Monitors network and devices for health and performance.
Detects & fixes issues with intelligent alerts and inbuilt diagnostics tools.Checks for SQLi, XSS and 4500 other web vulnerabilities.
Integrated Vulnerability Management to prioritize and manage vulnerabilities.
All essentials to patch 750+ applications through one reliable platform
Cisco Wireless Controllers (WLC) support the configuration of Link Aggregation (IEEE 802.3ad - LAG) which bundles the controller ports into a single port channel. This helps simplify the configuration of the WLC interface ports, increase available bandwidth between the wireless and wired network, provide load-balancing capabilities between physical WLC ports and increase port redundancy.
To learn more about WLC interfaces refer to our article Cisco WLC Interfaces, Ports & Their Functionality article
The diagram below shows an example of a WLC 2504 with ports P1 and P2 in a LAG configuration connecting to a Cisco Catalyst or Nexus switch. In the configuration below WLC ports P1 and P2 are aggregated to provide a total of 2Gbps bandwidth:
Let’s take a quick look of what’s covered:
While LAG is the preferred method of connecting the WLC to the network there however a number of restrictions we need to be aware of to ensure we don’t stumble into any unpleasant surprises.
Click to enlarge
This article explains how to detect a SYN Flood Attack using an advanced protocol analyser like Colasoft Capsa. We’ll show you how to identify and inspect abnormal traffic spikes, drill into captured packets and identify evidence of flood attacks. Furthermore we’ll configure Colasoft Capsa to automatically detect SYN Flood Attacks and send automated alert notifications .
Denial-of-Service (DoS) attacks are one of the most persistent attacks network admins face due to the ease they can be carried out. With a couple of commands, an attacker can create a DoS attack capable of disrupting critical network services within an organization.
There are a number of ways to execute a DoS attack, including ARP poisoning, Ping Flood, UDP Flood, Smurf attack and more but we’re going to focus on one of the most common: the SYN flood (half-open attack). In this method, an attacker exploits the TCP handshake process.
In a regular three-way TCP handshake, the user sends a SYN packet to a server, which replies with a SYN-ACK packet. The user replies with a final ACK packet, completing the process and establishing the TCP connection be established after which data can be transferred between the two hosts:
However, if a server receives a high volume of SYN packets and no replies (ACK) to its SYN-ACK packets, the TCP connections remain half-open, assuming natural network congestion:
By flooding a target with SYN packets and not responding (ACK), an attacker can easily overwhelm the target’s available ports. In this state, the target struggles to handle traffic which in turn will increase CPU usage and memory consumption ultimately leading to the exhaustion of its resources (CPU and RAM). At this point the server will no longer be able to serve legitimate clients requests and ultimately lead to a Denial-of-Service.
Fortunately, there are a number of software that can detect SYN Flood attacks. Wireshark is a strong, free solution, but paid versions of Colasoft Capsa make it far easier and quicker to detect and locate network attacks. Graph-oriented displays and clever features make it simple to diagnose issues.
As such, the first point of call for detecting a DoS attack is the dashboard. The overview of your network will make spikes in traffic quickly noticeable. You should be able to notice an uptick in the global utilization graph, as well as the total traffic by bytes:
With Microsoft Ignite just around the corner, Windows Server 2019 is set to get its full release and the signs look good. Very good. Unless you’re part of the Windows Server insider program - which grants you access to the latest Windows Server Preview builds - you probably haven’t had a hands-on experience yet with Windows Server 2019 but the guys over at Altaro have and are preparing to host a webinar on the 3rd of October to tell you all about it.
The webinar will be held a week after Microsoft Ignite so it will cover the complete feature set included in the full release as well as a more in-depth look at the most important features in Windows Server 2019. Whenever a new version of Windows Server gets released there’s always a lot of attention and media coverage so it’s nice to have an hour long session where you can sit back and let a panel of Microsoft experts cut through the noise and give you all the information you need.
It’s also a great chance to ask your questions direct to those with the inside knowledge and receive answers live on air. Over 2000 people have now registered for this webinar and we’re going to be joining too. It’s free to register - what are you waiting for?
Save your seat: https://goo.gl/V9tYYb
This article shows how to perform an ISSU (In-Service Software Upgrade) on a Nexus Data Center switch (7000 and 7700 models) and avoid service and network disruption. We explain the importance of keeping your NX-OS software updated, how the upgrade process is executed, explain the purpose of the Kickstart and System images, provide methods on how to transfer the NX-OS images to the switch bootflash on both supervisor engines, verify ISSU capability and test/simulate the upgrade process.
In addition we cover useful commands to discover issues that might occur during the upgrade process, configuration backup methods, upgrading a Nexus 7000 and Nexus 7700 series with single or dual Supervisor Engines (SUP1 and SUP2 models).
Here is a quick overview of what’s covered:
Upgrading your NX-OS can be a daunting task as there is always the risk something might go wrong. Despite this, it is very important to ensure your core Nexus switch is running one of the latest and supported images.
If you’re looking for reasons why to take the risk and upgrade, here are a few that might help convince:
It’s always recommended to perform a thorough research of the NX-OS version under consideration to identify caveats or issues that might affect your production environment. This information can be found on Cisco’s website or by opening a Cisco TAC Service Request.
The ISSU upgrade process provides us with the ability to upgrade a Nexus 7000/7700 switch without network or service disruption. During the ISSU process all Nexus modules and Supervisor Engines are fully upgraded without requiring a switch reboot.
Firewall.cx has covered Colasoft Capsa several times in the past, but its constant improvements make it well worth revisiting. Since the last review, the version has bumped from 7.6.1 to 11.1.2+, keeping a similar interface but scoring plenty of new features. In fact, its change is significant enough to warrant a full re-evaluation rather than a simple comparison.
For the unfamiliar, Colasoft Capsa Enterprise is a widely respected network protocol analyzer that goes far beyond free packet sniffers like Wireshark. It gives users detailed information about packets, conversations, protocols, and more, while also tying in diagnosis and security tools to assess network health. It was named as a visionary in Gartner’s Magic Quadrant for Network Performance Monitoring and Diagnostics in 2018, which gives an idea of its power. Essentially, it’s a catch-all for professionals who want a deeper understanding of their network.
The installation of Capsa Enterprise is a clear merit, requiring little to no additional configuration. The installer comes in at 84 MB, a very reasonable size that will be quick to download on most connections. From there, it’s a simple case of pressing Next a few times.
However, Colasoft does give additional options during the process. There’s the standard ability to choose the location of the install, but also choices of a Full, Compact, or Custom install. It lets users remove parts of the network toolset as required to reduce clutter or any other issues. Naturally, Firewall.cx is looking at the full capabilities for the purpose of this review.
The entire process takes only a few minutes, with Capsa automatically installing the necessary drivers. Capsa does prompt a restart after completion, though it can be accessed before then to register a serial number. The software offers both an online option for product registration and an offline process that makes use of a license file. It’s a nice touch that should appease the small percentage of users without a connection.
After starting Capsa Enterprise for the first time, users are presented with a dashboard that lets them choose a network adapter, select an analysis profile, or load packet files for replay. Selecting an adapter reveals a graph of network usage over time to make it easier to discern the right one. A table above reveals the speed, number of packets sent, utilization, and IP address to make that process even easier.
However, it’s after pressing the Start button that things get interesting. As data collection begins, Capsa starts to display it in a digestible way, revealing live graphs with global utilization, total traffic, top IP addresses, and top application protocols.