The Device Sensor feature on Cisco Catalyst switches can be used for profiling on ISE. It collects additional information about endpoints connected to the switch using LLDP, CDP and DHCP protocols which other ISE Probes may not collect. The endpoint information is encapsulated in a RADIUS accounting packet and then forwarded to ISE. The Device… Continue reading Using Device Sensor with Cisco ISE Profiling
The purpose of this blog post is to document the configuration steps required to configure Wired 802.1x and MAB authentication on Cisco Catalyst switches using Cisco ISE 2.0 as the RADIUS server. ISE will be configured to use Microsoft AD as the External Identity Store to authenticate the users and computer onto the AD domain.… Continue reading Configuring Wired 802.1x/MAB Authentication with Cisco ISE
VTP (VLAN Trunking Protocol) is a layer 2 protocol that maintains VLAN configurations, managing addition, deletions and changes of VLANs within a VTP domain. A VTP domain is one switch or multiple connected switches (via a trunk link) that share the same VTP configuration. Only 1 VTP Domain supported per switch. VTP domain is… Continue reading CCNP SWITCH: VLAN Trunking Protocol (VTP)
I needed to distribute routes between an HP ProCurve and a Cisco Catalyst switch. The HP ProCurve switch mode used was a 3500-48yl without the premium license; therefore I was only able to use RIP and not OSPF. The Cisco switch used was a Catalyst 3560-8 IOS 12.2(55) IPBase. You will notice from the… Continue reading Configuring RIP between HP ProCurve and Cisco Switches
VLAN ACLs (VACLs) provide traffic filtering for all packets within the same VLAN or that are routed into or out of the VLAN, where as a normal ACL can only be applied to routed packets only. VACLs are also known as VLAN access-maps, they are similar to route maps and use route-map conventions in which… Continue reading CCNP SWITCH: VLAN Access Control Lists (VACL)
It is best practice to not only control access to a Cisco Switch or Router VTY lines but encrypt the management traffic. This blog post describes how to enable SSH and configure a basic ACL to permit traffic from trusted source ip subnet. Configure the Cisco device with a hostname and domain name Switch (config)#… Continue reading Securing VTY lines on Cisco Router/Switches
Additional Spanning Tree Protocol (STP) commands such as BPDU Protection, BPDU Filtering, Admin-Edge and Loop Protection exist to enhance implementations of STP and ensure a loop free network.