For many small businesses, open source software represents an unexplored gold mine. When you run a small business, budgets are always tight. While you need many of the same kinds of software that larger businesses need, you don’t have hundreds or thousands of dollars to spend on that software like bigger companies do. More Here…
Google+. I’m not sure how this slipped by us today. We didn’t login to G+ till the end of the day, and this is what we see.
Do you like the new look of G+?
We like the dummies series, to break ground into new technologies, for a quick jump start into the theory. Think of it as “Quick Start” instructions that come with a new gadget. They get you up and running but if you want to make the gadget dance you have to RTFM to get the details.
Being very accustomed to designing and configuring Cisco security devices, we thought dummies will be as good a start as any, til we can get our hands on a demo NGF somehow. Hey why not? It’s FREE!
Low and behold one of our customers just emailed us to let us know they had two Palo Alto Networks PAN-5050 NGF’s they wanted to install on their network. Well alright! This should be fun. While we buckle down to explore this technology we thought we would share the link to the free ebook, in case anyone wants to follow along on this new security adventure.
Next Up! Modern Malware For Dummies if you want to skip ahead….
These instructions cover a successful deployment of dynamic network access using Cisco MAC Authentication Bypass (MAB).
These start to end instructions, put everything you need to know for this procedure including switch and Cisco ACS (RADIUS) setup into one easy to follow document.
Let us know if these instructions were helpful!
- DHCP vs. MAB timing
- To make sure DHCP requests do not time out before MAB VLAN reassignment is complete. If this wasn’t correct the device connected to the MAB port would not get a DHCP assignment.
- Make sure VLAN reassignment…Read more ===>
Well alright…. the switch upgrade team has installed one Cisco Catalyst 4510, and are prepping another Cisco Catalyst 4503 to burn in the Cisco MAB project.
Just in time, we finished sorting the MAC address to vlan assignments from the old URT XML file. Now we can start entering the MAC addresses into ACS with the appropriate IETF Radius vlan assignment options compatible with MAB.
We also have some exciting movement in our Zenoss v3.1/Ubuntu 10.10 labs and will be rolling out another project related to this lab soon…..
Our Cisco MAB project is currently on hold. We are waiting for the switch deployment team to replace the next set of switches. This part of the project is in a short design phase, as the team is working on replacing 2 x Catalyst 4006 switches with one Catalyst 4510, with an appropriate IOS version for Standalone MAB, as noted in our requirements brief.
Once this switch replacement is complete we will continue with the testing phase of the MAB project. This will also give us time to load all the MAC addresses from the old URT system into the new Cisco Secure ACS v4.2 server.
Meanwhile cloudguys.net is prepping to fire up a new project alpha. This project has been hotting up in our lab for a couple of months now. This new project is geared toward the importance of external cloud and vps service monitoring. Stay tuned.
- Determined to have both URT and MAB running in the same environment, because all affected switches will not be replaced at the same time.
- Collected MAC and Vlan assignments from URT xml file. This file is located on the URT Administration server. Read more…
- Cisco Secure ACS (radius) server minimum v3.2
- We chose ACS v4.2 windows based, virtualized on Cisco UCS platform for easy recovery.
- List of switches that Read more…
The network has approximately 500 nodes in a large single building, spread about several floors. This campus network consists of a pair of Cisco Catalyst 6509 switches for the Layer3 core with about 30 vlans. Approximately 35 campus Layer2 switches, which are mostly Cisco Catalyst 4006. All vlans trunked from the core.
No private WiFi, roaming notebooks, or other devices need wired access to private vlans. Read more …