Overblog Follow this blog
Administration Create my blog
Cisco & Cisco Network Hardware News and Technology

Posts with #cisco & cisco network tag

Switch Architecture of Cisco Catalyst 2960-X/XR Series FAQ

May 17 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall, #Cisco & Cisco Network

Cisco Catalyst 2960-X/XR switches, the greenest Cisco Catalyst access switches

Cisco Catalyst 2960-X/XR switches, the greenest Cisco Catalyst access switches

Why Select Cisco Catalyst 2960-X? What Benefits will you get from migrating to Cisco Catalyst 2960-X/XR series? We talked about the Cisco Catalyst 2960-X a lot before, such as the added features of Catalyst 2960-X Series, stacking of the Cisco Catalyst 2960-X and 2960-XR, Comparison of Cisco Catalyst 2960 Switches, etc. As the greenest Cisco Catalyst access switches, Cisco Catalyst 2960-X/XR switches are the best replacement for the 2960-S series.

The Cisco Catalyst 2960-X models provide Layer 2 switching and have one fixed power supply with an external redundant power supply. They provide 24 or 48 Gigabit Ethernet wire rate ports, PoE/PoE+ support, and four 1G Small Form-Factor Pluggable (SFP) or two 10G SFP+ uplinks.

With FlexStack-Plus technology, the Cisco Catalyst 2960-X switches can be stacked up to 8 members with up to 80 Gbps stacking capacity for high scalability.

In this article we will continue to talk about the architecture, Energy Efficiency of the Cisco Catalyst 2960-X and 2960-XR Series Switches.

Energy Efficiency

Catalyst 2960-X Series introduced new innovative energy saving modes for the switch.

● The Switch Hibernation Mode puts the switch to sleep when the switch is not in use. This feature enables the switch to save up to 90% of power during non-business hours.

● Downlink Hibernation Mode powers down the PHY and the optics of the downlink port when not in use.

● Energy Efficient Ethernet (EEE) enables dynamic power savings on all switch ports; saves about 15W for a 48port-switch and 8W for a 24 port-switch.

● EnergyWise Puts IP End Points in Energy Saver mode, saving 60%+ power with non-active IP devices.

The collective power savings with different energy efficient technologies will reduce the power consumption by up to 80%.

Downlink Hibernation Mode (DHM) feature enables all 2960-X switches to save power on the downlink ports. The switch supports static downlink port power-down where only the PHY and Optics are powered down when not in use.

When the switch is not in use, switch hibernation mode can be scheduled to save power. When the switch is in hibernation mode, it powers off application-specific integrated circuits (ASICs), and connected PoE devices. Power to most of the components is off. The DRAM is in refresh mode, keeping data intact. The switch hibernation mode is integrated with EnergyWise.

Q. Is a Cisco Catalyst 2960-X Series Switch usable while in hibernation mode?

A. No. All hardware components on the data path are switched off on Cisco Catalyst 2960-X Series Switches during hibernation mode.

The Cisco Catalyst 2960-X Series provides the following wake-up triggers from switch hibernation mode:

● Wake on scheduled real-time clock alarm/trigger

● Wake on mode button trigger

Q. Can Cisco Catalyst 2960-X Series Switches be scheduled to switch hibernation mode using the Cisco EnergyWise management tool?

A. Yes, the switch hibernation mode is integrated with Cisco EnergyWise. Cisco Catalyst 2960-X Series Switches can be put to switch hibernation mode using a Cisco EnergyWise management tool like any other IP devices.

Q. Is it possible to wakeup a Cisco Catalyst 2960-X Series Switch in switch hibernation mode before the scheduled wake-up time?

A. Yes, the mode button trigger will get the Cisco Catalyst 2960-X Series Switch out of switch hibernation mode.

Q. Can we schedule switch hibernation mode for some members only in a stack of Cisco Catalyst 2960-X Series Switches?

A. No. The whole stack of Cisco Catalyst 2960-X Series Switches can only be scheduled to switch hibernation mode.

Q. How long does it take for a Cisco Catalyst 2960-X Series Switch to be operational when it wakes up from switch hibernation mode?

A. A Cisco Catalyst 2960-X Series Switch coming out of switch hibernation mode is similar to a switch booting from reload. If the switches are stacked, master reelection is triggered after wake-up.

Q. Is Energy-Efficient Ethernet (EEE) 802.3az supported on the Cisco Catalyst 2960-X Series?

A. Yes, Energy-Efficient Ethernet (EEE) is supported on all downlink ports of the Cisco Catalyst 2960-X Series.

Q. Do we need to enable EEE on the Cisco Catalyst 2960-X Series?

A. EEE is enabled by default on all the downlink ports of the Cisco Catalyst 2960-X Series. If needed, EEE can be disabled.

Q. How is power saved with EEE on the Cisco Catalyst 2960-X Series?

A. Cisco Catalyst 2960-X downlink ports switch to low-power idle (LPI) mode during gaps in the data stream, saving power.

Q. Do both sides of the Ethernet interface have to support EEE for it to work?

A. Yes. Both endpoints of the Ethernet link must support EEE to get the power-saving advantages.

Q. How do I check if EEE is working?

A. The show eee status interface Gigabit Ethernet xxx” command can be used to check if EEE is agreed between both the endpoints.

The Cisco Catalyst 2960-X Series provides two types of console ports and one out-of-band Ethernet port:

● USB Type B console port

● Standard RJ-45 serial port

● 10/100 Ethernet management port

Q. Can both USB Type B console and RJ-45 console ports be used simultaneously?

A. No. Only one can be used for input, but both can receive output. When the USB console is connected, “it is used for input (by default)”. This design allows the administrator to see when the USB console port is in use. This capability is useful for remote administrators.

Q. Does the switch support auto-baud on the console port?

A. No. This was a tradeoff between console speed sensing and the ability to use the USB console.

Switch Architecture

Q. What management ports are available?

A. The Cisco Catalyst 2960-X Series provides two types of console ports and one out-of-band Ethernet port:

● USB Type B console port

● Standard RJ-45 serial port

● 10/100 Ethernet management port

Q. Can both USB Type B console and RJ-45 console ports be used simultaneously?

A. No. Only one can be used for input, but both can receive output. When the USB console is connected, “it is used for input (by default)”. This design allows the administrator to see when the USB console port is in use. This capability is useful for remote administrators.

Q. Does the switch support auto-baud on the console port?

A. No. This was a tradeoff between console speed sensing and the ability to use the USB console.

Q. Which management port has priority?

A. The RJ-45 console port is always the default management port, but when a PC is connected to the USB console port, the USB console takes over. The RJ-45 port continues to receive the output (a copy) of everything that gets displayed on the USB console port. This capability allows remote administrators to continue monitoring or logging the output showing what is happening at the switch location, sending it to a storage device.

Q. When a PC is left unattended on the USB console port, would remote administrators get locked out from the RJ-45 management port?

A. The USB console port has a default activity timer that can also be programmed by the user. This activity timer will expire and return control to the RJ-45 management port to avoid locking the remote administrator out.

Q. What can I do with the USB Type A port of the Cisco Catalyst 2960-X Series?

A. It is used to connect to an external USB memory drive for additional storage. This USB port can be used to perform software upgrades, store configurations, and even write memory core dumps for troubleshooting purposes. All Cisco USB memory drives can be used. Currently up to 8-GB USB drives are supported.

Q. Can a third-party USB Flash drive be used with the Cisco Catalyst 2960-X Series?

A. Yes, a third-party USB Flash drive can be used with the Cisco Catalyst 2960-X Series. They will work, but are not officially supported.

Q. What is the performance of the Cisco Catalyst 2960-X Series Switches?

A. The Cisco Catalyst 2960-X Series have a nonblocking switching architecture capable of forwarding traffic for all 48 1 Gigabit ports plus 2 10 Gigabit ports at line rate. See the datasheet for the MPPS information for each model.

Q. Do the Cisco Catalyst 2960-X Series Switches consume less power than the Cisco Catalyst 2960-S Series Switches?

A. The Cisco Catalyst 2960-X Series are based on the same building blocks as the 2960-S-Series Switches for most components. However, these switches have a new thermal design, new highly efficient power supplies, and new efficient fans, which use less power.

Q. Do the Cisco Catalyst 2960-X Series Switches support front-to-back airflow?

A. The airflow on the Cisco Catalyst 2960-X Series is “front and sides” to back airflow.

Q. Is the airflow reversible in the Cisco Catalyst 2960-X Series Switches?

A. No. The airflow is not reversible.

Q. Do Cisco Catalyst 2960-X Series Switches support field-replaceable power supplies?

A. Cisco Catalyst 2960-XR switch models have field replaceable power supplies, whereas the 2960-X switch models have fixed power supplies.

Q. Are Cisco Catalyst 2960-XR field-replaceable power supplies hot swappable?

A. Yes. Cisco Catalyst 2960-XR power supplies are hot swappable.

Q. Can a non-PoE Cisco Catalyst 2960-X Series Switch support PoE by replacing its power supply with a PoE-capable power supply?

A. No. A non-PoE Cisco Catalyst 2960-X Series Switch will not support PoE by using a PoE-capable power supply.

Q. Can we increase the PoE budget of Cisco Catalyst 2960-X Series Switch by replacing its power supply with a high-capacity power supply?

A. The available PoE budget is fixed for a given model of Cisco Catalyst 2960-X Series Switch. Replacing the switch power supply will not increase the PoE budget.

…More questions to help you know Cisco 2960-X and 2960-XR series well you can read more information here: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-x-series-switches/qa_c67-728348.html

More Related Cisco 2960-X/XR Topics

Why SELECT Cisco 2960-X Series?

Cisco Catalyst 2960-X vs. 2960-XR Series Switches

How to Install or Replace an AC Power Supply in a Cisco 2960-X Switch?

Cisco Catalyst 2960-X/XR vs. Catalyst 3650 vs. Cisco 3850 Series

WS-C2960X-48TD-L & WS-C2960XR-48TD-I Tested, from Miercom

Catalyst 2960-XR Family Power Supply & Configuration

Catalyst 2960-XR Family Power Supply & Configuration

Read more

Cisco Aironet 1570 Family

April 26 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Wireless - Cisco Wireless AP, #Cisco & Cisco Network

Cisco Aironet 1570 Family

Cisco Aironet 1570 Family

Three model types of Cisco Aironet 1570 Series

Three model types of Cisco Aironet 1570 Series

Cisco Aironet Outdoor Access Points

Cisco Aironet Outdoor Access Points

Performance of Cisco Aironet 1570 Series Access Points

Performance of Cisco Aironet 1570 Series Access Points

AP 1570 Product Family

AP 1570 Product Family

There are three 1572 models:

  • Cisco Aironet 1572IC—Internal Antennas with cable modem
  • Cisco Aironet 1572EC—External Antennas with cable modem
  • Cisco Aironet 1572EAC—External Antenna AC powered Model

The AP1572 highlights include:

  • Most advanced carrier-grade outdoor Wi-Fi AP.
  • Dual-band 2.4 and 5 GHz with 802.11ac Wave 1 support on the integrated 5 GHz radio.
  • Maximum radiated RF power allowed by law.
  • High Density Experience (HDX):
    • Cisco CleanAir 2.0 technology provides integrated spectrum intelligence for a self configuring and self-healing network on 80 MHz channels.
    • ClientLink 3.0 improves reliability and coverage for legacy 802.11n and 802.11ac data rates.
    • Optimized Roaming to allow clients to join the most optimal access point.
    • Turbo performance which uses Cisco ASIC design to maximize radio performance.
  • Improved 802.11ac range and performance with 4x4:3 multiple-input multiple-output (MIMO) technology.
  • 1.3 Gbps (5 GHz) 802.11ac data rates.
  • Cisco Flexible Antenna Port technology.
  • DOCSIS 3.0 / EuroDOCSIS / JapanDOCSIS 3.0, 24x8 hybrid fiber-coaxial (HFC) cable modem option.
  • Improved radio sensitivity and range performance with four antenna MIMO and three spatial streams.
  • Multiple uplink options (Gigabit Ethernet-10/100/1000 BaseT, Fiber SFP, Cable modem).
  • Power: AC, DC, Cable, UPOE, PoE-Out (802.3at).
  • 4G LTE coexistence.
  • NEMA Type 4X certified enclosure.
  • Module option: Investment protection and future proofing.
  • Low visual profile design.
  • Unified or autonomous operation.

More about the Aironet 1570 Deployment Guide you can read here:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-0/1570-DG/b_Aironet_AP1570_DG.html

More Related…

The New Cisco Aironet 1570 Series Access Point

Cisco Aironet 1552E/EU vs. Aironet 1552C/CU vs.1552I vs.1552H Outdoor Points

AP1572 Availability and Compatibility

AP1572 Availability and Compatibility

Comparing AP 1550 vs. AP 1570

Comparing AP 1550 vs. AP 1570

Read more

Introducing Cisco DNA (Digital Network Architecture)

April 19 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Technology - IT News, #Cisco & Cisco Network, #Cisco News

Cisco DNA-5 Principles

Cisco DNA-5 Principles

Network Evolution for the Digital Era

Network Evolution for the Digital Era

The Digital Network Architecture (DNA) building blocks and their programmable interfaces.

The Digital Network Architecture (DNA) building blocks and their programmable interfaces.

Watch this video for an overview on Cisco Digital Network Architecture.

Raakhee Mistry (Marketing Manager, has been with Cisco for over 12 years, serving in product management, partner program and solutions marketing roles.) collected the different audiences’ responses to Cisco Digital Network Architecture. She pointed out: Analysts agree that Cisco DNA is a Game Changer. Yes. The New Cisco DNA is a Game Changer for the Digital Era.

Cisco DNA is short for Digital Network Architecture. The Cisco Digital Network Architecture is a platform that will give our customers both a roadmap to digitization and a path to recognize immediate benefits of network automation, assurance and security. Cisco released it at Cisco Partner Summit 2016.

Cisco DNA complements Cisco’s market leading, data center based Application Centric Infrastructure (ACI) technology by extending the policy driven approach and software strategy throughout the entire network: from campus to branch, wired to wireless, core to edge.

Cisco DNA is delivered within the Cisco ONE Software family, enabling simplified software-based licensing, and helping with investment protection and flexibility.

The IT networking industry continues to demand knowledgeable professionals to help manage, secure and optimize their network infrastructure. Networking jobs can be found worldwide in exciting industries such as fashion, sports, and entertainment. Research indicates that a certification is second only to a four year college degree as a way to qualify people for positions and certifications were rated to be the top criteria in being able to determine an applicant's qualifications.

Cisco Digital Network Architecture Benefits

  • Insights. The network touches all things digital – users, devices, applications, sensors and cloud – and networking professionals are in a unique position to help their organizations capture insights in real time that allows businesses to make better decisions instantly and deliver better experiences.
  • Automation. This area is centered on IT speed and simplicity. Today’s networking professionals are CLI jockeys, but that will offer less value as time goes on. The network is evolving to software with software-defined networking, open APIs, network function virtualization and more. These new technologies provide networking IT with unprecedented agility that helps IT deliver business requirements faster and can free up cycles to support more strategic projects for their organization.
  • Security. While digital technologies have opened up new opportunities, they have also introduced a level of risk. As we see the proliferation of mobile devices and cloud adoption, the network perimeter is evolving and the attack surface has the potential to grow significantly. To combat that risk, networking professionals will be able to offer the business a new approach to inject security pervasively through the network, which can be the sensor and enforcer of security threats.

More Related…

Cisco DNA is a Game Changer for the Digital Era?

Happy Birthday, Cisco ONE Software!

Cisco Boosts IOS XR Software Solutions…for ‘Cloud-Scale’ Networking

Cisco Mobility Express Solution Release Notes

Cisco ONE Software Licensing Program

Cisco ACI, What is It?

Read more

About Cisco IP Phone Registration & Boot Up

April 1 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #Cisco IP Phones, #Cisco & Cisco Network

CISCO IP Phone Boot UP Process

CISCO IP Phone Boot UP Process

Do you know the Cisco IP Phone Registration, Boot UP Sequence and related issues? Someone shared the main issues of IP Phone, SCCP & SIP Phone Registration Process with CUCM before. In this article we will talk something about the IP PHONE REGISTRATION ISSUES.

Firstly, let’s understand what Cisco IP Phone Registration & Boot UP Sequence are.

Step 1: Phone Loads Software (Image) and Starts the Configuration Process

Step 2: a. Phone Sends DHCP Request

b. DHCP Server Sends DHCP Response

Step 3: a. Phone Sends TFTP Request for a Configuration File

b. TFTP Server Sends the Default Configuration File

Step 4: a. TFTP Server Sends the Specific Configuration File of the Phone

b. Phone Registration Finishes

FIRST UNDERSTAND THE BOOTUP PROCESS, START TROUBLESHOOTING ACCORDING:

General Troubleshooting Sequence:

  • Disable DHCP and DNS to Test a Phone
  • Check for the Incorrect MAC Address on the Phone Label
  • Cisco CallManager and TFTP Services Do Not Run
  • Delete and Recreate a Phone
  • Understand a Network Trace File
  • Use Performance Monitor to Analyze Phone Activity
  • Manually Configure the IP Parameters on a 12 SP+ or 30 VIP Phone
  • Add Phones to Cisco CallManager
  • Enable, Configure, and Disable Auto−Registration
  • Manual Registration (Add an IP Phone Manually) etc....

THESE ISSUES COULD BE THERE:

  1. IP Phone Registration Toggles between Primary and Secondary CallManagers.
  2. Registration Rejected
  3. Cisco IP Phones Not Registered But seems to be working fine.
  4. Cisco IP Phones Take Too Long to Register.
  5. Cisco IP Phone Always Get Registered to the Publisher Server.
  6. Get "version error" on the Cisco IP Phone screen When Try to Register.
  7. Cisco phones causing excessive DHCP requests.

See the Figure"CISCO IP Phone Boot UP Process" above

Step 1: Phone Loads Software (Image) and Starts the Configuration Process:

During this step, these issues could be there,

* Registration with a Cisco CallManager server is successful only when the server adds the phone or when the server has Auto−Registration enabled. (The default for Auto−Registration is disabled.)

* Note: If the phone LCD screen does not light up, you could have a faulty phone. The phone also could be faulty if the message the phone displays never changes after you plug in the phone. Contact Cisco Technical Support to request a replacement if your phone is under warranty.

* If your phones do not use DHCP, see the Step 3a: Phone Sends TFTP Request for a Configuration File section of this document.

Step 2:

a). Phone Sends DHCP Request:

During this step, these issues could be there,

For Cisco 7940 and 7960: (to manually enable the DHCP Parameter on the phone itself):

Complete these steps on the Cisco 7940 and 7960:

1. Choose Settings.

2. Choose 3 (Network).

Scroll down to the DHCP Enabled parameter.

The selection must be Yes.

__________

Complete these steps on the Cisco 7910:

1. Choose Settings.

2. Choose 6 (Network).

3. Scroll down to the DHCP Enabled parameter.

The selection must be Yes.

__________

Cisco 12 SP+ and 30 VIP

Complete these steps on the Cisco 12 SP+ and 30 VIP:

1. Enter **#.

2. Enter 1.

3. Set all parameters to zero (0).

Note: Cisco 7910G supports only 10 MB speed, but 7910G+SW supports 10/100. If you have a 7910G, be sure to set the switch port that connects to the phone to 10 MB or Auto.

Any IP parameters that you have hard coded on the phones override the parameters that the DHCP server provides. In particular, the Alternate TFTP Server option overrides the TFTP server IP address that the DHCP provides. For information on how to reset your phone configuration to the original factory defaults, refer to either of these documents:

¨ Resetting 7900 Series IP Phones to Factory Defaults

b). DHCP Server Sends DHCP Response:

The DHCP response contains the phone IP address and the IP address of the TFTP server (which is usually a Cisco CallManager server). The response can also contain any of or all these common options:

· IP address of the default router (gateway)

· IP address of the Domain Name System (DNS) server

· Domain name includes option 150 for the TFTP server.

Step 3:

a). Phone Sends TFTP Request for a Configuration File:

  • The phone requests a specific configuration file. The name for this file is SEPMAC−Address.cnf. For example, the file name for a phone with the MAC address 0030.94C2.D5CA is SEP003094C2D5CA.cnf. If the file exists on the Cisco CallManager server, see the Step 4a: TFTP Server Sends the Specific Configuration File of the Phone section of this document.
  • If the phone is not in the Cisco CallManager database, the request for the specific configuration file results in a TFTP File Not Found response from the TFTP server. The phone then requests the file with the name SEPDEFAULT.cnf. If you have configured the Cisco CallManager server for Auto−Registration, this file exists and the server sends it to the phone. See the Step 3b: TFTP Server Sends the Default Configuration File section of this document.

Otherwise, the TFTP server of the Cisco CallManager server sends another File Not Found TFTP response. At this point, the phone restarts the configuration process.

b). TFTP Server Sends the Default Configuration File:

Note: This step only occurs if you have enabled Auto−Registration and the phone has not already registered

with the Cisco CallManager server.

If you have configured the Cisco CallManager server for Auto−Registration, it sends the SEPDEFAULT.cnf

file in response to the phone request. After the Cisco CallManager server database adds a phone by Auto−Registration, the phone has a SEPMAC−Address.cnf file. It does not reference the SEPDEFAULT.cnf

again.

Step 4:

a). TFTP Server Sends the Specific Configuration File of the Phone:

Note: This step only takes place if the phone creation occurred on the Cisco CallManager server. The configuration file contains several parameters for the phone. These include the device pool, the Cisco CallManager servers to use, configured speed dials, and other parameters. In general, any time you make a change in Cisco CallManager that requires the phone (device) to be reset, you have made a change to the phone configuration file.

b). Phone Registration Finishes:

The Cisco CallManager server sends the phone additional configuration elements during the final phases of the registration process.

In general, the registration process must complete successfully if the process goes this far.

To learn what takes place at this point, you need to set up a network analyzer to capture the IP packets that the phone sends to and receives from the server.

FACTS:

7961G Phone does not Register until it is Configured as a 7961>

IP phones CP−7961 and CP−7961G are basically the same platform. The G stands for global use that supports all languages.

So when you add a 7961G phone, you should add it as a regular 7961 phone. CP−7961G−GE is another IP phone with two gigabit Ethernet ports (10/100/1000).

If IP phone 7961G is added as 7961G−GE, it does not register with Cisco CallManager.

TASKS TO PERFORM:

Disable DHCP and DNS to Test a Phone

Check for the Incorrect MAC Address on the Phone Label

Cisco CallManager and TFTP Services Do Not Run

Delete and Recreate a Phone

Understand a Network Trace File

Use Network Monitor to Analyze Phone Activity

By default, Cisco phones are DHCP−enabled. If you do not use DHCP, you need to disable DHCP on the phone and manually assign the phone an IP address. In order to disable DHCP on a phone, use the phone keypad to program the phone IP address and other network addresses.

Enable, Configure, and Disable Auto−Registration

Manual Registration (Add an IP Phone Manually)

Note: If you have your Cisco CallManager servers set up in a cluster, every server has the configuration files for every phone that is in the Publisher database. Therefore, any Cisco CallManager server can serve as a TFTP server for the phones. The device pools to which you have assigned the phones determine the server with which the phones register. A phone can obtain the configuration file from a different server than the server with which the phone registers.

Original reference and more discussions from

https://supportforums.cisco.com/document/113336/ip-phone-registration-issues

More Related…

Understanding IP Phone, SCCP & SIP Phone Registration Process with CUCM

Understanding the Cisco IP Phone Boot Process & Voice Vlan
How to Save Power on Cisco IP Phones?
How to Start up a Cisco IP Phone?
Updated: Cisco IP Phone 7800 Series

Read more

Using DHCP and DHCP Option 82

March 30 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network, #Cisco Technology - IT News

DHCP Option 82 Operation

DHCP Option 82 Operation

DHCP is short for Dynamic Host Configuration Protocol. We know that DHCP is used in LAN environments to dynamically assign host IP addresses from a centralized server, which reduces the overhead of administrating IP addresses.

I’ve read an article “DHCP Snooping and DHCP Snooping Configuration” that is about a CCIE’s experience. In that article it also shares the DHCP Option 82 concept.

In this article we will share some info of using the DHCP Option 82.

DHCP also helps conserve limited IP address space because IP addresses no longer need to be permanently assigned to client devices; only those client devices that are connected to the network require IP addresses. The DHCP relay agent information feature (option 82) enables the DHCP relay agent (Catalyst switch) to include information about itself and the attached client when forwarding

DHCP requests from a DHCP client to a DHCP server. This basically extends the standard DHCP process by tagging the request with the information regarding the location of the requestor. (See the Figure “DHCP Option 82 Operation”)

...

The following are key elements required to support the DHCP option 82 feature:

• Clients supporting DHCP

• Relay agents supporting option 82

• DHCP server supporting option 82

The relay agent information option is inserted by the DHCP relay agent when forwarding the client-initiated DHCP request packets to a DHCP server. The servers recognizing the relay agent information option may use the information to assign IP addresses and to implement policies such as restricting the number of IP addresses that can be assigned to a single circuit ID. The circuit ID in relay agent option 82 contains information identifying the port location on which the request is arriving.

Note:

1. The DHCP option 82 feature is supported only when DHCP snooping is globally enabled and on the VLANs to which subscriber devices using this feature are assigned.

2. DHCP and the DHCP option 82 feature have not been validated in the lab for EttF version 1.1. At this time, Cisco recommends considering only DHCP with option 82 for the application servers at level 3.

Reference from http://www.cisco.com/c/en/us/td/docs/solutions/Verticals/EttF/EttFDIG/ch3_EttF.pdf

More Related…

Five Things You Should Know About DHCP Snooping

How to Configure DHCP Snooping

How to Configure DHCP Snooping in a Cisco Catalyst Switch

DHCP Option 150 & DHCP Option 66

DHCP Relay on the Nexus7000/NXOS vs. IP Helper on the 6500/IoS

Read more

New: Quick Start Guide-Cisco IP Phone 7800 Series for Third-Party Call Control

March 14 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco IP Phones, #Cisco & Cisco Network

What are these buttons exactly used for?

What are these buttons exactly used for?

Quick Start Guide-Cisco IP Phone 7800 Series for Third-Party Call Control-01

Quick Start Guide-Cisco IP Phone 7800 Series for Third-Party Call Control-01

Quick Start Guide-Cisco IP Phone 7800 Series for Third-Party Call Control-02

Quick Start Guide-Cisco IP Phone 7800 Series for Third-Party Call Control-02

The IP Phone 7800 Series introduced 4 models to the portfolio: Cisco IP Phone 7811, 7821, 7841 and IP Phone 7861. The models range in their support, from a single-line model for users with light voice communications needs to a 16-line model for highly active users of VoIP communications.

The Cisco IP Phone 7800 Series delivers advanced IP Telephony features and crystal clear wideband audio performance to deliver an easy-to-use, full-featured voice communications experience on Cisco on-premises and hosted infrastructure platforms and third party hosted call control.

Small-to-large enterprise companies are well suited for the Cisco IP Phone 7800 Series.

The 7800 Series supports secure connectivity for remote worker access to the Cisco network, such as for full-time teleworkers.

Note: Support is provided on 7821, 7841, and 7861 endpoints with IP Phone software update 10-3-1-1 or later. The 7811 is also planned for support–contact your Cisco representative for timing details.

How to start your Cisco IP Phone 7800 Series for Third-Party Call Control? Firstly, let’s look at the Cisco IP Phone 7841 shown.

Refer to the photo graphic above...

...

More Related…

Updated: Cisco IP Phone 7800 Series

How to Save Power on Cisco IP Phones?

Cisco IP Phone 7861 vs. Cisco IP Phone 7841 vs. Cisco IP Phone 7821

New Cisco IP Phone 7800 Series Overview

Cisco IP Phone 8800 Series, Next-Generation Voice Communications for Today’s Workforce

The Cisco IP Phone 8800 Series, Buttons and Hardware

Say Hello to the Cisco IP Phone 8845 and 8865-The New Advanced Video IP Phones

Read more

Discussion: Management of ASA with Firepower Services

March 3 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall, #Cisco & Cisco Network

Cisco ASA with FirePOWER Services-Key Security Features

Cisco ASA with FirePOWER Services-Key Security Features

Discussion: Management of ASA with Firepower Services

We talked Cisco ASA with Firepower Services a lot before. With Cisco ASA with FirePOWER Services, you consolidate multiple security layers in a single platform, eliminating the cost of buying and managing multiple solutions.

The Cisco Firepower Next-Generation Firewall is the industry’s first fully integrated, threat-focused next-gen firewall with unified management. It includes Application Visibility and Control (AVC), optional Firepower next-gen IPS (NGIPS), Cisco Advanced Malware Protection (AMP), and URL Filtering. Cisco Firepower NGFW provides advanced threat protection before, during, and after attacks.

Cisco ASA with FirePOWER Services, Stop more threats with a threat-focused NGFW

Beat sophisticated cyber attacks with superior security. We offer the industry’s first threat-focused next-generation firewall (NGFW). You get the confidence of the most-deployed stateful firewall combined with application control, next-generation intrusion prevention system (NGIPS), and advanced malware protection (AMP).

Discussion: Management of ASA with Firepower Services

There are a few questions about the Management of ASA with Firepower Services. Let’s look at the discussion from Cisco Communities

1. An ASA with Firepower Services requires a Firesight management device (physical or virtual) - Correct?

Yes, that’s correct.

2. Is there a High Availability option for a physical Firesight management?

Read about this in the bottom of Table 2 on this page:

http://www.cisco.com/c/en/us/products/collateral/security/firesight-management-center/datasheet-c78-732251.html

3. Does the Firesight management also manage the ASA's firewall rules?

--Not yet. Cisco is developing Firepower Threat Defence that does excately that.

4. I ask because I believe there was mention that a rule could have a specific IPS policy assigned to it. This is correct in the terms on Firepower Access Control Rules. Not ASA firewall rules.

5. If this is true I would believe that the use of CLI or ASDM on the ASA would no longer be usable - Correct?

The new Threat Defence system will be managed from Firepower Management Center. Not CLI nor ASDM.

6. When changes are made on the Firesight management station are they applied immediately to the ASA, like managing via CLI or is there another step to applying he changes?

No. You will have to deploy the new policy to the Firepower sensor first.

7. When change are applied what if anything happens to existing connections?

- I actually am not sure about this. I have never seen any connections being dropped when applying policy. Cisco has made a note about this in their manual: Firepower Management Center Configuration Guide, Version 6.0 - Policy Management [Cisco FireSIGHT Management Center] -…

  • When you enable Inspect traffic during policy apply:
    • Certain configurations can require the Snort process to restart.
    • When the configurations you deploy do not require a Snort restart, the system initially uses the currently deployed access control policy to inspect traffic, and switches during deployment to the access control policy you are deploying.
  • When you disable Inspect traffic during policy apply, the Snort process always restarts when you deploy.
  • How a Snort restart affects traffic depends on the interface configuration and the platform.

Original Discussion from https://communities.cisco.com/thread/59509

More Related…

What are the Considerations While Buying a Cisco Next-Generation Firewall?

NGFW-Cisco ASA with FirePOWER Services

Cisco ASA 5500-X Series’ New Features & Main Model Comparison

How to Enable the Wireless Access Point (ASA 5506W-X)?

How to Deploy the ASA 5508-X or ASA 5516-X in Your Network?

Cisco ASA 5506-X with Version 9.4.1–Policy Based Routing

ASA 5508-X and ASA 5516-X Overview

ASA 5506-X/SecurityPlus, 5506W-X & 5506H-X, Cisco ASA with FirePOWER Services, What’s New Here?

Read more

Configuring the ASA as CA Server

January 18 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall, #Cisco & Cisco Network

ASDM -> Configuration -> Remote Access VPN -> Certificate Management - Local Certificate Authority

ASDM -> Configuration -> Remote Access VPN -> Certificate Management - Local Certificate Authority

Do you know how to configure the ASA as CA Server? You know the Cisco ASA can act as a Certificate Authority server an issue certificates to the VPN clients or other network devices.

The Cisco ASA only provides browser-based certificate enrollment.

Before to proceed with the configuration, make sure the time on your ASA is correct (Show clock) or use a NTP server to synchronize the time across your network devices.

We cannot specify the CA server name, because you can only have one instance of Local CA server running at the same time.

Under the Crypto ca server mode, we have multiple options explained as follows:

CA Server configuration commands:

  • CDP-URL: Specifies the certificate revocation list distribution point to be included in the certificates issued by the CA.
  • Database: Specifies a path or location for the local CA database. The default location is flash memory.
  • Enrollment-retrieval: Specifies the time in hours that an enrolled user can retrieve a PKCS12 enrollment file.
  • Issuer-name: Indicates that rule entry is applied to the issuer DN of the IPSec peer certificate.
  • Keysize: Configure the size of keypair to generate for certificate enrollments for the local CA server.
  • Lifetime CA-certificate: Specify the lifetime for the CA certificate.
  • Lifetime certificate: Specify the lifetime for the user certificate.
  • Lifetime CRL: Specify the lifetime for the CRL.
  • OTP expiration: Specify the lifetime for the OTP expiration.
  • Publish-CRL: Make the CRL available for download via HTTP on the specified interface.
  • Renewal-reminder: Specify the time prior the CA certificate expiration, the ASA will notify the users via email.
  • SMTP from address: Specify the email from which the notification will be sent to deliver the OTP password and enrollment invitations.
  • SMTP subject: Customize the email subject.
  • Subject-name-default: Specify an optional SUBJECT-NAME DN.

Basic ASA configuration as CA server

ASDM -> Configuration -> Remote Access VPN -> Certificate Management - Local Certificate Authority

...

Equivalent CLI configuration.

ASA(config)# Crypto ca server

ASA(config-ca-server)# lifetime ca-certificate 100 ASA(config-ca-server)# lifetime certificate 30 ASA(config-ca-server)# smtp from-address admin@cisco.com ASA(config-ca-server)# smtp subject Certificate enrollment ASA(config-ca-server)# keysize 2048 ASA(config-ca-server)# cdp-url http://cisco/+CSCOCA+/asa_ca.crl ASA(config-ca-server)# subject-name-default CN=BoB , O=Cisco, C= US ASA(config-ca-server)# no shutdown

Once the CA server has been enabled , we cannot do any modification to the configuration unless we shutdown the server.

Show and debugs commands:

  • Debug crypto ca server
  • Show crypto ca server
  • Show crypto ca server cert-db

More information http://www.cisco.com/c/en/us/td/docs/security/asa/asa81/config/guide/config/cert_cfg.html

Original Guide From https://supportforums.cisco.com/document/12597006/how-configure-asa-ca-server

More Cisco and Network Guide

ASA Routed vs. Transparent

Cisco ACLs In and Out on Cisco ASA

Cisco ASA Failover, Failover Modes & ASA Failover Configuration

Cisco ASA IPS Module Configuration

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software

Cisco ASA SNMP Polling Via VPN Site-to-Site Tunnel

Read more

Cisco Mobility Express Solution for K-12

November 18 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network

Deploy and Manage Your School’s Wi-Fi Network in a Snap

Deploy and Manage Your School’s Wi-Fi Network in a Snap

What does the Cisco Mobility Express Solution can do for you? It sounds good that Cisco Mobility Express Solution can easily help you deploy a wireless network with all Cisco advanced wireless innovations, using a simple, over-the-air configuration interface.

Nowadays, at your school, students might be using digital textbooks. And you might be required to provide a tablet or laptop for every student. Network connections will probably be wireless for the flexibility to use devices from anywhere on campus. Faculty and administrative personnel, too, rely on wireless networking for internal communications that are part of their jobs.

If your IT staff is tiny or nonexistent, how can you deploy and manage the wireless network? Especially if there are multiple schools scattered throughout the district to cover?

Cisco Mobility Express Solution targets just such situations. Mobility Express is built into Cisco Aironet 1850 and 1830 Series Access Points, which support 802.11ac Wave 2. Wave 2 is the very latest Wi-Fi standard, supporting gigabit speeds and protecting your Wi-Fi access point investment into the future.

Benefits

  • Ideal for schools needing up to 25 Wi-Fi access points
  • Supports Cisco’s industry-leading features with no price premium
  • Non-IT personnel can set up the wireless network in less than 10 minutes
  • Three-step, wizard-based setup means no command lines to learn
  • Delivers 802.11ac Wave 2, the latest and fastest wireless LAN technology on the market
  • Bundles virtual WLAN controller management capabilities into the AP at no extra cost
  • Cisco Connected Mobile Experience (CMX) can be added to boost customer engagement and give you presence-based analytics

Be Prepared for Wave 2 Client Devices--New 802.11ac Wave 2 client devices will soon appear on your network as students, faculty, and staff upgrade their smartphones and tablets.

Installing a Wave 2 Wi-Fi access point prepares you to deliver the most robust performance possible to them from day one. Turn to Cisco, a leader in helping advance the 802.11ac specifications, to help you stay ahead of the growing Wi-Fi traffic volumes that the new devices will generate.

1, 2, 3, and You’re Up

Supported on the Cisco Aironet 1850 and 1830 Series Access Points, the Mobility Express Solution lets you deploy your wireless LAN in less than 10 minutes. You can simultaneosly configure multiple Aironet access points with industry best-practice settings already enabled by default. Follow just three steps to configure your network:

  1. Connect to an 1850 or 1830 access point using any wireless device
  2. Use the Cisco WLAN Express Setup Wizard to configure multiple access points simultaneously. Your wireless network can contain a mix of Cisco Aironet 1850, 1830, 1600, 2600, 3600, 1700, 2700 and 3700 Series Access Points. You just need an 1850 or 1830 for the control function.
  3. Access the management dashboard – available via a browser or a mobile app – to operate, monitor, and troubleshoot your network.

When you want to access your Mobility Express dashboard from your mobile device, use the Cisco Wireless app, available at the Google Play Store and Apple App Store.

Built-In Management

Using a virtual wireless LAN controller built right into the Cisco Aironet 1850 and 1830 access points, you can manage all your access points from a central console. You can easily manage up to 25 APs and 500 clients for each Mobility Express virtual controller you deploy. That means if you are a smaller venue, you can now deliver the same quality user experiences as large enterprises. There’s no price premium, and you don’t have to understand command-line interfaces.

There’s no longer the burden of having to manage autonomous APs one at a time, and no need to invest in a separate WLAN controller appliance for management.

To learn more about Cisco Mobility Express Solution, Cisco Aironet 1850 and 1830 Series Access Points, and 802.11ac Wave 2, visit: http://www.cisco.com/go/mobilityexpress.

Original from http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/mobility-express/at-a-glance-c45-734261.pdf

More Related…

Cisco Mobility Express Solution Release Notes

What’s the Cisco Mobility Express Solution and Can DO…

What a Cisco Mobility Express Bundle!

Read more

How to Verify Cisco Switch Network Status and Operational State?

October 30 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network

In the last article we talked the “Nine Switch Commands Every Cisco Network Engineer Needs to Know”. For Cisco or many other vendors, new commands are introduced at each progressive level of system verification. Do you know what commands you should use to verify a network switch’s status and operation? In this article we will look at five essential commands that are used to verify a network switch’s status and operation. They are:

  • ping
  • traceroute
  • telnet
  • ssh
  • show cdp neighbors

ping

Available on almost all operating system platforms, including Cisco IOS, the ping command is used to verify the reachability of a targeted device. It does this by sending an Internet Control Message Protocol (ICMP) echo message to the target; if the target receives the message (and is not configured to drop it), it responds to the initial sender with an ICMP echo-reply message. In a perfect world, with no firewalls, and all devices configured to respond to these messages, the ping command would work perfectly. However, many devices (or devices en route, like firewalls) are purposely configured to ignore ICMP echo messages automatically, in order to hide their existence and avoid being targeted by attackers. In these cases, engineers must decide whether the unsuccessful ping is a real problem or a purposeful part of a network’s design.

TIP: As a general rule, don’t worry about devices that are outside your organization’s control.

Cisco IOS also has an extended version of the ping command that allows for more complex command configurations. For example, an engineer has the ability to control the source IP used (which makes sense when being run from a router configured with multiple IP addresses), the size of the messages being sent, and the content of the messages, among other options.

traceroute

The traceroute command is typically used along with the ping command to further determine the reachability of a destination. traceroute works a bit differently from ping; instead of simply sending a message to the destination directly, it aims to find the path from the source to the target destination. It does this by using either ICMP echo messages on Windows or the User Datagram Protocol (UDP) probe messages on Linux and Cisco IOS. It figures out the path by taking advantage of the IP Time to Live (TTL) field.

It’s important to understand what the TTL field does. In normal circumstances, the TTL is used as a loop-prevention mechanism; it works by being set to a number which is then decremented at every respective IP “’hop.” If the TTL reaches a device and is decremented to 0, the packet is dropped and an ICMP “destination unreachable” message is sent back to the source device. When used by the traceroute command, the TTL finds each of the hops in the path between the source and the destination:

  1. Initially the source sends an ICMP or UDP message to the destination with a TTL of1.
  2. When the packet reaches the first hop, the TTL is decremented to 0; the device drops the packet and sends back an ICMP “destination unreachable” message.
  3. To find the second hop, the TTL is set to 2, for the third hop it’s set to 3, and so on; typically three packets are sent for each step toward the destination (three with a TTL set to 1, three with a TTL set to 2, and so on).
  4. These ICMP “destination unreachable” messages are received by the runningtraceroute command and interpreted into a readable output showing the path toward the destination.

As with the ping command, many organizations block the ICMP echo messages and some of the UDP messages; and the output should be read with this fact in mind.

The traceroute command on Cisco IOS is extended in the same way as the ping command variant that allows for extended command configurations. The options offered by traceroutemirror most of the options available in an extended ping.

telnet

The telnet command has been around for a long time, allowing users to manage devices via a command-line interface. Its very simple operation provides an unsecured Transmission Control Protocol (TCP) session between the source and destination. Characters entered on the source are immediately relayed to the destination, providing an experience on Cisco IOS (and Linux) that is the same as if the user were directly connected into the device locally.

CAUTION

A key term to take from this description is unsecured, the username and login information are sent between the source and destination in clear text.

The telnet command uses TCP port 23.

ssh

The ssh (secure shell) command works similarly to the telnet command but creates a secure communications channel between source and destination. This means that the username and password are not sent in clear text and are protected (at least to some level) from anyone listening in on the conversation.

The ssh command uses TCP port 22.

show cdp neighbors

The show cdp neighbors command is used on a Cisco IOS device to view neighboring devices discovered by the Cisco Discovery Protocol (CDP). CDP is a Cisco proprietary protocol used for Layer 2 discovery; it has the ability to discover all other supporting CDP devices on a shared segment. (It doesn’t work across Layer 3 devices.) The following example shows some typical output of this command:

R1#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID

R2               Fas 0/0            172              R    7206VXR   Fas 0/0

R1#

In this example, we learn that the remote device (R2) is connected via R1’s FastEthernet0/0 interface and is connected to R2’s FastEthernet0/0 interface, and R2 is a Cisco 7206VXR router. This information is very helpful when mapping out unfamiliar networks. It can also be used to help ensure that a device is connected to the correct remote device(s) on the correct interface; as engineers often must configure devices remotely, this command is useful when installing new equipment, to ensure that physical interfaces are connected to the appropriate networks.

Keep in mind that CDP is a proprietary protocol and will not work to discover most other non-Cisco devices; this command is enabled by default on Cisco devices. A standards-based alternative to CDP is the Link Layer Discovery Protocol (LLDP)—IEEE 802.1AB, which is supported by many other vendors, but is not enabled by default on Cisco devices.

Reference Article from http://www.ciscopress.com/articles/article.asp?p=2420613

More Related

Nine Switch Commands Every Cisco Network Engineer Needs to Know

Read more
<< < 1 2 3 4 5 6 7 > >>