Overblog Follow this blog
Administration Create my blog
Cisco & Cisco Network Hardware News and Technology

Posts with #cisco routers tag

How to Connect Cisco Console Cable to PC/Laptop Running Linux?

December 29 2011 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

People who work with Cisco network equipment need to be able to connect to the console port on their devices. In Windows, you can simply fire up HyperTerminal to get basic access to your devices. If you are using Linux, then you need to know how this can be done with an application called Minicom.

Red-cocktail.jpg

 

Hardware

First, you are going to need a Cisco console cable, a Cisco device, and a computer. If your computer has a serial port, then you can use the standard console cable that comes with every Cisco device.

 

If you do not have a serial port (like most new laptops), then you need to purchase a USB to Serial adapter that supports Linux. Many of them do not require a driver in Linux. Make sure the item is plugged in at boot time & the system should find it. This device will allow you to use the standard Cisco cable which has a DB9 serial connector on one end & an RJ45 connector on the other.

 

Install Minicom

You can easily install Minicom by using "System > Administration > Synaptic Package Manager". Search for "minicom" and choose to install the package. Click "Apply" and Minicom should be installed within a few seconds.

 

Find the name of your serial port

Next, you need to find out is which device your serial (including the USB adapter) ports are mapped to. The easiest way to do this is to connect the console cable to a running Cisco device. Now open up a Terminal using "Applications > Accessories > Terminal" and type this command:

dmesg | grep tty

 

The output will look something like one of these:

[    0.788856] serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A

[    0.789144] 00:08: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A

[94023.461242] usb 2-1: pl2303 converter now attached to ttyUSB0

[107561.131086] type=1503 audit(1260922689.994:33): operation="open" pid=27195 parent=27185 profile="/usr/sbin/cupsd" requested_mask="w::" denied_mask="w::" fsuid=0 ouid=0 name="/dev/ttyUSB0

 

Look in this output for words that contain "tty". In this case, it is "ttyS0". That means the name of the device that corresponds to your serial port is "ttyS0". The name of your device that corresponds to your USB port has a definition of name="/dev/ttyUSB0" (make sure it's plugged in). Now we are ready to configure Minicom to use this information.

 

Configure Minicom

Open a terminal using "Applications > Accessories > Terminal". Now type this command to enter the configuration menu of Minicom:

sudo minicom -s

 

Use the keyboard arrow keys to select the menu item labeled "Serial Port Setup" and then hit "Enter". This will open a window that looks similar to the one below:

 

Change your settings to match the ones in the picture above. Here is what I had to change:

  • Change the line speed (press E) & change to "9600"
  • Change the hardware flow control (press F) & change to "No"
  • Change the serial device (press A) & change to "/dev/ttyS0"
  • Or to use your USB port, change the serial device to "/dev/ttyUSB0"
    • Be sure to use the device name that you learned with the grep output.

 

Once your screen looks like mine, you can hit "Escape" to go back to the main menu. Next, you need to select "Save setup as dfl" and hit "Enter" to save these settings to the default profile. Then select "Exit Minicom" to exit Minicom... 说明: ;)

 

To find out if you have configured Minicom correctly, type this command in the terminal:

sudo minicom

 

After entering your Ubuntu user password, you should be connected to your Cisco device.

 

Once inside, press Ctrl+A, to access minicom commands. Press 'Ctrl+A', then 'Z' to access help. Ctrl-A, then another letter, like 'X' & you will eXit. Help will show a list of available commands.

 

Note: You may want to delete the Minicom init string if you see a bunch of gibberish every time you connect to a device. To do this, enter Minicom configuration with:

sudo minicom -s

 

Then select "Modem and dialing". Press "A" to edit the Init string, and delete all characters so that it becomes empty. Make sure you save this to the default profile with "Save setup as dfl". You should no longer see gibberish when you connect to devices.

 

Create a desktop launcher

If you want to have quicker access to Minicom, you can create a desktop launcher.

  1. Right-click on the desktop and choose "Create launcher"
  2. Click on "Icon" and choose the picture you want to use
  3. Use the "Type" pull-down menu and select "Application in terminal"
  4. Create a name like "Cisco Console" in the field labeled "Name"
  5. Enter this command into the field labeled "Command"
    • sudo minicom
  6. Hit "OK" and your desktop launcher is ready for you to use.
Read more

Secure Networking

December 14 2011 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Secure NetworkingSecure-Networking.jpg 

Our Self-Defending Network is an architectural solution designed for the evolving security landscape. Security is integrated everywhere and with the help of a lifecycle services approach, enterprises can design, implement, operate and optimize network platforms that defend critical business processes against attack and disruption, protect privacy, and support policy and regulatory compliance controls.

Using a Lifecycle approach to Services, Cisco and its partners provide a broad portfolio of Security Services that address all aspects of deploying, operating, and optimizing your network to help increase business value and return on investment

 

 

 

 

UTM.jpgUTM  

Unified Threat Management (UTM) is a comprehensive solution that has recently emerged in the Network security industry and since 2004, has gained widespread currency as a primary network gateway defense solution for organizations. In theory, it is the evolution of the traditional Firewall into an all-inclusive security product that has the ability to perform multiple security functions in one single appliance: network firewalling network intrusion prevention and anti-virus (AV), Gateway anti-spam VPN, content filtering, load balancing and on-appliance reporting.

 

 

 

 

 

 

 

Firewall Firewall.png / Cisco Firewall

 

A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices configured to permit, deny, encrypt, decrypt or proxy all (in and out) computer traffic between different Security gateway based upon a set of rules and other criteria.

 

Read more

Cisco Unified IP Phone Guide: Overview on Cisco 7971 IP Phone

December 5 2011 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Overview on Cisco 7971 IP Phone

Overview on Cisco 7971 IP Phone


1

Programmable buttons

Configurable buttons that provide access to various phone features

2

Footstand button

 Allows you to adjust the angle of the phone base.

3

Display button 

Awakens the touchscreen from power-save mode or disables it for cleaning:  No color—Touchscreen available ready for input,  Green flashing—Touchscreen disabled,  Green steady—Touchscreen and backlight disabled 

4

Messages button 

Typically auto-dials your voice message service (varies by service).

5

Directories button 

Opens/closes the Directories menu. Use it to view and dial from call logs (Missed, Received, and Placed) and a corporate directory.

6

Help button 

Activates the Help menu.

7

Settings button 

Opens/closes the Settings menu. Use it to control touchscreen appearance and ring sounds.

8

Services button 

Opens/closes the Services menu.

9

Volume button 

Controls the volume and other settings.

10

Speaker button 

Toggles the speakerphone on or off. 

11

Mute button 

Toggles the Mute feature on or off. 

12

Headset button 

Toggles the headset on or off. 

13

Navigation button 

Allows you to scroll through menus and highlight items. Use in conjunction with softkeys to activate highlighted items. Also, while the phone is on-hook, press the Navigation button to access phone numbers from your Placed Calls log. 

14

Keypad 

Allows you to dial phone numbers, enter letters, and choose menu items. 

15

Softkey buttons 

Activates a softkey. You can also activate a softkey by pressing the softkey label on the touchscreen. 

16

Handset light strip 

Indicates an incoming call and new voice message. 

17

Touchscreen 

Shows phone features.

 

Getting Help on Your Phone 

Your Cisco IP Phone provides a comprehensive online help system. Help topics appear on the touchscreen. See the table below for details.

If you want to...

  • View the main menu press -.jpgon your phone and wait for several seconds for the menu to display. If you are already in Help, press Main. Main menu topics include:
    • About Your Cisco IP Phone—descriptive details about your phone
    • How do I...?—procedures and information about common phone tasks
    • Calling Features—descriptions and procedures about calling features
    • Help—tips on using and accessing Help
  • Learn about a button or softkey press ?, then quickly press a button or softkey.
  • Learn about a menu item press "?", then quickly press the menu item on the touchscreen. Or, press "?" twice quickly with the menu item highlighted.
  • Get help using Help press "?". After a second or two, press "?"again or choose Help from the Main Menu.

 

More Notes: If you wanna more info about Cisco Unified IP Phones, you can visit: http://www.router-switch.com/Price-cisco-ip-phones-voip_c4

Read more

Cisco 2900 Series Powers the Next Phase of Branch-office Evolution

December 1 2011 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Cisco 2900 Series Integrated Services Routers (ISR), designed to power the next phase of branch-office evolution, deliver highly secure connectivity with multiservice integration that can transform the workplace with a broad set of integrated services, rich-media support, and operational excellence.

 

As a type of router for small to medium enterprise with high performance, Cisco 2900 series ISRs offer embedded hardware encryption acceleration, voice- and video-capable digital signal processor (DSP) slots, optional firewall, intrusion prevention, call processing, voicemail, and application services. In addition, the platforms support the industries widest range of wired and wireless connectivity options such as T1/E1, XDSL, copper and fiber GE.

 

More Cisco 2900 Series support follow here:

High availability and increased business uptime through Cisco IOS Software, hardware redundancy, and failover capabilities.

Modular support for the broadest set of Cisco network and security services, as well as customizable "on demand" virtual services.

Video-ready architecture supports rich media unified communications capabilities.

Defends against malicious attacks and threats to data, voice, video and mobility.

High speed wireless access enables employees to be more productive when they are away from their desks.

Give remote staff and teleworkers secure access to company assets over a highly secure connection.

 

Cisco 2900 Series Integrated Services Routers offer a range of features, including:

High-performance, nonstop connectivity with integrated services enables deployment in high-speed WAN environments

Modular design delivers optimal service flexibility

Available enhanced Ether Switch modules enable integrated switching capabilities

Innovative Services-Ready Engine (SRE) enables deployment of services on demand

3G backup WAN access to support business continuity

Support for Cisco Unified Communications Manager Express enables secure collaboration for up to 150 users

Optional integrated high-speed 802.11n wireless access point supports secure mobility

Integrated network security defends against malicious attacks and threats to data, voice, video, and mobility

VPN support enables secure collaborative communications with Group Encrypted Transport VPN (GETVPN), Dynamic Multipoint VPN (DMVPN), or Enhanced Easy VPN

Enhanced redundancy, including diagnostics and backup power supplies increase fault tolerance and business uptime

Operational simplicity, energy efficient design, and Green credentials deliver low total cost of ownership

 

Cisco 2900 Series Models:http://www.router-switch.com/productimages/Routers/l/CISCO2921.jpg

There are four models of Cisco 2900 router: Cisco 2901, Cisco 2911, Cisco 2921, and Cisco 2951. And the reflection from market we are clear that models of Cisco 2900 series are hot required by Cisco customers, such as Cisco 2951/K9, Cisco 2911/K9, Cisco 2921/K9, Cisco 2901/K9…

 

Take Cisco 2911 as an example; check its features in detail:

3 integrated 10/100/1000 Ethernet ports (RJ-45 only)

1 service module slot

4 enhanced high-speed WAN interface card slots

2 onboard digital signal processor (DSP) slots

1 Internal Service Module slot for application services

Fully integrated power distribution to modules supporting 802.3af Power over Ethernet (PoE) and Cisco Enhanced PoE

Security

Embedded hardware-accelerated VPN encryption for secure connectivity and collaborative communications Integrated threat control using Cisco IOS Firewall, Cisco IOS Zone-Based Firewall, Cisco IOS IPS, and Cisco IOS Content Filtering

Identity management using authentication, authorization, and accounting (AAA) and public key infrastructure

Voice

High-density-packet voice DSP module, optimized for voice and video support

Standards-certified VoiceXML browser services

Cisco Unified Border Element capabilities

Cisco Unity Express voicemail support

Support for Cisco Communications Manager Express and Survivable Remote Site Telephony

 

Overall, the Cisco 2900 Series offers unparalleled total cost of ownership savings and network agility through the intelligent integration of security, wireless, unified communications, and application services.

 

Read more

Cisco's LAN Stronghold: Good As It Ever Was

November 24 2011 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

In the networking industry there's Cisco and then there's everyone else. But in LAN switching it's even more so.

Cisco and the Consumerization of IT

If we posed the question to IT pros: What's more reliable, your phone network or data network? Most would now tell us that it's a dumb question, they're the same network.

 

That transition over the past decade makes the LAN ultra-critical for companies today, just as critical as keeping the lights on and the coffee flowing. So it's not at all surprising that in our recent IT Pro Ranking, 444 IT professionals, who either use, have used, or have evaluated the products and vendors we asked about, placed product reliability and product performance as their two most important factors for evaluating LAN vendors and products.

 

In fact, those two factors rated so high in importance, and Cisco did so well against them, the story almost begins and ends there. Of our 11 criteria, Cisco rated a 4.0 (out of 5) or better on four of the criteria, while no other vendor did that well on more than two. Others making our survey (getting at least 50 responses to our poll) included: Brocade, HP, Juniper, Dell, and Netgear.

 

Cisco also got the lowest score in our survey, scoring a 3.0 for acquisition cost, whereas no other vendor scored below a 3.2. Operation cost was second lowest for Cisco at 3.5. Meanwhile, HP scored 3.9 and 3.8 on those criteria respectively, Dell came in at 4.1 and 3.8, and Netgear registered 4.2 and 3.0. But cost is not the primary concern for network architects and Cisco knows it. It also knows that when it sets prices, others will move theirs accordingly. No matter what Cisco did with its prices, others will set theirs lower.

 

Such is the nature of a mature market with reasonable margins and market share leader the likes of Cisco. And lead it does. In our survey, 85% of respondents said they have used or evaluated Cisco products. HP ranks a distant second with 33%, then Dell and Netgear at 22%, Juniper at 20%, and Brocade at 12%. Included in our survey, but not getting enough responses to qualify for inclusion were: Avaya, IBM, Alcatel-Lucent, Extreme, Enterasys, NEC, Arista, and Force 10, all of which had less than 8% reporting use.

 

In our standard overall weighted score, Cisco ended up with 77%, followed by a three-way tie between HP, Juniper, and Brocade, all at 73%. Dell and Netgear followed with 71% and 70% respectively. The nature of our survey methodology tends to bunch vendors together when we calculate the aggregate score. High-function products are offset by their high prices, while low-function products are boosted by their typically lower prices.

 

Along with our standardized 11-point rating system, we also asked about 15 features specific to LAN switching. When we asked product users to rate these criteria, cost per port, management software, port density, dynamic port configuration, and pre-port security were deemed most important while layer 2 encryption, proprietary features in advance of standards, and 40-Gbps or 100-Gbps uplinks turned as least important. Here again, in aggregated scores, Cisco came out on top with 75%, then Brocade at 71%, HP and 70%, Juniper at 69%, Dell at 68%, and Netgear at 63%.

 

All this seems like great news for Cisco, and at least for the moment it is. As report author Mike Fratto points out, the Catalyst 6500 is the product of choice for many LAN architects. But eventually, it too will run out of steam. But when Cisco execs spend a sleepless night worrying about how to maintain their enviable market share and profit margins, they don't worry about any of the vendors I've mentioned here, at least not individually. The company they worry about is Broadcom.

 

Broadcom now produces a broad range of high-performance chips that let equipment manufacturers build high-density switches with relatively few parts, including its StrataXGS chips, which supports 100-Gbps Ethernet for carriers and 40-Gbps Ethernet for the enterprise. The system-on-a-chip design can support 64 10-Gbps ports and supports relevant standards from DCB to TRILL to OpenFlow. In other words, Cisco has to count on the attractiveness of some pretty esoteric features in its own silicon to beat out any vendor who decides to spin out a switch based on Broadcom's chips.

 

Users who take the time to make careful side by side comparison between products built on Cisco's own silicon and those built on Broadcom's may not find much of a difference--at least in the features that matter most to them.

 

This being a mature product category, we weren't all that surprised to see that 60% of responden7ts saying that they had no interest in replacing or adding new LAN switch vendors. That's good news for Cisco. But when we asked that 60% what it would take to get them to reconsider, the top response by a good margin was substantial capital cost savings.

 

For vendors looking to unseat Cisco as the king of the hill, the task is still daunting. Many will read the survey results and find that it doesn't match the reality of current product offerings. And while that may be true, our survey represents the perceptions of actual product users and as such, it's going to be tough sell to an audience who're pretty much saying, "We'd consider changing vendors if you were giving the stuff away."

 

Notes: More Cisco news, guides, tips and Cisco equipment info you can visit:http://www.router-switch.com/  & http://blog.router-switch.com/

Read more

How to Reset Cisco 3900 Routers?

November 17 2011 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

cisco-3900.jpgCisco 3900 Series Integrated Services Routers (ISR), designed to power the next phase of branch-office evolution, offers unparalleled total cost of ownership savings and network agility through the intelligent integration of security, wireless, and application services.

 

As a popular Cisco router item, Cisco 3900 series offers an upgradable motherboard which allows owners to update hardware as more powerful options become available without having to purchase a new router. Cisco also appeals to environmentally conscious consumers with their EngeryWise dual power supplies, which lower electricity costs and support essential redundancy requirements. It is occasionally necessary to reset this powerful networking device, restoring it to factory default settings.

 

To reset a Cisco 3900 router, e.g. Cisco 3925, Cisco 3945, some Cisco 3900 users have discussed it like that:

About “3945 router password recovery”

Question:

“Hi There,

I understand that the password has to be changed the first time we login to Cisco 3945 router but i failed to do that and it’s not allowing me to connect using default username/password.

Can someone help me in getting this addressed??”      ---From vnirmal112

 

Answers from others

“You can but you don't have to change the password the first time you login to the 3900.  Are you trying to connect using the console port or telnet?”

 

“Logged onto router via console...was about to configure a new router...I got a clear message saying that i cannot login next time if i don’t change password, which i saw after logging off only :-(...”

 

“I am running 12.4.24. If you have another flash card, you can put a different IOS on it and boot it with that and see if you can get in. The other thing you can do is to try the password recovery and see if you can get in that way. Did you ever assign any passwords to it?”

 

Also frustrated with this Cisco 3900 resetting? Instructions help you reset Cisco 3900 series in detail

Method One

1. Enter "config-register 0x2102" from the router's command prompt window. This gives you access to global configuration mode.

       

2. Enter "show version." The response should read:

router# configure terminal

router (config) #config-register 0x2102

router (config) #end

router#

Repeat the "show version" command.

The response should now read "will be 0x2102 at next reload."

       

3. Enter the command "write erase." This will erase the current start-up configuration.

       

4. Reload the software by entering the "reload" command. Do not save when prompted.

The system display should read:

router#reload

System configuration has been modified. Save? (yes/no): n

Proceed with reload? (confirm)

Confirm that you want the reload to proceed.

       

5. Wait for the reload. The dialog box will read:---System Configuration Dialog---

Would you like to enter the initial configuration dialog? (yes/no)

The router has been reset.

   

Method Two

1.       Enter the command "config-register 0x2142."

The response should read:

Router (config)#config-register 0x2142

Repeat the "show version command."

The response should now read "will be 0x2142 at next reload."

       

2. Reload the software by entering the "reload" command. Do not save when prompted. The system should read:

router#reload

System configuration has been modified. Save? (Yes/no): n

Proceed with reload? (Confirm)

Confirm that you want the reload to proceed.

       

3. Wait for the reload. The dialog box will read:

---System Configuration Dialog---

Would you like to enter the initial configuration dialog? (Yes/no) Enter "no."

     

4. Change the configuration register setting to 0x2102. Enter "config-register 0x2102." Enter "write memory." This will overwrite the running configuration.

       

5. Enter the "reload" command. The system configuration dialog will appear again. The router is reset.

Read more

How to Configure Cisco 3845 Routers?

November 15 2011 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

Cisco 3845 routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements. The Cisco 3845 router features a console port, auxiliary port, dual Universal Serial Bus (USB) ports, four high-speed WAN interface card (HWIC) slots, two 10/100/1000 Gigabit Ethernet RJ45 ports, four Enhanced Network Module (ENM) slots, small form factor pluggable (SFP), power inlets, and Compact Flash (CF) drive.

 

http://www.router-switch.com/productimages/Routers/v/cisco3845.jpgCisco 3845 supports two internal advanced integration modules (AIMs) 1, and two Ethernet connections. Figure 5 shows the front panel and Figure 6 shows the rear panel. The front panel consists of 7 LEDs: CF LED, PVDM0 LED, PVDM1 LED, PVDM2 LED, PVDM3 LED, AIM0 LED, and AIM1 LED. The back panel consists of 6 LEDs: SYS LED, ACT LED, SYS PWR1 LED, AUX PWR1 LED, SYS PWR2 LED, and AUX PWR2 LED.

 

Q: How I can configure the cards for Slots 0/0, 0/1, 0/2, 0/3? 

How to Configure Cisco 3845? To follow step here
F3845#show conf
Using 3487 out of 491512 bytes
!
! Last configuration change at 13:23:09 PCTime Mon Nov 9 2009 by cisco
! NVRAM config last updated at 13:23:10 PCTime Mon Nov 9 2009 by cisco
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname F3845
!
boot-start-marker
boot-end-marker
!
! card type command needed for slot/vwic-slot 0/0
! card type command needed for slot/vwic-slot 0/1
! card type command needed for slot/vwic-slot 0/2
! card type command needed for slot/vwic-slot 0/3
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$KG3Z$oYVvBSpD//tgRXSsPcO7V.
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
!
!
ip cef
ip tcp synwait-time 10
!
!
no ip bootp server
ip domain name oxnardad.org
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3416983991
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3416983991
 revocation-check none
 rsakeypair TP-self-signed-3416983991
!
!
crypto pki certificate chain TP-self-signed-3416983991
 certificate self-signed 01 nvram:IOS-Self-Sig#3104.cer
username vlaguna privilege 15 secret 5 $1$PukE$4.mxdXURqELD/42ERYz1s1
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ES_LAN$$FW_INSIDE$
 ip address 172.20.1.20 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 media-type rj45
 no mop enabled
!
interface GigabitEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
 media-type rj45
 no mop enabled
!
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
no cdp run
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) are installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the

"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

 


Read more

Tutorial: Cisco Routers Add Web Security with Cisco ScanSafe

November 14 2011 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

IOS adds in proxy features to forward web traffic to cloud web security offering

Cisco launched this feature to the market at Interop. In a nutshell, it provides IOS routers with intelligent, identity aware, traffic redirection to the Cisco ScanSafe web security cloud offering. ScanSafe provides the following web security features as a cloud service:

  • URL Filtering
  • Scanlets analyze all elements of a web request including HTML, JavaScript, Flash and even obfuscated active scripts
  • Zero-day malware prevention
  • Protection against Phishing attacks
  • Granular Reporting with a multi-tenant design
  • 100% uptime over the last 8+ years
  • Heuristic Malware identification

 

Here is a graphical look at how each web request is processed in the cloud:

how-each-web-request-is-processed-in-the-cloud.jpg


This means that http and https traffic will be redirected from the router to the ScanSafe cloud where it will be filtered according to your policy settings. In addition to the redirection of traffic, the ISR G2 will also provide identity (group and user based) to ScanSafe for granular policy selection. Identity can be obtained using multiple methods (AD, web auth, etc) but Active Directory will probably be the most popular. The router encrypts all identity info before it is sent to the cloud.

 

This type of feature will allow companies to securely stop back-hauling web traffic from remote site VPNs to the central site and back out again. It also allows for a common web security policy across remote sites, central sites, and even remote hosts with the AnyConnect ScanSafe integration. Sending web traffic directly to the Internet results in performance and user satisfaction improvements and decreased bandwidth requirements for HQ. Here is a simple graphic to illustrate this intelligent redirection of web traffic.

intelligent-redirection-of-web-traffic.jpg


Now on to how you configure this on the router/Cisco routers.
First configure Identity on the router. This example will focus on active directory

LDAP integration.
Ldap server ad-server
ipv4 10.0.1.250
transport port 3268
bind authenticate root-dn cn=scansafe,cn=users,dc=test,dc=localdomain password 7 4424A34232
base‐dn dc=test,dc=localdomain

search‐filter user‐object‐type top
authentication bind‐first

 

Next, create an ldap group

Aaa group server ldap ad-servers
Server ad-server

 

Now Define ip admission control:

Aaa authentication login cs-aaa group ad-servers
Aaa authorization network cs-aaa group ad-servers
Aaa accounting network cs-aaa none

Ip admission virtual-ip 1.1.1.1
Ip admission name csauth ntlm
Ip admission name csauth order ntlm
Ip admission name csauth method-list authentication cs-aaa authorization cs-aaa accounting cs-aaa
Ip http server

Interface Gig0/1
!Internal interface
Ip admission csauth

 

Now that we have identity configured we move on to configuring the scansafe redirection commands:

parameter-map type content-scan global
server scansafe primary ipv4 72.37.244.147 port http 8080 https 8080
server scansafe secondary ipv4 80.254.145.147 port http 8080 https 8080
license 0 source interface GigabitEthernet0/0
timeout server 30 user-group ciscogroup username ciscouser
logging server scansafe on-failure block-all

 

Turn on content scanning on the external interface:

interface GigabitEthernet0/0
!external interface
ip address 128.107.150.75 255.255.255.0
ip nat outside
ip virtual-reassembly in
ip virtual-reassembly out
content-scan out

 

To whitelist sites you create a parameter map like the following example:

parameter-map type regex site_param
pattern google
pattern cisco
parameter-map type regex browser_param
pattern Chrome
content-scan whitelisting
whitelist header user-agent regex browser_param
whitelist header host regex site_param

 

Supported Cisco ISR G2 Platforms and requirements include
-881,891
-19xx, 29xx, 39xx
-Security feature license or higher is required
-Valid Cisco ScanSafe license

 

Cisco will release the IOS code end of this month. It will be 15.2(1)T. You can find more information at these links.

www.cisco.com/go/scansafe
www.cisco.com/go/isrg2

Read more

How to Configure a Firewall on Cisco 2821?

November 4 2011 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

The Cisco 2821 router comes equipped with a software-based firewall. To configure the firewall on a Cisco 2821, you must be familiar with Cisco's security-based commands to restrict access across the network. Administrative privileges and terminal emulation software are necessary to complete this task.

 

Things You'll Needhttp://www.router-switch.com/productimages/Routers/v/cisco2821.jpg

  • Terminal emulation software
  • RS-232 serial cable
  • Cisco router with IOS firewall

 

Instructions to Configure a Firewall on Cisco 2821 Router

1. Connect the router directly to the administrator workstation using an RS-232 cable.

 

2. Use the router's installation CD to install and open the terminal emulation software. If you prefer to use a third-party emulation software, that is acceptable.

 

3. Turn on the router and the initial boot sequence will begin. If the router has been previously configured, a prompt with the username will appear, otherwise, the prompt will appear as "Router>."

 

4. Type "enable" and press "Enter." Type in the router's password when the password prompt appears.

 

5. Type "conf t" and press "Enter." This will put the router into global configuration mode. The prompt will change to "Router (config) #."

 

6. Type "ip inspect?" and press "Enter." If the router is configured with the Cisco IOS software, a list of commands will appear that are specifically designed for configuring your router. If the computer displays "% Unrecognized Command," then you will need to download and install the Cisco IOS software (see Resources).

 

7. Use the list of available commands to configure your router. For examples of router configurations, navigate your browser to the Cisco website (see Resources).

 

8. Type "CNTL/Z" and press "Enter" once the configuration process is complete. This will return the terminal emulation software back to privileged mode.

 

9. Type "show ip route" and press "Enter." A list of all neighboring IP addresses will be displayed, indicating that the configuration is complete and the router is communicating with known workstations.

10. Type "show running-config" and press "Enter." Your new running configuration will display.

 

11. Type "copy running-config startup-config" and press "Enter." This will copy your current configuration to your start-up configuration and save it to the router's memory.

 

Tips & Warnings

  • If you have never configured a router, this task can become frustrating in a hurry. If you are not sure of your ability to configure your router, it is best to contact a qualified network administrator to help you.

 

Read more

Cisco 1941 vs. Cisco 1921: Cisco 1900 Users Help You Find It Out

October 24 2011 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

For a business that depends on technology, Cisco 1900 Series Integrated Services Routers (ISRs) deliver high-performance, highly secure connectivity with multiservice integration that can transform the workplace with a broad set of services, rich-media support, and operational excellence.

 

There are several Cisco 1900 popular stars including Cisco 1921/K9, Cisco 1921-SEC/K9, Cisco 1941/K9, Cisco 1941-SEC-SRE/K9, Cisco 1941-SEC/K9, CISCO1941W-A/K9, etc. Maybe it is hard for you to decide which one is the most suitable?

 

Cisco 1941 router or Cisco 1921 router? Not that complicated, look at some discussion from Cisco 1900 users or buyers, you will be clear about it:Cisco-1941-vs.-Cisco-1921-Cisco-1900-Users-Help-You-Find-It.jpg

The Cisco 1921 Integrated Services Router (ISR) brings you extremely protected data, portability, and application services as whatever you’re expecting. The primary features includes 2 integrated 10/100/1000 Ethernet ports, 2 enhanced High-Speed WAN Interface Card (EHWIC) slots, it has a ability to support 802.3af this power modules as well. if you concern the security it has a built in hardware encryption, together with this you can have extremely protected mutual communications.

 

Though you have mentioned two product with their series but let me tell you that there are multiple product with the same series, such as CISCO1941/K9 and C1941-SEC-SRE/K9 so still with the 1941 series you can have too many models, according to me you should first of make your own configuration and after that look for the model, after that you’ll be able to figure out which one would be better for yourself.

 

According to me you should prefer CISCO1941W-E/K9, it has a ability to support over 10 routing protocol such as OSPF, BGP, EIGRP, PIM-SM, IGMPv3, static IPv4 routing, static IPv6 routing and many more. The router is a evolutionary platform with multicore CPUs, if you have glance at the specification of this model, it will come to know that the hardware it has through which you can have very good performance, some of the features includes firewall protection, VPN support, Syslog support, IPv6 support, CBWFQ, WRED.

 

More Tips

Key features of Cisco 1900 series

Cisco 1900 Series Integrated Services Routers support:

  • Nonstop connectivity: High availability and increased business uptime through Cisco IOS Software, hardware redundancy, and failover capabilities.
  • Flexible services: Modular support for the broadest set of Cisco network and security services, as well as customizable "on demand" virtual services.
  • Best-in-Class security: Defends against malicious attacks and threats.
  • Secure mobility: High-speed wireless access enables employees to be more productive when they are away from their desks.
  • Flexible VPN support: Give remote staff and teleworkers secure access to company assets over a highly secure connection.

 

Cisco 1900 Series Integrated Services Routers offer a range of features including:

  • High-performance, nonstop connectivity with integrated services enables deployment in high-speed WAN environments
  • Modular design delivers optimal service flexibility
  • Available EtherSwitch modules enable integrated switching capabilities
  • Innovative Services-Ready Engine (SRE) enables deployment of services on demand
  • Optional integrated high-speed 802.11n wireless access point supports secure mobility
  • Best-in-class security—including firewall, intrusion prevention system, and content filtering—defends against malicious attacks and threats
  • VPN support enables secure collaborative communications with Group Encrypted Transport VPN (GETVPN), Dynamic Multipoint VPN (DMVPN), or Enhanced Easy VPN
  • Enhanced redundancy, including diagnostics and backup power supplies increase fault tolerance and business uptime
  • Operational simplicity, energy efficient design, and Green credentials deliver low total cost of ownership

 

If you need to get some info about Cisco 1900 series’ price and Cisco 1900 selling, you can visit Cisco 1900/Cisco 1941/Cisco 1921 at router-switch.com

 

 

Cisco 1900 series: Quite Simply the Best

Get on-demand services, rich-media capabilities, and unparalleled reliability.

Read more
<< < 1 2 3 4 5 6 7 8 9 > >>