By now you should know that username and Password123 are not enough to protect access to your data. Even creating a complex password or a pass-phrase (which you should do) might not help you when your info gets dumped out on the internet from the latest data breach. Multi-factor Authentication (MFA) can help add another layer of verification to make sure you really are the person who is going to access a resource and not just someone who knows a username and password. In this entry, we will use Duo as our MFA solution with Cisco ISE configured for Device Management to verify who I am when I try to login to a network switch. Continue reading “MFA All Things: Infrastructure”
Cisco’s Identity Services Engine (ISE) allows network and security teams to implement policy enforcement and weave in network access control in an automated fashion. ISE provides the visibility to allow intelligent decision making that gives administrators granular control. This granular control serves as a benefit when it comes to managing devices. What does Device Management look like with ISE? How do we utilize TACACS+ based AAA to give administrators granular control? This blog entry will dive into those details. Continue reading “Device Management with Cisco ISE”
We make choices everyday. Some of the choices are simple. Do I wear pajama pants or jeans today? Am I having breakfast? Do I want coffee? Whether it is a yes or no, those choices are not life changing. However, once in a while there are more complex choices to make. Do I want to move to a different company? Is it time for a career change? Those questions are not easily answered. They require thought. Big changes impact your life. They can impact your family’s lives. Wanting to grow and wanting more led me to ask those questions. The answers led me to a change from a life in operations into a sales role. Continue reading “The Career Change”
I’ve only recently started diving a bit deeper into Cisco Firepower. I’ve heard some mixed reviews regarding using and upgrading Firepower Management Center and the FTDs. Some have had decent luck while others seem to run into issues. As I have an FMC that is non-production (for now), I’ve decided to upgrade it to the latest version and find out for myself how difficult these upgrades are. I’ll also need to head into version 6.7 for some SAML capabilities on the FTDs. One factor you should look for when deciding to use certain products is how easy it is to maintain them. Continue reading “Simple Cisco FMC Upgrades”
When it comes to a user’s Remote Access, Cisco’s AnyConnect has been a leader. It just works. That has been my experience as a user. That experience is also consistent for a user if their remote connection has a headend of an ASA or Firepower. However, one thing to note is that the backend administration and setup of Remote Access is different between the two. The ASA’s Remote Access setup has many bells and whistles that Firepower does not, but Firepower’s setup is pretty simple. We’re going to be setting up Remote Access using Firepower, but we are also going to leverage the Cisco Identity Services Engine for authorization policies as well as Cisco Duo for that extra layer of Multi-Factor Authentication protection. Continue reading “Firepower, ISE, and Duo: VPN Config”
To quote the late Bob Ross, “It’s hard to see things when you are too close. Take a step back and look.” When you are in the middle of those early morning troubleshooting sessions, it can be easy to panic. First, you are dealing with being woken up abruptly; everything is fuzzy. Then the person on the other end of the line might not be able to explain exactly what is happening. This combination usually leads to some fun times, sarcastically speaking. The best advice is to take that step back and look at the overall picture. No matter what your troubleshooting approach might be, the goal is to have one. The worst thing you can do is aimlessly wander around hoping to bump into the solution. In this entry I will dig into my mental ticket system of random issues I’ve ran into over the years, pull out three, and cover how those issues were resolved. Continue reading “Adventures in Troubleshooting: Chapter 1”
Who doesn’t love to make plans and have goals? It’s January of 2021. Let’s not discuss what happened last year. Many of us accomplished different things and many of us did not. No matter what happened last year, I’d like to look forward to making plans for this year. However, making plans is not enough. Executing is what needs to happen. Sometimes our execution is derailed by many outside factors throughout the year. This will happen. I believe it is best not to thrust all of our worries on the things we cannot control. Let’s focus our energy on the what is within our reach. As a network engineer, there are a few goals I want to briefly write about. I am hoping writing it will help keep me accountable. Continue reading “2021: Thinking Forward”
I have been nominated as a finalist in the 2020 Cisco IT Blog Awards! I feel blessed to have something I started last year be selected. My main goal in my blog is to motivate others in their IT career. We are all in this together. I have been selected as a finalist for the Most Inspirational category. One thing is for certain, I love to write and I love to motivate.
My one ask as we close this year out is that you take a moment and vote. Look through all the blogs and follow all of the good talent out there in each category. The winners will be announced early next year.
You can vote and check out the entries here: https://www.ciscofeedback.vovici.com/se/705E3ECD2A8D7180