我有很多人问我有什么事思科现场是什么样子，我作为一个长期的与会者和名人堂精英的大厅，为扬声器成员的观点。  While my perspective may be a bit different than your average attendee, I thought I’d give it a shot and write it up.

Cisco Live is an amazing event.  Some years, I may present at Cisco Live up to 4 times per year, and this was one of those years. 

• Cancun, Mexico – December 2017
• Barcelona, Spain – February 2018
• Melbourne, Australia – March 2018
• Orlando, Florida, USA – June 2018

When I was a young buck and started attending Cisco Live they were actually called “Networkers” and to me, that still describes the best part of Cisco Live.  Not networking in the technology sense, but the human networking that goes on.  It’s like a reunion with the people that I get to see year after year; and I get to meet new people every single time.

To read this article in full, please click here

最近，我一直在安全系统整合在一起，并特别侧重于思科的高级威胁安全产品系列我的很多精力花费了大量的时间。(Disclosure: I am employed by Cisco.)

Which is what brings me to Cisco’s Advanced Malware Protection (AMP), which is a solution to enable malware detection, blocking, continuous analysis and retrospective actions and alerting.

In fact, when the Talos cyber-vigilantes parachute into an environment and performs their forensics analysis and active defense against attacks—AMP is one of the primary tools that they use.

To read this article in full, please click here

很多本博客的读者都知道，自从的思科收购Sourcefire的和网络安全行业的传奇人物，例如马蒂罗斯奇了公司内的领导角色，思科的举措是针对所有安全产品是开放的，并与其他产品进行互操作。

另一个非常大的收购是OpenDNS的，和OpenDNS的首席执行官，现在引出了所有安全业务的思科。文化是所有关于思科产品，以及非思科的产品，更好的协同工作。 

+ Also on Network World: Cisco ONE simplifies security purchasing +

For many, it's shocking to think about Cisco as a vendor pushing for openness and standards. I'm not sure why because Cisco has spent its life creating networking protocols and then helping them to become standards available to all. But I digress.

To read this article in full, please click here

有一件事我一直很热情正在安全地接入网络部署更容易，其中包括了我们喜欢叫适用性。可维护性是关于制造产品更容易排除故障，更易于部署和更容易使用。最终的目标是始终以客户的成功。

有知名度和任何NAC项目的成功之间存在明显的相关性。如果你是盲目地发生了什么，如果你不能很容易地得到帮助弄清楚什么是错的信息，它可以是非常令人沮丧，也让一个贫穷部署的外观。

我的目标这个帖子是要突出很多服务性项目思科已投入ISE，你可能不知道的。I'll do my best to not only call out the feature or function that was added, but explain why it matters and what version it was added in. 

To read this article in full, please click here

引发的NetFlow：一个Woland-Santuka专业提示

维韦克Santuka，CCIE＃17621，是思科系统咨询系统工程师，谁侧重于I​​SEfor Cisco’s largest customers around the world. He and I devised, tested and deployed the methodology discussed in this blog entry, which we like to call “Triggered NetFlow.”

NetFlow is an incredibly useful and under-valued security tool. Essentially, it is similar to a phone bill. A phone bill does not include recordings of all the conversations you have had in their entirety; it is a summary record of all calls sent and received.

Cisco routers and switches support NetFlow, sending a “record” of each packet that has been routed, including the ports and other very usable information.

To read this article in full, please click here

//m.banksfrench.com/article/3077339/triggered-netflow-bra-trick-of-the-trade.html 周三年，2016年九点58分00秒-0700 5月25日 Aaron Woland Aaron Woland <本文> <节课=“页面”>

在的问题几个月，他们终于恢复到我的博客我的访问！这样的沉寂之后，我很高兴把这个特殊的职位。我敢肯定很多人会找到它至少是一个酷“我是一个怪胎网络”样的方式，甚至更好：你会发现它很有教育意义，甚至利用它在自己的世界。 

This is a solution I have been wanting to write about for a long time now, and let's be clear—it is not mine. This entire post is owed to a long-time personal friend of mine who is also one of the most talented and gifted technologists roaming the earth today. His name is Epaminondas Peter Karelis, CCIE #8068 (Pete).

Pete designed this particular high-availability solution for a small ISE deployment that had two data centers, as is crudely illustrated by me in the below figure. 

To read this article in full, please click here

//m.banksfrench.com/article/3074954/how-to-use-anycast-to-provide-high-availability-to-a-radius-server.html Tue, 15 Dec 2015 06:16:00 -0800 Aaron Woland Aaron Woland <本文> <节课=“页面”>

我最近不得不下潜很深与思科无线局域网控制器和Sourcefire的/思科火力Manager软件做设备管理AAA。考虑到其他人表现出的兴趣，我决定写这篇博客，分享我的经验。

设备管理AAA是如何工作的思科WLC

与Cisco Catalyst交换机设备管理能够命令级授权。随着WLC，但是，它是基于菜单系统的部分。它不会阻止进入GUI的那些部分，而是阻止时被保存未授权的菜单部分的内部变化。 

Figure 1 shows the different menus in the orange box, with three of the individual menus highlighted with a yellow box.  

To read this article in full, please click here

//m.banksfrench.com/article/2982952/device-administration-with-cisco-wlc.html Tue, 03 Nov 2015 04:00:00 -0800 Aaron Woland Aaron Woland

Sitting in my hotel room, after an evening of Sake' and war stories with the guys - what better thing to do then write a blog entry for you all to read and hopefully enjoy?  

At the time of this writing, Cisco's ISE 2.0 has been in BETA is soon to be released to the public. This may be the single most anticipated release ever, so why not go through some of the cool things that are in it? Here's my top 10 list. Some are big items, and some are just small little gems that I think everyone will love:

1. TACACS+ support for Device Administration AAA

It's no secret that I have been publicly vocal against adding device administration AAA to a product that is designed to be a Network Access AAA solution. If you had any doubts, just check out my RADIUS vs. TACACS blog entry from last year!  

To read this article in full, please click here

//m.banksfrench.com/article/2989871/10-cool-things-about-ise-12.html 星期三，2015年7月29日四点48分零零秒-0700 Aaron Woland Aaron Woland

There is this sort of living legend at Cisco whose name is Pete Davis. Everyone who deals with security knows who he is because, frankly, he's awesome! The guy has forgotten more about remote-access VPN than most of us will ever know, and he's a total geek - which is the ultimate compliment from a guy like me.

Pete came to Cisco via the acquisition of Altiga, Cisco's former VPN 3000 series concentrator, the EZ VPN technology, and the classic Cisco IPSEC VPN client. He is also one of the original guys to come up with the AnyConnect concept for a light-weight client, using SSL VPN, being modular, pulling configurations from the policy server (ASA / ISE), etc.  

To read this article in full, please click here

//m.banksfrench.com/article/2953517/anyconnect-day-1-support-for-windows-10-and-osx-el-capitan.html Sat, 18 Jul 2015 04:30:00 -0700 Aaron Woland Aaron Woland

"My organization wants to authenticate the machine AND the user." 

That quote is something that I am hearing all the time from customers and implementers all over the world!  

Sometimes it gets quite funny.  In June of 2015 I was presenting at the Cisco Live conference and one of the session attendees asks me "when is Cisco going to provide EAP Chaining for MAC OS"!  My response was designed to elicit participation & garner more attention from audience members, which was to scream at the participant "Cisco doesn't write MAC OS!!!!"  I immediately apologized for using him as a guinea pig & explained that I was just trying to make an entertaining point.  He laughed right along with the rest of the room & I got away without offending him :)  

To read this article in full, please click here

//m.banksfrench.com/article/2940463/machine-authentication-and-user-authentication.html