Packet6

San Francisco Bay Area Wi-Fi Professional Services

Archives for June 2015

What Certifications Are Not

by 2 Comments

My colleague and I had a discussion about the role certifications play in one’s career. Our opinions on the topic were almost aligned. The discussion took an interesting turn when it shifted towards how certifications should not be applied in the workplace.

The topic of certifications can become a heated one and if you’d like to provide constructive input, I’d like you to engage below in the comments.

I believe there is value to having certifications but only when used in conjunction with experience and mindset.

There are people who, in my opinion, take the wrong approach to certifications. I see it mostly with those entering the industry or those trying to advance themselves.

Not a guaranteed way to get a job [Read more…] about What Certifications Are Not

How To Configure Cisco NetFlow

by Leave a Comment

Cisco NetFlowNetFlow is used to collect data flows from interfaces. The information can be stored on the switch but more commonly sent to a server which collects the NetFlow data and spits it out into something shiny. Okay, not shiny but data more easily digestible.

Each packet is looked at for a set of IP packet attributes which are called key fields. The key fields help determine if the information within a packet is unique or similar to the other packets. If there are new values in the key fields then a new flow is created.

With that data you can create trend reports or gather protocol and interface statistics. In near real time you can find out who your top talkers are and what your most widely used protocols are traversing your network. It can even act as a security tool in finding network anomalies.

Netflow has 4 components:

  • Records
  • Exporter
  • Monitor
  • Sampler

The following NetFlow configuration was tested on a Cisco Catalyst 3850 running IOS version 15. On the Catalyst 3850, the exact version used is Flexible NetFlow (FNF). You will need at least IP Base licensing to use NetFlow. In short, Flexible NetFlow is Cisco’s migration from the traditional NetFlow. Aw how cute, it’s growing up.

Here is the full configuration I ended up with. After the configuration I go into more detail.

flow record AUNTFLOW
 match ipv4 destination address
 match ipv4 source address
 match ipv4 protocol
 match interface input
 match transport destination-port
 match transport source-port
 collect counter bytes long
 collect counter packets long
 collect interface input
 collect transport tcp flags
 collect timestamp absolute first
 collect timestamp absolute last
 !
 !
 flow exporter AUNTFLOWEXPORT
 description Export to netflow system
 destination 192.168.1.10
 source vlan 10
 transport udp 4739
 ttl 60
 !
 !
 flow monitor AUNTFLOWMON
 description Netflow monitor
 exporter AUNTFLOWEXPORT
 record AUNTFLOW
 cache timeout active 30
 !
 !
 sampler AUNTFLOWSAMPLER
 description AUNTFLOW
 mode random 1 out-of 32
 !
 !
 interface range g1/0/1 - 48
 ip flow monitor AUNTFLOWMON sampler AUNTFLOWSAMPLER input

Step 1: Configure the Records

[Read more…] about How To Configure Cisco NetFlow

Configuring Cisco Nexus vPC

by 2 Comments

Diagram of vPC

 

Cisco’s vPC is a virtual port-channel which allows links physically connected to two different switches to appear as a single device to a downstream device as part of a single port-channel.

To learn more, I recommend reading NX-OS and Cisco Nexus Switching by Ron Fuller, David Jansen, and Matthew McPherson.

A vPC is configured on a Cisco Nexus switch and allows Layer 2 port-channels from a downstream device to span two separate switches.

vPC consists of two vPC peer switches connected by a vPC peer link. One switch is primary and the other is secondary. A vPC domain is formed by both Nexus switches. A Nexus can only be part of one vPC domain and only two switches can make up a vPC domain.

vPC peer link creates a single control plane which forwards BPDUs or LACP packets from the primary vPC switch to the secondary vPC switch. A vPC peer link is formed into a port-channel which can be a maximum of 16 ports but at a minimum it should be 2 ports. The peer link synchronizes MAC addresses and STP BPDUs.

In addition to the vPC peer link, there is a peer keepalive link which monitors the vPC peer switch. A keepalive link can be configured using the management interface or through an SVI. There is no data sent over this link. It’s sole purpose is for vPC keepalives.

A vPC port is a port assigned to a vPC channel group. Ports part of the vPC are split between the vPC peers.

Components of a vPC

  • One primary switch and one secondary switch (vPC peers)
  • Layer 3 link for peer-keepalives (resolves dual-active scenarios)
  • Redundant port channel for a peer link between vPC peers.
  • vPC port members forming a the virtual Port Channel.

Configuration

Connect each switch together to create a vPC peer link. You need two 10 GbE interfaces.

Connect the management interfaces to each switch to form the vPC keepalive link. You lose out on using the management interface. In my scenario, these two Nexus switches will be racked together.

Enable the vPC feature.

conf t
feature vpc

Configure the management interfaces. [Read more…] about Configuring Cisco Nexus vPC

Wifi Optimization Using Wifi Explorer

by 2 Comments

Wireless requires occasional love and care. You can’t set and forget. The wireless spectrum can change so quickly and end users will be the first to experience poor service. In this post, I am going to use my home network as an example. Recently, we moved to the Bay Area. There were hardly any neighbors making my AP the sole wireless transmitter in the area.

As more families started moving in nearby I began to notice the degradation of my wireless network.

I booted up my laptop and opened Wifi Explorer, a useful OS X application use to scan, monitor, and troubleshoot wireless networks.

Upon opening the application it will display a list of wireless networks nearby, what channel they are utilizing, and what their signal strength is.

Wireless Networks
My wireless environment before making changes

My wifi network is D-NET and you can see other networks on the same channel on both 2.4 GHz and 5 GHz. I thought I’d be fine on 5 GHz because it is less utilized in home networks but I didn’t realize other networks were all on the same channel.

With Wifi Explorer I can quickly identify problematic channels and make the changes on my Open Mesh AP.

Wifi channel changes
Wifi channel utilization after changes.

I quickly got off the AP taking up channels 1 and 6 on 2.4 GHz and moved to channel 11 where the other SSIDs have a weaker signal. On the 5 GHz channel I avoided everyone else and went to channel 44 on the UNII-1 band.

Wifi Explorer can be purchased on the App store for $14.99. This is a tool I will keep for quick wireless troubleshooting. Highly recommended for anyone wanting to take wireless seriously. Adrian Granados is the author of Wifi Explorer and has other useful applications worth checking out.