Network Wizkid's Technical Knowledge Base

In this article, I will describe how to enable authentication and authorization for Firepower eXtensible Operating System (FXOS) devices. The use case presented in this document illustrates how Cisco Identity Services Engine (ISE) can be utilised with attribute-value pairs (AV-Pairs) to authenticate and authorize users accessing the Firepower Chassis Manager (FCM) or FXOS platforms via TACACS+. At the time of writing this post, I found that limited documentation existed and of that documentation that did exist, the examples given weren’t as straightforward. In an effort to make this process easier for my colleagues and customers to understand I have put together the following instructions based on a previous use case given to me. Extracts of this document have been taken from a wider document I am currently creating. I will update this article with the complete document when it has been finalized. Requirements A ‘Device Administration’ license is required in order to use TACACS+ with

If you’re a firewall engineer or work closely with the Cisco ASA then no doubt you will often find yourself troubleshooting and verifying reachability of packets on a network. One great feature that the ASA has to test reachability is the ‘packet-tracer’ command which when given an input will provide you with a very handy output that shows how the packet would be processed through the ASA. In this article, I will show you how we can use the packet-tracer command to verify ICMP reachability and we will also take a look at the process in which the ASA uses. For this demonstration, I am using an ASAv version (9.8) code. By default, ICMP is not inspected on the ASA and therefore all ICMP traffic will be dropped. In order to the allow ICMP, you need to inspect it and to do this we can add the following command to the ‘global_policy’ policy-map; class inspection_defaultinspect icmp Once you have configured the policy-map you can then configure ACL’s to permit ICMP traffic as you desire. In t