Overblog Follow this blog
Administration Create my blog
Cisco & Cisco Network Hardware News and Technology

Recent posts

How to Set Up Cisco Router Passwords?

May 18 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Passwords are absolutely the best defense against would-be hackers. Leaving no passwords on a Cisco router can cause major problems. Keep in mind that using passwords is just the first line of defense, and you should have other security features on your network as well.
How-to-Set-Up-Cisco-Router-Passwords.jpg
Cisco has some defense against would-be hackers built into its router Internetworking Operating System (IOS). For example, it is impossible to Telnet into a Cisco router unless an administrator configures the router with a Telnet password or uses the No Login command, which allows users to Telnet into a router with no password. Either way, something has to be configured for Telnet to work. Also, you cannot enter privileged mode (which is the IOS EXEC mode that allows you to view or change the configuration on a router) from Telnet unless an Enable password is set. These are very basic features of Cisco routers and allow only some security.

Here, I will focus on the five basic Cisco router passwords you can use to protect your network. However, first you must know the difference between user mode and privileged mode. Both of these modes are called EXEC mode, and a prompt is used to tell you which mode you are in.

User mode CLI
The user mode EXEC command-line interface (CLI) is sometimes referred to as “useless mode” because it doesn’t do a whole lot. User mode lets you view interface statistics and is typically used by junior administrators to gather facts for the senior staff. You don’t want highly paid people sitting around gathering basic network statistics when a junior administrator can be adequately trained to document this information. To get into user mode, you can connect in one of three ways:

  • Console: An RJ-45 connection on all Cisco routers allows full access to the router if no passwords are set.
  • Aux: An RJ-45 connection on most routers allows you to connect a modem to the port, dial in to the router, and make a console connection.
  • VTY: Virtual Teletype is used to allow a Telnet connection to the router, which will then work like a console port. You must have an active interface on the router for Telnet to connect to the router.


The most important thing to understand about the three connection modes is that they get you into user mode only. To view and change the configuration, you need to be in privileged mode.

Privileged mode CLI
The privileged EXEC mode allows full access to a Cisco router by default, and the configuration can be both viewed and changed in this EXEC mode. You can enter privileged mode by first entering user mode and then typing the command enable.

It is important to remember that to change the router configuration, you must be in privileged EXEC mode. The console, aux, and VTY ports are used to get into user mode only and have nothing to do with how the router is configured.

Here is an example of how to get into privileged mode on a Cisco router through the console port:
Line con 0 now ready, press return to continue

At this point, you press Enter. Next, you will see:
Enter password:

This prompt is asking for the console user-mode password. Then, you will see:
Router>enable
Router#


The prompt at user mode is the greater-than sign (>). When you are in privileged mode, the prompt changes to a pound sign (#).

Global configuration mode
Once you are in privileged mode, you enter global configuration mode to change the configuration. You make changes by typing the command configure terminal. However, I prefer to type the shortcut command config t. This allows you to change the running-config, a file that is in DRAM and is the configuration the router is using. You can save the running-config to what is called Non-Violate RAM (NVRAM). The file that is copied into NVRAM is called startup-config and is the configuration that is copied to RAM when the router is rebooted or powered up.

Once you type configure terminalfrom privileged mode, your prompt changes to the following:
Router#configure terminal
Router(config)#


This prompt tells you that you are in global configuration mode. From here, you can make changes to the router that affect the router in whole, hence the name global configuration mode. For example, this is the location where you set the router passwords.

If you want to change the configuration of an interface, you would have to enter interface configuration mode from global configuration mode. Here is an example:
Router#configure terminal
Router(config)#interface fastethernet 0/0
Router(config-if)#


Notice the prompt is Router(config-if)#, which tells you that you are in interface configuration mode. From here, you can enable or disable the interface, add IP and IPX addresses, and more.

The five passwords
Now that you understand the difference between user mode, privileged mode, and global and interface configuration modes, you can now set the passwords for each level.

Here are the five passwords you can set on a Cisco router:

  • Console
  • Aux
  • VTY
  • Enable password
  • Enable Secret


We will discuss each of these passwords and how to configure them in the following sections.
Console
This is the basic connection into every router. To initially set up a router, you need to connect to the console port and at a minimum enable one interface and set the VTY password. After one interface is enabled and the VTY lines are configured, an administrator can then Telnet into the router and do the final configurations from that connection. However, the console port can be used to configure the complete configuration at any time. This makes it very important to protect the console port with a password.

To configure a console user-mode password, use the Line command from global configuration mode. There is only one console port on all routers, so the command is
line console 0

Here is an example:
Router#config t
Router(config)#line console 0
Router(config-line)#


Notice the prompt changed to Router(config-line)#. This prompt tells you that you are configuring the console, aux, or VTY lines.

To finish configuring the console port, you can use two more commands:

  • Login:This tells the router to look under the console line configuration for the password. If you do not use this command, you will not be prompted for a password when you connect to the router’s console port.
  • Password: This sets the console user-mode password. It is case sensitive.


The complete command will look like this:
Router#config t
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password todd


Aux
On some routers, aux is called the auxiliary port, and on some it is called the aux port. To find the complete command-line name on your router, use a question mark with the Line command as shown:
Router(config)#line ?
< 0-4> First Line Number
aux           Auxiliary line
console       Primary terminal line
vty           Virtual terminal


At this point, you can choose the correct command you need. Here is an example of setting the aux port on a Cisco router to prompt for a user-mode password with a console cable connected (this port can be used with or without a modem):
Router#config t
Router(config)#line aux 0
Router(config-line)#login
Router(config-line)#password cisco


VTY (Telnet)
The Virtual Teletype (VTY) lines are used to configure Telnet access to a Cisco router. As I mentioned earlier, the VTY lines must be configured for Telnet to be successful.

Here is an example of an administrator’s attempt to Telnet to a router that does not have the VTY lines configured:
Password not set, connection refused

This is the default on every Cisco router.

To configure the VTY lines, you must use the question mark with the command
line 0

to determine the number of lines available on your router. The number varies with the type of router and the IOS version. However, five is the most common number of lines.
Router#config t
Router(config)#line vty 0 ?
<0-4>  Last Line Number
<cr>
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password cisco


Notice that you choose all the lines available for the most efficient configuration. You can set each line individually, but because you cannot choose the line you enter the router with when you Telnet, this can cause problems.

You can tell the router to allow Telnet connections without a password by using the No Login command:
Router(config)#line vty 0 4
Router(config-line)#no login


Enable password
The Enable password is used to allow security on a Cisco router when an administrator is trying to go from user mode to privileged mode. The Enable password is an old, unencrypted password that will prompt for a password when used from privileged mode. You set the Enable password from global configuration EXEC mode and use the command
enable password password

Here is an example:
Router#config t
Router(config)#enable password lammle
Router(config)#exit
Router#disable (the disable command takes you from privilege mode back to user mode)
Router>enable
Enter password:


Enable Secret
The Enable Secret password accomplishes the same thing as Enable. However, it is encrypted by default and supercedes Enable if it is set. In other words, if you set the Enable password and then set the Enable Secret password, the Enable password will never be used.

You set the Enable Secret password from global configuration mode by using the command:
enable secret password

Here’s an example:
Router#config t
Router(config)#enable secret san jose


Encrypting your passwords
The Line command passwords (console, aux, and VTY) are not encrypted by default and can be seen by going into privileged EXEC mode and typing the command
show running-config

This displays the complete configuration that the router is running, including all the passwords. Remember that the Enable Secret password is encrypted by default, but the other four are not. To encrypt your passwords, use the global configuration command
service password-encryption

Here is an example of how to perform manual password encryption (as well as an example of how to set all five passwords):
Router#config t
Router(config)#service password-encryption
Router(config)#enable password todd
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password todd
Router(config-line)#line con 0
Router(config-line)#login
Router(config-line)#password cisco
Router(config-line)#line aux 0
Router(config-line)#login
Router(config-line)#password sanjose
Router(config-line)#exit
Router(config)#no service password-encryption
Router(config)#enable secret lammle
Router(config)#^Z


All of the passwords can be the same except the Enable and the Enable Secret passwords. You should make them different for security reasons, however.

Conclusion
It is extremely important to set your passwords on every Cisco router your company has. If you are studying for your Cisco certification exams, be sure you understand the passwords and how to set them. Remember the difference between the Enable Secret and the Enable password and that the Enable Secret password supercedes the Enable password if it’s set.

The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

---Original tutorial from:techrepublic.com

 

More Related Cisco Router Password Setup

Cisco Router Auxiliary, Console and Telnet Passwords Setup

Read more

Cisco 6500 Virtual Switching Supervisor Engine

May 16 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Virtualization, long a hot topic for servers, has entered the networking realm. With the introduction of a new management blade for its Catalyst 6500 switches, Cisco can make two switches look like one while dramatically reducing failover times in the process.

In an exclusive Clear Choice test of Cisco's new Virtual Switching System (VSS), Network World conducted its largest-ever benchmarks to date, using a mammoth test bed with 130 10G Ethernet interfaces. The results were impressive: VSS not only delivers a 20-fold improvement in failover times but also eliminates Layer 2 and 3 redundancy protocols at the same time.

The performance numbers are even more startling: A VSS-enabled virtual switch moved a record 770 million frames per second in one test, and routed more than 5.6 billion unicast and multicast flows in another. Those numbers are exactly twice what a single physical Catalyst 6509 can do.

 Cisco-6500-Virtual-Switching-Supervisor-Engine.jpg

All links, all the time

To maximise up-time, network architects typically provision multiple links and devices at every layer of the network, using an alphabet soup of redundancy protocols to protect against downtime. These include rapid spanning tree protocol (RSTP), hot standby routing protocol (HSRP), and virtual router redundancy protocol (VRRP).

This approach works, but has multiple downsides. Chief among them is the "active-passive" model used by most redundancy protocols, where one path carries traffic while the other sits idle until a failure occurs. Active-passive models use only 50 percent of available capacity, adding considerable capital expense.

Further, both HSRP and VRRP require three IP addresses per subnet, even though routers use only one address at a time. And while rapid spanning tree recovers from failures much faster than the original spanning tree, convergence times can still vary by several seconds, leading to erratic application performance. Strictly speaking, spanning tree was intended only to prevent loops, but it's commonly used as a redundancy mechanism.

There's one more downside to current redundant network designs: It creates twice as many network elements to manage. Regardless of whether network managers use a command-line interface or an SNMP-based system for configuration management, any policy change needs to be made twice, once on each redundant component.

 

Introducing Virtual Switching

In contrast, Cisco's VSS uses an "active-active" model that retains the same amount of redundancy, but makes use of all available links and switch ports.

While many vendors support link aggregation (a means of combining multiple physical interfaces to appear as one logical interface), VSS is unique in its ability to virtualise the entire switch -- including the switch fabric and all interfaces. Link aggregation and variations such as Nortel's Split Multi-Link Trunk (SMLT) do not create virtual switches, nor do they eliminate the need for Layer 3 redundancy mechanisms such as HSRP or VRRP.

At the heart of VSS is the Virtual Switching Supervisor 720-10G, a management and switch fabric blade for Cisco Catalyst 6500 switches. VSS requires two new supervisor cards, one in each physical chassis. The management blades create a virtual switch link (VSL), making both devices appear as one to the outside world: There's just one media access control and one IP address used, and both systems share a common configuration file that covers all ports in both chassis.

On the access side of Cisco's virtual switch, downstream devices still connect to both physical chassis, but a bonding technology called Multichassis EtherChannel (MEC) presents the virtual switch as one logical device. MEC links can use industry-standard 802.1ad link aggregation or Cisco's proprietary port aggregation protocol. Either way, MEC eliminates the need for spanning tree. All links within a MEC are active until a circuit or switch failure occurs, and then traffic continues to flow over the remaining links in the MEC.

Servers also can use MEC's link aggregation support, with no additional software needed. Multiple connections were already possible using "NIC teaming," but that's usually a proprietary, active/passive approach.

On the core side of Cisco's virtual switch, devices also use MEC connections to attach to the virtual switch. This eliminates the need for redundancy protocols such as HSRP or VRRP, and also reduces the number of routes advertised. As on the access side, traffic flows through the MEC in an "active/active" pattern until a failure, after which the MEC continues to operate with fewer elements.

The previous examples focused on distribution-layer switches, but VSL links work between any two Catalyst 6500 chassis. For example, virtual switching can be used at both core and distribution layers, or at the core, distribution and access layers. All attached devices would see one logical device wherever a virtual switch exists.

A VSL works only between two chassis, but it can support up to eight physical links. Multiple VSL links can be established using any combination of interfaces on the new supervisor card or Cisco's WS-6708 10G Ethernet line card. VSS also requires line cards in Cisco's 67xx series, such as the 6724 and 6748 10/100/1000 modules or the 6704 or 6708 10G Ethernet modules. Cisco says VSL control traffic uses less than 5 percent of a 10G Ethernet link, but we did not verify this.

At least for now, VSL traffic is proprietary. It isn't possible to set up a VSL between, say, a Cisco and Foundry switch. 

 

A big swath of fabric

We assessed VSS performance with tests focused on fabric bandwidth and delay, failover times, and unicast/multicast performance across a network backbone.

In the fabric tests we sought to answer two simple questions: How fast does VSS move frames, and how long does it hang on to each frame? The set-up for this test was anything but simple. We attached Spirent TestCenter analyser/generator modules to 130 10G Ethernet ports on two Catalyst 6509 chassis configured as one virtual switch.

These tests produced, by far, the highest throughput we've ever measured from a single (logical) device. When forwarding 64-byte frames, Cisco's virtual switch moved traffic at more than 770 million frames per second. We then ran the same test on a single switch, without virtualisation, and measured throughput of 385 million frames per second -- exactly half the result of the two fabrics combined in the virtual switch. These results prove there's no penalty for combining switch fabrics.

We also measured VSS throughput for 256-byte frames (close to the average Internet frame length) of 287 million frames per second and for 1,518-byte frames (until recently, the maximum in Ethernet, and still the top end on most production networks) of 53 million frames per second. With both frame sizes, throughput was exactly double that of the single-switch case.

The 1,518-byte frames per second number represents throughput of nearly 648Gbps. This is only around half the theoretical maximum rate possible with 130 10G Ethernet ports. The limiting factor is the Supervisor 720 switch fabric, which can't send line-rate traffic to all 66 10G ports in each fully loaded chassis. VSS doubles fabric capacity by combining two switches, but it doesn't extend the capacity of the fabric card in either physical switch.

We also measured delay for all three frame sizes. With a 10 percent intended load, Spirent TestCenter reported average delays ranging from 12 to 17 microsec, both with and without virtual switching. These numbers are similar to those for other 10G switches we've tested, and far below the point where they'd affect performance of any application. Even the maximum delays of around 66 microsec with virtual switching again are too low to slow down any application, especially considering Internet round-trip delays often run into the tens of milliseconds.

 

Faster failovers

Our failover tests produced another record: The fastest recovery from an Layer 2/Layer 3 network failure we've ever measured.

We began these tests with a conventional set-up: Rapid spanning tree at layer 2, HSRP at Layer 3, and 16,000 hosts (emulated on Spirent TestCenter) sending traffic across redundant pairs of access, distribution and core switches. During the test, we cut off power to one of the distribution switches, forcing all redundancy mechanisms and routing protocols to reconverge. Recovery took 6.883 seconds in this set-up.

Then we re-ran the same test two more times with VSS enabled. This time convergence occurred much faster. It took the network just 322 millisec to converge with virtual switching on the distribution switches, and 341 millisec to converge with virtual switching on the core and distribution switches. Both numbers represent better than 20-fold improvements over the usual redundancy mechanisms.

 

A bigger backbone

Our final tests measured backbone performance using a complex enterprise traffic pattern involving 176,000 unicast routes, more than 10,000 multicast routes, and more than 5.6 billion flows. We ran these tests with unicast traffic alone and a combination of unicast and multicast flows, and again compared results with and without VSS in place.

Just to keep things interesting, we ran all tests with a 10,000-entry access control list in place, and also configured switches to re-mark all packets' diff-serv code point (DSCP) fields. Re-marking DSCPs prevents users from unauthorised "promotion" of their packets to receive higher-priority treatment. In addition, we enabled NetFlow tracking for all test traffic.

Throughput in all the backbone cases was exactly double with virtual switching than without it. This was true for both unicast and mixed-class throughput tests, and also true regardless of whether we enabled virtual switching on distribution switches alone, or on both the core and distribution switches. These results clearly show the advantages of an "active/active" design over an "active/passive" one.

We measured delay as well as throughput in these tests. Ideally, we'd expect to see little difference between test cases with and without virtual switching, and between cases with virtual switching at one or two layers in the network. When it came to average delay, that's pretty much how things looked. Delays across three pairs of physical switches ranged from around 26 to 90 microsec in all test cases, well below the point where applications would notice.

Maximum delays did vary somewhat with virtual switching enabled, but not by a margin that would affect application performance. Curiously, maximum delay increased the most for 256-byte frames, with fourfold increases over results without virtual switching. The actual amounts were always well less than 1 millisec, and also unlikely to affect application performance.

Cisco's VSS is a significant advancement in the state of the switching art. It dramatically improves availability with much faster recovery times, while simultaneously providing a big boost in bandwidth.

 

How we tested Cisco's VSS

For all tests described here, we configured a 10,000-line access control list (ACL) covering layer-3 and layer-4 criteria and spot-checked that random entries in the ACL blocked traffic as intended. As a safeguard against users making unauthorised changes, Cisco engineers also configured access and core switches to re-mark the diff-serve code point (DSCP) in every packet, and we verified re-marking using counters in the Spirent TestCenter traffic generator/analyser. Cisco also enabled NetFlow traffic monitoring for all test traffic. 

To assess the fabric bandwidth and delay, the system under test was one pair of Cisco Catalyst 6509-E switches. Cisco engineers set up a virtual switch link (VSL) between the switches, each equipped with eight WS6408 10G Ethernet line cards and one Virtual Switching Supervisor 720-10G management/switch fabric card. That left a total of 130 10G Ethernet test ports: Eight on each of the line cards, plus one on each of the management cards (we used the management card's other 10G Ethernet port to set up the virtual link between switches).

Using the Spirent TestCenter traffic generator/analyser, we offered 64-, 256- and 1518-byte IPv4 unicast frames on each of the 130 10G test ports to determine throughput and delay. We measured delay at 10 percent of line rate, consistent with our practice in previous 10G Ethernet switch tests. The Spirent TestCenter analyser emulated 100 unique hosts on each port, making for 13,000 total hosts.

In the failover tests, the goal was to compare VSS recovery time upon loss of a switch with recovery using older redundancy mechanisms.

This test involved three pairs of Catalyst 6509 switches, representing the core, distribution and access layers of an enterprise network. We ran the failover tests in three configurations. In the first scenario, we used legacy redundancy mechanisms such as rapid spanning tree and hot standby routing protocol (HSRP). Then we ran two failover scenarios using VSS, first with a virtual link on the distribution switches alone, and again with VSS links on both the distribution and core switches.

For each test, we began by offering traffic to each of 16 interfaces on the core and access sides of the test bed. We began the failover tests with a baseline event to verify no frame loss existed. While Spirent TestCenter offered test traffic for 300 seconds, we cut off power to one of the distribution switches. Because we offered traffic to each interface at a rate of 100,000 frames per second, each dropped frame represented 10 microsec of recovery time. So, for example, if Spirent TestCenter reported 32,000 lost frames, then failover time was 320 millisec.

The backbone performance tests used a set-up similar to the VSS configurations in the failover tests. Here again, there were three pairs of Catalyst 6509 switches, representing core, distribution and access layers of an enterprise network. Here again, we also conducted separate tests with a virtual link on the distribution switches, and again with virtual links on the distribution and core switches.

To represent enterprise conditions, we set up very large numbers of routes, hosts and flows in these tests. From the core side, we configured OSPF to advertise 176,000 unique routes. On the access side, we set up four virtual LANs (VLAN), each with 250 hosts, on each of 16 ports, for 16,000 hosts total. In terms of multicast traffic set-up, one host in each access-side VLAN joined each of 40 groups, each of which had 16 transmitters; with 16 core-side interfaces. In all, this test represented more than 10,000 multicast routes, and more than 5.6 billion unique unicast flows.

In the backbone tests, we used a partially meshed traffic pattern to measure system throughput and delay. As defined in RFC 2285, a partial mesh pattern is one in which ports on both sides of the test bed exchange traffic with one another, but not among themselves. In this case, that meant all access ports exchanged traffic with all core ports, and vice-versa.

We tested all four combinations of unicast, mixed multicast/unicast, and virtual switching enabled and disabled on the core switches (virtual switching was always enabled on the distribution switches and always disabled on the access switches). In all four backbone test set-ups, we measured throughput and delay. 

We conducted these tests in an engineering lab at Cisco's campus in San Jose. This is a departure from our normal procedure of testing in our own labs or at a neutral third-party facility. The change was borne of logistical necessity: Cisco's lab was the only one available within the allotted timeframe with sufficient 10G Ethernet test ports and electrical power to conduct this test. Network Test and Spirent engineers conducted all tests and verified configurations of both switches and test instruments, just as we would in any test. The results presented here would be the same regardless of where the test was conducted.

---Original reading from review.techworld.com

 

More Related Cisco Topics:

Cisco Catalyst 6500 Switches Vs. Catalyst 4500 Series

Cisco Catalyst 6000/6500, Aim at Enterprise Network & Service Provider Networks

Is Catalyst 6500 Supervisor 2T Your Upgrade Answer?

Why Cisco 6500 Series is Here to Stay?

Read more

Cisco Touts Universal Power Over Ethernet (PoE)

May 14 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco News

For over 12 years there have been two ways of getting electricity to devices on your network: From an electrical outlet or from an Ethernet jack using Power over Ethernet.

With the release last year by Cisco Systems Inc. of what it calls Universal PoE, a proprietary version which delivers 60 Watts of power per port over an Ethernet line, the company believes it has opened new opportunities for manufacturers of almost everything that runs of electricity to plug in via Category 5 cable.Cisco-network-copy-1.jpg

On Tuesday, Samsung Electronics showed confidence in the technology by announcing an UPoE version of its desktop monitor for virtual desktops, the 22-inch NC220P.

It is expected to hit the market at the end of May, with a projected street price of US$774.

When it was introduced -- by Cisco -- in 2000, Power over Ethernet offered a mere 7 Watts of power. Common PoE devices are desktop IP phones and wireless access points. Over the years PoE has reached the ability to deliver 30 Watts over Ethernet.

By doubling that UPoE offers more possibilities. However, it is available only by plugging a module into a Cisco Catalyst 4500E switch, which then connects to approved devices.

In a conference call with reporters, Joe Angelo, a Samsung business development manager said the NC220P integrates a thin client into the monitor, taking its power and data over one Ethernet cable.

It has four USB ports, a DVI-out port for a second display and headphone and microphone connections.

Angelo said target markets include governments, hospitals and schools.

Pradeep Parmar, a senior Cisco marketing manager, said the announcement is more evidence of the acceptance of large organizations of UPoE and how widely it can be used.

For example, he said, UPoE could power telepresence systems or high power surveillance cameras.

Parmar also brought onto the conference call an official from a Japanese company, which is using UPoE for LED office lighting instead of fluorescent lights. Connected to Cisco's Energywise power monitoring software, the solution can make dramatic savings in electricity.

Also on the call was Dwight Holmberg, a regional manager with FieldServer Technologies of Milpitas , Calif., who said the company's gateway for connecting building automation systems can leverage UPoE.

According to Zeus Kerravala, principal analyst at ZK Research, UPoE is another example of how Cisco tailors a technology to keep ahead of competitors. No other network equipment maker has adopted UPoE or its approach, he said.

"For Cisco, it's important with so much talk out there about the wired network being dead because of all the wireless end points," Kerravala added. "If they can find a whole group of other devices that can connect to the network that aren't traditional PCs, that opens the door for them to open the overall market for wired switches."

---Cisco News quoted from pcworld.com

 

More PoE info & Cisco News:

FAQ: Power over Ethernet (PoE) Power Requirements

Cisco Launches New Industrial Switches

Read more

OSI Model vs. Cisco Three-Layered Hierarchical Model

May 11 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Networking

 

The ISO, International Organization for Standardization is the Emily Post of the network protocol world. Just like Ms. Post, who wrote the book setting the standards or protocols for human social interaction, the ISO developed the OSI model as the precedent and guide for an open network protocol set. Defining the etiquette of communication models, it remains today the most popular means of comparison for protocol suites.

OSI layers are defined as top down such as:

  • The Application layer
  • The Presentation layer
  • The Session layer
  • The Transport layer
  • The Network layer
  • The Data Link layer
  • The Physical layer

 

Cisco Hierarchical ModelOSI-Model-vs.-Cisco-Three-Layered-Hierarchical-Model.jpg

Hierarchy has many of the same benefits in network design that it does in other areas of life. When used properly, it makes networks more predictable. It helps us define at which levels of hierarchy we should perform certain functions. Likewise, you can use tools such as access lists at certain levels in hierarchical networks and avoid them at others.

Large networks can be extremely complicated, with multiple protocols, detailed configurations, and diverse technologies. Hierarchy helps us summarize a complex collection of details into an understandable model. Then, as specific configurations are needed, the model dictates the appropriate manner to apply them.

The Cisco hierarchical model can help you design, implement, and maintain a scalable, reliable, cost-effective hierarchical internetwork.

The following are the three layers:

  • The Core layer or Backbone
  • The Distribution layer
  • The Access layer

Each layer has specific responsibilities. However, that the three layers are logical and are not necessarily physical devices. Consider the OSI model, another logical hierarchy. The seven layers describe functions but not necessarily protocols. Sometimes a protocol maps to more than one layer of the OSI model, and sometimes multiple protocols communicate within a single layer. In the same way, when we build physical implementations of hierarchical networks, we may have many devices in a single layer, or we might have a single device performing functions at two layers. The definition of the layers is logical, not physical.

Now, let's take a closer look at each of the layers.

 

The Core Layer

The core layer is literally the Internet backbone. At the top of the hierarchy, the core layer is responsible for transporting large amounts of traffic both reliably and quickly. The only purpose of the network's core layer is to switch traffic as fast as possible. The traffic transported across the core is common to a majority of users. However, remember that user data is processed at the distribution layer, which forwards the requests to the core if needed.

If there is a failure in the core, every user can be affected. Therefore, fault tolerance at this layer is an issue. The core is likely to see large volumes of traffic, so speed and latency are driving concerns here. Given the function of the core, we can now consider some design specifics. Let's start with something we don't want to do.

  • Don't do anything to slow down traffic. This includes using access lists, routing between virtual local area networks, and packet filtering.
  • Don't support workgroup access here.
  • Avoid expanding the core when the internetwork grows. If performance becomes an issue in the core, give preference to upgrades over expansion.

Now, there are a few things that we want to do as we design the core. They include the following:

  • Design the core for high reliability. Consider data-link technologies that facilitate both speed and redundancy, such as FDDI, Fast Ethernet, or even ATM.
  • Design with speed in mind. The core should have very little latency.
  • Select routing protocols with lower convergence times. Fast and redundant data-link connectivity is no help if your routing tables are shot.

 

The Distribution Layer

The distribution layer is sometimes referred to as the workgroup layer and is the major communication point between the access layer and the core. The primary function of the distribution layer is to provide routing, filtering, and WAN access and to determine how packets can access the core, if needed.

The distribution layer must determine the fastest way that network service requests are handled; for example, how a file request is forwarded to a server. After the distribution layer determines the best path, it forwards the request to the core layer. The core layer then quickly transports the request to the correct service.

The distribution layer is the place to implement policies for the network. Here you can exercise considerable flexibility in defining network operation. There are several items that generally should be done at the distribution layer such as:

  • Implementation of tools such as access lists, of packet filtering, and of queuing
  • Implementation of security and network policies including firewalls
  • Redistribution between routing protocols, including static routing
  • Routing between VLANs and other workgroup support functions
  • Definitions of broadcast and multicast domains

Things to avoid at this layer are limited to those functions that exclusively belong to one of the other layers.

 

The Access Layer

The access layer controls user and workgroup access to internetwork resources. The access layer is sometimes referred to as the desktop layer. The network resources most users need will be available locally. The distribution layer handles any traffic for remote services.

The following are some of the functions to be included at the access layer:

  • Continued access control and policies
  • Creation of separate collision domains
  • Workgroup connectivity into the distribution layer through layer 2 switching

Technologies such as DDR and Ethernet switching are frequently seen in the access layer. Static routing is seen here as well. As already noted, three separate levels does not imply three separate routers. It could be fewer, or it could be more. Remember, this is a layered approach.

---Original Resource from tech-faq.com

 

More Related Cisco Network Readings:

Cisco Network: the Cisco 3-Layered Hierarchical Model

 

Read more

Cisco Review: Cisco 3750-X Layer 3 Switches

May 8 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

The Cisco 3750 range has been around for many years now, and has a vast following. The Cisco 3750-X is the new kid on the Cisco block, and it combines plenty of stuff that will be familiar to users of its predecessors with some funky new features that are clearly a step forward.Cisco-Catalyst-3750x-12s-s.jpg

Cisco 3750 switch comes in a number of flavors – between 24 and 48 ports, with or without Power over Ethernet. Cisco 3750 with 48P is the PoE variant of the 48-port device. Now, the traditional Cisco 3750 had four 1Gbit/s SFP ports in addition to the 48 10/100/1000 copper ports; the Cisco 3750-X instead has a slot into which you can slot either a four-port 1Gbit/s SFP daughter-board or a two-port 10Gbit/s alternative.

Alongside the port combinations, there are three software installs. The LAN Base software is a layer-2 only software image, and quite frankly I wouldn't ever expect to buy one of these if I only wanted layer-2 functionality. More sensible is the IP Base image which makes the device a proper Layer-3 routing switch, albeit with a limited selection of routing protocols. At the top is the IP Services image, which makes the unit a full-blown router (just like its ancestors – two of my BGP-shouting WAN routers are actually 3750Gs, in fact). The main market will of course be for the IP Base version.

The rear panel is interesting too, of course. As with the older 3750s the rear panel has a pair of “stack” ports. Each stack port provides a 16Gbit/s backplane connection, and by stacking your devices in a loop you end up with a resilient 32Gbit/s backplane. From a management and configuration point of view a stack is a single virtual switch – you manage it rather like a chassis product with a number of blades. So port 1 of switch 1 is Gi1/0/1, port 3 of switch 2 is Gi2/0/3, and so on.

The important rear-panel innovation with the new CISCO 3750-X model is the provision for redundant power supplies. In the old model you had a single, non-removable power supply along with an RPS (Redundant Power Supply) connection; to use the latter and give yourself some resilience you had to buy something like an RPS2300 – an external device that was a stupid shape that didn't fit into a rack very well, had buttons on the front whose only purpose seemed to be to make things break, and on a brighter note provided up to six switches with resilient power. The new model has dual slots for removable PSUs, of which one is populated by default; it's a ten-second job to slip a second one in beside it. One of the downsides of the old 3750 was the bloody awful reliability of the internal (fixed) PSU, and I've spent rather too many hours swapping out units with duff power units, so the removable units in the -X are most welcome.

Along with the redundant PSU facility is the power stacking capability. Just as you have your data stack cables, you also now have a pair of power-stack cables on each unit, so that the total power available via all the PSUs in the stack is available for negotiated use across the whole stack, for switch power and PoE.

As with the older devices, you can add and remove stack devices on the fly. Adding a switch to a stack is a simple case of settings its ID, telling the stack to expect a new member, and plumbing it in (although in theory the stack will deal with firmware mismatches in the new member, I prefer not to tempt fate so I always pre-install the right version). If a unit fails the stack will keep on humming while you pull out the duff one and stick in the replacement, and the config will be automatically migrated to the new unit.

The only downside I've found so far, in fact, is with trying to get the new -X model to co-exist in a stack with the old 3750-G (in short, I've not persuaded it to actually work yet) but I've no doubt I'll persuade it to play before long.

The Cisco 3750-X is a really sensible evolution in an already popular family of switches in the Cisco family. Being an IOS device there's really not a great deal of difference management-wise between the old and the new, so you get new functionality with almost zero additional training requirements. I've recently added seven 48-port non-PoE versions in three of my server installations, and have just received two new pairs of the PoE variant in a couple of offices, and I'm pretty happy thus far.

 

Pro

New power stacking capability is an excellent evolution.

32Gbit/s backplane should be sufficient for most modest installations.

10Gbit/s Ethernet support for uplinking or connecting to blade servers.

 

More Cisco 3750 Info:

CISCO Catalyst 3750 Family

How to Configure a Cisco 3750

How to Add a DHCP Range to a Cisco 3750 Switch?

 

Sample Pricing for Popular Cisco 3750 Models:

Catalyst 3750X 24 Port Data LAN Base: US$2,236.00 (57.00% off list price)

Catalyst 3750X 48 Port Data LAN Base: US$3,827.00 (57.00% off list price)

Catalyst 3750X 24 Port Data IP Base: US$2,795.00 (57.00% off list price)

Catalyst 3750X 48 Port Data IP Base: US$4,945.00 (57.00% off list price)

Catalyst 3750X 24 Port PoE IP Base: US$3,139.00 (57.00% off list price)

WS-C3750X-48P-S: Stackable 48 10/100/1000 Ethernet PoE+ ports, with 715W AC Power Supply: US$5,590.00 (57.00% off list price)

 

Supplier

Router-switch.com ((Yejian Technologies Co., Ltd), a World's Leading Cisco Supplier

Website: http://www.router-switch.com/

Read more

Cisco Announces Intent to Data Analysis Software Provider Truviso

May 7 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco News

Cisco announced that it plans to acquire network analytics company Truviso for an undisclosed amount, in an effort to help users hone operational efficiencies. (Based in Foster City, Calif., Truviso provides scalable, real-time network data analysis and reporting software.) Cisco-and-Truviso.jpg

"With the growth of end-user devices and applications, and in turn the proliferation of large amounts of network data, service providers and enterprise customers are looking for ways to better understand usage and differentiate their service offerings," Hilton Romanski, vice-president and head of corporate business development at Cisco. "Truviso's continuous query technology allows companies to get detailed information and visibility of network use and services in real-time, with its analyse-first, store-later capability."

Truviso's software analytics further strengthens Cisco's network management platform, Cisco Prime, with the core technology to gather and analyze streaming data.

"Customers want to be able to tap into and better analyze the enormous volume of data traversing their networks to identify ways to enhance services and generate new revenue opportunities," said Jamie Lerner, vice president and general manager, Cisco Network Management Technology Group. "Embedding Truviso's real time business intelligence into the network will help customers unlock these capabilities at the speed of the network."

The Truviso acquisition reinforces Cisco's commitment to delivering intelligent networks and supports its five foundational priorities -- core, data center, virtualization, collaboration, and video -- with differentiated analytics technology. The Truviso team will be integrated into the Cisco Network Management Technology Group.

Specific financial terms of the transaction are undisclosed. The acquisition of Truviso is subject to various standard closing conditions and is expected to be complete in the fourth quarter of Cisco's fiscal year 2012.

 

More Cisco News:

Cisco Launches New Industrial Switches-Cisco IE 2000 Series

Cisco Partners to be Invited to Cisco’s Cloud Party

“Where we buy is where we grow”—Cisco CEO

Read more

How to Recover Cisco 3750 Firmware to a Working State?

May 3 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

 

Restore a corrupt Cisco 3750 IOS or Internetwork Operating System image by transferring a new image to flash storage using the Xmodem protocol. Power anomalies such as brown outs and surges can cause irreparable IOS image corruption. You should delete and replace a corrupt IOS image to ensure that the Cisco 3750 remains reliable. Access “switch:” mode through a serial connection and recover Cisco 3750 firmware to a working state

 

Things you’ll need to recover firmware Cisco 3750 switch

Windows 7 computer that has a serial COM port and the Tera Term program installed

Cisco serial console cable

IOS image for the Cisco 3750 switch stored on the Windows 7 computer


How to Recover Cisco 3750 Firmware to a Working State?

1. Connect the Cisco serial console cable 9 pin connector to the Windows 7 computer serial COM port. Plug the other end of the serial cable into the Cisco 3750 “Console” port.

2. Launch the Tera Term terminal console program and click “File” then “New connection.” Click the “Serial” radio button. Click the “Port” box and then the name of the serial COM port connected to the Cisco 3750 switch. Click the “OK” button.

3. Unplug the Cisco 3750 switch power cable. Press and hold down the “Mode” button located on the Cisco 3750 front left panel. Power up the Cisco 3750 switch and release the “Mode” button when the Port 1x light turns off.

4. Click the Tera Term window and press the “Enter” key two times. Type “flash_init” at the command prompt and tap “Enter.” Write “load_helper” at the command prompt and press “Enter.”

5. Type “dir flash:” on the command line and press “Enter.” View the command line output and note any files that end with “.bin” or directories that have “3750” in the name.

6. Type “dir flash:directory-name” at the command line. Replace “directory-name” with the name of a directory that has “3750” in the name and press “Enter.” Inspect the command line output and note any files that end with “.bin.”

7. Type “delete flash:image-file-name” at the command prompt. Replace “image-file-name” with the name of the “.bin” file noted earlier. Press the “Enter” key. Tap the “Y” key when prompted to confirm deletion and press “Enter.”

8. Click the “File” menu in the“Tera Term VT” window and then “Transfer.” Click “Xmodem” and then “Send.” Browse to and click on the new Cisco 3750 IOS image file and press “Enter.” Wait for the file transfer to complete (approximately 20 minutes).

9. Type “boot flash” at the command prompt and press “Enter” to boot the Cisco 3750 with the new image.


More Related Cisco 3750 tips:

How to Add a DHCP Range to a Cisco 3750 Switch?

How to Configure a Cisco 3750

 

Read more

Cisco Touts Universal Power Over Ethernet (PoE)

April 27 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco News

For over 12 years there have been two ways of getting electricity to devices on your network: From an electrical outlet or from an Ethernet jack using Power over Ethernet.

With the release last year by Cisco Systems Inc. of what it calls Universal PoE, a proprietary version which delivers 60 Watts of power per port over an Ethernet line, the company believes it has opened new opportunities for manufacturers of almost everything that runs of electricity to plug in via Category 5 cable.Cisco-PoE.jpg

On Tuesday, Samsung Electronics showed confidence in the technology by announcing an UPoE version of its desktop monitor for virtual desktops, the 22-inch NC220P.

It is expected to hit the market at the end of May, with a projected street price of US$774.

When it was introduced -- by Cisco -- in 2000, Power over Ethernet offered a mere 7 Watts of power. Common PoE devices are desktop IP phones and wireless access points. Over the years PoE has reached the ability to deliver 30 Watts over Ethernet. 

By doubling that UPoE offers more possibilities. However, it is available only by plugging a module into a Cisco Catalyst 4500E switch, which then connects to approved devices. 

In a conference call with reporters, Joe Angelo, a Samsung business development manager said the NC220P integrates a thin client into the monitor, taking its power and data over one Ethernet cable.

It has four USB ports, a DVI-out port for a second display and headphone and microphone connections.

Angelo said target markets include governments, hospitals and schools.

 

Pradeep Parmar, a senior Cisco marketing manager, said the announcement is more evidence of the acceptance of large organizations of UPoE and how widely it can be used.

For example, he said, UPoE could power telepresence systems or high power surveillance cameras.

Parmar also brought onto the conference call an official from a Japanese company, which is using UPoE for LED office lighting instead of fluorescent lights. Connected to Cisco's Energywise power monitoring software, the solution can make dramatic savings in electricity.

Also on the call was Dwight Holmberg, a regional manager with FieldServer Technologies of Milpitas , Calif., who said the company's gateway for connecting building automation systems can leverage UPoE.

According to Zeus Kerravala, principal analyst at ZK Research, UPoE is another example of how Cisco tailors a technology to keep ahead of competitors. No other network equipment maker has adopted UPoE or its approach, he said.

"For Cisco, it's important with so much talk out there about the wired network being dead because of all the wireless end points," Kerravala added. "If they can find a whole group of other devices that can connect to the network that aren't traditional PCs, that opens the door for them to open the overall market for wired switches."

---Cisco News quoted from pcworld.com

 

More PoE info & Cisco News:

FAQ: Power over Ethernet (PoE) Power Requirements

Cisco Launches New Industrial Switches

Read more

How to Configure Cisco Wireless?

April 25 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Wireless - Cisco Wireless AP

Cisco, the major networking, makes a line of wireless routers that come under the Linksys name. Linksys wireless devices and those made under the Cisco name are set up in the same manner. It is always best to look at the instructions that came with your router if you have them for specifics when it comes to setting up security passwords and using the advanced user options, but standard configuration is quite simple

Cisco-wireless-copy-1.jpg


What you need preparing: Internet service, Ethernet cable, Computer

 

Instructions to Configure Cisco Wireless

1. Connect your Internet service line from your Internet source to the port marked Ethernet on the back of your Cisco router. Check the LED on the front of the device to see if the router reads the cable.

2. Look for the IP address that is printed on the back label of your router, or in the instruction booklet. 

3. Type the IP address into an Internet browser (Firefox, Safari, Internet Explorer) and press the return key. A setup page for your router will appear. 

4. Go to the "Setup" tab and select the general setup page. Find the local IP address section and insert the IP address 92.168.2.1. Press the "Renew IP address" button to save.

5. Type 92.168.2.1 into your browser and press return. The setup will again appear.

6. Press the "Status" tab and check the IP address value. Click "DHCP release," then click "DHCP renew" if the IP address is a series of zeroes. 

7. Click the "Wireless" section and go to the security setup. Type in an appropriate user name and password for yourself and save the changes. You will now be able to access your router wirelessly.


Cisco Wireless News:

Cisco’s New Aironet Wireless Access Points Make Networks Faster and Steadier

Read more

Cisco Boosts Telepresence System with New Collaboration Features

April 23 2012 , Written by Cisco & Cisco Router, Network Switch

The company also plans to release its Jabber product for the iPad and an upgrade of Jabber for Windows desktops and laptops

Cisco-Boosts-Telepresence-System-with-New-Collaboration-Fea.jpg

Cisco announced improvements to its Jabber IM, presence and video-conferencing product, as well as to its room-size "immersive" telepresence systems, as the networking giant continues to push its way into the workplace collaboration market.

Cisco plans to release at some point in the second quarter its first version of Jabber for the iPad and an upgrade of Jabber for Windows desktop and laptop PCs, as well as a new top-of-the-line telepresence system called TX9000, designed to improve upon existing Cisco products of this sort.

Jabber for iPad will let users communicate using voice, video, IM, presence and conferencing, using standards like H264, XMPP and SIP for interoperability with other systems.

Jabber for Windows features high-definition video, voice, presence, IM, desktop sharing and Web conferencing, as well as integration with Microsoft Office, and also uses standards like H264, XMPP and SIP.

Meanwhile, the TX9000 is designed to take Cisco's large telepresence systems from an immersive experience to one that also allows for what the company calls "high-intensity collaboration" for scenarios like sophisticated planning sessions, brainstorming, "war rooms," critical problem resolution and engineering design.

Among the new features introduced in the TX9000 is the ability to share content on the main telepresence screens, as opposed to only on the smaller one below them, along with "point and highlight" capabilities, white boarding and calling up data from multiple content sources, according to the company.

Also new is a simplified way to integrate WebEx online meetings with TX9000 sessions, and a simpler way to launch and manage TX9000 meetings using a touch-based user interface.

The TX9000 also features a new placement for its cameras, designed to enhance eye contact among participants while making the cameras less conspicuous. It doesn't require additional special lighting nor audio.

The TX9000 can provide video quality as high as 1080p at 60 frames per second, while requiring 20 percent less bandwidth than existing Cisco telepresence systems. The TX9000 can be used by six people, while the TX9200 model adds a second table for up to 18 participants.

Cisco also claims that system setup has been simplified, so that installation partners can complete a job in as little as two days. List price in the U.S. starts at $299,000.

Industry analyst Maribel Lopez from Lopez Research said Cisco now has a good portfolio of video communications across its products, which is important because video will continue to increase its importance in workplace communications and collaboration.

"Video will change over time. Most people think of it as face-to-face. While this is interesting, it doesn't take into account that video will be next-generation content. Today content means documents like PowerPoint and Word files. Tomorrow more content will be video. So video is more than just my tiny face looking at another tiny face on a screen while we share a PowerPoint," she said via email.

Collaboration traditionally has, and continues to be, strongly associated with email and document management, which has made this market a challenge for Cisco, but it could ride video to a leadership position, she said.

"The goal for Cisco is to change what collaboration means. For example, no vendor is the established choice for doing secure cross-company collaboration with video and document sharing and repositories," she said.

Many applications can use a built-in collaboration and communications component and no vendor owns this space, she said.

"Communications will have voice, video and attachments associated with it. It will be portable across devices. It will have knowledge of what you have access to and if that varies by what device you are using or where you are located. It will also have knowledge of whether you are communicating internally or across groups. This is contextual communications and this is the future," she said.

Industry analyst Zeus Kerravala from ZK Research said that the TX9000 is noteworthy because it's the biggest upgrade in that product line since its inception. 

"Cisco has created the ability to freely move content and video sessions between the screens, shifting this market from being TelePresence to TeleCollaboration. Now the user has greater control over what content is displayed in what screen versus the system deciding," he said via email.

Kerravala sees the Jabber enhancements as geared at enabling greater unified communications functionality across a wide range of mobile devices, to let companies move into the "post PC" era. 

"Bring your own device has become a top initiative for CIOs and the Jabber enhancements can enable communications consistency across the devices," he said.

As Cisco pursues the collaboration market, it needs to direct its pitch at line of business managers, as opposed to IT officials in charge of desktops and email communications, who think first about traditional collaboration vendors like Microsoft and IBM, he said.

Line of business managers will be more receptive and better able to assess the considerable breadth of Cisco's collaboration portfolio, Kerravala said.

 

---Original readingwww.pcadvisor.co.uk

More Related Cisco News and info:

Cisco to Update IP Phone Capabilities for Its Enterprise Users

The Benefits of Cisco VoIP

Cisco: Updates for WebEx, Jabber to Push Beyond PC-Based Collaboration

Read more
<< < 10 20 30 31 32 33 34 35 36 37 38 39 40 > >>