VRF Lite means VRF without  the need to run MPLS in the network. VRF Lite allows the network administrator to create multiple routing instances on the same routing device within the enterprise (for instance, it is possible assign the 10.0.0.1/30 IP address on two different interfaces). VRF Lite can be useful when you need to isolate traffic between two networks sharing the same routing platform or if you have multiple networks with overlapping addresses sharing the same physical network. Multiple instances of routing protocols can be used for different VRFs on the same device to exchange routes dynamically with a direct connected device.(...)
Read the rest of Hub & Spoke: an example of VRF-Lite (1,296 words)

© Fabio Semperboni for CiscoZine, 2010. | Permalink | No comment
Post tags: Advanced configuration, Video, VRF

Smartports macros provide a convenient way to save and share common configurations. You can use Smartports macros to enable features and settings based on the location of a switch in the network and for mass configuration deployments across the network.

Each Smartports macro is a set of CLI commands that you define. Smartports macros do not contain new CLI commands; they are simply a group of existing CLI commands.

When you apply a Smartports macro on an interface, the CLI commands within the macro are configured on the interface. When the macro is applied to an interface, the existing interface configurations are not lost. The new commands are added to the interface and are saved in the running configuration file.(...)
Read the rest of Smartports Macros: a useful command (1,974 words)

© Fabio Semperboni for CiscoZine, 2010. | Permalink | One comment
Post tags: Advanced configuration, Smartports Macros, Video

• Rollback configuration
• Restore configuration in case of a broken router

There are two ways to backup: manually (using write command each time that you would save running configuration) or automatically (using software like Ciscoworks, HP OpenView, … ).

In this tutorial, I would explain a different method to backup configuration: the archive command.

Introduced into Cisco IOS Release 12.3(4)T, the archive command permits to save a copy of the current running configuration to different path: ftp, http, https, rcp, scp, tftp servers. Moreover the archive command has other features, but in this article I would use only two of these:

• time-period: it sets the time increment for automatically saving an archive file of the current running configuration in the Cisco IOS configuration archive.
• write-memory: it enable automatic backup generation during write memory; for instance, when I use the ‘write’ command the archive command will be invoked automatically.

(...)
Read the rest of How to use archive command to save configuration (300 words)

© Fabio Semperboni for CiscoZine, 2010. | Permalink | One comment
Post tags: Advanced configuration, Archive, Video

After the upgrading, I have tried to downlad an ISO image but the speed was very low (about 300KB/s and not 700KB/s). Mhhh this is strange! I have begun the troubleshooting but no error, no warning message. So I have reset my current configuration, but nothing… no real improvement.(...)
Read the rest of Slow ADSL with 12.4 IOS version?! (122 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | No comment
Post tags: ADSL, Advanced configuration, Tips

The router is typically segmented into three planes of operation, each with a clearly identified objective:

• the data plane allows the ability to forward data packets
• the control plane allows the ability to route data correctly
• the management plane allows the ability to manage network elements.

The vast majority of packets handled by a router travel through the router by way of the forwarding plane, or data plane. However, the system’s route processor must handle certain packets, such as routing protocols, keepalives, packets destined to the local IP addresses of the router, and packets from management protocols and other interactive access protocols, such as Telnet and Secure Shell (SSH) Protocol. This type of traffic is often referred to as control plane traffic.(...)
Read the rest of CoPP?! What is that? (710 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | One comment
Post tags: Advanced configuration, DOS, QOS, Secure a router, Video

The OSPF protocol is based on link-state technology, which is a departure from the Bellman-Ford vector based algorithms used in traditional Internet routing protocols such as RIP. OSPF has introduced new concepts such as authentication of routing updates, Variable Length Subnet Masks (VLSM), route summarization, and so forth.

An OSPF network can be divided into sub-domains called areas. An area is a logical collection of OSPF networks, routers, and links that have the same area identification. A router within an area must maintain a topological database for the area to which it belongs. The router doesn’t have detailed information about network topology outside of its area, thereby reducing the size of its database.

All areas in an OSPF autonomous system must be physically connected to the backbone area (area 0). In some cases where this physical connection is not possible, you can use a virtual link to connect to the backbone through a non-backbone area. You can also use virtual links to connect two parts of a partitioned backbone through a non-backbone area. The area through which you configure the virtual link, known as a transit area, must have full routing information. The transit area cannot be a stub area.(...)
Read the rest of OSPF Virtual Link (579 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | One comment
Post tags: Advanced configuration, OSPF, Routing, Video

But if you would do it, there is a pretty trick : it’s the “test crash” command, an hidden IOS command. This can help you if you are lucky enough to have the real crash exactly like one of those you can test with “test crash” command.
(...)
Read the rest of Have you never seen a Cisco crash? (346 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | One comment
Post tags: Advanced configuration, Hidden commands, Video

When creating passwords, keep these rules in mind:

• Make passwords lengthy
• Passwords should combine letters, numbers, and symbols. Passwords should not use dictionary words
• Change passwords as often as possible

Strong passwords are the primary defense against unauthorized access to your router. The best way to manage passwords is to maintain them on an AAA server, but not all people can have/manage a AAA server.

Cisco provides a number of enhanced features that allow you to increase the security of your passwords.

For the basic configuration read this article.(...)
Read the rest of Tips for securing Cisco administrative access (1,201 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | One comment
Post tags: Advanced configuration, Secure a router, Tips

See below to understand BPDU attack:

In this example the Ciscozine1 switch is elected Root Bridge due to the lower MAC-address (suppose that all the switches have the same priority).

(...)
Read the rest of How to protect against BPDU attack (840 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | 2 comments
Post tags: Advanced configuration, DOS, Secure a router, Spanning-Tree

The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. A malicious user could then use a packet sniffer running in promiscuous mode to capture sensitive data from other computers, which would not be accessible were the switch operating normally.

Cisco gives you an opportunity to set up protection against this attack with limiting and/or hardwiring some MAC addresses to a dedicated port.(...)
Read the rest of Protecting against MAC flooding attack (1,135 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | 4 comments
Post tags: Advanced configuration, Flooding attack