Recently, I tested a Cisco 6500 switch in a fan-less configuration, to see how long it can go. DISCLAIMER: DO NOT TRY TO DO IT. This is a stupid idea and it will void warranty / would be a perfectly valid reason for Cisco to decline RMA (in my opinion at least). Running a switch without fans will… Read More »
There is an interesting problem with Cisco 6500 VSS clusters: generally, switchover between nodes is fast enough and only a few packets are lost. NSF&SSO algorithms help a lot to achieve that. But if you configure a feature that doesn’t support SSO for some reason, the flap becomes more noticeable. In this post I’m trying to make an… Read More »
I was working with Cisco ESA (previously – Ironport) lately and would like to write down some notes about how it works (at least the basics). I’ve already covered spam and antivirus testing techniques in a previous post. Here I’ll try to walk through the message filtering steps performed by a Cisco ESA appliance.
It might come in a greenfield antispam / antivirus deployment or during an audit that one needs to make sure that the protection (against spam or viruses) is enabled (N.B.: measuring protection efficiency is a completely different problem) and the configured policies are applied as expected. As with any program testing, for that task we need sample input… Read More »
Recently I attended a two-day class on Cisco HyperFlex by Tomaz Klancnik from NIL. It was quite interesting and packed with information about this new Cisco’s system. Here are the notes I took during the lectures and the labs. General Notes about Cisco HyperFlex Not developed internally; Not a complete acquisition / spin-in; software developed by Springpath https://springpathinc.com/resources.php… Read More »
An EtherChannel is a way to use multiple physical interfaces as a single logical one. That logical one appears as a single interface to MAC table, STP and management plane. That solves two main concerns: it adds bandwidth and it prevents STP from considering several parallel links a loop, thus preventing it from being blocked.
Apparently, there are several very distinct topics in routing which have the word “demand” in them. First, there is Cisco On-Demand Routing quasi-protocol, and then there are on-demand circuits which routing protocols must treat differently. Last but not least, the on-demand circuits are used for Routing Backup.
Policy-based routing for IP networks in Cisco routers is a very powerful and precise tool which allows a network administrator to achieve a great many things. In my opinion it should be considered just as fundamental, as general routing mechanisms. How it is different from general destination-based routing and what we can to with it is the subject… Read More »
Speaking of L2 design, there are several aspects to the VLAN allocation on the switches: standard and extended VLAN ID ranges, reserved IDs, internal usage, protocol limitations and design best practices.