Using Cisco ASA NAT to Translate Outbound DNS Lookups to OpenDNS

So you have decided to use Cisco Umbrella or OpenDNS as your recursive DNS. Good choice! You update your internal DNS servers to point to

All done, right?

Then you check your firewall logs and notice there are devices sending DNS queries directly to public DNS servers. How can you force those devices to use

With NAT!

First you need to identify which external DNS servers are being used. Then you need to NAT DNS requests to those external DNS servers to the OpenDNS server.

NetApp ONTAP 9 Simulator and Free eBook

Just a quick post.

I found Neil Anderson on Twitter @flackboxtv. Neil is a CCIE as well as NetApp, VMware, FlexPod, Microsoft and AWS certified. His blog, Flackbox, is about Cloud and Data Center technologies.  Neil has many great video tutorials on NetApp and, more broadly, on SAN and NAS Storage Basics.

Neil is also offering a free 177 page eBook "How to Build A NetApp ONTAP 9 Lab". The lab is built on VMware Player with VyOS routing between networks. The lab includes two NetApp ONTAP clusters, SnapMirror, SnapVault, Windows and Linux hosts. To minimize host memory usage, not every VM needs to be powered on at the same time.

Flackbox is definitely worth checking out.

NetApp Simulator 9 Free eBook – Build Your Own NetApp ONTAP 9 Lab!

Cisco Prime Infrastructure 2.1 - Upgrade VMware Tools

Cisco Prime Infrastructure includes a built-in evaluation license valid for 60 days and 100 devices. You can download the virtual appliance from the Cisco Promotional Software Store. I am running this in my lab on a VMware ESXi 5.5 host.

Smug Cisco Guy

After I installed and configured Prime Infrastructure (PI) vSphere Client reported the PI vm was running an outdated version of VMware Tools. To upgrade VMware Tools you need to enable root access on the PI appliances, then follow the VMware instructions for "Manually Install or Upgrade VMware Tools in a Linux Virtual Machine".

Step 1 - SSH into the appliance and login.

Step 2 - Enable root shell and set the password, then log into root

lab-prime/admin# root_enable
Password :
Password Again :
Root enabled
lab-prime/admin# root
Enter root password :
Starting root bash shell ...

Step 3 - On the VMware host, enable Interactive Tools Upgrade. Right click the VM, Guest, Install/Upgrade VMware Tools, and select Interactive Tools Upgrade.

Step 4 - Back in the ssh windows, mount vmware tools and copy to /tmp

ade # mkdir /mnt/cdrom
ade # mount /dev/cdrom /mnt/cdrom
mount: block device /dev/cdrom is write-protected, mounting read-only
ade # cd /mnt/cdrom
ade # ls | grep VMware

ade # cp VMwareTools-9.4.0-1280544.tar.gz /tmp
ade # cd /tmp
ade # ls | grep VMware

Step 5 - untar the file and run the install

ade # tar zxvf VMwareTools-9.4.0-1280544.tar.gz
ade # cd vmware-tools-distrib/
ade # ./

From here just accept the defaults.

Attending Cisco Live 2014 Online

I am not attending Cisco Live San Francisco this year, or should I say, I won't be in San Francisco for Cisco Live 2014. I wanted to share some information on Webcasts and Broadcasts available to anyone not attending.

Anyone can sign up for a free account. This is also often referred to as Cisco Live 365. Simply go to and create an account. Once your account is created and you login here is what you see:

The On-demand Library is where you can find PDFs of all the breakout sessions. Yes that's correct, you can download any and all the PDFs for Cisco Live!!

But wait there's more... Every session is video recorded. Soon these videos will be uploaded right here. This year Cisco has Fastracked Sessions  "A link to early release, on-demand videos of selected session will be posted here each night of the conference on May 20, 21 & 22. "

The lat section of I wanted to share is the Online Events. After clicking Online Events, you see a schedule of events. If you click details on an event they provide the WebEx information and you can download the iCalendar File to add the event to your calendar. Or if you want all of the online events in your calendar, you can select "1. Subscribe to our calendar"

Cisco Live Online Events

Finally, follow the fun from the twitters. #CLUS

-Bill Carter
CCIE 5022

Book Review: End-to-End QoS Network Design, 2nd Edition

End-to-End QoS Network Design 2nd Edition
As a Network Consultant and CCIE 5022, I have worked with Cisco QoS since, frankly, the beginning of QoS (yes I am old). I have been eagerly awaiting this books release. In the two weeks, I have had this book; I have already referred to it several times to gain additional insight. This book is an all-encompassing presentation and tutorial on Cisco Quality of Service (QoS).

The book flows very well. A reader new to QoS can start at the beginning and build up to the design strategies and product specific sections. Those more experienced, can fast forward to the more advanced sections. The authors have done a tremendous job explaining the foundational architecture and concepts of QoS, and the flow and syntax of Cisco's Modular QoS Command-line (MQC).

The opening section, “Part 1: QoS Design Overview” (Chapter 1 – 9) layout the history of QoS, including the evolution of IETF RFCs, and the QoS implementation tools. The chapters build on each other, and do a great job of introducing a topic, then diving deeper into the details. Each of these chapters starts with a ‘Terminology’ section. This has the nice effect of clearly defining the chapters’ concepts.

The next section, “Part II: QoS Design Strategies” offers a discussion of business and application QoS requirements and thoroughly explores the overall design principles and implementation strategies. Applications covered include voice, broadcast video, multimedia conferencing, and mission-critical data applications. Within this section are my favorite nuggets… The design best practices and recommendations.

The remaining sections provide comprehensive design and configuration information on campus networks (Cisco Catalyst switches), traditional wireless networks, and new ‘Converged Access’ wired and wireless networks (Catalyst 3850, and Cisco 5760 WLC).

Of particular help to me was the Data Center QoS section. On the Cisco web site, Nexus QoS design and best practices information is lacking. This section fills this void and provides great information on the QoS hardware architectures and configuration. The covered platforms are Nexus 7000, 5500, 2000 and 1000v. Great stuff!

The final sections explore WAN, VPN and Branch QoS. I was pleasantly surprised with the inclusion of the Cisco ASR 1000, ASR 9000, and Cisco CSR.

I strongly recommend this book to anyone working with Cisco infrastructure. QoS is intimidating; however, this book is a tremendous resource that will ease your anxiety.

This book is kept in my cubicle and is already filled with highlights, notes in the margin, and many dog-eared pages.

End-to-End QoS Network Design 2nd Edition at Cisco Press