Skip to main content

Posts

Featured Post

Fixing Cisco SD-WAN Blackholes with OMP Send-Backup-Paths

 Fixing Cisco SD-WAN Blackholes with OMP Send-Backup-Paths The Problem: SD-WAN Blackholes During Link Failures In Cisco SD-WAN , the Overlay Management Protocol (OMP) is responsible for advertising routes between vEdges. However, by default, vSmart only advertises the best routes based on the OMP best-path selection algorithm. Letā€™s take a real-world example: šŸ“ Scenario: vEdge-1 has two Transport Locators (TLOCs): MPLS (T11) and Biz-Internet (T12). When the MPLS TLOC on vEdge-1 fails , it stops advertising the OMP route to 10.1.1.0/24 . vSmart selects the best available route , which still goes via vEdge-1 but over Biz-Internet. Problem? vEdge-3 doesnā€™t have an overlay tunnel to the Biz-Internet TLOC of vEdge-1. šŸ”» Result: The route to 10.1.1.0/24 becomes invalid and unresolved . vEdge-3 completely loses connectivity to the data center despite having a valid tunnel to vEdge-2. Traceroute and ping fail to reach 10.1.1.1. The Solution: Enabling OMP Send-Backup-Paths By defau...
Recent posts

Cisco SD-WAN Overlay Management Protocol (OMP): A Comprehensive Guide

  Cisco SD-WAN Overlay Management Protocol (OMP): A Comprehensive Guide Cisco SD-WAN Overlay Management Protocol (OMP): A Comprehensive Guide Cisco SD-WAN has revolutionized modern networking by offering scalable and intelligent network management solutions. A key component that drives the Cisco SD-WAN architecture is the Overlay Management Protocol (OMP) . This protocol plays a crucial role in establishing and maintaining the SD-WAN control plane, ensuring seamless communication across the network. What is OMP in Cisco SD-WAN? OMP is a TCP-based protocol, much like BGP, that enables communication between Cisco vEdge routers and vSmart controllers. It is responsible for managing the following critical functions: Transport Locator (TLOC) Distribution: Shares TLOC information across SD-WAN sites. Helps in route reachability by defining WAN transport characteristics. Service-Side Reachability: Distributes routing information from local interfaces, static routes, and dynamic protocols ...

Understanding Cisco SD-WAN Architecture: A Deep Dive into Control and Management Plane Functions

 Cisco SD-WAN revolutionizes network management by decoupling the control and management planes from WAN edge routers, centralizing them in software-based controllers. This architectural shift improves security, availability, and scalability, making Cisco SD-WAN a preferred choice for managing large and distributed networks. In this blog post, weā€™ll explore the roles of vEdge routers and the SD-WAN controllers, namely vSmart, vManage, and vBond, each of which interacts with WAN edge devices in unique ways to ensure secure, streamlined, and reliable control connections. Control Connections and Security Protocols Each vEdge router establishes secure control connections to SD-WAN controllers using DTLS or TLS protocols. DTLS, which operates over UDP, is the default protocol due to its efficiency and speed, while TLS, running over TCP, provides slightly enhanced reliability. These protocols create secured tunnels that shield the control plane protocols (such as OMP, NETCONF, and SNMP) ...

How to Detect ARP Poisoning with Wireshark: A Step-by-Step Guide

  How to Detect ARP Poisoning with Wireshark: A Step-by-Step Guide In a world where cybersecurity is of utmost importance, network administrators need the right tools to ensure their networks are protected from malicious threats. One such threat is ARP poisoning , a method used by hackers to intercept or reroute traffic by sending falsified ARP messages. Wireshark, a popular network analysis tool, provides a powerful way to monitor and analyze traffic. In this post, we'll walk you through how to use Wireshark to detect ARP poisoning on a small corporate network. Why ARP Poisoning is a Major Threat ARP poisoning compromises network integrity, allowing attackers to intercept or modify data. It can be used to execute man-in-the-middle attacks, compromising sensitive information, redirecting traffic, or disrupting communication between devices. Using Wireshark to Detect ARP Poisoning Capturing Packets: Start by capturing packets on the enp2s0 interface for five seconds using Wireshar...

Cracking Passwords Using John the Ripper: A Complete Step-by-Step Guide

Cracking Passwords Using John the Ripper: A Complete Step-by-Step Guide In today's post, weā€™re diving into a practical lab exercise that shows how to use John the Ripper, one of the most effective password-cracking tools in cybersecurity. Whether you're an IT professional or a cybersecurity student, mastering John the Ripper will help you understand password vulnerabilities and enhance your penetration testing skills. Lab Objective: The goal of this lab is to crack the root password on a Linux system (Support) and extract the password from a password-protected ZIP file (located on IT-Laptop). Both tasks are performed using John the Ripper. Steps to Crack the Root Password on Support: Open the Terminal on the Support system. Change directories to /usr/share/john . List the files and open password.lst to view common password guesses. Use John the Ripper to crack the root password by running john /etc/shadow . Once cracked, the password is stored in the john.pot file for future u...

How to Set Up Guest Access on Ruckus ZoneDirector ā€“ Step-by-Step Guide

 Are you looking to configure guest access on your Ruckus wireless network? In this blog, weā€™ll take you through the entire process of setting up secure guest access using Ruckus ZoneDirector. Whether you're an IT admin or a network manager, this guide will help you create a BYOD guest WLAN, set up guest pass authentication, and secure your network with wireless client isolation. Step-by-Step Tutorial Includes: Logging into the Ruckus ZoneDirector controller Configuring Guest Access services for BYOD devices Creating a dedicated guest WLAN Using guest pass authentication for added security Isolating guest devices on the network for better privacy Accessing the guest network from a client device By following this tutorial, you'll be able to provide a seamless and secure experience for visitors connecting to your WiFi network. Check out our video tutorial for a detailed walkthrough! #RuckusZoneDirector #GuestAccess #WiFiSetup #BYOD #WLANConfiguration #WirelessNetwork #NetworkSecu...

How to Configure Wireless Intrusion Prevention to Protect Your Corporate Network

  How to Configure Wireless Intrusion Prevention to Protect Your Corporate Network In an age where network security is more critical than ever, wireless networks have become a prime target for various attacks, including denial-of-service (DOS) and rogue access points. As a network technician, protecting your corporate environment requires implementing robust security measures that go beyond standard configurations. One such measure is Wireless Intrusion Prevention (WIP), which helps safeguard your network from malicious activity and unauthorized devices. In this post, weā€™ll walk you through configuring a wireless controller to protect against common wireless threats. Step-by-Step Configuration Guide Log into the Wireless Controller As WxAdmin on your ITAdmin computer, access the wireless controllerā€™s console and navigate to the wireless security settings. Enable Denial-of-Service (DOS) Protection Protect your wireless network against excessive wireless requests. Temporarily block w...