Using FreeRADIUS with Cisco Devices

Even though I am the only administrator for the devices in my lab and home network, I thought it would be nice to have some form of centralized authentication, authorization and accounting for these devices. However, I quickly realized that using a dedicated appliance such as Cisco ACS or ISE would mean adding another always-on VM to my lab environment. I wasn’t quite ready to start wasting my lab resources on a basic function like AAA. So instead of using a dedicated appliance, I decide to implement FreeRADIUS on the Ubuntu Linux server that I use for DNS, DHCP, syslog, and other network services in my lab.

Although, TACACS+ is usually the protocol of choice for Cisco AAA, my requirements are simple enough that RADIUS will work just as well. And since FreeRADIUS is included in the standard Ubuntu repositories this should be very easy to install. Continue reading

OTV and LISP on the CSR 1000v

OTV and LISP are two interesting new data center technologies that are worth examining when you are studying for a Cisco Data Center certification, such as CCNP or CCIE Data Center. Unfortunately, not everybody can afford a couple of Nexus 7000s to play with. As an instructor for Fast Lane I regularly have access to Nexus based labs, but I still thought that it would be nice to have a lab setup of my own to experiment with. Fortunately, there is now a very nice way to get some hands-on experience with these protocols through the Cisco Cloud Services Router (CSR) 1000v, which I blogged about earlier.

The CSR 1000v is based on the same IOS XE code that runs on the ASR 1000, which supports both OTV and LISP. So I decided to try to build a lab to test VM mobility using OTV and LISP in my home lab using a number of CSR 1000v instances. Continue reading

CSR 1000v First Impressions

At Cisco Live London I attended a very interesting session about the Cisco Cloud Services Router by Anurag Gurtu (BRKVIR-2016 – Cisco’s Cloud Services Router (CSR 1000v): Extending the Enterprise Network to the Cloud).

The CSR 1000v, which was announced last summer at Cisco Live San Diego, is a router in a VM form-factor, based on the Cisco ASR 1000 platform. It runs a modified version of the same IOS XE software that also runs on the physical ASR routers and has a very similar feature set. Ultimately, it will allow enterprises to run their workloads in a cloud infrastructure and then connect those VMs to their own network based on familiar WAN technologies, using the same CLI that they also use on their physical Cisco routers. In addition, the CSR will support a number of APIs to allow automated provisioning of CSR instances in a cloud infrastructure.

During the Data Center Security Techtorial that I attended on Monday, I had already had a sneak preview of the software running in VMware on the presenter’s laptop. Since the CSR has not officially been released yet, this was a beta version, but as far as I could see it was fully functional. Anurag also had a couple of screenshots of the software in his presentation and he was kind enough to offer the session attendees access to the software if they wanted to evaluate it by themselves. Of course, I jumped on this opportunity. Continue reading