I regularly share useful links with customers and colleagues and often find that this page is a great starting point to explore some of the web tools Cisco has available http://www.cisco.com/c/en/us/support/web/tools-catalog.html
Some of these tools include the Cisco Power Calculator, Cisco Feature Navigator, Cisco IOS to NX-OS configuration converter, and many others. Give it a click and explore some tools you likely didn’t even know existed.
Cisco acquired a company named ScanSafe in 2009 to provide cloud based web proxy services and this service was renamed to Cisco Cloud Web Security (CWS). Cloud Web Security offers an alternative to on premise proxy services by hosting proxy services in data centers around the world. There is a single management portal where an administrator can create policies and run reports. Once a policy is created it is available across all the proxy servers around the world which greatly decreases the burden of creating consistent policies.
There are a variety of ways to leverage CWS including:
- Cisco AnyConnect
- Connectors for Cisco ISR G2 routers (1900, 2900, and 3900 series)
- Connectors for Cisco ISR 4000 routers (4300, 4400 series)
- Connector for Cisco ASA firewalls
- Integration with the on premise Web Security Appliance (WSA)
- Direct integration via client proxy configuration (point your operating system to the CWS proxy)
The connectors for the routers and firewalls offer transparent redirection which makes deployment very straightforward. The integration with AnyConnect provides a very simply solution for securing internet access for users when they are outside of the corporate network without requiring all internet traffic to be backhauled.
More information on the service can be found here http://www.cisco.com/c/en/us/products/security/cloud-web-security/index.html and information on the current proxy locations is available here http://servicestatus.sco.cisco.com/status
Wireshark is the de facto packet analysis tool and it comes with a wealth of options beyond what is included in a default installation. One option I discovered recently was to leverage the free version of the MaxMind geolocation database to enhance the visibility of packet data within Wireshark to include BGP AS assignment information, cities, and countries. This allows you to create filters based on this geolocation data which can be incredibly useful to quickly include or exclude interesting traffic based upon country or origin for example.
The complete setup guide can be found here.
In the course of operating a network there are countless times when it’s incredibly useful to be able to generate very specific types of network traffic. Some examples I’ve personally encountered are:
- QoS troubleshooting (the ability to generate DSCP or CoS tagged packets)
- Reproducing specific traffic for troubleshooting purposes
- Validating access lists and security policies
- Testing how applications respond to unique traffic
A fantastic tool to accomplish these tasks, amongst many others, is Ostinato. Ostinato is cross-platform with API support so you can integrate it with existing tools and processes. In addition to browsing the web site I would highly recommend listening to the Packet Pushers Priority Queue episode 52. In this episode host Ethan Banks talks to one of the creators of Ostinato provides and provides great overview of the tool as well as how to put it to use.
Traceroute is an indispensable and frequently used troubleshooting tool. It seems incredibly simple and straightforward, but there are some slightly more subtle details that many people are not aware of. This presentation from NANOG 45 is a great overview of traceroute in general as well as how the results can be misinterpreted.
Need a simple, easy way to check if a piece of Cisco hardware is covered under warranty or SMARTnet? Look no further than this useful site: https://cway.cisco.com/sncheck
You will need to login using your Cisco.com (CCO) username and password, but then you can check on coverage for ANY serial number. If the serial number is covered under a contract associated with your CCO account then you will see additional details including coverage end date and coverage level.
TranslatorX is an indispensable tool for parsing Cisco Unified Communications Manager (CallManager) as well as Cisco CUBE logs and trace files. Check it out here: http://translatorx.cisco.com/
I recently discovered the excellent web based diagramming tool named Gliffy. You can think of it as a web based version of Microsoft Visio at a high level. In addition to network diagrams you can create flowcharts, org charts, sitemaps, user interface diagrams, etc. The import/export functionality works well and even supports importing Visio VDX files (not VSD though). Gliffy offers smooth integration with Google Drive.
A free account offers you the ability to test drive the capabilities of their platform with a few limitations including:
- Total diagrams are limited to 5
- Storage is limited to 2 MB
- Inability to create private diagrams (everything you create is viewable by anyone)
I encourage you to take their tool for a test drive at http://www.gliffy.com/
TACACS+ provides authentication, authorization, and accounting services for network devices. In simple terms this provides granular control over who has access (authentication), what that user is allowed to do (authorization) and keeps a log (accounting) of everything that user does.
Marc Huber has created and maintained a fantastic open source TACACS+ server for Linux available here: http://www.pro-bono-publico.de/projects/tac_plus.html
If you’re more inclined to the Windows world have a look here at a free TACACS+ server for Windows: http://www.tacacs.net
Fluke Networks has an awesome Ethernet connectivity poster available for free via the following link
Here’s a link to the electronic (PDF) version: LinkRunnerAT_4256156_6510_ENG_A_W