Skip to Content


Cisco Systems is a major network technologies company. This tag identifies general information related to the company.

CCDE Certification Exams Revised to Version 2.0

If you are studying for the CCDE, that's the design expert certification, then you most likely are aware that you have about a week left before the first version of the written and practical exams are retired. Version 2 of the CCDE written and practical exams will be the only available version beginning October 22, 2011.

If you are interested in more information regarding this announce, here's the official announcement.

For more information about the CCDE certification, here are some helpful links:

CCDE Certification Page

CCDE Data Sheet (PDF)

Let the IPv6 Vulnerabilities Begin

Cisco last week released a slew of security advisories. One that specifically caught my eye is a Denial of Service vulnerability due to "improper processing of malformed IP version 6 (IPv6) packets by Cisco IOS Software."

I've been wondering how long it would take for the exploits to start to trickle in with IPv6. One can only imagine how many vulnerabilities Windows will have with IPv6 enabled by default. Expect to see more of these in the future as IPv6 becomes more prevalent.

The alert details are available here.

The vulnerability details are available here.

How to configure Rate Limit to stop bandwidth hogs

Have you ever had a low speed serial link get overrun by a single user hogging all the bandwidth? Well, there is a quick and easy way to prevent any type of traffic from using up an entire link - rate-limit.

To implement this feature, you simply type in rate-limit under an interface and specify a few parameters such as the allowable bits per second and the burst rate. However, if you do that it will rate-limit all traffic traversing the link which honestly the link will do on its own when traffic exceeds the available bandwidth. A more useful configuration is to include the access-group keyword in the command and point it to an access list that defines the traffic you want to rate-limit.

To demonstrate, I've configured two routers connected with a low speed serial link clocked at 128k. Without the rate limit configured, you can ping between them with no problems:

Cisco Certified Technician (CCT)

The newest addition to Cisco's line of certifications is the CCT, or Cisco Certified Technician. Released in August of this year, the CCT certification has three different areas of focus:

Each certification focuses on the on-site maintenance and support of Cisco equipment in each specific area.

You might be wondering what is the difference between the CCT and the CCENT? Cisco explains that and several more questions in their FAQ, but for those not interested in reading through all of that, here's the basics...

Mobile CCIE Labs

If you are planning on going for the CCIE R&S or Security and you live in a country where the lab is not administered, it can be a challenge to get to the testing center, let alone pass the exam! Cisco has had a program in place to combat this very issue for quite some time called the Mobile CCIE Lab. The program allows you to register to take the lab exam in your city or one closer to you than in a foreign country. The benefits here, of course, are potential savings in travel expenses and missing less work ( even though you might not be missing it).

For a complete schedule of where and when the lab will be available, or if you are interested in learning more about this program, check out the official Mobile CCIE Lab page at Cisco's website.

How to configure an IPv4 GRE tunnel to carry IPv6 traffic

Continuing the review of the TSHOOT Topology, on the IPv6 network map there is a GRE tunnel that is configured between Router 3 and Router 4. This tunnel is in place to allow IPv6 traffic to traverse the IPv4 network. So, while reviewing the IPv6 tshoot topology, I decided to try out the tunnel configuration.

There are several ways to configure tunnels to allow IPv6 traffic to traverse IPv4 networks (and vice versa). This post will be focusing on a GRE tunnel configuration. If you want to review the other ways to create tunnels, i.e.  Automatic IPv4-Compatible IPv6 Tunnels, IPv6 Rapid Deployment Tunnels, and Automatic 6to4 Tunnels, I've included a link below to a great resource on Cisco's website that shows some great examples of other tunnels.

I threw together the following network diagram to provide a visual of what we are configuring: 


Cisco SG100-16 Unmanaged Switch

Need more Gigabit Ethernet? Don't need it to be a managed switch? This 16 port 10/100/1000 Cisco switch might be a quick and easy solution for you.


The Cisco SR2016T 16-Port Rackmount 10/100/1000 Gigabit Switch (A.K.A. SG100-16) is currently listing for below $200 USD and has several appealing features:

How to configure a Cisco router to be a frame relay switch

If you are studying for the TSHOOT exam, it is a good idea to familiarize yourself with the topology. I've been working on creating a lab that mocks the TSHOOT topology, and it has forced me to recall how to setup a Cisco router to act like a Frame Relay switch. 

Here is the topology that I've built. As you can see, it closely resembles the topology that Cisco has provided on their site. Since their doc doesn't provide specific DLCIs, I've used the most logical numbers I could think of.


The first step in configuring a Cisco router to act like a frame relay switch is to enable frame relay switching:

End of Life Announced for Cisco 7200 NPE-G1

Cisco this week has announced the end of sale and end of life dates for the 7200 Series NPE-G1 Network Processing Engine. This is an older routing engine that is definitely showing its age compared to newer platforms that are available.

The last day to buy the NPE-G1 is February 27, 2012. Last day for hardware support is February 28, 2017. The recommended upgrade path is the ASR1000 series.

Full details are available in the official announcement.

Free Cisco Press Chapter - Configuring Policies, Inheritance, and Attributes

Studying for your CCNP Security? If you are, or if you simply want to learn more about VPNs, take a look at this free chapter from Cisco Press on Configuring Policies, Inheritance, and Attributes.

This is straight out of the CCNP Security VPN 642-647 Official Cert Guide. According to Cisco Press, the chapter covers the following topics:

  • Policies and Their Relationships
  • Understanding Connection Profiles
  • Understanding Group Policies
  • Configure User Attributes
  • Using External Servers for AAA and Policy Assignment

Give it a read if you got your certification cross-hairs fixed on the CCNP Security.

Cisco Power Calculator

If you are ever designing a network or deploying a new switch that will be providing Power over Ethernet, be sure to check your power draw with the Cisco Power Calculator (CCO login required):

You start by selecting the type of switch you are deploying. Then you can choose how many of each type of device you will be plugging into your switch and it will tell you how much power will be required.  Here is a sample of some of the devices they let you choose from:

  • 7961G-GE - 0.3071 amps (12.9W)
  • AP-1200 with a+g radios (12.4W)
  • CP-7971G (14.9W)

Also, if you are deploying non-Cisco phones or APs, there are several IEEE compatible devices listed toward the bottom of the list:

CCNA Official Cert Library, 3rd Edition

The latest and greatest CCNA Certification Library is available for pre-order. The seasoned author, Wendell Odom, has updated the material from previous releases with new content and exercises.

In addition to the books to prep for ICND1 and ICND2, the library includes a test prep engine, a network simulator, and videos. With 1500 pages included, this package is a great resource for anyone starting out on their CCNA journey.

The library package is scheduled to be available October 14, but you can pre-order today.

Implementing Netflow - ip route-cache flow vs ip flow ingres

If you have ever implemented NetFlow, you may have noticed there are different commands available under interface configuration mode to enable collection. If you aren't sure what the different is between ip route-cache flow and ip flow ingress, here's the simple explanation:

To enable flow collection on a whole interface (including sub-interfaces), use:

ip route-cache flow

To enable flow collection only on a specific sub-interface, use:

ip flow ingress

Free Cisco Press Chapter - Designing Voicemail Systems with Cisco Unity Connection

Cisco Press has been nice enough to offer us all a free chapter from the book Cisco Unity Connection.

The chapter covers the following topics:

  • Design Considerations: Understand the capability of Cisco Unity Connection as it pertains to current users, network design, codecs, voicemail ports, and projected growth.
  • Active-Active Cluster Pair: Explore the high availability and redundancy feature of Cisco Unity Connection using the active-active cluster pair configuration.
  • Voice-Messaging Design: Design the voice-messaging system using Cisco Unity Connection platform overlays by determining the proper server sizing, equipment, codec, feature, and capabilities.
  • Voice-Messaging Networking: Understand the various networking options available in Cisco Unity Connection version 8.x software.

CEF Troubleshooting Commands

Whenever you are faced with troubleshooting a routing problem and the routing table looks normal, don't forget to check CEF. Cisco Express Forwarding (CEF) has been enabled by default for quite some time on most Cisco routers and has been known to cause issues from time to time.

I've created a list of a few of the most common (and a few not so common) CEF show commands that can help you track down a problem. Let's start with the basics - the FIB and the Adjacency table.

Forwarding Information Base (FIB) - This is a table that the router builds based on the routing table, but it's not the same thing as a routing table.  It contains the same forwarding decision information, but where the routing table would be like an encyclopedia of where to send packets, this is a cheat sheet.

Adjacency table - This is a table of all the layer 2, next hop information for the entries in the FIB.

Syndicate content

Dr. Radut