Validating SGT Inline with Netflow and Embedded Packet Capture

In the last article, Learning TrustSec, An Introduction to Inline Tagging, we took a quick look at manual configuration of SGT Inline Tagging in a manual configuration. We also performed some validation with show commands and proved the operation by enabling enforcement.

In today’s article, we will perform slightly deeper validation of the inline imposition itself. For this process, we will use Netflow and Embedded Packet Capture. I happen to know that there is already EIGRP traversing the link that will help produce some output. Let’s just jump right in with a very basic Netflow configuration.

Netflow Configuration

Continue reading

Posted in Uncategorized | Leave a comment

Learning TrustSec – An Introduction to Inline Tagging

In my last article, Basic TrustSec – Implementing Manual SGTs and SGACLs,
we talked about a basic TrustSec configuration. In that example, we shared the understanding of having two devices connected to a single switch and enforcing traffic policies via SGACL. We know that there are more scalable and automated ways to configure TrustSec enabled networks, but our goal is to work toward understanding the building blocks.

In today’s article, we will expand our knowledge and connect the two devices to different switches. The trunks between these switches will be configured to carry the associated source SGT’s (Security Group Tags). The topology used for this discussion is as follows.


Continue reading

Posted in Uncategorized | 1 Comment

Basic Trustsec – Implementing Manual SGTs and SGACLs

Trustsec is a mature and interesting policy mechanism available in most Cisco gear. The features and capabilities vary depending on device type and class. One of the frustrations I have is that almost every Trustsec reference I find focuses on the use of ISE. While I consider ISE a key component, I think a manual configuration is a better way to understand the components of the solution.

This post is the first in a series that will go through the configuration of Trustsec in various places in the network. I hope to examine classification and tag assignment, propagation techniques and enforcement. Ultimately, I will introduce ISE but it will be the tool that makes this technology dynamic and robust. The goal is to build a better foundation by taking a step by step approach into the world of Trustsec.

In this article, I will simply build a network with a Catalyst 9300 and two devices. One device will be assigned an SGT of 2 and the other will receive an SGT of 3. I understand that many are concerned about the fact that they don’t have this class of switch at the access layer. Future articles will address how Trustsec can be leveraged with varying device types in different places in the network.

Continue reading

Posted in Uncategorized | 2 Comments

How Does Your Organization Value Technology?

Just a quick thought here today. Thinking about the organization you work for or the organizations you work with, how would you say they view technology?

  1. Key to Success – Technology is an enabler AND a primary differentiator
  2. Important – The core business requires a commitment to technology to succeed
  3. Just Another Budget Item – Technology is a necessary evil

Continue reading

Posted in Uncategorized | Comments Off on How Does Your Organization Value Technology?

Viewing Cisco Proximity with SpectrumView

I wanted to share a quick trick for troubleshooting Cisco Proximity. For those that haven’t stumbled onto this particular technology, Proximity is a feature in Spark Connected and Traditional Cisco Video Endpoints that provides a pairing channel for screen sharing. Specifically, the codec announces its presence and connection information via 22khz audio stream. The client device then uses that connection information to make a connection over the network and share the screen with the codec. Since 22khz is beyond what the human ear can hear, there is a need for some other tool to check for its presence.

The tool I use to check for the pairing channel presence is SpectrumView and is available in the Apple App Store. Continue reading

Posted in Uncategorized | Comments Off on Viewing Cisco Proximity with SpectrumView

Firepower FMC API – Initial Observations

As many of you know, I am not a developer but I do occasionally hack stuff together. This article is just some of the initial things I have learned working with the Firepower Management Console API.

A good place to start is the Firepower REST API Quick Start Guide. This can be found at the following URL.

Firepower REST API Quick Start Guide

One thing to note is that there is a recommendation to use a dedicated username for the API. I would go a step beyond that with a recommendation for testing and development. During development, I currently have a username for the FMC UI, a username for the API Explorer and a username for whatever tool I’m working with (Postman or a Python Scripts). The reason for the extra accounts is that logging in to any of the UI’s tends to generate a new token (and invalidate the old one). This causes a constant reauthentication to the Web Interfaces. Continue reading

Posted in Uncategorized | Comments Off on Firepower FMC API – Initial Observations

What’s Your Biggest Professional Challenge?

Now that we are in a new year (wow, it is hard to believe it is 2018), I want to ask a simple question. With what you are trying to accomplish at work or in your career, what is your biggest challenge? Is it something only you can deal with or is it something that someone can help with? Would you consider this challenge a personal challenge for your own career goals, or is it a challenge that you are trying to solve to further your employer’s objectives?

For me the answer would be something like this–

  1. Biggest Professional Challenge–distractions
  2. Who can help with this–mostly me, but my employer certainly doesn’t help and probably doesn’t truly understand the efficiencies that could be gained.
  3. This is a personal challenge–but my employer could certainly reap the rewards if I could improve in this area.

I wouldn’t necessarily consider this my resolve for 2018. However, it is certainly an area that I will work hard to improve in this new year.  Continue reading

Posted in Uncategorized | 2 Comments

Reading EEPROM – Obtaining the GE Concord Express Installer Code

One of the more frustrating things for me is when someone, or some company, attempts to control me. Typically having the desire for less responsibility, I have no desire to control individuals in this way. Recently, I started looking into what moving my alarm system to a new monitoring service would entail. The primary goal included eliminating the dependence on a landline and getting the flexibility to do reconfigurations myself. I own the alarm system and I felt like I should be able to make those changes.

Upon investigation, I found that my alarm system was a bit challenging to reset the installer code. Searching the Internet yielded several options to try–1234, 9876, 4112 and 6112. Unfortunately, none of those worked for my system and a call to my current alarm service company was met with, “We don’t provide those, we want to protect you from

making accidental changes.” They eventually agreed to try to change the code to another value  and called me back a few times. Eventually, their remote effort fizzled out, but I’m

sure they would’ve changed them with an on-site visit and a $75 service fee.

A few searches on the internet suggested copying EEPROMs or analyzing them. I fo

und that my unit used a MIC24LC64 chip and started researching ways to read it.

Disclaimer: Use this process at your own list. It worked for me, but I practiced the process on a separate alarm panel that had no value. Removal of and reading of the EEPROM may result in a damaged chip or loss of configuration if it is not done properly.

EEPROM Reader and Software


For me, the biggest challenge was getting an EEPROM reader working with my computer. The EEPROM reader that I purchased is a “SMAKN® USB Port 24CXX EEPROM Programmer Reader Writer to 24C1024 for XP VISTA WIN7” that I picked up from Amazon for roughly $10. It is cheap and also lacking documentation and software. Getting the software working and reading an EEPROM was a bit of a challenge. My first recommendation is watching this video from YouTube.

YouTube — USB EEPROM Programmer and CH341A **DOWNLOAD LINKS Continue reading

Posted in Uncategorized | Comments Off on Reading EEPROM – Obtaining the GE Concord Express Installer Code

Displaying Pi Output on an LCD

A few weeks ago, I shared an article about leveraging the Meraki API and a Raspberry Pi to create a Dummy Light for My Network. Today’s article expands on this slightly by adding a 16×2 LCD Display for additional output flexibility. For the sake of demonstration, we will continue to use the Meraki API as the source of what will be displayed. An example of what I have built is shown immediately below in this short video.


To accomplish this, I added the HD44780 to my Raspberry Pi (Pi 2 Model B) using the following pinout. Continue reading

Posted in Uncategorized | Comments Off on Displaying Pi Output on an LCD

A Dummy Light for My Network

I’ve always heard the red lights in car dashboard referred to as Dummy Lights. One example might be the use of a light to indicate high temperature in lieu of a temperature gauge. Over the past few weeks, I’ve spent more time doing unique things with hardware and software. Yesterday I challenged myself to build an indicator light to show health issues with my Meraki MX.

Before I get into this, the cool factor here is not what I have built. The cool factor is that someone with very little experience, driven by curiosity, can build this in a very short period of time. I’m neither a professional developer nor someone with deep knowledge around hardware hacking. So I want to solicit thoughts, feedback, and recommendations.

The Trigger

After a little research, I found that the Meraki Dashboard provides a “Load Monitor” that is returned via a perfScore value. This feature is in beta and there’s not a lot of information on it. Therefore, consider your own data source that you would like to use as a trigger value. The following python code will store a numeric value (score) between 1 and 100 (with a lower number being a better score).

import requests
import json
import time
import datetime

mydashkey="****API Dashboard Key****"
mydevice="****Dashboard Device ID****"

url = "" + mynetwork + "/devices/" + mydevice + "/performance"

headers = {
    'x-cisco-meraki-api-key': mydashkey,
    'content-type': "application/json",
    'cache-control': "no-cache",

response = requests.request("GET", url, headers=headers)

jsondata = response.json()
score = jsondata['perfScore']

The Wiring

Since we know how to get a value for comparison, the next step is wiring up a Raspberry Pi. In my case, I used pins 6, 11 and 12 on my Pi (Pi 2 Model B) and wired two LEDs.


I leveraged a 1K Ohm resistor, but many choose a 330 Ohm. The right section of this breadboard is my actual wiring. Its hard to see the resistor but I connected both LED cathodes to a common column and inserted the resistance between that column and the ground. Continue reading

Posted in Uncategorized | 3 Comments

Back In The Future

There are several good nuggets that can be found in this Ted Talk. I particularly like the impetus on local communities and the idea of a Business Plan contest for high school students.

Innovation: Five Steps to Get Your Local Economy Back to the Future

Continue reading

Posted in Uncategorized | Comments Off on Back In The Future

I Don’t Need a Car

You know, having conversations with teenagers can be a little annoying sometimes. One of mine (and I’ve heard others) keeps responding to my answers with “Why”. While this gets my blood circulating a little too fast in some contexts, getting to the simplest form of the answer often has validity. John G. Miller actually wrote a book called QBQ! The Question Behind the Question: Practicing Personal Accountability in Work and in Life. 

Circling back to the car, why do I have three of these financially draining machines if I don’t need one? The answer is simple, automobiles are a means to a necessary end for my family. We go to work, we play, we go to college, high school, and the associated extracurricular activities. Transportation is necessary for the way we conduct our daily lives. Transportation in middle America requires a car. Continue reading

Posted in Uncategorized | Comments Off on I Don’t Need a Car