Cisco ISE - Fixing Certificate Generation Failed Error with Android Devices

Ran into some issues recently with Android devices and the Cisco Network Setup Assistant while attempting to provision certificates as part of the BYOD work flow.

While on-boarding an Android device, the following error occurred:

TAC pointed me to this helpful YouTube video that contained the solution.

https://www.youtube.com/watch?v=z0sRiffVdpg

Starting with Android 6, EST is natively used by the device for Certificate Signing Requests. To fix the issue we need to allow the EST authentication request through ISE. This can be accomplished with a new Authorization Policy that matches the EST request and then permits access.

[Read more]

Configuring Hotspot Guest Access with Cisco ISE

Been toying with the Cisco vWLC and ISE in the home lab. Evaluation copies of ISE can be found on Cisco’s box share here: https://cisco.app.box.com/v/ISE-Eval

Here are my notes on configuring a Guest Hotspot portal. Hotspots are a simple portal where users will need to accept an Acceptable Use Policy before being granted access to the internet.

Please also see the ISE Guest Access Deployment Guide from Cisco for more details on setting up different Guest Access scenarios: https://community.cisco.com/t5/security-documents/ise-guest-access-deployment-guide/ta-p/3640475

[Read more]

Set a Budget in AWS to Avoid Costly Overages

If you’re like me and are experimenting with the AWS free tier it might be a good idea to configure a budget notification to avoid getting caught off guard by any overages.

Amazon has a great document on how to enable alerts located here, but here’s a quick guide on how to enable alerts and budget reminders.

  • First, log in to your AWS account.

  • Click the drop down menu next to your name on the top right hand of the console page and select “My Billing Dashboard.”

[Read more]

Installing Telnet on MAC OS High Sierra with Homebrew

I was both sad and excited to see that Apple removed telnet from Mac OS High Sierra, excited because telnet is a nearly 40 year old protocol that is highly insecure for network management and saddened because I often have to use telnet when at client sites.

There are a few different methods you can use to bring back telnet, including copying over the binaries from a Sierra install to /usr/local/bin (as seen here)  or using a session manager like SecureCRT, but since I’ve been using Homebrew to manage a few other packages for a while now I figured I’d just go ahead and use that.

[Read more]

Configuring CIMC on a Cisco UCS C Server

Just got in a new UCS C server and was going through the process of configuring Cisco’s flavor of out of band management called CIMC or Cisco Integrated Management Controller. Similar to HP’s iLO or Dell’s iDrac, CIMC allows one to remotely control and manage their server via the web or SSH with handy tools like integrated KVM and ISO mounting.

  • To configure CIMC, connect your keyboard/monitor and power up the server.
  • Press F8 when the Cisco logo appears.

[Read more]