Tech Support Thursday - Ticket 23

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

how's it going everybody i want to first first of all wish everybody a happy thanksgiving i know it's friday i'm recording this on friday um so it's technically black friday um yesterday i took the normally i record these on thursday mid morning afternoon and then post them but uh yesterday was thanksgiving i had an awesome thanksgiving we smoked a couple of turkeys on my traeger pellet grill and we had family over we hosted thanksgiving at our house which we do pretty much every year it's it just works out that way good stuff had a lot of family over played some games hung out with the family all that good stuff so uh hopefully you guys had a for those of you that celebrate thanksgiving i hope you guys have a had a good thanksgiving and stuff like that so um this is going to be episode i should say ticket episode uh ticket 23 for tech support thursday so being recorded on friday on black friday so i just got up a little bit ago had a good night we're gonna go ahead and dive into it we're going to start off some questions that were posted on tst22 and go from there actually these are just comments so thanks for the content so um this question comes from how to set up cisco sd-wan in ebng how do you obtain cisco or i'm sorry viptela software pack does cisco offer some kind of free limited functionality type of license so we can have them in lab and study or so i happen to i don't think they let you download a the software unless you've got um a support account associated so like a contract tied to your cco account um so that's how i got it because the company that i was working for at the time we were deploying sd-wan for a couple of clients so they associated it to me so i'd be able to download the software and get everything working so that's how i was able to get a hold of it so you don't need so the version of sd-wan software that i was running at the time was 18.4 because that's the version that the cca enterprise lab exam would test you on is 18.4 and as far as i know that is the same version of code that the sd-wan book was written on i could be wrong on that but that's i think that's the same version of code that the book was written against um so there's that piece sorry i was interrupted by some family they decided they want to come in and say hi so um where was i at so the uh based out the license so there's no license needed to run sd-wan so 18.4 code i downloaded it and i was able to get it working inside of eve and deploy it and that worked so what ended up basically the v edges the actual viptela original software so the vmanage the v bond the v smart and the v edges they all work out of the gate no problem there's no license needed to run any of the features anything that you would do externally for example if you're going to connect to aws or azure or do anything like that where you're going to be deploying a either controller or a v edge in the cloud that that would more than likely need some sort of licensing or um something like that it's just my guess i've never deployed it there so i'm like it's easier to say i'm guessing on that than to say for sure because i honestly don't know so um but to run just the v-ed to the software on its own not the csr 1000v that can support sd-wan that one does require um a software activation on cisco's website and free to download the viptela file and all that type of stuff in order for the activation to come through but you can if you follow the the series that i put together i walk you step by step through how that process works and how to register the devices manually inside of the manage to get them online create all the templates to push them down to the devices and all that type of stuff so there's that beyond that i wouldn't know anything about the csr 1000v deployment because i've only watched some videos on it read some documentation i never actually did it um so i really couldn't give you specifics as to how that actually works but no license is needed on 18.4 code but if you're working on 19 or 20 and i don't know if there's anything newer than that um i don't know i had problems running 20 code and i had problems running 19 code with the methodology that i was using to get everything working i stayed with 18.4 because that was the version of code that anybody that's sitting for cc iei would end up having to use so i use the same version of code and did a lot of testing on the stuff that you would have to more than likely get working in the lab i covered most things there's a few things that i didn't touch on but there's documentation to help back that up uh ticket 22 i was wondering how you go about design building your lab topologies for example do you have a pretty good idea of how you want to build it before you actually set up the evg lab do you do you use real world examples like from a previous project or do you build them specifically for learning the specific technology such as sd-wan the truth of it is that i will probably build the labs that you see probably a dozen times because as i'm going through i will build a [Music] an initial lab out of the gate and then what i'll do is i'm going through something will some information will come to light during the training where i'll be like okay now we're going to test out this feature or this capability and or in this particular design use case and i will have to make an adjustment to my topology in order to make that whatever that thing is work so oftentimes when you see a topology that i've put out in a youtube video that's more than likely probably the sixth if not more time that i've built that lab so you're getting the lab that i publish and put out on youtube and then if you're a member of the channel and download or you know subscribe become a member of the channel and then download the uh the files that i've uploaded to the member site those topologies and whatever comes with it are the basically the fruits of my labor it's all the testing and validation and stuff like that you're getting the final product right you're not having to sit there go through version one version two version three so oftentimes i will i'll put in the time and effort needed because i'm still learning how how it'll work and i feel like i'm pretty good at learning new things so i will spend the time and effort to rip down a topology rebuild it get it up and running and get it operational and then run through all the things that need to be in place in order for me to fully test out that solution and i'll do that multiple times because number one the more times i go through it the better the more comfortable i get with it and the more uh the better i get at it it's basically what it comes down to is just repetition so yes i do spend quite a bit of time going through rebuilding labs and i do that because the more times i build it the more thorough i become and that's really what it comes down to i don't um it is very unless i am already really well versed with the particular feature or technology vertical that i'm working with whether it's sd-wan or for example learning cisco aci or learning vxlan in depth like i've taken vxland at pretty much as far as you can take it to what's supported today i'm just there's gonna be some new features that come out newer versions of code but essentially that's what i have i've come with all the stuff that i've done with the vxlan that's the type of stuff that i deal with i will rebuild apologies and play with different variations of it and yes i do take real world projects that i've worked on i tried to integrate them and i'll come up with you know a a project will drop in my lap and then i will be tasked with getting it working and i usually will bring that into a lab and i'll get i'll build a lab to mimic as close as i can to the customer's environment so that i eliminate any variables and if i need to make adjustments on the fly they're usually small adjustments whatever that might look like so something is usually going to be something i'm already familiar with whether it's setting up a connection from that device that it's a new particular feature is getting enabled on say for example vxlan is getting enabled on the box but we need to set up a connection to this device okay well i'm going to be able to fall back on my route switch knowledge of how to get that connectivity in place so i don't have to go like relearn ospf in order to do that so there's that piece one second sorry about that my dog wanted to go outside so yeah that's basically what i end up doing so i'll rebuild the lab i'll go through the technology and get it working so that and so sometimes i get in the first couple times other times i need to go back through it a few times um now for example i am currently studying and this is because a couple of customer projects have come my way where i've had to go learn yes i am currently actively learning i know i'm kind of redundant statement aci and i've actually had a lot of fun learning it and i've gone through quite a bit of training over the past couple weeks on it to get a better grasp of how it works i understood it at a high level like the hundred thousand foot view but now that i'm diving into the weeds and having to understand how it all works between ine between kbits.live so core but lab minutes um i've got o'reilly media so i have a subscription to safari o'reilly i happen to work with this gentleman right here the the author of the book that guy right there amar amadi i'll give him a shout out he wrote the book um as a matter of fact back in june when i started my new job the i had the ability to go work with him for a week down in nashville to deploy aci for a client so i learned a lot about aci working with him and [Music] it's actually a signed copy of the book i've got one of the few that he he signed and so it's kind of cool working with the guy that wrote the book and there's also a video series that he put out on how aci works so there's multiple levels of content that i'm going through right now to learn aci so i'm becoming more and more familiar with how it operates the drawback to learning aci is number one is it's hardware dependent now i do happen to have and normally i don't do this in a tech support thursday but i'm just gonna i'm gonna make an exception because i'm trying to show you what i've got going on here in just one second here while i bring this over i am currently go ahead and share my screen i currently have the aci simulator 5.2.1 deployed now this is a virtual machine running inside of esxi that it's kind of a beast it's 16 16 cpu 64 gigs of ram for a two spine two leaf deployment you have two spines two leaf switches and one apec i have only done the fabric discovery so i'll go ahead and i'll take just a moment to show you what i'm talking about just to show you where i'm at it's actually kind of cool once you start playing with it and the answer to i know there's going to be the question of well are you going to do any training on aci i i more than likely will but the problem with doing any type of aci training is that there's a lot to it so if we go over here to fabric and i show you the topology this is basically what i'm working with let me go to click on actually topology so this is the topology that i've got built so far it's nothing impressive because it's small if i go over here to fabric membership i have two leafs and two spines and everything's working the way it would expect to i have not done anything beyond that i haven't done anything with instead of the fabric access policies to build any of the interface policies i'm like right now i am literally just learning how the aci object workflow works and just going through the initial video series to understand how it all operates i mean i've taken a lot of notes on it but i'm right now i'm just watching videos learning how aci works as a whole system and then as i start to understand it better i will take it further and further and further now i would love to be able to go out and buy a single spine switch two leaf switches in an apec or maybe convert one of my other esxi hoses to c220 and convert it to an apic and um and then join it to the fabric and then build up my own aci lab i would love to do that i'm not saying that i won't be able to but as it sits right now i really don't have um it's expensive i'm guessing it's gonna be a couple thousand dollars to go build an aci lab but um i don't know how far i want to take it just to pass an exam or to basically be able to get something working in a customer's environment i don't know how far i need to take it because i haven't been far enough down that path but going back to your original question if i did have the uh if this was something i could run inside of eve i 100 would and i would do it in a heartbeat because then that would give me a lot of latitude to play with aci and understand how it all works um i one thing that i was tempting to do and just uh not that i was trying to hide it or anything like that but it's just a thought process that i had was to get and i think you can i think it shows up inside of eve let me go ahead and pull this up real quick um where's the other 105 yeah this one let me go ahead and log into this server real quick and i want this is that 70. okay so let me go ahead and show you what i'm talking about here so if you were to look here this is one of the vxlan fabrics that i'm currently working through for a client i'm going to get out of the way it's a rather involved design this is a combination of um single fabric let me go ahead and flip this over to dark mode uh single fabric um multi-fabric multi-pod and then multi-site it's a it's a big deployment because the customer that i'm working with has a rather large investment but if you look right here in node if you come down here you see cisco application policy infrastructure i am going to go on a limb and say that this means apec the application policy infrastructure controller which is what apex stands for it's application policy infrastructure controller so i'm going to assume that you can get this working inside of eve and then one of the other thoughts that i had was to download i actually already have it downloaded was downloaded the aci software for the 9300 series switch and then go ahead and download it to the nexus switch and then run the command to convert it from nexus mode to aci mode and try it with that that was something i was kicking around the idea to do i somehow just never got to it but that's kind of where i'm at with that so because then i'd be able to test it out if it would work great if it doesn't i'll find out soon but that's just one of those things where i'm like i wonder if that would work because like i said because the fact that cisco aci is so difficult because it's all hardware specific right it's hard to lab that up unless you have a dedicated lab to work with but um that's one of the things i'm like well that'd be cool to play with but that's some of the other stuff that i'm operating with and i do leverage previous project experience to build my labs sometimes the labs that i show you are come directly from a customer deployment other times whether it's all sanitized and i just talk about what it is that we did or i come up with a scenario and then i walk you guys through it both solutions basically apply but i typically like to go over the technology over and over and over again because practice practice makes permanent right the more times you cover it and i am a i'm pretty detail-oriented in my lab my note-taking so that i know what to click where to click and right now that's basically what i'm doing with aci i'm learning the theory i'm learning the logic workflows i'm learning the uh the gui clicks and where to type where to do that because anybody that's ever learned how to work with inside of a gui you have to understand the click through process i find anything where you're configuring something via the cli so much easier because then you can just literally just type out the commands and then the level of the command level at the command level you're typing them in at and you can or what subconfig mode you're in and it makes it so much easier that's why the ccie especially like enterprise and enterprise infrastructure service provider they're typically and a good portion of security is easy because you're literally just understanding how the particular technology works and then you just need to know what the cli can syntax is in order to implement features so it makes it really easy to uh to get working and that stuff is virtualizable right so i can run it and eve not everything can be run in eve unfortunately um so i was actually kicking around the idea of converting one of my cisco servers over to an apec and then buying a spine and two leaf switches and testing out aci that way and seeing exactly how it would work is i have routers that i can connect to it i can create a vpc through it i can create a port channel all that type of stuff and just learn learn it that way and like i said i'm thinking between 1500 and 2000 to get an aci lab and that to me would be it'd be worth it because it'd be a legit deployment and stuff like that but i'm going to take the aci simulator that i've got and i'm going to work through how it works you know go through and go through all the clickety click stuff and understand how endpoint groups are made and doing you know contracts and all that type of stuff just so that i understand the workflow because i am working with aci in production to as of today or in the recent past so i've got to be that's another area that i want to become strong in um and then eventually take the aci exam that's my goal in the next couple months probably after the first of the year is when i'm gonna probably take it if i can get it i don't think i'll be able to get it done before the end of the year um but i'll definitely be trying for it sometime after the in 2022 get that exam knocked out and then um i want to take data center core so that'll take another few months after that which will make the aci section of the data center core exam easier to go through because i've already gone through it and then focus on getting through that so that i can knock out my np and data center and you never know maybe go after my data center ie you never know um cisco data center nexus 9000v vxlan 12 vpc and vxlan with ebgp l2vp and ebpm cisco support evpn esi multihoming so what this person is referring to is the ethernet segment identifier or the esi which basically is the same thing as a vpc vpc and esi are very similar i'm not going to get really into the neat potatoes of it but essentially vpc is the cisco specific way of doing it esi is the open standards version but it is supported so pardon the dog in the background he's feels like he needs to bark out the window all right next question is new dell ra 10 server review thanks rob really informative and what you said about real world labs is dead on please let us know how you fare with even g on the new server oh yeah sure so um pretty good so far i've got three instances of eve running on it currently and i'm sitting at where am i sitting at i'm sitting at about 40 gigahertz of cpu which is about 40 percent of the the host and about 130 gigs of ram but are basically about 50 percent c ram utilization on the host right now um not a lot going on there i did so i did try running dna center in it i tried downloading the the controller i did download the controller it was a 30 gig file by the way ridiculously large and i would need to i want to try to see if i can't get that to work and go through some dna center because something i've always wanted to play with so it's working out pretty well uh no complaints yet um so yeah we'll i'll let you know how that how that fares cisco ftd basics one configuring interfaces on ftd via fmc the uh fire power threat defense via the firepower management controller what is a cli command to no shut the inter ether interface is on ftd okay there is no command to do that uh the cli commands on an std box are not there for configuration they're simply there for verification and as many times as i play with ftd which is quite a bit i've had to deploy it in the past is you when you're configuring ftd and you've got it in um through a controller you point it to an fmc and you're not using the the local management which which you can you can manage the devices locally if you wanted to that is um referred to as the local manager um you can do that but you don't go in on an ftd box that is um this isn't an asa running firepower as a service right uh you're running which is you down so there's a difference where a firepower as a service is an ips sensor software that you download to the asa and then you configure your global policy map to what they uh what is that the um i forget the the class default i had to think about that for a second the class default class you call a you set a variable in there to point to your firepower module so any traffic that passes through the asa will have to get kicked from the lina engine up to the firepower engine and then go through all the firepower processes and then once it goes through all the firepower processes it gets kicked back to lena and then lina being the forwarding engine of the asa and then it gets pushed out to the outside interface so or the egress interface i should say so in that particular case firepower is a service so then and only then would you be able to shut no shut interfaces on an asa via the cli on an ftd box you don't do that on an ftd box if you want to disable an interface you need to go to the ftd box itself through the management and and the device management and select the interface and disable it there's an actual checkbox that you can go and disable the interface and it effectively shuts it down and but then you got to go through these seven steps of committing it and then pushing the config down to the ftd box of the interface can get shut down so that's how you do that it's not as straightforward the palo alto is weird too and how they want to do it it's like they don't want you to shut down their interfaces but that's how you do that on ticket22 hi rob thanks for your videos question work sent me an ice to an ice course because we use it and planning to take the exam to renew my ccnp my plan is to complete np security by also taking the score even though we don't touch any firewalls at work do you think this would be a good plan forward planning to use even g and do labs with asa and firepower firewall etc many thanks for the advice so yes and no my opinion on that is kind of goes back to what i was talking about with aci um actually i take that back it's it's one of those things where if you don't touch firewalls that doesn't mean it wouldn't be good experience right because if you're dealing with ice um there are ice does a lot of different things ice or isc the identity identity services engine does a lot of things it allows you to do network access control so you know if you've got a switch port enabled for network access you can control what device connects to that particular port and how they connect to that port can you do mac authentication bypass do you do 80.1x uh through you know a machine learning and user authentication with a certificate or username and password with md5 and all that type of stuff there's a lot of really cool stuff that you can do with ice i played around with ice quite a bit and it's actually a pretty cool feature but um i wouldn't say even though you don't touch any firewalls that's i mean i don't touch firewalls at all either but it's still something that if i wanted to like once i get my np and data center well over the next i'd say probably four or five months then i'll have an np and enterprise an npn service provider an mp and data center and then my next one would be more than likely to go get security and [Music] because that would be the one thing that would make the most sense because even though a lot of our customers are palo they have got palo altos deployed palo paulo's a great firewall i would still need to go through and for customers that deal with firepower or have old asas and stuff like that i'd still need to know how to work with them so you're still going to need to know how to go on to the asa and if you're using tacacs for authentication you're still going to need to configure the asa to point to ice for tacacs if you're going to do any type of proxying you know you want to like if you have users whether it's ftd or it's asa regardless of what you're going to do hitting your uh your firewall doing any connect as remote access you're going to want to pump that to ice to for authentication through like ad backed group policy so even though you don't touch asas the the the knowledge you'll gain from knowing how to do all that type of stuff and pushing yourself through areas that you don't know you're going to be that much better off so that in the event that you do need to touch a firewall you're going to you're going to be in good shape so i've never looked at it as what is the scope of my work and what is it that i do and do not touch i've never looked at it that way because that's like um it's like if you play baseball i played baseball all my life since i was like five or six years old i've played baseball forever if i there's one game i know how to play the best it's gonna be baseball and one of the things that i learned about baseball growing up from the time i was six until the time i was i don't know 13 14 years old was that you can be an all-around good player which i was all considered an all-around good player i could play the outfield i could play the infield i could play pitcher i could play catcher i was never great at pitching or catching i could get the job done um but it's one of those things where if you don't if you suck at i don't know hitting let's say you're you're not known for you don't have a high on base percentage or you don't have a high rbi um so on-base percentage means how often out of every time you bat do you actually get a hit and actually get on first second and third base um an rbi is a run batted in how often are you the batter and there is one of your teammates is on one of the one of the bases for second or third and you hit the ball you get a base hit or maybe it's a pop fly and then you got somebody on third but the pop fly was deep enough in the outfield where by the time that the the the fielder gets the ball it's going to take longer for them to throw the ball into home plate then they would to the runner to get to home plate um so you have to kind of play that game of what's better but if you if you suck at an area right and you're like i don't really need to worry about that i was one of those type of people that even though i was never really good at i was never great in one area i was good in all areas like i could play the outfield i could play short shortstop was actually my favorite position there's a lot of action at shortstop uh besides catcher and pitcher which you're throwing the ball all day long and after a while your arm gets tired but um even though you don't touch firewalls knowing how to work with them is a great capability and i've never been i've never looked at my job as or what i learned how it's going to affect my job like you know i don't need to learn firewalls because i never touched them okay because i was at that person early on in my career because i didn't know what i needed to know so i started learning everything there's been there was a few times early on in my career and this happens to everybody where i was put in a position uh one time it was my manager put me in the position he's like okay you're gonna handle this because this is you know when you this is your job this is you can troubleshoot it if you can't figure it out you can always escalate to somebody that might know and then i've volunteered for times where it's like you know i'll i'll take that um i'll see if i can't figure it out and um so i've never looked at i don't need to learn something because i'll never use it right like i don't need to learn firewalls and i'm not saying this is your your take on it i'm just saying that um you're looking for my input so i've always looked at it as the more i know even if it's only just the basics of a particular platform that's at least somewhere to start from right um same thing with collaboration i've got i've got a phone sitting to my right here i've got some phones sitting over here to my left i was at some point interested in getting my n p and collaboration and to get the phones working because i think making phones work and being able to call people that's a cool feature you know i've got a video call video conferencing built in my house where i can you know my wife can be in the living room and she wants to talk to me but i'm up here she can hit the button call me on my phone we can have a conversation so a lot of really cool stuff that you can do technology is awesome that's why i'm all about that so um so yeah you can i would recommend learning the firewall if you're planning on taking score you're gonna need to know at least the basics of all the platforms so know them as well as you can and i wouldn't say learn them to the ccie level necessarily but be comfortable in all the major features you know firewall vpn remote access because on the asa you can do it all if you've got the right asa code firepower you need a license in order to do remote access bpm but a lot of the other features work so look at it that way that's how that's what i would say look at it as learning everything in the vertical you can because the more you know the better the easier your job is going to be that's how i've always looked at it thanks rob i have a question i saw some configuration where on isr 4k they use port channel dot vlan id could you please explain what's the difference between this and router on a stick method the exact same thing the only difference between the two is the only physical difference between the two is if you have a single interface a gigabit interface that's got a there's been no shut or it's been enabled it's been powered on and then you create a says gig zero zero right gig zero zero then you create gig zero zero dot 10 for vlan 10. you get the encapsulation.1 q10 the ip address at 10 110 1 24 you go about your business that's a single interface a poor channel is just going to be two physical interfaces bundled together right remember interfaces you're gonna go to the port channel level and then you're going to do that the logic is the exact same the only difference between the two is how many interfaces how many physical interfaces you're joining to the router on a stick feature with a physical interface you're joining one with a four channel you're joining two other than that they're the exact same thing i've done this quite a few times in production it's something that i would definitely recommend if you have the ability of doing to do it uh how the dod department of defense determines how i t systems are secured i like to add gp update space forward slash force space forward slash weight colon zero space forward slash boot so that it doesn't wait to pull the updates and reboot if an update requires one never heard of the extra switches for the uh gp update space four slash result command trying that when i get back to work a html page question mark wow so this is going back to a uh subscriber of the channel for quite some time uh also a military vet and uh he i was talking about security for something i forget what specifically it was and he commented on doing a a stig which is a stigma system is the process at which the department of the defense defines how systems that are up owned and operated by the government are secured so you can i for and i forget what stig stands for it's secure technology implementation or something like that it's it's an interesting capability and there's an entire process for that and people that do this for a living they have a much harder job than i do that's all i'll say to that security vpn ip2 dmvpn1 dm a phase one with ip6 profile awesome video rob you are welcome um cisco data center nexus 9000v um vxlan knight uh ebpn multi-site i noticed that you didn't use anycast vtep in this video i can't seem to get it to work with any cast vtep i'm going to try just normal vpc with vxlan and see if i can get it to replicate okay so you're not going to be able to so any cast b tap and in case anybody doesn't know what this means when it comes to vxlan if you have a vpc pair and you've got two switches that are in the vpc pier and you want them to also run vxlam you need to configure whatever interface is being you being called as the source underneath the vtep that let's say it's loopback zero the loopback zero interface you need to go underneath that and configure a secondary ip address so let's say for example you've got a net uh pier one is ten zero zero zero one period two is ten 10.0.0.2 24. right they're both 24s um or their their host ips into 24. you would need to go down to the loopback and create a secondary address on each device so on on you know pier 1 and pier two and let's say you were to give it dot 12 for pier one and pier two so 10.0.0.12 24 and then add in the secondaries command in order to be a secondary ip and do the exact same thing for um the other switch underneath the loopback and by doing that you will provide a secondary address that will appease the or it'll satisfy the vpc pier tied to a vxlan vtep and then that'll get that working i didn't use um any caspe tept i used um for to terminate my border gateways is what they're specific specifically referring to and um in this topology here i will because i would have a vxlan vtep capability available on the the 9ks on the the the border gateways these are effectively going to be my border gateways up here i've got two of them and as you can see right here they line up go ahead and adjust this one real quick too that one i hate it when the uh the lines get crossed but uh bottom line is that when you run run this then you'd be able to run a vpc pier with 7k 8 and 7k or 9k7 and 9k8 and be able to do that type of stuff or do multi-homing with bgp or whatever you're going to do so that's basically what they're referring to so you nee you won't if you're going to do a vpc pier and use vxlan you have to use anycast now the anycast address is going to be the secondary ip address that sits on both devices and if traffic comes in on pier one from a remote vtep then it should just go it could be received inbound and then be forwarded down the member port down to the switch or the end point you're trying to connect to it so you're going to need any cast in order for if you're supposed to be using a vpc with vxlan you need any cast in order for that to work so let's see here what's the next one ticket 22 hello rob have a couple of questions regarding ccie and server spec one based on your previous videos where you counted computing power of processors technically an i9 12 900 k with 16 cores should at least be able to run one la one big lab and even g question mark or maybe there is a better option if we look at the core price expense in our uh no he's doing a compare contrast scenario two do that kind of pc i mentioned above will fulfill all cca labs needs sd-wan automation how do you practice at the dna center is there a virtual appliance okay so this is going to be a loaded response but uh hopefully i can knock it down pretty quick so the first part of your question is based on your videos where you accounted compute power technically an i9 12 900 k with 16 cores should be at least to run one big lab and even g pardon me i was not expecting that um yes it should so it should be able to run that without any problems as long as you can turn on intel vtx on it uh because it's an i9 as long as you've got that turned on which should be enabled in the bios out of the gate um it should be able to run it just fine sure um so what i meant by the core count is there are purpose-built cpus out there for doing server level workloads the xeon processor is one of them i happen to have the latest and greatest proc that i have what is this thing oh it's uh it's an e748 and change i think version version two actually let me go ahead and just log into it real quick since i'm right here pardon me real quick here folks let me go ahead and log into it and see what it actually is because i honestly don't remember off top of my head yeah it's an e740 870 a version one at 2.4 gigahertz which gives me a total of 96 gigahertz of cpu so that's what i mean by server workload server level workload is the cpu is purpose built for high compute or high compute scenarios eve would be a high compute scenario because you're running a lot of stuff inside of it two what kind of pc does that uh that kind of pc i mentioned above will fulfill cc all cca lab needs it should fulfill most of them um unless you're running a ridiculously large lab i don't see you running into any problems to be honest with you sd-wan should work automation should work as dna center there is a software appliance for it out i just downloaded 2.2.3 2.2.2 something like that it's a 29 gig file the thing is a freaking monster um there is a virtual appliance that you can download and it will run inside of the esxi um i did go through and boot it but i wasn't able to give it the full capability and i think there was a problem with installing it i don't know if i didn't do it right i didn't really follow the install guide i just kind of winged it i just gave it 64 i gave it what did i give it 44 cpus and 64 gigs of ram yeah i mean it's it's a beast right i mean if you don't have 44 cpus on your server uh the the dell that i bought has 96 or i'm sorry 80 cpu so i gave it basically half the server and it's harder to boot and i booted it like two in the afternoon after i got the software downloaded and uploaded to the store uh to my storage appliance so that it was local to the box um once i did that i powered it on and just let it start going through its process gave it some initial ip address information and let it go about its day 12 hours later at 2 in the morning it was still going through its install process 12 hours later so i'm thinking a day install maybe i don't really know um i don't know how unless you have a bv server and you've got the ability of downloading or if you've got cat 9k switches that can support dna center implement integration i don't know how you're going to demo that my goal is once i get dna center up and running to to look at things like assurance and stuff like that and actually look at the uh the cool whiz bang wow stuff is to deploy some newer versions of the csr 1000v and see if i can't get them to join like the 16.x version of code get them to deploy them see if i can't get them to join dna center and then use dna center to manage the router that's my goal i don't know if that's gonna work or not but you know what you never know um security topology overview and what's what's to come oh so this is a long oh this video i recorded a long time ago uh thanks a lot for your content and your channel deserves at least 10 million subscribers well hey i really appreciate that please if you don't mind try to record a wireless course because it's also an important topic all the best yeah the problem so yeah i've considered that i've actually got um is it up there it is let me go ahead and just pull this off real quick if you look right here so this is my rack it sits in my office so if you look underneath a little bobble head you got the little device right there that is a um i think that's my wireless controller actually let me let me go check real quick because i honestly don't remember is this the wheel scene yes this is a cisco 2504 wireless controller it's the same form factor as the cisco asa 5505 and the 5506 x so this is what you're going to want there's the 2504 wirel wilsi and it has a and it's important that you get um when i bought this off of ebay i think i spent 150 or 200 on it make sure you get one that has a uh what do i get five ap license for it in order for you to actually run the ap or the license on it i you do bring up a very good point um it's something i wanted to go do but i don't do any wireless so at some point in the future that's another uh when it goes on the ccmp enterprise track that's another switch that direction and to go learn how this stuff works um to learn how the 2504 i know it's an older controller but still the point being is to um to do that that's my that's that's my goal and i did buy a couple of access points that were compatible with it but for some reason they just they weren't working but um since there is since you do have interest in learning that maybe i go through and um play around with it maybe i don't know i'll have to see the problem with wireless though is that it's a it's physical you can't replicate that in in a lab um an even g lab which is normally where i would go with this um the the virtual will see that you can download will only support flex connect mode which means that the there is no cap wap tunnel that is built to handle traffic from the access point to the controller so there's this cap web tunnel that's used to handle the data plane so on a actual physical wireless controller i call them a wheel c because that's what the wireless light controller on a physical we'll see there's actually a logical tunnel that's built from the controller to the access point so traffic from the is learned by the access point and received by the ap you know you're converting wi-fi to physical media it's actually tunneled back to the controller and from the controller it's sent northbound to the switch to your distribution system so the reason why that's done is so that it's the central point of connectivity on the virtual we'll see you run in flex connect mode flex connect mode means that the switch i'm sorry the there is no tunnel built between the access point and the um the ap because the will the virtual will see doesn't support that and if you want a if you don't want your traffic so for example when would you not want to do a ap to controller tunnel in the event that you've got an ap that's being managed by the wheel c at a remote site that's got to travel over the lan you wouldn't want to have that traffic come over the land from the remote site to your wheelchair then go back that'd be a lot of tromboning and a lot of wasted bandwidth especially with internet traffic locally at that site he would use flex connect at the remote site and have that traffic come in on the ap and get switched on to the physical media and use the local network in order to get to where it's got to go so that's where just the basics of the wireless that i do know that's where that would come into play so maybe i uh maybe i get that up and running and join an access point to it and just see how it plays out because i do have the ability of doing that there's actually i i'm sorry i'm moving this this is my this is what i'm looking at when i'm looking at the camera i don't actually look directly in the camera so if you look well sometimes i do but if you look it's right above it so it looks like i'm looking at the camera or close to it even though i'm looking at the camera now i'm looking at daffy right above it so it's pretty close but it gives me something to focus on when i'm talking or the general area but if we look right here i have my if you look there's uh right in the middle there you got the router let me try to so you've got the router right there uh above that is two 2950 switches there's actually a laptop sitting in between the the tooth 2950s and then that's a 3550 poe switch and then on top of that i've got i've got a little 3560 i've got a what is that those are that's another 2504 controller that herbs are an 8 port switch that i bought i forgot what that is um but then i've got two access points above it and then at the very top is my other ap my other wireless controller i'm gonna i should get it up and running and then run a connection down to the 3550 and that would be my poe switch in order to give power to my access points and start playing with wireless so i could technically run wireless in the office and play with it my goal was to do that but you know how plans sometimes change so anyway there's that piece uh sd-wan one welcome to next-gen networking anyone recommend what resources used to pass their sd-wan cisco search exam books videos courses i mean i've had a lot of people watch my 33 videos i think on sd-wan and uh [Music] it i i never will say that my content solely has been the reason why they passed their exam but it was a contributing factor so i know some people know of the content i know there are people that have never seen it and they do they still pass and they do well but um i definitely say that the sd-wan course that i put out is actually pretty good so that's just my take on it but then again i think a lot of the content that i put out is pretty good um but then again content the quality may not be the greatest but you know what it's free so take that for what it is i um i i do anyway um i know this one took a little bit longer than normal but that's okay um i wanted to thank everybody for stopping by and hanging out and until next time you guys have an awesome holiday season be safe out there don't do anything that i wouldn't do i usually play it safe um enjoy family enjoy friends keep studying and uh yeah that's all i've got to say i will see all of you guys next week

Info

Channel: Rob Riker's Tech Channel

Views: 330

Rating: undefined out of 5

Keywords:

Id: Mdo9YR6nLpw

Channel Id: undefined

Length: 53min 53sec (3233 seconds)

Published: Sat Nov 27 2021