Posts with #cisco technology - it news tag
It is well known that Cisco ASA series supports IPv6 and it can be setup very easily and quickly. In the following part it focuses on a basic ASA setup for a native IPv6 network. As you will see, there are very few commands required to have your ASA firewall join an IPv6 ready network.
Here is a quick way to configure up your ASA firewall for IPv6 connectivity.
In this step we assign a link local address to the interface. There are 2 ways to assign a link local address to the interface
Configure the interface to generate a link local address from its MAC address.
interface GigabitEthernet 0/0 no shutdown nameif inside ipv6 enable
When you enter IPv6 enable, a link local address is automatically generated (this is based on your mac address).
Configure a link local address manually.
interface GigabitEthernet 0/0 no shutdown nameif inside ipv6 address <ipv6-address> link-local
Using the above command you can assign a link local address to the interface manually.
You can verify the link local address by executing the “show ipv6 interface” command.
Next we have to assign the global address to the interface. There are 2 ways of doing this.
You can manually assign a global IPv6 address to the interface.
interface GigabitEthernet 0/0 ipv6 address 2001::db8:2:3::1/64
With the IPv6 address command above, you are manually specifying the global IPv6 address for the interface. You can specify more than one IPv6 addresses for the interface using the command.
You can configure the interface to obtain the address automatically using stateless address autoconfiguration.
interface GigabitEthernet 0/0 ipv6 address autoconfig
Enabling stateless autoconfiguration on the interface configures IPv6 addresses based on prefixes received in Router Advertisement messages.
NOTE: There was a defect (CSCuq62164) in the ASA software that caused the ASA to not assign an address if it received a RA message with both the M and A flags set. This has been fixed in 9.3(1) release and hence we recommend this version if you intend to use SLAAC for configuring the address on ASA interfaces.
Verify IPv6 configuration.
show ipv6 interface inside is up, line protocol is up IPv6 is enabled, link-local address is fe80::e6c7:22ff:fe84:eb2 Global unicast address(es): 2001:db8:2:3::1, subnet is 2001:db8:2:3::/64 Joined group address(es): ff02::1:ff00:1 ff02::1:ff84:eb2 ff02::2 ff02::1 ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 1000 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses.
Step 4 (Optional)
Suppress Router Advertisement messages on an interface.
By default, Router Advertisement messages are automatically sent in response to router solicitation messages. You may want to disable these messages on any interface for which you do not want the security appliance to supply the IPv6 prefix (for example, the outside interface).
Enter the following command to suppress Router Advertisement messages on an interface:
ipv6 nd suppress-ra
Neighbor discovery will continue to be operational even though RA suppression has been configured.
Define an IPv6 default route.
ipv6 route outside ::/0 next_hop_ipv6_addr
Using ::/0 is equivalent to “any”. The IPv6 route command is functionally similar to the IPv4 route.
Using the regular access-list command define the access-lists with IPv6 addresses in them so as to permit the required traffic to flow through the ASA.
access-list test permit tcp any host 2001:db8::203:a0ff:fed6:162d access-group test in interface outside
The above is permitting traffic to a specific server 2001:db8::203:a0ff:fed6:162d.
SECURING THE FIREWALL
If you plan to configure autoconfig for the IPv6 global address on the ASA, you should limit the amount of router advertisements (RA) to known routers in your network. This will help prevent the ASA from being auto configured from unknown routers.
access-list outsideACL permit icmp6 host fe80::21e:7bff:fe10:10c any router-advertisement access-list outsideACL deny icmp6 any any router-advertisement access-group outsideACL in interface outside interface GigabitEthernet 0/0 nameif outside security-level 0 ipv6 address autoconfig ipv6 enable
The above access-list when applied on the ASA will limit receiving router advertisements (RA) from only the router specified. All other RAs will be denied.
Configuring ASA to help autoconfigure IPv6 addresses on hosts behind the ASA
The hosts in the network behind the ASA might be configured to autoconfigure their IPv6 address. Dynamic address assignment happens in 2 ways on IPv6 networks. It could either be a stateful address assignment or stateless address assignment.
Stateful dynamic address assignment
For stateful address assignment, a DHCPv6 server needs to be configured on the network that can assign address to hosts upon request. ASA currently does not have the ability to host a DHCPv6 server on its interfaces. But the ASA can act as a DHCPv6 relay agent. In order to enable stateful dynamic address assignment to hosts behind the ASA, the DHCPv6 relay agent needs to be configured on the ASA.
To configure the DHCPv6 relay agent the following configuration is needed:
ipv6 dhcprelay server 2001:db8:c18:6:a8bb:ccff:fe03:2701 ipv6 dhcprelay enable inside
The first command specifies the address of a DHCPv6 server to which the DHCP requests are forwarded. The command also accepts an optional interface name that specifies the output interface for the destination. The second command enables DHCP relay on an interface. When DHCP relay is enabled on an interface, all the DHCP requests coming on that interface get forwarded to the configured DHCP server.
Stateless dynamic address assignment
In Stateless Autoconfiguration (SLAAC) the client picks up its own address based on the prefix being advertised by the ASA. The prefix is advertised by means of an IPv6 router advertisement. ASA sends out IPv6 router advertisements by default from any interface on which a global IPv6 address is configured. Additionally, a DHCPv6 relay agent can be configured to point to a DHCPv6 server that can advertise a DNS server address and a domain name only.
IPv6 Prefix delegation
ASA does not support IPv6 prefix delegation yet. If the network behind the ASA requires to be assigned IPv6 addresses based on the prefix delegated by a delegation router, then we need to place an ASA between the provider edge (PE) router and the IPv6 capable customer premise router. The ASA must be in transparent mode. This way the ASA protects the entire IPv6 network, including the infrastructure router, on the customer premises. All ICMP6 traffic must be permitted on the ASA running in transparent mode.
The following must be configured on the ASA:
firewall transparent interface BVI1 no ip address ipv6 enable interface GigabitEthernet0/0 nameif outside bridge-group 1 security-level 0 interface GigabitEthernet0/1 nameif inside bridge-group 1 security-level 100 access-list permit_icmp6 extended permit icmp6 any6 any6 access-group permit_icmp6 global
This example uses a link-local IPv6 address on the BVI interface. You can also configure an explicit IPv6 address for in-band management purposes.
The original article was shared from https://supportforums.cisco.com/document/61451/cisco-asa-ipv6-quick-start
More Cisco Firewall & Network Security Topics you can read here...http://blog.router-switch.com/category/reviews/cisco-firewalls-security/
The MIG-2450 is a gateway specifically designed for transportation solutions in environments such as buses, trains and planes.
Now, Cisco is focusing on the Internet of Things and delivering more than a dozen new IoT-focused products and a handful of services for channel partners. IoT can do many things for industries.
The IoT is transforming the mass transportation industry. With smart, connected devices, transit companies can monitor hundreds of details about vehicles, tracks, environmental conditions, and much more. IoT technology can also help businesses deliver the value-add services passengers are beginning to expect, such as onboard Wi-Fi.
The challenge for today’s transportation companies is to find secure, efficient ways to put this IoT technology to work. Connecting devices and endpoints across a complex, wide-ranging transportation network can take a lot of time and resources.
Cisco designed the Cisco Mobile IP Gateway 2450 to help simplify these tasks.
The MIG-2450 is a mobile connectivity gateway that delivers high availability communications between central offices, trackside operators, and transit vehicles by integrating GPS, Ethernet, Wi-Fi, and mobile broadband modems.
The MIG-2450 helps you comply with safety and interoperability regulations. It also gives you a way to collect and analyze data without the need for yet another piece of hardware to fit onboard a vehicle. And its modular design provides powerful connectivity for the services and applications that enhance the transportation experience for passengers and workers alike.
• Automate and improve communication between the back office and transit vehicles.
• Boost efficiency and simplify decision making with visibility into vehicles, workers, and security system statuses.
• Enhance the user experience with new, value-added Wi-Fi services for passengers.
• Improve safety for passengers and employees with telematics, driver performance monitoring, and systems analytics applications.
• Reduce operational costs by automating systems management and streamlining PTC compliance for safety and speed enforcement.
Built for a Wide Range of Use Cases
The Cisco Mobile IP Gateway 2450 helps make your transportation operations more efficient, cleaner, and safer. And less costly to run.
With this critical component in your network infrastructure, you can:
• Provide high-performance passenger Wi-Fi
• Implement and manage onboard information systems
• Make transportation safer with wireless surveillance
• Comply more easily with safety and speed regulations
• Remotely monitor and manage mobile assets
• Monitor driver and vehicle performance in real time
• Run systems analytics applications
Offering Options for the Way You Do Business
The MIG-2450 delivers the following features:
• Hardened, scalable industrial system with a compact form factor, wide operating temperature range, fanless operation, and compliance with AAR Standard S-9401 and EN-50155
• Centralized management to allow operators to remotely monitor, control, and perform diagnostics
• Support for up to 4 Type-1 or 10 Type-2 interface cards for extensible connectivity
• Robust connectivity with support for quality of service (QoS), dynamic roaming, multilink load balancing and failover, and link monitoring
• Durable security through Internet Protocol Security (IPsec), Secure Shell (SSH), AES encryption, and datagram transport layer security (DTLS)
Info from http://www.cisco.com/c/dam/en/us/products/collateral/se/internet-of-things/at-a-glance-c45-735028.pdf
More new IoT-related products announced from Cisco (15 in total) include:
- IE5000 purpose-built switch designed for manufacturing and cities.
- IW3702 wireless access point for mass transit systems and city-wide wi-fi deployments.
- IR 809 and IR 829 series of industrial routers with wi-fi and 4G/LTE connectivity for transportation organizations.
- 4G/LTE modules for CGR 1000 for utility companies, 5921 Embedded Services Routers for industrial networking in remote locations.
- 360° 5MP & 720p IP cameras for situational awareness. They're also outfitted with audio and digital sensors.
- Physical security analytics applications that connect to the IP cameras.
- Fog computing data services for the creation of policies that can monitor and then take action on data that flows through an IoT environment.
- IoT Field Network Director for monitoring and customizing IoT network infrastructure.
- Fog Director for centrally management apps that run at the network's edge.
Cisco fleshed out its Internet of things system, and product line in early June this year.
IoT, the Internet of Things, is one of the most profound transitions in technology today.
The Cisco IoT System is a comprehensive set of technologies and products for enterprises to help accelerate the transition to an intelligent, IoT-based infrastructure. This broad portfolio of infrastructure technologies and products can enable customers to connect, manage, and control previously unconnected devices.
Gain deeper insights with analytics on IoT data. Better secure your physical and digital assets and data. And innovate by creating and deploying IoT applications from the cloud to the fog.
Cisco IoT System can enable industries such as manufacturing, energy, transportation, public safety, and smart cities to deploy and accelerate IoT solutions.
In San Francisco, an integrated, Internet of Things (IoT)-based network with parking, garage, and roadway sensors reduced parking search time by 43 percent. And parking citations dropped by 23 percent.
On the Aegean Motorway in Greece, IoT sensors deliver real-time traffic and weather information, speeding emergency response and improving safety and travel time.
The Internet of Things is driving efficiencies and innovation in industries ranging from energy and utilities to manufacturing, public safety, and transportation. But to realize the potential of IoT, you need reliable, high-quality, high-speed network connections to collect and transmit data from a multitude of deployed devices.
The Cisco industrial router portfolio includes a range of compact, ruggedized modular platforms on which you can build a highly secure, reliable, and scalable communications infrastructure. These products are certified to meet harsh environmental standards. They support a variety of communications interfaces, such as Ethernet, serial, fiber, cellular, WiFi, Wi-SUN RF mesh, and others.
• Reduce downtime and maintain continuous access to applications, data, and content with highly reliable platforms
• Prioritize operational traffic from SCADA networks and allocate network bandwidth using advanced quality-of-service features
• Lower operational costs and simplify new device deployments with zero-touch provisioning; manage, monitor, and update devices remotely
• Improve security with cyber and physical networkwide security policies, secure VPNs, and stateful firewalls, and gain unparalleled visibility and control
• Improve application resilience by distributing intelligence across the network using Cisco IOx, an open, extensible environment for hosting applications
• Boost efficiency and better decision making by tracking and monitoring equipment, assets, workers, and important business system components
The Cisco Industrial Router Portfolio
The complete line of industrial routers include:
Cisco 1000 Series Connected Grid Routers: Rugged routers designed for harsh environments, like those found in the utilities industry. Ideal for integrating multiple applications, such as advanced metering infrastructure (AMI), distribution automation, distributed energy resources (DER), street lighting, and remote workforce automation, onto a single platform.
Cisco 2000 Series Connected Grid Routers: Highly secure, reliable routers for the energy and utilities industries positioned for SCADA monitoring for transmission and distribution.
Cisco ASR 903 Aggregation Services Routers: Full-featured, modular, small-footprint, and fully redundant aggregation platforms. They offer service flexibility and deliver Layer 2, IP, and Multiprotocol Label Switching (MPLS) transport for advanced Layer 2 VPN, Layer 3 VPN, and multicast services
Cisco 500 Series WPAN Industrial Routers: Wi-SUN RF Mesh ruggedized router provide unlicensed 915-MHz, ISM-band wireless personal-area network (WPAN) communications that enables IoT applications, including smart metering, distribution automation, street lighting, and remote supervisory control and data acquisition (SCADA) monitoring.
Cisco 809 Industrial Integrated Services Routers: Very compact cellular (3G and 4G/LTE) industrial routers for remote deployment in various industries. They enable reliable and secure cellular connectivity for remote asset monitoring and machine-to-machine (M2M) solutions such as distribution automation, pipeline monitoring, and roadside infrastructure monitoring
Cisco 819 Integrated Services Routers: Compact, hardened, form factor cellular (3G, WLAN, or 4G options) routers that allow businesses to deploy secure 3G WWAN services and applications, like ATMs, wireless kiosks, digital signage, and more.
Cisco 829 Industrial Integrated Services Routers: Highly ruggedized compact cellular (3G and 4G LTE with GPS and dual SIM) and WLAN (2.4/5GHz) industrial routers supporting for scalable, reliable, and secure management of fleet vehicles and mass transit applications.
Cisco 910 Industrial Router: Highly adaptable routers that you can easily integrate with third-party solutions to deliver smart city applications, such as environmental monitoring, smart parking, smart metering, and more.
Capabilities for Rugged, Industrial Settings
We designed the Cisco industrial routers to withstand harsh operating environments and to offer high-speed connectivity with the scale to handle thousands of devices. Key features include:
- Design for industrial applications, including extended environmental, shock, vibration, and surge ratings; a complete set of power input options; convection cooling; and DIN rail, 19-inch rack or wall mounting.
- Advanced security such as Dynamic Multipoint VPN, stateful firewall, and access control lists to provide multi-layered security architecture across different places in the network.
- Diverse modular interfaces (Ethernet, T1/E1, 3G and 4G LTE cellular, asynch/synch, serial, and others) to interface and backhaul for different existing infrastructures.
- Advanced quality-of-service (QoS) capabilities to support mission-critical communications, such as substation communications or SCADA.
- Cisco IOx, an open, extensible environment for hosting applications at the network edge for distributed intelligence.
- Easy and user-friendly deployment, setup, operation, and management using network management tools such as IoT Field Network Director and Industrial Operations Kit.
Reference from http://www.cisco.com/c/dam/en/us/products/collateral/routers/809-industrial-router/at-a-glance-c45-735008.pdf
More Related Topics of Cisco Industrial Routers
Cisco UCS is a model-driven server management system designed to reduce hardware and connectivity constraints, simplify server lifecycle management, and provide an agile infrastructure to support cloud computing. Based on a 10-Gigabit Ethernet-FCoE unified fabric, UCS greatly reduces the number of server connections and access-layer switches by consolidating compute resources around a unified I/O fabric that supports network, storage, and management traffic simultaneously. What tips you should know about the exact Cisco UCS?
Here 10 Tips to Know about Cisco UCS
1. The most important feature of UCS is its management architecture. The hardware was all designed with unified management in mind in order to reduce the administrative overhead of today’s server environments. As companies move to more highly virtualized environments and cloud architectures, automation and orchestration becomes key. UCS provides the management and provisioning tools at a hardware level to quickly realize the benefits of these types of environments and maximize the inherent cost reductions.
2. UCS is not just about blades. The management and I/O infrastructure is designed from the ground up to manage the entire server infrastructure including rack-mount servers. While blade adoption rates continue to grow, 60% of all servers are still rack-mount. UCS’s ability to manage both rack-mount and blade servers under one platform is a key differentiator with major ROI benefits. This ability will be available by the end of the calendar year.
3. UCS is based on industry standards such as the 802 Ethernet standards and x86 hardware architecture, making it vendor neutral and fully compatible with other systems. The UCS system is interoperable with any existing infrastructure and can be tied into management and monitoring applications already being utilized.
4. Using the Virtual Interface Card (VIC) or Generation 1 Converged Network Adapters (CNA) from Emulex or Qlogic, UCS has a unique capability of detecting network failures and fail traffic paths in hardware on the card. This allows network administrators to design and configure network failover end-to-end, ensuring consistent policies and bandwidth utilization. Additionally this unique feature provides faster failover and higher redundancy than other systems.
5. The management infrastructure of UCS is designed to allow an organization to provision and manage the system in the way that most closely fits its process. If a more dynamic process is desired, UCS allows a single administrator to cross traditional boundaries in order to increase operational flexibility. If the current organizational structure is rigid and changes are not desired, UCS provides tight Role Based Access Control (RBAC) tools to maintain strict boundaries that match the current customer environment. If an organization is looking to UCS to provide an Infrastructure as a Service (IaaS) type environments, the benefits of UCS can be extended into custom self-service portals using the UCS XML interface.
6. UCS reduces infrastructure components and costs by providing advanced tools for I/O consolidation. The UCS system is designed to converge disparate I/O networks onto a single Ethernet infrastructure. This consolidation is not limited to FCoE deployments; it extends these benefits to NFS, iSCSI, RDMA and any other protocol utilizing Ethernet for Layer 2 communication.
7. Current UCS hardware provides up to 80Gbps of converged I/O to each chassis of 4-8 blades. This is done using a pair of redundant I/O modules which both operate in an active fashion. This is not a bandwidth limitation of the mid-plane which was designed for 40Gbps Ethernet and above. Future I/O modules will provide additional bandwidth to the chassis and blades as data center I/O demands increase.
8. The single-point-of-management for the server access layer provided by UCS can be extended to the VMware virtual switching infrastructure, further reducing administrative overhead. Using Pass-Through Switching (PTS) on UCS, the VMware virtual switching environment can be managed through the UCS service profile the same way physical blades are managed.
9. Memory extension on the UCS B250-M1 and B250-M2 blades provide industry leading 384GB of memory density for 2 socket servers. Moreover, because this increased density is gained through additional DIMM slots, lower density DIMMS can be used at significantly lower cost to reach up to 194GB of memory. In addition to the M250 blades, the B440 adds support for the 2 or 4 Xeon 7500 processors with 4, 6, or 8 cores depending on processor model.
10. While the UCS architecture was designed to amplify the benefits of server virtualization and Virtual Desktop infrastructures (VDI), the platform is standards based and can be used with any bare metal x86 based operating system such as Windows, SUSE/Red Hat Linux, etc. UCS can operate with any mix of server operating systems desired for any given customer.
More Related Cisco UCS Info:
Basic tips of configuring Quality of Service (QoS) with VoIP, including the high level QoS methods available to achieve quality voice traffic.
One of the most important things that must be configured in concert with available VoIP solutions is Quality of Service (QoS). Without QoS options properly configured, the quality of voice (and video) could, and probably will be, sacrificed along with the overall demands of general traffic. These options provide a priority channel that is used by the voice traffic so that quality can be maintained while also allowing general traffic flow. This article reviews QoS basics and briefly discusses available QoS options and how they operate to provide quality for voice traffic.
Many of these QoS concepts are integral when studying for a Cisco voice certification. QoS concepts are covered on all of the following exams:
•640-461 ICOMMv8.0 - CCNA Voice
•642-437 CVOICE v8.0 - CCNP Voice
•350-030 CCIE Voice Written - CCIE Voice
QoS Deployment for VoIP Case Study Example
There are a number of QoS factors to consider when configuring a modern QoS implementation on Cisco, or any other vendor’s equipment. However, the most basic of these concepts revolves around what QoS is attempting to accomplish. There are four major factors that need to be controlled in order to have a quality VoIP phone call; these include:
•Bandwidth – The amount of end-to-end available bandwidth dictates whether a call will work correctly or not. With unlimited constant bandwidth, a voice call can work from end-to-end without much issue; however, bandwidth is rarely unlimited. The codec selected for use over a specific line is dictated by the amount of available bandwidth and the number of active calls required.
•Delay – Unlike with data communications, too much delay on a voice call can make the quality of the call unbearable. Of course, all voice communications have some amount of delay which must be kept to a number that is as small as possible. Typically, with VoIP, optimum call quality includes an end-to-end delay of less than 150ms.
•Jitter – Jitter is the amount of delay variation in call traffic. If traffic over a connection is constantly delayed at 100 ms, no issue occurs. However, if for the first portion of the call there is short delay (e.g., below 5ms), followed by a period of long delay (e.g., over 300ms), and then another short delay, the receiving voice device may have trouble synchronizing all of the incoming traffic as it is received in an inconsistent manner.
•Loss – Obviously, the loss of voice packets results in the loss of audio on the connection. Small amounts of loss (< 1%) over the course of a connection will probably not be noticed, but if this loss becomes a large problem then significant loss in voice quality occurs.
There are a number of different methods that can be used to control the QoS of a voice connection; these include:
•Classification and Marking
Classification and Marking
The most commonly used method of QoS classification and marking is Differentiated Services (DiffServ). The general concept of DiffServ is to monitor the traffic coming through a device; all traffic is then classified into a specific traffic classification (for example, Voice Traffic or Data Traffic). Once this traffic is classified, it is marked with this classification using one of a number of methods. Commonly with IP traffic, the ToS field is used in the IP header and is classified with a Differentiated Service Codepoint (DSCP). This marking is then used by successive devices in prioritizing which traffic to process first.
See related article on QoS Marking and Classification
There are a number of different link efficiency mechanisms. The most commonly known mechanisms include IP header and payload compression. Other mechanisms include Link Fragmentation and Interleaving (LFI). These are typically used on slower speed serial links to improve delay by fragmenting larger packets into smaller ones, thus allowing other smaller packets to be processed. Obviously, the more efficient the link, the less delay is subject to a VoIP connection.
The concept of congestion on a connection is rather simple to explain; the more congested a link, the less likely a packet will be able to get through in a timely manner required by VoIP (think, rush hour in NYC or LA). Congestion management mechanisms attempt to control the amount of congestion faced by traffic by processing the traffic in a variety of different ways, some more complex than others. Many of these methods are used in conjunction with markings given to traffic (e.g., DSCP). The most common methods include:
•Priority Queuing (PQ)
•Custom Queuing (CQ)
•Weighted Fair Queuing (WFQ)
•Class Based – Weighted Fair Queuing (CBWFQ)
•Low Latency Queuing (LLQ)
See related article on Queue Configuration and Congestion Management.
Congestion avoidance is another method of QoS; the most common of the techniques used is called Weighted Random Early Detection (WRED). Basically, WRED attempts to predict that congestion will be forthcoming, and when this happens packets are selectively dropped to avoid congestion.
There are a number of different QoS concepts that must be understood in order to properly implement a VoIP network or pass the Cisco voice certification tests. The concepts covered in this article are a simple overview of the high level QoS options available. Hopefully, this article will help the student understand these high level concepts before digging into the depths required for true understanding.
---Original reference from http://www.petri.co.il/voip-quality-of-service-basics.htm
More Related Reference:
More Cisco resources you can visit: http://blog.router-switch.com/
This document describes the password recovery procedure for the Cisco Catalyst Layer 2 fixed configuration switches 2900XL/3500XL, 2940, 2950/2955, 2960, and 2970 Series, as well as the Cisco Catalyst Layer 3 fixed configuration switches 3550, 3560, and 3750 Series.
1. Attach a terminal or PC with terminal emulation (for example, Hyper Terminal) to the console port of the switch.
Use the following terminal settings:
- Bits per second (baud): 9600
- Data bits: 8
- Parity: None
- Stop bits: 1
- Flow Control: Xon/Xoff
Note: For additional information on cabling and connecting a terminal to the console port, refer to Connecting a Terminal to the Console Port on Catalyst
2. Unplug the power
3. Power the switch and bring it to the switch: prompt:
For 2900XL, 3500XL, 2940, 2950, 2960, 2970, 3550, 3560, and 3750 series switches, do this:
Hold down the mode button located on the left side of the front panel, while you reconnect the power cable to the switch.
Note: LED position may vary slightly depending on the model.
For 2955 series switches only:
The Catalyst 2955 series switches do not use an external mode button for password recovery. Instead the switch boot loader uses the break-key detection to stop the automatic boot sequence for the password recovery purposes. The break sequence is determined by the terminal application and operating system used. Hyperterm running on Windows 2000 uses Ctrl + Break. On a workstation running UNIX, Ctrl-C is the break key. For more information, refer to Standard Break Key Sequence Combinations During Password Recovery.
The example below uses Hyperterm to break into switch: mode on a 2955.
C2955 Boot Loader (C2955-HBOOT-M) Version 12.1(0.0.514), CISCO DEVELOPMENT TEST
Compiled Fri 13-Dec-02 17:38 by madison
Base ethernet MAC Address: 00:0b:be:b6:ee:00
Xmodem file system is available.
flashfs: 19 files, 2 directories
flashfs: 0 orphaned files, 0 orphaned directories
flashfs: Total bytes: 7741440
flashfs: Bytes used: 4510720
flashfs: Bytes available: 3230720
flashfs: flashfs fsck took 7 seconds.
...done initializing flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
*** The system will autoboot in 15 seconds ***
Send break character to prevent autobooting.
!--- Wait until you see this message before
!--- you issue the break sequence.
!--- Ctrl+Break is entered using Hyperterm.
The system has been interrupted prior to initializing the flash file system to finish
loading the operating system software:
4. Issue the flash_init command.
flashfs: 143 files, 4 directories
flashfs: 0 orphaned files, 0 orphaned directories
flashfs: Total bytes: 3612672
flashfs: Bytes used: 2729472
flashfs: Bytes available: 883200
flashfs: flashfs fsck took 86 seconds
....done Initializing Flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
!--- This output is from a 2900XL switch. Output from
!--- other switches will vary slightly.
5. Issue the load_helper command.
6. Issue the dir flash: command.
Note: Make sure to type a colon ":" after the dir flash.
The switch file system is displayed:
switch: dir flash:
Directory of flash:/
2 -rwx 1803357 <date> c3500xl-c3h2s-mz.120-5.WC7.bin
!--- This is the current version of software.
4 -rwx 1131 <date> config.text
!--- This is the configuration file.
5 -rwx 109 <date> info
6 -rwx 389 <date> env_vars
7 drwx 640 <date> html
18 -rwx 109 <date> info.ver
403968 bytes available (3208704 bytes used)
!--- This output is from a 3500XL switch. Output from
!--- other switches will vary slightly.
7. Type rename flash:config.text flash:config.old to rename the configuration file.
switch: rename flash:config.text flash:config.old
!--- The config.text file contains the password
8. Issue the boot command to boot the system.
File "flash:c3500xl-c3h2s-mz.120-5.WC7.bin" uncompressed and installed, entry po
!--- Output suppressed.
!--- This output is from a 3500XL switch. Output from other switches
!--- will vary slightly.
9. Enter "n" at the prompt to abort the initial configuration dialog.
--- System Configuration Dialog ---
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets ''.
Continue with configuration dialog? [yes/no]: n
!--- Type "n" for no.
Press RETURN to get started.
!--- Press Return or Enter.
!--- The Switch> prompt is displayed.
At the switch prompt, type en to enter enable mode.
11. Type rename flash:config.old flash:config.text to rename the configuration file with its original name.
Switch#rename flash:config.old flash:config.text
Destination filename [config.text]
!--- Press Return or Enter.
Copy the configuration file into memory.
Switch#copy flash:config.text system:running-config
Destination filename [running-config]?
!--- Press Return or Enter.
1131 bytes copied in 0.760 secs
The configuration file is now reloaded.
13. Overwrite the current passwords that you do not know. Choose a strong password with at least one capital letter, one number, and one special character.
Note: Overwrite the passwords which are necessary. You need not overwrite all of the mentioned passwords.
Sw1# conf t
!--- To overwrite existing secret password
Sw1(config)#enable secret <new_secret_password>
!--- To overwrite existing enable password
Sw1(config)#enable password <new_enable_password>
!--- To overwrite existing vty password
Sw1(config)#line vty 0 15
!--- To overwrite existing console password
Sw1(config-line)#line con 0
14. Write the running configuration to the configuration file with the write memory command.
---Original resources from
No doubt while browsing the web, dealing with home networking solutions or even participating in some form of network development you’ve come across the terms IPv4 and IPv6. Terms like “IPv4 vs IPv6″, or “IPv6 tutorial”, or even the much broader “Internet Protocol”.
Unfortunately, most people have no idea what these terms mean, or what they are in fact referring to. As a general problem the terms are rarely explained well, and when they are, the explanations are not usually in simple form.
IPv4 vs IPv6
To put it quite bluntly, we’re here to answer one question; what do these terms: “IPv4 vs IPv6″, “IPv6 tutorial” and so on mean exactly?
The “I” and “P” in “IPv” stands for “Internet Protocol” which directly refers to the communication protocol, or packet transfer procedure of the internet.
Every device that connects to the internet uses a unique address called an IP address, which works very similar to a home/location address. Pieces of data, called “packets”, are transferred via the internet between machines, which in turn gives us the fully functioning interior workings of the online community. In order for two machines, or devices to communicate via the internet, they must transfer these “packets” of data back and forth. Unfortunately the data “packets” can not be transferred if the devices do not each have their own unique address.
Think of it basically as a home address. You can’t send a mail correctly if you don’t list a proper return address, because basically if the mail doesn’t reach its destination it must have a way of returning back to you. Also, the mail receiver would have no possible way of responding considering they have no idea what address the should reply to.
While the internet does not necessarily return data “packets” that don’t reach their destination, like undelivered mail, proper use or protocol requires two devices to have unique addresses to even begin communications.
The “v” and number (“4″ or “6″) in “IPv4 vs IPv6″ refers to the related protocol version number. “IPv4″ is of course “Internet Protocol version 4″, and “IPv6″ is subsequently “Internet Protocol version 6″.
IPv4 is of course the older, more supported version of the internet address procedure. But ultimately, there are no longer any free IPv4 addresses, meaning all of them have been occupied or taken up. What does this mean exactly?
In a general sense, there will no longer be any alternative IPv4 addresses, directly meaning they will all be occupied and new users will not be able to venture into cyberspace. Although the realistic situation is not quite as dire.
Source from: http://www.thetechlabs.com/tech-news/ipv4-vs-ipv6/
Queue in IPv6, the latest Internet Protocol or address procedure. The older IPv4 only supports a maximum 32 bit internet address, which translates to 2^32 IP addresses available for assignment (about 4.29 billion total). IPv6 utilizes 128 bit web addresses, allowing a maximum 2^128 available addresses: 340,282,366,920,938,000,000,000,000,000,000,000,000; which if you couldn’t already tell is a very big number.
So basically the IPv4 protocol has run out of available addresses which is why most websites or internet servers are adopting the newer IPv6 protocol. In most cases, the two versions are compatible. This contrast between the two protocol versions is exactly what’s being referred to when “IPv4 vs IPv6″ is mentioned.
Worldwide IPv6 Transfer
The Internet society has worked together with several huge ISP companies and online organizations to successfully switch the world over from use of the older IPv4 protocol to the newer IPv6. “World IPv6 Day” is scheduled to occur on June 8, 2011 and will involve several major online organizations switching services to IPv6 to test out its overall functionality and reliability.
This has no direct consequences or relations to home consumers and average internet users (meaning you), the IPv6 protocol switch only seriously pertains to large online organizations with an extensive listing of online hosted content.
More Related: http://blog.router-switch.com/
DHCP, Dynamic Host Control Protocol, is a Protocol that operates at Application layer and automatically assigns IP Addresses to requesting Hosts. DHCP eliminates the manual task by a network Administrator. It also provides a central database of devices that are connected to the network and eliminate duplicate resource assignments. DHCP uses UDP (User Datagram Protocol) to send its request messages to the DHCP Server on Port number 67.
A DHCP Server can provide to a host alot of information when the host is requesting an IP address from a DHCP Server. Here's a list of the information a DHCP Server can provide:
- IP Address
- Subnet Mask
- Domain Name
- Default Gateway (routers)
- WINS information
How DHCP Server is Discovered by Client to get IP address?
The client broadcasts messages on the physical subnet to discover available DHCP servers. Network administrators can configure a local router to forward DHCP packets to a DHCP server from a different subnet. This client-implementation creates a User Datagram Protocol (UDP) packet with the broadcast destination of 255.255.255.255 or the specific subnet broadcast address. Addresses in the Packet for DHCP Server Discovery can be as follows;
Source IP = 0.0.0.0
Source Port = 0
Destination IP = 255.255.255.255
Destination Pot = 67
A DHCP client can also request its last-known IP address. If the client remains connected to a network for which the IP is valid, the server may grant the request.
When a DHCP server receives an IP lease request from a client, it reserves an IP address for the client and extends an IP lease offer by sending a DHCPOFFER message to the client. This message contains the client's MAC address, the IP address that the server is offering, the subnet mask, the lease duration, and the IP address of the DHCP server making the offer. Source and Destination addresses in the server’s DHCP Offer message are as follows;
Source IP = 192.168.1.1
Source Port = 67
Destination IP = 255.255.255.255
Destination Pot = 68
A client can receive DHCP offers from multiple servers, but it will accept only one DHCP offer and broadcast a DHCP request message. Based on the Transaction ID field in the request, servers are informed whose offer the client has accepted. When other DHCP servers receive this message, they withdraw any offers that they might have made to the client and return the offered address to the pool of available addresses. The DHCP request message is broadcast, instead of being unicast to a particular DHCP server, because the DHCP client has still not received an IP address. Also, this way one message can let all other DHCP servers know that another server will be supplying the IP address without missing any of the servers with a series of unicast messages.
Upon Receiving DHCP acknowledgment message on server, server sends IP Address, lease duration and other info to the client that requrested, and IP address Assignment process to the client by DHCP Server is completed.
More related: How to Configure DHCP on a Cisco ASA 5505?
Cisco OnPlus Service is offered at a list price of $250, which includes an OnPlus Network Agent appliance.
Expanding on its offerings to small business partners, networking specialist Cisco announced a cloud-based service called OnPlus that offers channel partners a way to provide network assessment, management and advisory services to their small business customers. By enabling value-added resellers (VARs) to create or expand their managed services practice, OnPlus aims to help to evolve the customer relationship from reactive and tactical to more proactive and strategic.
OnPlus Service is offered at a list price of $250, which includes a three-year subscription to the OnPlus service and an OnPlus Network Agent appliance. A separate appliance and subscription service is required for each network being managed. Native applications for Apple and Android mobile devices are available free of charge in the Apple App Store and the Android Market.
The announcement builds on Cisco's Partner Led sales model designed to elevate channel partners' ability to drive sales in the small business and midmarket segments. Earlier this year, Cisco announced it would invest $75 million in its Partner Led initiative throughout 2012, for enablement, systems and support capabilities to help channel partners profitably grow their business.
OnPlus is designed for VARs that are looking to create or expand their managed service offerings, providing remote visibility of the network and the devices attached to the network, through a scalable cloud-based service, OnPlus helps VARs deploy advanced network services for their small business customers from anywhere at any time. To monitor a customer network, VARs plug the OnPlus Network Agent appliance into a switch or router on their customer's network. The OnPlus Agent then transmits information about the customer's network to a secure data center for access by the VAR.
In addition to discovery and monitoring of anything with an IP address from any supplier, OnPlus enables remote connectivity to manageable network devices to facilitate troubleshooting and configuration. For select Cisco devices, OnPlus provides enhanced capabilities that automate typical administrative tasks. In addition, the network-centric capability of OnPlus complements existing classes of managed services tools such as remote monitoring and management and professional services automation.
"Liberty Technology focuses on making technology easy for both consumers and businesses. With Cisco OnPlus, you're able to get a more complete, 360-degree picture of your customer's network," said Ben Johnson, president of Liberty Technology, a Cisco certified partner. “We've used OnPlus in a number of scenarios from doing network surveys to quickly troubleshooting and identifying problems with customer's networks, which has greatly saved us time and of course money."
More Related: If you need to know more details of Cisco OnPlus, you can visit: http://blog.router-switch.com/2011/12/cisco-onplus-cloud-based-managed-services-launched-aimed-at-smbs/
Cisco steps back from close partner VMware to help firms build a private cloud using Microsoft Hyper-V and VMware ESX Server, plus Cisco blades By Charles Babcock from InformationWeek
Cisco Systems Tuesday took a step back from its close cloud partner VMware, and launched CloudVerse, a set of integrated components to allow enterprises to build out private clouds running multiple hypervisors.
CloudVerse manages a combined set of pooled resources--including virtualized networking and storage as well as virtual servers--to create a highly automated cloud operation in the enterprise data center.
One of CloudVerse's components, Intelligent Automation for the Cloud, is a new software management system for the private cloud. That cloud can include Microsoft's Hyper-V, Red Hat's KVM, and IBM or HP hypervisors for their AIX or HPUX environments, respectively, as well as VMware's ESX Server, said Lew Tucker, Cisco CTO for cloud computing, in an interview.
Cisco calls CloudVerse a "framework" rather than a new product. It takes software components contributed by Tidal Software and newScale, both recent acquisitions, and puts them together in the Intelligent Automation for the Cloud product. The software components work with Cisco blades and networking to provide an automated operations environment for virtual servers.
CloudVerse's automated end user server provisioning depends on a service catalog and self-service portal engineered by newScale, which Cisco acquired for an undisclosed amount in April. It acquired Tidal Software in May 2009 for $105 million and its software provides insight into what resources an application was using. That helps when it comes to provisioning end user servers and rightsizing their resources.
An end user who needs applications on a new server in the enterprise "should get them out of a service catalogue, like downloads to the iPhone," said Tucker, who is the former head of cloud computing at Sun Microsystems. The future private cloud will account for 50% of enterprise data center computing by 2014, Tucker added. He based the statement on Cisco's first annual study of network traffic, the Cisco Cloud Index, which forecasts a rapid uptake in private cloud computing. Cisco is trying to get into a position, similar to IBM, HP, and Dell, where it's one of the primary hosts of those future workloads.
Cisco, for example, is already a close partner of VMware in the production of VCE integrated cloud server racks. VCE is a manufacturing consortium formed by Cisco and EMC, with VMware and Intel providing additional investment. VCE-integrated units, built with Cisco blades, EMC storage, and VMware virtualization, have gone into several prominent cloud data centers, including the New York Stock Exchange's Mahway, N.J., data center and SunGard's six cloud data centers.
But the VCE consortium's units are for cloud service suppliers. To reach private cloud builders, Cisco wanted an integration approach that included hypervisors in addition to VMware's, hence its CloudVerse approach. As usual, Cisco comes at the problem from the networking side. "The network used to terminate at the server," pointed out Tucker. "With CloudVerse, the network continues through the server port, goes through the Nexus 1000V switch, and terminates at the virtual server."
CloudVerse works with Cisco's Unified Computing System blades and Cisco networking, along with another new software component, Cisco Network Services Manager, to deploy virtualized assets. Network Services Manager handles the virtualized network side of a cloud deployment, making sure the virtual server has the correct amount of network bandwidth and network security. That makes it a competitor with HP's CloudSystem Matrix and Dell's Virtual Integrated System.
One of the strengths of Cisco's UCS is its ability to offload converged network and storage traffic from virtual machines through the Nexus 1000V switch to its nearby network switching fabric. That allows smoother I/O for multiple virtual machines on a single host.
In 2012, Cisco will offer ASR 1000 and 9000 Series routers, which will allow virtual machine administrators to identify workloads and move them between the enterprise data center and the cloud--or different cloud data centers. That will be enabled though another CloudVerse software component, Cloud-to-Cloud Connect, Tucker said.
In effect, Cisco is trying to pave the route to future hybrid cloud computing by offering its CloudVerse integration framework today, with some elements, like the ASR routers, still to come. Early adopters of the CloudVerse approach include Silicon Valley Bank, Orange Business Services, Verizon Terremark, Telstra, Fujitsu, Telstra, and ACS, a Xerox company.
The first Cisco study of cloud network traffic, as reported in its cloud index, projected that global cloud traffic will grow more than 12 times its current level by 2015, to 1.6 zettabytes a year. That's equivalent to four days of "business class" video for every person on Earth, the cloud index report said. One zettabyte is a billion terabytes. In 2009, the Internet was estimated to contain one half zettabyte of information, according to Wikipedia.