Configuring Generic Routing Encapsulation (GRE) tunnels on Cisco IOS

90 views

cisco

Overview

Generic routing encapsulation (GRE) is a tunneling protocol which was initially developed by Cisco, and later it has been adopted as an industry standard in RFC 2784. GRE allows the encapsulation of a wide variety of network layer protocols inside virtual point-to-point links. This means that the original packet is encapsulated inside a GRE header and a new IP header containing the source and the destination of the tunnel endpoints. The GRE protocol does not provide any security for the data being transported so if encryption is needed GRE must be used in conjunction with IPsec protocol. Some of the reasons for using GRE are the need to transport multicast traffic, or to provide workarounds for networks with limited hops. In this article we will demonstrate how two networks which do not have reachability can be connected through an GRE tunnel.

Continue reading…

Configuring and deploying Cisco IOS certificate server

1,114 views

cisco

Overview

A Certificate Authority is a trusted entity is that issues digital certificates to devices which need secure communication and plays an important part in the public key infrastructure (PKI). There are several CA implementations provided by third-party CA vendors like Microsoft or the open source OpenSSL implementation but in this article we will focus on configuring the internal Certificate Authority server which is available on Cisco IOS. We will also discuss about the certificate enrollment process with a CA and how these digital certificates can be used for authentication purposes. This feature has been introduced in Cisco IOS version 12.3(4)T and it’s available only on Cisco IOS images with the security feature set.

Continue reading…

Configuring private vlans on Cisco switches

433 views

cisco

Overview

Private VLANs are used to provide layer 2 isolation between members of the same broadcast domain. Private VLANs are documented in RFC 5517. In a standard VLAN environment traffic between members of the same VLAN can flow without restrictions. We can think of private VLANs like a segmentation of a normal VLAN in multiple subdomains. This feature is available only on layer 3 Catalyst 3560s and higher switches. Private VLANs can be used to address two issues found in service provider networks. First using normal VLANs an ISP must assign one VLAN per customer and thus a scalability problem would arise if the ISP needs to support more than 4094 clients which is the maximum number of supported VLANs by a device. Secondly when using IP routing each VLAN requires a separate subnet, which can lead to IP address management problems by wasting unused IP addresses.

Continue reading…

How to configure Port Address Translation (PAT) on Cisco routers

182 views

cisco

Overview

Port Address Translation (PAT), is an extension to the well known Network Address Translation (NAT) protocol that allows multiple devices on a local area network (LAN) to access Internet resources using a single public IP address. NAT is defined in RFC 1631 and the main purpose of using it was to slow the depletion of public IP address space. A practical use of PAT is for example when an ISP allocates a public IP address for an organization which has many devices which need Internet access. PAT uses private IP address classes defined in RFC 1918 for all inside devices and also uses port numbers to identify the connection. When an internal host wants to communicate with the outside it sends a datagram with its private source address and a random port. The NAT router will then rewrite the source address and port with its public IP and sends the datagram to the requested resource. The response will come back to this same public address and port combination (called a socket) and can be translated back again.

Continue reading…

Configuring a Cisco router or switch as a DHCP server

146 views

cisco

Overview

Dynamic Host Configuration Protocol (DHCP) is a client/server protocol which allows you to allocate network configuration parameters like IP addresses, subnet masks, DNS servers, default gateways and many more to end devices. This protocol uses the UDP ports 67 and 68 as defined in RFC 2131. Nowadays allmost network devices support DHCP including workstations, printers, IP phones, handheld devices etc. Using dynamic IP address assigment you can minimize errors which can appear on manual configuration and also reduce the administrative overhead. Cisco embedded the DHCP server functionality beginning with IOS Version 12.0(1)T. By default, the Cisco IOS DHCP server and relay agent features are enabled but are not configured.

Continue reading…

Page 1 of 212