Archive for April, 2010

QoS Markings: Layer 2 and 3 and IPv6

April 19th, 2010 No comments

When data is sent through a network, it is able to be tagged with a “priority value”. When the data passes through a network device, the network device uses that priority value to determine how it should treat the packet.  Data can be tagged with a priority value as described in the following article. Read more…
Categories: Network Design, QoS Tags: ,

IPv6 EUI-64 Addressing

April 18th, 2010 No comments

Stretch, from recently produced an excellent article explaining IPv6 and EUI-64 addressing.  The article is reproduced, verbatim, here: Read more…

Categories: Network Design Tags:

TCP and UDP Small Servers

April 15th, 2010 No comments

TCP and UDP small servers are servers (daemons, in Unix parlance) that run in the router which are useful for diagnostics. Read more…

Categories: Security Tags: ,

Configuring CBAC on Cisco 1841

April 10th, 2010 No comments

Context-Based Access Control (CBAC) intelligently filters TCP and UDP packets based on application layer protocol session information and can be used for intranets, extranets and internets.  CBAC can be configured to permit specified TCP and UDP traffic through a firewall only when the connection is initiated from within the network needing protection.

CBAC can inspect traffic for sessions that originate from either side of the firewall. This is the basic function of a stateful inspection firewall. Read more…

Categories: CISCO, Security Tags:

NetFlow Primer

April 8th, 2010 No comments

Because it is part of Cisco IOS software, NetFlow enables networks to perform IP traffic flow analysis without deploying external probes, making traffic analysis economical even on large IP networks. Read more…

Cisco “leans on” Jeremy Cioara! (What are they thinking?)

April 5th, 2010 No comments

Jeremy Cioara has,  for many years, encouraged countless hundreds of thousands of would-be Cisco engineers through his skillful training and fabulous Cisco expertise.

In his spare time, he runs a blog “” which gets in excess of 600,000 unique visitors per month.  Jeremy’s blog is mainly devoted to Cisco and provides valuable and harmless (quite the opposite) marketing for Cisco.

This is how Cisco thanks him:

Read more…

Categories: CISCO, Diary of Events Tags:

ACL for Internet Facing Router

April 5th, 2010 No comments

A base Access List for any internet facing router, re-produced from Mike Storm and Jeremy Cioara’s blogs:

Read more…

Categories: Network Design, Security Tags: ,

Quick Practice Lab: Configure CBAC

April 5th, 2010 No comments

This quick lab demonstrates how CBAC is configured and applied to interfaces.

Read more…

Categories: CISCO, Security Tags:

Quick Practice Lab: Configure IPsec Tunnel between two Cisco routers

April 5th, 2010 No comments

Try this quick and simple practice lab, where a secure IPsec tunnel is configured between two routers.  Use debug to see ISAKMP and IPsec working.

Read more…

Categories: CISCO, Security Tags:

MPLS FAQ – For Beginners

April 3rd, 2010 No comments

Here is a basic overview of MPLS describing:

  • What is Multi?Protocol Label Switching (MPLS)?
  • What is a label? What is the structure of the label?
  • Where will the label be imposed in a packet?
  • What is a Forwarding Equivalence Class (FEC)?
  • What is an upstream label switch router (LSR)?
  • What is a downstream LSR?
  • What do the terms incoming, outgoing, local, and remote mean when referring to labels?
  • Can an LSR transmit/receive a native packet (non?MPLS) on a MPLS interface?
  • Can an LSR receive/transmit a labeled packet on a non MPLS interface?
  • What platforms and Cisco IOSs® support MPLS?
  • Generic Routing Encapsulation (GRE) tunnel has a overhead of 24 bytes.  How much overhead does an MPLS LSP tunnel have?
  • How does the LSR know which is the top label, bottom label, and a middle label?
  • What is the range of label values? What label values are reserved andWhat do the reserved values signify? Read more…
Categories: Network Design Tags: