Cisco Mobility Services Engine Software Downgrade to 8.0

Cisco Mobility Services Engine (MSE) 8.0 is a wireless mobility and security services engine. It works in conjunction with Cisco Prime Infrastructure instance to deliver these services. After initial build and minimal configuration, most of the other configuration tasks can be carried out through Cisco Prime Infrastructure server.

Cisco Connected Mobile Experience (CMX) is a software package that runs as an application on top of Cisco MSE. In older versions, it is one of the many services offered by the MSE. In the release after Cisco MSE 8.0, the MSE and CMX relationship can be thought of as an underlying hardware platform and a software application running on top respectively.

Enterprise can choose to install a physical MSE appliance and running CMX on top, or CMX can be deployed as VM on a supported virtualization platform. However, if wIPS feature is needed, the older model of MSE acting both as hardware (physical or virtual) and wIPS as a one of the services on top is still needed.

Recently, A pair of MSE 3365 were delivered with CMX 10.4.1 software, while the requirement was to have it use for location services and wIPS. This needed a downgrade to version 8.0 – the latest available as of this writing is 8.0.150.0.

Downgrading to 8.0.130.0

Raise a Cisco TAC case to get a special download link to an ISO file for the 8.0 version. We got 8.0.130.0 with the recommendation to upgrade it further to 8.0.150.0. The ISO is not available on the Cisco download portal for any of the physical platforms

Read More

Introduction to Digital Certificates

Introduction to Digital Certificates

Digital certificates are the cornerstone of the modern e-commerce and secure internet communications in general. A digital certificate is a means to establish trust, one way or mutual, between two parties before a transaction can take place between the two. The contents and integrity of the transaction are protected by the digital certificate from evesdroppers, who may desire to use it for self-gains or tamper with it, without such protection. A digital certificate proves the ownership of a “Cryptographic Key”. Let’s look at this in a bit more detail.

Need for Security in Communications

The need to secure communications between two people, say, Alice and Bob, separated by an untrusted communication medium is perhaps as old as the history of human civilization. Why communicate? Because that is what we do. Maybe Alice wants Bob to bring eggs home on the way back from work, for tomorrow’s breakfast.

What is the communication medium in between? A horse rider, a note carrying pigeon, a smoke signal, postal mail or in the modern era, a phone call, text message or email.

Unsecure Communication

Why is the communication medium untrusted? Because Alice and Bob’s arch nemesis Eve, can’t see them happy and wants to tamper with the message to have Bob bring home milk instead, which they got plenty of, and will make Alice very unhappy if he brings it again.

 

Read More

Cisco Identity Services Engine Posture Updates Failure

On a Cisco ISE 2.x deployment, noticed that the Posture Update (Admin -> Settings -> Posture -> Updates) is failing since 14 Feb, 2018 this year. That was the date the update ran successfully for the last time. The feed URL or proxy settings remained the same during this time.

 

Cisco ISE Posture Updates Failure

 

Manual “Update Now” is bringing this message in a pop-up window.

Remote address is not accessible. Please make sure update feed url, proxy address and proxy port are properly configured.

 

Read More

Cisco Identity Services Engine Upgrade Failure 2.0 to 2.3

Cisco ISE

 

Experience with upgrading a two-node Cisco Identity Services Engine (ISE) deployment from version 2.0 to 2.3.

 

Current Cisco ISE deployment:

!!!! Hardware

VMware 6.5

Node 1: Primary Admin, Secondary Monitoring, PSN
  4 CPU
  24G Memory

Node 2: Secondary Admin, Primary Monitoring, PSN
  4 CPU
  24G Memory



!!!! Show version

Cisco Application Deployment Engine OS Release: 2.3
ADE-OS Build Version: 2.3.0.187
ADE-OS System Architecture: x86_64

Copyright (c) 2005-2014 by Cisco Systems, Inc.
All rights reserved.
Hostname: tnetise01

Version information of installed applications
---------------------------------------------

Cisco Identity Services Engine
---------------------------------------------
Version      : 2.0.0.306
Build Date   : Thu Oct  8 18:55:23 2015
Install Date : Mon Oct 16 13:14:57 2017

Cisco Identity Services Engine Patch
---------------------------------------------
Version      : 5
Install Date : Tue Oct 17 14:42:24 2017

 

Upgrading to version: 2.3

Cisco ISE Upgrade Bundle 2.3

 

Read More

Cisco Prime Infrastructure Inline Upgrade Failure 3.1 to 3.4

Prime Infrastructure

 

Experience with upgrading a Cisco Prime Infrastructure instance from version 3.1 to 3.4.

 

Current Prime Infrastructure Instance:

!!!! Hardware
VMware 6.5
16 CPU
24G Memory



!!!! show version
Cisco Application Deployment Engine OS Release: 3.1
ADE-OS Build Version: 3.1.0.001
ADE-OS System Architecture: x86_64

Copyright (c) 2009-2016 by Cisco Systems, Inc.
All rights reserved.
Hostname: tnetprime


Version information of installed applications
---------------------------------------------

Cisco Prime Infrastructure
********************************************************
Version : 3.1.0
Build : 3.1.0.0.132
Critical Fixes:
        PI 3.1.6 Maintenance Release ( 6.0.0 )
Device Support:
        Prime Infrastructure 3.1 Device Pack 10 ( 10.0 )
        Prime Infrastructure 3.1 Device Pack 11 ( 11.0 )

 

Upgrading to Version: 3.4

 

Read More

Regular Expressions for Network Engineers

regex

How many times were you working on a task which involved either updating all instances of a piece of configuration or creating a new configuration piece at multiple points on a network device?  You have translated the requirements into functional syntax, a blueprint, for the specific hardware platform, now it’s time to implement it 10’s of times on the device. How do you implement it on the device?

For small and non-routine one-off tasks, the quickest way may be to jump on the device and repeat the manual labor N times at different places and with slight variations, where N is hopefully a relatively small number worth this manual approach. This may also be true for a junior network engineer who may not know other efficient methods of achieving it.

This is a type of automation as we aim to reduce if not eliminate manual processes that are very well defined and certainly repeatable. While automation can go a long way where we can have multiple devices or device groups, automated login to these, implementation of config and finally verification of status and rollback if needed, all being launched in order by a single orchestrating script – say an Ansible Playbook. Let’s keep that for some other day and talk about simple config generation on a single device that we can manually apply.

Ok, enough of the need for regular expressions (regex), let’s get started.

 

Read More

Hello world!

Hello World

in a banner text,

#     #                                #     #
#     # ###### #      #       ####     #  #  #  ####  #####  #      #####
#     # #      #      #      #    #    #  #  # #    # #    # #      #    #
####### #####  #      #      #    #    #  #  # #    # #    # #      #    #
#     # #      #      #      #    #    #  #  # #    # #####  #      #    #
#     # #      #      #      #    #    #  #  # #    # #   #  #      #    #
#     # ###### ###### ######  ####      ## ##   ####  #    # ###### #####

 

in my very first computer programming language a while back, C language,

#include <stdio.h>

int main(void) { 
  printf("Hello World\n"); 
}