I previously went through how to deploy wired 802.1x authentication using EAP-TLS and Cisco ISE. In this post, I'm going to utilise Cisco ISE to do Wireless 802.1x EAP-TLS authentication for my home network. For this Lab I will be using a Cisco 1100 series router running Cisco Mobility Express and a Cisco 3802 AP that is connected to the ME WLC. Below is a quick overview of the Lab topology for this post. 

In this post, i'm going to walk you through setting up your own PKI (Private Key Infrastructure) servers that will include both a Root CA, and an Intermediate CA. For this build, i've deployed 2 Centos Stream 9 VMs. Both are a very small build with a single vCPU, 2GB of RAM and a 20GB HDD because all these guys are going to do is certificates. The reason i created two, was because once I've signed the ICA certificate with my Root CA, I'm going to disable the network on it so that it's not reachable in order to keep it secure. So let's get started.

I've been playing around a lot lately with 802.1x on my home network and have successfully managed to get it setup and working with Freeradius using the standard Freeradius CA certificates for both wireless and wired and it works great. I'll post a blog article in the future on how to set it up using freeradius but for this post, I'm going to use Cisco ISE. Now that I have a second micro PC and 64GB of RAM in it, I have enough compute to deploy a small Cisco ISE server. 

Today I decided to take another look at the Cisco ISE 802.1x certificate issues i've been having and just haven't had time to get back to and found that with version 3.2 of ISE, the admin password will expire by default every 45 days and you receive this nice little error message.

I'm in the process of setting up some ASAv firewalls at work and I managed to install ASDM successfully but was unable to connect to the firewall. A bit of googling and It turns out the version of ASDM I was running requires a later version of Java so I then proceeded to download and install JRE 8u381 as the version of ASDM required jre8u261 or later. Once installed i received an error Windows cannot find 'javaw.exe' as below. 

Lately I have been playing around with these Nexus 9Kv switches a bit and have been connecting Linux VM's to SVI's/Networks that I have configured on the Switches themselves. For this post, I have a single Nexus 9Kv switch that I will be creating an SVI on in order to connect a Linux VM (TinyCore Linux) to. This is a very basic configuration and will only be going through what's required in both VMWare ESXi and the Nexus switch configuration.

I've finally managed to get it to work. The N9Kv switch physical connectivity issues i've been having are no more. The issue was, that with the Nexus Switch image, the default interface MAC addresses for the data ports, isn't pulled from the ESXi host. They are default Cisco MAC addresses and this creates issues with actual physical network connectivity to your network because, ESXi doesn't know where to send frames destined to the MAC address that to ESX, doesn't exist.

In my previous post, I went through how to deploy and get started with a basic management configuration of the Cisco Nexus 9000v platform. At the time of writing of that article, I hadn't quite worked out how to get the data ports to communicate correctly. It wasn't as straight forward as adding the ports to a VLAN or a Trunk in ESXi.

I've started playing around with Cisco Virtual Switches lately and have come across various issues in getting them to work and had to spend some time googling etc so thought I would walk through the process I followed here. These Nexus 9kv switches are the same switch I used in my previous post about deploying POAP. My plan is eventually when I get enough hardware, to deploy several of these N9Kv switches in my home lab environment in order to deploy a full leaf, spine, border gateway VXLAN environment.

In this blog I'm going to run through how I built a POAP deployment in my home Lab environment. If you're not sure what POAP is, check out my previous blog post here.