Category: cisco equipment

Cisco NAC-enabled routers

The recently released Cisco router NAT module enforces NAC at the remote branch locations or ancillary buildings of a campus. Apart from that, the NAC router module also improves the overall security of the network by making sure that all incoming users and devices comply with security policies.

Additionally, the Cisco NAC router module (part # NME-NAC-K9) brings the capabilities of Cisco NAC Appliance Server to Cisco 2800 and 3800 Series Integrated Services Routers. This module helps network administrators by not having to deploy NAC appliances across the board and it helps to consolidate the administrative tasks into fewer boxes.

Amazingly, this module is actually a 1 GHz Intel Celeron PC, with 512 MB RAM, 64 MB of Compact Flash, and an 80 GB SATA hard drive. All that fits onto a single 1 pound module that slides into a router and enforces your security policies. This module requires a 2800 or 3800 series router running IOS 12.4(11)T or later.

Juniper aims higher than Cisco

Juniper set ambitious growth targets at its analyst day this week – targets that surpass Cisco’s 12% to 17% annual growth objectives and undoubtedly rely on stealing market share from its rival. Juniper forecasts revenue growing at about a 20% compounded annual rate over the next 3-5 years, surpassing the 18% CAGR it’s experienced over the past 8 years.

Of that, Juniper expects service provider to grow at a compounded annual rate of 18% to 20% and enterprise 25% to 30% over that period. Investment firm UBS believes enterprise may be the most achievable given Juniper’s low market share, though UBS believes the overall targets to be “a bit high.”

Oppenheimer & Co. also views enterprise as having the most upside for Juniper:

We expect Juniper to deliver on these targets through enterprise traction and share gains. This implies a bigger revenue mix shift to enterprise (~40% vs. ~34% in 2009).

Juniper also addressed concerns about its mobility and data center strategies, and the convergence of IP and optical networking. In mobility, revenues from its Project Falcon 3G/4G enhanced packet core initiative are expected in 2011, with trials staring in the fourth quarter of this year. Likewise, revenue from the Project Stratus data center and cloud computing switching program are also expected in 2011 though UBS expects initial hardware implementations to emerge later this quarter.

Cisco 4500 series and netflow

Normally on a Cisco router, you can export by using ip route-cache flow commands on each interface you want to monitor and ip flow-export to your collector. No problem… On a Cisco 4500 series L3 switch netflow doesnt work on each interface so you enable the command globally. It still won’t work unless you have met the following conditions:

Supervisor IV or a Supervisor Engine V

NetFlow Services daughter card(WS-F4531)

IOS version 12.1(19)EW or above to support NDE

Here are the commands:

switch>(enable)ip flow-export destination 192.168.9.101 9996
switch>(enable)ip flow-export version 7
switch>(enable)ip flow-export source FastEthernet 0/1
switch>(enable)ip flow-cache timeout active 1
switch>(enable)ip route-cache flow infer-fields

VLAN Trunking and VLAN Tagging, what’s the difference?

Over the years, I have worked with both Cisco and non-Cisco switches (such as HP, Netgear, Foundry, etc). There is the Cisco way and then there is the non-Cisco way. Both comply with the 802.1q VLAN standard. Lets just forget about the Cisco ISL standard, thats another topic!

So for those who are new, let me try to explain.

In the Cisco method, you basically put ports in “access mode” or “trunk mode”. Trunks are not to be confused with non-Cisco port aggregation trunks (i.e. LACP). Cisco “trunks” are actually ports that have a VLAN “tag” within the ethernet frame that designates the VLAN the packet belongs to. Cisco “access” ports are the ports that isolate specific VLAN packets configured for that port. The “tag” is stripped off and delivered to the port.

In the non-Cisco method, ports are either “tagged” or “untagged”. Tagged ports are ports that contain packets with vlan “tags”, same as the Cisco “trunk” port. Non-Cisco “untagged” ports are ports that vlan tags are stripped off, same as the Cisco “access mode” ports”.

What makes it tricky, is that in the non-Cisco environment, you need to tag & untag ports WITHIN the vlan. In the Cisco method, you set trunk & access vlans WITHIN the ports.
For example, suppose you want to setup port 1 as a trunk port (tagged port), and port 3,4 and 5 as access ports on vlan 100 (tagged ports).

Cisco method:

create the vlan and then assign the vlans –> to the ports

conf t
int fas0/1
switchport mode trunk
int fas0/3
switchport mode access
switchport access vlan 100

int fas0/4
switchport mode access
switchport access vlan 100
int fas0/5
switchport mode access
switchport access vlan 100

Non-Cisco method:

you tag and untag the ports –> to the vlans

conf t
vlan 100
tagged eth 1
untagged eth 3 eth 4 eth 5

Both accomplish the same goal, both are 802.1q, totally different methods! It seems as though Cisco made it more difficult, but for some reason, I get more confused with the vlan tagging and untagging. You start mixing in multiple vlans and things seem easier to follow on the Cisco method. Also keep in mind, it is perfectly fine to mix Cisco and non-Cisco switches and be able to communicate with 802.1q vlans back and forth even though the commands seem completely different. The standard is still 802.1q. Obviously it would be preferred that you keep all the switches the same within your network, but sometimes you have no control. If you have both kinds of switches (Cisco and non-Cisco), I hope that this has helped you understand.

Cisco successfully tests its router in space

Cisco this week said it successfully tested a router and its IOS software while it was in orbit in space. Cisco said the test is the first deployment of an IP router aboard a commercial GEO satellite, which was launched Nov. 23, 2009.

The router-in-space project is part of Cisco’s Internet Routing in Space (IRIS) initiative. IRIS is a program to build a radiation-tolerant router for satellite and spacecraft.

IRIS is designed to support voice, video and data network services for government agencies, military units and allies. Cisco says it is more adaptable than traditional satellite technology because it does not rely on a fixed, predefined infrastructure.

The IRIS program is a Department of Defense Joint Capability Technology Demonstration (JCTD) managed by Cisco and Intelsat. The IRIS payload will convert to commercial use following the three-month JCTD, which ends in April.

The Defense Information Systems Agency will coordinate the demonstration of IRIS for government users and develop the means for utilizing the technology.

Form:Network World