MAC addresses in a VSS cluster

As you might know, creating a VSS on Cisco Catalyst 4500-X switches is pretty easy and there are many many guides with information how to do this. I think THIS guide is one of the best to do this.

However, there is one additional note which is not mentioned on that (and other) blogs if you are planning to use multiple Catalyst 4500-X VSS clusters. This is related to the switch MAC address.

By default, all MAC addresses used by the Catalyst 4500-X VSS cluster is automatically generated and is based on the VSS domain ID. But what does this mean?

If you’re planning to use multiple VSS clusters in the same network and in the same VLAN(s), you’ll end up with duplicate MAC addresses. I’m sure I don’t have to tell you that this is something you don’t want: it brakes a lot of things in your network.

(more…)

Cisco Champion 2017

The Cisco Champions for 2016 are announced and I am proud an very honoured to be selected as a Cisco Champion for the 4th year in a row!

For more information about the Cisco Champion program, click here.

As another bonus this year, my colleague Rob Heygele is selected as Cisco Champion for the 3th year in a row! Congrats to him and offcourse to all other fellow Champions of 2017! See you soon!

Cisco Firepower Chassis Manager Radius Configuration

There are many configuration guides on the Cisco website with details about configuring RADIUS and TACACS+ on a Cisco Firepower Chassis Manager. See this link for the configuration guide for 2.0(1).

In this document, you can read the following comment:

Remote User Role Policy Controls what happens when a user attempts to log in and the remote authentication provider does not supply a user role with the authentication information:

  • Assign Default Role—The user is allowed to log in with a read-only user role.
  • No-Login—The user is not allowed to log in to the system, even if the username and password are correct.

But… it’s very hard to find what attributes are needed to assign a user the administrator role.

(more…)

Cisco Nexus 9000 update 2016

This blog is about recent updates on the Cisco Nexus 9000 series datacenter switches. This describes my view on the switches and technologies.Nexus9k

Nexus 9000 series is currently Cisco’s flagship on datacenter networking. This is today and still for tomorrow.  Mounting the Nexus 9000 switches should be the last physical and configuration work you’ve done in the (future?) datacenter. All upcoming tasks (aka.. Configuring and provisioning the switches) should be done automatically by any automation tool. We have to move from our traditional networking tools to more automating and orchestration tools from today on. Nobody wants or has time to manually configure all these switches like in the old days.

The Nexus 9000 series switches are ready to achieve this with many on-the-box features like automation with PoAP, REST CALL with NXAPI and the “unix-way of management”. This, to program and configure the network / fabric.

(more…)

Cisco ISE 2.0 – Guest authentication ISE configuration

This is a 4 part blog series about configuring Cisco ISE 2.0 for WLAN authentication and WLAN Guest authentication (split into two parts) on a Cisco Wireless LAN Controller (WLC).

ISEimageFor more guides about configuring (previous) Cisco ISE, see this page.This is part 4, the ISE configuration for guest access

Configure Cisco ISE

The Authorization profile will be created first, then the authentication and authorization policies are configured.

(more…)