Monday, 29 July 2019

With Cisco Threat Response, The Best Things in Threat Hunting are Free

For those of us in security operations, it could be easy to feel discouraged. After all, it’s an unfair fight. The bad actors seem to have unlimited time and budget. And we certainly don’t!

But here’s some good news: one of the most valuable tools available in threat hunting is free. Just like the golden oldie tune (or the Janet/Luther pop classic) says, the best things in life don’t always cost money. For customers with Cisco Next-Generation Firewalls, Intrusion Prevention (IPS), AMP for Endpoints, Cisco Umbrella, Email Security, and/or Threat Grid, Cisco Threat Response helps detect, investigate, and take corrective action against cyber threats—at no additional cost.

Making the Fight More Fair


We work with security professionals in organizations of all types and sizes. No matter their differences, they all say they’re bombarded. They wish they could “hit pause” on the flood of security events to allow for the time-consuming manual work they have to do after an attack. Not only that, they’re often in the difficult position of having to make decisions with inadequate information. They’re concerned about blocking too much and compromising productivity. Or not blocking enough to protect the business.

Cisco Threat Response provides an automated process to help. It’s a key pillar of Cisco’s integrated security architecture and designed to give you the contextual awareness you need so you can see, investigate, and act on threats fast. If you’ve invested in Cisco security products that support it, Threat Response is on your side to make the fight against cyberattacks a little fairer.

Cisco Study Materials, Cisco Prep, Cisco Learning, Cisco Guides, Cisco Online Exam, Cisco Tutorials and Mateiral

Getting started with Cisco Threat Response is easy.

Fast for Anyone to Use


You don’t have to be an expert to use Cisco Threat Response. The interface is simple, intuitive, and interactive. Users can ask the tool to investigate a threat by simply cutting and pasting threat From the first click, Cisco Threat Response provides details on suspicious behaviors, files, and activities. Then click again, and it can be just as easy and quick to see, and in many cases remediate the root cause.

Cisco Study Materials, Cisco Prep, Cisco Learning, Cisco Guides, Cisco Online Exam, Cisco Tutorials and Mateiral

Easy-to-read, configurable graphics map the targets that have communicated with the malicious domain you’re investigating.

Not only that, information about the threat is collected and results are aggregated in the Cisco Threat Response portal. Here you get one common view, made even more powerful with knowledge from your other supported Cisco products. These products are fed by Talos, which delivers comprehensive threat intelligence with continuous updates to Cisco devices, automatically. In the Cisco Threat Response portal, it provides your network’s local sightings of the threat you’re investigating plus details to help you make timely and confident decisions about the best corrective actions.

Cisco Study Materials, Cisco Prep, Cisco Learning, Cisco Guides, Cisco Online Exam, Cisco Tutorials and Mateiral

Cisco Threat Response provides insights of integrated products to Investigate. The portal provides access to continuous threat intelligence geared to helping you respond quickly.

Cisco Study Materials, Cisco Prep, Cisco Learning, Cisco Guides, Cisco Online Exam, Cisco Tutorials and Mateiral

The browser plug-in makes it easy and convenient to pull indicators of compromise from any webpage or console and get verdicts directly from the drop-down. You can take corrective action or undertake a complete investigation (with collaboration and sharing) right from the page.

The More Cisco You Have, The More Value You Get


With the Firepower integration, Cisco Threat Response can now utilize intrusion alerts from the Firepower devices. This enrichment will amplify the contextual awareness in your network by harnessing the power of effective integrations with products such as AMP for Endpoints, Email Security, Threat Grid Umbrella and your Next-generation firewall. Another exciting thing about Cisco Threat Response is that when you have more Cisco solutions deployed, the integration drives more data enrichment and response capabilities. Contextual analysis becomes more detailed. We will continue to add new Cisco product integrations with Threat Response – the firewall products are only the most recent addition.

Sunday, 28 July 2019

Running NetBeez Agents on Cisco Catalyst Switches

I am happy to announce a new powerful integration between NetBeez and Cisco. Starting with Cisco IOS-XE version 16.12.1, Cisco users can install the NetBeez docker agent on Cisco Catalyst 9000 series switches. This new integration is part of the Cisco application hosting framework, which enables third-party off-the-shelf applications to run on top of Cisco devices. As you’ll read in the next paragraphs, NetBeez and Cisco users will have a lot to gain from this integration. If you are new to NetBeez, let me tell you more about it.

Wide Area Network Monitoring with NetBeez


NetBeez is a distributed network monitoring solution that enables network engineering teams to monitor remote Wide Area Network locations via dedicated hardware or software agents, called Beez. The Beez run active monitoring tests, such as ping, traceroute, and iperf, as well as DNS and HTTP checks against web and cloud applications. Like a canary in a coal mine, the Beez proactively detect remote performance issues that impact end-users and business operations. The performance data logged by the Beez is sent real-time to the NetBeez central server, where it’s processed for alerting, displayed on the user dashboard, or consumed by third-party applications via the available APIs.

Cisco Study Materials, Cisco Tutorials and Materials, Cisco Learning, Cisco Online Exam

With the Cisco App Hosting integration, the Catalyst 9000 is capable of hosting NetBeez agents and run network performance tests from the user perspective. In this scenario, the NetBeez server is still needed to manage the Beez running on the switches and to collect the network performance data generated.

Benefits of Cisco App Hosting


Traditionally, the Beez runs on top of a Raspberry Pi that is plugged into the access switch at remote WAN sites. Companies that need to monitor large WANs have to invest considerable time and resources to ship and deploy the hardware appliances at remote locations. The Cisco App Hosting removes this “physical barrier” in the deployment and maintenance process of the Beez. Catalyst owners can now easily install via the Cisco CLI the NetBeez docker agent on their switches. Let’s see what this procedure looks like …

Configuring Catalyst for App Hosting


Configuring a Catalyst 9000 series switch to host a NetBeez docker agent is fairly simple. Before you begin, make sure you meet the following requirements:

◈ A Cisco Catalyst 9000 switch with IOS-XE version 16.12.1

◈ A USB SSD-120G for Catalyst 9000 series switches

◈ A NetBeez server running version 2.0

◈ The NetBeez docker agent v2.0.5

The procedure will have you:

1. Create a user VLAN that will be used by the NetBeez docker agent as uplink

2. Map the user VLAN to one of the switch’s access or trunk ports

3. Create an AppGigabitEthernet interface that is an internal bridge between the eth0 interface on the NetBeez agent and the user VLAN mentioned at step 1

4. Define configuration parameters needed by the NetBeez docker agent to connect to the server.

The following diagram illustrates how these different components relate to each other.

Cisco Study Materials, Cisco Tutorials and Materials, Cisco Learning, Cisco Online Exam

Saturday, 27 July 2019

How AI is Changing the Game For Knowledge Workers

Cisco Online Guides, Cisco Learning, Cisco Tutorials and Materials, Cisco Guides

Have you ever wanted to ditch your mobile device, step back into the pre-internet everywhere era and pop on a Depeche Mode cassette? Yeah, me either. But for knowledge workers dealing with a constant stream of notifications and requests, stepping back a few decades might seem like a welcome reprieve. Luckily, artificial intelligence (AI) and machine learning are transforming the way we work and it’s not only leading to better outcomes, but more importantly, making our work life a little more pleasant.

“A Question of Time”


Today we can collaborate with anyone in any location but building relationships with our colleagues and focusing on higher value initiatives often takes a back seat to the day’s urgent request. In addition, the technology that’s meant to help us get our jobs done can themselves become barriers. Take a common virtual meeting, for example. Today, 85% of people experience online meeting problems and 42% felt frustrated in the last week because they could not easily join an online meeting. This software is meant to make our jobs easier and improve collaboration, but it’s not meeting our expectations. Even worse, these minor frustrations can add up to a lot of wasted time.

“The Landscape is Changing”


Enter AI and machine learning. While we’re a far way off from HAL 9000, there are market-proven AI capabilities that are being leveraged today to improve collaboration. This new form of collaboration, termed cognitive collaboration, is one where the machines are involved in the process — removing mundane tasks and facilitating a more human experience.

With capabilities like AI assistants and bots which help to facilitate and automate tasks and relationship intelligence that serves up information on meeting attendees, cognitive collaboration is transforming the virtual meeting experience.

“People are People”


According to a new survey by Dimensional Research, 72% of respondents said their meetings generally start late. When asked about why, some of the most popular responses were that they encountered:

◈ Problems joining the meeting (57%)

◈ Desktop or application sharing issues (43%)

◈ Background noise impairs the meeting (41%)

Imagine a world where everyone was prompted by a virtual assistant to join their meeting and all they had to respond was “Ok Webex, join my meeting.” No fumbling for a join code, no dial-in.

Or how about using your voice to share your screen and if you start typing away to respond to an urgent message, it’s automatically detected and your audio line is suppressed? These capabilities aren’t a future state — they are here today and are a core part of Webex Devices and Meetings.

While Webex Assistant will help your meetings run more efficiently, once you’re in the meeting, AI-generated people and company profiles will take your collaboration experience to the next level.

People Insights provides detailed profiles right in Webex Meetings, allowing us to discover shared interests and backgrounds and helping us get to know the people we meet with a little better. Not sure who someone is in the meeting? Check out their profile. Curious to see who the new person in your organization reports to? Reporting structure is a click away.

Today, over 80% of people spend up to 5 hours a week researching the people they’re meeting with — when the information you’re looking for is presented to you when you need, that’s a lot of time you can get back in your day. I’m not the only one excited about this. In a recent survey, 4 out of 5 respondents say having background information on people in the meeting would increase the meeting effectiveness. Beyond the meeting, it is helping to foster better relationships which can lead to improved team synergies and better outcomes.

“Enjoy the Silence”


These cognitive collaboration capabilities are game changers for knowledge workers, but it’s just the tip of the iceberg. As these capabilities continue to become interwoven into the collaboration platform and new AI-enabled features emerge, the in-meeting experience will rival, and maybe soon surpass, in-person collaboration. And at the end of the day, maybe that means you get a chance to enjoy the silence for a bit (cue the cassette).

Thursday, 25 July 2019

Cisco Threat Response Plugin: Defeat Threats With Just a Few Clicks

One of the best tools in your SOC’s arsenal is something you might already have access to and didn’t even have to pay for. If you already deploy Cisco Umbrella, AMP for Endpoints, Firepower devices, next-generation intrusion prevention system (NGIPS), Email Security, or Threat Grid, then you can immediately access Cisco Threat Response for FREE. As in no charge. Zero extra dollars. No strings attached.

With Cisco Threat Response, customers receive a powerful solution that can streamline and simplify detection, investigation, and remediation of threats. In addition, Threat Response offers a very easy, powerful tool in the new browser plugin (for Chrome and Firefox). By adding the plugin, security professionals now have instant access to threat intelligence and response capabilities directly from their browser. To prove the simplicity of this, let’s use a straightforward example.

For the threat, we will use the Karkoff malware, used in the DNSpionage campaign.

Cisco Online Exam, Cisco Tutorials and Material, Cisco Learning, Cisco Certification, Cisco Study Materials

Ah, it seems that Talos has a full spotlight of Karkoff. Towards the bottom of the blog, Talos gives a full report on Indicators of Compromise for Karkoff.

Cisco Online Exam, Cisco Tutorials and Material, Cisco Learning, Cisco Certification, Cisco Study Materials

Traditionally, you’d have to manually copy and paste  each file, IP address, etc. from the blog, editing them to remove the defanging “safety brackets”, searching for each one in turn, in each of your telemetry sources – a laborious, manual activity. Cisco Threat Response simplifies this entire process by bringing all of these capabilities to one central source. So, let’s open the Cisco Threat Response browser plugin.

Cisco Online Exam, Cisco Tutorials and Material, Cisco Learning, Cisco Certification, Cisco Study Materials

Immediately, Cisco Threat Response identifies 16 observables from this threat intelligence blog. 1 clean. 9 malicious. 6 unknown.

Cisco Online Exam, Cisco Tutorials and Material, Cisco Learning, Cisco Certification, Cisco Study Materials

By clicking the malicious and unknown observables, we can tailor our investigation. We will not worry at all about snort.org, because we know Snorty is never up to anything bad!

Cisco Online Exam, Cisco Tutorials and Material, Cisco Learning, Cisco Certification, Cisco Study Materials

As an example of how quickly we can take response actions, even before pivoting into Threat Response to do a more complete investigation, let’s look at kuternull.com. It is listed as “unknown.” By clicking the dropdown menu next to it, and pivoting out to other trusted intelligence sources like the Talos database or Threat Grid, we could quickly gather more information to determine a course of action.

Cisco Online Exam, Cisco Tutorials and Material, Cisco Learning, Cisco Certification, Cisco Study Materials

For the purposes of simply showing the ease of the plugin, let’s assume we investigated this domain and there is no legitimate business need for our organization to be contacting it. In order to prevent potential malware activity, we will proactively block it now as a first level stopgap while we continue our investigation. Threat Response directly integrates with Umbrella, so we can immediately block the domain across our entire network with one click within the plugin.

Cisco Online Exam, Cisco Tutorials and Material, Cisco Learning, Cisco Certification, Cisco Study Materials

Within a few seconds, Threat Response will flash a green banner confirming the blocking of the domain with Umbrella.

Cisco Online Exam, Cisco Tutorials and Material, Cisco Learning, Cisco Certification, Cisco Study Materials

Now, after blocking a few domains quickly, our network is certainly better protected from Karkoff, but there is more investigation to be done. A quick click of the “Investigate” button will launch Cisco Threat Response’s cloud-based dashboard.

Cisco Online Exam, Cisco Tutorials and Material, Cisco Learning, Cisco Certification, Cisco Study Materials

Cisco Threat Response will automatically load the list of the observables and provide insights with relation graphs, file hashes, and others.

Previously, Security Operations Centers (SOCs) would hear about trending threats and wonder, “Is my network affected by this threat?” To answer that question, it would require a series of manual processes that required investigating observables hundreds of times across the network, and then, writing sufficient policy to defend against these threats. To make life even more difficult, these solutions were often from different vendors and require manual processes to implement across different parts of the next work.

With Cisco Threat Response, within minutes, your SOC can:

1. Identify a trending threat from your SIEM, Talos, other threat intel sources, or virtually any third party product that has a web based interface

2. Identify a list of observables with one click

3. Quickly block domains across the network

4. Launch Cisco Threat Response for further investigation

It is important to note that Cisco Threat Response is a FREE add-on to existing Cisco Security solutions. In the example above, the user has Threat Response integrated with their AMP For Endpoints, Cisco Threat Grid, and Umbrella solutions. In addition, every user of Threat Response automatically gets access to the Talos Intelligence and AMP File Reputation databases for use in Threat Response. While Cisco Threat Response provides significant value when integrated with only one product, it becomes even more useful with each additional Cisco Security solution integration. It offers unparalleled central-management for detection, investigation, and remediation – and the browser plugins bring all those capabilities into any type of web content. Whether it is a blog entry like in this example, any other intelligence source, or the browser-based management console of any Cisco or third-party security or networking product.

Wednesday, 24 July 2019

Cisco CCIE Collaboration 400-051 (CCIE C): Latest [2019] Exam Guide




Exam Code/Number: 400-051 CCIE C

Exam Overview:  This exam validates that candidates have the skills to plan, design, implement, operate, and troubleshoot enterprise collaboration and communication networks.


Sample Questions: Cisco 400-051 Sample Questions

Tuesday, 23 July 2019

Manage Interfaces in a Centralized Way with DCNM 11

Today, we’re continuing the discussion by featuring how Cisco’s Data Center Network Manager (DCNM) empowers IT to move at the increasing speed businesses require, giving IT departments complete automation, extensive visibility, and consistent operations for their data center. DCNM is the network management platform for all NX-OS-enabled deployments, spanning new fabric architectures, IP Fabric for Media, and storage networking deployments for the Cisco Nexus-powered data center.

Why DCNM 11?


With its advanced features, Cisco’s DCNM 11 supports the management of interfaces individually at a per device level, a fabric level, or a data center level. This is done either via the GUI or equivalent REST APIs. While many tools provide just about every possible permutation for interface configuration, DCNM 11 comes with best practice interface policy templates that will serve the most common deployment scenarios. For more sophisticated use-cases, the interface policy templates within DCNM can be easily customized to meet the user’s specific needs. In addition, the following interface-related operations are also available:

◈ Create/Edit/Delete of logical interfaces like vPCs, Port-Channels, Loopbacks, Sub-interfaces

◈ Attach Networks and VRFs to interfaces using one click

◈ Configuration Straight-Through (ST) and Active-Active (AA) FEX

◈ Interface operations like admin down/up and show commands using templates

◈ Configuration of Routed, Access, Trunk Interfaces

◈ View history for each interface – who did what, when at an interface level

◈ Check compliance status for every interface

◈ Configuration of breakout interfaces

◈ Interface statistics on per interface or per link basis

◈ Per Interface neighbor discovery using LLDP/CDP

How it works


Interface of Switches discovered by DCNM can be seen by navigating to Control -> Fabrics -> Interfaces. The scope selector allows you to filter the list of interfaces at a Data Center level or at a per fabric level. Various filtering options are available, including the ability to modify interface configuration in bulk. The global interface view provides a combination of information that is configured via the DCNM as well as operational information based run time state.

Cisco Online Exam, Cisco Study Materials, Cisco Tutorials and Materials, Cisco Certifications
Interface management at a fabric level

Cisco Online Exam, Cisco Study Materials, Cisco Tutorials and Materials, Cisco Certifications
Interface Controls

Per switch level interface management can be done via Fabric Builder with a simple right click sub-menu selection.

Cisco Online Exam, Cisco Study Materials, Cisco Tutorials and Materials, Cisco Certifications
Interface management at a switch level

Typically, there are two types of interfaces: network interfaces that represent a inter-switch link or ISL, and host facing interfaces that are typically attached to end points (servers, appliances etc.). An ISL or a link may be further classified as a intra-fabric or inter-fabric link. Intra-fabric links are between devices that are part of the same fabric, while inter-fabric links are typically used for external connectivity out of a fabric. DCNM allows users to pre-provision inter and intra fabric physical and logical links using link policy templates. A link policy template in turn references child interface policy templates, one each for either end of the link.

Cisco Online Exam, Cisco Study Materials, Cisco Tutorials and Materials, Cisco Certifications

DCNM then gathers and populates interface level statistics in the health dashboard. Interface and per link statistics – including transmit/receive byte/packet counters, error counters, and more – are available for archival and perusal. Daily or weekly reports may also be generated for interface statistics.

Cisco Online Exam, Cisco Study Materials, Cisco Tutorials and Materials, Cisco Certifications
Real-time interface statistics in Topology Page

Cisco Online Exam, Cisco Study Materials, Cisco Tutorials and Materials, Cisco Certifications
Topology -> Double clicking a link shows 24 H traffic patters

Cisco Online Exam, Cisco Study Materials, Cisco Tutorials and Materials, Cisco Certifications
Control -> Fabric -> Interfaces -> Traffic pattern at an interface level

Interface or link up/down events result in trap notifications that in turn can be used to trigger alarms based on user configured policies. In general, for brownfield deployments, DCNM always preserves the switch and corresponding interface level configuration. DCNM learns the configuration of not only the physical but also the logical interfaces that are present on the switch. Resources such as port-channel IDs, loopback IDs, ip addresses, etc. are also marked as used in the DCNM resource manager. Subsequently, existing interfaces can be edited or new interfaces can be incrementally provisioned via the DCNM for continuous operation.

DCNM features configuration compliance that keeps track of the expected-config/intent defined by the user and the running configuration on the switches at all times. Any drift from the interface intent, including changes made out-of-band, marks the interface, and hence the switch, as ‘OUT-OF-SYNC’. Remediation is suggested by generating a set of pending configuration that will mutate the current running configuration to the current expected configuration (intent) on execution. This brings the interface, and hence the switch, back ‘IN-SYNC’. DCNM’s own resource manager keeps track of all interface configurations, and mutations are backed up at all times for a future rollback.

Interface management from DCNM

Saturday, 20 July 2019

Network Automation Using Unified API – Napalm

Cisco Study Materials, Cisco Online Exam, Cisco Tutorials and Materials, Cisco Learning, Cisco Certifications

Before I joined the awesome Cisco DevNet team, I worked for Cisco on two of their biggest cloud platforms as a network engineer.

My old team and I designed and built one of biggest Cisco Data Center footprints AND we did it all manually. Yes, no automation! We mostly used notepad files as templates, with adds, moves. changes, and general fixes added to these ‘golden notepad’ files. Copying and pasting into the command line (CLI) when each Data Center came online.

If a chill went down your spine and you are shaking your head with reading that last sentence, it was as painful as you are thinking. Even the most diligent, keen eyes and obsessed engineer would find it difficult to say that copying and pasting configurations into 15 network devices, including routers, switches, firewalls, and load balancers was going to go smoothly first time. Certainly not when you have over a thousand access-lists and your firewalls are multi-context.

Time to embrace automation


It made me wonder how our SRE looked so fresh faced (not only because their average age was 20 years less than me btw!) and had time to play on the foosball table. They managed, built, and owned five times the product services that our network team did. Our SRE team had automation nailed down! We needed to become more agile and embrace network automation.

Because we had been so diligent on our new Data Center build, the ports lined up per device and everything was standardized. Our SRE team helped with the automation of the ASA firewalls which was our starting point as they wanted to be able to manage and update their services without having to rely on the network team for the changes. Like most network engineers starting network automation, Ansible was our first choice. We could automate our access lists much easier and audit these when the security team asked (which was normally mid Friday afternoon!).

Cisco acquires OpenDNS


In 2015 Cisco acquired OpenDNS. Our network teams were merged into one team. When our teams met for the first time, the OpenDNS NetEng team said/asked, “Our network is fully automated, is yours?”

“Sort of” was our reply. One of the first tasks was learning from the OpenDNS NetEng team how they fully automated their network. This was my ‘penny dropping’ moment (and what I would find later to be the turning point in my career). There is nothing better than being able to learn from someone (or team) how they achieved the goals you want to achieve.

Welcome to NAPALM


The OpenDNS NetEng used NAPALM (Network Automation and Programmability Abstraction Layer with Multivendor support), a Python library that implements a set of functions to interact with different network device Operating Systems using a unified API. NAPALM supports several methods to connect to the devices, to manipulate configurations or to retrieve data. I had been learning Python for around year, but had not done a big project with it yet. Now, here was my chance.

First, as I tell everyone now who is starting network automation, “start with the low hanging fruit – do not try and automate your whole network in one go.” Trust me here when I say, you can break a lot more things with automation and you can break them a lot quicker. (I have been there and own that t-shirt!) The first project was managing our edge routers (ASR IOS XR) using NAPALM network automation.

What can you do with NAPALM?


◈ Configuration replace: Replace the entire running-config with a completely new configuration

◈ Configuration merge: Merge a set of changes from a file into the running-config

◈ Configuration compare: Compare your new proposed configuration file with the running-config. This only applies to configuration replace operations; it does not apply to merge operations

◈ Commit: Deploy the staged configuration. This can be either an entire new file (for replace operations) or a merge file

◈ Discard: Revert the candidate configuration file back to the current running-config; reset the merge configuration file back to an empty file

◈ Rollback: Revert the running configuration back to a file that was saved prior to the previous commit

Cisco Study Materials, Cisco Online Exam, Cisco Tutorials and Materials, Cisco Learning, Cisco Certifications

Let’s have a quick look at using NAPALM with one of the Cisco DevNet Always on Sandboxes, the one we’ll use here is the IOS XE on CSR Sandbox . Start by installing NAPLAM (You need to have Python 3.6+). You can install NAPALM using PIP

pip install napalm

Open the python `repl` on your machine.

$python
Python 3.6.5 (v3.6.5:f59c0932b4, Mar 28 2018, 05:52:31)
[GCC 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>>

Start by importing the NAPALM module into Python

from napalm import get_network_driver

You can select the driver you need by doing the following:

driver = get_network_driver("ios")

Create the python code using the IOS-XE always on sandbox information.

device = driver(hostname='ios-xe-mgmt-latest.cisco.com',
... username='developer',
... password='C1sco12345',
... optional_args={'port':8181})

Next, we open a connection the device and pass the `get_interfaces` command.

device.open()
device.get_interfaces()

The information is printed below (dont’ worry if your output is not the same. As this is a always on sandbox interfaces change as people use this)

{'GigabitEthernet1': {'is_enabled': True, 'is_up': True, 'description': "MANAGEMENT INTERFACE - DON'T TOUCH ME", 'mac_address': '00:50:56:BB:E9:9C', 'last_flapped': -1.0, 'speed': 0}, 
'GigabitEthernet2': {'is_enabled': True, 'is_up': True, 'description': 'ConfiguredNetConf', 'mac_address': '00:50:56:BB:77:1A', 'last_flapped': -1.0, 'speed': 1000}, 
'GigabitEthernet3': {'is_enabled': False, 'is_up': False, 'description': 'Network Interface', 'mac_address': '00:50:56:BB:EB:1E', 'last_flapped': -1.0, 'speed': 1000}, 'Loopback99': {'is_enabled': True, 'is_up': True, 'description': 'Developers interface', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000}, 
'Loopback101': {'is_enabled': True, 'is_up': True, 'description': 'Created with Ansible', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000}, 'Loopback102': {'is_enabled': True, 'is_up': True, 'description': 'Created with Ansible', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000}, 
'Loopback199': {'is_enabled': True, 'is_up': True, 'description': 'New Loopback by Priv15 user', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000}, 
'Loopback211': {'is_enabled': True, 'is_up': True, 'description': 'Developers Priv15 Interface', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000}, 
'Loopback231': {'is_enabled': True, 'is_up': True, 'description': 'DEVELOPER PRIV15 INTERFACE', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000}, 'Loopback555': {'is_enabled': 
True, 'is_up': True, 'description': 'Added by xxx', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000}, 'Loopback556': {'is_enabled': True, 'is_up': True, 'description': 'Added by GuGame', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000},
 'Loopback1001': {'is_enabled': True, 'is_up': True, 'description': 'GenieLoop1001', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000}, 
'Loopback1150': {'is_enabled': True, 'is_up': True, 'description': 'Pod Number 1150', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000}, 'Loopback1184': {'is_enabled': True, 'is_up': True, 'description': 'New Interface Created with Genie change', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000},
 'Loopback1250': {'is_enabled': True, 'is_up': True, 'description': 'Pod Number 1250', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000}, 'Loopback1350': {'is_enabled': True, 'is_up': True, 'description': 'Pod Number 1350', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000}, 
'Loopback1450': {'is_enabled': True, 'is_up': True, 'description': 'Pod Number 1450', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000},
 'Loopback5050': {'is_enabled': True, 'is_up': True, 'description': 'Pod Number 5050', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000}, 
'Loopback5150': {'is_enabled': True, 'is_up': True, 'description': 'Pod Number 5150', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000}, 'Loopback5250': {'is_enabled': True, 'is_up': True, 'description': 'Pod Number 5250', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000},
 'Loopback5350': {'is_enabled': True, 'is_up': True, 'description': 'Pod Number 5350', 'mac_address': '', 'last_flapped': -1.0, 'speed': 8000}, 'Port-channel1': {'is_enabled': True, 'is_up': False, 'description': 'This is a port-channel interace', 'mac_address': '00:1E:E5:65:3F:C0', 'last_flapped': -1.0, 'speed': 1000}, 
'Tunnel0': {'is_enabled': True, 'is_up': False, 'description': '', 'mac_address': '', 'last_flapped': -1.0, 'speed': 0}, 'Tunnel1': {'is_enabled': True, 'is_up': False, 'description': '', 'mac_address': '', 'last_flapped': -1.0, 'speed': 0}, 
'VirtualPortGroup0': {'is_enabled': True, 'is_up': True, 'description': '', 'mac_address': '00:1E:E5:65:3F:BD', 'last_flapped': -1.0, 'speed': 750}}

We can make the output more readable, by importing `json` and printing this in `json format`

import json
print(json.dumps(device.get_interfaces(), sort_keys=True, indent=4))

{
"GigabitEthernet1": {
"description": "MANAGEMENT INTERFACE - DON'T TOUCH ME",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "00:50:56:BB:E9:9C",
"speed": 0
},
"GigabitEthernet2": {
"description": "ConfiguredNetConf",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "00:50:56:BB:77:1A",
"speed": 1000
},
"GigabitEthernet3": {
"description": "Network Interface",
"is_enabled": false,
"is_up": false,
"last_flapped": -1.0,
"mac_address": "00:50:56:BB:EB:1E",
"speed": 1000
},
"Loopback1001": {
"description": "GenieLoop1001",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback101": {
"description": "Created with Ansible",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback102": {
"description": "Created with Ansible",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback1150": {
"description": "Pod Number 1150",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback1184": {
"description": "New Interface Created with Genie change",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback1250": {
"description": "Pod Number 1250",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback1350": {
"description": "Pod Number 1350",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback1450": {
"description": "Pod Number 1450",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback199": {
"description": "New Loopback by Priv15 user",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback211": {
"description": "Developers Priv15 Interface",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback231": {
"description": "DEVELOPER PRIV15 INTERFACE",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback5050": {
"description": "Pod Number 5050",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback5150": {
"description": "Pod Number 5150",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback5250": {
"description": "Pod Number 5250",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback5350": {
"description": "Pod Number 5350",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback555": {
"description": "Added by xxx",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback556": {
"description": "Added by GuGame",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Loopback99": {
"description": "Developers interface",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "",
"speed": 8000
},
"Port-channel1": {
"description": "This is a port-channel interace",
"is_enabled": true,
"is_up": false,
"last_flapped": -1.0,
"mac_address": "00:1E:E5:65:3F:C0",
"speed": 1000
},
"Tunnel0": {
"description": "",
"is_enabled": true,
"is_up": false,
"last_flapped": -1.0,
"mac_address": "",
"speed": 0
},
"Tunnel1": {
"description": "",
"is_enabled": true,
"is_up": false,
"last_flapped": -1.0,
"mac_address": "",
"speed": 0
},
"VirtualPortGroup0": {
"description": "",
"is_enabled": true,
"is_up": true,
"last_flapped": -1.0,
"mac_address": "00:1E:E5:65:3F:BD",
"speed": 750
}
}

Finally, we close the connection. It is advised to issue use the `close` to disconnect our session from the device.

device.close()

Great right? But it does not end there NAPALM’s supported network operating systems:

◈ Arista EOS
◈ Cisco IOS
◈ Cisco IOS-XR
◈ Cisco NX-OS
◈ Juniper JunOS