WPA2 is no more secure

WPA2 (Wi-Fi Protected Access 2) is a network security technology commonly used on Wi-Fi wireless networks. It’s an upgrade from the original WPA technology, which was designed as a replacement for the older and much less secure WEP. WPA2 is used on all certified Wi-Fi hardware since 2006 and is based on the IEEE 802.11i technology standard for data encryption. Yesterday, researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, has officially published a series of vulnerabilities that target the session establishment and management process in WPA(1/2)-PSK and WPA(1/2)-Enterprise. I say “officially” because the first notification by this […]

The power of prefix lists

Prefix lists are used in route maps and route filtering operations and can be used as an alternative to access lists in many route filtering commands. The most notable and important difference is that a prefix-list allows you to filter networks based on their subnet mask. ACLs used in distribute list filter networks only by network addresses but they do not perform matching on subnet mask; in other words, for an ACL used in distribute list, the networks and are indistinguishable. Moreover, the prefix-list also allows you to specify networks in much more natural format that ACLs.

How to install Cisco ISE using USB or CIMC interface

In one of my last job activities, the customer has requested to reinstall the Cisco ISE appliance (SNS-3495). The first option, a DVD reader, is not feasible due the large ISO image file; in fact, the Cisco ISE Software Version 2.2.0 full installation iso file requires more or less 8Gb. So, how can we install the software? There are two options: Using an USB pendrive(al least 16Gb) Using the Cisco Integrated Management Interface (CIMC)

Cisco will fail after 18 months

Recently, Cisco published a critical advisory concerning a clock signal component problem. Devices that contain the faulty component could potentially fail after 18 months of use; once the component has failed, the system will stop functioning, will not boot, and is not recoverable. Cisco did not release specifics of the faulty clock part, but probably¬†the component affected by this problem is the Intel’s Atom C2000 processor family that effectively bricks devices. There is no workaround for this issue, so the only solution is to replace products under warranty or covered by any valid services contract dated as of November 16, […]

Cisco 2017 Annual Cybersecurity Report

Cisco published the annual Cybersecurity report that presents the latest security industry advances designed to help organizations and users defend against attacks. The report also highlights major findings from the Cisco 2017 Security Capabilities Benchmark Study, which examines the security posture of enterprises and their perceptions of their preparedness to defend against attacks.

How to access network devices via Radius server

Suppose you manage hundreds of Cisco devices; how can you connect and secure it against unauthorized access? You can use local username, but it isn’t scalable and granular, or use an AAA Server. In fact, the benefits of AAA are: Increased flexibility and control of access configuration. Scalability. Standardized authentication methods. Multiple backup system. Additionally, AAA provides a modular way of performing the following services:

DDNS: How to manage a device with a dynamic public IP

The DDNS aka Dynamic DNS is an old feature that several routers (non only Cisco devices) have implemented and, in some¬†circumstances, it is very useful. DDNS is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DDNS configuration of its configured hostnames, addresses or other information. It provides two mechanisms to generate or perform DDNS: the IETF standard as defined by RFC 2136 and a generic HTTP using various DNS services. In a nutshell, when this feature can simplify our lifes? When we haven’t a static IP public […]

Nexus HSRP/VRRP active/active with vPC

In the article vPC aka Virtual PortChannel, I explained how vPC works and the benefits that it gives. However, there is another important feature using HSRP/VRRP protocols in the context of vPC: the Layer2 dual–active peer devices. What does it mean? HSRP and VRRP operate in active-active mode from data plane standpoint, as opposed to classical active/standby implementation with STP based network. From a control plane standpoint, active-standby mode still applies for HSRP/VRRP in context of vPC. A characteristic of the active HSRP/VRRP peer device is that it is the only one to respond to ARP requests for HSRP/VRRP VIP […]

vPC aka Virtual PortChannel

The vPC aka virtual Port Channel is a Cisco technology that presents both Nexus paired devices as a unique Layer 2 logical node to a third device. The third device can be a switch, server, or any other networking device that supports link aggregation technology. From a spanning tree standpoint, vPC eliminates STP blocked ports and uses all available uplink bandwidth. Spanning-Tree is used as a fail safe mechanism and does not dictate L2 path for vPC attached devices.  

Interview with Anderson Mota Alves, 7x CCIE

This is the first interview on Ciscozine and it is my pleasure and honor to introduce Anderson Mota Alves. With more 15 years of experience in the network consulting, he is a teacher in San Paulo university and have SEVEN CCIE!!! How do you combine study, work and personal life? During my study process combining these three things were one of the greatest difficulties I had to learn how to manage, because I had to spend so many hours of study after work and still save some time to attend to a few meetings with family and friends along the […]