0

Security policies on vSwitch/dvSwitch

As described on previous posts both vSwitch and dvSwitch can enforce networking through three policies: Option Default on vSwitch dvSwitch PortGroup Promiscuous mode  Reject Reject MAC address changes  Accept Reject Forged transmits  Accept Reject Let’s describe what each policy can prevent and cannot. Promiscuous mode The promiscuous mode allows a VM to put a vNIC […]

0

Install and configure vSphere Data Protection (VDP/VDPA)

The vSphere Data Protection appliance allows to backup virtual machines with a built-in tool instead of a third-party backup product. VDP is available on all vSphere editions but Essentials Kit. Moreover VDP can be extended to VDPA (vSphere Data Protection Advanced). Basically VDPA has the same features of VDP, except: VDPA has a per-CPU (socket) license, VDP […]

0

Network ping with delay, jitter and MOS

I found a Python script to ping a remote system. I added a very short piece of code to print out Jitter and MOS data. # ./ping.py -c 1000 -t 1 -d 8.8.8.8 Statistics for 8.8.8.8: - packet loss: 2 (0.20%) - latency (MIN/MAX/AVG): 46/281/52 - jitter: 2.1583 - MOS: 4.3 A Nagios compatibile output is […]

0

Configuring NetFlow on vSphere 5.5

The NetFlow protocol was developed by Cisco to collect traffic statistics. An enabled NetFlow device send to a NetFlow receiver a set of flows via UDP protocol. Each NetFlow contains one or more records: Input and output interface index Timestamps Number of bytes and packets observed in the flow Source and destination IP addresses Protocol, source […]

0

VMware bug: inconsistent LACP views

There is a bug which makes LACP related views inconsistent. Latest 5.5U1 vCenter is still affected Create a LAG interface (dvSwitch -> Settings -> LACP): Now open the “Migrate network traffic to LAGs” and enable lag1 interface as standby port (Manage Distributed Port Groups -> Teaming and failover -> select the port group): Let the process […]

0

802.1x on Cisco Catalyst 2950

A very short post about 802.1x (dot1x) on Cisco Catalyst 2950 series. Configure RADIUS and enable dot1x on the switch: aaa authentication dot1x default group radius aaa accounting dot1x default start-stop group radius dot1x system-auth-control Then enable dot1x on all interfaces (additional security commands are added in the example below): interface FastEthernet0/1 switchport mode access […]

0

Port mirroring on VMware vSwitch/dvSwitch (dvMirror)

Port mirror is a traditional features available on physical switch to capture port traffic and redirect to a remote destination. A remote destination can be (using the Cisco convention): A physical port located on the same physical switch (Switch port Analyzer or SPAN port). The traffic is simply copied to the destination port too. A physical port […]

0

IOU Web Interface 1.2.2-23

iou-web is released “as-is” without warranty of any kind. iou-web does not include any Cisco IOU/IOL binaries or other materials under Cisco NDA. I’m not responsible for what you do with iou-web software. I DON’T OWN NOR HAVE ACCESS TO TOPOLOGY, INITIAL CONFIGS, IOU/IOL BINARIES OR ANY OTHER MATERIAL UNDER CCIE EXAM NDA OR COPYRIGHTED […]