101 Results Found
For smaller companies, configuring a dial plan to account for variations in dialed numbers is often not a problem. However, companies that are larger and more global in nature encounter a number of issues when designing their dial plan approach.
Border Gateway Protocol (BGP) is a fascinating protocol because there are a lot of things that can be done with BGP. However, there has always been an issue with BGP, which is convergence (the time the network or protocol takes to accept change). BGP was designed for scale, not speed, so it’s something that we’ve had to tolerate from its inception.
License provisioning has always been a bit of a challenge in the CUCM environment. Prior to CUCM v9.0, licensing was managed on a per-cluster basis with each cluster requiring its own license files that were tied to the media access control (MAC) address of the cluster’s publisher. This approach to license management was limiting in the fact that one cluster might have unused licenses while another cluster may be at its limit and sharing between clusters was not possible.
Occasionally I am asked to configure the ability to block calls based on Caller ID. Prior to Cisco Unified Communications Manager (CUCM) v8, the only way to block these calls was to configure voice translation rules and profiles on the gateway receiving the calls. This has changed in CUCM v8 with the introduction of an additional parameter in translation patterns: Route Next Hop By Calling Party Number.
While most organizations have not yet fully (or in many cases even partially) adopted cloud computing, the trend is growing in all but the smallest businesses.
Spanning Tree Protocol (STP) is dead, or at least it should be. It’s too slow to converge when there’s a change, and it causes issues with performance because there is only one forwarding path. It was developed in 1985 by Radia Perlman at Digital Equipment Corporation to allow for redundant paths within a Layer 2 topology, which was great in 1985. In fact, it was huge! So much so, that it was later standardized by the IEEE as 802.1D, and we’ve been living with it ever since.
RTMT provides a set of canned views of both system resources and application counters that provide you with a snapshot of your environment right out of the box. Read on to learn how you can make RTMT even more helpful by customizing it to show you different views of your resources and CUCM environment.
Many companies are already using VoIP while incorporating video capabilities into their portfolio of services. One question that I am often asked is, “How can we ensure that the voice and video quality is good and consistent when using VoIP?”
If you’re in IT, you’ve likely heard the saying, “In technology, the only thing constant is change itself,” and boy is that right! For technical companies, if you are not moving forward, then you’re falling behind. There is no such thing as standing still! A perfect example of this mindset is in Cisco’s evolution of video conferencing and telepresence.
According to Cisco marketing, Dynamic Multipoint VPN (DMVPN) “will lower capital and operation expenses, simplifies branch communications, reduces deployment complexity, and improves business resiliency.” Okay. But what is it, really, and why should we care?
With the advent of video use in our everyday communications, a number of questions commonly surface. One of them is the question of terminology. What's the difference between video conferencing and telepresence? What is meant by immersive technologies? Frankly, there is no one single right answer.
The short answer (and a common one in our industry): it depends. When comparing Cisco IOS with Juniper Junos, the decision to choose one over the other is difficult and often boils down to cost. Of course, there are other factors to consider.
Frequently, questions come up in the Cisco Contact Center Express classes I teach concerning the ability of the system to perform this or that task. In this blog post, I will cover some of the more popular questions I get during class.
This is another topic of heated debate, and it changes from network to network, but I found a simple approach that works in most cases. Since I have four queues and four classes of traffic, I need to categorize my important traffic into four classes. Strictly for explanation purposes I took some liberty in defining four categories of traffic that are very effective in both large and small networks. These classes are: Real Time Protocol (RTP), Network Management (NetMgt), Business Critical, and the Default.
That depends on their configurations. For example: While it makes very good sense to include redundant physical links in a network, connecting switches in loops, without taking the appropriate measures, will cause havoc on a network. Without the correct measures, a switch floods broadcast frames out all of its ports, causing serious problems for the network devices. The main problem is a broadcast storm where broadcast frames are flooded through every switch until all available bandwidth is used and all network devices have more inbound frames than they can process.
As we discussed previously, Cisco created the Nexus Operating System (NX-OS) to power its next-generation data-center switching platform. While this new OS shares many similarities to the original IOS, there are some definite differences that you need to be aware of as you begin using it.
The most obvious difference is that hubs operate at Layer 1 of the OSI model while bridges and switches work with MAC addresses at Layer 2 of the OSI model. Hubs are really just multi-port repeaters. They ignore the content of an Ethernet frame and simply resend every frame they receive out every interface on the hub. The challenge is that the Ethernet frames will show up at every device attached to a hub instead of just the intended destination (a security gap), and inbound frames often collide with outbound frames (a performance issue).
This week we'll review the IPv4 Address Classes including subnet masks, examples of Class C, Class B, and Class A subnet masks, and planning IPv4 addresses.
Both technologies, Ethernet and FC, satisfied the two conditions at that time, but there was a catch. Read more.
In the previous post, we discussed the need for VXLAN in the cloud along with the issues it solves. In this post, we will focus more on how VXLAN works.
Configuring a wireless lab for study and testing capabilities is a bit more involved than you might think at first glance. Most of the requirements take place on the management devices, but the underlying switch infrastructure requires some preparations as well. The tasks involved are as follows:
Anyone who’s managed switches over the years knows that the Spanning-tree protocol (STP) is both the best and worst thing to ever happen to the data center at layer 2 of the OSI model. On the plus side, the Spanning-tree protocol is what first allowed us to create redundant paths within our switching infrastructure, making our data center much more resilient to outages than ever before. Anyone who’s experienced a “broadcast storm” knows the full value of Spanning-tree in the traditional switching environment. We’ve also seen many improvements in Spanning-tree over the years to make it work faster and more efficiently (i.e. Rapid Spanning-tree, Bridge Assurance, and many others).
Previously, I talked about the logical and physical steps to building a basic certification lab, concentrating mostly on the CCENT/CCNA Routing and Switching level. Once you have that set of certifications under your belt, there are several options for specialization. Each of these advanced technology tracks serve as methods of enhancing your professional skill set as follows:
The Cisco UCS is truly a “unified” architecture that integrates three major datacenter technologies into a single, coherent system: Computing Network Storage Instead of being simply the next generation of blade servers, the Cisco UCS is an innovative architecture designed from scratch to be highly scalable, efficient, and powerful with one-third less infrastructure than traditional blade servers.
The official Cisco CCNP Security FIREWALL training course (as well as other documentation) recommends enabling the inspection of the Internet Control Message Protocol (ICMP), even though it’s disabled by default. The image below displays the recommended practice as configured in ASDM, but the curious student might wonder what the unchecked “ICMP Error” box is. That’s what I’ll focus on in this post.
In this post I’ll focus on a topic that’s mentioned in the Cisco FIREWALL training class but isn’t emphasized there or in the online Cisco ASA documentation. When configuring failover on a pair of ASA security appliances, a situation can arise in which network disruption occurs due to the secondary ASA in a failover pair becoming active first and then the primary comes online second. Both the documentation and the courseware point out that this causes the secondary (and active ASA) to swap its interface MAC addresses with those of the primary. Being naturally skeptical about this behavior, I decided to investigate. The rest of this post illustrates my confirmation of this phenomenon.
Although the GSS can be configured to be authoritative for an entire domain, e.g. cisco.com (option 1), the GSS is designed to be integrated into an existing traditional BIND-based or any DNS system. The GSS operates as an A-record DNS server for Hosted Domains (HD) for which it has been delegated authority from a higher-level name server, which generally would be a name server (NS) controlled by an Enterprise or ISP. In addition to A-record support, the GSS is able to proxy for other query types using NS Forwarding and a back-end name server such as BIND.
The Global Site Selector (GSS) leverages the Domain Name System (DNS) to provide clients with reliable and efficient content services. Domain to IP address mapping is performed with consideration for availability, location, and load of content servers. Using the GSS in combination with Cisco’s Content Services Switch (CSS), Cisco’s Catalyst 6000 Content Switching Module (CSM), or Cisco’s Application Control Engine (ACE) allows users to create Global Server Load Balancing (GSLB) networks.
According to the OSI layer concept, routing, or best path selection, takes place on Layer 3 and is based on the logical address. In this post, we want to discuss some of the points in that statement.
According to the OSI layer concept, routing, or best path selection, takes place on Layer 3 and is based on the logical address. In this post, we want to discuss some of the points in that statement.
This week’s post highlights some of the features and implementation specifics regarding the Datagram Transport Layer Service (DTLS) protocol used in Virtual Private Networks with the Cisco AnyConnect® SSL client. I’ll provide some background as well as some screenshots and supported CLI commands.
One command that had a fairly long history first with the PIX Firewall and now the ASA is the shun command. In this post we’ll examine this command’s history, why it’s useful, and its new-found resurgence in threat detection implementation.
Interior Gateway Routing Protocol (IGRP) was a Cisco-proprietary Distance-Vector (D-V) classful routing protocol - basically an improved version of RIPv1. Like other D-V protocols, each IGRP router periodically flooded its routing table, but it differed from RIP in two ways. First, RIP’s advertisement interval was thirty seconds but IGRP’s was ninety seconds, which allowed IGRP to scale to larger networks than RIP. Second, RIP used a simple hop count metric, but IGRP’s more sophisticated metric was based on minimum path bandwidth and total path delay, with options to include link reliability and interface loading.
When the hostname.domainname associated with my Small Office Home Office (SOHO) failed to update after a power outage, and a new DHCP-assigned external address was assigned to my router, I was reminded of the need for Dynamic DNS. This article will explore the implem...
As is frequently the case these days, I get a brainstorm for an article during a Cisco Security training class I conduct. This summer I taught the Securing Networks with ASA Fundamentals class, which concentrates heavily on the Adaptive Security Device Manager (ASDM)...
As is sometimes the case, the idea for this article originated with a student question I received during one of the Securing Networks with ASA Fundamentals classes I have taught this summer. The course material mentions a simple scenario whereby IP Telephony traffic...
I recently came across an opportunity to use a relatively new feature in Cisco Unified Communications Manager (CUCM). Suppose you are the telecom administrator at a community hospital. During business hours, the Facilities Department is staffed and team members simpl...
Occasionally as I'm teaching a Cisco training class, I get an idea for a blog post and it happened again this week. The Securing Networks with ASA Fundamentals curriculum is mostly based on the Adaptive Security Device Manager (ASDM). While the class describes the us...
The subject of this week’s post was actually prompted by a question from a former colleague. Soon after the PIX Firewall added support for IPSec Virtual Private Networks, a command was added to the command-line, sysopt connection permit-ipsec. This command was subse...
Learn how to calculate QOS Bandwidth Percent vs Bandwidth Remaining Percent using a Cisco-defined formula. Read on for answers and examples from the experts at Global Knowledge!