cisco – CCIE #TBD

Entering Commands Through the FTD CLI

September 16, 2024 Posted in technicalLeave a comment

We all know the architecture of the (cd)FMC-managed FTD prevents you from making local device changes via the CLI – or does it? Technically, yes, however where there is a will, there’s a way. This is one way I have used to consistently add configuration changes to the FTD via CLI. The basics rely on…… Continue reading Entering Commands Through the FTD CLI

Profiling Wired Endpoints without 802.1x or MAB using IBNS2.0

April 18, 2024April 18, 2024 Posted in technicalLeave a comment

One of the first steps to designing and deploying ISE (or any NAC solution) is to gain visibility and understand what is actually out there connecting to your network, so you can design your policy and understand the impact of enacting it.For some types of endpoints, this is relatively easy (i.e. Windows laptops), but for…… Continue reading Profiling Wired Endpoints without 802.1x or MAB using IBNS2.0

Study Notes – DHCP Server, Relay, and Snooping

April 4, 2023April 4, 2023 Posted in Study Notes, technicalLeave a comment

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !——————————–! ! IOS DHCP server, Relay Agent ! ! and DHCP Snooping ! !——————————–! ! !In this topology we will configure R5 to act as a DHCP server for two networks: ! 10.10.100.0/24…… Continue reading Study Notes – DHCP Server, Relay, and Snooping

Study Notes – IOS Zone-Based Firewall

April 2, 2023March 29, 2023 Posted in Study Notes, technicalLeave a comment

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. ZBFW troubleshooting – https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/117721-technote-iosfirewall-00.html Note about self-zone – https://community.cisco.com/t5/security-knowledge-base/zbfw-self-zone-integration/ta-p/3154572 !—————————–! ! IOS Zone-based Firewall ! !—————————–! ! ! Lets configure a ZBFW with the following arbitrary requirements: ! !1. all inside hosts must…… Continue reading Study Notes – IOS Zone-Based Firewall

Study Notes – IKEv1 Tunnel Through an ASA with NAT-Traversal

April 1, 2023March 28, 2023 Posted in Study Notes, technicalLeave a comment

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !—————————! ! IKEv1 tunnel Through ! ! an ASA with NAT-T ! !—————————! ! !here we will configure a basic GREoIPSec tunnel between two routers through an ASA, but one of the routers…… Continue reading Study Notes – IKEv1 Tunnel Through an ASA with NAT-Traversal

Study Notes – FlexVPN Spoke-to-Spoke (PSK Auth)

March 22, 2023March 17, 2023 Posted in Study Notes, technicalLeave a comment

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !—————————————-! ! FlexVPN PSK Spoke-to-Spoke (PSK Auth) ! !—————————————-! ! !To configure FlexVPN and allow dynamic Spoke to Spoke tunnels, we need to do a few things differently from the Hub and Spoke…… Continue reading Study Notes – FlexVPN Spoke-to-Spoke (PSK Auth)

Study Notes – FlexVPN Hub and Spoke with Negotiated Tunnels and PSK Auth

March 20, 2023April 20, 2023 Posted in Study Notes, technicalLeave a comment

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !————————————————! ! FlexVPN with Negotiated Tunnels and PSK Auth ! !————————————————! ! !building on sVTI/dVTI, FlexVPN allows for hub and spoke or dynamic spoke-to-spoke WAN mesh/partial mesh while also supporting the ability to…… Continue reading Study Notes – FlexVPN Hub and Spoke with Negotiated Tunnels and PSK Auth

Study Notes – IKEv2 sVTI/dVTI Point-to-Point VPN

March 19, 2023March 19, 2023 Posted in Study Notes, technicalLeave a comment

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !—————————! ! IKEv2 sVTI/dVTI P2P VPN ! !—————————! ! !In a typical sVTI or GREoIPSec point-to-point VPN tunnel, we generally know the external/initiating identity IP of each peer router, and we can configure…… Continue reading Study Notes – IKEv2 sVTI/dVTI Point-to-Point VPN

Study Notes – IKEv2 DMVPN with RSA-Sig Auth and fVRF

March 18, 2023March 15, 2023 Posted in Study Notes, technicalLeave a comment

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !————————————-! ! IKEv2 DMVPN with RSA-SIG and fVRF ! !————————————-! ! !—————————- ! R1 DMVPN Hub and CA !—————————- ! !start by creating the basic fvrf underlay and ivrf (default/global) interfaces ! int…… Continue reading Study Notes – IKEv2 DMVPN with RSA-Sig Auth and fVRF

Study Notes – Basic IKEv2 Route-Based VPN using sVTI on IOS

March 17, 2023March 17, 2023 Posted in Study Notes, technicalLeave a comment

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies. !——————————————–! ! IKEv2 Route-Based VPN using sVTI on IOS ! !——————————————–! ! !We configure this the same was as policy-based VPN, except instead of a crypto map we apply an IPSec profile, just…… Continue reading Study Notes – Basic IKEv2 Route-Based VPN using sVTI on IOS

CCIE #TBD

A CCIE Study Journal

Tag: cisco