Always Networks Blog - Cisco

Design Consideration - The effects of VLAN ID's on Spanning-Tree convergence

Network Switch

When designing a network, consideration should be given to separating traffic into VLANs. This is done for logical separation, security and performance reasons.

This affects the convergence of a Layer 2 Network. Most Cisco switches running STP (Spanning-Tree Protocol) will be running an instance per VLAN. This is called PVST (Per VLAN Spanning-Tree), or RPVST (Rapid Per VLAN Spanning-Tree), depending on whether you are running …

Read whole post...

Python Scripting on a Cisco Nexus 7k

A few days ago I stumbled upon the python interpreter on the Nexus platform. It got me to tinkering.

In the past, I have had a requirement to grab a list of all of the interfaces on a box, the IP's, and the masks. The interfaces and IP's can easily be obtained from a show ip int br, and using column select to grab the …

Read whole post...

Nexus 7000 Software Bug - Flash RAID Errors - Part 2

Wed 12 August 2015

This is a continuation of a previous post.

The last post finished where we thought all was good, because the flash status code was reading 0xF0, which we were told means both flash drives are healthy. What we noticed though was that the diag tests were still failing for compact flash - test 7 - on some of the sups. Initially Cisco told us that this was …

Read whole post...

Nexus 7000 Software Bug - Flash RAID Errors - 7k Reboot and Failover

It's been a mad couple of weeks with Nexus 7000's. My client hit a software bug on their Nexus 7k, which turned out to be a most impressive bug. It basically causes the flash drives to be erroneously marked as faulty, which then causes them to be remounted in read only. The first symptom was that you could not save the running configuration by running …

Read whole post...

Automate loading INE configs onto Cisco CSRs using Python

I haven't posted for a while. Work has been hectic, I failed my CCIE written and lost all motivation, and many other excuses. Whilst I haven't really been studying CCIE stuff, I have been productive. I have been learning Python. I decided to automate the process of loading the INE initial configs onto my CSR routers, using a Python script, and the power of pexpect …

Read whole post...

Replacing a failed Cisco Ironport Web Security Appliance Proxy

Recently we had a Cisco Web Security Appliance (WSA) Proxy fail. When I say fail, I mean a single stick of RAM failed after a reboot. Cisco said RAM isn't replaceable so we had to RMA the whole box (odd for a device that is basically a rebadged server...maybe I have a money saving idea for you Cisco!)

There were a few steps to …

Read whole post...

Cisco Nexus 1000v Module in "Other" state

What you don't need while you are checking your morning emails and drinking your first cup of coffee of the day is to receive an email saying that the VSM for the Nexus 1k has rebooted.

By the time we logged on to the Nexus 1000v, it was back up. "show system redundancy status" showed both VSM's (supervisors) as being up and HA. The "show …

Read whole post...

IronPort Proxy Logs - Viewing something useful

One of the most frustrating things about working with the IronPort proxy servers is how difficult it is to view the log files. The logs are stored on the proxy server in text files - these are often multiple gigabytes in size - downloading takes an age, and opening them in Windows is next to impossible.

Fortunately, if you SSH to the management interface of the proxy …

Read whole post...

Archiving and deleting IOS images

Thu 16 January 2014

I recently had the need to upgrade the IOS on a Cisco switch (think it was a 3750). As usual, the flash was too small so I needed to remove (and archive/save) the old IOS before putting the new one on. A lot of the images these days include HTML and other things, so are contained in folders rather than a single file. So …

Read whole post...

Parser Views - Cisco Security

A post on techexams.net recently made me look into parser views in more detail.

I read the section in the CCNA: Security Official Certification Guide about them a while back (the entire one page of it), and never really gave it much thought, but I was prompted by the post on the forum to look into them in more detail.

Parser views are a …

Read whole post...