Who doesn’t love to make plans and have goals? It’s January of 2021. Let’s not discuss what happened last year. Many of us accomplished different things and many of us did not. No matter what happened last year, I’d like to look forward to making plans for this year. However, making plans is not enough. Executing is what needs to happen. Sometimes our execution is derailed by many outside factors throughout the year. This will happen. I believe it is best not to thrust all of our worries on the things we cannot control. Let’s focus our energy on the what is within our reach. As a network engineer, there are a few goals I want to briefly write about. I am hoping writing it will help keep me accountable. Continue reading “2021: Thinking Forward”
I have been nominated as a finalist in the 2020 Cisco IT Blog Awards! I feel blessed to have something I started last year be selected. My main goal in my blog is to motivate others in their IT career. We are all in this together. I have been selected as a finalist for the Most Inspirational category. One thing is for certain, I love to write and I love to motivate.
My one ask as we close this year out is that you take a moment and vote. Look through all the blogs and follow all of the good talent out there in each category. The winners will be announced early next year.
You can vote and check out the entries here: https://www.ciscofeedback.vovici.com/se/705E3ECD2A8D7180
Today’s networks have security and visibility requirements that can warrant complicated designs. A proper routing design takes time. Implementing security takes some thought. Having a properly segmented network goes beyond tossing a bunch of VLANs on a switch. One of the goals in a segmentation design is to engage the business and find out the who, what, where and why of communication in the network. If you know those business purposes, you can design around it. You can implement routing and firewall rules to control who or what has access to certain assets. In this entry to the blog, I have implemented a basic segmented network using EVE-NG. Let’s take a tour! Continue reading “The Occasion for Segmentation”
As we are busy diving into the world of programming and automation, I’d like to remind everyone of a way to make simple config changes to a Cisco switch or router using a text file. This might not be a breakthrough, but it helps when making changes to switches or routers when those changes can possibly disconnect you from the device. Imagine working on a re-IP of a switch or even a point to point link. You have your notepad ready to go. There is a new IP and default route and all you have to do is copy/paste. You paste in the IP and lose connection. Your default route change never actually pasted because you lost connection right after the IP change. You can no longer connect to the device; panic ensues. What might be a better way to make this change and avoid the “Uh oh!” moment? Continue reading “Simple Cisco Text File Changes”
If you are an administrator in a network somewhere you probably already know an important fact: Everything needs maintenance. At one point or another you have to upgrade something. In a perfect world, we would have consistent upgrade windows and periods of time we can take down a network for maintenance. If you have that, you are a lucky person. Looking for maintenance windows might fall into the same category as spotting a UFO. Often times, bugs or vulnerabilities bring forth these needed maintenance windows. In this case, I am upgrading a 3504 controller from version 18.104.22.168 to 22.214.171.124. The reason: CSCvs89410. This bug can corrupt images on 3600 and 3700 series access points. Continue reading “Cisco 3504 Software Upgrade”
Firewalls are a necessary component in any network environment, especially in an enterprise. Take a look at your front door, would you remove it permanently? Firewalls have evolved over the years from simple gatekeepers to complex security solutions that integrate with the rest of the network. Imagine if you could program your front door to only allow people in who wore green shirts. Once inside they would only be able to walk into the living room…on a Tuesday. My own firewall journey started years back on Juniper SSG350s then onto ASA and Palo Alto. I am currently looking into Cisco’s Firepower Threat Defense (FTD). As a fan of most things Cisco (ASA CX anyone?), FTD adds visibility to the rest of the ecosystem that might include AMP, ISE and Stealthwatch. With an ASA 5512-X in hand, my mission is to replace its ASA image with FTD. Continue reading “Image Swap: ASA to FTD”
Building a network for a new site from the ground up is great experience for engineers and administrators. However, if you are not organized it can also be a nightmare. Companies all over the world handle the “New Site” process differently. The way you maneuver through the project depends on the size of the organization as well as the teams involved. Some places have a complete Project Management Org that will take your project, organize it, shine it up and help you complete it. Project Managers can be a big help by following up with vendors, partners and making sure the teams are meeting deadlines among other things. However, sometimes you might not have a team of PMs helping you. You might be the PM for your particular “New Site” project. Whether or not you are the one doing everything or just the racking of equipment the following items or milestones are just reminders of tasks to keep in mind. Continue reading “New Location, Who Dis?”
Can you give me a list of all the destinations employees at your company are browsing to on the internet in the office and out? Would you know if all of those sites are safe? Are they clicking on those “Free Tablet Just For You!!!!!!” email links? The internet can be a dangerous place. DNS helps users easily reach destinations. Who is going to remember the IP addresses to hundreds of sites? However, DNS can lead users to malicious destinations as well. You might have a need to protect users or enforce company policies at the DNS level.
This post will be a review of Cisco Umbrella. We’ve been using it in production. This will by no means serve as deployment instructions. Please refer to Cisco Umbrella’s documentation for those. These are just my thoughts on how the process went. Continue reading “Do it Live: Cisco Umbrella”