Skip to content

Cisco Skills

  • 1 min read

Passed 300-115

Just a short post about my recent Cisco exam, I was able to pass the 300-115 to renew all my lower CCNA certifications. The last time I took a Cisco exam was almost 3 years ago when I passed the CCNA Data Center certification. Overall the exam was fair although you will need multiple study resources to make sure you cover all the exam objectives. The primary reason for doing this exam first instead of ROUTE or TSHOOT was I felt it was maybe the hardest one? Won't really know until I take the other two. The resources I used:

  • 7 min read

Dual ISP - Cisco ASA HA Active/Standby

So a single ISP isn't cutting it anymore you need a backup just in case the primary fails and might as well add a second ASA into this design, more redundancy equals more up-time, right? On paper it sounds good but in the "real" world there probably is tipping point, more redundancy increases complexity. In this post we'll aim to keep it simple, with setting up a Cisco ASA HA active/standby pair and then add in the second ISP. Let's get started! So this is what our topology will look like all said and done, we have two firewalls and two different ISPs. The primary ISP is ISP-1 and the secondary ISP is ISP-2. We will always be using ISP-1 as the primary and won't be load balancing between the two. ISP-2 will only be used when ISP-1 goes offline. When ISP-1 comes back online we will switch back over to ISP-1.

  • 4 min read

FMC Syslog with Graylog Extractor

Let's continue to talk about the Cisco Firepower Management Center, in this post we are going to look at sending connection events over to syslog. In this example I'm using Graylog which is an open source logging platform and  although any syslog server would work, one of the problems with syslogs is there is little uniformity when you have different systems sending these logs. One of the things that Graylog can to do is extract the raw message and put each part of message into a separate searchable field. We'll configure the FMC to send syslogs and then configure an extractor on Graylog.

  • 6 min read

Oh Spanning Tree

It's the "S" word we don't like to hear, and often times it has degraded networks or even took them down entirely.  (All Systems Down - an older but classic story) It's also one of those things that nobody really likes, we even had network companies, as well as IEEE try to replace it with something else. Remember the names like TRILL, and IEEE 802.1aq (SPB) or Cisco's FabicPath technologies? You had all of these different flavors that showed a lot progress, but they never really took off for one reason or another. The funny part is this protocol we are all trying kill off is still alive and doing well, so let's look at spanning tree in the meantime because you will likely run into it.

  • 4 min read

Barracuda Load Balancer - Powershell

Working on my Powershell skills, I was playing around with a Barracuda Load Balancer and noticed it supported some APIs which is kind of cool. At first I was playing around with it in postman and got to login and put some servers in maintenance mode, but then thought it would be really neat if I could get this working in Powershell, that way us humans can just run a script and even thinking in the "future" maybe have some automated process (a.k.a AI) handle this for us. ;) So in this post I'll talk about the script I created and some of the small challenges I had with this overall it was kind of neat putting this together. TLDR: Here is the script if you don't want to read:

  • 3 min read

Automation Dance

I keep doing the automation dance, (yeah...that's me) there are a lot of different tooling products out there. I have been trying to understand a use case around using it with network automation. Recently I have been dancing around with Ansible. My personal belief is that using any type of these tools would be helpful but it can be a steep learning curve if you really don't have any programming knowledge. This is not something that is relatively easy to use or understand, don't expect to have a working network automated tool in production on day one. I think this is great for learning, and using this in a network sandbox. If you don't have programming mindset it might make your job harder on day one before it gets easier, but just like learning to dance you have to learn the steps, the moves, and maintain the rhythm. So with that let's at least figure out the starting points, and begin learning the steps of the automation dance. ;)

  • 3 min read

Enable a RESTful ASA API

Starting from ASA 9.3(2) and onward the 5500-X hardware supports a RESTful API as an additional method for configuration/monitoring ASA hardware. Infrastructure as code as they call it, not anything new but I was reading a post that Ivan Pepelnjak wrote and as he points out there are two types of styles when we are dealing with IaC, the data model or CRUD. When reading information about the ASA RESTful API it was interesting what the ASA falls into, CRUD is the method it uses and although this method works, I have similar feeling to what Ivan posted, it wonders me if this is really a step forward into IaC. In this post we'll go through the steps to enable it and you can be the judge, does this RESTful API help?

  • 3 min read

Verifying DNS Lists - FMC

We are back with another post about Cisco's Firepower Management Center and this time we are working with the DNS list which if you have a protect license you can have your Firepower modules or your FTD (Firepower Threat Defense) devices look at DNS requests and deny the requests if they are malicious. These have to be applied on your access control policy to be able to use it and in this post we are going verify some of the domain names that are in this lists.

  • 5 min read

Installing a GNS3 Server

Although GNS3 can run local on your computer and you can use VMware Workstation and have the GNS3 appliance. I found it much more stable and predictable to run GNS3 on a dedicated server. Using this type of installation, all the projects, and images are stored on the GNS3 server, so I can install the GNS3 client any computer and get access to the same projects I was working on. You can also have multiple people working on different projects that are on the same server. I find that neat for educational use or if you where helping someone with a project. In this post I’ll walk though the steps needed to set up a GNS3 server.

  • 4 min read

Cisco FTD Standalone

No management centers here, sometimes a standalone firewall is all you need. In this post I have a FTD appliance and there really isn’t a need tie this into Cisco’s Firepower Management Center. So we’ll configure appliance in standalone mode and go through the initial first steps that are required to get it online and walk through Firepower Device Manager. If you worked with Cisco FMC you’ll find its pretty similar, so with introductions out-of-the-way let’s get started!