Backgroound Image

Tag: UCS

CCNP Data Center – DCIT 300-615 Exam Experience

Posted on by Dan Kelcher

 To finish off my CCNP: Data Center certification I successfully passed the DCIT exam.  While preparing for the exam I found there is very little preparation material outside of the official Cisco course.

I recently posted about my experience with the DCCOR exam, and in that covered my background and some of the general information on this set of exams.  You can read more about it here: https://www.mytechgnome.com/2022/02/ccnp-data-center-dccor-350-601-exam.html

About the Exam

The exam topics can be found here: https://learningnetwork.cisco.com/s/dcit-exam-topics

I went over the specific technologies in the DCCOR exam review, but I’ll quickly touch on them here as well.  The exam is specifically focused on troubleshooting the various technologies in each of these areas

Network (25%)

This section covers L2/L3 technologies including vPC, LACP, STP, OSPF, BGP, PIM, and FHRP (mainly HSRP).  Overlay protocols are also included, primarily VXLAN, but OTV is in there as well.  Of course ACI is also covered here.

Compute (25%)

Under the Compute category it’s exactly what you’d expect to see.  Lots of UCS, and though it doesn’t specifically call out HyperFlex or Intersight I think it’s fair to assume that those would be in scope.  Remember, Cisco states in the exam objectives that “The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam.” 

Storage (15%)

Again, nothing unexpected here.  There’s fibre channel and FCoE, and you need to be able to troubleshoot issues that can come up with those protocols.  One specific call out here though is storage is 15% of the exam, but only has one major subtopic.  That leads me to a presumption that there will be a significant number of FC questions compared to something like vPC.

Automation (15%)

Like the Storage section, there’s only two subtopics for 15% of the exam.  It seems sensible to be very familiar with EEM, scheduling, and automation tools.

Management and Operations (20%)

In the final section the topics include the firmware management and security topics that were covered in DCCOR under different parent topics.  This topic feels a little more like a grab bag, being worth 20% and having the most subtopics.

Exam Prep

The biggest resource used for this was the preparation work I did for the DCCOR exam.  Both exams cover the same technology areas, but the DCIT is strictly on troubleshooting, instead of understanding how to use each piece.
As mentioned earlier, the only resource I could find on the exam was the Cisco training course.  Well, that’s not entirely true.  Google was more that willing to provide links to brain dump sites, and I found a set of practice tests on Udemy.  Unfortunately the tests on Udemy appear to be from the previous DCIT v6 300-180 exam, with questions on topics that are no longer in the exam objectives.  I suspect the author just took the same exam they wrote for the 300-180 and renamed it for 300-615.
I ended up purchasing the e-learning bundle from Cisco Learning Network: https://learningnetworkstore.cisco.com/on-demand-e-learning/troubleshooting-cisco-data-center-infrastructure-dcit-v7.0/ELT-DCIT-V7-023907.html mainly for the labs offered.  There are 30 guided labs included, with access to ACI, UCS, MDS, and Nexus hardware.  I found this much more useful than working with the limitations from the UCS Emulator, ACI Simulator, CML, dCloud, and DevNet.  Plus it was less expensive than looking at rack rentals, and it was cheaper and easier than searching eBay for all the hardware to build my own lab.
The video training in the course was pretty good.  Much of it was review from the DCCOR material, but that’s not a bad thing.  It helps to reinforce that learning and to use that understanding to help in the troubleshooting process.
The labs were decent.  I appreciated that they were broken out with your objective, and had a button to see the steps to work through getting the correct solution.  Often I found I took a different path to get to the answer, but I was usually able to figure it out on my own.  I would have liked to have seen more potential scenarios though.  Usually each topic area only had a few misconfigurations.  With some topics there wasn’t a lab at all.  There were no labs for anything under the Automation or Management and Operations topics.  
Within the lab you have full access to the hardware, which allows you to create your own scenarios to some extent.  One example would be EEM, a topic clearly listed in the exam topics, but there’s not a lab for it.  Since there’s not a scenario for it I tried to create my own.  It’s very difficult to build a troubleshooting problem for yourself because you likely know where the issue is when you set it up.  What I did instead was to create a scenario that I knew would not work, but then I would look at different show commands to see how it worked.  Sticking with the EEM example, here some of the questions I worked off of:
  • What happens if you create multiple events, but make a mistake in the tagging?
  • What happens if you don’t add event-default when you need it, or do add it when you don’t?
  • What happens if the event is based on CLI entries, but a user doesn’t type the full command, or uses an alias?
The idea was to work in reverse.  I know the problem, but I am learning how that problem presents.  This can be fun coming up with all the different scenarios of how something could break, and then seeing how that shows up.
The same process can be used for other areas too.  Here’s a few questions to work with on the storage side:
  • What’s the output of show flogi database or show fcns database if
    • a zoneset isn’t active?
    • a zone isn’t part of the active zoneset?
    • a port is assigned to the wrong VSAN?
    • a port mode is incorrect?
    • a WWN is incorrect in a zone config?
    • the FCoE VSAN to VLAN mapping is incorrect?
  • Using the above examples, are there other show commands that would be useful?
The more you know about how problems present themselves the easier the exam will be.  Of course, these are only a few examples what you could encounter on the exam.  The more you build out the better off you’ll be.

Exam Experience

Unfortunately Cisco has removed the simulation questions from the exams.  The TSHOOT exam was one of my favorite tests because it was heavy in the simulation side.  The sims had their share of issues, but I prefer them over the rote memorization of command syntax.  That said, the DCIT exam is the typical multiple choice type exam.  There might be some multi-select or drag-and-drop for some added flair, but no more sims.
Overall I thought the exam wasn’t bad.  Most of the questions were clear, but there were some that had me scratching my head.  I had a few questions that waded into the rote memorization world, and some that seemed very unlikely scenarios.  There were a few questions that were fairly complex, and took some work to find the right answer.
Since the exam is focused on troubleshooting I found it to be easier to work with than the DCCOR exam.    The DCCOR topic list is longer, and it includes verbs like Describe, Apply, Analyze, Implement, Evaluate, and Explain.  The DCIT had one verb, Troubleshoot.

Final Thoughts

I wish the exam had sim questions, but even without, I prefer the scenario-based questions.  I’d like to see less rote memorization and edge case questions, and more focus on things that are more realistic to face in the real world.  Given that though, I think the exam was fair.  If you have a good understanding of how these technologies work, and what happens when they are misconfigured then this exam shouldn’t be too bad.

CCNP Data Center – DCCOR 350-601 Exam Experience

Posted on by Dan Kelcher

 I recently passed the DCCOR exam, and since it’s a difficult test I thought I’d share my experience with it.

My Background

Before getting into my preparation and exam experience I’m going to provide some background about the knowledge I had coming into this.  Everyone has different skills and experiences, and that’s going to have an impact on how they prepare.  The exam is broken down to five topic domains, so I’ll use that format.

Network

I’ve worked in the IT for about 20 years, and I already have my CCNP:EN (converted from the old CCNP:RS).  The L2 and L3 topics were mostly review, but the overlay technologies were new for me.  I also came in with very little practical ACI knowledge.  I’ve worked in environments where ACI was deployed, but I wasn’t responsible for maintaining it.

Compute

This is an area I felt fairly comfortable with initially.  I’ve worked with UCS off and on for over seven years.  I’ve deployed and managed blades and rack servers, as well as multiple HyperFlex environments.  I’ve also worked a bit with Intersight.

Storage

For a relatively brief period in my career I did a lot of SAN deployments, so I was somewhat familiar with the overall storage concepts.  I stopped working with fibre channel maybe five years ago and had worked mainly with iSCSI connectivity or virtual SAN environments since then.

Automation

I have the DevNet Associate certification, so I’m at least passably familiar with automation.  However, it’s not something I do day-to-day.

Security

In IT Security is part of everything we do.  I’m well versed in the overall security concepts, but I rarely go in and deal with RBAC or similar settings.  Usually that was something where the roles were configured when a platform was deployed, and I could go months without needing to make any changes aside from adding users to the correct groups.

About the Exam

The exam topics list can be found here: https://learningnetwork.cisco.com/s/dccor-exam-topics
First off, I want to say that this exam is massive.  If you compare it to what the CCNP:RS exams were I think that can illustrate my point.  In the old 300-101 ROUTE exam 40% of the exam was on routing.  The remaining 60% was split between five categories.  The 300-115 SWITCH exam had 65% of the exam focused on L2 technologies, with the remaining 35% split between two other categories.
In contrast, the 350-601 DCCOR has 25% of the overall exam on Networking.  In that 25% it includes OSPF and BGP (covered in the previous ROUTE exam), and L2 topics like LACP, and STP.  However, the DCCOR also includes PIM, vPC, overlay protocols (OTV and VXLAN), and ACI.  Just the breadth of topics in the Network topic makes this exam feel bigger, and harder than the previous CCNP:RS.
The remaining 75% of the exam is comparatively simple.  The Network portion is 25% of the exam, but contains 10 subtopics.  The remain 3/4 of the exam is a total of 16 topics.  By topic area, I would have expected the Network portion to be closer to 40% of the exam.
The Compute portion of the exam covers the UCS servers, HyperFlex, Intersight, and general management of a compute environment.  From a topic standpoint nothing unexpected.
Moving to the Storage section of the exam it is, like the Compute section, pretty straight forward.  I will admit that I was surprised the topics didn’t mention iSCSI at all.  Aside from that the Storage is what you’d expect.  It covers how fibre channel works, zoning, NPV/NPIV, VSAN, etc.
Automation is another topic that seems easy, but can get really broad quickly.  Though the topic list doesn’t go into the details I think it’s fair to assume that when it lists things like REST API that means you will need an understanding of how an API would be used to manage any of the hardware covered in the exam.
Lastly, the Security is focused heavily on the AAA and RBAC configurations for the different technologies covered in the exam.  Additionally, there are some more specific subtopics for each technology type.
One final note on the exam topics – Cisco has a line on that exam topics page that I think is important and often overlooked by test takers “The following topics are general guidelines for the content likely to be included on the exam.” Which means that things like iSCSI could actually appear on the exam.  Even though the topic isn’t specifically called out, it is a storage networking protocol that has seen wide adoption, and that means it could appear on the exam. 

Exam Prep

I started a blog post about the resources I used for the exam here: https://www.mytechgnome.com/2021/12/ccnp-datacenter-journey-dccor-350-601.html
I started with the Cisco Press Official Certification Guide, and I think it’s an awesome resource.  Unfortunately, I struggled with reading it and I literally found this book was putting me to sleep.  (That’s more a me problem than a book problem).  I found it worked better for me to use it as a reference for specific topics instead of trying to read it cover-to-cover.  One other thing I realized early on is the DCCOR exam replaced the CCIE written exam.  I found myself questioning if the depth covered in the book was for the benefit of the DCCOR exam, or as a resource for the CCIE lab (spoiler alert – it is for the DCCOR).
When I was having difficulty getting through the book I switched to the INE material.  Their video training is great, but incomplete.  At least at the time I went through it the HyperFlex and Automation sections are listed as “Coming Soon”.  It also seems like the Storage section was just duplicated from the previous CCIE:DC training.  I thought it was very hands-on like what I’d expect when preparing for a CCIE lab, but it seemed to focus more on the configuration requirements than I would have expected would be needed for the DCCOR.
I switched over to the CBT Nuggets training to compliment what INE covered, and to fill the gaps in what INE hadn’t published.  There were a number of things covered in the CBT Nuggets material that wasn’t covered in the INE material, so I was happy I went through it as well.

Labs

Books and video training are great, and they have their place, but the fun part of learning new stuff is to actually do it!  To prepare for the exam I used a few different tools provided by Cisco.
For the Networking topics CML is nearly perfect.  With CML you can create labs to cover most of the network topics.  I created maybe ten different lab environments and built out a bunch of different configurations:
  • Switching: STP, vPC, LACP, HSRP, VRRP
  • Routing: OSPF, BGP (iBGP and eBGP), PIM
  • Overlay: OTV (CML can’t do OTV on the data plane so you can’t actually pass traffic), VXLAN
I also did combination labs.  For example, create a BGP and OSPF “provider” network, and run VXLAN over it.  Then in the “provider” environment I would enable or disable multicast and adjust the VXLAN deployment accordingly.  I would also configure anycast gateways in each network.  It’s also worth pointing out that you can enable the NX-API in CML, and run automation tools against it.  That’s a great way to practice both the automation skills as well as the networking skills.
To get hands-on with ACI I primarily used the ACI simulator.  With the simulator I was able to do a large deployment with three APICs, as well as two spine and two leaf switches.  I was able to go through and build out EPGs, contracts, domains, etc.  One thing that I found particularly cool with the ACI simulator was that I could SSH to spine and leaf switches.  This allowed me to get hands-on with the CLI of the underlying hardware.
On the Compute side, I used the UCS emulator.  This allows you to run UCS manager and create virtual UCS hardware and policies.  Like the previous tools, the UCS emulator also allows CLI access to the virtual FIs.
The storage portion of the exam was the most difficult to actually get hands-on labs for.  There are some labs available through the DevNet Sandbox and dCloud that have MDS switches, but the labs are limited in what they can do.  The good news is that comparatively the commands for storage are far less than what you need to know for other topics.
With both Automation and Security all of the above resources can be used.  DevNet also has a lot of good resources for automation.  The security side is mainly just being familiar with how accounts and roles are created and the configuration of RADIUS/TACACS connections.

Exam Experience

I took the exam remotely, which generally has been a positive experience.  There are a few of tips that I can provide for the online exam.  First would be to go through the pre-check to make sure everything works as expected.  I used a laptop with an external monitor, and I found that it defaulted to the laptop webcam (with the laptop lid closed this didn’t work), but there’s a dropdown to select the webcam so it was an easy fix.  Make sure you have good audio.  The proctors often do PC-based calls, and I found them difficult to hear using my monitor speakers.  Switching to the laptop speakers solved that problem.  Also I recommend installing the Pearson app when checking in.  I had numerous issues using the web-based tool.  It seemed like when trying to upload images they were blurry in the web app, and when I switched to the mobile app the issues were resolved.
Cisco has an NDA all test takers have to accept, so I’m going to be very vague in what I say about the actual exam.  The first thing is I will reiterate that this exam is broad.  For each topic area (ACI, Nexus, UCS, MDS, etc.) be familiar with all of the different tools used to manage them.  That means GUI, CLI, and API.  Make sure you are paying close attention to the exam topics, and you have a firm grasp on each and every topic item.
I did get some questions that seemed to be poorly worded, and a couple left me confused on what specifically was being asked.  In some cases it was just be the way that I read the question, and taking a moment then rereading it and it made more sense.  In others, it didn’t matter how many times I read it, it just didn’t make sense.
One other trend that I’ve found with exams is the tendency to find the most obscure question possible.  As engineers we have access to context sensitive help.  Preparing for the exam I watched CCIEs extensively use the “?” to find the syntax that was needed, or look for a config option in the wrong area.  I find it frustrating when on an exam there are syntax questions that are needlessly specific.  An example would be something like if something is measured in bits, kilobits, bytes, kilobytes, etc.  Another example would be if a timer is configured in seconds or milliseconds.  If these situations ever came up, I’d have access to tools without needing to memorize the plethora of commands and options.  To make matters worse, often when these questions come up they are on commands that are rarely used.  This exam is no different.  Make sure you are committing the exact syntax of commands to memory.
On my first attempt I failed, and looking at the score report I’m guessing it was close.  The passing score and received score aren’t provided anymore, but the percentage per topic is displayed. Not surprisingly, the areas I performed the worst in were Storage, Automation, and Security.  Those areas were where I had much more general knowledge initially, and it showed.  However, after having actually taken the exam I knew where I was weak, and the level of depth on the exam.  I went back and reviewed the Network and Compute topics, and spent more time digging in to the areas I needed to improve.  When I retook the exam I was able to pass the exam.

Final Thoughts

This exam is tough.  I can confidently say it’s one of the most difficult exams I’ve ever taken.  It’s a mile wide, and it can also get quite deep.  There are plenty of challenging questions that really test your knowledge.  With enough preparation and practice it is something that can be accomplished.

CCNP Datacenter Journey – DCCOR 350-601 and DCIT 300-615 – Resources

Posted on by Dan Kelcher

 

I’m working towards attaining the CCNP: Data Center certification.  I’ll be compiling a list of resources and tips that I used along the way.

Software

VMware Workstation Pro – https://store-us.vmware.com/workstation_buy_dual_new

Cisco Modeling Labs – https://learningnetworkstore.cisco.com/cisco-modeling-labs-personal/cisco-modeling-labs-personal-plus/CML-PERSONAL-PLUS.html

UCS Emulator – https://software.cisco.com/download/beta/1850014776

ACI Simulator – https://software.cisco.com/download/home/286283149/type/286283168/release/5.2(1g) (If you don’t have access to the software you can work with a Cisco SE to grant you access)

Use this command in Linux to merge the downloaded files into a single OVA to import into VMware Workstation

cat acisim-5.2-1g_part1.ova acisim-5.2-1g_part2.ova acisim-5.2-1g_part3.ova acisim-5.2-1g_part4.ova acisim-5.2-1g_part5.ova acisim-5.2-1g_part6.ova > acisim-5.2-1g.ova

Material

Cisco Press Official Cert Guide
INE CCNP:DC training course
CBT Nuggets CCNP:DC training course

Cisco ISR Project – vWAAS deployment (14 of ?)

Posted on by Dan Kelcher

(I just noticed that I forgot to publish this, so anyone reading my posts on IWAN deployment… Sorry this one’s a few years late…)

To get the WAAS deployment done there are a few prerequisites:

  • Virtual Central Manager (vCM) deployed (at HQ)
  • vWAAS appliance deployed (at HQ)
  • vWAAS appliance deployed (at branch)
  • WAN connectivity between branch and HQ

A couple things to be aware of right off the bad:

  • Default username is: admin
  • Default password is: default
  • Telnet is enabled by default, and SSH is disabled.
    • To enable SSH run these commands from a config prompt (make sure hostname and domain are set before running)
      • ssh-key-generate
      • sshd enable
    • Telnet can be disabled, however, it seems the management software 
  • When logging into the web interface if there is a prompt to select an SSL certificate, click Cancel.  That should bring up the login page.

After the OVA has been deployed you should be able to log into the appliance and it should automatically start the device configuration.  If not simply enter the ‘setup’ command.

The setup between the vCM and vWAAS is pretty similar, so I’m just going to go over the vWAAS as there are more of those.  However, the vCM does need to be configured before the vWAAS, as the vWAAS needs to connect to the vCM.

WAAS setup

The setup is text-based, and pretty straightforward.  One thing to be aware of is if the CMS service fails to start (I set up vWAAS up without setting the correct vNIC settings) you can run the command ‘cms enable’ from a config prompt.  That should force the vCM to start, or force a vWAAS appliance to register with the vCM.

After completing the setup a window will pop up with a list of commands to configure WCCP on the router.

WCCP template

To make things easier, here’s a text version of the commands:

ip wccp version 2

ip wccp 61 (optional:waas-wccp-redirect-list) 

ip wccp vrf IWAN-PRIMARY/SECONDARY 62 (optional:waas-wccp-redirect-list)  

interface (Router LAN interface(s)) 

     ip wccp 61 redirect in 

interface (Router WAN interface(s)) 

     ip wccp vrf IWAN-PRIMARY/SECONDARY 62 redirect in

interface (Router NM-WAE interface) 

     ip wccp redirect exclude in

(optional: 

  ip acces-list extended waas-wccp-redirect-list 

       acl1 

       acl2 

       …. 

       aclN 

)

One thing that isn’t covered in this default config is the ISR uses VRFs for the WAN interface(s).  For the WAN interface enter the correct VRF and then the commands should work.

Links:

WAAS: http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v611/configuration/guide/cnfg/traffic.html

Prime: http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/WAAS.html

Cisco ISR Project – ISR 4351 and UCS E-Series base config (6 of?)

Posted on by Dan Kelcher

For the base config of the router you can follow this guide: https://www.mytechgnome.com/2016/02/cisco-isr-project-isr-base-config-5-of.html

The config of the router portion is the same between the two models.  The difference comes in with the UCS E-Series server.

By default the CIMC of the blade (out-of-band management) is set to use the dedicated management port (the one labeled with a green background with an “M”) and it’s set for DHCP.  If you are running DHCP you should be able to find the record in your DHCP server.  The client name will be the model and serial of the server, so E160D-FOCXXXXXXXX for example.  If you don’t have DHCP or if you want to assign a static IP you can run these commands from a config prompt on the router:

ucse subslot 1/0

imc ip address A.B.C.D E.F.G.H

 You’ll need to replace A.B.C.D with the desired IP and E.F.G.H with the subnet mask.  As usual, remember to save the config after making changes.

You can also set up the CIMC address by booting into the CIMC manager (press F8 during boot to get to the CIMC manager) and setting it there, but I think it’s easier to just use the router CLI.

To simplify my life, I set up a management station on the same subnet as the management IPs I used on the CIMC and router management.  This way I don’t need to worry about getting routing set up yet.

You should be able to open a browser window and connect to the CIMC IP address.  First, the CIMC web interface requires Adobe Flash Player, so you may need to install/update that.

CIMC login page

The default username is: admin

The default password is: password

You will be prompted to change the password when you log in for the first time.

First things first.  Let’s get the CIMC firmware updated.  If you haven’t done this yet, go to the Cisco site and download the latest CIMC software. https://software.cisco.com/download/release.html?mdfid=286281321&flowid=&softwareid=284480160&release=3.0.2&relind=AVAILABLE&rellifecycle=&reltype=latest

When logged in click the admin tab in the left pane.

CIMC Admin

 Then select Firmware Management

CIMC Firmware Management

Now click Install CIMC Firmware through Browser Client

Firmware install

In the window that pops up browse to the firmware download and click Install.  This process will take some time, and it’s not actually installing the firmware.  It’s just getting the firmware copied and ready.  When this process is complete you will need to activate the firmware by click Activate CIMC firmware.

Activate firmware

You’ll get a popup to select the firmware version to activate.  Select the version you just installed and click Activate Firmware.  Since the server isn’t in production yet we are going to ignore the recommendation to set the maintenance mode.  When the firmware is activated it will restart the CIMC service, so remote access will be lost temporarily.

That should get the CIMC configuration done, and now an OS can be installed.

First, we need to set the boot order.  Click BIOS in the left pane on the Server tab, then select Configure Boot Order.  If there is a pop up click OK on it.

Boot order

For my deployment I am going to be installing the OS on the embedded SD card.  For that, I set the boot order to first look at the Linux Virtual CD/DVD, then Cypress (the SD card).

Set boot order

Once things are moved as needed click Apply.  To start the OS install click the KVM icon (it’s in the top bad, and it looks vaguely like a keyboard.

Start KVM

The KVM does require Java, so that may need to be installed.  Also, since it uses Java expect a series of security prompts, as well as the difficulty that can accompany.  One thing to be aware of is if it downloads a file that looks like this ‘viewer.jnlp(1.2.3.4@0@215634295136582)’ it can be renamed to remove everything in the parenthesis, as well as the parenthesis leaving just ‘viewer.jnlp’ and then you can run that.

You will likely see this pop up more than once during the install.  Just click ‘Accept this session’ and then check the box to remember the setting.  Since we are doing an install of a OS there’s nothing that needs to be encrypted.  If encryption is needed, it can be enabled on the CIMC interface, under Remote Presence.  On the Virtual KVM tab check the box the enable video encryption, and on the Virtual Media tab check the box to enable virtual media encryption.

Unencrypted Virtual Media Session

 When the session is connected, click the Virtual Media tab at the top, then Add Image on the right.

Add image

Browse to the VMware ISO and select it.  When selected, it will be listed in the window, and you will need to check the box under Mapped.  Then go back to the KVM tab and boot the server (or reboot if it is running).

The VMware install is pretty self explanatory, and I presume familiar.  If not, here’s the VMware install guide: http://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.vsphere.install.doc/GUID-6FFA928F-7F7D-4B1A-B05C-777279233A77.html

When the installation finishes the server will reboot into a two-tone page that will have the machine info, including DHCP address.  If you need to modify the network settings press ‘F2’ and then log in.

Since this is a text based configuration I won’t bother with screenshots for most of this.  In the menu select Configure Management Network.

For Network Adapters, determine what adapter will be used.  VMNIC0 and VMNIC1 are built into the UCS server, and are connected internally to the ISR.  VMNIC2 and VMNIC3 are matched to GE2 and GE3 on the server module.

After selecting the adapters then set the IP address, and make any needed DNS changes.

Once the server is online these changes can be made from the GUI as well.

Cisco ISR project – Licensing (2 of ?)

Posted on by Dan Kelcher

After the hardware has been purchased comes what might be the most difficult part of the project – sorting out Cisco licenses.

Hopefully you’re well aware of the Cisco licensing and support process.  I’ll try and make this clear as mud…

First and foremost, you need a Cisco account.  If you don’t have one you can go here: https://tools.cisco.com/IDREG/guestRegistration.do?exit_url=https%253A%252F%252Fslogin.cisco.com%252Fwaa%252FauthJump.do&locale=en_US   Your account will need to be associated with the business you work for, so this can get more complicated.  If you get stuck, contact your reseller.

For reasons beyond me, Cisco likes to send out the cardboard mailers with the PAK licenses (and EULA, and paper license, and sometimes T&Cs on a CD…).  Sort through the material you receive and find everything that lists a PAK.  Also, be careful to actually look at each piece of paper, as sometimes there are specific instructions for product access.

To register a PAK you need to go to: https://tools.cisco.com/SWIFT/LicensingUI/Quickstart

Again, you’ll need to log in with a Cisco account.  When you are logged in you will be able to register the PAK.

You should be able to follow the instructions to register the PAK.  I would suggest waiting on actually generating licenses until you are ready to use the specific product.  Some require the SN or UDI of the device the license is applied to.  It’s easier to just do that when you are ready.  So, now the PAKs should be done.

But wait, there’s more!  You still need to register your support contract.

Log into your Cisco account, and at the top of the screen click “Account” then “Customer Profile Manager”  (Note: the link at the bottom for Cisco Service Contract Center is very helpful.  It will show all the contracts and details that are linked to your account)

Under your account you can add access to your Cisco contract.  Click the “Access” tab at the top and this will list your contracts and allow you to add more by clicking the “Add Access” button.

Typically, I just use the Full Support option, as that allows me to download software and open TAC cases for the products.

The next page can be difficult.  I use a Cisco reseller, so the Bill-to ID on my orders is for my reseller.  Usually, I just open a chat session and provide the agent with my Cisco SO# (it can be found on the packing slip, in the eDelivery e-mail, or it will be listed in the licensing page when you activate a PAK).  The agent then can find the specific contract number(s) to add.

After the contracts are added you should be able to download firmware for the hardware.

Here are the links for what I downloaded:

CSR 1000V

ISR 4331

ISR 4351

Prime

Prime vNAM

vWAAS

It seems that vCM OVA isn’t downloadable, but media for that should be sent with the PAK.  The vCM can be upgraded by using the “Universal Binary Image” which can be downloaded from the WAAS software location

LiveAction

VMware vSphere

Cisco USB console driver Not needed, but it’s nice to have the USB console driver

Cisco ISR project – IWAN, WAAS, UCS-E, Prime, and more (1 of ?)

Posted on by Dan Kelcher

This is the start of a series of posts about my adventures in getting a Cisco IWAN project deployed.

To start with, the new gear order was as follows:

  • HQ
    • Two Cisco ISR 4331 routers (Cisco ONE for WAN license)
      • One to terminate MPLS and one for Internet
    • Two CSR 1000V routers in an HA pair
    • Cisco WAAS virtual central manager (vCM)
    • Cisco WAAS virtual application engine (AE)
    • Cisco Prime VM
    • Cisco virtual network analysis module (vNAM)
    • LiveAction Pro
  • Site 1 (MPLS only)
    • Cisco ISR 4351 (Cisco ONE for WAN license)
    • UCS E-160D-M2 server
      • 64GB RAM
      • 3x 900GB drives in RAID 5
  • Site 2 (Dual connected)
    • Two Cisco ISR 4351 (Cisco ONE for WAN license)
    • Two UCS E-160D-M2 servers
      • 64GB RAM
      • 3x 900GB drives in RAID 5
  • Site 3 (VPN Only)
    • Cisco ISR 4351 (Cisco ONE for WAN license)
    • UCS E-160D-M2 server
      • 64GB RAM
      • 3x 900GB drives in RAID 5

For the remote sites, this will completely replace any routers, firewalls, servers, and/or WAN accelerators deployed.  From the HQ side this will augment the existing environment, as the current hardware still needs to support sites that aren’t migrating to the ISR solution yet.

IWAN topology

There were a few iterations of the design process.  I would recommend working with your Cisco partner to figure out what the best design would be for your environment