2013年3月18日星期一

How to Configure Cisco ASA Virtual Firewall?



Device virtualization is one of the most popular topics in IT industry today and Cisco has been supporting this concept in the majority of its network devices. Now we will talk about Cisco ASA virtualization, which means multiple virtual firewalls on the same physical ASA chassis. Virtual ASA is also known as “Security Context”.

All Cisco firewall models (except ASA 5505) support multiple security contexts (i.e virtual firewalls). By default, all models support 2 security contexts without a license upgrade (except the Cisco ASA 5510 which requires the security plus license).

Each Context has its own configuration file and security policy, i.e. one context is completely isolated and does not depend on other contexts. The exception is the Admin Context, from which the whole ASA appliance (physical ASA) is managed and also is used to create the other Contexts. For enabling the creation of virtual contexts on the ASA appliance, we must switch to Multiple Context mode. In this mode some features are not available, like Dynamic Routing, IPSEC and SSL VPN, Multicast and Threat Detection. Let’s make a little discussion when multiple context mode is advisable and when it is not.

When would you want to use multiple security contexts?
●If you want to use the active/active failover feature. Keep in mind that with active/active failover, you should not use more than half of the available bandwidth.
●If you are an ISP and need to offer a different security context for each customer.
● If you need to provide different security policies for various departments, users, or vendors and need to create a separate context for each one.
● If you’d like to reduce hardware requirements by combining the functionality of multiple firewalls into one.

When should you not use multiple security contexts?
● If you need to provide VPN services such as remote access or site-to-site VPN tunnels.
● If you need to use dynamic routing protocols. With multiple context mode, you can use only static routes.
● If you need to use QoS.
● If you need to support multicast routing.
● If you need to provide Threat Detection.

Now let’s consider an example of how Contexts are configured. In the scenario in our topology below, we have one ASA appliance and let’s create two contexts for two customers and one admin context for ASA appliance management.
Physical Topology Diagram:

Logical Topology Diagram:

Equipment Used in this LAB
ASA 5520 – Cisco Adaptive Security Appliance Software Version 8.0(3)
Catalyst 2960 – LAN Lite IOS.

Before starting configuration let’s check if it works in Single context mode or multiple context mode. As I’ve already stated, ASA appliance must be in multiple context mode for creating Security contexts.
!Verify ASA Operating mode.
asa # show mode
Security context mode: single
! enable multiple mode, for switching to this Mode, restart is required.
asa(config)#mode multiple

Then the following output is displayed. ASA Appliance converts the current running configuration into two files: a new startup configuration that comprises the system configuration, and “admin.cfg” that comprises the admin context (stored in the root directory of the internal Flash memory). The original running configuration is saved as “old_running.cfg” (in the root directory of the internal Flash memory).
WARNING: This command will change the behavior of the device
WARNING: This command will initiate a Reboot
Proceed with change mode? [confirm]
Convert the system configuration? [confirm]
!
The old running configuration file will be written to flash
The admin context configuration will be written to flash
The new running configuration file was written to flash
Security context mode: multiple
***
*** — SHUTDOWN NOW —
***
*** Message to all terminals:
***
***   change mode
Rebooting….
Booting system, please wait…
!after rebooting verify ASA Operation mode
asa# show mode
Security context mode: multiple
After restarting let’s start configuration of Contexts. First configure the admin context.
!Configure the admin context
asa(config)# admin-context admin
asa(config)# context admin
asa(config-ctx)# allocate-interface Management0/0
asa(config-ctx)# config-url disk0:/admin.cfg
!configure the Sub-interfaces for Customer1
interface GigabitEthernet0/1.11
vlan 11
interface GigabitEthernet0/0.21
vlan 21
!configure the Sub-interfaces for Customer2
interface GigabitEthernet0/1.12
vlan 12
interface GigabitEthernet0/0.22
vlan 22

Now we start creating contexts for Customer-1 and Customer-2 and allocate interfaces.
! Configure the Customer1 context shown as C1 in diagram.
asa(config)# context c1
asa(config-ctx)# allocate-interface gigabitethernet0/0.21
asa(config-ctx)# allocate-interface gigabitethernet0/1.11
asa(config-ctx)# config-url disk0:/c1.cfg
! Configure the Customer2 context shown as C2 in diagram.
asa(config)# context c2
asa(config-ctx)# allocate-interface gigabitethernet0/0.22
asa(config-ctx)# allocate-interface gigabitethernet0/1.12
asa(config-ctx)# config-url disk0:/c2.cfg

I will not describe how VLANs on Switches are configured. Let’s consider switching between Contexts. We can switch to any context from admin context, but we can’t switch from Customers context to anywhere.
! Let’s log in to Customer1 context. The syntax of command is the following: 
change to context <context name>
asa#change to context  c1
! Let’s switch to system configuration mode. Switching to this mode is available only from Admin Context. In system configuration mode Contexts are created and resources are allocated.
asa#change to system

More Related Cisco Firewall Guides:

2013年3月15日星期五

FifteenMore Useful Cisco Sites to Know Cisco Well



Everything you want to know about Cisco routers, security, consumer electronics and more

To help Cisco masses know Cisco well, we collected 15 more sites covering a range of Cisco topics---from studying and preparing for certification, to operating a Cisco network in an enterprise or service provider environment, to keeping up with security tips and techniques, to just being entertained by the oddities and idiosyncrasies of the Cisco world. Let’s have a look.

The List of Useful Cisco Sites
Etherealmind

Etherealmind is the brainchild of Greg Ferro, Cisco CCIE #6920, who describes himself as the "Human Infrastructure for Cisco and Data Networking." Ferro works as a freelance network architect and senior engineer and designer mostly in the UK. His site features an array of opinions, outbursts, insight and experience. He has over 20 years in IT, more than 12 in networking and has spent time at large and small financial institutions, service providers, resellers and dot-coms. His current areas of focus are data center, security and application networking technologies.

Risky Business

Cisco customers, engineers, marketers and enthusiasts can never get enough security information. Risky.biz first "aired" in February 2007. Since then, the site has published over 170 episodes and developed a following among high-level security professionals. In addition to the weekly podcast, the site has recorded security presentations, podcast interviews and job listings. There are also forums for discussion with security peers on the most recent security-related topics, issues and challenges.

Tekcert

Tekcert, authored by Jeremy Cioara, CCIE, Trainer and "really cool guy," according to the blog's Facebook page,  used to be Cioara's "Cisco Blog: the world of all things Cisco". Tekcert has broadened beyond that to become a site that blogs about technology, business and certifications.  The site, thanks to Cioara, still has considerable amounts of content on networking and Cisco. But more broadly, Tekcert   focuses on "helping people further their knowledge and education about technology."

Slashdot

News for Nerds.Stuff that Matters. That's the Slashdot tagline and for most readers, it's accurate. Slashdot has a mix of news, technology, oddities, irreverence and just plain off-the-wall stuff that appeals to the tech savvy. A quick search on Cisco yields submissions and comments on Cisco's recent introduction of its SocialMiner "stalking" software; to the introduction of the 322Tbps CRS-3 router. The submissions might have a specific take on a Cisco, or any other, announcement; and then the comments increase the entertainment quotient of the submission, if not the insight into it. So Slashdot has the potential to inform, educate and entertain those with an interest in technology in general, as well as Cisco.

Cisco Blogs

Cisco's own blogs on Cisco.com provide the company with the opportunity to expand on an announcement, strategy, product line or deployment scenario for customers looking to harness the latest, or legacy, Cisco technology. Strategic imperatives for the company, like video, collaboration and data center/virtualization, are highlighted in topic-specific blogs; and then there are more general Cisco interest sites, like The Platform, Social Media, Web Experience, etc. Perhaps the most infotaining is Cisco Interaction Network, which includes TechWise TV, a site we highlighted in the "20 useful" list two years ago that features folk hero Jimmy Ray Purser and his unique insights into Cisco products, deployments and strategies.

Cisco-nsp

Cisco-nsp is an e-mail reflector for users of Cisco gear mostly in enterprises, but with some service provider contributions as well. Topics are very technical and participants usually offer up a deployment challenge or issue for review, followed by tips, tricks, sympathies and snarky comments on how to rectify it or deal with it. This is a site for true practitioners of Cisco networking, and can be very valuable to those with new or decades-old Cisco implementations.

NANOG

Like Cisco-nsp, the NANOG e-mail reflector serves the same purpose, but for service providers. Have a site that's unreachable? You might find the symptoms and cause here first. Have a problem with route flapping or BGP update suppression? Find workarounds here. Want a review of a new router or switch, or the best to implement for 10G? Find it here. It's a not a Cisco-specific site by any means but a useful running commentary of issues service providers and network operators grapple with every day, whether they're using Cisco routers and switches or not.

CertGuard

CertGuard performs a search and verification of certification "braindump" sites – those that offer quick and easy, and cheap, certification exams and aids, such as those for Cisco CCIE and CCNA that may lack authenticity. These sites can put the user's certification at risk. CertGuard assesses these sites and offers suggestion on how to get the best bang for your buck without risking your certification. CertGuard says it has over 1,900 brain dump websites and roughly 500 File Sharing websites listed in its database which are freely distributing copyrighted materials without the written permission of the owners of the material. The site also tracks connections or similarities between certification related websites which have previously been undiscovered, and has flagged them for future reference. With this data, CertGuard is focused on assisting candidates in making the correct choice in certification sites, and to stop proxy test takers and unethical brain dump websites.

Engadget

Like social media and Web 2.0, consumer electronics is also a key new growth endeavor for Cisco. Nowhere is that more evident than the company's $550 million purchase of Pure Digital and its pocket-sized Flip videocam – which followed earlier acquisitions of wireless SoHo router maker Linksys and cable set-top box pusher Scientific-Atlanta. Engadget usually has the scoop on some new models of Flip coming down the pike, as well as some of the first coverage of other Cisco and top name consumer gear hitting the market. Engadget also comments on cool and missing features from consumer gear, and forecasts user trends and buying behaviors based on what's currently hot and not.

Jaluri

As the title implies, Jaluri aggregates blogs on Cisco and network issues in general to provide a one-stop shop for Cisco- and network-related topics, opinions and technical guidance. In Jaluri's own opinion, it's aggregating "some of the best" network and Cisco blogs, some of which already appear in this list and in the one we did three years ago.  Several appear to be targeted at CCIE candidates and undoubtedly many more are authored by CCIEs. There's even one on Juniper…

Burning With The Bush

Speaking of which, who at Cisco would not want to keep up on its archrival in routing? Burning With The Bush blogs on All Things Juniper, from core and edge routing to its moves into new markets, such as data center/cloud computing, mobile Internet and wireless LANs. BWTB also provides tip and tricks on configuring and operating Juniper routers and other JUNOS-based platforms. Burning With The Bush collects info from various sources and many authors, crawling through the Web looking for and linking to relevant Juniper and JUNOS-related posts. The site also has authors that write original content. Its founder, Chris Grundemann, is a certified JUNOS engineer -- JNCIE #449 – author of a book on IPv6, founding chair of the Colorado chapter of the Internet Society, and participates in Internet governing institutions. And BWTB is independent – the blog is not affiliated with nor endorsed by Juniper.

Qsolved

Qsolved provides quick answers to Cisco technical support questions. The site describes itself as a "community powered, pay to play marketplace" where experts field and respond to questions from Cisco users. Yes, some of Qsolved's services may require payment of fees, according to the site's terms and conditions. But in return you get to download or copy the content from these experts, and other items displayed on the site, provided they are for personal use only and do not infringe on the site's copyright protection. But a perusal of the Qsolved blog shows there's some serious stuff going on in there so it might be worth a look.

Tom's Hardware

Looking for unbiased reviews on Cisco Linksys routers, Aironet access points or Unified Computing System blade servers? Tom's Hardware has been published by Bestofmedia Group since 1996. Bestofmedia claims it was one of the first sites to review computer components. The site is intended to provide independent, unbiased technology news, articles, reviews and reports to IT professionals, purchasers, tech enthusiasts and influencers. It includes comparison charts and benchmark testing on topics such as high-performance PCs, building your own PC, security, business computing and storage.

Mashable
This is the site for social media news, reviews, opinion and views. Mashable covers the whole Web 2.0 wave, a phenomenon close to Cisco's, and its customer's, heart.  For Cisco enthusiasts, Mashable covers significant Cisco announcements – like the recent unveiling of the Cius tablet, and the Videoscape Internet TV platform – and offers opinions and commentary on those relevant to social media and Web 2.0. Mashable, which was founded in 2005, is also a model for profitable and influential blogging – the site has more than 30 million monthly page views from an audience that includes early social media adopters, enthusiasts and entrepreneurs, corporations, journalists, bloggers, and advertising and marketing firms. Mashable claims to have also harnessed Twitter and Facebook as conduits into its site, helping to drive traffic and page view metrics.

Friday Traffic Report
Another site for tips and tricks on profiting from social media and Web 2.0 technologies – blogs, wikis and the like – is Friday Traffic Report. Cisco is a huge proponent of businesses adopting social media and Web 2.0 technologies to help market and make money on their product or service. The Friday Traffic Report is a blog dedicated to assist in blog marketing and money making. The site is authored by Jack Humphrey, who's been at this online thing since 1991. Humphrey claims to have generated billions of site visitors for himself and his online marketing clients over the past decade. He's also into big hair bands, drums, wilderness survival (including cyberwilderness, no doubt), disarming wit and Vegas. Be prepared to be entertained while you learn online marketing tips and tricks. There are also job listings for bloggers, social media practitioners and other techies, including 1,064 at Cisco when we last checked…
There are still more sites covering Cisco news, Cisco network solutions, Cisco product release, reviews, Cisco certifications, Cisco books, etc.. If you know some useful sites, you can share them with Cisco masses here.

Cisco Subnet
Our own Cisco Subnet brings a wealth of knowledge, opinion and event coverage under one blog umbrella. Here's a sampling of what you'll find there:

Security Watch: We report on Cisco security advisories and security responses as soon as they're issued.

Bloggers: We have a stable of bloggers who are experts in their fields:
Wendell Odom's Cisco Cert Zone: Wendell Odom, CCIE No, 1624, splits time between writing books for Cisco Press and teaching classes for Skyline ATS. His books include titles on QoS, CCIE R/S, as well as several titles related to CCNA certification, including his newest book Official Exam Certification Library (CCNA Exam 640-802).

Michael Morris: From the field: Morris is a Technical Team Lead and Network Architect at a $3 billion high-tech company. His background is in enterprise WANs working with telcos, and developing large-scale routing designs.

Jeff Doyle on IP Routing: Jeff is president of Jeff Doyle and Associates, an IP networking consultancy, and author of Routing TCP/IP, Volumes I and II. Read the transcript of our live online text chat with Jeff entitled "IPv6: Will matter to the enterprise in five years."

Jamey Heary: Cisco security expert: Jamey Heary, CCIE No. 7680, is a security consulting systems engineer at Cisco. Jamey is the author of Cisco NAC Appliance: Enforcing Host Security with Clean Access.

Larry Chaffin: Putting realism into your network: Larry Chaffin, Ph.D, is the CEO/chairman and founder of Pluto Networks a consulting company specializing in VoIP, WLAN and security. He is also author of a number of books including Managing Cisco Secure Networks, Skype Me, Practical VOIP Security, and Configuring Check Point NGX VPN-1/Firewall-1.

John Oltsik: Network Nuggets and Security Snippets: Jon Oltsik is a principal analyst at Enterprise Strategy Group responsible for the networking and security services at ESG. Jon previously served as VP of Marketing & Strategy at GiantLoop Network where he managed all marketing activities and defined the company's strategic vision, and a Senior Analyst at Forrester Research where he covered a wide range of infrastructure and IT topics.

Chris Jackson: Net Defense: Chris Jackson, CCIE (Security, Routing, Switching), CISA, CISSP, ITIL, SANS, Technical Solutions Architect in the Cisco Architectures and Verticals Partner Organization, has focused for the past six years on developing security practices with the Cisco partner community. During a 15-year career in internetworking, he has built secure networks that map to strong security policies for organizations, including UPS, GE, and Sprint.

View slideshow
Mike Sheldon: Network Resolutions: Mike is CEO of Network Hardware Resale, one of the largest secondary market resellers of Cisco equipment. Mike joined NHR in sales in 2001 and was named CEO in 2005, and in that time NHR has grown from $25 million to over $200 million in revenue.

Erik Parker:No Strings Attached: Erik is a wireless network engineer for a Fortune 500 e-commerce company based in the United States, and was previously a wireless engineer at Toyota and consulting network engineer for International Network Services (Now BT-INS). His primary focus is on wireless infrastructure, 802.11 protocol analysis, RF, and mobility, and he has maintained his CISSP designation since 2002.

Jimmy Ray Purser:Networking Geek to Geek: Jimmy Ray is the technical co-host for Cisco's TechWise and BizWise TV, and also conducts advanced training for engineers across North America and Europe. He is an active member in the IEEE and the Ethernet Alliance and has designed, installed and tested numerous networks for Fortune 500 companies, the United States military and other institutions worldwide. He holds three U.S. patents for Ethernet security algorithms with two others pending.

Scott Hogg: Core Networking and Security: Scott is the Director of Advanced Technology Services for Global Technology Resources, Inc. (GTRI), a network engineering, consulting and training firm. He has a B.S. in Computer Science from Colorado State University, a M.S. in Telecommunications from the University of Colorado, along with his CCIE (#5133) and CISSP (#4610). Scott is the author of the Cisco Press book IPv6 Security and is currently the chair of the Rocky Mountain IPv6 Task Force.

Douglas Gourlay:Default Gateway: Doug is vice president of marketing at data center switch vendor Arista Networks. Prior to joining Arista in 2009, Doug was the vice president of Cisco's Data Center Solutions Group, where he was responsible for Cisco's global marketing strategy for data center, virtualization, and cloud computing. Doug has filed or holds more than 20 patents in networking technologies and directed product management for Cisco's Nexus and Catalyst 6500 switching lines.

AvnerIzhar:Cisco Knowledge Share with AvnerIzhar: Avner is a Consulting System Engineer for World Wide Technology and has 14 years in the networking industry. He holds a CCIE in Voice (#15999), CCSI (#31623), CCVP and others. He is also the author of two CCIE voice training related books: CCIE Voice Technology Workbook and CCIE Voice written study guide.

Jim Duffy: The Cisco Connection: Yours truly has been covering Cisco for 17 years and has 25 years of experience in covering the computer networking industry as a journalist – 20 of which have been at Network World. I started blogging about two years ago on matters pertaining to Cisco -- its products, markets, competitors, strategies, etc. My content comes from several sources: Cisco, its partners, its competitors, my own coverage, analyst reports, other blogs and the like. I hope you find it informative and useful!
---Original reading: networkworld.com

More Cisco Tips:

2012年10月11日星期四

How to Celebrate Your 10th Anniversary? Router-Siwtch.com


Router-switch.com is ten years old, happy 10th Anniversary! It is a vital phase for all router-switch.com staff in 2012. How to celebrate its 10th anniversary? What Router-switch.com Prepared for Its tenth birthday to thank its regulars and new clients? Let’s have a look!

Router-switch.com, ten years old, happy birthday! 2012 marks the tenth anniversary of router-switch.com, which is an exciting moment for all router-switch’s staff and clients.

What Router-switch.com Prepared for Its 10th Anniversary?

In 2012, router-switch.com welcomes its 10th anniversary. For router-switch.com, it has been a worldwide leading Cisco supplier during the past 10 years. To celebrate 10 years, it prepares big gifts for its regulars and new clients, such as Cisco AIR-AP1131AG-A-K9, limited edition T-shirts and 20PC U disk. Some popular Cisco products(including Cisco routers: Cisco 2900 & 3900 Routers, Cisco switches: Catalyst 3560x Series, Cisco Catalyst 3750x Series, Catalyst 3560V2/3750V2Cisco firewall, Cisco Access Points and network cards) will have big discounts (up to 75% off).The activity date is from September to October. Wow, if you wanna buy Cisco equipment, don’t miss it.

Router-switch.com has become a world’s leading Cisco supplier over the past ten years with the help of its staff and customers. To celebrate its 10 years, router-switch.com offers some activities for all the old and new clients, for example, big discount (save up to 75% off) for the popular Cisco items (including Catalyst 3560x Series, Cisco Catalyst 3750x Series, Catalyst 3560V2/3750V2, Cisco 2900&3900 Routers, Network Cards, etc.), fill out a simple survey to win a big gift (Cisco AIR-AP1131AG-A-K9, limited edition T-shirts and 20PC U disk). The activity date is from September. 01. 2012 to October. 31. 2012. Wow, if you are a Cisco buyer, don’t miss this chance. Let’s join the party to celebrate the 10th birthday together.

2012年3月9日星期五

Cisco Switches: List of MainFeatures and Types


Cisco switches deliver high performance, secure, scalable solutions to meet the needs of small businesses, multi-site enterprises, data centers, or Service...

From core to edge, Cisco network switches provide the performance, high availability, comprehensive security, delivery optimization, and enhanced manageability you need to optimize your network infrastructure.

Cisco offers two types of network switches: Fixed Configuration Switches&Modular Switches

Fixed Configuration Switches
These Ethernet switching solutions support a wide range of deployments, including enterprise campus, branch offices, midsize organizations, and small and medium-sized businesses (SMB), and offer highly secure access, operational simplicity, energy efficiency, and enhanced connected user experience.

Cisco Catalyst 2960 Series
  • Standalone switches with enhanced LAN services for small and medium-sized businesses and branch office networks
  • Layer 2 switching with intelligent Layer 2-4 services
  • Up to 48 10/100 ports or 10/100/1000 ports
  • Fast Ethernet PoE configurations with 15.4W of PoE up to 24 ports
  • Flexibility of LAN Base or LAN Lite models
  • AC power supply failure protection with external power supply
  • Limited lifetime warranty

Cisco Catalyst 2960-S Series
  • Stackable (with Cisco FlexStack) fixed-configuration Layer 2 switches
  • Cost-effective solution for mid-sized organizations and branch offices
  • Full Power Over Ethernet Plus and basic Borderless Networks services
  • Zero-touch deployment and operations via Catalyst Smart Operations

Cisco Catalyst 3560 Series
  • Standalone switches for branch offices and midsize organizations
  • High performance with wirespeed Layer 2-4 switching, multicast and IPv6 routing
  • Network security includes ACLs, authentication, port-level security, and identity-based network services
  • Transparent power supply protection with external power backup; DC power option available
  • Fast Ethernet and Gigabit Ethernet connectivity
  • PoE configurations with 15.4W per port
  • Up to 48 10/100/1000 ports plus 4 SFP ports
  • Limited lifetime warranty

Cisco Catalyst 3560-E Series
  • Standalone  and aggregation switches for campus and branch offices
  • Helps deploy secure converged services and adapt to changing network and application requirements
  • 10-second 10G upgrade with Cisco TwinGig converter module
  • 15.4W of PoE on all 48 ports
  • 802.1n support scales beyond 15.4W per port
  • Cisco EnergyWise
  • Modular fan and power supply with externally available backup
  • High performance with wirespeed Layer 2-4 switching, dynamic multicast and IPv6 routing
  • Integrated advanced security features, including ACLs, identity-based network services, and Cisco Network Admission Control (NAC)
  • Aggregation switches  with dual redundant modular power supplies and fans for nonstop operation
  • Up to 48 10/100/1000 ports plus dual 10 Gb Ethernet ports on all models
  • Limited lifetime warranty

Cisco Catalyst 3560-X Series
  • Fixed-configuration switches for campus and branch deployments
  • High-availability and advanced security features assure consistent service
  • Service and network modules help enable incremental link and service upgrades
  • Full Power Over Ethernet Plus and comprehensive Borderless Networks services

Cisco Catalyst 3750 Series
  • cisco 3750 switch  Stackable multilayer switches for branch offices and midsize organizations
  • Cisco StackWise 32 Gbps interconnect for a unified, resilient system of up to nine switches with subsecond failover
  • Transparent power supply protection with external power backup; DC power option available
  • Cisco EnergyWise
  • Uninterrupted performance with wirespeed Layer 2-4 switching, dynamic multicast, and IPv6 routing
  • Network security includes access control lists (ACLs), authentication, port-level security, and identity-based network services
  • Fast Ethernet and Gigabit Ethernet connectivity
  • PoE configurations with 15.4W per port
  • Up to 48 10/100/1000 ports plus 4 SFP ports
  • Limited lifetime warranty

Cisco Catalyst 3750-E Series
  • cisco 3750E switch Stackable multilayer switches for campus and larger branch offices
  • High availability platform for deploying secure converged services and adapt to changing network and application requirements
  • StackWise Plus with 64 Gbps interconnect for a unified, resilient system of up to nine switches with subsecond failover
  • 10-second 10G upgrade with cisco 3750G switch TwinGig converter module
  • 15.4W of Power over Ethernet (PoE) on all 48 ports
  • 802.11n support scales beyond 15.4W per port
  • Cisco EnergyWise
  • Modular fan and power supply with externally available backup; DC power option available
  • Uninterrupted performance with wirespeed Layer 2-4 switching, dynamic multicast routing and IPv6 routing
  • Integrated advanced security features including ACLs, identity-based network services and Network Admission Control (NAC)
  • Fully backwards compatible with Cisco Catalyst 3750 Series for investment protection
  • Up to 48 10/100/1000 ports plus dual 10 GbE ports on all models
  • Limited lifetime warranty

Cisco Nexus 3750-X Series
  • Stackable fixed-configuration cisco 3750X switch for campus and branch deployments
  • StackWise Plus and StackPower deliver high availability and operational efficiency
  • Service and network modules help enable incremental link and service upgrades
  • Full Power Over Ethernet Plus and comprehensive Borderless Networks services

2012年1月16日星期一

Basic Cisco Switch Configuration


Generally speaking, the cisco switch command are the best in the market. Versatile, reliable, flexible and powerful, the Cisco switch product line (such as the 2960, 3560, 3750, 4500, 6500, etc.) offer unparalleled performance and features.

Although a Cisco switch configuration is a much simpler network device compared with other devices (e.g. routers and firewalls), many people have difficulties in configuring a Cisco Catalyst Switch. Unlike other lower class switch vendors (which are plug-and-play), the Cisco switch needs some initial basic configuration in order to enable management, security and some other important features.

How to configure a cisco switch software from scratch? Basic steps help you finish the Cisco switch configuration.

STEP1:Connect to the device via console
Use a terminal emulation software such as PuTTY and connect to the console of the switch. You will get the initial command prompt “Switch>
Type “enable” and hit enter. You will get into privileged mode (“Switch#”) 
Now, get into Global Configuration Mode:
Switch# configure terminal
Switch(config)#

STEP2: Set up a hostname for the particular switch to distinguish it in the network
Switch(config)# hostname access-switch1
access-switch1(config)#

STEP3: Configure an administration password (enable secret password)
access-switch1(config)# enable secret somestrongpass

STEP4: Configure a password for Telnet access
access-switch1(config)# line vty 0 15
access-switch1(config-line)# password strongtelnetpass
access-switch1(config-line)# login
access-switch1(config-line)# exit
access-switch1(config)#

STEP5: Define which IP addresses are allowed to access the switch via Telnet
access-switch1(config)# ip access-list standard TELNET-ACCESS
access-switch1(config-std-nacl)# permit 10.1.1.100 refurbished cisco switches
access-switch1(config-std-nacl)# permit 10.1.1.101
access-switch1(config-std-nacl)# exit

!Apply the access list to Telnet VTY Lines
access-switch1(config)# line vty 0 15
access-switch1(config-line)# access-class TELNET-ACCESS in
access-switch1(config-line)# exit
access-switch1(config)#

STEP6: Assign IP address to the switch for management
!Management IP is assigned to Vlan 1 by default
access-switch1(config)# interface vlan 1
access-switch1(config-if)# ip address 10.1.1.200 255.255.255.0
access-switch1(config-if)# exit
access-switch1(config)#

STEP7: Assign default gateway to the switch
access-switch1(config)# ip default-gateway 10.1.1.254

STEP8: Disable unneeded ports on the switch
! This step is optional but enhances security
! Assume that we have a 48-port switch and we don’t need ports 25 to 48
access-switch1(config)# interface range fe 0/25-48
access-switch1(config-if-range)# shutdown
access-switch1(config-if-range)# exit
access-switch1(config)#

STEP9: Save the configuration
access-switch1(config)# wr

The above are some steps that can be followed for basic set-up of a Cisco catalyst switch. Of course there are more things you can configure (such as SNMP servers, NTP, AAA etc) but those depend on the requirements of each particular network.

2011年12月20日星期二

Cisco Catalyst 3560 Series Switches

The Cisco 3560 switch is a line of fixed-configuration, enterprise-class switches that include IEEE 802.3af and Cisco prestandard Power over Ethernet (PoE) functionality in Fast Ethernet and Gigabit Ethernet configurations.
As an ideal access layer switch for small enterprise LAN access or branch-office environments, the cisco ws c3560x 48t s combinesboth 10/100/1000 and PoE configurations for maximum productivity and investment protection while enabling the deployment of new applications such as IP telephony, wireless access, video surveillance, building management systems, and remote video kiosks.
Customers can deploy network wide intelligent services-such as advanced quality of service (QoS), rate limiting, access control lists (ACLs), multicast management, and high-performance IP routing-while maintaining the simplicity of traditional LAN switching.
The Cisco Catalyst 3560 is part of a larger and more scalable family of Cisco Catalyst switches that includes the Cisco Catalyst 3560-E Series switches, the Cisco Catalyst 3750 and 3750-E Series switches with Cisco StackWise technology, and the Cisco Catalyst 4500 and Catalyst 6500 modular switches. United by Cisco IOSSoftware, the entire family offers industry-leading availability, integrated security, optimized delivery, and manageability.
Software
The cisco ws c3560x 48t l is available with one of two software images:
IP Base software includes advanced quality of service (QoS), rate limiting, access control lists (ACLs), Open Shortest Path First (OSPF) for routed access, and IPv6 functionality.
IP Services software provides a broader set of enterprise-class features, including advanced hardware-based IP Unicast and IP Multicast routing, as well as policy-based routing (PBR).
Simple Network Management
Available for the cisco catalyst 3560e, the Cisco Network Assistant is a centralized management application for switches, routers, and wireless access points. Free of charge, the application provides configuration wizards that greatly simplify the implementation of converged networks and intelligent network services.
Quick Look at Some Cisco Catalyst 3560 Models
WS-C3560G-48PS-S:Port Speed: 10/100 with IEEE 802.3af and Cisco pre-standard PoE
48 ports
Uplinks: 4 SFP-based ports
Software Image: IP Base
WS-C3560G-24PS-S:Port Speed:10/100/1000 with IEEE 802.3af and Cisco prestandardPoE
24 ports
Uplinks: 4 SFP-based ports
IP Base
WS-C3560G-48TS-S:Port Speed: 10/100/1000
48 ports
Uplinks: 4 SFP-based ports
Software Image: IP Base
WS-C3560G-24TS-S:Port Speed: 10/100/1000
    24 ports
    Uplinks: 4 SFP-based ports
    Software Image: IP Base
More Cisco 3560 Switch Related
ws c3560e 48pd sf Series Switches:an enterprise-class line of standalone access and aggregation switches that ease the deployment of secure converged applications.
These switches combine 10/100/1000 and Power over Ethernet (PoE) configurations with uplinks that easily upgrade from 1 Gb Ethernet cisco ws c3560x 24t s to 10 Gb Ethernet. They enhance worker productivity by enabling applications such as IP telephony, wireless, and video.
Features:
•    Ten-second 10 Gb upgrade
•    Support for 802.11n devices
•    Configurations with up to 20W PoE on all 48 ports
•    Modular fan and power supply for aggregation models
•    Highly available operation: dual hot-swappable modular power supplies and fans for fixed aggregation switches
•    Secure unified network services
•    Cisco EnergyWise technology
For further Cisco 3560 series switches’ specs, price, software, configuration, service, etc. Please visit Cisco Catalyst 3560 Series Switch at router-switch.com…