The last presentation during the Tech Field Day Extra @ Cisco Live Europe event was a Cisco-Apple Partnership presentation, and we expected an hour of corporate marketese.
Can’t tell you how pleasantly surprised we were when Jerome Henry started his very technical presentation explaining the wireless goodies you get when using iOS with IOS.
Read more ...
This post is a starting point for anyone who wants to use 802.1X authentication with Aerohive APs and Microsoft NPS. I will provide configuration screen shots for both of Aerohive’s management platforms and for NPS running on Microsoft Windows 2008 Server. It is not intended to be an exhaustive guide, but should be a decent starting point. Every implementation will be different in some respect, and some of these steps may not be the exact manner in which you configure Microsoft NPS. The steps for Aerohive may also be different depending on what you are trying to accomplish. I’ll make sure to note my particular scenario when appropriate.
Versions Used:
HiveManager Classic/HM6/HMOL – 6.8r7a
HiveManager NG – 11.19.99.0 (March 2017)
Microsoft Windows 2008 Server
Assumptions:
Scenario
Company XYZ wants to authenticate Continue reading
I was honored to return to Packet Pushers for a discussion on programming skillsets in the networking industry. I verbalized some thoughts there, but even 60 minutes isn’t enough for a conversation like this.
To be clear, this post is written primarily to my followers in the networking industry, since that’s largely where this conversation is taking place.
I want to put something to rest right now, and that is the conflation of scripting and software development. You may be hesitant to pick up any skills in this area because you feel like you have to boil the ocean in order to be effective, which is not true.
As I briefly mention in the podcast, I spent the first 4 years or so of my career making networking my day job. Because of that, I picked up a lot of useful knowledge in this area. However, as I started to explore software, I realized that networking wasn’t something I wanted to do as a day job anymore, but I still greatly value the networking skillset I retain from this experience.
Making this leap over 2 years ago revealed a multitude of subskills, fundamental knowledge, and daily Continue reading
I was honored to return to Packet Pushers for a discussion on programming skillsets in the networking industry. I verbalized some thoughts there, but even 60 minutes isn’t enough for a conversation like this.
To be clear, this post is written primarily to my followers in the networking industry, since that’s largely where this conversation is taking place.
I want to put something to rest right now, and that is the conflation of scripting and software development. You may be hesitant to pick up any skills in this area because you feel like you have to boil the ocean in order to be effective, which is not true.
As I briefly mention in the podcast, I spent the first 4 years or so of my career making networking my day job. Because of that, I picked up a lot of useful knowledge in this area. However, as I started to explore software, I realized that networking wasn’t something I wanted to do as a day job anymore, but I still greatly value the networking skillset I retain from this experience.
Making this leap over 2 years ago revealed a multitude of subskills, fundamental knowledge, and daily Continue reading
This post is part 2 in a series of posts describing how I’ve integrated my Fedora Linux laptop into my employer’s corporate communication and collaboration systems. Part 1 tackled e-mail; this post tackles the topic of calendaring and scheduling. Unlike e-mail, which was solved relatively easily, this issue is one that I don’t consider fully solved.
As I mentioned in part 1, my employer uses Office 365 (O365). While O365 supports standard protocols like IMAP and STMP for mail, it does not support standard protocols like CalDAV for calendaring. This means that Linux users like me are left with only a few options:
I’d already ruled out Evolution for e-mail, so it didn’t make a Continue reading
Just FYI: a week after I wrote this (don't forget to go through the comments), VMware made it official:
…we’ve found that VMware’s native virtual switch implementation has become the de facto standard for greater than 99% of vSphere customers today. … Moving forward, VMware will have a single virtual switch strategy that focuses on two sets of native virtual switch offerings – VMware vSphere® Standard Switch and vSphere Distributed Switch™ for VMware vSphere, and the Open virtual switch (OVS).
Serious and easily exploited flaws in older Cisco IOS software. Commonly used, but old, switches used for Campus and SME Data Centres. Serious problem.
Thoughts:
The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors
- The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and
- The incorrect processing of malformed CMP-specific Telnet Continue reading
Its become clear that the only way to improve security of certificate authorities is to follow through on threats. Symantec has been delinquent since 2012 in securing their processes and software. We have seen multiple instances of certificate falsely issued to domains (including Google’s domain). As the owner of Chrome browser, it has decided that Symantec is no longer fit to be considered a root authority for TLS (SSL) certificate.
Effective immediately, Chrome plans to stop recognizing the extended validation status of all certificates issued by Symantec-owned certificate authorities, Ryan Sleevi, a software engineer on the Google Chrome team, said Thursday in an online forum. Extended validation certificates are supposed to provide enhanced assurances of a site’s authenticity by showing the name of the validated domain name holder in the address bar. Under the move announced by Sleevi, Chrome will immediately stop displaying that information for a period of at least a year. In effect, the certificates will be downgraded to less-secure domain-validated certificates.
This is necessary. Politically this is a sound move. Taking down a major company that is US-based following removed of Chinese and Eastern European CA root certificates sends a message of fairness and balance. The repeat Continue reading
Some of you will recall that I had previously written a set of SaltStack states to provision a bare metal Kubernetes cluster. The idea was that you could use it to quickly deploy (and redeploy) a Kubernetes lab so you could get more familiar with the project and do some lab work on a real cluster. Kubernetes is a fast moving project and I think you’ll find that those states likely no longer work with all of the changes that have been introduced into Kubernetes. As I looked to refresh the posts I found that I was now much more comfortable with Ansible than I was with SaltStack so this time around I decided to write the automation using Ansible (I did also update the SaltStack version but I’ll be focusing on Ansible going forward).
However – before I could automate the configuration I had to remind myself how to do the install manually. To do this, I leaned heavily on Kelsey Hightower’s ‘Kubernetes the hard way‘ instructions. These are a great resource and if you haven’t installed a cluster manually before I suggest you do that before attempting to automate an install. You’ll find that the Ansible role Continue reading