I previously went through how to deploy wired 802.1x authentication using EAP-TLS and Cisco ISE. In this post, I'm going to utilise Cisco ISE to do Wireless 802.1x EAP-TLS authentication for my home network. For this Lab I will be using a Cisco 1100 series router running Cisco Mobility Express and a Cisco 3802 AP that is connected to the ME WLC. Below is a quick overview of the Lab topology for this post. 

In this post, i'm going to walk you through setting up your own PKI (Private Key Infrastructure) servers that will include both a Root CA, and an Intermediate CA. For this build, i've deployed 2 Centos Stream 9 VMs. Both are a very small build with a single vCPU, 2GB of RAM and a 20GB HDD because all these guys are going to do is certificates. The reason i created two, was because once I've signed the ICA certificate with my Root CA, I'm going to disable the network on it so that it's not reachable in order to keep it secure. So let's get started.

I've been playing around a lot lately with 802.1x on my home network and have successfully managed to get it setup and working with Freeradius using the standard Freeradius CA certificates for both wireless and wired and it works great. I'll post a blog article in the future on how to set it up using freeradius but for this post, I'm going to use Cisco ISE. Now that I have a second micro PC and 64GB of RAM in it, I have enough compute to deploy a small Cisco ISE server. 

Today I decided to take another look at the Cisco ISE 802.1x certificate issues i've been having and just haven't had time to get back to and found that with version 3.2 of ISE, the admin password will expire by default every 45 days and you receive this nice little error message.

I'm in the process of setting up some ASAv firewalls at work and I managed to install ASDM successfully but was unable to connect to the firewall. A bit of googling and It turns out the version of ASDM I was running requires a later version of Java so I then proceeded to download and install JRE 8u381 as the version of ASDM required jre8u261 or later. Once installed i received an error Windows cannot find 'javaw.exe' as below. 

Lately I have been playing around with these Nexus 9Kv switches a bit and have been connecting Linux VM's to SVI's/Networks that I have configured on the Switches themselves. For this post, I have a single Nexus 9Kv switch that I will be creating an SVI on in order to connect a Linux VM (TinyCore Linux) to. This is a very basic configuration and will only be going through what's required in both VMWare ESXi and the Nexus switch configuration.

I've finally managed to get it to work. The N9Kv switch physical connectivity issues i've been having are no more. The issue was, that with the Nexus Switch image, the default interface MAC addresses for the data ports, isn't pulled from the ESXi host. They are default Cisco MAC addresses and this creates issues with actual physical network connectivity to your network because, ESXi doesn't know where to send frames destined to the MAC address that to ESX, doesn't exist.

In my previous post, I went through how to deploy and get started with a basic management configuration of the Cisco Nexus 9000v platform. At the time of writing of that article, I hadn't quite worked out how to get the data ports to communicate correctly. It wasn't as straight forward as adding the ports to a VLAN or a Trunk in ESXi.

I've started playing around with Cisco Virtual Switches lately and have come across various issues in getting them to work and had to spend some time googling etc so thought I would walk through the process I followed here. These Nexus 9kv switches are the same switch I used in my previous post about deploying POAP. My plan is eventually when I get enough hardware, to deploy several of these N9Kv switches in my home lab environment in order to deploy a full leaf, spine, border gateway VXLAN environment.

In this blog I'm going to run through how I built a POAP deployment in my home Lab environment. If you're not sure what POAP is, check out my previous blog post here. 

I recently had to deploy a couple of Nexus 9k switches in a couple of new DC's at work which has been setup as a greenfield environment utilising VXLAN and BGP EVPN which is all managed by DCNM. This means that instead of being able to quickly and easily deploy and configure switches you have to use the GUI garbage that is supposedly the way of the future. If you can't tell, I'm not a fan of SDN. In my opinion, any half decent network engineer knows that while SDN has its place and benefits, its 100% not in the day to day operations of a network.

Recently at work we have run into an issue with TCAM space on some of our switches due to the large number of ACL's. So i decided to do some digging into TCAM and how ACL's use the space etc. 

Well I picked up another micro pc. This time it was a Dell optiplex 7060 micro and I must say it's quite a nice little box. It's got an 8th gen core i5, 6 core CPU so nothing fancy but will do for what I need, 16GB of RAM but I will be upgrading that to 64GB and it came with a 256Gb nvme drive and has capacity for another 2.5" drive which I'll probably chuck a 1TB SSD in given that should suffice for my lab requirements. 

As I mentioned in my previous post, I have started building a home lab. And by started I literally mean I've got a single NUC (Which I picked up for a bargain price off eBay) and I've installed ESXi on it. I currently only have a couple of Linux VM's running at the moment, one of which hosts this website.

It's been a few years but I've finally gotten back to setting up a new website for wr-mem. This site is a work in progress and I will try to update it regularly as I go and learn new things. I'm currently building a home LAB environment which should provide me with a lot of potential content. I also use this site to record issues that I come across or new content I learn and Lab in the hopes that it will help others as they learn and explore.