Routers

Oct 21 2009   5:57AM GMT

Do you think routers are dead?

Posted by: Yasir Irfan
Networking, TechWise TV, ISR Routers, Routers, ISR G2, Web Cast, Cisco Web Cast, Routers Are Dead Long Live the Router

 

Cisco’s TechWise TV is webcasting a  60 minute Episode on 29th of October 2009  with a title ‘”Routers Are Dead. Long Live the Router!” where you can learn the Cisco integrated services router will dramatically simplify your branch architecture and greatly reduce your network management workload.

 

By registering to this web cast you will get the chance to see the technological advances that will enable you to create a truly borderless network, while giving you the convenient, powerful network management features you crave in today’s resource-challenged IT environment.

The Agenda

• ISR G2: New Model New Story
• The ISR Autopsy
• New Modules
• Security Innovation in the ISR
• Collaboration Enablement
• The Service Ready Engine
• Universal IOS
• Long Live the Router

Register now

Dec 13 2008   6:27AM GMT

How to configure an interface to default settings in a Cisco Switch or a Cisco Router?

Posted by: Yasir Irfan
Switches, Cisco, Routers, Switching, Routing and Switching, Cisco IOS, Routing, Cisco 2960, Cisco 2950, Cisco 6500, Cisco Tips, Cisco 3560, Cisco 3745, Cisco 3750-E, Router Troubleshooting, Cisco 877W Router, Cisco 6500 Series Catalyst Switch, Cisco 6503, Cisco Catalyst 6503-E Switch, Cisco Catalyst 6506-E Switch, Cisco Catalyst 6509-V-E Switch, Cisco Catalyst 6509-E Switch, Cisco Catalyst 6513 Switch

This is a cool command to erase just the configuration for a particular interface in a Cisco Switch or a Cisco Router.

In the following example we will configure the interface fast Ethernet 0/9  to default configuration

Current Configuration for fast Ethernet 0/9  

ITKE-Cisco#sho running-config interface fastEthernet 0/9

Building configuration…

 

Current configuration : 85 bytes

!

interface FastEthernet0/9

 switchport access vlan 100

 switchport mode access

end

ITKE-Cisco

 

Now we will configure the fast Ethernet 0/9 to default configuration using the following command

“default interface fastEthernet 0/9” 

ITKE-Cisco#configure t

Enter configuration commands, one per line.  End with CNTL/Z.

ITKE-Cisco(config)#default interface fastEthernet 0/9

Interface FastEthernet0/6 set to default configuration

ITKE-Cisco(config)#

 

Running configuration for fast Ethernet 0/9 after configuring to default settings

ITKE-Cisco#sho running-config interface fastEthernet 0/9

Building configuration…

 

Current configuration : 68 bytes

!

interface FastEthernet0/9

 switchport mode dynamic desirable

end

 

ITKE-Cisco#

Nov 12 2008   5:18AM GMT

Cisco Gifts Mega Router – Cisco Aggregation Services Router 9000 (ASR 9000)

Posted by: Yasir Irfan
Routers, Routing, Cisco News, ASR 9000, Aggregation Services Router, Mega Router

Today, Cisco announced a little something to help clear the way. The world’s largest maker of networking equipment unveiled a new member to its growing family of routers custom-made for the Information Age. Known as the Cisco Aggregation Services Router 9000 (ASR 9000), the company says the machine has six times more capacity and is four times faster than any other router in its class. In fact, the company says, the brawny router is more powerful than any other competing router, period.

  

Pic Courtesy: Cisco

The ASR 9000 also includes new technologies for proactively managing notoriously challenging video signals. It makes corrections and ensures picture quality for ultra-clear high-definition TV and other video services, Cisco executives say.

For more details check the press release from Cisco.

Sep 24 2008   6:27PM GMT

How to turn a Cisco Router into ASA..

Posted by: Yasir Irfan
Cisco, Routers, Cisco IOS, Cisco ASA, ASA/PIX, Basic Firewall, Cisco IOS Firewall, ZFW

Guess what your Routers  support zone-based policies, which really helps with multi-interface restrictions (rather than just one outside & one inside interface with individual access list applications). Likewise, it now supports application inspection to catch those scandalous peer-to-peer programs.  

Courtesy: Cisco

Cisco IOS® Software Release 12.4(6)T introduced Zone-Based Policy Firewall (ZFW), a new configuration model for the Cisco IOS Firewall feature set. This new configuration model offers intuitive policies for multiple-interface routers, increased granularity of firewall policy application, and a default deny-all policy that prohibits traffic between firewall security zones until an explicit policy is applied to allow desirable traffic. For more details do access this document from Cisco.

Sep 14 2008   7:00AM GMT

Learn How to secure your Cisco router with Cisco’s Secure Device Manager (SMD) Firewall Policy Wizard.

Posted by: Yasir Irfan
Networking, Cisco, Routers, SDM, access-lists, Basic Firewall, Cisco IOS Firewall, Cisco Security Device Manager, Cisco 877W Router

This document describes how to use the Cisco Security Device Manager (SDM) to secure your Cisco router. The Cisco Security Device Manager (SDM) firewall policy wizard can help make things easier for the first time users who are not comfortable with the Cisco CLI commands.In this example let’s configure the basic firewall using the Cisco Security Device Manager (SDM) firewall policy wizard. For this example a Cisco 877W router with an IOS version 12.4(4)T8  is used with SDM version 2.5.

Using the Cisco Security Device Manager (SDM) Firewall and ACL task section , you can create new Firewall and ACL.

 

The Cisco Security Device Manager (SDM) offers wizard to create either a Basic Firewall or an Advance Firewall. Now you are thinking what is the difference? The Basic Firewall won’t allow you to configure a DMZ zone where as the advance firewall does.

As we are not interested in creating a DMZ zone lets proceed with a Basic Firewall option as shown in the below figure A

Figure A

Th below figure explains how the basic firewall Configuration Wizard applies its template policy to the inside and outside interfaces. The wizard will give you the opportunity to which interface is which. The new policy will inspect TCP, UDP and other protocols that travel from inside to outside zone. It will block IM, P2P, MSN, Yahoo and AOL  IM traffic. It will also deny any unsolicited traffic coming on to the outside interface Figure B

Click Next, which will take you to the basic firewall Interface Configuration screen, as seen in figure B. This is where you can select which interface will be the inside and which will be the outside.

After you have made your selection, click Next. This takes you to the Basic firewall Security Configuration screen, as shown in figure C. Choose the level of Security for the firewall: High, Medium, or Low.

I choose Medium Security and clicked the preview commands button to review the commands this settings would apply.Figure C

When you see the output, you are pleased as you didn’t have to type all those commands manually

Figure D

Click Next. This takes you to the Basic Firewall Domain Name Server Configuration Screen, as shown in figure D. Specify the primary & secondary DNS server, and click Next. The Firewall Configuration summary screen sums up our choices as shown in figure E. Then click Finish.

Figure E

After successful completion of the above mentioned steps you can always review the changes as shown in figure F by clicking Edit Firewall Policy tab

Figure F

Sep 3 2008   10:13AM GMT

Enhanced Show interfaces commands in a Cisco Routers & Cisco Catalyst Switches.

Posted by: Yasir Irfan
Switches, Routers, Cisco 2950, Cisco 6500, Cisco Tips, Cisco 3745, Show commands, IOS commands

Enhanced Show interfaces commands in a Cisco Routers & Cisco Catalyst Switches.

I was amazed to see many options available with “show interfaces commands which are undocumented, most of these commands are available in IOS release 12.2(44) (may be available with earlier versions, if so do comment).

Some of the undocumented commands are as follows
1) Show interfaces description displays interfaces names, Line and Line protocol status and interface description. Extremely useful to know the status of interfaces which are up or down.
2) Show interfaces counters protocol status displays the L3 protocols active on each interface.
3) Show interfaces summary displays the state of various interface queues and related drop counters in a good tabular format.
4) Show interfaces accounting displays per-protocol in/out counters.

Here are few sample outputs:

Sample Output from Cisco 3745 Router
MBGF-DAC-3745R01#sho interfaces description
Interface                      Status         Protocol Description
Fa0/0                           up             up       WAN connection THru. Bayanat
Fa0/1                            up             up       Connected to LAN
Tu0                                up             up      
MBGF-DAC-3745R01#

Sample output for Cisco 3560 Switch
MBGF-DAC-3560-AS02#sho interfaces description
Interface               Status         Protocol       Description
Vl1                               up             up      
Vl50                            up             up      
Gi0/1                          up             up      
Gi0/2                          up             up      
Gi0/3                          up             up      
Gi0/4                          up             up      
Gi0/5                          up             up      
Gi0/6                          up             up      
Gi0/7                          down           down    
…… 
Gi0/25                         up             up                con2 Khalid
Gi0/26                         down           down    
Gi0/27                         down           down    
Gi0/40                         up             up             CON2-DCAP-50
Gi0/41                         up             up      
Gi0/42                         up             up      
Gi0/43                         up             up  

Gi0/52                         up             up      
MBGF-DAC-3560-AS02#
MBGF-DAC-3745R01#show interfaces counters protocol status
Protocols allocated:
 FastEthernet0/0: Other, IP, DEC MOP, ARP, CDP
 FastEthernet0/1: Other, IP
 Tunnel 0:        Other, IP
 
MBGF-DAC-3560-AS02#sho interfaces counters protocol status
Protocols allocated:
 Vlan1: Other, IP, ARP
 Vlan50: Other, IP, ARP
 GigabitEthernet0/1: Other, IP, Spanning Tree, CDP
 GigabitEthernet0/2: Other, IP, Spanning Tree, CDP
 GigabitEthernet0/3: Other, IP, Spanning Tree, CDP
 GigabitEthernet0/4: Other, IP, Spanning Tree, CDP
 GigabitEthernet0/5: Other, IP, Spanning Tree, CDP
 GigabitEthernet0/6: Other, IP, Spanning Tree, CDP
Allocation failures: 0
MBGF-DAC-3560-AS02#
MBGF-DAC-3745R01#sho interfaces summary

 *: interface is up
 IHQ: pkts in input hold queue     IQD: pkts dropped from input queue
 OHQ: pkts in output hold queue    OQD: pkts dropped from output queue
 RXBS: rx rate (bits/sec)          RXPS: rx rate (pkts/sec)
 TXBS: tx rate (bits/sec)          TXPS: tx rate (pkts/sec)
 TRTL: throttle count

  Interface                    IHQ   IQD  OHQ   OQD  RXBS RXPS  TXBS TXPS TRTL
————————————————————————
* FastEthernet0/0          0     0    0     0 10803000  1233 1511000  873    0
* FastEthernet0/1          0     0    0     0 1379000  876 10614000  1237    0
* Tunnel0                         0     0    0     0 10664000  1233 1414000  873    0
NOTE:No separate counters are maintained for subinterfaces
     Hence Details of subinterface are not shown
MBGF-DAC-3745R01#

MBGF-DAC-3560-AS02#sho interfaces summary

 *: interface is up
 IHQ: pkts in input hold queue     IQD: pkts dropped from input queue
 OHQ: pkts in output hold queue    OQD: pkts dropped from output queue
 RXBS: rx rate (bits/sec)          RXPS: rx rate (pkts/sec)
 TXBS: tx rate (bits/sec)          TXPS: tx rate (pkts/sec)
 TRTL: throttle count

  Interface               IHQ   IQD  OHQ   OQD  RXBS RXPS  TXBS TXPS TRTL
————————————————————————-
* Vlan1                                0     0    0     0     0    0     0    0    0
* Vlan50                             0     0    0     0  1000    2  1000    2    0
* GigabitEthernet0/1       0     0    0 54684     0    0  2000    3    0
* GigabitEthernet0/2       0     0    0 54675     0    0  3000    3    0
* GigabitEthernet0/3       0     0    0 54675     0    0  2000    3    0
* GigabitEthernet0/4       0     0    0 54688     0    0  2000    3    0
* GigabitEthernet0/5       0     0    0 54664     0    0  2000    3    0
* GigabitEthernet0/6       0     0    0 54663     0    0  2000    3    0
………
  GigabitEthernet0/46      0     0    0   274     0    0     0    0    0
* GigabitEthernet0/47      0     0    0  5036     0    0  2000    3    0
* GigabitEthernet0/48      0     0    0 16702     0    0  3000    3    0
* GigabitEthernet0/49      0     0    0     0 10000   18     0    0    0
 * GigabitEthernet0/52      3     0    0     0 389000  208 1652000  223    0
MBGF-DAC-3560-AS02#

MBGF-DAC-3745R01#show interfaces accounting
FastEthernet0/0 WAN connection THru. Bayanat
                Protocol    Pkts In   Chars In   Pkts Out  Chars Out
                   Other          0          0      78271    4696260
                      IP  228129752  604147266  238404086 3496449051
                 DEC MOP          0          0       1304     100408
                     ARP      61201    3672060        230      13800
FastEthernet0/1 Connected to LAN
                Protocol    Pkts In   Chars In   Pkts Out  Chars Out
                   Other      13048    5206152      78271    4696260
                      IP  239500045 3032167184  230865599 2990242469
                 DEC MOP          0          0       1304     100408
                     ARP      97797    5867820      75355    4521300
Tunnel0
                Protocol    Pkts In   Chars In   Pkts Out  Chars Out
                      IP  228294310 1722638248  238403420  156253505
MBGF-DAC-3745R01#

Aug 23 2008   6:04AM GMT

Discover Cisco Network Assistant (CNA)

Posted by: Yasir Irfan
Networking, Switches, Cisco, Routers, SNMP, Cisco 2950, Cisco Tips, Cisco 3560, Cisco 3750-E, Cisco 3560-E, Network Troubleshooting, Network Inventory, Cisco Network Assistant

Cisco Network Assistant (CNA) is a PC-based graphical network management application which is free tool included when a new Cisco Switch is purchased. Cisco Network Assistant (CNA) is capable of managing the standalone Cisco Switches and clusters of Cisco Switches in your intranet. Cisco Network Assistant (CNA) is best suited for Small to Mid Sized LANS. . Cisco Network Assistant (CNA) supports wide range of Cisco Catalyst Switches from Cisco 2900 through Cisco Catalyst 4506. The Cisco Network Assistant (CNA) manages many of the critical functions of a Cisco Switches & is optimized for wired and Wireless LANs (WLANs). The Cisco Network Assistant (CNA) provides a centralized network view and allows network administrators to employ its features across Cisco switches, routers, and access points.  With Cisco Network Assistant (CNA) a Network Administrators can easily apply common services, generate inventory reports, synchronize passwords and employ features across Cisco Switches, routers and access points.   Cisco Network Assistant (CNA) is available at no cost and can be downloaded from the Cisco Network Assistant Software Download.

 

What’s new in Cisco Network Assistant (CNA) Version 5.4?

Increased device limits: Supports up to 40 switches and routers

Enhanced discovery: Discover devices with subnet or IP range 

Diagnostics: Conduct on-demand or scheduled tests to verify hardware functionality 

Command-line interface (CLI) preview: View CLIs before they are sent to the device

In my next article I will focus on how to use the Cisco Network Assistant (CNA).

Aug 12 2008   6:56AM GMT

Juniper Networks launches Network and Security Manager (NSM)

Posted by: Yasir Irfan
Network Security, Security, Switches, Routers, NSM, Juniper, Network and Security Manager

Juniper Networks is expanding its network and security management capabilities across routing, switching and security infrastructure with the launch of the Network and Security Manager (NSM).

The new Network and Security Manager (NSM) offers centralized management for Juniper Networks J-series services routers, EX-series Ethernet switches, Secure Access SSL VPN and firewall/VPN and Intrusion Detection and Prevention appliances, and the newly announced Unified Access Control (UAC) solution.

The Network and Security Manager (NSM) enables high-performance businesses to consolidate and simplify the management of their network infrastructure to increase security, reduce cost and realize operational gains.

 

Overview

Network and Security Manager (NSM) is a powerful, centralized management solution that controls the entire device life cycle of firewall/IPSec VPN, Secure Access (SSL), Infranet Controller (IC), J-series and EX-series switches (JUNOS® software). NSM handles the basic setup and network configuration with local and global security policy deployment for these products. Unmatched role-based administration allows IT departments to delegate appropriate levels of administrative access to specific users, minimizing the possibility of a configuration error that may result in a security hole. NSM can scale from small to large enterprises with NSMXpress and NSM Central Manager as a plug-and-play appliance preloaded with the latest version of NSM software.

Watch how to Manage Your Network Security

Datasheets

• Juniper Networks Network and Security Manager
  
• Juniper Networks NSMXpress
• Juniper Networks Network and Security Manager Central Manager (NSM Central Manager)

Brochures

• Juniper Networks Intrusion Detection and Prevention Solutions

Aug 5 2008   6:52AM GMT

Show Commands in Cisco Routers and Layer 3 Switches(Most commonly used)Series -2

Posted by: Yasir Irfan
Networking, Switches, Cisco, Routers, Cisco Tips, Cisco 3560, Show commands, IOS commands, Router Troubleshooting

In my previous post I tried to cover some of the show commands which are quite useful to any Network Administrator to manage the day to day activities. In this post I will try to complete the set of 10 show commands I selected.

1. Show access-list

The show access-list displays the contents of each access list. It is very helpful in troubleshooting filtering issues.  But this command does not show you where each access list is applied.

2. Show ip interface

The show ip interface command displays very useful information about configuration & status of IP protocols, it services on all available interfaces.  The show ip interface command also provides information about the access lists applied in all interfaces and also in which direction. This kind of information is not shown by the “show access-list” command. Even the “show run” command displays the information about access lists.

3. Show cdp neighbor detail

The show cdp neighbor detail command displays the information about all the neighboring devices connected with most valuable information like IP addresses, platform and host names. The show cdp neighbor details is very helpful to troubleshoot the connectivity issued and can also used to find out how devices are connected to each other especially when there is nor proper network layouts.

4. Show version

The show version command displays the detail information about the IOS installed, file named used for the IOS along with the version of IOS, router configuration register, model of the router , when the router was rebooted last time of course the amount  of RAM and flash.

 5. Show flash

The show flash command displays the contents of the flash and the size of the IOS files and the size of the flash and freely available flash. It’s useful whenever the IOS is upgraded to check the amount of free space available.  

Aug 2 2008   6:43AM GMT

Show Commands in Cisco Routers and Layer 3 Switches(Most commonly used)Series -1

Posted by: Yasir Irfan
Switches, Cisco, Routers, Cisco 2950, Cisco 6500, Cisco Tips, Cisco 3560, ASA/PIX, Cisco 525, PIX 525, Cisco 3745, Cisco 3750-E, Cisco 3560-E, Show commands, IOS commands, Router Troubleshooting

Some of the widely used commands in Cisco routers are just simple unavoidable, among the most commonly used commands in a Cisco Routers are “show” commands. These commands are essential to Network Administrators. Here is a list of those commands. I will try to cover this in two series. Here is the first series

1. Show running-configuration

The show running-configuration command shows the complete current running configuration in a router, firewall or a switch. Using show running-configuration command a network administrator can troubleshoot almost all issues related routing, filtering secure access, encapsulation, interface mismatch, and many more issues.

2. Show startup-configuration

The show startup-configuration command shows the configuration that is saved on the NVRAM. It is helpful in knowing the configuration that will be applied the next time the routers is reloaded. And also this command is useful in knowing the configuration that was loaded at the start-up of the router before making changes to it.  3. Show Interface

The Show interface command shows the status and statistics of the router interfaces. The show interface command is useful to troubleshoot the routing and link issues. The show interface command output includes interface status, interface IP address and subnet mask, protocol status on an interface, encapsulation type, bandwidth, utilization and much more information related to interface operation.

4. Show ip route

The show ip route command shows the routers routing table.  Routing protocols used and what networks these protocols are advertised. The show ip route command is used to troubleshoot routing problems.

5. Show ip protocols

The show ip protocols displays the routing protocols used in a router and the networks to which these protocols are advertised. It also shows the sources of the routing updates received and very helpful to troubleshoot routing issues.