The other day I went to log into my ISE server but the CLI admin password stopped working. Not sure exactly what happened though because I was able to log in about 15 minutes before that with the same password for my admin account. So, not having any other way to log in, i needed to perform a password reset on the admin user and decided to write up this post. In order to reset the admin password for ISE, you will need to have a copy of the ISE iso file downloaded and access to VMWare ESX host or VCentre.

If you've been following my posts on 802.1x, you may have noticed that I have been skipping over the authorisation profile stuff a bit and just configuring the policies with a very generic permit access. So I decided that that's what this post will touch on. There is a lot you can do with Cisco ISE in regards to authorisation profiles so I will only be covering some of the basics. 

I've been playing around with my lab firewall lately testing some API stuff and I decided to walk through how to update the firewall Web GUI certificate with one that is signed by a trusted CA, which in my case, is my own home PKI servers. If you would like to build your own PKI server, then please see my post here. 

I've used FreeIPA before in my lab environment and was using it to play around with vCenter server authentication but have now decided to expand on my home LDAP authentication by configuring Cisco ISE with an external identity source of my FreeIPA server using LDAP. I wanted to be able to configure access to my various Lab devices by configuring various LDAP groups for different types of access such as read-only and full admin rights etc. This process took a bit of playing around to figure out all of the specific attributes to configure so I thought i'd write up a post about it.

I recently puchased a couple of second hand Cisco Wireless Access Points for my home lap and once I got them home I realised they hadn't been factory reset so decided why not write up a process on how do reset the Cisco 3702 WAP. I decided to connect up a console cable to show the console output during a factory reset. First things first, disconnect the Ethernet cable if using PoE or the power cable if you're using that. Once the AP is turned off, hold down the mode button and connect the Ethernet/Power cable again. 

I had to upgrade some Nexus switches at work recently so thought I'd write a post showing the process as it's a bit different to a normal Cisco IOS or even IOS-XE device. In saying that, if you're using install mode on IOS-XE it's not that different. To learn how to use install mode, see my post here. As with any IOS upgrade, first thing you'll want to do is download your NX-OS version and copy it to the switch. I've used FTP for this process but you can use a USB, TFTP, or SCP to transfer the image file as well. 

Recently I decided to deploy a second ISE node in my home lab and run them in a Primary/Secondary configuration. Once i''d configured the secondary node and added it to the deployment, I decided to promote it to the primary (Mostly because the trial license on my Primary ISE node was about to run out) and found that there were some issues once I'd failed over. I actually ended up having to reboot both nodes a couple of times just to get the deployment and all ISE process to start running correctly. Anyway, back to my blog post.

We all know how to upgrade the IOS on a Cisco device right? Download the .bin file, copy it to the device flash, and configure it to boot using the new file. Easy, and IOS-XE is no different. You can still upgrade the IOS-XE version by using whats now reffered to as bundled install mode. This is basically a new way of saying you download the .bin file, copy it to the device and tell it to boot using the new IOS-XE image. IOS-XE however also allows you to use install mode for your IOS-XE installation.

I've been playing around with route based IPSec VPN's lately and decided to write up a post on how to configure an IPSec VPN Tunnel between a Cisco router and a Palo Alto firewall. This will also work between two Cisco Routers or two PA firewalls but i only have one of each in my home lab so that's what i'm using. I'll be doing this lab using the following topology. R1 is a Cisco 860 series router and the firewall is a PA-220. While the Cisco 860 is a really old router, the commands for configuring the IPSec tunnels are identical on current routers.

For a while now i've been having these rather strange connectivity issues at home where occasionally I wouldn't be able to access some websites, but others would work and it wasn't all devices at the same time either. It was very random. I had a look at my PA and couldn't see anything that stood out at first as to what may be causing the issues. This had been going on randomly over a couple of weeks and the issue would come and go within 5 minutes so I only had a short window of time to investigate while the issue was happening.