DHCP is short for Dynamic Host Configuration Protocol. We know that DHCP is used in LAN environments to dynamically assign host IP addresses from a centralized server, which reduces the overhead of administrating IP addresses.
I’ve read an article “DHCP Snooping and DHCP Snooping Configuration” that is about a CCIE’s experience. In that article it also shares the DHCP Option 82 concept.
In this article we will share some info of using the DHCP Option 82.
DHCP also helps conserve limited IP address space because IP addresses no longer need to be permanently assigned to client devices; only those client devices that are connected to the network require IP addresses. The DHCP relay agent information feature (option 82) enables the DHCP relay agent (Catalyst switch) to include information about itself and the attached client when forwarding
DHCP requests from a DHCP client to a DHCP server. This basically extends the standard DHCP process by tagging the request with the information regarding the location of the requestor. (See the Figure “DHCP Option 82 Operation”)
The following are key elements required to support the DHCP option 82 feature:
• Clients supporting DHCP
• Relay agents supporting option 82
• DHCP server supporting option 82
The relay agent information option is inserted by the DHCP relay agent when forwarding the client-initiated DHCP request packets to a DHCP server. The servers recognizing the relay agent information option may use the information to assign IP addresses and to implement policies such as restricting the number of IP addresses that can be assigned to a single circuit ID. The circuit ID in relay agent option 82 contains information identifying the port location on which the request is arriving.
1. The DHCP option 82 feature is supported only when DHCP snooping is globally enabled and on the VLANs to which subscriber devices using this feature are assigned.
2. DHCP and the DHCP option 82 feature have not been validated in the lab for EttF version 1.1. At this time, Cisco recommends considering only DHCP with option 82 for the application servers at level 3.
Mobile devices are so popular today, which range from laptops, tablets, smartphones to others. And now all kinds of mobile device types now connect to your wireless LAN. All these mobile devices might use a mix of new and old Wi-Fi technologies – 802.11ac, 802.11n, and 802.11a connections – for access. To keep the older and slower clients from impeding the performance of newer and faster 802.11ac Wave 1 and 2 connections, there is Cisco ClientLink.
ClientLink is a beamforming capability built into Cisco Aironet wireless LAN access points. When the access point (AP) concentrates signals toward the receiving client, that client is better able to “hear” the AP’s transmission, so throughput is greater. ClientLink also enhances performance in the uplink (client-to-AP) direction, so that the AP can also better hear the client communications. The result is improved performance in both directions.
By comparison, many competing 802.11ac-capable APs offer uplink-only enhancements, from client to access point. Many 802.11ac-capable AP suppliers also base their downlink enhancements on the optional transmit beamforming (TxBF) feature in 802.11ac, which requires TxCBF support in the client device to operate. Cisco ClientLink technology is unique in offering both uplink and downlink performance improvements, and it doesn’t require any special capabilities in the client device to work.
ClientLink works with all client technologies. It makes sure each client type always operates at the best possible rate, as determined by the 802.11 access technology supported, network conditions, and the distance of the client from the Wi-Fi AP. ClientLink helps maintain maximum client rates even at cell boundaries, when clients are farthest away from the AP.
How to Get the Most from 802.11ac?
The 802.11ac standard inherently provides performance increases compared with earlier 802.11 technology versions. But because 802.11-based equipment is backward-compatible with older versions of the standard, it pays to run a mixed-client network to get the most out of your device investments. At the same time, however, your older clients can delay communications for the faster 802.11ac clients, hindering 802.11ac performance benefits.
Cisco ClientLink overcomes this issue for more reliable mobile experiences. In Aironet 802.11ac APs, ClientLink uses four transmit antennas to focus transmissions in the direction of the Wi-Fi client, surpassing the industry norm. This support improves downlink signal-to-noise ratio (for better client “hearing”) and boosts the data rate over range so you can reduce coverage holes and enhance overall system performance. Table 1 illustrates the Cisco performance advantages of using ClientLink technology.
You get beamforming enhancements across your entire client population of new and old devices: Cisco ClientLink beamforming works with all client types, and IEEE-standard transmit beamforming (TxBF) is also built into all Cisco Wi-Fi-Certified 802.11ac access points to benefit the 802.11ac clients that support it.
ClientLink also works with multiuser multiple input, multiple output (MU-MIMO), part of the 802.11ac standard that enables concurrent transmissions between an AP and multiple 802.11ac client devices that also support MU-MIMO. As a result, Cisco ClientLink can now also provide performance boosts across a mixture of 802.11ac, 802.11 n, and 802.11a clients to further benefit your entire wireless network.
The wireless difference is in the implementation details. Turn to Cisco ClientLink-enhanced APs to get best performance from all Wi-Fi clients on your network.
More Related Cisco Wireless Topics…
The IP Phone 7800 Series introduced 4 models to the portfolio: Cisco IP Phone 7811, 7821, 7841 and IP Phone 7861. The models range in their support, from a single-line model for users with light voice communications needs to a 16-line model for highly active users of VoIP communications.
The Cisco IP Phone 7800 Series delivers advanced IP Telephony features and crystal clear wideband audio performance to deliver an easy-to-use, full-featured voice communications experience on Cisco on-premises and hosted infrastructure platforms and third party hosted call control.
Small-to-large enterprise companies are well suited for the Cisco IP Phone 7800 Series.
The 7800 Series supports secure connectivity for remote worker access to the Cisco network, such as for full-time teleworkers.
Note: Support is provided on 7821, 7841, and 7861 endpoints with IP Phone software update 10-3-1-1 or later. The 7811 is also planned for support–contact your Cisco representative for timing details.
How to start your Cisco IP Phone 7800 Series for Third-Party Call Control? Firstly, let’s look at the Cisco IP Phone 7841 shown.
Refer to the photo graphic above...
We talked Cisco ASA with Firepower Services a lot before. With Cisco ASA with FirePOWER Services, you consolidate multiple security layers in a single platform, eliminating the cost of buying and managing multiple solutions.
The Cisco Firepower Next-Generation Firewall is the industry’s first fully integrated, threat-focused next-gen firewall with unified management. It includes Application Visibility and Control (AVC), optional Firepower next-gen IPS (NGIPS), Cisco Advanced Malware Protection (AMP), and URL Filtering. Cisco Firepower NGFW provides advanced threat protection before, during, and after attacks.
Cisco ASA with FirePOWER Services, Stop more threats with a threat-focused NGFW
Beat sophisticated cyber attacks with superior security. We offer the industry’s first threat-focused next-generation firewall (NGFW). You get the confidence of the most-deployed stateful firewall combined with application control, next-generation intrusion prevention system (NGIPS), and advanced malware protection (AMP).
Discussion: Management of ASA with Firepower Services
There are a few questions about the Management of ASA with Firepower Services. Let’s look at the discussion from Cisco Communities
1. An ASA with Firepower Services requires a Firesight management device (physical or virtual) - Correct?
Yes, that’s correct.
2. Is there a High Availability option for a physical Firesight management?
Read about this in the bottom of Table 2 on this page:
3. Does the Firesight management also manage the ASA's firewall rules?
--Not yet. Cisco is developing Firepower Threat Defence that does excately that.
4. I ask because I believe there was mention that a rule could have a specific IPS policy assigned to it. This is correct in the terms on Firepower Access Control Rules. Not ASA firewall rules.
5. If this is true I would believe that the use of CLI or ASDM on the ASA would no longer be usable - Correct?
The new Threat Defence system will be managed from Firepower Management Center. Not CLI nor ASDM.
6. When changes are made on the Firesight management station are they applied immediately to the ASA, like managing via CLI or is there another step to applying he changes?
No. You will have to deploy the new policy to the Firepower sensor first.
7. When change are applied what if anything happens to existing connections?
- I actually am not sure about this. I have never seen any connections being dropped when applying policy. Cisco has made a note about this in their manual: Firepower Management Center Configuration Guide, Version 6.0 - Policy Management [Cisco FireSIGHT Management Center] -…
- When you enable Inspect traffic during policy apply:
- Certain configurations can require the Snort process to restart.
- When the configurations you deploy do not require a Snort restart, the system initially uses the currently deployed access control policy to inspect traffic, and switches during deployment to the access control policy you are deploying.
- When you disable Inspect traffic during policy apply, the Snort process always restarts when you deploy.
- How a Snort restart affects traffic depends on the interface configuration and the platform.
Original Discussion from https://communities.cisco.com/thread/59509