Inderdeep Singh ılılılı

Author Archives: Inderdeep Singh ılılılı

Cisco Meraki Security – Meraki MX Security Appliances


Meraki Cloud Managed Security Appliance Series 

Today I am going to talk about Cisco acquired Meraki or Cisco Meraki MX Security Appliances. These appliances are ideal for organizations with large numbers of distributed sites. Since the MX is 100% cloud managed, installation and remote management is simple.  So it means that these security appliances will be managed on cloud.The Meraki MX has a comprehensive suite of network services, eliminating the need for multiple appliances. These services include Layer 7 application firewall, content filtering, web search filtering with intrusion prevention, web caching, Intelligent WAN with multiple uplinks and 4G failover. 

Fig 1.1- Cisco Meraki MX Security Appliances

Security Features 
  • With the help of Meraki MX Security appliances we can have Application-aware traffic control which can set bandwidth policies based on Layer 7 application type (e.g., YouTube, Skype, P2P). 
  • Another best feature is the content Filtering which can be used as CIPA-compliant content filtering and safe search enforcement.
  • Meraki based Intrusion prevention ( IPS feature) : PCI-compliant IPS sensor using industry-leading SNORT signature database from Cisco Sourcefire. 
  • With the help of Meraki MX security appliances, you can have the Anti-virus and anti-phishing with flow Continue reading

Introduction to Cisco Wireless- Flex Connect Mode

Today I am going to talk about the Cisco Wireless Flex-connect mode and how it works in the enterprise or campus network with wireless connect with APs. There are two different modes, one is the local switched mode and another is called as Flex-connect mode.

In the case of the local switched mode, an AP creates two CAPWAP tunnels to the WLC.  One is for management, the other is data traffic.  This behaviour is known as "centrally switched" because the data traffic is switched(bridged) from the AP to the controller where it is then routed by some routing device.

Let's take an example here, let us suppose the below example about the difference between Local vs Flex-connect mode

Local Switching Vs Flex-Connect

Office 1 is located in New Delhi (using local mode)
Office 2 is located in Sydney(using flex connect)
Datacenter is located in San Jose 

Local Mode means that a tunnel is created from Wireless AP to the WLC. All traffic goes to the WLC. Authentication and user traffic. If office 1(New Delhi) is configured with local mode, the wireless clients will actually have all of their traffic tunnelled to San Jose and will use an IP from Continue reading

Introduction to PAT- Port Address Translation


Today I am going to talk about PAT- Port Address Translation or so called as NAT overloading. Before we start with the PAT, please check the facts of NAT in the below mentioned link which i explained earlier.

NAT- Network Address Translation 

Well with the above mentioned article link, let me brief you about the NAT is short bullet points
  • Enables intra-networks that use private IP addresses to connect to the Internet by translating the address to a globally registered IP address.
  • Stores mapping of local to global address in NAT table
  • Increases network security by hiding internal IP addresses
  • Typically operates at the border of a stub network (single connection to neighbor network)
  • Private inside addresses = inside local
  • Public addresses = inside global
Now let's talk about the PAT- Port Address Translation, below are the points about PAT
  • NAT configured to advertise only one address for the entire internal network to the outside world “static PAT” or “address overloading” or “many-to-one”
  • Appends a unique source port number to each translation to outside IP address
  • Total number available internal addresses per 1 outside address is 65,536 ports
  • Attempts to assign first available port number, if already allocated assigns Continue reading

Cisco 6K Switch Supervisor Engines ( SUP 6T Vs SUP 2T)

I have been asked many times from many of the followers of the blogs about the SUP engines in Cisco catalyst 6k Series product mainly in Cisco 6500 Switches. Well first of all i would like to inform you that Cisco already announce Cisco 6500 chassis end of sale and also the previous SUP engines SUP-720 already end of life announcements.

As the question is related to Cisco 6500 Chassis only and the question is which chassis in Cisco 6500 Chassis supports SUP 2T and SUP 6T supervisor engines ?
Well the answer is SUP 2T and SUP 6T supported in the E-series 6500 chassis only. So if I am talking about the E-Series Chassis they are

  • Cisco Catalyst 6503-E 
  • Cisco Catalyst 6504-E
  • Cisco Catalyst 6506-E
  • Cisco Catalyst 6509-E
  • Cisco Catalyst 6509-V-E 
  • Cisco Catalyst 6513-E 

What are the capabilities of Cisco SUP 2T supervisor engines ?
Supervisor Engine 2T is designed to deliver higher performance, better scalability, and enhanced hardware enabled features. It integrates a high-performance 2-terabit (Tb) crossbar switch fabric that enables 80-Gbps switching capacity per slot on all Cisco Catalyst 6500 Series Switches.

Image of SUP 2T supervisor ?
Below is the image of the SUP 2T 

Fig 1.1- SUP Continue reading

Cisco Virtual Router for Cloud Services : Cisco CSR1000v

Today I am going to talk about the Cisco CSR1000v router used for the cloud services. With the help of Cisco CSR 1000v router you will able to connect the public and the private clouds and use the applications smoothly.

What is the purpose of Cisco CSR 1000v routers ?
With the help of Cisco CSR 1000V we can use the cloud-based networking and security issues to access the public and private clouds applications. Cisco CSR1000v uses the same type of Cisco IOS Software platform that is inside the Cisco Integrated Services Router (ISR) and Aggregation Services Router (ASR) product families, If you talk about the Cisco CSR1000v, the virtual router contains the features like routing, VPN, firewall, Network Address Translation (NAT), QoS, application visibility, failover, and WAN optimization. These functions empower enterprises and cloud providers to build highly secure, optimised, scalable, and consistent hybrid networks.

If Cisco CSR 1000v is a virtual router then how and where it runs ?
Well Cisco CSR1000v is a virtual router and run on VM. for running the Cisco CSR1000v you should have a UCS server where VM will be installed and on top of the VM, Cisco CST 1000v router IOS image will be Continue reading

Why Cisco Catalyst 9K is so special ?

Well today I am going to talk about the new Switches which Cisco introduces in July 2017. These are very much powerful switches and going to replace Cisco 3850 and Cisco 4500 Switches with more innovation and high qualities.

I already wrote two articles on Cisco catalyst 9K series switches and articles are below

Cisco Catalyst 9300 Switch
Cisco Catalyst 9400 Switch

Now the question is Why Cisco Catalyst 9K is so special ?
Cisco Catalyst 9K is a next Generation platform switches introduces to support DNA infrastructure which Cisco just came up this year. Cisco comes up with the innovation and below are the support features set up in Cisco Catalyst 9K Switches.

  • IOT devices convergenceCoAP / IoT Device profiling, Perpetual PoEIEEE 1588 / AVB and Emerging Standards: MUD
  • Mobility Device Features : Fabric Enabled Wireless, Embedded WLC, Distributed Wireless Scale, Unified Control & Policy with Wired & Wireless Guest
  • Security : Encrypted Traffic Analytics; 256bit MacSec / IPSec; Trustworthy Systems; Group based policy; Full Netflow for StealthWatch
  • Open to Cloud: DevOps Toolkit; Netconf/Yang Models; Streaming telemetry; Patching/GIR and Application Hosting.
  • IOS Features : Open IOS-XE with UDAP 2.0 features best in industry.
Fig 1.1- Cisco Continue reading

Cisco POE, POE+ and UPOE introduction

Today I am going to talk about Cisco UPOE. Before we are going to discuss about the Cisco UPOE we will run through POE and POE+

Cisco POE : Cisco POE means Power over Ethernet by which you can provide the power to the endpoint in the LAN infrastructure. So now question is where and why we required POE in the LAN infrastructure. Well sometimes we have the infrastructure where we have some power issues or cabling issues while extending the power to the IP phones. The best to provide the power via LAN network POE switch.

Fig 1.1- Basic POE Switch connected with IP Cameras


IP telephones need power for operation, and Power over Ethernet supports scalable, manageable power delivery and simplifies IP telephony deployments. As wireless networking emerged, Power over Ethernet began powering wireless devices in locations where local power access did not exist.

As per the Cisco offers a comprehensive range of 802.3af-based Power over Ethernet support across the Cisco Catalyst Intelligent Switching portfolio which includes both 10/100/1000 and 10/100 PoE LAN connections, including a 96-port 10/100 PoE module for the Cisco Catalyst 6500 Switch.

Fig 1.2- POE switch with IP-Phones

Well Cisco 802. Continue reading

Introduction to Sophos XG Firewalls

Today I am going to talk about the Sophos Firewall. The article is basically an introduction to the firewalls by Sophos. I am not taking all segment firewalls here and will take you through for Sophos XG firewall series in this article.

Sophos XG Firewall brings a fresh new approach to the way you manage your rewall, respond to threats, and monitor what’s happening on your network. Get ready for a whole new level of simplicity, security and insight. 

Sophos XG Firewalls provide the unified policy and provide you the single pane of glass to manage, view, filter of the users on the basis of the traffic flow, application used and other stuff in a single screen, I knew we have other firewalls in this segments who are doing the same. Looking what NGFW is doing now a days, all vendors are working hard to make the innovation in this segment. Palo-Alto and Cisco NGFW are head to head in this space. I am so impressed with the Cisco NGFW and Palo-Alto feature sets what they are providing to their customers.

Here, I am not going to talk about the Cisco NGFW or Palo-Alto as this article is basically Continue reading

Viptela SD-WAN Solution – Cisco Systems Company

Before starting with the SD-WAN solution. I would like to talk about Fabric a little bit, So Fabric is a cloud delivered network that is secure, scalable, open and simple to deploy and if we talk about the Viptela Fabric solution, it enables an Enterprise to extend its network footprint to all infrastructure elements using a single platform. This includes branches, campus, remote sites, Cloud and data center.

What is the basic feature of the Fabric enabled SD solution ?
So SD-WAN so called Software Defined WAN solution, where control plane or management plane is separated from the physical devices, while in the Viptela solution we have following architecture, where we have data-plane on the physical devices (obviously), Control Plane by VSmart or VBond Management tool, Management Plane via VManage and Orchestration plane.

So below is the high level architecture view of the Viptela Managed SD-WAN solution

Fig 1.1- Viptela SD-WAN Solution
The traditional WAN challenge is to connect various sites, branches, stores, remote-locations, campuses and DCs. This network to be sophisticated with routing, path selection, security, segmentation etc.

Connectivity to the cloud

In the today's era everyone wants to connect to the cloud and want to access the application on the Continue reading

WAN Optimization ( Silver Peak Vs Riverbed)

In today's world WAN optimisation is one of the critical pillar of the enterprise network and there are so many vendors working on the WAN optimization products. Cisco came with WAAS solution but not able to convince customers in the market. Riverbed and SilverPeak are the major leaders in the WAN optimization market.

Silver top’s WAN acceleration solution facilitates firms achieve the rewards of virtualization by means of overcoming network challenges that impact the overall performance of these packages throughout the WAN. extra especially, Silver height addresses latency, packet loss, and bandwidth demanding situations that cause digital packages (e.g. Citrix Xen App) and digital desktop Infrastructures (e.g. Citrix Xen computer, Microsoft computer Virtualization, and VMware VDI) to be unresponsive and/or unreliable across the WAN. 

Fig 1.1- WAN Optimization

How does Silver height fluctuate from other WAN acceleration carriers with regards to optimising digital applications and computer systems?

Many WAN acceleration vendors, including Silver Peak, offer “basic” optimization techniques that can improve the performance of Citrix and VDI. These include standard compression algorithms (e.g. LZ) and well-established TCP acceleration techniques (e.g. adjustable window sizes and selective acknowledgements). 

However, that is where the similarities end. In addition Continue reading

Datacenter Switching : Nexus ( FEX: Fabric Extenders )

Today I am going to talk about the FEX that you generally heard when you are going to connect your datacenter servers in the Nexus Switching environment. It is called as Bridge Port Extension. It means there is a Parent Switch and the port of that parent switch get connected to FEX( that is another Switch) but act as the Interface card for the Parent switch.
  • Parent Switch :Nexus 5K or Nexus 7K
  • FEX:Nexus 2K ( Another Switch but interconnected with Parent Switch and controlled)

Nexus 7K or 5k is act as Parent Switch but Nexus 2K act as FEX for Parent Switch. So all the function of the Nexus 2K is controlled by the Parent Switch and that is Nexus 7K or 5K. Simply says that Nexus 2000 Series FEX behaves logically like Remote line cards for parent Nexus 5K  or 7K Nexus Switch.

Lets talk how we can connect the FEX with the parent switch in the datacenter environment.

Fig 1.1- FEX Connectivity


Let's talk about the basic Configurations to configure the FEX.

Step-1 :Enable the FEX feature

N5K-1(config)# feature fex

Step-2 :Create a FEX instance (Note: Its up to you to choose Continue reading

A short Story on vPC- Virtual Port Channel in Cisco Datacenter Environment

Today I am going to talk about vPC and vPC+. These two technologies are used in the datacenter environment over the Cisco Nexus Switches where you bundled the links.

vPC stands for Virtual Port Channel and is a virtualized technology, So it allows links that are physically connected to two different Cisco Nexus 7000 Series devices to appear as a single port channel to a third device. The third device can be a switch, server, or any other networking device that supports link aggregation technology. 

There are lot of benefits of vPC which can allow to work better in your datacenter environment

  • It actually eliminates Spanning Tree Protocol blocked ports
  • with the help of vPC, you can use all the uplink available bandwidths
  • Allows dual homed servers to operate in active-active mode
  • Providing Fast convergence on link failures
  • Providing dual active default gateways for servers
  • Simplify your network design and build high resilient and robust Layer 2 Network.
  • Excellent Scalability and seamless virtual machine mobility.
So now I will talk about the various components used in the vPC environment. I hope datacenter guys already heard and know about these components. I will just put the component and the meaning of Continue reading

Cisco Router as Terminal Server- Why and how to configure

Today I am going to talk about the Cisco Router as a Terminal server in the datacenter environment. So the question is why and where we are going to use the terminal server?

Let's talk about the Terminal server what exactly is and why we are using the Terminal server in the datacenter environment.

Terminal Server:
A terminal server commonly provides out-of-band access for multiple devices. A terminal server is a router with multiple, low speed, asynchronous ports that are connected to other serial devices, for example, modems or console ports on routers or switches.

Fig 1.1- Cisco Router as Terminal Server

A terminal server works via a reverse telnet operation. Next, connect the asynchronous octal cable(s) to the 2511's 68-pin SCSI interface(s). Then connect a rolled console cable from the COM1 port (serial) on your PC to the console port on the terminal server. Power the device on and use a terminal emulator such as HyperTerm to connect.

The terminal server allows you to use a single point to access the console ports of many devices. A terminal server eliminates the need to configure backup scenarios like modems on auxiliary ports for every device. You can also configure Continue reading

Network Access Control- NAC (Aruba Vs Cisco)

Today I am going to talk about the Network Access Control- NAC and the vendors of the NAC services providers basically Cisco and Aruba. I will talk Aruba's ClearPass and then I will go with the Cisco NAC solution named as Cisco ISE. 

As per the market and the Gartner's Magic Quadrant, Cisco ISE is leading the space followed by Fore scout and Aruba Networks. Before we start with the NAC solution, First question you guys expecting is that what is NAC- Network Access Control.

What is NAC- Network Access Control ?
Network access control (NAC) and is also called network admission control, is a method of 
strengthen the security of a proprietary network by restricting the availability of network resources to endpoint devices that comply with a defined security policy.

So as per the NAC, the end devices are being authenticated to access the network. Hope you understand the use of the NAC- Network Access Control. While the computer is being checked by a installed software agent, it can only access resources that can remediate any issues. Once the policy is met, the computer is able to access network resources and the Internet, within the policies defined within the Continue reading

DWDM – The Innovation Technology

Today I am going to talk about the technology named as DWDM, DWDM stands for Dense Wavelength Division Multiplexing.  So the question now is why and where we are using the DWDM technology and Who are using these technology.

DWDM is a technology used to used to increase bandwidth over existing fiber optics backbone and is generally used by the service provider across the globe. The need to have the higher bandwidth in the backbone because the count of the users and the customers increases day by day and service provider required higher bandwidth in the core or backbone networks.

The Technology behind the DWDM is used the multiple signals together at different wavelength on the same fiber. DWDM became market in the year of 1995 whilst CWDM (Coarse WDM) emerged after 2000, stimulated by using the telecom crisis. CWDM brings less complicated technological standards as compared to DWDM, reducing down costs, but suits just the lower transmission ability markets, together with the metro and corporation networks. extra recently,  new paradigmatic revolutions have made their manner into the optical communique market: ROADM (Reconfigurable Optical upload-Drop Multiplexing) and Coherent Optical systems. whilst those optical technology are the suitable solutions to fulfil Continue reading

Questions and Answers about Cisco 3850 Switches

Today I am going to talk about the queries about the Cisco 3850 Switch as it is one of the most used switch at the access layer in the large enterprise network and at core layer in some of the small and the mod sized enterprise networks. 

I will address some of the concerns which some of you have for using the Cisco 3850 switch in your network. Below are some of the questions and the answer to that questions regarding the Cisco 3850 switches.

Fig 1.1- Cisco 3850 Switch


Q: What are the supporting uplink modules in the Cisco 3850 Switches ?
A: There are some of the supported uplink network modules in Cisco 3850 Switches and these are 

  • 4x 1G Network Module 
  • 2 x 1/10 G Network Module
  • 4 x 1/10 G Network Module and can be used for 48 port RJ models
  • 8 x 10 G Network Module
  • 2 x 40 G Network Module
Q: Does the Cisco Catalyst 3850 10G SFP+ 48-port switch support uplink modules ?
A: No. It has 4 fixed 40G QSFP ports for uplinks. 

Q: Are the uplinks between the Cisco Catalyst 3850 and the 3750-X interchangeable?
A: No Because they are not compatible Continue reading

Part II- Quick Interview questions on Routing

As per my earlier article on Quick interview question on Networking and Switching, Now I am coming up with the Quick interview question on Routing. If you want to look on the Part-I, click the link below


Lets have a Quick Interview questions on Routing now

Basics
  • What is Router and Routing ?
  • What is the difference between router and switch ?
  • What is the difference between the static and dynamic routing protocols ?
  • What is the difference between distance vector and Link state routing protocols ?
  • What is the AD value of RIP, EIGRP, OSPF and BGP ?
  • How we can define the static routing in the network ?

Fig 1.1- CCIE Lab routing


Dynamic Protocols- Internal Routing Protocols
  • What is the difference between RIPv1, RIPv2 and RIPv3 ?
  • How route is calculated in EIGRP protocol ?
  • What is the EIGRP Stuck in Active state and how it can be resolved ?
  • What is EIGRP passive interface ?
  • What is EIGRP stub routing feature ?
  • What are the different route types in EIGRP ?
  • What is the offset list in EIGRP and how it is useful ?
  • What are the neighbor states of OSPF and how it works ?
  • What are the different types of areas and Continue reading

iBGP Full meshed solution: BGP Route Reflectors

Today I am going to talk about the BGP route reflectors. The concept of BGP route reflectors resolves the expensive iBGP full meshed topology or you can say BGP route reflector are another solution for the explosion of iBGP peering within the AS. We earlier talk about the solution named as BGP confederation which also resolves the expensive iBGP full meshed network.

So lets start with the bgp Route reflector scenario where I let you know about the configuration done on the routers. As per the scenario showed in the below mentioned one router will act as route reflector and other two routers will be act as route reflector clients.

Below is the topology which has no relevance with any of the live or the enterprise network. The topology shown here is for the demo purposes.

Fig 1.1- BGP route reflectors

Without a route reflector, the network shown in above mentioned topology would require a full IBGP mesh (that is, Router A would have to be a peer of Router B). If Router C is configured as a route reflector, IBGP peering between Routers A and B is not required because Router C will reflect updates from Router A Continue reading

BGP : iBGP fully meshed solution : Confederations

Today I am going to talk about the one of the BGP article named as BGP Confederations. Now question is why we are using the BGP Confederations. If you guys ever configured the iBGP protocol you need to configure full meshed scenario in iBGP as per the rule of the policy.

With the full meshed network you will have to maintain all the links from all the routers to each other in the internal BGP network. So let us suppose you have 10 routers in your network and you want to configure iBGP network between them, so how many links you required to maintain the fully meshed network here. Well you need to have the 45 links between these 10 routers to establish the iBGP links between all of them.

You ever think that this may be of higher cost and ever router needs to have the information of the other routers in the network. Well to sort out iBGP full meshed network scenario we have two methods and these methods are Confederations and Route Reflectors.

In this article I am going to take the first method and the name is Confederations. In which I will explain how Confederations work and what are the basic Continue reading

Concept of Local Preference in BGP : BGP Attribute

Today I am going to talk about the BGP attribute which is widely used in many of the enterprise networks. BGP attribute name "Local Preference" is used for controlling outbound traffic in the network. It actually used when we have two different paths and want to select the preference path then we are going to use the local preference by putting the higher local preference value to the route.
Local Preference is not local to the router, the local preference attribute is part of the routing update and is exchanged among routers in the same AS. So if you applied local preference in your network it will effect the network part which is under same AS.

We have two different method to apply the local preference in the network. The one way is to use the bgp default local-preference command and the other way is by using the route-map to set the local preference. I will cover the configuration part of the both the ways in the network.

Below is the basic topology where we are using the local preference in the enterprise network. The topology and the IP addresses uses here below is for the demo purposes and has Continue reading
1 2 3 4 5