Automated Configuration Backup of Cisco Devices

So we all know backups of servers are pretty important, but what about the network fabric everything runs on? For most readers of this blog we’ve moved away from ‘dumb’ switches that you can connect to the LAN with no concerns about the underlying setup toward more intelligent switches that now perform port security, VLAN isolation … Continue reading Automated Configuration Backup of Cisco Devices

802.1x MAC Authentication Bypass (MAB) to an NPS Server

Continuing to build on earlier posts where we setup 802.1x to authenticate users and place them in predefined VLANs, then extended this to dynamically assign the VLAN, this post will look at what to do for devices that don't speak 802.1x such as printers etc. While there is a guest VLAN command for dot1x we could use … Continue reading 802.1x MAC Authentication Bypass (MAB) to an NPS Server

Dynamic VLAN Assignment (Cisco and NPS)

In an earlier post we used 802.1x to authenticate users into the network and assign them into a VLAN based on either a successful or unsuccessful authentication as well as a VLAN for clients who did not send an initial EAPOL message. While this can be quite useful, it can also be quite restrictive - what … Continue reading Dynamic VLAN Assignment (Cisco and NPS)

Securing Baby Monitors and Webcams

There has been quite a bit in the media lately about consumer grade webcams and Internet of Things (IoT) devices being used as a springboard for DDoS (Distributed Denial of Service) attacks on popular web services. This post is more aimed at the general consumer  as opposed to those who deal with IT in their … Continue reading Securing Baby Monitors and Webcams

Spamming Spanning-Tree

Recently a client approached me as they regularly had interruptions on their network which was starting to frustrate them. After a short period of monitoring via PRTG it was clear they were suffering periodic bouts of packet loss on the LAN which seemed to peak during working hours and the slow downs were experienced by … Continue reading Spamming Spanning-Tree

802.1x between Cisco and RADIUS

I've always wondered if it were possible to control access for a user to a VLAN based on their logon credentials and recently embarked on seeing if this was possible. We commonly use authentication in order to grant or deny permissions to the network for VPN's and wireless connections but when it comes to physical connections … Continue reading 802.1x between Cisco and RADIUS

Automate Your job – Synchronise NPS Servers and Push Config Changes to Multiple Devices

A recent project I was working on involved migrating a clients switches, routers, firewalls, VPN and wireless to two new NPS servers (live and DR) from their existing and hard to manage four. The situation they had was that Cisco switches, routers and firewalls would use RADIUS to authenticate VTY sessions but over time the configurations … Continue reading Automate Your job – Synchronise NPS Servers and Push Config Changes to Multiple Devices

Network Device Security Policies

Having recently dipped my toes into the security world with the Security+ exam I've been far more conscious about the risks to confidentiality, integrity and availability in my day to day work designing and supporting network infrastructure. In addition to this I found a very small mention to network device security policies in the back of … Continue reading Network Device Security Policies

Sophos UTM vs. XG

I've been using a Sophos UTM9 virtual appliance for some time now. Originally my intention was to just test out its features as I was already using a pfSense VM to isolate my lab environment from my live environment, however I started to see the massive potential in the device and eventually retired pfSense in … Continue reading Sophos UTM vs. XG