Skip to content

Cisco Skills

  • 6 min read

Cisco FTDv in Cisco VIRL

Cisco is actively pushing their Firepower Threat Defense software with the new Firepower 2100 units on their way this summer in effort to eventually replace the ASA5525-X, ASA5545-X and ASA5555-X platforms. When using FTD you must also have the Firepower Management Center (FMC) available to manage and configure these devices. This gets difficult especially if you want to test things out because not everyone has Cisco Firepower lying around unused. How are you supposed to test and learn the depths of this product? (Hint: Cisco VIRL)

  • 9 min read

Configuring EIGRP - Named Mode

From its older brother IGRP which was developed in 1980s to overcome the limitations of RIP, EIGRP was an "Enhanced" IGRP protocol. The main purpose of EIGRP was to  overcome the limitations of classful networks and make EIGRP a classless routing protocol. During designing of this protocol a different convergence algorithm was used making EIGRP that "hybrid" between distance-vector and link-state routing protocols. In this post we'll go over a basic design and setup for EIGRP, however instead of using the "classic way" let's look at configuring EIGRP using named mode which is available in Cisco IOS starting in version 15.2

  • 7 min read

ASA Site to Site VPN (DHCP)

If you don’t already know, site to site VPNs can be a cost-effective way for remote sites to connect to HQ resources instead of a lease line like using MPLS or Metro-E circuits. We can instead use a standard internet connection with a static IP, this is usually cheaper than a dedicated circuit. Our next steps are purchasing a firewall for the remote site (assuming you already have one at HQ) and setup a site to site VPN connection to make the connection. In this guide, I’ll demo a site to site VPN with a pair of ASAs as well as some additional commands to allow DHCP across the tunnel so that your HQ DHCP server can hand out addresses instead of configuring a local DHCP server at the remote site.

  • 8 min read

ASA Site to Site VPN (PATed)

If you ever needed to hide multiple systems behind a single IP address you would use PAT. (Port Address Translation) besides using this to connect to the internet when using an RFC 1918 address, you can configure PAT for VPN connections. The benefit is the same, hide multiple systems behind a single IP address with the advantage being you can have many systems on one side of the VPN tunnel all using that single IP.

  • 5 min read

Cisco VIRL and Windows VMs

One of the neat features of Cisco VIRL is it runs on an open platform, with OpenStack as the orchestration program running on top of an Ubuntu operating system. This gives VIRL additional flexibly by being able to run third-party VMs with KVM begin the hypervisor. In this guide I’ll walk through some of the steps I took to get Windows XP up and running in VIRL. :) If you have a more recent version of Windows that's in the current decade following this guide is pretty much the same just adjust the disk space and RAM to fit the requirements. I picked Windows XP is because its light weight, and with an average RAM usage under 100MB it makes easy to add multiple instances if you needed all without wasting too much resources on VIRL host. To get started:

  • 2 min read

Don't get stuck with "speed-groups"

I was working with a Cisco 9372TX switch, and on it I had two 40Gbps uplinks that we where using out of the available four. Talking with our VAR because we where planning on connecting in additional equipment that only supported SFP+ interfaces. So the solution was to connect to this switch  with QSFP to SFP+ adapters.

  • 2 min read

Factory Reset Firepower 4100 & 9300

I got my hands on some Cisco Firepower 4100 units and after playing around with them I wanted to reset them to factory settings, essentially erase the "startup-config" on the FXOS. The Firepower units act a little differently than your normal Cisco IOS or ASA and you can't just erase startup-config and reload the device, that would be too easy.

  • 6 min read

TFTP & FTP Server on Centos 7

If you ever needed a TFTP or an anonymous FTP server to transfer files, logs, or crash debugs to and from your network devices it can be a little tricky if you don't have anything setup. There are some free quick programs out there if you are in a pinch for one-time transfers but if you ever wanted to have something in infrastructure that is ready to go for this kind of stuff just follow this tutorial below.

  • 1 min read

Passed the 640-916 DCICT

It's been a little more than year in the making since I passed my last Cisco exam the 640-911 but I finally did it and passed the 640-916. I can now call myself CCNA Data Center Certified. :) If you ever get the chance to take go up Data Center route it really is interesting of all the products and services Cisco has in their portfolio. Cisco UCS, OTV, Fabicpath and FCoE are just really cool technologies to learn about.

  • 2 min read

Cisco UCS Emulator 3.1(1ePE1)

If you are studying any Cisco Data Center certs this tool might come in handy for some hands on learning. The Cisco UCS emulator is a VM you can spin up in VMware Workstation,Fusion or in ESXi. This emulator can be helpful in understanding the UCS platform and UCS manager. You are able to push policies and alter configurations and even import/export these configurations into and out of the "real" world to apply them/test them.