Configuring VRF-lite on Cisco routers

Rate this post

19 views

cisco

Overview

VRF which stands for virtual routing and forwarding is a feature that allows a single physical router to segregate network traffic into separate virtual routing instances. A router has only one global routing table by default which includes all connected, static and dynamic learned routes. As an analogy VRFs can be viewed as a segregation feature at layer 3 similar to VLANs at layer 2. If we take the example of an ISP with multiple customers by using VRFs we can have separate routing tables per customer on the same router. VRF-lite is a simple form of VRF implementation which is used without MPLS and is appropriate for small to medium enterprises. Being logically isolated each VRF can use overlapping IP address spaces without conflicting with each other.

Continue reading…

Configuring Generic Routing Encapsulation (GRE) tunnels on Cisco IOS

5 (100%) 1 vote

90 views

cisco

Overview

Generic routing encapsulation (GRE) is a tunneling protocol which was initially developed by Cisco, and later it has been adopted as an industry standard in RFC 2784. GRE allows the encapsulation of a wide variety of network layer protocols inside virtual point-to-point links. This means that the original packet is encapsulated inside a GRE header and a new IP header containing the source and the destination of the tunnel endpoints. The GRE protocol does not provide any security for the data being transported so if encryption is needed GRE must be used in conjunction with IPsec protocol. Some of the reasons for using GRE are the need to transport multicast traffic, or to provide workarounds for networks with limited hops. In this article we will demonstrate how two networks which do not have reachability can be connected through an GRE tunnel.

Continue reading…

Configuring Policy Based Routing on Cisco ASA

3.7 (73.33%) 3 votes

2,983 views

cisco

Overview

Normally when a routing device receives a packet it decides where to forward it based on the destination address of the packet. Policy Based Routing (PBR) is a mechanism which allows you forward packets based on policies manually defined by network administrators. A good use case for PBR is when a company which has multiple outside connections to different ISPs needs to control how traffic can be distributed across these connections. Compared to traditional routing PBR allows you to implement routing policies based on different criterias like source or destination address, source or destination port, protocol, size of the packet, packet classification and so on. Cisco introduced this feature on Cisco ASA beginning with version 9.4(1). Let’s dive into the PBR configuration.

Continue reading…

Configuring and deploying Cisco IOS certificate server

Rate this post

1,114 views

cisco

Overview

A Certificate Authority is a trusted entity is that issues digital certificates to devices which need secure communication and plays an important part in the public key infrastructure (PKI). There are several CA implementations provided by third-party CA vendors like Microsoft or the open source OpenSSL implementation but in this article we will focus on configuring the internal Certificate Authority server which is available on Cisco IOS. We will also discuss about the certificate enrollment process with a CA and how these digital certificates can be used for authentication purposes. This feature has been introduced in Cisco IOS version 12.3(4)T and it’s available only on Cisco IOS images with the security feature set.

Continue reading…

Configuring Cisco ASA active standby failover

5 (100%) 6 votes

6,409 views

cisco

Overview

In modern datacenters one of the most important things that needs to be addressed is uptime. Cisco ASA offers high availability mechanisms like failover in order to provide network uptime and redundancy. In order to configure failover we need two identical ASA devices connected to each other through a dedicated failover link and, optionally, a stateful failover link. There are two different failover modes that are supported on the ASA platform: active/standby and active/active. In this article we will focus only on configuring active/standby failover. In an active/standby failover setup only one unit called the active unit is passing traffic. The standby unit is used as a backup of the active unit and only accepts management connections (all transit traffic is dropped). When the active unit fails, it changes to the standby state while the standby unit changes to the active state.

Continue reading…

Page 1 of 4123...Last »