In this video, we take a look at how EEM scripts can be utilized alongside Low Impact mode to enable ports to fail open.
Below are EEM Scripts that can be reused and modified for your environment.
Note: For single RADIUS Servers use the “%RADIUS-4-RADIUS_DEAD” syslog pattern and for a group of RADIUS servers use the “%RADIUS-3- ALLDEADSERVER” syslog pattern.
If your devices utilize command authorization then you need to ensure that the script can still run in the event of a failure. Enter the following command at the end of each applet to ensure command authorization is bypassed.
In this article I would like to cover how to configure SNMPv3 for Cisco Identity Services Engine (ISE). In a few deployments I’ve done, I’ve come across the need to configure ISE to send SNMPv3 traps to a Network Management System (NMS). SNMPv3 is perfect for ensuring the authentication and encryption of SNMP traffic, something that can’t be done with inferior SNMP versions. Now, one would assume that we could just go ahead and configure ISE for SNMP via the GUI however, unfortunately that’s not the case. To actually configure ISE to send traps to an NMS system we need to configure the settings via the CLI. The demonstration in the article is performed using a standalone ISE. This demonstration also assumes that you have connectivity between your NMS platform and ISE. To see a live demonstration with testing, refer to the video that accompanies this article. Configuration Steps Enable SNMP So that we can configure the required SNMPv3 settings for ISE, SNMP needs to be enabled. iselab/a...
In this article we are going to take a look at how to capture Extensible Authentication Protocol Over LAN (EAPOL) and Remote Authentication Dial-In User Service (RADIUS) packets using Wireshark. This article can be useful for troubleshooting 802.1x within your environment and can also be used for learning purposes. The following topology has been used to gather the required output for this article. Note: This article will only cover the switch configurations that are required to gather EAPOL and RADIUS configuration. Overview of the Topology The supplicant is configured to perform 802.1x using EAP-TLS as the authentication method The user certificate on the supplicant will be used for authentication The supplicant has Wireshark installed Cisco ISE is used for authentication and authorisation The supplicant is assigned to VLAN 10 upon authentication and all other endpoint ports are assigned to VLAN 99 Sniffer device is running Wireshark in order to capture RADIUS flows via SPAN 802.1x ...
In this article, I will share the configurations used in the within the video below. The configurations enable one to configure Active/Standby ASA’s with failover and redundant failover links. ASAv1 Configurations interface redundant 1 member-interface g0/0 member-interface g0/1 no shutdown#Interface G0/0 no shutdown#Interface G0/1 no shutdown Configure failover settings on ASAv1 failover lan unit primary failover lan interface redundant 1 (This is the interface used for the failover link) failover interface failover redundant 1 (‘failover’ = the name I gave the failover interface redundant 1) failover interface ip failover 10.0.0.1 255.255.255.0 standby 10.0.0.2 failover key cisco (Key needs to match on both ASA’s) failover (Enables failover) write memory (Save your configuration) Configure Basic Device Settings interface g0/2 nameif OUTSIDE ip address 172.16.235.2 255.255.255.0 standby 172.16.235.3 no shutdown#Interface g0/3 nameif INSIDE ip address 192.168.10.1 255.255.255.0 standb...
The following table is intended to show the fields that can be parsed when sending Firepower eStreamer connection events to QRadar. For more information on how to configure Cisco Firepower eStreamer and QRadar please refer to the vendor documentation. Note: The following fields were taken from RAW output before being compiled. I have given brief descriptions next to the most common fields as an example. Field Description Field Description flowStatistics.initiatorIPAddress Flow initiator IP flowStatistics.dnsTTL flowStatistics.responderIPAddress Flow responder IP flowStatistics.managedDevice.managedDeviceId Provides the FTD's device ID flowStatistics.originalClientIPAddress flowStatistics.managedDevice.name Provides the FTD's...
