Cisco Software-Defined Access (SDA) -  Published December 7th, 2017 by Jeff Dixon

It’s that time again, posting some more of my latest work.

Cisco Campus Fabric, ACI, APIC-EM, VXLAN, LISP, Cisco TrustSec SGT, DNA Center, Software-Defined Networking (SDN)

If any of that interest you, you come to the right place. If you don’t know what it is, you’re also in the right place. Weather you a leader, network engineer, or just learning, there is something for everyone here.

This paper is a ground up discussion covering Cisco’s unique approach called software-defined access. The general idea is the creation of a single plane-of-glass management system to provision, secure, monitor, and analyze your network.

This is a very exciting advancement and this paper will cover all the information you need to start your journey down this path.

Click Here to Read the Paper!

Blockchains and Healthcare

The technology you didn't know, the solution you needed. 

My latest paper discussing blockchain technology and its implications in Healthcare.

Emerging Wireless Standards 802.11

Cisco ASA Firepower Threat Defense

Check out my newest paper on Cisco ASA's discussing the Firepower services and Cisco's newest FTD Unified Image.

 

 

 

Infosec Writers (SDN)

Just today I had a paper published on InfoSec Writers and wanted to share the link for those that might be interested.

http://infosecwriters.com/articles/2016/05/16/software-defined-networking-what-it-and-what-you-should-know

The paper is a fairly in-depth dive starting from ground zero into understanding Software Defined Networking (SDN). When I began, I chose this topic because in all honesty, I knew very little about the topic and knew it was a quickly evolving technology that I needed to get up to speed on. After a large amount of reading and research on the topic, I was able to form this paper. It could have easily been significantly longer but I believe it was adequate for establishing an initial understanding of the technology.



Previous writing... on the same site, I also wrote another paper around wireless IDS and policy. It may be gaining some age considering the rate at which wireless has changed, however, much of it may still be relevant. This paper was entitled: Wireless Intrusion Detection Systems Including Incident Response & Wireless Policy

http://infosecwriters.com/articles/2015/08/20/wireless-intrusion-detection-systems-including-incident-response-wireless-policy

Find unused ports on a Cisco Switch

Have you ever had a switch that had every port connected to a cable and you needed to add one more? Are any of those ports unused even though they are connected? I bet so! But how do you know which ones??

Some of you may have nice utilities to help monitor your network and that may help you with this sort of situation. I’ve seen and used a few myself that help tell you just that. However, for those that don’t have such a tool at their disposal or if you’re just looking for an alternative method this is a neat combination of commands I came across that can come in very handy.

What I’m doing is creating an alias (free_ports) and you can name it anything you want. This will let me run the command easier and quicker next time. It will output a list of interfaces along with a listing of when the port was last active. So maybe it’s not full proof but it gives you a pretty good idea of where you might have a free port. If it last saw activity 2 years ago, odds are you are probably safe in thinking that port is now free.

alias exec free_ports show int | i proto.*notconnect|proto.*administratively down|Last in.* [8-9]w|Last in.*[0-9][0-9]w|[0-9]y|disabled|Last input never, output never, output hang never

Switch#free_ports

Of course you don’t have to create an alias and can always just run the base command itself:

show int | i proto.*notconnect|proto.*administratively down|Last in.* [8-9]w|Last in.*[0-9][0-9]w|[0-9]y|disabled|Last input never, output never, output hang never

This has been a very helpful trick for me a times and I hope it is for you as well!

Batch file: Ping IP’s in a range and IF successful run following command

As normal this script can have a lot of applications. In my case I was having some issues with computers getting updated in DNS correctly during a major system upgrade. I wrote this little script to help ease the pain. What I’m doing is pinging every IP address in a range one time. If the results for that ping is successful then I’m using PSEXEC (part of PSTOOLS) to run a command, in this case ipconfig /registerdns to update the DNS registration. To use PSEXEC you will need to download PSTOOLS and add PSEXEC to your syetem32 directory. Before running this script you will want to ensure the user that is running the script has permissions to complete the desired commands on the remote machine. You can add credentials to the script (psexec –u username –p password \\hostname) however be very cautious in doing this as it will be sent out over your network in clear text and odds are that’s not something you want to do.

Here is the script written for use inside a batch file (.bat):

SET SUBNET=10.10.10

for /l %i in (50,1,250) do @ping %SUBNET%.%%i -n 1 | find "Reply" && (psexec  \\%SUBNET%.%%i ipconfig /registerdns & echo Attempt to register DNS for IP: %SUBNET%.%%i >>DNS_Updated.txt)

A few explanations about the script. The SUBNET variable is configuring the first three octets of the subnet you want to scan. Simple enough. In this example we are scanning subnet 10.10.10.x

(50,1,250) This sets the IP range we want to scan. So in this case we are scanning IP range 10.10.10.50 through 10.10.10.250. The first number sets the starting IP and the last number sets the ending IP for the range.

(psexec  \\%SUBNET%.%%i ipconfig /registerdns & echo Attempt to register DNS for IP: %SUBNET%.%%i >>DNS_Updated.txt)

This section is the, what to do if successful part. If the ping succeeds what actions should it take? You could just output a list of IP’s to a file, you could copy or remove files, register the DNS as I have here, whatever your need calls for.

Ok that’s it, customize and have fun! I welcome comments with any enhanced versions or variations you may come up with.