Cisco 7600, 7606, 7609 Router
Cisco 7600, Cisco 7600 router, Cisco 7606, Cisco 7609, Cisco 7600 configuration
2014年4月21日星期一
2013年3月18日星期一
How to Configure Cisco ASA Virtual Firewall?
Device
virtualization is one of the most popular topics in IT industry today and Cisco
has been supporting this concept in the majority of its network devices. Now we
will talk about Cisco ASA virtualization, which means multiple virtual
firewalls on the same physical ASA chassis. Virtual ASA is also known as
“Security Context”.
All Cisco
firewall models
(except ASA 5505) support multiple security contexts (i.e virtual
firewalls). By default, all models support 2 security contexts without a
license upgrade (except the Cisco ASA 5510 which requires the security plus license).
Each Context has
its own configuration file and security policy, i.e. one context is completely
isolated and does not depend on other contexts. The exception is the Admin
Context, from which the whole ASA appliance (physical ASA) is managed and also
is used to create the other Contexts. For enabling the creation of virtual
contexts on the ASA appliance, we must switch to Multiple Context mode. In this
mode some features are not available, like Dynamic Routing, IPSEC and SSL VPN,
Multicast and Threat Detection. Let’s make a little discussion when multiple
context mode is advisable and when it is not.
When would you
want to use multiple security contexts?
●If you want to
use the active/active failover feature. Keep in mind that with active/active
failover, you should not use more than half of the available bandwidth.
●If you are an ISP and need to offer a different security context for each customer.
● If you need to provide different security policies for various departments, users, or vendors and need to create a separate context for each one.
● If you’d like to reduce hardware requirements by combining the functionality of multiple firewalls into one.
●If you are an ISP and need to offer a different security context for each customer.
● If you need to provide different security policies for various departments, users, or vendors and need to create a separate context for each one.
● If you’d like to reduce hardware requirements by combining the functionality of multiple firewalls into one.
When should you
not use multiple security contexts?
● If you need
to provide VPN services such as remote access or site-to-site VPN tunnels.
● If you need to use dynamic routing protocols. With multiple context mode, you can use only static routes.
● If you need to use QoS.
● If you need to support multicast routing.
● If you need to provide Threat Detection.
● If you need to use dynamic routing protocols. With multiple context mode, you can use only static routes.
● If you need to use QoS.
● If you need to support multicast routing.
● If you need to provide Threat Detection.
Now let’s consider
an example of how Contexts are configured. In the scenario in our topology
below, we have one ASA appliance and let’s create two contexts for two
customers and one admin context for ASA appliance management.
Physical
Topology Diagram:
Logical
Topology Diagram:
Equipment Used
in this LAB
ASA 5520 – Cisco
Adaptive Security Appliance Software Version 8.0(3)
Catalyst 2960 – LAN Lite IOS.
Before starting
configuration let’s check if it works in Single context mode or multiple
context mode. As I’ve already stated, ASA appliance must be in multiple context
mode for creating Security contexts.
!Verify ASA
Operating mode.
asa # show mode
Security
context mode: single
! enable
multiple mode, for switching to this Mode, restart is required.
asa(config)#mode
multiple
Then the following
output is displayed. ASA Appliance converts the current running configuration
into two files: a new startup configuration that comprises the system
configuration, and “admin.cfg” that comprises the admin context (stored
in the root directory of the internal Flash memory). The original running
configuration is saved as “old_running.cfg” (in the root directory of
the internal Flash memory).
WARNING: This
command will change the behavior of the device
WARNING: This command will initiate a Reboot
Proceed with change mode? [confirm]
Convert the system configuration? [confirm]
!
The old running configuration file will be written to flash
WARNING: This command will initiate a Reboot
Proceed with change mode? [confirm]
Convert the system configuration? [confirm]
!
The old running configuration file will be written to flash
The admin
context configuration will be written to flash
The new running
configuration file was written to flash
Security context mode: multiple
Security context mode: multiple
***
*** — SHUTDOWN NOW —
***
*** Message to all terminals:
***
*** change mode
*** — SHUTDOWN NOW —
***
*** Message to all terminals:
***
*** change mode
Rebooting….
Booting system, please wait…
Booting system, please wait…
!after
rebooting verify ASA Operation mode
asa# show mode
Security context mode: multiple
Security context mode: multiple
After restarting
let’s start configuration of Contexts. First configure the admin context.
!Configure the
admin context
asa(config)# admin-context admin
asa(config)# context admin
asa(config-ctx)# allocate-interface Management0/0
asa(config-ctx)# config-url disk0:/admin.cfg
asa(config)# admin-context admin
asa(config)# context admin
asa(config-ctx)# allocate-interface Management0/0
asa(config-ctx)# config-url disk0:/admin.cfg
!configure the
Sub-interfaces for Customer1
interface GigabitEthernet0/1.11
vlan 11
interface GigabitEthernet0/0.21
vlan 21
interface GigabitEthernet0/1.11
vlan 11
interface GigabitEthernet0/0.21
vlan 21
!configure the
Sub-interfaces for Customer2
interface GigabitEthernet0/1.12
vlan 12
interface GigabitEthernet0/0.22
vlan 22
interface GigabitEthernet0/1.12
vlan 12
interface GigabitEthernet0/0.22
vlan 22
Now we start
creating contexts for Customer-1 and Customer-2 and allocate interfaces.
! Configure the
Customer1 context shown as C1 in diagram.
asa(config)# context c1
asa(config-ctx)# allocate-interface gigabitethernet0/0.21
asa(config-ctx)# allocate-interface gigabitethernet0/1.11
asa(config-ctx)# config-url disk0:/c1.cfg
asa(config)# context c1
asa(config-ctx)# allocate-interface gigabitethernet0/0.21
asa(config-ctx)# allocate-interface gigabitethernet0/1.11
asa(config-ctx)# config-url disk0:/c1.cfg
! Configure the
Customer2 context shown as C2 in diagram.
asa(config)# context c2
asa(config-ctx)# allocate-interface gigabitethernet0/0.22
asa(config-ctx)# allocate-interface gigabitethernet0/1.12
asa(config-ctx)# config-url disk0:/c2.cfg
asa(config)# context c2
asa(config-ctx)# allocate-interface gigabitethernet0/0.22
asa(config-ctx)# allocate-interface gigabitethernet0/1.12
asa(config-ctx)# config-url disk0:/c2.cfg
I will not
describe how VLANs on Switches are configured. Let’s consider switching between
Contexts. We can switch to any context from admin context, but we can’t switch
from Customers context to anywhere.
! Let’s log in
to Customer1 context. The syntax of command is the following:
change to context <context name>
change to context <context name>
asa#change to
context c1
! Let’s switch
to system configuration mode. Switching to this mode is available only from
Admin Context. In system configuration mode Contexts are created and resources
are allocated.
asa#change to
system
More Related Cisco Firewall Guides:
2013年3月15日星期五
FifteenMore Useful Cisco Sites to Know Cisco Well
Everything you want to know
about Cisco routers, security, consumer electronics and more
To help Cisco
masses know Cisco well, we collected 15 more sites covering a range of Cisco
topics---from studying and preparing for certification, to operating a Cisco
network in an enterprise or service provider environment, to keeping up with
security tips and techniques, to just being entertained by the oddities and
idiosyncrasies of the Cisco world. Let’s have a look.
The List of Useful
Cisco Sites
Etherealmind
Etherealmind is
the brainchild of Greg Ferro, Cisco CCIE #6920, who describes himself as the
"Human Infrastructure for Cisco and Data Networking." Ferro works as
a freelance network architect and senior engineer and designer mostly in the
UK. His site features an array of opinions, outbursts, insight and experience.
He has over 20 years in IT, more than 12 in networking and has spent time at
large and small financial institutions, service providers, resellers and
dot-coms. His current areas of focus are data center, security and application
networking technologies.
Risky Business
Risky Business
Cisco customers,
engineers, marketers and enthusiasts can never get enough security
information. Risky.biz first "aired" in February 2007.
Since then, the site has published over 170 episodes and developed a following
among high-level security professionals. In addition to the weekly podcast, the
site has recorded security presentations, podcast interviews and job listings.
There are also forums for discussion with security peers on the most recent
security-related topics, issues and challenges.
Tekcert
Tekcert, authored
by Jeremy Cioara, CCIE, Trainer and "really cool guy," according to
the blog's Facebook page, used to be Cioara's "Cisco Blog: the world
of all things Cisco". Tekcert has broadened beyond that to become a site
that blogs about technology, business and certifications. The site,
thanks to Cioara, still has considerable amounts of content on networking and
Cisco. But more broadly, Tekcert focuses on "helping people
further their knowledge and education about technology."
Slashdot
News for
Nerds.Stuff that Matters. That's the Slashdot tagline and for most
readers, it's accurate. Slashdot has a mix of news, technology, oddities,
irreverence and just plain off-the-wall stuff that appeals to the tech savvy. A
quick search on Cisco yields submissions and comments on Cisco's recent
introduction of its SocialMiner "stalking" software; to the
introduction of the 322Tbps CRS-3 router. The submissions might have a specific
take on a Cisco, or any other, announcement; and then the comments increase the
entertainment quotient of the submission, if not the insight into it. So
Slashdot has the potential to inform, educate and entertain those with an
interest in technology in general, as well as Cisco.
Cisco Blogs
Cisco's own blogs
on Cisco.com provide the company with the opportunity to
expand on an announcement, strategy, product line or deployment scenario for
customers looking to harness the latest, or legacy, Cisco technology. Strategic
imperatives for the company, like video, collaboration and data
center/virtualization, are highlighted in topic-specific blogs; and then there
are more general Cisco interest sites, like The Platform, Social Media, Web
Experience, etc. Perhaps the most infotaining is Cisco Interaction Network, which includes TechWise TV, a site we
highlighted in the "20 useful" list two years ago that features folk
hero Jimmy Ray Purser and his unique insights into Cisco products, deployments and strategies.
Cisco-nsp
Cisco-nsp is
an e-mail reflector for users of Cisco gear mostly in enterprises,
but with some service provider contributions as well. Topics are very technical
and participants usually offer up a deployment challenge or issue for review,
followed by tips, tricks, sympathies and snarky comments on how to rectify it
or deal with it. This is a site for true practitioners of Cisco networking, and
can be very valuable to those with new or decades-old Cisco implementations.
NANOG
Like Cisco-nsp,
the NANOG e-mail reflector serves the same purpose, but for service
providers. Have a site that's unreachable? You might find the symptoms and
cause here first. Have a problem with route flapping or BGP update suppression?
Find workarounds here. Want a review of a new router or switch, or the best to
implement for 10G? Find it here. It's a not a Cisco-specific site by any means
but a useful running commentary of issues service providers and network
operators grapple with every day, whether they're using Cisco routers and
switches or not.
CertGuard
CertGuard performs
a search and verification of certification "braindump" sites – those
that offer quick and easy, and cheap, certification exams and aids, such as
those for Cisco CCIE and CCNA that may lack authenticity. These sites can put
the user's certification at risk. CertGuard assesses these sites and offers
suggestion on how to get the best bang for your buck without risking your
certification. CertGuard says it has over 1,900 brain dump websites and roughly
500 File Sharing websites listed in its database which are freely distributing
copyrighted materials without the written permission of the owners of the
material. The site also tracks connections or similarities between
certification related websites which have previously been undiscovered, and has
flagged them for future reference. With this data, CertGuard is focused on
assisting candidates in making the correct choice in certification sites, and
to stop proxy test takers and unethical brain dump websites.
Engadget
Like social media
and Web 2.0, consumer electronics is also a key new growth endeavor for Cisco.
Nowhere is that more evident than the company's $550 million purchase of Pure
Digital and its pocket-sized Flip videocam – which followed earlier
acquisitions of wireless SoHo router maker Linksys and cable set-top box pusher
Scientific-Atlanta. Engadget usually has the scoop on some new models
of Flip coming down the pike, as well as some of the first coverage of other
Cisco and top name consumer gear hitting the market. Engadget also comments on
cool and missing features from consumer gear, and forecasts user trends and
buying behaviors based on what's currently hot and not.
Jaluri
As the title
implies, Jaluri aggregates blogs on Cisco and network issues in
general to provide a one-stop shop for Cisco- and network-related topics,
opinions and technical guidance. In Jaluri's own opinion, it's aggregating
"some of the best" network and Cisco blogs, some of which already
appear in this list and in the one we did three years ago. Several appear
to be targeted at CCIE candidates and undoubtedly many more are authored by
CCIEs. There's even one on Juniper…
Burning With
The Bush
Speaking of which,
who at Cisco would not want to keep up on its archrival in routing? Burning
With The Bush blogs on All Things Juniper, from core and edge routing
to its moves into new markets, such as data center/cloud computing, mobile
Internet and wireless LANs. BWTB also provides tip and tricks on configuring
and operating Juniper routers and other JUNOS-based platforms. Burning With The
Bush collects info from various sources and many authors, crawling through the
Web looking for and linking to relevant Juniper and JUNOS-related posts. The
site also has authors that write original content. Its founder, Chris
Grundemann, is a certified JUNOS engineer -- JNCIE #449 – author of a book on IPv6,
founding chair of the Colorado chapter of the Internet Society, and
participates in Internet governing institutions. And BWTB is independent – the
blog is not affiliated with nor endorsed by Juniper.
Qsolved
Qsolved provides
quick answers to Cisco technical support questions. The site describes itself
as a "community powered, pay to play marketplace" where experts field
and respond to questions from Cisco users. Yes, some of Qsolved's services may
require payment of fees, according to the site's terms and conditions. But in
return you get to download or copy the content from these experts, and other
items displayed on the site, provided they are for personal use only and do not
infringe on the site's copyright protection. But a perusal of the Qsolved blog
shows there's some serious stuff going on in there so it might be worth a look.
Tom's Hardware
Looking for
unbiased reviews on Cisco Linksys routers, Aironet access points or Unified
Computing System blade servers? Tom's Hardware has been published by
Bestofmedia Group since 1996. Bestofmedia claims it was one of the first sites
to review computer components. The site is intended to provide independent,
unbiased technology news, articles, reviews and reports to IT professionals,
purchasers, tech enthusiasts and influencers. It includes comparison charts and
benchmark testing on topics such as high-performance PCs, building your own PC,
security, business computing and storage.
Mashable
This is the
site for social media news, reviews, opinion and views. Mashable covers the
whole Web 2.0 wave, a phenomenon close to Cisco's, and its customer's, heart.
For Cisco enthusiasts, Mashable covers significant Cisco announcements –
like the recent unveiling of the Cius tablet, and the Videoscape Internet TV
platform – and offers opinions and commentary on those relevant to social media
and Web 2.0. Mashable, which was founded in 2005, is also a model for profitable
and influential blogging – the site has more than 30 million monthly page views
from an audience that includes early social media adopters, enthusiasts and
entrepreneurs, corporations, journalists, bloggers, and advertising and
marketing firms. Mashable claims to have also harnessed Twitter and Facebook as
conduits into its site, helping to drive traffic and page view metrics.
Friday Traffic
Report
Another site for
tips and tricks on profiting from social media and Web 2.0 technologies –
blogs, wikis and the like – is Friday Traffic Report. Cisco is a huge proponent
of businesses adopting social media and Web 2.0 technologies to help market and
make money on their product or service. The Friday Traffic Report is
a blog dedicated to assist in blog marketing and money making. The site is
authored by Jack Humphrey, who's been at this online thing since 1991. Humphrey
claims to have generated billions of site visitors for himself and his online
marketing clients over the past decade. He's also into big hair bands, drums,
wilderness survival (including cyberwilderness, no doubt), disarming wit and
Vegas. Be prepared to be entertained while you learn online marketing tips and
tricks. There are also job listings for bloggers, social media practitioners
and other techies, including 1,064 at Cisco when we last checked…
…
There are still
more sites covering Cisco news, Cisco network solutions, Cisco product release,
reviews, Cisco certifications, Cisco books, etc.. If you know some useful
sites, you can share them with Cisco masses here.
Cisco Subnet
Our own Cisco
Subnet brings a wealth of knowledge, opinion and event coverage under one
blog umbrella. Here's a sampling of what you'll find there:
Security Watch: We report on Cisco security
advisories and security responses as soon as they're issued.
Bloggers: We have a stable of bloggers who are
experts in their fields:
Wendell Odom's Cisco Cert Zone: Wendell Odom, CCIE No, 1624, splits time
between writing books for Cisco Press and teaching classes for Skyline ATS. His
books include titles on QoS, CCIE R/S, as well as several titles related to
CCNA certification, including his newest book Official Exam Certification
Library (CCNA Exam 640-802).
Michael Morris: From the field: Morris is a Technical Team
Lead and Network Architect at a $3 billion high-tech company. His background is
in enterprise WANs working with telcos, and developing large-scale routing
designs.
Jeff Doyle on IP Routing: Jeff is president of Jeff Doyle and
Associates, an IP networking consultancy, and author of Routing TCP/IP, Volumes
I and II. Read the transcript of our live online text chat with Jeff entitled
"IPv6: Will matter to the enterprise in five years."
Jamey Heary: Cisco security expert: Jamey Heary, CCIE
No. 7680, is a security consulting systems engineer at Cisco. Jamey is the
author of Cisco NAC Appliance: Enforcing Host Security with Clean Access.
Larry Chaffin: Putting realism into your network: Larry Chaffin,
Ph.D, is the CEO/chairman and founder of Pluto Networks a consulting company
specializing in VoIP, WLAN and security. He is also author of a number of books
including Managing Cisco Secure Networks, Skype Me, Practical VOIP Security,
and Configuring Check Point NGX VPN-1/Firewall-1.
John Oltsik: Network Nuggets and Security Snippets: Jon
Oltsik is a principal analyst at Enterprise Strategy Group responsible for the
networking and security services at ESG. Jon previously served as VP of
Marketing & Strategy at GiantLoop Network where he managed all marketing
activities and defined the company's strategic vision, and a Senior Analyst at
Forrester Research where he covered a wide range of infrastructure and IT
topics.
Chris Jackson: Net Defense: Chris Jackson, CCIE
(Security, Routing, Switching), CISA, CISSP, ITIL, SANS, Technical Solutions
Architect in the Cisco Architectures and Verticals Partner Organization, has
focused for the past six years on developing security practices with the Cisco
partner community. During a 15-year career in internetworking, he has built
secure networks that map to strong security policies for organizations,
including UPS, GE, and Sprint.
View slideshow
Mike Sheldon: Network
Resolutions: Mike is CEO of Network Hardware Resale, one of the largest
secondary market resellers of Cisco equipment. Mike joined NHR in sales in 2001
and was named CEO in 2005, and in that time NHR has grown from $25 million to
over $200 million in revenue.
Erik Parker:No Strings Attached:
Erik is a wireless network engineer for a Fortune 500 e-commerce company based
in the United States, and was previously a wireless engineer at Toyota and
consulting network engineer for International Network Services (Now BT-INS).
His primary focus is on wireless infrastructure, 802.11 protocol analysis, RF,
and mobility, and he has maintained his CISSP designation since 2002.
Jimmy Ray Purser:Networking Geek to Geek: Jimmy Ray is the technical co-host for
Cisco's TechWise and BizWise TV, and also conducts advanced training for
engineers across North America and Europe. He is an active member in the IEEE
and the Ethernet Alliance and has designed, installed and tested numerous
networks for Fortune 500 companies, the United States military and other
institutions worldwide. He holds three U.S. patents for Ethernet security
algorithms with two others pending.
Scott Hogg: Core Networking
and Security: Scott is the Director of Advanced Technology Services for Global
Technology Resources, Inc. (GTRI), a network engineering, consulting and
training firm. He has a B.S. in Computer Science from Colorado State
University, a M.S. in Telecommunications from the University of Colorado, along
with his CCIE (#5133) and CISSP (#4610). Scott is the author of the Cisco Press
book IPv6 Security and is currently the chair of the Rocky Mountain IPv6 Task
Force.
Douglas Gourlay:Default
Gateway: Doug is vice president of marketing at data center switch vendor
Arista Networks. Prior to joining Arista in 2009, Doug was the vice president
of Cisco's Data Center Solutions Group, where he was responsible for Cisco's
global marketing strategy for data center, virtualization, and cloud computing.
Doug has filed or holds more than 20 patents in networking technologies and
directed product management for Cisco's Nexus and Catalyst 6500 switching
lines.
AvnerIzhar:Cisco Knowledge
Share with AvnerIzhar: Avner is a Consulting System Engineer for World Wide
Technology and has 14 years in the networking industry. He holds a CCIE in Voice
(#15999), CCSI (#31623), CCVP and others. He is also the author of two CCIE
voice training related books: CCIE Voice Technology Workbook and CCIE Voice
written study guide.
Jim Duffy: The Cisco
Connection: Yours truly has been covering Cisco for 17 years and has 25 years
of experience in covering the computer networking industry as a journalist – 20
of which have been at Network World. I started blogging about two years ago on
matters pertaining to Cisco -- its products, markets, competitors, strategies,
etc. My content comes from several sources: Cisco, its partners, its
competitors, my own coverage, analyst reports, other blogs and the like. I hope
you find it informative and useful!
---Original
reading: networkworld.com
More Cisco Tips:
2012年10月11日星期四
How to Celebrate Your 10th Anniversary? Router-Siwtch.com
Router-switch.com is ten years
old, happy 10th Anniversary! It is a vital phase for all router-switch.com
staff in 2012. How to celebrate its 10th anniversary? What
Router-switch.com Prepared for Its tenth birthday to thank its regulars and new
clients? Let’s have a look!
Router-switch.com, ten years old, happy
birthday! 2012 marks the tenth anniversary of router-switch.com, which is an
exciting moment for all router-switch’s staff and clients.
What
Router-switch.com Prepared for Its 10th Anniversary?
In 2012, router-switch.com
welcomes its 10th anniversary.
For router-switch.com, it has been a worldwide leading Cisco supplier during
the past 10 years. To celebrate 10 years, it prepares big gifts for its
regulars and new clients, such as Cisco
AIR-AP1131AG-A-K9, limited edition T-shirts and 20PC U disk. Some
popular Cisco products(including Cisco
routers: Cisco 2900 & 3900 Routers, Cisco switches: Catalyst 3560x
Series, Cisco Catalyst 3750x Series, Catalyst 3560V2/3750V2, Cisco firewall, Cisco Access Points and
network cards) will have big discounts (up to 75% off).The activity date is from September to
October. Wow, if you wanna buy Cisco equipment, don’t miss it.
Router-switch.com has become a world’s
leading Cisco supplier over the past ten years with the help of its staff and
customers. To celebrate its 10 years, router-switch.com offers some activities
for all the old and new clients, for example, big discount (save up to 75% off)
for the popular Cisco items (including
Catalyst 3560x Series, Cisco Catalyst 3750x Series, Catalyst 3560V2/3750V2,
Cisco 2900&3900 Routers, Network Cards, etc.), fill out a simple
survey to win a big gift (Cisco AIR-AP1131AG-A-K9, limited edition
T-shirts and 20PC U disk). The activity date is from September. 01. 2012
to October. 31. 2012. Wow, if you are a Cisco buyer, don’t miss this
chance. Let’s join the party to celebrate the 10th birthday
together.
2012年3月9日星期五
Cisco Switches: List of MainFeatures and Types
Cisco switches deliver high performance, secure, scalable solutions to meet the needs of small businesses, multi-site enterprises, data centers, or Service...
From core to edge, Cisco network switches provide the performance, high availability, comprehensive security, delivery optimization, and enhanced manageability you need to optimize your network infrastructure.
Cisco offers two types of network switches: Fixed Configuration Switches&Modular Switches
Fixed Configuration Switches
These Ethernet switching solutions support a wide range of deployments, including enterprise campus, branch offices, midsize organizations, and small and medium-sized businesses (SMB), and offer highly secure access, operational simplicity, energy efficiency, and enhanced connected user experience.
Cisco Catalyst 2960 Series
- Standalone switches with enhanced LAN services for small and medium-sized businesses and branch office networks
- Layer 2 switching with intelligent Layer 2-4 services
- Up to 48 10/100 ports or 10/100/1000 ports
- Fast Ethernet PoE configurations with 15.4W of PoE up to 24 ports
- Flexibility of LAN Base or LAN Lite models
- AC power supply failure protection with external power supply
- Limited lifetime warranty
Cisco Catalyst 2960-S Series
- Stackable (with Cisco FlexStack) fixed-configuration Layer 2 switches
- Cost-effective solution for mid-sized organizations and branch offices
- Full Power Over Ethernet Plus and basic Borderless Networks services
- Zero-touch deployment and operations via Catalyst Smart Operations
Cisco Catalyst 3560 Series
- Standalone switches for branch offices and midsize organizations
- High performance with wirespeed Layer 2-4 switching, multicast and IPv6 routing
- Network security includes ACLs, authentication, port-level security, and identity-based network services
- Transparent power supply protection with external power backup; DC power option available
- Fast Ethernet and Gigabit Ethernet connectivity
- PoE configurations with 15.4W per port
- Up to 48 10/100/1000 ports plus 4 SFP ports
- Limited lifetime warranty
Cisco Catalyst 3560-E Series
- Standalone and aggregation switches for campus and branch offices
- Helps deploy secure converged services and adapt to changing network and application requirements
- 10-second 10G upgrade with Cisco TwinGig converter module
- 15.4W of PoE on all 48 ports
- 802.1n support scales beyond 15.4W per port
- Cisco EnergyWise
- Modular fan and power supply with externally available backup
- High performance with wirespeed Layer 2-4 switching, dynamic multicast and IPv6 routing
- Integrated advanced security features, including ACLs, identity-based network services, and Cisco Network Admission Control (NAC)
- Aggregation switches with dual redundant modular power supplies and fans for nonstop operation
- Up to 48 10/100/1000 ports plus dual 10 Gb Ethernet ports on all models
- Limited lifetime warranty
Cisco Catalyst 3560-X Series
- Fixed-configuration switches for campus and branch deployments
- High-availability and advanced security features assure consistent service
- Service and network modules help enable incremental link and service upgrades
- Full Power Over Ethernet Plus and comprehensive Borderless Networks services
Cisco Catalyst 3750 Series
- cisco 3750 switch Stackable multilayer switches for branch offices and midsize organizations
- Cisco StackWise 32 Gbps interconnect for a unified, resilient system of up to nine switches with subsecond failover
- Transparent power supply protection with external power backup; DC power option available
- Cisco EnergyWise
- Uninterrupted performance with wirespeed Layer 2-4 switching, dynamic multicast, and IPv6 routing
- Network security includes access control lists (ACLs), authentication, port-level security, and identity-based network services
- Fast Ethernet and Gigabit Ethernet connectivity
- PoE configurations with 15.4W per port
- Up to 48 10/100/1000 ports plus 4 SFP ports
- Limited lifetime warranty
Cisco Catalyst 3750-E Series
- cisco 3750E switch Stackable multilayer switches for campus and larger branch offices
- High availability platform for deploying secure converged services and adapt to changing network and application requirements
- StackWise Plus with 64 Gbps interconnect for a unified, resilient system of up to nine switches with subsecond failover
- 10-second 10G upgrade with cisco 3750G switch TwinGig converter module
- 15.4W of Power over Ethernet (PoE) on all 48 ports
- 802.11n support scales beyond 15.4W per port
- Cisco EnergyWise
- Modular fan and power supply with externally available backup; DC power option available
- Uninterrupted performance with wirespeed Layer 2-4 switching, dynamic multicast routing and IPv6 routing
- Integrated advanced security features including ACLs, identity-based network services and Network Admission Control (NAC)
- Fully backwards compatible with Cisco Catalyst 3750 Series for investment protection
- Up to 48 10/100/1000 ports plus dual 10 GbE ports on all models
- Limited lifetime warranty
Cisco Nexus 3750-X Series
- Stackable fixed-configuration cisco 3750X switch for campus and branch deployments
- StackWise Plus and StackPower deliver high availability and operational efficiency
- Service and network modules help enable incremental link and service upgrades
- Full Power Over Ethernet Plus and comprehensive Borderless Networks services
2012年1月16日星期一
Basic Cisco Switch Configuration
Generally speaking, the cisco switch command are the best in the market. Versatile, reliable, flexible and powerful, the Cisco switch product line (such as the 2960, 3560, 3750, 4500, 6500, etc.) offer unparalleled performance and features.
Although a Cisco switch configuration is a much simpler network device compared with other devices (e.g. routers and firewalls), many people have difficulties in configuring a Cisco Catalyst Switch. Unlike other lower class switch vendors (which are plug-and-play), the Cisco switch needs some initial basic configuration in order to enable management, security and some other important features.
How to configure a cisco switch software from scratch? Basic steps help you finish the Cisco switch configuration.
STEP1:Connect to the device via console
Use a terminal emulation software such as PuTTY and connect to the console of the switch. You will get the initial command prompt “Switch>”
Type “enable” and hit enter. You will get into privileged mode (“Switch#”)
Now, get into Global Configuration Mode:
Switch# configure terminal
Switch(config)#
Switch(config)#
STEP2: Set up a hostname for the particular switch to distinguish it in the network
Switch(config)# hostname access-switch1
access-switch1(config)#
access-switch1(config)#
STEP3: Configure an administration password (enable secret password)
access-switch1(config)# enable secret somestrongpass
STEP4: Configure a password for Telnet access
access-switch1(config)# line vty 0 15
access-switch1(config-line)# password strongtelnetpass
access-switch1(config-line)# login
access-switch1(config-line)# exit
access-switch1(config)#
access-switch1(config-line)# password strongtelnetpass
access-switch1(config-line)# login
access-switch1(config-line)# exit
access-switch1(config)#
STEP5: Define which IP addresses are allowed to access the switch via Telnet
access-switch1(config)# ip access-list standard TELNET-ACCESS
access-switch1(config-std-nacl)# permit 10.1.1.100 refurbished cisco switches
access-switch1(config-std-nacl)# permit 10.1.1.101
access-switch1(config-std-nacl)# exit
access-switch1(config-std-nacl)# permit 10.1.1.100 refurbished cisco switches
access-switch1(config-std-nacl)# permit 10.1.1.101
access-switch1(config-std-nacl)# exit
!Apply the access list to Telnet VTY Lines
access-switch1(config)# line vty 0 15
access-switch1(config-line)# access-class TELNET-ACCESS in
access-switch1(config-line)# exit
access-switch1(config)#
access-switch1(config)# line vty 0 15
access-switch1(config-line)# access-class TELNET-ACCESS in
access-switch1(config-line)# exit
access-switch1(config)#
STEP6: Assign IP address to the switch for management
!Management IP is assigned to Vlan 1 by default
access-switch1(config)# interface vlan 1
access-switch1(config-if)# ip address 10.1.1.200 255.255.255.0
access-switch1(config-if)# exit
access-switch1(config)#
access-switch1(config)# interface vlan 1
access-switch1(config-if)# ip address 10.1.1.200 255.255.255.0
access-switch1(config-if)# exit
access-switch1(config)#
STEP7: Assign default gateway to the switch
access-switch1(config)# ip default-gateway 10.1.1.254
STEP8: Disable unneeded ports on the switch
! This step is optional but enhances security
! Assume that we have a 48-port switch and we don’t need ports 25 to 48
! Assume that we have a 48-port switch and we don’t need ports 25 to 48
access-switch1(config)# interface range fe 0/25-48
access-switch1(config-if-range)# shutdown
access-switch1(config-if-range)# exit
access-switch1(config)#
access-switch1(config-if-range)# shutdown
access-switch1(config-if-range)# exit
access-switch1(config)#
STEP9: Save the configuration
access-switch1(config)# wr
2011年12月20日星期二
Cisco Catalyst 3560 Series Switches
The Cisco 3560 switch is a line of fixed-configuration, enterprise-class switches that include IEEE 802.3af and Cisco prestandard Power over Ethernet (PoE) functionality in Fast Ethernet and Gigabit Ethernet configurations.
As an ideal access layer switch for small enterprise LAN access or branch-office environments, the cisco ws c3560x 48t s combinesboth 10/100/1000 and PoE configurations for maximum productivity and investment protection while enabling the deployment of new applications such as IP telephony, wireless access, video surveillance, building management systems, and remote video kiosks.
Customers can deploy network wide intelligent services-such as advanced quality of service (QoS), rate limiting, access control lists (ACLs), multicast management, and high-performance IP routing-while maintaining the simplicity of traditional LAN switching.
The Cisco Catalyst 3560 is part of a larger and more scalable family of Cisco Catalyst switches that includes the Cisco Catalyst 3560-E Series switches, the Cisco Catalyst 3750 and 3750-E Series switches with Cisco StackWise technology, and the Cisco Catalyst 4500 and Catalyst 6500 modular switches. United by Cisco IOSSoftware, the entire family offers industry-leading availability, integrated security, optimized delivery, and manageability.
Software
The cisco ws c3560x 48t l is available with one of two software images:
IP Base software includes advanced quality of service (QoS), rate limiting, access control lists (ACLs), Open Shortest Path First (OSPF) for routed access, and IPv6 functionality.
IP Services software provides a broader set of enterprise-class features, including advanced hardware-based IP Unicast and IP Multicast routing, as well as policy-based routing (PBR).
Simple Network Management
Available for the cisco catalyst 3560e, the Cisco Network Assistant is a centralized management application for switches, routers, and wireless access points. Free of charge, the application provides configuration wizards that greatly simplify the implementation of converged networks and intelligent network services.
Quick Look at Some Cisco Catalyst 3560 Models
WS-C3560G-48PS-S:Port Speed: 10/100 with IEEE 802.3af and Cisco pre-standard PoE
48 ports
Uplinks: 4 SFP-based ports
Software Image: IP Base
WS-C3560G-24PS-S:Port Speed:10/100/1000 with IEEE 802.3af and Cisco prestandardPoE
24 ports
Uplinks: 4 SFP-based ports
IP Base
WS-C3560G-48TS-S:Port Speed: 10/100/1000
48 ports
Uplinks: 4 SFP-based ports
Software Image: IP Base
WS-C3560G-24TS-S:Port Speed: 10/100/1000
24 ports
Uplinks: 4 SFP-based ports
Software Image: IP Base
More Cisco 3560 Switch Related
ws c3560e 48pd sf Series Switches:an enterprise-class line of standalone access and aggregation switches that ease the deployment of secure converged applications.
These switches combine 10/100/1000 and Power over Ethernet (PoE) configurations with uplinks that easily upgrade from 1 Gb Ethernet cisco ws c3560x 24t s to 10 Gb Ethernet. They enhance worker productivity by enabling applications such as IP telephony, wireless, and video.
Features:
• Ten-second 10 Gb upgrade
• Support for 802.11n devices
• Configurations with up to 20W PoE on all 48 ports
• Modular fan and power supply for aggregation models
• Highly available operation: dual hot-swappable modular power supplies and fans for fixed aggregation switches
• Secure unified network services
• Cisco EnergyWise technology
For further Cisco 3560 series switches’ specs, price, software, configuration, service, etc. Please visit Cisco Catalyst 3560 Series Switch at router-switch.com…
As an ideal access layer switch for small enterprise LAN access or branch-office environments, the cisco ws c3560x 48t s combinesboth 10/100/1000 and PoE configurations for maximum productivity and investment protection while enabling the deployment of new applications such as IP telephony, wireless access, video surveillance, building management systems, and remote video kiosks.
Customers can deploy network wide intelligent services-such as advanced quality of service (QoS), rate limiting, access control lists (ACLs), multicast management, and high-performance IP routing-while maintaining the simplicity of traditional LAN switching.
The Cisco Catalyst 3560 is part of a larger and more scalable family of Cisco Catalyst switches that includes the Cisco Catalyst 3560-E Series switches, the Cisco Catalyst 3750 and 3750-E Series switches with Cisco StackWise technology, and the Cisco Catalyst 4500 and Catalyst 6500 modular switches. United by Cisco IOSSoftware, the entire family offers industry-leading availability, integrated security, optimized delivery, and manageability.
Software
The cisco ws c3560x 48t l is available with one of two software images:
IP Base software includes advanced quality of service (QoS), rate limiting, access control lists (ACLs), Open Shortest Path First (OSPF) for routed access, and IPv6 functionality.
IP Services software provides a broader set of enterprise-class features, including advanced hardware-based IP Unicast and IP Multicast routing, as well as policy-based routing (PBR).
Simple Network Management
Available for the cisco catalyst 3560e, the Cisco Network Assistant is a centralized management application for switches, routers, and wireless access points. Free of charge, the application provides configuration wizards that greatly simplify the implementation of converged networks and intelligent network services.
Quick Look at Some Cisco Catalyst 3560 Models
WS-C3560G-48PS-S:Port Speed: 10/100 with IEEE 802.3af and Cisco pre-standard PoE
48 ports
Uplinks: 4 SFP-based ports
Software Image: IP Base
WS-C3560G-24PS-S:Port Speed:10/100/1000 with IEEE 802.3af and Cisco prestandardPoE
24 ports
Uplinks: 4 SFP-based ports
IP Base
WS-C3560G-48TS-S:Port Speed: 10/100/1000
48 ports
Uplinks: 4 SFP-based ports
Software Image: IP Base
WS-C3560G-24TS-S:Port Speed: 10/100/1000
24 ports
Uplinks: 4 SFP-based ports
Software Image: IP Base
More Cisco 3560 Switch Related
ws c3560e 48pd sf Series Switches:an enterprise-class line of standalone access and aggregation switches that ease the deployment of secure converged applications.
These switches combine 10/100/1000 and Power over Ethernet (PoE) configurations with uplinks that easily upgrade from 1 Gb Ethernet cisco ws c3560x 24t s to 10 Gb Ethernet. They enhance worker productivity by enabling applications such as IP telephony, wireless, and video.
Features:
• Ten-second 10 Gb upgrade
• Support for 802.11n devices
• Configurations with up to 20W PoE on all 48 ports
• Modular fan and power supply for aggregation models
• Highly available operation: dual hot-swappable modular power supplies and fans for fixed aggregation switches
• Secure unified network services
• Cisco EnergyWise technology
For further Cisco 3560 series switches’ specs, price, software, configuration, service, etc. Please visit Cisco Catalyst 3560 Series Switch at router-switch.com…
订阅:
博文 (Atom)