Cisco on-box automation tools

Cisco on-box automation tools are just tools already embedded in Cisco IOS or can be run through Cisco IOS CLI which helps you to automate many tasks.

Cisco on-box automation tools include:

Auto SmartPorts


Auto Security


Smart Call Home

Tcl Shell

Embedded Event Manager (EEM)

Python Version 2.7

-Auto SmartPorts


-Auto Security


-Smart Call Home

For above read chapter 7 “On-Box Automation and Operations Tools” in “Programming and Automating Cisco Networks” cisco press book

-Tcl Shell

For above read cisco press book ” TcL Scripting for Cisco IOS “

-Embedded Event Manager (EEM)

For above read my personal two parts article “Understanding Cisco EEM by examples”

-Python Version 2.7

Yes, you can run python command in Cisco IOS XE in interactive and non-interactive modes

for more info about Python on-box capability read:


Endpoint Detection and Response (EDR) platforms are security systems that combine elements of next-gen antivirus with additional tools to provide real-time anomaly detection and alerting, forensic analysis and endpoint remediation capabilities.

By recording every file execution and modification, registry change, network connection and binary execution across an organization’s endpoints, EDR enhances threat visibility beyond the scope of EPPs.

Top Endpoint Detection and Response (EDR) Solutions:

Cisco Advanced Malware Protection AMP for Endpoints
FireEye Endpoint Security
Carbon Black Cb Response
Guidance Software EnCase Endpoint Security
Cybereason Total Enterprise Protection
Symantec Endpoint Protection
RSA NetWitness Endpoint
CrowdStrike Falcon Insight
CounterTack Endpoint Threat

Gartner Top EDR

Endpoint Protection Platform (EPP) aka Next Generation Anti-Virus NGAV   is an integrated security solution designed to detect and block threats at the device level. Typically this includes antivirus, anti-malware, data encryption, personal firewalls, intrusion prevention (IPS) and data loss prevention (DLP).

Traditional EPP is inherently preventative, and most of its approaches are signature-based – identifying threats based on known file signatures for newly discovered threats. The latest EPP solutions have however evolved to utilize a broader range of detection techniques.

Top NGAV Vendors to Watch in 2019 Endpoint Protection platform (EPP)
Carbon Black
Kaspersky Lab

Gartner Top EPP


RIPv2 no validate-update-source command

When a router running Routing Information Protocol (RIP) receives an update from a neighboring router, it checks whether the source of the update belongs to the same network or sub-network as the receiving interface.

If they are the same, the routes are accepted for installing into the routing table. Otherwise, the update is dropped.

But we can change this behavior:



interface Serial2/0

ip address

encapsulation ppp

interface Loopback0

ip address


interface Serial2/0

ip address

encapsulation ppp




R2#sh ip route is variably subnetted, 3 subnets, 2 masks

C is directly connected, Serial2/0

C is directly connected, Serial2/0


router rip

ver 2

no auto





router rip

ver 2

no auto



R2#sh ip route is variably subnetted, 3 subnets, 2 masks

C is directly connected, Serial2/0

C is directly connected, Serial2/0



router rip

no validate-update-source


R2#sh ip route

R [120/1] via, 00:00:01 is variably subnetted, 3 subnets, 2 masks

C is directly connected, Serial2/0

C is directly connected, Serial2/0

L is directly connected, Serial2/0




Ambiguous Cisco Networking Terms For Beginners

1-What is optimal path & suboptimal path ?

suboptimal means the route that the packet takes is not the most optimal or in other words not efficient of all the possible routes.

Lets say you have two paths to same destination , one T1 and one 56K , optimal could be T1 path and suboptimal could be 56k

also sometimes incoming path could use optimal path while outgoing is using suboptimal path and vice versa.

in the end optimal is the perfect , suboptimal is not that prefect .


2-What is port flapping?

Ports turning up (on) and down (off) rapidly.

3-What is link flapping?

Link flap means that the interface continually goes up and down in a Cisco devices.

4-what is bouncing an interface ?

bouncing an interface means manually we shutdown then no shutdown interface

5-what is route propagate?

sending route from hop to hop , in another meaning tell any other router (advertise) what routes you have .

6-what is network throughput?

Network Throughput refers to the volume of data that can flow through a network.

Bandwidth is the maximum amount of data that can travel through a ‘channel’.

Throughput is how much data actually does travel through the ‘channel’ successfully.

7-What is Routing Protocols Convergence ?

A converged network topology view means all the routers agree on which links are up, which links are down, which links are running fastest etc. and ready to serve you.

8-what is Converged Protocols ?

Converged protocols are the merging of specialty or proprietary protocols with standard protocols, such as those from the TCP/IP suite. The primary benefit of converged protocols is the ability to use existing TCP/IP supporting network infrastructure to host special or proprietary services without the need for unique deployments of alternate networking hardware.

such as FCoE ,iSCSI ,DNP3 & MPLS .

9-What is Asymmetric routing ?

Asymmetric routing in general is a normal, but unwanted situation in an IP network. Asymmetric routing is a situation where for one reason or another packets flowing in i.e. TCP connections flow through different routes to different directions.

10-what is explicit and implicit in ACL world ?

explicit mean something happen manually ( Fully and clearly defined by you)

implicit mean something happen automatically (always to be found )

( for your info we use same two terms with Microsoft AD site trust but to explain manually and automatically trust relationship )

as you know in Cisco ACL we have implicit deny all (deny any or deny any any )

but we can not log it because its already written on the end of ACL

so we will need to write explicit deny all , so we can add Log word on the end

extended explicit deny all:

deny any any log

standard explicit deny all:

deny any log standard



AWS Certified Solutions Architect Associate Exam Resources

In the next few weeks, I am planning to take
AWS Certified Solutions Architect Associate Exam.
Exam Released February 2018, Code: SAA-C01

Certification Details:

Exam Guide:
Free PDF

Books and Resources:
1-First of all, create Free Trial AWS Account
AWS Accounts Include 12 Months of Free Tier Access

2- AWS Certified Solutions Architect Official Study Guide from Sybex
This one is outdated but still useful


but you wait the second edition will be released March 19, 2019.


3- AWS Certified Solutions Architect Associate All-in-One Exam Guide (Exam SAA-C01) from McGraw-Hill


4- AWS Certified Solutions Architect – Associate (SAA-C01) Cert Guide, First Edition from Pearson IT Certification

Pearson IT Certification

5- AWS Certified Solutions Architect Associate Videos from Livelessons


When I am back from my first attempt will share my full experience.