It’s quite important for Network Engineers and an essential network troubleshooting technique to utilize the ability of Cisco Catalyst Switches to mirror the traffic and send it to a sniffer for analysis. All Cisco Catalyst Switches support the Switched Port Analyzer (SPAN) feature. The SPAN copies traffic from the specified interface or VLANs and mirrors this traffic to a specified destination interface (SPAN interface). Then you can connect the PC with a sniffing tool (Wireshark) installed on the destination SPAN interface to capture all the mirrored traffic.Let’s see how to configure the SPAN in Cisco Catalyst Switches. To enable the switch SPAN mirroring feature configure the following on the catalyst switch: Configuration Example – Monitoring traffic from a specific interfaceITKEAS01#configure tITKEAS01(config) monitor session 1 source interface gigabitEthernet 0/5
ITKEAS01(config)#monitor session 1 destination interface gigabitEthernet 0/10
The above configuration will capture all traffic from interface gigabitEthernet 0/5 and send it to SPAN port interface gigabitEthernet 0/10
Configuration Example – Monitoring an entire VLAN traffic
ITKEAS01(config)#monitor session 1 source vlan 100
ITKEAS01(config) monitor session 1 destination interface gigabitEthernet 0/10 The above configuration will capture all traffic of VLAN 100 and send it to SPAN port interface gigabitEthernet 0/10
Use show monitor session 1 to verify your configuration.
Are you interested in understanding the latest security trends, if yes then there is a golden opportunity for you all waiting on 16th of December, 2008 at 11:00 CET a Webcast series will be hosted by Cisco which is dedicated to discussing the latest security trends and the solutions available to address these emerging issues .
Pic Courtesy: Cisco Systems
- How today’s business challenges are increasing the need for security
- Evolving technology and staying secure
- Driving a systems approach with a Cisco Self-Defending Network
- An update on Cisco’s Security Solutions Portfolio
- Case studies – Insight into how a variety of organizations have used Cisco Solutions to ensure they stay secure
- Live Q&A
Don’t miss the opportunity to join this online event and have your questions answered live, by a Security expert.Register to attend here
Cisco has extended the recertification for the networking professionals whose certifications are lapsing soon. With this special offer you start recertifying by taking an exam at the regular prick and if you don’t succeed in your first attempt no need to panic , you’ll get a second opportunity to pass the exam that too free.
Picture Courtesy:Cisco Systems.
So, what’s holding you back?
Cisco exams are challenging—that’s one of the reasons they’re so highly valued by IT professionals and employers alike. Because Cisco certification is an investment in your future, we’re offering you a way to help secure your investment. To get details on this special offer and sign-up for a risk-free exam, visit www.pearsonvue.com/cisco/recertify today.Click here to view the Cisco recertification policy. http://www.cisco.com/web/learning/le3/learning_about_recertification.htm
How to Recertify
Renewal requires certification holders to register for and pass the appropriate Cisco recertification exam(s). In order to recertify, exam requirements must be met prior to the certification expiration date. Individuals with an expired certification(s) must repeat the entire certification exam process in order to regain their certification(s). Visit the Cisco Career Certifications Tracking System to check the status of your certification(s).
- CCENT, CCNA, CCDA certifications
- CCNA Voice, CCNA Security, CCNA Wireless
- CCNP, CCDP, CCIP, CCSP, CCVP certifications
- Specialist certifications
- CCIE certification
- Cisco Sales Expert designation
- Start now and prepare with the help of an authorized Cisco Learning Partner or through self-study material from Cisco Press.
- Use the Learning Locator to locate a course near you.
- If you are a Cisco Partner employee, you may use the Partner E-Learning Connection to prepare for your recertification exam(s).
- Register and pass the certification exam(s) with Pearson VUE. Register by phone or by using Pearson VUE’s online registration system at www.pearsonvue.com/cisco/.
As we all aware Cisco conducted a digital crib contest and now the much awaited results are announced and the Winners are
1) Robin Glass for the film “Robin Glass – Digital Crib” (Brazil)
2) Ankur Kapoor for the film “Jasmit Digital Crib” (India)
3) Mark Brindle for the film “Mike Cotton” (United Kingdom)
4) Spike McKenzie for the film “Travis’s Digital Crib” (Australia)
5) Dr. Babu Sundaram for the film “Enga VeeduCHD” (United States)
6) CJ Bruce for the film “DigiCrib(AustinScott)” (United States)
7) Jake Wehrman for the film “Roscoe Wright” (United States)
8) Paul Eduard Schneider for the film “Moving on Fast” (Romania)
9) Jacinta Britton for the film “Mafs DC” (Australia)
10) Dawn Natalia for the film “Larry Natalia’s Crib” (United States)
Viewer’s Choice Winners:
1) Regina Gelfo for the film “Tech Geek Warehouse” (United States)
2) Matthew Collins for the film “Andrew’s Digital Crib” (United States)
3) Jethro Patalinghug for the film “Digital Cribs/Henry Lim” (Phillipines)
4) Alan Gonzalez for the film “Cinthya’s Digital Crib” ( Mexico)
5) Alessandro Merletti de Palo for the film “Public Digital Crib” (Italy)
6) Vivek Rathi for the film “Mixed Media Painting” (India)
7) Chris Hughes for the film “The House That Geek Built” (United States)
8) Lukasz Pruchnik for the film “Arnaud’s Digital Crib” (United States/France)
9) Patrick Smith for the film “A Japanese Digital Crib” (United States/Japan)
10) Varala Aanand for the film “Long Battle with Short” (India)
[kml_flashembed movie="http://www.youtube.com/v/hJOQaxDn9ck" width="425" height="350" wmode="transparent" /]
Dynamic ARP inspection is a security feature which validates ARP packet in a network. Dynamic ARP inspections validates the packet by performing IP to MAC address binding inspection stored in a trusted database (the DHCP snooping database) before forwarding the packet. Dynamic ARP intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks.
Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed.
The switch performs these activities:·
Intercepts all ARP requests and responses on untrusted ports ·
Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before it updates the local ARP cache or before it forwards the packet to the appropriate destination·
Drops invalid ARP packets
So here we go, with the configuration of DHCP snooping on a Cisco Switch. This feature protects the network by allowing the Cisco Switches to accept DHCP response message only from the authorized servers connected to the trusted interfaces in a Cisco Switch.
All Switch to Switch connections are configured as 802.1 1Q Trunk ports.
IP Address and HSRP Details for the Core Switches From the above scenario we have two Cisco 6513 Series Switches as a Core/ Distribution with three VLANS one for management of Switches VLAN 50,VLAN 100 for all the servers and VLAN 101 for clients. Two Cisco 3560 Series Switches as Server Farm Switches and a Cisco 3560 Series Switch as an Access Switch.There are two DHCP servers with an IP address 10.0.1.100 and 10.0.1.101 connected with Server Farm Switches with HP NIC teaming. We configure DHCP Snooping based on above scenario.
The first step to configure DHCP Snooping is to turn on DHCP snooping in all Cisco Switches using the “ip dhcp snooping” command.
All Cisco Switches (config)#ip dhcp snooping Second step is to configure the trusted interfaces, from the above scenario all trunk ports are configured as trusted ports as well as the interfaces G0/7,(ITKESF01 184.108.40.206), G0/17,(ITKESF02 220.127.116.11), G0/9 ITKESF01 18.104.22.168) and G0/18 ITKESF02 22.214.171.124) connected to DHCP servers with IP 10.0.1.100 and 10.0.1.101. Lets configure all trunk ports in ITKEBB01
ITKEBB01(config)#interface range gigabitEthernet 3/21 – 23
ITKEBB01 (config-if)#ip dhcp snooping trust
Now let’s configure all trunk ports in ITKEBB02
ITKEBB02(config)#interface range gigabitEthernet 3/21 – 23 ITKEBB02 (config-if)#ip dhcp snooping trust
ITKEBB02 (config)#interface gigabitEthernet 3/16
ITKEBB02 (config-if)#ip dhcp snooping trust
Now let’s configure the trusted ports for the DHCP servers
ITKESF01(config)#interface gigabitEthernet 0/7
ITKESF01 (config-if)#ip dhcp snooping trust
ITKESF01(config)#interface gigabitEthernet 0/17 ITKESF01 (config-if)#ip dhcp snooping trust
ITKESF02(config)#interface gigabitEthernet 0/9
ITKESF02 (config-if)#ip dhcp snooping trust
ITKESF02(config)#interface gigabitEthernet 0/18 ITKESF02 (config-if)#ip dhcp snooping trust
Now let’s configure the trunk ports Access Switch ITKEAS01
ITKEAS01(config)#interface range gigabitEthernet 0/49 – 52
ITKEAS01 (config-if)#ip dhcp snooping trust
Finally we are going to configure VLANS for DHCP snooping DHCP snooping will used on all the VLANs (VLAN 100 & 101)except management VLAN 50 . Also we will limit the requests rate received in the Access Switch (ITKEAS01) ALL SWITCHES(config)# ip dhcp snooping VLAN 100,101
ITKEAS01(config)#interface range gigabitEthernet 0/1 – 48
Displaying the DHCP snooping
For further reference please do check this article from Cisco about DHCP snooping.
Dear FriendsIn my previous post I was discussing about the DHCP Snooping, it may be hard to believe a DHCP sever can lead to lot troubles in your network. Consider a host sends out DHCP discovery packets, it listens for a DHCP offers packets and accepts the first available offer from a DHCP server. Guess what happens if the host gets a DHCP offer from a rouge DHCP server? The host could end up with using rouge DHCP server with an IP address and the default gateway. The host cannot access any of the resources from your network.
Yes we can prevent this with DHCP snooping thanks to Cisco. DHCP snooping classifies interfaces as either trusted or untrusted. DHCP messages received on trusted interfaces will be permitted to pass through the Cisco switch, but DHCP messages received on untrusted interface in a Cisco Switch results in putting the interface into error disable state. Configuring DHCP snooping in a Network is quite troublesome job but I will try to make things easier for you by using a scenario, which hopefully I am going post soon.
Dynamic Host Configuration Protocol (DHCP) Snooping is a security feature which filters untrusted DHCP messages, this security feature can protects the devices on the network from associating with an unauthorized DHCP server. When the Dynamic Host Configuration Protocol (DHCP) Snooping feature is enabled on a Cisco Switch , the Cisco Switch builds a table of MAC address, IP address lease time , binding type and interface information. In coming posts I will try to explain to how to enable and configure the Dynamic Host Configuration Protocol (DHCP) snooping security feature in a Cisco Switch.
In which slot shall we install the Supervisor Engine in Cisco 6500 Series Catalyst Switches -Series2
Dear Friends in one of my previous post I did explained in which slot the Supervisor Engine SUP720 to be installed in a Cisco 6500 Series Switches. Now let’s proceed further and figure out in a Cisco Catalyst 6506-E Switch, in a Cisco Catalyst 6506-E Switch the Supervisor Engine SUP720 is either installed in slot 5 or 6.
Dear Friends In my previous post I was talking about the HSRP error generated in Cisco 6513 Switches with a Duplicate IP Address. I did open a TAC case with Cisco Systems. I should first of all salute Cisco for the great support to solve this issue. Cisco TAC Engineer Mr. Pradeep was in constant touch with me in this case to resolve the issue. The best part of their support is the use of technology. Mr. Pradeep initiated a Web Ex meeting with me and spent more than hour to check step by step. He helped me a lot and did learned lot of things from Cisco TAC team, like how to approach the problem and what measures should be taken to trouble shoot any problem. Finally we came to the conclusion there are no bugs or errors in the IOS we are using. There are no problems either in hardware or in the current configuration.I would like to quote the solution provided Mr. Pradeep TAC Engineer, Cisco Systems “Let me summarize this issue. You told me that there is one Trojan affected PC/ Host, which is connected to your access switch. Further, you got some duplicate IP address messages on your core switch. During troubleshooting, I have checked and verified that the Cisco’s Switches are working fine. Their configurations were correct. Generally duplicate IP addresses can be impounded by “broken HSRP links” or “incorrect DHCP pool configuration”, or by misconfiguration of switches or STP. I found that this entire setup is configured correctly. Furthermore, I would like to inform you that Cisco’s IOS cannot resolve Trojan issue on any PC. PC has got its own Operating System, and IOS can work only and only on “Cisco’s device”
So now it’s quite clear if you face this kind of problem make sure the infected PC is removed from the network and make sure it s free from any sort of Trojans or Virus.