5 Ways to Predict Issues and Avoid Downtime for Cisco Nexus

There are a number of issues lurking in your network. However, they can be caught before they cause your company or administrator heartache. See below for the top 5 situations Cisco customers find themselves in and how you can proactively steer clear of these issues with Indeni.

Situation 1: The Well-Meaning Engineer

A network engineer was assigned the task to add a new vlan. By mistake, the engineer did not configure the “vlan add” option to one of the two virtual Port Channel ports so the existing vlan list was mistakenly replaced by the new vlan list. You received a call – the network was down!

How can Indeni proactively inform you of the misconfiguration and reduce your downtime?

Indeni regularly examines the vPC for inconsistencies and alerts on these conditions. The remediation steps help the operations staff to quickly correct the inconsistent vPC misconfiguration.

View alert & source code

Situation 2: O.M.G. OSPF Tree

Is your OSPF tree rebuilding too frequently? OSPF tree rebuild can be resource intensive. If it happens frequently it could mean you have a network issue but it definitely means you’ll be having a performance issue.

What does Indeni do to track the OSPF tree?

Indeni tracks the OSPF tree rebuilds and alerts if they occur too many times within a short timeframe. Commands used: show ip ospf statistics.

View alert & source code

Situation 3: The Hacker’s Dream

A junior engineer temporarily configured several Nexus switches with unrestricted SNMPv2 access using the default community string. He used telnet to access the Nexus switch. A penetration tester was able to quickly exploit these exposed SNMP services. Furthermore, the admin level credentials of the unencrypted telnet user were revealed. As a result, the Nexus switches deployed at the Data Center failed the Network Security Assessment performed by an auditor. The company faces the risk of failing the Data Center ISO compliance.

How can Indeni proactively inform you of these security risks?

Indeni periodically examines the configuration to ensure that it conforms to the network security best practices.

View alert & source code

Situation 4: Outdated Software

Test your devices for known vulnerabilities. Do you know if the IOS version you are running is vulnerable? Indeni will let you know if it is. Indeni compares the currently running version of software on each analyzed device against a list of software versions and known vulnerabilities. If we find a match, you get an alert. Commands used: show version; data sources.

How can Indeni help?

Indeni will let you know if it is a match. Indeni compares the currently running version of software on each analyzed device against a list of software versions and known vulnerabilities. If we find a match, you get an alert. Commands used: show version; data sources: internal database of known vulnerabilities.

View alert & source code

Situation 5: Next-Hop Is Down

Do you know if the next-hop router is down? It can be difficult to identify who is impacted when a router or firewall goes down. It may require some specific configuration at times.

How does Indeni deal with this concern?

Indeni crosses the routing table with the list of ARP entries. If a next-hop in the routing table shows up as an invalid or missing entry in the ARP table, Indeni will alert. Data sources: routing tables, ARP tables.

View alert & source code

 

Ready to get started? Download Indeni for free. You can also explore Indeni Knowledge for Cisco Nexus and join the discussion in our community with other CCIEs from around the globe.

About the author
Ulrica de Fort-Menares