Posts with #cisco routers tag
The new Cisco Integrated Services Routers Generation 2 (ISR G2) Family of routers delivers the borderless network that can transform the branch office and customers' experience while enabling business innovation and growth. Supporting the operation of these innovations, Cisco ISR G2 routers provide a rich set of management capabilities that exceed and complement what is available through industry standards. This document discusses these capabilities and related management applications that enable effective operations of Cisco ISR G2 networks and services.
Embedded Management Capabilities
The new Cisco ISR G2 routers provide extensive support for standard Simple Network Management Protocol (SNMP) MIBs and syslogs, allowing comprehensive network management using Cisco or third-party network management systems (NMSs). For additions and updates to Cisco ISR G2-specific MIBs, syslogs, and command-line interfaces (CLIs), please refer to the ISR G2 Manageability Document at:
In addition to the standard MIBs and syslogs, the Cisco ISR G2 routers deliver industry-leading manageability and automation capabilities with the primary objective of providing the lowest total cost of ownership (TCO). Cisco embedded management capabilities provide comprehensive network management functions, from proactive diagnostics to Web 2.0 open interface to policy-based automation.
Figure 1.Cisco IOS Software Embedded Management Capabilities in Cisco ISR G2 Routers
The new Cisco IOS Web Services Management Agent (WSMA) is a management capability embedded in the software that allows advanced configuration, provisioning, and data collection using industry-standard web services. WSMA provides consistent XML messaging format to CLI commands across Cisco IOS Software releases, eliminating the need for error-prone "screen scraping many companies use to configure, manage, and provision.
For more information about WSMA, please visit:
While SNMP and syslog provide the standard protocols for monitoring, the Cisco ISR G2 routers provide many additional capabilities for higher visibility into networks and services. Table 1 shows the recommended usage.
Table 1. Cisco IOS Embedded Management Monitoring Features
What It Does for Monitoring
Collects SNMP MIB data and monitors events (standard protocol)
Used by Cisco and third-party applications for performance and fault monitoring
Monitors events (standard protocol)
Used for monitoring through the console; can also be used by monitoring applications
IP Service-Level Agreements (IP SLAs)
Mimics real traffic to measure traffic statistics
Used for measuring service-level indicators, including delay, jitter, and availability
Collects packet header information
Monitors application performance and usage pattern, as well as security
Cisco IOS Embedded Event Manager (EEM)
Monitors events and reacts based on user-defined policy
Enables onboard automation for fault detection, troubleshooting, and recovering
The Cisco ISR G2 routers provide the network platform for borderless services. As you run more services on your network, you can use IP SLAs to monitor critical network traffic performance indicators, including delay, jitter, and link availability. IP SLAs mimic real-world traffic to proactively identify service-level problems before your users do. Integrating with a broad set of Cisco and third-party NMS applications, IP SLAs set the standard for leadership in proactive performance monitoring.
With the Cisco ISR G2 routers, Cisco extends IP SLA capabilities to support 30 different types of simulated traffic, delivering complete performance measurement from application monitoring (HTTP, FTP, etc.) to transport monitoring (User Datagram Protocol [UDP] jitter, Multiprotocol Label Switching [MPLS], etc.).
For more information about IP SLAs, please go to http://www.cisco.com/go/ipslas.
Flexible NetFlow (FNF) is the next generation in NetFlow technology. As more services and applications such as business video run in the network, FNF provides the visibility of the network infrastructure needed for optimizing resource usage and planning capacity, reducing operation costs, and detecting security incidents. FNF provides more flexibility and scalability beyond traditional NetFlow by enabling customization of traffic identification, such as source, destination, timing, and application information. Further, FNF provides enhanced network anomaly and security detection to help quickly identify and remediate security risks.
For more information about Flexible NetFlow, please go to http://www.cisco.com/go/fnf.
Cisco IOS EEM is a powerful and flexible feature in Cisco IOS Software that provides real-time event detection and onboard automation. Using EEM, you can program the behavior of the network devices to align with your business needs. EEM supports more than 20 event detectors that are highly integrated with different Cisco IOS Software components to trigger actions in response to network events. You can program these actions using a simple CLI-based interface or Tool Command Language (Tcl) scripting language.
Cisco IOS EEM enables network managers to build significant intelligence within Cisco devices to create highly customizable and cost-effective solutions for automated troubleshooting, fault detection and recovery, device configuration, and provisioning.
For more information, please go to http://www.cisco.com/go/eem.
Network Management Applications
Network management applications are instrumental in lowering operating expenses (OpEx) while improving network availability by simplifying and automating many of the day-to-day tasks associated with managing an end-to-end network. Supporting the new Cisco ISR G2 routers, these management applications enable quick and easy deployment, monitoring, troubleshooting, and ongoing changes.
Cisco provides a wide array of management applications to suit different operation needs. Table 2 provides an overview of the relevant applications for managing the Cisco ISRs and the new Cisco ISR G2 routers.
Table 2. Cisco Network Management Applications for Cisco ISR G2 Routers
IP Network Infrastructure Management
Cisco Licensing Manager v3.0 is a secure client/server-based application to manage Cisco software licenses and enable the pay-as-you-grow service model. It automates Cisco Software Activation workflow through its wizard-based GUI and scales for large network deployments. The application accelerates deployment of software licenses using a simple, rule-based policy interface and enables rapid rollout of advanced services in the network.
For more information about Cisco License Manager, please visit: http://www.cisco.com/go/clm.
Cisco Configuration Professional v2.0 is a GUI-based device management tool for Cisco ISR and Cisco ISR G2 routers. This tool simplifies routing, firewall, IPS, VPN, unified communications, WAN, and LAN configuration through GUI-based easy-to-use wizards.
Cisco Configuration Professional is a valuable productivity-enhancing tool for network administrators and channel partners for deploying routers with increased confidence and ease. It offers a one-click router lockdown and an innovative security auditing capability to check and recommend changes to router configuration.
Cisco Configuration Professional is free and can be downloaded at
CiscoWorks LAN Management Solution v3.2 is an integrated suite of management tools that simplify the configuration, administration, monitoring, and troubleshooting of Cisco networks. Built upon popular Internet-based standards, CiscoWorks LMS applications help network operators manage their network through a browser-based interface that is accessible anytime from anywhere within the network. CiscoWorks LMS maintains a centralized list of all Cisco network devices and their credentials; the list serves as a single repository for all CiscoWorks applications, whether they are installed locally or distributed in a multiserver deployment.
CiscoWorks LMS quickly discovers, inventories, configures, troubleshoots, and manages the new Cisco ISR-G2 routers as soon as they are deployed in the network. For these new routers, CiscoWorks LMS provides additional value-added functions for managing the Cisco Services Ready Engine (SRE) module, including: discovery of SRE modules and their attributes, software image deployment, and initial setup and configuration of a single or multiple SRE instances. It also provides configuration, monitoring, and reporting for the Cisco EnergyWise solution.
For more information about CiscoWorks LMS, please visit: http://www.cisco.com/go/lms.
CiscoWorks QoS Policy Manager (QPM) v4.3 provides comprehensive QoS provisioning and monitoring capabilities. It allows network managers to manage and fine-tune the delay, jitter, bandwidth, and packet-loss parameters required for successful end-to-end services such as TelePresence. It can identify and monitor-in real time-the performance of networked applications, and it centrally creates and deploys to Cisco devices QoS policies to track, manipulate, and control the behavior of those applications in order to meet business demands and application requirements. The end result is networkwide intelligent, consistent, and effective QoS that allows performance protection for voice, video, and business applications while reducing costs and optimizing the use of network resources.
For more information about CiscoWorks QPM, please visit: http://www.cisco.com/go/qpm.
Cisco Branch Routers Series Network Analysis Module v4.1 is an integrated performance-monitoring and traffic-analysis solution that offers deeper insight into the branch office at both the network and application levels. It offers real-time visibility into the applications running on the network, how the network resources are being utilized, and how the end users experience the services being delivered in the branch office. The visibility also enables IT to effectively use control and optimization mechanisms such as QoS and Cisco Wide Area Application Services (WAAS) to improve performance of these services.
The innovative design of the Cisco Branch Routers Series NAM combines a rich set of embedded data-collection capabilities and performance analytics with a remotely accessible, web-based management console, all of which reside on a single network module that you can easily install into selected Cisco ISRs and ISR G2 routers. The embedded analytics can both characterize the user experience and quickly isolate and resolve any performance problems, minimizing the effect on users. The NAM further improves the operational efficiency by allowing remote troubleshooting, thereby eliminating the need to send personnel to remote sites or send large amounts of data over WAN links to the central site.
For more information about the Cisco Branch Routers Series Network Analysis Module, please go to http://www.cisco.com/go/nam.
Cisco Configuration Engine v3.0 is a network management application that provides highly scalable, secure, efficient initial deployment and day-2 configuration and image upgrades. Using a set of Cisco IOS Software agents, the Cisco Configuration Engine automates the deployment of Cisco IOS Software configuration files and images-eliminating the need for traditional staging or onsite technical presence, and achieving zero-touch deployment. This application can streamline the deployment process to drastically reduce deployment time and costs.
For more information about Cisco Configuration Engine, please go to:
Unified Communications Management
Cisco Unified Communications Management Suite v7.1(2) is designed specifically for managing Cisco Unified Communications Solutions. The Cisco Unified Communications Management Suite offers integrated provisioning, monitoring, troubleshooting, and reporting capabilities. Operators can view and operate all applications in the suite from a customizable, web-based dashboard interface. This interface simplifies management of the entire unified communications network, including the network infrastructure, call control, user endpoints, and unified communications applications.
The suite comprises four applications:
• Cisco Unified Provisioning Manager v2.2
• Cisco Unified Operations Manager v2.2
• Cisco Unified Service Monitor v1.3.1
• Cisco Unified Service Statistics Manager v1.2
Cisco Unified Communications Management Suite supports the Cisco ISR G2 routers both as a platform for the Express call control family and as a gateway for call trunking in the network.
For more information about Cisco Unified Communications Management, please go to: http://www.cisco.com/go/ucmanagement.
Cisco Security Manager v3.3 is an enterprise-class management application designed to configure firewall, VPN, and intrusion-prevention-system (IPS) security services on Cisco network and security devices, including the new Cisco ISR G2 routers. You can use Cisco Security Manager in networks of all sizes by using policy-based management techniques. Cisco Security Manager works in conjunction with Cisco Security MARS. Used together, these two applications provide a comprehensive security management solution that addresses configuration management, security monitoring, analysis, and mitigation.
For more information, please go to http://www.cisco.com/go/csmanager.
Cisco Security MARS v6.0.4 provides security monitoring for network devices and host applications supporting both Cisco and other vendors. Security monitoring with Cisco Security MARS greatly reduces false positives by providing an end-to-end topological view of the network, helping improve threat identification, mitigation responses, and compliance.
For more information about Cisco Security MARS, please go to http://www.cisco.com/go/csmars.
Cisco Wide Area Application Services Management
Cisco Wide Area Application Services Central Manager (WCM) 4.1 is a management application that runs on Cisco Wide Area Application Engine (WAE) Appliances. Cisco WCM provides scalable, secure, robust, and centralized web management for all Cisco WAE appliances and Wide Area Application Services (WAAS) network modules in the Cisco ISR G2 routers. It allows a network manager to easily perform device-specific or systemwide configuration, including policy configuration and distribution within the WAAS deployment. It can also monitor and generate reports on the WAAS environment.
For more information about Cisco WCM, please go to:
The new Cisco ISR G2 routers provide the platform for borderless networking and borderless services with low TCO. The embedded management capabilities and the extensive Cisco and third-party network management applications that support the new Cisco ISR G2 routers help ensure that you can confidently deploy and manage your borderless network. This document provides only high-level descriptions of these capabilities and applications. For more details, please visit the respective URLs, or contact your Cisco account representatives.
---Resource from http://www.cisco.com/en/US/prod/collateral/routers/ps10538/white_paper_c78_556613.html
More Related Cisco ISR G2 Info:
Basically DHCP is a mechanism which assigns IP addresses to computers dynamically. Usually DHCP is a service running on a server machine in the network in order to assign dynamic IP addresses to hosts. All Cisco 800 series models have the ability to work as DHCP servers, thus assigning addresses to the internal LAN hosts. Without a DHCP server in the network, you would have to assign IP addresses manually to each host. These manually assigned addresses are also called “static IP addresses”.
In this post we will show you how to configure a Cisco 851 or 871 router to work as DHCP server. The same configuration applies for other 800 series models as well.
Router# config t
! define an IP address pool name and range
Router(config)# ip dhcp pool LANPOOL
! define a network range for the addresses that will be assigned
Router(dhcp-config)# network 192.168.1.0 255.255.255.0
! define a dns name to assign to clients
Router(dhcp-config)# domain-name mycompany.com
! define a default gateway for the clients
Router(dhcp-config)# default-router 192.168.1.1
! define the dns server for the clients
Router(dhcp-config)# dns-server 100.100.100.1
! define a WINS server if you have one
Router(dhcp-config)# netbios-name-server 192.168.1.2
!The following addresses will not be given out to clients
Router(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.10
---Reference from networkstraining.com
More Related DHCP Guides:
Earlier this month, fifth year Columbia grad student Ang Cui demonstrated a vulnerability that allowed a 7900 series Cisco VoIP phone to be turned into a high-tech listening device, capturing any sound near the phone.
Cui revealed the exploit he and his colleague Salvatore Stolfo discovered at the San Francisco Amphion Forum. In the demonstration, Cui quickly attached a device he calls the "Thingp3wn3r" to the phone, showing the ease with which it could be physically compromised. Once attached, the Thingp3wn3r circumvents the phone's "off hook switch" which normally disconnects the receiver's microphone when the phone is hung up.
The compromised phone, however, kept its microphone active and sent the audio it captured to Cui through a custom-made smartphone app. Though the phone's receive was in its cradle – seemingly inactive – it had effectively become a means to eavesdrop on anything said nearby.
The dramatic demonstration was made all the more serious when Cui showed pictures of various high ranking government officials, among them President Barack Obama, with Cisco VoIP phones on their desks. Worse still, PhysOrg reports that once a single phone was compromised with Cui's device the entire network of phones was potentially accessible.
Thankfully, this specific vulnerability is no longer viable. In a statement issued by Cisco, the company acknowledged both the vulnerability and their efforts to address it.
"We can confirm that workarounds and a software patch are available to address this vulnerability, and note that successful exploitation requires physical access to the device serial port, or the combination of remote authentication privileges and non-default device settings. Cisco thanks Ang Cui and Salvatore Stolfo for allowing our team to validate the vulnerability and prepare a software patch ahead of the presentation."
Forbes also reported that a patch is already available and will be in wide release come January. Concerned users should contact Cisco directly.
The presentation, and much of Cui's research, demonstrates that a threat can come from a seemingly innocuous source like a VoIP phone or a network printer. For governments and corporations, simply securing the computers and networks is simply not enough.
More Cisco News you can visit: http://blog.router-switch.com/
Simplify your transition from outdated telephony systems to unified communications. The Cisco Business Edition 6000 solution quickly pays for itself by lowering total cost of ownership. It's an affordable, simple, scalable choice for midsize businesses.
Features and Capabilities
Cisco Business Edition 6000 is an integrated solution providing voice and video call control, mobility, messaging, conferencing, instant messaging and presence, and contact center options on a single-server. The solution provides highly-available, flexible collaboration services that deliver low total cost of ownership and ease of use. These are vitally important to growing businesses with limited IT resources.
Cisco Business Edition 6000 is:
- Affordable: priced for smaller budgets, integrating collaboration services on a single platform to cut costs.
- Simple: easy to install, deploy, manage, maintain, and service, and provides high-availability.
- Flexible: links multiple third-party H.323 or SIP telepresence and video endpoints together transparently
- Scalable: provides a smooth and fast migration from outdated telephony with an expandable and flexible architecture
- Lowers total cost of ownership (TCO): It quickly reduces your capital and operations costs.
- Consumes fewer IT resources: Centralized architecture makes it easy to install, use, and manage.
- Increases productivity: Full-featured collaboration helps users work more securely on any device.
- Immediate Investment Protection: Flexible architecture helps you deploy services at your own pace.
Cisco Business Edition 6000 is a packaged solution optimized for medium-sized business requirements. It is a combination of Cisco Unified Communications applications on the Cisco Unified Computing System (Cisco UCS) that offers midsize customers’ business agility and reduced TCO through server consolidation, operational efficiency and scalability, improved business continuity, and greater investment leverage.
Cisco Business Edition 6000 consists of the following foundational elements:
• Cisco Unified Communications Manager
You can optionally add the following applications to the Business Edition 6000 solution:
Cisco Business Edition 6000 supports a maximum of five applications (4 core applications and Cisco Unified Provisioning manager on the fifth virtual machine) running co-resident on a single Cisco UCS C200 hardware platform, and it supports full-featured redundancy for all four core applications over a WAN or LAN environment.
In addition, Cisco Business Edition 6000 integrates with cloud-based Cisco WebEx Software-as-a-Service offerings including WebEx Connect IM and Presence, as well as WebEx Web Conferencing.
More General Q & A to Understand Cisco Business Edition 6000 Well
Q. What is the difference between Cisco Business Edition 6000 and generic unified communications applications on Cisco UCS ("UC on UCS")?
Core applications: Cisco Unified Communications Manager, Cisco Unity Connection, Cisco Unified Presence, Cisco Unified Contact Center Express, Cisco Unity with Cisco Unified Attendant Console, and Cisco Unified Provisioning Manager
Q. What are the supported maximum capacities of Cisco Business Edition 6000?
Q. Where can I find more information about Cisco Business Edition 6000 and bundled applications?
A. For more Cisco Business Edition 6000 information, visit http://www.cisco.com/go/be6000.
Q. Does Cisco Business Edition 6000 support WAN redundancy?
A. Yes, Cisco Business Edition 6000 Versions 8.5 and 8.6 support fully featured redundancy for both LAN and WAN environments. You can deploy a redundant server for Cisco Unified Communications Manager, Cisco Unity Connection, Cisco Unified Presence, and Cisco Unified Contact Center Express applications in a remote location over your WAN.
Q. Does Cisco Business Edition 6000 integrate with Cisco Emergency Responder or other Cisco Unified Communication applications?
You can deploy other applications such as Cisco Emergency Responder on a separate server and integrate them with Cisco Business Edition 6000.
Q. What is the recommended deployment model for customers wanting to deploy more than five applications?
A. Cisco Business Edition 6000 on the Cisco UCS C200 Server supports up to five co-resident applications. However, the Cisco Virtualization Hypervisor software with license comes standard with Cisco Business Edition 6000, and is entitled for two CPU sockets and 16 GB of virtual memory to deploy additional applications. Following are configuration scenario examples:
Scenario 1: Fully redundant configuration
Scenario 2: Redundancy for Cisco Unified Communications Manager with Cisco Unified Contact Center Express only
Scenario 3: Cloud-based IM and presence
• Cisco UCS C200 Server 1: Cisco Unified Communications Manager, Cisco Unity Connection, Cisco Unified Contact Center Express, and Cisco Unified Attendant Console, Cisco Unified Provisioning Manager (primary)
Optional Cisco Virtualization Foundation Edition is entitled for two CPU sockets and 32 GB of virtual memory and enables the VMware vCenter compatibility feature.
Q. Does Cisco Business Edition 6000 support more than two nodes in the cluster?
Q. How is Cisco Unified Provisioning Manager bundled with Cisco Business Edition 6000 different from the Cisco Enterprise Unified Provisioning Manager?
A. Cisco Unified Provisioning Manager bundled with Cisco Business Edition 6000 has inherited the same application features and functions as the Cisco Enterprise Unified Provisioning Manager; however, unlike the enterprise version, the software embedded with Cisco Business Edition 6000 includes the operating system required to run the provisioning application, and it ships as a virtual appliance image. The appliance image simply needs to be copied to the business edition virtual environment and customized for specific deployments. For more information, please refer to the Quickstart guide at:
Q. Is Cisco Business Edition 6000 support based on specifications or third-party servers?
Q. Can I order redundancy by ordering two starter Cisco Business Edition 6000 bundles?
A. Yes, for 150 users or more it is more cost-effective to order two starter bundles if you need redundancy than ordering one starter bundle and a separate Cisco UCS C200 Server. Ask your partner about redundancy options.
Q. Can I mix Cisco User Connect Licensing with Cisco Unified Workspace Licensing models?
A. Yes, you can mix any version of Cisco User Connect Licenses with any version of Cisco Unified Workspace Licenses. Please note that you need to purchase the Cisco Business Edition 6000 Cisco Unified Workspace License starter bundle to get the presence software and the base license. All users must have a Cisco Unified Communications Software Subscription.
Q. What licenses do I need to add Cisco TelePresence endpoints to Cisco Business Edition 6000?
A. Desktop video requires a Cisco User Connect License (CUCM-USR-LIC) or a Cisco Unified Workspace License Business Edition (BE6K-UWL-LIC) license to add the Cisco Cius business tablet. Cisco TelePresence endpoints require Cisco TelePresence user licenses (CUCM-USR-LIC).
Q. What license do I need to add a mobile client (for example, the Cisco Jabber™ messaging integration platform on the iPhone) to Cisco Business Edition 6000?
A. With Cisco Unified Workspace Licensing for Cisco Business Edition, you can order a CUWL PRO license to add mobile clients. With Cisco User Connect Licensing for Cisco Business Edition, you can order the mobile client separately.
Cisco 7962 is a “must buy” IP phone product in the market. Compare to many other IP phone products in the market, Cisco 7962 is still the best, in term of quality and its affordable price. Cisco 7962 has many great features that definitely will benefit your communication needs.
Excellent features of Cisco Unified IP Phone 7962
Here are some great features you will only find in Cisco 7962 phone:
This cisco 7962g phone has better service and features compared to other cisco series or even other smart phones, which enables you to have better communication with the best feature for messaging, web browser, and entertainment.
Cisco 7962 has better applications of voice, video, data and mobile applications that will make it easier for you to handle all of your business or the social networking in a simple way by only using this smart phone.
One important application that you will get in this phone is the one that we call as the institutional workspace. In addition to that, the phone will also enable you to quickly access various information, such as weather condition, stock price, or various web-based news, etc.
All right, Cisco Unified IP Phone 7962 has been famous among people with many updated features compared to other cisco series or other type of IP phones, including the extended features of the interface and the abilities in increasing the quality of communication. This type of IP phones are one of the technology that you must have to get the best out of the latest communication technology in this era.
Cisco 7962 Review
Cisco 7962 is basically a full featured IP phone which is full with the high technology feature of the audio and the abilities to support your communication. For the sake of the best quality of communication you will get the best quality speaker and headset which designed for a wideband audio which is considered as the most preferable feature by most of people to be included in their mobile phone. The phone has a large, 4-bits gray scale graphical LCD which provides features like time and date, calling-party’s name, calling-party’s number, dialed digits, and presence information.
Those features will give you more than just a smart phone in your hand but a brilliant phone which has the complete useful features to support your communication such as the feature of the calling image. You can also set the tones for each person’s number and add the images that will appear when she or he is calling your Cisco 7962. As a kind of IP Phones this magical phone also give you the easiness of browsing the internet. You will get the fastest internet browsing.
This Cisco 7962 also gives you the best application of IP Telephone of the internet browsing which has the high speed performance through the connection. You will get the satisfying internet connection with less waiting time than the common web browsing in your IP Phone 7962G. As the mean of social networking you will also get the easy connection to facebook, twitter, email, and other social networks. You will have to input your email and password and you will just click the direct button interface to your account.
As a conclusion there are many benefits that you can get from this 7962G from the complete application for communication and the social networking activities that you can do from your hand. You have to make sure that you get the best quality of smart phone that is the Cisco 7962.
More Info of Cisco Unified IP Phone 7900 Series:
Cisco IP Phone Recommendation: Cisco Unified IP Phone 7942G-Enhanced Sound Quality
Quick Reference Guide: Overview of Cisco 7942/7962 IP Phone
Centralizing access control, security, management
Cisco revealed new WLAN access points and controllers, along with its latest steps to blend wireless and wired enterprise networks together.
The networking vendor announced upgraded server applications for access control, network management, and application management across both types of networks. Also new: virtualization options for these infrastructure products; two new lower-priced 802.11n access points for business networks; a new high-end WLAN controller, with a new high-availability feature for Wi-Fi clients.
The changes are part of a strategy that the vendor labels "Cisco Unified Access," now being formally announced though it's been featured on the company Website, and talked about with customers, for over a year. The basic idea, according to Cisco marketers, is to centralize and automate policy enforcement, security and authentication, and network management, regardless of how business end users connect to the company network, or with what kind of de-client device.
For access control functions, Cisco offers the Identity Services Engine (ISE), unveiled in 2011 as a central point to create and enforce a range of network policies based on the user's identity, role, and devices. [See our "First Look" slide on ISE]
A new update to the ISE software adds two features:
+ a Web-based portal, called My Devices," which lets end users register their personally owned devices with ISE, which in turn can enforce for these devices whatever bring-your-own-device (BYOD) policies have been set by the IT group
+ Secure Group Access, which lets a network administrator assign users to groups that have a set of pre-defined policies associated with them. New users automatically have these policies applied to them and their devices
For security and management across wired and wireless networks, Cisco offers Cisco Prime Infrastructure, also announced last year. It integrates several previously separate tools into one application with a single user interface, spanning both wired and wireless LANs.
That software, too, is being updated, adding what Cisco calls application visibility and control. Essentially, Prime can collect data from various sources and tools to create a visual picture of how specific applications are behaving, and of the end user's "network experience" in terms of delays or other quality standards.
Cisco also announced for small- and midsized WLANs, which several of these infrastructure products are now available as software that can be hosted on virtual servers: Cisco Prime Infrastructure and Cisco Identity Services Engine, along with Cisco Mobility Services Engine, and a WLAN controller that supports up to 200 access points.
The new WLAN hardware products are:
+ Cisco Aironet 2600 and 1600 Series access points, to complement the high-end 3600 Series: the two new products support 802.11n, but each in turn has fewer of the advanced features found in the flagship product. And unlike, the 2600, neither will be able to receive the 802.11ac plug-in module that Cisco recently announced it will ship in early 2013
+ Two new high-end WLAN controllers: the 8500 Series is aimed at service providers deploying Wi-Fi networks as adjuncts to wired or cellular network access, or at very large enterprise WLANs. The one-rack unit can manage up to 6,000 access points and 64,000 clients.
+ The new controller firmware release now supports what Cisco calls sub-second state-full switchover to improve WLAN availability. In effect, it's a way to shift Wi-Fi clients so quickly to a backup controller that they maintain their application sessions even if their original controller blows up.
---Written by John Cox at networkworld.com
More Cisco Info and News Related to Wireless:
The ping command is irreplaceable when it comes to troubleshooting. At some point, you will undoubtedly use this command to solve a networking problem. But how do you properly use this command in the Cisco IOS?
The Basics of Ping
The ping command works just like on those old submarine movies. You are on one network device and you “ping” another. When you do this, in your head think of the sound that you heard on those old submarine movies- “PPiiiiiiiiiiiing”. The sound would go out and, on the sonar operator’s-screen, he would or would not see the other submarine. This is exactly how the ping-command in networking, works. Your sonar screen is your Cisco router’s command prompt. Usage of the ping command can be as simple as this:
As you can see in this example, I simply typed ping, and the IP address of the host I wanted to ping. In response, I got five exclamation points that told me that I sent 5 ping packets out, and they were all returned (a complete success).
In other words, a ping request is sent out to the remote device, and a ping response is received back, acknowledging the request. As ping uses the ICMP protocol, these packets are technically called ICMP echo request, and ICMP echo reply. ICMP is considered the management protocol for IP. ICMP uses the IP protocol but ICMP is not TCP, or UDP. ICMP does work at Layer 3.
Note that if the ping was not successful, you would have received one of the following (instead of an exclamation point): - “.” = network server timed out - “U” = destination unreachable - “Q” = source quench (destination too busy) - “M” = could not fragment - “?” = unknown packet type - “&” = packet lifetime exceeded Besides the five exclamation points, I was also told that I was sending “5, 100-byte ICMP echoes”. This means that I actually sent five “ping packets” of 100 bytes each. I was told that the timeout was 2 seconds. That means that if a response was not received within 2 seconds, ping would decide that the packet was not going to return at all. This is a safe assumption considering 2 seconds is 2000ms and I am getting pings back in about 36ms. Notice on the last line that the “Success rate is 100 percent”. That is because it says that I sent 5 pings and received 5 ping replies back (that is the “(5/5)”). I was told that the round-trip minimum time for a ping reply to return was 36ms, the average time (of all 5 pings) for a reply to return is 36ms, and the maximum time for a ping reply to return was 40ms. If you have DNS or a local hostname configured, you can use ping with names, like this:
You should know that there are many more types of ICMP traffic other than that used for “pinging” (echo and echo-reply). ICMP is used to redirect hosts to the proper router, to inform hosts that they need to resize their packets, and many types of IP management communications. Each of these types of ICMP packets has a type number (and optionally, a code number). For example, an ICMP echo is type 8. An echo-reply is a type 0. A redirect to another router for an entire network is a type 5, code 0 (with there being possible codes of 0-3). Finally, you can abbreviate ping by only typing “p”. For example: Router# p 184.108.40.206
What Else Can I Do With Ping?
Now that you understand the basics, let’s look at an advanced version of ping. Cisco calls this “extended ping”. Extended ping will ask you many questions and “interactively” configure the options for ping. If you have never seen this before, you may be surprised at how many options the ping command can have. Here is an example:
In typing ping, by itself, I was asked a list of questions. I have put a red arrow by each of the questions for which I typed a response. On other lines, I simply pressed Enter to take the default. In this example, I still ping-ed “Router3”. I stuck with the default of 5 ping packets (but could have changed it). I kept the default of a 100 byte ping packet but could have changed this to a ping packet as large as 18,024 bytes. Next, I chose to use the extended options, where I was able to choose the source interface of my ping packets. I also chose verbose output. With verbose output, I was able to see each reply to each ICMP echo that I sent, and the time it took for that reply to return to my router. One thing you may be surprised by, is the first question that asked what protocol you want to ping with. Yes, you can ping with protocols other than IP (such as Appletalk, DECnet, and IPX), but rarely are those protocols used anymore.
How Do I Allow Ping Through An IOS Access-list?
Because ICMP is not TCP or UDP, you must specify ICMP specifically when you create an access-list (ACL). Here is an example: access-list 101 permit icmp any any echo-reply In this ACL, we are permitting ICMP traffic from any source, and any destination, as long as it is a reply to an echo request. Many administrators enter the following ACL and expect ICMP to flow through it: access-list 101 permit ip any any This ACL does NOT allow ICMP traffic. To allow ICMP and IP, you need the following two entries in your ACL: access-list 101 permit ip any any access-list 101 permit icmp any any
In summary, the ping utility is invaluable when it comes to troubleshooting network issues. While just about everyone has “pinged” something at one point or another, most people don’t know that there is more to ping than the simple ping command. Extended ping on Cisco routers and switches is a very powerful troubleshooting utility. While the ping command does use the ICMP protocol, there is much more to ICMP than just “ping”. Finally, don’t forget to save yourself three keystrokes by abbreviating the ping command with “p”. Over the years, those keystrokes add up!
More Related Cisco Networking Tips:
It's not every day simple Wi-Fi routers make headlines by angering just about all of Internet but that is exactly what Cisco managed to do with its latest packet punting products.
Cisco introduced a new and innovative (yes, really) feature called Connect Cloud with its spruced-up home router range. That's a nebulous name but Connect Cloud lets you shift management of the router away from the device itself, to the web so that you can get to your home network from everywhere.
Also, Cisco made an app market for the routers so that developers could code useful programs that could take advantage of Connect Cloud. This is actually a pretty cool concept, although the apps are far and few between currently and mainly aimed paranoid people wanting to monitor and filter traffic.
However, the way Cisco launched Connect Cloud into this world is a case study in how not to do these things.
First, Cisco pushed out the service automatically as an update for the firmware that controls routers.
That is, Connect Cloud was installed on existing Cisco routers without anyone realising what had happened until they went to take a look at the management web page and discovered that instead of ending up at the box itself people were redirected to a site on the Internet.
In order to manage your router, you had to sign up at the Cisco Connect Cloud site. If you didn't, it was impossible to manage the router.
That's drastic enough, and should never happen without Cisco customers consenting to the change.
It gets worse though: if you signed up to the Connect Cloud service, the initial terms and conditions banned customers from using it "for obscene, pornographic, or offensive purposes" and also for infringing on "another's right, including but not limited to intellectual property rights".
The terms and conditions also said that Cisco would monitor the network traffic and Internet history of customers.
Adding insult to injury, Cisco threatened to disconnect users who didn't comply with the harsh terms with disconnection from the Connect Cloud service.
Long story short, the whole thing blew up spectacularly as enraged Cisco customers vented their fury online.
Cisco scrambled to repair the damage and has since removed some of the offending clauses, saying they were inserted by mistake. It remains to be seen if this is enough to restore the trust Cisco lost with customers, some of which are now installing alternative firmware on their routers.
Get off my cloud
The Connect Cloud furore happened before I received my review sample of the Cisco Linksys EA4500, the current range topping home Wi-Fi router from the US networking company, and I was wondering what I'd make of it.
Let's deal with the Connect Cloud feature first: I like the idea, but not Cisco's implementation of it.
Having remote access to your home network across the Internet and by using Android and iOS apps is a useful idea as it brings your network to the cloud in seamless fashion.
Connect Cloud needs an active Internet connection for set up however as well as a computer and don't lose that set-up CD that comes with the EA4500. You can configure the EA4500 without it, but with Connect Cloud in the mix and separate passwords for that service and the router itself, it's a complicated process.
Also, Connect Cloud is hosted in the United States. Being that far away from New Zealand, the Connect Cloud interface is sluggish to use. The built-in speed test feature shows low results as it's also in the US and the whole Connect Cloud service is focused on Americans.
If like many people you put the EA4500 behind a DSL modem and set the router to Bridge mode to avoid having two separate networks that can't talk to each other, Connect Cloud gets confused and randomly thinks your Internet connection is down - in which case you have to log locally to the router instead, so don't lose the password for the EA4500.
Normally, I never have to spend this much time with the admin interface on a router, and Cisco really needs to rethink the Connect Cloud concept.
The EA4500 is otherwise a good looking little box that provides fast throughput for wireless in the 2.4GHz and 5GHz bands: I was able reach 70-75Mbps in the former band, and 120-130Mbps in the latter, good figures both.
A fast Gigabit Ethernet network switch with four LAN is also included, and a fifth Internet port is included too, which is entirely logical for the EA4500 that's aimed at streaming high-definition video and other large files.
But, Cisco: why is the USB port for hard drives (and printers) only a 2.0 variant and not a newer 3.0 one? I could squeeze 175Mbps out of the USB 2.0 port, but USB 3.0 is much faster and better suited for the EA4500 which has a built-in media and ftp server for file sharing.
I also encountered a bug that meant my upload speed halved if I used the Internet port on the EA4500 to connect to my VDSL2 router. Not using the Internet port sorted out the problem. The problem has been reported to Cisco and I'll update the review if and when it is sorted out.
The Cisco EA4500 is a premium Wi-Fi router that performs well enough, but needs some annoying foibles fixed. This includes Connect Cloud.
Full range of features
---Original review reading from nzherald.co.nz
More Cisco routers Reviews:
Integrated Services Routers for Small Offices, Teleworkers, Small Businesses...
This new family of integrated services routers supports delivery of secure data services over broadband connections including DSL, cable, and Metro Ethernet. Optional 802.11 WLANs, a four-port 10/100 Switch, and Power over Ethernet (PoE) external adapter make the Cisco 870 Series Integrated Services Routers ideal for small offices, teleworkers, and small businesses.
Top 10 Reasons to Migrate to CISCO 870 Series Routers
1. Increased performance for running concurrent services with broadband connections
2. Advanced security features, including Stateful Firewall, 3DES and AES IPsec encryption, antivirus through NAC, IPS
3. Four-port 10/100 MB managed LAN switch with DMZ ports
4. 802.11b/g WLAN option with external, replaceable antennas
5. External PoE adapter option for connecting IP phones or access points
6. Increased default and max memory architecture
7. 10/100 Mbps Ethernet WAN port on Cisco 871
8. Dual USB 2.0 ports (Cisco 871) for security tokens
9. ADSL 2+ and G.SHDSL four-wire support (on ADSL and G.SHDLS models)
10. Integrated ISDN BRI for dial backup on Cisco 876 and for out-of-band management on Cisco 876 and 878
Increased Performance and Expanded Features
Migration Paths from Traditional Platforms
Models that bundle security features are designated with a “K9” in the model SKU
More Cisco 870 Series Tips:
Quick Look at Cisco RV180W Wireless-N Multifunction Router
Pros: Easy to set up. Detailed management interface. IPv6 ready. Supports VLANs. Gigabit Ethernet.
Cons: Sluggish interface. Web filtering rules are too basic. Can't tell when VPN users are connected. Confusing VPN setup.
Bottom Line: The Cisco RV180W Wireless-N Multifunction Router offers security-conscious small businesses an all-in-one box to set up VPN access for remote employees, basic routing, wireless, and firewall. It's also future-proof, supporting IPv6 by default.
The Cisco RV180W Wireless-N Multifunction Router ($246 MSRP) makes it easy to set up a firewall, a VPN server, a router, and a wireless network with a single, compact box. The company also offers the RV180 ($182), with all the same features minus the wireless network. The RV180W addresses a lot of the things that were missing in the Cisco RV110W Wireless-N VPN Firewall, such as increasing the number of VPN users supported and adding Gigabit Ethernet ports.
The RV180W aims to offer security, remote access and simple configuration. Even though Cisco is marketing this dual-band wireless router as a small business product, it is comparable to some of the higher-end consumer routers tested recently, such as theNetgear N900 Wireless Dual Band Gigabit Router WNDR4500 and AirStation Nfiniti High PowerGiga Wireless-N Router & Access Point from Buffalo Technology. Pricewise, the RV180W is comparable to Netgear's N900, although it has more features in common with Buffalo's AirStation line of routers.
The Cisco RV180W has one WAN port for Internet connectivity and four Gigabit LAN ports in the back. There are two external antennas on the back for wireless networking. Square and compact, it measures 1.18” x 5.91” x 5.91” (HWD) and weighs a mere 0.61 lbs.
The glossy front panel has indicator lights for power, wireless activity, Internet connectivity, and for each of the four LAN ports. The front panel also has an AP indicator that lights up steady green when the router is being used as an access point. The Bridge indicator is green when it is acting as a bridge.
The back panel has a power button, a reset button to reboot the router or to restore factory settings, and a port to plug in the AC power cable. Unlike the previous RV110W, the four LAN ports on the back of the RV180W support Gigabit Ethernet. While Gigabit Ethernet is not yet a must-have on most business routers, the increasing number of applications, file-sharing, and video streaming within the office make it a should-have.
Like the earlier RV110W, the R180W would be attractive to many businesses because of its built-in VPN server. Considering how expensive and time-consuming it can be to deploy a VPN server for remote workers to connect and access office printers, databases, and applications, a router with built-in VPN is a bargain. The RV180W supports both the widely-supported PPTP and QuickVPN protocols and allows up to 10 VPN connections at time. This is an improvement over the RV110W, which supported only five users at a time.
Cisco upgraded the RV180W to broadcast on both the 2.4 GHz and 5 GHz-band and included WDS bridging/repeating and WEP/WPA/WPA2 consumer and Enterprise wireless security. The router can also be configured to broadcast on four VLAN-based SSIDs. Businesses would appreciate the various options available for setting up the wireless network.
The well-organized Web interface is chock-full of firewall and routing options, including port forwarding, firewall access rules, quality of service, and creating VPN user accounts.
The RV180W supports IPv6 out of the box, making it a sound investment for any business planning to upgrade their networks to adopt the newer Internet address standard down the road. Businesses should pay careful attention to make sure new equipment have IPv6 support, or the eventual transition is going to be really painful.
Cisco Quick Start
Setting up the RV180W was a snap, as I followed the enclosed printed Quick Start Guide to connect the router to the computer and to the network. When I opened up the Web interface with the default IP address and login credentials, the Setup Wizard launched automatically. The entire process took less than 10 minutes, and included setting up security on the wireless network, changing the password for the default account, configuring the router's WAN gateway settings, and testing to make sure I had Internet connectivity. Plenty of on-screen tips and explanations were available at every step.
I also had the option to configure the router to broadcast a different MAC address. Many ISPs secure customer connections by locking the IP address to a specific hardware MAC address to prevent someone from swapping routers or firewalls without the administrator's knowledge. The RV180W can broadcast the MAC address of the computer being used to run the Setup Wizard, or an entirely different address (such as the previous router being replaced).
I appreciated the Setup Wizard's focus on security. The interface warned me when I selected a password that wasn't strong enough and defaulted to a secure wireless setup by default. When I tried to set up an open wireless network, the wizard displayed several warnings.
More Related Topic: