Overblog Follow this blog
Administration Create my blog
Cisco & Cisco Network Hardware News and Technology

Posts with #cisco technology - it news tag

Three Steps to Ignite Your Enterprise Digital Journey

July 7 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network, #Cisco News, #Cisco Technology - IT News, #c

What’s new? The network is an informational highway of intelligence, but today’s static infrastructure can’t see the intelligence. The first step in addressing this issue is increasing visibility into the network with insights and analytics. Next is automating network services to make it easy to deploy, manage and maintain.

Cisco’s new network innovations address both challenges, and include:

Insights and Experiences:

  • Cisco Connected Mobile Experience (CMX) 10.2.2 – a software update with new features and enhancements for better customer engagement, operations and streamlined guest experiences
  • Cisco Aironet 1560 Series Outdoor Access Point – Cisco’s first outdoor Access Point that extends 802.11ac Wave 2 Wi-Fi to high-density environments, the foundation to enable CMX for your outdoor environments.
  • Cisco Catalyst 3650 Multigigabit Switch – a new Catalyst Multigigabit technology (based on NBASE-T standards) switch with up to 48 ports (12 MGig) and UPOE up to 60w for voice, video, and data performance assurance

Automation and Assurance:

  • ASR 1001-HX and ASR 1002-HX– new fixed –HX chassis that offer WAN edge high availability and resiliency with Service Level Agreement (SLA) assurance in a small form factor.
  • Cisco Unified Compute Services (UCS) E-Series – new 6-core single-wide compute blade for ISR 4000 with enhanced processing, memory and storage for 2x more app hosting.
  • 3rd Party App Hosting on ISR 4000 & ASR 1000 Cisco now supports KVM-based application hosted as container on Cisco Enterprise Routers, providing more choices and openness support for 3rd party or custom application.

What are the challenges Cisco is helping you overcome?

The roadmap to a digital network may seem simple, but there are significant challenges that must be overcome. With these new network innovations customers can tackle:

  • WAN Edge Challenges–The WAN is the fabric that connects users to apps and things. It also is the central point between the enterprise core and its edges—from the core to campus/HQ, branches, cloud and fog or among enterprise private data centers. The WAN edge must balance between performance, visibility, and security to ensure the best user experience (i.e. quality of voice, video, and data).
  • Branch Challenges–The branch is the first node of connection for users and guests to apps and things, as well as the first line of defense to nullify a threat. Given its small IT footprint and often remote locations, the branch challenges include application experience, connectivity, management and automation, threat detection and defense.
  • Customer Experience Challenges–To deliver a personalized customer experience, two integral steps must happen in tandem: (i) ubiquitous and robust connection, indoors and outdoors, and (ii) user, app, and device intelligence.

How will the new innovations help customers?

This is always a question we ask ourselves when rolling out any new technology. Focusing on real business outcomes for your enterprise, Cisco and our DNA approach is built on three design principles.

  • Services-centric to give enterprises the freedom to run services and applications when, where, and how they want it across the WAN and branch. Outcome: Faster service delivery.
  • Software-driven by virtualizing and optimizing applications and network functions for effective deployment on any platform: physic, virtual, or a mix of both. Outcome: Freedom of choice.
  • Automation of devices, apps and services for greater agility. Outcome: Less human errors.

Cisco DNA is the future of the network. These innovations allow you to reach greater network agility and achieve real business outcomes.

Reference from http://blogs.cisco.com/enterprise/ignite-your-enterprise-digital-journey-in-three-steps

More Related…

The Time of Multigigabit, Cisco’ s New Campus LAN Switches

Tailoring the Correct Cisco Outdoor 1560 Access Point for You

Cisco and DNA approach is built on three design principles

Cisco and DNA approach is built on three design principles

Read more

Cisco Industrial Ethernet 1000 Series Switches, How It Works?

July 1 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall, #Cisco Technology - IT News

Cisco Industrial Ethernet 1000 Series Switches' ROLE

Cisco Industrial Ethernet 1000 Series Switches' ROLE

Cisco Industrial Switches have a big family, including the Cisco IE 2000, IE 3000, IE 4000 and IE 5000 Series Switches and the new IE 1000 Series.

The Cisco Industrial Ethernet 1000 Series---Lightly Managed Switches for Industrial Environments

The Cisco Industrial Ethernet 1000 (IE1000) Series Switches enable industrial network connectivity where traditional unmanaged switches lack the required performance and do not offer visibility and control.

Cisco IE1000 is a lightly managed Layer 2 switch designed for industrial users to better achieve productivity and network reliability, a primary element to business success.

The traditional industrial Ethernet switch of the past was a DIN rail unmanaged switch with few Ethernet ports to interconnect various nodes, including computer, HMI, PLC, I/O, drive, and sensors. The main challenge when deploying unmanaged switches is that it is difficult to monitor and troubleshoot issues that impact operational productivity. The IE1000 offers basic management for QoS, and security along with monitoring capability, which are essential in industrial environments.

The Cisco IE1000 Series has the option of Power over Ethernet (PoE) applications. Cisco IE1000 switches are designed to meet IEEE 802.3af (PoE) and 802.3at (PoE+) standards for network devices such as wireless access points, IP surveillance cameras, display monitors, and PoE-enabled industrial devices. One benefit of a PoE network solution is that it reduces the time and cost of having power cabling or outlets installed by certified electricians. The IE1000 PoE series is for industry users that seek flexible, low-cost, and easy-to-use installation solutions.

How It Works

As soon as you power up the IE1000, you can access the switch using a web browser to start the network connectivity. The IE1000 boots within 30 seconds from power up. It also allows you to monitor traffic flows, and Ethernet port utilization. You can administratively shut down or block unwanted devices in case of safety or security concern.

You can prioritize traffic on a per-port basis to assure that the critical traffic is delivered end to end with priority. In addition, the Cisco IE1000 transports industrial protocol traffic such as Ethernet/IP, PROFINET, and Modbus/TCP without extra provisioning. The support of SNMP, alarm relay, and syslog allows you to uncover errors before the network stops totally.

Solution Highlights and Capabilities

The Cisco IE1000 Series Switches support the features and capabilities sufficient for industrial usage, including:

Port density: 5, 6, 8, and 10

• FE copper or GE fiber uplink ports

• 4 or 8 Fast Ethernet downlinks

• Up to 8 PoE/PoE+ ports

• Data load optimization with VLAN awareness

IGMP and DHCP snooping

• Web GUI-based provisioning and monitoring with no need for extensive IT knowledge

• High reliability and five-year hardware warranty

Benefits

• Minimized downtime: troubleshoot, monitor, and diagnose with Web-based GUI tool.

• Improved network resiliency: spanning tree enables network link redundancy and fast link recovery.

• Increased network security: port security allows disabling ports to control what gets connected to the network.

• Critical traffic prioritization: guaranteed delivery of mission critical end devices traffic.

• Reduced overall TCO: VLANs allow for logical segmentation in a single switch, which reduces total number of switches needed.

Use Case Examples

• Machine builders: Connects complex I/O and automation gears

• Panel builders and panel shops: for electricians to manage Ethernet connectivity.

• PoE solution for smart cities: Connects Wi-Fi access points and IP camera in locations without flexible power outlet or in spaceconstrained roadside cabinets.

More Related…

New Industrial Switches-Cisco IE 2000 Series

Cisco Industrial Ethernet 1000 Series Switches

Cisco Industrial Ethernet 1000 Series Switches

Cisco IE 1000 Series Switches Configurations

Cisco IE 1000 Series Switches Configurations

Read more

Mix Cisco Access Points? It’s Okay

June 8 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Technology - IT News, #Cisco Wireless - Cisco Wireless AP, #c

Don’t Sweat the Small Stuff: It’s Okay to Mix Cisco Access Points

Don’t Sweat the Small Stuff: It’s Okay to Mix Cisco Access Points

FCC 14-30 is a hot topic these weeks. In early June 2016, the FCC published FCC 14-30 Order, which now allows the use of three additional channels (120, 124, and 128) as well as other power adjustment and updated DFS regulations. Cisco’s compliance with new rules requires the assignment of hardware to a regulatory domain, indicating which rules the device complies.

In the following part, let’s read the reviews written by Jim Florwick (a member of the Technical Marketing Engineering team for Cisco's Wireless Business Unit). He talked about Why “It’s Okay to Mix Cisco Access Points”

Don’t Sweat the Small Stuff: It’s Okay to Mix Cisco Access Points

The new –B regulatory domain was designed to take the place of –A so that access points will be compliant with the FCC 14-30 Order. Per the FCC order, access points shipped before June 1, 2016 are grandfathered to adhere to –A requirements. Access points shipped after the June 1 date must meet the –B requirements. This includes changes in DFS detection requirements, which must re-certify according to the new rules.

I’ve been hearing from a lot of customers who don’t want to mix the two regulatory domains in their networks. But there simply is no reason not to do so.

There are a few nice things in a –B access point that aren’t available in an –A access point. Things that we all want: more 5 GHz channels and more power in U-NII 1. However, other than those minor changes, the –B and –A access points are the same. There are absolutely no operational issues in running both –A and –B on the same controller or controllers.

For example, let’s say you’re adding some access points or building out a new area – and you mix –A and –B access points, what will happen in terms of operations?

If the new channels aren’t added to the DCA list—and by default, they are not—they will not be assigned to any of the –B capable access points. If the new channels are added to the DCA list, it will only be assigned to the –B access points. This won’t be a problem as the clients will still use 120, 124, 128 where it’s available.

I have been in this industry for a long time and I’m not aware of any clients that support U-NII 1, 2, 3 that have failed in these channels. If, for some reason this does happen, simply remove the channels. No harm, no foul.

That leaves different allowed transmit (TX) power. There will be no issues here either – since TPC still works the same as it always has. The Cisco access point product line still operates with a mix of allowed powers in the 5 GHz UNII bands under the –A rules. The Neighbor Discovery Protocol is normalized for this reason and Radio Resource Management (RRM) works just fine. There are no known issues with mixing –B and –A radios in the same air on the same controller. If a user wants to stay consistent about power implications, simply set TPC Max to enforce max power to –A globally and in RF Profiles when in use.

In the last sentence I talked about consistency, and there are a lot of customers—myself included—that just don’t like the idea of a mixing anything. I go so far as to stay away from milkshakes and just eat ice cream cones, when I want a cool treat. But the reality is this is not like mixing Cisco Aironet 1130 and Aironet 3700 Access Points in the same room. Once your –A and –B access points are plugged in and running no one would ever know that a mix existed.

We don’t have operational hiccups absorbing this change like some of our other competitors. At Cisco, we’ve been running mixed environments in Alpha production networks since the Cisco AP 1810 was in development—and that’s a fair amount of time to find irregularities and observe errors. Cisco Mobility Express is built on a –B access point, and supports the –A access points. These devices have been tested over thousands of hours and work as expected.

There is really no reason other than just the perception of a mix to be worried. With that being said, I’m heading down to the ice cream shop and enjoying a frosty milkshake. I hear that they’re really great!

To read the entire Product Bulletin, click here. To read the entirety of Cisco’s response, click here.

…The original article from http://blogs.cisco.com/wireless/dont-sweat-the-small-stuff-its-okay-to-mix-cisco-access-points

More Cisco Wireless Topics you can read here: http://blog.router-switch.com/category/technology/wireless/

Read more

What is the Cisco Intelligent Branch?

June 1 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Technology - IT News, #Cisco & Cisco Network, #c

Intelligent Branch Foundational Components

Intelligent Branch Foundational Components

What is the Cisco Intelligent Branch? What does it can do for you?

Now Business is going digital, and customers expect multiple ways of interacting with you.

Your competitors are delivering personalized in-store content to visitors over Wi-Fi, such as coupons and sales alerts. Some offer remote consultations and demonstrations.

Staying in the game requires the ability to execute your own creative digital solutions quickly.

You can do exactly that with the Cisco Intelligent Branch, an all-in-one, powerful digital network platform. Use it to deliver digital experiences in stores and at branch offices, where 90 percent of today’s business revenue is generated.1 Deliver differentiating services and new business offers with guest Wi-Fi, rich media content, and cloud applications.

Benefits from the Cisco Intelligent Branch

For Lines of Business:

• Create an immersive digital experience for your workforce and customers.

• Improve mobile, social, and online engagement with customers.

• Gather actionable insights that allow you to build new business offerings.

For IT:

• Get an ownership cost advantage with a pay-as-yougrow model.

• Protect your investment through license portability.

• Get operational simplicity and automated management.

• Gain a scalable and resilient infrastructure for digital business needs.

One Platform, Many Functions

The Cisco Intelligent Branch combines key IT capabilities in a small-footprint, zero-touch deployment platform that’s SD-WAN ready. It consists of a modular Cisco 4000 Series Integrated Services Router (ISR) running the Cisco Unified Computing System™ E-Series server blade. You can add on network services – wireless LAN, WAN optimization, security, and more – so you can easily activate, change, and replace the functions as your business grows. The Cisco Intelligent Branch works with whatever type of wired or wireless WAN you have.

Intelligent Branch Foundational Components

Cisco 4000 Series ISR

• Integrated Cisco UCS E-Series server blade

• Cisco Intelligent WAN (IWAN) architecture

Add-On Network Services

Cisco Virtual Wide Area Application Services (vWAAS) WAN optimization

• Cisco IOS Software Zone-Based Firewall

• Cisco FirePower Virtual Intrusion Prevention System (IPS)

• Cisco Virtual Wireless Controller

• Cisco Adaptive Security Virtual Appliance (ASAv)

Use this technology foundation with cloud-based software-as-aservice (SaaS) applications to increase your business agility. You can also use the network as a sensor to protect your business from attack with embedded security. All while gathering intelligence about your users that lets you create new, personalized business offerings and revenue opportunities.

Use Cases

Here are a few sample scenarios for the Cisco Intelligent Branch:

• The bank branch: No mortgage advisor available? Set the customer up with an advisor in another location using telepresence.

• The retail store: Shoppers need help? Use a kiosk and a remote advisor to provide advice. Showcase an e-catalog and enable mobile point of sale on an associate’s tablet. Customers won’t have to stand in long lines anymore.

• The classroom: Stream HD video to students’ tablets so they can attend live classroom sessions from anywhere. Students can also collaborate with each other and with instructors more engagingly in real time, increasing student comprehension.

• The traditional branch office: Use wireless WAN connections to quickly deploy pop-up sites. Empower employees with superior cloud application performance. Increase customer loyalty with mobile and virtual experiences.

“Digital mastery requires companies to acquire, build, and deploy new technology services at speeds that used to be unthinkable. – Digital Predator or Digital Prey?”

Info from http://www.cisco.com/c/dam/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/at-a-glance-c45-736379.pdf

More Related Cisco Network Topics

Migrating to Cisco 4000 Series ISR…Benefits You Get

Read more

Introducing Cisco DNA (Digital Network Architecture)

April 19 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Technology - IT News, #Cisco & Cisco Network, #Cisco News

Cisco DNA-5 Principles

Cisco DNA-5 Principles

Network Evolution for the Digital Era

Network Evolution for the Digital Era

The Digital Network Architecture (DNA) building blocks and their programmable interfaces.

The Digital Network Architecture (DNA) building blocks and their programmable interfaces.

Watch this video for an overview on Cisco Digital Network Architecture.

Raakhee Mistry (Marketing Manager, has been with Cisco for over 12 years, serving in product management, partner program and solutions marketing roles.) collected the different audiences’ responses to Cisco Digital Network Architecture. She pointed out: Analysts agree that Cisco DNA is a Game Changer. Yes. The New Cisco DNA is a Game Changer for the Digital Era.

Cisco DNA is short for Digital Network Architecture. The Cisco Digital Network Architecture is a platform that will give our customers both a roadmap to digitization and a path to recognize immediate benefits of network automation, assurance and security. Cisco released it at Cisco Partner Summit 2016.

Cisco DNA complements Cisco’s market leading, data center based Application Centric Infrastructure (ACI) technology by extending the policy driven approach and software strategy throughout the entire network: from campus to branch, wired to wireless, core to edge.

Cisco DNA is delivered within the Cisco ONE Software family, enabling simplified software-based licensing, and helping with investment protection and flexibility.

The IT networking industry continues to demand knowledgeable professionals to help manage, secure and optimize their network infrastructure. Networking jobs can be found worldwide in exciting industries such as fashion, sports, and entertainment. Research indicates that a certification is second only to a four year college degree as a way to qualify people for positions and certifications were rated to be the top criteria in being able to determine an applicant's qualifications.

Cisco Digital Network Architecture Benefits

  • Insights. The network touches all things digital – users, devices, applications, sensors and cloud – and networking professionals are in a unique position to help their organizations capture insights in real time that allows businesses to make better decisions instantly and deliver better experiences.
  • Automation. This area is centered on IT speed and simplicity. Today’s networking professionals are CLI jockeys, but that will offer less value as time goes on. The network is evolving to software with software-defined networking, open APIs, network function virtualization and more. These new technologies provide networking IT with unprecedented agility that helps IT deliver business requirements faster and can free up cycles to support more strategic projects for their organization.
  • Security. While digital technologies have opened up new opportunities, they have also introduced a level of risk. As we see the proliferation of mobile devices and cloud adoption, the network perimeter is evolving and the attack surface has the potential to grow significantly. To combat that risk, networking professionals will be able to offer the business a new approach to inject security pervasively through the network, which can be the sensor and enforcer of security threats.

More Related…

Cisco DNA is a Game Changer for the Digital Era?

Happy Birthday, Cisco ONE Software!

Cisco Boosts IOS XR Software Solutions…for ‘Cloud-Scale’ Networking

Cisco Mobility Express Solution Release Notes

Cisco ONE Software Licensing Program

Cisco ACI, What is It?

Read more

Using DHCP and DHCP Option 82

March 30 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network, #Cisco Technology - IT News, #c

DHCP Option 82 Operation

DHCP Option 82 Operation

DHCP is short for Dynamic Host Configuration Protocol. We know that DHCP is used in LAN environments to dynamically assign host IP addresses from a centralized server, which reduces the overhead of administrating IP addresses.

I’ve read an article “DHCP Snooping and DHCP Snooping Configuration” that is about a CCIE’s experience. In that article it also shares the DHCP Option 82 concept.

In this article we will share some info of using the DHCP Option 82.

DHCP also helps conserve limited IP address space because IP addresses no longer need to be permanently assigned to client devices; only those client devices that are connected to the network require IP addresses. The DHCP relay agent information feature (option 82) enables the DHCP relay agent (Catalyst switch) to include information about itself and the attached client when forwarding

DHCP requests from a DHCP client to a DHCP server. This basically extends the standard DHCP process by tagging the request with the information regarding the location of the requestor. (See the Figure “DHCP Option 82 Operation”)

...

The following are key elements required to support the DHCP option 82 feature:

• Clients supporting DHCP

• Relay agents supporting option 82

• DHCP server supporting option 82

The relay agent information option is inserted by the DHCP relay agent when forwarding the client-initiated DHCP request packets to a DHCP server. The servers recognizing the relay agent information option may use the information to assign IP addresses and to implement policies such as restricting the number of IP addresses that can be assigned to a single circuit ID. The circuit ID in relay agent option 82 contains information identifying the port location on which the request is arriving.

Note:

1. The DHCP option 82 feature is supported only when DHCP snooping is globally enabled and on the VLANs to which subscriber devices using this feature are assigned.

2. DHCP and the DHCP option 82 feature have not been validated in the lab for EttF version 1.1. At this time, Cisco recommends considering only DHCP with option 82 for the application servers at level 3.

Reference from http://www.cisco.com/c/en/us/td/docs/solutions/Verticals/EttF/EttFDIG/ch3_EttF.pdf

More Related…

Five Things You Should Know About DHCP Snooping

How to Configure DHCP Snooping

How to Configure DHCP Snooping in a Cisco Catalyst Switch

DHCP Option 150 & DHCP Option 66

DHCP Relay on the Nexus7000/NXOS vs. IP Helper on the 6500/IoS

Read more

Is It Cisco ClientLink 4.0 or ClientLink 3.0?

March 23 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Wireless - Cisco Wireless AP, #Cisco Technology - IT News

Optimize Your Mixed-Client Wi-Fi Network

Optimize Your Mixed-Client Wi-Fi Network

The Cisco ClientLink Advantage

The Cisco ClientLink Advantage

Mobile devices are so popular today, which range from laptops, tablets, smartphones to others. And now all kinds of mobile device types now connect to your wireless LAN. All these mobile devices might use a mix of new and old Wi-Fi technologies – 802.11ac, 802.11n, and 802.11a connections – for access. To keep the older and slower clients from impeding the performance of newer and faster 802.11ac Wave 1 and 2 connections, there is Cisco ClientLink.

ClientLink is a beamforming capability built into Cisco Aironet wireless LAN access points. When the access point (AP) concentrates signals toward the receiving client, that client is better able to “hear” the AP’s transmission, so throughput is greater. ClientLink also enhances performance in the uplink (client-to-AP) direction, so that the AP can also better hear the client communications. The result is improved performance in both directions.

By comparison, many competing 802.11ac-capable APs offer uplink-only enhancements, from client to access point. Many 802.11ac-capable AP suppliers also base their downlink enhancements on the optional transmit beamforming (TxBF) feature in 802.11ac, which requires TxCBF support in the client device to operate. Cisco ClientLink technology is unique in offering both uplink and downlink performance improvements, and it doesn’t require any special capabilities in the client device to work.

ClientLink works with all client technologies. It makes sure each client type always operates at the best possible rate, as determined by the 802.11 access technology supported, network conditions, and the distance of the client from the Wi-Fi AP. ClientLink helps maintain maximum client rates even at cell boundaries, when clients are farthest away from the AP.

How to Get the Most from 802.11ac?

The 802.11ac standard inherently provides performance increases compared with earlier 802.11 technology versions. But because 802.11-based equipment is backward-compatible with older versions of the standard, it pays to run a mixed-client network to get the most out of your device investments. At the same time, however, your older clients can delay communications for the faster 802.11ac clients, hindering 802.11ac performance benefits.

Cisco ClientLink overcomes this issue for more reliable mobile experiences. In Aironet 802.11ac APs, ClientLink uses four transmit antennas to focus transmissions in the direction of the Wi-Fi client, surpassing the industry norm. This support improves downlink signal-to-noise ratio (for better client “hearing”) and boosts the data rate over range so you can reduce coverage holes and enhance overall system performance. Table 1 illustrates the Cisco performance advantages of using ClientLink technology.

You get beamforming enhancements across your entire client population of new and old devices: Cisco ClientLink beamforming works with all client types, and IEEE-standard transmit beamforming (TxBF) is also built into all Cisco Wi-Fi-Certified 802.11ac access points to benefit the 802.11ac clients that support it.

ClientLink also works with multiuser multiple input, multiple output (MU-MIMO), part of the 802.11ac standard that enables concurrent transmissions between an AP and multiple 802.11ac client devices that also support MU-MIMO. As a result, Cisco ClientLink can now also provide performance boosts across a mixture of 802.11ac, 802.11 n, and 802.11a clients to further benefit your entire wireless network.

The wireless difference is in the implementation details. Turn to Cisco ClientLink-enhanced APs to get best performance from all Wi-Fi clients on your network.

From http://www.cisco.com/c/dam/en/us/products/collateral/wireless/aironet-3600-series/at_a_glance_c45-691984.pdf

More Related Cisco Wireless Topics…

Cisco Aironet Series 3700 vs. AP 3600 Series

New Cisco Aironet 802.11n G2 Series Indoor AP: Cisco AP 2700 and AP 3700 Series

A Full Overview of the Recent Cisco NPI Launch

What a Cisco Mobility Express Bundle!

Go On, All the Benefits of 802.11ac Wave 2

More here…http://blog.router-switch.com/category/technology/wireless/

Read more

IPv6 Feature Support on the Cisco ASA Firewall

November 12 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Technology - IT News, #Cisco Switches - Cisco Firewall

It is well known that Cisco ASA series supports IPv6 and it can be setup very easily and quickly. In the following part it focuses on a basic ASA setup for a native IPv6 network. As you will see, there are very few commands required to have your ASA firewall join an IPv6 ready network.

Here is a quick way to configure up your ASA firewall for IPv6 connectivity.

BASIC CONFIGURATION

Step 1

In this step we assign a link local address to the interface. There are 2 ways to assign a link local address to the interface

Step 1.1.

Configure the interface to generate a link local address from its MAC address.

interface GigabitEthernet 0/0

no shutdown

nameif inside

ipv6 enable

When you enter IPv6 enable, a link local address is automatically generated (this is based on your mac address).

Step 1.2.

Configure a link local address manually.

interface GigabitEthernet 0/0

no shutdown

nameif inside

ipv6 address <ipv6-address> link-local

Using the above command you can assign a link local address to the interface manually.

You can verify the link local address by executing the “show ipv6 interface” command.

Step 2

Next we have to assign the global address to the interface. There are 2 ways of doing this.

Step 2.1.

You can manually assign a global IPv6 address to the interface.

interface GigabitEthernet 0/0

ipv6 address 2001::db8:2:3::1/64

With the IPv6 address command above, you are manually specifying the global IPv6 address for the interface. You can specify more than one IPv6 addresses for the interface using the command.

Step 2.2.

You can configure the interface to obtain the address automatically using stateless address autoconfiguration.

interface GigabitEthernet 0/0

ipv6 address autoconfig

Enabling stateless autoconfiguration on the interface configures IPv6 addresses based on prefixes received in Router Advertisement messages.

NOTE: There was a defect (CSCuq62164) in the ASA software that caused the ASA to not assign an address if it received a RA message with both the M and A flags set. This has been fixed in 9.3(1) release and hence we recommend this version if you intend to use SLAAC for configuring the address on ASA interfaces.

Step 3

Verify IPv6 configuration.

Example:

show ipv6 interface


inside is up, line protocol is up

IPv6 is enabled, link-local address is fe80::e6c7:22ff:fe84:eb2

Global unicast address(es):

2001:db8:2:3::1, subnet is 2001:db8:2:3::/64

Joined group address(es):

ff02::1:ff00:1

ff02::1:ff84:eb2

ff02::2

ff02::1

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds

ND advertised reachable time is 0 milliseconds

ND advertised retransmit interval is 1000 milliseconds

ND router advertisements are sent every 200 seconds

ND router advertisements live for 1800 seconds

Hosts use stateless autoconfig for addresses.

Step 4 (Optional)

Suppress Router Advertisement messages on an interface.

By default, Router Advertisement messages are automatically sent in response to router solicitation messages. You may want to disable these messages on any interface for which you do not want the security appliance to supply the IPv6 prefix (for example, the outside interface).

Enter the following command to suppress Router Advertisement messages on an interface:

ipv6 nd suppress-ra

Neighbor discovery will continue to be operational even though RA suppression has been configured.

Step 5

Define an IPv6 default route.

ipv6 route outside ::/0 next_hop_ipv6_addr

Using ::/0 is equivalent to “any”. The IPv6 route command is functionally similar to the IPv4 route.

Step 6

Define access-lists.

Using the regular access-list command define the access-lists with IPv6 addresses in them so as to permit the required traffic to flow through the ASA.

Example:

access-list test permit tcp any host 2001:db8::203:a0ff:fed6:162d

access-group test in interface outside

The above is permitting traffic to a specific server 2001:db8::203:a0ff:fed6:162d.

SECURING THE FIREWALL

If you plan to configure autoconfig for the IPv6 global address on the ASA, you should limit the amount of router advertisements (RA) to known routers in your network. This will help prevent the ASA from being auto configured from unknown routers.

access-list outsideACL permit icmp6 host fe80::21e:7bff:fe10:10c any router-advertisement

access-list outsideACL deny icmp6 any any router-advertisement

access-group outsideACL in interface outside

interface GigabitEthernet 0/0

nameif outside

security-level 0

ipv6 address autoconfig

ipv6 enable

The above access-list when applied on the ASA will limit receiving router advertisements (RA) from only the router specified. All other RAs will be denied.

Configuring ASA to help autoconfigure IPv6 addresses on hosts behind the ASA

The hosts in the network behind the ASA might be configured to autoconfigure their IPv6 address. Dynamic address assignment happens in 2 ways on IPv6 networks. It could either be a stateful address assignment or stateless address assignment.

Stateful dynamic address assignment

For stateful address assignment, a DHCPv6 server needs to be configured on the network that can assign address to hosts upon request. ASA currently does not have the ability to host a DHCPv6 server on its interfaces. But the ASA can act as a DHCPv6 relay agent. In order to enable stateful dynamic address assignment to hosts behind the ASA, the DHCPv6 relay agent needs to be configured on the ASA.

To configure the DHCPv6 relay agent the following configuration is needed:

ipv6 dhcprelay server 2001:db8:c18:6:a8bb:ccff:fe03:2701

ipv6 dhcprelay enable inside

The first command specifies the address of a DHCPv6 server to which the DHCP requests are forwarded. The command also accepts an optional interface name that specifies the output interface for the destination. The second command enables DHCP relay on an interface. When DHCP relay is enabled on an interface, all the DHCP requests coming on that interface get forwarded to the configured DHCP server.

Stateless dynamic address assignment

In Stateless Autoconfiguration (SLAAC) the client picks up its own address based on the prefix being advertised by the ASA. The prefix is advertised by means of an IPv6 router advertisement. ASA sends out IPv6 router advertisements by default from any interface on which a global IPv6 address is configured. Additionally, a DHCPv6 relay agent can be configured to point to a DHCPv6 server that can advertise a DNS server address and a domain name only.

IPv6 Prefix delegation

ASA does not support IPv6 prefix delegation yet. If the network behind the ASA requires to be assigned IPv6 addresses based on the prefix delegated by a delegation router, then we need to place an ASA between the provider edge (PE) router and the IPv6 capable customer premise router. The ASA must be in transparent mode. This way the ASA protects the entire IPv6 network, including the infrastructure router, on the customer premises. All ICMP6 traffic must be permitted on the ASA running in transparent mode.

The following must be configured on the ASA:

firewall transparent

interface BVI1

no ip address

ipv6 enable


interface GigabitEthernet0/0

nameif outside

bridge-group 1

security-level 0


interface GigabitEthernet0/1

nameif inside

bridge-group 1

security-level 100


access-list permit_icmp6 extended permit icmp6 any6 any6

access-group permit_icmp6 global

This example uses a link-local IPv6 address on the BVI interface. You can also configure an explicit IPv6 address for in-band management purposes.

The original article was shared from https://supportforums.cisco.com/document/61451/cisco-asa-ipv6-quick-start

More Cisco Firewall & Network Security Topics you can read here...http://blog.router-switch.com/category/reviews/cisco-firewalls-security/

Read more

Cisco’s IoT Part-Cisco Mobile IP Gateway 2450

September 25 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network, #Cisco Technology - IT News

The MIG-2450 is a gateway specifically designed for transportation solutions in environments such as buses, trains and planes.

The MIG-2450 is a gateway specifically designed for transportation solutions in environments such as buses, trains and planes.

Now, Cisco is focusing on the Internet of Things and delivering more than a dozen new IoT-focused products and a handful of services for channel partners. IoT can do many things for industries.

The IoT is transforming the mass transportation industry. With smart, connected devices, transit companies can monitor hundreds of details about vehicles, tracks, environmental conditions, and much more. IoT technology can also help businesses deliver the value-add services passengers are beginning to expect, such as onboard Wi-Fi.

The challenge for today’s transportation companies is to find secure, efficient ways to put this IoT technology to work. Connecting devices and endpoints across a complex, wide-ranging transportation network can take a lot of time and resources.

Cisco designed the Cisco Mobile IP Gateway 2450 to help simplify these tasks.

The MIG-2450 is a mobile connectivity gateway that delivers high availability communications between central offices, trackside operators, and transit vehicles by integrating GPS, Ethernet, Wi-Fi, and mobile broadband modems.

The MIG-2450 helps you comply with safety and interoperability regulations. It also gives you a way to collect and analyze data without the need for yet another piece of hardware to fit onboard a vehicle. And its modular design provides powerful connectivity for the services and applications that enhance the transportation experience for passengers and workers alike.

Benefits

Automate and improve communication between the back office and transit vehicles.

Boost efficiency and simplify decision making with visibility into vehicles, workers, and security system statuses.

• Enhance the user experience with new, value-added Wi-Fi services for passengers.

• Improve safety for passengers and employees with telematics, driver performance monitoring, and systems analytics applications.

• Reduce operational costs by automating systems management and streamlining PTC compliance for safety and speed enforcement.

Built for a Wide Range of Use Cases

The Cisco Mobile IP Gateway 2450 helps make your transportation operations more efficient, cleaner, and safer. And less costly to run.

With this critical component in your network infrastructure, you can:

• Provide high-performance passenger Wi-Fi

• Implement and manage onboard information systems

• Make transportation safer with wireless surveillance

• Comply more easily with safety and speed regulations

• Remotely monitor and manage mobile assets

• Monitor driver and vehicle performance in real time

• Run systems analytics applications

Offering Options for the Way You Do Business

The MIG-2450 delivers the following features:

• Hardened, scalable industrial system with a compact form factor, wide operating temperature range, fanless operation, and compliance with AAR Standard S-9401 and EN-50155

• Centralized management to allow operators to remotely monitor, control, and perform diagnostics

• Support for up to 4 Type-1 or 10 Type-2 interface cards for extensible connectivity

• Robust connectivity with support for quality of service (QoS), dynamic roaming, multilink load balancing and failover, and link monitoring

• Durable security through Internet Protocol Security (IPsec), Secure Shell (SSH), AES encryption, and datagram transport layer security (DTLS)

Info from http://www.cisco.com/c/dam/en/us/products/collateral/se/internet-of-things/at-a-glance-c45-735028.pdf

More new IoT-related products announced from Cisco (15 in total) include:

  • IE5000 purpose-built switch designed for manufacturing and cities.
  • IW3702 wireless access point for mass transit systems and city-wide wi-fi deployments.
  • IR 809 and IR 829 series of industrial routers with wi-fi and 4G/LTE connectivity for transportation organizations.
  • 4G/LTE modules for CGR 1000 for utility companies, 5921 Embedded Services Routers for industrial networking in remote locations.
  • 360° 5MP & 720p IP cameras for situational awareness. They're also outfitted with audio and digital sensors.
  • Physical security analytics applications that connect to the IP cameras.
  • Fog computing data services for the creation of policies that can monitor and then take action on data that flows through an IoT environment.
  • IoT Field Network Director for monitoring and customizing IoT network infrastructure.
  • Fog Director for centrally management apps that run at the network's edge.

More Related

Cisco’s IoT Part-The Cisco 829 Industrial Integrated Services Routers

What Does the New Cisco IoT System Can Do for You?

Read more

The Latest Cisco Industrial Router Family

September 22 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers, #Cisco Technology - IT News

Cisco IoT---Securely and Reliably Connect All Areas of Your Business

Cisco IoT---Securely and Reliably Connect All Areas of Your Business

Cisco fleshed out its Internet of things system, and product line in early June this year.

IoT, the Internet of Things, is one of the most profound transitions in technology today.

The Cisco IoT System is a comprehensive set of technologies and products for enterprises to help accelerate the transition to an intelligent, IoT-based infrastructure. This broad portfolio of infrastructure technologies and products can enable customers to connect, manage, and control previously unconnected devices.

Gain deeper insights with analytics on IoT data. Better secure your physical and digital assets and data. And innovate by creating and deploying IoT applications from the cloud to the fog.

Cisco IoT System can enable industries such as manufacturing, energy, transportation, public safety, and smart cities to deploy and accelerate IoT solutions.

In San Francisco, an integrated, Internet of Things (IoT)-based network with parking, garage, and roadway sensors reduced parking search time by 43 percent. And parking citations dropped by 23 percent.

On the Aegean Motorway in Greece, IoT sensors deliver real-time traffic and weather information, speeding emergency response and improving safety and travel time.

The Internet of Things is driving efficiencies and innovation in industries ranging from energy and utilities to manufacturing, public safety, and transportation. But to realize the potential of IoT, you need reliable, high-quality, high-speed network connections to collect and transmit data from a multitude of deployed devices.

The Cisco industrial router portfolio includes a range of compact, ruggedized modular platforms on which you can build a highly secure, reliable, and scalable communications infrastructure. These products are certified to meet harsh environmental standards. They support a variety of communications interfaces, such as Ethernet, serial, fiber, cellular, WiFi, Wi-SUN RF mesh, and others.

Benefits

• Reduce downtime and maintain continuous access to applications, data, and content with highly reliable platforms

• Prioritize operational traffic from SCADA networks and allocate network bandwidth using advanced quality-of-service features

• Lower operational costs and simplify new device deployments with zero-touch provisioning; manage, monitor, and update devices remotely

• Improve security with cyber and physical networkwide security policies, secure VPNs, and stateful firewalls, and gain unparalleled visibility and control

• Improve application resilience by distributing intelligence across the network using Cisco IOx, an open, extensible environment for hosting applications

• Boost efficiency and better decision making by tracking and monitoring equipment, assets, workers, and important business system components

The Cisco Industrial Router Portfolio

The complete line of industrial routers include:

Cisco 1000 Series Connected Grid Routers: Rugged routers designed for harsh environments, like those found in the utilities industry. Ideal for integrating multiple applications, such as advanced metering infrastructure (AMI), distribution automation, distributed energy resources (DER), street lighting, and remote workforce automation, onto a single platform.

Cisco 2000 Series Connected Grid Routers: Highly secure, reliable routers for the energy and utilities industries positioned for SCADA monitoring for transmission and distribution.

Cisco ASR 903 Aggregation Services Routers: Full-featured, modular, small-footprint, and fully redundant aggregation platforms. They offer service flexibility and deliver Layer 2, IP, and Multiprotocol Label Switching (MPLS) transport for advanced Layer 2 VPN, Layer 3 VPN, and multicast services

Cisco 500 Series WPAN Industrial Routers: Wi-SUN RF Mesh ruggedized router provide unlicensed 915-MHz, ISM-band wireless personal-area network (WPAN) communications that enables IoT applications, including smart metering, distribution automation, street lighting, and remote supervisory control and data acquisition (SCADA) monitoring.

Cisco 809 Industrial Integrated Services Routers: Very compact cellular (3G and 4G/LTE) industrial routers for remote deployment in various industries. They enable reliable and secure cellular connectivity for remote asset monitoring and machine-to-machine (M2M) solutions such as distribution automation, pipeline monitoring, and roadside infrastructure monitoring

Cisco 819 Integrated Services Routers: Compact, hardened, form factor cellular (3G, WLAN, or 4G options) routers that allow businesses to deploy secure 3G WWAN services and applications, like ATMs, wireless kiosks, digital signage, and more.

Cisco 829 Industrial Integrated Services Routers: Highly ruggedized compact cellular (3G and 4G LTE with GPS and dual SIM) and WLAN (2.4/5GHz) industrial routers supporting for scalable, reliable, and secure management of fleet vehicles and mass transit applications.

Cisco 910 Industrial Router: Highly adaptable routers that you can easily integrate with third-party solutions to deliver smart city applications, such as environmental monitoring, smart parking, smart metering, and more.

Capabilities for Rugged, Industrial Settings

We designed the Cisco industrial routers to withstand harsh operating environments and to offer high-speed connectivity with the scale to handle thousands of devices. Key features include:

  1. Design for industrial applications, including extended environmental, shock, vibration, and surge ratings; a complete set of power input options; convection cooling; and DIN rail, 19-inch rack or wall mounting.
  2. Advanced security such as Dynamic Multipoint VPN, stateful firewall, and access control lists to provide multi-layered security architecture across different places in the network.
  3. Diverse modular interfaces (Ethernet, T1/E1, 3G and 4G LTE cellular, asynch/synch, serial, and others) to interface and backhaul for different existing infrastructures.
  4. Advanced quality-of-service (QoS) capabilities to support mission-critical communications, such as substation communications or SCADA.
  5. Cisco IOx, an open, extensible environment for hosting applications at the network edge for distributed intelligence.
  6. Easy and user-friendly deployment, setup, operation, and management using network management tools such as IoT Field Network Director and Industrial Operations Kit.

Reference from http://www.cisco.com/c/dam/en/us/products/collateral/routers/809-industrial-router/at-a-glance-c45-735008.pdf

More Related Topics of Cisco Industrial Routers

Cisco’s IoT Part-The Cisco 829 Industrial Integrated Services Routers

Why Upgrade to the New Cisco 860VAE ISRs?

Cisco 890 Series ISR Info Update 2015

Compare Cisco Products and Solutions

Read more
<< < 1 2 3 4 5 6 > >>