Category Archives: Cisco

CiscoLive 2023 – Day Three

Had some good classes today!! I enjoyed the class that covered an overview of the CAT 9000 series of switches! Although the class was focused on the access layer, there was some info on the entire line. It’s nice to see that their various lines of switches (2900, 3600, 4500, and 6500) have all been consolidated into a single series of switches with a common architecture and operating system. With the 9000 series, it can take you from the access layer, through the distribution layer, and into the core. Thanks Cisco!!

I then took an intro class into BGP…it’s been a long time since I worked with BGP (it was still a 2-byte AS field). The two instructors, Gustavo Sibaja and Peter Paluch, did a very good job tackling a complex subject…and they made it fun!!

I also stopped by a variety of Cisco booths, checking in on the status of Cisco SIG, future plans for branch site security controls, etc. I can tell you this…Cisco is betting big with Secure Access! Umbrella SIG will ultimately be rolled into this service, and if Cisco can deliver on their promises, this could be a game changer for many organizations. Hopefully, it won’t have the growing pains that SIG had.

While walking around the World of Solutions, I noticed the Social Media Hub…

Other than taking this picture, you will never find me sitting in one of these! I am not a big believer in social media…in fact, I like to call it Anti-Social Media. There is a lot of potential good with social media…however, the results thus far have been largely negative, and even damaging. One can always hope…

Y’all have a great day!!

wri mem

CiscoLive 2023 – Day Two

The main keynote address was this morning…it started out with a group of dancers doing their thing. It didn’t do much for me…but most of the attendees liked it. Afterwards, there were several talks by some of Cisco’s divisional VP’s…they were ok, but most of them were glued to their teleprompters…can’t flub in front of a world-wide audience! However, Chuck Robbins (CEO) did a good job…you can tell he practiced his material, and rarely looked at the prompter. He also had some good information and news, and did a really good job of addressing his audience…thanking us for the job we do on a daily basis. He should be pleased with his presentation.

As for the rest of the day, I had some interesting classes…took a couple of walk-in labs…it was a good day!

write mem

CiscoLive 2023 – Day One

Started the day off by drinking the Cisco Kool-aid…don’t you know that Cisco SD-WAN solves all problems!! Actually, they do have a very complete and mature solution…but it is equally complex and costly. If you have a lot of on-prem and Cloud based systems, and they all need to communicate with each other in a variety of manners, the Cisco SD-WAN solution will make it all work. Seriously…they cover all the bases, and then some. For smaller enterprise networks though, it’s probably overkill. Do yourself a favor and research SD-WAN…let your application requirements drive the network design. And remember…keep it simple!

I also attended a class on the Cisco CCNP…just to see what’s changed…which is not much over the last 4 or so years. However, the CCNP test is changing a bit this September…not too much they said, maybe about 20% of the test is getting updated. Not sure what parts though.

My wife and I then took a taxi down the strip, had dinner, watched the fountain show at the Bellagio, then walked all the way back to the Mandalay Bay hotel. It was an enjoyable evening!!

write mem

CiscoLive 2023 – It’s Been a While…

It’s been a while since I last updated this blog…life gets in the way sometimes. However, now is the time! And what better reason than CiscoLive 2023 in Las Vegas!!

YES!!

My wife and I flew in yesterday afternoon (Saturday), and we are staying at Mandalay Bay Resort. CiscoLive is also located here, so no worries about transportation to/from the conference…this is VERY nice! I also purchased the Explorer pass for my wife…she is a bit of a geek herself, and she enjoys attending the main Keynotes, World of Solutions Expo, and the Cisco Live Celebration!! And her pass includes lunches, so we can meet up for that too!

This most likely will be my last CiscoLive! I’m retiring soon, and my manager at work was happy to coordinate this “last hurrah”, and send me to CiscoLive. (The company I work for is awesome!) I’m looking forward to gaining more knowledge about SD-WAN and related technologies. The network I manage is DMVPN based, and it’s been rock-solid for years. And since we have no Cloud presence (as yet), there has been no need for SD-WAN. However, that may be changing in the next year or two…so SD-WAN may be an important option soon. Cisco has a solid SD-WAN solution, but so does Palo Alto, VMware and Fortinet. And to be honest, although I have been drinking the Cisco Kool-Aid for many years, I am very open to other vendors. Dealing with Cisco these last 5 or so years has been a bit painful…(more about that another day).

I’ll try to provide updates over the next several days…fingers crossed.

write mem

CiscoLive 2017 Las Vegas Day 1 – Opening Keynote & More

It was a great opening day of CiscoLive 2017 in Las Vegas! First session of the day had to do with using Cisco Umbrella (OpenDNS) to track down cyber activity within your network…

An excellent introduction to Cisco Umbrella

Next up was the opening keynote by Cisco CEO Chuck Robbins…

Opening keynote by Cisco CEO Chuck Robbins

His keynote was actually interesting and well done, with little of the humorous hi-jinks of years past…it was professional. His main point concerned how things are changing in the network industry, and in big ways. I may not be involved with all of the new networking technologies that are on the horizon, but one thing was very apparent…I need to adapt to the new world. If I stick to the traditional routing and switching of years past, I might find myself on the outside looking in. And that is not a good thing!! An indication of this is the evolution of Cisco certifications…

Next generation of Cisco certifications

Keep your skill set up to date…or be left behind.

Next up, Chuck had a special guest come up to the platform to discuss the partnership between Cisco and Apple. Yep…the guest was Apple CEO Tim Cook…

Guest CEO Tim Cook from Apple

As for the afternoon, I spent most of it in the vendor expo “World of Solutions”….there was LOTS to see and do, AND learn!! I spent most of my time learning about SD-WAN technologies, updated security solutions, and logging/SIEM solutions. Plus, my wife attended with me!! Yes, I’m a lucky man…my wife is part geek too, and she loves attending CiscoLive with me. I purchased a “Social” pass for my wife which allows her to attend each days keynote address, World of Solutions, and the Cisco Customer Appreciation Event on Wednesday evening. She had a wonderful time today, as did I.

At the end of the day, we took the monorail down the Las Vegas strip and watched the Bellagio Fountains light show…make sure you don’t pass this up, it was well worth the time!!

Bellagio Fountains at nightime

Time to get some rest…it’s going to be another long day tomorrow…

Cisco IOS Feature/License Options

I need to add a feature (or license) to a number of my Cisco routers. This can get a bit confusing though, as Cisco made changes to their licensing model when they introduced the ISR G2 series of routers (IE: 1900, 2900 & 3900 series).

These routers use a “universal” image, and you simply license the features you want…in my case the routers are licensed for IPBase and UC, and I need to add the SEC (Security) license to the router. The license tree is pretty simple…

License options for newer Cisco routers

For my older routers, I’m currently running SP Services and I need to add Security/VPN, which means I need to upgrade to Advanced IP Services.

Feature set (IOS) options for older routers

Either way, Cisco is going to get a lot more money from me!!

CVD’s – Cisco Validated Design Guides

If you ever need some help in designing a network, wondering what’s the best practices for security or wireless, then Cisco has some very helpful information for you! Over the years, Cisco has put together a bunch of official network designs that you can review and use to assist with your own network design challenges. Cisco calls them CVD’s…or, Cisco Validated Designs. When they first started out, the designs were very technical and written in a bit of a bland manner (written by CCIE’s no doubt). Now, however, they are very colorful, lots of visuals and slick copy art, but…they are still technical and very helpful!!  (I would imagine they are still written by a bunch of CCIE’s, but then filtered through a design/publishing group of some sort.)

Take a look at this link:  Cisco Validated Designs

I’m in the process of reviewing and upgrading my core VTI/DMVPN infrastructure, and I’m reading through the CVD “Intelligent WAN Technology Design Guide”….

Cover pae for the CVD iWAN guide

Cover page for the CVD iWAN guide

This design guide is NOT light reading…it’s 287 pages of very technical information and sample configurations…VERY cool. It’s going to take me several days to digest this thing…but already it has answered several questions that I’ve been wondering about.

When you’re viewing the CVD webpage, scroll down near the bottom to the “Design guides by category”…as you can see, there are a ton of options which should cover just about anything you are interested in.

Enjoy!!

Nexus Switches – Time to do Some Serious Learning!

I have yet to work with the Cisco Nexus line of switches…just never had the opportunity. I’ve worked a lot over the years with Cisco’s chassis class line of switches (5500’s and 6500’s), and a bunch of their stackable switches (3600’s and 3700’s). So, all of a sudden, I need to learn about Cisco’s 9000 line of Nexus switches…and fast. What to do??

Read…a lot. I spent a fair amount of time this weekend just reading up on a bunch of technical papers from Cisco. Here is a great starting point…scroll down to see a large variety of topics pertaining to the 9000 series…

Cisco Nexus 9000 Line of Switches

The next thing I did was setup a small two-tier Nexus network simulation within VIRL.  This is very cool…I am able to check out configurations, learn the NX-OS syntax, and just have some fun playing with the Nexus switches. Topology was straight forward, and I have BGP and OSPF in the mix…(AutoNetkit is your friend)…

Simple Nexus switch simulation running in Cisco VIRL

Simple Nexus switch simulation running in Cisco VIRL

Now, running a Nexus simulation within VIRL is not perfect…there are still some features that don’t work, such as vPC (Virtual Port-Channel), but it is a good start. And it is sure helping me out a lot.

Note:  There is a bug in the NX-OSv VIRL node that ends up creating all of the switch interfaces with the same MAC address (0000.0000.002f).  Obviously, nothing works if this is the case. The VIRL team is working on this, but there is a work-around…simply use AutoNetkit to create the switch configs, and each interface will have proper MAC addresses created. If you would rather do most of the configuration yourself, then still use AutoNetkit but choose the “Infrastructure Only” option…you will end up with a minimal starting configuration, but with working MAC addresses. AND…remember to click the “Build Initial Configurations” button before you start the simulation!!

Enjoy!!

Cisco Security Advisory – IKE Vulnerability in ASA Code (CRITICAL)

Cisco ASA (via cisco.com)

Cisco ASA (via cisco.com)

Cisco released a critical security advisory today concerning an IKE vulnerability within the ASA software OS…and let me tell you, this will affect a LOT of people! If you are running one of the affected software versions (and I am), then you will want to update your ASA appliance very soon. I’ll have mine updated in the next couple of days.

Don’t delay. Once you read the advisory, you will know why!

Riverbed Interface Configuration via Command Line Interface (CLI)

Yes, it’s been a while since I did much of any postings, but I’ve been both very busy at work and out of state on vacation. Things are starting to calm down a bit now, so back to some network related postings…

I worked late last night upgrading a batch of out-dated Cisco 3750 switches (first generation), installing a stack of new 3650 switches. I have to admit, these switches are nice! But like most all of Cisco’s stuff, they don’t play well with other vendors products in terms of interface auto-negotiation. The existing switches were all 10/100 interfaces, and we had a Riverbed device installed between the switches and router, so all of the related interfaces were manually configured for 100 Mb, full duplex.

Since the new switches were all gig, and the router was too, I reconfigured them for auto/auto for both speed and duplex.  But I needed to configured the Riverbed device too.  (When I first brought everything online, the Cisco devices came up 100/half….not good at all.)

Since the GUI interface on the Riverbed does not handle interface configurations very well, I connected to the device via SSH and configured the interfaces using the command line…which as we all know is the best way to do anything!! As you can see, interface wan0_0 is configured for 100/full…

Command showing current settings for wan0_0 interface

Command showing current settings for wan0_0 interface

To change the configuration is easy…here are some of the options…

Interface configuration options

Interface configuration options

And here I changed both wan0_0 and lan0_0 interfaces for auto/auto operation…

Setting interfaces to auto/auto

Setting interfaces to auto/auto

It was that simple. I then unplugged both cables to my router and switch, reconnected them, and all interfaces came up 1000Mb (gig) and full duplex.

Working with Riverbed on the command line is rather easy, and you will find many of the commands are similar to Cisco.