Browsing articles in "Tutorial"
Dec
23
2008
How to create a VPN server using SDM

As I explained in the article “Security Device Manager aka SDM“, SDM is a Web-based device-management tool for Cisco routers that can improve the productivity of network managers, simplify router deployments, and help troubleshoot complex network and VPN connectivity issues. What is a virtual private network? A virtual private network (VPN) is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger network (e.g., the Internet) instead of by physical wires. The link-layer protocols of the virtual network are said to be tunneled through the larger network when […]

Dec
13
2008
IOS Scripting with Tcl

Discovered during Cisco CCNP course, Tcl (originally from “Tool Command Language“) is a scripting language created by John Ousterhout and introduced from IOS version 12.3(2)T. But what is Cisco Tcl? The Cisco IOS Tcl shell was designed to allow customers to run Tcl commands directly from the Cisco IOS CLI prompt. Cisco IOS software does contain some subsystems such as Embedded Syslog Manager (ESM) and Interactive Voice Response (IVR) that use Tcl interpreters as part of their implementation. These subsystems have their own proprietary commands and keyword options that are not available in the Tcl shell.

Nov
28
2008
Security Device Manager aka SDM

Cisco Router and Security Device Manager (SDM) is a Web-based device-management tool for Cisco routers that can improve the productivity of network managers, simplify router deployments, and help troubleshoot complex network and VPN connectivity issues. Network and security administrators and channel partners can use Cisco SDM for faster and easier deployment of Cisco routers for integrated services such as dynamic routing, WAN access, WLAN, firewall, VPN, SSL VPN, IPS, and QoS. Cisco SDM provides a series of easy-to-use wizards that quickly take you step by step through configuring your router, without requiring knowledge of the Cisco IOS software CLI.

Nov
19
2008
Cisco Modular Quality of Service Command Line Interface

QoS (Quality of Service) involves prioritization of network traffic. QoS is the idea that transmission rates, error rates, and other characteristics can be measured, improved, and, to some extent, guaranteed in advance. QoS can be targeted at a network interface, toward a given server or router’s performance, or in terms of specific applications. A network monitoring system must typically be deployed as part of QoS, to insure that networks are performing at the desired level. QoS is especially important for the new generation of Internet applications such as VoIP, video-on-demand and other consumer services.

Nov
18
2008
Configuring redundancy with GLBP
glbp

Introduced in the Cisco IOS Release 12.2(15), Gateway Load Balancing Protocol (GLBP) is supported by Cisco 1700, 2600, 3620, 3631, 3640, 3660, 3725, 3745, 7100, 7200, 7400, 7500 series. GLBP is a Cisco proprietary protocol that attempts to overcome the limitations of existing redundant router protocols (HSRP, VRRP, …) by adding basic load balancing functionality. GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses. Each host is configured with the same virtual IP address, and all routers in the virtual router group participate in forwarding packets. GLBP members communicate between […]

Nov
4
2008
Configuring Link Aggregation with EtherChannel
port channel

EtherChannel bundles individual Ethernet links into a single logical link that provides bandwidth up to 1600 Mbps (Fast EtherChannel, full duplex) or 16 Gbps (Gigabit EtherChannel) between two Cisco Catalyst switches. All interfaces in each EtherChannel must be the same speed and duplex, and both ends of the channel must be configured as either a Layer 2 or Layer 3 interface. If a link within the EtherChannel bundle fails, traffic previously carried over the failed link is carried over the remaining links within the EtherChannel. There are two protocols used for the link aggregation: Cisco’s proprietary Port Aggregation Protocol (PAgP). […]

Nov
1
2008
How to optimize HSRP
optimize_hsrp_2

As you see in the article “Implementing High Availability with HSRP“, it is quite simple configure Hot Standby Router Protocol. Some cases require a custom configuration, using priority, track, preempt etc…and these are: The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group. The configurations of both routers include this command so that each router can be the standby router for the other router. If you do not use the standby preempt command in the configuration for a router, that router […]

Oct
29
2008
Implementing High Availability with HSRP

The Hot Standby Router Protocol (HSRP) is a Cisco proprietary first-hop redundancy protocol (FHRP) designed to allow for transparent fail-over of the first-hop IP router, and has been described in detail in RFC 2281. HSRP provides high network availability by providing first-hop routing redundancy for IP hosts on Ethernet, Fiber Distributed Data Interface (FDDI), Bridge-Group Virtual Interface (BVI), LAN Emulation (LANE), or Token Ring networks configured with a default gateway IP address. HSRP is used in a group of routers for selecting an active router and a standby router. In a group of router interfaces, the active router is the […]

Oct
23
2008
Multiple privilege levels
Multiple-privilege-levels

Cisco IOS permits to define multiple privilege levels for different accounts. This could be useful when many people work on the same router / switch, but with different roles (operator, tecnhician, network manager) and there is no time to implement an authentication server. There are 16 different privilege levels that can be used. Level 0 is user mode. Level 15 is the privileged mode. Level 1 through 14 are available for customization and use.

Oct
10
2008
Cisco basic configuration
cisco-basic-configuration

There are some “standards” steps used for basic configuration on your Cisco router/switch: Define the hostname Assign the privileged level Secure console port Secure VTY lines Encrypt the passwords