Thoughts on Cybersecurity, Wi-Fi and some other stuff
There are many guides on the internet for the setup of the Cisco Catalyst 9800-CL. But most of them are pretty old, and things have changed in the meantime. This guide is based on version 17.15.3 of the 9800-CL. It shows how to do the basic setup on VMware ESXi
This post is kind of a sequel to the previous post The need for better Hotel Wi-Fi. Whenever you do a wireless survey, you need a floor plan. If you don’t have one, Ekahau users have the luxury of doing a Just-Go survey, where the floor plan is dynamically generated
Yes, I am one of the people who enter a building and look up to spot the Access-Points. As a wireless engineer you can: And sometimes a 3) turns into a 1) “Ahh, that’s the reason; now it makes sense!” And part of this crazy notion is to evaluate the
This year, I presented the topic WPA3-192-bit mode at the WLAN Klassentreffen (in German) and WLPC in Prague as a 10Talk. This is the video recording from WLPC: Here is the presentation from WLPC 2024 in Prague: And the German version from the WLAN Klassentreffen 2024 in Hamburg: Some more
Well, of course a Block cipher is always a Block cipher. But sometimes it might not be used as expected and this can cause some misunderstanding of how things work. If you implement IPsec VPNs, you likely know ESP, the Encapsulating Security Payload and it’s packet format: The Encapsulating Security
This blog post is for the paranoids among us Many companies use BYOD (Bring Your Own Device) processes to securely connect personal devices to the enterprise network. Typically, Enterprise Authentication with EAP-TLS ensures a good user experience without any struggles when Domain credentials are changed. But how do we connect
“Why did no one tell me before???” This July, I visited the Wi-Co (Wireless Community) event in Manchester and learned about a device that ideally fits my use case. Problem Statement When traveling, in meeting rooms, or in hotel rooms, I not only look above me to spot the APs,
Transition Disable is a mechanism to protect a WPA3 network against downgrade attacks and is described in Chapter 8 of the WPA3 Specification 3.3. When this feature is enabled, a station should configure it’s network profile to not connect to the SSID with AKMs that are not allowed in WPA3-only
In a previous blog post, I described connecting the Meraki MX to the internal network. In this blog post, I go through different ways to connect to the internet. The internal connection is not detailed here; this is independent of the external connection to the ISP. Option 1: One MX,
On the Cisco ISE, we can use Downloadable ACLs (DACLs) as an enforcement method to control what our endpoints are allowed to do in the network. These DACLs can be used with Catalyst switches and also with the Catalyst 9800 WLC starting with version 17.10.1 Compared to named ACLs, the