DMVPN Phase 1

Part 1 in a four part series, this post will look at the configuration of DMVPN Phase 1 and the routing implications using OSPF. Although Phase 1 today is considered obsolete, it is still worth reviewing.

Prior to delving into the specifics of DMVPN Phase 1 configuration, let’s start with a underlay network – NBMA (Non-Broadcast Multi-access Network), the underlay can either be the public internet or a MPLS network.
Continue reading “DMVPN Phase 1”

DMVPN Phase 2

In the first post of this series, DMVPN Phase 1, the DMVPN concept and configuration parameters that were pertinent to the configuration for Phase 1 were explored. Although the parameters are similar to Phase 1 for Phase 2, the actual operation of traffic flows and routing configuration has changed.
Continue reading “DMVPN Phase 2”

Sublime Text Snippets for Cisco WLC ACLs

Part of a consultants/engineers job unfortunately is to configure things which can be quite repetitive in nature, every time I find something that needs to be done twice I will create a script in whatever language best fits the purpose. It’s also a great way to ensure that you don’t make silly mistakes, other than trying to make your workflow better. Continue reading “Sublime Text Snippets for Cisco WLC ACLs”

ISE: Posture-Profiler High Level Flow of Events

The following diagram is a High-Level Flow overview of how ISE makes decisions for authentication requests, particularly important for Posture and Profiler Decisions. Continue reading “ISE: Posture-Profiler High Level Flow of Events”

Backing up a Cisco ISE Environment – Standalone or Distributed

A quick post on the correct way of doing backups on ISE. There are a few instances I have seen, where ISE is not being backed up using the supported (correct) method as dictated by Cisco. This is especially true in vSphere environments, where VCB backups of the ISE nodes are used as the sole backup. Continue reading “Backing up a Cisco ISE Environment – Standalone or Distributed”

ISE 1.3/1.4 BYOD Provisioning Flow

Quick post; I wanted to upload a diagram showing a basic BYOD device flow through ISE for an Apple IOS device. The diagrams purpose is to show what happens at what stage and to give an implementation engineer an understanding of where to go in ISE to configure BYOD. There is plenty of great documentation from Cisco that covers this but I haven’t seen a diagram that documents the flow…. Hope this helps Continue reading “ISE 1.3/1.4 BYOD Provisioning Flow”

Upgrading to Cisco ISE 1.4

ISE 1.4 was released on the 6th May 2015, this release in my opinion is a minor release. Unlike ISE 1.3 which introduced some big features, namely the Internal Certificate Authority, this release unfortunately doesn’t go as far.

Continue reading “Upgrading to Cisco ISE 1.4”

ASA 5506-X – Adding FirePOWER Licenses

A quick post on how to add licenses to your FirePOWER module on the Cisco ASA 5506-X, the process would be similar using the FireSIGHT Manager.

Continue reading “ASA 5506-X – Adding FirePOWER Licenses”