Passed the 640-916 DCICT

It’s been a little more than year in the making since I passed my last Cisco exam the 640-911 but I finally did it and passed the 640-916. I can now call myself CCNA Data Center Certified. 🙂 If you ever get the chance to take go up Data Center route it really is interesting of all the products and services Cisco has in their portfolio. Cisco UCS, OTV, Fabicpath and FCoE are just really cool technologies to learn about. The main studying tool I used was the Cisco Official Certification Guide and I poked around the Cisco Learning Network on the Data Center study group.

So what’s next for me? Well I think its time to take another step forward and climb up to the professional level of Cisco Certifications. I don’t know when I want to start that but it’ll probably be sooner rather than later.

It’s been a little more than five years of when I passed my first Cisco certification. After finishing the Cisco Network Academy I was able to tackle the ICND1 and looking back at the ICND1 its changed curriculum twice since I took it, which is a common theme in this industry. 😉

 

 

Advertisements

Cisco UCS Emulator 3.1(1ePE1)

If you are studying any Cisco Data Center certs this tool might come in handy for some hands on learning. The Cisco UCS emulator is a VM you can spin up in VMware Workstation,Fusion or in ESXi. This emulator can be helpful in understanding the UCS platform and UCS manager. You are able to push policies and alter configurations and even import/export these configurations into and out of the “real” world to apply them/test them. You can download this emulator from Cisco’s Community site: Cisco UCS Platform Emulator 3.1(1ePE1) Downloads All you need is a Cisco ID to sign in which is free to register and download.

Continue reading

RBAC Radius with Microsoft NPS 2012 R2

safe-access-controlIn this configuration I’m at looking at using Microsoft NPS 2012 R2 as radius server and I’m going to skip the installation of NPS because it really is just a next, next, finish installation. In this demo I already have this NPS system connected to a Windows domain, my goal is to create role based access on Cisco IOS routers while using radius to login. I’ll have a couple for active directory accounts each them will represent different types of allowed access to these IOS routers. One account will get full administrative access while the other will only get read access, how cool cat is that 😉 !

Continue reading

Rancid can’t SSH to older ISRs?

Well its 2016 and you still have that one-of-kind Cisco ISR 2811 or 3845 running in the environment? You followed and installed Rancid, all the new stuff works like it should but when you try to connect to that “one-of-kind” 2811 with Rancid it closes the connection… :/

This is a simple fix and the bug is reported here: LINK. The bug is something with OpenSSH which is installed on your Linux operating system and Rancid rides on top of it. You would have the same issue if you just tried SSH to thing directly from your Rancid machine. The bug looked to be fixed starting OpenSSH 6.9 but as right now at least in Centos 7 the version it goes up to is OpenSSH 6.6. You can verify this by using sshd -V to output the OpenSSH version you are using.

Simple fix is to modify the ssh_config file usually located at /etc/ssh/ssh_config and at the bottom of the file put the host you are connecting to. Copy what you have in your router.db file meaning if you are using DNS names put DNS names of the devices that won’t connect into this file. If you are using IP address use IP address in this file. In this example I’m using IP addresses and DNS names, the following is at the bottom of the ssh_config file:

# Custom Rancid Configuration (Issues with Connecting SSH with Older Devices)
# Bug Report 740307 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740307
#
Host 192.168.3.1
	KexAlgorithms=diffie-hellman-group14-sha1
#
Host Router03.example.com
	KexAlgorithms=diffie-hellman-group14-sha1
#
Host Router02.example.com
	KexAlgorithms=diffie-hellman-group14-sha1
#

You should be good to go after that. You can test this by using clogin or by connecting directly. If you noticed on the bug report you could also up the Diffie-Hellman size to 4096 on the router itself by using the ip ssh dh min size 4096 command as well. I hope this helps if you ever need it 🙂

Cisco VIRL – Update

VIRL-logo-eCisco released VIRL almost a year ago and it’s not at the 1.0 version yet but it’s getting close as they have done some good work towards the product since it first lunched. Cisco VIRL is like GNS3 which is simulation platform that runs Cisco’s current operating systems so instead of buying used Cisco hardware you can run this program on your computer. This software is geared towards proof-of-concept designs, for personal and training on Cisco Certifications. Let’s talk about it!

Continue reading