Learn Something New Everyday


Cisco NX-OS: From vPC to Back-to-Back vPC

The vPC Peer Link should never be blocking because this link carries important traffic such as the Cisco Fabric Services over Ethernet (CFSoE) Protocol. The peer link is always forwarding. STP from SW8 and SW9: STP from NXOS1 and NXOS2: In the correct design, the vPC Peer Link should be used only in case of failure. All links are up and...


Cisco NX-OS: vPC Configuration

vPC Order of Operations IP connectivity for Peer Keepalive Enable vPC & LACP globally Create vPC domain define Peer Keepalive address configure vPC role priority (Optional) – lower priority => vPC primary switch. (default 32667) Establish Port Channel for vPC Peer link Verify vPC Consistency Parameters Disable vPC Member Port (optional but recommended) Configure vPC Member Ports Enable vPC Member Ports...


Cisco NX-OS: Virtual Port Channel (vPC)

Three Main Types of MCEC (Multi Chassis EtherChannel) C3750 Cross Stack Port Channels (StackWise) single control plane C6500 Virtual Switching System (VSS) single control plane via Virtual Switch Link (VSL) Nexus Virtaul Port Channel (vPC) separate control planes separate control plane protocol instances (STP/IGPs/BGP/FHRP) via a Peer Link (like VSS’s VSL) Each vPC peer has Peer Link to sync control plane...


Cisco NX-OS: FEX Designs

1. Basic topology: 2. Host Port-Channel: 3. vPC Implementation problem – configuration must be synced between different control planes: config sync command 4. Dual vPC or EvPC – Enhanced vPC – only N5K 5. N7K


Cisco NX-OS: Fabric Extender (FEX)

Nexus 2000 Series Fabric Extenders acts as a remote line card of N7K or N5K chassis. N2K FEX – ToR – Top of the RackN5K/N7K – EoR – End of the Row Why? Solve the problem of wiring cables in the data center. Keep all cables inside the rack as much as possible Simplify the management and reduce number of management...


Cisco NX-OS: Virtual Device Contexts (VDCs)

Nexus Virtual Device Contexts (VDCs) vitualize physical hardware (like contexts in ASA) also vitualize control plane protocols. Separate control plane per VDC (vlan 10 in VDC 1 is not vlan 10 in VDC 2) Each VDC has its own: Management plane Control plane Data plane Why use VDC: multiple logical roles (Core & Distribution on the same box) VDCs as a...

Cisco Firepower Version 6.5.0

Cisco Firepower Version 6.5.0 Entirely new URL categories, most of which identify threats: Talos Intelligence Categories Larger instances for FTDv on Azure – Firepower Threat Defense Virtual on Microsoft Azure now supports larger instances: D4_v2 and D5_v2. VMware vSphere/VMware ESXi 6.7 support Cisco Firepower Version 6.5.0 Release note


Cisco NX-OS: CLI notes

1. NX-OS supports aliases “cli alias name <name of alias> <command>” conf tcli alias name wr copy run star => can use “wr” to save config NX-OS also supports multiple commands aliases. Use “;” as separator: 2. IOS range command =>  3. CTRL+0 => clear the screen 4. Tab to complete the command  5. Admins of efault VDC can verify or...


Cisco ISE: Update HotSpot access-code Daily

Several times, I run into the question if there is an option to “automatically” change the guest HotSpot access code at a given interval (lets say daily) and I came up with the following solution: ISE API + Python + Task Scheduler Steps: Enable API on ISE Create Python Script Configure Task Scheduler Enable the ERS APIs The ERS APIs are...


Python: Simple Email Gmail

Sometimes it is very useful to have the script that sends notification, when finishes executing, has come to an error or just needs to send some data to you.This script is used to send a simple email from a gmail account (can be configured for other email servers). I was working on the task, that involved Cisco ISE, guest portal and...