David’s Cisco Networking Blog


December 27, 2008  5:31 AM

10 dumb things you can do to your Cisco router and how to fix them

David Davis David Davis Profile: David Davis

I was shocked! My latest Cisco networking article was VERY popular and I didn’t expect that it would be. So far, it has received over 37 votes and 14 comments. Who knows how many web page impressions it has gotten (well, I guess the webmaster and guy monitoring SEO could tell me but I don’t really care that much).

The title says it all- 10 dumb things you can do to your Cisco router and how to fix them

December 26, 2008  3:26 PM

The 10 Cisco IOS Router file management commands you must know

David Davis David Davis Profile: David Davis

This month I posted another great article over at TechRepublic entitled The 10 Cisco IOS Router file management commands you must know. In this article, I cover how to navigate the Cisco IOS when it comes to managing file systems. Really, it works a lot like the Windows command line. Learn how to view, rename, copy, delete files (and much more) in this latest article!


December 26, 2008  5:21 AM

Exploring entry-level options for using VoIP

David Davis David Davis Profile: David Davis

So what is the least expensive way to get your foot in the door with VoIP? What if you have a “shoestring budget”? I know, I have been there. Network Admins may not be crazy about moving all compan voice to VoIP and having to administer it. However, most Network Admins are interested in learning about VoIP. Learn how you can begin learning about VoIP at the lowest cost possible in my most recent TechRepublic article: Exploring entry-level options for using VoIP.


December 25, 2008  5:16 AM

David’s Border Gateway Protocol (BGP) Resource List

David Davis David Davis Profile: David Davis

For those of you interested in the routing protocol of the Internet – Border Gateway Protocol, or BGP – I have written a number of articles on the topic. I recommend you checkout the following:

All 3 of these articles I wrote for TechRepublic and they offer some great tips!

Also, for the official Cisco BGP documentation, please see: Configuring BGP in the Cisco IOS.


December 25, 2008  4:47 AM

How to Enable Policy-Based Routing in the Cisco IOS

David Davis David Davis Profile: David Davis

Policy based routing (or PBR) is a process that has the router put packets through a route map before routing them.  This may be a good way of sending packets to a particular path for protocol security routes, for instance, instead of using the default shortest path algorithm. 

To use PBR, just identify the route map that you want to use for policy-based routing and then create the route map on the interface. 

Here is the syntax to define the route map for Policy-based routing:
routera(config)# route-map map-tag [permit | deny] [sequence-number]

For more step-by-step how-to information on configuring and using PBR, see my full article: How to use the Cisco IOS Policy-Based Routing Features


December 24, 2008  4:29 AM

Managing Cisco IOS IP Routing Authentication Keys

David Davis David Davis Profile: David Davis

Key management is a way of controlling authentication keys used by routing protocols. You can think of these as “passwords” for your routers. Not all routing protocols can use key management. Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and Routing Information Protocol (RIP) Version 2 use key chains.

You must configure a key chain with keys to enable authentication. Although you can identify multiple key chains, we recommend using one key chain per interface per routing protocol. Upon specifying the key chain command, you enter key-chain configuration mode. A key chain must have at least one key and can have up to 2,147,483,647 keys.

Before you manage authentication keys, authentication must be enabled. To manage authentication keys, define a key chain, identify the keys that belong to the key chain, and specify how long each key is valid.

Each key has its own key identifier (specified with the key key-chain configuration command), which is stored locally. The combination of the key identifier and the interface associated with the message uniquely identifies the authentication algorithm and Message Digest 5 (MD5) authentication key in use.

You can configure multiple keys with lifetimes. Only one authentication packet is sent, regardless of how many valid keys exist. The lifetimes allow for overlap during key changes but please note that the router must know the time.

To configure a key, use the global configuration key chain (name of chain) command then the key-string command inside key configuration mode.

For more information on managing Cisco IOS authentication keys, please see Cisco’s IOS IP Routing Command Reference for the key chain (and other key related) commands.


December 23, 2008  4:27 AM

How to Configure Integrated IS-IS

David Davis David Davis Profile: David Davis

Cisco Integrated IS-IS is part of a link-state Interior Gateway protocol and supports CLNP, IPv4, and IPv6.  To verify your platform support, please see my article covering the Cisco IOS Feature Navigator. An Intermediate-System-to-Intermediate System (IS) operates at Level 1 or Level 2 routing, or both.

Following is a sample configuration showing a router using IS-IS as the IP protocol.

routerB(config)# router isis
routerB(config-router)# net 49.0001.0000.0000.000a.00
routerB(config-router)# interface ethernet1/1
routerB(config-if)# ip address 10.1.1.1 255.255.255.0
routerB(config-if)# ip router isis
routerB(config-if)# interface serial 2/0
routerB(config-if)# ip router isis
routerB(config-if)# ip address 192.168.1.2 255.255.255.0

Additionally, do the show ip route command to verify your configuration. Notice the “i” routes. These are your IS-IS Routes:

RouterB# show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
C 172.21.1.0 is directly connected, Serial5/0
172.22.0.0/24 is subnetted, 1 subnets
i L1 172.22.1.0 [115/20] via 172.21.1.2, Serial5/0
10.0.0.0/24 is subnetted, 1 subnets
i L1 10.1.1.0 [115/20] via 192.168.1.2, Serial2/0

For more information, please see the Cisco documentation on Cisco IOS IP Routing Protocols and Cisco’s Configuring IS-IS for IP on Cisco Routers.


December 20, 2008  3:55 AM

5 Networking buzz words you should know

David Davis David Davis Profile: David Davis

In today’s quick tip, let me offer 5 Networking “buzz words” you should know:

  1. Get VPN – Group Encrypted Transport – Developed by Cisco in 2006 to allow secure connections over the Internet which is very easy to implement and maintain.
  2. GDOI – Group Domain of Interpretation – Provide a “key” to decrypt or encrypt your data – related to ISAKMP – see RFC3547 for more information.
  3. MTU -  Maximum Transmission Unit – In relation to IP, it sets an upper packet size limit for maximum packets.
  4. ICMP – Internet Control Message Protocol -  Messages that are contained within IP packets such as 0 for Echo Reply or 5 for Redirect. ICMP could be called the network managment protocol for IP.
  5. WCCP - Web Cache Communication Protocol – WCCP is a protocol for communication between routers and Web caches. Two versions exist: WCCP Version 1 (WCCPv1) and WCCP Version2 (WCCPv2). The two versions are incompatible. Cisco IOS images can support either of the two versions or both.

For more information see the Cisco Internetworking Terms and Acronyms.


December 15, 2008  3:27 AM

What is ARP and how does it work in the Cisco IOS?

David Davis David Davis Profile: David Davis

The Address Resolution Protocol, or ARP, is a critical protocol in your network infrastructure. What is ARP? It’s an Internet protocol used to map an IP address to a MAC Address. Usually ARP just “works” and you don’t have to do anything about it. However, there are reasons that you may need to make ARP or configure ARP on your router.

Here is how you make a static ARP entry in the Cisco IOS:

In global configuration mode, use:

arp {ip-address | vrf vrf-name} hardware-address encap-type [interface-type]

Here is an example:

arp  10.28.6.14 0700.0800.1834 arpa 

To remove an ARP entry, use the no arp command.

To show arp entries, just type show arp and you will see results like this:

Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.4.2.4               10   0000.0c07.ac14  ARPA   FastEthernet0/0
Internet  10.3.3.3               10   0000.0c07.ac14  ARPA   FastEthernet0/0
Internet  10.3.2.7               10   0000.0c07.ac14  ARPA   FastEthernet0/0
Internet  10.4.2.1               10   0007.b400.1401  ARPA   FastEthernet0/0
Internet  10.3.3.7               10   0000.0c07.ac14  ARPA   FastEthernet0/0

As you can see, the IP addresses are mapped to the hardware/MAC addresses on Ethernet interfaces.

Just a tip, if your device’s MAC address isn’t showing up in the ARP table on a switch or router that it is communicating through, it will never be able to communicate. There must be some reason (like an interface down) that is preventing it from making that Layer 2 (Ethernet) to Layer 3 (IP) connection. You can also use the debug arp command to troubleshoot.

And, one final tip- on a Cisco IOS switch, you can use the show mac-address-table or show mac command to see MAC to IP address mappings.

For additional information on using ARP in the Cisco IOS, please see Cisco IOS IP  Addressing Service documentation.


November 30, 2008  8:10 PM

Filter Web content with Cisco IOS routers

David Davis David Davis Profile: David Davis

I recieved a ton of comments and positive reviews for my latest Cisco article: Filter Web content with Cisco IOS routers. In this article, I cover how you can use a new feature in the Cisco IOS in conjunction with Trend Micro’s web filtering option, to filter web content. While the ability to do this with Trend Micro’s URL filtering service is new, you have been able to do this for some time with Websense and SmartFilter (previously N2H2).

In my new article, I cover how to configure URL filtering and the options available. Read the full article at: Filter Web content with Cisco IOS routers


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: