Skip to Content

Cisco

Cisco Systems is a major network technologies company. This tag identifies general information related to the company.

IPv6 Action Plan Video

If you have just been given the task of implementing IPv6 in your company or if you are in the middle of a deployment, you may be asking yourself "How?!" How exactly should you roll out an IPv6 network? Do you configure /64 subnets on point to point links or do you use /127's? How do you secure your network against the initial IPv6 attacks that are available?

These questions and more are covered in this hour long TechWise TV  episode, The IPv6 Action Plan. Some very good points and useful information here, have a look...

Cisco Security Advisory - IKE Resource Exhaustion Attack

If you have ever setup an IPSEC VPN, then you are most likely aware of IKE. IKE is a protocol that can be used to get the first phase of an IPSEC VPN established, a.k.a exchange keys. Well, Cisco has identified a vulnerability in the IKE implementation on Cisco platforms thanks to the work of Roy Hills from NTA Monitor Ltd that could allow a malicious individual to unleash a denial of service on your VPN devices.

What's Vulnerable

Essentially, if your Internet facing VPN devices or border routers
allow anyone on the planet to establish an IKE session with your Cisco
VPN devices (Cisco 3000 VPN Concentrator, Pix, ASA, ISR, etc), then you
are vulnerable.

The issue is pretty much present in anything that supports IPSEC VPNs and doesn't explicitly filter traffic to the VPN devices. Cisco is tracking the issue in the following bug ID's:

CCNA Cert Library, 3rd Edition

A couple months back, I blogged about the pre-order status of the new CCNA Library, 3rd edition. Well, the new edition is now available for purchase. If you are looking to begin your studies toward a CCNA, this would be an invaluable place to start. 

The library includes two books, one for each of the two tests you can take to achieve the CCNA certification. Alternatively you could read both books and take the single CCNA exam. The library also includes updated practice questions, videos, and a network simulator.

CCDE Certification Exams Revised to Version 2.0

If you are studying for the CCDE, that's the design expert certification, then you most likely are aware that you have about a week left before the first version of the written and practical exams are retired. Version 2 of the CCDE written and practical exams will be the only available version beginning October 22, 2011.

If you are interested in more information regarding this announce, here's the official announcement.

For more information about the CCDE certification, here are some helpful links:

CCDE Certification Page

CCDE Data Sheet (PDF)

Let the IPv6 Vulnerabilities Begin

Cisco last week released a slew of security advisories. One that specifically caught my eye is a Denial of Service vulnerability due to "improper processing of malformed IP version 6 (IPv6) packets by Cisco IOS Software."

I've been wondering how long it would take for the exploits to start to trickle in with IPv6. One can only imagine how many vulnerabilities Windows will have with IPv6 enabled by default. Expect to see more of these in the future as IPv6 becomes more prevalent.

The alert details are available here.

The vulnerability details are available here.

How to configure Rate Limit to stop bandwidth hogs

Have you ever had a low speed serial link get overrun by a single user hogging all the bandwidth? Well, there is a quick and easy way to prevent any type of traffic from using up an entire link - rate-limit.

To implement this feature, you simply type in rate-limit under an interface and specify a few parameters such as the allowable bits per second and the burst rate. However, if you do that it will rate-limit all traffic traversing the link which honestly the link will do on its own when traffic exceeds the available bandwidth. A more useful configuration is to include the access-group keyword in the command and point it to an access list that defines the traffic you want to rate-limit.

To demonstrate, I've configured two routers connected with a low speed serial link clocked at 128k. Without the rate limit configured, you can ping between them with no problems:

Cisco Certified Technician (CCT)

The newest addition to Cisco's line of certifications is the CCT, or Cisco Certified Technician. Released in August of this year, the CCT certification has three different areas of focus:

Each certification focuses on the on-site maintenance and support of Cisco equipment in each specific area.

You might be wondering what is the difference between the CCT and the CCENT? Cisco explains that and several more questions in their FAQ, but for those not interested in reading through all of that, here's the basics...

Mobile CCIE Labs

If you are planning on going for the CCIE R&S or Security and you live in a country where the lab is not administered, it can be a challenge to get to the testing center, let alone pass the exam! Cisco has had a program in place to combat this very issue for quite some time called the Mobile CCIE Lab. The program allows you to register to take the lab exam in your city or one closer to you than in a foreign country. The benefits here, of course, are potential savings in travel expenses and missing less work ( even though you might not be missing it).

For a complete schedule of where and when the lab will be available, or if you are interested in learning more about this program, check out the official Mobile CCIE Lab page at Cisco's website.

https://learningnetwork.cisco.com/docs/DOC-3224

How to configure an IPv4 GRE tunnel to carry IPv6 traffic

Continuing the review of the TSHOOT Topology, on the IPv6 network map there is a GRE tunnel that is configured between Router 3 and Router 4. This tunnel is in place to allow IPv6 traffic to traverse the 10.1.1.8/30 IPv4 network. So, while reviewing the IPv6 tshoot topology, I decided to try out the tunnel configuration.

There are several ways to configure tunnels to allow IPv6 traffic to traverse IPv4 networks (and vice versa). This post will be focusing on a GRE tunnel configuration. If you want to review the other ways to create tunnels, i.e.  Automatic IPv4-Compatible IPv6 Tunnels, IPv6 Rapid Deployment Tunnels, and Automatic 6to4 Tunnels, I've included a link below to a great resource on Cisco's website that shows some great examples of other tunnels.

I threw together the following network diagram to provide a visual of what we are configuring: 

IPv6_GRE_Tunnel2

Cisco SG100-16 Unmanaged Switch

Need more Gigabit Ethernet? Don't need it to be a managed switch? This 16 port 10/100/1000 Cisco switch might be a quick and easy solution for you.


B003AVN1PM_3

The Cisco SR2016T 16-Port Rackmount 10/100/1000 Gigabit Switch (A.K.A. SG100-16) is currently listing for below $200 USD and has several appealing features:

How to configure a Cisco router to be a frame relay switch

If you are studying for the TSHOOT exam, it is a good idea to familiarize yourself with the topology. I've been working on creating a lab that mocks the TSHOOT topology, and it has forced me to recall how to setup a Cisco router to act like a Frame Relay switch. 

Here is the topology that I've built. As you can see, it closely resembles the topology that Cisco has provided on their site. Since their doc doesn't provide specific DLCIs, I've used the most logical numbers I could think of.

tshoot-wan

The first step in configuring a Cisco router to act like a frame relay switch is to enable frame relay switching:

End of Life Announced for Cisco 7200 NPE-G1

Cisco this week has announced the end of sale and end of life dates for the 7200 Series NPE-G1 Network Processing Engine. This is an older routing engine that is definitely showing its age compared to newer platforms that are available.

The last day to buy the NPE-G1 is February 27, 2012. Last day for hardware support is February 28, 2017. The recommended upgrade path is the ASR1000 series.

Full details are available in the official announcement.

Free Cisco Press Chapter - Configuring Policies, Inheritance, and Attributes

Studying for your CCNP Security? If you are, or if you simply want to learn more about VPNs, take a look at this free chapter from Cisco Press on Configuring Policies, Inheritance, and Attributes.

This is straight out of the CCNP Security VPN 642-647 Official Cert Guide. According to Cisco Press, the chapter covers the following topics:

  • Policies and Their Relationships
  • Understanding Connection Profiles
  • Understanding Group Policies
  • Configure User Attributes
  • Using External Servers for AAA and Policy Assignment

Give it a read if you got your certification cross-hairs fixed on the CCNP Security.

Cisco Power Calculator

If you are ever designing a network or deploying a new switch that will be providing Power over Ethernet, be sure to check your power draw with the Cisco Power Calculator (CCO login required):

http://tools.cisco.com/cpc/LU.cpc

You start by selecting the type of switch you are deploying. Then you can choose how many of each type of device you will be plugging into your switch and it will tell you how much power will be required.  Here is a sample of some of the devices they let you choose from:

  • 7961G-GE - 0.3071 amps (12.9W)
  • AP-1200 with a+g radios (12.4W)
  • CP-7971G (14.9W)

Also, if you are deploying non-Cisco phones or APs, there are several IEEE compatible devices listed toward the bottom of the list:

CCNA Official Cert Library, 3rd Edition

The latest and greatest CCNA Certification Library is available for pre-order. The seasoned author, Wendell Odom, has updated the material from previous releases with new content and exercises.

In addition to the books to prep for ICND1 and ICND2, the library includes a test prep engine, a network simulator, and videos. With 1500 pages included, this package is a great resource for anyone starting out on their CCNA journey.

The library package is scheduled to be available October 14, but you can pre-order today.

Syndicate content


by Dr. Radut