Posts with #cisco routers tag
Small Branch Office Cisco ISR 1941W Platform
To simulate a small branch office, the Cisco ISR 1941W was configured as a branch router serving a dozen employees. Primary network connectivity was established via a public internet connection with a DMVPN (Dynamic Multipoint Virtual Private Network) encrypted link to corporate headquarters. A 3G wireless data connection was setup for branch redundancy in the event of a primary WAN link failure. The Cisco ISR 1941W was also configured to support wireless utilizing 802.11n radio to extend the corporate wireless network into the branch office as well as provide guest network connectivity for visitors to the office. Security features–Zone Based Firewall, Cisco IOS IPS and content filtering were activated. The Voice services were provided by a headquarters-based CUCM (Cisco Unified Communications Manager).
Medium Branch Office Cisco ISR 2911 Platform
A medium branch office deployment was simulated using a Cisco ISR 2911. This branch scenario supports about 25 users. Primary and backup network connections were to be provided by two separate Ethernet WAN links. An IP WAN provided primary network connectivity with a DMVPN secure connection serving as backup to corporate headquarters. Security features – Zone Based Firewall, Cisco IOS IPS were activated. Voice services were provided by a headquarters-based CUCM with local POTS (Plain Old Telephone Service) access from the Cisco ISR 2911. Cisco Unified SRST (Survivable Remote Site Telephony) was supported to provide redundant local call control in the branch offices in the event the central CUCM is unreachable. Telepresence and video are also supported and enabled for this deployment.
Large Branch Office Cisco ISR 2951 Platform
A large branch with 40 to 60 users was created using a Cisco ISR 2951. In this scenario, the 2951 was configured to provide both primary and backup corporate access via an IP WAN connection as the primary connection to the headquarters and a public Internet connection with a DMVPN secure connection acting as backup. In this scenario the Cisco 2951 was configured to support all voice functions including Cisco Unified Communications Manager Express (CUCME) for call control and voice-mail with Cisco Unity Express. Local PSTN access is provided by a SIP trunk from the 2951 to the local phone network. Zone Based Firewall, Cisco IOS IPS and Cisco WAAS were also activated in the router.
Regional Branch Office Cisco ISR 3945 Platform
A large regional office with 150 or more employees was simulated with a Cisco 3945. Primary and backup connectivity to the headquarters was provided with redundant IP WAN connections. The Cisco 3945 series was configured tosupport CUBE (Cisco Unified Border Element) functionality for call control in conjunction with a CUCM at corporate headquarters. SRST functionality was also enabled at the Cisco 3945 in the event that connectivity with the central CUCM is lost. Local PSTN access was provided by a SIP trunk to the local telephone network. Zone Based Firewall, Cisco IOS IPS and Cisco WAAS were also activated in the router.
More Cisco Branch Router Tips:
How to set up no-ip.com DDNS on your Cisco IOS router that actually works!
Normally we try to setup static IP addresses for our managed routers. However in this case the router was residential and in Singapore. Getting a static IP address was actually impossible.
I started the project by researching DDNS providers. Many of the DDNS providers that were free in the past are no-longer free. However no-ip.com still offers a free version of DDNS. The free version is under the section of their website for personal. At this time I could not find any statements on their site restricting the service to personal use. Here is a link to their site.
This procedure is easy to perform but due to lack of proper documentation and a lot of incorrect documentation, including that in the no-ip.com knowledgebase, it is more difficult than it should be.
This article assumes you have a basic knowledge of Cisco routers and know how to get into config mode and how to save your configuration.
There are three primary steps to setting up DDNS on a Cisco IOS router.
- Set up and confirm DNS resolution works.
- Set up a DDNS method to be called.
- Set up the external DHCP interface to call the DDNS update method.
Set up DNS resolution.
Confirm your router can ping something by name properly. A simple 'ping google.com' is an effective test. If it does not work you can setup you router DNS to use Google's public DNS servers with these two config lines:
- ip dns server
- ip name-server 184.108.40.206 220.127.116.11
Set up the DDNS method.
The method tells the router how to contact the DDNS provider, login and send the proper update command. It also controls the minimum and maximum time between DDNS updates. Do not set the maximum time too short. Many DDNS providers will lock you out if you update too frequently. I typically use one day but you need to check with your provider.
Create and name the DDNS update method.
- ip ddns update method ddns-noip
Set the update mode to HTTP
Create the ADD URL. The URL contains some special characters mainly the'?' that is problematic to enter because the router interprets it as a call for help. Use CTRL-V just before typing the '?' and the router will place it properly. Replace [username] and password with your no-ip credentials. You will need to enter your username as an email address including the '@'
<h>&myip=<a> is a macro replaced by the router during the update with hostname and ip. i.e. hostname=myhostname.no-ip.org&myip=18.104.22.168'
- add http://[username]:[Password]@dynupdate.no-ip.com/nic/update?hostname=<h>&myip=<a>
update minimum every 5 minutes maximum 1 day.
- interval maximum 1 0 0 0
- interval minimum 0 0 5 0
Apply the update to the external DHCP interface.
Select the external interface and apply the update command to call the method you just created. For the Cisco 871 router used in this configuration it is FastEthernet 4. Replace it with your proper interface. For PPPoE it is likely interface Dialer 0.
Substitute your DDNS method name and the hostname to update at your DDNS provider with your specific details..
- interface FastEthernet4
- ip ddns update hostname [DDNS hostname]
- ip ddns update ddns-noip
Unfortunately I have not figured out a way to force a DDNS update NOW. What you can do is set your maximum update time short like 5 minutes. Turn on debugging with: debug ip ddns update.
You will get some very useful debug information. Make sure all the parameters are correct on the calls.
You may need to reload your router. I have round that changing the add command did not update properly after some changes until after a reload.
Sample Debugging Output for a working update.
*Aug 00 00:00:55.433 EDT: DYNDNSUPD: Adding DNS mapping for myhostname.no-ip.org <=>
*Aug 00 00:00:55.433 EDT: HTTPDNS: Update add called for myhostname.no-ip.org <=>
*Aug 00 00:00:55.433 EDT: HTTPDNSUPD: Session ID = 0x7
*Aug 00 00:00:55.433 EDT: HTTPDNSUPD: URL =
*Aug 00 00:00:55.433 EDT: HTTPDNSUPD: Sending request
*Aug 00 00:00:56.441 EDT: HTTPDNSUPD: Response for update myhostname.no-ip.org <=>
*Aug 00 00:00:56.441 EDT: HTTPDNSUPD: DATA START nochg 22.214.171.124
*Aug 00 00:00:56.445 EDT: HTTPDNSUPD: DATA END, Status is Response data recieved,
*Aug 00 00:00:56.445 EDT: HTTPDNSUPD: Call returned SUCCESS, update of
myhostname.no-ip.org <=> 126.96.36.199 succeeded
*Aug 00 00:00:56.445 EDT: DYNDNSUPD: Another update completed (outstanding=0, total=0)
*Aug 00 00:00:56.445 EDT: HTTPDNSUPD: Clearing all session 7 info
Resource from http://bytesolutions.com/Support/Knowledgebase/KB_Viewer/ArticleId/39/How-to-setup-DDNS-Dynamic-DNS-on-a-Cisco-IOS-router.aspx
More Related DDNS Setup on a Cisco IOS Router
Public and private cloud drives new upgrade
Cisco ISR line to get WAN optimization, application performance monitoring, WAN path management and security license
Cisco this week extended the software capabilities of its ISR branch routers with previously separate security and application performance features, including WAN optimization.
Cisco rolled out the ISR-AX line, which takes existing ISR G2 models 3900, 2900 and 1900 and adds a security software license for VPN, firewall and intrusion prevention, as well as software-based Wide Area Application Services (WAAS) WAN optimization, application visibility and control, and WAN path management. Also included is the Cisco Services-Ready Engine processing hardware or additional random access memory to run the software.
Cisco's ISR-AX line adds security, application performance and WAN optimization features to existing models.
Cisco says it is doing this because with the advent of application centralization in data centers or hosted in the cloud, the branch office router needs to evolve to become a Layer 2-7 application service delivery engine. Customers at remote sites need applications to run faster, and require network wide visibility and control for accelerated application deployments, performance monitoring and problem resolution without the need for additional devices, Cisco says.
Indeed, Cisco says software will be the way it delivers its WAAS WAN optimization product to the branch office. The physical hardware appliance will be targeted predominantly at data centers where WAN optimization requires scale, company officials said.
And to catalyze adoption of the ISR-AX, Cisco says it is 20% to 35% less expensive than a stand-alone WAN appliance for the branch office. Cisco is offering the AX line at up to 45% less than non-AX 3900s, 2900s and 1900s.
The ISR 3900 is at the center of a current contract controversy between Cisco and the state of West Virginia.
The ISR line has 500,000 customers worldwide. Cisco had a 77% share of the $855 million enterprise router market and an 84% share of the $671 million enterprise access router market in the third quarter of 2012, according to Dell'Oro Group. It's aiming the ISR-AX squarely at Juniper and Riverbed, which recently entered into a technology licensing deal, even though Dell'Oro cites HP, Adtran and OneAccess as Cisco's closest competitors in access routing.
Asked why HP, for one, wasn't on Cisco's competitive radar for the ISR-AX, a company spokesperson stated in an email:
"While HP has the ability to host applications, they do not have an integrated offer for application performance monitoring, WAN path selection or optimization. We realize they have some APM partners and work with Riverbed, but we view that as [a] gap since [they] do not solve the problem directly, which creates integration, management and cost challenges for customers. Much like Juniper, they have too many gaps to solve the application challenges our customers are facing today with virtualization, cloud and BYOD."
HP didn't respond to a request for comment by press time.
But Juniper did respond:
"Juniper believes the market is moving towards high speed Ethernet WAN connectivity and the need for WAN acceleration in the branch is decreasing," says Brad Brooks, vice president of business strategy and marketing for Juniper. "Rather than integrate WAN optimization in branch SRX and penalize customers with a higher priced solution, Juniper has partnered with Riverbed, the leading WAN optimization provider, to deliver this service to customers should they require it. Riverbed has continuously maintained their competitive edge where other technologies have trailed behind. This partnership is aligned with Juniper's strategy of offering an open architecture with a growing ecosystem of partners that allows customers to select solutions that best fit their network needs."
Brooks also says Juniper's branch SRX router provides application level security and unified threat management, integrated with routing and network security, to eliminate the need for multiple devices and reduce TCO. Juniper also offers an application monitoring solution along with WAN path selection functionality in the branch SRX devices, Brook says.
All Cisco 3900-AX, 2900-AX and 1900-AX products are currently available. The 3900-AX is priced from $16,200 to $24,700. The 2900-AX is priced from $3,595 to $12,900, and the 1900-AX costs from $2,945 to $2,995.
Cisco says it will soon extend the AX capabilities to the 800 ISR, ASR1000 and CSR1000V routers for teleworkers, enterprise network edge, and data center and cloud, respectively.
---Article from http://www.networkworld.com/news/2013/031213-cisco-router-267582.html
More Related Cisco Branch Router Info and Guide:
The new Cisco Integrated Services Routers Generation 2 (ISR G2) Family of routers delivers the borderless network that can transform the branch office and customers' experience while enabling business innovation and growth. Supporting the operation of these innovations, Cisco ISR G2 routers provide a rich set of management capabilities that exceed and complement what is available through industry standards. This document discusses these capabilities and related management applications that enable effective operations of Cisco ISR G2 networks and services.
Embedded Management Capabilities
The new Cisco ISR G2 routers provide extensive support for standard Simple Network Management Protocol (SNMP) MIBs and syslogs, allowing comprehensive network management using Cisco or third-party network management systems (NMSs). For additions and updates to Cisco ISR G2-specific MIBs, syslogs, and command-line interfaces (CLIs), please refer to the ISR G2 Manageability Document at:
In addition to the standard MIBs and syslogs, the Cisco ISR G2 routers deliver industry-leading manageability and automation capabilities with the primary objective of providing the lowest total cost of ownership (TCO). Cisco embedded management capabilities provide comprehensive network management functions, from proactive diagnostics to Web 2.0 open interface to policy-based automation.
Figure 1.Cisco IOS Software Embedded Management Capabilities in Cisco ISR G2 Routers
The new Cisco IOS Web Services Management Agent (WSMA) is a management capability embedded in the software that allows advanced configuration, provisioning, and data collection using industry-standard web services. WSMA provides consistent XML messaging format to CLI commands across Cisco IOS Software releases, eliminating the need for error-prone "screen scraping many companies use to configure, manage, and provision.
For more information about WSMA, please visit:
While SNMP and syslog provide the standard protocols for monitoring, the Cisco ISR G2 routers provide many additional capabilities for higher visibility into networks and services. Table 1 shows the recommended usage.
Table 1. Cisco IOS Embedded Management Monitoring Features
What It Does for Monitoring
Collects SNMP MIB data and monitors events (standard protocol)
Used by Cisco and third-party applications for performance and fault monitoring
Monitors events (standard protocol)
Used for monitoring through the console; can also be used by monitoring applications
IP Service-Level Agreements (IP SLAs)
Mimics real traffic to measure traffic statistics
Used for measuring service-level indicators, including delay, jitter, and availability
Collects packet header information
Monitors application performance and usage pattern, as well as security
Cisco IOS Embedded Event Manager (EEM)
Monitors events and reacts based on user-defined policy
Enables onboard automation for fault detection, troubleshooting, and recovering
The Cisco ISR G2 routers provide the network platform for borderless services. As you run more services on your network, you can use IP SLAs to monitor critical network traffic performance indicators, including delay, jitter, and link availability. IP SLAs mimic real-world traffic to proactively identify service-level problems before your users do. Integrating with a broad set of Cisco and third-party NMS applications, IP SLAs set the standard for leadership in proactive performance monitoring.
With the Cisco ISR G2 routers, Cisco extends IP SLA capabilities to support 30 different types of simulated traffic, delivering complete performance measurement from application monitoring (HTTP, FTP, etc.) to transport monitoring (User Datagram Protocol [UDP] jitter, Multiprotocol Label Switching [MPLS], etc.).
For more information about IP SLAs, please go to http://www.cisco.com/go/ipslas.
Flexible NetFlow (FNF) is the next generation in NetFlow technology. As more services and applications such as business video run in the network, FNF provides the visibility of the network infrastructure needed for optimizing resource usage and planning capacity, reducing operation costs, and detecting security incidents. FNF provides more flexibility and scalability beyond traditional NetFlow by enabling customization of traffic identification, such as source, destination, timing, and application information. Further, FNF provides enhanced network anomaly and security detection to help quickly identify and remediate security risks.
For more information about Flexible NetFlow, please go to http://www.cisco.com/go/fnf.
Cisco IOS EEM is a powerful and flexible feature in Cisco IOS Software that provides real-time event detection and onboard automation. Using EEM, you can program the behavior of the network devices to align with your business needs. EEM supports more than 20 event detectors that are highly integrated with different Cisco IOS Software components to trigger actions in response to network events. You can program these actions using a simple CLI-based interface or Tool Command Language (Tcl) scripting language.
Cisco IOS EEM enables network managers to build significant intelligence within Cisco devices to create highly customizable and cost-effective solutions for automated troubleshooting, fault detection and recovery, device configuration, and provisioning.
For more information, please go to http://www.cisco.com/go/eem.
Network Management Applications
Network management applications are instrumental in lowering operating expenses (OpEx) while improving network availability by simplifying and automating many of the day-to-day tasks associated with managing an end-to-end network. Supporting the new Cisco ISR G2 routers, these management applications enable quick and easy deployment, monitoring, troubleshooting, and ongoing changes.
Cisco provides a wide array of management applications to suit different operation needs. Table 2 provides an overview of the relevant applications for managing the Cisco ISRs and the new Cisco ISR G2 routers.
Table 2. Cisco Network Management Applications for Cisco ISR G2 Routers
IP Network Infrastructure Management
Cisco Licensing Manager v3.0 is a secure client/server-based application to manage Cisco software licenses and enable the pay-as-you-grow service model. It automates Cisco Software Activation workflow through its wizard-based GUI and scales for large network deployments. The application accelerates deployment of software licenses using a simple, rule-based policy interface and enables rapid rollout of advanced services in the network.
For more information about Cisco License Manager, please visit: http://www.cisco.com/go/clm.
Cisco Configuration Professional v2.0 is a GUI-based device management tool for Cisco ISR and Cisco ISR G2 routers. This tool simplifies routing, firewall, IPS, VPN, unified communications, WAN, and LAN configuration through GUI-based easy-to-use wizards.
Cisco Configuration Professional is a valuable productivity-enhancing tool for network administrators and channel partners for deploying routers with increased confidence and ease. It offers a one-click router lockdown and an innovative security auditing capability to check and recommend changes to router configuration.
Cisco Configuration Professional is free and can be downloaded at
CiscoWorks LAN Management Solution v3.2 is an integrated suite of management tools that simplify the configuration, administration, monitoring, and troubleshooting of Cisco networks. Built upon popular Internet-based standards, CiscoWorks LMS applications help network operators manage their network through a browser-based interface that is accessible anytime from anywhere within the network. CiscoWorks LMS maintains a centralized list of all Cisco network devices and their credentials; the list serves as a single repository for all CiscoWorks applications, whether they are installed locally or distributed in a multiserver deployment.
CiscoWorks LMS quickly discovers, inventories, configures, troubleshoots, and manages the new Cisco ISR-G2 routers as soon as they are deployed in the network. For these new routers, CiscoWorks LMS provides additional value-added functions for managing the Cisco Services Ready Engine (SRE) module, including: discovery of SRE modules and their attributes, software image deployment, and initial setup and configuration of a single or multiple SRE instances. It also provides configuration, monitoring, and reporting for the Cisco EnergyWise solution.
For more information about CiscoWorks LMS, please visit: http://www.cisco.com/go/lms.
CiscoWorks QoS Policy Manager (QPM) v4.3 provides comprehensive QoS provisioning and monitoring capabilities. It allows network managers to manage and fine-tune the delay, jitter, bandwidth, and packet-loss parameters required for successful end-to-end services such as TelePresence. It can identify and monitor-in real time-the performance of networked applications, and it centrally creates and deploys to Cisco devices QoS policies to track, manipulate, and control the behavior of those applications in order to meet business demands and application requirements. The end result is networkwide intelligent, consistent, and effective QoS that allows performance protection for voice, video, and business applications while reducing costs and optimizing the use of network resources.
For more information about CiscoWorks QPM, please visit: http://www.cisco.com/go/qpm.
Cisco Branch Routers Series Network Analysis Module v4.1 is an integrated performance-monitoring and traffic-analysis solution that offers deeper insight into the branch office at both the network and application levels. It offers real-time visibility into the applications running on the network, how the network resources are being utilized, and how the end users experience the services being delivered in the branch office. The visibility also enables IT to effectively use control and optimization mechanisms such as QoS and Cisco Wide Area Application Services (WAAS) to improve performance of these services.
The innovative design of the Cisco Branch Routers Series NAM combines a rich set of embedded data-collection capabilities and performance analytics with a remotely accessible, web-based management console, all of which reside on a single network module that you can easily install into selected Cisco ISRs and ISR G2 routers. The embedded analytics can both characterize the user experience and quickly isolate and resolve any performance problems, minimizing the effect on users. The NAM further improves the operational efficiency by allowing remote troubleshooting, thereby eliminating the need to send personnel to remote sites or send large amounts of data over WAN links to the central site.
For more information about the Cisco Branch Routers Series Network Analysis Module, please go to http://www.cisco.com/go/nam.
Cisco Configuration Engine v3.0 is a network management application that provides highly scalable, secure, efficient initial deployment and day-2 configuration and image upgrades. Using a set of Cisco IOS Software agents, the Cisco Configuration Engine automates the deployment of Cisco IOS Software configuration files and images-eliminating the need for traditional staging or onsite technical presence, and achieving zero-touch deployment. This application can streamline the deployment process to drastically reduce deployment time and costs.
For more information about Cisco Configuration Engine, please go to:
Unified Communications Management
Cisco Unified Communications Management Suite v7.1(2) is designed specifically for managing Cisco Unified Communications Solutions. The Cisco Unified Communications Management Suite offers integrated provisioning, monitoring, troubleshooting, and reporting capabilities. Operators can view and operate all applications in the suite from a customizable, web-based dashboard interface. This interface simplifies management of the entire unified communications network, including the network infrastructure, call control, user endpoints, and unified communications applications.
The suite comprises four applications:
• Cisco Unified Provisioning Manager v2.2
• Cisco Unified Operations Manager v2.2
• Cisco Unified Service Monitor v1.3.1
• Cisco Unified Service Statistics Manager v1.2
Cisco Unified Communications Management Suite supports the Cisco ISR G2 routers both as a platform for the Express call control family and as a gateway for call trunking in the network.
For more information about Cisco Unified Communications Management, please go to: http://www.cisco.com/go/ucmanagement.
Cisco Security Manager v3.3 is an enterprise-class management application designed to configure firewall, VPN, and intrusion-prevention-system (IPS) security services on Cisco network and security devices, including the new Cisco ISR G2 routers. You can use Cisco Security Manager in networks of all sizes by using policy-based management techniques. Cisco Security Manager works in conjunction with Cisco Security MARS. Used together, these two applications provide a comprehensive security management solution that addresses configuration management, security monitoring, analysis, and mitigation.
For more information, please go to http://www.cisco.com/go/csmanager.
Cisco Security MARS v6.0.4 provides security monitoring for network devices and host applications supporting both Cisco and other vendors. Security monitoring with Cisco Security MARS greatly reduces false positives by providing an end-to-end topological view of the network, helping improve threat identification, mitigation responses, and compliance.
For more information about Cisco Security MARS, please go to http://www.cisco.com/go/csmars.
Cisco Wide Area Application Services Management
Cisco Wide Area Application Services Central Manager (WCM) 4.1 is a management application that runs on Cisco Wide Area Application Engine (WAE) Appliances. Cisco WCM provides scalable, secure, robust, and centralized web management for all Cisco WAE appliances and Wide Area Application Services (WAAS) network modules in the Cisco ISR G2 routers. It allows a network manager to easily perform device-specific or systemwide configuration, including policy configuration and distribution within the WAAS deployment. It can also monitor and generate reports on the WAAS environment.
For more information about Cisco WCM, please go to:
The new Cisco ISR G2 routers provide the platform for borderless networking and borderless services with low TCO. The embedded management capabilities and the extensive Cisco and third-party network management applications that support the new Cisco ISR G2 routers help ensure that you can confidently deploy and manage your borderless network. This document provides only high-level descriptions of these capabilities and applications. For more details, please visit the respective URLs, or contact your Cisco account representatives.
---Resource from http://www.cisco.com/en/US/prod/collateral/routers/ps10538/white_paper_c78_556613.html
More Related Cisco ISR G2 Info:
Basically DHCP is a mechanism which assigns IP addresses to computers dynamically. Usually DHCP is a service running on a server machine in the network in order to assign dynamic IP addresses to hosts. All Cisco 800 series models have the ability to work as DHCP servers, thus assigning addresses to the internal LAN hosts. Without a DHCP server in the network, you would have to assign IP addresses manually to each host. These manually assigned addresses are also called “static IP addresses”.
In this post we will show you how to configure a Cisco 851 or 871 router to work as DHCP server. The same configuration applies for other 800 series models as well.
Router# config t
! define an IP address pool name and range
Router(config)# ip dhcp pool LANPOOL
! define a network range for the addresses that will be assigned
Router(dhcp-config)# network 192.168.1.0 255.255.255.0
! define a dns name to assign to clients
Router(dhcp-config)# domain-name mycompany.com
! define a default gateway for the clients
Router(dhcp-config)# default-router 192.168.1.1
! define the dns server for the clients
Router(dhcp-config)# dns-server 100.100.100.1
! define a WINS server if you have one
Router(dhcp-config)# netbios-name-server 192.168.1.2
!The following addresses will not be given out to clients
Router(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.10
---Reference from networkstraining.com
More Related DHCP Guides:
Earlier this month, fifth year Columbia grad student Ang Cui demonstrated a vulnerability that allowed a 7900 series Cisco VoIP phone to be turned into a high-tech listening device, capturing any sound near the phone.
Cui revealed the exploit he and his colleague Salvatore Stolfo discovered at the San Francisco Amphion Forum. In the demonstration, Cui quickly attached a device he calls the "Thingp3wn3r" to the phone, showing the ease with which it could be physically compromised. Once attached, the Thingp3wn3r circumvents the phone's "off hook switch" which normally disconnects the receiver's microphone when the phone is hung up.
The compromised phone, however, kept its microphone active and sent the audio it captured to Cui through a custom-made smartphone app. Though the phone's receive was in its cradle – seemingly inactive – it had effectively become a means to eavesdrop on anything said nearby.
The dramatic demonstration was made all the more serious when Cui showed pictures of various high ranking government officials, among them President Barack Obama, with Cisco VoIP phones on their desks. Worse still, PhysOrg reports that once a single phone was compromised with Cui's device the entire network of phones was potentially accessible.
Thankfully, this specific vulnerability is no longer viable. In a statement issued by Cisco, the company acknowledged both the vulnerability and their efforts to address it.
"We can confirm that workarounds and a software patch are available to address this vulnerability, and note that successful exploitation requires physical access to the device serial port, or the combination of remote authentication privileges and non-default device settings. Cisco thanks Ang Cui and Salvatore Stolfo for allowing our team to validate the vulnerability and prepare a software patch ahead of the presentation."
Forbes also reported that a patch is already available and will be in wide release come January. Concerned users should contact Cisco directly.
The presentation, and much of Cui's research, demonstrates that a threat can come from a seemingly innocuous source like a VoIP phone or a network printer. For governments and corporations, simply securing the computers and networks is simply not enough.
More Cisco News you can visit: http://blog.router-switch.com/
Simplify your transition from outdated telephony systems to unified communications. The Cisco Business Edition 6000 solution quickly pays for itself by lowering total cost of ownership. It's an affordable, simple, scalable choice for midsize businesses.
Features and Capabilities
Cisco Business Edition 6000 is an integrated solution providing voice and video call control, mobility, messaging, conferencing, instant messaging and presence, and contact center options on a single-server. The solution provides highly-available, flexible collaboration services that deliver low total cost of ownership and ease of use. These are vitally important to growing businesses with limited IT resources.
Cisco Business Edition 6000 is:
- Affordable: priced for smaller budgets, integrating collaboration services on a single platform to cut costs.
- Simple: easy to install, deploy, manage, maintain, and service, and provides high-availability.
- Flexible: links multiple third-party H.323 or SIP telepresence and video endpoints together transparently
- Scalable: provides a smooth and fast migration from outdated telephony with an expandable and flexible architecture
- Lowers total cost of ownership (TCO): It quickly reduces your capital and operations costs.
- Consumes fewer IT resources: Centralized architecture makes it easy to install, use, and manage.
- Increases productivity: Full-featured collaboration helps users work more securely on any device.
- Immediate Investment Protection: Flexible architecture helps you deploy services at your own pace.
Cisco Business Edition 6000 is a packaged solution optimized for medium-sized business requirements. It is a combination of Cisco Unified Communications applications on the Cisco Unified Computing System (Cisco UCS) that offers midsize customers’ business agility and reduced TCO through server consolidation, operational efficiency and scalability, improved business continuity, and greater investment leverage.
Cisco Business Edition 6000 consists of the following foundational elements:
• Cisco Unified Communications Manager
You can optionally add the following applications to the Business Edition 6000 solution:
Cisco Business Edition 6000 supports a maximum of five applications (4 core applications and Cisco Unified Provisioning manager on the fifth virtual machine) running co-resident on a single Cisco UCS C200 hardware platform, and it supports full-featured redundancy for all four core applications over a WAN or LAN environment.
In addition, Cisco Business Edition 6000 integrates with cloud-based Cisco WebEx Software-as-a-Service offerings including WebEx Connect IM and Presence, as well as WebEx Web Conferencing.
More General Q & A to Understand Cisco Business Edition 6000 Well
Q. What is the difference between Cisco Business Edition 6000 and generic unified communications applications on Cisco UCS ("UC on UCS")?
Core applications: Cisco Unified Communications Manager, Cisco Unity Connection, Cisco Unified Presence, Cisco Unified Contact Center Express, Cisco Unity with Cisco Unified Attendant Console, and Cisco Unified Provisioning Manager
Q. What are the supported maximum capacities of Cisco Business Edition 6000?
Q. Where can I find more information about Cisco Business Edition 6000 and bundled applications?
A. For more Cisco Business Edition 6000 information, visit http://www.cisco.com/go/be6000.
Q. Does Cisco Business Edition 6000 support WAN redundancy?
A. Yes, Cisco Business Edition 6000 Versions 8.5 and 8.6 support fully featured redundancy for both LAN and WAN environments. You can deploy a redundant server for Cisco Unified Communications Manager, Cisco Unity Connection, Cisco Unified Presence, and Cisco Unified Contact Center Express applications in a remote location over your WAN.
Q. Does Cisco Business Edition 6000 integrate with Cisco Emergency Responder or other Cisco Unified Communication applications?
You can deploy other applications such as Cisco Emergency Responder on a separate server and integrate them with Cisco Business Edition 6000.
Q. What is the recommended deployment model for customers wanting to deploy more than five applications?
A. Cisco Business Edition 6000 on the Cisco UCS C200 Server supports up to five co-resident applications. However, the Cisco Virtualization Hypervisor software with license comes standard with Cisco Business Edition 6000, and is entitled for two CPU sockets and 16 GB of virtual memory to deploy additional applications. Following are configuration scenario examples:
Scenario 1: Fully redundant configuration
Scenario 2: Redundancy for Cisco Unified Communications Manager with Cisco Unified Contact Center Express only
Scenario 3: Cloud-based IM and presence
• Cisco UCS C200 Server 1: Cisco Unified Communications Manager, Cisco Unity Connection, Cisco Unified Contact Center Express, and Cisco Unified Attendant Console, Cisco Unified Provisioning Manager (primary)
Optional Cisco Virtualization Foundation Edition is entitled for two CPU sockets and 32 GB of virtual memory and enables the VMware vCenter compatibility feature.
Q. Does Cisco Business Edition 6000 support more than two nodes in the cluster?
Q. How is Cisco Unified Provisioning Manager bundled with Cisco Business Edition 6000 different from the Cisco Enterprise Unified Provisioning Manager?
A. Cisco Unified Provisioning Manager bundled with Cisco Business Edition 6000 has inherited the same application features and functions as the Cisco Enterprise Unified Provisioning Manager; however, unlike the enterprise version, the software embedded with Cisco Business Edition 6000 includes the operating system required to run the provisioning application, and it ships as a virtual appliance image. The appliance image simply needs to be copied to the business edition virtual environment and customized for specific deployments. For more information, please refer to the Quickstart guide at:
Q. Is Cisco Business Edition 6000 support based on specifications or third-party servers?
Q. Can I order redundancy by ordering two starter Cisco Business Edition 6000 bundles?
A. Yes, for 150 users or more it is more cost-effective to order two starter bundles if you need redundancy than ordering one starter bundle and a separate Cisco UCS C200 Server. Ask your partner about redundancy options.
Q. Can I mix Cisco User Connect Licensing with Cisco Unified Workspace Licensing models?
A. Yes, you can mix any version of Cisco User Connect Licenses with any version of Cisco Unified Workspace Licenses. Please note that you need to purchase the Cisco Business Edition 6000 Cisco Unified Workspace License starter bundle to get the presence software and the base license. All users must have a Cisco Unified Communications Software Subscription.
Q. What licenses do I need to add Cisco TelePresence endpoints to Cisco Business Edition 6000?
A. Desktop video requires a Cisco User Connect License (CUCM-USR-LIC) or a Cisco Unified Workspace License Business Edition (BE6K-UWL-LIC) license to add the Cisco Cius business tablet. Cisco TelePresence endpoints require Cisco TelePresence user licenses (CUCM-USR-LIC).
Q. What license do I need to add a mobile client (for example, the Cisco Jabber™ messaging integration platform on the iPhone) to Cisco Business Edition 6000?
A. With Cisco Unified Workspace Licensing for Cisco Business Edition, you can order a CUWL PRO license to add mobile clients. With Cisco User Connect Licensing for Cisco Business Edition, you can order the mobile client separately.
Cisco 7962 is a “must buy” IP phone product in the market. Compare to many other IP phone products in the market, Cisco 7962 is still the best, in term of quality and its affordable price. Cisco 7962 has many great features that definitely will benefit your communication needs.
Excellent features of Cisco Unified IP Phone 7962
Here are some great features you will only find in Cisco 7962 phone:
This cisco 7962g phone has better service and features compared to other cisco series or even other smart phones, which enables you to have better communication with the best feature for messaging, web browser, and entertainment.
Cisco 7962 has better applications of voice, video, data and mobile applications that will make it easier for you to handle all of your business or the social networking in a simple way by only using this smart phone.
One important application that you will get in this phone is the one that we call as the institutional workspace. In addition to that, the phone will also enable you to quickly access various information, such as weather condition, stock price, or various web-based news, etc.
All right, Cisco Unified IP Phone 7962 has been famous among people with many updated features compared to other cisco series or other type of IP phones, including the extended features of the interface and the abilities in increasing the quality of communication. This type of IP phones are one of the technology that you must have to get the best out of the latest communication technology in this era.
Cisco 7962 Review
Cisco 7962 is basically a full featured IP phone which is full with the high technology feature of the audio and the abilities to support your communication. For the sake of the best quality of communication you will get the best quality speaker and headset which designed for a wideband audio which is considered as the most preferable feature by most of people to be included in their mobile phone. The phone has a large, 4-bits gray scale graphical LCD which provides features like time and date, calling-party’s name, calling-party’s number, dialed digits, and presence information.
Those features will give you more than just a smart phone in your hand but a brilliant phone which has the complete useful features to support your communication such as the feature of the calling image. You can also set the tones for each person’s number and add the images that will appear when she or he is calling your Cisco 7962. As a kind of IP Phones this magical phone also give you the easiness of browsing the internet. You will get the fastest internet browsing.
This Cisco 7962 also gives you the best application of IP Telephone of the internet browsing which has the high speed performance through the connection. You will get the satisfying internet connection with less waiting time than the common web browsing in your IP Phone 7962G. As the mean of social networking you will also get the easy connection to facebook, twitter, email, and other social networks. You will have to input your email and password and you will just click the direct button interface to your account.
As a conclusion there are many benefits that you can get from this 7962G from the complete application for communication and the social networking activities that you can do from your hand. You have to make sure that you get the best quality of smart phone that is the Cisco 7962.
More Info of Cisco Unified IP Phone 7900 Series:
Cisco IP Phone Recommendation: Cisco Unified IP Phone 7942G-Enhanced Sound Quality
Quick Reference Guide: Overview of Cisco 7942/7962 IP Phone
Centralizing access control, security, management
Cisco revealed new WLAN access points and controllers, along with its latest steps to blend wireless and wired enterprise networks together.
The networking vendor announced upgraded server applications for access control, network management, and application management across both types of networks. Also new: virtualization options for these infrastructure products; two new lower-priced 802.11n access points for business networks; a new high-end WLAN controller, with a new high-availability feature for Wi-Fi clients.
The changes are part of a strategy that the vendor labels "Cisco Unified Access," now being formally announced though it's been featured on the company Website, and talked about with customers, for over a year. The basic idea, according to Cisco marketers, is to centralize and automate policy enforcement, security and authentication, and network management, regardless of how business end users connect to the company network, or with what kind of de-client device.
For access control functions, Cisco offers the Identity Services Engine (ISE), unveiled in 2011 as a central point to create and enforce a range of network policies based on the user's identity, role, and devices. [See our "First Look" slide on ISE]
A new update to the ISE software adds two features:
+ a Web-based portal, called My Devices," which lets end users register their personally owned devices with ISE, which in turn can enforce for these devices whatever bring-your-own-device (BYOD) policies have been set by the IT group
+ Secure Group Access, which lets a network administrator assign users to groups that have a set of pre-defined policies associated with them. New users automatically have these policies applied to them and their devices
For security and management across wired and wireless networks, Cisco offers Cisco Prime Infrastructure, also announced last year. It integrates several previously separate tools into one application with a single user interface, spanning both wired and wireless LANs.
That software, too, is being updated, adding what Cisco calls application visibility and control. Essentially, Prime can collect data from various sources and tools to create a visual picture of how specific applications are behaving, and of the end user's "network experience" in terms of delays or other quality standards.
Cisco also announced for small- and midsized WLANs, which several of these infrastructure products are now available as software that can be hosted on virtual servers: Cisco Prime Infrastructure and Cisco Identity Services Engine, along with Cisco Mobility Services Engine, and a WLAN controller that supports up to 200 access points.
The new WLAN hardware products are:
+ Cisco Aironet 2600 and 1600 Series access points, to complement the high-end 3600 Series: the two new products support 802.11n, but each in turn has fewer of the advanced features found in the flagship product. And unlike, the 2600, neither will be able to receive the 802.11ac plug-in module that Cisco recently announced it will ship in early 2013
+ Two new high-end WLAN controllers: the 8500 Series is aimed at service providers deploying Wi-Fi networks as adjuncts to wired or cellular network access, or at very large enterprise WLANs. The one-rack unit can manage up to 6,000 access points and 64,000 clients.
+ The new controller firmware release now supports what Cisco calls sub-second state-full switchover to improve WLAN availability. In effect, it's a way to shift Wi-Fi clients so quickly to a backup controller that they maintain their application sessions even if their original controller blows up.
---Written by John Cox at networkworld.com
More Cisco Info and News Related to Wireless:
The ping command is irreplaceable when it comes to troubleshooting. At some point, you will undoubtedly use this command to solve a networking problem. But how do you properly use this command in the Cisco IOS?
The Basics of Ping
The ping command works just like on those old submarine movies. You are on one network device and you “ping” another. When you do this, in your head think of the sound that you heard on those old submarine movies- “PPiiiiiiiiiiiing”. The sound would go out and, on the sonar operator’s-screen, he would or would not see the other submarine. This is exactly how the ping-command in networking, works. Your sonar screen is your Cisco router’s command prompt. Usage of the ping command can be as simple as this:
As you can see in this example, I simply typed ping, and the IP address of the host I wanted to ping. In response, I got five exclamation points that told me that I sent 5 ping packets out, and they were all returned (a complete success).
In other words, a ping request is sent out to the remote device, and a ping response is received back, acknowledging the request. As ping uses the ICMP protocol, these packets are technically called ICMP echo request, and ICMP echo reply. ICMP is considered the management protocol for IP. ICMP uses the IP protocol but ICMP is not TCP, or UDP. ICMP does work at Layer 3.
Note that if the ping was not successful, you would have received one of the following (instead of an exclamation point): - “.” = network server timed out - “U” = destination unreachable - “Q” = source quench (destination too busy) - “M” = could not fragment - “?” = unknown packet type - “&” = packet lifetime exceeded Besides the five exclamation points, I was also told that I was sending “5, 100-byte ICMP echoes”. This means that I actually sent five “ping packets” of 100 bytes each. I was told that the timeout was 2 seconds. That means that if a response was not received within 2 seconds, ping would decide that the packet was not going to return at all. This is a safe assumption considering 2 seconds is 2000ms and I am getting pings back in about 36ms. Notice on the last line that the “Success rate is 100 percent”. That is because it says that I sent 5 pings and received 5 ping replies back (that is the “(5/5)”). I was told that the round-trip minimum time for a ping reply to return was 36ms, the average time (of all 5 pings) for a reply to return is 36ms, and the maximum time for a ping reply to return was 40ms. If you have DNS or a local hostname configured, you can use ping with names, like this:
You should know that there are many more types of ICMP traffic other than that used for “pinging” (echo and echo-reply). ICMP is used to redirect hosts to the proper router, to inform hosts that they need to resize their packets, and many types of IP management communications. Each of these types of ICMP packets has a type number (and optionally, a code number). For example, an ICMP echo is type 8. An echo-reply is a type 0. A redirect to another router for an entire network is a type 5, code 0 (with there being possible codes of 0-3). Finally, you can abbreviate ping by only typing “p”. For example: Router# p 188.8.131.52
What Else Can I Do With Ping?
Now that you understand the basics, let’s look at an advanced version of ping. Cisco calls this “extended ping”. Extended ping will ask you many questions and “interactively” configure the options for ping. If you have never seen this before, you may be surprised at how many options the ping command can have. Here is an example:
In typing ping, by itself, I was asked a list of questions. I have put a red arrow by each of the questions for which I typed a response. On other lines, I simply pressed Enter to take the default. In this example, I still ping-ed “Router3”. I stuck with the default of 5 ping packets (but could have changed it). I kept the default of a 100 byte ping packet but could have changed this to a ping packet as large as 18,024 bytes. Next, I chose to use the extended options, where I was able to choose the source interface of my ping packets. I also chose verbose output. With verbose output, I was able to see each reply to each ICMP echo that I sent, and the time it took for that reply to return to my router. One thing you may be surprised by, is the first question that asked what protocol you want to ping with. Yes, you can ping with protocols other than IP (such as Appletalk, DECnet, and IPX), but rarely are those protocols used anymore.
How Do I Allow Ping Through An IOS Access-list?
Because ICMP is not TCP or UDP, you must specify ICMP specifically when you create an access-list (ACL). Here is an example: access-list 101 permit icmp any any echo-reply In this ACL, we are permitting ICMP traffic from any source, and any destination, as long as it is a reply to an echo request. Many administrators enter the following ACL and expect ICMP to flow through it: access-list 101 permit ip any any This ACL does NOT allow ICMP traffic. To allow ICMP and IP, you need the following two entries in your ACL: access-list 101 permit ip any any access-list 101 permit icmp any any
In summary, the ping utility is invaluable when it comes to troubleshooting network issues. While just about everyone has “pinged” something at one point or another, most people don’t know that there is more to ping than the simple ping command. Extended ping on Cisco routers and switches is a very powerful troubleshooting utility. While the ping command does use the ICMP protocol, there is much more to ICMP than just “ping”. Finally, don’t forget to save yourself three keystrokes by abbreviating the ping command with “p”. Over the years, those keystrokes add up!
More Related Cisco Networking Tips: