Entradas

WPA2 Enterprise con asignación dinámica de VLAN : Cisco 9800 / Cisco ISE

-
Imagen
WPA2 Enterprise con asignación dinámica de VLAN : Cisco 9800 / Cisco ISE En esta entrada quería mostar la configuración más básica posible para usar WPA2 Enterprise usando Protected EAP con una WLC Cisco 9800 con APs en modo Flexconnect y Cisco ISE. Para mantener todo lo más simple posible, la base de datos de usuarios será local en ISE. La configuración no sigue best practices, tan solo se trata de un laboratorio para probar funcionalidades. En este caso, mediante un único SSID y las Policy Set, definiremos, dependiendo del tipo de usuario, si accederá a la VLAN asignada de forma general a la SSID, o una asignación dinámica a otra VLAN.  Topología CONFIGURACIÓN EN ISE Creación de usuarios y Grupos en ISE Primero crearemos los grupos que necesitamos. He precedido los nombres de los grupos con "00" para que sean más visibles: Una vez creados los grupos, podemos crear los usuarios y asignarlos a los grupos que hemos definido: Añadir la WLC 9800 como Autenticator Administration...
Publicar un comentario
Leer más

Cisco 9800-CL deployment for home ESXi LAB

-
Imagen
 Hello, after my post " Cisco 9800 with a 2,4Ghz channel plan on 1, 5, 6, 9, 11 and 13? " I was asked on how I deployed those WLC 9800-CL so, I made this video: I hope is helpful ;)
Publicar un comentario
Leer más

Algunos scripts en TCL Shell para Cisco

-
Imagen
TCL Shell en Cisco IOS XE The TCL Shell for Cisco IOS has been around since Release 12.3(2)T, so it's been around for quite some time now. Still, it remains a very useful scripting utility in certain scenarios. I do a lot of network migrations or upgrades, so I often need to do multiple tests to make sure that everything that worked before that migration still works after it. Here you can find the references: https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/ntw-servs/b-network-services/m_nm-script-tcl-xe.html Ping to different destinations: One of the simplest scripts you can make, and which is very useful when you have to verify that you reach several destinations, is the following: tclsh foreach VAR { A.A.A.A B.B.B.B C.C.C.C } {ping $VAR} I think it is a self-descriptive script, for each of the variables that we will introduce after the loop, ping will be executed. Below I show what output we would see in our switch: For very easy scripts like the previous one, you c...
Publicar un comentario
Leer más

Cisco 9800 Roam Type 802.11i Slow vs 802.11i Fast vs 802.11r

-
Imagen
Hello, in this entry I initially though about explaining and comparing 802.11i roaming versus 802.1X with FT roaming, but then I though it may be more interesting to follow the process as seen from the Cisco 9800 WLC and DNAC, that is where I configured the packet captures, so I´ve been re-arranging the post several times. Also, we can check when the cisco 9800 WLC will show the roam type as 802.11i Slow, 802.11i Fast or 802.11r.  Capturing Packets with Cisco DNA Center (Catalyst Center) This are the steps followed to get the captures on this post: 1.- From any tab on DNA Center, click the search button and type the MAC address you want to capture 2, 3.- Click on it and go to Client 360 4.- Once in Client 360, click on "Intelligent Capture" 5.- In the Intelligent Capture page for the selected device, click on "Run Packet Capture"  6.- A new tab will open, and there you can choose to do a Full Packet Capture or an Onboarding Packet Capture, program the capture or run...
Publicar un comentario
Leer más