Overblog Follow this blog
Administration Create my blog
Cisco & Cisco Network Hardware News and Technology

Recent posts

Cisco STP(Switching and Spanning Tree Protocol) Basics

March 28 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network

Switching is the process of using the physical address of devises to perform forwarding decisions. Switches use application specific integrated circuits (ASICs) to perform their switching function. As a consequence, amazingly fast switching speeds are accomplished. Today I will explain how switches learn the hardware address of hosts attached to them and how they use this information to perform their tasks. I will focus on the protocol designed for preventing broadcast loop existence.


For those of you that are new to this field, what I am talking about is the Spanning Tree Protocol (STP); I will describe its operation in details and use examples when necessary, so you can get a clear understanding of how it functions.


Switching Benefits

Switches are very important networking devices; they’re used to terminate hosts on the LAN. They consist of multiple Ethernet/Fast Ethernet/Gigabit Ethernet interfaces with adjustable throughput rates.


They can be seen as multi-lane highways with a lot of exit points. Each host is assigned a separate lane on the highway, therefore collision domains are separated per each individual switch port. No bandwidth sharing takes place and each individual host on each port is provided with independent, dedicated bandwidth. The benefits of all these are:

  • Low Latency
  • Thunder Speed
  • Low Cost


Why low cost? Well the answer is quite simple. Imagine having a LAN of fifty hosts. All the hosts need access to the Internet; therefore they should be connected to a router somehow. Having 50 interfaces on a router to terminate client links is inefficient and wasteful.


By incorporating a switch in the network, the router needs only a single interface to connect to the switch and all users reach the router’s exit point with the help of the switch’s ASIC electronics. The diagram below shows a typical LAN connection.


Switch Operation

As already mentioned, switches operate at layer 2 (the data-link layer) of the OSI model. They do not need special configuration to operate; they are simple plug and play devices. You can expect a new switch out of the box to work instantly when it is powered up. Later on we’ll take a look at just how this is accomplished.


A layer 2 switch deals with three functions:

  • Address learning — When a switch is first switched on, it learns the MAC address of hosts attached to it and stores the MAC address and interface port association into its MAC table.
  • Forwarding — Based on the MAC address table, the switch is able to forward frames out the appropriate interfaces.
  • Loop prevention — Multiple connections between switches may exist for redundancy purposes. However these multiple connections may lead to network loops without the use of a sophisticated protocol to prevent their existence. STP is the protocol running on the switch ports to eliminate data flooding as a consequence of loops while at the same time maintaining redundancy.


How Does the Switch Find Host MACs?

Let’s use the diagram below to help us understand how address learning process takes place.


Let’s assume that we have just powered on the switch. It has nothing in its MAC table. We connect the cables from the hosts on the switch interfaces as shown in the diagram. Host A initiates a connection towards Host D, and the following takes place:

  1. Host A (interface fe0/0) sends a frame to Host D (MAC address:0000.43c5.334c).
  2. The switch inspects the Source Address in the frame and notes in its table the MAC address of Host A along with the Interface number from which the frame originated.
  3. The switch inspects the Destination Address in the frame. Since it does not have Hosts D MAC address in its table, it constructs a broadcast frame and forwards out all interfaces except the interface from where the original frame arrived.
  4. Host D identifies itself as the expected recipient and responds back to Host A. The switch receives the respond frame on interface fe0/11 and places the SA in its table along with the interface number where the frame came from.
  5. From now on, further communication between the two hosts will be switched to the appropriate interfaces based on the MAC tables entries.


This process takes place every time a new host is attached on the switch and initiates traffic. The switch tries to keep its MAC table up-to-date, therefore if some hosts do not initiate traffic for a certain amount of time, the switch removes them from its table and reinserts them when they begin sending traffic.


Spanning Tree Protocol (STP) Operations

The Spanning Tree Protocol (STP) is responsible for identifying links in the network and shutting down the redundant ones, preventing possible network loops. In order to do so, all switches in the network exchange BPDU messages between them to agree upon the root bridge. Once they elect the root bridge, every switch has to determine which of its ports will communicate with the root port.


If more than one link connects to the root bridge, then one is elected as the forwarding port (Designated Port) and the others are blocked. Let us see the operation of STP with the use of an example. We will use the topology shown below to help us understand how STP operates.


  1. The root bridge needs to be elected. Two fields combined together identify the root bridge: MAC address and Priority value. Without manual configuration all switches have the same priority therefore it is up to the MAC address to decide upon the root bridge. The switch with the lowest MAC address value is elected as the root bridge. In the diagram above Switch C is the elected root bridge.
  2. Once the root bridge is elected, each switch needs to identify a single root port – the port closest to the route bridge. This port will always be in the forwarding state. By default all ports of the route bridge are in the forwarding state. Moreover, one port per segment (called designated port) is allowed to be in the forwarding state.
  3. In our example we have 2 ports on switch A and two ports on switch B that belong to the same segment. Therefore, two of them need to be blocked to avoid loops. Since switch B has higher MAC address value (hence lower priority), its designated ports need to be blocked.
  4. The result of all this is that only one path from one switch to any other switch exists. Mission accomplished!


Things to Keep in Mind about STP

  • The Spanning Tree Protocol is a link management protocol that is designed to support redundant links while at the same time preventing switching loops in the network. It is quite useful and should be enabled on the switch interfaces.
  • STP has high convergence time; it can take up to one minute to converge and provide redundancy. A newer development is implemented to the STP protocol, called the Rapid Spanning Tree Protocol (RSTP). The latter retains all the tasks of STP whilst minimizing convergence time significantly.


More Related Topics:

How to Configure Spanning Tree Protocol (STP) on Catalyst Switches?

Switch Types and LAN Switching

Switchport Security & Configuration

Read more

Switchport Security Configuration

March 25 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network

The switchport security feature (Port Security) is an important piece of the network switch security puzzle; it provides the ability to limit what addresses will be allowed to send traffic on individual switchports within the switched network.


Once an organization decides to utilize the switchport security feature on their networks, it is important to carefully plan before any configuration is put in place. While the switchport security feature is very useful if used correctly, it can easily be misconfigured; this misconfiguration can cause service interruption and ongoing headaches for an organization. The planning of the configuration includes determining which violation mode and operation mode to use based on the goals of the organization, as well as determining which switchports should be enabled with the feature. This article takes a look at how the switchport security feature is configured by extending on the concepts that were covered in Switchport Security.


Switchport Security Configuration

By default, the switchport security feature is disabled on all switchports and must be enabled. Table 1 shows the steps required to enable the switchport security feature on an interface (This can cause some confusion, but when using Cisco IOS, switchport configuration is performed while in interface configuration mode. The terms interface and switchport are interchangeable).

Enter privileged mode


Enter global configuration mode

router#configure terminal

Enter interface configuration mode

router(config)#interface interface

Enable the switchport security feature

router(config-if)#switchport port-security

Without configuring any other specific parameters, the switchport security feature will only permit one MAC address to be learned per switchport (dynamically) and use the shutdown violation mode; this means that if a second MAC address is seen on the switchport the port will be shut down and put into the err-disabled state.


Table 2 shows the steps required to alter these default parameters:

Enter privileged mode


Enter global configuration mode

router#configure terminal

Enter interface configuration mode

router(config)#interface interface

Configure the maximum number of MAC addresses allowed on a switchport (default : 1)

router(config-if)#switchport port-security maximum value

Configure the switchport violation mode (default : shutdown)

router(config-if)#switchport port-security violation {protect |restrict | shutdown}


As stated above, by default MAC addresses are learned on a switchport dynamically and are called dynamic MAC addresses. MAC addresses can also be configured in two other ways: statically and sticky. Static MAC addresses can be configured on a switchport to ensure that only a device with a specific MAC can utilize a switchport (for example, if the switchport location and a device are publically accessible and the organization wants to ensure only that authorized device can access the network). A sticky MAC address is a hybrid between a static and dynamic MAC address.  When it is dynamically learned, the MAC address is automatically entered into the running configuration as a static MAC address; the address is then kept in the running configuration until a reboot. On reboot, the MAC address will be lost; if the network engineer wants to keep the MAC address across a reboot a configuration save is required (copy running startup).

Table 3 shows the steps required to configure a static MAC address:

Enter global configuration mode

router#configure terminal

Enter interface configuration mode

router(config)#interface interface

Configure a static MAC address

router(config-if)#switchport port-security mac-address mac-address


Table 4 shows the steps required to enable the use of sticky learning on a switchport:

Enter global configuration mode

router#configure terminal

Enter interface configuration mode

router(config)#interface interface

Enabling the use of sticky MAC address learning

router(config-if)#switchport port-security mac-address sticky


Switchport Security Configuration Example

To wrap the configuration commands into a single example to ensure clarity, this section will show a basic switchport security example.


The configuration shown in Table 5 will enable the use of the switchport security feature on ports f0/1 and f0/2, statically configure the 0000.1111.2222 MAC address on the f0/1 switchport and enable sticky learning on the f0/2 switchport.

Enter global configuration mode

router#configure terminal

Enter interface configuration mode

router(config)#interface f0/1

Enabling the switchport security feature

router(config-if)#switchport port-security

Configuring a static MAC Address (0000.1111.2222) on the switchport.

router(config-if)#switchport port-security mac-address0000.1111.2222

Enter interface configuration mode

router(config)#interface f0/2

Enabling the switchport security feature

router(config-if)#switchport port-security

Configuring the use of sticky MAC address learning

router(config-if)#switchport port-security mac-address sticky


While the switchport security feature does not require that many commands to operate properly, it can also be misconfigured just as easily. Take the time to write down and triple-check that the proposed configuration is doing what is expected, and/or test a proposed configuration in a non-production environment. Hopefully the content in this article can be used to get started with the switchport security feature.


More Related Topics:

What is Switchport Security?

Switchport Security & Configuration

How to Know What Device is on What Port on a Cisco Switch?

Cisco Switch Port Security ---How to Configure Switch Security?

How to Set Port Security on a Cisco Catalyst Switch?

Read more

Example to Set up DDNS on a Cisco IOS Router

March 19 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

How to set up no-ip.com DDNS on your Cisco IOS router that actually works!


Normally we try to setup static IP addresses for our managed routers. However in this case the router was residential and in Singapore. Getting a static IP address was actually impossible.


I started the project by researching DDNS providers. Many of the DDNS providers that were free in the past are no-longer free. However no-ip.com still offers a free version of DDNS. The free version is under the section of their website for personal. At this time I could not find any statements on their site restricting the service to personal use. Here is a link to their site.


This procedure is easy to perform but due to lack of proper documentation and a lot of incorrect documentation, including that in the no-ip.com knowledgebase, it is more difficult than it should be.


This article assumes you have a basic knowledge of Cisco routers and know how to get into config mode and how to save your configuration.


There are three primary steps to setting up DDNS on a Cisco IOS router.

  1. Set up and confirm DNS resolution works.
  2. Set up a DDNS method to be called.
  3. Set up the external DHCP interface to call the DDNS update method.


Set up DNS resolution.

Confirm your router can ping something by name properly. A simple 'ping google.com' is an effective test. If it does not work you can setup you router DNS to use Google's public DNS servers with these two config lines:

  • ip dns server
  • ip name-server


Set up the DDNS method.

The method tells the router how to contact the DDNS provider, login and send the proper update command. It also controls the minimum and maximum time between DDNS updates. Do not set the maximum time too short. Many DDNS providers will lock you out if you update too frequently. I typically use one day but you need to check with your provider.


Create and name the DDNS update method.

  • ip ddns update method ddns-noip

Set the update mode to HTTP

  • HTTP


Create the ADD URL. The URL contains some special characters mainly the'?' that is problematic to enter because the router interprets it as a call for help. Use CTRL-V just before typing the '?' and the router will place it properly. Replace [username] and password with your no-ip credentials. You will need to enter your username as an email address including the '@' 

<h>&myip=<a> is a macro replaced by the router during the update with hostname and ip. i.e. hostname=myhostname.no-ip.org&myip='

  • add http://[username]:[Password]@dynupdate.no-ip.com/nic/update?hostname=<h>&myip=<a>

update minimum every 5 minutes maximum 1 day.

  • interval maximum 1 0 0 0
  • interval minimum 0 0 5 0


 Apply the update to the external DHCP interface.

Select the external interface and apply the update command to call the method you just created. For the Cisco 871 router used in this configuration it is FastEthernet 4. Replace it with your proper interface. For PPPoE it is likely interface Dialer 0.


Substitute your DDNS method name and the hostname to update at your DDNS provider with your specific details..

  • interface FastEthernet4
  • ip ddns update hostname [DDNS hostname]
  • ip ddns update ddns-noip



Unfortunately I have not figured out a way to force a DDNS update NOW. What you can do is set your maximum update time short like 5 minutes. Turn on debugging with: debug ip ddns update.


You will get some very useful debug information. Make sure all the parameters are correct on the calls.


You may need to reload your router. I have round that changing the add command did not update properly after some changes until after a reload.


Sample Debugging Output for a working update.

*Aug 00 00:00:55.433 EDT: DYNDNSUPD: Adding DNS mapping for myhostname.no-ip.org <=>
*Aug 00 00:00:55.433 EDT: HTTPDNS: Update add called for myhostname.no-ip.org <=>
*Aug 00 00:00:55.433 EDT: HTTPDNSUPD: Session ID = 0x7
*Aug 00 00:00:55.433 EDT: HTTPDNSUPD: URL =

*Aug 00 00:00:55.433 EDT: HTTPDNSUPD: Sending request
*Aug 00 00:00:56.441 EDT: HTTPDNSUPD: Response for update myhostname.no-ip.org <=>
*Aug 00 00:00:56.441 EDT: HTTPDNSUPD: DATA START nochg
*Aug 00 00:00:56.445 EDT: HTTPDNSUPD: DATA END, Status is Response data recieved,

*Aug 00 00:00:56.445 EDT: HTTPDNSUPD: Call returned SUCCESS, update of

myhostname.no-ip.org <=> succeeded
*Aug 00 00:00:56.445 EDT: DYNDNSUPD: Another update completed (outstanding=0, total=0)
*Aug 00 00:00:56.445 EDT: HTTPDNSUPD: Clearing all session 7 info

Resource from http://bytesolutions.com/Support/Knowledgebase/KB_Viewer/ArticleId/39/How-to-setup-DDNS-Dynamic-DNS-on-a-Cisco-IOS-router.aspx

More Related DDNS Setup on a Cisco IOS Router

How to Configure Dynamic DNS on a Cisco Router?

How to Configure OSPF on Cisco Routers?

How to Configure EIGRP on a Cisco Router?

How Router Interfaces get Their Names on Cisco Routers?

How to Configure DHCP on a Cisco Router or Cisco Switch?

Read more

Cisco Branch Routers’ New Performance

March 14 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Public and private cloud drives new upgrade

Cisco ISR line to get WAN optimization, application performance monitoring, WAN path management and security license


Cisco this week extended the software capabilities of its ISR branch routers with previously separate security and application performance features, including WAN optimization.


Cisco rolled out the ISR-AX line, which takes existing ISR G2 models 3900, 2900 and 1900 and adds a security software license for VPN, firewall and intrusion prevention, as well as software-based Wide Area Application Services (WAAS) WAN optimization, application visibility and control, and WAN path management. Also included is the Cisco Services-Ready Engine processing hardware or additional random access memory to run the software.


Cisco's ISR-AX line adds security, application performance and WAN optimization features to existing models.

Cisco says it is doing this because with the advent of application centralization in data centers or hosted in the cloud, the branch office router needs to evolve to become a Layer 2-7 application service delivery engine. Customers at remote sites need applications to run faster, and require network wide visibility and control for accelerated application deployments, performance monitoring and problem resolution without the need for additional devices, Cisco says.


Indeed, Cisco says software will be the way it delivers its WAAS WAN optimization product to the branch office. The physical hardware appliance will be targeted predominantly at data centers where WAN optimization requires scale, company officials said.


And to catalyze adoption of the ISR-AX, Cisco says it is 20% to 35% less expensive than a stand-alone WAN appliance for the branch office. Cisco is offering the AX line at up to 45% less than non-AX 3900s, 2900s and 1900s.


The ISR 3900 is at the center of a current contract controversy between Cisco and the state of West Virginia.


The ISR line has 500,000 customers worldwide. Cisco had a 77% share of the $855 million enterprise router market and an 84% share of the $671 million enterprise access router market in the third quarter of 2012, according to Dell'Oro Group. It's aiming the ISR-AX squarely at Juniper and Riverbed, which recently entered into a technology licensing deal, even though Dell'Oro cites HP, Adtran and OneAccess as Cisco's closest competitors in access routing.


Asked why HP, for one, wasn't on Cisco's competitive radar for the ISR-AX, a company spokesperson stated in an email:


"While HP has the ability to host applications, they do not have an integrated offer for application performance monitoring, WAN path selection or optimization. We realize they have some APM partners and work with Riverbed, but we view that as [a] gap since [they] do not solve the problem directly, which creates integration, management and cost challenges for customers. Much like Juniper, they have too many gaps to solve the application challenges our customers are facing today with virtualization, cloud and BYOD."


HP didn't respond to a request for comment by press time.


But Juniper did respond:


"Juniper believes the market is moving towards high speed Ethernet WAN connectivity and the need for WAN acceleration in the branch is decreasing," says Brad Brooks, vice president of business strategy and marketing for Juniper. "Rather than integrate WAN optimization in branch SRX and penalize customers with a higher priced solution, Juniper has partnered with Riverbed, the leading WAN optimization provider, to deliver this service to customers should they require it. Riverbed has continuously maintained their competitive edge where other technologies have trailed behind. This partnership is aligned with Juniper's strategy of offering an open architecture with a growing ecosystem of partners that allows customers to select solutions that best fit their network needs."


Brooks also says Juniper's branch SRX router provides application level security and unified threat management, integrated with routing and network security, to eliminate the need for multiple devices and reduce TCO. Juniper also offers an application monitoring solution along with WAN path selection functionality in the branch SRX devices, Brook says.


All Cisco 3900-AX, 2900-AX and 1900-AX products are currently available. The 3900-AX is priced from $16,200 to $24,700. The 2900-AX is priced from $3,595 to $12,900, and the 1900-AX costs from $2,945 to $2,995.


Cisco says it will soon extend the AX capabilities to the 800 ISR, ASR1000 and CSR1000V routers for teleworkers, enterprise network edge, and data center and cloud, respectively.


---Article from http://www.networkworld.com/news/2013/031213-cisco-router-267582.html

More Related Cisco Branch Router Info and Guide:

Buyer’s Guide: How to Select Cisco Branch Routers

Cisco Branch Routers, Accelerate Your WAN Performance

Cisco Integrated Services G2 Routers, Innovation Engine for Borderless Networks

How to Configure Cisco 1941W?

Cisco’ Answer to SDN, Cisco ONE Introduced at Cisco Live

Cisco ISR-AX: Cheaper Branch Router with Bundled Layer 4-7 Services

Read more

Basic Questions to Prepare Cisco CCNA

March 11 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Certification - CCNA - CCNP - CCIE

Here you will find answers to CCNA – Basic Questions

Question 1

For which type of connection should a straight-through cable be used?

A. switch to switch

B. switch to hub

C. switch to router

D. hub to hub

E. router to PC

Answer: C


To specify when we use crossover cable or straight-through cable, we should remember:

Group 1: Router, Host, Server

Group 2: Hub, Switch

One device in group 1 + One device in group 2: use straight-through cable

Two devices in the same group: use crossover cable

In this case we can use straight-through cable to connect a switch to a router -> C is correct.


Question 2

Which type of cable is used to connect the COM port of a host to the COM port of a router or switch?

A. crossover

B. straight-through

C. rolled

D. shielded twisted-pair

Answer: C


The correct question should be “Which type of cable is used to connect the COM port of a host to the CONSOLE port of a router or switch?” and the correct answer is rollover cable. But we can’t plug this rollover cable directly into our host because it will not work. We often use a RJ45 to DB9 Female cable converter as shown below:


Question 3

What is the first 24 bits in a MAC address called?





Answer: C


Organizational Unique Identifier (OUI) is the first 24 bits of a MAC address for a network device, which indicates the specific vendor for that device as assigned by the Institute of Electrical and Electronics Engineers, Incorporated (IEEE). This identifier uniquely identifies a vendor, manufacturer, or an organization.


Question 4

In an Ethernet network, under what two scenarios can devices transmit? (Choose two)

A. when they receive a special token

B. when there is a carrier

C. when they detect no other devices are sending

D. when the medium is idle

E. when the server grants access

Answer: C D


Ethernet network is a shared environment so all devices have the right to access to the medium. If more than one device transmits simultaneously, the signals collide and cannot reach the destination.

If a device detects another device is sending, it will wait for a specified amount of time before attempting to transmit.

When there is no traffic detected, a device will transmit its message. While this transmission is occurring, the device continues to listen for traffic or collisions on the LAN. After the message is sent, the device returns to its default listening mode.

So we can see C and D are the correct answers. But in fact “answer C – when they detect no other devices are sending” and “when the medium is idle” are nearly the same.


Question 5

Which two benefits are provided by using a hierarchical addressing network addressing scheme? (Choose two)

A. reduces routing table entries

B. auto-negotiation of media rates

C. efficient utilization of MAC addresses

D. dedicated communications between devices

E. ease of management and troubleshooting

Answer: A E 


Question 6

When a host transmits data across a network to another host, which process does the data go through?

A. standardization

B. conversion

C. encapsulation

D. synchronization

Answer: C


To transmit to another host, a host must go through the TCP/IP model (very similar to the OSI model). At each layer, the message is encapsulated with that layer’s header (and trailer if it has). This process is called encapsulation.


Question 7

Which two Ethernet fiber-optic modes support distances of greater than 550 meters?

A. 1000BASE-CX


C. 1000BASE-LX

D. 1000BASE-SX

E. 1000BASE-ZX 

Answer: C E


Below lists the cabling standards mentioned above




Maximum length


Twinaxial cabling

25 meters


Two strands, multimode

400 m


Long-wavelength laser, MM orSM fiber

10 km (SM)3 km (MM)


Short-wavelength laser, MM fiber

220 m with 62.5-micron fiber; 550 mwith 50-micron fiber


Extended wavelength, SM fiber

100 km



MM: Multimode

SM: Single-mode

(Reference: The official self-study test preparation guide to the Cisco CCNA INTRO exam 640-821)


Question 8

Refer to the exhibit. What type of connection would be supported by the cable diagram shown?

































A. PC to router

B. PC to switch

C. server to router

D. router to router

Answer: B


From the “Pin” and “Color” in the exhibit we know that this is a straight-through cable so it can be used to connect PC to switch.


Question 9

Refer to the exhibit. What type of connection would be supported by the cable diagram shown?

































A. PC to router

B. PC to switch

C. server to switch

D. switch to router

Answer: A


This is a crossover cable so it can be used to connect PC and router.



Question 10

Which two topologies are using the correct type of twisted-pair cables? (Choose two)

A. using-the-correct-type-of-twisted-pair-cables01.jpg

B. using-the-correct-type-of-twisted-pair-cables02.jpg

C. using-the-correct-type-of-twisted-pair-cables03.jpg

D. using-the-correct-type-of-twisted-pair-cables04.jpg

E. using-the-correct-type-of-twisted-pair-cables05.jpg

Answer: D E

More Related Cisco CCNA Tips:

Core Topics Covered on the CCNA Exam

Tutorial for CCNA Certification: Talking About Switch Port Security

Best Path for Getting Your CCNA Certification

10 Things to Know About the Cisco CCNA Voice Certification

Cisco Routing Quiz for Preparing CCNA Exam

Guide to Cisco CCNA Voice Exam 640-461…Reviews, Main Topics

Top 5 VoIP Concepts to Know for CCNA Voice—VoIP Basic for CCNA Voice Exam

Read more

Cisco Unified Wired & Wireless Access into Its New Catalyst 3850 Switch

March 7 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Cisco has pushed its Unified Access networking strategy past the management layer by introducing a new edge switch, which has wireless LAN control functionality, and processes both wired and wireless traffic on the same platform.


With this switch, enterprises will no longer have to tunnel traffic from wireless access points (APs) to a central controller. Instead they can terminate wireless traffic on an edge switch, where they will be able to secure and manage both wired and wireless traffic.


Cisco has "truly for the first time integrated their wired and wireless infrastructure in terms of having one box and using one ASIC [application-specific integrated circuit] that really handles traffic irrespective of whether it is coming in from the wired or wireless LAN standpoint," said Rohit Mehra, vice president of network infrastructure research at Framingham, Mass.-based IDC.


The new Cisco Catalyst 3850 switch, a successor to the workhorse 3750, is built with a new, programmable ASIC, the Unified Access Data Plane (UADP) chip, which gives it the wireless LAN control functionality. A single stack of Catalyst 3850 will support up to 50 access points and 2,000 clients with 40 Gbps of controller throughput.


"In this day and age where wireless traffic has really exploded, and you're carrying all kinds of heavy, latency-sensitive wireless traffic like voice and video, routing all the traffic back to a controller adds an exceptionally large amount of overhead on the network, both local area and wide area," Mehra said.


Not only does this integrated wireless LAN control reduce load on the network, it also enhances traffic management and Quality of Service (QoS) functionality. Because traffic from the wireless LAN is no longer tunneled, it crosses the rest of the wired network as standard IP traffic. Enterprises can now apply the same policies and controls to wired and wireless traffic.


As a result, Cisco customers can do things like granular, hierarchical QoS across their entire infrastructure, said Rob Soderbery, senior vice president and general manager for Cisco's enterprise networking business.


"When you were processing [wired and wireless] streams in different places, doing QoS across that was difficult," he said. "Now you can see all the users and data in one place, and you can set tiered levels on QoS. You can do QoS on a given access point, so you can make sure no one is frozen out. You can then set QoS up to a switch and up to a branch and manage that entire path."


With the Catalyst 3850, wireless LAN traffic will become more efficient, particularly as users are moving from access point to access point, said Andre Kindness, senior analyst with Cambridge, Mass.-based Forrester Research Inc.


"When you're bouncing from AP to AP, you end up tunneling back [from the controller] to the AP where you started from and that's not always the best path possible, from a VoIP call and latency perspective. You want to follow the user. That's why there's this movement to pushing control back to the edge. You start enforcing policies based on users and applications and where the best connection is."


The Cisco Catalyst 3850 is a stackable switch that ships with either 24 or 48 Gigabit Ethernet (GbE) ports, with or without Power over Ethernet (PoE) and optional modules for 10 GbE uplinks. Its prices are identical to comparable configurations of the Catalyst 3750, although customers will have to pay an additional license to activate the wireless control functionality.


Goodbye AirOS: IOS to rule wireless LAN

In addition to the Catalyst 3850, Cisco introduced the Cisco 5760 wireless LAN controller for customers who are not yet ready to dump their controller-based systems. This premium device can manage 1,000 access points and 12,000 clients with 60 Gbps of throughput. It runs on the same ASIC platform as the Catalyst 3850 switch.


The 5760 is also the first Cisco wireless LAN controller to ever run IOS, marking a departure from the AirOS operating system that has powered the company's controllers since it acquired wireless networking vendors Airespace. Soderbery said Cisco will gradually upgrade all of its wireless controllers to run IOS instead of AirOS.


"All the training and learning that network managers have undergone with IOS, they can now use those skills and leverage them on just one platform, whether for wired or wireless," Mehra said.

Many enterprises will be slow to adopt the Catalyst 3850 with its wireless LAN control function, so central controllers running IOS will be important to Cisco's efforts to unify wired and wireless, Forrester's Kindness said.


Cisco is "worried about customers who just bought 3750s in the last year or two," he said. "Most edge switches are kept around for five to seven years so it doesn't make sense for them to replace the edge with this new switch."


Because the 5760 runs IOS, network managers can take advantage of the same services and features that are available on Cisco's switches, including Application Visibility and Control (AVC) and TrustSec. Users can also set policies, such as QoS, on the controller in the same way they do on switches and routers.


The 5760 controller has a base list price of $20,000.


ISE-MDM integration and Prime 360 Experience

Cisco also updated its Identity Services Engine (ISE) and Prime Infrastructure. ISE 1.2 now integrates with mobile device management (MDM) software from Good Technology, Airwatch, MobileIron, Zenprise and SAP.


Prime Infrastructure 2.0 has a new 360 Degree Experience that allows network managers to pivot their view of network activity by users, devices, applications and services. With this new feature, a network manager can click to see, for instance, all the network users who are using Twitter, or all the people who are connecting via an iPad, Soderbery said.

---Original From http://searchnetworking.techtarget.com/news/2240177385/New-Cisco-Catalyst-3850-switch-has-integrated-wireless-LAN-control


More Related Cisco Catalyst Switch Tips:

More Popular Topics Related to Cisco Catalyst 2960-S FlexStack

What is Exact Cisco Catalyst 2960-S FlexStack?

Cisco Nexus 6000 Switches: High-Density, Compact Form Factor

Cisco Catalyst 6500 vs. Cisco Nexus 7000 Switch

Feature Comparison of Cisco Main Catalyst Switches-Catalyst 2960, 2950, Catalyst 3560, 3550

How to Configure a Cisco 3750?

Read more

Cisco ISR G2 Management Overview-Cisco 1900 Routers

March 5 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

The new Cisco Integrated Services Routers Generation 2 (ISR G2) Family of routers delivers the borderless network that can transform the branch office and customers' experience while enabling business innovation and growth. Supporting the operation of these innovations, Cisco ISR G2 routers provide a rich set of management capabilities that exceed and complement what is available through industry standards. This document discusses these capabilities and related management applications that enable effective operations of Cisco ISR G2 networks and services.


Embedded Management Capabilities

The new Cisco ISR G2 routers provide extensive support for standard Simple Network Management Protocol (SNMP) MIBs and syslogs, allowing comprehensive network management using Cisco or third-party network management systems (NMSs). For additions and updates to Cisco ISR G2-specific MIBs, syslogs, and command-line interfaces (CLIs), please refer to the ISR G2 Manageability Document at:



In addition to the standard MIBs and syslogs, the Cisco ISR G2 routers deliver industry-leading manageability and automation capabilities with the primary objective of providing the lowest total cost of ownership (TCO). Cisco embedded management capabilities provide comprehensive network management functions, from proactive diagnostics to Web 2.0 open interface to policy-based automation.


Figure 1.Cisco IOS Software Embedded Management Capabilities in Cisco ISR G2 Routers



The new Cisco IOS Web Services Management Agent (WSMA) is a management capability embedded in the software that allows advanced configuration, provisioning, and data collection using industry-standard web services. WSMA provides consistent XML messaging format to CLI commands across Cisco IOS Software releases, eliminating the need for error-prone "screen scraping many companies use to configure, manage, and provision.


For more information about WSMA, please visit:




While SNMP and syslog provide the standard protocols for monitoring, the Cisco ISR G2 routers provide many additional capabilities for higher visibility into networks and services. Table 1 shows the recommended usage.

Table 1. Cisco IOS Embedded Management Monitoring Features


What It Does for Monitoring

Recommended Usage


Collects SNMP MIB data and monitors events (standard protocol)

Used by Cisco and third-party applications for performance and fault monitoring


Monitors events (standard protocol)

Used for monitoring through the console; can also be used by monitoring applications

IP Service-Level Agreements (IP SLAs)

Mimics real traffic to measure traffic statistics

Used for measuring service-level indicators, including delay, jitter, and availability

Flexible NetFlow

Collects packet header information

Monitors application performance and usage pattern, as well as security

Cisco IOS Embedded Event Manager (EEM)

Monitors events and reacts based on user-defined policy

Enables onboard automation for fault detection, troubleshooting, and recovering

The Cisco ISR G2 routers provide the network platform for borderless services. As you run more services on your network, you can use IP SLAs to monitor critical network traffic performance indicators, including delay, jitter, and link availability. IP SLAs mimic real-world traffic to proactively identify service-level problems before your users do. Integrating with a broad set of Cisco and third-party NMS applications, IP SLAs set the standard for leadership in proactive performance monitoring.


With the Cisco ISR G2 routers, Cisco extends IP SLA capabilities to support 30 different types of simulated traffic, delivering complete performance measurement from application monitoring (HTTP, FTP, etc.) to transport monitoring (User Datagram Protocol [UDP] jitter, Multiprotocol Label Switching [MPLS], etc.).

For more information about IP SLAs, please go to http://www.cisco.com/go/ipslas.


Flexible NetFlow (FNF) is the next generation in NetFlow technology. As more services and applications such as business video run in the network, FNF provides the visibility of the network infrastructure needed for optimizing resource usage and planning capacity, reducing operation costs, and detecting security incidents. FNF provides more flexibility and scalability beyond traditional NetFlow by enabling customization of traffic identification, such as source, destination, timing, and application information. Further, FNF provides enhanced network anomaly and security detection to help quickly identify and remediate security risks.

For more information about Flexible NetFlow, please go to http://www.cisco.com/go/fnf.



Cisco IOS EEM is a powerful and flexible feature in Cisco IOS Software that provides real-time event detection and onboard automation. Using EEM, you can program the behavior of the network devices to align with your business needs. EEM supports more than 20 event detectors that are highly integrated with different Cisco IOS Software components to trigger actions in response to network events. You can program these actions using a simple CLI-based interface or Tool Command Language (Tcl) scripting language.


Cisco IOS EEM enables network managers to build significant intelligence within Cisco devices to create highly customizable and cost-effective solutions for automated troubleshooting, fault detection and recovery, device configuration, and provisioning.

For more information, please go to http://www.cisco.com/go/eem.


Network Management Applications

Network management applications are instrumental in lowering operating expenses (OpEx) while improving network availability by simplifying and automating many of the day-to-day tasks associated with managing an end-to-end network. Supporting the new Cisco ISR G2 routers, these management applications enable quick and easy deployment, monitoring, troubleshooting, and ongoing changes.


Cisco provides a wide array of management applications to suit different operation needs. Table 2 provides an overview of the relevant applications for managing the Cisco ISRs and the new Cisco ISR G2 routers.

Table 2. Cisco Network Management Applications for Cisco ISR G2 Routers

Application Name

Primary Scope


Cisco License Manager

License management

Application for managing Cisco licenses and pay-as-you-grow service model

Cisco Configuration Professional

Device management

GUI-based device configuration application for access routers and service modules

CiscoWorks LAN Management Solution (LMS)

Network management

Comprehensive network management suite for all operation phases

CiscoWorks QoS Policy Manager

Network management

Quality-of-service (QoS) management application

Cisco Branch Office Network Analysis Module

Network management

Cisco ISR G2 service modules that provide traffic monitoring, reporting, diagnostics, and deep packet inspection

Cisco Configuration Engine

Network management

Application that allows zero-touch and near zero-touch deployment; suitable for large-scale deployment

Cisco Security Manager and Cisco Security Monitoring, Analysis and Response System (Cisco Security MARS)

Service management

Security management application

Cisco Unified Communications Management Suite

Service management

Cisco Unified Communications management application

Cisco Wide Area Application Services (WAAS) Central Manager

Service management

Cisco WAAS management application


IP Network Infrastructure Management

Cisco Licensing Manager v3.0 is a secure client/server-based application to manage Cisco software licenses and enable the pay-as-you-grow service model. It automates Cisco Software Activation workflow through its wizard-based GUI and scales for large network deployments. The application accelerates deployment of software licenses using a simple, rule-based policy interface and enables rapid rollout of advanced services in the network.


For more information about Cisco License Manager, please visit: http://www.cisco.com/go/clm.

Cisco Configuration Professional v2.0 is a GUI-based device management tool for Cisco ISR and Cisco ISR G2 routers. This tool simplifies routing, firewall, IPS, VPN, unified communications, WAN, and LAN configuration through GUI-based easy-to-use wizards.


Cisco Configuration Professional is a valuable productivity-enhancing tool for network administrators and channel partners for deploying routers with increased confidence and ease. It offers a one-click router lockdown and an innovative security auditing capability to check and recommend changes to router configuration.

Cisco Configuration Professional is free and can be downloaded at



CiscoWorks LAN Management Solution v3.2 is an integrated suite of management tools that simplify the configuration, administration, monitoring, and troubleshooting of Cisco networks. Built upon popular Internet-based standards, CiscoWorks LMS applications help network operators manage their network through a browser-based interface that is accessible anytime from anywhere within the network. CiscoWorks LMS maintains a centralized list of all Cisco network devices and their credentials; the list serves as a single repository for all CiscoWorks applications, whether they are installed locally or distributed in a multiserver deployment.


CiscoWorks LMS quickly discovers, inventories, configures, troubleshoots, and manages the new Cisco ISR-G2 routers as soon as they are deployed in the network. For these new routers, CiscoWorks LMS provides additional value-added functions for managing the Cisco Services Ready Engine (SRE) module, including: discovery of SRE modules and their attributes, software image deployment, and initial setup and configuration of a single or multiple SRE instances. It also provides configuration, monitoring, and reporting for the Cisco EnergyWise solution.

For more information about CiscoWorks LMS, please visit: http://www.cisco.com/go/lms.


CiscoWorks QoS Policy Manager (QPM) v4.3 provides comprehensive QoS provisioning and monitoring capabilities. It allows network managers to manage and fine-tune the delay, jitter, bandwidth, and packet-loss parameters required for successful end-to-end services such as TelePresence. It can identify and monitor-in real time-the performance of networked applications, and it centrally creates and deploys to Cisco devices QoS policies to track, manipulate, and control the behavior of those applications in order to meet business demands and application requirements. The end result is networkwide intelligent, consistent, and effective QoS that allows performance protection for voice, video, and business applications while reducing costs and optimizing the use of network resources.

For more information about CiscoWorks QPM, please visit: http://www.cisco.com/go/qpm.


Cisco Branch Routers Series Network Analysis Module v4.1 is an integrated performance-monitoring and traffic-analysis solution that offers deeper insight into the branch office at both the network and application levels. It offers real-time visibility into the applications running on the network, how the network resources are being utilized, and how the end users experience the services being delivered in the branch office. The visibility also enables IT to effectively use control and optimization mechanisms such as QoS and Cisco Wide Area Application Services (WAAS) to improve performance of these services.


The innovative design of the Cisco Branch Routers Series NAM combines a rich set of embedded data-collection capabilities and performance analytics with a remotely accessible, web-based management console, all of which reside on a single network module that you can easily install into selected Cisco ISRs and ISR G2 routers. The embedded analytics can both characterize the user experience and quickly isolate and resolve any performance problems, minimizing the effect on users. The NAM further improves the operational efficiency by allowing remote troubleshooting, thereby eliminating the need to send personnel to remote sites or send large amounts of data over WAN links to the central site.

For more information about the Cisco Branch Routers Series Network Analysis Module, please go to http://www.cisco.com/go/nam.


Cisco Configuration Engine v3.0 is a network management application that provides highly scalable, secure, efficient initial deployment and day-2 configuration and image upgrades. Using a set of Cisco IOS Software agents, the Cisco Configuration Engine automates the deployment of Cisco IOS Software configuration files and images-eliminating the need for traditional staging or onsite technical presence, and achieving zero-touch deployment. This application can streamline the deployment process to drastically reduce deployment time and costs.

For more information about Cisco Configuration Engine, please go to:



Unified Communications Management

Cisco Unified Communications Management Suite v7.1(2) is designed specifically for managing Cisco Unified Communications Solutions. The Cisco Unified Communications Management Suite offers integrated provisioning, monitoring, troubleshooting, and reporting capabilities. Operators can view and operate all applications in the suite from a customizable, web-based dashboard interface. This interface simplifies management of the entire unified communications network, including the network infrastructure, call control, user endpoints, and unified communications applications.


The suite comprises four applications:

• Cisco Unified Provisioning Manager v2.2

• Cisco Unified Operations Manager v2.2

• Cisco Unified Service Monitor v1.3.1

• Cisco Unified Service Statistics Manager v1.2


Cisco Unified Communications Management Suite supports the Cisco ISR G2 routers both as a platform for the Express call control family and as a gateway for call trunking in the network.

For more information about Cisco Unified Communications Management, please go to: http://www.cisco.com/go/ucmanagement.


Security Management

Cisco Security Manager v3.3 is an enterprise-class management application designed to configure firewall, VPN, and intrusion-prevention-system (IPS) security services on Cisco network and security devices, including the new Cisco ISR G2 routers. You can use Cisco Security Manager in networks of all sizes by using policy-based management techniques. Cisco Security Manager works in conjunction with Cisco Security MARS. Used together, these two applications provide a comprehensive security management solution that addresses configuration management, security monitoring, analysis, and mitigation.

For more information, please go to http://www.cisco.com/go/csmanager.


Cisco Security MARS v6.0.4 provides security monitoring for network devices and host applications supporting both Cisco and other vendors. Security monitoring with Cisco Security MARS greatly reduces false positives by providing an end-to-end topological view of the network, helping improve threat identification, mitigation responses, and compliance.

For more information about Cisco Security MARS, please go to http://www.cisco.com/go/csmars.


Cisco Wide Area Application Services Management

Cisco Wide Area Application Services Central Manager (WCM) 4.1 is a management application that runs on Cisco Wide Area Application Engine (WAE) Appliances. Cisco WCM provides scalable, secure, robust, and centralized web management for all Cisco WAE appliances and Wide Area Application Services (WAAS) network modules in the Cisco ISR G2 routers. It allows a network manager to easily perform device-specific or systemwide configuration, including policy configuration and distribution within the WAAS deployment. It can also monitor and generate reports on the WAAS environment.


For more information about Cisco WCM, please go to:



The new Cisco ISR G2 routers provide the platform for borderless networking and borderless services with low TCO. The embedded management capabilities and the extensive Cisco and third-party network management applications that support the new Cisco ISR G2 routers help ensure that you can confidently deploy and manage your borderless network. This document provides only high-level descriptions of these capabilities and applications. For more details, please visit the respective URLs, or contact your Cisco account representatives. 

---Resource from http://www.cisco.com/en/US/prod/collateral/routers/ps10538/white_paper_c78_556613.html

More Related Cisco ISR G2 Info:

Cisco Integrated Services G2 Routers, Innovation Engine for Borderless Networks

Cisco: Cloud Connected Solution Unveiled for Cisco ISR and ASR Routers

Read more

Cisco CCNA Tips–Answers to Protocols & Services Questions

February 28 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Certification - CCNA - CCNP - CCIE

Here we will offer some Cisco CCNA Tips–Protocols & Services Questions with Answers and Explanations

Question 1

An administrator attempts a traceroute but receives a “Destination Unreachable” message. Which protocol is responsible for that message?


Answer: C


The ICMP destination unreachable message is generated by a router (which is reachable) to inform the source host that the destination unicast address is unreachable.


Question 2

DNS servers provide what service?

A. They run a spell check on host names to ensure accurate routing 
B. They convert domain names into IP address 
C. Given an IP address.they determine the name of the host that is sought 
D. They map individual hosts to their specific IP addresses

Answer: B


For example, when you open a web browser (IE, Firefox…) and type a domain (like google.com). This domain will be sent to a DNS server. The DNS server looks up this domain in its database and sends back a corresponding IP address which you can use to access that website.

Note: A DNS server can be a dedicated device for DNS service or integrated into a networking device (like router).


Question 3

Which of the following protocols uses both TCP and UDP ports?

B. Telnet 

Answer: D


DNS can use either the User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) with a destination port of 53.


Simple Mail Transfer Protocol (SMTP) is specified for mail transport and uses TCP port 25.
Telnet uses TCP on port 23.
File Transfer Protocol (FTP) uses TCP on port 20, 21.
Trivial File Transfer Protocol (TFTP) uses UDP on port 69.
HTTP Secure (HTTPS) uses TCP on port 443.


Question 4

Which protocol should be used to establish a secure terminal connection to a remote network device?

C. Telnet

Answer: B


Secure Shell (SSH) protocols secure terminal session data across insecure environments such as the internet.


Question 5

A network administrator issues the ping command and successfully tests connectivity to a host that has been newly connected to the network. Which protocols were used during the test? (Choose two)


Answer: A E


In this question we are not sure the host is in or outside the local network. But in both cases the ARP protocol are used to get the MAC address:

If host is inside the local network, our device will broadcast an ARP Request to ask the MAC address of the host (something like “If your IP is, please send me your MAC address”).
If host is outside the local network, our device will broadcast an ARP Request to ask the MAC address of the local port (the port in the same subnet with our device) of the default gateway. Notice that the IP of the default gateway has been already configured in our device.

-> In both cases, our device must broadcast an ARP Request -> A is correct.

After getting the ARP of the destination device, our device will use ICMP protocol to send the “ping” -> E is correct.

Note: The question states “the host has been newly connected to the network” which means our device hasn’t had the MAC address of this host in its ARP table -> it needs to send ARP Request.

There is one situation which makes answer A incorrect: the newly connected host is outside the network but our device has already learned the MAC address of the default gateway -> in this case no ARP Request will be sent. So I assume the question wants to imply the newly connected host is in the local network.


Question 6

Which network protocol does DNS use?


Answer: D


It is funny that in Question 3 I answered “DNS uses both TCP & UDP” but in this question we can only choose one answer and it should be “DNS uses UDP”. So I wish to explain more:

Normally a client sends a DNS Query using UDP Protocol over Port 53. If it does not get response from a DNS Server, it must re-transmit the DNS Query using TCP after 3-5 seconds. So we can say DNS prefers using UDP to TCP -> the answer should be UDP.


Question 7

When two hosts are trying to communicate across a network, how does the host originating the communication determine the hardware address of the host that it wants to “talk” to?

A. RARP request
B. Show Network Address request
C. Proxy ARP request
D. ARP request
E. Show Hardware Address request

Answer: D


The address resolution protocol (ARP) is a protocol used to map IP network addresses to the hardware addresses.

If the destination host is inside the local network, the originating host will broadcast an ARP Request to ask the MAC address of that host.
If the destination host is outside the local network, the originating host will broadcast an ARP Request to ask the MAC address of the local port (the port in the same subnet with our device) of the default gateway. Notice that the IP of the default gateway has been already configured in our device.


Question 8

Refer to the exhibit, Host A pings interface S0/0 on router 3, what is the TTL value for that ping?


A. 253
B. 252 
C. 255 
D. 254

Answer: A


From the CCNA ICND2 Exam book: “Routers decrement the TTL by 1 every time they forward a packet; if a router decrements the TTL to 0, it throws away the packet. This prevents packets from rotating forever.” I want to make it clear that before the router forwards a packet, the TTL is still remain the same. For example in the topology above, pings to S0/1 and S0/0 of Router 2 have the same TTL.

The picture below shows TTL values for each interface of each router and for Host B. Notice that Host A initializes ICMP packet with a TTL of 255:


More Topics Related to Networking Protocols:

BGP Routing Protocol Tips You Need to Know

Routing Information Protocol & RIP Configuration

How to Configure IGRP (Interior Gateway Routing Protocol)?

How to Configure Basic NAT with Overloading?

10 Things to Know About the Cisco CCNA Voice Certification

Read more

Understanding EIGRP by FAQs

February 26 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Networking

This DOC contains frequently asked questions (FAQs) about IP Enhanced Interior Gateway Routing Protocol (EIGRP).


Q. Does EIGRP require an ip default-network command to propagate a default route?

A. Although EIGRP can propagate a default route using the default network method, it is not required. EIGRP redistributes default routes directly.


Q. Should I always use the eigrp log-neighbor-changes command when I configure EIGRP?

A. Yes, this command makes it easy to determine why an EIGRP neighbor was reset. This reduces troubleshooting time.


Q. Does EIGRP support secondary addresses?

A. EIGRP does support secondary addresses. Since EIGRP always sources data packets from the primary address, Cisco recommends that you configure all routers on a particular subnet with primary addresses that belong to the same subnet. Routers do not form EIGRP neighbors over secondary networks. Therefore, if all of the primary IP addresses of routers do not agree, problems can arise with neighbor adjacencies.


Q. What debugging capabilities does EIGRP have?

A. There are protocol-independent and -dependent debug commands. There is also a suite of show commands that display neighbor table status, topology table status, and EIGRP traffic statistics. Some of these commands are:


Q. What does the word serno mean on the end of an EIGRP topology entry when you issue the show ip eigrp topology command?

A. For example:

show ip eigrp topology

P, 2 successors, FD is 46163456

via (46163456/45651456), Serial0.2, serno 7539273

via (46163456/45651456), Serial2.6, serno 7539266

Serno stands for serial number. When DRDBs are threaded to be sent, they are assigned a serial number. If you display the topology table at the time an entry is threaded, it shows you the serial number associated with the DRDB.


Threading is the technique used inside the router to queue items up for transmission to neighbors. The updates are not created until it is time for them to go out the interface. Before that, a linked list of pointers to items to send is created (for example, the thread).


These sernos are local to the router and are not passed with the routing update.


Q. What percent of bandwidth and processor resources does EIGRP use?

A. EIGRP version 1 introduced a feature that prevents any single EIGRP process from using more than fifty percent of the configured bandwidth on any link during periods of network convergence. Each AS or protocol (for instance, IP, IPX, or Appletalk) serviced by EIGRP is a separate process. You can use the ip bandwidth-percent eigrpinterface configuration command in order to properly configure the bandwidth percentage on each WAN interface. Refer to the EIGRP White Paper for more information on how this feature works.

In addition, the implementation of partial and incremental updates means that EIGRP sends routing information only when a topology change occurs. This feature significantly reduces bandwidth use.


The feasible successor feature of EIGRP reduces the amount of processor resources used by an autonomous system (AS). It requires only the routers affected by a topology change to perform route re-computation. The route re-computation only occurs for routes that were affected, which reduces search time in complex data structures.


Q. Does EIGRP support aggregation and variable length subnet masks?

A. Yes, EIGRP supports aggregation and variable length subnet masks (VLSM). Unlike Open Shortest Path First (OSPF), EIGRP allows summarization and aggregation at any point in the network. EIGRP supports aggregation to any bit. This allows properly designed EIGRP networks to scale exceptionally well without the use of areas. EIGRP also supports automatic summarization of network addresses at major network borders.


Q. Does EIGRP support areas?

A. No, a single EIGRP process is analogous to an area of a link-state protocol. However, within the process, information can be filtered and aggregated at any interface boundary. In order to bound the propagation of routing information, you can use summarization to create a hierarchy.


Q. Can I configure more than one EIGRP autonomous system on the same router?

A. Yes, you can configure more than one EIGRP autonomous system on the same router. This is typically done at a redistribution point where two EIGRP autonomous systems are interconnected. Individual router interfaces should only be included within a single EIGRP autonomous system.

Cisco does not recommend running multiple EIGRP autonomous systems on the same set of interfaces on the router. If multiple EIGRP autonomous systems are used with multiple points of mutual redistribution, it can cause discrepancies in the EIGRP topology table if correct filtering is not performed at the redistribution points. If possible, Cisco recommends you configure only one EIGRP autonomous system in any single autonomous system. You can also use another protocol, such as Border Gateway Protocol (BGP), in order to connect the two EIGRP autonomous systems.


Q. If there are two EIGRP processes that run and two equal paths are learned, one by each EIGRP process, do both routes get installed?

A. No, only one route is installed. The router installs the route that was learned through the EIGRP process with the lower Autonomous System (AS) number. In Cisco IOS Software Releases earlier than 12.2(7)T, the router installed the path with the latest timestamp received from either of the EIGRP processes. The change in behavior is tracked by Cisco bug ID CSCdm47037.


Q. What does the EIGRP stuck in active message mean?

A. When EIGRP returns a stuck in active (SIA) message, it means that it has not received a reply to a query. EIGRP sends a query when a route is lost and another feasible route does not exist in the topology table. The SIA is caused by two sequential events:

  • The route reported by the SIA has gone away.
  • An EIGRP neighbor (or neighbors) have not replied to the query for that route.

When the SIA occurs, the router clears the neighbor that did not reply to the query. When this happens, determine which neighbor has been cleared. Keep in mind that this router can be many hops away. Refer to What Does the EIGRP DUAL-3-SIA Error Message Mean? for more information.


Q. What does the neighbor statement in the EIGRP configuration section do?

A. The neighbor command is used in EIGRP in order to define a neighboring router with which to exchange routing information. Due to the current behavior of this command, EIGRP exchanges routing information with the neighbors in the form of unicast packets whenever the neighbor command is configured for an interface. EIGRP stops processing all multicast packets that come inbound on that interface. Also, EIGRP stops sending multicast packets on that interface.


The ideal behavior of this command is for EIGRP to start sending EIGRP packets as unicast packets to the specified neighbor, but not stop sending and receiving multicast packets on that interface. Since the command does not behave as intended, the neighbor command should be used carefully, understanding the impact of the command on the network.


Q. Why does the EIGRP passive-interface command remove all neighbors for an interface?

A. The passive-interface command disables the transmission and receipt of EIGRP hello packets on an interface. Unlike IGRP or RIP, EIGRP sends hello packets in order to form and sustain neighbor adjacencies. Without a neighbor adjacency, EIGRP cannot exchange routes with a neighbor. Therefore, the passive-interface command prevents the exchange of routes on the interface. Although EIGRP does not send or receive routing updates on an interface configured with the passive-interface command, it still includes the address of the interface in routing updates sent out of other non-passive interfaces. Refer to How Does the Passive Interface Feature Work in EIGRP?For more information.


Q. Why are routes received from one neighbor on a point-to-multipoint interface that runs EIGRP not propagated to another neighbor on the same point-to-multipoint interface?

A. The split horizon rule prohibits a router from advertising a route through an interface that the router itself uses to reach the destination. In order to disable the split horizon behavior, use the no ip split-horizon eigrp as-numberinterface command. Some important points to remember about EIGRP split horizon are:

  • Split horizon behavior is turned on by default.
  • When you change the EIGRP split horizon setting on an interface, it resets all adjacencies with EIGRP neighbors reachable over that interface.
  • Split horizon should only be disabled on a hub site in a hub-and-spoke network.
  • Disabling split horizon on the spokes radically increases EIGRP memory consumption on the hub router, as well as the amount of traffic generated on the spoke routers.
  • The EIGRP split horizon behavior is not controlled or influenced by the ip split-horizon command.

For more information on split horizon and poison reverse, refer to Split Horizon and Poison Reverse. For more information on commands, refer to EIGRP Commands.


Q. When I configure EIGRP, how can I configure a network statement with a mask?

A. The optional network-mask argument was first added to the network statement in Cisco IOS Software Release 12.0(4)T. The mask argument can be configured in any format (such as in a network mask or in wild card bits). For example, you can use network or network


Q. I have two routes: and How can I deny while I allow in EIGRP?

A. In order to do this you need to use a prefix-list, as shown here:

router eigrp 100


       distribute-list prefix test in


       no eigrp log-neighbor-changes


       ip prefix-list test seq 5 permit

This allows only the prefix and therefore denies


Note: The use of ACL and distribute-list under EIGRP does not work in this case. This is because ACLs do not check the mask, they just check the network portion. Since the network portion is the same, when you allow, you also allow


Q. I have a router that runs Cisco Express Forwarding (CEF) and EIGRP. Who does load-balancing when there are multiple links to a destination?

A. The way in which CEF works is that CEF does the switching of the packet based on the routing table which is populated by the routing protocols such as EIGRP. In short, CEF does the load-balancing once the routing protocol table is calculated. Refer to How Does Load Balancing Work? for more information on load balancing.


Q. How do you verify if the EIGRP Non Stop Forwarding (NSF) feature is enabled?

A. In order to check the EIGRP NSF feature, issue the show ip protocols command. Here is the sample output:

show ip protocols

  Routing Protocol is "eigrp 101"


  Outgoing update filter list for all interfaces is not set


  Incoming update filter list for all interfaces is not set


  Default networks flagged in outgoing updates


  Default networks accepted from incoming updates


  EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0


  EIGRP maximum hopcount 100


  EIGRP maximum metric variance 1


  Redistributing: eigrp 101


  EIGRP NSF-aware route hold timer is 240s


  Automatic network summarization is in effect


  Maximum path: 4


  Routing for Networks:


  Routing Information Sources:


  Gateway         Distance      Last Update


  Distance: internal 90 external 170


This output shows that the router is NSF-aware and the route-hold timer is set to 240 seconds, which is the default value.


Q. How can I use only one path when a router has two equal cost paths?

A. Configure the bandwidth value on the interfaces to default, and increase the delay on the backup interface so that the router does not see two equal cost paths.


Q. What is the difference in metric calculation between EIGRP and IGRP?

A. The EIGRP metric is obtained when you multiply the IGRP metric by 256. The IGRP uses only 24 bits in its update packet for the metric field, but EIGRP uses 32 bits in its update packet for the metric field. For example, the IGRP metric to a destination network is 8586, but the EIGRP metric is 8586 x 256 = 2,198,016. Integer division is used when you divide 10^7 by minimum BW, so the calculation involves integer division, which leads to a variation from manual calculation.


Q. What is the EIGRP Stub Routing feature?

A. The Stub routing feature is used to conserve bandwidth by summarizing and filtering routes. Only specified routes are propagated from the remote (Stub) router to the distribution router because of the Stub routing feature. For more information about the Stub routing feature, refer to EIGRP Stub Routing. The EIGRP stub feature can be configured on the switch with the eigrp stub [receive-only] [leak-map name] [connected] [static] [summary] [redistributed] command. This feature can be removed with the no eigrp stub command. When you remove theeigrp stub command from the switch, the switch that runs the IP Base image throws this error:

EIGRP is restricted to stub configurations only

This issue can be resolved if you upgrade to Advanced Enterprise Images. This error is documented inCSCeh58135.


Q. How can I send a default route to the Stub router from the hub?

A. Do this under the outbound interface on the hub router with the ip summary-address eigrp X This command suppresses all the more specific routes and only sends the summary route. In the case of the, it means it suppresses everything, and the only route that is in the outbound update is One drawback to this method is that EIGRP installs a route to Null0 is the local routing table with an admin distance of 5.


Q. What are different route types in EIGRP?

A. There are three different types of routes in EIGRP:

  • Internal Route—Routes that are originated within the Autonomous System (AS).
  • Summary Route—Routes that are summarized in the router (for example, internal paths that have been summarized).
  • External Route—Routes that are redistributed to EIGRP.


Q. How do you redistribute an IPv6 default route in EIGRP?

A. For redistributing an IPv6 default route in EIGRP, a sample configuration is shown here:

ipv6 prefix-list DEFAULT-ONLY-V6 seq 10 permit ::/0

route-map DEFAULT_2EIGRP-V6 permit 10

match ipv6 address prefix-list DEFAULT-ONLY-V6

router eigrp Starz_EIGRP

address-family ipv6 unicast

redistribute static route-map DEFAULT_2EIGRP-V6


Q. How does EIGRP behave over a GRE tunnel compared to a directly connected network?

A. EIGRP will use the same administrative distance and metric calculation for the GRE tunnel. The cost calculation is based on bandwidth and delay. The bandwidth and delay of the GRE tunnel will be taken from the tunnel interface configured on the router. The tunnel will also be treated like a directly connected network. If there are two paths to reach a network either through a VLAN interface or tunnel interface, EIGRP prefers the Virtual-Access Interface (VAI) VLAN interface because the VLAN interface has greater bandwidth than the tunnel interface. In order to influence the routing through the tunnel interface, increase the bandwidth parameter of the tunnel interface, or increase the delay parameter of the VLAN interface.


Q. What is an offset-list, and how is it useful?

A. The offset-list is an feature used to modify the composite metrics in EIGRP. The value configured in the offset-list command is added to the delay value calculated by the router for the route matched by an access-list. An offset-list is the preferred method to influence a particular path that is advertised and/or chosen.


Q. How can I tag external routes in EIGRP?

A. You can tag routes that EIGRP has learned from another routing protocol using a 32 bit tag value. Starting with ddts CSCdw22585, internal routes can also be tagged. However, the tag value cannot exceed 255 due to packet limitations for internal routes.


Q. What are the primary functions of the PDM?

A. EIGRP supports 3 protocol suites: IP, IPv6, and IPX. Each of them has its own PDM. These are the primary functions of PDM:

  • Maintaining the neighbor and topology tables of EIGRP routers that belong to that protocol suite
  • Building and translating protocol specific packets for DUAL
  • Interfacing DUAL to the protocol specific routing table
  • Computing the metric and passing this information to DUAL; DUAL handles only the picking of the feasible successors (FSs)
  • Implement filtering and access lists.
  • Perform redistribution functions to/from other routing protocols.


Q. What are the various load-balancing options available in EIGRP?

A. The offset-list can be used to modify the metrics of routes that EIGRP learns through a particular interface, or PBR can be used.


Q. What does the %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor (Tunnel0) is down: holding time expired error message mean?

A. This message indicates that the router has not heard any EIGRP packets from the neighbor within the hold-time limit. Because this is a packet-loss issue, check for a Layer 2 problem.


Q. Is there a IPv6 deployment guide that includes EIGRPv6?

A. Refer to Deploying IPv6 in Branch Networks for more information.


Q. From the 16:29:14.262 Poison squashed: 10.X.X.X/24 reverse message, what does poison squashed mean?

A. The router threads a topology table entry as a poison in reply to an update received (the router sets up for poison reverse). While the router is building the packet that contains the poison reverse, the router realizes that it does not need to send it. For example, if the router receives a query for the route from the neighbor, it is currently threaded to poison. Thus, it sends the poison squashed message.


Q. Is it normal that EIGRP takes over 30 seconds to converge?

A. EIGRP taking longer to converge under heavy CPU usage is a normal behavior. EIGRP convergence is faster when you lower the hold time. The lowest values for hello and hold time are 1 second and 3 seconds respectively. For example:

Router(Config)# interface Fa0/0

!--- (Under an interface directly connected to EIGRP peers.)

Router(Config-if)#ip hello-interval eigrp 1

Router(Config-if)#ip hold-time eigrp 3

Note: Make sure that the hold time is changed on both ends.

For more information on EIGRP performance related issues, refer to How to resolve EIGRP performance problems.


Resource from


More Related Topics:

Why Is Cisco Bothering With “Open” EIGRP?

How to Configure IGRP (Interior Gateway Routing Protocol)?

Routing Information Protocol & RIP Configuration

How to Configure OSPF on Cisco Routers?

Read more

Virtual Private Clouds Offer Customers SLA Security

February 19 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Networking

As public cloud SLAs take heat from analysts, some enterprises say virtual private clouds offer the right mix of cloud agility and managed services reliability.


A virtual private cloud (VPC) offers on-demand Infrastructure as a Service (IaaS) external to a customer's data center, but it runs on a dedicated infrastructure, rather than a multi-tenant infrastructure. It is usually connected to each customer using a virtual private network (VPN) or another direct network connection, rather than the public Internet.


As such, a virtual private cloud can offer higher service-level agreements (SLAs) than public clouds, contracting for up to 100% uptime in some cases.


Finding the SLA that's Just Right

Some purists might consider this managed hosting rather than cloud computing, but these distinctions aren't relevant to customers such as Taylor Erickson, vice president of IT at Lanx Inc., a company that specializes in spinal care and surgical products in Bloomfield, Colo.


Lanx moved its SAP application and Active Directory to a virtual private cloud hosted by Virtustream Inc., last fall. Virtustream's xStream virtual private cloud gives the company a five-nines (99.999%) uptime SLA. Penalties start at 99.949% uptime, and were negotiated by Lanx with the help of an analyst firm to review the contract, Erickson said.


With the choice between Virtustream's xStream VPC and a public cloud provider Erickson declined to name, the virtual private cloud SLA was just one of the reasons the company chose Virtustream.


In fact, enterprise managed hosting providers such as ViaWest and Hosting.com tend to offer 100% uptime SLAs , but Virtustream's demonstrated expertise at hosting SAP appealed to Lanx, as did Virtustream's cost, which can be as low as half that of such services.  


And 99.999% uptime was still more than the company might have been able to provide on its own. For example, a week after the company's migration, an air conditioning unit in Lanx's building failed, and the server room temperature soared to 98 degrees.


"But our mission-critical SAP was up and going because we'd migrated to a cloud provider," Erickson said.


Virtual Private Cloud a Happy Medium between Public and Private Cloud

Other users say public cloud, which tends to be the lowest-cost and most elastic of all service types, has undeniable appeal, but that using it requires very careful planning.


We're all used to pushing a hoster over a barrel to get what we want. We get that, but they custom configure the environment just for us and they sign us up for a three-year commitment.

                      ---James Staten, analyst with Forrester Research


"You can never take [public cloud] off the table," said Dave Robbins, senior vice president and CIO of Ellie Mae, maker of an electronic loan origination platform and based in Pleasanton, Calif. "But if you're going to do it, what's your architecture and strategy to do it?"


Just carving out public cloud IaaS space without respect for regional diversity or how to get an ecosystem in place to exploit application delivery can be very low cost, but it's very low value as well, according to Robbins.


"It's a more complicated picture than most people think through," he said. "You have to look at the entire architecture."


In the meantime, Ellie Mae has found a happy medium in a Tier 3 Inc., virtual private cloud, tied in to an on-premise FlexPod environment that uses Cloupia, now owned by Cisco Systems Inc.


Space on Tier 3's infrastructure was used by the company last year as it migrated from an older infrastructure to the new one built on FlexPods, and simultaneously launched new products and services. Some production applications ran in Tier 3 as this process took place, and the company also uses Tier 3's VPC for QA and test systems.


VPCs Bridge a Disconnect between Public Cloud SLAs and Enterprise Expectations

Some SLAs are cryptic, but what's really more of a problem is the typical enterprise customer's disconnect in expectation from what they normally get from hosting providers and managed service providers and what they're going to get from public cloud, said James Staten, analyst with Forrester Research.


"We're all used to pushing a hoster over a barrel to get what we want. We get that, but they custom configure the environment just for us and they sign us up for a three-year commitment," he said.


Customers pursuing public cloud services tend not to want to be locked in to such commitments, and in some cases using a standardized service is going to be preferable to one custom-managed for the user, Staten said. But in these cases, the SLA is going to be lower.


Article written by Beth Pariseau from


More Related Networking News and Tips:

How to Use Cisco IP SLA to Manipulate Route Forwarding Decisions?

How to Configure Cisco IP SLA?

CCNP SWITCH 642-813 Guide: Configuring IP SLA

Cisco to Acquire Israeli Mobile Startup Intucell for $475 Million


Read more
<< < 10 20 21 22 23 24 25 26 27 28 29 30 40 > >>