Search this Blog

Monday, May 30, 2011

Is it Possible to Stack a 3750G and 3750X?


We have a 3750G and bought a new 3750X. It possible to stack these two together?

We tried downloading the same IOS and booting to in on the new 3750X (after archiving the universal ios that came on the 3750X) but then we kept getting a licensing warning. Why is that?

To stack a 3750 (plain) with another, say 3750X, you need to have the same IOS version PLUS the same FEATURE set.

If your 3750 is running IP Base feature set then your 3750X should be running IP Base feature set too.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, May 26, 2011

Cisco pagent callgen ios


What is pagent ios and how is different than the ios? Also what platforms are compatible with these ios?

Pagent IOS is an image mostly used as a test tool to generate/simulate traffic.2600, 3600, 2800, 2900 and 3900 series platforms support it. Be aware that IOS Pagent is not freely available for download. You have to talk to your local Cisco SE and they might provided it to you. It is not available to everyone.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Tuesday, May 24, 2011

Can you include the boot sequence for SUP7-E upgrading ROMMON


We have a SUP7-E(nonredundant) running with Cisco IOS XE Version 03.2.0SG.
In order to Upgrade from ROMMON Version 15.0(1r)SG1 to 15.0(1r)SG2 we
have to boot the Upgradei mage according to the Release Notes from ROM Monitor,i.e.
rommon 2 >boot bootflash:cat4500-e-ios-promupgrade-150-1r-SG2

Is it possible to include the boot sequence for the ROMMON Upgrade into the startup-config
i.e.
boot-start-marker
boot system bootflash:cat4500-e-ios-promupgrade-150-1r-SG2
boot system bootflash:cat4500e-universalk9.SPA.03.02.00.SG.150-2.SG.bin
boot-end-marker
then reload the switch without forcing into ROM Monitor ?
this was possible with the former Supervisories including the SUP6-E.

According to the ROMMON Notes for Supervisor Engine 7-E documentation on the following link, loading the rommon upgrade image automatically could be possible, however the switch might end up in a boot loop after finishing the upgrade as it will continuously try to load the rommon upgrade image during the autoboot process.
Please click here for Cisco documentation on ROMMON notes for Supervisor engine 7-E.

Also most likely because the switch tries to boot up the rommon upgrade image another 2 or 3 times after the successful upgrade and because it fails to boot up from that image, it falls back to another one in your boot list, then it boots up with the correct image.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Saturday, May 14, 2011

CISCO887VA-SEC-K9 IOS Questions


What are the IOS options for the 887VA router? Does it only support the universal image? Does the CISCO887VA-SEC-K9 support BGP?

Basically, I need to find an 887VA that supports BGP but i can't find a clear answer anywhere. If someone could point me to the right link i'd be grateful. Software Advisor tool lists every 800 series router but not the 887.

All of the Cisco 880 models use a universal image. The features which are available at that time will depend on the license installed. For this router there are two basic options which are listed here.

The Advanced Security feature set is the default and should be enabled already. To use BGP a license for Advanced IP Services is needed.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, May 11, 2011

WS-SVC-AGM-1-K9 What is the product Migration Option?


Looking at the best option to detect attempts at cracking our SIP servers. We see connections from scanners on the internet trying to brute force SIP passwords reasonably often, and would like to be alerted to them happening. Essentially we see hundreds of SIP registration attempts or Invites from the same IP, and this is how we know it is dodgy. If the Anomaly Detector can alert us to this type of traffic, it will be much easier to stop them quickly.

Here is the release notes on the product migration options

Cisco will partner with Arbor Networks to continue to provide a comprehensive anti-DDoS solution. The key components of this integrated solution include the Cisco NetFlow technology on Cisco network routing and switching platforms, the Arbor Peakflow SP and Threat Management System (TMS). Customers can migrate to this new architecture for future developments in anti-DDoS protection. Please click here for information on Arbor Peakflow SP products.

Customers can use the Cisco Technology Migration Program (TMP) to trade-in products and receive credit toward the purchase of new Cisco equipment. For more information about Cisco TMP, customers should work with their Cisco Partner or Cisco account team.

Customers may be able to continue to purchase the Cisco Catalyst 6500/Cisco 7600 Series Router Anomaly Guard Module and Anomaly Detector Module through the Cisco Certified Refurbished Equipment program. Refurbished units may be available in limited supply for sale in certain countries on a first-come, first-served basis until the Last Date of Support has been reached. Please click here for information about the Cisco Certified Refurbished Equipment program.

Service prices for Cisco products are subject to change after the product End of Sale date.
The Cisco Takeback and Recycle program helps businesses dispose properly of surplus products that have reached their end of useful life. The program is open to all business users of Cisco equipment and its associated brands and subsidiaries. Please click here for more information.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, May 9, 2011

Connecting modem-2950-2 gateway/firewall appliances



Here's what I would like the setup to look like. The Dashed lines are not to be touched and are on a seperate VLAN (say VLAN 100). Policies are set on the fortigate to prevent the DMZ side of things from communicating with the internal side of things, other than the internal DNS/AD (one in the same) servers. Now if I was to configure the 4 ports on the right of the DMZ to VLAN 200 and set them to just regular switchport's, would this setup be sufficient for sharing the ISP between the two Gateways? My guess is no, since there has got to be some kind of routing between the 2 appliances...but I was lead to believe this was setup and functional previously in this way.
What you are trying to achieve is getting one single Internet link connected to both of your firewall appliances using a Switch to split the connection. That is possible, just remember to either use a separated VLAN and if possible use other switch than the one you are already using for other functions, so that you are not creating a single point of failure for two segments of your network. As of the Firewalls, I'm not familiar with the Fortigates on this matter, but with Cisco ASA Appliances you can use one single IP if they are in a failover cluster; optionally you can use two but that is to manage the standby one for IOS updates, etc...But I'll rather use the internal IP address instead of wasting one public IP address only for management purposes. Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, May 5, 2011

Number of L2TP connection simultaneously on Router 1905?


We are initializing a project with VPN L2TP on Router Cisco 1905. We are purchasing the 1905 because cost efficient but we need provider up to 500 connection simultaneously L2TP and we can't find if 1905 provider up to 500 connection simultaneously....anybody has this information ??

I does not. The tunnels use memory so memory will be an issue. I also think on the 1905 it is license based.

Please click here for more details on the memory management.

Table 7 is the interesting one that states maximum tunnels are 225.

To be sure though you should contact Cisco or your Cisco provider.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, May 2, 2011

Netflow - Configuration query 4503 SUP


We have installed the Netflow services card in our 4503 SUP IV (Version 12.2(25)EWA10).

The commands we have used are as follows.

ip flow-cache timeout active 1
ip flow-export version 5
ip flow-export destination 10.10.0.1 9000
ip flow-export destination 10.10.0.2 9000
ip route-cache flow

When we try enabling ip flow ingress to an interface the option is not available just the ones below.

NZAKLNET(config-if)#ip ?
Interface IP configuration subcommands:
access-group Specify access control for packets
arp Configure ARP features
dhcp DHCP
igmp IGMP interface commands
verify verify

***********************************************************

It appears to be exporting data - we have not looked at the collectors configuration as yet.

NZAKLNET#sh ip flow export
Flow export v5 is enabled for main cache
Exporting flows to 10.10.0.1 (9000) 10.10.0.2 (9000)
Exporting using source IP address 10.10.0.3
Version 5 flow records
26474 flows exported in 883 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process leve

**********************************************************

Do we not need to configure individual interfaces with the ip flow ingress command, it will in fact cover all interfaces by default?

For your IOS version, the netflow config enables collection on all interfaces by default.

Please click here for an overview.

Please click here for a sample configuration.

A network flow is defined as a unidirectional stream of packets between a given source and destination —both defined by a network-layer IP address and transport-layer port number. Specifically, a flow is identified as the combination of the following fields: source IP address, destination IP address, source port number, destination port number, protocol type, type of service, and input interface.

NetFlow Statistics is a global traffic monitoring feature that allows flow-level monitoring of all IPv4-routed traffic through the switch using NetFlow Data Export (NDE). Collected statistics can be exported to an external device (NetFlow Collector/Analyzer) for further processing. Network planners can selectively enable NetFlow Statistics (and NDE) on a per-device basis to gain traffic performance, control, or accounting benefits in specific network locations.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.
 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */