Thoughts on Cybersecurity, WiFi and some other stuff
After looking at the 802.1X and EAP basics in part 1, in this part 2, we go through every packet in a simple EAP-Exchange. Although not used anymore in most situations, this example uses EAP-MD5 because it is easy to understand and perfect for learning how 802.1X and EAP communication
IEEE 802.1X plays an essential role in network security. This blog post gives a basic introduction to the elements used in 802.1X. This content is mainly taken from my WLAN security workshop to introduce 802.1X before moving to more complex authentication scenarios. If you want to learn WLAN security or
There are lots of recommendations on the Intenet for people attending CiscoLive the first time. Here are mine. Perhaps they are helpful for one or the other. Before the conference at home Before the conference in Las Vegas At the conference After the conference Are you already excited? So I
Part 1 of my “Roaming with WPA3-SAE” blog showed the roaming process in a centralized environment without any Fast Roaming mechanisms enabled. In this second part I’ll look into the roaming process with “Fast BSS Transition (802.11r)” enabled in a centralized environment. TLDR: From the moment the client and the
How does roaming with WPA3-SAE (WPA3-Personal) work? We have the SAE exchange that is done at the beginning of our wireless session to compute the PMK. But do we need this extra exchange when roaming, or is there some kind of a “shortcut”? When starting this blog-post I thought that
Part 4 of my hope to eventually get IPv6 from O2/Telefonica. From time to time I asked O2 when they will support IPv6 on my Business-DSL line. These were their previous answers: 2013: You don’t need IPv6 because we have “complete translation” 2014: IPv6 will be introduced at a later
In general, the Cisco ISE and Meraki devices play nicely together. But when doing 802.1X Authentication, the ISE hides some information and by enabling these, the Logs have a more relevant output. Let’s start: Vendor Specific Attributes Meraki Devices send four Vendor Specific Attributes (VSA) in the RADIUS requests: To
Last year I partnered with a new IT-consulting company to support them with their Cisco projects. And when they asked if I also want to go for Juniper Mist, I directly agreed. Every opportunity to do more wireless work is highly welcomed. Part of this was the qualification to the
Connecting the Meraki MX to an internal switched network? Sounds easy and if the network is build without any redundancy, it is very easy indeed: It can get a little bit problematic if redundancy is added. If you come from the Cisco ASA, you have tools like routed interfaces Port-Channel
Recently I had to implement Central Web Authentication (CWA) on a network that uses the Cisco Embedded Wireless Controller (EWC) on Catalyst 9100 APs. Configuration is not that hard, but there is some misleading information in the documentation. Although this blog post is about EWC, it is nearly the same