F1-Series linecard has been a part of Nexus 7000 product family for a while now but it has not gained much popularity due to its limitation, mainly on the lack of L3 routing capability and FEX support. Yet, F1 linecard is the only linecard that supports Fabricpath, but unless Fabricpath is one of the requirements, you might be better off with the older M1 series. However, this is about to change. Cisco has recently come out with a new F2 series linecard that overcomes a lot of drawbacks on the F1.

I have recently started looking into Cisco AnyConnect Secure Mobility, despite its existence for over a year now, to find out what features it has to offer as part of Cisco SSL VPN solution. My first misconception was, in order to use these features, the AnyConnect Secure Mobility license is required. As it turns out, there are some nice features that are available even without such license, and better yet, work with just AnyConnect Essential license, which, nowadays, is a more popular choice due to its cost effectiveness for those that do not need the add-ons of the clientless SSL VPN or Cisco Secure Desktop.

TACACS+ is a protocol used in Authentication, Authorization, and Accounting (AAA) that provides many benefits over RADIUS, such as per-command authorization, in device management, especially for Cisco devices. Many organizations are concerned about an unauthorized access to their network devices, which can pose severe security threat, and would like to implement two-factor authentication to strengthen their router/switch access policy. To date, Identikey server does not natively support TACACS+ so trying to incorporate OTP in device login can be quite a challenge.

Two-factor authentication has become a requirement in many organizations in order to be in compliance of certain industrial regulations. When speaking of a two-factor authentication, RSA SecureID is usually one of the first products that come to mind. However, due to its cost, many companies have been offering cheaper alternatives, and one of those products is Digipass/Identikey Server by Vasco.

This article provides a step-by-step guide on how to install a SSL certificate chain on a Cisco wireless LAN controller, specifically, for web authentication for guest wireless.

Cisco Nexus 7000 has gain popularity in the past year. Given its size, there is always a question regarding the type of rack needed to house the switch especially for those who are the first-time installer. In this article, I will provide quick tips on how to choose a rack for a Cisco Nexus 7K, specifically for Nexus 7010 and 7018, as well as some ideas for PDU selection.

We have seen, in my last article, the Cisco ASA identity firewall in action, and its fundamental capabilities. We were able to successfully deploy the AD agent, and have the ASA integrated with both Active Directory (for user group download), and AD agent (for user-to-IP mapping). At the end of the lab, I was still uncertain on how well it will perform in a production environment and whether there might be more caveats in a deployment, at least in the current version of code 8.4(2). In an effort to answer these questions, I went back to the ASA configuration guide and came up with a few more lab scenarios.

Last week, I had an opportunity to sit in on a Security presentation given by Cisco at PBM. There was a mention on the recent release of 8.4(2) code, and one of the features that caught my attention was Identity Firewall. This is something that other firewall vendors like Palo Alto have already been doing so I was curious to see how it works on the Cisco ASA.