a huge advantage for organizations who currently run white box switching solutions.  White box switches traditionally have high failure rates and suffer from poor technical support.  The Cisco 8100 series offers the world-class Cisco hardware q...
Post a Comment
Read more

Fix Cisco ISE Messaging Service

Cisco Identity Services Engine 2.6 introduced the concept of the ISE Messaging Service as an encrypted, lightweight protocol to replace syslog communication between the ISE nodes for logging purposes.  The ISE Messaging Services runs over TCP/8671.  In 2.6 Patch 2 and later, the Cisco ISE Messaging Service is enabled by default.   The overall implementation of the ISE Messaging Service has been buggy (but has gotten much better in recent versions) in both new ISE builds and upgrades.  One solution is simply to disable the ISE Messaging Service within Administration > System > Logging.  But then the ISE logging traffic isn't encrypted and the legacy syslog delivery method is not as efficient as the ISE Messaging Service so we will focus the rest of this article on how to identity and fix the ISE Messaging Service. Problem Identification Usually problems with the ISE Messaging Service involve a blank Live Logs page.  You know authentication is...
Post a Comment
Read more

Popular posts from this blog

Fix Cisco ISE Messaging Service

Cisco Identity Services Engine 2.6 introduced the concept of the ISE Messaging Service as an encrypted, lightweight protocol to replace syslog communication between the ISE nodes for logging purposes.  The ISE Messaging Services runs over TCP/8671.  In 2.6 Patch 2 and later, the Cisco ISE Messaging Service is enabled by default.   The overall implementation of the ISE Messaging Service has been buggy (but has gotten much better in recent versions) in both new ISE builds and upgrades.  One solution is simply to disable the ISE Messaging Service within Administration > System > Logging.  But then the ISE logging traffic isn't encrypted and the legacy syslog delivery method is not as efficient as the ISE Messaging Service so we will focus the rest of this article on how to identity and fix the ISE Messaging Service. Problem Identification Usually problems with the ISE Messaging Service involve a blank Live Logs page.  You know authentication is...
Read more

ClearPass MPSK per Device Type with Profiling

Image
Multiple Pre-Shared Key or MPSK helps solve for IOT or other endpoint device types that are not 802.1X capable.  The Aruba ClearPass default implementation of MPSK (the configuration created by the wizard) requires manually registering, enrolling, and managing individual PSK keys per endpoint using the ClearPass Guest dashboard.  While the most secure approach, excluding any sort of API based automation, this can obviously be a nightmare to manage and support due to the sheer number of PSKs.  This approach instead delivers a unique PSK per device type (printer, thermostat, etc.) so that each flavor of endpoint would have its own PSK.  If one PSK was compromised, then only those endpoints would need to be manually re-configured.  PSK rotation would also be limited to only those specific device types allowing rotation to take place slowly over several weeks rather than all devices at the same time on the SSID with a traditional single PSK; lessoning the burde...
Read more

Cisco Designated VIP 2024

I'm pleased  to announce that I have been recognized as a Cisco Community Designated VIP for 2024 for my assistance in the Cisco Secure Network Access Control community focusing on Identity Services Engine.  Be sure to check out all of the   Cisco Community Designated VIPs .
Read more