Overblog Follow this blog
Administration Create my blog
Cisco & Cisco Network Hardware News and Technology

Posts with #cisco & cisco network tag

Introducing Cisco DNA (Digital Network Architecture)

April 19 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Technology - IT News, #Cisco & Cisco Network, #Cisco News

Cisco DNA-5 Principles

Cisco DNA-5 Principles

Network Evolution for the Digital Era

Network Evolution for the Digital Era

The Digital Network Architecture (DNA) building blocks and their programmable interfaces.

The Digital Network Architecture (DNA) building blocks and their programmable interfaces.

Watch this video for an overview on Cisco Digital Network Architecture.

Raakhee Mistry (Marketing Manager, has been with Cisco for over 12 years, serving in product management, partner program and solutions marketing roles.) collected the different audiences’ responses to Cisco Digital Network Architecture. She pointed out: Analysts agree that Cisco DNA is a Game Changer. Yes. The New Cisco DNA is a Game Changer for the Digital Era.

Cisco DNA is short for Digital Network Architecture. The Cisco Digital Network Architecture is a platform that will give our customers both a roadmap to digitization and a path to recognize immediate benefits of network automation, assurance and security. Cisco released it at Cisco Partner Summit 2016.

Cisco DNA complements Cisco’s market leading, data center based Application Centric Infrastructure (ACI) technology by extending the policy driven approach and software strategy throughout the entire network: from campus to branch, wired to wireless, core to edge.

Cisco DNA is delivered within the Cisco ONE Software family, enabling simplified software-based licensing, and helping with investment protection and flexibility.

The IT networking industry continues to demand knowledgeable professionals to help manage, secure and optimize their network infrastructure. Networking jobs can be found worldwide in exciting industries such as fashion, sports, and entertainment. Research indicates that a certification is second only to a four year college degree as a way to qualify people for positions and certifications were rated to be the top criteria in being able to determine an applicant's qualifications.

Cisco Digital Network Architecture Benefits

  • Insights. The network touches all things digital – users, devices, applications, sensors and cloud – and networking professionals are in a unique position to help their organizations capture insights in real time that allows businesses to make better decisions instantly and deliver better experiences.
  • Automation. This area is centered on IT speed and simplicity. Today’s networking professionals are CLI jockeys, but that will offer less value as time goes on. The network is evolving to software with software-defined networking, open APIs, network function virtualization and more. These new technologies provide networking IT with unprecedented agility that helps IT deliver business requirements faster and can free up cycles to support more strategic projects for their organization.
  • Security. While digital technologies have opened up new opportunities, they have also introduced a level of risk. As we see the proliferation of mobile devices and cloud adoption, the network perimeter is evolving and the attack surface has the potential to grow significantly. To combat that risk, networking professionals will be able to offer the business a new approach to inject security pervasively through the network, which can be the sensor and enforcer of security threats.

More Related…

Cisco DNA is a Game Changer for the Digital Era?

Happy Birthday, Cisco ONE Software!

Cisco Boosts IOS XR Software Solutions…for ‘Cloud-Scale’ Networking

Cisco Mobility Express Solution Release Notes

Cisco ONE Software Licensing Program

Cisco ACI, What is It?

Read more

About Cisco IP Phone Registration & Boot Up

April 1 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #Cisco IP Phones, #Cisco & Cisco Network

CISCO IP Phone Boot UP Process

CISCO IP Phone Boot UP Process

Do you know the Cisco IP Phone Registration, Boot UP Sequence and related issues? Someone shared the main issues of IP Phone, SCCP & SIP Phone Registration Process with CUCM before. In this article we will talk something about the IP PHONE REGISTRATION ISSUES.

Firstly, let’s understand what Cisco IP Phone Registration & Boot UP Sequence are.

Step 1: Phone Loads Software (Image) and Starts the Configuration Process

Step 2: a. Phone Sends DHCP Request

b. DHCP Server Sends DHCP Response

Step 3: a. Phone Sends TFTP Request for a Configuration File

b. TFTP Server Sends the Default Configuration File

Step 4: a. TFTP Server Sends the Specific Configuration File of the Phone

b. Phone Registration Finishes

FIRST UNDERSTAND THE BOOTUP PROCESS, START TROUBLESHOOTING ACCORDING:

General Troubleshooting Sequence:

  • Disable DHCP and DNS to Test a Phone
  • Check for the Incorrect MAC Address on the Phone Label
  • Cisco CallManager and TFTP Services Do Not Run
  • Delete and Recreate a Phone
  • Understand a Network Trace File
  • Use Performance Monitor to Analyze Phone Activity
  • Manually Configure the IP Parameters on a 12 SP+ or 30 VIP Phone
  • Add Phones to Cisco CallManager
  • Enable, Configure, and Disable Auto−Registration
  • Manual Registration (Add an IP Phone Manually) etc....

THESE ISSUES COULD BE THERE:

  1. IP Phone Registration Toggles between Primary and Secondary CallManagers.
  2. Registration Rejected
  3. Cisco IP Phones Not Registered But seems to be working fine.
  4. Cisco IP Phones Take Too Long to Register.
  5. Cisco IP Phone Always Get Registered to the Publisher Server.
  6. Get "version error" on the Cisco IP Phone screen When Try to Register.
  7. Cisco phones causing excessive DHCP requests.

See the Figure"CISCO IP Phone Boot UP Process" above

Step 1: Phone Loads Software (Image) and Starts the Configuration Process:

During this step, these issues could be there,

* Registration with a Cisco CallManager server is successful only when the server adds the phone or when the server has Auto−Registration enabled. (The default for Auto−Registration is disabled.)

* Note: If the phone LCD screen does not light up, you could have a faulty phone. The phone also could be faulty if the message the phone displays never changes after you plug in the phone. Contact Cisco Technical Support to request a replacement if your phone is under warranty.

* If your phones do not use DHCP, see the Step 3a: Phone Sends TFTP Request for a Configuration File section of this document.

Step 2:

a). Phone Sends DHCP Request:

During this step, these issues could be there,

For Cisco 7940 and 7960: (to manually enable the DHCP Parameter on the phone itself):

Complete these steps on the Cisco 7940 and 7960:

1. Choose Settings.

2. Choose 3 (Network).

Scroll down to the DHCP Enabled parameter.

The selection must be Yes.

__________

Complete these steps on the Cisco 7910:

1. Choose Settings.

2. Choose 6 (Network).

3. Scroll down to the DHCP Enabled parameter.

The selection must be Yes.

__________

Cisco 12 SP+ and 30 VIP

Complete these steps on the Cisco 12 SP+ and 30 VIP:

1. Enter **#.

2. Enter 1.

3. Set all parameters to zero (0).

Note: Cisco 7910G supports only 10 MB speed, but 7910G+SW supports 10/100. If you have a 7910G, be sure to set the switch port that connects to the phone to 10 MB or Auto.

Any IP parameters that you have hard coded on the phones override the parameters that the DHCP server provides. In particular, the Alternate TFTP Server option overrides the TFTP server IP address that the DHCP provides. For information on how to reset your phone configuration to the original factory defaults, refer to either of these documents:

¨ Resetting 7900 Series IP Phones to Factory Defaults

b). DHCP Server Sends DHCP Response:

The DHCP response contains the phone IP address and the IP address of the TFTP server (which is usually a Cisco CallManager server). The response can also contain any of or all these common options:

· IP address of the default router (gateway)

· IP address of the Domain Name System (DNS) server

· Domain name includes option 150 for the TFTP server.

Step 3:

a). Phone Sends TFTP Request for a Configuration File:

  • The phone requests a specific configuration file. The name for this file is SEPMAC−Address.cnf. For example, the file name for a phone with the MAC address 0030.94C2.D5CA is SEP003094C2D5CA.cnf. If the file exists on the Cisco CallManager server, see the Step 4a: TFTP Server Sends the Specific Configuration File of the Phone section of this document.
  • If the phone is not in the Cisco CallManager database, the request for the specific configuration file results in a TFTP File Not Found response from the TFTP server. The phone then requests the file with the name SEPDEFAULT.cnf. If you have configured the Cisco CallManager server for Auto−Registration, this file exists and the server sends it to the phone. See the Step 3b: TFTP Server Sends the Default Configuration File section of this document.

Otherwise, the TFTP server of the Cisco CallManager server sends another File Not Found TFTP response. At this point, the phone restarts the configuration process.

b). TFTP Server Sends the Default Configuration File:

Note: This step only occurs if you have enabled Auto−Registration and the phone has not already registered

with the Cisco CallManager server.

If you have configured the Cisco CallManager server for Auto−Registration, it sends the SEPDEFAULT.cnf

file in response to the phone request. After the Cisco CallManager server database adds a phone by Auto−Registration, the phone has a SEPMAC−Address.cnf file. It does not reference the SEPDEFAULT.cnf

again.

Step 4:

a). TFTP Server Sends the Specific Configuration File of the Phone:

Note: This step only takes place if the phone creation occurred on the Cisco CallManager server. The configuration file contains several parameters for the phone. These include the device pool, the Cisco CallManager servers to use, configured speed dials, and other parameters. In general, any time you make a change in Cisco CallManager that requires the phone (device) to be reset, you have made a change to the phone configuration file.

b). Phone Registration Finishes:

The Cisco CallManager server sends the phone additional configuration elements during the final phases of the registration process.

In general, the registration process must complete successfully if the process goes this far.

To learn what takes place at this point, you need to set up a network analyzer to capture the IP packets that the phone sends to and receives from the server.

FACTS:

7961G Phone does not Register until it is Configured as a 7961>

IP phones CP−7961 and CP−7961G are basically the same platform. The G stands for global use that supports all languages.

So when you add a 7961G phone, you should add it as a regular 7961 phone. CP−7961G−GE is another IP phone with two gigabit Ethernet ports (10/100/1000).

If IP phone 7961G is added as 7961G−GE, it does not register with Cisco CallManager.

TASKS TO PERFORM:

Disable DHCP and DNS to Test a Phone

Check for the Incorrect MAC Address on the Phone Label

Cisco CallManager and TFTP Services Do Not Run

Delete and Recreate a Phone

Understand a Network Trace File

Use Network Monitor to Analyze Phone Activity

By default, Cisco phones are DHCP−enabled. If you do not use DHCP, you need to disable DHCP on the phone and manually assign the phone an IP address. In order to disable DHCP on a phone, use the phone keypad to program the phone IP address and other network addresses.

Enable, Configure, and Disable Auto−Registration

Manual Registration (Add an IP Phone Manually)

Note: If you have your Cisco CallManager servers set up in a cluster, every server has the configuration files for every phone that is in the Publisher database. Therefore, any Cisco CallManager server can serve as a TFTP server for the phones. The device pools to which you have assigned the phones determine the server with which the phones register. A phone can obtain the configuration file from a different server than the server with which the phone registers.

Original reference and more discussions from

https://supportforums.cisco.com/document/113336/ip-phone-registration-issues

More Related…

Understanding IP Phone, SCCP & SIP Phone Registration Process with CUCM

Understanding the Cisco IP Phone Boot Process & Voice Vlan
How to Save Power on Cisco IP Phones?
How to Start up a Cisco IP Phone?
Updated: Cisco IP Phone 7800 Series

Read more

Using DHCP and DHCP Option 82

March 30 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network, #Cisco Technology - IT News, #c

DHCP Option 82 Operation

DHCP Option 82 Operation

DHCP is short for Dynamic Host Configuration Protocol. We know that DHCP is used in LAN environments to dynamically assign host IP addresses from a centralized server, which reduces the overhead of administrating IP addresses.

I’ve read an article “DHCP Snooping and DHCP Snooping Configuration” that is about a CCIE’s experience. In that article it also shares the DHCP Option 82 concept.

In this article we will share some info of using the DHCP Option 82.

DHCP also helps conserve limited IP address space because IP addresses no longer need to be permanently assigned to client devices; only those client devices that are connected to the network require IP addresses. The DHCP relay agent information feature (option 82) enables the DHCP relay agent (Catalyst switch) to include information about itself and the attached client when forwarding

DHCP requests from a DHCP client to a DHCP server. This basically extends the standard DHCP process by tagging the request with the information regarding the location of the requestor. (See the Figure “DHCP Option 82 Operation”)

...

The following are key elements required to support the DHCP option 82 feature:

• Clients supporting DHCP

• Relay agents supporting option 82

• DHCP server supporting option 82

The relay agent information option is inserted by the DHCP relay agent when forwarding the client-initiated DHCP request packets to a DHCP server. The servers recognizing the relay agent information option may use the information to assign IP addresses and to implement policies such as restricting the number of IP addresses that can be assigned to a single circuit ID. The circuit ID in relay agent option 82 contains information identifying the port location on which the request is arriving.

Note:

1. The DHCP option 82 feature is supported only when DHCP snooping is globally enabled and on the VLANs to which subscriber devices using this feature are assigned.

2. DHCP and the DHCP option 82 feature have not been validated in the lab for EttF version 1.1. At this time, Cisco recommends considering only DHCP with option 82 for the application servers at level 3.

Reference from http://www.cisco.com/c/en/us/td/docs/solutions/Verticals/EttF/EttFDIG/ch3_EttF.pdf

More Related…

Five Things You Should Know About DHCP Snooping

How to Configure DHCP Snooping

How to Configure DHCP Snooping in a Cisco Catalyst Switch

DHCP Option 150 & DHCP Option 66

DHCP Relay on the Nexus7000/NXOS vs. IP Helper on the 6500/IoS

Read more

New: Quick Start Guide-Cisco IP Phone 7800 Series for Third-Party Call Control

March 14 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco IP Phones, #Cisco & Cisco Network

What are these buttons exactly used for?

What are these buttons exactly used for?

Quick Start Guide-Cisco IP Phone 7800 Series for Third-Party Call Control-01

Quick Start Guide-Cisco IP Phone 7800 Series for Third-Party Call Control-01

Quick Start Guide-Cisco IP Phone 7800 Series for Third-Party Call Control-02

Quick Start Guide-Cisco IP Phone 7800 Series for Third-Party Call Control-02

The IP Phone 7800 Series introduced 4 models to the portfolio: Cisco IP Phone 7811, 7821, 7841 and IP Phone 7861. The models range in their support, from a single-line model for users with light voice communications needs to a 16-line model for highly active users of VoIP communications.

The Cisco IP Phone 7800 Series delivers advanced IP Telephony features and crystal clear wideband audio performance to deliver an easy-to-use, full-featured voice communications experience on Cisco on-premises and hosted infrastructure platforms and third party hosted call control.

Small-to-large enterprise companies are well suited for the Cisco IP Phone 7800 Series.

The 7800 Series supports secure connectivity for remote worker access to the Cisco network, such as for full-time teleworkers.

Note: Support is provided on 7821, 7841, and 7861 endpoints with IP Phone software update 10-3-1-1 or later. The 7811 is also planned for support–contact your Cisco representative for timing details.

How to start your Cisco IP Phone 7800 Series for Third-Party Call Control? Firstly, let’s look at the Cisco IP Phone 7841 shown.

Refer to the photo graphic above...

...

More Related…

Updated: Cisco IP Phone 7800 Series

How to Save Power on Cisco IP Phones?

Cisco IP Phone 7861 vs. Cisco IP Phone 7841 vs. Cisco IP Phone 7821

New Cisco IP Phone 7800 Series Overview

Cisco IP Phone 8800 Series, Next-Generation Voice Communications for Today’s Workforce

The Cisco IP Phone 8800 Series, Buttons and Hardware

Say Hello to the Cisco IP Phone 8845 and 8865-The New Advanced Video IP Phones

Read more

Discussion: Management of ASA with Firepower Services

March 3 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall, #Cisco & Cisco Network

Cisco ASA with FirePOWER Services-Key Security Features

Cisco ASA with FirePOWER Services-Key Security Features

Discussion: Management of ASA with Firepower Services

We talked Cisco ASA with Firepower Services a lot before. With Cisco ASA with FirePOWER Services, you consolidate multiple security layers in a single platform, eliminating the cost of buying and managing multiple solutions.

The Cisco Firepower Next-Generation Firewall is the industry’s first fully integrated, threat-focused next-gen firewall with unified management. It includes Application Visibility and Control (AVC), optional Firepower next-gen IPS (NGIPS), Cisco Advanced Malware Protection (AMP), and URL Filtering. Cisco Firepower NGFW provides advanced threat protection before, during, and after attacks.

Cisco ASA with FirePOWER Services, Stop more threats with a threat-focused NGFW

Beat sophisticated cyber attacks with superior security. We offer the industry’s first threat-focused next-generation firewall (NGFW). You get the confidence of the most-deployed stateful firewall combined with application control, next-generation intrusion prevention system (NGIPS), and advanced malware protection (AMP).

Discussion: Management of ASA with Firepower Services

There are a few questions about the Management of ASA with Firepower Services. Let’s look at the discussion from Cisco Communities

1. An ASA with Firepower Services requires a Firesight management device (physical or virtual) - Correct?

Yes, that’s correct.

2. Is there a High Availability option for a physical Firesight management?

Read about this in the bottom of Table 2 on this page:

http://www.cisco.com/c/en/us/products/collateral/security/firesight-management-center/datasheet-c78-732251.html

3. Does the Firesight management also manage the ASA's firewall rules?

--Not yet. Cisco is developing Firepower Threat Defence that does excately that.

4. I ask because I believe there was mention that a rule could have a specific IPS policy assigned to it. This is correct in the terms on Firepower Access Control Rules. Not ASA firewall rules.

5. If this is true I would believe that the use of CLI or ASDM on the ASA would no longer be usable - Correct?

The new Threat Defence system will be managed from Firepower Management Center. Not CLI nor ASDM.

6. When changes are made on the Firesight management station are they applied immediately to the ASA, like managing via CLI or is there another step to applying he changes?

No. You will have to deploy the new policy to the Firepower sensor first.

7. When change are applied what if anything happens to existing connections?

- I actually am not sure about this. I have never seen any connections being dropped when applying policy. Cisco has made a note about this in their manual: Firepower Management Center Configuration Guide, Version 6.0 - Policy Management [Cisco FireSIGHT Management Center] -…

  • When you enable Inspect traffic during policy apply:
    • Certain configurations can require the Snort process to restart.
    • When the configurations you deploy do not require a Snort restart, the system initially uses the currently deployed access control policy to inspect traffic, and switches during deployment to the access control policy you are deploying.
  • When you disable Inspect traffic during policy apply, the Snort process always restarts when you deploy.
  • How a Snort restart affects traffic depends on the interface configuration and the platform.

Original Discussion from https://communities.cisco.com/thread/59509

More Related…

What are the Considerations While Buying a Cisco Next-Generation Firewall?

NGFW-Cisco ASA with FirePOWER Services

Cisco ASA 5500-X Series’ New Features & Main Model Comparison

How to Enable the Wireless Access Point (ASA 5506W-X)?

How to Deploy the ASA 5508-X or ASA 5516-X in Your Network?

Cisco ASA 5506-X with Version 9.4.1–Policy Based Routing

ASA 5508-X and ASA 5516-X Overview

ASA 5506-X/SecurityPlus, 5506W-X & 5506H-X, Cisco ASA with FirePOWER Services, What’s New Here?

Read more

Configuring the ASA as CA Server

January 18 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall, #Cisco & Cisco Network, #c

ASDM -> Configuration -> Remote Access VPN -> Certificate Management - Local Certificate Authority

ASDM -> Configuration -> Remote Access VPN -> Certificate Management - Local Certificate Authority

Do you know how to configure the ASA as CA Server? You know the Cisco ASA can act as a Certificate Authority server an issue certificates to the VPN clients or other network devices.

The Cisco ASA only provides browser-based certificate enrollment.

Before to proceed with the configuration, make sure the time on your ASA is correct (Show clock) or use a NTP server to synchronize the time across your network devices.

We cannot specify the CA server name, because you can only have one instance of Local CA server running at the same time.

Under the Crypto ca server mode, we have multiple options explained as follows:

CA Server configuration commands:

  • CDP-URL: Specifies the certificate revocation list distribution point to be included in the certificates issued by the CA.
  • Database: Specifies a path or location for the local CA database. The default location is flash memory.
  • Enrollment-retrieval: Specifies the time in hours that an enrolled user can retrieve a PKCS12 enrollment file.
  • Issuer-name: Indicates that rule entry is applied to the issuer DN of the IPSec peer certificate.
  • Keysize: Configure the size of keypair to generate for certificate enrollments for the local CA server.
  • Lifetime CA-certificate: Specify the lifetime for the CA certificate.
  • Lifetime certificate: Specify the lifetime for the user certificate.
  • Lifetime CRL: Specify the lifetime for the CRL.
  • OTP expiration: Specify the lifetime for the OTP expiration.
  • Publish-CRL: Make the CRL available for download via HTTP on the specified interface.
  • Renewal-reminder: Specify the time prior the CA certificate expiration, the ASA will notify the users via email.
  • SMTP from address: Specify the email from which the notification will be sent to deliver the OTP password and enrollment invitations.
  • SMTP subject: Customize the email subject.
  • Subject-name-default: Specify an optional SUBJECT-NAME DN.

Basic ASA configuration as CA server

ASDM -> Configuration -> Remote Access VPN -> Certificate Management - Local Certificate Authority

...

Equivalent CLI configuration.

ASA(config)# Crypto ca server

ASA(config-ca-server)# lifetime ca-certificate 100
ASA(config-ca-server)# lifetime certificate 30
ASA(config-ca-server)# smtp from-address admin@cisco.com
ASA(config-ca-server)# smtp subject Certificate enrollment
ASA(config-ca-server)# keysize 2048
ASA(config-ca-server)# cdp-url http://cisco/+CSCOCA+/asa_ca.crl
ASA(config-ca-server)# subject-name-default CN=BoB , O=Cisco, C= US
ASA(config-ca-server)#
no shutdown

Once the CA server has been enabled , we cannot do any modification to the configuration unless we shutdown the server.

Show and debugs commands:

  • Debug crypto ca server
  • Show crypto ca server
  • Show crypto ca server cert-db

More information http://www.cisco.com/c/en/us/td/docs/security/asa/asa81/config/guide/config/cert_cfg.html

Original Guide From https://supportforums.cisco.com/document/12597006/how-configure-asa-ca-server

More Cisco and Network Guide

ASA Routed vs. Transparent

Cisco ACLs In and Out on Cisco ASA

Cisco ASA Failover, Failover Modes & ASA Failover Configuration

Cisco ASA IPS Module Configuration

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software

Cisco ASA SNMP Polling Via VPN Site-to-Site Tunnel

Read more

Cisco Mobility Express Solution for K-12

November 18 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network

Deploy and Manage Your School’s Wi-Fi Network in a Snap

Deploy and Manage Your School’s Wi-Fi Network in a Snap

What does the Cisco Mobility Express Solution can do for you? It sounds good that Cisco Mobility Express Solution can easily help you deploy a wireless network with all Cisco advanced wireless innovations, using a simple, over-the-air configuration interface.

Nowadays, at your school, students might be using digital textbooks. And you might be required to provide a tablet or laptop for every student. Network connections will probably be wireless for the flexibility to use devices from anywhere on campus. Faculty and administrative personnel, too, rely on wireless networking for internal communications that are part of their jobs.

If your IT staff is tiny or nonexistent, how can you deploy and manage the wireless network? Especially if there are multiple schools scattered throughout the district to cover?

Cisco Mobility Express Solution targets just such situations. Mobility Express is built into Cisco Aironet 1850 and 1830 Series Access Points, which support 802.11ac Wave 2. Wave 2 is the very latest Wi-Fi standard, supporting gigabit speeds and protecting your Wi-Fi access point investment into the future.

Benefits

  • Ideal for schools needing up to 25 Wi-Fi access points
  • Supports Cisco’s industry-leading features with no price premium
  • Non-IT personnel can set up the wireless network in less than 10 minutes
  • Three-step, wizard-based setup means no command lines to learn
  • Delivers 802.11ac Wave 2, the latest and fastest wireless LAN technology on the market
  • Bundles virtual WLAN controller management capabilities into the AP at no extra cost
  • Cisco Connected Mobile Experience (CMX) can be added to boost customer engagement and give you presence-based analytics

Be Prepared for Wave 2 Client Devices--New 802.11ac Wave 2 client devices will soon appear on your network as students, faculty, and staff upgrade their smartphones and tablets.

Installing a Wave 2 Wi-Fi access point prepares you to deliver the most robust performance possible to them from day one. Turn to Cisco, a leader in helping advance the 802.11ac specifications, to help you stay ahead of the growing Wi-Fi traffic volumes that the new devices will generate.

1, 2, 3, and You’re Up

Supported on the Cisco Aironet 1850 and 1830 Series Access Points, the Mobility Express Solution lets you deploy your wireless LAN in less than 10 minutes. You can simultaneosly configure multiple Aironet access points with industry best-practice settings already enabled by default. Follow just three steps to configure your network:

  1. Connect to an 1850 or 1830 access point using any wireless device
  2. Use the Cisco WLAN Express Setup Wizard to configure multiple access points simultaneously. Your wireless network can contain a mix of Cisco Aironet 1850, 1830, 1600, 2600, 3600, 1700, 2700 and 3700 Series Access Points. You just need an 1850 or 1830 for the control function.
  3. Access the management dashboard – available via a browser or a mobile app – to operate, monitor, and troubleshoot your network.

When you want to access your Mobility Express dashboard from your mobile device, use the Cisco Wireless app, available at the Google Play Store and Apple App Store.

Built-In Management

Using a virtual wireless LAN controller built right into the Cisco Aironet 1850 and 1830 access points, you can manage all your access points from a central console. You can easily manage up to 25 APs and 500 clients for each Mobility Express virtual controller you deploy. That means if you are a smaller venue, you can now deliver the same quality user experiences as large enterprises. There’s no price premium, and you don’t have to understand command-line interfaces.

There’s no longer the burden of having to manage autonomous APs one at a time, and no need to invest in a separate WLAN controller appliance for management.

To learn more about Cisco Mobility Express Solution, Cisco Aironet 1850 and 1830 Series Access Points, and 802.11ac Wave 2, visit: http://www.cisco.com/go/mobilityexpress.

Original from http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/mobility-express/at-a-glance-c45-734261.pdf

More Related…

Cisco Mobility Express Solution Release Notes

What’s the Cisco Mobility Express Solution and Can DO…

What a Cisco Mobility Express Bundle!

Read more

How to Verify Cisco Switch Network Status and Operational State?

October 30 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network

In the last article we talked the “Nine Switch Commands Every Cisco Network Engineer Needs to Know”. For Cisco or many other vendors, new commands are introduced at each progressive level of system verification. Do you know what commands you should use to verify a network switch’s status and operation? In this article we will look at five essential commands that are used to verify a network switch’s status and operation. They are:

  • ping
  • traceroute
  • telnet
  • ssh
  • show cdp neighbors

ping

Available on almost all operating system platforms, including Cisco IOS, the ping command is used to verify the reachability of a targeted device. It does this by sending an Internet Control Message Protocol (ICMP) echo message to the target; if the target receives the message (and is not configured to drop it), it responds to the initial sender with an ICMP echo-reply message. In a perfect world, with no firewalls, and all devices configured to respond to these messages, the ping command would work perfectly. However, many devices (or devices en route, like firewalls) are purposely configured to ignore ICMP echo messages automatically, in order to hide their existence and avoid being targeted by attackers. In these cases, engineers must decide whether the unsuccessful ping is a real problem or a purposeful part of a network’s design.

TIP: As a general rule, don’t worry about devices that are outside your organization’s control.

Cisco IOS also has an extended version of the ping command that allows for more complex command configurations. For example, an engineer has the ability to control the source IP used (which makes sense when being run from a router configured with multiple IP addresses), the size of the messages being sent, and the content of the messages, among other options.

traceroute

The traceroute command is typically used along with the ping command to further determine the reachability of a destination. traceroute works a bit differently from ping; instead of simply sending a message to the destination directly, it aims to find the path from the source to the target destination. It does this by using either ICMP echo messages on Windows or the User Datagram Protocol (UDP) probe messages on Linux and Cisco IOS. It figures out the path by taking advantage of the IP Time to Live (TTL) field.

It’s important to understand what the TTL field does. In normal circumstances, the TTL is used as a loop-prevention mechanism; it works by being set to a number which is then decremented at every respective IP “’hop.” If the TTL reaches a device and is decremented to 0, the packet is dropped and an ICMP “destination unreachable” message is sent back to the source device. When used by the traceroute command, the TTL finds each of the hops in the path between the source and the destination:

  1. Initially the source sends an ICMP or UDP message to the destination with a TTL of1.
  2. When the packet reaches the first hop, the TTL is decremented to 0; the device drops the packet and sends back an ICMP “destination unreachable” message.
  3. To find the second hop, the TTL is set to 2, for the third hop it’s set to 3, and so on; typically three packets are sent for each step toward the destination (three with a TTL set to 1, three with a TTL set to 2, and so on).
  4. These ICMP “destination unreachable” messages are received by the runningtraceroute command and interpreted into a readable output showing the path toward the destination.

As with the ping command, many organizations block the ICMP echo messages and some of the UDP messages; and the output should be read with this fact in mind.

The traceroute command on Cisco IOS is extended in the same way as the ping command variant that allows for extended command configurations. The options offered by traceroutemirror most of the options available in an extended ping.

telnet

The telnet command has been around for a long time, allowing users to manage devices via a command-line interface. Its very simple operation provides an unsecured Transmission Control Protocol (TCP) session between the source and destination. Characters entered on the source are immediately relayed to the destination, providing an experience on Cisco IOS (and Linux) that is the same as if the user were directly connected into the device locally.

CAUTION

A key term to take from this description is unsecured, the username and login information are sent between the source and destination in clear text.

The telnet command uses TCP port 23.

ssh

The ssh (secure shell) command works similarly to the telnet command but creates a secure communications channel between source and destination. This means that the username and password are not sent in clear text and are protected (at least to some level) from anyone listening in on the conversation.

The ssh command uses TCP port 22.

show cdp neighbors

The show cdp neighbors command is used on a Cisco IOS device to view neighboring devices discovered by the Cisco Discovery Protocol (CDP). CDP is a Cisco proprietary protocol used for Layer 2 discovery; it has the ability to discover all other supporting CDP devices on a shared segment. (It doesn’t work across Layer 3 devices.) The following example shows some typical output of this command:

R1#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID

R2               Fas 0/0            172              R    7206VXR   Fas 0/0

R1#

In this example, we learn that the remote device (R2) is connected via R1’s FastEthernet0/0 interface and is connected to R2’s FastEthernet0/0 interface, and R2 is a Cisco 7206VXR router. This information is very helpful when mapping out unfamiliar networks. It can also be used to help ensure that a device is connected to the correct remote device(s) on the correct interface; as engineers often must configure devices remotely, this command is useful when installing new equipment, to ensure that physical interfaces are connected to the appropriate networks.

Keep in mind that CDP is a proprietary protocol and will not work to discover most other non-Cisco devices; this command is enabled by default on Cisco devices. A standards-based alternative to CDP is the Link Layer Discovery Protocol (LLDP)—IEEE 802.1AB, which is supported by many other vendors, but is not enabled by default on Cisco devices.

Reference Article from http://www.ciscopress.com/articles/article.asp?p=2420613

More Related

Nine Switch Commands Every Cisco Network Engineer Needs to Know

Read more

Nine Switch Commands Every Cisco Network Engineer Needs to Know

October 30 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network

It’s no doubt that a Cisco network engineers needs experience with a wide variety of commands used with network technology. And at the Cisco Certified Network Associate (CCNA) level, Cisco has indicated a number of commands that should be known initially for Cisco network switches.

In this article it covers these commands, explaining what the Cisco Network Engineer do and how they alter the behavior and/or use of a Cisco switch.

Some terms you need read with examples

#1: hostname hostname

One of the most basic network commands, hostname configures the hostname used for a device. This hostname identifies the device to other locally connected devices for protocols such as the Cisco Discovery Protocol (CDP), which helps in the identification of devices attached directly to the network. Although it is not case-sensitive, the hostname must follow certain rules: It must begin with a letter and end in a letter or digit, and interior characters must be letters, digits, or hyphens (-).

#2: ip default-gateway gateway

The ip default-gateway command configures the default gateway for a switch when IP routing is not enabled (with the ip routing global configuration command), which is typical when lower-level Layer 2 switches are being configured. The easiest way to determine whether IP routing has been enabled is to run the show ip route command. When IP routing has not been enabled, the output will look similar to the following example:

SW1#show ip route

Default gateway is 10.10.10.1

Host               Gateway           Last Use    Total Uses  Interface

ICMP redirect cache is empty

SW1#

When IP routing is enabled, the output looks similar to the output displayed on a router:

SW1#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        10.10.10.0/24 is directly connected, Vlan1

L        10.10.10.10/32 is directly connected, Vlan1

SW1#

NOTE: The configuration entered with the ip default-gateway command has no effect when IP routing is enabled.

#3: username username {password | secret} password

The username command configures a username and associates a password with it. Using the password or secret version of this command is a matter of security:

  • The password version of this command will do one of two things with the configured password:
    • Place the password into the configuration in plaintext (if the service password-encryption command is not enabled).
    • Put the password through a Cisco-proprietary encryption algorithm before placing it into the configuration. (Note that this encryption is easily reversed.)
  • The secret version of this command will create an MD5 hash with the configured password and then place it into the configuration. This reconfigured password is much harder to crack than the encrypted version created with the password version of this command.

This username/password can be used for a number of different features, including Telnet and SSH.

#4: enable {password | secret} password

The enable command configures the password that will be used to access a switch's privileged configuration mode. Because all configuration of a Cisco IOS switch requires privileged configuration mode, keeping this password private is very important. As with the username command, this command has two options: password and secret. The differences between these two options are the same as those for the username command in the preceding section. The enable secret version of the command should be used in all production environments.

Console and Terminal Login Commands

Five commands are used to configure login via the control and virtual terminal (VTY) lines of a switch:

  • password
  • login
  • exec-timeout
  • service password-encryption
  • copy running-config startup-config

The following sections describe these individual commands.

Password password

When entered in line-configuration mode (console or terminal), the password command is used to configure the password that will be used to access a switch from that specific line, depending on the line mode (console or terminal). However, the password configured with this command is used only if the login command is used (which is the default).

Login [local]

The login command is used to enable password checking on an interface. If this command is used without any parameters, the system will check the password entered with the login against the one entered with the password command discussed in the preceding section. If used with the local parameter, both username and password will be prompted, and the entries will then be checked against the local username database that was created with theusername command discussed previously.

Exec-timeout minutes [seconds]

The exec-timeout command is used to configure the amount of time that can pass before a device considers the connection idle and disconnects. By default, timeout is set to 10 minutes. This timeout can be disabled with the no exec-timeout command. (This command is a shortcut and actually enters the exec-timeout 0 0 command into the configuration.)

Service password-encryption

The service password-encryption command is used to enable the encryption of configured passwords on a device. The passwords referenced with this command are the ones configured with a command's password parameter, such as username password and enablepassword. The passwords encrypted with this command are not highly encrypted and can be broken relatively easily. By and large this command is deprecated, as most network engineers will use the secret version of the appropriate commands; however, even weak protection is better than nothing.

Copy running-config startup-config

The copy running-config startup-config command (popularly shortened to copy run start) is one of the most fundamental commands learned by new Cisco network engineers. It copies the active configuration (running-config) on a device to non-volatile memory (NVRAM)(startup-config), which maintains a configuration across a reload. Without this command, a configuration can be lost when a device is reloaded or powered off. The copy command can also be extended to save configuration and IOS images to and from a local device, as well as to and from different locations on the local device.

Network engineers must learn many Cisco OS commands in the process of becoming a CCNA (and beyond), and understanding these basic management commands is where the process starts. Without the knowledge of how to access devices, the complex commands are useless. You must understand when learning these concepts that they are intended to be stacked on top of each other. Lack of knowledge of a few base concepts undermines learning other, more advanced concepts that build on top of those basics.

The Reference Article from http://www.ciscopress.com/articles/article.asp?p=2420612

Read more

Cisco’s IoT Part-Cisco Mobile IP Gateway 2450

September 25 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network, #Cisco Technology - IT News

The MIG-2450 is a gateway specifically designed for transportation solutions in environments such as buses, trains and planes.

The MIG-2450 is a gateway specifically designed for transportation solutions in environments such as buses, trains and planes.

Now, Cisco is focusing on the Internet of Things and delivering more than a dozen new IoT-focused products and a handful of services for channel partners. IoT can do many things for industries.

The IoT is transforming the mass transportation industry. With smart, connected devices, transit companies can monitor hundreds of details about vehicles, tracks, environmental conditions, and much more. IoT technology can also help businesses deliver the value-add services passengers are beginning to expect, such as onboard Wi-Fi.

The challenge for today’s transportation companies is to find secure, efficient ways to put this IoT technology to work. Connecting devices and endpoints across a complex, wide-ranging transportation network can take a lot of time and resources.

Cisco designed the Cisco Mobile IP Gateway 2450 to help simplify these tasks.

The MIG-2450 is a mobile connectivity gateway that delivers high availability communications between central offices, trackside operators, and transit vehicles by integrating GPS, Ethernet, Wi-Fi, and mobile broadband modems.

The MIG-2450 helps you comply with safety and interoperability regulations. It also gives you a way to collect and analyze data without the need for yet another piece of hardware to fit onboard a vehicle. And its modular design provides powerful connectivity for the services and applications that enhance the transportation experience for passengers and workers alike.

Benefits

Automate and improve communication between the back office and transit vehicles.

Boost efficiency and simplify decision making with visibility into vehicles, workers, and security system statuses.

• Enhance the user experience with new, value-added Wi-Fi services for passengers.

• Improve safety for passengers and employees with telematics, driver performance monitoring, and systems analytics applications.

• Reduce operational costs by automating systems management and streamlining PTC compliance for safety and speed enforcement.

Built for a Wide Range of Use Cases

The Cisco Mobile IP Gateway 2450 helps make your transportation operations more efficient, cleaner, and safer. And less costly to run.

With this critical component in your network infrastructure, you can:

• Provide high-performance passenger Wi-Fi

• Implement and manage onboard information systems

• Make transportation safer with wireless surveillance

• Comply more easily with safety and speed regulations

• Remotely monitor and manage mobile assets

• Monitor driver and vehicle performance in real time

• Run systems analytics applications

Offering Options for the Way You Do Business

The MIG-2450 delivers the following features:

• Hardened, scalable industrial system with a compact form factor, wide operating temperature range, fanless operation, and compliance with AAR Standard S-9401 and EN-50155

• Centralized management to allow operators to remotely monitor, control, and perform diagnostics

• Support for up to 4 Type-1 or 10 Type-2 interface cards for extensible connectivity

• Robust connectivity with support for quality of service (QoS), dynamic roaming, multilink load balancing and failover, and link monitoring

• Durable security through Internet Protocol Security (IPsec), Secure Shell (SSH), AES encryption, and datagram transport layer security (DTLS)

Info from http://www.cisco.com/c/dam/en/us/products/collateral/se/internet-of-things/at-a-glance-c45-735028.pdf

More new IoT-related products announced from Cisco (15 in total) include:

  • IE5000 purpose-built switch designed for manufacturing and cities.
  • IW3702 wireless access point for mass transit systems and city-wide wi-fi deployments.
  • IR 809 and IR 829 series of industrial routers with wi-fi and 4G/LTE connectivity for transportation organizations.
  • 4G/LTE modules for CGR 1000 for utility companies, 5921 Embedded Services Routers for industrial networking in remote locations.
  • 360° 5MP & 720p IP cameras for situational awareness. They're also outfitted with audio and digital sensors.
  • Physical security analytics applications that connect to the IP cameras.
  • Fog computing data services for the creation of policies that can monitor and then take action on data that flows through an IoT environment.
  • IoT Field Network Director for monitoring and customizing IoT network infrastructure.
  • Fog Director for centrally management apps that run at the network's edge.

More Related

Cisco’s IoT Part-The Cisco 829 Industrial Integrated Services Routers

What Does the New Cisco IoT System Can Do for You?

Read more
<< < 1 2 3 4 5 6 7 > >>