In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table. The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. A malicious user could then use a packet sniffer running in promiscuous mode to capture sensitive data from other computers, […]

As I explained in the article “Security Device Manager aka SDM“, SDM is a Web-based device-management tool for Cisco routers that can improve the productivity of network managers, simplify router deployments, and help troubleshoot complex network and VPN connectivity issues. What is a virtual private network? A virtual private network (VPN) is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger network (e.g., the Internet) instead of by physical wires. The link-layer protocols of the virtual network are said to be tunneled through the larger network when […]

Discovered during Cisco CCNP course, Tcl (originally from “Tool Command Language“) is a scripting language created by John Ousterhout and introduced from IOS version 12.3(2)T. But what is Cisco Tcl? The Cisco IOS Tcl shell was designed to allow customers to run Tcl commands directly from the Cisco IOS CLI prompt. Cisco IOS software does contain some subsystems such as Embedded Syslog Manager (ESM) and Interactive Voice Response (IVR) that use Tcl interpreters as part of their implementation. These subsystems have their own proprietary commands and keyword options that are not available in the Tcl shell.

Cisco Router and Security Device Manager (SDM) is a Web-based device-management tool for Cisco routers that can improve the productivity of network managers, simplify router deployments, and help troubleshoot complex network and VPN connectivity issues. Network and security administrators and channel partners can use Cisco SDM for faster and easier deployment of Cisco routers for integrated services such as dynamic routing, WAN access, WLAN, firewall, VPN, SSL VPN, IPS, and QoS. Cisco SDM provides a series of easy-to-use wizards that quickly take you step by step through configuring your router, without requiring knowledge of the Cisco IOS software CLI.

QoS (Quality of Service) involves prioritization of network traffic. QoS is the idea that transmission rates, error rates, and other characteristics can be measured, improved, and, to some extent, guaranteed in advance. QoS can be targeted at a network interface, toward a given server or router’s performance, or in terms of specific applications. A network monitoring system must typically be deployed as part of QoS, to insure that networks are performing at the desired level. QoS is especially important for the new generation of Internet applications such as VoIP, video-on-demand and other consumer services.

Introduced in the Cisco IOS Release 12.2(15), Gateway Load Balancing Protocol (GLBP) is supported by Cisco 1700, 2600, 3620, 3631, 3640, 3660, 3725, 3745, 7100, 7200, 7400, 7500 series. GLBP is a Cisco proprietary protocol that attempts to overcome the limitations of existing redundant router protocols (HSRP, VRRP, …) by adding basic load balancing functionality. GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses. Each host is configured with the same virtual IP address, and all routers in the virtual router group participate in forwarding packets. GLBP members communicate between […]

EtherChannel bundles individual Ethernet links into a single logical link that provides bandwidth up to 1600 Mbps (Fast EtherChannel, full duplex) or 16 Gbps (Gigabit EtherChannel) between two Cisco Catalyst switches. All interfaces in each EtherChannel must be the same speed and duplex, and both ends of the channel must be configured as either a Layer 2 or Layer 3 interface. If a link within the EtherChannel bundle fails, traffic previously carried over the failed link is carried over the remaining links within the EtherChannel. There are two protocols used for the link aggregation: Cisco’s proprietary Port Aggregation Protocol (PAgP). […]

As you see in the article “Implementing High Availability with HSRP“, it is quite simple configure Hot Standby Router Protocol. Some cases require a custom configuration, using priority, track, preempt etc…and these are: The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group. The configurations of both routers include this command so that each router can be the standby router for the other router. If you do not use the standby preempt command in the configuration for a router, that router […]

The Hot Standby Router Protocol (HSRP) is a Cisco proprietary first-hop redundancy protocol (FHRP) designed to allow for transparent fail-over of the first-hop IP router, and has been described in detail in RFC 2281. HSRP provides high network availability by providing first-hop routing redundancy for IP hosts on Ethernet, Fiber Distributed Data Interface (FDDI), Bridge-Group Virtual Interface (BVI), LAN Emulation (LANE), or Token Ring networks configured with a default gateway IP address. HSRP is used in a group of routers for selecting an active router and a standby router. In a group of router interfaces, the active router is the […]

Cisco IOS permits to define multiple privilege levels for different accounts. This could be useful when many people work on the same router / switch, but with different roles (operator, tecnhician, network manager) and there is no time to implement an authentication server. There are 16 different privilege levels that can be used. Level 0 is user mode. Level 15 is the privileged mode. Level 1 through 14 are available for customization and use.