cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Solving a Network Security/Usability Paradox with Cisco OnePK

768
Views
6
Helpful
0
Comments
Cisco Employee

Meet one of our "Bring Your Own Project" winners: Ben Story (@ntwrk80). We are finishing the code for Ben's idea and will demonstrate it to him tomorrow in advance of CiscoLive. In the meantime, Ben was kind enough to share details on his idea in the form of a blog.


"To be honest I haven’t fully jumped on board the buzzword train of Software Defined Networking (SDN) just yet.  When Cisco first announced their OnePK product at Cisco Live, I was underwhelmed and thought; well I already script things on my network with Perl and PHP. 


Recently though, I started a new job at a much larger healthcare company.  One of the network’s security policies was that all network infrastructure devices have an Access Control List (ACL) in place to limit SSH access to the device.  This ACL was manually maintained and required the network engineer’s to have a static IP address at their desk or use one jump box (that always seems to be out of terminal services licenses) to access the network devices.  Adding to the frustration, I was the new guy so my IP wasn’t in the ACLs yet which meant waiting for someone else to grant me access on a per device basis.


As luck would have it, while I was dealing with this new problem, I was invited by the Cisco Champions program to a contest to come up with a problem to solve via OnePK.  On a whim I wrote up my problem and requested a program that would allow the following:

  • Identify a Network Engineer using AD or 802.1x (Cisco ISE)
  • Automatically update the network infrastructure ACL with the network engineer’s IP address no matter where in the network they are.
  • Automatically remove the network engineer’s IP address from the ACL when they log off.


Recently the team running the contest contacted me and mocked up my idea as an actual program.  You can see it live at Cisco Live! In the World of Solutions at the Cisco Booth. While this is just the tip of the iceberg for OnePK, I now see how it adds value to a network, even for seemingly small problems."

Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.