Network technologies and trends

November 18, 2009  1:06 PM

How to archive your Cisco Router or Switch Configuration?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Do you all know there is a great way to archive the tasks you carry out in your Cisco Router or a Cisco Switch? Especially whenever you perform a “write memory or copy run start” in your Cisco Router or a Cisco Switch.

Most people do not realize starting an IOS version 12.3 (4) T and higher an “archive” and “archive config” commands were introduced by Cisco Systems.

The main advantage of advantage of an “archive” command is to have incremental backups of your Cisco Router or Switches configurations and for some reasons if you have blowup with the configuration then using the this feature you can retrieve the old configuration file into your Cisco router or switch.

The “archive config” command allows you to save Cisco IOS configurations in the configuration archive using a standard location and filename prefix that is automatically appended with an incremental version number (and optional timestamp) as each consecutive file is saved.
Once the maximum number of file saved in the archive, the oldest file will be automatically replaced by the next file.

The “show archive” command displays information for all configuration files saved in the Cisco IOS configuration archive.
In this example, we will save the archive configuration files on the flash memory; however, you can also store the configuration files remotely using such protocols as FTP, HTTP, HTTPS,RCP, SCP, and TFTP.
By using following set of commands we can enable archive feature in a Cisco Router or a Cisco Switch provided the IOS version is either 12.3 (4) T or higher . In this example, the location and filename prefix is specified as disk0: itkebackup

ITKE-AS0 (config)#archive

ITKE-AS01(config-archive)#path flash:itkebackup

To save the current running configuration in the configuration archive use the “archive config” command as shown below

ITKE-AS01# archive config

The “show archive” command displays information of the files saved in the configuration archive as shown in the following example:

ITKE-AS01#show archive

         There are currently 3 archive configurations saved.

         The next archive file will be named flash: itkebackup -3

         Archive # Name


         1 flash: itkebackup -1

         2 flash: itkebackup -2 <- Most Recent















By using the “configure replace flash” command you can restore the configuration

ITKE-AS01#configure replace flash: itkebackup -2

         This will apply all necessary additions and deletions

         to replace the current running configuration with the

         contents of the specified configuration file, which is

         assumed to be a complete configuration, not a partial

         configuration. Enter Y if you are sure you want to proceed. ? [no]: y

         Total number of passes: 0

         Rollback Done

The “archive” command is quite handy to keep the he is great for keeping multiple copies of the running config in an archive.

November 17, 2009  12:02 PM

ManageEngine IT360 makes the Business Service Management Easy

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

ManageEngine has recently launched their latest Business Service Management (BSM) Solution “ManageEngine IT 360”. Last week I had a chance to download the 60 day trial version and test the suite.

Since I am much into Networking I started using their Network Monitoring module which seems to be more promising and simpler. The best thing which encouraged me download the 60 day trail version was the agentless monitoring of the network applications. ManageEngine recommends installing the application at least with a 8 Giga of RAM, with 2 GHZ Quad Core Processor and 32 Bit Windows Server 2003/2008 Enterprise Edition.

Unfortunately all my Servers are occupied and I had no servers to install. I found a DELL XPS 630i Machine lying in my office. I thought let me try to install the ManageEngine IT 360 application in the DELL XPS 630i machine. Due to my bad luck the installation of Windows Server 2003 on DELL XPS 630i machine failed, so I was forced to install the ManageEngine IT 360 with Windows XP. The installation was smooth and everything work perfect for me. The best thing I liked is the easy installation and everything can be managed very easily. The DELL XPS 630i machine was capable of supporting the ManageEngine IT 360 without any hassles. I just tried the Network Monitoring module and I am able to monitor all my Cisco Switches, Routers and Firewall. The ManageEngine IT360’s Business Dashboard interface seems to be more promising and it’s customizable as well. Since I am using the Network Dashboard it gave me all the info I am looking for like Device Summary, Top 10 Interface, Top 10 Bandwidth utilized interfaces, Event Summary and Top 10 CPU utilization.

In brief the ManageEngine IT360 is amazing, especially an out of box application which is capable of monitoring networks, servers, databases and Applications. Surely the ManageEngine IT360 can give your IT Operations Team a single pane of glass to troubleshoot performance issues quickly. The integrated Service Desk with support for Ticketing, Problem Management, Change Management, Knowledge Base, automated Trouble ticketing etc makes workflows in production simpler, thereby making efficient use of IT Personnel. Try downloading the 60 day trial version.

Some Key Features of ManageEngine IT360 are
Integrated Network, Server and Application Performance Management that helps IT Operations
• Network Performance Management (Availability, Performance, Traffic Analysis)
• Systems and Database Performance Management • Monitor Key Performance Indicators
• Trend Analysis and Reporting
• Capacity Planning
Business Service Management which helps Business Managers
• End User Experience Management
• Monitor Key Business Metrics
• IT Service Desk with Support for ITIL • Service Level Management
• IT Asset Management

November 17, 2009  6:38 AM

How to disable SSH in Cisco Devices?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

We all know the importance of SSH, and it is one of most used method for remote access of Cisco Devices either it might be a Cisco Router or a Cisco Switch. Most of the Network Engineers I come across say it is so complicated to either enable or disable the SSH in Cisco Devices.

 If you simply try to use “no commands” used to enable SSH it will not work. Here is the tip to disable the SSH in either Cisco Router or Cisco Switches.

 Commands used to enable SSH in a Cisco Device

ITKE-AS1(config)#ip domain-name

ITKE-AS1(config)#crypto key generate rsa general-keys modulus 512

The name for the keys will be:


% The key modulus size is 512 bits

% Generating 512 bit RSA keys, keys will be non-exportable…[OK]



ITKE-AS1(config)#aaa new-model

ITKE-AS1(config)#aaa authentication login default local

ITKE-AS1(config)#aaa authentication exec default local


Commands used to disable SSH in a Cisco Device

Do notice if you use the command “no crypto key generate rsa” it will not work rather the device will suggest you to use the ‘crypto key zeroize rsa’ command, amazing isn’t it

ITKE-AS1(config)#no crypto key generate rsa

% Use ‘crypto key zeroize rsa’ to delete signature keys.


ITKE-AS1(config)#crypto key zeroize rsa

% All RSA keys will be removed.

% All router certs issued using these keys will

will also be removed.

Do you really want to remove these keys? [yes/no]: yes


November 14, 2009  11:13 AM

HP buys 3Com for 2.7 Billion Dollars

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

HP has agreed to its plans to buy router and switching gear maker 3Com for $2.7 billion. This deal will see HP expands its infrastructure portfolio range with 3Com’s routers, Switches and Security products as well it will strengthen the HP position in China thanks to 3Com’s strong presence in China. The transaction is expected to close in the first half of 2010.
The transaction has been sealed at US$7.90 per 3Com share and is yet another example of an acquisition that will present significant competition for Cisco in the networking market, particularly in the data centre space and network convergence.
“Companies are looking for ways to break free from the business limitations imposed by a networking paradigm that has been dominated by a single vendor,” said Dave Donatelli, executive vice president and general manager, enterprise servers and networking at HP, in a statement issued by the vendor.
“By acquiring 3Com, we are accelerating the execution of our converged infrastructure strategy and bringing disruptive change to the networking industry. By combining HP ProCurve offerings with 3Com’s extensive set of solutions, we will enable customers to build a next-generation network infrastructure that supports customer needs from the edge of the network to the heart of the data centre,” he added.
HP points out that the purchase of 3Com will bring strong security capabilities through the vendor’s TippingPoint portfolio. It also states that thanks to extensive testing of 3Com products, it is planning to complete the global roll-out within HP soon after completion of the acquisition.
Let’s see how successful this acquisition will be in terms of capturing the market share from the lead player like Cisco Systems.

November 14, 2009  7:13 AM

How to configure Secure Copy (SCP) in Cisco Devices?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

In my previous post I was talking about the Secure Copy (SCP) what is it?  , now let’s see how to configure Secure Copy (SCP) in a Cisco Router or a Switch.

In order to configure Secure Copy (SCP) in a Cisco Router make sure the SSH is enabled and its working.

Step 1) Lets enable the SSH and AAA features in the Cisco Device


ITKE-AS1(config)#ip domain-name

ITKE-AS1(config)#crypto key generate rsa general-keys modulus 512

The name for the keys will be:


% The key modulus size is 512 bits

% Generating 512 bit RSA keys, keys will be non-exportable…[OK]



ITKE-AS1(config)#aaa new-model

ITKE-AS1(config)#aaa authentication login default local

ITKE-AS1(config)#aaa authentication exec default local


Step 2) In order to use the SCP feature to manage configuration we must have at least once user account with enough privilege to access it


ITKE-AS1(config)#username itke privilege 15 password secret itkeleads


Step 3) Now you are ready to enable the SCP server on:

ITKE-AS1(config)#ip scp server enable



Just by following these 3 simple steps we can enable Secure Copy (SCP) in a Cisco router or a Switch. For any further clarifications you can always have a close look at Cisco’s document on Secure Copy (SCP). 

November 10, 2009  6:07 AM

Fortinet October ’09 Threatscape Report Shows Highest Malware Levels Detected all Year

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

According to the latest Threatscape report (October 2009) released by Fortinet, the total amount of malware detected is more than a year, with levels four times greater than in the previous month (September 2009).

The two main Bredolab variants detected this month were W32/Bredo.G and W32/Bredolab.X, most notably included in fake DHL invoice spam campaigns.

Derek Manky, project manager, cyber security and threat research, Fortinet commented: “We’re seeing record levels of scareware building off volume from September, and the danger in these threats is only becoming more serious as the methods for delivery evolve and the blending of attacks bring more complexity.
“As we’ve seen in the consistency of repeated threats, the old schemes are still proving to be good methods. Enterprises and consumers must take equal responsibility in understanding the disguises of these threats and implementing a multi-pronged security solution that addresses the different and changing characteristics of tried and true tactics,” he added

During the month of October 2009 Scareware tactics have reached all time high, with worst ever attacks reported. Seven of the top ten malware variants detected linked back to scareware, with scareware tactics diverging to include botnets, corrupted advertisements and SEO attacks.

The most notable development in October 2009 was the preponderance of AntiVirus Pro 2010 rogue security software, which when installed will contact a remote server in order to obtain malicious payload and receive updated copies; a trojan downloader named Bredolab which is now downloading AntiVirus Pro 2010 installers and the ZBot keylogger; and the ongoing development of affiliate programs that tempt participants with a handsome pay-out on each software download purchased. Tools and kits are readily available to participating affiliates, accelerating the distribution of scareware and other malicious components.

Read the full October Threatscape report, which includes the top threat rankings in each category.

November 9, 2009  6:47 AM

What is Secure Copy (SCP)?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan


We are all aware of the traditional way of transferring IOS files from and to Cisco Catalyst Switches, Cisco Routers and Cisco PIX/ASA firewall devices using TFPT, FTP and lately https. However there is also one more way to copy the IOS files, which is known as Secure Copy (SCP). The Secure Copy (SCP) is a secure and authenticated method of copying a configuration file or transferring an Image files to Cisco Catalyst Switches, Cisco Routers and Cisco PIX/ASA firewall devices.


Cisco Systems introduced the Secure Copy (SCP) feature in the following IOS releases





This feature was introduced.


This feature was integrated into Cisco IOS 12.0(21)S.


This feature was integrated into Cisco IOS 12.2(25)S.

PIX/ASA firewalls 7.1 and above, FWSM 3.1 and above.


The Secure Copy (SCP) works on SSH protocol on port 22 which is like an encrypted tunnel. This tool is very useful especially to transfer files for upgrades or to perform safe backups.


In my next post you will find the commands to configure SCP in a Cisco Router and Switch.

November 8, 2009  6:10 AM

Kiwi Syslog Server version 9 comes with some great features

Yasir Irfan Yasir Irfan Profile: Yasir Irfan


We all know the importance of logs generated by Cisco Devices. Since long time I am using Kiwi Syslog server to capture the log generated by the Cisco Devices installed in our network. Recently Solar Winds announced the release of Kiwi Syslog Server. Since I was using an old version I downloaded the latest full trail version of Kiwi Syslog Server version 9. In the new version I found some new cool features which are really useful for Network Administrators.


Pic Courtesy: Solar Winds


With new Kiwi Syslog Server you can access the Syslog data from anywhere on the network using the web access this feature is amazing as its easy for me to look at logs periodically no matter where I am.


Some of the key features of Kiwi Syslog Server v9 are as follows.


  • View your syslog data from anywhere on the network via web access – NEW FEATURE!
  • Filter messages and create advanced alerts with Advanced Script Processing
  • Log to any database with ODBC logging
  • Schedule archiving and log maintenance by using Automated Log Archive
  • View syslog messages in multiple windows simultaneously
  • Automatically perform actions based on alerts, including sending email, forwarding messages, triggering audible alarms, sending SNMP trap messages, and paging IT staff
  • Retain the original source IP on forwarded messages as one of many advanced forwarding options
  • Forward Windows event log messages from your Windows servers to your Kiwi Syslog Server using the included Log Forwarder for Windows – NEW FEATURE!
  • Produce trend analysis graphs and email syslog traffic statistics
  • Leverage and share user-created rules, filters and scripts with the Community Content Exchange on thwack – NEW FEATURE!

With new Kiwi Syslog Server v9 my day to day activity is somewhat simplified as I can create filters based on host name, IP address or even event based. I just don’t need to look at each and every log.  It does saves lot of time.

For sure you must try the new Kiwi Syslog Server. It does comes in two versions a free one and a full version with lot features.

November 1, 2009  6:06 AM

Dell teams up with Juniper Networks Inc to offer networking solutions under Dell’s Power Connect brand.

Yasir Irfan Yasir Irfan Profile: Yasir Irfan


As per the recent press release from Juniper Networks Inc, Juniper Networks Inc has reached an agreement with leading PC maker Dell to offer networking solutions under Dell’s Power Connect brand. 


With this deal Juniper and Dell are planning to work together on open, standards-based solutions for virtualized data centers and to create technology solutions using Converged Enhanced Ethernet (CEE).

Juniper and Dell are a formidable team, and together we can deliver significant value for enterprise customers around the world. This OEM agreement is another great step in our sustained and successful push into the enterprise market,” said Gerri Elliott, executive vice president, Strategic Alliances, Juniper Networks. “We have the only infrastructure that includes integrated security, routing and switching running on a single operating system. And that uniform approach is a great benefit to IT organizations, from the smallest to the largest, as they tackle the challenges of an increasingly decentralized landscape.”

[kml_flashembed movie="" width="425" height="350" wmode="transparent" /]

The products Dell will deliver under its PowerConnect brand include the Juniper Networks MX Series services routers, EX Series Ethernet switches and SRX Series services gateways, all running JUNOS® Software. Dell expects to make these products available to customers via its direct and PartnerDirect channels.

  • MX Series Routers — MX Series Ethernet Services Routers offer advanced routing capabilities, such as Multiprotocol Label Switching network virtualization, low-latency multicast, advanced quality of service (QoS), and high availability.
  • EX Series Ethernet Switches — EX Series Ethernet Switches deliver the next-generation of switching technology for todays – and tomorrow’s – networks. With the EX Series, businesses can deploy a cost-effective family of switches that delivers the high availability (HA), integrated security and operational excellence needed today, while providing a platform for supporting future requirements.
  • SRX Series Services Gateways — For organizations supporting extranets, SRX Series Services Gateways can help lower the cost of delivering new capabilities while reducing risk, and satisfying end users. These services gateways integrate leading security, connectivity, and application delivery capabilities into a single platform for a safe, affordable, and consistent high-performance communications foundation.


Finally Dell too started venturing into new business. Dell has also announced that it would be promoting (CRM) software products to its valued customers in American market.  Apart from this Dell is also planning tap the fast growing smart phone market by launching its own smart phone to run on Google’s Android mobile operating system.  

October 21, 2009  5:57 AM

Do you think routers are dead?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan


Cisco’s TechWise TV is webcasting a  60 minute Episode on 29th of October 2009  with a title ‘”Routers Are Dead. Long Live the Router!” where you can learn the Cisco integrated services router will dramatically simplify your branch architecture and greatly reduce your network management workload.

 [kml_flashembed movie="" width="425" height="350" wmode="transparent" /]

By registering to this web cast you will get the chance to see the technological advances that will enable you to create a truly borderless network, while giving you the convenient, powerful network management features you crave in today’s resource-challenged IT environment.

The Agenda

  • ISR G2: New Model New Story
  • The ISR Autopsy
  • New Modules
  • Security Innovation in the ISR
  • Collaboration Enablement
  • The Service Ready Engine
  • Universal IOS
  • Long Live the Router

Register now

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: