Browsing articles in "Tutorial"
Jan
6
2014
Dual Internet connections in active/standby mode without BGP
Dual-Internet-connection-in-active-standby-mode-without-BGP-1

Suppose that your company has two independent Internet connections: the first used as main link and the second used ONLY in case of main connection fault. What can we do to avoid a ‘manual’ switch of routing and NAT tables? In general, in this case, the best solution is to use the BGP protocol with bofh providers, but this solution can be very expensive, so are there other ways to implement this process? In my opinion, one of the best solutions is to use IPSLA, PBR and the EEM features togheter, but what are these features? See you below each […]

Dec
19
2013
Show interface in depth
Show-interface-in-depth

In my opinion, a good network engineer must know the “show interface” in depth; indeed, this command is useful to obtain various interface information like drop, duplex mismatch, error, tx/rx load, … Usually, the IOS switch/router have similar “show interface” output; the differences are dictated by devices, interface and IOS. Below a show interface of a TenGigabitEthernet interface. The show is issued on a Cisco WS-C6509-E in VSS Mode with IOS version 15.

Aug
22
2013
How to save configurations using SNMP
How-to-save-the-running-configuration-using-SNMP

Everyone knows there are software to get the configuration using SNMP; but how can you copy the configuration if you don’t have any tool? Let me explain what is SNMP before show you how to implement it. Simple Network Management Protocol (SNMP) is an “Internet-standard protocol for managing devices on IP networks”. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP uses an extensible design, where the available information is defined by management information bases (MIBs). MIBs describe the […]

May
14
2013
Reload in X? Why don’t you rollback or replace the configuration?
PBR-Route-a-packet-based-on-source-IP-address

Do you remember the article ‘How to schedule a reload‘? This feature (reload in ‘x’) is useful when you must apply a critical configuration on a remote device, for instance new route or new acl. In fact, if you happen to lose connection to device after a change, you must wait the device reload to reconnect to it. This can be a solution but there is a better solution: the replace/roolback feature. Introduced in 12.3(7)T IOS, the Configuration Replace and Configuration Rollback features provide the capability to replace the current running configuration with any saved Cisco IOS configuration file. This […]

May
8
2013
Using IP SLA to change routing
Using-IP-SLA-to-change-routing

Cisco IP SLAs is a part of Cisco IOS that allows Cisco customers to analyze IP service levels for IP applications and services by using active traffic monitoring for measuring network performance. With Cisco IOS IP SLAs, service provider customers can measure and provide service level agreements, and enterprise customers can verify service levels, verify outsourced service level agreements, and understand network performance. Cisco IOS IP SLAs can perform network assessments, verify quality of service (QoS), ease the deployment of new services, and assist with network troubleshooting. IP SLAs collects a unique subset of these performance metrics: Delay (both round-trip […]

Apr
23
2013
PBR: Route a packet based on source IP address
PBR-Route-a-packet-based-on-source-IP-address

Everyone knows that the routing table lists the routes to particular network destinations, but is it possible define the next-hop based on source ip, packet size or other criteria? Obviously yes! Policy-based routing (PBR) provides a tool for forwarding and routing data packets based on policies defined by network administrators. In effect, it is a way to have the policy override routing protocol decisions. Policy-based routing includes a mechanism for selectively applying policies based on access list, packet size or other criteria. The actions taken can include routing packets on user-defined routes, setting the precedence, type of service bits, etc.

Feb
28
2013
NAT Virtual Interface aka NVI, what is that?!
Nat-and-PAT-a-complete-explanation-pat-nat-overload

Not everyone knows that from IOS version 12.3(14)T, Cisco has introduced a new feature called NAT Virtual Interface; NVI removes the requirements to configure an interface as either NAT inside or NAT outside. An interface can be configured to use NAT or not use NAT. How to use NVI? It’s easy! You must use the command ‘ip nat source …’ without specifying the inside/outside tag and enable the nat to the interfaces using the command ‘ip nat enable’. For instance, if you use legacy statement:

Feb
20
2013
Using route maps for conditional NAT
Using-route-maps-for-conditional-NAT-main

As explained in a previous article, NAT is the process of modifying IP address information in IP packet headers, while route maps are mainly used to redistribute and manipulate routes (OSPF, BGP, EIGRP, and so on). The question is obvious… What is the relationship between these two features? Static NAT configuration with the route-map option can be used to implement destination-based NAT scenarios where the same inside local address needs to be translated to more than one inside global address, depending on where the traffic is destined.

Feb
16
2013
NAT and PAT: a complete explanation
Nat-and-PAT-a-complete-explanation-static-pat

Network address translation (NAT) is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device. There are two different types of NAT: NAT Static NAT: The simplest type of NAT provides a one-to-one translation of IP addresses. It is often also referred to as one-to-one NAT. In this type of NAT only the IP addresses, IP header checksum and any higher level checksums that include the IP address need to be changed. The rest of the packet can be left untouched (at least for basic TCP/UDP functionality, some higher level protocols may […]

Nov
27
2012
Switchport capture: a good alternative to SPAN port
Switchport-capture-a-good-alternative-to-SPAN-port

Do you remember the article “How to analyze traffic with SPAN feature“? The SPAN port is a feature that mirror traffic (on physical or virtual port) to a specific port. In general, behind this ‘destination’ port can be a traffic analyzer (wireshark, ntop and so on…), an IDS or other appliances. The SPAN feature is a good tool but it has two limitations: The number of SPAN sessions that can be configured is limited. A destination port receives copies of sent and received traffic for all monitored source ports. If a destination port is oversubscribed, it can become congested. This […]