Posts Tagged ‘Cisco’

Using IP SLA with Route-maps

Sunday, July 19th, 2009

I recently came across a problem that is not an uncommon problem that small businesses face. I came up with several solutions to their problems and I thought I would take a minute to discuss one of those solutions. This customer has a business requirement to use a proxy server for all outgoing web traffic. This on the face of it seems like a simple problem, there are many good proxy vendors out their such as my favorite vendor Blue Coat. There are many free alternatives such as Squid Caching Proxy server.

Introduction to Filter list for JUNOS

Sunday, June 14th, 2009

Junipers JUNOS is a very robust operating system, not only is the OS very advanced but the ASIC heavy design of Juniper hardware is akin to calorie free chocolate bars! Juniper Filter Lists which are non-stateful packet filters similar to Cisco Access-Lists are compiled and processed using hardware, what this means is that you can have as many Filter-Lists as you want and as long as you want without degrading performance.

Juniper is also big on naming things, in JUNOS everything has a name, the Filter Lists have names, the terms in the Filter Lists have names, and even the address’s you are matching on have names. This is a big concept in JUNOS because it allows you to write snippets of Filter-Lists and use them for many different Filter Lists. JUNOS also supports grouping Filter Lists and applying an entire group of filter to an interface. If you apply Filter groups to a JUNOS interface they individual Filter Lists are evaluated in order sequentially.

Rotary Pools for Semi-Static NAT / Port range Forwarding

Monday, December 22nd, 2008


Cisco routers have a very robust network address translation feature set. The NAT software allows you to control translation with access-list, route-maps, and destination pools. With the wide array of commands, it is sometimes difficult for beginners and experts to figure out how to combine these elements to solve a problem.









Introduction to access-lists part 2

Thursday, October 16th, 2008

In the second installment of our guide to access-lists we are going to talk a little about named access-lists, how they work, what the benefits are, and how using them allows us to create reflexive access-lists. Named access-lists are exactly what they sound like, they are an extended access-list that has a name instead of a number. One of the nice features of named access-lists is that each line of the access-list has a number. this way you can delete just one line in an access-list without removing the whole access-list. You can create a named access list by using the following command.


Introduction to access-lists part 1

Wednesday, October 15th, 2008

Today I would like to take some time and talk about security. I want to discuss access-lists, extended access-lists, reflexive access-lists, and CBAC or content based access control. Learning how to properly use access-lists is so crucial to becoming a good network administrator. They are vital to securing your network and as you progress with your studies you will find that access-lists are used quite extensively in routing, QoS, and other important things.


Replace a running config without reloading!

Saturday, October 4th, 2008

The new Cisco IOS 12.4 train has many new features that any engineer will find useful; one of the features that fix a pain point for me is the new config options available in 12.4. Have you ever been in a situation where an entered configuration does not work as expected? Now usually you have to back out the configuration one command at a time and hope for the best. Sometimes you may even reach a point where you can not completely remove a configuration without reloading the device, this is the case sometimes when trying to remove sub interfaces. Now if this is a datacenter or work environment then you may not be able to reload the router.

Encrypting GRE tunnels!

Monday, September 8th, 2008

In our Last article we looked at creating GRE tunnels between networks to allow non-routable traffic to pass between remote offices.  GRE tunnels are a great solution however the traffic passing inside these tunnels is not encrypted and thus could be intercepted by unauthorized parties. In this article we are going to look at tunneling GRE inside of IPSEC. This will allow us to get the benefits of GRE and the security of IPSEC.



Create a GRE tunnel between endpoints!

Monday, September 8th, 2008

Many time it is necessary to link a remote office to your main site and today we have many technologies to accomplish this task. We have IPSEC tunnels, IP-IN-IP tunnels, and GRE or Generic Routing Encapsulation Tunnels.

Each type of connectivity offers advantages and disadvantages. Some of these tunnels can even be overlaid on top of one another. For instance IPSEC can be used in a transport mode, which allows you to use the encryption with other tunnels or protocols. For this article we are going to discuss GRE tunnels. GRE is unique as tunneling technologies go in that is started out as a proprietary protocol developed by Cisco and later adopted as a standard. GRE was invented as a way of encapsulating non routable protocols in IP which is a routable protocol. In this way protocols such as multicast (this include OSPF, EIGRP), and other protocols like IPX could be tunneled across routable links.


Cisco 3750 Switches now include a time domain reflectometer!

Monday, September 8th, 2008

How many time have you wanted to know how long a cable run was? Now if you are running cisco 3750 switches you can find out by issuing the following commands you can see how long that cable run really is.

Switch# test cable-diagnostics tdr interface gigabitethernet0/2
TDR test started on interface Gi0/2

A TDR test can take a few seconds to run on an interface. Use "show cable-diagnostics tdr" to read the TDR results.

Switch#show cable-diagnostics tdr interface gigabitEthernet 0/2
TDR test last run on: Dec 10 09:05:10

         Interface Speed Local pair Pair length Remote pair Pair status 
         --------- ------ ---------- ------------ ------------ ---------- 
         Gi0/2 auto Pair A   22 +/- 4 m N/A Open 
           Pair B    21 +/- 4 m N/A Open 
           Pair C    5 +/- 4 m N/A Open 
           Pair D    20 +/- 4 m N/A Open 

An overview of CISCO IOS Security features as related to packet filtering.

Tuesday, January 29th, 2008

 The Cisco IOS has many powerful security features that enable network engineers to protect their internal network. The Cisco IOS is capable of intrusion detection, deep packet inspection, and stateful firewall features. Setting up IPS allows the admin to push intrusion detection to the network edge. The Cisco IPS feature set can scan for spyware, viruses, worms, Trojans, and network intrusions by receiving updated signature files from Cisco. If a packet or series of packets matches a particular signature the router can, send an alert, drop the packet, or reset the connection of the offending user. In this way the network engineer can better protect the network by acting on suspicious packets before they can pose a risk to the network infrastructure, another advantage of pushing IPS duties to the network edge is it allows offending packets to be dropped before they take up finite network resources.  In large networks as much as 10 percent of network resources could be consumed by packets that ultimately will be dropped for security reasons deeper in the network. (more…)

Support Our site