When it comes to NX-OS upgrade its quite easy and simple compared to the IOS upgrade of Cisco Catalyst Switches or Cisco Routers. Recently we upgraded our Nexus 5000 Series Switches from the NX-OS version 5.0.3 to 5.2.1. In this post let’s see how to upgrade the Nexus 5000 Series Switch step by step.
Login to Cisco Website and download the NX-OS Kick Start and NX-OS System Software files to your TFTP server.
Make sure that Nexus 5000 Switch has the enough space to install the new image files by using NX-OS command “ dir bootflash”. If there is enough space you are free to install the new NX-OS image files.
If there is no enough memory delete old image files using NX-OS command
Delete boothflash: (kickstart image name)
Delete bootflash: (system image name)
SF01-MB-1256-010# delete bootflash:n5000-uk9-kickstart.5.0.3.n1.1a.bin
SF01-MB-1256-010# delete bootflash: n5000-uk184.108.40.206.n1.1a.bin
Copy the new kickstart and system images to the switch bootflash by using a transfer protocol such as ftp, tftp, scp, or sftp. The examples in this procedure use tftp. Use the following NX-OS command to copy the kick start and image file
Make sure that the TFTP server is started
SF01-MB-1256-010# copy tftp bootflash:
Enter the install all NX-OS command to install the new images, specifying the new image names that you downloaded in the Step 1 as shown below
Once all the files are installed the switch will restart and reload with the new Image files.
Cisco Catalyst Instant Access is a newly launched technology by Cisco which intends to simplify the network operation in a Campus network. The idea behind simplification of operation is by applying a single point of operation and management for Campus Distribution and access switches.
It creates a single network touch point and single configuration across distribution and access layer switches, ultimately driving simplified operations, distribution layer (Catalyst 6500) features at access layer and consistent CLI, which in turn drive down total cost of ownership (TCO). It brings simplified configurations across rich Borderless Network features support such as TrustSec – 802.1x, Security Group Tagging (SGT), SGACL, Flexible NetFlow (FnF), Medianet, Resiliency, Network Virtualization- Easy Virtual Network (EVN), MPLS..etc. The main goal of this session is to do a deep dive into deployment scenarios of Borderless Network solutions utilizing Instant Access in a campus architecture.
In order to deploy this solution you may use either Cisco Catalyst 6500 or Cisco Catalyst 6800 Series Switches along with Cisco Catalyst 6800ia Series Switches (Instant Access). The Cisco Catalyst 6800ia Series Switches operate like remote line cards and are physically connected by up-links to the Cisco Catalyst 6500 or 6800 as shown in the below figure. These switches can be compared with Nexus 2000 Series Switches which are just fabric extenders.
Some of the advantages of using Cisco Instant Access Switches are
- Simplifies Operations via Single Point of Management, Configuration, Troubleshooting across Distribution & Access Block
- Catalyst 6500 features at Access
- Consistent Features and Agile Infrastructure across Access layer
- NO Trunks to Configure from Access to Distribution
- NO Configuration or Image Management at Access
- No Routing Protocols or Spanning-Tree configuration between Access and Distribution
The Cisco Catalyst 6800ia Switch comes with the following features
- Two options: 48 Ports GigE PoE+, 48 Ports GigE
- 2 x 10G uplink SFP+ Ports
- Stackable up to 3 clients at FCS
- 80Gbps Bidirectional Stack Bandwidth
- Single Fixed Power Supply and Fixed Fans
- Operates in Client Mode ONLY
- Full PoE (15W) across 48 ports
- Full PoE+ (30W) across 24 ports
- Includes Stack Module, no licensing required
Looks like Cisco doesn’t want to stay behind in race as their competitors like Brocade are providing similar solutions.
As we all know deploying the blade servers is a quite tedious tasks and time consuming. Well Cisco claims that deploying Cisco UCS B200 M 3 blade servers takes at least 70% less time compared to HP BL460C Gen8 servers.
In the Principled Technologies labs, they tested two different blade server-deployment approaches: the Cisco Unified Computing System™ (UCS) with UCS Manager and the HP Virtual Connect Manager. Using the Cisco UCS Manager’s automated configuration and deployment process, adding two blades took only 14 steps and 18 minutes. In comparison, the HP solution required 43 steps and 1 hour 23 minutes to add two blades. This means that adding two blades with the Cisco UCS solution was 77.4 percent faster and required 67.4 percent fewer steps.
The time and steps saved with UCS become even more dramatic in a large-scale deployment or server refresh. Cisco blades can save your IT staff an enormous amount of time, reduce the possibility of error by simplifying the configuration process, and lower your total cost of ownership.
HP are in this business since decades and they were leading the blade servers market, looks like Cisco is giving them a hard time. Especially the Cisco UCS solution is grabbing a huge market share in US market, gradually its entering the Middle East Market as well. All our Digital Media Signage Solutions, IP Surveillance Solutions and WebEx solutions are running on Cisco UCS platforms and they are very stable.
You can access the detailed paper for the test conducted by Principled Technology Labs from the following link
Resetting the Cisco Iron Port C370 appliance is an easy task. In this post lets see how we can reset the Cisco Iron Port C 370 appliance to factory default settings.
In order to reset the Cisco Iron Port C 370 appliance either we need a console or ssh access (telnet access will also do).
Log into Cisco Iron Port C370 appliance either console or shh.
Suspend the Cisco Iron Port C370 appliance as without suspending the appliance we cannot reset it.
So used the “suspend” command to suspend the appliance
Use the command “resetconfig”to reset the Cisco Iron Port C370 appliance
The Cisco Iron Port C370 appliance will ask you to confirm the reset once you said reset, restart the Cisco Iron Port C370 appliance.
Once the appliance is restarted its back to factory default.
Let’s continue from where we stopped in my previous post
Once you are done with all the steps click submit as shown below.
Select Mail Policies ——-> Outgoing Mail Policies as show below and click add filter
Now you could see by default Content filter is diabled, we need to enable it
Enable the Content filter and the policy as shown below and click submit
By following the above mentioned steps you can enable the disclaimer message in Cisco Iron Port C 370 appliance.
Let’s continue from where we stopped in my previous post
Select Mail Policies ——-> Outgoing Content Filters as show below and click add filter
Once you click add filter you will see the following template
Complete the template as show below are replace the name and description column with your our text.
Click Add action
Once you click add action you will see the following screen
Select Add Disclaimer Text and choose which ever your prefer for disclaimer message “above message or below message” tab.
And then select disclaimer text tab as show in the example.
We will continue the rest of the steps in the next post.
In one of my previous post , I discussed about the bug Microsoft Exchange Server 2010 is carrying related to disclaimer messages.
The only option we had is to configure disclaimer message in Cisco Iron Port appliance. In this post let’s see how to enable a disclaimer message in Cisco Iron Port C 370 appliance.
Login into the Cisco Iron Port C 370 appliance
Select Mail Policies ——-> Text Resources as show below
In Text Resource Click add text resources
Once you click add text resource you will find a the following template
Just give any name you like for the name tab.
In the type select the “Disclaimer Template”
The in the Inset Variables tab enter the disclaimer message you like have and click submit.
We will continue the rest of the step in the next post.
In the recently concluded Cisco Live, Cisco made an interesting announcement about EIGRP. Yes Cisco is coming out with “EIGRP Over the Top (OTP)” which enables routers running EIGRP to peer across the service provider infrastructure without their involvement. An interesting feature which may catch up the pace in the real world networking. With EIGRP OTP the service providers won’t even see the customers at all. EIGRP OTP acts as a provider-independent overlay that transports customer data between the customer’s routers.
One advantage of EIGRP Over the Top solution is, it simplifies multi provider IP WAN network design. It also simplifies the interface with the WAN providers and facilitates an end-to-end EIGRP network, which makes the troubleshooting easier.
I believe EIGRP Over the Top will definitely makes things much easier for service providers as they can deploy EIGRP OTP as it doesn’t impose any special requirements for them.
Some of the key futures of EIGRP Over the Top are as follows
- Allow customers to segment their network using an MPLS VPN backbone
- Impose little requirements or no restrictions on customer networks
- Work seamlessly with both traditional managed and non-managed internet connections
- EIGRP routes are NOT distributed to MP-iBGP and never show up in the MPLS-VPN backbone
- Compliments an L3VPN Any-to-Any architecture (no hair pinning of traffic)
The recent security advisory suggests that multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. With the help of this vulnerability an unauthenticated attacker can take control of the OSPF Autonomous System (AS) domain routing table, backhole traffic and intercept traffic. Which could cause a huge damage to the attacked network.
The attacker could trigger this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause flushing of the routing table on a targeted router, as well as propagation of the crafted OSPF LSA type 1 update throughout the OSPF AS domain.
To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast LSA type 1 packets. No other LSA type packets can trigger this vulnerability.
The good news is that the OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is also not affected by this vulnerability.
All versions of Cisco NX-OS Software are also affected by the vulnerability. There are currently no official fixed releases available on Cisco.com, but interim releases may be available through Cisco Technical Assistance Center (TAC). Customers with service contracts should contact Cisco support organization to get the interim update.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link:
Windows 8.1 preview is an update of Windows 8, it’s not a full blown new version of Windows. When its just an update ,we all end users expect that most of the applications will run on the updated version of Windows 8.1 preview. But this is not the case. The most important issue rises here is of Anti-Virus Compatibility. Lots of Windows 8.1 preview users are complaining about the incompatibility of Anti Virus with Windows 8.1 preview.
Before upgrading to Windows 8.1 preview I was using Trend Micro Titanium Maximum Security, it was working fine with Windows 8. I had no issues. Once I upgraded to Windows 8.1 preview I noticed my Anti-Virus application was not working. I tried to re-install the AV but it failed all the time with the following error.
I tried to take contact Trend Micro Support team, but still they don’t have a solution for this issue. Even When I tired Kaspersky pure it failed.
Since Windows 8.1 comes with a built-in Windows defender to certain extent the PCs are protected. I believe since this issue is already known, most of the security firm are most probably working on the fix. Already some security firms are working on either update or beta release. Here are the links
- Symantec is working on an update and has already released beta versions for Norton 360, Norton AntiVirus, and Norton Internet Security. To download one of these product visit Norton’s website.
- AVG is already offering a beta release and which can be downloaded here.
- McAfee users could try this beta release.