Site-to-site VPN tunnels between Meraki MX and Cisco ASA

Jerome Tissieres

As I wrote on my recent post here, I was involved into a project to implement a Meraki MX into the Azure Cloud. This project also includes a migration phase with site-to-site VPN tunnels between Meraki MX and Cisco ASA. Even if the “Non-Meraki VPN peers” are supported on the Meraki MX, you may have some surprises with the Cisco ASA. Here are some tips to avoid problems and save you time. The tests below have been made with MX version 14.31 (in beta at the time I write this…

Read More...

How to deploy a Cisco Meraki vMX100 into Microsoft Azure

Jerome Tissieres

Recently, I was involved into a project where we had to deploy a Cisco Meraki vMX100 into Microsoft Azure cloud and build site-to-site and clients VPNs. The setup process on Azure is relatively simple, however, I lost quite a lot of time on basic issues because the documentation provided by Cisco is not 100% accurate. Here are some tips and tricks to save you time.

Read More...

BGP full-routes vs partial-routes vs default-route

Jerome Tissieres
Image from https://www.cidr-report.org/

The IPv4 full BGP table size is at around 725000 prefix now. This may cause problems for companies who do not have the resources to update or upgrade their edge routers. But, except for Internet transit providers, who does really need to get the full IPv4 BGP table today? And what are the alternatives? Let’s see that in details with some use-cases.

Read More...

My journey to network programmability and automation

Jerome Tissieres

Here is my journey to start learning network programmability and automation, and how I get the Cisco network programmability specialist certification (300-550 exam). In this post, I give you the links towards all the resources which I used to study. Back in 2015: SDN, new fancy buzzword or a paradigm shift? I started this journey in 2015, when at the Cisco Network Innovation Summit in Prague, I saw a presentation of Tim Szigeti about dynamic QoS with Cisco APIC-EM. That was the trigger for me, after a few years reading…

Read More...

Cisco Live US 2018 – CAE and keynote speakers [updated]

Jerome Tissieres

After being six times at Cisco Live Europe between 2009 and 2016, this year my management allowed me to go to Cisco Live US. I registered last week and now I am starting to see some rumors about the customer appreciation event (CAE) and the keynote speakers. Customer Appreciation Event First rumor read here and there, the CAE of Wednesday June 13th, will be at Universal Studios Orlando. From 7:30 PM to 11:30 PM, CAE participants will have exclusive access to the theme park, including the rides and attractions. The event will…

Read More...

BGP load sharing and unequal cost load sharing

Jerome Tissieres

On Cisco routers, by default the BGP protocol will not do load-sharing – and even less unequal cost load-sharing – across multiple links, for traffic to the same eBGP destination with different AS-path. Let’s see how we can change this. We can configure the command: “maximum-paths n”, but it only works if the weight, local-pref. and AS-path attributes are the same across the different uplinks. So how can we do load sharing if we are multihomed to different ASes? In that case, we must use the BGP command: “bgp bestpath as-path multipath-relax”. VIRL lab…

Read More...

6 CCIE strategy mistakes

Jerome Tissieres

I passed the CCIE R&S written exams version 4.0 and 5.0, studied for the lab exams for both versions with workbooks and mock labs from many vendors such as INE, IPexpert (closed today), Narbik Kocharians / Micronics Training and Cisco expert-level training. I attempted the CCIE R&S lab exam once on version 4.0 and three times on version 5.0. Now I would like to share with you my experience about the CCIE strategy and especially the mistakes to avoid to have the best chance to get your numbers.

Read More...

Cisco Embedded Event Manager (EEM)

Jerome Tissieres
EEM

The Cisco Embedded Event Manager or Cisco EEM is a software component of Cisco IOS, IOS-XR, and NX-OS that provides real-time network event detection and onboard automation. EEM allows you to automate tasks, perform minor enhancements and create workarounds and can makes life easier for network operators by tracking and classifying events that take place on a network device and providing actions options for those events.

Read More...

Cisco Flexible Netflow configuration

Jerome Tissieres
Netflow

Recently, a customer called me to configure Netflow on these routers because he just installed NetFlow Analyzer software from ManageEngine. This software is an “all in one” NetFlow collector, database, WebUI software, able to build pretty nice reports. In my opinion, Netflow is one of the absolutely required software to have a good visibility when you operate a network.

Read More...

Extending the LAN with a Meraki wireless mesh link

Jerome Tissieres
Meraki_Wireless-Bridge

Cisco Meraki access-points can operate as mesh repeaters, which allows them to extend the wireless network range. Since repeaters also support wired clients plugged into their wired interface, a repeater can be used to bridge a remote LAN segment back to the main network. This article explains how the LAN can be extended via a wireless bridge, including limitations and requirements. There are 3 supported designs for extending the LAN via wireless mesh.

Read More...

Building a LACP port-channel between Cisco and Huawei switch

Jerome Tissieres
Huawei-Cisco-trunk_topology

Configuring a LACP link aggregation, EtherChannel, or port-channel, or Eth-trunk between Huawei and Cisco switch is something very common. But since the configuration syntax between the two vendors is different, it can be confusing. In this article, I will show how to configure a LACP port-channel – called Eth-trunk on Huawei – properly between a Cisco catalyst switch running IOS or IOS-XE and a Huawei switch, model 6700 in this case.

Read More...

Meraki mesh networking tests

Jerome Tissieres
Meraki_Wireless-Bridge-3

Wireless mesh networking is included and enabled by default in every Cisco Meraki AP. The goal is to create a self-healing network that is resilient to cable and switch failures. But, how does it works exactly? How does an AP choose between the existing neighbors? How can we monitor the status and performances of a mesh link? And as it is enable by default, is it possible to deactivate this feature?

Read More...

How to add a switch to an existing Cisco C2960X stack without breaking everything

Jerome Tissieres

A Cisco C2960X stack can have up to 8 members, however there is only one master on the stack. Adding a switch to the stack without taking a few precautions can have disastrous consequences. Prerequisites First, all stack members must run the same Cisco IOS software image. The same means also the same feature-set. Then, not all software images are able to be part of a stack: Stacking is not supported on switches running the LAN Lite image. And finally, can we mix different C2960 series? Yes all C2960X models are…

Read More...

Cisco Meraki MX Static IP assignment via Dashboard

Jerome Tissieres

This morning, I received a notice about a Cisco Meraki MX firmware upgrade planned for a security appliance I have in my lab.   The message lists the new features: Layer 7 traffic classifications for VPN flow preferences Syslog export of AMP events Added support for using FQDNs in L3 firewall rule destination Threat Grid support for the MX60(W), MX64(W), MX65(W), MX80, MX90, MX84, and MX100 appliances Content filtering improvements Static IP assignment via Dashboard (via Appliance Status page) Device utilization reporting (via the new Summary Reports page) Performance, stability,…

Read More...

How to setup Cisco VIRL, VM Maestro to use SecureCRT as default terminal

Jerome Tissieres

The GUI application to use Cisco VIRL, VM Maestro, comes with a basic internal Telnet and SSH client called “Cisco Terminal”. If, like me, you want to use the rock-solid SecureCRT as terminal emulator client, you need to change the the VM Maestro preferences.   VM Maestro configuration Open VM Maestro Go to File and open Preferences Under Terminal, open Cisco Terminal Choose: Use external terminal applications Enter the settings : Telnet command: the location of your SecureCRT.exe Depending on your SecureCRT installation, it could be under: C:\Program Files\VanDyke Software\… or…

Read More...