Posts with #cisco routers tag
Pros: Easy to set up. Detailed management interface. IPv6 ready. Supports VLANs. Gigabit Ethernet.
Cons: Sluggish interface. Web filtering rules are too basic. Can't tell when VPN users are connected. Confusing VPN setup.
Bottom Line: The Cisco RV180W Wireless-N Multifunction Router offers security-conscious small businesses an all-in-one box to set up VPN access for remote employees, basic routing, wireless, and firewall. It's also future-proof, supporting IPv6 by default.
The Cisco RV180W Wireless-N Multifunction Router ($246 MSRP) makes it easy to set up a firewall, a VPN server, a router, and a wireless network with a single, compact box. The company also offers the RV180 ($182), with all the same features minus the wireless network. The RV180W addresses a lot of the things that were missing in the Cisco RV110W Wireless-N VPN Firewall, such as increasing the number of VPN users supported and adding Gigabit Ethernet ports.
The RV180W aims to offer security, remote access and simple configuration. Even though Cisco is marketing this dual-band wireless router as a small business product, it is comparable to some of the higher-end consumer routers tested recently, such as theNetgear N900 Wireless Dual Band Gigabit Router WNDR4500 and AirStation Nfiniti High PowerGiga Wireless-N Router & Access Point from Buffalo Technology. Pricewise, the RV180W is comparable to Netgear's N900, although it has more features in common with Buffalo's AirStation line of routers.
The Cisco RV180W has one WAN port for Internet connectivity and four Gigabit LAN ports in the back. There are two external antennas on the back for wireless networking. Square and compact, it measures 1.18” x 5.91” x 5.91” (HWD) and weighs a mere 0.61 lbs.
The glossy front panel has indicator lights for power, wireless activity, Internet connectivity, and for each of the four LAN ports. The front panel also has an AP indicator that lights up steady green when the router is being used as an access point. The Bridge indicator is green when it is acting as a bridge.
The back panel has a power button, a reset button to reboot the router or to restore factory settings, and a port to plug in the AC power cable. Unlike the previous RV110W, the four LAN ports on the back of the RV180W support Gigabit Ethernet. While Gigabit Ethernet is not yet a must-have on most business routers, the increasing number of applications, file-sharing, and video streaming within the office make it a should-have.
Like the earlier RV110W, the R180W would be attractive to many businesses because of its built-in VPN server. Considering how expensive and time-consuming it can be to deploy a VPN server for remote workers to connect and access office printers, databases, and applications, a router with built-in VPN is a bargain. The RV180W supports both the widely-supported PPTP and QuickVPN protocols and allows up to 10 VPN connections at time. This is an improvement over the RV110W, which supported only five users at a time.
Cisco upgraded the RV180W to broadcast on both the 2.4 GHz and 5 GHz-band and included WDS bridging/repeating and WEP/WPA/WPA2 consumer and Enterprise wireless security. The router can also be configured to broadcast on four VLAN-based SSIDs. Businesses would appreciate the various options available for setting up the wireless network.
The well-organized Web interface is chock-full of firewall and routing options, including port forwarding, firewall access rules, quality of service, and creating VPN user accounts.
The RV180W supports IPv6 out of the box, making it a sound investment for any business planning to upgrade their networks to adopt the newer Internet address standard down the road. Businesses should pay careful attention to make sure new equipment have IPv6 support, or the eventual transition is going to be really painful.
Cisco Quick Start
Setting up the RV180W was a snap, as I followed the enclosed printed Quick Start Guide to connect the router to the computer and to the network. When I opened up the Web interface with the default IP address and login credentials, the Setup Wizard launched automatically. The entire process took less than 10 minutes, and included setting up security on the wireless network, changing the password for the default account, configuring the router's WAN gateway settings, and testing to make sure I had Internet connectivity. Plenty of on-screen tips and explanations were available at every step.
I also had the option to configure the router to broadcast a different MAC address. Many ISPs secure customer connections by locking the IP address to a specific hardware MAC address to prevent someone from swapping routers or firewalls without the administrator's knowledge. The RV180W can broadcast the MAC address of the computer being used to run the Setup Wizard, or an entirely different address (such as the previous router being replaced).
I appreciated the Setup Wizard's focus on security. The interface warned me when I selected a password that wasn't strong enough and defaulted to a secure wireless setup by default. When I tried to set up an open wireless network, the wizard displayed several warnings.
More Related Topic:
Passwords are absolutely the best defense against would-be hackers. Leaving no passwords on a Cisco router can cause major problems. Keep in mind that using passwords is just the first line of defense, and you should have other security features on your network as well.
Cisco has some defense against would-be hackers built into its router Internetworking Operating System (IOS). For example, it is impossible to Telnet into a Cisco router unless an administrator configures the router with a Telnet password or uses the No Login command, which allows users to Telnet into a router with no password. Either way, something has to be configured for Telnet to work. Also, you cannot enter privileged mode (which is the IOS EXEC mode that allows you to view or change the configuration on a router) from Telnet unless an Enable password is set. These are very basic features of Cisco routers and allow only some security.
Here, I will focus on the five basic Cisco router passwords you can use to protect your network. However, first you must know the difference between user mode and privileged mode. Both of these modes are called EXEC mode, and a prompt is used to tell you which mode you are in.
User mode CLI
The user mode EXEC command-line interface (CLI) is sometimes referred to as “useless mode” because it doesn’t do a whole lot. User mode lets you view interface statistics and is typically used by junior administrators to gather facts for the senior staff. You don’t want highly paid people sitting around gathering basic network statistics when a junior administrator can be adequately trained to document this information. To get into user mode, you can connect in one of three ways:
- Console: An RJ-45 connection on all Cisco routers allows full access to the router if no passwords are set.
- Aux: An RJ-45 connection on most routers allows you to connect a modem to the port, dial in to the router, and make a console connection.
- VTY: Virtual Teletype is used to allow a Telnet connection to the router, which will then work like a console port. You must have an active interface on the router for Telnet to connect to the router.
The most important thing to understand about the three connection modes is that they get you into user mode only. To view and change the configuration, you need to be in privileged mode.
Privileged mode CLI
The privileged EXEC mode allows full access to a Cisco router by default, and the configuration can be both viewed and changed in this EXEC mode. You can enter privileged mode by first entering user mode and then typing the command enable.
It is important to remember that to change the router configuration, you must be in privileged EXEC mode. The console, aux, and VTY ports are used to get into user mode only and have nothing to do with how the router is configured.
Here is an example of how to get into privileged mode on a Cisco router through the console port:
Line con 0 now ready, press return to continue
At this point, you press Enter. Next, you will see:
This prompt is asking for the console user-mode password. Then, you will see:
The prompt at user mode is the greater-than sign (>). When you are in privileged mode, the prompt changes to a pound sign (#).
Global configuration mode
Once you are in privileged mode, you enter global configuration mode to change the configuration. You make changes by typing the command configure terminal. However, I prefer to type the shortcut command config t. This allows you to change the running-config, a file that is in DRAM and is the configuration the router is using. You can save the running-config to what is called Non-Violate RAM (NVRAM). The file that is copied into NVRAM is called startup-config and is the configuration that is copied to RAM when the router is rebooted or powered up.
Once you type configure terminalfrom privileged mode, your prompt changes to the following:
This prompt tells you that you are in global configuration mode. From here, you can make changes to the router that affect the router in whole, hence the name global configuration mode. For example, this is the location where you set the router passwords.
If you want to change the configuration of an interface, you would have to enter interface configuration mode from global configuration mode. Here is an example:
Router(config)#interface fastethernet 0/0
Notice the prompt is Router(config-if)#, which tells you that you are in interface configuration mode. From here, you can enable or disable the interface, add IP and IPX addresses, and more.
The five passwords
Now that you understand the difference between user mode, privileged mode, and global and interface configuration modes, you can now set the passwords for each level.
Here are the five passwords you can set on a Cisco router:
- Enable password
- Enable Secret
We will discuss each of these passwords and how to configure them in the following sections.
This is the basic connection into every router. To initially set up a router, you need to connect to the console port and at a minimum enable one interface and set the VTY password. After one interface is enabled and the VTY lines are configured, an administrator can then Telnet into the router and do the final configurations from that connection. However, the console port can be used to configure the complete configuration at any time. This makes it very important to protect the console port with a password.
To configure a console user-mode password, use the Line command from global configuration mode. There is only one console port on all routers, so the command is
line console 0
Here is an example:
Router(config)#line console 0
Notice the prompt changed to Router(config-line)#. This prompt tells you that you are configuring the console, aux, or VTY lines.
To finish configuring the console port, you can use two more commands:
- Login:This tells the router to look under the console line configuration for the password. If you do not use this command, you will not be prompted for a password when you connect to the router’s console port.
- Password: This sets the console user-mode password. It is case sensitive.
The complete command will look like this:
Router(config)#line console 0
On some routers, aux is called the auxiliary port, and on some it is called the aux port. To find the complete command-line name on your router, use a question mark with the Line command as shown:
< 0-4> First Line Number
aux Auxiliary line
console Primary terminal line
vty Virtual terminal
At this point, you can choose the correct command you need. Here is an example of setting the aux port on a Cisco router to prompt for a user-mode password with a console cable connected (this port can be used with or without a modem):
Router(config)#line aux 0
The Virtual Teletype (VTY) lines are used to configure Telnet access to a Cisco router. As I mentioned earlier, the VTY lines must be configured for Telnet to be successful.
Here is an example of an administrator’s attempt to Telnet to a router that does not have the VTY lines configured:
Password not set, connection refused
This is the default on every Cisco router.
To configure the VTY lines, you must use the question mark with the command
to determine the number of lines available on your router. The number varies with the type of router and the IOS version. However, five is the most common number of lines.
Router(config)#line vty 0 ?
<0-4> Last Line Number
Router(config)#line vty 0 4
Notice that you choose all the lines available for the most efficient configuration. You can set each line individually, but because you cannot choose the line you enter the router with when you Telnet, this can cause problems.
You can tell the router to allow Telnet connections without a password by using the No Login command:
Router(config)#line vty 0 4
The Enable password is used to allow security on a Cisco router when an administrator is trying to go from user mode to privileged mode. The Enable password is an old, unencrypted password that will prompt for a password when used from privileged mode. You set the Enable password from global configuration EXEC mode and use the command
enable password password
Here is an example:
Router(config)#enable password lammle
Router#disable (the disable command takes you from privilege mode back to user mode)
The Enable Secret password accomplishes the same thing as Enable. However, it is encrypted by default and supercedes Enable if it is set. In other words, if you set the Enable password and then set the Enable Secret password, the Enable password will never be used.
You set the Enable Secret password from global configuration mode by using the command:
enable secret password
Here’s an example:
Router(config)#enable secret san jose
Encrypting your passwords
The Line command passwords (console, aux, and VTY) are not encrypted by default and can be seen by going into privileged EXEC mode and typing the command
This displays the complete configuration that the router is running, including all the passwords. Remember that the Enable Secret password is encrypted by default, but the other four are not. To encrypt your passwords, use the global configuration command
Here is an example of how to perform manual password encryption (as well as an example of how to set all five passwords):
Router(config)#enable password todd
Router(config)#line vty 0 4
Router(config-line)#line con 0
Router(config-line)#line aux 0
Router(config)#no service password-encryption
Router(config)#enable secret lammle
All of the passwords can be the same except the Enable and the Enable Secret passwords. You should make them different for security reasons, however.
It is extremely important to set your passwords on every Cisco router your company has. If you are studying for your Cisco certification exams, be sure you understand the passwords and how to set them. Remember the difference between the Enable Secret and the Enable password and that the Enable Secret password supercedes the Enable password if it’s set.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.
---Original tutorial from:techrepublic.com
DHCP stands for Dynamic Host Configuration Protocol, and is used by routers connected to a network to automatically assign IP addresses to all of the computers on that network. The assigned addresses are kept in a central database. Using DHCP prevents two machines from receiving the same IP address, and prevents network administrators from having to assign addresses manually. Most routers have an option to turn DHCP on or off.
Instructions to Adjust the DHCP Setting on Your Router/Cisco router
1. Open a Web browser on a computer connected to the network.
2. Navigate to your router's homepage. This differs for different routers, so refer to your owner's manual for the address. Common router addresses are 192.168.227.1, 192.168.1.1 and 192.168.0.1. The address most likely begins with 192.168.
3. Log in to your router as an administrator to make changes. Again, the login settings will vary according to your router manufacturer, so refer to your owner's manual. Common logins include admin/admin, admin/(blank), and (blank)/(blank).
4. Navigate to the "LAN Settings" of your router.
5. Check either the "Enable DHCP" or "Disable DHCP" radio button. If you enable the DHCP settings, you can choose a starting and an ending IP address for all of the computers on the network. This is not necessary, however, as the router's default settings are normally all you need.
6. Click "Apply/Save changes" and log out of the router. You may have to restart the router to apply the changes.
Tips & Warnings
If you are not sure whether or not to enable DHCP, it is best to use the router's default settings. Improper DHCP settings can make your network unstable or inoperative.
More Info: DHCP & DHCP Operation
Cisco's original Integrated Services Routers, with more than 6M products in operation, are the industry's most popular solution for small to medium-sized businesses and enterprises with branch offices to achieve high-performance, secure, and reliable access to strategic applications. Progent's CCIE network engineers are proven experts at providing online design, management, and problem solving services for Cisco 1800, 2800, and 3800 family ISR routers. Progent can assist your company to move up to the latest release of Cisco IOS Software with minimal disruption to your network, assess the security vulnerability of your existing router configuration, and assist you to migrate efficiently to the latest releases of Cisco ISR Generation 2 routers when it makes competitive sense for your company.
Cisco 1800 Integrated Services Routers
The modular Cisco 1800 family of routers incorporate data and protection within one resilient system for high-speed, scalable connectivity with strategic business programs. The Cisco 1800 Series router design has been specifically engineered to satisfy the requirements of small-to-medium-sized businesses (SMBs), branch offices, and ISP-managed services environments for delivery of simultaneous services at high speed. The integrated secure systems design of the Cisco 1800 Series routers offers optimum flexibility and fast ROI.
The Cisco 1841 router offers important benefits compared to older generations of Cisco 1700 Series devices by bringing more than a 5x performance increase and built-in hardware-based encryption enabled by an available Cisco IOS Software protection image. The Cisco 1841 router dramatically increases plug-in card slot performance as well as capacity over the 1700 Series routers while providing compatibility with over 30 available WAN interface cards (WICs) and multiflex trunk cards (VWICs-for data only). The Cisco 1841 device provides further enhancement of Virtual Private Network speed with an optional Virtual Private Network acceleration module; an intrusion prevention system (IPS) and firewall capabilities; support for a broad range of interface needs, such as support for optional switch ports; and sufficient performance and slot capacity for future network expansion and advanced applications.
Cisco 2800 Series Routers
Targeted at small to medium-sized businesses (SMBs) and corporate branch offices, Cisco's 2800 Series comprises several basic versions: the 2801, the 2811, the Cisco 2821, and the 2851. Cisco's 2800 Series routers offer substantial added value compared to prior generations of Cisco devices at comparable prices by offering as much as a fivefold throughput improvement, up to a tenfold increase in protection and voice performance, built-in service features, and radically enhanced slot speed and capacity while maintaining compatibility with the vast majority of the almost 100 popular expansion modules available currently for the 1700, the Cisco 2600 Series, and the Cisco 3700 routers.
Cisco's 2800 Series router provides a range of common protection functions such as a Cisco IOS Software Firewall, intrusion prevention, IP security VPN, Secure Sockets Layer (SSL) VPN, advanced application inspection and control, Secure Shell (SSH) Protocol V 2.0, and SNMPv3 in a single protected solution. Also, by incorporating security functions within the router, Cisco can enable unique intelligent protection functions other security appliances cannot, such as network admissions control (NAC) for virus protection; Voice and Video Enabled VPN for QoS enforcement when mixing voice, video, and Virtual Private Networks; Dynamic Multipoint VPN (DMVPN); Group Encrypted Transport; and Easy VPN for enabling more expandable and easier to manage VPN environments.
Businesses can utilize the 2800 Series to deploy an integrated IP telephony solution for up to 96 IP phones, and can securely combine data, voice, and IP telephony on a single router for their small-to-medium sized satellite offices.
The Cisco 2800 Series router incorporates an integrated access point for wireless LAN access, Wi-Fi Hotspot services for shared public wireless LANs, and network services for cordless wireless LAN telephony and for larger locations.
Cisco 3800 Series ISR Routers
Cisco 3800 Series routers are engineered for small and midsize businesses (SMBs) and enterprise branch locations to offer businesses the highest degree of network agility, performance, and functionality. The Cisco 3800 Series integrated services routers smoothly integrate advanced network engineering, smart services, and protected corporate communications into one resilient system. The Cisco 3800 Series routers ease deployment and management, lower network cost and complexity, and provide investment protection. The Cisco 3800 Series integrated services routers feature embedded security processing, fast throughput and high memory capacity, and high-capacity interfaces that deliver the speed, resilience, and reliability required for scaling business-critical protection, IP telephony, high-volume video, system analysis, and web-based applications in the most demanding corporate environments. Built for speed, the 3800 Series integrated services routers provide multiple simultaneous services as fast as wired T3/E3 rates.
The integrated services routing technology of the 3800 Series router is built to integrate protection and voice handling with the latest wired and wireless services for rapid installation of new applications, including application layer functions, intelligent network services, and converged communications. The 3800 integrated services router supports the bandwidth demands of several Fast Ethernet interfaces for every slot, time-division multiplexing (TDM) connections, and integrated power sourcing to expansion modules compatible with 802.3af Power over Ethernet, while still supporting the traditional portfolio of interfaces. This ensures ongoing return on investment by allowing network expansion or accommodating changes in technology as the latest services are added. By integrating the capabilities of several separate appliances into one compact unit, the 3800 router significantly lowers the cost and complexity of administering remote networks.
Ethernet is the most common LAN (Local Area Network) technology in use today. Xerox developed Ethernet in the 1970s, and became popular after Digital Equipment Corporation and Intel joined Xerox in developing the Ethernet standard in 1980. Ethernet was officially accepted as IEEE standard 802.3 in 1985. The original Xerox Ethernet operated at 3Mbps. Ethernet networks up to 10Gbps now exist.
The first Ethernet standard, 10Base-5, ran over thick coaxial cable. A later standard, Ethernet 10Base-2, ran over a much thinner coaxial cable. These two versions of Ethernet were colloquially known as thicknet and thinnet.
Modern Ethernet standards run on UTP (Unshielded Twisted Pair) or fiber-optic cabling.
Category 3 UTP
Category 5 UTP
Cat 5e UTP
Ethernet 10Base-5 and 10Base-2 used a bus topology. Bus topologies were difficult to maintain and troubleshoot.
Modern Ethernet networks use a star topology with an Ethernet hub, switch, or router at the center of the star.
It is still possible to create a two-node Ethernet network in a bus topology using a null-Ethernet cable between the two devices.
Ethernet DTE and DCE
All nodes on an Ethernet network are either DTE (Data Terminal Equipment) or DCE (Data Communications Equipment).
Ethernet DTE are devices such as computers and printers that are trying to communicate on the Ethernet network.
Ethernet DCE are devices such as switches and routers that are trying to help other devices communicate on the Ethernet network.
Like any network, Ethernet must have an algorithm for determining when each network node is allowed to communicate.
In Ethernet, this algorithm is known as CSMA/CD (Carrier Sense Multiple Access / Collision Detection).
CSMA/CD has proven to be a very capable, if highly anarchistic, algorithm.
A switch is something that is used to turn various electronic devices on or off. However, in computer networking, a switch is used to connect multiple computers with each other. Since it is an external device it becomes part of the hardware peripherals used in the operation of a computer system. This connection is done within an existing Local Area network (LAN) only and is identical to an Ethernet hub in terms of appearance except with more intelligence. These switches not only receive data packets, but also have the ability to inspect them before passing them on to the next computer. That is, they can figure out the source, the contents of the data, and identify the destination as well. As a result of this uniqueness, it sends the data to the relevant connected system only, thereby using less bandwidth at high performance rates.
More Ethernet and Ethernet Switches Tips: Ethernet & Ethernet Switch
Ethernet Switches and Crossover Cables
The wires in a crossover cable are “crossed” so that output signals from the transmitting device are properly sent as input signals to the receiving end. An Ethernet switch can be thought of as a device that makes temporary crossover cable connections between computers that want to communicate. Just like crossover cables, switches do not suffer from collision problems.
However, it should be noted that the actual cables used are “straight through.” The crossover function is done inside of the switch.
Since separate wires are used for sending and receiving, switches support operation in full duplex mode. This mode allows devices to send and receive data at the same time.
Advantages over Hubs
As mentioned above, switches are intelligent devices that can read the data packets that pass through them. By storing each host’s MAC address and its corresponding port in a table, switches ensure that bandwidth is not wasted by intelligently directing traffic. Hubs are dumb devices that do not do any processing.
Unlike hubs, switches are modern, fast, and support full duplex operation. In short, they are much better.
Computer Networking is any set of computers or devices connected to each other so as to communicate or exchange data. For a network to function, the devices must be interconnected. Network connections can be wired or wireless.
All networks are connected to enable communication with different kinds of media (wire or cables), which includes, twisted-pair copper wire cable, coaxial cable, optical fiber, power lines and various wireless technologies.
The devices can be separated by a few meters (e.g. via Bluetooth) or nearly unlimited distances (e.g. via the interconnections of the Internet).
In Wired networks, the medium is either copper, which carries electrical signals, or optical fibre, which carries light signals.
In Wireless networks, the medium of connection or mode of transmitting is radio waves, space, or microwaves. Wireless networks may include the home wireless connection between a wireless router and a computer with a wireless network card, the global wireless connection between two ground stations, or the communication between devices on earth and satellites then received via the internet.
Examples of Networks are:
Local Area Network. (LAN)
A LAN (Local Area Network) is an individual network that covers a single geographical area, providing networking services and applications to people within a common managerial structure, such as a single business, campus or region.
A LAN is usually administered by a single organization. The administrative control that governs the security and access control policies are enforced on the network level. LANs and WANs are very useful to individual organizations. They connect the users within the organization. They allow many forms of communication including exchange e-mails, corporate training, and other resource sharing.
Wide Area Network. (WAN)
WAN that is usually a larger network that covers a large geographic area. An example of this is an organization that uses a WAN to interconnect their offices in different countries. The largest and best example of a WAN is the Internet, which is a network of networks, composed of many smaller networks. The Internet is considered the largest network in the world.
Main Features of WANs:
- WANs generally connect devices that are separated by a broader geographical area than can be served by a LAN.
- WANs use the services of carriers, such as telephone companies, cable companies, satellite systems, and network providers.
- WANs use serial connections of various types to provide access to bandwidth over large geographic areas.
Wireless LANs and WANs. (WLAN & WWAN)
WLAN & WWAN are the wireless equivalent of the LAN and WAN. But there are no wires between end devices and servers. Communication or data is transferred over sets of radio transceivers or waves. These types of networks are beneficial when it is too costly or inconvenient to run the necessary cables.. The media access protocols for LANs come from the IEEE.
Components of the Network
The path that a message takes from source to destination can be as simple as a single cable connecting one computer to another or as complex as a network that literally spans the globe. This network infrastructure is the platform that supports our human network. It provides the stable and reliable channel over which our communications can occur.
Devices and Media
Devices and media are the physical elements or hardware of the network. Hardware is often the visible components of the network platform such as a laptop, a PC, a Switch, Router or the cabling used to connect the devices. Occasionally, some components may not be so visible. In the case of wireless media, messages are transmitted through the air using invisible radio frequency or infrared waves.
The CCNA might be intimidating at first, especially since Cisco has expanded the scope of the exam to include more advanced topics such as Open Shortest Path First (OSPF) routing which is traditionally only tested in the CCNP and other professional level exams. Time management during the exam is the number 1 most important thing to do well. This means scoring easy points when possible and to spend more time focusing on those questions which are harder.
To maximize the chance of passing the CCNA exam, here are 2 most important (in my opinion) topics to focus on for the CCNA:
Learning how to subnet effectively is the most important thing for the CCNA. It’s also important to be able to size subnets quickly in the real world for network planning and troubleshooting purposes. Because the CCNA (and any other certification exam) is a test of your time management skills during the test, and subnetting can be done quickly (and 100% correctly) if you know the right technique, it’s a quick way to score easy points.
Common subnetting questions include calculating the number of hosts in a subnet, finding if 2 hosts are in the same subnet, and deciding on the correct hostmasks, among others. Being able so solve such questions quickly means that you will be able to free up valuable exam time to solve other questions. Answering such calculation questions are a matter of simple calculations and it’s hard to get them wrong once you know how. Again, the key is speed and you will definitely want to get subnetting questions out of the way as quickly as possible.
Simulation questions (commonly now referred to as “sims”) are designed by Cisco to test the practical aspect of Cisco networking. A simulation of a real Cisco IOS command-line is provided to you and you are expected to troubleshoot or otherwise configure the network to the required specification.
These questions are more time consuming but very important. Only Cisco knows for sure how these are actually scored but it’s very likely that you won’t get enough points to pass the CCNA if you cannot answer all the simulation questions to a satisfactory level. The CCNA passing score gets higher all the time, which makes scoring high on the simulation questions a priority.
One good thing about using simulation questions is that you’ll be able to gauge roughly how well you’ve done by showing the running configuration and running other tests such as ping and using other show commands. A good way to prepare for the exam is to use a Cisco router simulator.
More guide and tips about CCNA: Best Path for Getting Your CCNA Certification
The Cisco 1941W Integrated Services Router (ISR) delivers highly secure data, mobility, and application services.
Cisco 1941W is a true solution in terms of delivering pure security for your transmitted data, application as well as for security of your mobility over wired or especially designed wireless network whether it is at home or the network is prepared for your small office. This ISR router of 1900 series has Ethernet ports (2 same ports) of 10Mbps, 100Mbps and 1000Mbps speed.
Cisco 1941W router also comes with (e)HWIC’s 2 slots that are able of supporting or hosting 1 single wide Enhanced High-Speed WAN Interface Card as well as of 2 single wide or you may say 1 double wide card. Wireless Access Point is also supported by 1941W router through built-in 802.11n technology. Power distribution is also fully integrated to this router just to support Cisco Enhanced Power of Ethernet as well as 802.3a PoE.
VPN encryption through accelerated hardware (embedded hardware rather) is also supported by Cisco 1941W Integrated Services Router and this 1900 series’ router has identity management support as well which is normally done through public key infrastructure’s usage as well as through the usage of authorization, authentication and accounting method i.e. “AAA”.
Integrated threat control functionality of Cisco 1941W is as same as it is seen in 1941 router of 1900 series who provides it (threat control functionality) through IOS IPS of Cisco, IOS Zone-Based Firewall of Cisco, IOS Content Filtering of Cisco and finally IOS Firewall of Cisco. Mobility in this router is supported through 5 GHz mode of 802.11a/n as well as through 2.4 GHz mode of 801.11/b/g/n of radio signals.
Quick View: Key features of Cisco 1941W include:
- 2 integrated 10/100/1000 Ethernet ports
- 2 Enhanced High-Speed WAN Interface Card slots that can host 2 single wide or 1 double wide and 1 single wide (e)HWIC
- 1 integrated 802.11n Wireless Access Point
- Fully integrated power distribution to modules supporting 802.3af Power over Ethernet (PoE) and Cisco Enhanced PoE
- Embedded hardware-accelerated encryption for VPN
- Secure collaborative communications with Group Encrypted Transport VPN, Dynamic Multipoint VPN, or Enhanced Easy VPN
- Integrated threat control using Cisco IOS Firewall, Cisco IOS Zone-Based Firewall, Cisco IOS IPS, and Cisco IOS Content Filtering
- Identity management that uses authentication, authorization and accounting (AAA), and public key infrastructure
- The integrated access point offers IEEE 802.11n draft 2.0 support for mobile access to high-bandwidth data, voice, and video
- The access point supports both unified and autonomous deployments and is supported by a wireless LAN controller and the Cisco Wireless Controller System
- IEEE 802.11n technology delivers outstanding reliability and up to nine times the throughput of current IEEE 802.11 a/b/g networks
- Dual radios for 2.4-Ghz 802.11b/g/n. and 5-GHz 802.11a/n modes
Caskibum’s Problem of Opening Port 873 on Cisco 1921
I have a Cisco 1921 and need to open ports 22 (SSH) and 873 (rsync) to run an rsync server on my network and the rest of the network needs standard "internet" access. I am fairly new to Cisco ACLs and so I expect I'm doing something stupid but not sure what. When I add the ip access-group XXX in / out to the gig0/0 interface, I lose all www functionality at that point. Here is my current (working) config with the ACLs listed (101 and 102) but not enabled on the gig0/0 interface. I have tried the "established" statement at the start and end of the 101 list, no difference. Thanks for any help!
Current configuration : 2675 bytes
! Last configuration change at 15:03:45 UTC Sun Dec 18 2011 by
service timestamps debug datetime msec
service timestamps log datetime msec
enable secret 5 $1$Sx2k$wiHT8Af585IB/HsSZkwC61
enable password 7 073E325F19190C1D47
no aaa new-model
no ipv6 cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.1.0.1 10.1.0.149
ip dhcp excluded-address 10.1.0.200 10.1.0.254
ip dhcp pool net_dhcp
network 10.1.0.0 255.255.255.0
lease 0 0 5
no ip domain lookup
ip domain name treeskier.ca
multilink bundle-name authenticated
license udi pid CISCO1921/K9 sn FGL15092836
username blah password blahblah
ip ssh version 2
ip dhcp client update dns
ip address dhcp
ip nat outside
! ip access-group 101 in
! ip access-group 102 out
! once I turn these on, it all dies.
no cdp enable
no mop enabled
ip address 10.1.0.1 255.255.255.0
ip nat inside
no mop enabled
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.1.0.102 873 interface GigabitEthernet0/0 873
ip nat inside source static tcp 10.1.0.102 22 interface GigabitEthernet0/0 22
access-list 1 permit 10.1.0.0 0.0.0.255
access-list 1 remark INSIDE_IF=gig0/1
access-list 101 permit tcp any 10.1.0.0 0.0.0.255 established
access-list 101 permit tcp any host 10.1.0.102 eq 22
access-list 101 permit udp any host 10.1.0.102 eq 22
access-list 101 permit tcp any host 10.1.0.102 eq 873
access-list 101 permit udp any host 10.1.0.102 eq 873
access-list 102 permit tcp 10.1.0.0 0.0.0.255 any
access-list 102 permit udp 10.1.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
banner login ^C**************************^C
CON and VTY setup
scheduler allocate 20000 1000
A bit of really basic troubleshooting:
Standard IP access list 1
10 permit 10.1.0.0, wildcard bits 0.0.0.255 (9854736 matches)
Extended IP access list 101
10 permit tcp any 10.1.0.0 0.0.0.255 established
20 permit tcp any host 10.1.0.102 eq 22
30 permit udp any host 10.1.0.102 eq 22
40 permit tcp any host 10.1.0.102 eq 873
50 permit udp any host 10.1.0.102 eq 873
Extended IP access list 102
10 permit tcp 10.1.0.0 0.0.0.255 any
20 permit udp 10.1.0.0 0.0.0.255 any
Router#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 192.168.0.10:22 10.1.0.102:22 --- ---
tcp 192.168.0.10:873 10.1.0.102:873 --- ---
tcp 192.168.0.10:54693 10.1.0.150:54693 18.104.22.168:80 22.214.171.124:80
tcp 192.168.0.10:54695 10.1.0.150:54695 126.96.36.199:80 188.8.131.52:80
tcp 192.168.0.10:54696 10.1.0.150:54696 184.108.40.206:5222 220.127.116.11:5222
tcp 192.168.0.10:54699 10.1.0.150:54699 18.104.22.168:1935 22.214.171.124:1935
tcp 192.168.0.10:54700 10.1.0.150:54700 126.96.36.199:80 188.8.131.52:80
... (more dynamic NAT at work)
Reply to Caskibum from Imbadatthis
You aren't allowing DNS in .
also a nice to know:
After Imbadatthis ‘s Reply
Caskibum solved problems like this:
Thanks for the response.
I actually sorted it out last night, my "new" cable modem was blocking the port forwarding before it got to the router. So once I set up the NAT port forwarding on the cable modem, all good now.
Just FYI, I've ended up with a much simpler ACL and NAT setup:
ip nat inside source list nat-acl interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.1.0.101 873 interface GigabitEthernet0/0 873
ip nat inside source static tcp 10.1.0.101 22 interface GigabitEthernet0/0 22
ip access-list extended nat-acl
permit ip 10.1.0.0 0.0.0.255 any
permit tcp any host 10.1.0.101 eq 22
permit tcp any host 10.1.0.101 eq 873
More discussion between these two buddies to talk about Opening port 873 on Cisco 1921
Imbadatthis: So you've removed both acl 101 and 102?
Yep, the only ACL is the named extended list, which is applied on the outside interface in the overload command. I could have probably left them in place, I found this "alternate" solution with the named extended list as it is now, and then after that didn't work either I went to the cable modem and found the source of the problem. I expect the 101 / 102 acls are fine if I were to use them. Then the two static NAT commands to handle the traffic direction. Seems to be working. I'm no security expert so if this leaves some gaping hole please let me know and I'll rework it.
Ideal for Enterprise WAN aggregation or service provider environments, Cisco 7600 series is the industry's first carrier-class edge router to offer integrated, high-density Ethernet switching, carrier-class IP/MPLS routing, and 10-Gbps interfaces, benefiting enterprises and helping enable service providers to deliver both consumer and business services over a single converged Carrier Ethernet network.
The Cisco 7600 Internet Router delivers optical wide- and metropolitan-area network (WAN and MAN) services with high-touch IP services at the network edge. Now, service providers (SPs) and enterprises can "service enable" their networks at optical speeds, providing competitive advantage and service differentiation to the SP and high-speed connectivity and link usage efficiency to the enterprise.
Cisco 7600 Router’s Key Features
High performance, with up to 720 Gbps in a single chassis, or 40 Gbps capacity per slot
A choice of form factors purpose-built for high availability
Cisco I-Flex design: A portfolio of shared port adapters (SPAs) and SPA interface processors (SIPs) that controls voice, video, and data experiences
Scalable and extensible suite of hardware and software capabilities to enable intelligent Carrier Ethernet services
Integrated Video Call Admission Control with innovative visual quality of experience for both broadcast and video on demand (VoD)
Intelligent Services Gateway, providing scalable subscriber and application awareness with multidimensional identity capabilities and policy controls
Integrated Session Border Control with quality of experience in both Session Initiated Protocol (SIP) and non-SIP applications
What Cisco 7600 series Supports
Supports Services modules such as IPsec, firewall, SSL VPN
Intrusion Prevention System (IPS) Modularity
Chassis supports up to 4-, 6-, 9-, and 13-slot chassis for redundant supervisors and line cards
Supervisor engines supporting up to 15 Mpps with broad range of edge services
Support for Shared Port Adapter (SPA) and SPA Interface Processors (SIP), which offers intelligent services.
Supports up to 12 SPA bays
Support for the Enhanced FlexWAN module, which offers Port Adapter investment protection
Cisco 7600 Router’s Price & Availability
Cisco 7600 series ranges from US$5000 to US$20000, not all the types are required by enterprise head offices. There are some 7600 series items such as Cisco 7606, Cisco 7609, Cisco 7609-S, Cisco 7606-S; these are popular among large enterprises. Prices of Cisco 7606 and Cisco 7609 are available here:
CISCO7606: List price: US$6,000.00 / Wholesale Price: US$2,940.00
CISCO7609: List price: US$10,500.00 / Wholesale Price: US$5,145.00
CISCO7606-S: List price: US$6,000.00 / Wholesale Price: US$2,940.00
CISCO7609-S: List price: US$10,500.00 / Wholesale Price: US$5,145.00
If you want to know more pricing and purchasing information of Cisco router and other Cisco IT equipments, you can visit Cisco router at Router-switch.com…