David’s Cisco Networking Blog


October 5, 2008  8:06 PM

How to set OSPF Limit Retransmissions using OSPF to help the system admin



Posted by: David Davis
Cisco, Routing

The limit for demand and non-demand circuits is set to 24 by default. Sometimes that’s not enough time to ensure that all our data packets are arriving successfully. That’s when this command comes in handy.

Here is the command for limit retransmissions:

limit retransmissions {[dc {max-number | disable}] [non-dc {max-number | disable}]}

The max number is 255 and the disable removes the limit to the number of retransmissions.

It’s basically a 2 step process. Let’s look at some examples to see how simple it is to set this variable.
1. Access your router in configuration mode and access the ospf process
router(config)# router ospf

2. Sets the limit of number of retransmissions for the demand(dc) and non-demand(non-dc)
circuits. We will change the dc circuits to 20 and the non-dc circuits to 30.
router(config-router)# limit retransmissions dc 20 non-dc 30

3. Sets the maximum number of dc retransmissions to 20, and removes the limit for the number of non-dc circuits:
router(config-router)# limit retransmissions dc 20 non-dc disable

4. This command resets the limit retransmissions back to the default of 24:
router(config-router)# no limit retransmissions

For further information and restrictions on limit retransmission, see the Cisco article, OSPF Retransmissions Limit.

October 3, 2008  8:20 PM

Manage network broadcasts on Cisco switches using storm control



Posted by: David Davis
Cisco, Ethernet Switching, Networking

It’s important to protect your organization’s LAN from broadcast storms, which can cause network slowdowns if they become severe. In one of my latest articles, I  explain how you can easily and quickly defend your network by configuring storm control on each Cisco switch interface. For step by step instructions, please read:  Manage network broadcasts on Cisco switches using storm control


October 2, 2008  8:23 PM

David’s articles, videos, and blog over at VirtualizationAdmin.com



Posted by: David Davis
Cisco, Virtualization, VMware


I’d like to share with everyone a new website that I recently started writing for – VirtualizationAdmin.com

This site is started by the same experts who run MSExchange.org, WindowsNetworking.com, and ISAServer.org

At VirtualizationAdmin.com, they offer unique how-to articles, videos, and blog content covering virtualization from all the major virtualization players – especially VMware and Microsoft.

I write a number of the articles, have created some of the video content, have my own blog, and I write the monthly newsletter.

If you are interested in virtualization, I hope you will take a look what I have created over at VirtualizationAdmin.com

Thanks,

David Davis, VCP, CCIE – Train Signal ESX Server video author


September 30, 2008  11:06 PM

What happened to your data?



Posted by: David Davis
Cisco, Networking, Security

The HR department isn’t technical enough to understand that critical & invaluable company data can easily walk out the door (or out the network) any day of the week. There are SO many ways to get data out if you really wanted to. Most companies don’t monitor outbound email, they don’t control what you copy to a thumb drive, nor can they monitor what you might upload to a website or web-based email account. Those are just 3 that come to my head. Today, Cisco announed the 10 most common ways that data is lost from companies (and how to try to prevent it). Below are the 10 most common ways, you can read more about how to prevent it (from a Cisco networking & security perspective) at their website. Whether you use Cisco equipment or not, you need to consider all of these sources of data loss as they may not all be controlled using a “firewall”, let’s say.

The following is from Cisco’s press release: Cisco Research Reveals Common Data Loss Mistakes

Of the many behavioral findings, the 10 most noteworthy were:

    1. Altering security settings on computers: One of five employees altered security settings on work devices to bypass IT policy so they could access unauthorized Web sites. This was most common in emerging economies like China and India. When asked why, more than half (52 percent) said they simply wanted to access the site; a third said, “it’s no one’s business” which sites they access.

    2. Use of unauthorized applications: Seven of 10 IT professionals said employee access of unauthorized applications and Web sites (e.g. unsanctioned social media, music download software, online shopping venues) ultimately resulted in as many as half of their companies’ data loss incidents. This belief was most common in countries like the United States (74 percent) and India (79 percent).

    3. Unauthorized network/facility access: In the past year, two of five IT pros dealt with employees accessing unauthorized parts of a network or facility. This was most prevalent in China, where almost two of three respondents encountered this issue. Of those who reported this issue globally, two-thirds encountered multiple incidents in the past year, and 14 percent encountered this issue monthly.

    4. Sharing sensitive corporate information: In a sign that corporate trade secrets aren’t always secret, one of four employees (24 percent) admitted verbally sharing sensitive information to non-employees, such as friends, family, or even strangers. When asked why, some of the most common answers included, “I needed to bounce an idea off someone”, “I needed to vent”, and “I did not see anything wrong with it.”

    5. Sharing corporate devices: In a sign that data isn’t always in the hands of the right people, almost half of the employees surveyed (44 percent) share work devices with others, such as non-employees, without supervision.

    6. Blurring of work and personal devices, communications: Almost two of three employees admitted using work computers daily for personal use. Activities included music downloads, shopping, banking, blogging, participating in chat groups, and more. Half of the employees use personal email to reach customers and colleagues, but only 40 percent said this is authorized by IT.

    7. Unprotected devices: At least one in three employees leave computers logged on and unlocked when they’re away from their desk. These employees also tend to leave laptops on their desks overnight, sometimes without logging off, creating potential theft incidents and access to corporate and personal data.

    8. Storing logins and passwords: One in five employees store system logins and passwords on their computer or write them down and leave them on their desk, in unlocked cabinets, or pasted on their computers. In some countries like China (28 percent), employees reported storing logins and passwords to personal financial accounts on their work devices, leaving their identity and finances at risk. The fact that some employees leave devices unattended magnifies this risk.

    9. Losing portable storage devices: Almost one in four (22 percent) employees carry corporate data on portable storage devices outside of the office. This is most prevalent in China (41 percent) and presents risks when devices are lost or stolen.

    10. Allowing “tailgating” and unsupervised roaming: More than one in five (22 percent) German employees allow non-employees to roam around offices unsupervised. The study average was 13 percent. And 18 percent have allowed unknown individuals to tailgate behind employees into corporate facilities.


September 30, 2008  10:56 PM

PacketTrap releases new network management system – Perspective



Posted by: David Davis
Cisco, Network Management, Networking, PacketTrap

PacketTrap is a new “startup” network management company. I have been a fan of their free “pt360″ tool that gives you a single console for a variety of network management & troubleshooting tools. Besides the free version, they also have commercial versions of the pt360 that offer more features like built in Cisco management tools.

Recently, PacketTrap launched a whole new product – a network management & monitoring product called “perspective”. Perspective is solely a commercial product but there is the option to “try/eval” it. The name comes from the concept that it shows you the network from the “perspective” of the device that you are monitoring/managing. Perspective competes with products like IPSwitch WhatsUp, Solarwinds Orion, and others. Perspective is meant to be a true enterprise network management & monitoring application. It also integrates with the pt360 troubleshooting tool.

While I am not here to sell you anything, I just like to share the word about new & innovative products (especially the free ones). So, if you are looking for a tool for network management & monitoring, I encourage you to evaluate PacketTrap’s Perspective. Additionally, for network troubleshooting, you should look at pt360 (especially as you can use the free version to start with).


September 30, 2008  10:41 PM

Does your network management utility manage VMware?



Posted by: David Davis
Network Management, Networking, Virtualization, VMware

More and more of the typical “physical computer” management & monitoring tools are being retooled to manage the new virtual infrastructure. I have talked with both Packettrap and Solarwinds and both have rumored that they will soon offer versions of their well known network management tools that will now recognize, not only network devices and physical servers, but the virtual guest operating systems that are on those physical servers.

For example, your network management & monitoring tool could query either each individual ESX server using traditional SNMP calls or it could query the VMware Virtual Center server using VMware’s API to obtain an inventory of what virtual guest is on what physical server, performance statistics for both host and guest systems, and status of guest systems (ie: which are powered on or off).

There are a few challenges that these vendors face:

  • do you go directly to each virtual host or to a centralized management server?
  • do you support only VMware ESX Server or do you try to support other virtualization platforms such as Microsoft’s Hyper-V?
  • how do you learn about guest VMs that have been “VMotion’ed” (for lack of a better term) from one host system to another? And what about the performance statistics when the storage for a guest is “SVMotion’ed” from one datastore to another?

So, “stay tuned”, as they say, for physical tools to now recognize the virtual world. And, if your vendor isn’t already doing this or doesn’t have plans to do it, I recommend that you pressure that vendor to make their product “virutalization ready” (or else you may have to go find another vendor).


September 28, 2008  11:10 PM

How will the Cisco Nexus 1000V change your job role?



Posted by: David Davis
Cisco, Networking, Virtualization, VMware

Recently, I posted a new TechRepublic article about the new Cisco Nexus 1000v. While you cannot even purchase this product yet, I truly believe that it will change the way that virtual networks are administered. Even better, for network admins, it will put the power of network administration back in the hands of the network administrators.

The new Cisco Nexus 1000v virtual switch will integrate with the next version of VMware ESX Server, due out in early 2009.

For more information on this new virtual networking switch, read my article How will the Cisco Nexus 1000V change your job role?


September 23, 2008  6:48 AM

When to prefer Open Shortest Path First (OSPF) route over an EIGRP route



Posted by: David Davis
Cisco, Networking, OSPF, Routing

The shortest path between two points is always a straight line or in this case it’s the administrative distance. OSPF has an administrative distance of 110 while EIGRP has only 90. Therefore, EIGRP would be picked because of its lower administrative cost.

If you want to use OSPF over EIGRP, then change the administrative distance in router configuration mode.  Whether you want to change the distance for all routes in the area (intra-area), the distance from one area to another (inter-area), or the distance from other routing domains (external), you can aim closer to the distance using this command. Currently they all have a default distance of 110 but you can change it with one easy command in router configuration mode. Here is the full command:

distance ospf {[intra-area dist1] [inter-area dist2] [external dist3]}

Also a really good incentive to use the distance ospf command is when you have multiple OSPF processes, and you might want to prefer internal routes from other external routes.  For more information on OSPF, see the article, OSPF Configuration Management with SNMP documentation.


September 22, 2008  6:48 AM

Keep it simple with Route Summarization



Posted by: David Davis
Cisco, Networking, Routing

Summarization lumps a series of subnets, or supernets as they are sometimes called, into a single address. This summarization of various subnets have several advantages. It can drastically reduce the size of your routing table and the recalculation of your network because your routing tables are so much smaller.

Unlike EIGRP and OSPF, RIP and IGRP protocols are two examples of automatic summarization because they do not send the subnet mask to the routing table so you can advertise 1 network instead of several networks.  Class C networks are usually subnetted by ‘borrowing’ host address bits and using them for a portion of the network.  You would enable router summarization with the auto-summary command in global configuration mode. An example of continuous subnets would be converting 211.30.192.0/24 through 211.30.195.0/24.

The end result that you would advertise would be 211.30.192.0/22.

Check out the article on IP Routing Protocols for more information.


September 22, 2008  6:46 AM

Five ways that a Cisco router initiates a routing request out of an interface



Posted by: David Davis
Cisco, Networking, Routing

As I’m sure you know, a switch switches and a router routes. Among other things, It routes packets of data and it routes requests. Listed below are five ways that a router will automatically initiate a routing request.
1. The router has been booted or rebooted.
2. A primary IP address was changed. An interface has several secondary IP addresses but only one primary IP address. If that IP address has been changed, the router will start a routing request out its interface.
3. Of course, if the interface goes down this will automatically cause a routing request.
4. If you make a change to the router’s configuration such as an IP address change.
5. If you issue the clear ip route command.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: