Problems Installing Cisco Firepower Management Console in ESXi 6.5

As part of a larger Cisco Firepower project, I had to install the Firepower Management Console for a customer recently. I was using FMC version 6.2.3, and the customer was running ESXi 6.5. I’ve had issues deploying OVFs in ESXi 6.5 before, but this one required some new adjustments I’ve never had to make in order to get FMC to install.

Continue reading “Problems Installing Cisco Firepower Management Console in ESXi 6.5”

Comparing Ourselves to Others in the Networking Community

I know a few engineers who get down on themselves for not being part of certain online networking conversations or not being part of particular slack groups. I like to be reasonably transparent with my friends, so it’s been humbling to have folks be transparent in kind and share that struggle with me.

Continue reading “Comparing Ourselves to Others in the Networking Community”

400 Bad Request Error on the Cisco ISE 2.3 Guest Portal

I had to deal with an issue with a wireless network guest portal for a customer recently that had me and TAC stumped for a month. The splash page seemed to load fully, but there was always a small spinning circle in the center suggesting something on the page didn’t quite finish loading. It resulted in end-users seeing an intermittent but frequent error when they connected to the guest wireless getting the redirect URL to the guest portal page on Cisco Identity Services Engine 2.3. The error was


[ 400 ] Bad Request,The request is invalid due to malformed syntax or invalid data

and here’s what I did to troubleshoot and eventually fix it.

Continue reading “400 Bad Request Error on the Cisco ISE 2.3 Guest Portal”

Build a Lab!

Working for a VAR means that I’m quickly moving from customer to customer, from project to project, and from technology to technology. Often there’s an expectation that I’m able to configure anything and everything on the fly, and with little to no knowledge of a customer’s network. However, moving at this pace and having to touch so many technologies means that I’m sometimes working with tech I’m only vaguely familiar with and without enough hours to dig into training.

Continue reading “Build a Lab!”

Engage with the Networking Community

I’ve been an active part of the networking community on social media for only a few years. Before that I was a passive consumer of tweets, blogs, and videos. A previous manager inspired me to be more active, and very quickly after engaging directly with bloggers, podcasters, and engineers, the value of being an active participant became very clear to me.

Continue reading “Engage with the Networking Community”

Simplifying Network Security with Context-Aware Micro-Segmentation

I spent about a year completely focused on network security, and one thing I learned was that spending all my time focused on securing the perimeter to the neglect of intra-LAN traffic was a recipe for disaster.

Most of the traffic in our data centers is east-west, with only a small fraction actually being northbound out to the rest of the world. The cost of massive firewall appliance clusters operating at line-rate is astronomical, and it doesn’t make sense to punt traffic all over the place if there’s a better way.

Continue reading “Simplifying Network Security with Context-Aware Micro-Segmentation”

Locating Wireless Clients and Location History in Cisco Prime with CMX

Locating a wireless client in real time and viewing its location history in Cisco Prime Infrastructure is a little bit different with CMX than with MSE. In this post we’ll walk through the few steps to locate a wireless client among all your maps and then view its location history.

Continue reading “Locating Wireless Clients and Location History in Cisco Prime with CMX”

Networking is Finally Catching Up

Servers, especially Linux servers, have been managed programmatically for years. Today, it goes almost without saying that a decent IT department is running Chef, Ansible, or some other tool to manage their servers as pools of resources.

What strikes me as odd is that this didn’t catch on in the network side of the house. Of course, there are always exceptions. A look at networking forums from years ago will showcase a few ambitious engineers arguing over using Expect or Perl scripts to manage their switches, but this was the exception in the networking industry, not the norm.

At Networking Field Day 17, several vendors that have long embraced network programmability turned their gaze from the data center to enterprise networking, and it seems as if networking may be finally ready to catch up to what we’ve been doing with servers for decades.

Continue reading “Networking is Finally Catching Up”

Helpful Mnemonic Devices for Networking

When I was a new high school English teacher I sat through a class on grammar my department chair taught to her 7th graders explaining a preposition is a word that describes anywhere a mouse can go. I’ve never forgotten that.

A few years later I changed careers to IT and found some very helpful mnemonic devices and acronyms that helped me remember various aspects of networking.

Here are a few that I used over the years:

Continue reading “Helpful Mnemonic Devices for Networking”

Dual WAN Router with Dual ISP Using BGP and OSPF

There are a small variety of methods to implement failover of your WAN perimeter between two ISPs. In this post we’ll look at one way to accomplish this goal with a few technical requirements.

Keep in mind that there are several ways to accomplish this same goal depending on the hardware available, the flexibility of the ISPs, and the skill level or preference of the engineer.

This topology utilizes two edge routers and two ISPs instead of the single edge router design I wrote about recently (you can read that here). For this post we’re using Cisco routers, but the concepts apply universally. Our requirements are that we maintain connectivity from our inside host to the internet in the event one of the company routers fails or one of the ISPs fails. Failover and fail-back must be automatic with no manual intervention.

Continue reading “Dual WAN Router with Dual ISP Using BGP and OSPF”

Blog at

Up ↑