Simple Cisco Text File Changes

As we are busy diving into the world of programming and automation, I’d like to remind everyone of a way to make simple config changes to a Cisco switch or router using a text file. This might not be a breakthrough, but it helps when making changes to switches or routers when those changes can possibly disconnect you from the device. Imagine working on a re-IP of a switch or even a point to point link. You have your notepad ready to go. There is a new IP and default route and all you have to do is copy/paste. You paste in the IP and lose connection. Your default route change never actually pasted because you lost connection right after the IP change. You can no longer connect to the device; panic ensues. What might be a better way to make this change and avoid the “Uh oh!” moment? Continue reading Simple Cisco Text File Changes

Cisco 3504 Software Upgrade

If you are an administrator in a network somewhere you probably already know an important fact: Everything needs maintenance. At one point or another you have to upgrade something. In a perfect world, we would have consistent upgrade windows and periods of time we can take down a network for maintenance. If you have that, you are a lucky person. Looking for maintenance windows might fall into the same category as spotting a UFO. Often times, bugs or vulnerabilities bring forth these needed maintenance windows. In this case, I am upgrading a 3504 controller from version 8.5.151.0 to 8.5.161.6. The reason: CSCvs89410. This bug can corrupt images on 3600 and 3700 series access points. Continue reading Cisco 3504 Software Upgrade

Image Swap: ASA to FTD

Firewalls are a necessary component in any network environment, especially in an enterprise. Take a look at your front door, would you remove it permanently? Firewalls have evolved over the years from simple gatekeepers to complex security solutions that integrate with the rest of the network. Imagine if you could program your front door to only allow people in who wore green shirts. Once inside they would only be able to walk into the living room…on a Tuesday. My own firewall journey started years back on Juniper SSG350s then onto ASA and Palo Alto. I am currently looking into Cisco’s Firepower Threat Defense (FTD). As a fan of most things Cisco (ASA CX anyone?), FTD adds visibility to the rest of the ecosystem that might include AMP, ISE and Stealthwatch. With an ASA 5512-X in hand, my mission is to replace its ASA image with FTD. Continue reading Image Swap: ASA to FTD

New Location, Who Dis?

Building a network for a new site from the ground up is great experience for engineers and administrators. However, if you are not organized it can also be a nightmare. Companies all over the world handle the “New Site” process differently. The way you maneuver through the project depends on the size of the organization as well as the teams involved. Some places have a complete Project Management Org that will take your project, organize it, shine it up and help you complete it. Project Managers can be a big help by following up with vendors, partners and making sure the teams are meeting deadlines among other things. However, sometimes you might not have a team of PMs helping you. You might be the PM for your particular “New Site” project. Whether or not you are the one doing everything or just the racking of equipment the following items or milestones are just reminders of tasks to keep in mind. Continue reading New Location, Who Dis?

Do it Live: Cisco Umbrella

Can you give me a list of all the destinations employees at your company are browsing to on the internet in the office and out? Would you know if all of those sites are safe? Are they clicking on those “Free Tablet Just For You!!!!!!” email links? The internet can be a dangerous place. DNS helps users easily reach destinations. Who is going to remember the IP addresses to hundreds of sites? However, DNS can lead users to malicious destinations as well. You might have a need to protect users or enforce company policies at the DNS level.
This post will be a review of Cisco Umbrella. We’ve been using it in production. This will by no means serve as deployment instructions. Please refer to Cisco Umbrella’s documentation for those. These are just my thoughts on how the process went. Continue reading Do it Live: Cisco Umbrella

Beyond Engineering

So you are interested in networking? I don’t mean attending gatherings, handing out business cards, shaking hands and kissing babies. I mean being a network engineer or administrator? Perhaps you just started the journey at a company and feel slightly lost. If you are, then the following paragraphs are meant for you. This is not only meant to be a motivator to continue learning and applying, but here you will find three things to look for or try to work on that can push you upwards in the work place.

Whether you are part of a small team, large team or riding solo there is much more to network engineering. Sure, there are days where it seems like everyone needs a port configured, but there will be times where you can bring forth your ideas into fruition. There will be times where you look around and figure out ways to improve existing infrastructure. You might be interested in pursuing certain software that can improve a process or provide valid insight. You might want to create or update documentation. You might just want to improve certain aspects of a network, such as routing or security. These are all good things to do, time-permitting and team-willing. If you have good ideas bring them up to your team or your manager. This will not only be a good way to learn, but you can excel career-wise by getting involved and pursuing ways to improve your company. Continue reading Beyond Engineering

Data Center Move: A Perspective

Have you ever had a work-related dream that you’ve woken up from and were thankful it was just a dream? Designing and executing the network for a new data center will definitely give you a few night terrors. I recall the night before our data center move, I dreamed that I woke up late on the day of the move. That’s not too bad right? Well for some reason, in my dream the data center was in another state instead of an hour away. Then my car did not start; I had to “borrow” a car and I got lost on the way there. Again, I was thankful it was a dream. The actual move went a bit smoother. However, these types of projects can be real nightmares for teams. The main thing to do is plan. You the follow this with a few healthy doses of additional planning. Continue reading Data Center Move: A Perspective

Network Devices: Easy Config Tips

If you work in networking, you probably take care of the switches and routers in your environment or have some input on what happens with them. Switches are the doorway to the network. Even if you have a wireless device, the access point you connect to is probably connected to a switch. This is where your PCs, TVs, appliances and many other wired devices connect. Routers can manage connections in and out of your environment along with a plethora of other services. Everyone should have a template or standard config they use on any network device. With today’s tools and services like Prime Infrastructure or DNA Center, you can spread that configuration around or deploy it to new sites; however, you still need a config to apply. Different scenarios and environments call for different configuration, but there are always those sets of commands you can use everywhere. The goal of this writing is to share a few commands that are helpful and I typically apply. Most of these are commands you spot all over certification studies and others I’ve seen other engineers use.
Yes, you probably memorized every single command from the CCNA and even the CCNP…but did you apply them all on every single port? Sometimes, unless there is a need you might not have to. I call it, situational configuration. Apply what you need and what will keep the environment secure. The important piece is to be consistent. On switches, VLANs might be different for each interface, but why would some of your switches have “enable password” and others have “enable secret”? Continue reading Network Devices: Easy Config Tips