Cisco SD-WAN (formally Viptela) is quickly becoming the go to WAN solution for Cisco customers. As companies are looking to replace their aging DMVPN solution, Cisco SD-WAN has become the logical choice. Companies can stick with the same ISR platform running IOS-XE that they already know, and in some cases can upgrade their existing routers to work with SD-WAN. But this blog isn’t a sales pitch...

Hey there! Today we will be looking at how we assign a user or Workspace, to a specific Hunt Group in our Webex Control Hub environment, in just a few simple steps. Cisco does a great job of streamlining these Move’s, Add’s or Changes in the Control Hub, by providing us with very user friendly GUI. If this is your first time, no worries, you’ll learn your way around in no time. Let’s dive in and...

There may be certain situation when you need to reset a Cisco FTD appliance back to factory default to get a clean start. One such example is during a deployment I encountered a Cisco Bug for FTD version 7.0.4 locally managed by FDM. The bug caused a corruption in the database that cannot be repair and configurations from the FDM are not synced with the LINA, the ASA portion of the FTD. There...

Endpoint Captive Portal Detection - Why?

This blog assumes that you have a general understanding of ISE Central Web Authentication. Endpoint Captive Portal Detection plays a critical role in improving the end-user experience when connecting to a captive portal protected WiFi network, such as an ISE CWA protected WiFi network. The captive portal detection brings to the attention of the user that...

Access lists and SVIs have been around forever, and while applying access lists to physical interfaces seems to logically sink it quite easily, access lists on SVIs interfaces seem to trip people up. This blog will cover that scenario as well as some other access list basics, hopefully by the end you’ll find the concepts cemented.

I wanted to cover a new IOS feature that I learned during Cisco Live. VOIP Trace for CUBE is a new feature that can help engineers troubleshoot issues on CUBE deployments. It’s enabled by default, but you will need at least IOS-XE 17.3.2 or higher.

In my last nslookup blog, I talked about some basic DNS troubleshooting. If you missed it, here’s the link. This time, I wanted to dive in to how I use nslookup for email info gathering and troubleshooting.

Firepower FTD Remote Access VPN SSO using SAML and Azure AD, with Azure AD Conditional Access to Duo 2FA, and Cisco ISE for Authorization and Group Policy Assignment

There are multiple components to this solution, and while there are a few different approaches to accomplish the end goal, I wanted to focus on a solution that didn’t require an onsite Duo Authentication Proxy server. This blog will...

I was upgrading a Catalyst 3850 48 port switch from version 03.07.01E to version 16.12.07. I’ve done this upgrade quite a few times. Followed the Cisco upgrade procedures that you find online when you download your software file. I always have them open, or the command needed to start the upgrade process. Console access showed me that my switch after my reload ended up in ROMMON mode.

In the first entry of this series, we looked at the high-level mechanics involved in using AnyConnect with the ISE Posture module to perform endpoint host inspection (posture) when connecting to an AnyConnect VPN head-end (ASA/FTD). In the second entry of this series, we narrowly focused on getting the ISE posture module provisioned. In the third entry, we took stock of all the available posture...