I’ve only recently started diving a bit deeper into Cisco Firepower. I’ve heard some mixed reviews regarding using and upgrading Firepower Management Center and the FTDs. Some have had decent luck while others seem to run into issues. As I have an FMC that is non-production (for now), I’ve decided to upgrade it to the latest version and find out for myself how difficult these upgrades are. I’ll also need to head into version 6.7 for some SAML capabilities on the FTDs. One factor you should look for when deciding to use certain products is how easy it is to maintain them. Continue reading “Simple Cisco FMC Upgrades”
When it comes to a user’s Remote Access, Cisco’s AnyConnect has been a leader. It just works. That has been my experience as a user. That experience is also consistent for a user if their remote connection has a headend of an ASA or Firepower. However, one thing to note is that the backend administration and setup of Remote Access is different between the two. The ASA’s Remote Access setup has many bells and whistles that Firepower does not, but Firepower’s setup is pretty simple. We’re going to be setting up Remote Access using Firepower, but we are also going to leverage the Cisco Identity Services Engine for authorization policies as well as Cisco Duo for that extra layer of Multi-Factor Authentication protection. Continue reading “Firepower, ISE, and Duo: VPN Config”
To quote the late Bob Ross, “It’s hard to see things when you are too close. Take a step back and look.” When you are in the middle of those early morning troubleshooting sessions, it can be easy to panic. First, you are dealing with being woken up abruptly; everything is fuzzy. Then the person on the other end of the line might not be able to explain exactly what is happening. This combination usually leads to some fun times, sarcastically speaking. The best advice is to take that step back and look at the overall picture. No matter what your troubleshooting approach might be, the goal is to have one. The worst thing you can do is aimlessly wander around hoping to bump into the solution. In this entry I will dig into my mental ticket system of random issues I’ve ran into over the years, pull out three, and cover how those issues were resolved. Continue reading “Adventures in Troubleshooting: Chapter 1”
Who doesn’t love to make plans and have goals? It’s January of 2021. Let’s not discuss what happened last year. Many of us accomplished different things and many of us did not. No matter what happened last year, I’d like to look forward to making plans for this year. However, making plans is not enough. Executing is what needs to happen. Sometimes our execution is derailed by many outside factors throughout the year. This will happen. I believe it is best not to thrust all of our worries on the things we cannot control. Let’s focus our energy on the what is within our reach. As a network engineer, there are a few goals I want to briefly write about. I am hoping writing it will help keep me accountable. Continue reading “2021: Thinking Forward”
I have been nominated as a finalist in the 2020 Cisco IT Blog Awards! I feel blessed to have something I started last year be selected. My main goal in my blog is to motivate others in their IT career. We are all in this together. I have been selected as a finalist for the Most Inspirational category. One thing is for certain, I love to write and I love to motivate.
My one ask as we close this year out is that you take a moment and vote. Look through all the blogs and follow all of the good talent out there in each category. The winners will be announced early next year.
You can vote and check out the entries here: https://www.ciscofeedback.vovici.com/se/705E3ECD2A8D7180
Today’s networks have security and visibility requirements that can warrant complicated designs. A proper routing design takes time. Implementing security takes some thought. Having a properly segmented network goes beyond tossing a bunch of VLANs on a switch. One of the goals in a segmentation design is to engage the business and find out the who, what, where and why of communication in the network. If you know those business purposes, you can design around it. You can implement routing and firewall rules to control who or what has access to certain assets. In this entry to the blog, I have implemented a basic segmented network using EVE-NG. Let’s take a tour! Continue reading “The Occasion for Segmentation”
As we are busy diving into the world of programming and automation, I’d like to remind everyone of a way to make simple config changes to a Cisco switch or router using a text file. This might not be a breakthrough, but it helps when making changes to switches or routers when those changes can possibly disconnect you from the device. Imagine working on a re-IP of a switch or even a point to point link. You have your notepad ready to go. There is a new IP and default route and all you have to do is copy/paste. You paste in the IP and lose connection. Your default route change never actually pasted because you lost connection right after the IP change. You can no longer connect to the device; panic ensues. What might be a better way to make this change and avoid the “Uh oh!” moment? Continue reading “Simple Cisco Text File Changes”
If you are an administrator in a network somewhere you probably already know an important fact: Everything needs maintenance. At one point or another you have to upgrade something. In a perfect world, we would have consistent upgrade windows and periods of time we can take down a network for maintenance. If you have that, you are a lucky person. Looking for maintenance windows might fall into the same category as spotting a UFO. Often times, bugs or vulnerabilities bring forth these needed maintenance windows. In this case, I am upgrading a 3504 controller from version 188.8.131.52 to 184.108.40.206. The reason: CSCvs89410. This bug can corrupt images on 3600 and 3700 series access points. Continue reading “Cisco 3504 Software Upgrade”