On March 6, 2019, Cisco released a bundle of Security Alerts aimed at their Cisco Nexus/NX-OS line of switches. And by bundle, I mean 25 separate alerts! If you have any of the affected devices in your network, you better get some coffee brewing…(for me, that means lots of Dr. Pepper!!). The Security Alert bundle can be found here, and Cisco’s main webpage for Security Alerts can be found here.
Enjoy!
It was a great opening day of CiscoLive 2017 in Las Vegas! First session of the day had to do with using Cisco Umbrella (OpenDNS) to track down cyber activity within your network…
An excellent introduction to Cisco Umbrella
Next up was the opening keynote by Cisco CEO Chuck Robbins…
Opening keynote by Cisco CEO Chuck Robbins
His keynote was actually interesting and well done, with little of the humorous hi-jinks of years past…it was professional. His main point concerned how things are changing in the network industry, and in big ways. I may not be involved with all of the new networking technologies that are on the horizon, but one thing was very apparent…I need to adapt to the new world. If I stick to the traditional routing and switching of years past, I might find myself on the outside looking in. And that is not a good thing!! An indication of this is the evolution of Cisco certifications…
Next generation of Cisco certifications
Keep your skill set up to date…or be left behind.
Next up, Chuck had a special guest come up to the platform to discuss the partnership between Cisco and Apple. Yep…the guest was Apple CEO Tim Cook…
Guest CEO Tim Cook from Apple
As for the afternoon, I spent most of it in the vendor expo “World of Solutions”….there was LOTS to see and do, AND learn!! I spent most of my time learning about SD-WAN technologies, updated security solutions, and logging/SIEM solutions. Plus, my wife attended with me!! Yes, I’m a lucky man…my wife is part geek too, and she loves attending CiscoLive with me. I purchased a “Social” pass for my wife which allows her to attend each days keynote address, World of Solutions, and the Cisco Customer Appreciation Event on Wednesday evening. She had a wonderful time today, as did I.
At the end of the day, we took the monorail down the Las Vegas strip and watched the Bellagio Fountains light show…make sure you don’t pass this up, it was well worth the time!!
Bellagio Fountains at nightime
Time to get some rest…it’s going to be another long day tomorrow…
I need to add a feature (or license) to a number of my Cisco routers. This can get a bit confusing though, as Cisco made changes to their licensing model when they introduced the ISR G2 series of routers (IE: 1900, 2900 & 3900 series).
These routers use a “universal” image, and you simply license the features you want…in my case the routers are licensed for IPBase and UC, and I need to add the SEC (Security) license to the router. The license tree is pretty simple…
License options for newer Cisco routers
For my older routers, I’m currently running SP Services and I need to add Security/VPN, which means I need to upgrade to Advanced IP Services.
Feature set (IOS) options for older routers
Either way, Cisco is going to get a lot more money from me!!
If you ever need some help in designing a network, wondering what’s the best practices for security or wireless, then Cisco has some very helpful information for you! Over the years, Cisco has put together a bunch of official network designs that you can review and use to assist with your own network design challenges. Cisco calls them CVD’s…or, Cisco Validated Designs. When they first started out, the designs were very technical and written in a bit of a bland manner (written by CCIE’s no doubt). Now, however, they are very colorful, lots of visuals and slick copy art, but…they are still technical and very helpful!! (I would imagine they are still written by a bunch of CCIE’s, but then filtered through a design/publishing group of some sort.)
Take a look at this link: Cisco Validated Designs
I’m in the process of reviewing and upgrading my core VTI/DMVPN infrastructure, and I’m reading through the CVD “Intelligent WAN Technology Design Guide”….
Cover page for the CVD iWAN guide
This design guide is NOT light reading…it’s 287 pages of very technical information and sample configurations…VERY cool. It’s going to take me several days to digest this thing…but already it has answered several questions that I’ve been wondering about.
When you’re viewing the CVD webpage, scroll down near the bottom to the “Design guides by category”…as you can see, there are a ton of options which should cover just about anything you are interested in.
Enjoy!!
I’ve just recently completed an enterprise wide wireless upgrade to Meraki AP’s. I have to say it brought joy to my heart to get rid of all those old (very old!!) Cisco AP’s. Wow…they were such boat anchors! Now we have a state of the art, cloud managed, wireless infrastructure that will support my company for many years to come. And management is SO much easier now…all from a single pane of glass. To be honest, I’m not a huge preacher for “cloud” management solutions…but for a wireless network, Meraki’s cloud management interface is incredible!!
To get you started, you should check this out: Meraki Wireless Basics and Best Practices
Lots of great articles and best practices for wireless networks
Make sure to click on all three tabs…Guides, Articles and Most Popular. Lots of great information, and a fair of amount of it pertains to generic wireless networks, not just Meraki.
Enjoy!
If you haven’t checked out all the features available through VIRL, take a look at this features page located on the VIRL website…you can scroll down to the bottom, and under “All Features” click the “OPEN ALL” button. As you can see VIRL is a feature rich environment. One note of interest is the expected release of an updated Nexus switch object later this year…looks like it might include a number of layer 2 features, perhaps even vPC!!
Enjoy!!
Cisco ASA (via cisco.com)
Cisco released a critical security advisory today concerning an IKE vulnerability within the ASA software OS…and let me tell you, this will affect a LOT of people! If you are running one of the affected software versions (and I am), then you will want to update your ASA appliance very soon. I’ll have mine updated in the next couple of days.
Don’t delay. Once you read the advisory, you will know why!
Yes, it’s been a while since I did much of any postings, but I’ve been both very busy at work and out of state on vacation. Things are starting to calm down a bit now, so back to some network related postings…
I worked late last night upgrading a batch of out-dated Cisco 3750 switches (first generation), installing a stack of new 3650 switches. I have to admit, these switches are nice! But like most all of Cisco’s stuff, they don’t play well with other vendors products in terms of interface auto-negotiation. The existing switches were all 10/100 interfaces, and we had a Riverbed device installed between the switches and router, so all of the related interfaces were manually configured for 100 Mb, full duplex.
Since the new switches were all gig, and the router was too, I reconfigured them for auto/auto for both speed and duplex. But I needed to configured the Riverbed device too. (When I first brought everything online, the Cisco devices came up 100/half….not good at all.)
Since the GUI interface on the Riverbed does not handle interface configurations very well, I connected to the device via SSH and configured the interfaces using the command line…which as we all know is the best way to do anything!! As you can see, interface wan0_0 is configured for 100/full…
Command showing current settings for wan0_0 interface
To change the configuration is easy…here are some of the options…
Interface configuration options
And here I changed both wan0_0 and lan0_0 interfaces for auto/auto operation…
Setting interfaces to auto/auto
It was that simple. I then unplugged both cables to my router and switch, reconnected them, and all interfaces came up 1000Mb (gig) and full duplex.
Working with Riverbed on the command line is rather easy, and you will find many of the commands are similar to Cisco.
Continuing on the PRI troubleshooting theme (see my last post), here are a couple of Cisco resources to help…
T1 PRI Troubleshooting (Cisco Document)
And here is a helpful PRI troubleshooting flowchart (a link to this is in the Cisco document referenced above)…
PRI Troubleshooting Flowchart (Cisco)
Hope this proves helpful.
New VIRL Release Announcement
Cisco just released an updated version of VIRL (Virtual Internet Routing Lab), with a number of additional features. And as always, the upgrade process is a test in and of itself…how good are you at following detailed and exact instructions?
Here is the VIRL announcement page.
Enjoy!!