Skip navigation

Monthly Archives: December 2013

lab_end_2013

Unfortuntely I didn’t have much time to update my blog over the year as I had originally planned. This year I replaced the Cisco XL 2924 switch with a Cisco SF300. The reason for this is that the old switch did not support 802.1x authentication and I had wanted to try it out. In fact, some interesting projects that i have successfully completed on my lab throughout this year include:

1) 802.1x wired (cisco SF300) and wireless (AP bridges) authentication. Windows server 2008 server was used as the authentication server, the radius server and the internal Certificate Authority. The setup works quite well. There are some issues though, such as sometimes the laptop NIC doesn’t authenticate properly but once i unplug and plug in again the network cable it successfully connects. I read somewhere that it could be a bug and which needs to be addressed on some systems. However on mine, it didn’t seem to work.

2) Squid Transparent Proxy. I setup squid on ubuntu and through WCCP, redirected HTTP taffic entering the ASA to the proxy server and back. This allowed to proxy all my http traffic for every client, being tablet, laptop, mobile. However i did come across some limitations. For example, the proxy server had to be in the same vlan/network that the “proxy-ed” clients are in. If you try placing it in some management vlan,(and provide routing for it) it will not work. Apparently, this limitation is present only with ASAs, since with a bare cisco router, i was told it worked fine.

3) Cluster NTP Server. I used two ubuntu machines to setup a clustered NTP Server. No rocket science but it worked very well. Heartbeat was the package which allowed server clustering.

That is about it. Time permitting i will include the configurations of the three projects on the blog.

Merry Christams!