03 Jan

Manual firmware upgrade of lightweight access point

Wireless networks

The Cisco lightweight access point managed by the wireless controller is not a new product. It has been on the market for years, evolved from LWAPP to CAPWAP model, is supporting a wide range of access point models. The idea is that access point upgrades its firmware when it registers to WLC. Sounds easy? Yes. Is it working? Yes, usually, but not always. Sometimes you need to perform a manual lightweight access point firmware upgrade procedure which is not well documented. And you need to know a hidden command. I will show you how.


Read More

28 Dec

SMTP Relay on IIS for Exchange Online

Microsoft Office 365

On March 1, 2018, Microsoft will disable support for TLS 1.0 and TLS 1.1 protocols in many of its online services. That means TLS 1.2 or later version will be only allowed in browser-server and client-server connections. It is a good move and security enhancement. You should not even see this change unless you use the old legacy software.

During the past few weeks, I have been working on the project related to the implementation of the GDPR law for one of my customers. One of the milestone tasks was a migration to Office365 and Exchange Online. They were using external email service from one of the national providers so far. One of the applications they are still using is the on-premise CRM – I cannot name the product, but it has support from the vendor and every few months users get a new release. However, this CRM does not support TLS at all in deployed version, only the SSL, for connection to the SMTP server. It was not a problem for previous email service provider, but Microsoft is not going to enable SSL for you just because you need it.

Even in small company changing or upgrading the CRM is not a quick and easy task, so it was not an option in this case. So I had to make changes to SMTP service. My choice was to install SMTP Relay.


Read More

23 Nov

Dynamic VIRL inventory for Ansible playbooks

Ansible is one of the powerful tools providing us an automation of recurring tasks. In the current world, it is impossible to manage infrastructure manually efficiently. Many people still do this but the world has already changed and we need to progress otherwise our business will be cost ineffective. You can provide static inventory – list of the devices where you want to execute the playbook. But in dynamic environments, such as Cisco VIRL simulations you don’t want to edit inventory file manually. That is why I use Python script that will generate Dynamic VIRL inventory for Ansible playbook for me.

Read More

03 Nov

IOx and guestshell on IOS XE

Most of the recent firmware on Cisco devices run on top of Linux operating system. Yout IOS XE or NX-OS is just a Linux process! It is nothing new; Juniper does it for years. However, it does not mean you can access the operating system directly; this is reserved just for Cisco TAC and developers in case the base operating system might be the source of the problems. However, you can use the IOx and the guestshell container introduced in IOS XE Everest 16.5.1 release.

Read More

17 Oct

When your ISP sends you BPDU frames…

As an end-user, you should never receive STP BPDU frames from the ISP. The workstation in enterprise networks should not either. It is always a result of misconfiguration or lack of knowledge from network engineers about basics of network security. BPDU can reveal information about your network that can be later used to compromise it. In the worst case, an attacker can impact your system by changing the spanning-tree topology and perform a Man-In-The-Middle attack.

I noticed that my ISP is sending me BPDU frames. Let’s see, using this case real-life scenario, what we can tell about his network.

Read More

13 Oct

How to install multiple ASAv firmwares on Cisco VIRL

Cisco VIRL

Cisco VIRL is powerful network simulation tool. There are weeks when I run simulations 24/7 because of some projects or learning are ongoing. With VIRL you get almost the latest firmware for supported platforms. Almost – sometimes you have to wait for next release for a new firmware to be available. I experienced it a few months ago when with ASA 9.7(1) release Cisco introduced the route-based VPNs (VTIs). At this point VIRL users got the 9.6(2) release bundled into latest simulator release. In other simulation, you may want to use different ASAv firmware versions for various nodes, so your simulation is more similar to your production network.

Cisco VIRL uses real firmware in the simulations. I will show you how you can add different ASAv firmware and use it in parallel with the software available on VIRL repository.

Read More

25 Sep

GDPR/RODO discussion streaming [PL]

Attention polish speaking users!

During PLNOG19 conference, on Tuesday 26th of September at 14:10 CEST, we will host a discussion about GDPR/RODO law implementation in Poland. As panelists, we will welcome Andrzej Karpiński (Orange Poland), Marcin Kuczera (Leon sp. z o.o.) and Adam Kubica (ART-COM sp. z .o.o). The panel will be moderated by Andrzej Targosz (ProIdea). During the discussion which will include the audience we will talk about the status of GDPR/RODO implementation in Poland, requirements, best practices etc.

This panel is part of PLNOG Community Corner I am proudly creating during PLNOG conferences, and we will stream it live on Internet! Check PLNOG website and Facebook profile for further details.

05 Sep

AWS Step Functions for networkers – the CLI approach

Step Function Workflow Graph

In the previous post, I told you that it is not possible to update State Machine configuration once you create it. I prefer an approach like in API Gateway where you have stages of the same project, but Amazon for some reason did not follow this way. So if you want to deploy a new version of your Step Functions project you need to delete old and create new State Machine. Using the GUI interface is not efficient in a long term, you can do this much easier using AWS CLI.

Read More

30 Aug

AWS Step Functions for networkers – Workflow definition

Step Function Workflow Graph

AWS has many great tools and products that may simplify your task. In day to day work, no matter if you are networks engineer, software administrator or have a different role in your organization you will perform small repetitive tasks to complete the bigger project. Writing a long, complex scripts or programs is a solution, but it is flexible? Step Functions is a good option in such cases.

Good programming rule is to create small functions to complete small chunk of work and then pass it on another one. So instead of writing one script that will log into 100 devices to fetch firmware version you create a small function that does it for one device and then you call it in a loop in other function passing the new IP as an argument. That is exactly what AWS Step Functions are meant for. Using this service you can create a flow of small tasks, each dependent on other if required, to complete bigger work. Let me show you the basics and how you can use it.

Read More

This website stores some user agent data. These data are used to provide a more personalized experience and to track your whereabouts around our website in compliance with the European General Data Protection Regulation. If you decide to opt-out of any future tracking, a cookie will be set up in your browser to remember this choice for one year. I Agree, Deny