Category: Uncategorized

Normally on a Cisco router, you can export by using ip route-cache flow commands on each interface you want to monitor and ip flow-export to your collector. No problem… On a Cisco 4500 series L3 switch netflow doesnt work on each interface so you enable the command globally. It still won’t work unless you have met the following conditions:

Supervisor IV or a Supervisor Engine V

NetFlow Services daughter card(WS-F4531)

IOS version 12.1(19)EW or above to support NDE

Here are the commands:

switch>(enable)ip flow-export destination 192.168.9.101 9996
switch>(enable)ip flow-export version 7
switch>(enable)ip flow-export source FastEthernet 0/1
switch>(enable)ip flow-cache timeout active 1
switch>(enable)ip route-cache flow infer-fields

Over the years, I have worked with both Cisco and non-Cisco switches (such as HP, Netgear, Foundry, etc). There is the Cisco way and then there is the non-Cisco way. Both comply with the 802.1q VLAN standard. Lets just forget about the Cisco ISL standard, thats another topic!

So for those who are new, let me try to explain.

In the Cisco method, you basically put ports in “access mode” or “trunk mode”. Trunks are not to be confused with non-Cisco port aggregation trunks (i.e. LACP). Cisco “trunks” are actually ports that have a VLAN “tag” within the ethernet frame that designates the VLAN the packet belongs to. Cisco “access” ports are the ports that isolate specific VLAN packets configured for that port. The “tag” is stripped off and delivered to the port.

In the non-Cisco method, ports are either “tagged” or “untagged”. Tagged ports are ports that contain packets with vlan “tags”, same as the Cisco “trunk” port. Non-Cisco “untagged” ports are ports that vlan tags are stripped off, same as the Cisco “access mode” ports”.

What makes it tricky, is that in the non-Cisco environment, you need to tag & untag ports WITHIN the vlan. In the Cisco method, you set trunk & access vlans WITHIN the ports.
For example, suppose you want to setup port 1 as a trunk port (tagged port), and port 3,4 and 5 as access ports on vlan 100 (tagged ports).

Cisco method:

create the vlan and then assign the vlans –> to the ports

conf t
int fas0/1
switchport mode trunk
int fas0/3
switchport mode access
switchport access vlan 100

int fas0/4
switchport mode access
switchport access vlan 100
int fas0/5
switchport mode access
switchport access vlan 100

Non-Cisco method:

you tag and untag the ports –> to the vlans

conf t
vlan 100
tagged eth 1
untagged eth 3 eth 4 eth 5

Both accomplish the same goal, both are 802.1q, totally different methods! It seems as though Cisco made it more difficult, but for some reason, I get more confused with the vlan tagging and untagging. You start mixing in multiple vlans and things seem easier to follow on the Cisco method. Also keep in mind, it is perfectly fine to mix Cisco and non-Cisco switches and be able to communicate with 802.1q vlans back and forth even though the commands seem completely different. The standard is still 802.1q. Obviously it would be preferred that you keep all the switches the same within your network, but sometimes you have no control. If you have both kinds of switches (Cisco and non-Cisco), I hope that this has helped you understand.

Cisco this week said it successfully tested a router and its IOS software while it was in orbit in space. Cisco said the test is the first deployment of an IP router aboard a commercial GEO satellite, which was launched Nov. 23, 2009.

The router-in-space project is part of Cisco’s Internet Routing in Space (IRIS) initiative. IRIS is a program to build a radiation-tolerant router for satellite and spacecraft.

IRIS is designed to support voice, video and data network services for government agencies, military units and allies. Cisco says it is more adaptable than traditional satellite technology because it does not rely on a fixed, predefined infrastructure.

The IRIS program is a Department of Defense Joint Capability Technology Demonstration (JCTD) managed by Cisco and Intelsat. The IRIS payload will convert to commercial use following the three-month JCTD, which ends in April.

The Defense Information Systems Agency will coordinate the demonstration of IRIS for government users and develop the means for utilizing the technology.

Form:Network World

The following changes and enhancements exist in MARS, Release 6.0.6:

•SNMP v. 3.0 Support—Leveraging a secure communication protocol between MARS and Cisco security enforcement devices, customers can be assured that they are securely mitigating attacks and configuring and managing devices. SNMPv3 support enables the following features:

–Per-device SNMPv3 credentials are used for manual discovery and layer 2 mitigation.

–Support for SNMPv3 credentials for an entire network or range of IP addresses. The MARS autodiscovery feature clones the credentials for an autodiscovered device on that network.

–Monitor the health of supported devices via SNMPv3 via the resource utilization charts that you can add to the Summary > My Reports subtab.

See the Release notes for a matrix of SNMP3 support for different Cisco Devices.

Internet Explorer 8 Support—MARS supports Microsoft Internet Explorer 8 without requiring compatibility mode. Due to the nature of security revisions in Internet Explorer, you may find that you must authenticate more frequently to the MARS appliance.

•Improved Device Support—MARS now includes backward compatible support for ASA 8.0.5 and IOS 15.0(1)M. Backward compatible support means that any events that MARS parsed for ASA 8.0.4 or IOS 12.4 (11) T2 have been verified to parse in the corresponding newer release.

There have also been vendor signature updates for some Cisco and some non Cisco devices.