Swack’s Cisco Live To-Do List

Cisco live2

My company pays a lot of money to send me here to Cisco Live. That’s likely the case for you as well (if you’re also here). I’ve had a list at past conferences of what I wanted to accomplish but never really published it outside my head. This year I’m holding myself more accountable and putting it here. ┬áMany are things I could do quite easily back in the office if I didn’t have distractions. Now I can focus AND talk to the smartest folks in the industry about how they do business. Here’s some of the many things I hope to accomplish this year.

1. Better understand the Catalyst 4500 series and how I can use them as an aggregation point for 10-gig connected closet switches. I’ve never really worked with them so getting a better idea of how they work, benefits and drawbacks, and deployment options is key. How else could I provide resilient aggregation for 27 network closets with 2x10G links each?

2. Learn AMAP (as much as possible) about 802.1x and how Cisco switches and phones handle it. What are the deployment methods and models? How can we use certificates or other methods like MAC Authentication Bypass (MAB) for Cisco VoIP phones where we have a client connected behind the phone? What are the capabilities of Cisco Secure ACS and Cisco Identity Services Engine (ISE) and how do they compare with other RADIUS methods such as Aruba Networks Clearpass Policy Manager (CPPM) or just a simple Windows RADIUS server?

3. Talk more in detail with Solarwinds Head Geeks and other smart engineers about how the latest version of Orion NPM Route Polling works. How can we map over 1200 locations using Orion so our retail support teams can better take advantage of Orion’s power and knowledge? How can we use Orion NPM and NCM to possibly replace our existing legacy Linux-based config generation tool for store routers and provision them in an automated way?

4. How should I troubleshoot high received errors on ASA and router interfaces (specifically 7200 series)?

5. What are my options for expanding a pair of 5548UP Nexus switches as I keep adding FEX and running out of ports? If I add another pair I add another point of management (boo!). If I replace with 5596s how do I handle the transition and what can I get for trading in the 5548s?

6. How can I get our NXOS gear properly sending syslogs to our syslog server? (I already know this is a great question for the TAC folks that are here.)

7. Learn more about how IP Address Management (IPAM) vendors can prepare us for an 802.1x deployment, especially in terms of learning our existing MAC addresses for a MAB table. I’ve heard of Infoblox and BlueCat. Any others worth looking at?

8. Get familiar with Cisco’s Next Gen Firewall capabilities and how it compares to certain competitors, particularly Palo Alto Networks.

I welcome your comments/feedback below or directly on Twitter (@swackhap).



The Way Of The Dinosaur

It’s been a
long time. I can’t remember how long, and I’m too lazy/busy to look it up. But somewhere around two (yep, count ’em, TWO!) years ago we had a major problem at work. One of our Cisco Catalyst 6509 core Ethernet switch had major problems. Turns out we had some bent pins on the backplane in slot 2. In laymen’s terms, the place where you plug the brains into the switch was broke. We still had one “brain” (a.k.a. supervisor module) but the redundant one couldn’t be used. The only solution to get our redundancy back? Replace the whole chassis.

Replacing an entire switch chassis is NOT a small job. There were literally hundreds of servers connected to this switch in the data center. So we set out on a very. long. journey. We got a replacement chassis from Cisco and sloooooooowly began moving one server network connection at a time from the old switch to the new switch.

Fast forward to today. Thanks to a big push in the last few days by some coworkers and me, we currently have only 7 more connections on this switch. And if things go according to plan, they’ll all be changed to the new switch by Saturday afternoon. (Yeah, I have to go to work on Saturday. And it’s supposed to be nice weather, too! Bummer…)

Some might not see the significance of this accomplishment, but those of us that have worked on it over these many months are psyched! We’ve scheduled a ceremonial power-off ceremony for Monday afternoon. Two of us will switch off the dual redundant power supplies, and everyone present will have the opportunity to disconnect one of the many ancient RJ-21 Ethernet cable connections. It will be stupendous when this switch makes itself extinct, and we can go on with our other more exciting, less mundane, projects.