Follow this blog Administration + Create my blog
Cisco & Cisco Network Hardware News and Technology

Cisco 8-port Switch Series Simplifies Campus Network Design

May 31 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

When an enterprise needs more network ports in a conference room or an extra jack for a printer in an office, a network administrator has traditionally had very few good choices. There was the expensive option of pulling more cables from the wiring closet, or the option of plugging in an unmanaged 8-port switch from a low-cost vendor into an existing port, complicating campus network design.


Now that port shortage problem has reached beyond the conference room as enterprises of all kinds  are adding a multitude of IP devices and stretching the edge of the LAN beyond the wiring closet. Companies now deploy large numbers of IP phones and video surveillance cameras, schools have more computers and IP-based instructional technology and retail shops have deployed more IP-connected kiosks and point-of-sales stations. While 802.11n wireless LAN technology and cheap unmanaged switches have mitigated the port shortage to some extent, a better answer may lie in enterprise-class compact switches.

Cisco Systems unveiled a new family of compact switches targeting this problem. The switches are part of the Catalyst C-Series and consist of the Catalyst 2960-C and the 3560-C. There are five models and 8 to 12 Fast Ethernet or Gigabit Ethernet (GbE) ports with dual GbE uplinks. These switches do not require their own power source since each device has a new Power-over-Ethernet (PoE+) "pass-through" feature, which allows them to be powered by an upstream closet switch. They are then in turn able to pass the PoE power downstream to IP-connected devices like phones and cameras.

The Catalyst C switches also have many enterprise-class features that low-cost switches lack, such as auto-configuration, IPv6 acceleration and access control lists (ACL). They also have several features central to Cisco's broader Borderless Networks architecture, including Cisco security functions, TrustSec and the IEEE standard MACSec, and Cisco's EnergyWise energy management. The product compares somewhat to a port extender released by Extreme Networks in 2009, the ReachNXT 100-8t port extender, an 8-port device.

For Jordan Martin, technical services manager at a Pennsylvania-based healthcare enterprise, an enterprise-class 8-port switch would simplify his campus network design.

"We have all kinds of little, unmanaged switches lying around places where there just aren't enough jacks to facilitate what we need. Unfortunately a lot of our wiring in our building was done without a ton of forethought,” Martin said.

"We have a campus here with a guard shack and we need to be able to process fiber in and Ethernet out, so we need a decent capability switch out there. But I don't want to spend $3,000 for one guy with a computer and a phone."

Using unmanaged switches from a low-cost vendor has been adequate at times within his network, but such devices don’t scale well, Martin said. Replacing them with enterprise-class 8-port switches could improve operations, management and visibility into the edge of his network.

"In a non-managed switch, if you're having trouble with a device, it could be the switch; it could be the cabling. Being able to take a look at the interface and see if it's a duplex mismatch or whatever the issue may be without having to go out to the location and put some tap on the line… That remote diagnostic capability of an enterprise switch is big for us."

Campus network design: Even with good forethought you'll need the occasional 8-port switch

Eric Steel, network engineer with Georgia-based law firm Constangy, Brooks & Smith, said he usually avoids the need for switches beyond the wiring closet by planning ahead and making sure he has plenty of ports across the network.

"But in those cases where we can't, we end up putting in a cheap mini-switch -- Linksys or Netgear," he said. "

Those switches bring various operational challenges. Steel has to properly configure them for spanning tree protocol so that they don't loop into the LAN, and getting power to the device is also a frequent challenge. "Security is, of course, another headache, because you now have some open ports for people to plug into accidentally or maliciously," Steel said.

Replacing an unmanaged 8-port switch with compact enterprise-class switches allows users to have a network management and security feature set from the core to the edge, said Mike Spanbauer, principal analyst with Current Analysis.

"It offers the ability for the end user to basically standardize on a specific security configuration or software image," he said. "And if they have Catalyst 3560s in the closet and these 3560-Cs remotely deployed in a conference room, which offers the ability to simplify management."

These compact switches also give new campus network design options to enterprises with large numbers of small branches or locations with a light network footprint.

The Catalyst C switches replace a collection of older 8-port Fast Ethernet Catalyst 2960 switches which lacked the Borderless Networks capabilities, memory, PoE pass-through and dual uplinks of these new models.

---Original news from searchnetworking.techtarget.com

More Cisco Catalyst Switch Tips and Cisco Switch Info:

How to Choose the Right Cisco Switches for Your LAN?

Layer 2 Switches & Layer 3 switches

Cisco Catalyst 2960 LAN Base Series & Catalyst 2960 LAN Lite Series

Cisco Launches New Industrial Switches-Cisco IE 2000 Series

Cisco Catalyst 6500 Switches Vs. Catalyst 4500 Series

Read more

Full Reviews on Cisco RV180W Wireless-N Multifunction Router

May 28 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Pros: Easy to set up. Detailed management interface. IPv6 ready. Supports VLANs. Gigabit Ethernet.

Cons: Sluggish interface. Web filtering rules are too basic. Can't tell when VPN users are connected. Confusing VPN setup.

Bottom Line: The Cisco RV180W Wireless-N Multifunction Router offers security-conscious small businesses an all-in-one box to set up VPN access for remote employees, basic routing, wireless, and firewall. It's also future-proof, supporting IPv6 by default.


The Cisco RV180W Wireless-N Multifunction Router ($246 MSRP) makes it easy to set up a firewall, a VPN server, a router, and a wireless network with a single, compact box. The company also offers the RV180 ($182), with all the same features minus the wireless network. The RV180W addresses a lot of the things that were missing in the Cisco RV110W Wireless-N VPN Firewall, such as increasing the number of VPN users supported and adding Gigabit Ethernet ports.

The RV180W aims to offer security, remote access and simple configuration. Even though Cisco is marketing this dual-band wireless router as a small business product, it is comparable to some of the higher-end consumer routers tested recently, such as theNetgear N900 Wireless Dual Band Gigabit Router WNDR4500 and AirStation Nfiniti High PowerGiga Wireless-N Router & Access Point from Buffalo Technology. Pricewise, the RV180W is comparable to Netgear's N900, although it has more features in common with Buffalo's AirStation line of routers.

Hardware Specifications
The Cisco RV180W has one WAN port for Internet connectivity and four Gigabit LAN ports in the back. There are two external antennas on the back for wireless networking. Square and compact, it measures 1.18” x 5.91” x 5.91” (HWD) and weighs a mere 0.61 lbs.

The glossy front panel has indicator lights for power, wireless activity, Internet connectivity, and for each of the four LAN ports. The front panel also has an AP indicator that lights up steady green when the router is being used as an access point. The Bridge indicator is green when it is acting as a bridge.

The back panel has a power button, a reset button to reboot the router or to restore factory settings, and a port to plug in the AC power cable. Unlike the previous RV110W, the four LAN ports on the back of the RV180W support Gigabit Ethernet. While Gigabit Ethernet is not yet a must-have on most business routers, the increasing number of applications, file-sharing, and video streaming within the office make it a should-have.

Like the earlier RV110W, the R180W would be attractive to many businesses because of its built-in VPN server. Considering how expensive and time-consuming it can be to deploy a VPN server for remote workers to connect and access office printers, databases, and applications, a router with built-in VPN is a bargain. The RV180W supports both the widely-supported PPTP and QuickVPN protocols and allows up to 10 VPN connections at time. This is an improvement over the RV110W, which supported only five users at a time.

Cisco upgraded the RV180W to broadcast on both the 2.4 GHz and 5 GHz-band and included WDS bridging/repeating and WEP/WPA/WPA2 consumer and Enterprise wireless security. The router can also be configured to broadcast on four VLAN-based SSIDs. Businesses would appreciate the various options available for setting up the wireless network.

The well-organized Web interface is chock-full of firewall and routing options, including port forwarding, firewall access rules, quality of service, and creating VPN user accounts.

The RV180W supports IPv6 out of the box, making it a sound investment for any business planning to upgrade their networks to adopt the newer Internet address standard down the road. Businesses should pay careful attention to make sure new equipment have IPv6 support, or the eventual transition is going to be really painful.

Cisco Quick Start
Setting up the RV180W was a snap, as I followed the enclosed printed Quick Start Guide to connect the router to the computer and to the network. When I opened up the Web interface with the default IP address and login credentials, the Setup Wizard launched automatically. The entire process took less than 10 minutes, and included setting up security on the wireless network, changing the password for the default account, configuring the router's WAN gateway settings, and testing to make sure I had Internet connectivity. Plenty of on-screen tips and explanations were available at every step.

I also had the option to configure the router to broadcast a different MAC address. Many ISPs secure customer connections by locking the IP address to a specific hardware MAC address to prevent someone from swapping routers or firewalls without the administrator's knowledge. The RV180W can broadcast the MAC address of the computer being used to run the Setup Wizard, or an entirely different address (such as the previous router being replaced).

I appreciated the Setup Wizard's focus on security. The interface warned me when I selected a password that wasn't strong enough and defaulted to a secure wireless setup by default. When I tried to set up an open wireless network, the wizard displayed several warnings.

More Related Topic:

Cisco RV180W Wireless-N Multifunction VPN Router Data Sheet

Review on Cisco RV110W Wireless-N VPN Firewall

Read more

Network Switch Compared: Cisco Catalyst 3750 Series or Juniper EX4200

May 23 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall


Juniper EX4200 or Cisco Catalyst 3750 Series Switch Compared

What do people thought about Juniper's EX switches Vs. Cisco Catalysts switches? Someone may answer like these: “Well the Juniper switches are much cheaper, that's for sure. I don't understand this Cisco-only mentality that's out there - why would I pay 3 or 4 times as much for a switch with less features?”. “We bought the Blade Network Technologies Rack Switches. Juniper OEM them, but they are even cheaper buying them from BNT. And the suppport is great too.”…

Right, Both Cisco and Juniper have many users and followers. Not the better, but the right. There are some comparison between Juniper’s EX4200 switch and Cisco’s 3750 series Catalyst switches, which may help you know more about EX4200 switch and Cisco 3750 switches.


EX4200 vs. Catalyst 3750: Layer 3 Stackable Switch Comparison

With prices starting at under $4,000, Juniper’s EX4200 line is available in 24 and 48 port 10/100/1000 densities, both PoE and non-PoE. They also include either 1Gb or 10Gb modular uplink connectivity. Another cool feature is the standard hot swap power supplies, while most of Cisco 3750 switches come with a single non field serviceable power supply.

Cisco 3750G, CISCO 3750E, and Cisco Catalyst 3750X switches come in over 70 different models and it can be overwhelming figuring out exactly what model to order without having to go through a myriad of technical, feature and pricing comparisons. Juniper makes it easy, offering one model with the same or better performance in several categories than all of Cisco 3750 series switches. Better yet, Juniper’s J-Care support can be as much as 75% less than Cisco’s Smartnet.

One of the most important factors in choosing a Layer 3 stackable switch is the actual performance of the stack. An independent study found Juniper’s EX4200 Latency is always lower when the switches are in a Virtual Chassis configuration. Coincidently enough, Cisco doesn’t publish latency rates of their stackable solution. Virtual Chassis configurations recover from hardware and software failures in milliseconds and operate at 30-Gbit/s rates in each direction between switches.

So in a side by side comparison between the Juniper EX4200 and the Cisco 3750G, E or X, it was no contest. 

Price and Specs of Juniper EX 4200, Cisco 3750G, Cisco 3750-E, Cisco 3750-X






Example List prices

(48 port 10/100/1000 + 4 SFP model)

(48 port 10/100/1000 + 4 SFP model)

(48 port 10/100/1000 + 2 X2 model)

(48 port 10/100/1000 + 4 SFP model)

1 Yr 24x7x4 Support List Prices





Bandwidth (Gbps)





Throughput (Mpps)





Stacking Throughput (Gbps)





Max switches in virtual stack





L3 RIP and Static







(requres license)*



IPv4 unicast/multicast





Wire Speed





10-GBE Scalable





Internal power capabilities

Redundant Hot Swappable

NON-Field Replaceable

Single Field Replaceable

Redundant Hot Swappable


More PDF files: Juniper Networks EX Series/ Cisco Catalyst Interoperability Test Results

Cisco 3750 Guide: CISCO Catalyst 3750 Family

How to Configure a Cisco 3750


Read more

Cisco's Wireless Unit Shifts Emphasis to "Mobility"

May 22 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco News

Cisco's Wireless Networking Business Unit doesn't actually talk so much about wireless networking these days. Increasingly, its message aimed at IT groups is about the broader concept of "mobility."
The change, not only for Cisco but its rivals, reflects the fact that mobile workers are no longer focused simply on replacing an Ethernet cable with a Wi-Fi signal and being able to carry their corporate laptop to the conference room. The real question has become: what can they, and the company, and the company's customers, now do once they've made that replacement?

"Connecting a device to my corporate network is just step one. The question is: what happens after that?" says Sujai Hajela, vice president/general manager of Cisco's wireless networking business unit, who spoke with Network World this week regarding Cisco's announcement of three new pre-tested bundles of products and services designed to cut through the confusing complexity of enterprise mobility.

The new Smart Solutions packages are by themselves not exactly new: they're formed of existing Cisco hardware and software, third-party partnerships, and consulting services from Cisco or its partners. But Cisco says they represent a shift in the company's thinking about how to deploy mobile technology for businesses. Instead of a grab bag of separate products, the new approach sees mobility, in effect, as a whole that's greater than the sum of its many parts, including devices, operating systems, apps, Wi-Fi access points, VPNs, authentication and security. The overarching enterprise benefit, according to Cisco, is summed up in a new term, "Cisco Unified Workspace."

BACKGROUNDCisco mobility bundles target BYOD, mobile virtual desktop

"Enterprises are looking at the next generation of users coming into their ranks," says Tim Zimmerman, principal analyst for network services and infrastructure with market watcher Gartner. "Most of them don't even know what an RJ-45 plug is. The iPad doesn't even have one. There's a presumption of wireless connectivity [being available anywhere, anytime]. That puts more responsibility on IT organizations to manage that."

Cisco's main challenge in the enterprise market, he says, is execution and optimization - in effect, turning PowerPoint slides of talking points into concrete capabilities that enterprises buy into and then buy to mobilize business.

Cisco still dominates the enterprise wireless LAN landscape, but its dominance is less complete than it was a few years ago. By revenues, Cisco's share of the total worldwide market for enterprise WLAN equipment is now about 50%, down from the more than 60% it commanded for years, according to IDC. Its nearest rival, publicly held Aruba Networks, finally broke into a double-digit share of global revenues only last year, capturing 11.5% according to IDC.

Cisco continues to invest heavily in radio frequency technologies, leveraging its own Wi-Fi chip designs with Cisco-developed, on-chip code to boost signal reliability and consistency, and throughput. The focus is less on raw chip-level data rates, though that's important, and more on optimizing the connection to provide the reliability, security and throughput of a wired Ethernet link.

Cisco's Hajela, who formerly ran Motorola's WLAN group and came over to his current job at Cisco in August 2011, sometimes sounds like a network version of Dr. Phil. "More and more of our messaging is about customer 'care-abouts,'" he says at one point. And at another point, "The end user is looking for an uncompromised experience, regardless of the network" connectivity.

These bromides actually mean something, and Hajela becomes specific and insistent when pressed. "The network doesn't matter to the user," he says. "What he wants is to be able to use his app wherever he is."

And that use must be optimal. "If my device and my network connection support high-def video, then I should get high-def video," he says. "And if I'm using a smartphone, I should get optimal battery life. These things should be handled by intelligence placed in the network."

Cisco's job is to cram more and more intelligence into the networks and applications and infrastructure that supports the enterprise's mobile users and mobile business.

"What's really resonating with enterprise IT is this: the system looks at who the user is, and what he's trying to do, rather than how he's connecting" by wire or wireless, Hajela says.

Cisco's Identity Services Engine (ISE) is a key part of this approach, identifying and authenticating users regardless of how they connect, and adjusting their access and security privileges based on variables such as their location, connectivity, and time of day. [See "Cisco enterprise management tools take on new network realities".] Tightly integrated with ISE is Cisco Prime Network Control System (NCS), which replaced the standalone Wireless Control System management application for Cisco WLANs, and creates single console for managing both wired and wireless.

The need for such an approach "just plain makes sense," commented Network World wireless blogger Craig Mathias in a post about NCS. "Along with [unified] security and integrity comes a fundamental need to handle the ever-increasing capacity demanded by an ever-growing population of wireless users with equally-demanding applications," he wrote. "A single-pane management console adds convenience, lowers cost (Cisco points out that generalists with the right tools can be just as productive as more-expensive specialists), and just plain makes sense...."

Cisco isn't the only WLAN supplier taking this unifying or converging approach, as Gartner's Zimmerman points out. "We see this in HP, in Aruba, which is now offering a [LAN] switch along with end-to-end, multivendor support," he says. "Vendors are addressing the multiple elements within this infrastructure layer."

The reality is that Cisco faces a rapidly changing enterprise mobile environment, and enterprise customers have plenty of options. Earlier this month, Aruba announced that Texas A&M University, a major Cisco shop, is replacing its existing Cisco WLAN with Aruba's products, after extensive testing. The school will eventually install 6,000 to 7,000 Aruba 802.11n access points, along with Aruba's AirWave wired/wireless network management application.

---Original reading appeared in networkworld.com


More Cisco Wireless News and Info:

Simple Ways to Secure Wireless Network

WMC2012: Cisco Bridges Wi-Fi, Cellular Nets

Read more

Cisco RV110W Wireless-N VPN Firewall Review

May 21 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

The Cisco RV110W Wireless-N VPN Firewall offers simple, highly secure wired and wireless connectivity for small offices, home offices, and remote workers at an affordable price. It comes with a high-speed, 802.11n wireless access point, a 4-port 10/100 Mbps Fast Ethernet switch, an intuitive, browser-based device manager, and support for the Cisco Small Business FindIT Network Discovery Utility.


It combines business-class features, simple installation, and a quality user experience to provide basic connectivity for small businesses with five or fewer employees.

The RV110W Wireless-N VPN Firewall also features:

  • A proven firewall with support for access rules and advanced wireless security to help keep business assets safe
  • IP Security (IPsec) VPN support for highly secure remote-access client connectivity
  • Support for separate virtual networks to allow you to set up highly secure wireless guest access
  • Native support for IPv6, which allows you to take advantage of future networking applications and operating systems, without an equipment upgrade
  • Support for Cisco Small Business QuickVPN software

The good: The Cisco RV110W Wireless-N VPN Firewall router offers a built-in PPTP VPN server and fast performance. The compact, IPv6-ready router is easy to use and comes with a well-organized, responsive Web interface.

The bad: The RV110W lacks support for dual-band and Gigabit Ethernet. Its VPN supports only up to five remote clients at time.

The bottom line: The Cisco RV110W Wireless-N VPN Firewall would make a very good investment for a small business that needs an easy VPN solution for remote employees.

The Cisco RV110W Wireless-N VPN Firewall router is not for everyone, but those who need it will appreciate its simplicity. The router offers a built-in VPN for up to five clients at a time. Other than the VPN this is a simple single-band Wireless-N router that doesn't support dual-band wireless or Gigabit Ethernet. At an estimated price of less than $120, though, it's still a good choice for a small business.


Design and ease of use

The Cisco RV110W Wireless-N VPN Firewall router is square and compact, about the size of a bathroom tile. It has four little rubber feet on the bottom to keep it grounded, and is also wall-mountable. Unlike other home routers from Cisco, such as the E series, that have internal antennas, the RV110W has two antennas sticking up from the back. Also on the back you'll find the router's one WAN port (to hook up to the Internet) and four WAN ports (for wired clients). None of these ports, unfortunately, is Gigabit Ethernet, meaning the router offers at the most 100Mbps for its wired networks.

The router doesn't have a USB port, either, which means there's no built-in network storage or print-server capability.

On the front, the router has a Wi-Fi Protected Setup button that helps quickly add Wi-Fi clients to the network. There's also an LED array to show the statuses of the ports on the back and the connection to the Internet.

Unlike other routers, the RV110W doesn't come with the Cisco Connect software. Instead, it has a well-illustrated Quick Start Guide that takes you through the setup process, from hooking up the cables to getting the wireless network up and running. Part of the process involves logging in to the router's well-organized and responsive Web interface, which includes a wizard to make the setup process even easier.



The RV110W's most important feature is the built-in support for hosting a VPN network, which allows clients outside the office to connect to the network as though they were within the local network. This enables remote workers to access local resources such as printers, remote desktops, and databases.

Generally, you'd need a domain server to do this, or you'd need to opt for a much more expensive router. The RV110W is possibly the cheapest simple VPN hosting product that offers an easy-to-use built-in PPTP VPN server on the market. Nonetheless, you'll need to be fairly well-versed in networking to configure a client to connect to the router. On the router side, however, it takes just a few mouse clicks to get the VPN ready.

The router's VPN network-hosting support is limited to up to five concurrent clients at a time, so if your business has more than five employees who work remotely, this router is not for you.

The RV110W is a single-band wireless router, offering Wireless-N (802.11n) on the 2.4GHz band only. Most new home routers offer support for dual-band, meaning they can also broadcast on the higher-bandwidth 5GHz band. For a business router, however, it's still normal not to offer 5GHz. What's not normal, and is disappointing, however, is the fact that the RV110W doesn't offer Gigabit Ethernet.

To make up for that, it's one of the few routers on the market that are IPv6-ready. The new version of Internet protocol promises better security and speed and, most importantly, is future-proofed as the world is now moving on from IPv4, which is running out of addresses.

More Cisco wireless info you can visit: http://blog.router-switch.com/category/technology/wireless/

Read more

How to Set Up Cisco Router Passwords?

May 18 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Passwords are absolutely the best defense against would-be hackers. Leaving no passwords on a Cisco router can cause major problems. Keep in mind that using passwords is just the first line of defense, and you should have other security features on your network as well.
Cisco has some defense against would-be hackers built into its router Internetworking Operating System (IOS). For example, it is impossible to Telnet into a Cisco router unless an administrator configures the router with a Telnet password or uses the No Login command, which allows users to Telnet into a router with no password. Either way, something has to be configured for Telnet to work. Also, you cannot enter privileged mode (which is the IOS EXEC mode that allows you to view or change the configuration on a router) from Telnet unless an Enable password is set. These are very basic features of Cisco routers and allow only some security.

Here, I will focus on the five basic Cisco router passwords you can use to protect your network. However, first you must know the difference between user mode and privileged mode. Both of these modes are called EXEC mode, and a prompt is used to tell you which mode you are in.

User mode CLI
The user mode EXEC command-line interface (CLI) is sometimes referred to as “useless mode” because it doesn’t do a whole lot. User mode lets you view interface statistics and is typically used by junior administrators to gather facts for the senior staff. You don’t want highly paid people sitting around gathering basic network statistics when a junior administrator can be adequately trained to document this information. To get into user mode, you can connect in one of three ways:

  • Console: An RJ-45 connection on all Cisco routers allows full access to the router if no passwords are set.
  • Aux: An RJ-45 connection on most routers allows you to connect a modem to the port, dial in to the router, and make a console connection.
  • VTY: Virtual Teletype is used to allow a Telnet connection to the router, which will then work like a console port. You must have an active interface on the router for Telnet to connect to the router.

The most important thing to understand about the three connection modes is that they get you into user mode only. To view and change the configuration, you need to be in privileged mode.

Privileged mode CLI
The privileged EXEC mode allows full access to a Cisco router by default, and the configuration can be both viewed and changed in this EXEC mode. You can enter privileged mode by first entering user mode and then typing the command enable.

It is important to remember that to change the router configuration, you must be in privileged EXEC mode. The console, aux, and VTY ports are used to get into user mode only and have nothing to do with how the router is configured.

Here is an example of how to get into privileged mode on a Cisco router through the console port:
Line con 0 now ready, press return to continue

At this point, you press Enter. Next, you will see:
Enter password:

This prompt is asking for the console user-mode password. Then, you will see:

The prompt at user mode is the greater-than sign (>). When you are in privileged mode, the prompt changes to a pound sign (#).

Global configuration mode
Once you are in privileged mode, you enter global configuration mode to change the configuration. You make changes by typing the command configure terminal. However, I prefer to type the shortcut command config t. This allows you to change the running-config, a file that is in DRAM and is the configuration the router is using. You can save the running-config to what is called Non-Violate RAM (NVRAM). The file that is copied into NVRAM is called startup-config and is the configuration that is copied to RAM when the router is rebooted or powered up.

Once you type configure terminalfrom privileged mode, your prompt changes to the following:
Router#configure terminal

This prompt tells you that you are in global configuration mode. From here, you can make changes to the router that affect the router in whole, hence the name global configuration mode. For example, this is the location where you set the router passwords.

If you want to change the configuration of an interface, you would have to enter interface configuration mode from global configuration mode. Here is an example:
Router#configure terminal
Router(config)#interface fastethernet 0/0

Notice the prompt is Router(config-if)#, which tells you that you are in interface configuration mode. From here, you can enable or disable the interface, add IP and IPX addresses, and more.

The five passwords
Now that you understand the difference between user mode, privileged mode, and global and interface configuration modes, you can now set the passwords for each level.

Here are the five passwords you can set on a Cisco router:

  • Console
  • Aux
  • VTY
  • Enable password
  • Enable Secret

We will discuss each of these passwords and how to configure them in the following sections.
This is the basic connection into every router. To initially set up a router, you need to connect to the console port and at a minimum enable one interface and set the VTY password. After one interface is enabled and the VTY lines are configured, an administrator can then Telnet into the router and do the final configurations from that connection. However, the console port can be used to configure the complete configuration at any time. This makes it very important to protect the console port with a password.

To configure a console user-mode password, use the Line command from global configuration mode. There is only one console port on all routers, so the command is
line console 0

Here is an example:
Router#config t
Router(config)#line console 0

Notice the prompt changed to Router(config-line)#. This prompt tells you that you are configuring the console, aux, or VTY lines.

To finish configuring the console port, you can use two more commands:

  • Login:This tells the router to look under the console line configuration for the password. If you do not use this command, you will not be prompted for a password when you connect to the router’s console port.
  • Password: This sets the console user-mode password. It is case sensitive.

The complete command will look like this:
Router#config t
Router(config)#line console 0
Router(config-line)#password todd

On some routers, aux is called the auxiliary port, and on some it is called the aux port. To find the complete command-line name on your router, use a question mark with the Line command as shown:
Router(config)#line ?
< 0-4> First Line Number
aux           Auxiliary line
console       Primary terminal line
vty           Virtual terminal

At this point, you can choose the correct command you need. Here is an example of setting the aux port on a Cisco router to prompt for a user-mode password with a console cable connected (this port can be used with or without a modem):
Router#config t
Router(config)#line aux 0
Router(config-line)#password cisco

VTY (Telnet)
The Virtual Teletype (VTY) lines are used to configure Telnet access to a Cisco router. As I mentioned earlier, the VTY lines must be configured for Telnet to be successful.

Here is an example of an administrator’s attempt to Telnet to a router that does not have the VTY lines configured:
Password not set, connection refused

This is the default on every Cisco router.

To configure the VTY lines, you must use the question mark with the command
line 0

to determine the number of lines available on your router. The number varies with the type of router and the IOS version. However, five is the most common number of lines.
Router#config t
Router(config)#line vty 0 ?
<0-4>  Last Line Number
Router(config)#line vty 0 4
Router(config-line)#password cisco

Notice that you choose all the lines available for the most efficient configuration. You can set each line individually, but because you cannot choose the line you enter the router with when you Telnet, this can cause problems.

You can tell the router to allow Telnet connections without a password by using the No Login command:
Router(config)#line vty 0 4
Router(config-line)#no login

Enable password
The Enable password is used to allow security on a Cisco router when an administrator is trying to go from user mode to privileged mode. The Enable password is an old, unencrypted password that will prompt for a password when used from privileged mode. You set the Enable password from global configuration EXEC mode and use the command
enable password password

Here is an example:
Router#config t
Router(config)#enable password lammle
Router#disable (the disable command takes you from privilege mode back to user mode)
Enter password:

Enable Secret
The Enable Secret password accomplishes the same thing as Enable. However, it is encrypted by default and supercedes Enable if it is set. In other words, if you set the Enable password and then set the Enable Secret password, the Enable password will never be used.

You set the Enable Secret password from global configuration mode by using the command:
enable secret password

Here’s an example:
Router#config t
Router(config)#enable secret san jose

Encrypting your passwords
The Line command passwords (console, aux, and VTY) are not encrypted by default and can be seen by going into privileged EXEC mode and typing the command
show running-config

This displays the complete configuration that the router is running, including all the passwords. Remember that the Enable Secret password is encrypted by default, but the other four are not. To encrypt your passwords, use the global configuration command
service password-encryption

Here is an example of how to perform manual password encryption (as well as an example of how to set all five passwords):
Router#config t
Router(config)#service password-encryption
Router(config)#enable password todd
Router(config)#line vty 0 4
Router(config-line)#password todd
Router(config-line)#line con 0
Router(config-line)#password cisco
Router(config-line)#line aux 0
Router(config-line)#password sanjose
Router(config)#no service password-encryption
Router(config)#enable secret lammle

All of the passwords can be the same except the Enable and the Enable Secret passwords. You should make them different for security reasons, however.

It is extremely important to set your passwords on every Cisco router your company has. If you are studying for your Cisco certification exams, be sure you understand the passwords and how to set them. Remember the difference between the Enable Secret and the Enable password and that the Enable Secret password supercedes the Enable password if it’s set.

The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

---Original tutorial from:techrepublic.com


More Related Cisco Router Password Setup

Cisco Router Auxiliary, Console and Telnet Passwords Setup

Read more

Cisco 6500 Virtual Switching Supervisor Engine

May 16 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Virtualization, long a hot topic for servers, has entered the networking realm. With the introduction of a new management blade for its Catalyst 6500 switches, Cisco can make two switches look like one while dramatically reducing failover times in the process.

In an exclusive Clear Choice test of Cisco's new Virtual Switching System (VSS), Network World conducted its largest-ever benchmarks to date, using a mammoth test bed with 130 10G Ethernet interfaces. The results were impressive: VSS not only delivers a 20-fold improvement in failover times but also eliminates Layer 2 and 3 redundancy protocols at the same time.

The performance numbers are even more startling: A VSS-enabled virtual switch moved a record 770 million frames per second in one test, and routed more than 5.6 billion unicast and multicast flows in another. Those numbers are exactly twice what a single physical Catalyst 6509 can do.


All links, all the time

To maximise up-time, network architects typically provision multiple links and devices at every layer of the network, using an alphabet soup of redundancy protocols to protect against downtime. These include rapid spanning tree protocol (RSTP), hot standby routing protocol (HSRP), and virtual router redundancy protocol (VRRP).

This approach works, but has multiple downsides. Chief among them is the "active-passive" model used by most redundancy protocols, where one path carries traffic while the other sits idle until a failure occurs. Active-passive models use only 50 percent of available capacity, adding considerable capital expense.

Further, both HSRP and VRRP require three IP addresses per subnet, even though routers use only one address at a time. And while rapid spanning tree recovers from failures much faster than the original spanning tree, convergence times can still vary by several seconds, leading to erratic application performance. Strictly speaking, spanning tree was intended only to prevent loops, but it's commonly used as a redundancy mechanism.

There's one more downside to current redundant network designs: It creates twice as many network elements to manage. Regardless of whether network managers use a command-line interface or an SNMP-based system for configuration management, any policy change needs to be made twice, once on each redundant component.


Introducing Virtual Switching

In contrast, Cisco's VSS uses an "active-active" model that retains the same amount of redundancy, but makes use of all available links and switch ports.

While many vendors support link aggregation (a means of combining multiple physical interfaces to appear as one logical interface), VSS is unique in its ability to virtualise the entire switch -- including the switch fabric and all interfaces. Link aggregation and variations such as Nortel's Split Multi-Link Trunk (SMLT) do not create virtual switches, nor do they eliminate the need for Layer 3 redundancy mechanisms such as HSRP or VRRP.

At the heart of VSS is the Virtual Switching Supervisor 720-10G, a management and switch fabric blade for Cisco Catalyst 6500 switches. VSS requires two new supervisor cards, one in each physical chassis. The management blades create a virtual switch link (VSL), making both devices appear as one to the outside world: There's just one media access control and one IP address used, and both systems share a common configuration file that covers all ports in both chassis.

On the access side of Cisco's virtual switch, downstream devices still connect to both physical chassis, but a bonding technology called Multichassis EtherChannel (MEC) presents the virtual switch as one logical device. MEC links can use industry-standard 802.1ad link aggregation or Cisco's proprietary port aggregation protocol. Either way, MEC eliminates the need for spanning tree. All links within a MEC are active until a circuit or switch failure occurs, and then traffic continues to flow over the remaining links in the MEC.

Servers also can use MEC's link aggregation support, with no additional software needed. Multiple connections were already possible using "NIC teaming," but that's usually a proprietary, active/passive approach.

On the core side of Cisco's virtual switch, devices also use MEC connections to attach to the virtual switch. This eliminates the need for redundancy protocols such as HSRP or VRRP, and also reduces the number of routes advertised. As on the access side, traffic flows through the MEC in an "active/active" pattern until a failure, after which the MEC continues to operate with fewer elements.

The previous examples focused on distribution-layer switches, but VSL links work between any two Catalyst 6500 chassis. For example, virtual switching can be used at both core and distribution layers, or at the core, distribution and access layers. All attached devices would see one logical device wherever a virtual switch exists.

A VSL works only between two chassis, but it can support up to eight physical links. Multiple VSL links can be established using any combination of interfaces on the new supervisor card or Cisco's WS-6708 10G Ethernet line card. VSS also requires line cards in Cisco's 67xx series, such as the 6724 and 6748 10/100/1000 modules or the 6704 or 6708 10G Ethernet modules. Cisco says VSL control traffic uses less than 5 percent of a 10G Ethernet link, but we did not verify this.

At least for now, VSL traffic is proprietary. It isn't possible to set up a VSL between, say, a Cisco and Foundry switch. 


A big swath of fabric

We assessed VSS performance with tests focused on fabric bandwidth and delay, failover times, and unicast/multicast performance across a network backbone.

In the fabric tests we sought to answer two simple questions: How fast does VSS move frames, and how long does it hang on to each frame? The set-up for this test was anything but simple. We attached Spirent TestCenter analyser/generator modules to 130 10G Ethernet ports on two Catalyst 6509 chassis configured as one virtual switch.

These tests produced, by far, the highest throughput we've ever measured from a single (logical) device. When forwarding 64-byte frames, Cisco's virtual switch moved traffic at more than 770 million frames per second. We then ran the same test on a single switch, without virtualisation, and measured throughput of 385 million frames per second -- exactly half the result of the two fabrics combined in the virtual switch. These results prove there's no penalty for combining switch fabrics.

We also measured VSS throughput for 256-byte frames (close to the average Internet frame length) of 287 million frames per second and for 1,518-byte frames (until recently, the maximum in Ethernet, and still the top end on most production networks) of 53 million frames per second. With both frame sizes, throughput was exactly double that of the single-switch case.

The 1,518-byte frames per second number represents throughput of nearly 648Gbps. This is only around half the theoretical maximum rate possible with 130 10G Ethernet ports. The limiting factor is the Supervisor 720 switch fabric, which can't send line-rate traffic to all 66 10G ports in each fully loaded chassis. VSS doubles fabric capacity by combining two switches, but it doesn't extend the capacity of the fabric card in either physical switch.

We also measured delay for all three frame sizes. With a 10 percent intended load, Spirent TestCenter reported average delays ranging from 12 to 17 microsec, both with and without virtual switching. These numbers are similar to those for other 10G switches we've tested, and far below the point where they'd affect performance of any application. Even the maximum delays of around 66 microsec with virtual switching again are too low to slow down any application, especially considering Internet round-trip delays often run into the tens of milliseconds.


Faster failovers

Our failover tests produced another record: The fastest recovery from an Layer 2/Layer 3 network failure we've ever measured.

We began these tests with a conventional set-up: Rapid spanning tree at layer 2, HSRP at Layer 3, and 16,000 hosts (emulated on Spirent TestCenter) sending traffic across redundant pairs of access, distribution and core switches. During the test, we cut off power to one of the distribution switches, forcing all redundancy mechanisms and routing protocols to reconverge. Recovery took 6.883 seconds in this set-up.

Then we re-ran the same test two more times with VSS enabled. This time convergence occurred much faster. It took the network just 322 millisec to converge with virtual switching on the distribution switches, and 341 millisec to converge with virtual switching on the core and distribution switches. Both numbers represent better than 20-fold improvements over the usual redundancy mechanisms.


A bigger backbone

Our final tests measured backbone performance using a complex enterprise traffic pattern involving 176,000 unicast routes, more than 10,000 multicast routes, and more than 5.6 billion flows. We ran these tests with unicast traffic alone and a combination of unicast and multicast flows, and again compared results with and without VSS in place.

Just to keep things interesting, we ran all tests with a 10,000-entry access control list in place, and also configured switches to re-mark all packets' diff-serv code point (DSCP) fields. Re-marking DSCPs prevents users from unauthorised "promotion" of their packets to receive higher-priority treatment. In addition, we enabled NetFlow tracking for all test traffic.

Throughput in all the backbone cases was exactly double with virtual switching than without it. This was true for both unicast and mixed-class throughput tests, and also true regardless of whether we enabled virtual switching on distribution switches alone, or on both the core and distribution switches. These results clearly show the advantages of an "active/active" design over an "active/passive" one.

We measured delay as well as throughput in these tests. Ideally, we'd expect to see little difference between test cases with and without virtual switching, and between cases with virtual switching at one or two layers in the network. When it came to average delay, that's pretty much how things looked. Delays across three pairs of physical switches ranged from around 26 to 90 microsec in all test cases, well below the point where applications would notice.

Maximum delays did vary somewhat with virtual switching enabled, but not by a margin that would affect application performance. Curiously, maximum delay increased the most for 256-byte frames, with fourfold increases over results without virtual switching. The actual amounts were always well less than 1 millisec, and also unlikely to affect application performance.

Cisco's VSS is a significant advancement in the state of the switching art. It dramatically improves availability with much faster recovery times, while simultaneously providing a big boost in bandwidth.


How we tested Cisco's VSS

For all tests described here, we configured a 10,000-line access control list (ACL) covering layer-3 and layer-4 criteria and spot-checked that random entries in the ACL blocked traffic as intended. As a safeguard against users making unauthorised changes, Cisco engineers also configured access and core switches to re-mark the diff-serve code point (DSCP) in every packet, and we verified re-marking using counters in the Spirent TestCenter traffic generator/analyser. Cisco also enabled NetFlow traffic monitoring for all test traffic. 

To assess the fabric bandwidth and delay, the system under test was one pair of Cisco Catalyst 6509-E switches. Cisco engineers set up a virtual switch link (VSL) between the switches, each equipped with eight WS6408 10G Ethernet line cards and one Virtual Switching Supervisor 720-10G management/switch fabric card. That left a total of 130 10G Ethernet test ports: Eight on each of the line cards, plus one on each of the management cards (we used the management card's other 10G Ethernet port to set up the virtual link between switches).

Using the Spirent TestCenter traffic generator/analyser, we offered 64-, 256- and 1518-byte IPv4 unicast frames on each of the 130 10G test ports to determine throughput and delay. We measured delay at 10 percent of line rate, consistent with our practice in previous 10G Ethernet switch tests. The Spirent TestCenter analyser emulated 100 unique hosts on each port, making for 13,000 total hosts.

In the failover tests, the goal was to compare VSS recovery time upon loss of a switch with recovery using older redundancy mechanisms.

This test involved three pairs of Catalyst 6509 switches, representing the core, distribution and access layers of an enterprise network. We ran the failover tests in three configurations. In the first scenario, we used legacy redundancy mechanisms such as rapid spanning tree and hot standby routing protocol (HSRP). Then we ran two failover scenarios using VSS, first with a virtual link on the distribution switches alone, and again with VSS links on both the distribution and core switches.

For each test, we began by offering traffic to each of 16 interfaces on the core and access sides of the test bed. We began the failover tests with a baseline event to verify no frame loss existed. While Spirent TestCenter offered test traffic for 300 seconds, we cut off power to one of the distribution switches. Because we offered traffic to each interface at a rate of 100,000 frames per second, each dropped frame represented 10 microsec of recovery time. So, for example, if Spirent TestCenter reported 32,000 lost frames, then failover time was 320 millisec.

The backbone performance tests used a set-up similar to the VSS configurations in the failover tests. Here again, there were three pairs of Catalyst 6509 switches, representing core, distribution and access layers of an enterprise network. Here again, we also conducted separate tests with a virtual link on the distribution switches, and again with virtual links on the distribution and core switches.

To represent enterprise conditions, we set up very large numbers of routes, hosts and flows in these tests. From the core side, we configured OSPF to advertise 176,000 unique routes. On the access side, we set up four virtual LANs (VLAN), each with 250 hosts, on each of 16 ports, for 16,000 hosts total. In terms of multicast traffic set-up, one host in each access-side VLAN joined each of 40 groups, each of which had 16 transmitters; with 16 core-side interfaces. In all, this test represented more than 10,000 multicast routes, and more than 5.6 billion unique unicast flows.

In the backbone tests, we used a partially meshed traffic pattern to measure system throughput and delay. As defined in RFC 2285, a partial mesh pattern is one in which ports on both sides of the test bed exchange traffic with one another, but not among themselves. In this case, that meant all access ports exchanged traffic with all core ports, and vice-versa.

We tested all four combinations of unicast, mixed multicast/unicast, and virtual switching enabled and disabled on the core switches (virtual switching was always enabled on the distribution switches and always disabled on the access switches). In all four backbone test set-ups, we measured throughput and delay. 

We conducted these tests in an engineering lab at Cisco's campus in San Jose. This is a departure from our normal procedure of testing in our own labs or at a neutral third-party facility. The change was borne of logistical necessity: Cisco's lab was the only one available within the allotted timeframe with sufficient 10G Ethernet test ports and electrical power to conduct this test. Network Test and Spirent engineers conducted all tests and verified configurations of both switches and test instruments, just as we would in any test. The results presented here would be the same regardless of where the test was conducted.

---Original reading from review.techworld.com


More Related Cisco Topics:

Cisco Catalyst 6500 Switches Vs. Catalyst 4500 Series

Cisco Catalyst 6000/6500, Aim at Enterprise Network & Service Provider Networks

Is Catalyst 6500 Supervisor 2T Your Upgrade Answer?

Why Cisco 6500 Series is Here to Stay?

Read more

Cisco Touts Universal Power Over Ethernet (PoE)

May 14 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco News

For over 12 years there have been two ways of getting electricity to devices on your network: From an electrical outlet or from an Ethernet jack using Power over Ethernet.

With the release last year by Cisco Systems Inc. of what it calls Universal PoE, a proprietary version which delivers 60 Watts of power per port over an Ethernet line, the company believes it has opened new opportunities for manufacturers of almost everything that runs of electricity to plug in via Category 5 cable.Cisco-network-copy-1.jpg

On Tuesday, Samsung Electronics showed confidence in the technology by announcing an UPoE version of its desktop monitor for virtual desktops, the 22-inch NC220P.

It is expected to hit the market at the end of May, with a projected street price of US$774.

When it was introduced -- by Cisco -- in 2000, Power over Ethernet offered a mere 7 Watts of power. Common PoE devices are desktop IP phones and wireless access points. Over the years PoE has reached the ability to deliver 30 Watts over Ethernet.

By doubling that UPoE offers more possibilities. However, it is available only by plugging a module into a Cisco Catalyst 4500E switch, which then connects to approved devices.

In a conference call with reporters, Joe Angelo, a Samsung business development manager said the NC220P integrates a thin client into the monitor, taking its power and data over one Ethernet cable.

It has four USB ports, a DVI-out port for a second display and headphone and microphone connections.

Angelo said target markets include governments, hospitals and schools.

Pradeep Parmar, a senior Cisco marketing manager, said the announcement is more evidence of the acceptance of large organizations of UPoE and how widely it can be used.

For example, he said, UPoE could power telepresence systems or high power surveillance cameras.

Parmar also brought onto the conference call an official from a Japanese company, which is using UPoE for LED office lighting instead of fluorescent lights. Connected to Cisco's Energywise power monitoring software, the solution can make dramatic savings in electricity.

Also on the call was Dwight Holmberg, a regional manager with FieldServer Technologies of Milpitas , Calif., who said the company's gateway for connecting building automation systems can leverage UPoE.

According to Zeus Kerravala, principal analyst at ZK Research, UPoE is another example of how Cisco tailors a technology to keep ahead of competitors. No other network equipment maker has adopted UPoE or its approach, he said.

"For Cisco, it's important with so much talk out there about the wired network being dead because of all the wireless end points," Kerravala added. "If they can find a whole group of other devices that can connect to the network that aren't traditional PCs, that opens the door for them to open the overall market for wired switches."

---Cisco News quoted from pcworld.com


More PoE info & Cisco News:

FAQ: Power over Ethernet (PoE) Power Requirements

Cisco Launches New Industrial Switches

Read more

OSI Model vs. Cisco Three-Layered Hierarchical Model

May 11 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Networking


The ISO, International Organization for Standardization is the Emily Post of the network protocol world. Just like Ms. Post, who wrote the book setting the standards or protocols for human social interaction, the ISO developed the OSI model as the precedent and guide for an open network protocol set. Defining the etiquette of communication models, it remains today the most popular means of comparison for protocol suites.

OSI layers are defined as top down such as:

  • The Application layer
  • The Presentation layer
  • The Session layer
  • The Transport layer
  • The Network layer
  • The Data Link layer
  • The Physical layer


Cisco Hierarchical ModelOSI-Model-vs.-Cisco-Three-Layered-Hierarchical-Model.jpg

Hierarchy has many of the same benefits in network design that it does in other areas of life. When used properly, it makes networks more predictable. It helps us define at which levels of hierarchy we should perform certain functions. Likewise, you can use tools such as access lists at certain levels in hierarchical networks and avoid them at others.

Large networks can be extremely complicated, with multiple protocols, detailed configurations, and diverse technologies. Hierarchy helps us summarize a complex collection of details into an understandable model. Then, as specific configurations are needed, the model dictates the appropriate manner to apply them.

The Cisco hierarchical model can help you design, implement, and maintain a scalable, reliable, cost-effective hierarchical internetwork.

The following are the three layers:

  • The Core layer or Backbone
  • The Distribution layer
  • The Access layer

Each layer has specific responsibilities. However, that the three layers are logical and are not necessarily physical devices. Consider the OSI model, another logical hierarchy. The seven layers describe functions but not necessarily protocols. Sometimes a protocol maps to more than one layer of the OSI model, and sometimes multiple protocols communicate within a single layer. In the same way, when we build physical implementations of hierarchical networks, we may have many devices in a single layer, or we might have a single device performing functions at two layers. The definition of the layers is logical, not physical.

Now, let's take a closer look at each of the layers.


The Core Layer

The core layer is literally the Internet backbone. At the top of the hierarchy, the core layer is responsible for transporting large amounts of traffic both reliably and quickly. The only purpose of the network's core layer is to switch traffic as fast as possible. The traffic transported across the core is common to a majority of users. However, remember that user data is processed at the distribution layer, which forwards the requests to the core if needed.

If there is a failure in the core, every user can be affected. Therefore, fault tolerance at this layer is an issue. The core is likely to see large volumes of traffic, so speed and latency are driving concerns here. Given the function of the core, we can now consider some design specifics. Let's start with something we don't want to do.

  • Don't do anything to slow down traffic. This includes using access lists, routing between virtual local area networks, and packet filtering.
  • Don't support workgroup access here.
  • Avoid expanding the core when the internetwork grows. If performance becomes an issue in the core, give preference to upgrades over expansion.

Now, there are a few things that we want to do as we design the core. They include the following:

  • Design the core for high reliability. Consider data-link technologies that facilitate both speed and redundancy, such as FDDI, Fast Ethernet, or even ATM.
  • Design with speed in mind. The core should have very little latency.
  • Select routing protocols with lower convergence times. Fast and redundant data-link connectivity is no help if your routing tables are shot.


The Distribution Layer

The distribution layer is sometimes referred to as the workgroup layer and is the major communication point between the access layer and the core. The primary function of the distribution layer is to provide routing, filtering, and WAN access and to determine how packets can access the core, if needed.

The distribution layer must determine the fastest way that network service requests are handled; for example, how a file request is forwarded to a server. After the distribution layer determines the best path, it forwards the request to the core layer. The core layer then quickly transports the request to the correct service.

The distribution layer is the place to implement policies for the network. Here you can exercise considerable flexibility in defining network operation. There are several items that generally should be done at the distribution layer such as:

  • Implementation of tools such as access lists, of packet filtering, and of queuing
  • Implementation of security and network policies including firewalls
  • Redistribution between routing protocols, including static routing
  • Routing between VLANs and other workgroup support functions
  • Definitions of broadcast and multicast domains

Things to avoid at this layer are limited to those functions that exclusively belong to one of the other layers.


The Access Layer

The access layer controls user and workgroup access to internetwork resources. The access layer is sometimes referred to as the desktop layer. The network resources most users need will be available locally. The distribution layer handles any traffic for remote services.

The following are some of the functions to be included at the access layer:

  • Continued access control and policies
  • Creation of separate collision domains
  • Workgroup connectivity into the distribution layer through layer 2 switching

Technologies such as DDR and Ethernet switching are frequently seen in the access layer. Static routing is seen here as well. As already noted, three separate levels does not imply three separate routers. It could be fewer, or it could be more. Remember, this is a layered approach.

---Original Resource from tech-faq.com


More Related Cisco Network Readings:

Cisco Network: the Cisco 3-Layered Hierarchical Model


Read more

Cisco Review: Cisco 3750-X Layer 3 Switches

May 8 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

The Cisco 3750 range has been around for many years now, and has a vast following. The Cisco 3750-X is the new kid on the Cisco block, and it combines plenty of stuff that will be familiar to users of its predecessors with some funky new features that are clearly a step forward.Cisco-Catalyst-3750x-12s-s.jpg

Cisco 3750 switch comes in a number of flavors – between 24 and 48 ports, with or without Power over Ethernet. Cisco 3750 with 48P is the PoE variant of the 48-port device. Now, the traditional Cisco 3750 had four 1Gbit/s SFP ports in addition to the 48 10/100/1000 copper ports; the Cisco 3750-X instead has a slot into which you can slot either a four-port 1Gbit/s SFP daughter-board or a two-port 10Gbit/s alternative.

Alongside the port combinations, there are three software installs. The LAN Base software is a layer-2 only software image, and quite frankly I wouldn't ever expect to buy one of these if I only wanted layer-2 functionality. More sensible is the IP Base image which makes the device a proper Layer-3 routing switch, albeit with a limited selection of routing protocols. At the top is the IP Services image, which makes the unit a full-blown router (just like its ancestors – two of my BGP-shouting WAN routers are actually 3750Gs, in fact). The main market will of course be for the IP Base version.

The rear panel is interesting too, of course. As with the older 3750s the rear panel has a pair of “stack” ports. Each stack port provides a 16Gbit/s backplane connection, and by stacking your devices in a loop you end up with a resilient 32Gbit/s backplane. From a management and configuration point of view a stack is a single virtual switch – you manage it rather like a chassis product with a number of blades. So port 1 of switch 1 is Gi1/0/1, port 3 of switch 2 is Gi2/0/3, and so on.

The important rear-panel innovation with the new CISCO 3750-X model is the provision for redundant power supplies. In the old model you had a single, non-removable power supply along with an RPS (Redundant Power Supply) connection; to use the latter and give yourself some resilience you had to buy something like an RPS2300 – an external device that was a stupid shape that didn't fit into a rack very well, had buttons on the front whose only purpose seemed to be to make things break, and on a brighter note provided up to six switches with resilient power. The new model has dual slots for removable PSUs, of which one is populated by default; it's a ten-second job to slip a second one in beside it. One of the downsides of the old 3750 was the bloody awful reliability of the internal (fixed) PSU, and I've spent rather too many hours swapping out units with duff power units, so the removable units in the -X are most welcome.

Along with the redundant PSU facility is the power stacking capability. Just as you have your data stack cables, you also now have a pair of power-stack cables on each unit, so that the total power available via all the PSUs in the stack is available for negotiated use across the whole stack, for switch power and PoE.

As with the older devices, you can add and remove stack devices on the fly. Adding a switch to a stack is a simple case of settings its ID, telling the stack to expect a new member, and plumbing it in (although in theory the stack will deal with firmware mismatches in the new member, I prefer not to tempt fate so I always pre-install the right version). If a unit fails the stack will keep on humming while you pull out the duff one and stick in the replacement, and the config will be automatically migrated to the new unit.

The only downside I've found so far, in fact, is with trying to get the new -X model to co-exist in a stack with the old 3750-G (in short, I've not persuaded it to actually work yet) but I've no doubt I'll persuade it to play before long.

The Cisco 3750-X is a really sensible evolution in an already popular family of switches in the Cisco family. Being an IOS device there's really not a great deal of difference management-wise between the old and the new, so you get new functionality with almost zero additional training requirements. I've recently added seven 48-port non-PoE versions in three of my server installations, and have just received two new pairs of the PoE variant in a couple of offices, and I'm pretty happy thus far.



New power stacking capability is an excellent evolution.

32Gbit/s backplane should be sufficient for most modest installations.

10Gbit/s Ethernet support for uplinking or connecting to blade servers.


More Cisco 3750 Info:

CISCO Catalyst 3750 Family

How to Configure a Cisco 3750

How to Add a DHCP Range to a Cisco 3750 Switch?


Sample Pricing for Popular Cisco 3750 Models:

Catalyst 3750X 24 Port Data LAN Base: US$2,236.00 (57.00% off list price)

Catalyst 3750X 48 Port Data LAN Base: US$3,827.00 (57.00% off list price)

Catalyst 3750X 24 Port Data IP Base: US$2,795.00 (57.00% off list price)

Catalyst 3750X 48 Port Data IP Base: US$4,945.00 (57.00% off list price)

Catalyst 3750X 24 Port PoE IP Base: US$3,139.00 (57.00% off list price)

WS-C3750X-48P-S: Stackable 48 10/100/1000 Ethernet PoE+ ports, with 715W AC Power Supply: US$5,590.00 (57.00% off list price)



Router-switch.com ((Yejian Technologies Co., Ltd), a World's Leading Cisco Supplier

Website: http://www.router-switch.com/

Read more
1 2 > >>