So you might have stumbled upon the FlexVPN: AnyConnect IKEv2 Remote Access with AnyConnect-EAP  configuration guide which works OK for local user authentication and authorization. But if you try to follow the guide on how to configure authentication and authorization with a AAA server, it will not work! This post addresses the configuration of using AnyConnect IKEv2 for a IOS headend using ISE as AAA server for authentication and authorization.

Label Distribution Protocol (LDP) is one of the protocols that can be used for MPLS to distribute labels. Other protocols are RSVP-TE, BGP, and IGPs (ISIS and OSPF). This short post addresses LDP and how it works. I’m using two routers to talk about LDP in this post. R2 and R3 that are connected like this: Configuration LDP is very simple to configure. It is basically just one command needed.

mVPN Profile 0 is the original way of doing mVPN when we had no extensions to LDP. This means we need PIM in the underlay – the SP core. Specifically the profile is called: Profile 0 Default MDT - GRE - PIM C-mcast Signaling Topology I’ll use the following topology to go through and explain the concepts and workings of Rosen Draft with Data MDT. Default MDT MDT (Multicast Distribution Tree) is referring to the SPs global environment – the underlay.

It has been a few years since I last touched a Linux box. Tonight I decided to install an Ubuntu Server and wanted to give it a static IP address. As I went to /etc/network and wanted to edit the interfaces file, I realised that things have changed. Now you configure the NICs using netplan. So I fired up putty after reading some examples on how to do this and got hit by this error when trying to apply the configuration:

If you ever get stuck with the “A required disk image was missing” error when deploying an OVA directly on an ESXi host, you might want to check this out – ASAv specific, but should work for other OVAs like I wrote about regarding� Deploy ISE PoV 2.3 OVA using ovftool First of all you download the ASAv from CCO and unzip it. Second you create a text file with the command to deploy the OVA on the ESXi host.

The DNAC is currently sold as an appliance (part number� DN1-HW-APL). It costs a whopping $80k list per box! So why do you need three of them when doing a HA setup? It is because of Quorum. The definition of quorum is: "The number of members of a group or organization required to be present to transact business legally, usually a majority." - source: dictionary.com Say you only have two hosts in a cluster.

You probably want to use an existing Identity Store such as Active Directory when managing your network infrastructure – including DNAC. Below is a guide on how to configure this functionality. When you enable external authentication in DNAC it will not exempt you from using the locally defined users on DNAC – at least not the built-in admin user. DNAC External Authentication Configuration Locate the “External Authentication” page in Settings -> System Settings -> Users

April 4 2018 I did my 4th attempt of the CCIE R&S Lab in Brussels. This time I passed! Now I know how to approach the lab and through my failed attempts I learned what works for me in terms of strategy. I will go through it here: First of all you need to master all topics in the blueprint. This goes without saying. Not only do you need to know the technologies inside out, but you must also master how to troubleshoot, diagnose, and configure them – fast!

If you messed up your DNAC or just want to start over, you can do so by downloading the ISO for the appliance. Get the ISO on the below link: Download DNA Center ISO from CCO After downloading the ISO, you� must� create a USB installer by using� Etcher If you use Rufus or any other tools for the USB installer creation, it might not work due to insanely long file names in the ISO.

NOTE! Using ISE 2.3p3 is not an option due to CSCvi94778 If you’re deploying a DNAC and you want to integrate with ISE, you might have read the following documents: Perform Post-Installation Tasks Cisco ISE Integration Limitations I did and ended up with this error in DNAC when adding ISE: Clearly this is a certificate error. The thing is that Cisco mentions that SAN (Subject Alternate Name) is essential for the trust between DNAC and ISE.