Browsing articles in "Tutorial"
Feb
10
2009
Why use HSRP version 2?

Not everyone knows that HSRP, a fault-tolerant default gateway protocol, has two versions: version 1 (the default) and version two. The second version was integrated from IOS Release 12.2(25)S. HSRP Version 2 features: It advertises and learns millisecond timer values. This change ensures stability of the HSRP groups in all cases. It expands the group number range from 0 to 4095 and consequently uses a new MAC address range 0000.0C9F.F000 to 0000.0C9F.FFFF. It provides improved management and troubleshooting: the HSRP version 2 packet format includes a 6-byte identifier field that is used to uniquely identify the sender of the message. Typically, this field […]

Jan
29
2009
The PPDIOO network lifecycle

One of the first topic presented in the “Designing for Cisco Internetwork Solutions (DESGN)” book is about the network design methodology. This methodology is composed by six phases closely related: prepare, plan, design, implement, operate, optimize. As show in this figure, the PPDIOO lifecycle phases are separate, yet closely related.  

Jan
19
2009
Preventing STP forwarding loops
stp_loops_2

The Spanning Tree Protocol is an OSI layer-2 protocol that ensures a loop-free topology for any bridged LAN. Spanning tree allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links. Bridge loops must be avoided because they result in flooding the network. The Spanning Tree Protocol (STP), is defined in the IEEE Standard 802.1D. As the name suggests, it creates a spanning tree within a mesh network of connected layer-2 bridges (typically Ethernet switches), and […]

Jan
5
2009
Protecting against MAC flooding attack
mac_flooding_attack_2

In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table. The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. A malicious user could then use a packet sniffer running in promiscuous mode to capture sensitive data from other computers, […]

Dec
23
2008
How to create a VPN server using SDM

As I explained in the article “Security Device Manager aka SDM“, SDM is a Web-based device-management tool for Cisco routers that can improve the productivity of network managers, simplify router deployments, and help troubleshoot complex network and VPN connectivity issues. What is a virtual private network? A virtual private network (VPN) is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger network (e.g., the Internet) instead of by physical wires. The link-layer protocols of the virtual network are said to be tunneled through the larger network when […]

Dec
13
2008
IOS Scripting with Tcl

Discovered during Cisco CCNP course, Tcl (originally from “Tool Command Language“) is a scripting language created by John Ousterhout and introduced from IOS version 12.3(2)T. But what is Cisco Tcl? The Cisco IOS Tcl shell was designed to allow customers to run Tcl commands directly from the Cisco IOS CLI prompt. Cisco IOS software does contain some subsystems such as Embedded Syslog Manager (ESM) and Interactive Voice Response (IVR) that use Tcl interpreters as part of their implementation. These subsystems have their own proprietary commands and keyword options that are not available in the Tcl shell.

Nov
28
2008
Security Device Manager aka SDM

Cisco Router and Security Device Manager (SDM) is a Web-based device-management tool for Cisco routers that can improve the productivity of network managers, simplify router deployments, and help troubleshoot complex network and VPN connectivity issues. Network and security administrators and channel partners can use Cisco SDM for faster and easier deployment of Cisco routers for integrated services such as dynamic routing, WAN access, WLAN, firewall, VPN, SSL VPN, IPS, and QoS. Cisco SDM provides a series of easy-to-use wizards that quickly take you step by step through configuring your router, without requiring knowledge of the Cisco IOS software CLI.

Nov
19
2008
Cisco Modular Quality of Service Command Line Interface

QoS (Quality of Service) involves prioritization of network traffic. QoS is the idea that transmission rates, error rates, and other characteristics can be measured, improved, and, to some extent, guaranteed in advance. QoS can be targeted at a network interface, toward a given server or router’s performance, or in terms of specific applications. A network monitoring system must typically be deployed as part of QoS, to insure that networks are performing at the desired level. QoS is especially important for the new generation of Internet applications such as VoIP, video-on-demand and other consumer services.

Nov
18
2008
Configuring redundancy with GLBP
glbp

Introduced in the Cisco IOS Release 12.2(15), Gateway Load Balancing Protocol (GLBP) is supported by Cisco 1700, 2600, 3620, 3631, 3640, 3660, 3725, 3745, 7100, 7200, 7400, 7500 series. GLBP is a Cisco proprietary protocol that attempts to overcome the limitations of existing redundant router protocols (HSRP, VRRP, …) by adding basic load balancing functionality. GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses. Each host is configured with the same virtual IP address, and all routers in the virtual router group participate in forwarding packets. GLBP members communicate between […]

Nov
4
2008
Configuring Link Aggregation with EtherChannel
port channel

EtherChannel bundles individual Ethernet links into a single logical link that provides bandwidth up to 1600 Mbps (Fast EtherChannel, full duplex) or 16 Gbps (Gigabit EtherChannel) between two Cisco Catalyst switches. All interfaces in each EtherChannel must be the same speed and duplex, and both ends of the channel must be configured as either a Layer 2 or Layer 3 interface. If a link within the EtherChannel bundle fails, traffic previously carried over the failed link is carried over the remaining links within the EtherChannel. There are two protocols used for the link aggregation: Cisco’s proprietary Port Aggregation Protocol (PAgP). […]