Routing & Switching

The video looks into Cisco TrustSec feature on Cisco Nexus 1000V. We will configure port-profiles to assign SGT to hosts, and have SGT-to-IP mapping sent to an ASA firewall over a SXP connection for policy enforcement. We will see how we can construct an ACL on the ASA to permit or deny traffic based on SGT value using a object-group-security. 

The video looks at how we can achieve network separation at layer 2 with private vlan on Cisco Nexus 1000V. We will go through the concept of Primary, Secondary, Isolated and Community VLANs, and experiment with server communication by placing the servers on different vlan. At the end of the video, we will also go through a scenario where we have two sets of private vlan. Private VLAN allows hosts to remain segregated on the same IP subnet. 

The video presents three main QoS building blocks on Cisco Nexus 1000V: Marking, Policing, and Queuing. We will be applying QoS to Port-Profile to mark RDP traffic, and enforcing policing based on matching DSCP value. Any traffic exceeding allowable rate will be either drop or marked down. We will attempt to provide guaranteed bandwidth to both Nexus and VMware control traffic. DSCP values will be analyzed using Wireshark packet capture.

The video looks into three advanced security features on Cisco Nexus 1000V: DHCP Snooping, Dynamic ARP Inspection, and IP Source Guard. We will be testing each of the features with security audit tools, and we will be able to see how these features protect us from DHCP, ARP and source IP spoofing attacks.

The video walks you through two basic security features on Cisco Nexus 1000V: Access Control List (ACL) and Port-Security. We will configure ACL on a host-facing port-profile and have any denied traffic being logged and sent to a Syslog server. We will enable Port-Security to limit the number of MAC address and test our configuration by performing MAC flooding attack.

• Access Control List (ACL)
• Port-Security
• Errdisable Recovery
• MAC Flooding (Macof Tool)

The video demonstrates how to enable Netflow on Cisco Nexus 1000V to collect network traffic information. We will configure Netflow at vEthernet interfaces, run FTP and RDP as our test applications, and review information displayed on Netflow collector. We will also perform packet capture and analyze Netflow version 9 packets.

• Netflow v9
• Netflow Collector
• Netflow Packet Analysis

The video looks at how port-profiles on Cisco Nexus 1000V can be selectively presented to certain users or groups of VMware administrators using Port-Profile Role feature. This is to prevent the server admin from seeing large number of port-groups unnecessarily, as well as limiting their abilities to assign a VM to certain network.

• Port-Profile Role

The video demonstrates how to perform packet capture on Cisco Nexus 1000V with SPAN and ERSPAN. SPAN allows traffic on the same ESXi host as the packet capture machine to be captured, while ERSPAN allows the packet capture machine to be on a different ESXi from a source or even multiple layer 3 hops away. We uses FTP as a sample application in this lab.

The video focuses on two features on Cisco Nexus 1000V: vTracker, and AAA. We will go through vTracker command outputs, and review the type of information that can be obtained. We will then configure Nexus 1000V to authenticate user through TACACS+ against a Cisco ACS 5.4 server.

• vTracker
• AAA with TACACS+
• Cisco ACS

The video walks you through basic configuration on a Cisco Nexus 1000V after a fresh install. In addition, we will cover three main management items: Syslog, NTP, and SNMPv3. We will finishes off the video by verifying our config with Syslog server and SNMP poller.

• Nexus 1000V Basic Configuration
• DNS
• Syslog,
• NTP
• SNMPv3