Introduction Modular Platform Supporting T1/E1 Speeds The Cisco 1841 Integrated Services Router provides the following support: Wire-speed performance for concurrent services at T1/E1 WAN rates Enhanced investment protection through increased performance and modularity Enhanced investment protection through increased modularity Increased density through High-Speed WAN Interface Card Slots (two) Support for over 90 existing and new modules Support for majority of existing WICs, VWICs, and VICs (data mode only) Two Integrated 10/100 Fast Ethernet ports Security On-board encryption Support of up to 800 VPN tunnels with the AIM-EPII-PLUS Module Antivirus defense support through Network Admission Control (NAC) Intrusion Prevention as well as stateful Cisco IOS Firewall support and many more essential security features Related Multimedia Demos Cisco 1800 Series Portfolio Multimedia Demo* View this Flash demo to learn more about Cisco Integrated Services Router offerings for small-to-medium-sized businesses, small enterprise branch offices, and service provider managed services. *Minimum requirements to view: Internet Explorer 5.5 and higher Flash 6 and higher Windows 98SE and higher Product Literature Data Sheet (All Cisco 1800 Series Integrated Services Routers Data Sheets) Cisco 1800 Series Integrated Services Routers Fixed Configuration Models Cisco 1800 Series Integrated Services Routers: Cisco 1841 Router (Modular) VPN AIM for the Cisco 1841, 2800 and 3800 Integrated Services Routers Presentations (All Cisco 1800 Series Integrated Services Routers Presentations) Interactive Model of the Cisco 1841 Integrated Services Router Q&A (All Cisco 1800 Series Integrated Services Routers Q&A) Cisco 1800 Series Integrated Services Routers Fixed Configuration Models
... View more
Introduction Cisco XR 12000 Series routers combine the unparalleled innovation of Cisco IOS XR Software with the investment protection of the Cisco 12000 Series to offer secure virtualization, integral service delivery, continuous system operation, and multiservice scale. With upgradeable, intelligent routing solutions and platforms ranging from 2.5-Gbps to n x 10-Gbps capacity per slot, the Cisco XR 12000 Series facilitates the move to Next-Generation IP (Internet Protocol) Multiprotocol Label Switching (MPLS) Networks. Powered by Cisco IOS XR Software, the Cisco XR 12000 Series isolates public and private services. Cisco IOS XR Software is a unique self-healing, self-defending operating system that equips the Cisco XR 12000 with distributed processing intelligence and robust quality-of-service and multicast mechanisms that help you scale capacity while accommodating customers. The XR 12000 Series also supports both fixed and modular line cards (LCs), including a flexible Multi-Service Blade (MSB), which provides integral, route-aware virtual firewall and video/voice Session Border Control (SBC), eliminating the need for external appliances. And the I-Flex design offers a new portfolio of modular interfaces featuring shared port adapters (SPAs) and SPA interface processors (SIPs). Learn how the Cisco 12000 Series Router enables the rapid deployment of new services that can generate revenue and reduce expenses. Models Cisco XR 12416 Router Cisco XR 12410 Router Cisco XR 12406 Router Cisco XR 12404 Router Product Literature Brochures Case Studies Data Sheets End-of-Life and End-of-Sale Notices Q&A White Papers
... View more
Introduction Foundation for the IP Next-Generation Network The Cisco CRS-1 Carrier Routing System (PDF - 2.1 MB) is the industry's only carrier routing system offering continuous system operation, unprecedented service flexibility, and system longevity. Powered by Cisco IOS XR Software, it is designed for always-on operation while scaling system capacity up to 92 Tbps. The CRS-1 marks a new era in carrier IP (Internet Protocol) communications by powering the foundation for IP Next-Generation Networks (IP NGNs) today while protecting investments for decades to come. The Cisco CRS-1 Supports an integrated IP over dense wavelength-division multiplexing (DWDM) transponder with flexible 10 Gbps and 40 Gbps options that extends up to 2000 km without regeneration. Supports standalone configurations of 320-Gbps, 640-Gbps, and 1.2-Tbps systems enabling 40-Gbps per slot capacity in all form factors. Supports multichassis configurations of 1.2 to 92 Tbps with the use of up to 72 line card shelves and eight fabric shelves all operating as a single system. Supports both fixed and modular line cards usable across all configurations. The fixed cards feature the world’s first 40-Gbps (OC-768/STM-256) tunable WDMPOS and POS interfaces. The Cisco I-Flex (PDF - 2.1 MB) design offers a portfolio of modular interfaces featuring shared port adapters (SPAs) and SPA interface processors (SIPs). Models Cisco CRS-1 16-Slot Single-Shelf System Cisco CRS-1 8-Slot Single-Shelf System Cisco CRS-1 4-Slot Single-Shelf System Cisco CRS-1 MultiShelf System Product Literature (8) Brochures Case Studies Data Sheets End-of-Life and End-of-Sale Notices Presentations Press Coverage Q&A White Papers
... View more
Introduction Dynamic Personalized IP Services at the Network Edge Deploy high-performance IP (Internet Protocol)/MPLS features as well as scalable personalized IP services at the network edge, improve operational efficiency, and maximize return on network investments with the Cisco 7600 Series Router. The Cisco 7600 Series is the industry's first carrier-class edge router to offer integrated, high-density Ethernet switching, carrier-class IP/MPLS routing, and 10-Gbps interfaces, benefiting enterprises and helping enable service providers to deliver both consumer and business services over a single converged Carrier Ethernet network. Important Features: High performance, with up to 720 Gbps in a single chassis, or 40 Gbps capacity per slot A choice of form factors purpose-built for high availability Cisco I-Flex design: A portfolio of shared port adapters (SPAs) and SPA interface processors (SIPs) that controls voice, video, and data experiences Scalable and extensible suite of hardware and software capabilities to enable intelligent Carrier Ethernet services Integrated Video Call Admission Control with innovative visual quality of experience for both broadcast and video on demand (VoD) Intelligent Services Gateway, providing scalable subscriber and application awareness with multidimensional identity capabilities and policy controls Integrated Session Border Control with quality of experience in both Session Initiated Protocol (SIP) and non-SIP applications Applications: Carrier Ethernet: Aggregation of consumer and business service Ethernet services edge: Personalized IP services Wireless mesh networking and mobility service convergence IP/MPLS provider edge routing Enterprise WAN aggregation Headquarters core routing Models Cisco 7613 Router Cisco 7609 Router Cisco 7606 Router Cisco 7604 Router Cisco 7603 Router Product Support Configure Design Install and Upgrade Troubleshoot Product Literature Brochures Bulletins Case Studies Data Sheets End-of-Life and End-of-Sale Notices Presentations Press Coverage Q&A White Papers
... View more
Introduction The Cisco 2811 Integrated Services Router is part of the Cisco 2800 Integrated Services Router Series which complements the Integrated Services Router Portfolio. The Cisco 2811 Integrated Services Router provides the following support: Wire-speed performance for concurrent services such as security and voice , and advanced services to multiple T1 / E1 /x DSL WAN rates Enhanced investment protection through increased performance and modularity Enhanced investment protection through increased modularity Increased density through High-Speed WAN Interface Card Slots (four) Enhanced Network Module Slot Support for over 90 existing and new modules Support for majority of existing AIMs , NMs , WICs , VWICs , and VICs Two Integrated 10/100 Fast Ethernet ports Optional Layer 2 switching support with Power over Ethernet ( PoE ) (as an option) Security On-board encryption Support of up to 1500 VPN tunnels with the AIM-EPII-PLUS Module Antivirus defense support through Network Admission Control (NAC) Intrusion Prevention as well as stateful Cisco IOS Firewall support and many more essential security features Voice Analog and digital voice call support Optional voice mail support Optional support for Cisco CallManager Express (Cisco CME ) for local call processing in stand alone business for up to36 IP Phones Optional support for Survivable Remote Site Telephony support for local call processing in small enterprise branch offices for up to 36 IP phones Related Multimedia Demos *Cisco 2800 Series Portfolio Multimedia Demo* View this Flash demo to learn more about Cisco Integrated Services Router offerings for small-to-medium sized branch offices and small-to-medium enterprise businesses. *Minimum requirements to view: Internet Explorer 5.5 and higher Flash 6 and higher Windows 98SE and higher Product Literature Data Sheets (All Cisco 2800 Series Integrated Services Routers Data Sheets) Cisco 2800 Series Integrated Services Routers Presentations (All Cisco 2800 Series Integrated Services Routers Presentations) Interactive Model of the Cisco 2811 Integrated Services Router White Papers (All Cisco 2800 Series Integrated Services Routers White Papers) Cisco 2811 Integrated Services Router Miercom Report (PDF - 970 KB) Miercom Report (Dec 2006): Cisco 2811 and Cisco 2851 Integrated Services Router (PDF - 330 KB)
... View more
Network Based Application Recognition (NBAR) is a Cisco IOS technology that does deep packet inspection on network traffic to find the applications involved.You can say NBAR is a very powerful application-layer firewall that you may already have installed on your Cisco router.Most routers just look at traffic at Layer 3; with NBAR, routers can also look at Layers 4 through 7; As NBAR goes through the whole packet including header and some payload to classify an application and at the same time can work along with QoS (Quality of Service) by helping the network to provide differentiated services to each application.
NBAR used Protocol Description Language Module (PDLM) contains the rules by which NBAR technology recognizes an application during its packet inspection. NBAR analyzes the packets and compares them to a set of rules in the PDLM. If the rules mentioned in the PDLM are met, NBAR recognizes and classifies the application.you can download PDLM file.To know more about PDLM downloading and installation please refer Packet Description Language Module
Here are the some examples configuration on the Cisco devices.
Router(config)#class−map match−any http_filter
Router(config−cmap)#match protocol http url “*.ida*”
Router(config−cmap)#match protocol http url “*cmd.exe*”
Router(config−cmap)#match protocol http url “*root.exe*”
Router(config−cmap)#match protocol http url “*readme.eml*”
Once the router is configured to filter worms as mentioned above, the NBAR engine will do a deep packet analysis on traffic passing through the router interface and if the traffic matches above class then administrator can filter them using access list or they can do policy base routing for monitoring infected hosts.
This example shows how we can block P2P with the help of NBAR
class-map match-any OUTBOUND_TRAFFIC
match protocol fasttrack
match protocol gnutella
match protocol kazaa2
match protocol edonkey
match protocol napster
match protocol bittorrent
ip address 220.127.116.11 255.255.255.252
service-policy output OUTBOUND
All the packets of P2P matching in the Class Map will get dropped as soon as It reaches the outbound interface of the router.
Some verification command:
To check class map use "sh class-map <class-map name>"
To check policy status use "sh policy-map <policy-map name>"
To check various NBAR options
R2#sh ip nbar ?
filter Show current NBAR's filter criteria
link-age Show protocol link age
pdlm Show currently installed PDLMs (PDL modules)
port-map Show StILE Protocol Port Map
protocol-discovery Show traffic classes and statistics
resources Show memory configuration for tracking Stateful
unclassified-port-stats Show NBAR's port statistics for unclassified packets
version Show currently installed PDL Module Version Info
Base Initial configuration:
Network Based Application Recognition Performance Analysis
Network-Based Application Recognition
... View more
Introduction Cisco IOS XR Software, a member of the Cisco IOS family, is a unique self-healing and self-defending operating system designed for always on operation while scaling system capacity up to 92Tbps. Cisco IOS XR powers the Cisco Carrier Routing System, enabling the foundation for network and service convergence today while providing investment protection for decades to come. Product Literature Bulletins Data Sheets End-of-Life and End-of-Sale Notices Q&A Support Documentation General Information Reference Guides Design Install and Upgrade Configure Maintain and Operate Troubleshoot and Alert
... View more
Campus Manager is a component of CiscoWorks LAN Management Solution. For generic product information go to CM in CCO. Campus Manager Topics in Jive Duplex mismatches in Campus Manager How to resolve the ANI discovery used by Campus Manager and User Tracking Why does Campus Manager overwrite the DisplayNames of devices in DCR with the IP address? Articles related Articles related to Campus Manager CiscoWorks LAN Management Solution Troubleshooting ANI/Campus data does not back up Troubleshooting the ANI Discovery Used by Campus Manager and User Tracking Campus Manager clients generate a Cannot connect to ANI Server error User receives a Corrupt ANI Database error message when trying a backup Topology Services Why does Campus Manager overwrite the DisplayNames of devices in DCR with the IP address? User Tracking Utilities How to install UTLite script for user tracking in Campus Manager Tips and Tricks Duplex mismatches in Campus Manager For more information, check Category:CiscoWorks_Campus_Manager too
... View more
Introduction This document describes the optimizations placed in Cisco WAAS for Citrix. Cisco WAAS 4.5.1 introduced optimization for the Citrix HDX technology, including the ICA protocol, without any requirement for administrative actions to disable the native encryption and compression offered by Citrix XenDesktop and XenApp. Using supported access to the ICA protocol, Cisco WAAS supports optimization for the native ICA encryption:128-bit RC5 encryption, 56-bit RC5 encryption, 40-bit RC5 encryption, Basic encryption, SSL encryption, Administratively-uncompressed and unencrypted Citrix ICA. Citrix Optimization Up to 70% traffic-reduction is possible. You must configure the citrix server and client as follows: Procedure for disabling Compression on Citrix Presentation Server 4.5 & ICA Client 10.x Citrix is optimized by WAAS regardless of the configuration of the Citrix server and client. Additional performance improvements can be gained by disabling client compression and setting encryption to “RC5 (128bit) logon only”. Note that “Basic” encryption is still applied! To enable low encryption on the Citrix Presentation Server Console 4.5: - Open Citrix Management Console for Presentation Server (found in the Start menu) - In the left pane, select (serverfarm) > “Policies” - Then, right click "Policies" and select "Create a new policy" - Double-click the policy to edit - In the policy window left pane click “Security” > “Encryption” - Double-click the “SecureICA encryption” option to edit - In the policy window click "Enabled" and set encryption to "RC5 (128bit) logon only" - Then, click "Apply" and click "OK" To disable compression in the Citrix Program Neighborhood console: - Open Citrix Program Neighborhood console (found in the Start menu) - Locate the “Application Set Manager”, right-click, and select "application set settings" - On “Connection” choose a connection type either LAN or WAN - Then, in the properties dialog box, click the "Default Options" tab - Uncheck the box next to "Use data compression" - Set encryption level “128 Bit for Login Only” - Then, click "apply" and click "Ok" Note: It is not possible to disable data compression for both WAN & LAN! To disable compression in the ICA Client Template file: - Open and edit the “default.ica” file located in C:\Inetpub\wwwroot\Citrix\PNAgent\conf - If a line exists that begins with "Compress=", change the line to show "Compress=Off". - Otherwise, add a line that says "Compress=Off" - If a line exists that begins with "EncryptionLevelSession=", change the line to show "EncryptionLevelSession=EncRC5-0". - Otherwise, add a line that says "EncryptionLevelSession=EncRC5-0". - Restart any open connections. On the Client workstation amend the following 2 ini files: - Locate “appsrv.ini” located in C:\Program Files\Citrix\ICA Client\ - If it does not already exist add a line that says “Compress=Off” - Locate pn.ini located in C:\Program Files\Citrix\ICA Client\ - If it does not already exist add a line that says “Compress=Off” and “MaximumCompression=Off” Edit the following registry settings on the client workstation and the Citrix Server: - From the Start menu locate “Run” and type “regedit” - Using the directory listings in the left pane locate the following file: HKLM\Software\Citrix\ICA\Client\Engine\Configuration\Advanced\Canonicalization\TCP/IP - Add a new String Value to the TCP/IP Folder by ‘right-clicking’ the right pane and select “New” > “String Value” - Enter the details as follows: Value: Compress Data: Compress - The type should be listed as REG_SZ - Close the window and restart the client and server. Related Information Optimizing HTTPS traffic with SSLAO on WAAS 4.1.3 and above Common WAAS/WCCP issues on interactions with Security Devices
... View more
Introduction Simplify Router Deployments and Management Cisco Router and Security Device Manager (SDM) is a Web-based device-management tool for Cisco routers that can improve the productivity of network managers, simplify router deployments, and help troubleshoot complex network and VPN connectivity issues. Cisco SDM supports a wide range of Cisco IOS Software releases and is available free of charge on Cisco router models from Cisco 830 Series to Cisco 7301. It ships preinstalled on all new Cisco 850 Series, Cisco 870 Series, Cisco 1800 Series, Cisco 2800 Series, and Cisco 3800 Series integrated services routers. Network and security administrators and channel partners can use Cisco SDM for faster and easier deployment of Cisco routers for integrated services such as dynamic routing, WAN access, WLAN, firewall, VPN, SSL VPN, IPS, and QoS. Reduce Total Cost of Ownership Cisco customers can reduce the total cost of ownership (TCO) of their Cisco routers by relying on Cisco SDM -generated configurations already approved by the Cisco TAC. Configuration checks built into Cisco SDM reduce errors. SDM also helps customers avoid potential network issues by proactively monitoring router performance statistics, system logs, and firewall logs in real time. Cisco SDM offers smart wizards and advanced configuration support for LAN and WAN interfaces, Network Address Translation (NAT), stateful and application firewall policy, IPS , IPSec VPN , QoS, and NAC policy features. The firewall wizard allows a single-step deployment of high, medium, or low firewall policy settings. Cisco SDM also offers a one-click router lockdown and an innovative security auditing capability to check and recommend changes to router configuration based on ICSA Labs and Cisco TAC recommendations. Cisco SDM is a valuable productivity-enhancing tool for businesses and channel partners and allows them to implement router security and network configurations with reduced cost and increased confidence and ease. Product Literature Bulletins Data Sheets Presentations Q&A White Papers
... View more