Cisco NX-OS: FEX Designs

Basic topology: Host Port-Channel: vPC Implementation problem - configuration must be synced between different control planes: config sync command Dual vPC or EvPC - Enhanced vPC - only N5K N7K

October 10, 2019 · 1 min · Dmitry Golovach

Cisco NX-OS: Fabric Extender (FEX)

Nexus 2000 Series Fabric Extenders acts as a remote line card of N7K or N5K chassis. N2K FEX - ToR - Top of the Rack N5K/N7K - EoR - End of the Row Why? Solve the problem of wiring cables in the data center. Keep all cables inside the rack as much as possible Simplify the management and reduce number of management devices. All management performed on Parent Switch (management/upgrade etc) Limitations and Parent Switches No local switching inside the N2K FEX 5K as FEX’s Parent static pinning (ports on N2K pinned to the uplink port) vPC topologies FEX ports are L2 switchports 7K as FEX’s Parent not all line cards support FEX static pinning only FEX link must be Port-Channel FEX ports are L2 switchports or native L3 routed interfaces L2 FEX ports are STP “edge” ports run BPDUGuard -> not switch could be connected to the FEX port FEX configuration Enable FEX feature: on N5K:...

October 8, 2019 · 2 min · Dmitry Golovach

Cisco NX-OS: Virtual Device Contexts (VDCs)

Nexus Virtual Device Contexts (VDCs) vitualize physical hardware (like contexts in ASA) also vitualize control plane protocols. Separate control plane per VDC (vlan 10 in VDC 1 is not vlan 10 in VDC 2) Each VDC has its own: Management plane Control plane Data plane Why use VDC: multiple logical roles (Core & Distribution on the same box) VDCs as a managed service to customers lab enviroment for later production use some features can not co-exist in the same VDC (OTV and SVIs) VDC limitations:...

October 3, 2019 · 2 min · Dmitry Golovach

Cisco NX-OS: CLI notes

NX-OS supports aliases “cli alias name <name of alias> <command>” conf t cli alias name wr copy run star** => can use “wr” to save config NX-OS also supports multiple commands aliases. Use “;” as separator: conf t cli alias name commit end ; copy run start ; copy running-config bootflash:///$(SWITCHNAME).$(TIMESTAMP.cfg IOS range command CTRL+0 => clear the screen Tab to complete the command Admins of efault VDC can verify or save config in all VDCs: show run vdc-all copy run start vdc-all NX-OS has checkpoints - save well known working config before the maintenance window start....

September 30, 2019 · 2 min · Dmitry Golovach

Cisco ISE: Update HotSpot access-code Daily

Several times, I run into the question if there is an option to “automatically” change the guest HotSpot access code at a given interval (lets say daily) and I came up with the following solution: ISE API + Python + Task Scheduler Steps: Enable API on ISE Create Python Script Configure Task Scheduler Enable the ERS APIs The ERS APIs are disabled by default. Login to your ISE PAN Navigate to Administration > System > Settings and select ERS Settings from the left panel....

September 26, 2019 · 3 min · Dmitry Golovach

Cisco DNA Center: Install/Setup/Prerequisites

A better way to control your network: Cisco DNA Center is the network management and command center for Cisco DNA, intent-based network for the enterprise. Intent-based networking is a big push for the future of network management. **Prerequisites notes: **1. VM or customer UCS server is NOT supported 2. IP addresses: DNS server (2+ recommended) NTP server (2+ recommended) Proxy Server IP address and port (http proxy only) 3. Subnets:...

July 24, 2019 · 3 min · Dmitry Golovach

Cisco SD-WAN Deployment Guide - April, 2019

I just leave it here. It’s awesome! https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/CVD-SD-WAN-Deployment-2019APR.html

June 20, 2019 · 1 min · Dmitry Golovach

Cisco SD-WAN Zero Touch Site Bring Up

Viptela provides an automatic provisioning software as a service (SaaS) called zero-touch provisioning (ZTP) The default configuration that is shipped on non-wireless hardware vEdge routers includes the following commands that allow the ZTP process to occur automatically: system vbond ztp.viptela.com—Configures the initial vBond orchestrator to be the Viptela ZTP SaaS server. vpn 0 interface ip dhcp-client—Enables DHCP on one of the interfaces in VPN 0, which is the transport interface. This interface must be connected to the Internet, MPLS, metro Ethernet, or other WAN network....

April 26, 2019 · 2 min · Dmitry Golovach

Cisco Phone "Registered/Unregistered/Unknown" status

A phone that has never been registered to Cisco CallManager would be in Unknown status. But, a phone that was registered to the Cisco CallManager at some point of time can be in Unregistered or Unknown status depending on a service parameter in the “RIS Data collector” service. This parameter specifies the RIS database information storage period for any unregistered or rejected device information from the Cisco CallManager service. After the time specified in this parameter expires, Cisco CallManager removes the expired entries during the next RIS database cleanup time (specified in the RIS Cleanup Time of the Day parameter) Default: 3 Minimum: 1 Maximum: 30 Unit: day...

April 23, 2019 · 2 min · Dmitry Golovach

Cisco SD-WAN Basic Overview

Key components of the solution: vManage Network Management System (NMS)—The vManage NMS is a centralized network management system that lets you configure and manage the entire overlay network from a simple graphical dashboard - in the data center. vSmart Controller—The vSmart controller is the centralized brain of the Viptela solution, controlling the flow of data traffic throughout the network. The vSmart controller works with the vBond orchestrator to authenticate Viptela devices as they join the network and to orchestrate connectivity among the vEdge routers - in the data center....

April 15, 2019 · 2 min · Dmitry Golovach

Cisco ISE Force Guests to accept AUP

Here is how I usually configure NEW-Guest-Endpoints purge policy and options we have. Administration > identity Management > Settings > Endpoint Purge ElapsedDays—Number of days since the object is created. For every day purge: " Elapsed Days less than 1 “: This should work for brand new endpoints, but what if you implement this purge rule after ISE has already learned the MAC addresses for a few days. Now they will never get purged....

April 12, 2019 · 2 min · Me