Follow this blog Administration + Create my blog
Cisco & Cisco Network Hardware News and Technology

Cisco STP(Switching and Spanning Tree Protocol) Basics

March 28 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network

Switching is the process of using the physical address of devises to perform forwarding decisions. Switches use application specific integrated circuits (ASICs) to perform their switching function. As a consequence, amazingly fast switching speeds are accomplished. Today I will explain how switches learn the hardware address of hosts attached to them and how they use this information to perform their tasks. I will focus on the protocol designed for preventing broadcast loop existence.


For those of you that are new to this field, what I am talking about is the Spanning Tree Protocol (STP); I will describe its operation in details and use examples when necessary, so you can get a clear understanding of how it functions.


Switching Benefits

Switches are very important networking devices; they’re used to terminate hosts on the LAN. They consist of multiple Ethernet/Fast Ethernet/Gigabit Ethernet interfaces with adjustable throughput rates.


They can be seen as multi-lane highways with a lot of exit points. Each host is assigned a separate lane on the highway, therefore collision domains are separated per each individual switch port. No bandwidth sharing takes place and each individual host on each port is provided with independent, dedicated bandwidth. The benefits of all these are:

  • Low Latency
  • Thunder Speed
  • Low Cost


Why low cost? Well the answer is quite simple. Imagine having a LAN of fifty hosts. All the hosts need access to the Internet; therefore they should be connected to a router somehow. Having 50 interfaces on a router to terminate client links is inefficient and wasteful.


By incorporating a switch in the network, the router needs only a single interface to connect to the switch and all users reach the router’s exit point with the help of the switch’s ASIC electronics. The diagram below shows a typical LAN connection.


Switch Operation

As already mentioned, switches operate at layer 2 (the data-link layer) of the OSI model. They do not need special configuration to operate; they are simple plug and play devices. You can expect a new switch out of the box to work instantly when it is powered up. Later on we’ll take a look at just how this is accomplished.


A layer 2 switch deals with three functions:

  • Address learning — When a switch is first switched on, it learns the MAC address of hosts attached to it and stores the MAC address and interface port association into its MAC table.
  • Forwarding — Based on the MAC address table, the switch is able to forward frames out the appropriate interfaces.
  • Loop prevention — Multiple connections between switches may exist for redundancy purposes. However these multiple connections may lead to network loops without the use of a sophisticated protocol to prevent their existence. STP is the protocol running on the switch ports to eliminate data flooding as a consequence of loops while at the same time maintaining redundancy.


How Does the Switch Find Host MACs?

Let’s use the diagram below to help us understand how address learning process takes place.


Let’s assume that we have just powered on the switch. It has nothing in its MAC table. We connect the cables from the hosts on the switch interfaces as shown in the diagram. Host A initiates a connection towards Host D, and the following takes place:

  1. Host A (interface fe0/0) sends a frame to Host D (MAC address:0000.43c5.334c).
  2. The switch inspects the Source Address in the frame and notes in its table the MAC address of Host A along with the Interface number from which the frame originated.
  3. The switch inspects the Destination Address in the frame. Since it does not have Hosts D MAC address in its table, it constructs a broadcast frame and forwards out all interfaces except the interface from where the original frame arrived.
  4. Host D identifies itself as the expected recipient and responds back to Host A. The switch receives the respond frame on interface fe0/11 and places the SA in its table along with the interface number where the frame came from.
  5. From now on, further communication between the two hosts will be switched to the appropriate interfaces based on the MAC tables entries.


This process takes place every time a new host is attached on the switch and initiates traffic. The switch tries to keep its MAC table up-to-date, therefore if some hosts do not initiate traffic for a certain amount of time, the switch removes them from its table and reinserts them when they begin sending traffic.


Spanning Tree Protocol (STP) Operations

The Spanning Tree Protocol (STP) is responsible for identifying links in the network and shutting down the redundant ones, preventing possible network loops. In order to do so, all switches in the network exchange BPDU messages between them to agree upon the root bridge. Once they elect the root bridge, every switch has to determine which of its ports will communicate with the root port.


If more than one link connects to the root bridge, then one is elected as the forwarding port (Designated Port) and the others are blocked. Let us see the operation of STP with the use of an example. We will use the topology shown below to help us understand how STP operates.


  1. The root bridge needs to be elected. Two fields combined together identify the root bridge: MAC address and Priority value. Without manual configuration all switches have the same priority therefore it is up to the MAC address to decide upon the root bridge. The switch with the lowest MAC address value is elected as the root bridge. In the diagram above Switch C is the elected root bridge.
  2. Once the root bridge is elected, each switch needs to identify a single root port – the port closest to the route bridge. This port will always be in the forwarding state. By default all ports of the route bridge are in the forwarding state. Moreover, one port per segment (called designated port) is allowed to be in the forwarding state.
  3. In our example we have 2 ports on switch A and two ports on switch B that belong to the same segment. Therefore, two of them need to be blocked to avoid loops. Since switch B has higher MAC address value (hence lower priority), its designated ports need to be blocked.
  4. The result of all this is that only one path from one switch to any other switch exists. Mission accomplished!


Things to Keep in Mind about STP

  • The Spanning Tree Protocol is a link management protocol that is designed to support redundant links while at the same time preventing switching loops in the network. It is quite useful and should be enabled on the switch interfaces.
  • STP has high convergence time; it can take up to one minute to converge and provide redundancy. A newer development is implemented to the STP protocol, called the Rapid Spanning Tree Protocol (RSTP). The latter retains all the tasks of STP whilst minimizing convergence time significantly.


More Related Topics:

How to Configure Spanning Tree Protocol (STP) on Catalyst Switches?

Switch Types and LAN Switching

Switchport Security & Configuration

Read more

Switchport Security Configuration

March 25 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network

The switchport security feature (Port Security) is an important piece of the network switch security puzzle; it provides the ability to limit what addresses will be allowed to send traffic on individual switchports within the switched network.


Once an organization decides to utilize the switchport security feature on their networks, it is important to carefully plan before any configuration is put in place. While the switchport security feature is very useful if used correctly, it can easily be misconfigured; this misconfiguration can cause service interruption and ongoing headaches for an organization. The planning of the configuration includes determining which violation mode and operation mode to use based on the goals of the organization, as well as determining which switchports should be enabled with the feature. This article takes a look at how the switchport security feature is configured by extending on the concepts that were covered in Switchport Security.


Switchport Security Configuration

By default, the switchport security feature is disabled on all switchports and must be enabled. Table 1 shows the steps required to enable the switchport security feature on an interface (This can cause some confusion, but when using Cisco IOS, switchport configuration is performed while in interface configuration mode. The terms interface and switchport are interchangeable).

Enter privileged mode


Enter global configuration mode

router#configure terminal

Enter interface configuration mode

router(config)#interface interface

Enable the switchport security feature

router(config-if)#switchport port-security

Without configuring any other specific parameters, the switchport security feature will only permit one MAC address to be learned per switchport (dynamically) and use the shutdown violation mode; this means that if a second MAC address is seen on the switchport the port will be shut down and put into the err-disabled state.


Table 2 shows the steps required to alter these default parameters:

Enter privileged mode


Enter global configuration mode

router#configure terminal

Enter interface configuration mode

router(config)#interface interface

Configure the maximum number of MAC addresses allowed on a switchport (default : 1)

router(config-if)#switchport port-security maximum value

Configure the switchport violation mode (default : shutdown)

router(config-if)#switchport port-security violation {protect |restrict | shutdown}


As stated above, by default MAC addresses are learned on a switchport dynamically and are called dynamic MAC addresses. MAC addresses can also be configured in two other ways: statically and sticky. Static MAC addresses can be configured on a switchport to ensure that only a device with a specific MAC can utilize a switchport (for example, if the switchport location and a device are publically accessible and the organization wants to ensure only that authorized device can access the network). A sticky MAC address is a hybrid between a static and dynamic MAC address.  When it is dynamically learned, the MAC address is automatically entered into the running configuration as a static MAC address; the address is then kept in the running configuration until a reboot. On reboot, the MAC address will be lost; if the network engineer wants to keep the MAC address across a reboot a configuration save is required (copy running startup).

Table 3 shows the steps required to configure a static MAC address:

Enter global configuration mode

router#configure terminal

Enter interface configuration mode

router(config)#interface interface

Configure a static MAC address

router(config-if)#switchport port-security mac-address mac-address


Table 4 shows the steps required to enable the use of sticky learning on a switchport:

Enter global configuration mode

router#configure terminal

Enter interface configuration mode

router(config)#interface interface

Enabling the use of sticky MAC address learning

router(config-if)#switchport port-security mac-address sticky


Switchport Security Configuration Example

To wrap the configuration commands into a single example to ensure clarity, this section will show a basic switchport security example.


The configuration shown in Table 5 will enable the use of the switchport security feature on ports f0/1 and f0/2, statically configure the 0000.1111.2222 MAC address on the f0/1 switchport and enable sticky learning on the f0/2 switchport.

Enter global configuration mode

router#configure terminal

Enter interface configuration mode

router(config)#interface f0/1

Enabling the switchport security feature

router(config-if)#switchport port-security

Configuring a static MAC Address (0000.1111.2222) on the switchport.

router(config-if)#switchport port-security mac-address0000.1111.2222

Enter interface configuration mode

router(config)#interface f0/2

Enabling the switchport security feature

router(config-if)#switchport port-security

Configuring the use of sticky MAC address learning

router(config-if)#switchport port-security mac-address sticky


While the switchport security feature does not require that many commands to operate properly, it can also be misconfigured just as easily. Take the time to write down and triple-check that the proposed configuration is doing what is expected, and/or test a proposed configuration in a non-production environment. Hopefully the content in this article can be used to get started with the switchport security feature.


More Related Topics:

What is Switchport Security?

Switchport Security & Configuration

How to Know What Device is on What Port on a Cisco Switch?

Cisco Switch Port Security ---How to Configure Switch Security?

How to Set Port Security on a Cisco Catalyst Switch?

Read more

Example to Set up DDNS on a Cisco IOS Router

March 19 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

How to set up no-ip.com DDNS on your Cisco IOS router that actually works!


Normally we try to setup static IP addresses for our managed routers. However in this case the router was residential and in Singapore. Getting a static IP address was actually impossible.


I started the project by researching DDNS providers. Many of the DDNS providers that were free in the past are no-longer free. However no-ip.com still offers a free version of DDNS. The free version is under the section of their website for personal. At this time I could not find any statements on their site restricting the service to personal use. Here is a link to their site.


This procedure is easy to perform but due to lack of proper documentation and a lot of incorrect documentation, including that in the no-ip.com knowledgebase, it is more difficult than it should be.


This article assumes you have a basic knowledge of Cisco routers and know how to get into config mode and how to save your configuration.


There are three primary steps to setting up DDNS on a Cisco IOS router.

  1. Set up and confirm DNS resolution works.
  2. Set up a DDNS method to be called.
  3. Set up the external DHCP interface to call the DDNS update method.


Set up DNS resolution.

Confirm your router can ping something by name properly. A simple 'ping google.com' is an effective test. If it does not work you can setup you router DNS to use Google's public DNS servers with these two config lines:

  • ip dns server
  • ip name-server


Set up the DDNS method.

The method tells the router how to contact the DDNS provider, login and send the proper update command. It also controls the minimum and maximum time between DDNS updates. Do not set the maximum time too short. Many DDNS providers will lock you out if you update too frequently. I typically use one day but you need to check with your provider.


Create and name the DDNS update method.

  • ip ddns update method ddns-noip

Set the update mode to HTTP

  • HTTP


Create the ADD URL. The URL contains some special characters mainly the'?' that is problematic to enter because the router interprets it as a call for help. Use CTRL-V just before typing the '?' and the router will place it properly. Replace [username] and password with your no-ip credentials. You will need to enter your username as an email address including the '@' 

<h>&myip=<a> is a macro replaced by the router during the update with hostname and ip. i.e. hostname=myhostname.no-ip.org&myip='

  • add http://[username]:[Password]@dynupdate.no-ip.com/nic/update?hostname=<h>&myip=<a>

update minimum every 5 minutes maximum 1 day.

  • interval maximum 1 0 0 0
  • interval minimum 0 0 5 0


 Apply the update to the external DHCP interface.

Select the external interface and apply the update command to call the method you just created. For the Cisco 871 router used in this configuration it is FastEthernet 4. Replace it with your proper interface. For PPPoE it is likely interface Dialer 0.


Substitute your DDNS method name and the hostname to update at your DDNS provider with your specific details..

  • interface FastEthernet4
  • ip ddns update hostname [DDNS hostname]
  • ip ddns update ddns-noip



Unfortunately I have not figured out a way to force a DDNS update NOW. What you can do is set your maximum update time short like 5 minutes. Turn on debugging with: debug ip ddns update.


You will get some very useful debug information. Make sure all the parameters are correct on the calls.


You may need to reload your router. I have round that changing the add command did not update properly after some changes until after a reload.


Sample Debugging Output for a working update.

*Aug 00 00:00:55.433 EDT: DYNDNSUPD: Adding DNS mapping for myhostname.no-ip.org <=>
*Aug 00 00:00:55.433 EDT: HTTPDNS: Update add called for myhostname.no-ip.org <=>
*Aug 00 00:00:55.433 EDT: HTTPDNSUPD: Session ID = 0x7
*Aug 00 00:00:55.433 EDT: HTTPDNSUPD: URL =

*Aug 00 00:00:55.433 EDT: HTTPDNSUPD: Sending request
*Aug 00 00:00:56.441 EDT: HTTPDNSUPD: Response for update myhostname.no-ip.org <=>
*Aug 00 00:00:56.441 EDT: HTTPDNSUPD: DATA START nochg
*Aug 00 00:00:56.445 EDT: HTTPDNSUPD: DATA END, Status is Response data recieved,

*Aug 00 00:00:56.445 EDT: HTTPDNSUPD: Call returned SUCCESS, update of

myhostname.no-ip.org <=> succeeded
*Aug 00 00:00:56.445 EDT: DYNDNSUPD: Another update completed (outstanding=0, total=0)
*Aug 00 00:00:56.445 EDT: HTTPDNSUPD: Clearing all session 7 info

Resource from http://bytesolutions.com/Support/Knowledgebase/KB_Viewer/ArticleId/39/How-to-setup-DDNS-Dynamic-DNS-on-a-Cisco-IOS-router.aspx

More Related DDNS Setup on a Cisco IOS Router

How to Configure Dynamic DNS on a Cisco Router?

How to Configure OSPF on Cisco Routers?

How to Configure EIGRP on a Cisco Router?

How Router Interfaces get Their Names on Cisco Routers?

How to Configure DHCP on a Cisco Router or Cisco Switch?

Read more

Cisco Branch Routers’ New Performance

March 14 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Public and private cloud drives new upgrade

Cisco ISR line to get WAN optimization, application performance monitoring, WAN path management and security license


Cisco this week extended the software capabilities of its ISR branch routers with previously separate security and application performance features, including WAN optimization.


Cisco rolled out the ISR-AX line, which takes existing ISR G2 models 3900, 2900 and 1900 and adds a security software license for VPN, firewall and intrusion prevention, as well as software-based Wide Area Application Services (WAAS) WAN optimization, application visibility and control, and WAN path management. Also included is the Cisco Services-Ready Engine processing hardware or additional random access memory to run the software.


Cisco's ISR-AX line adds security, application performance and WAN optimization features to existing models.

Cisco says it is doing this because with the advent of application centralization in data centers or hosted in the cloud, the branch office router needs to evolve to become a Layer 2-7 application service delivery engine. Customers at remote sites need applications to run faster, and require network wide visibility and control for accelerated application deployments, performance monitoring and problem resolution without the need for additional devices, Cisco says.


Indeed, Cisco says software will be the way it delivers its WAAS WAN optimization product to the branch office. The physical hardware appliance will be targeted predominantly at data centers where WAN optimization requires scale, company officials said.


And to catalyze adoption of the ISR-AX, Cisco says it is 20% to 35% less expensive than a stand-alone WAN appliance for the branch office. Cisco is offering the AX line at up to 45% less than non-AX 3900s, 2900s and 1900s.


The ISR 3900 is at the center of a current contract controversy between Cisco and the state of West Virginia.


The ISR line has 500,000 customers worldwide. Cisco had a 77% share of the $855 million enterprise router market and an 84% share of the $671 million enterprise access router market in the third quarter of 2012, according to Dell'Oro Group. It's aiming the ISR-AX squarely at Juniper and Riverbed, which recently entered into a technology licensing deal, even though Dell'Oro cites HP, Adtran and OneAccess as Cisco's closest competitors in access routing.


Asked why HP, for one, wasn't on Cisco's competitive radar for the ISR-AX, a company spokesperson stated in an email:


"While HP has the ability to host applications, they do not have an integrated offer for application performance monitoring, WAN path selection or optimization. We realize they have some APM partners and work with Riverbed, but we view that as [a] gap since [they] do not solve the problem directly, which creates integration, management and cost challenges for customers. Much like Juniper, they have too many gaps to solve the application challenges our customers are facing today with virtualization, cloud and BYOD."


HP didn't respond to a request for comment by press time.


But Juniper did respond:


"Juniper believes the market is moving towards high speed Ethernet WAN connectivity and the need for WAN acceleration in the branch is decreasing," says Brad Brooks, vice president of business strategy and marketing for Juniper. "Rather than integrate WAN optimization in branch SRX and penalize customers with a higher priced solution, Juniper has partnered with Riverbed, the leading WAN optimization provider, to deliver this service to customers should they require it. Riverbed has continuously maintained their competitive edge where other technologies have trailed behind. This partnership is aligned with Juniper's strategy of offering an open architecture with a growing ecosystem of partners that allows customers to select solutions that best fit their network needs."


Brooks also says Juniper's branch SRX router provides application level security and unified threat management, integrated with routing and network security, to eliminate the need for multiple devices and reduce TCO. Juniper also offers an application monitoring solution along with WAN path selection functionality in the branch SRX devices, Brook says.


All Cisco 3900-AX, 2900-AX and 1900-AX products are currently available. The 3900-AX is priced from $16,200 to $24,700. The 2900-AX is priced from $3,595 to $12,900, and the 1900-AX costs from $2,945 to $2,995.


Cisco says it will soon extend the AX capabilities to the 800 ISR, ASR1000 and CSR1000V routers for teleworkers, enterprise network edge, and data center and cloud, respectively.


---Article from http://www.networkworld.com/news/2013/031213-cisco-router-267582.html

More Related Cisco Branch Router Info and Guide:

Buyer’s Guide: How to Select Cisco Branch Routers

Cisco Branch Routers, Accelerate Your WAN Performance

Cisco Integrated Services G2 Routers, Innovation Engine for Borderless Networks

How to Configure Cisco 1941W?

Cisco’ Answer to SDN, Cisco ONE Introduced at Cisco Live

Cisco ISR-AX: Cheaper Branch Router with Bundled Layer 4-7 Services

Read more

Basic Questions to Prepare Cisco CCNA

March 11 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Certification - CCNA - CCNP - CCIE

Here you will find answers to CCNA – Basic Questions

Question 1

For which type of connection should a straight-through cable be used?

A. switch to switch

B. switch to hub

C. switch to router

D. hub to hub

E. router to PC

Answer: C


To specify when we use crossover cable or straight-through cable, we should remember:

Group 1: Router, Host, Server

Group 2: Hub, Switch

One device in group 1 + One device in group 2: use straight-through cable

Two devices in the same group: use crossover cable

In this case we can use straight-through cable to connect a switch to a router -> C is correct.


Question 2

Which type of cable is used to connect the COM port of a host to the COM port of a router or switch?

A. crossover

B. straight-through

C. rolled

D. shielded twisted-pair

Answer: C


The correct question should be “Which type of cable is used to connect the COM port of a host to the CONSOLE port of a router or switch?” and the correct answer is rollover cable. But we can’t plug this rollover cable directly into our host because it will not work. We often use a RJ45 to DB9 Female cable converter as shown below:


Question 3

What is the first 24 bits in a MAC address called?





Answer: C


Organizational Unique Identifier (OUI) is the first 24 bits of a MAC address for a network device, which indicates the specific vendor for that device as assigned by the Institute of Electrical and Electronics Engineers, Incorporated (IEEE). This identifier uniquely identifies a vendor, manufacturer, or an organization.


Question 4

In an Ethernet network, under what two scenarios can devices transmit? (Choose two)

A. when they receive a special token

B. when there is a carrier

C. when they detect no other devices are sending

D. when the medium is idle

E. when the server grants access

Answer: C D


Ethernet network is a shared environment so all devices have the right to access to the medium. If more than one device transmits simultaneously, the signals collide and cannot reach the destination.

If a device detects another device is sending, it will wait for a specified amount of time before attempting to transmit.

When there is no traffic detected, a device will transmit its message. While this transmission is occurring, the device continues to listen for traffic or collisions on the LAN. After the message is sent, the device returns to its default listening mode.

So we can see C and D are the correct answers. But in fact “answer C – when they detect no other devices are sending” and “when the medium is idle” are nearly the same.


Question 5

Which two benefits are provided by using a hierarchical addressing network addressing scheme? (Choose two)

A. reduces routing table entries

B. auto-negotiation of media rates

C. efficient utilization of MAC addresses

D. dedicated communications between devices

E. ease of management and troubleshooting

Answer: A E 


Question 6

When a host transmits data across a network to another host, which process does the data go through?

A. standardization

B. conversion

C. encapsulation

D. synchronization

Answer: C


To transmit to another host, a host must go through the TCP/IP model (very similar to the OSI model). At each layer, the message is encapsulated with that layer’s header (and trailer if it has). This process is called encapsulation.


Question 7

Which two Ethernet fiber-optic modes support distances of greater than 550 meters?

A. 1000BASE-CX


C. 1000BASE-LX

D. 1000BASE-SX

E. 1000BASE-ZX 

Answer: C E


Below lists the cabling standards mentioned above




Maximum length


Twinaxial cabling

25 meters


Two strands, multimode

400 m


Long-wavelength laser, MM orSM fiber

10 km (SM)3 km (MM)


Short-wavelength laser, MM fiber

220 m with 62.5-micron fiber; 550 mwith 50-micron fiber


Extended wavelength, SM fiber

100 km



MM: Multimode

SM: Single-mode

(Reference: The official self-study test preparation guide to the Cisco CCNA INTRO exam 640-821)


Question 8

Refer to the exhibit. What type of connection would be supported by the cable diagram shown?

































A. PC to router

B. PC to switch

C. server to router

D. router to router

Answer: B


From the “Pin” and “Color” in the exhibit we know that this is a straight-through cable so it can be used to connect PC to switch.


Question 9

Refer to the exhibit. What type of connection would be supported by the cable diagram shown?

































A. PC to router

B. PC to switch

C. server to switch

D. switch to router

Answer: A


This is a crossover cable so it can be used to connect PC and router.



Question 10

Which two topologies are using the correct type of twisted-pair cables? (Choose two)

A. using-the-correct-type-of-twisted-pair-cables01.jpg

B. using-the-correct-type-of-twisted-pair-cables02.jpg

C. using-the-correct-type-of-twisted-pair-cables03.jpg

D. using-the-correct-type-of-twisted-pair-cables04.jpg

E. using-the-correct-type-of-twisted-pair-cables05.jpg

Answer: D E

More Related Cisco CCNA Tips:

Core Topics Covered on the CCNA Exam

Tutorial for CCNA Certification: Talking About Switch Port Security

Best Path for Getting Your CCNA Certification

10 Things to Know About the Cisco CCNA Voice Certification

Cisco Routing Quiz for Preparing CCNA Exam

Guide to Cisco CCNA Voice Exam 640-461…Reviews, Main Topics

Top 5 VoIP Concepts to Know for CCNA Voice—VoIP Basic for CCNA Voice Exam

Read more

Cisco Unified Wired & Wireless Access into Its New Catalyst 3850 Switch

March 7 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Cisco has pushed its Unified Access networking strategy past the management layer by introducing a new edge switch, which has wireless LAN control functionality, and processes both wired and wireless traffic on the same platform.


With this switch, enterprises will no longer have to tunnel traffic from wireless access points (APs) to a central controller. Instead they can terminate wireless traffic on an edge switch, where they will be able to secure and manage both wired and wireless traffic.


Cisco has "truly for the first time integrated their wired and wireless infrastructure in terms of having one box and using one ASIC [application-specific integrated circuit] that really handles traffic irrespective of whether it is coming in from the wired or wireless LAN standpoint," said Rohit Mehra, vice president of network infrastructure research at Framingham, Mass.-based IDC.


The new Cisco Catalyst 3850 switch, a successor to the workhorse 3750, is built with a new, programmable ASIC, the Unified Access Data Plane (UADP) chip, which gives it the wireless LAN control functionality. A single stack of Catalyst 3850 will support up to 50 access points and 2,000 clients with 40 Gbps of controller throughput.


"In this day and age where wireless traffic has really exploded, and you're carrying all kinds of heavy, latency-sensitive wireless traffic like voice and video, routing all the traffic back to a controller adds an exceptionally large amount of overhead on the network, both local area and wide area," Mehra said.


Not only does this integrated wireless LAN control reduce load on the network, it also enhances traffic management and Quality of Service (QoS) functionality. Because traffic from the wireless LAN is no longer tunneled, it crosses the rest of the wired network as standard IP traffic. Enterprises can now apply the same policies and controls to wired and wireless traffic.


As a result, Cisco customers can do things like granular, hierarchical QoS across their entire infrastructure, said Rob Soderbery, senior vice president and general manager for Cisco's enterprise networking business.


"When you were processing [wired and wireless] streams in different places, doing QoS across that was difficult," he said. "Now you can see all the users and data in one place, and you can set tiered levels on QoS. You can do QoS on a given access point, so you can make sure no one is frozen out. You can then set QoS up to a switch and up to a branch and manage that entire path."


With the Catalyst 3850, wireless LAN traffic will become more efficient, particularly as users are moving from access point to access point, said Andre Kindness, senior analyst with Cambridge, Mass.-based Forrester Research Inc.


"When you're bouncing from AP to AP, you end up tunneling back [from the controller] to the AP where you started from and that's not always the best path possible, from a VoIP call and latency perspective. You want to follow the user. That's why there's this movement to pushing control back to the edge. You start enforcing policies based on users and applications and where the best connection is."


The Cisco Catalyst 3850 is a stackable switch that ships with either 24 or 48 Gigabit Ethernet (GbE) ports, with or without Power over Ethernet (PoE) and optional modules for 10 GbE uplinks. Its prices are identical to comparable configurations of the Catalyst 3750, although customers will have to pay an additional license to activate the wireless control functionality.


Goodbye AirOS: IOS to rule wireless LAN

In addition to the Catalyst 3850, Cisco introduced the Cisco 5760 wireless LAN controller for customers who are not yet ready to dump their controller-based systems. This premium device can manage 1,000 access points and 12,000 clients with 60 Gbps of throughput. It runs on the same ASIC platform as the Catalyst 3850 switch.


The 5760 is also the first Cisco wireless LAN controller to ever run IOS, marking a departure from the AirOS operating system that has powered the company's controllers since it acquired wireless networking vendors Airespace. Soderbery said Cisco will gradually upgrade all of its wireless controllers to run IOS instead of AirOS.


"All the training and learning that network managers have undergone with IOS, they can now use those skills and leverage them on just one platform, whether for wired or wireless," Mehra said.

Many enterprises will be slow to adopt the Catalyst 3850 with its wireless LAN control function, so central controllers running IOS will be important to Cisco's efforts to unify wired and wireless, Forrester's Kindness said.


Cisco is "worried about customers who just bought 3750s in the last year or two," he said. "Most edge switches are kept around for five to seven years so it doesn't make sense for them to replace the edge with this new switch."


Because the 5760 runs IOS, network managers can take advantage of the same services and features that are available on Cisco's switches, including Application Visibility and Control (AVC) and TrustSec. Users can also set policies, such as QoS, on the controller in the same way they do on switches and routers.


The 5760 controller has a base list price of $20,000.


ISE-MDM integration and Prime 360 Experience

Cisco also updated its Identity Services Engine (ISE) and Prime Infrastructure. ISE 1.2 now integrates with mobile device management (MDM) software from Good Technology, Airwatch, MobileIron, Zenprise and SAP.


Prime Infrastructure 2.0 has a new 360 Degree Experience that allows network managers to pivot their view of network activity by users, devices, applications and services. With this new feature, a network manager can click to see, for instance, all the network users who are using Twitter, or all the people who are connecting via an iPad, Soderbery said.

---Original From http://searchnetworking.techtarget.com/news/2240177385/New-Cisco-Catalyst-3850-switch-has-integrated-wireless-LAN-control


More Related Cisco Catalyst Switch Tips:

More Popular Topics Related to Cisco Catalyst 2960-S FlexStack

What is Exact Cisco Catalyst 2960-S FlexStack?

Cisco Nexus 6000 Switches: High-Density, Compact Form Factor

Cisco Catalyst 6500 vs. Cisco Nexus 7000 Switch

Feature Comparison of Cisco Main Catalyst Switches-Catalyst 2960, 2950, Catalyst 3560, 3550

How to Configure a Cisco 3750?

Read more

Cisco ISR G2 Management Overview-Cisco 1900 Routers

March 5 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

The new Cisco Integrated Services Routers Generation 2 (ISR G2) Family of routers delivers the borderless network that can transform the branch office and customers' experience while enabling business innovation and growth. Supporting the operation of these innovations, Cisco ISR G2 routers provide a rich set of management capabilities that exceed and complement what is available through industry standards. This document discusses these capabilities and related management applications that enable effective operations of Cisco ISR G2 networks and services.


Embedded Management Capabilities

The new Cisco ISR G2 routers provide extensive support for standard Simple Network Management Protocol (SNMP) MIBs and syslogs, allowing comprehensive network management using Cisco or third-party network management systems (NMSs). For additions and updates to Cisco ISR G2-specific MIBs, syslogs, and command-line interfaces (CLIs), please refer to the ISR G2 Manageability Document at:



In addition to the standard MIBs and syslogs, the Cisco ISR G2 routers deliver industry-leading manageability and automation capabilities with the primary objective of providing the lowest total cost of ownership (TCO). Cisco embedded management capabilities provide comprehensive network management functions, from proactive diagnostics to Web 2.0 open interface to policy-based automation.


Figure 1.Cisco IOS Software Embedded Management Capabilities in Cisco ISR G2 Routers



The new Cisco IOS Web Services Management Agent (WSMA) is a management capability embedded in the software that allows advanced configuration, provisioning, and data collection using industry-standard web services. WSMA provides consistent XML messaging format to CLI commands across Cisco IOS Software releases, eliminating the need for error-prone "screen scraping many companies use to configure, manage, and provision.


For more information about WSMA, please visit:




While SNMP and syslog provide the standard protocols for monitoring, the Cisco ISR G2 routers provide many additional capabilities for higher visibility into networks and services. Table 1 shows the recommended usage.

Table 1. Cisco IOS Embedded Management Monitoring Features


What It Does for Monitoring

Recommended Usage


Collects SNMP MIB data and monitors events (standard protocol)

Used by Cisco and third-party applications for performance and fault monitoring


Monitors events (standard protocol)

Used for monitoring through the console; can also be used by monitoring applications

IP Service-Level Agreements (IP SLAs)

Mimics real traffic to measure traffic statistics

Used for measuring service-level indicators, including delay, jitter, and availability

Flexible NetFlow

Collects packet header information

Monitors application performance and usage pattern, as well as security

Cisco IOS Embedded Event Manager (EEM)

Monitors events and reacts based on user-defined policy

Enables onboard automation for fault detection, troubleshooting, and recovering

The Cisco ISR G2 routers provide the network platform for borderless services. As you run more services on your network, you can use IP SLAs to monitor critical network traffic performance indicators, including delay, jitter, and link availability. IP SLAs mimic real-world traffic to proactively identify service-level problems before your users do. Integrating with a broad set of Cisco and third-party NMS applications, IP SLAs set the standard for leadership in proactive performance monitoring.


With the Cisco ISR G2 routers, Cisco extends IP SLA capabilities to support 30 different types of simulated traffic, delivering complete performance measurement from application monitoring (HTTP, FTP, etc.) to transport monitoring (User Datagram Protocol [UDP] jitter, Multiprotocol Label Switching [MPLS], etc.).

For more information about IP SLAs, please go to http://www.cisco.com/go/ipslas.


Flexible NetFlow (FNF) is the next generation in NetFlow technology. As more services and applications such as business video run in the network, FNF provides the visibility of the network infrastructure needed for optimizing resource usage and planning capacity, reducing operation costs, and detecting security incidents. FNF provides more flexibility and scalability beyond traditional NetFlow by enabling customization of traffic identification, such as source, destination, timing, and application information. Further, FNF provides enhanced network anomaly and security detection to help quickly identify and remediate security risks.

For more information about Flexible NetFlow, please go to http://www.cisco.com/go/fnf.



Cisco IOS EEM is a powerful and flexible feature in Cisco IOS Software that provides real-time event detection and onboard automation. Using EEM, you can program the behavior of the network devices to align with your business needs. EEM supports more than 20 event detectors that are highly integrated with different Cisco IOS Software components to trigger actions in response to network events. You can program these actions using a simple CLI-based interface or Tool Command Language (Tcl) scripting language.


Cisco IOS EEM enables network managers to build significant intelligence within Cisco devices to create highly customizable and cost-effective solutions for automated troubleshooting, fault detection and recovery, device configuration, and provisioning.

For more information, please go to http://www.cisco.com/go/eem.


Network Management Applications

Network management applications are instrumental in lowering operating expenses (OpEx) while improving network availability by simplifying and automating many of the day-to-day tasks associated with managing an end-to-end network. Supporting the new Cisco ISR G2 routers, these management applications enable quick and easy deployment, monitoring, troubleshooting, and ongoing changes.


Cisco provides a wide array of management applications to suit different operation needs. Table 2 provides an overview of the relevant applications for managing the Cisco ISRs and the new Cisco ISR G2 routers.

Table 2. Cisco Network Management Applications for Cisco ISR G2 Routers

Application Name

Primary Scope


Cisco License Manager

License management

Application for managing Cisco licenses and pay-as-you-grow service model

Cisco Configuration Professional

Device management

GUI-based device configuration application for access routers and service modules

CiscoWorks LAN Management Solution (LMS)

Network management

Comprehensive network management suite for all operation phases

CiscoWorks QoS Policy Manager

Network management

Quality-of-service (QoS) management application

Cisco Branch Office Network Analysis Module

Network management

Cisco ISR G2 service modules that provide traffic monitoring, reporting, diagnostics, and deep packet inspection

Cisco Configuration Engine

Network management

Application that allows zero-touch and near zero-touch deployment; suitable for large-scale deployment

Cisco Security Manager and Cisco Security Monitoring, Analysis and Response System (Cisco Security MARS)

Service management

Security management application

Cisco Unified Communications Management Suite

Service management

Cisco Unified Communications management application

Cisco Wide Area Application Services (WAAS) Central Manager

Service management

Cisco WAAS management application


IP Network Infrastructure Management

Cisco Licensing Manager v3.0 is a secure client/server-based application to manage Cisco software licenses and enable the pay-as-you-grow service model. It automates Cisco Software Activation workflow through its wizard-based GUI and scales for large network deployments. The application accelerates deployment of software licenses using a simple, rule-based policy interface and enables rapid rollout of advanced services in the network.


For more information about Cisco License Manager, please visit: http://www.cisco.com/go/clm.

Cisco Configuration Professional v2.0 is a GUI-based device management tool for Cisco ISR and Cisco ISR G2 routers. This tool simplifies routing, firewall, IPS, VPN, unified communications, WAN, and LAN configuration through GUI-based easy-to-use wizards.


Cisco Configuration Professional is a valuable productivity-enhancing tool for network administrators and channel partners for deploying routers with increased confidence and ease. It offers a one-click router lockdown and an innovative security auditing capability to check and recommend changes to router configuration.

Cisco Configuration Professional is free and can be downloaded at



CiscoWorks LAN Management Solution v3.2 is an integrated suite of management tools that simplify the configuration, administration, monitoring, and troubleshooting of Cisco networks. Built upon popular Internet-based standards, CiscoWorks LMS applications help network operators manage their network through a browser-based interface that is accessible anytime from anywhere within the network. CiscoWorks LMS maintains a centralized list of all Cisco network devices and their credentials; the list serves as a single repository for all CiscoWorks applications, whether they are installed locally or distributed in a multiserver deployment.


CiscoWorks LMS quickly discovers, inventories, configures, troubleshoots, and manages the new Cisco ISR-G2 routers as soon as they are deployed in the network. For these new routers, CiscoWorks LMS provides additional value-added functions for managing the Cisco Services Ready Engine (SRE) module, including: discovery of SRE modules and their attributes, software image deployment, and initial setup and configuration of a single or multiple SRE instances. It also provides configuration, monitoring, and reporting for the Cisco EnergyWise solution.

For more information about CiscoWorks LMS, please visit: http://www.cisco.com/go/lms.


CiscoWorks QoS Policy Manager (QPM) v4.3 provides comprehensive QoS provisioning and monitoring capabilities. It allows network managers to manage and fine-tune the delay, jitter, bandwidth, and packet-loss parameters required for successful end-to-end services such as TelePresence. It can identify and monitor-in real time-the performance of networked applications, and it centrally creates and deploys to Cisco devices QoS policies to track, manipulate, and control the behavior of those applications in order to meet business demands and application requirements. The end result is networkwide intelligent, consistent, and effective QoS that allows performance protection for voice, video, and business applications while reducing costs and optimizing the use of network resources.

For more information about CiscoWorks QPM, please visit: http://www.cisco.com/go/qpm.


Cisco Branch Routers Series Network Analysis Module v4.1 is an integrated performance-monitoring and traffic-analysis solution that offers deeper insight into the branch office at both the network and application levels. It offers real-time visibility into the applications running on the network, how the network resources are being utilized, and how the end users experience the services being delivered in the branch office. The visibility also enables IT to effectively use control and optimization mechanisms such as QoS and Cisco Wide Area Application Services (WAAS) to improve performance of these services.


The innovative design of the Cisco Branch Routers Series NAM combines a rich set of embedded data-collection capabilities and performance analytics with a remotely accessible, web-based management console, all of which reside on a single network module that you can easily install into selected Cisco ISRs and ISR G2 routers. The embedded analytics can both characterize the user experience and quickly isolate and resolve any performance problems, minimizing the effect on users. The NAM further improves the operational efficiency by allowing remote troubleshooting, thereby eliminating the need to send personnel to remote sites or send large amounts of data over WAN links to the central site.

For more information about the Cisco Branch Routers Series Network Analysis Module, please go to http://www.cisco.com/go/nam.


Cisco Configuration Engine v3.0 is a network management application that provides highly scalable, secure, efficient initial deployment and day-2 configuration and image upgrades. Using a set of Cisco IOS Software agents, the Cisco Configuration Engine automates the deployment of Cisco IOS Software configuration files and images-eliminating the need for traditional staging or onsite technical presence, and achieving zero-touch deployment. This application can streamline the deployment process to drastically reduce deployment time and costs.

For more information about Cisco Configuration Engine, please go to:



Unified Communications Management

Cisco Unified Communications Management Suite v7.1(2) is designed specifically for managing Cisco Unified Communications Solutions. The Cisco Unified Communications Management Suite offers integrated provisioning, monitoring, troubleshooting, and reporting capabilities. Operators can view and operate all applications in the suite from a customizable, web-based dashboard interface. This interface simplifies management of the entire unified communications network, including the network infrastructure, call control, user endpoints, and unified communications applications.


The suite comprises four applications:

• Cisco Unified Provisioning Manager v2.2

• Cisco Unified Operations Manager v2.2

• Cisco Unified Service Monitor v1.3.1

• Cisco Unified Service Statistics Manager v1.2


Cisco Unified Communications Management Suite supports the Cisco ISR G2 routers both as a platform for the Express call control family and as a gateway for call trunking in the network.

For more information about Cisco Unified Communications Management, please go to: http://www.cisco.com/go/ucmanagement.


Security Management

Cisco Security Manager v3.3 is an enterprise-class management application designed to configure firewall, VPN, and intrusion-prevention-system (IPS) security services on Cisco network and security devices, including the new Cisco ISR G2 routers. You can use Cisco Security Manager in networks of all sizes by using policy-based management techniques. Cisco Security Manager works in conjunction with Cisco Security MARS. Used together, these two applications provide a comprehensive security management solution that addresses configuration management, security monitoring, analysis, and mitigation.

For more information, please go to http://www.cisco.com/go/csmanager.


Cisco Security MARS v6.0.4 provides security monitoring for network devices and host applications supporting both Cisco and other vendors. Security monitoring with Cisco Security MARS greatly reduces false positives by providing an end-to-end topological view of the network, helping improve threat identification, mitigation responses, and compliance.

For more information about Cisco Security MARS, please go to http://www.cisco.com/go/csmars.


Cisco Wide Area Application Services Management

Cisco Wide Area Application Services Central Manager (WCM) 4.1 is a management application that runs on Cisco Wide Area Application Engine (WAE) Appliances. Cisco WCM provides scalable, secure, robust, and centralized web management for all Cisco WAE appliances and Wide Area Application Services (WAAS) network modules in the Cisco ISR G2 routers. It allows a network manager to easily perform device-specific or systemwide configuration, including policy configuration and distribution within the WAAS deployment. It can also monitor and generate reports on the WAAS environment.


For more information about Cisco WCM, please go to:



The new Cisco ISR G2 routers provide the platform for borderless networking and borderless services with low TCO. The embedded management capabilities and the extensive Cisco and third-party network management applications that support the new Cisco ISR G2 routers help ensure that you can confidently deploy and manage your borderless network. This document provides only high-level descriptions of these capabilities and applications. For more details, please visit the respective URLs, or contact your Cisco account representatives. 

---Resource from http://www.cisco.com/en/US/prod/collateral/routers/ps10538/white_paper_c78_556613.html

More Related Cisco ISR G2 Info:

Cisco Integrated Services G2 Routers, Innovation Engine for Borderless Networks

Cisco: Cloud Connected Solution Unveiled for Cisco ISR and ASR Routers

Read more