BGP load sharing and unequal cost load sharing

Jerome Tissieres

On Cisco routers, by default the BGP protocol will not do load-sharing – and even less unequal cost load-sharing – across multiple links, for traffic to the same eBGP destination with different AS-path. Let’s see how we can change this. We can configure the command: “maximum-paths n”, but it only works if the weight, local-pref. and AS-path attributes are the same across the different uplinks. So how can we do load sharing if we are multihomed to different ASes? In that case, we must use the BGP command: “bgp bestpath as-path multipath-relax”. VIRL lab…

Read More...

6 CCIE strategy mistakes

Jerome Tissieres

I passed the CCIE R&S written exams version 4.0 and 5.0, studied for the lab exams for both versions with workbooks and mock labs from many vendors such as INE, IPexpert (closed today), Narbik Kocharians / Micronics Training and Cisco expert-level training. I attempted the CCIE R&S lab exam once on version 4.0 and three times on version 5.0. Now I would like to share with you my experience about the CCIE strategy and especially the mistakes to avoid to have the best chance to get your numbers.

Read More...

Cisco Embedded Event Manager (EEM)

Jerome Tissieres
EEM

The Cisco Embedded Event Manager or Cisco EEM is a software component of Cisco IOS, IOS-XR, and NX-OS that provides real-time network event detection and onboard automation. EEM allows you to automate tasks, perform minor enhancements and create workarounds and can makes life easier for network operators by tracking and classifying events that take place on a network device and providing actions options for those events.

Read More...

Cisco Flexible Netflow configuration

Jerome Tissieres
Netflow

Recently, a customer called me to configure Netflow on these routers because he just installed NetFlow Analyzer software from ManageEngine. This software is an “all in one” NetFlow collector, database, WebUI software, able to build pretty nice reports. In my opinion, Netflow is one of the absolutely required software to have a good visibility when you operate a network.

Read More...

Extending the LAN with a Meraki wireless mesh link

Jerome Tissieres
Meraki_Wireless-Bridge

Cisco Meraki access-points can operate as mesh repeaters, which allows them to extend the wireless network range. Since repeaters also support wired clients plugged into their wired interface, a repeater can be used to bridge a remote LAN segment back to the main network. This article explains how the LAN can be extended via a wireless bridge, including limitations and requirements. There are 3 supported designs for extending the LAN via wireless mesh.

Read More...

Building a LACP port-channel between Cisco and Huawei switch

Jerome Tissieres
Huawei-Cisco-trunk_topology

Configuring a LACP link aggregation, EtherChannel, or port-channel, or Eth-trunk between Huawei and Cisco switch is something very common. But since the configuration syntax between the two vendors is different, it can be confusing. In this article, I will show how to configure a LACP port-channel – called Eth-trunk on Huawei – properly between a Cisco catalyst switch running IOS or IOS-XE and a Huawei switch, model 6700 in this case.

Read More...

Meraki mesh networking tests

Jerome Tissieres
Meraki_Wireless-Bridge-3

Wireless mesh networking is included and enabled by default in every Cisco Meraki AP. The goal is to create a self-healing network that is resilient to cable and switch failures. But, how does it works exactly? How does an AP choose between the existing neighbors? How can we monitor the status and performances of a mesh link? And as it is enable by default, is it possible to deactivate this feature?

Read More...

How to add a switch to an existing Cisco C2960X stack without breaking everything

Jerome Tissieres

A Cisco C2960X stack can have up to 8 members, however there is only one master on the stack. Adding a switch to the stack without taking a few precautions can have disastrous consequences. Prerequisites First, all stack members must run the same Cisco IOS software image. The same means also the same feature-set. Then, not all software images are able to be part of a stack: Stacking is not supported on switches running the LAN Lite image. And finally, can we mix different C2960 series? Yes all C2960X models are…

Read More...

Cisco Meraki MX Static IP assignment via Dashboard

Jerome Tissieres

This morning, I received a notice about a Cisco Meraki MX firmware upgrade planned for a security appliance I have in my lab.   The message lists the new features: Layer 7 traffic classifications for VPN flow preferences Syslog export of AMP events Added support for using FQDNs in L3 firewall rule destination Threat Grid support for the MX60(W), MX64(W), MX65(W), MX80, MX90, MX84, and MX100 appliances Content filtering improvements Static IP assignment via Dashboard (via Appliance Status page) Device utilization reporting (via the new Summary Reports page) Performance, stability,…

Read More...

How to setup Cisco VIRL, VM Maestro to use SecureCRT as default terminal

Jerome Tissieres

The GUI application to use Cisco VIRL, VM Maestro, comes with a basic internal Telnet and SSH client called “Cisco Terminal”. If, like me, you want to use the rock-solid SecureCRT as terminal emulator client, you need to change the the VM Maestro preferences.   VM Maestro configuration Open VM Maestro Go to File and open Preferences Under Terminal, open Cisco Terminal Choose: Use external terminal applications Enter the settings : Telnet command: the location of your SecureCRT.exe Depending on your SecureCRT installation, it could be under: C:\Program Files\VanDyke Software\… or…

Read More...

Taking the CCIE lab exam in Brussels

Jerome Tissieres

As I took four times the CCIE lab exam in Brussels, I am happy to share my experience of the exam location, the test room, how to get there and the nearby hotel. No, I will not share any information about the exam content, so please don’t ask about it. Before leaving Book your exam, your flight or train, and your hotel well in advance! Like at any Cisco exam your identity will be verified at the entrance, so be sure you have two IDs with you. Take also a…

Read More...