Overblog Follow this blog
Administration Create my blog
Cisco & Cisco Network Hardware News and Technology

Posts with #cisco routers tag

Cisco Takes Next Steps to Blend Wired, Wireless Networks

October 8 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Centralizing access control, security, management

Cisco revealed new WLAN access points and controllers, along with its latest steps to blend wireless and wired enterprise networks together.

Cisco-Takes-Next-Steps-to-Blend-Wired--Wireless-Networks.jpg

The networking vendor announced upgraded server applications for access control, network management, and application management across both types of networks. Also new: virtualization options for these infrastructure products; two new lower-priced 802.11n access points for business networks; a new high-end WLAN controller, with a new high-availability feature for Wi-Fi clients.

 

The changes are part of a strategy that the vendor labels "Cisco Unified Access," now being formally announced though it's been featured on the company Website, and talked about with customers, for over a year. The basic idea, according to Cisco marketers, is to centralize and automate policy enforcement, security and authentication, and network management, regardless of how business end users connect to the company network, or with what kind of de-client device.

 

For access control functions, Cisco offers the Identity Services Engine (ISE), unveiled in 2011 as a central point to create and enforce a range of network policies based on the user's identity, role, and devices. [See our "First Look" slide on ISE]

 

A new update to the ISE software adds two features:

+ a Web-based portal, called My Devices," which lets end users register their personally owned devices with ISE, which in turn can enforce for these devices whatever bring-your-own-device (BYOD) policies have been set by the IT group

 

+ Secure Group Access, which lets a network administrator assign users to groups that have a set of pre-defined policies associated with them. New users automatically have these policies applied to them and their devices

 

For security and management across wired and wireless networks, Cisco offers Cisco Prime Infrastructure, also announced last year. It integrates several previously separate tools into one application with a single user interface, spanning both wired and wireless LANs.

 

That software, too, is being updated, adding what Cisco calls application visibility and control. Essentially, Prime can collect data from various sources and tools to create a visual picture of how specific applications are behaving, and of the end user's "network experience" in terms of delays or other quality standards.

 

Cisco also announced for small- and midsized WLANs, which several of these infrastructure products are now available as software that can be hosted on virtual servers: Cisco Prime Infrastructure and Cisco Identity Services Engine, along with Cisco Mobility Services Engine, and a WLAN controller that supports up to 200 access points.

 

The new WLAN hardware products are:

+ Cisco Aironet 2600 and 1600 Series access points, to complement the high-end 3600 Series: the two new products support 802.11n, but each in turn has fewer of the advanced features found in the flagship product. And unlike, the 2600, neither will be able to receive the 802.11ac plug-in module that Cisco recently announced it will ship in early 2013

 

+ Two new high-end WLAN controllers: the 8500 Series is aimed at service providers deploying Wi-Fi networks as adjuncts to wired or cellular network access, or at very large enterprise WLANs. The one-rack unit can manage up to 6,000 access points and 64,000 clients.

 

+ The new controller firmware release now supports what Cisco calls sub-second state-full switchover to improve WLAN availability. In effect, it's a way to shift Wi-Fi clients so quickly to a backup controller that they maintain their application sessions even if their original controller blows up.

---Written by John Cox at networkworld.com

 

More Cisco Info and News Related to Wireless:

Wireless Network: How to Configure Wireless Security?

Cisco’s New Aironet Wireless Access Points Make Networks Faster and Steadier

Read more

Using the Ping Command In The Cisco IOS

August 10 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

The ping command is irreplaceable when it comes to troubleshooting. At some point, you will undoubtedly use this command to solve a networking problem. But how do you properly use this command in the Cisco IOS?

 

The Basics of Ping

The ping command works just like on those old submarine movies. You are on one network device and you “ping” another. When you do this, in your head think of the sound that you heard on those old submarine movies- “PPiiiiiiiiiiiing”. The sound would go out and, on the sonar operator’s-screen, he would or would not see the other submarine. This is exactly how the ping-command in networking, works. Your sonar screen is your Cisco router’s command prompt. Usage of the ping command can be as simple as this:

csc_ping_command_cisco_ios_01.jpg

As you can see in this example, I simply typed ping, and the IP address of the host I wanted to ping. In response, I got five exclamation points that told me that I sent 5 ping packets out, and they were all returned (a complete success).

 

In other words, a ping request is sent out to the remote device, and a ping response is received back, acknowledging the request. As ping uses the ICMP protocol, these packets are technically called ICMP echo request, and ICMP echo reply. ICMP is considered the management protocol for IP. ICMP uses the IP protocol but ICMP is not TCP, or UDP. ICMP does work at Layer 3.

Note that if the ping was not successful, you would have received one of the following (instead of an exclamation point): - “.” = network server timed out - “U” = destination unreachable - “Q” = source quench (destination too busy) - “M” = could not fragment - “?” = unknown packet type - “&” = packet lifetime exceeded Besides the five exclamation points, I was also told that I was sending “5, 100-byte ICMP echoes”. This means that I actually sent five “ping packets” of 100 bytes each. I was told that the timeout was 2 seconds. That means that if a response was not received within 2 seconds, ping would decide that the packet was not going to return at all. This is a safe assumption considering 2 seconds is 2000ms and I am getting pings back in about 36ms. Notice on the last line that the “Success rate is 100 percent”. That is because it says that I sent 5 pings and received 5 ping replies back (that is the “(5/5)”). I was told that the round-trip minimum time for a ping reply to return was 36ms, the average time (of all 5 pings) for a reply to return is 36ms, and the maximum time for a ping reply to return was 40ms. If you have DNS or a local hostname configured, you can use ping with names, like this:

csc_ping_command_cisco_ios_02.jpg

You should know that there are many more types of ICMP traffic other than that used for “pinging” (echo and echo-reply). ICMP is used to redirect hosts to the proper router, to inform hosts that they need to resize their packets, and many types of IP management communications. Each of these types of ICMP packets has a type number (and optionally, a code number). For example, an ICMP echo is type 8. An echo-reply is a type 0. A redirect to another router for an entire network is a type 5, code 0 (with there being possible codes of 0-3). Finally, you can abbreviate ping by only typing “p”. For example: Router# p 1.1.1.1

 

What Else Can I Do With Ping?

Now that you understand the basics, let’s look at an advanced version of ping. Cisco calls this “extended ping”. Extended ping will ask you many questions and “interactively” configure the options for ping. If you have never seen this before, you may be surprised at how many options the ping command can have. Here is an example:

csc_ping_command_cisco_ios_03.jpg

In typing ping, by itself, I was asked a list of questions. I have put a red arrow by each of the questions for which I typed a response. On other lines, I simply pressed Enter to take the default. In this example, I still ping-ed “Router3”. I stuck with the default of 5 ping packets (but could have changed it). I kept the default of a 100 byte ping packet but could have changed this to a ping packet as large as 18,024 bytes. Next, I chose to use the extended options, where I was able to choose the source interface of my ping packets. I also chose verbose output. With verbose output, I was able to see each reply to each ICMP echo that I sent, and the time it took for that reply to return to my router. One thing you may be surprised by, is the first question that asked what protocol you want to ping with. Yes, you can ping with protocols other than IP (such as Appletalk, DECnet, and IPX), but rarely are those protocols used anymore.

 

How Do I Allow Ping Through An IOS Access-list?

Because ICMP is not TCP or UDP, you must specify ICMP specifically when you create an access-list (ACL). Here is an example: access-list 101 permit icmp any any echo-reply In this ACL, we are permitting ICMP traffic from any source, and any destination, as long as it is a reply to an echo request. Many administrators enter the following ACL and expect ICMP to flow through it: access-list 101 permit ip any any This ACL does NOT allow ICMP traffic. To allow ICMP and IP, you need the following two entries in your ACL: access-list 101 permit ip any any access-list 101 permit icmp any any

 

In summary, the ping utility is invaluable when it comes to troubleshooting network issues. While just about everyone has “pinged” something at one point or another, most people don’t know that there is more to ping than the simple ping command. Extended ping on Cisco routers and switches is a very powerful troubleshooting utility. While the ping command does use the ICMP protocol, there is much more to ICMP than just “ping”. Finally, don’t forget to save yourself three keystrokes by abbreviating the ping command with “p”. Over the years, those keystrokes add up!

 

More Related Cisco Networking Tips:

Top Five Cisco IOS Commands Every Network Admin Should Know

How to Configure IPSEC Encryption with the Cisco IOS?

Configuring Local Username Database in Cisco IOS

Read more

Cisco Routers---Linksys EA4500 Review

July 16 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

It's not every day simple Wi-Fi routers make headlines by angering just about all of Internet but that is exactly what Cisco managed to do with its latest packet punting products.

 

Cisco introduced a new and innovative (yes, really) feature called Connect Cloud with its spruced-up home router range. That's a nebulous name but Connect Cloud lets you shift management of the router away from the device itself, to the web so that you can get to your home network from everywhere.linksys-ae4500.jpg

Also, Cisco made an app market for the routers so that developers could code useful programs that could take advantage of Connect Cloud. This is actually a pretty cool concept, although the apps are far and few between currently and mainly aimed paranoid people wanting to monitor and filter traffic.

 

However, the way Cisco launched Connect Cloud into this world is a case study in how not to do these things.

 

First, Cisco pushed out the service automatically as an update for the firmware that controls routers.

 

That is, Connect Cloud was installed on existing Cisco routers without anyone realising what had happened until they went to take a look at the management web page and discovered that instead of ending up at the box itself people were redirected to a site on the Internet.

 

In order to manage your router, you had to sign up at the Cisco Connect Cloud site. If you didn't, it was impossible to manage the router.

 

That's drastic enough, and should never happen without Cisco customers consenting to the change.

 

It gets worse though: if you signed up to the Connect Cloud service, the initial terms and conditions banned customers from using it "for obscene, pornographic, or offensive purposes" and also for infringing on "another's right, including but not limited to intellectual property rights".

 

The terms and conditions also said that Cisco would monitor the network traffic and Internet history of customers.

 

Adding insult to injury, Cisco threatened to disconnect users who didn't comply with the harsh terms with disconnection from the Connect Cloud service.

 

Long story short, the whole thing blew up spectacularly as enraged Cisco customers vented their fury online.

 

Cisco scrambled to repair the damage and has since removed some of the offending clauses, saying they were inserted by mistake. It remains to be seen if this is enough to restore the trust Cisco lost with customers, some of which are now installing alternative firmware on their routers.

 

Get off my cloud
The Connect Cloud furore happened before I received my review sample of the Cisco Linksys EA4500, the current range topping home Wi-Fi router from the US networking company, and I was wondering what I'd make of it.

Let's deal with the Connect Cloud feature first: I like the idea, but not Cisco's implementation of it.

Having remote access to your home network across the Internet and by using Android and iOS apps is a useful idea as it brings your network to the cloud in seamless fashion. 

Connect Cloud needs an active Internet connection for set up however as well as a computer and don't lose that set-up CD that comes with the EA4500. You can configure the EA4500 without it, but with Connect Cloud in the mix and separate passwords for that service and the router itself, it's a complicated process.

 

Also, Connect Cloud is hosted in the United States. Being that far away from New Zealand, the Connect Cloud interface is sluggish to use. The built-in speed test feature shows low results as it's also in the US and the whole Connect Cloud service is focused on Americans.

 

If like many people you put the EA4500 behind a DSL modem and set the router to Bridge mode to avoid having two separate networks that can't talk to each other, Connect Cloud gets confused and randomly thinks your Internet connection is down - in which case you have to log locally to the router instead, so don't lose the password for the EA4500.

 

Normally, I never have to spend this much time with the admin interface on a router, and Cisco really needs to rethink the Connect Cloud concept.

 

The EA4500 is otherwise a good looking little box that provides fast throughput for wireless in the 2.4GHz and 5GHz bands: I was able reach 70-75Mbps in the former band, and 120-130Mbps in the latter, good figures both.

 

A fast Gigabit Ethernet network switch with four LAN is also included, and a fifth Internet port is included too, which is entirely logical for the EA4500 that's aimed at streaming high-definition video and other large files.

 

But, Cisco: why is the USB port for hard drives (and printers) only a 2.0 variant and not a newer 3.0 one? I could squeeze 175Mbps out of the USB 2.0 port, but USB 3.0 is much faster and better suited for the EA4500 which has a built-in media and ftp server for file sharing.

 

I also encountered a bug that meant my upload speed halved if I used the Internet port on the EA4500 to connect to my VDSL2 router. Not using the Internet port sorted out the problem. The problem has been reported to Cisco and I'll update the review if and when it is sorted out.

 

The Cisco EA4500 is a premium Wi-Fi router that performs well enough, but needs some annoying foibles fixed. This includes Connect Cloud.

 

What's good
Nice design
Good performance
Full range of features

 

---Original review reading from nzherald.co.nz

More Cisco routers Reviews:

Cisco Debuts Linksys Smart Wi-Fi Routers-EA6500, the Linksys Universal Media Connector

Tutorial & Tips: How to Set Up a Cisco Linksys Router?

Read more

Cisco 870 Series Routers Migration General Look

July 9 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Integrated Services Routers for Small Offices, Teleworkers, Small Businesses...

This new family of integrated services routers supports delivery of secure data services over broadband connections including DSL, cable, and Metro Ethernet. Optional 802.11 WLANs, a four-port 10/100 Switch, and Power over Ethernet (PoE) external adapter make the Cisco 870 Series Integrated Services Routers ideal for small offices, teleworkers, and small businesses.

 

Top 10 Reasons to Migrate to CISCO 870 Series Routers

1. Increased performance for running concurrent services with broadband connections

2. Advanced security features, including Stateful Firewall, 3DES and AES IPsec encryption, antivirus through NAC, IPS

3. Four-port 10/100 MB managed LAN switch with DMZ ports

4. 802.11b/g WLAN option with external, replaceable antennas

5. External PoE adapter option for connecting IP phones or access points

6. Increased default and max memory architecture

7. 10/100 Mbps Ethernet WAN port on Cisco 871

8. Dual USB 2.0 ports (Cisco 871) for security tokens

9. ADSL 2+ and G.SHDSL four-wire support (on ADSL and G.SHDLS models)

10. Integrated ISDN BRI for dial backup on Cisco 876 and for out-of-band management on Cisco 876 and 878

 

Increased Performance and Expanded Features

INCREASED-PERFORMANCE-AND-EXPANDED-FEATURES.jpg

Migration Paths from Traditional Platforms

Models that bundle security features are designated with a “K9” in the model SKU

MIGRATION-PATHS-FROM-TRADITIONAL-PLATFORMS.jpg

 

More Cisco 870 Series Tips:

Cisco 871 Interfaces and Basic Configuration

Cisco 870 Series Integrated Services Routers

Cisco 800 Series Routers Help You Prepare for CCNA Exam & CISCO IOS

Read more

Full Reviews on Cisco RV180W Wireless-N Multifunction Router

June 8 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Quick Look at Cisco RV180W Wireless-N Multifunction Router

Pros: Easy to set up. Detailed management interface. IPv6 ready. Supports VLANs. Gigabit Ethernet.

Cons: Sluggish interface. Web filtering rules are too basic. Can't tell when VPN users are connected. Confusing VPN setup.Cisco-RV180-small-business-router.jpg

Bottom Line: The Cisco RV180W Wireless-N Multifunction Router offers security-conscious small businesses an all-in-one box to set up VPN access for remote employees, basic routing, wireless, and firewall. It's also future-proof, supporting IPv6 by default.

 

The Cisco RV180W Wireless-N Multifunction Router ($246 MSRP) makes it easy to set up a firewall, a VPN server, a router, and a wireless network with a single, compact box. The company also offers the RV180 ($182), with all the same features minus the wireless network. The RV180W addresses a lot of the things that were missing in the Cisco RV110W Wireless-N VPN Firewall, such as increasing the number of VPN users supported and adding Gigabit Ethernet ports.

 

The RV180W aims to offer security, remote access and simple configuration. Even though Cisco is marketing this dual-band wireless router as a small business product, it is comparable to some of the higher-end consumer routers tested recently, such as theNetgear N900 Wireless Dual Band Gigabit Router WNDR4500 and AirStation Nfiniti High PowerGiga Wireless-N Router & Access Point from Buffalo Technology. Pricewise, the RV180W is comparable to Netgear's N900, although it has more features in common with Buffalo's AirStation line of routers.

 

Hardware Specifications
The Cisco RV180W has one WAN port for Internet connectivity and four Gigabit LAN ports in the back. There are two external antennas on the back for wireless networking. Square and compact, it measures 1.18” x 5.91” x 5.91” (HWD) and weighs a mere 0.61 lbs.

 

The glossy front panel has indicator lights for power, wireless activity, Internet connectivity, and for each of the four LAN ports. The front panel also has an AP indicator that lights up steady green when the router is being used as an access point. The Bridge indicator is green when it is acting as a bridge.

 

The back panel has a power button, a reset button to reboot the router or to restore factory settings, and a port to plug in the AC power cable. Unlike the previous RV110W, the four LAN ports on the back of the RV180W support Gigabit Ethernet. While Gigabit Ethernet is not yet a must-have on most business routers, the increasing number of applications, file-sharing, and video streaming within the office make it a should-have.

 

Features
Like the earlier RV110W, the R180W would be attractive to many businesses because of its built-in VPN server. Considering how expensive and time-consuming it can be to deploy a VPN server for remote workers to connect and access office printers, databases, and applications, a router with built-in VPN is a bargain. The RV180W supports both the widely-supported PPTP and QuickVPN protocols and allows up to 10 VPN connections at time. This is an improvement over the RV110W, which supported only five users at a time.

 

Cisco upgraded the RV180W to broadcast on both the 2.4 GHz and 5 GHz-band and included WDS bridging/repeating and WEP/WPA/WPA2 consumer and Enterprise wireless security. The router can also be configured to broadcast on four VLAN-based SSIDs. Businesses would appreciate the various options available for setting up the wireless network.

 

The well-organized Web interface is chock-full of firewall and routing options, including port forwarding, firewall access rules, quality of service, and creating VPN user accounts.

 

The RV180W supports IPv6 out of the box, making it a sound investment for any business planning to upgrade their networks to adopt the newer Internet address standard down the road. Businesses should pay careful attention to make sure new equipment have IPv6 support, or the eventual transition is going to be really painful.

 

Cisco Quick Start
Setting up the RV180W was a snap, as I followed the enclosed printed Quick Start Guide to connect the router to the computer and to the network. When I opened up the Web interface with the default IP address and login credentials, the Setup Wizard launched automatically. The entire process took less than 10 minutes, and included setting up security on the wireless network, changing the password for the default account, configuring the router's WAN gateway settings, and testing to make sure I had Internet connectivity. Plenty of on-screen tips and explanations were available at every step.


I also had the option to configure the router to broadcast a different MAC address. Many ISPs secure customer connections by locking the IP address to a specific hardware MAC address to prevent someone from swapping routers or firewalls without the administrator's knowledge. The RV180W can broadcast the MAC address of the computer being used to run the Setup Wizard, or an entirely different address (such as the previous router being replaced).


I appreciated the Setup Wizard's focus on security. The interface warned me when I selected a password that wasn't strong enough and defaulted to a secure wireless setup by default. When I tried to set up an open wireless network, the wizard displayed several warnings.

 

More Related Topic:

Cisco RV180W Wireless-N Multifunction VPN Router Data Sheet

Review on Cisco RV110W Wireless-N VPN Firewall

Read more

Full Reviews on Cisco RV180W Wireless-N Multifunction Router

May 28 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Pros: Easy to set up. Detailed management interface. IPv6 ready. Supports VLANs. Gigabit Ethernet.

Cons: Sluggish interface. Web filtering rules are too basic. Can't tell when VPN users are connected. Confusing VPN setup.

Bottom Line: The Cisco RV180W Wireless-N Multifunction Router offers security-conscious small businesses an all-in-one box to set up VPN access for remote employees, basic routing, wireless, and firewall. It's also future-proof, supporting IPv6 by default.

Cisco-RV180W.jpg

The Cisco RV180W Wireless-N Multifunction Router ($246 MSRP) makes it easy to set up a firewall, a VPN server, a router, and a wireless network with a single, compact box. The company also offers the RV180 ($182), with all the same features minus the wireless network. The RV180W addresses a lot of the things that were missing in the Cisco RV110W Wireless-N VPN Firewall, such as increasing the number of VPN users supported and adding Gigabit Ethernet ports.

The RV180W aims to offer security, remote access and simple configuration. Even though Cisco is marketing this dual-band wireless router as a small business product, it is comparable to some of the higher-end consumer routers tested recently, such as theNetgear N900 Wireless Dual Band Gigabit Router WNDR4500 and AirStation Nfiniti High PowerGiga Wireless-N Router & Access Point from Buffalo Technology. Pricewise, the RV180W is comparable to Netgear's N900, although it has more features in common with Buffalo's AirStation line of routers.

Hardware Specifications
The Cisco RV180W has one WAN port for Internet connectivity and four Gigabit LAN ports in the back. There are two external antennas on the back for wireless networking. Square and compact, it measures 1.18” x 5.91” x 5.91” (HWD) and weighs a mere 0.61 lbs.

The glossy front panel has indicator lights for power, wireless activity, Internet connectivity, and for each of the four LAN ports. The front panel also has an AP indicator that lights up steady green when the router is being used as an access point. The Bridge indicator is green when it is acting as a bridge.

The back panel has a power button, a reset button to reboot the router or to restore factory settings, and a port to plug in the AC power cable. Unlike the previous RV110W, the four LAN ports on the back of the RV180W support Gigabit Ethernet. While Gigabit Ethernet is not yet a must-have on most business routers, the increasing number of applications, file-sharing, and video streaming within the office make it a should-have.

Features
Like the earlier RV110W, the R180W would be attractive to many businesses because of its built-in VPN server. Considering how expensive and time-consuming it can be to deploy a VPN server for remote workers to connect and access office printers, databases, and applications, a router with built-in VPN is a bargain. The RV180W supports both the widely-supported PPTP and QuickVPN protocols and allows up to 10 VPN connections at time. This is an improvement over the RV110W, which supported only five users at a time.

Cisco upgraded the RV180W to broadcast on both the 2.4 GHz and 5 GHz-band and included WDS bridging/repeating and WEP/WPA/WPA2 consumer and Enterprise wireless security. The router can also be configured to broadcast on four VLAN-based SSIDs. Businesses would appreciate the various options available for setting up the wireless network.

The well-organized Web interface is chock-full of firewall and routing options, including port forwarding, firewall access rules, quality of service, and creating VPN user accounts.

The RV180W supports IPv6 out of the box, making it a sound investment for any business planning to upgrade their networks to adopt the newer Internet address standard down the road. Businesses should pay careful attention to make sure new equipment have IPv6 support, or the eventual transition is going to be really painful.

Cisco Quick Start
Setting up the RV180W was a snap, as I followed the enclosed printed Quick Start Guide to connect the router to the computer and to the network. When I opened up the Web interface with the default IP address and login credentials, the Setup Wizard launched automatically. The entire process took less than 10 minutes, and included setting up security on the wireless network, changing the password for the default account, configuring the router's WAN gateway settings, and testing to make sure I had Internet connectivity. Plenty of on-screen tips and explanations were available at every step.

I also had the option to configure the router to broadcast a different MAC address. Many ISPs secure customer connections by locking the IP address to a specific hardware MAC address to prevent someone from swapping routers or firewalls without the administrator's knowledge. The RV180W can broadcast the MAC address of the computer being used to run the Setup Wizard, or an entirely different address (such as the previous router being replaced).

I appreciated the Setup Wizard's focus on security. The interface warned me when I selected a password that wasn't strong enough and defaulted to a secure wireless setup by default. When I tried to set up an open wireless network, the wizard displayed several warnings.

More Related Topic:

Cisco RV180W Wireless-N Multifunction VPN Router Data Sheet

Review on Cisco RV110W Wireless-N VPN Firewall


Read more

How to Set Up Cisco Router Passwords?

May 18 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Passwords are absolutely the best defense against would-be hackers. Leaving no passwords on a Cisco router can cause major problems. Keep in mind that using passwords is just the first line of defense, and you should have other security features on your network as well.
How-to-Set-Up-Cisco-Router-Passwords.jpg
Cisco has some defense against would-be hackers built into its router Internetworking Operating System (IOS). For example, it is impossible to Telnet into a Cisco router unless an administrator configures the router with a Telnet password or uses the No Login command, which allows users to Telnet into a router with no password. Either way, something has to be configured for Telnet to work. Also, you cannot enter privileged mode (which is the IOS EXEC mode that allows you to view or change the configuration on a router) from Telnet unless an Enable password is set. These are very basic features of Cisco routers and allow only some security.

Here, I will focus on the five basic Cisco router passwords you can use to protect your network. However, first you must know the difference between user mode and privileged mode. Both of these modes are called EXEC mode, and a prompt is used to tell you which mode you are in.

User mode CLI
The user mode EXEC command-line interface (CLI) is sometimes referred to as “useless mode” because it doesn’t do a whole lot. User mode lets you view interface statistics and is typically used by junior administrators to gather facts for the senior staff. You don’t want highly paid people sitting around gathering basic network statistics when a junior administrator can be adequately trained to document this information. To get into user mode, you can connect in one of three ways:

  • Console: An RJ-45 connection on all Cisco routers allows full access to the router if no passwords are set.
  • Aux: An RJ-45 connection on most routers allows you to connect a modem to the port, dial in to the router, and make a console connection.
  • VTY: Virtual Teletype is used to allow a Telnet connection to the router, which will then work like a console port. You must have an active interface on the router for Telnet to connect to the router.


The most important thing to understand about the three connection modes is that they get you into user mode only. To view and change the configuration, you need to be in privileged mode.

Privileged mode CLI
The privileged EXEC mode allows full access to a Cisco router by default, and the configuration can be both viewed and changed in this EXEC mode. You can enter privileged mode by first entering user mode and then typing the command enable.

It is important to remember that to change the router configuration, you must be in privileged EXEC mode. The console, aux, and VTY ports are used to get into user mode only and have nothing to do with how the router is configured.

Here is an example of how to get into privileged mode on a Cisco router through the console port:
Line con 0 now ready, press return to continue

At this point, you press Enter. Next, you will see:
Enter password:

This prompt is asking for the console user-mode password. Then, you will see:
Router>enable
Router#


The prompt at user mode is the greater-than sign (>). When you are in privileged mode, the prompt changes to a pound sign (#).

Global configuration mode
Once you are in privileged mode, you enter global configuration mode to change the configuration. You make changes by typing the command configure terminal. However, I prefer to type the shortcut command config t. This allows you to change the running-config, a file that is in DRAM and is the configuration the router is using. You can save the running-config to what is called Non-Violate RAM (NVRAM). The file that is copied into NVRAM is called startup-config and is the configuration that is copied to RAM when the router is rebooted or powered up.

Once you type configure terminalfrom privileged mode, your prompt changes to the following:
Router#configure terminal
Router(config)#


This prompt tells you that you are in global configuration mode. From here, you can make changes to the router that affect the router in whole, hence the name global configuration mode. For example, this is the location where you set the router passwords.

If you want to change the configuration of an interface, you would have to enter interface configuration mode from global configuration mode. Here is an example:
Router#configure terminal
Router(config)#interface fastethernet 0/0
Router(config-if)#


Notice the prompt is Router(config-if)#, which tells you that you are in interface configuration mode. From here, you can enable or disable the interface, add IP and IPX addresses, and more.

The five passwords
Now that you understand the difference between user mode, privileged mode, and global and interface configuration modes, you can now set the passwords for each level.

Here are the five passwords you can set on a Cisco router:

  • Console
  • Aux
  • VTY
  • Enable password
  • Enable Secret


We will discuss each of these passwords and how to configure them in the following sections.
Console
This is the basic connection into every router. To initially set up a router, you need to connect to the console port and at a minimum enable one interface and set the VTY password. After one interface is enabled and the VTY lines are configured, an administrator can then Telnet into the router and do the final configurations from that connection. However, the console port can be used to configure the complete configuration at any time. This makes it very important to protect the console port with a password.

To configure a console user-mode password, use the Line command from global configuration mode. There is only one console port on all routers, so the command is
line console 0

Here is an example:
Router#config t
Router(config)#line console 0
Router(config-line)#


Notice the prompt changed to Router(config-line)#. This prompt tells you that you are configuring the console, aux, or VTY lines.

To finish configuring the console port, you can use two more commands:

  • Login:This tells the router to look under the console line configuration for the password. If you do not use this command, you will not be prompted for a password when you connect to the router’s console port.
  • Password: This sets the console user-mode password. It is case sensitive.


The complete command will look like this:
Router#config t
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password todd


Aux
On some routers, aux is called the auxiliary port, and on some it is called the aux port. To find the complete command-line name on your router, use a question mark with the Line command as shown:
Router(config)#line ?
< 0-4> First Line Number
aux           Auxiliary line
console       Primary terminal line
vty           Virtual terminal


At this point, you can choose the correct command you need. Here is an example of setting the aux port on a Cisco router to prompt for a user-mode password with a console cable connected (this port can be used with or without a modem):
Router#config t
Router(config)#line aux 0
Router(config-line)#login
Router(config-line)#password cisco


VTY (Telnet)
The Virtual Teletype (VTY) lines are used to configure Telnet access to a Cisco router. As I mentioned earlier, the VTY lines must be configured for Telnet to be successful.

Here is an example of an administrator’s attempt to Telnet to a router that does not have the VTY lines configured:
Password not set, connection refused

This is the default on every Cisco router.

To configure the VTY lines, you must use the question mark with the command
line 0

to determine the number of lines available on your router. The number varies with the type of router and the IOS version. However, five is the most common number of lines.
Router#config t
Router(config)#line vty 0 ?
<0-4>  Last Line Number
<cr>
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password cisco


Notice that you choose all the lines available for the most efficient configuration. You can set each line individually, but because you cannot choose the line you enter the router with when you Telnet, this can cause problems.

You can tell the router to allow Telnet connections without a password by using the No Login command:
Router(config)#line vty 0 4
Router(config-line)#no login


Enable password
The Enable password is used to allow security on a Cisco router when an administrator is trying to go from user mode to privileged mode. The Enable password is an old, unencrypted password that will prompt for a password when used from privileged mode. You set the Enable password from global configuration EXEC mode and use the command
enable password password

Here is an example:
Router#config t
Router(config)#enable password lammle
Router(config)#exit
Router#disable (the disable command takes you from privilege mode back to user mode)
Router>enable
Enter password:


Enable Secret
The Enable Secret password accomplishes the same thing as Enable. However, it is encrypted by default and supercedes Enable if it is set. In other words, if you set the Enable password and then set the Enable Secret password, the Enable password will never be used.

You set the Enable Secret password from global configuration mode by using the command:
enable secret password

Here’s an example:
Router#config t
Router(config)#enable secret san jose


Encrypting your passwords
The Line command passwords (console, aux, and VTY) are not encrypted by default and can be seen by going into privileged EXEC mode and typing the command
show running-config

This displays the complete configuration that the router is running, including all the passwords. Remember that the Enable Secret password is encrypted by default, but the other four are not. To encrypt your passwords, use the global configuration command
service password-encryption

Here is an example of how to perform manual password encryption (as well as an example of how to set all five passwords):
Router#config t
Router(config)#service password-encryption
Router(config)#enable password todd
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password todd
Router(config-line)#line con 0
Router(config-line)#login
Router(config-line)#password cisco
Router(config-line)#line aux 0
Router(config-line)#login
Router(config-line)#password sanjose
Router(config-line)#exit
Router(config)#no service password-encryption
Router(config)#enable secret lammle
Router(config)#^Z


All of the passwords can be the same except the Enable and the Enable Secret passwords. You should make them different for security reasons, however.

Conclusion
It is extremely important to set your passwords on every Cisco router your company has. If you are studying for your Cisco certification exams, be sure you understand the passwords and how to set them. Remember the difference between the Enable Secret and the Enable password and that the Enable Secret password supercedes the Enable password if it’s set.

The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

---Original tutorial from:techrepublic.com

 

More Related Cisco Router Password Setup

Cisco Router Auxiliary, Console and Telnet Passwords Setup

Read more

How to Adjust the DHCP Setting on Your Router?

March 14 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

DHCP stands for Dynamic Host Configuration Protocol, and is used by routers connected to a network to automatically assign IP addresses to all of the computers on that network. The assigned addresses are kept in a central database. Using DHCP prevents two machines from receiving the same IP address, and prevents network administrators from having to assign addresses manually. Most routers have an option to turn DHCP on or off.

Cisco-routers.jpg

 

Instructions to Adjust the DHCP Setting on Your Router/Cisco router

1. Open a Web browser on a computer connected to the network.

2. Navigate to your router's homepage. This differs for different routers, so refer to your owner's manual for the address. Common router addresses are 192.168.227.1, 192.168.1.1 and 192.168.0.1. The address most likely begins with 192.168.

3. Log in to your router as an administrator to make changes. Again, the login settings will vary according to your router manufacturer, so refer to your owner's manual. Common logins include admin/admin, admin/(blank), and (blank)/(blank).

4. Navigate to the "LAN Settings" of your router.

5. Check either the "Enable DHCP" or "Disable DHCP" radio button. If you enable the DHCP settings, you can choose a starting and an ending IP address for all of the computers on the network. This is not necessary, however, as the router's default settings are normally all you need.

6. Click "Apply/Save changes" and log out of the router. You may have to restart the router to apply the changes.

 

Tips & Warnings

If you are not sure whether or not to enable DHCP, it is best to use the router's default settings. Improper DHCP settings can make your network unstable or inoperative.


More Info: DHCP & DHCP Operation

 

Read more

Cisco's First Generation ISR Routers, Familiar to Cisco Users

March 1 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Cisco's original Integrated Services Routers, with more than 6M products in operation, are the industry's most popular solution for small to medium-sized businesses and enterprises with branch offices to achieve high-performance, secure, and reliable access to strategic applications. Progent's CCIE network engineers are proven experts at providing online design, management, and problem solving services for Cisco 1800, 2800, and 3800 family ISR routers. Progent can assist your company to move up to the latest release of Cisco IOS Software with minimal disruption to your network, assess the security vulnerability of your existing router configuration, and assist you to migrate efficiently to the latest releases of Cisco ISR Generation 2 routers when it makes competitive sense for your company.

 

Cisco 1800 Integrated Services RoutersCisco-1800-Integrated-Services-Routers.jpg

The modular Cisco 1800 family of routers incorporate data and protection within one resilient system for high-speed, scalable connectivity with strategic business programs. The Cisco 1800 Series router design has been specifically engineered to satisfy the requirements of small-to-medium-sized businesses (SMBs), branch offices, and ISP-managed services environments for delivery of simultaneous services at high speed. The integrated secure systems design of the Cisco 1800 Series routers offers optimum flexibility and fast ROI.

 

The Cisco 1841 router offers important benefits compared to older generations of Cisco 1700 Series devices by bringing more than a 5x performance increase and built-in hardware-based encryption enabled by an available Cisco IOS Software protection image. The Cisco 1841 router dramatically increases plug-in card slot performance as well as capacity over the 1700 Series routers while providing compatibility with over 30 available WAN interface cards (WICs) and multiflex trunk cards (VWICs-for data only). The Cisco 1841 device provides further enhancement of Virtual Private Network speed with an optional Virtual Private Network acceleration module; an intrusion prevention system (IPS) and firewall capabilities; support for a broad range of interface needs, such as support for optional switch ports; and sufficient performance and slot capacity for future network expansion and advanced applications.

 

Cisco-2800-Series-Routers.jpgCisco 2800 Series Routers

Targeted at small to medium-sized businesses (SMBs) and corporate branch offices, Cisco's 2800 Series comprises several basic versions: the 2801, the 2811, the Cisco 2821, and the 2851. Cisco's 2800 Series routers offer substantial added value compared to prior generations of Cisco devices at comparable prices by offering as much as a fivefold throughput improvement, up to a tenfold increase in protection and voice performance, built-in service features, and radically enhanced slot speed and capacity while maintaining compatibility with the vast majority of the almost 100 popular expansion modules available currently for the 1700, the Cisco 2600 Series, and the Cisco 3700 routers.

 

Cisco's 2800 Series router provides a range of common protection functions such as a Cisco IOS Software Firewall, intrusion prevention, IP security VPN, Secure Sockets Layer (SSL) VPN, advanced application inspection and control, Secure Shell (SSH) Protocol V 2.0, and SNMPv3 in a single protected solution. Also, by incorporating security functions within the router, Cisco can enable unique intelligent protection functions other security appliances cannot, such as network admissions control (NAC) for virus protection; Voice and Video Enabled VPN for QoS enforcement when mixing voice, video, and Virtual Private Networks; Dynamic Multipoint VPN (DMVPN); Group Encrypted Transport; and Easy VPN for enabling more expandable and easier to manage VPN environments.

 

Businesses can utilize the 2800 Series to deploy an integrated IP telephony solution for up to 96 IP phones, and can securely combine data, voice, and IP telephony on a single router for their small-to-medium sized satellite offices.

 

The Cisco 2800 Series router incorporates an integrated access point for wireless LAN access, Wi-Fi Hotspot services for shared public wireless LANs, and network services for cordless wireless LAN telephony and for larger locations.

 

Cisco 3800 Series ISR RoutersCisco-3800-series-router.jpg

Cisco 3800 Series routers are engineered for small and midsize businesses (SMBs) and enterprise branch locations to offer businesses the highest degree of network agility, performance, and functionality. The Cisco 3800 Series integrated services routers smoothly integrate advanced network engineering, smart services, and protected corporate communications into one resilient system. The Cisco 3800 Series routers ease deployment and management, lower network cost and complexity, and provide investment protection. The Cisco 3800 Series integrated services routers feature embedded security processing, fast throughput and high memory capacity, and high-capacity interfaces that deliver the speed, resilience, and reliability required for scaling business-critical protection, IP telephony, high-volume video, system analysis, and web-based applications in the most demanding corporate environments. Built for speed, the 3800 Series integrated services routers provide multiple simultaneous services as fast as wired T3/E3 rates.

 

The integrated services routing technology of the 3800 Series router is built to integrate protection and voice handling with the latest wired and wireless services for rapid installation of new applications, including application layer functions, intelligent network services, and converged communications. The 3800 integrated services router supports the bandwidth demands of several Fast Ethernet interfaces for every slot, time-division multiplexing (TDM) connections, and integrated power sourcing to expansion modules compatible with 802.3af Power over Ethernet, while still supporting the traditional portfolio of interfaces. This ensures ongoing return on investment by allowing network expansion or accommodating changes in technology as the latest services are added. By integrating the capabilities of several separate appliances into one compact unit, the 3800 router significantly lowers the cost and complexity of administering remote networks. 

 

More Notes: Cisco Integrated Services G2 Routers, Innovation Engine for Borderless Networks

Read more

What are Ethernet and Ethernet Switches?

February 14 2012 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Ethernet is the most common LAN (Local Area Network) technology in use today. Xerox developed Ethernet in the 1970s, and became popular after Digital Equipment Corporation and Intel joined Xerox in developing the Ethernet standard in 1980. Ethernet was officially accepted as IEEE standard 802.3 in 1985. The original Xerox Ethernet operated at 3Mbps. Ethernet networks up to 10Gbps now exist.

Erternet Switches

 

Ethernet Cabling

The first Ethernet standard, 10Base-5, ran over thick coaxial cable. A later standard, Ethernet 10Base-2, ran over a much thinner coaxial cable. These two versions of Ethernet were colloquially known as thicknet and thinnet.

 

Modern Ethernet standards run on UTP (Unshielded Twisted Pair) or fiber-optic cabling.

Ethernet Standard

Cable Specification

10Base-T

Category 3 UTP

100Base-TX

Category 5 UTP

1000Base-T

Cat 5e UTP

1000Base-SX

Optical Fiber

 

Ethernet Topologies

Ethernet 10Base-5 and 10Base-2 used a bus topology. Bus topologies were difficult to maintain and troubleshoot.

Modern Ethernet networks use a star topology with an Ethernet hub, switch, or router at the center of the star.

It is still possible to create a two-node Ethernet network in a bus topology using a null-Ethernet cable between the two devices.

 

Ethernet DTE and DCE

All nodes on an Ethernet network are either DTE (Data Terminal Equipment) or DCE (Data Communications Equipment).

Ethernet DTE are devices such as computers and printers that are trying to communicate on the Ethernet network.

Ethernet DCE are devices such as switches and routers that are trying to help other devices communicate on the Ethernet network.

 

Ethernet CSMA/CD

Like any network, Ethernet must have an algorithm for determining when each network node is allowed to communicate.

In Ethernet, this algorithm is known as CSMA/CD (Carrier Sense Multiple Access / Collision Detection).

CSMA/CD has proven to be a very capable, if highly anarchistic, algorithm.

 

Ethernet Switch

A switch is something that is used to turn various electronic devices on or off. However, in computer networking, a switch is used to connect multiple computers with each other. Since it is an external device it becomes part of the hardware peripherals used in the operation of a computer system. This connection is done within an existing Local Area network (LAN) only and is identical to an Ethernet hub in terms of appearance except with more intelligence. These switches not only receive data packets, but also have the ability to inspect them before passing them on to the next computer. That is, they can figure out the source, the contents of the data, and identify the destination as well. As a result of this uniqueness, it sends the data to the relevant connected system only, thereby using less bandwidth at high performance rates.

 

More Ethernet and Ethernet Switches Tips: Ethernet & Ethernet Switch

 

 

Ethernet Switches and Crossover Cables

The wires in a crossover cable are “crossed” so that output signals from the transmitting device are properly sent as input signals to the receiving end. An Ethernet switch can be thought of as a device that makes temporary crossover cable connections between computers that want to communicate. Just like crossover cables, switches do not suffer from collision problems.

 

However, it should be noted that the actual cables used are “straight through.” The crossover function is done inside of the switch.

 

Since separate wires are used for sending and receiving, switches support operation in full duplex mode. This mode allows devices to send and receive data at the same time.

 

Advantages over Hubs

As mentioned above, switches are intelligent devices that can read the data packets that pass through them. By storing each host’s MAC address and its corresponding port in a table, switches ensure that bandwidth is not wasted by intelligently directing traffic. Hubs are dumb devices that do not do any processing.

 

Unlike hubs, switches are modern, fast, and support full duplex operation. In short, they are much better. 

 

Read more
<< < 1 2 3 4 5 6 7 8 9 > >>