Cisco's Identity Services Engine (ISE) is a powerful rule-based engine for enabling policy-based network access to users and devices. ISE allows policy enforcement around the Who?, What?, and When? of network access.

• Who is this user? A guest? An internal user? A member of the Finance department?
• What device is the user bringing onto the network? A corporate PC? A Mac? A mobile device?
• When are they connecting? Are they connecting to the secure network during regular business hours or at 02:00 in the morning?

These questions can all be answered easily within ISE and are all standard policy conditions that are relatively easy to implement. In the post below I'm going to focus on the How? — How is the user or device connecting to the network? Asked another way, the question is Wired? or Wireless?

I don't really keep up to speed on consumer technology. For me, the enterprise IT space holds more challenge and interest. There is one piece of consumer tech though that has become fully ingrained in my life: the tablet. For that reason, I'm going to summarize my experience in using both Android and Apple based tablets.

I've had two main areas of interest in my IT career. Professionally, I've been a network guy. Designing, building, and supporting IP networks is what pays my bills. On the other side, I'm a Unix geek. Building, tinkering, and hacking code on Unix systems and related open source software has always been fun and challenging for me. Recently I was reflecting on my career and realized that my Unix and open source experience has played a big role in my career as a network engineer. Here's some of the ways I believe network engineers can benefit from Unix experience.

I read two interesting articles on VTP (Cisco's VLAN Trunking Protocol) this week.

The first is an older article from networkworld.com that reminds us all that VTP clients are also capable of updating VLANs on the network, not just servers.

When I first heard that a VTP client can update a VTP server under the right conditions, I was frankly a non-believer. No way. I'd seen evidence to the contrary in several documents at cisco.com and in Cisco courses - but all the evidence was written, without my doing any experiments. So, I spent some time experimenting a few years ago, and found that it's true - clients can overwrite VTP server's VLAN databases.

If you're an IT professional you've probably been hearing a lot about cloud computing lately. I know I've sat through a number of seminars and sales pitches where people have been touting public cloud services on the merits of lower cost, reducing infrastructure and quicker implementation of services. However, I've noticed that almost none of these presentations discuss the increased reliance on Internet connectivity. With all the focus on the benefits of cloud computing, it's easy to forget that there has to be a trade-off. In order to offer reliable, quality access to public cloud services, your Internet connectivity likely needs some tuning.

One of the first things I wanted to do with my ESXi lab box was to simulate a hard drive failure to see what alarms would be raised by ESXi. This exercise doesn't serve any purpose in the "real world" where ESXi hosts are likely to be using shared storage in all but the most esoteric of installations but since my lab box isn't using shared storage I wanted to make sure I understood the behavior of ESXi during a drive failure. This post is also a guide to my future self should a drive fail for real :-).

It's been a long time since I've taken a run at getting Olive up and working. I wanted to take another stab at it and document how to get a working Olive installation using the latest JUNOS code. I also wanted to document how to get Olive up inside VMware ESXi since I hadn't actually done that before.

Olive refers to a regular PC or virtual machine that is running Juniper Networks' JUNOS software. Juniper created Olive early on so they could perform testing of JUNOS during development. These days Olive is deprecated in favor of cheap, low-end M and J-series routers but is still used by people wanting to evaluate/test JUNOS or those who are studying for Juniper certifications.

For the most part Olive is fully functional as a basic router. The folks at JuniperClue have a good list of what's known to work and known to not work so I won't reproduce a separate list here.

I recently built a VMware ESXi host at home. When I was researching the hardware, I learned there are a number of things to consider when choosing a RAID card for use under ESXi. This article covers those things and offers advice for anyone who is building a similar system.

As part of the recent hardware upgrade to my ZFS file server I replaced the motherboard. I'd never replaced the motherboard on an active Solaris system before and was curious whether it would be at the easy end of the spectrum (like OpenBSD is) or at the impossible end (like any recent version of Windows). This is what I learned.