Adam Hollifield

Ruckus SmartZone 7.0 and later support a new RADIUS VSA (Vendor Specific Attribute) for dynamic URL redirection. This means that Cisco ISE can integrate with SmartZone Controllers just like Cisco WLCs and Meraki APs.  The ISE built-in RuckusWireless NAD profile must be duplicated and modified to use Ruckus-External-Url VSA for the $URL variable. ISE will dynamically insert the PSN FQDN and portal port number during authorization. Ruckus also supports pushing an ACL name via RADIUS from the standard RADIUS Filter-ID attribute. SmartZone also now supports CoA for URL redirection once the client successfully logs into the ISE portal. Ruckus-EXTERNAL-URL VSA Filter-ID ACL Once the NAD profile is modified and applied to the NAD definition for a Ruckus Controller, the ISE guest rules can be built out just like you normally would for any Cisco NAD. 

My wife and I completed a 6.5 mile ride at Flatwoods Wilderness Park, located in Northeastern Hillsborough County. I've biked this park since middle school, but it's been many years since I was last here. The park has over 30 miles of off-road bicycle single track. The land is owned by the Southwest Florida Water Management District (SWFWMD) and operated as a Conservation Park by Hillsborough County . The bike trails are maintained by the SWAMP Mountain Bike club , which operates and manages several off-road mountain bike trails throughout the Tampa Bay Area.  The Flatwoods area is a massive flood plain and headwaters of the Hillsborough River. Formally known as the Hillsborough Flood Detention Area (HFDA) In the rainy season, or during hurricanes, SWFWMD controls flow into the Hillsborough River using a flood control structure originally built in the 1960s to protect the cities of Tampa and Temple Terrace from floodwaters. An alternative water flow path, the Tampa Bypass Cana...

Brooker Creek is a small waterway in Northwest Hillsborough and Pinellas Counties. Brooker Creek flows through two nature preserves, agricultural, and residential areas before eventually emptying into Lake Tarpon. Lake Tarpon then flows into Tampa Bay. Brooker Creek Headwaters Nature Preserve is a 1121 acre preserve located in the Keystone area of Hillsborough County. It is owned by the Southwest Florida Water Management District and operated by Hillsborough County Conservation and Environmental Lands Management Department . This preserve exists to protect the health of the headwaters of Brooker Creek and its contribution to Lake Tarpon and Lake Keystone. The preserve includes several miles on unpaved hiking paths and also contains portions of the paved Upper Tampa Bay Trail from Van Dyke Road to the Suncoast Parkway on Lutz Lake Fern Road. The headwaters consist of a chain of wetlands on the north side of Lutz Lake Fern Road (outside of the preserve boundary) and flow southwest until...

Below is a template for Aruba AOS-CX Switches for 802.1X and MAB. This template can be used with any standards-based RADIUS server such as Aruba ClearPass, Cisco Identity Services Engine, Fortinet FortiAuthenticator, FortiNAC, FreeRADIUS, etc. This configuration is just basic 802.1X and MAC Address Bypass, it does not cover Downloadable User Roles (DUR) or other advanced Aruba segmentation features.  The various sections of the configuration are explained prior to each as a comment denoted by !. This configuration should be valid for any version of AOS-CX and has practically been tested with both Cisco ISE and Aruba ClearPass. !Define the RADIUS servers. This can be a ClearPass VIP, a load-balancer, or the actual RADIUS servers. Replace the x.x.x.x with your RADIUS server IPs. radius-server host x.x.x.x key plain-text SuperSecureKey! radius-server host x.x.x.x key plain-text SuperSecureKey! !Place the RADIUS servers inside a AAA group. Replace [name] with the whatever name you...

I see a lot of customers continue to use PEAP/MS-CHAPv2 for 802.1X network authentication to Cisco ISE and other network access control platforms and RADIUS servers.  STOP!   MS-CHAPv2 uses broken MD4 encryption and should no longer be used to pass sensitive credentials over any network.  Microsoft has taken steps to disable PEAP/MS-CHAPv2 for Active Directory credentials in updated versions of Windows 10 and Windows 11.  You can get around this with a registry hack but it's still a BAD idea.  If you are still using MS-CHAPv2 for 802.1X authentication, it's time to migrate to certificate based authentication methods instead such as EAP-TLS.  Even better, use TEAP with user and machine authentication using certificates.   Some use-cases (like BYOD or guest access) could also transition to SAML-based authentication to your IDP of choice.  SAML Assertion sometimes can remove the need for a RADIUS server all together.  Having a secure, robus...

I'm happy to announce that I have received the Aruba Network Airheads MVP Expert designation for 2024 for my assistance in the Airheads forum around ClearPass design, implementation, and troubleshooting.  Be sure to check out all of the 2024  MVPs .

I'm pleased  to announce that I have been recognized as a Cisco Community Designated VIP for 2024 for my assistance in the Cisco Secure Network Access Control community focusing on Identity Services Engine.  Be sure to check out all of the   Cisco Community Designated VIPs .