Hi all, the MacBook Air is small, light and has a nice battery life. It is a solid machine if you can work in a Mac based world. But what about the PC equivalent. UltraBooks are the answer to that question and they are impressive. According to the Top Ten Reviews website there are at least 2 Windows based devices that rate better than the MacBook. For me this is good news because as much as I would like to jump onto the Apple bandwagon my work and life are PC centric and I am sure that many fall into the same boat.
The prices of the UltraBooks aren’t all that daunting either. The base price for the highest end UltraBook is around $1,000.00 if you don’t need the added performance. And with and 8 to 10 hour battery life on some of the UltraBooks that makes their usefulness high on my list.
Hi all, as I have mentioned recently the Cisco Live conference registration is now available. Well, I have had some time to look through the course list. I have my wish list of what I want to see on the topic list and hear during the sessions and keynote speech. Some of the key ones are:
- Cisco Jabber vs Lync and what Cisco is doing to make Jabber more competitive
- Virtualization on more of their products. I want to be able to virtualize the Cisco wireless LAN controller and similar devices
- ASA firewall line. There should be big changes coming in this product line.
Hi all, your routers need an IOS upgrade and you have downloaded the bright shiny new IOS version for your router from Cisco. But the download had “issues”. I will let you fill in the “issues” bland there with anything that I am sure you have run across more than 100 times with other downloads. So you want to confirm that the IOS version you have downloaded is intact. What to do …
You would run the verify command on the IOS version. If you issue the command verify then flash:IOS_file_name then the router will perform an IOS check of the MD5 checksum included in the IOS version and give you something like what is below. And that is how you would quickly and easily verfiy IOS file integrity for routers.
MS Lync and Cisco Jabber have started heating up their competitive nature. Cisco has decided to take the fight a step further by making their jabber product free if you one of several versions of their phone system software. This is going to escalate the situation. This should greatly increase the quality and pricing of both products for the customer. I am excited to see where the product goes.
As technology changes so does our expectation of the free software that is out there. WhatsUpGold has a free syslog server that is looks pretty good (in the short amount of time that I have used it at least). From the link below I downloaded the free syslog service and installed it on my Windows Server 2008 server. Immediately it started picking up the devices that had their logging directed to it. A solid starting point for sure.
The software has features for sorting through all of the logging as well. Also among the features is to run the syslog as a service or application and basic alerting. For a small shop that is looking for the basics it is all there for you.
Pings to a Cisco router are not always consistent. In fact it seems that the busier the router is the slower the router responds to pings. Does that mean that the router is dropping traffic going through it as well. No it doesn’t. The routers primary responsibility it to route traffic (among other possible functions). Responding to pings is waayy down on the list of other things that it has on its to-do list. Check out the link below for more information on phenomenon.
Hi all, so last post I noted how to create a basic implementation of the Cisco ZFW. The ZFW is Cisco’s newest IOS or router based firewall. It has many benefits over the older CBAC implementation but the biggest one is that Cisco is going to be doing away with their support for CBAC. But what about logging in the ZFW? How would you enable that? Well, it is very straight forward. In the previous post that I wrote titled “Cisco ZFW Config Example” I gave you part of the configuration.
In the previous post all of the lines that had “inspect” on them also had the line “FW-LOG” on them. Well that was 50% of the work and if you already have those your config then this is going to be really easy. You simply add the lines below to the router in global configuration mode.
parameter-map type inspect FW-LOG
Yep that’s it. Well, you also have to have logging turned on (logging buffered 4096 in case you need to know) and you have view the firewall log by using the command “show log”. There will be more than your firewall events in that log but at those can be filtered out.
Hi all, so you want to use Cisco’s new router based firewall known as the zone-based firewall or ZFW. For all of those unaware the ZFW is the next version of the firewall system that Cisco is going to be using for their routers.
You might be using CBAC or perhaps and ACL and you want to switch to the zone-based method that Cisco is moving to with their firewall system but you don’t know where to start. Below I have outlined how to create a very basic implementation of the ZFW firewall. The comments are the lines that start with exclamation marks as those are excluded when copied and pasted into a running config.
Before the config example though let’s run through a couple of quick points. First, the ZFW needs at least 5 parts. These are the class-map, policy-map, zone definitions, zone pairings and finally applying the zones to the interfaces. You need one zone-pair for each direction that you want traffic to travel in.
! This is the class-map section of the ZFW implementation.
! Here you define the protocols and/or ACL’s you want to use.
! Essentially this is the inspect statements of CBAC if you have used CBAC
class-map type inspect match-any FW_INSPECT_ACL_CM
match access-group name FW_INSPECT_ACL
class-map type inspect match-any FW_INSPECT_L7_CM
match protocol ssh
match protocol ftp
match protocol imap
match protocol https
match protocol dns
match protocol http
match protocol smtp
class-map type inspect match-any FW_INSPECT_L4_CM
match protocol tcp
match protocol udp
match protocol icmp
! Here is where all of the class-maps are brought together.
! Policy-maps are like an aggregation points for the class-maps.
policy-map type inspect FW_INSPECT_PM
class type inspect FW_INSPECT_ACL_CM
class type inspect FW_INSPECT_L4_CM
class type inspect FW_INSPECT_L7_CM
! This is the security zones. Each zone type has a definition.
! For our purposes there are only two definitions.
zone security INTERNET
zone security LAN
! The zone-pairs match the policy-maps with the zones and define the
! direction that they work in.
zone-pair security INTERNET_TO_LAN source INTERNET destination LAN
service-policy type inspect FW_INSPECT_PM
zone-pair security LAN_TO_INTERNET source LAN destination INTERNET
service-policy type inspect FW_INSPECT_PM
! An ACL if you want one.
ip acce extended FW_INSPECT_ACL
permit ip any any
! And finally apply the ZFW entries to the correct ports.
int gig 0/1
zone-member security INTERNET
int gig 0/2
zone-member security LAN
And you are done outside some testing and tweaking. Next post I will explain how to turn on logging for the ZFW.
Joshua Wood has served as an IT Network Administrator for over 8 years. He has a number of certifications including MCSE, CCNA, SMBE, A+ and Network+. Joshua’s expertise includes technical infrastructure, network architecture, implementation, security, disaster recovery planning and management. Including the installation and maintenance of VPNs, Backup Systems, VMWare Virtualization.