|
|
Browse by Tags
All Tags » CISCO
Showing page 1 of 2 (67 total posts)
-
Cisco released IOS 15.0. This is the next major release after 12.4. It’s been over 4 years since Cisco has delivered a major release of IOS code. The new features listed in the documentation include:
•BGP Event Based VPN Import;•BGP Per Neighbor Graceful Restart Configuration;•BGP RT Changes Without PE-CE Neighbor Impact;•BGP local ...
-
Great interview with Randy Bush. Very interesting thoughts about costs experienced when hitting the IPv4 wall
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
Normal
0
false
false
false
EN-US
X-NONE
...
-
The advantage of having a scripting language on your router seems to come in
pretty handy sometimes (though I bet most people don’t really use the Tcl
interpreter on their Cisco’s). I have been using TCL scripts for ages. The new EEM is just heavenly, you can trigger on almost everything. Even add your own syslog messages or create menus for ...
-
Juniper's JUNOS:
filter trusted-prefixes { term controlled-access { from { address { ...
-
I understand that this question is a lot more complex than a simple yes or no since factors like design and routing policy will certainly affect the protocols behavior. It's really difficult to decide and get information on what the top network service providers are using for their IGP? I'm trying to build a case for switching from OSPF to IS-IS ...
-
In most design scenarios, you’d like to advertise the BGP default route to EBGP neighbors without having a BGP default route in your own BGP table. For example, an ISP might decide to advertise only the BGP default route and local BGP networks to customers multi-homed to a single ISP. To advertise a BGP default route to a BGP neighbor, use the ...
-
If your next hop has the information about how to get to everywhere you need to be able to reach,it is easier to use a default route than to list all the locations exhaustively :). Lets get cracking on IPv6 default routing today !
We will use the above simple network toplogy to configure default routing on Cisco/Juniper ...
-
Rate limit or shaping is always confusing; as to which one to use.The goal of traffic shaping is hard-limiting of sending rate, while the purpose of rate-limiting is usually admission control based on burst sizes. Traffic shaping hard-forces “fixed” sending rate, absorbing and smoothing incoming packet bursts. Rate-limit never smoothes but ...
-
Some differences:
Because OSPF has several checks and balances in regards to neighbor adjacencies, and because those adjacencies are essential for actual routing, their defaults remain the same between the two vendors. These include authentication (except in the case of OSPFv3), hello/dead intervals and area types. One note about authentication: ...
-
RFC stuff is really fun; I will take a look at the implementation of OSPF from the perspective of two well known vendors: Cisco and Juniper.
Do you know the standards?OSPF version 2 is defined in RFC 2328. Like all protocol standards it details every aspect of the protocol. And like all protocol standards it leaves just enough room for ...
-
If you have got a big block of free time, the best way to put that to use is to play with Cisco/Juniper; and thats the reason why i'm not getting married :) Anyways Juniper introduced EX switches, as promised long time before... Here are my findings..EX Switches have Frontal LCD panel for maintenance procedures, isn't it crazy that you can reset ...
-
When you configure an access list that should prevent spammers from misusing your network, You obviously had to figure out the IP address of the ISP’s SMTP server (access lists and object groups accept IP addresses). You can enter a hostname in an IOS ACL … and it works. Actually, IOS performs a DNS lookup when you enter the hostname (assuming you ...
-
I still love Cisco. My one true love. It hurts with you :)
Anyways lets start with Layer 7 traffic filtring on Cisco router. NBAR protocol classification feature has long supported enhanced HTTP URL matching features. However, Cisco documentation site never provided a detailed description of the pattern language used for URL matching; ...
-
-
One of my longtime gripes about IOS is that when you type a new statement to the CLI and hit return, the statement immediately becomes active on the router. For someone as mistake-prone as me, this is a big risk. And given that the majority of network problems are due to human error rather than hardware and software failures, it is a risk for ...
-
In Cisco IOS, Every mode (user mode, privileged mode etc) has help system built in. You can use the magic question mark (?) in user mode as well as in sub-configuration mode.
What if you want to use question mark (?) in description or aspath-regex. :)
Well, to write a question mark in IOS, the escape sequence CTRL-V or ESC-Q must be entered ...
-
NBAR can be used to apply application based filters such as blocking youtube.com traffic. To accomplish this we can categorize traffic based on the HTTP hostname. Next we will create a policy-map that matches the youtube.com class and drops the traffic. Lastly the policy is applied outbound to the Internet. Syntax-wise this would ...
-
The post has been written to answer Mr Drew's asked question.
The NetFlow table on the route processor (RP) captures statistics for flows routed in software and the NetFlow table on the PFC (and on each DFC) captures statistics for flows routed in hardware. In PFC3A mode, NetFlow collects statistics only for routed traffic. With ...
-
I just finished Vol 1 Bridging and Switching labs... again. I'm redoing all of Vol 1 labs, and repeating once more the ones I wasn't able to do without consulting the Doc cd or the lab solutions. My idea is to have an absolute mastership in all technologies focused on Vol 1's labs, before moving on to Vol 2.Volume 1 labs are great to ''solidify'' ...
-
There are 5 max concurrent session in Cisco world. There can be a situation in life in which the max concurrent sessions reach the limits. When addressing such situations, it might help.
The following command on Unix will dump all the TCBs of the remote router:
jahil$ snmpwalk -v 2c -c your_readwrite_community router ...
-
Generally there are no adverse side effects from enabling CEF. The main one to watch out for is that certain debugging will not work for packets that are fast switched. I have spent many unhappy hours struggling unsuccessfully to get the information that I wanted before I realized what the problem was.
As it turns out, the router will ...
-
We have
large WAN infrastructure and recently we implemented Cisco
ACS. During configuration of Cisco
ACS; you will have to define all TACACS+/RADIUS clients; A wildcard may be used to
match all possibilities instead defining hundreds of TACACS+/RADIUS clients one by
one. Well: You
can wildcard the address of the AAA clients. ...
-
Somewhere during testing any successful Network Reachability,
it will be necessary to test the reachability of addresses from each device in
your network. Some people use cut and paste techniques coupled with Notepad to ping
the addresses. Unfortunately, there are numerous drawbacks to this technique. While
this sounds like a great ...
-
A common problem which I
have seen during point to point circuit testing is an Encapsulation
problem. If you work in an organization where you don’t have a control
on the other side then you know what I am talking about. I have seen that if you
are backbone guy and you are setting your router interface to
encapsulation ppp. You will somehow ...
-
One of the greatest
challenges in supporting a large wireless network is testing
authentication from a remote access point. Asking a user to retry a
login multiple times can be time consuming and frustrating.To solve this problem, you can use the test aaa group command to test both RADIUS and TACACS authentication using a user ID and password ...
-
We have large enterprise network supporting distribution routers with multiple interfaces, it’s always a tough task to keep track of adjacencies. There are times where you really wonder whether you want to form adjacencies with all interfaces or not.The solution to this problem has been to configure the routing protocol on all interfaces and ...
-
When connecting a new switch to your network you can accidentally
change your current VLAN database if the new switch has a higher VLAN
Trunking Protocol (VTP) revision number. To avoid this, you must clear
the VTP revision number on the new switch. The easiest way is to change
the VTP domain name to “something_else” and back to ...
-
In normal circumstances Network Engineer used to configure
interface’s with ''no ip proxy-arp''. If, however, static routes use the
interface as the destination instead of a next-hop router, proxy ARP
is required.
Proxy Address Resolution Protocol (ARP) replies are sent to an ARP request destined for another device. When an
intermediate ...
-
VTP was not updating the
configuration on other switches when the VLAN configuration changes.
I checked (show trunk
command) switches are connected through trunk links. Because VTP updates are
exchanged only over trunk links. Keeping in mind that VTP
updates are only exchanged between switches in the same VTP domain. I checked ...
-
One of
the things which has always annoyed me about this argument was people making
the assumption that routing of addresses and registration of addresses was
related. You can have a ''private'' shared address, which is routed on
the Internet. People who can't figure out how to filter, also can't figure out
how to filter RFC1918 ...
-
I
intended to write this month about WLAN Security
something other than switching/routing, system administration, or network
engineering . But I've been spending a bit too much time recently working with
some of the WLAN cracking (''security administration'') tools, to see
how well they work on my own Wireless Access Point (WAP). ...
-
This is one of those
things where I was way over my head. I’ve been trying to set up an 802.1x-protected access point at office with support for EAP, PEAP, and EAP-TTLS. Why? So I could connect to it from Windows XP and
know what it feels like. (it’s one thing to write “Windows XP supports 802.1x”,
it’s another thing to know it).I decided to ...
-
I've observed, people normally think that Cisco networking is
very easy for them to go on. My opinion is different; I understand Cisco approach
is very common; but it’s not the best way to go. In particular order, people should
learn network essentials and it should include Cabling,Physical Interfaces,Network Layer Model ...
-
In our environment a large number of VLANs exist; So we have
a large number of trunk ports inter-connecting switches. During troubleshooting,
I have found that Cisco catalyst switches
often have auto trunking enabled by default. I think this makes them vulnerable
to two different kinds of attacks.
The
first one being the crafting of ...
-
One of our aggressive Network Administrator enabled the ICMP
block at our border routers. Due to his this; I can’t make “ping;traceroute”
neither “pathping”. Also, If your router
enabled ICMP block ; You can’t determine the routing loops; And, it will overload router CPU and Memory as well. The router can be configured to
block ...
-
I find it quite odd that as a service provider you would
ever trust your network to auto negotiation. Hard code the port - leave nothing to chance. Is
just one extra command, and you should be doing that after you
label the port, with a description and putting it in a VLAN,
correct ?
With the exception of some cheap NICs (and older ...
-
We have several remote offices that are connected
by various kinds of pipes. The tool that can measure the available
bandwidth and determine where our bottlenecks might be. Take a look at the program pchar. It's available
from:
http://www.kitchenlab.org/www/bmah/Software/pchar/and in the FreeBSD ports tree as ...
-
I recently configured flow-tools called FlowViewer on the flow-tools mailing list ( http://mailman.splintered.net/mailman/listinfo/flow-tools ). Granted it produces web-based text reports and not graphs at this time, it may still be useful to you.http://ensight.eos.nasa.gov/FlowViewer/FlowViewer makes analysis of netflow data quick and easy. The ...
-
Somebody asked me about how to check bandwidth utilization on Cisco switch ports. The most important he is not going to play like SNMP things :) To give him answer simply, Here is
sample output:Switch> show controllers utilizationPort Receive Utilization Transmit UtilizationFa0/1 0 0Fa0/2 ...
-
I’m writing, you are
reading J Well it’s about got damm time. In cases where extremely
high network load presents itself on the interface of a router, it is
possible that other tasks will not be able to run. By default, the Cisco IOS
allocates 5% of the CPU time to the lower priority tasks. During a high load
event, such as a DDOS, this ...
-
In the majority of cases,
Cisco routers perform quite well without any tuning required. However, there do
exist those cases (during an attack, high utilization during special events,
etc.) that require a little extra care and feeding. This post presents some
tuning tips as well as a treatise on the meaning behind the various IOS counters
you ...
-
In these days, we are suffering badly due to unprotected
Saudi Telecom copper wires. The rainy season has been started. We had lost more
than 15 CSU/DSU within a week. In this environment I have learned that we
should use surge protectors/light arresters for such kind of legacy media/devices.
Also network infrastructure ...
-
This is a common problem with Cisco. Many of
their port cards are NOT autosensing. They hard-code to a
specific speed and duplex. The autosensing ones allow you to set
''auto'' on the adapter, the others won't.
If you plug an ethernet port that is hard coded into a typical switch
that has autosensing ports, you will get ...
-
Cisco Clean Access (CCA) is a software solution that can automatically detect,
isolate, and clean infected or vulnerable devices that attempt to access your
network. CCA includes as part of the architecture an Application Program
Interface (API). Lack of authentication while invoking API methods can allow an
attacker to bypass security ...
-
In the last MPLS post,
I discussed how to turn on MPLS service on the router and how to bind the
labels to the IP packets. Today's post focuses on the creation and
configuration of the Virtual Routing and Forwarding (VRF) delivered by Layer 3
MPLS VPNs. The concept of virtual routing is an important aspect of MPLS. It
enables PE routers to ...
-
After configuring the routers to perform
neighbor discovery and label/tag exchange the commands to verify that the
process has completed successfully are as follows:
Neighbor Verification
TAG
E3C2-GE6-0# show tag-switching tdp-neighbor
MPLS
E3C2-GE6-0# show mpls ldp neighbor
The output of these commands will show the
neighbor identity (in ...
-
In addition to MPLS theory, you must be
able to configure the routers as well. The configuration can apply to customer
edge routers, provider edge routers or provider routers. Each of these must be
configured in order for MPLS to work within an enterprise architecture.
Although the responsibility for configuration of each router may vary based ...
-
My network comprises several Cisco
Catalyst® 6500 Series Layer 3 switches and many Catalyst 3500 Series Layer 2
switches. To quickly find the exact location
and network port of a workstation that generates problems such as worms,
viruses, or loss of connectivity, I use the following method:
1. Check for the workstation's IP address,
and ...
-
I have had been actively involved with Cisco
devices since last five-six years. The most interesting one is Router. Routers
constitute the core components of most networks and, as such, securing the
router platform should be the first step toward securing your network.
Working
in different companies Pakistan and KSA ( ...
-
Remote Authentication Dial In User Service (RADIUS) authentication on a
device that is running certain versions of Cisco Internetworking Operating
System (IOS) and configured with a fallback method to none can
be bypassed.
http://www.cisco.com/en/US/products/products_security_advisory09186a00804ae616.shtml
1
|
|
|