Tuesday, December 19, 2017

How to Recover the Catalyst 9300 Password?

The common question: “How to recover the password on Cisco Catalyst switches, such as Catalyst 2960, 3750-X, 3650 switches, Catalyst 3850 series and the new Catalyst 9000 switches?”

Here we’d like to share an example of recovering the password on Catalyst 9300 switches. This example has been posted in Cisco’s communities

It is the same as Catalyst 3850.

Power cycle the switch. Immediately press and hold the Mode button. Hold the button till the Status LED will go amber. Then on the console you should be in Boot Loader.

Add the following variables.

Then boot the switch.

Switch: boot

Once the switch has booted you can copy the saved config back into the running config.

Switch# copy start runn

Next set your password(s). Finally we want to remove the variables we set while in Boot Loader.

Switch# no system ignore startupconfig switch all

Save your new config.

Switch# copy runn start

Info from https://communities.cisco.com/thread/85760

Learn more:

Wednesday, November 29, 2017

UTM vs. NGFW in the Enterprise

UTM (unified threat management) products or a next-generation firewall (NGFW)? That’s a question. You may not distinguish between UTM and NGFW. Here we’d like to share the article “UTM vs. NGFW in the enterprise” written by Kevin Beaver from techtarget.com. What’s your opinion about this topic?

UTM vs. NGFW in the enterprise

When it comes to unified threat management systems, there are three main considerations I have seen during my work in the field. First, given the form factor, the feature list of a UTM system is impressive: firewalling, intrusion prevention, VPN, email content filtering, network activity monitoring, malware protection and even data loss prevention (DLP).

In many situations, getting these important security capabilities in one package is the only way to justify implementation; purchasing standalone products for each area is just too costly. That said, enterprises are probably not going to get the absolute best technology for each of the security areas. Many vendors like to the think they're the best at everything they offer, but experience has proven otherwise.

Second, each unique security system, application and console an organization has to monitor takes away from other work. Having to learn the interfaces, reporting, etc. for each of the vendor's products can be just as much of a distraction. A single interface can be one of the greatest selling points of unified threat management systems.

Lastly, enterprises must consider whether the specific configuration will be a single point of network (and security) failure or not. If so, how will this be addressed? Hardware and software are fairly resilient these days, but there's also the human component -- someone doing something incorrectly or at the wrong time may take the system down.

That said, there a few considerations around NGFWs I see regularly in my work. First, NGFW granular application layer features can help monitor and control the most complex of applications and malware.

Additionally, presumably more mature threat intelligence is available given the prevalence of NGFWs across large enterprises and large government agencies.

The potential expense of NGFWs--in both initial capital expenditures and ongoing operational costs--is a drawback of the technology. It has been my experience that the larger the vendor, the prouder it is of its products and service.

Lastly, if an organization has a person (or team) managing its NGFW(s), then who's managing the security controls for other security needs, such as DLP, VPN, email content filtering and the like? Enterprises will likely have dedicated resources for those, which is good, as they really need them to manage such diverse systems.

In UTM marketing circles, one of the common selling points is that UTM is good for SMBs. If a company is trying to figure out whether a UTM system can handle its network demands, don't assume that it is only for small mom and pop shops with a handful, or perhaps a couple dozen, of employees. I see plenty of businesses and government agencies that fall into the SMB category, yet have relatively large networks and overall information system complexity that rely on a UTM for much of their security controls.

Unified threat management systems are plenty scalable and feature-rich for sizeable organizations.

Making the decision: UTM vs. NGFW
In the end, the decision on purchasing a UTM or NGFW should be based on risk and what your business needs most. The following questions can help:
  • Which risks are you attempting to mitigate? If you cannot fully answer this, you're not ready to buy just yet. Perform your risk assessment (technical and operational) and determine what's at risk and what can be done about it.
  • What are your network throughput numbers, service-level agreement requirements and unique network visibility and control needs? Prospective vendors should be able to help you map your requirements to their offerings.
  • How much time do you have to dedicate to deploying, managing and troubleshooting these systems?
  • What are the independent test lab reports, product reviews and people using these systems saying? You'll learn more about what's best for your organization this way than through any other means.
The answers to these questions could very well be contrary to what a vendor's sales engineer or account manager thinks is best for you. Only your organization knows its network best; you know what's at risk and what you're capable of doing about it. Get as many people involved as you can and gather all the right information so you can decide on the solution that best helps you meet your goals.
The best choice--UTM or NGFW--will emerge and be quite obvious. Just don't get caught up in the semantics or vendor/analyst hype. Remember, it's not wrong to choose a different product (or products) altogether.

Learn more: UTM vs. NGFW

Thursday, November 9, 2017

Next-Generation Video and Voice Communications-Cisco IP Phone 8800 Series

Nine models are available with the IP Phone 8800 Series that range in their support to address the needs of knowledge workers, managers, executives and customer care staff.
*  Specialty deployments are supported for audio conference rooms and in-campus mobile workers in rigorous work environments.
*  The 8800 Series includes desk phone models 8811, 8841, 8845, 8851, 8861, 8865. Specialty models include IP Conference Phone 8832 for executive offices and midsized-to-large conference rooms, and the 8821 and 8821-EX for in-campus mobile workers. The 8845 and 8865 support entry to 720p HD video.
Cisco 8800 IP Phones for a variety of needs

The 8800 Series is ideal for knowledge workers, administrative and executive staff. It works well in open workspaces, large conference rooms and executive offices and with actively mobile workers within a campus. Choice of two user experiences add flexibility.
High-quality video, voice, and mobile communications for every user

Our global, 24-hour economy calls for anytime, anywhere access by employees.

Whether you are working from a primary or shared desk in an office, are teleworking from home, are mobile within a campus, or are in a team meeting in a conference room, desktop endpoints and their capabilities remain very important business tools. With multiple investment priorities, such as migration to the cloud and adoption of collaborative team applications, businesses today need to ensure that desktop investments can not only drive cost efficiencies and faster feature delivery, but also increase user productivity with a superior experience.
That’s where the Cisco IP Phone 8800 Series comes in.

This next generation IP phone portfolio, designed for small to very large businesses, delivers advanced, cost-effective, reliable, secure, and scalable high-quality Voice over IP (VoIP) communications on all models.

It also provides on select models:

(1) affordable entry to High-Definition (HD) video communications;

(2) integration of telephony features with personal mobile devices using Cisco Intelligent Proximity technology;

(3) support for in-campus mobile workers who require more rugged and resilient communication devices due to their rigorous work roles and environments.
The breadth of the 8800 Series portfolio, their sleek and ergonomically friendly design, enhanced user experience, and superb audio performance distinguish these IP phones from any other offerings on the market today.

Feature highlights

• Superb audio: Enjoy the best audio performance of any IP phone Cisco has ever produced, with ETSI2 compliance for echo cancellation and vibration isolation technology for both microphone and speaker.

• Intuitive, ergonomic design: Rounded keys increase tactile feel to reduce misdials, and wide-screen high-resolution backlit displays make for easier viewing and navigation. The phone software provides menus and notifications that are more visually appealing. End users have their choice of two experience modes for interacting with their phone.3 Context-sensitive soft-label keys and a five-way navigation cluster enhance employee efficiency.

• Mobile device integration with Cisco Intelligent Proximity: Four of the 8800 Series models support Cisco Intelligent Proximity for Mobile Voice. This feature enables employees to import contacts and call history from their personal mobile devices to these select models over Bluetooth. Users can even move the audio portion of an active voice or video call from their personal mobile device to these phones for better-quality sound when at their desks. And they can keep their personal mobile devices charged, to stay connected when on the go; through a USB port on select 8800 Series models.

• Key expansion modules for scalability: Unique to the 8800 Series, the new Cisco IP Phone 8800 Key Expansion Modules (also referred to as “sidecars”) for the 8851, 8861, and 8865 phones offer 28 additional programmable line or feature keys beyond the 5 to 10 keys that come standard with these phones.5 These new modules support both Session Line Mode (SLM) and Enhanced Line Mode (ELM) user experiences for greater deployment flexibility and user comfort. Up to three expansion modules are supported, for a total of up to 84 additional line or feature keys.6

• Flexible deployment options: Support your Cisco deployment model(s) of choice, whether on-premises, in the cloud with Cisco Spark, or in a hybrid configuration. Select 8800 Series models also support third-party on-premises and hosted UC-as-a-Service (UCaaS) from Cisco approved and certified providers.7

Cisco IP Phone 8800 Series: An overview

The Cisco IP Phone 8800 Series offers six advanced models of desk phones in your choice of charcoal or white, an audio conferencing endpoint for small to large conference rooms up to 1140 sq. ft. (106 sq. m.), and two ruggedized exterior 802.11 wireless handsets, in charcoal and yellow that are designed for in-campus mobile workers who work in more rigorous and/or hazardous settings.

The desk endpoints all provide between 5 and 10 lines4 and support both on-premises and cloud deployments – regardless of whether workers are at a campus or work from home. All of the desk models feature 5-in. (127-mm) wide-screen, graphical displays, and most models support color display presentation. Gigabit Ethernet is standard on most phones for reduced administration. Select models deliver 720p HD video, USB and Bluetooth for support of third-party compatible headsets, telephony feature integration with personal mobile devices, and support for optional key expansion modules that provide additional programmable lines and feature keys.

The new 8832 audio conferencing endpoint combines superior HD audio performance and 360-degree coverage for small to large conference rooms and executive offices. Initial support will be up to 26 participants in a conference room, expanding up to 42 participants.8
It features full-duplex two-way wideband audio, an integrated dialpad, a large mute key for access from all sides of the endpoint and rounded edges for ease of handling.

The 8821 and 8821-EX wireless LAN handsets are sleek and lightweight and come with a 2.4-in. (6.1-cm) high-resolution graphical display.

They are sealed against dust and water.9 Both handsets comply with military standard 810G for added resilience when deployed in more industrial environments. Extensible Authentication Protocol – Transport Layer Security (EAP-TLS) 1.2 and Secure Hash Algorithm 2 (SHA-2) support more secure communications and authentication, while roaming is enhanced with Fast Transition (802.11r). The EX model is also compliant with nonsparking standards, even when temporarily exposed to hazardous atmospheric environments.10

2 European Telecommunications Standards Institute.
3 Session Line Mode (SLM) and Enhanced Line Mode (ELM) are available on most models. Support excludes the 8831 and 8832 conference phones and ELM on the 8821 and 8821-EX WLAN handsets.
4 Number of lines on desk endpoints depends on whether SLM or ELM user experience is selected.
5 The number of keys (5 or 10) depends on the choice of SLM or ELM mode. The new key expansion modules for 8851/8861 phones and the module for the 8865 video phone support both modes.
6 The number of key modules and total number of line or feature keys depends on the phone model and user experience mode selected.
7 Contact your authorized Cisco representative for further details.
8Initial support up to 800 sq. ft/74 sq. m. in CYQ3 2017 for select markets. In CYQ4 2017, extends up to 1140 sq. ft/106 sq. m and up to 42 participants for select markets. Contact your Cisco representative for details on regional availability.
9Both models are International Protection Standard (IP67) rated for dirt and water resistance.
10ATEX Zone 1/Class 2 and CSA Zone 1/Division II compliant.

Compare Models-Specifications at a Glance

The IP Phone 8800 Series provides high-quality, secure, full-featured video and VoIP communications. See which models offer HD video and support in-campus mobile workers over wireless LAN.

High-def Video (720p)
Integral switch
Programmable (line) keys
DECT (mics)
Cisco Intelligent Proximity
USB (physical ports)
Yes (1): USB-C
Yes (1)
Yes (2)
Yes (2)
Yes (2)
Yes (3)
Yes (3)
Wi-Fi (802.11n)
More Related…

Friday, October 20, 2017

Cisco UCS S3260 Storage Server Overview, Data, Unstored

Data, unstored, the keywords for Cisco UCS S-Series Storage Servers.

The S-Series is designed for data intensive workloads such as big data, streaming media and collaboration applications, and for deploying software-defined storage, object storage, and data protection solutions. 

The Cisco S-Series S3260, which is a follow-on from the C3260. Much of the bare-bones specification remains, such as 600TB of local data storage with enterprise-class redundancy, connectivity including NFS, iSCSI, Fibre Channel (FC), FCoE, SMB and SMB Direct, scaling to petabytes with Cisco UCS Manager, and a dual-node two-socket architecture using Intel Xeon CPUs. But much else has changed, particularly the adoption of a modular design so that different components can be refreshed at different times.

The S3260 is the first product in the S-Series line-up and the main features are:
  • Dual two-socket server nodes using an Intel Xeon E5-2600 v2 or v4 CPU, with up to 36 cores per server node or 72 cores per system.
  • Up to 512GB of DDR3 or DDR4 memory per server node (1TB total)
  • Support for high-performance Non-Volatile Memory Express (NVMe) and flash memory
  • 600TB data storage capacity that scales to petabytes with Cisco UCS Manager
  • Policy-based storage management framework
  • Dual-port 40Gbit/s system I/O controllers with UCS Virtual Interface Card (VIC) 1300 platform embedded chip
  • Unified I/O for Ethernet or Fibre Channel to existing NAS or SAN storage environments
  • Support for Cisco bi-directional (BIDI) transceivers, with 40Gbit/s connectivity over existing 10Gbit/s cabling infrastructure

This slide from Cisco summarizes the modularity. One point is that Cisco's 40Gbit/s virtual interface card (think VNIC) provides 256 virtual adapters per node plus 16Gbit/s native Fabre Channel options.

UCS S-Series Modular Design

Modular components include disk, SSD and NVMe media (caching flash with Fusion ioMemory3 PX), disk expanders, IO expanders, flash memory and Ethernet/FC/FCoE connectivity options.
They can be cache-optimized, capacity-optimized, compute-intensive and IO-intensive configurations; the latter having 160GB/sec of aggregated VIC IO, and either 8 or 16Gbit/s FC. 

Capacity can be scaled out, by adding nodes, to 86PB in a UCS domain.

Compared to Cisco's own traditional-style servers, we're told the UCS S3260:

  • Reduces CapEx by 34 per cent
  • Lowers ongoing management by 80 per cent
  • Reduces cabling by 70 per cent
  • Takes up 60 per cent less space
  • Consumes 59 per cent less power

Friday, September 22, 2017

Catalyst 6807-XL, Taking Catalyst 6K Up to 880G/Slot

Catalyst 6807-XL Modular Switch, for the Next-generation Campus

Cisco Catalyst 6807-XL Switch, Optimize for 10 Gigabit Campus Services

Want enhance campus backbone services? Yes, with Cisco Catalyst 6807-XL Switches.

This Catalyst 6807-XL modular switch offers higher slot and switching capacity for the services of today and tomorrow, and includes features and operations that are consistent with Catalyst 6500 switches.

It supports existing Supervisor Engine 2T, line cards, and service modules.

The Catalyst 6807-XL is ideally suited for enterprise core and aggregation environments and offers industry-leading Gigabit Ethernet, 10 Gigabit Ethernet.

The platform is also ready to support 40 Gigabit Ethernet.

The Cisco Catalyst 6807-XL is built on the Cisco Catalyst 6500 DNA and runs the same Cisco IOS Software operating system as the Cisco Catalyst 6500 Series Switches. At FCS the switch will support all the features supported on the Cisco Catalyst 6500-E Series Switch.

At 10 rack unit, the Cisco Catalyst 6807-XL chassis is smaller than the Cisco Catalyst 6506-E chassis while providing an extra slot. This coupled with support for the Supervisor Engine 6T, Supervisor Engine 2T and its family of line cards means upgrading the campus backbone can be done with simplicity, speed, and full investment protection.

Cisco Catalyst 6807-XL Switch
  • 5 module slots, 2 SUP slots 10 RU
  • Slot capacity of up to 880 Gb per slot
  • Switching capacity up to 11.4 Tb/s
  • Supports ASA, NAM-3, and WiSM2

Features and Capabilities

The Cisco Catalyst 6807-XL supports the following:

● Cisco Catalyst 6500 Series Supervisor Engine 2T (Standard and XL)
● Current Fabric Modules (Cisco Catalyst 6700, Catalyst 6800, and Catalyst 6900 Series)
● Current Service Modules (Cisco Catalyst Network Analysis Module 3 [NAM-3], Wireless Services Module 2 [WiSM-2], and Adaptive Security Appliance Services Module [ASA-SM])
● Future Supervisor Engines
● Future Fabric Modules
● Future Service Modules
● Current (e.g. 15.1SY) Cisco IOS  Software release
● Future (e.g. 16.0SY) Cisco IOS Software releases

The 6807-XL supports the 220Gbps per slot, 2Tbps Sup 2T. In addition to the 4x100G line card, sources expect a 12x40G module for the Catalyst 6807-XL, as well as a 48-port 10G line card.

Height 17.5” (10RU)
Width 16.318”
Depth 18.10”
1 x 9-Fan 4500 RPM High-Efficiency Fan-Tray =>100 CFM/Slot
4 x Viking Power Supplies @ Platinum Power Efficiency = >90%
Other Highlights:
Supports both traditional DBUS/RBUS Bus connectors & 48 (8 per IO slot (40) + 4 Sup-Sup (8)) x 15Ghz SerDes Fabric channels.
Supports both traditional Bus-based EOBC & new SGMII-based Switched EOBC (if legacy cards present = traditional EOBC bus).
Supports two advanced 3.3V control logic modules, which are front-serviceable (located to left of power supplies).
Supports two 62.5MHz system clocking modules, which are rear-serviceable (located behind back-plate).
Supports three VTT-E voltage termination modules, which are rear-serviceable (located behind back-plate).

More Notes:
These PSUs are certified as Platinum Efficient, based on >90% efficiency rating.
Such PSUs waste 20% or less electric energy (as heat) at the specified load levels, thus reducing electricity use and bills compared to less efficient PSUs.
These are Viking 3000W power supplies P/N: 341-0401-XX
Viking power supplies are communicated with via I2C.

The particular I2C is known as PMBus. This is an industry standard (see pmbus.org)
PSU Fault conditions are:
 5V out of range
 Output stage OT
 Fan Fault
 Or-ing fault (Output voltage less than bus voltage)
 OC shutdown
 OT shutdown
 OV shutdown
 Input stage OT
  Fault induced shutdown occurred
 Thermal sensor fault
 Vout out of range
 Boost Vbulk fault (AC power supply only)

Cisco ONE Software for Access Switching is available for the Cisco Catalyst 6807-XL Modular Switch.

More Related