Juniper set ambitious growth targets at its analyst day this week - targets that surpass Cisco's 12% to 17% annual growth objectives and undoubtedly rely on stealing market share from its rival. Juniper forecasts revenue growing at about a 20% compounded annual rate over the next 3-5 years, surpassing the 18% CAGR it's experienced over the past 8 years.
Of that, Juniper expects service provider to grow at a compounded annual rate of 18% to 20% and enterprise 25% to 30% over that period. Investment firm UBS believes enterprise may be the most achievable given Juniper's low market share, though UBS believes the overall targets to be "a bit high."
Oppenheimer & Co. also views enterprise as having the most upside for Juniper:
We expect Juniper to deliver on these targets through enterprise traction and share gains. This implies a bigger revenue mix shift to enterprise (~40% vs. ~34% in 2009).
Juniper also addressed concerns about its mobility and data center strategies, and the convergence of IP and optical networking. In mobility, revenues from its Project Falcon 3G/4G enhanced packet core initiative are expected in 2011, with trials staring in the fourth quarter of this year. Likewise, revenue from the Project Stratus data center and cloud computing switching program are also expected in 2011 though UBS expects initial hardware implementations to emerge later this quarter.
Sunday, February 28, 2010
Cisco 4500 series and netflow
Normally on a Cisco router, you can export by using ip route-cache flow commands on each interface you want to monitor and ip flow-export to your collector. No problem… On a Cisco 4500 series L3 switch netflow doesnt work on each interface so you enable the command globally. It still won’t work unless you have met the following conditions:
Supervisor IV or a Supervisor Engine V
NetFlow Services daughter card(WS-F4531)
IOS version 12.1(19)EW or above to support NDE
Here are the commands:
switch>(enable)ip flow-export destination 192.168.9.101 9996
switch>(enable)ip flow-export version 7
switch>(enable)ip flow-export source FastEthernet 0/1
switch>(enable)ip flow-cache timeout active 1
switch>(enable)ip route-cache flow infer-fields
Supervisor IV or a Supervisor Engine V
NetFlow Services daughter card(WS-F4531)
IOS version 12.1(19)EW or above to support NDE
Here are the commands:
switch>(enable)ip flow-export destination 192.168.9.101 9996
switch>(enable)ip flow-export version 7
switch>(enable)ip flow-export source FastEthernet 0/1
switch>(enable)ip flow-cache timeout active 1
switch>(enable)ip route-cache flow infer-fields
VLAN Trunking and VLAN Tagging, what’s the difference?
Over the years, I have worked with both Cisco and non-Cisco switches (such as HP, Netgear, Foundry, etc). There is the Cisco way and then there is the non-Cisco way. Both comply with the 802.1q VLAN standard. Lets just forget about the Cisco ISL standard, thats another topic!
So for those who are new, let me try to explain.
In the Cisco method, you basically put ports in “access mode” or “trunk mode”. Trunks are not to be confused with non-Cisco port aggregation trunks (i.e. LACP). Cisco “trunks” are actually ports that have a VLAN “tag” within the ethernet frame that designates the VLAN the packet belongs to. Cisco “access” ports are the ports that isolate specific VLAN packets configured for that port. The “tag” is stripped off and delivered to the port.
In the non-Cisco method, ports are either “tagged” or “untagged”. Tagged ports are ports that contain packets with vlan “tags”, same as the Cisco “trunk” port. Non-Cisco “untagged” ports are ports that vlan tags are stripped off, same as the Cisco “access mode” ports”.
What makes it tricky, is that in the non-Cisco environment, you need to tag & untag ports WITHIN the vlan. In the Cisco method, you set trunk & access vlans WITHIN the ports.
For example, suppose you want to setup port 1 as a trunk port (tagged port), and port 3,4 and 5 as access ports on vlan 100 (tagged ports).
Cisco method:
create the vlan and then assign the vlans –> to the ports
conf t
int fas0/1
switchport mode trunk
int fas0/3
switchport mode access
switchport access vlan 100
int fas0/4
switchport mode access
switchport access vlan 100
int fas0/5
switchport mode access
switchport access vlan 100
Non-Cisco method:
you tag and untag the ports –> to the vlans
conf t
vlan 100
tagged eth 1
untagged eth 3 eth 4 eth 5
Both accomplish the same goal, both are 802.1q, totally different methods! It seems as though Cisco made it more difficult, but for some reason, I get more confused with the vlan tagging and untagging. You start mixing in multiple vlans and things seem easier to follow on the Cisco method. Also keep in mind, it is perfectly fine to mix Cisco and non-Cisco switches and be able to communicate with 802.1q vlans back and forth even though the commands seem completely different. The standard is still 802.1q. Obviously it would be preferred that you keep all the switches the same within your network, but sometimes you have no control. If you have both kinds of switches (Cisco and non-Cisco), I hope that this has helped you understand.
So for those who are new, let me try to explain.
In the Cisco method, you basically put ports in “access mode” or “trunk mode”. Trunks are not to be confused with non-Cisco port aggregation trunks (i.e. LACP). Cisco “trunks” are actually ports that have a VLAN “tag” within the ethernet frame that designates the VLAN the packet belongs to. Cisco “access” ports are the ports that isolate specific VLAN packets configured for that port. The “tag” is stripped off and delivered to the port.
In the non-Cisco method, ports are either “tagged” or “untagged”. Tagged ports are ports that contain packets with vlan “tags”, same as the Cisco “trunk” port. Non-Cisco “untagged” ports are ports that vlan tags are stripped off, same as the Cisco “access mode” ports”.
What makes it tricky, is that in the non-Cisco environment, you need to tag & untag ports WITHIN the vlan. In the Cisco method, you set trunk & access vlans WITHIN the ports.
For example, suppose you want to setup port 1 as a trunk port (tagged port), and port 3,4 and 5 as access ports on vlan 100 (tagged ports).
Cisco method:
create the vlan and then assign the vlans –> to the ports
conf t
int fas0/1
switchport mode trunk
int fas0/3
switchport mode access
switchport access vlan 100
int fas0/4
switchport mode access
switchport access vlan 100
int fas0/5
switchport mode access
switchport access vlan 100
Non-Cisco method:
you tag and untag the ports –> to the vlans
conf t
vlan 100
tagged eth 1
untagged eth 3 eth 4 eth 5
Both accomplish the same goal, both are 802.1q, totally different methods! It seems as though Cisco made it more difficult, but for some reason, I get more confused with the vlan tagging and untagging. You start mixing in multiple vlans and things seem easier to follow on the Cisco method. Also keep in mind, it is perfectly fine to mix Cisco and non-Cisco switches and be able to communicate with 802.1q vlans back and forth even though the commands seem completely different. The standard is still 802.1q. Obviously it would be preferred that you keep all the switches the same within your network, but sometimes you have no control. If you have both kinds of switches (Cisco and non-Cisco), I hope that this has helped you understand.
Tuesday, February 9, 2010
Cisco successfully tests its router in space
Cisco this week said it successfully tested a router and its IOS software while it was in orbit in space. Cisco said the test is the first deployment of an IP router aboard a commercial GEO satellite, which was launched Nov. 23, 2009.
The router-in-space project is part of Cisco's Internet Routing in Space (IRIS) initiative. IRIS is a program to build a radiation-tolerant router for satellite and spacecraft.
IRIS is designed to support voice, video and data network services for government agencies, military units and allies. Cisco says it is more adaptable than traditional satellite technology because it does not rely on a fixed, predefined infrastructure.
The IRIS program is a Department of Defense Joint Capability Technology Demonstration (JCTD) managed by Cisco and Intelsat. The IRIS payload will convert to commercial use following the three-month JCTD, which ends in April.
The Defense Information Systems Agency will coordinate the demonstration of IRIS for government users and develop the means for utilizing the technology.
Form:Network World
The router-in-space project is part of Cisco's Internet Routing in Space (IRIS) initiative. IRIS is a program to build a radiation-tolerant router for satellite and spacecraft.
IRIS is designed to support voice, video and data network services for government agencies, military units and allies. Cisco says it is more adaptable than traditional satellite technology because it does not rely on a fixed, predefined infrastructure.
The IRIS program is a Department of Defense Joint Capability Technology Demonstration (JCTD) managed by Cisco and Intelsat. The IRIS payload will convert to commercial use following the three-month JCTD, which ends in April.
The Defense Information Systems Agency will coordinate the demonstration of IRIS for government users and develop the means for utilizing the technology.
Form:Network World
Cisco MARS 6.0.6 Now Available
The following changes and enhancements exist in MARS, Release 6.0.6:
•SNMP v. 3.0 Support—Leveraging a secure communication protocol between MARS and Cisco security enforcement devices, customers can be assured that they are securely mitigating attacks and configuring and managing devices. SNMPv3 support enables the following features:
–Per-device SNMPv3 credentials are used for manual discovery and layer 2 mitigation.
–Support for SNMPv3 credentials for an entire network or range of IP addresses. The MARS autodiscovery feature clones the credentials for an autodiscovered device on that network.
–Monitor the health of supported devices via SNMPv3 via the resource utilization charts that you can add to the Summary > My Reports subtab.
See the Release notes for a matrix of SNMP3 support for different Cisco Devices.
Internet Explorer 8 Support—MARS supports Microsoft Internet Explorer 8 without requiring compatibility mode. Due to the nature of security revisions in Internet Explorer, you may find that you must authenticate more frequently to the MARS appliance.
•Improved Device Support—MARS now includes backward compatible support for ASA 8.0.5 and IOS 15.0(1)M. Backward compatible support means that any events that MARS parsed for ASA 8.0.4 or IOS 12.4 (11) T2 have been verified to parse in the corresponding newer release.
There have also been vendor signature updates for some Cisco and some non Cisco devices.
•SNMP v. 3.0 Support—Leveraging a secure communication protocol between MARS and Cisco security enforcement devices, customers can be assured that they are securely mitigating attacks and configuring and managing devices. SNMPv3 support enables the following features:
–Per-device SNMPv3 credentials are used for manual discovery and layer 2 mitigation.
–Support for SNMPv3 credentials for an entire network or range of IP addresses. The MARS autodiscovery feature clones the credentials for an autodiscovered device on that network.
–Monitor the health of supported devices via SNMPv3 via the resource utilization charts that you can add to the Summary > My Reports subtab.
See the Release notes for a matrix of SNMP3 support for different Cisco Devices.
Internet Explorer 8 Support—MARS supports Microsoft Internet Explorer 8 without requiring compatibility mode. Due to the nature of security revisions in Internet Explorer, you may find that you must authenticate more frequently to the MARS appliance.
•Improved Device Support—MARS now includes backward compatible support for ASA 8.0.5 and IOS 15.0(1)M. Backward compatible support means that any events that MARS parsed for ASA 8.0.4 or IOS 12.4 (11) T2 have been verified to parse in the corresponding newer release.
There have also been vendor signature updates for some Cisco and some non Cisco devices.
5 recession-proof IT skills
The enterprise data center has become the corporate center of attention. If you want in, here are the skills you need to have:
1. Virtualization.
A foundational technology for state-of-the-art IT infrastructures, virtualization skills almost go without saying.
Rick King, CTO at Thomson Reuters, Legal, in Eagan, Minn., puts it this way: "Today people who have spent a lot of time with virtualization technologies can pretty much work any place they want — and that will be true for some period of time, until almost all data centers are running almost everything in a virtual environment."
2. Services management.
As enterprises shift into the use of public or private cloud service providers, data center personnel need to ratchet up their service management skills, says John Ryan, the global portfolio executive responsible for platform and end user services at technology consulting firm CSC.
"It's no longer enough to know how to manage the hypervisor and workloads moving across the infrastructure. People have to shift their thinking into an environment where capacity and demand management come together. They have to be skilled in services management," he explains.
Joanne Kossuth, vice president of operations and CIO for Franklin W. Olin College of Engineering in Needham, Mass., agrees. "Things like software and infrastructure as a service already exist, and some are more highly adopted than others. But five years down the line, it really will be about a combination of these things and data center folks are going to manage all that."
3. Unified computing.
"The trend today, as it will for the next three to five years, will be unified computing – look at Cisco with its Unified Computing System, HP with BladeSystem Matrix and IBM with its cloud computing strategy," says Rockwell Bonecutter, data center technology and operations lead for North America at Accenture, a technology services consulting company. "The natural assumption you can derive from that is that this will be the hot button for new skills."
As such, data center personnel of every ilk must get up to speed on unified compute concepts, principles and architecture, he says. As a result, we'll have data centers staffed by people who understand how to deliver business value and services rather than only knowing how to add more processing power or storage, for example.
4. Green IT.
Going green is a corporate mandate the world over, and that leaves many IT organizations deciding whether they need a point person for green efforts across the data center, King says. "This professional would focus on deploying green technologies — as well as steering away from deployment of non-green technologies. Because green technologies often improve operational efficiencies, such people would actually pay for themselves over and over again," he adds.
5. Resource management.
Along the same lines, the ability to finesse conversations between IT and facilities is becoming a critical skill in the data center, says David Cappuccio, managing vice president and chief of research for the infrastructure teams at Gartner. "Building a capacity plan when you don't take into account energy consumption and heat dissipation is a plan in a vacuum," he adds. "You need somebody on staff who can actually track these things, talk a facilities language and translate it back to IT." These skills are sometimes packaged in a position called resource manager or facilities liaison, Cappuccio says.
At Citigroup, they're wrapped up into a position called data center planning and critical systems engineer, says Jim Carney, executive vice president of data center planning for the New York-based global financial services firm.
In fact, Carney says, "No data center manager I would ever hire could be blind to the facilities side of the business because it's so integral to their uptime."
1. Virtualization.
A foundational technology for state-of-the-art IT infrastructures, virtualization skills almost go without saying.
Rick King, CTO at Thomson Reuters, Legal, in Eagan, Minn., puts it this way: "Today people who have spent a lot of time with virtualization technologies can pretty much work any place they want — and that will be true for some period of time, until almost all data centers are running almost everything in a virtual environment."
2. Services management.
As enterprises shift into the use of public or private cloud service providers, data center personnel need to ratchet up their service management skills, says John Ryan, the global portfolio executive responsible for platform and end user services at technology consulting firm CSC.
"It's no longer enough to know how to manage the hypervisor and workloads moving across the infrastructure. People have to shift their thinking into an environment where capacity and demand management come together. They have to be skilled in services management," he explains.
Joanne Kossuth, vice president of operations and CIO for Franklin W. Olin College of Engineering in Needham, Mass., agrees. "Things like software and infrastructure as a service already exist, and some are more highly adopted than others. But five years down the line, it really will be about a combination of these things and data center folks are going to manage all that."
3. Unified computing.
"The trend today, as it will for the next three to five years, will be unified computing – look at Cisco with its Unified Computing System, HP with BladeSystem Matrix and IBM with its cloud computing strategy," says Rockwell Bonecutter, data center technology and operations lead for North America at Accenture, a technology services consulting company. "The natural assumption you can derive from that is that this will be the hot button for new skills."
As such, data center personnel of every ilk must get up to speed on unified compute concepts, principles and architecture, he says. As a result, we'll have data centers staffed by people who understand how to deliver business value and services rather than only knowing how to add more processing power or storage, for example.
4. Green IT.
Going green is a corporate mandate the world over, and that leaves many IT organizations deciding whether they need a point person for green efforts across the data center, King says. "This professional would focus on deploying green technologies — as well as steering away from deployment of non-green technologies. Because green technologies often improve operational efficiencies, such people would actually pay for themselves over and over again," he adds.
5. Resource management.
Along the same lines, the ability to finesse conversations between IT and facilities is becoming a critical skill in the data center, says David Cappuccio, managing vice president and chief of research for the infrastructure teams at Gartner. "Building a capacity plan when you don't take into account energy consumption and heat dissipation is a plan in a vacuum," he adds. "You need somebody on staff who can actually track these things, talk a facilities language and translate it back to IT." These skills are sometimes packaged in a position called resource manager or facilities liaison, Cappuccio says.
At Citigroup, they're wrapped up into a position called data center planning and critical systems engineer, says Jim Carney, executive vice president of data center planning for the New York-based global financial services firm.
In fact, Carney says, "No data center manager I would ever hire could be blind to the facilities side of the business because it's so integral to their uptime."
High-Tech Computer Rental for Business Promotion
In current development of technology, everyday comes with some enhancements in latest technology. To grow business and to compete with competitors, high tech equipments are required for office use and to organize conferences, trade show & seminars. Rather than going to shop and purchasing these equipments, we can take all the required computer equipments from computer rental services. It helps us to perform our tasks nicely and also aware us to the latest technology.
Whether you are holding a tradeshow, hotel convention, or any type of business meeting, you can always count on Professional Computer Equipment Rental Services. By combining premium AV rental equipment, top-quality computer rentals, reasonable rates, and unsurpassed staff, your experience with these services will make you comfortable to organize any Business conference and other Business meetings as well as you can fulfill your office needs without investing a lot of money on these High Tech Equipments by approaching business technology rental centers.
Equipment dependability at your tradeshow or convention means knowing that the proper equipment will be delivered, set up, and operating when you need it and where you need it. Dependability is the reason why convention and tradeshow producers, as well as exhibitors, have been looking to Computer Rental Services to handle their audiovisual needs.
When you call for Computer Rental Services, you can depend on their trained experts to combine their extensive tradeshow and convention experience with broad selection of top audiovisual and computer rental inventory. The result is an impressive well-managed event.
These Services are providing audiovisual rental selection includes plasma screens, high-resolution LCD monitors, and high-lumen LCD projectors – all of which draw attention and visitors to your individual exhibit or tradeshow production. Their trained technicians can design a standard or wireless sound system for any size audience or any type room configuration. If computer rentals, laptops or desktops, servers, and printers are needed, they are carefully selected for your exact requirements, be it for a computer-enhanced display, sophisticated Internet cafe, or for a busy registration area.
Simply choose your audiovisual or computer rental equipment and let Agency deliver, set up, and provide support for everything from registration desks to full-service press rooms and breakout rooms.
Once selected, your equipment will be handled by their team of experts, who will deliver, set up, test, and provide the vital technical support necessary to ensure seamless, smooth performance for your convention or tradeshow.
Whether you are holding a tradeshow, hotel convention, or any type of business meeting, you can always count on Professional Computer Equipment Rental Services. By combining premium AV rental equipment, top-quality computer rentals, reasonable rates, and unsurpassed staff, your experience with these services will make you comfortable to organize any Business conference and other Business meetings as well as you can fulfill your office needs without investing a lot of money on these High Tech Equipments by approaching business technology rental centers.
Equipment dependability at your tradeshow or convention means knowing that the proper equipment will be delivered, set up, and operating when you need it and where you need it. Dependability is the reason why convention and tradeshow producers, as well as exhibitors, have been looking to Computer Rental Services to handle their audiovisual needs.
When you call for Computer Rental Services, you can depend on their trained experts to combine their extensive tradeshow and convention experience with broad selection of top audiovisual and computer rental inventory. The result is an impressive well-managed event.
These Services are providing audiovisual rental selection includes plasma screens, high-resolution LCD monitors, and high-lumen LCD projectors – all of which draw attention and visitors to your individual exhibit or tradeshow production. Their trained technicians can design a standard or wireless sound system for any size audience or any type room configuration. If computer rentals, laptops or desktops, servers, and printers are needed, they are carefully selected for your exact requirements, be it for a computer-enhanced display, sophisticated Internet cafe, or for a busy registration area.
Simply choose your audiovisual or computer rental equipment and let Agency deliver, set up, and provide support for everything from registration desks to full-service press rooms and breakout rooms.
Once selected, your equipment will be handled by their team of experts, who will deliver, set up, test, and provide the vital technical support necessary to ensure seamless, smooth performance for your convention or tradeshow.
Monday, February 8, 2010
Find the best Cisco router for your needs
For those of us who have been working with Cisco routers for some time, some of the most well-known routers are missing from the current lineup. Cisco discontinued the 2600 and 3600 Series routers some time ago. For the remote branch office and SMB market, these routers were always the workhorse of the Cisco router lineup.
In my opinion, it wasn’t their capabilities that made them obsolete. They could do just about anything that the latest routers could do. For that reason, many shops are still using them.
What made these series of routers depreciate was the limitation of their CPU processing, Flash, and RAM storage. The Cisco IOS grew to be larger than what those routers could handle efficiently with the maximum amount of RAM.
In addition, the packet load of the typical network grew so much that Gig-Ethernet became common on networks. These routers just didn’t have the processing to handle that throughput with the CPU that they had.
Which router do I need?People often ask me which router they should use for a specific situation. To begin, I think Figure A does a decent job of illustrating Cisco’s available routers and the load they can take (as illustrated by the light blue column in the graphic).
Of course, there’s no hard and fast rule telling us which router to use for which situation. However, here are some general guidelines that I suggest using.
Home office or small branch office
Let’s say you have a home office worker who needs more than just a periodic VPN connection. The employee will be working a full 40-hour workweek over a site-to-site VPN, and you want him or her to have the most reliable and best performing connection possible.
Cisco 800 Series routers are ideal in this situation. They’re great performing routers for a single person or even a small office of up to 10 people. They have the full Cisco IOS, including the latest IOS 12.4 including features such as Firewall, IPS, VPN, VLAN, QoS, NAC, and even high availability features. There are different models for different applications, including ISDN, DSL, and routers with integrated wireless.
I use a Cisco 871W router at my house. In addition to it being a great router to connect to the Internet, it’s an excellent router for testing Cisco IOS commands. I also recommend the 800 Series routers to CCNA and CCNP candidates as the best option for studying IOS commands.
Remote office of 25 workers
For remote offices that have 25 or so workers, Cisco 1800 Series routers are an excellent choice. This router is perfect if all you need is a router to connect your office to the Internet, VPN, firewall, and wireless.
Remote office of 50 workers
If you’re looking for the same basic functionality of the 1800 Series but need a lot more performance and expandability, Cisco 2800 Series routers are what you need. With the 2800 series lineup, you can get everything that’s in the 1800 Series plus redundant power supply options, Gig-Ethernet ports, Network Module (NM) expansion slots, VoIP Call Manager Express (CME) with SRST, and much more performance.
Having the NM card slot lets you add things such as a 36-port switch with PoE, a DS3 ATM, a 24-port VoIP module, an intrusion detection module, a network analysis module, or a Cisco Unity Express voice mail module. In my opinion, the Network Module slot on the 2800 Series is where the Cisco router lineup really starts to get exciting.
Remote or HQ office of 100 workers
Cisco 3800 Series routers are similar to the 2800 Series in that there are a lot of HWIC and NM options for them. But what sets them apart from the 2800 Series is the sheer performance of the hardware and the number of HWIC and NM card that you can put into them.
Campus or large HQ office
For very large campus or service providers, the Catalyst 6500 and 7200/7300 Series platforms are for you. Cisco calls these “service aggregation platforms.” These are very high-performance networking platforms with a huge capacity for expansion.
A quick disclaimer: Always read the specifications for the router you’re considering, and consult with your local SE or experienced Cisco reseller to make sure you get the best router for the job.
In my opinion, it wasn’t their capabilities that made them obsolete. They could do just about anything that the latest routers could do. For that reason, many shops are still using them.
What made these series of routers depreciate was the limitation of their CPU processing, Flash, and RAM storage. The Cisco IOS grew to be larger than what those routers could handle efficiently with the maximum amount of RAM.
In addition, the packet load of the typical network grew so much that Gig-Ethernet became common on networks. These routers just didn’t have the processing to handle that throughput with the CPU that they had.
Which router do I need?People often ask me which router they should use for a specific situation. To begin, I think Figure A does a decent job of illustrating Cisco’s available routers and the load they can take (as illustrated by the light blue column in the graphic).
Of course, there’s no hard and fast rule telling us which router to use for which situation. However, here are some general guidelines that I suggest using.
Home office or small branch office
Let’s say you have a home office worker who needs more than just a periodic VPN connection. The employee will be working a full 40-hour workweek over a site-to-site VPN, and you want him or her to have the most reliable and best performing connection possible.
Cisco 800 Series routers are ideal in this situation. They’re great performing routers for a single person or even a small office of up to 10 people. They have the full Cisco IOS, including the latest IOS 12.4 including features such as Firewall, IPS, VPN, VLAN, QoS, NAC, and even high availability features. There are different models for different applications, including ISDN, DSL, and routers with integrated wireless.
I use a Cisco 871W router at my house. In addition to it being a great router to connect to the Internet, it’s an excellent router for testing Cisco IOS commands. I also recommend the 800 Series routers to CCNA and CCNP candidates as the best option for studying IOS commands.
Remote office of 25 workers
For remote offices that have 25 or so workers, Cisco 1800 Series routers are an excellent choice. This router is perfect if all you need is a router to connect your office to the Internet, VPN, firewall, and wireless.
Remote office of 50 workers
If you’re looking for the same basic functionality of the 1800 Series but need a lot more performance and expandability, Cisco 2800 Series routers are what you need. With the 2800 series lineup, you can get everything that’s in the 1800 Series plus redundant power supply options, Gig-Ethernet ports, Network Module (NM) expansion slots, VoIP Call Manager Express (CME) with SRST, and much more performance.
Having the NM card slot lets you add things such as a 36-port switch with PoE, a DS3 ATM, a 24-port VoIP module, an intrusion detection module, a network analysis module, or a Cisco Unity Express voice mail module. In my opinion, the Network Module slot on the 2800 Series is where the Cisco router lineup really starts to get exciting.
Remote or HQ office of 100 workers
Cisco 3800 Series routers are similar to the 2800 Series in that there are a lot of HWIC and NM options for them. But what sets them apart from the 2800 Series is the sheer performance of the hardware and the number of HWIC and NM card that you can put into them.
Campus or large HQ office
For very large campus or service providers, the Catalyst 6500 and 7200/7300 Series platforms are for you. Cisco calls these “service aggregation platforms.” These are very high-performance networking platforms with a huge capacity for expansion.
A quick disclaimer: Always read the specifications for the router you’re considering, and consult with your local SE or experienced Cisco reseller to make sure you get the best router for the job.
Cisco 2800 ISR configuration for SIP voice with NAT and Firewall
I had the enjoyable opportunity over the last few weeks to jump in and do a basic Cisco voice install. It was about 110 phones, with the Cisco Unified Communications Manager Business Edition. This is a single box that includes Call Manager 6.1.3, and Unity Connection 2.1. It had to be done fast, and it had to be done right, so I stuck to mostly tried and true configurations.
Since this was a price sensitive design, we used the 2800 router to its maximum potential. The 2800 is an amazingly flexible piece of equipment; it can be configured to do large variety of things. Sometimes known as the Integrated Services Router, or ISR, it can be set up as a router, firewall, VPN, Voice Gateway, SIP session border controller, transoder, conference bridge, and survivable remote gateway, all at the same time, on the same box!
The call manager and unity connection install was straightforward, like punching out license plates. Set up media, device pools, partitions, calling search spaces, translation patterns, gateways, route filters, route patterns, etc. Scan then batch add the phones, set up voicemail and autoattendant call handlers, create expections, deal with the special people, and that’s it. Enough said about that.
The Cisco 2800 Integrated Services Router is used in this example to terminate a Multilink PPP bundle of four Internet T1’s, act as a firewall, provide media services to the Cisco call manager, act as an MGCP controlled analog gateway, and use Cisco Survivable Remote Site Telephony (SRST) to be the backup call processor to the main Cisco Call Manager.
SIP is ok with Network Address Translation as long as the firewall is capable of doing deep packet inspection and NAT’s all references to IP addresses. When I tried to NAT the inside interface of the firewall…it did not work so well. The remote SIP service provider was seeing private IP addresses in the SIP text, which does not make for good two way communications.
The Quality of Service setup on this example is fairly straightforward. Outbound is the standard Cisco MQS low-latency queuing setup, with a priority queue for voice and class based weighted fair queuing for the rest. Even though the service provider has said they prioritize inbound voice, I still set up inbound policing. Non-voice is limited to 4 Mbps, and anything greater than that will be dropped. Voice can use all of the bandwidth, so essentially there is 2 Mbps reserved for inbound voice. This is based on a calculation of 80 kbps for one G.711 call, so 2000 kbps gives us 25 concurrent voice calls, which should be plenty for 110 phones.
Object groups are used, which is new to IOS version 12.4.20T. As a side note, I recommend strongly against using 12.4.22T1 for NAT or SCCP media like MTP’s, since those feature are broken in that version.
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname PriorityQueueRouter
!
boot-start-marker
warm-reboot
boot-end-marker
!
card type t1 0 0
card type t1 0 1
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 100000 warnings
no logging console
enable secret 5 0000000000000000000
!
aaa new-model
!
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
network-clock-participate wic 0
network-clock-participate wic 1
network-clock-select 1 T1 0/0/0
network-clock-select 2 T1 0/0/1
network-clock-select 3 T1 0/1/0
network-clock-select 4 T1 0/1/1
!
dot11 syslog
no ip source-route
!
!
ip cef
!
!
no ip domain lookup
ip domain name MAINSITE.local
ip inspect max-incomplete high 5000
ip inspect max-incomplete low 4500
ip inspect one-minute high 5000
ip inspect one-minute low 4500
ip inspect tcp idle-time 300
ip inspect tcp finwait-time 10
ip inspect tcp max-incomplete host 1000 block-time 0
ip inspect tcp reassembly queue length 1024
ip inspect tcp reassembly timeout 60
ip inspect tcp reassembly memory limit 256000
ip inspect name EXT_FW ssh
ip inspect name EXT_FW https
ip inspect name EXT_FW ntp
ip inspect name EXT_FW tcp
ip inspect name EXT_FW dns
ip inspect name EXT_FW smtp
ip inspect name EXT_FW udp
ip inspect name EXT_FW icmp
ip inspect name EXT_FW ftp timeout 1200
ip inspect name EXT_FW http
ip inspect name EXT_FW sip
ip inspect name EXT_FW appleqtc
ip inspect name EXT_FW l2tp
ip inspect name EXT_FW pptp
no ipv6 cef
!
multilink bundle-name authenticated
!
!
trunk group FXOPORTS
hunt-scheme sequential both up
!
!
voice service voip
address-hiding
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
redirect ip2ip
fax protocol pass-through g711ulaw
modem passthrough nse codec g711ulaw
sip
bind control source-interface Loopback0
bind media source-interface Loopback0
header-passing
registrar server expires max 3600 min 3600
no update-callerid
early-offer forced
!
!
voice class media 1
media flow-through
!
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
!
!
voice translation-rule 1
rule 1 /^\(2...\)/ /770555\1/
!
voice translation-rule 2
rule 1 /^9/ //
!
!
voice translation-profile OUTBOUND
translate calling 1
translate called 2
!
!
voice-card 0
no dspfarm
dsp services dspfarm
!
!
object-group network EXTERNAL_SIP_SERVERS
host 247.10.98.2
!
object-group network INSIDE_NETWORKS
10.108.0.0 255.255.0.0
!
object-group network INTERNAL_SIP_SERVERS
host 251.222.32.206
host 251.222.32.205
object-group network OUTSIDE_INTERFACE
host 250.1.26.7
!
object-group service PING_SERVICE
icmp echo-reply
icmp unreachable
icmp redirect
icmp echo
udp eq ntp
udp eq domain
!
object-group network PRIVATE_NAT_SERVERS
host 10.108.80.5
host 10.108.60.6
host 10.108.60.7
host 10.108.60.10
host 10.108.60.12
!
object-group network PUBLIC_NAT_SERVERS
host 251.222.32.205
host 251.222.32.195
host 251.222.32.197
host 251.222.32.199
host 251.222.32.201
!
object-group network SERVER_NETWORKS
10.108.60.0 255.255.255.0
10.108.80.0 255.255.255.0
!
object-group network SIP_NETWORKS
host 251.222.32.206
host 251.222.32.205
!
object-group service SIP_SERVICE
udp eq 5060
tcp eq 5060
!
!
controller T1 0/0/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 0 timeslots 1-24
!
controller T1 0/0/1
framing esf
linecode b8zs
cablelength long 0db
channel-group 1 timeslots 1-24
!
controller T1 0/1/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 0 timeslots 1-24
!
controller T1 0/1/1
framing esf
linecode b8zs
cablelength long 0db
channel-group 1 timeslots 1-24
!
ip tcp synwait-time 60
ip tcp path-mtu-discovery
ip ssh time-out 60
ip ssh version 2
!
class-map match-any VOICE_CLASS
match ip dscp ef
match access-group name VOICEPACKETS_ACL
class-map match-any CALLCONTROL_CLASS
match ip dscp af31
match ip dscp cs3
match ip dscp af21
class-map match-any CONTROL_CLASS
match access-group name NETWORKCONTROL_ACL
match ip dscp af11
class-map match-any FROM_ISP_CLASS
match access-group name FROM_ISP_ACL
!
!
policy-map DROP_NON_VOICE_POLICY
class FROM_ISP_CLASS
police rate 2000000
conform-action set-dscp-transmit ef
exceed-action set-dscp-transmit ef
violate-action set-dscp-transmit ef
class class-default
police rate 4000000
conform-action transmit
exceed-action drop
violate-action drop
policy-map VOICEFIRST_POLICY
class CALLCONTROL_CLASS
bandwidth percent 5
set dscp af21
class CONTROL_CLASS
bandwidth percent 5
set dscp af11
class VOICE_CLASS
priority percent 65 200000
set dscp ef
class class-default
fair-queue
random-detect
!
!
interface Loopback0
ip address 251.222.32.206 255.255.255.255
!
interface Multilink1
ip address 250.1.26.7 255.255.255.252
ip access-group OUTSIDE_IN in
ip verify unicast reverse-path
ip flow ingress
ip nat outside
ip inspect EXT_FW out
ip virtual-reassembly
snmp trap ip verify drop-rate
no cdp enable
ppp multilink
ppp multilink group 1
ppp multilink fragment disable
service-policy input DROP_NON_VOICE_POLICY
service-policy output VOICEFIRST_POLICY
!
interface GigabitEthernet0/0
ip address 10.108.100.254 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0:0
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
!
interface Serial0/0/1:1
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
!
interface Serial0/1/0:0
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
!
interface Serial0/1/1:1
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
!
ip local pool VPNPOOL 192.168.50.200 192.168.50.250
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Multilink1
ip route 10.108.0.0 255.255.0.0 10.108.100.1
no ip http server
ip http authentication aaa
ip http secure-server
!
!
ip nat inside source route-map DYNAMIC_RMAP interface Multilink1 overload
ip nat inside source static 10.108.60.6 64.206.208.195 route-map STATIC_RMAP
ip nat inside source static 10.108.60.8 64.206.208.197 route-map STATIC_RMAP
ip nat inside source static 10.108.60.10 64.206.208.199 route-map STATIC_RMAP
ip nat inside source static 10.108.60.12 64.206.208.201 route-map STATIC_RMAP
ip nat inside source static 10.108.80.5 64.206.208.205 route-map STATIC_RMAP
!
ip access-list extended DYNAMIC_NAT_ACL
deny ip object-group PRIVATE_NAT_SERVERS any
permit ip 10.108.0.0 0.0.255.255 any
!
ip access-list extended FROM_ISP_ACL
permit ip object-group EXTERNAL_SIP_SERVERS object-group INTERNAL_SIP_SERVERS
!
ip access-list extended OUTSIDE_IN
permit object-group PING_SERVICE any object-group OUTSIDE_INTERFACE
permit object-group PING_SERVICE any object-group INTERNAL_SIP_SERVERS
permit object-group PING_SERVICE any object-group PUBLIC_NAT_SERVERS
permit object-group SIP_SERVICE object-group EXTERNAL_SIP_SERVERS object-group INTERNAL_SIP_SERVERS
permit object-group MGMT_SERVICE object-group MGMT_NETWORKS object-group OUTSIDE_INTERFACE
!
ip access-list extended STATIC_NAT_ACL
permit ip 10.108.0.0 0.0.255.255 any
!
!
route-map DYNAMIC_RMAP permit 1
match ip address DYNAMIC_NAT_ACL
!
route-map STATIC_RMAP permit 1
match ip address STATIC_NAT_ACL
!
control-plane
!
voice-port 2/0/0
!
voice-port 2/0/1
!
voice-port 2/0/2
!
voice-port 2/0/3
!
voice-port 2/0/4
!
voice-port 2/0/5
!
voice-port 2/0/6
!
voice-port 2/0/7
!
voice-port 2/0/8
trunk-group FXOPORTS 6
timing hookflash-out 50
connection plar 2700
!
voice-port 2/0/9
trunk-group FXOPORTS 5
timing hookflash-out 50
connection plar 2700
!
voice-port 2/0/10
connection plar 2700
!
voice-port 2/0/11
connection plar 2700
!
voice-port 2/0/12
connection plar 2700
!
voice-port 2/0/13
connection plar 2700
!
ccm-manager fallback-mgcp
ccm-manager mgcp
ccm-manager music-on-hold
ccm-manager config server 10.108.80.5
ccm-manager config
!
mgcp
mgcp call-agent ucserver 2427 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode out-of-band
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp package-capability pre-package
no mgcp package-capability res-package
no mgcp package-capability fxr-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp fax t38 inhibit
mgcp rtp payload-type g726r16 static
mgcp bind control source-interface GigabitEthernet0/0
mgcp bind media source-interface GigabitEthernet0/0
!
mgcp profile default
!
sccp local Loopback0
sccp ccm 10.108.80.5 identifier 1 priority 1 version 6.0
sccp
!
sccp ccm group 1
associate ccm 1 priority 1
associate profile 4 register MTP2851-729
associate profile 3 register MTP2851
associate profile 2 register CFB2851
associate profile 1 register XCD2851
!
dspfarm profile 1 transcode
codec g711ulaw
codec g729r8
maximum sessions 2
associate application SCCP
!
dspfarm profile 2 conference
codec g711ulaw
codec g729r8
maximum sessions 2
associate application SCCP
!
dspfarm profile 3 mtp
codec g711ulaw
maximum sessions software 50
associate application SCCP
!
dspfarm profile 4 mtp
codec g729r8
maximum sessions software 50
associate application SCCP
shutdown
!
!
dial-peer voice 999200 pots
service mgcpapp
port 2/0/0
!
dial-peer voice 999208 pots
service mgcpapp
port 2/0/8
!
dial-peer voice 1 pots
description Incoming called numbers from FXO or FXS or ccm
incoming called-number .
direct-inward-dial
!
dial-peer voice 59111 pots
trunkgroup FXOPORTS
description 911 service with a leading 9
translation-profile outgoing OUTBOUND
preference 5
destination-pattern 9[49]11
!
dial-peer voice 59112 pots
trunkgroup FXOPORTS
description 911 service without a leading 9
preference 5
destination-pattern [49]11
!
dial-peer voice 5202 pots
trunkgroup FXOPORTS
description International calling with FXOPORTS
translation-profile outgoing OUTBOUND
preference 5
destination-pattern 9011T
!
dial-peer voice 19111 voip
description 911 service with a leading 9 to ISP
translation-profile outgoing OUTBOUND
preference 6
destination-pattern 9[49]11
session protocol sipv2
session target ipv4:247.10.98.2
session transport udp
dtmf-relay rtp-nte
codec g711ulaw
fax-relay ecm disable
fax-relay sg3-to-g3
fax rate 14400
fax protocol pass-through g711ulaw
!
dial-peer voice 1200 voip
description local with a leading 9 to ISP
translation-profile outgoing OUTBOUND
preference 1
destination-pattern 9[2-9]..[2-9]......
session protocol sipv2
session target ipv4:247.10.98.2
session transport udp
dtmf-relay rtp-nte
codec g711ulaw
fax-relay ecm disable
fax-relay sg3-to-g3
fax rate 14400
fax protocol pass-through g711ulaw
ip qos dscp cs3 signaling
no vad
!
dial-peer voice 1201 voip
description long distance with a leading 9 to ISP
translation-profile outgoing OUTBOUND
preference 1
destination-pattern 91[2-9]..[2-9]......
session protocol sipv2
session target ipv4:247.10.98.2
session transport udp
dtmf-relay rtp-nte
codec g711ulaw
fax-relay ecm disable
fax-relay sg3-to-g3
fax rate 14400
fax protocol pass-through g711ulaw
ip qos dscp cs3 signaling
no vad
!
dial-peer voice 1202 voip
description international with a leading 9 to ISP
translation-profile outgoing OUTBOUND
preference 1
destination-pattern 9011T
session protocol sipv2
session target ipv4:247.10.98.2
session transport udp
dtmf-relay rtp-nte
codec g711ulaw
fax-relay ecm disable
fax-relay sg3-to-g3
fax rate 14400
fax protocol pass-through g711ulaw
ip qos dscp cs3 signaling
no vad
!
dial-peer voice 999209 pots
service mgcpapp
port 2/0/9
!
dial-peer voice 5200 pots
trunkgroup FXOPORTS
description Local calling with FXOPORTS
translation-profile outgoing OUTBOUND
preference 5
destination-pattern 9[2-9]..[2-9]......
!
dial-peer voice 5201 pots
trunkgroup FXOPORTS
description Long distance calling with FXOPORTS
translation-profile outgoing OUTBOUND
preference 5
destination-pattern 91[2-9]..[2-9]......
!
dial-peer voice 1100 voip
description ** Incoming call from SIP trunk **
translation-profile incoming INBOUND
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
session protocol sipv2
session transport udp
incoming called-number 770.......
dtmf-relay rtp-nte
fax protocol pass-through g711ulaw
ip qos dscp cs3 signaling
no vad
!
!
sip-ua
nat symmetric role active
retry invite 3
retry response 3
retry bye 3
retry cancel 3
retry rel1xx 3
timers connect 100
timers connection aging 30
!
!
!
call-manager-fallback
secondary-dialtone 9
max-conferences 8 gain -6
transfer-system full-consult
limit-dn 7961 6
timeouts interdigit 5
ip source-address 10.108.100.254 port 2000
max-ephones 110
max-dn 200 dual-line
dialplan-pattern 1 770555 extension-length 4
transfer-pattern 9..........
keepalive 10
default-destination 2700
no huntstop
time-zone 13
!
banner login ^CC
*******************************************************************************
Unauthorized access and improper use are prohibited. Any activity on the system
is subject to monitoring by the company at any time. Anyone who uses the system
consents to such monitoring and agrees that the company may use the results of
such monitoring without limitation.
*******************************************************************************
^C
!
line con 0
exec-timeout 60 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 60 0
logging synchronous
line vty 5 15
exec-timeout 60 0
logging synchronous
!
scheduler allocate 20000 1000
ntp server 131.144.4.9
ntp server 198.72.72.10
end
Since this was a price sensitive design, we used the 2800 router to its maximum potential. The 2800 is an amazingly flexible piece of equipment; it can be configured to do large variety of things. Sometimes known as the Integrated Services Router, or ISR, it can be set up as a router, firewall, VPN, Voice Gateway, SIP session border controller, transoder, conference bridge, and survivable remote gateway, all at the same time, on the same box!
The call manager and unity connection install was straightforward, like punching out license plates. Set up media, device pools, partitions, calling search spaces, translation patterns, gateways, route filters, route patterns, etc. Scan then batch add the phones, set up voicemail and autoattendant call handlers, create expections, deal with the special people, and that’s it. Enough said about that.
The Cisco 2800 Integrated Services Router is used in this example to terminate a Multilink PPP bundle of four Internet T1’s, act as a firewall, provide media services to the Cisco call manager, act as an MGCP controlled analog gateway, and use Cisco Survivable Remote Site Telephony (SRST) to be the backup call processor to the main Cisco Call Manager.
SIP is ok with Network Address Translation as long as the firewall is capable of doing deep packet inspection and NAT’s all references to IP addresses. When I tried to NAT the inside interface of the firewall…it did not work so well. The remote SIP service provider was seeing private IP addresses in the SIP text, which does not make for good two way communications.
The Quality of Service setup on this example is fairly straightforward. Outbound is the standard Cisco MQS low-latency queuing setup, with a priority queue for voice and class based weighted fair queuing for the rest. Even though the service provider has said they prioritize inbound voice, I still set up inbound policing. Non-voice is limited to 4 Mbps, and anything greater than that will be dropped. Voice can use all of the bandwidth, so essentially there is 2 Mbps reserved for inbound voice. This is based on a calculation of 80 kbps for one G.711 call, so 2000 kbps gives us 25 concurrent voice calls, which should be plenty for 110 phones.
Object groups are used, which is new to IOS version 12.4.20T. As a side note, I recommend strongly against using 12.4.22T1 for NAT or SCCP media like MTP’s, since those feature are broken in that version.
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname PriorityQueueRouter
!
boot-start-marker
warm-reboot
boot-end-marker
!
card type t1 0 0
card type t1 0 1
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 100000 warnings
no logging console
enable secret 5 0000000000000000000
!
aaa new-model
!
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
network-clock-participate wic 0
network-clock-participate wic 1
network-clock-select 1 T1 0/0/0
network-clock-select 2 T1 0/0/1
network-clock-select 3 T1 0/1/0
network-clock-select 4 T1 0/1/1
!
dot11 syslog
no ip source-route
!
!
ip cef
!
!
no ip domain lookup
ip domain name MAINSITE.local
ip inspect max-incomplete high 5000
ip inspect max-incomplete low 4500
ip inspect one-minute high 5000
ip inspect one-minute low 4500
ip inspect tcp idle-time 300
ip inspect tcp finwait-time 10
ip inspect tcp max-incomplete host 1000 block-time 0
ip inspect tcp reassembly queue length 1024
ip inspect tcp reassembly timeout 60
ip inspect tcp reassembly memory limit 256000
ip inspect name EXT_FW ssh
ip inspect name EXT_FW https
ip inspect name EXT_FW ntp
ip inspect name EXT_FW tcp
ip inspect name EXT_FW dns
ip inspect name EXT_FW smtp
ip inspect name EXT_FW udp
ip inspect name EXT_FW icmp
ip inspect name EXT_FW ftp timeout 1200
ip inspect name EXT_FW http
ip inspect name EXT_FW sip
ip inspect name EXT_FW appleqtc
ip inspect name EXT_FW l2tp
ip inspect name EXT_FW pptp
no ipv6 cef
!
multilink bundle-name authenticated
!
!
trunk group FXOPORTS
hunt-scheme sequential both up
!
!
voice service voip
address-hiding
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
redirect ip2ip
fax protocol pass-through g711ulaw
modem passthrough nse codec g711ulaw
sip
bind control source-interface Loopback0
bind media source-interface Loopback0
header-passing
registrar server expires max 3600 min 3600
no update-callerid
early-offer forced
!
!
voice class media 1
media flow-through
!
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
!
!
voice translation-rule 1
rule 1 /^\(2...\)/ /770555\1/
!
voice translation-rule 2
rule 1 /^9/ //
!
!
voice translation-profile OUTBOUND
translate calling 1
translate called 2
!
!
voice-card 0
no dspfarm
dsp services dspfarm
!
!
object-group network EXTERNAL_SIP_SERVERS
host 247.10.98.2
!
object-group network INSIDE_NETWORKS
10.108.0.0 255.255.0.0
!
object-group network INTERNAL_SIP_SERVERS
host 251.222.32.206
host 251.222.32.205
object-group network OUTSIDE_INTERFACE
host 250.1.26.7
!
object-group service PING_SERVICE
icmp echo-reply
icmp unreachable
icmp redirect
icmp echo
udp eq ntp
udp eq domain
!
object-group network PRIVATE_NAT_SERVERS
host 10.108.80.5
host 10.108.60.6
host 10.108.60.7
host 10.108.60.10
host 10.108.60.12
!
object-group network PUBLIC_NAT_SERVERS
host 251.222.32.205
host 251.222.32.195
host 251.222.32.197
host 251.222.32.199
host 251.222.32.201
!
object-group network SERVER_NETWORKS
10.108.60.0 255.255.255.0
10.108.80.0 255.255.255.0
!
object-group network SIP_NETWORKS
host 251.222.32.206
host 251.222.32.205
!
object-group service SIP_SERVICE
udp eq 5060
tcp eq 5060
!
!
controller T1 0/0/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 0 timeslots 1-24
!
controller T1 0/0/1
framing esf
linecode b8zs
cablelength long 0db
channel-group 1 timeslots 1-24
!
controller T1 0/1/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 0 timeslots 1-24
!
controller T1 0/1/1
framing esf
linecode b8zs
cablelength long 0db
channel-group 1 timeslots 1-24
!
ip tcp synwait-time 60
ip tcp path-mtu-discovery
ip ssh time-out 60
ip ssh version 2
!
class-map match-any VOICE_CLASS
match ip dscp ef
match access-group name VOICEPACKETS_ACL
class-map match-any CALLCONTROL_CLASS
match ip dscp af31
match ip dscp cs3
match ip dscp af21
class-map match-any CONTROL_CLASS
match access-group name NETWORKCONTROL_ACL
match ip dscp af11
class-map match-any FROM_ISP_CLASS
match access-group name FROM_ISP_ACL
!
!
policy-map DROP_NON_VOICE_POLICY
class FROM_ISP_CLASS
police rate 2000000
conform-action set-dscp-transmit ef
exceed-action set-dscp-transmit ef
violate-action set-dscp-transmit ef
class class-default
police rate 4000000
conform-action transmit
exceed-action drop
violate-action drop
policy-map VOICEFIRST_POLICY
class CALLCONTROL_CLASS
bandwidth percent 5
set dscp af21
class CONTROL_CLASS
bandwidth percent 5
set dscp af11
class VOICE_CLASS
priority percent 65 200000
set dscp ef
class class-default
fair-queue
random-detect
!
!
interface Loopback0
ip address 251.222.32.206 255.255.255.255
!
interface Multilink1
ip address 250.1.26.7 255.255.255.252
ip access-group OUTSIDE_IN in
ip verify unicast reverse-path
ip flow ingress
ip nat outside
ip inspect EXT_FW out
ip virtual-reassembly
snmp trap ip verify drop-rate
no cdp enable
ppp multilink
ppp multilink group 1
ppp multilink fragment disable
service-policy input DROP_NON_VOICE_POLICY
service-policy output VOICEFIRST_POLICY
!
interface GigabitEthernet0/0
ip address 10.108.100.254 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0:0
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
!
interface Serial0/0/1:1
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
!
interface Serial0/1/0:0
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
!
interface Serial0/1/1:1
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
!
ip local pool VPNPOOL 192.168.50.200 192.168.50.250
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Multilink1
ip route 10.108.0.0 255.255.0.0 10.108.100.1
no ip http server
ip http authentication aaa
ip http secure-server
!
!
ip nat inside source route-map DYNAMIC_RMAP interface Multilink1 overload
ip nat inside source static 10.108.60.6 64.206.208.195 route-map STATIC_RMAP
ip nat inside source static 10.108.60.8 64.206.208.197 route-map STATIC_RMAP
ip nat inside source static 10.108.60.10 64.206.208.199 route-map STATIC_RMAP
ip nat inside source static 10.108.60.12 64.206.208.201 route-map STATIC_RMAP
ip nat inside source static 10.108.80.5 64.206.208.205 route-map STATIC_RMAP
!
ip access-list extended DYNAMIC_NAT_ACL
deny ip object-group PRIVATE_NAT_SERVERS any
permit ip 10.108.0.0 0.0.255.255 any
!
ip access-list extended FROM_ISP_ACL
permit ip object-group EXTERNAL_SIP_SERVERS object-group INTERNAL_SIP_SERVERS
!
ip access-list extended OUTSIDE_IN
permit object-group PING_SERVICE any object-group OUTSIDE_INTERFACE
permit object-group PING_SERVICE any object-group INTERNAL_SIP_SERVERS
permit object-group PING_SERVICE any object-group PUBLIC_NAT_SERVERS
permit object-group SIP_SERVICE object-group EXTERNAL_SIP_SERVERS object-group INTERNAL_SIP_SERVERS
permit object-group MGMT_SERVICE object-group MGMT_NETWORKS object-group OUTSIDE_INTERFACE
!
ip access-list extended STATIC_NAT_ACL
permit ip 10.108.0.0 0.0.255.255 any
!
!
route-map DYNAMIC_RMAP permit 1
match ip address DYNAMIC_NAT_ACL
!
route-map STATIC_RMAP permit 1
match ip address STATIC_NAT_ACL
!
control-plane
!
voice-port 2/0/0
!
voice-port 2/0/1
!
voice-port 2/0/2
!
voice-port 2/0/3
!
voice-port 2/0/4
!
voice-port 2/0/5
!
voice-port 2/0/6
!
voice-port 2/0/7
!
voice-port 2/0/8
trunk-group FXOPORTS 6
timing hookflash-out 50
connection plar 2700
!
voice-port 2/0/9
trunk-group FXOPORTS 5
timing hookflash-out 50
connection plar 2700
!
voice-port 2/0/10
connection plar 2700
!
voice-port 2/0/11
connection plar 2700
!
voice-port 2/0/12
connection plar 2700
!
voice-port 2/0/13
connection plar 2700
!
ccm-manager fallback-mgcp
ccm-manager mgcp
ccm-manager music-on-hold
ccm-manager config server 10.108.80.5
ccm-manager config
!
mgcp
mgcp call-agent ucserver 2427 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode out-of-band
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp package-capability pre-package
no mgcp package-capability res-package
no mgcp package-capability fxr-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp fax t38 inhibit
mgcp rtp payload-type g726r16 static
mgcp bind control source-interface GigabitEthernet0/0
mgcp bind media source-interface GigabitEthernet0/0
!
mgcp profile default
!
sccp local Loopback0
sccp ccm 10.108.80.5 identifier 1 priority 1 version 6.0
sccp
!
sccp ccm group 1
associate ccm 1 priority 1
associate profile 4 register MTP2851-729
associate profile 3 register MTP2851
associate profile 2 register CFB2851
associate profile 1 register XCD2851
!
dspfarm profile 1 transcode
codec g711ulaw
codec g729r8
maximum sessions 2
associate application SCCP
!
dspfarm profile 2 conference
codec g711ulaw
codec g729r8
maximum sessions 2
associate application SCCP
!
dspfarm profile 3 mtp
codec g711ulaw
maximum sessions software 50
associate application SCCP
!
dspfarm profile 4 mtp
codec g729r8
maximum sessions software 50
associate application SCCP
shutdown
!
!
dial-peer voice 999200 pots
service mgcpapp
port 2/0/0
!
dial-peer voice 999208 pots
service mgcpapp
port 2/0/8
!
dial-peer voice 1 pots
description Incoming called numbers from FXO or FXS or ccm
incoming called-number .
direct-inward-dial
!
dial-peer voice 59111 pots
trunkgroup FXOPORTS
description 911 service with a leading 9
translation-profile outgoing OUTBOUND
preference 5
destination-pattern 9[49]11
!
dial-peer voice 59112 pots
trunkgroup FXOPORTS
description 911 service without a leading 9
preference 5
destination-pattern [49]11
!
dial-peer voice 5202 pots
trunkgroup FXOPORTS
description International calling with FXOPORTS
translation-profile outgoing OUTBOUND
preference 5
destination-pattern 9011T
!
dial-peer voice 19111 voip
description 911 service with a leading 9 to ISP
translation-profile outgoing OUTBOUND
preference 6
destination-pattern 9[49]11
session protocol sipv2
session target ipv4:247.10.98.2
session transport udp
dtmf-relay rtp-nte
codec g711ulaw
fax-relay ecm disable
fax-relay sg3-to-g3
fax rate 14400
fax protocol pass-through g711ulaw
!
dial-peer voice 1200 voip
description local with a leading 9 to ISP
translation-profile outgoing OUTBOUND
preference 1
destination-pattern 9[2-9]..[2-9]......
session protocol sipv2
session target ipv4:247.10.98.2
session transport udp
dtmf-relay rtp-nte
codec g711ulaw
fax-relay ecm disable
fax-relay sg3-to-g3
fax rate 14400
fax protocol pass-through g711ulaw
ip qos dscp cs3 signaling
no vad
!
dial-peer voice 1201 voip
description long distance with a leading 9 to ISP
translation-profile outgoing OUTBOUND
preference 1
destination-pattern 91[2-9]..[2-9]......
session protocol sipv2
session target ipv4:247.10.98.2
session transport udp
dtmf-relay rtp-nte
codec g711ulaw
fax-relay ecm disable
fax-relay sg3-to-g3
fax rate 14400
fax protocol pass-through g711ulaw
ip qos dscp cs3 signaling
no vad
!
dial-peer voice 1202 voip
description international with a leading 9 to ISP
translation-profile outgoing OUTBOUND
preference 1
destination-pattern 9011T
session protocol sipv2
session target ipv4:247.10.98.2
session transport udp
dtmf-relay rtp-nte
codec g711ulaw
fax-relay ecm disable
fax-relay sg3-to-g3
fax rate 14400
fax protocol pass-through g711ulaw
ip qos dscp cs3 signaling
no vad
!
dial-peer voice 999209 pots
service mgcpapp
port 2/0/9
!
dial-peer voice 5200 pots
trunkgroup FXOPORTS
description Local calling with FXOPORTS
translation-profile outgoing OUTBOUND
preference 5
destination-pattern 9[2-9]..[2-9]......
!
dial-peer voice 5201 pots
trunkgroup FXOPORTS
description Long distance calling with FXOPORTS
translation-profile outgoing OUTBOUND
preference 5
destination-pattern 91[2-9]..[2-9]......
!
dial-peer voice 1100 voip
description ** Incoming call from SIP trunk **
translation-profile incoming INBOUND
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
session protocol sipv2
session transport udp
incoming called-number 770.......
dtmf-relay rtp-nte
fax protocol pass-through g711ulaw
ip qos dscp cs3 signaling
no vad
!
!
sip-ua
nat symmetric role active
retry invite 3
retry response 3
retry bye 3
retry cancel 3
retry rel1xx 3
timers connect 100
timers connection aging 30
!
!
!
call-manager-fallback
secondary-dialtone 9
max-conferences 8 gain -6
transfer-system full-consult
limit-dn 7961 6
timeouts interdigit 5
ip source-address 10.108.100.254 port 2000
max-ephones 110
max-dn 200 dual-line
dialplan-pattern 1 770555 extension-length 4
transfer-pattern 9..........
keepalive 10
default-destination 2700
no huntstop
time-zone 13
!
banner login ^CC
*******************************************************************************
Unauthorized access and improper use are prohibited. Any activity on the system
is subject to monitoring by the company at any time. Anyone who uses the system
consents to such monitoring and agrees that the company may use the results of
such monitoring without limitation.
*******************************************************************************
^C
!
line con 0
exec-timeout 60 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 60 0
logging synchronous
line vty 5 15
exec-timeout 60 0
logging synchronous
!
scheduler allocate 20000 1000
ntp server 131.144.4.9
ntp server 198.72.72.10
end
Sunday, February 7, 2010
Using NAC for smartphone security on wireless LAN
As unmanaged, Wi-Fi-enabled smartphones proliferate on corporate networks, network managers should use wireless network access control (NAC) to give them an idea of what's on the network and how they can secure those devices.
"I talked to a hospital recently that had some sense that they had a lot of smartphones on their network, but they weren't really sure," said Jeff Wilson, principal analyst for Infonetics Research. "They thought they had about 8,000 total devices on their network, but when they dropped in [a network access control appliance from] ForeScout, they found that they had 12,000 devices. Most of the devices they hadn't accounted for were smartphones of all flavors."
Once network managers understand what devices they have on the network, they need look at their smartphone population as two main groups: company-owned assets that IT has access to, and user-owned devices that employees are using to access email and work with sensitive corporate information.
"You have to look at the world in terms of what are the devices I know about and control and what are the devices I don't know about and can't control," Wilson said. "Then you come up with one strategy that works for devices you know about and one for unknown devices. Whether that will be a way to block all access to those devices or to allow access but find some way to limit and control [access] is up to you."
Grasping control of the managed smartphones on the network is a matter of collaborating with the mobile device manager in the IT organization. The unmanaged devices will be a bigger challenge, Wilson said, "because you're not going to physically touch all of them."
Enterprises can use NAC to discover not only what kinds of devices are out there but which software and which security clients, if any, are running on them, he said. This information can help network managers determine what sort of security policies to implement for unmanaged smartphones.
Bill Perry, the IT services manager for Richard Huish College in Taunton, England, recently installed a NAC product from ForeScout specifically to gain visibility into the number of iPhones and USB devices he had on the network.
"There are many courses here where [professors] teach totally from the network," Perry said. "If it goes down, they stop teaching. I think the iPhone could come on and bring in something that could affect the operations of the network."
Perry's ForeScout appliance is currently in monitoring mode to see what is happening on the network. This month he will start implementing rules and policies to gain control over which devices can access his Cisco wireless LAN and his wired network.
Wireless network access control: What are devices doing?
After taking inventory of the smartphones on the network, network managers need to know how devices are being used.
"An important part is understanding how they are getting used on your network," Wilson said. "What is it [that] users do with the devices when they're connected, and what kind of threat does that present? That's something that using some sort of NAC or application control or discovery product can help you understand."
"Secondarily, think about the data at rest problem," he said. "Do we have a policy for what to do if someone's phone is lost? How do we decide whether I care from an IT perspective if that device is lost? And what is it we can do if we can never see, touch or do anything to handle these devices? How can we protect ourselves assuming we are never going to have access to these devices?"
Turning a blind eye to unmanaged smartphones is a gamble. "We haven't seen a lot of mobile device-specific exploits yet, but I believe that they are coming. Also, companies that invest specifically in security for smartphones right now [are doing it] because they know there are sensitive data that they would worry about if it's lost or stolen."
Out-of-band wireless NAC solutions
Not every NAC solution will afford the same amount of control and visibility into unmanaged smartphones, Wilson said. For instance, NAC products from endpoint protection vendors like McAfee and Symantec may not do much good, given that they rely on client software that the smartphones probably won't have installed. Microsoft NAP might do a good job of managing Windows Mobile smartphones, but it will have trouble tracking other smartphone platforms. NAC products that track only devices that have 802.1x supplicants will have trouble seeing devices that don't have this software, particularly smartphones.
"So you're looking at out-of-band solutions that aren't limited to 802.1x and use other methods, such as capturing MAC addresses and machine IDs," Wilson said.
Going beyond smartphone security
NAC has also helped Perry deal with other issues relating to both managed and unmanaged laptops on the network. For instance he's detected a couple of unmanaged PCs that are scanning his network, particularly password scanning, so he's trying to track the machines down with ForeScout. He's not convinced that someone is trying to hack the network, but he'll know more once he finds the machine.
The technology also helped him find a school-owned loaner laptop that had gone missing.
"We went through the records and could see the last time it was on a network, the person who was using it and the port it was accessed through," Perry said. "So you can track it down, then go find it. That one was being used by the finance department, and then it was locked away in a cupboard for a month and a half."
"I talked to a hospital recently that had some sense that they had a lot of smartphones on their network, but they weren't really sure," said Jeff Wilson, principal analyst for Infonetics Research. "They thought they had about 8,000 total devices on their network, but when they dropped in [a network access control appliance from] ForeScout, they found that they had 12,000 devices. Most of the devices they hadn't accounted for were smartphones of all flavors."
Once network managers understand what devices they have on the network, they need look at their smartphone population as two main groups: company-owned assets that IT has access to, and user-owned devices that employees are using to access email and work with sensitive corporate information.
"You have to look at the world in terms of what are the devices I know about and control and what are the devices I don't know about and can't control," Wilson said. "Then you come up with one strategy that works for devices you know about and one for unknown devices. Whether that will be a way to block all access to those devices or to allow access but find some way to limit and control [access] is up to you."
Grasping control of the managed smartphones on the network is a matter of collaborating with the mobile device manager in the IT organization. The unmanaged devices will be a bigger challenge, Wilson said, "because you're not going to physically touch all of them."
Enterprises can use NAC to discover not only what kinds of devices are out there but which software and which security clients, if any, are running on them, he said. This information can help network managers determine what sort of security policies to implement for unmanaged smartphones.
Bill Perry, the IT services manager for Richard Huish College in Taunton, England, recently installed a NAC product from ForeScout specifically to gain visibility into the number of iPhones and USB devices he had on the network.
"There are many courses here where [professors] teach totally from the network," Perry said. "If it goes down, they stop teaching. I think the iPhone could come on and bring in something that could affect the operations of the network."
Perry's ForeScout appliance is currently in monitoring mode to see what is happening on the network. This month he will start implementing rules and policies to gain control over which devices can access his Cisco wireless LAN and his wired network.
Wireless network access control: What are devices doing?
After taking inventory of the smartphones on the network, network managers need to know how devices are being used.
"An important part is understanding how they are getting used on your network," Wilson said. "What is it [that] users do with the devices when they're connected, and what kind of threat does that present? That's something that using some sort of NAC or application control or discovery product can help you understand."
"Secondarily, think about the data at rest problem," he said. "Do we have a policy for what to do if someone's phone is lost? How do we decide whether I care from an IT perspective if that device is lost? And what is it we can do if we can never see, touch or do anything to handle these devices? How can we protect ourselves assuming we are never going to have access to these devices?"
Turning a blind eye to unmanaged smartphones is a gamble. "We haven't seen a lot of mobile device-specific exploits yet, but I believe that they are coming. Also, companies that invest specifically in security for smartphones right now [are doing it] because they know there are sensitive data that they would worry about if it's lost or stolen."
Out-of-band wireless NAC solutions
Not every NAC solution will afford the same amount of control and visibility into unmanaged smartphones, Wilson said. For instance, NAC products from endpoint protection vendors like McAfee and Symantec may not do much good, given that they rely on client software that the smartphones probably won't have installed. Microsoft NAP might do a good job of managing Windows Mobile smartphones, but it will have trouble tracking other smartphone platforms. NAC products that track only devices that have 802.1x supplicants will have trouble seeing devices that don't have this software, particularly smartphones.
"So you're looking at out-of-band solutions that aren't limited to 802.1x and use other methods, such as capturing MAC addresses and machine IDs," Wilson said.
Going beyond smartphone security
NAC has also helped Perry deal with other issues relating to both managed and unmanaged laptops on the network. For instance he's detected a couple of unmanaged PCs that are scanning his network, particularly password scanning, so he's trying to track the machines down with ForeScout. He's not convinced that someone is trying to hack the network, but he'll know more once he finds the machine.
The technology also helped him find a school-owned loaner laptop that had gone missing.
"We went through the records and could see the last time it was on a network, the person who was using it and the port it was accessed through," Perry said. "So you can track it down, then go find it. That one was being used by the finance department, and then it was locked away in a cupboard for a month and a half."
Know about the Cisco CCDE certification
In January, Cisco launched a very important, new high-level certification: the Cisco Certified Design Expert (CCDE) certification. Will it live up to the hype? Find out the specifics of the CCDE, see how it fits in with other Cisco certifications, and learn why you should consider the CCDE.
Before even thinking about security- and VoIP-specific certifications, Cisco offered design certifications: The Cisco Certified Design Associate (CCDA) and the Cisco Certified Design Professional (CCDP). Both entail strictly computerized tests that focus on the proper design of networks.
Since I’ve earned my CCDA certification, I can tell you — and it’s no secret — that the test consists of many long scenarios. The single test can be challenging primarily due to the complex scenarios that you must read, dissect, and understand before you can make the right design choice for that network. I suspect that the CCDP certification isn’t too much different, just more complex and challenging with many more requirements for technical knowledge mixed in.
I’ve heard comments for many years from networking designers that they wished Cisco offered an expert/top-level certification for network design. With last month’s announcement of the CCDE, Cisco answered their call.
What is the CCDE?
The CCDE is the expert-level certification that those network designers have been waiting for. Similar to the Cisco Certified Internetwork Expert (CCIE) certification, the CCDE requires passing both a two-hour computerized test and a full-day, hands-on lab/practical exam, which you must complete at a Cisco testing facility.
You must first past the computerized test before you can schedule the lab exam. The exam name for the CCDE written test is ADVDESIGN, and that’s what you need to know: How to design advanced networks. Cisco recommends that you have at least five to seven years of experience designing advanced networks before taking the test.
The exam lasts two hours, and the exam blueprint covers just about anything that anyone could ever think of related to complex networks. In addition, passing the CCDE written exam recertifies any other Cisco certifications you have, including the CCDA, CCNA, and CCIE.
After passing the computerized exam, you can schedule your lab exam at a handful of Cisco offices. However, Cisco hasn’t currently announced specific locations and time slots for the practical exam.
Like the CCIE practical exam, the CCDE practical exam will be an eight-hour scenario-based exam that will “test your ability to identify, manage, and create advanced infrastructure design solutions for large-scale networks.” Having taken more than one CCIE hands-on practical exam, I have no doubt that the CCDE practical exam will be just as grueling.
Why isn’t there a network design CCIE?
Like the CCIE, CCDE candidates will receive a unique number and other benefits. Why didn’t Cisco just create a network design version of its CCIE certification? Cisco was considering it, but the company decided to create a separate expert-level exam for design instead because the topics were just too dissimilar.
The CCIE and the CCDE are now “peer” certifications and are equivalent to one another. Only time will tell if the CCDE becomes as well-known and respected as the CCIE.
Recruiters and managers like to throw around the CCNA and CCIE appellations; you’ll often hear something like “we have five IEs and two NAs on staff.” So can the new “DE” become as popular?
Certainly, other Cisco certifications, such as the CCNET, CCVP, CCSP, CCIP, and even the CCDP, have struggled to become as well-known as the CCNA and CCIE. While not necessarily a popularity contest, network administrators justifiably flock to the most well-known certifications because they what might help them land that next big job or pay raise.
Four reasons to consider the CCDE
I’m considering pursuing the new CCDE certification, and I think you should consider it as well. Here are four reasons to think about it:
Unlike a CCNP, CCDP, or MCSE certification, the CCDE doesn’t have a long list of tests you must take. You only have to take one written and one hands-on exam.
For those of us who enjoy designing complex networks instead of tweaking and troubleshooting complex network routing or security, the CCDE may be something that interests you more than other certifications.
Cisco has done a great job representing, improving, and marketing the CCIE. Because of this, I think the CCDE will become highly recognizable, just as the CCIE is today.
The CCDE proves that you can design some of the most complex and advanced networks in the world today. The documentation of this skill can be invaluable to your career.
However, don’t jump the gun: Make sure you have the recommended design experience on large networks, get ready to prepare for some grueling tests, and make sure you’re willing to pay a much higher price than other certifications — both in time and in dollars.
From:Tech Republic
Buy: cisco study kits
Before even thinking about security- and VoIP-specific certifications, Cisco offered design certifications: The Cisco Certified Design Associate (CCDA) and the Cisco Certified Design Professional (CCDP). Both entail strictly computerized tests that focus on the proper design of networks.
Since I’ve earned my CCDA certification, I can tell you — and it’s no secret — that the test consists of many long scenarios. The single test can be challenging primarily due to the complex scenarios that you must read, dissect, and understand before you can make the right design choice for that network. I suspect that the CCDP certification isn’t too much different, just more complex and challenging with many more requirements for technical knowledge mixed in.
I’ve heard comments for many years from networking designers that they wished Cisco offered an expert/top-level certification for network design. With last month’s announcement of the CCDE, Cisco answered their call.
What is the CCDE?
The CCDE is the expert-level certification that those network designers have been waiting for. Similar to the Cisco Certified Internetwork Expert (CCIE) certification, the CCDE requires passing both a two-hour computerized test and a full-day, hands-on lab/practical exam, which you must complete at a Cisco testing facility.
You must first past the computerized test before you can schedule the lab exam. The exam name for the CCDE written test is ADVDESIGN, and that’s what you need to know: How to design advanced networks. Cisco recommends that you have at least five to seven years of experience designing advanced networks before taking the test.
The exam lasts two hours, and the exam blueprint covers just about anything that anyone could ever think of related to complex networks. In addition, passing the CCDE written exam recertifies any other Cisco certifications you have, including the CCDA, CCNA, and CCIE.
After passing the computerized exam, you can schedule your lab exam at a handful of Cisco offices. However, Cisco hasn’t currently announced specific locations and time slots for the practical exam.
Like the CCIE practical exam, the CCDE practical exam will be an eight-hour scenario-based exam that will “test your ability to identify, manage, and create advanced infrastructure design solutions for large-scale networks.” Having taken more than one CCIE hands-on practical exam, I have no doubt that the CCDE practical exam will be just as grueling.
Why isn’t there a network design CCIE?
Like the CCIE, CCDE candidates will receive a unique number and other benefits. Why didn’t Cisco just create a network design version of its CCIE certification? Cisco was considering it, but the company decided to create a separate expert-level exam for design instead because the topics were just too dissimilar.
The CCIE and the CCDE are now “peer” certifications and are equivalent to one another. Only time will tell if the CCDE becomes as well-known and respected as the CCIE.
Recruiters and managers like to throw around the CCNA and CCIE appellations; you’ll often hear something like “we have five IEs and two NAs on staff.” So can the new “DE” become as popular?
Certainly, other Cisco certifications, such as the CCNET, CCVP, CCSP, CCIP, and even the CCDP, have struggled to become as well-known as the CCNA and CCIE. While not necessarily a popularity contest, network administrators justifiably flock to the most well-known certifications because they what might help them land that next big job or pay raise.
Four reasons to consider the CCDE
I’m considering pursuing the new CCDE certification, and I think you should consider it as well. Here are four reasons to think about it:
Unlike a CCNP, CCDP, or MCSE certification, the CCDE doesn’t have a long list of tests you must take. You only have to take one written and one hands-on exam.
For those of us who enjoy designing complex networks instead of tweaking and troubleshooting complex network routing or security, the CCDE may be something that interests you more than other certifications.
Cisco has done a great job representing, improving, and marketing the CCIE. Because of this, I think the CCDE will become highly recognizable, just as the CCIE is today.
The CCDE proves that you can design some of the most complex and advanced networks in the world today. The documentation of this skill can be invaluable to your career.
However, don’t jump the gun: Make sure you have the recommended design experience on large networks, get ready to prepare for some grueling tests, and make sure you’re willing to pay a much higher price than other certifications — both in time and in dollars.
From:Tech Republic
Buy: cisco study kits
Why we bought the Cisco 2800 Series
At my company, we still have a lot of Cisco 2600 and 3600 Series routers. While not all my sites needed the power of these routers, we needed to use a network module card, and these router models were the first in the Cisco product line that supported those network modules. Specifically, we use NM-16A & NM-32A asynchronous serial modules to support serial devices at each location. The Cisco 2600 Series routers don’t have the CPU and RAM to support the latest IOS and to handle the current network traffic load. (Note: The last date to receive service and support for a 2600 Series is April 28, 2008.)
In my case, the Cisco router 2800 Series is the ideal replacement for almost all our routers. We have been purchasing 2811 Series routers, installing a HWIC T1 card for MPLS WAN connectivity, and replacing existing routers at remote sites. We added a NM-16A or NM-32A modules to support the needs of our async devices. I have seen cases where putting in a 2800 Series immediately improved the performance for that remote location.
While I might be able to use a smaller router like an 1800, I need the NM slot from the 2800 Series, and I like the flexibility and power that the 2800 Series offers. Like the 2600 and 3600 Series routers, the 2800 Series has been extremely reliable; so far, not one 2800 Series has failed.
A downside to the Cisco 2800 Series is that it is loud. When I turned it on to configure it in my office, I couldn’t hear my coworkers or my phone.
ConclusionIf you are in the market for a new router (perhaps you’re looking to replace your aging 2600 and 3600 Series routers), I recommend taking a look at the Cisco 2800 Series. Based on my personal use, the Cisco 2800 Series is another rock solid router from Cisco that, like the 2600 and 3600 Series, will serve network admins for years to come.
The real case for the Cisco 2800 Series is that it offers a completely improved package: better performance, solid reliability, versatility of use, and a plethora of WAN interfaces and network modules that you can use to expand it. Also, since the 2600 Series will no longer be supported, the time to replace those routers with the 2800 is now.
In my case, the Cisco router 2800 Series is the ideal replacement for almost all our routers. We have been purchasing 2811 Series routers, installing a HWIC T1 card for MPLS WAN connectivity, and replacing existing routers at remote sites. We added a NM-16A or NM-32A modules to support the needs of our async devices. I have seen cases where putting in a 2800 Series immediately improved the performance for that remote location.
While I might be able to use a smaller router like an 1800, I need the NM slot from the 2800 Series, and I like the flexibility and power that the 2800 Series offers. Like the 2600 and 3600 Series routers, the 2800 Series has been extremely reliable; so far, not one 2800 Series has failed.
A downside to the Cisco 2800 Series is that it is loud. When I turned it on to configure it in my office, I couldn’t hear my coworkers or my phone.
ConclusionIf you are in the market for a new router (perhaps you’re looking to replace your aging 2600 and 3600 Series routers), I recommend taking a look at the Cisco 2800 Series. Based on my personal use, the Cisco 2800 Series is another rock solid router from Cisco that, like the 2600 and 3600 Series, will serve network admins for years to come.
The real case for the Cisco 2800 Series is that it offers a completely improved package: better performance, solid reliability, versatility of use, and a plethora of WAN interfaces and network modules that you can use to expand it. Also, since the 2600 Series will no longer be supported, the time to replace those routers with the 2800 is now.
Thursday, February 4, 2010
8 ways to strengthen your Cisco networking skills
In the past couple of weeks, I’ve written a couple of articles about Cisco certification that generated a lot of response from TechRepublic members. The most recent article, “What you need to know about Cisco’s CCNA certification,” garnered a lot of excellent comments, many of which focused on gaining experience.
More than once, the old “chicken or the egg” conundrum came to mind as readers asked, “How do I get a Cisco job with no experience, and how do I get Cisco experience without a job?” TechRepublic member nacht probably said it best:
“What you have here is a chicken and egg problem: You can’t get the experience because you don’t have the certification, but the certification doesn’t help when you don’t have ‘enough’ experience.”
This really highlights the problem that so many aspiring network engineers have when they’re starting out. Member PhilTkgh said not to bother with earning a CCNA unless you have the experience. Member llapi2000 said the key point was finding a way to get experience because employers won’t hire you unless you have it.
So how do you get the Cisco experience you need to get your foot in the door? Here are eight ways you can start strengthening your Cisco experience.
#1: Work for free
Two years ago, a friend of mine had no Cisco networking knowledge; today, he earns a significant salary as a network engineer. What happened? He got his experience by volunteering to work on Cisco equipment for free.
In his case, he volunteered at his church. Someone donated a Cisco VoIP Call Manager and phones, along with a bunch of Cisco switches, to the church. While working at the church in another area, he spent his spare time reading and researching the new Cisco equipment, learned how it worked, hooked it up, and managed to earn his CCNA certification in the process. After a number of months maintaining the system, he found a full-time job as a network engineer.
In other words, one way to get Cisco experience is to offer to help for free. Let’s say you’re a Windows expert. Plenty organizations out there need your help, and many of them also have Cisco equipment. Besides doing good by helping a local organization, you can also gain valuable experience that you can list on your resume and use during a technical interview.
#2: Use simulators or rent a rack
Member Rand777 said that one way to get experience is to rent racks of Cisco equipment online. For more information, read my article on the subject, “Rent Cisco practice racks from online providers.”
A less expensive option is to use a Cisco IOS simulator, which imitates a rack of Cisco routers and switches. Here’s list of eight Cisco IOS simulators.
I’ve heard that the CCNA exam has a number of simulation questions these days, so either of these options is a good idea. However, it’s not enough to just pay the money; you have to push yourself to use the equipment to learn more about Cisco networking.
#3: Buy used routers and build a home lab
Member Bill Pate argued that the best way to get experience was to build a home lab. It doesn’t get much better than having your own rack of routers, which can be surprisingly inexpensive. Member wade.alexandro pointed out that you can often pick up 2500 series routers for about $25 each. Buy: used cisco, or Rental cisco equipment.
#4: Volunteer at work
Member j.s.davis recommended befriending fellow admins at work, and I couldn’t agree more. Perhaps your networking department could use some help shipping routers or taking inventory of hardware. No matter how small the department is, there may be some way you could help and get your foot in the door. An offer of free help can go a long way.
#5: Attend the Cisco Networking Academy
Member c.stockwell recommended attending the Cisco Network Academy. This is an excellent place to start gaining some experience working on real routers and switches. In addition, it’s a great opportunity to network with students, instructors, and potential employers.
#6: Make new friends
Find ways to make friends who use Cisco routers and switches. This is a great way to learn more, gain experience, and maybe find someone who will give you a chance even though you have limited experience. Use social networking on the Web, or join a local Cisco users’ group.
For example, in my area, we have the popular DFW Cisco Users Group. And there are Cisco user groups around the United States and the world.
What if there isn’t a user group in your area? You can start your own group with as few as 10 people and begin receiving benefits from Cisco Press.
#7: Participate in forums
There’s a plethora of Cisco-specific forums on the Internet where you can learn more about Cisco networking. In addition, you can share your knowledge by helping others with Cisco questions. While that doesn’t automatically give you experience, it does get your name out there and help you network with others. Maybe you’ll even meet a future employer by volunteering to help with a networking issue.
Here are some forums I recommend:
TechRepublic Forums
Petri IT Knowledgebase Forums
HappyRouter Forums
#8: Start at the bottom
Member michael.brodock said that one of the best ways to get experience is to start from the bottom. If you really want to break into a new field and get experience, sometimes you’re going to have to suck it up and start from scratch. This often means taking a pay cut and starting over at the bottom of the ladder.
But look on the bright side: The bottom is also where the most openings are, and where you have more opportunity to get into the field.
SummaryTrying to find a Cisco networking position without any experience is very difficult — even if you have a CCNA certification. However, there are many things you can do to network, promote yourself, and gain Cisco networking experience. Don’t get caught in the “chicken or the egg” conundrum.
David Davis has worked in the IT industry for more than 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.
More than once, the old “chicken or the egg” conundrum came to mind as readers asked, “How do I get a Cisco job with no experience, and how do I get Cisco experience without a job?” TechRepublic member nacht probably said it best:
“What you have here is a chicken and egg problem: You can’t get the experience because you don’t have the certification, but the certification doesn’t help when you don’t have ‘enough’ experience.”
This really highlights the problem that so many aspiring network engineers have when they’re starting out. Member PhilTkgh said not to bother with earning a CCNA unless you have the experience. Member llapi2000 said the key point was finding a way to get experience because employers won’t hire you unless you have it.
So how do you get the Cisco experience you need to get your foot in the door? Here are eight ways you can start strengthening your Cisco experience.
#1: Work for free
Two years ago, a friend of mine had no Cisco networking knowledge; today, he earns a significant salary as a network engineer. What happened? He got his experience by volunteering to work on Cisco equipment for free.
In his case, he volunteered at his church. Someone donated a Cisco VoIP Call Manager and phones, along with a bunch of Cisco switches, to the church. While working at the church in another area, he spent his spare time reading and researching the new Cisco equipment, learned how it worked, hooked it up, and managed to earn his CCNA certification in the process. After a number of months maintaining the system, he found a full-time job as a network engineer.
In other words, one way to get Cisco experience is to offer to help for free. Let’s say you’re a Windows expert. Plenty organizations out there need your help, and many of them also have Cisco equipment. Besides doing good by helping a local organization, you can also gain valuable experience that you can list on your resume and use during a technical interview.
#2: Use simulators or rent a rack
Member Rand777 said that one way to get experience is to rent racks of Cisco equipment online. For more information, read my article on the subject, “Rent Cisco practice racks from online providers.”
A less expensive option is to use a Cisco IOS simulator, which imitates a rack of Cisco routers and switches. Here’s list of eight Cisco IOS simulators.
I’ve heard that the CCNA exam has a number of simulation questions these days, so either of these options is a good idea. However, it’s not enough to just pay the money; you have to push yourself to use the equipment to learn more about Cisco networking.
#3: Buy used routers and build a home lab
Member Bill Pate argued that the best way to get experience was to build a home lab. It doesn’t get much better than having your own rack of routers, which can be surprisingly inexpensive. Member wade.alexandro pointed out that you can often pick up 2500 series routers for about $25 each. Buy: used cisco, or Rental cisco equipment.
#4: Volunteer at work
Member j.s.davis recommended befriending fellow admins at work, and I couldn’t agree more. Perhaps your networking department could use some help shipping routers or taking inventory of hardware. No matter how small the department is, there may be some way you could help and get your foot in the door. An offer of free help can go a long way.
#5: Attend the Cisco Networking Academy
Member c.stockwell recommended attending the Cisco Network Academy. This is an excellent place to start gaining some experience working on real routers and switches. In addition, it’s a great opportunity to network with students, instructors, and potential employers.
#6: Make new friends
Find ways to make friends who use Cisco routers and switches. This is a great way to learn more, gain experience, and maybe find someone who will give you a chance even though you have limited experience. Use social networking on the Web, or join a local Cisco users’ group.
For example, in my area, we have the popular DFW Cisco Users Group. And there are Cisco user groups around the United States and the world.
What if there isn’t a user group in your area? You can start your own group with as few as 10 people and begin receiving benefits from Cisco Press.
#7: Participate in forums
There’s a plethora of Cisco-specific forums on the Internet where you can learn more about Cisco networking. In addition, you can share your knowledge by helping others with Cisco questions. While that doesn’t automatically give you experience, it does get your name out there and help you network with others. Maybe you’ll even meet a future employer by volunteering to help with a networking issue.
Here are some forums I recommend:
TechRepublic Forums
Petri IT Knowledgebase Forums
HappyRouter Forums
#8: Start at the bottom
Member michael.brodock said that one of the best ways to get experience is to start from the bottom. If you really want to break into a new field and get experience, sometimes you’re going to have to suck it up and start from scratch. This often means taking a pay cut and starting over at the bottom of the ladder.
But look on the bright side: The bottom is also where the most openings are, and where you have more opportunity to get into the field.
SummaryTrying to find a Cisco networking position without any experience is very difficult — even if you have a CCNA certification. However, there are many things you can do to network, promote yourself, and gain Cisco networking experience. Don’t get caught in the “chicken or the egg” conundrum.
David Davis has worked in the IT industry for more than 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.
Why used server - Black, White or Gray Market?
In the field, the word "gray market" is typically thrown around with disregard for it's real meaning (product acquired from an overseas channel at lower prices than said product is provided in the local channel) in order to spread FUD. Some reps will even go as far as to refer to used IT hardware as "black market" or stolen/counterfeit equipment.
The truth is that if you're dealing with a reputable dealer, the product is probably as "white market" as a bake sale. Of course, you have to protect yourself and make sure you're working with a trusted vendor. Guidelines for feeling out a remarketed vendor are listed at the bottom of this article. First though, consider the following:
The manufacturers and distributors of the world (Sun, HP, IBM, etc...) would like you to believe any of the following scenarios regarding open market used versions of their products:
The system was stolen
The system is a counterfeit from overseas
The system was a reject
The truth is likely any of the following scenarios:
The equipment was traded-in from another user who gently used it and had it under maintenance with the manufacturer.
The equipment has come off of a lease and been redistributed out to the open market (any where from 3 months to 3 years).
The equipment was thoroughly tested and updated to the manufacturer's specifications before shipment.
There certainly are some slim shady dealers out there (a tiny minority), so it makes sense that the manufacturer's want to protect the users from them, although I suspect the manufacturers want to protect themselves from losing a deal for their brand new solution. So, how do you tell the wheat from the chaff?
Do your due diligence - Check references, check BBB listing, years in business, etc...
Ask if the reseller can put the following in writing on your quote and eventually on the signed purchase order:
- All hardware is (XYZ manufacturer) original equipment.
- All hardware is guaranteed eligible for the manufacturer's maintenance.
Ask whether the licensing will be an issue.
- Some manufacturers require recertification or new licenses in order to acquire maintenance and/or software.
Get credit terms if you can.
- Corporations of any decent size should be able to negotiate payment terms of up to 30 days. This basically gives you the opportunity to try before you buy. If the equipment doesn't meet your standards, you can return it without trying to recover your payment. If the first three precautions are taken, you shouldn't have any surprises, but it doesn't hurt to be cautious (and get on credit)!
While there are sharks out there, manufacturer's will over-hype their presence but these tips will help you navigate through the calm waters of the used IT marketplace.
The truth is that if you're dealing with a reputable dealer, the product is probably as "white market" as a bake sale. Of course, you have to protect yourself and make sure you're working with a trusted vendor. Guidelines for feeling out a remarketed vendor are listed at the bottom of this article. First though, consider the following:
The manufacturers and distributors of the world (Sun, HP, IBM, etc...) would like you to believe any of the following scenarios regarding open market used versions of their products:
The system was stolen
The system is a counterfeit from overseas
The system was a reject
The truth is likely any of the following scenarios:
The equipment was traded-in from another user who gently used it and had it under maintenance with the manufacturer.
The equipment has come off of a lease and been redistributed out to the open market (any where from 3 months to 3 years).
The equipment was thoroughly tested and updated to the manufacturer's specifications before shipment.
There certainly are some slim shady dealers out there (a tiny minority), so it makes sense that the manufacturer's want to protect the users from them, although I suspect the manufacturers want to protect themselves from losing a deal for their brand new solution. So, how do you tell the wheat from the chaff?
Do your due diligence - Check references, check BBB listing, years in business, etc...
Ask if the reseller can put the following in writing on your quote and eventually on the signed purchase order:
- All hardware is (XYZ manufacturer) original equipment.
- All hardware is guaranteed eligible for the manufacturer's maintenance.
Ask whether the licensing will be an issue.
- Some manufacturers require recertification or new licenses in order to acquire maintenance and/or software.
Get credit terms if you can.
- Corporations of any decent size should be able to negotiate payment terms of up to 30 days. This basically gives you the opportunity to try before you buy. If the equipment doesn't meet your standards, you can return it without trying to recover your payment. If the first three precautions are taken, you shouldn't have any surprises, but it doesn't hurt to be cautious (and get on credit)!
While there are sharks out there, manufacturer's will over-hype their presence but these tips will help you navigate through the calm waters of the used IT marketplace.
Cisco to remain aggressive in 2010
Cisco is expected to remain aggressive in 2010 as it looks to take back lost market share. The company will build on its generous financing for SMBs, continue to set the industry pace in mergers and acquisitions, and leverage its formidable cash position - greater than $20 billion post- Tandberg and Starent acquisitions - in an effort to pull away from competitors, according to investment firm UBS.
Cisco recently announced a three-year, 0% financing incentive for SMBs in the US. The financing offer applies to all Cisco products and services from $1,000 up to $250,000. It is available through Cisco Certified Partners until July 31.
Cisco also said it would, in 2010, maintain its pace of mergers and acquisitions. It acquired six companies last year, four of which were purchased between May 2009 and the end of the year. They included Tandberg ($3.4 billion), Starent ($2.9 billion), and Pure Digital ($590 million).
It helped that Cisco had, at that time, $30 billion in cash. It helps that over $20 billion of that remains, according to UBS estimates.
All of this has UBS expecting in-line or better results from Cisco for its second quarter of fiscal 2010, which it reports tomorrow. The Street is expecting revenue of $9.4 billion and earnings of $.35 per share; UBS expects slightly better revenue -- $9.41 billion - and slightly less EPS: $.34.
Results will be driven by strength in US service provider and enterprise sales, and improved IT spending overall. UBS expects Cisco to end fiscal 2010 with $38.4 billion in sales, and fiscal 2011 with $43.5 billion. Starent will contribute $220 million and $452 million, respectively, according to UBS estimates.
From: Network World
Cisco recently announced a three-year, 0% financing incentive for SMBs in the US. The financing offer applies to all Cisco products and services from $1,000 up to $250,000. It is available through Cisco Certified Partners until July 31.
Cisco also said it would, in 2010, maintain its pace of mergers and acquisitions. It acquired six companies last year, four of which were purchased between May 2009 and the end of the year. They included Tandberg ($3.4 billion), Starent ($2.9 billion), and Pure Digital ($590 million).
It helped that Cisco had, at that time, $30 billion in cash. It helps that over $20 billion of that remains, according to UBS estimates.
All of this has UBS expecting in-line or better results from Cisco for its second quarter of fiscal 2010, which it reports tomorrow. The Street is expecting revenue of $9.4 billion and earnings of $.35 per share; UBS expects slightly better revenue -- $9.41 billion - and slightly less EPS: $.34.
Results will be driven by strength in US service provider and enterprise sales, and improved IT spending overall. UBS expects Cisco to end fiscal 2010 with $38.4 billion in sales, and fiscal 2011 with $43.5 billion. Starent will contribute $220 million and $452 million, respectively, according to UBS estimates.
From: Network World
Juniper's Q4 might mean an upbeat Q2 for Cisco
Juniper's blow out Q4 may portend a stellar quarter from rival Cisco as well. Cisco reports next Tuesday and some analysts expect the company to come in ahead of estimates.
Meanwhile, Juniper's strength was due largely to service providers, sales in the Americas, and yes, some enterprise growth year-over-year - but sequentially, enterprise was essentially flat. AT&T was better than 10% of Juniper's sales in the quarter and sales to service providers grew 22% sequentially.
In a bulletin on the quarter, Oppenheimer & Co. analyst Ittai Kidron states that AT&T may have been responsible for better than 50% of Juniper's sequential sales growth in the quarter.
Sales in the Americas also grew 22% from Q3 and service providers gobbled up almost one-third of Juniper's $246 million in Service Layer Technology sales in the quarter.
Though enterprise only grew 1% sequentially, it did grow 5% year-over-year and 11% for the full year. Sales of Juniper's EX LAN switches were up 47% sequentially to $74 million and the SRX security gateway grew 38% from Q3.
For Q1 2010, Juniper is guiding toward sales of $880 million to $910 million, and earnings per share of $0.23-$0.26. This is better than Wall Street consensus estimates of 873.2 million and $0.24, but a dip from the $941 million and $.32 results for Q4.
Oppenheimer's Kidron is nonetheless upbeat on the guidance:
Juniper plans to grow market share 12% to 15% in service providers in 2010, and in enterprise in the mid-single digits.
Avian Securities' Catharine Trebnick found Juniper's guidance targets "mediocre." In a report on the quarter, she remains negative on Juniper:
Lazard Capital Markets also found that Juniper's guidance "implies a steeper sequential decline than expected."
Meanwhile, Juniper's strength was due largely to service providers, sales in the Americas, and yes, some enterprise growth year-over-year - but sequentially, enterprise was essentially flat. AT&T was better than 10% of Juniper's sales in the quarter and sales to service providers grew 22% sequentially.
In a bulletin on the quarter, Oppenheimer & Co. analyst Ittai Kidron states that AT&T may have been responsible for better than 50% of Juniper's sequential sales growth in the quarter.
Sales in the Americas also grew 22% from Q3 and service providers gobbled up almost one-third of Juniper's $246 million in Service Layer Technology sales in the quarter.
Though enterprise only grew 1% sequentially, it did grow 5% year-over-year and 11% for the full year. Sales of Juniper's EX LAN switches were up 47% sequentially to $74 million and the SRX security gateway grew 38% from Q3.
For Q1 2010, Juniper is guiding toward sales of $880 million to $910 million, and earnings per share of $0.23-$0.26. This is better than Wall Street consensus estimates of 873.2 million and $0.24, but a dip from the $941 million and $.32 results for Q4.
Oppenheimer's Kidron is nonetheless upbeat on the guidance:
We're...pleased with 1Q10 guidance, which tops our prior and Street expectations and is supported by strong deferred revenues. Importantly, management's commentary on 2010 was upbeat with Juniper aiming to exceed the growth of its addressable markets, gain share and expand operating margins at the same time. Juniper's growth story continues to play out well with IBM/Dell set to contribute more in 2010...Juniper plans to gain share and surpass 2010 market growth.
Juniper plans to grow market share 12% to 15% in service providers in 2010, and in enterprise in the mid-single digits.
Avian Securities' Catharine Trebnick found Juniper's guidance targets "mediocre." In a report on the quarter, she remains negative on Juniper:
Our cautious stance remains predicated on longer term challenges in the service provider segment we attribute to three key trends: (1) Operators shift toward less expensive Ethernet platforms and this is driving down price per port for routers; (2) JNPR is missing key partnerships for packet optical networks with key RFP's underway (Verizon Packet Optical RFP), and (3) JNPR still lacks wireless DNA and project Falcon timing is available after key LTE supplier decisions. In addition we believe that the HPQ/3COM merger has the potential to squeeze JNPR's efforts, which currently is benefiting from strong growth in managed services and DC upgrades for 10 GigE ports.
Lazard Capital Markets also found that Juniper's guidance "implies a steeper sequential decline than expected."
Cisco backdoor still open
The "backdoors" that Cisco and other networking companies implement in their routers and switches for lawful intercept are front and center again at this week's Black Hat security conference. A few years ago, they were cause celebre in some VoIP wiretapping arguments and court rulings.
This time, an IBM researcher told Black Hat conference attendees that these openings can still expose information about us to hackers and allow them to "watch" our Internet activity. Backdoors are implemented in routers and switches so law enforcement officials can track the Internet communications and activity of an individual or individuals under surveillance. They are required by law to be incorporated in devices manufactured by networking companies and sold to ISPs.
In this report from Forbes, IBM Internet Security Systems researcher Tom Cross demonstrated how easily the backdoor in Cisco IOS can be exploited by hackers. When they gain access to a Cisco router, they are not blocked after multiple failed access attempts nor is an alert sent to an administrator. Any data collected through the backdoor can be sent to anywhere -- not just merely to an authorized user, Forbes reports.
What's more, an ISP is not able to perform an audit trail on whoever tried to gain access to a router through the backdoor - that nuance was intended to keep ISP employees from detecting the intercept and inadvertently tipping off the individual under surveillance. But according to IBM's Cross, any authorized employee can use it for unauthorized surveillance of users and those privacy violations cannot be tracked by the ISP.
Cisco said it is aware of Cross's assertions and is taking them under consideration. To Cisco's credit, it is the only networking company that makes its lawful intercept architecture public, according to the recommendations of the IETF, the Forbes story states. Other companies do not, which means they may be susceptible to the same security flaws, or worse.
This time, an IBM researcher told Black Hat conference attendees that these openings can still expose information about us to hackers and allow them to "watch" our Internet activity. Backdoors are implemented in routers and switches so law enforcement officials can track the Internet communications and activity of an individual or individuals under surveillance. They are required by law to be incorporated in devices manufactured by networking companies and sold to ISPs.
In this report from Forbes, IBM Internet Security Systems researcher Tom Cross demonstrated how easily the backdoor in Cisco IOS can be exploited by hackers. When they gain access to a Cisco router, they are not blocked after multiple failed access attempts nor is an alert sent to an administrator. Any data collected through the backdoor can be sent to anywhere -- not just merely to an authorized user, Forbes reports.
What's more, an ISP is not able to perform an audit trail on whoever tried to gain access to a router through the backdoor - that nuance was intended to keep ISP employees from detecting the intercept and inadvertently tipping off the individual under surveillance. But according to IBM's Cross, any authorized employee can use it for unauthorized surveillance of users and those privacy violations cannot be tracked by the ISP.
Cisco said it is aware of Cross's assertions and is taking them under consideration. To Cisco's credit, it is the only networking company that makes its lawful intercept architecture public, according to the recommendations of the IETF, the Forbes story states. Other companies do not, which means they may be susceptible to the same security flaws, or worse.
Wednesday, February 3, 2010
Juniper, Polycom team up for telepresence
Juniper and Polycom this week announced an alliance to offer telepresence and video conferencing services to enterprises through service providers.
The two companies have integrated their respective network resource control and video call control platforms to enable dynamic signaling between the two. Together, they say they can enable Juniper service provider customers to offer managed telepresence and video conferencing services to enterprises.
The deal represents the latest partnership Polycom has fostered with a large vendor following Cisco's acquisition of Polycom rival Tandberg. Last week, Polycom lined up Siemens Enterprise Networks as an ally, and IBM a few weeks previous.
The alliances are viewed by observers as a response by both Polycom and these vendors to the Cisco/Tandberg marriage and to the expected explosion in demand for video as a key component of unified communications deployments among businesses.
"I still think Cisco has an advantage," says Zeus Kerravala of the Yankee Group, noting the company's market share and three-year focus on video/telepresence. "If you own [the network] end-to-end you can control the quality end-to-end -- you don't have to wait for standards to be developed, you just go do it yourself."
A multivendor system interoperable through standards may not improve video/telepresence quality either, Kerravala notes, because of other nuances with the different vendors' systems in the way they treat video traffic.
Citing data from Gartner and Frost and Sullivan, Juniper and Polycom say the global market for visual communication managed services will grow from $83 million to $940 million between 2008 and 2015, a 162% compounded annual rate. Visual communications products and services is projected to reach $8.6 billion in 2013, they say, a CAGR of 17.8% from 2008.
The integrated Juniper/Polycom products will be available to service providers in mid-2010. At that time, the companies will disclose packaging and pricing options, officials from both companies say. The joint offering will facilitate a "conferencing-aware" network for service providers rather than a video/telepresence overlay to networks not necessarily optimized for video, the companies say.
Juniper says it may also offer Polycom-based video/telepresence to enterprises through other channel partners in the future.
The combined system includes Juniper's Junos Space network application platform and its subscriber policy and identity services, MX Series 3D Universal Edge Routers, announced last fall, and SRX Series Services Gateways; and Polycom's portfolio of telepresence and visual communication products, including the Distributed Media Application that centralizes call control.
The combination of Junos Space with DMA enables a dynamic coordinated allocation of video and network resources, driven by user video session needs, the companies say.
From: Network world
Buy: used juniper equipment
The two companies have integrated their respective network resource control and video call control platforms to enable dynamic signaling between the two. Together, they say they can enable Juniper service provider customers to offer managed telepresence and video conferencing services to enterprises.
The deal represents the latest partnership Polycom has fostered with a large vendor following Cisco's acquisition of Polycom rival Tandberg. Last week, Polycom lined up Siemens Enterprise Networks as an ally, and IBM a few weeks previous.
The alliances are viewed by observers as a response by both Polycom and these vendors to the Cisco/Tandberg marriage and to the expected explosion in demand for video as a key component of unified communications deployments among businesses.
"I still think Cisco has an advantage," says Zeus Kerravala of the Yankee Group, noting the company's market share and three-year focus on video/telepresence. "If you own [the network] end-to-end you can control the quality end-to-end -- you don't have to wait for standards to be developed, you just go do it yourself."
A multivendor system interoperable through standards may not improve video/telepresence quality either, Kerravala notes, because of other nuances with the different vendors' systems in the way they treat video traffic.
Citing data from Gartner and Frost and Sullivan, Juniper and Polycom say the global market for visual communication managed services will grow from $83 million to $940 million between 2008 and 2015, a 162% compounded annual rate. Visual communications products and services is projected to reach $8.6 billion in 2013, they say, a CAGR of 17.8% from 2008.
The integrated Juniper/Polycom products will be available to service providers in mid-2010. At that time, the companies will disclose packaging and pricing options, officials from both companies say. The joint offering will facilitate a "conferencing-aware" network for service providers rather than a video/telepresence overlay to networks not necessarily optimized for video, the companies say.
Juniper says it may also offer Polycom-based video/telepresence to enterprises through other channel partners in the future.
The combined system includes Juniper's Junos Space network application platform and its subscriber policy and identity services, MX Series 3D Universal Edge Routers, announced last fall, and SRX Series Services Gateways; and Polycom's portfolio of telepresence and visual communication products, including the Distributed Media Application that centralizes call control.
The combination of Junos Space with DMA enables a dynamic coordinated allocation of video and network resources, driven by user video session needs, the companies say.
From: Network world
Buy: used juniper equipment
linux is so useful
It is so amazingly fast to get things done when you have a few linux boxes in the network. We are doing a few things to optimize our admittedly staid website, and those changes will roll out over the next few months.
I added wordpress to the server and linked it in quickly since it is packaged so nicely. Just ssh in, quickly type in the things to do, and we are up and running. Nice!
I added wordpress to the server and linked it in quickly since it is packaged so nicely. Just ssh in, quickly type in the things to do, and we are up and running. Nice!
Tuesday, February 2, 2010
Buy network equipment locally to save money
Even though it is very convenient to look up pricing for servers, switches, routers, firewalls and the like online, that is the worst way to purchase. I have been on the inside of IT sales for a long time, and can give you many reasons why you should by from a local Value Added Reseller, as they are known:
1. Best price. If you talk with a local reseller, and either pretend or actually let them help make a recommendation on what products to buy, they can have a better cost than anyone else, usually about 10%. The reason is very simple: manufacturer’s give better pricing to resellers that recommend their equipment, and who tell the manufacturer that they are doing so.
2. Best service. If you buy from a local reseller, the employees and business owners live in the same state, county, or even town as you. They will want to keep you happy, and will go out of the way to make you happy with your purchase. If something is defective, or there is a misunderstanding, they can drive right over to look at it and make it right.
3. The money stays in the community. With money and budgets tight these days, many communities are passing local preference ordinances, stating that if a local supplier quotes a product or service to a public sector purchasing entity that is within 5% of the lowest price, that the business should be kept local. This only makes sense. As long as you are spending money, and you can get it for a good price (see #1 above), keep the taxes local and let the profits on the sale go to the salaries of your neighbors or relatives!
4. Your project will be more successful. Any VAR that is any good will have a staff of technical consultants that has done the same upgrade you are thinking about doing many times before. They will know how to plan for the upgrade, gather the right info, what pitfalls to avoid, and how to work around the undocumented features (bugs!) in the product. Don’t just assume they know what they are doing, though, ask for references.
5. You will build contacts in your local market. Local VAR’s know about every IT shop in town, and through their contacts can pass along information about what other people are doing. Sales reps bring useful information, ideas, and gossip about what your peers are doing. Hey, with layoffs happening all around, it is good to have a number of friends in the business, especially ones that owe you favors.
So with all these great reasons to buy local, why doesn’t everyone do it? That’s a question I often ask; sometimes I think the five reasons I listed above just don’t matter much to people.
What I do find is that most organizations in the metropolitan areas buy from local resellers, and many rural K-12, higher education, counties, and cities buy from online outfits like CDW. CDW inside sales reps do a great job providing attention to folks in rural areas, and the CDW website is very well done. Furthermore, it is admittedly more convenient to fill a shopping cart online and send an order without having to meet with a sales rep. They also make incredible profits on items that are under $500. There is a reason they can afford all those advertisements on TV, and it is not because they are passing any good deals onto you.
Meetings take time out of the day and force IT people do deal with salespeople, who are the last people that the technically minded and results focused IS administrator wants to deal with. That is definitely one of the downsides of buying locally. However, every job has its downsides, and meeting with salespeople is certainly less onerus than say, staying up all night rebuilding Active Directory because a junior IT admin somehow hosed the schema, or troubleshooting a switching loop that took down the entire network and everyone is screaming at you because all the phones, computers, and servers are not communicating on the network, or realizing the backup that you thought was being done every night actually wasn’t for the past 3 months….and that you really need that backup right now!
In fact, compared to many of the more dreadful things that can happen to the Information Technology crew, meeting with a sales rep and their technical pre-sales design engineer, going out to lunch, and having these nice vendors to blame all your problems on is actually quite pleasant.
So, let management and purchasing know that you are going to be doing your part to save money and help your community by buying everying locally from now on!
1. Best price. If you talk with a local reseller, and either pretend or actually let them help make a recommendation on what products to buy, they can have a better cost than anyone else, usually about 10%. The reason is very simple: manufacturer’s give better pricing to resellers that recommend their equipment, and who tell the manufacturer that they are doing so.
2. Best service. If you buy from a local reseller, the employees and business owners live in the same state, county, or even town as you. They will want to keep you happy, and will go out of the way to make you happy with your purchase. If something is defective, or there is a misunderstanding, they can drive right over to look at it and make it right.
3. The money stays in the community. With money and budgets tight these days, many communities are passing local preference ordinances, stating that if a local supplier quotes a product or service to a public sector purchasing entity that is within 5% of the lowest price, that the business should be kept local. This only makes sense. As long as you are spending money, and you can get it for a good price (see #1 above), keep the taxes local and let the profits on the sale go to the salaries of your neighbors or relatives!
4. Your project will be more successful. Any VAR that is any good will have a staff of technical consultants that has done the same upgrade you are thinking about doing many times before. They will know how to plan for the upgrade, gather the right info, what pitfalls to avoid, and how to work around the undocumented features (bugs!) in the product. Don’t just assume they know what they are doing, though, ask for references.
5. You will build contacts in your local market. Local VAR’s know about every IT shop in town, and through their contacts can pass along information about what other people are doing. Sales reps bring useful information, ideas, and gossip about what your peers are doing. Hey, with layoffs happening all around, it is good to have a number of friends in the business, especially ones that owe you favors.
So with all these great reasons to buy local, why doesn’t everyone do it? That’s a question I often ask; sometimes I think the five reasons I listed above just don’t matter much to people.
What I do find is that most organizations in the metropolitan areas buy from local resellers, and many rural K-12, higher education, counties, and cities buy from online outfits like CDW. CDW inside sales reps do a great job providing attention to folks in rural areas, and the CDW website is very well done. Furthermore, it is admittedly more convenient to fill a shopping cart online and send an order without having to meet with a sales rep. They also make incredible profits on items that are under $500. There is a reason they can afford all those advertisements on TV, and it is not because they are passing any good deals onto you.
Meetings take time out of the day and force IT people do deal with salespeople, who are the last people that the technically minded and results focused IS administrator wants to deal with. That is definitely one of the downsides of buying locally. However, every job has its downsides, and meeting with salespeople is certainly less onerus than say, staying up all night rebuilding Active Directory because a junior IT admin somehow hosed the schema, or troubleshooting a switching loop that took down the entire network and everyone is screaming at you because all the phones, computers, and servers are not communicating on the network, or realizing the backup that you thought was being done every night actually wasn’t for the past 3 months….and that you really need that backup right now!
In fact, compared to many of the more dreadful things that can happen to the Information Technology crew, meeting with a sales rep and their technical pre-sales design engineer, going out to lunch, and having these nice vendors to blame all your problems on is actually quite pleasant.
So, let management and purchasing know that you are going to be doing your part to save money and help your community by buying everying locally from now on!
How to choose the right Cisco switches for your LAN
It seems like one of the major tasks that I have been doing on a daily basis for the last ten years is creating network designs for people. Since a large part of the business that my company does is put in place a complete IP phone system into organizations that have between 50 and 3000 users, me and the other design guys create a lot of designs.
Most organizations do not upgrade their LAN to prepare for the future – most of them don’t touch the network as long as it is running properly and supporting the user’s applications. When starting the planning process for putting a secure voice system on the network, that takes the network requirements to another level.
There is a lot more to consider than QoS for putting voice on the LAN, although that is what the discussion is usually centered around. The LAN also has to have a number of other attributes:
Secure - with voice on the LAN, the switches must have security features that can prevent them from getting attacked with MAC address floods, rogue DHCP servers, gratuitous ARP’s changing the default gateway, and other attacks that can be launched by malware.
Fast - If voice goes through multiple switches, each hop can add latency. Instead of store and forward of the ethernet frames, switches should use cut-through to move things along. Server and uplink speeds should be gigabit, while for most organizations 10/100 Mbsp to the desktop is just fine.
QoS - As discussed above. This comes into play mostly in uplinks. When remote access layer closets are connected back to the distribution layer, there is a choke point in the LAN. Any choke points require queuing to prioritize the voice.
Reliable - Long Mean Time Between Failure, well tested code to limit bugs, good support from the manufacturer in case there is a software or hardware issue.
Managable - The switches have to be able to be managed remotely, have SNMP information, be able to log, and be configurable. GUI interfaces are ok, but there is nothing like a solid command line interface for rapid configuration, troubleshooting, and repair.
Power Density- Switches have to be able to support the power density of the planned devices. Most switches can not power all ports at the highest levels.
Power and Cooling – Since IP phones are powered from the switches, all access layer switches will require properly sized UPS’s. A basic switch consumes about 60 Watts. A 48 port switch with 15 Watt phones plugged into every port will require at least 600 Watts. Put a few of those switches in the closet an you are looking at not only a much bigger UPS, but also better cooling.
Redundant Design – The only place that there should be a single point of failure is at the access layer in the closets. If a switch fails, only the devices connected to that switch should lose connectivity – all others should work around the issue. In most cases that means dual uplinks from each closet to a redundant distribution layer at the core.
Most organizations do not upgrade their LAN to prepare for the future – most of them don’t touch the network as long as it is running properly and supporting the user’s applications. When starting the planning process for putting a secure voice system on the network, that takes the network requirements to another level.
There is a lot more to consider than QoS for putting voice on the LAN, although that is what the discussion is usually centered around. The LAN also has to have a number of other attributes:
Secure - with voice on the LAN, the switches must have security features that can prevent them from getting attacked with MAC address floods, rogue DHCP servers, gratuitous ARP’s changing the default gateway, and other attacks that can be launched by malware.
Fast - If voice goes through multiple switches, each hop can add latency. Instead of store and forward of the ethernet frames, switches should use cut-through to move things along. Server and uplink speeds should be gigabit, while for most organizations 10/100 Mbsp to the desktop is just fine.
QoS - As discussed above. This comes into play mostly in uplinks. When remote access layer closets are connected back to the distribution layer, there is a choke point in the LAN. Any choke points require queuing to prioritize the voice.
Reliable - Long Mean Time Between Failure, well tested code to limit bugs, good support from the manufacturer in case there is a software or hardware issue.
Managable - The switches have to be able to be managed remotely, have SNMP information, be able to log, and be configurable. GUI interfaces are ok, but there is nothing like a solid command line interface for rapid configuration, troubleshooting, and repair.
Power Density- Switches have to be able to support the power density of the planned devices. Most switches can not power all ports at the highest levels.
Power and Cooling – Since IP phones are powered from the switches, all access layer switches will require properly sized UPS’s. A basic switch consumes about 60 Watts. A 48 port switch with 15 Watt phones plugged into every port will require at least 600 Watts. Put a few of those switches in the closet an you are looking at not only a much bigger UPS, but also better cooling.
Redundant Design – The only place that there should be a single point of failure is at the access layer in the closets. If a switch fails, only the devices connected to that switch should lose connectivity – all others should work around the issue. In most cases that means dual uplinks from each closet to a redundant distribution layer at the core.
Why Choose Cisco Network Equipment
Today’s businesses require a network platform that enables technology innovation and business-critical services across the entire network. Cisco stands alone in its ability to provide an end-to-end network platform tied together by a common infrastructure and a common operating system, and manageable as a single, cohesive entity.
Only Cisco can provide the platform for campus, branch, data center, and wide-area networks that are highly available while integrating security at all levels of the network, helping to ensure the optimized delivery of application and communications, and providing inherent manageability. This platform includes:
Reliability: Cisco Systems has earned it's solid reputation by producing network equipment that "shows up for work everyday", but there is more than just uptime making Cisco the premier network gear provider worldwide. Advanced features like remote management, Quality of Service and Voice Over IP support make it the ONLY solution, like Swift Systems, that you can grow into but not out of.
Interoperability: Cisco provides legendary interoperability, providing real assurance that your investment in Cisco gear is ready for whatever tomorrow brings.
Scalability: Cisco solutions easily scale from Small Business Start-ups that want reliable managed workgroup switches to Enterprise-class Corporations that demand flawless uptime, need secure wireless networks, managed layer 2 and 3 switches, dependable routing, firewalls, intrusion detection systems, and the software to manage it all.
Manageability: Managed switches provide remarkably better uptime as a result of enhanced diagnostics, allowing trained engineers to isolate network problems in a fraction of the time required with old-fashioned hunt and pluck troubleshooting. Router management features allow sophisticated configuration, utilization tracking, and diagnostics. Advanced features, like BGP enable non-stop Internet connectivity, and really separate Cisco from the pack.
Only Cisco can provide the platform for campus, branch, data center, and wide-area networks that are highly available while integrating security at all levels of the network, helping to ensure the optimized delivery of application and communications, and providing inherent manageability. This platform includes:
Reliability: Cisco Systems has earned it's solid reputation by producing network equipment that "shows up for work everyday", but there is more than just uptime making Cisco the premier network gear provider worldwide. Advanced features like remote management, Quality of Service and Voice Over IP support make it the ONLY solution, like Swift Systems, that you can grow into but not out of.
Interoperability: Cisco provides legendary interoperability, providing real assurance that your investment in Cisco gear is ready for whatever tomorrow brings.
Scalability: Cisco solutions easily scale from Small Business Start-ups that want reliable managed workgroup switches to Enterprise-class Corporations that demand flawless uptime, need secure wireless networks, managed layer 2 and 3 switches, dependable routing, firewalls, intrusion detection systems, and the software to manage it all.
Manageability: Managed switches provide remarkably better uptime as a result of enhanced diagnostics, allowing trained engineers to isolate network problems in a fraction of the time required with old-fashioned hunt and pluck troubleshooting. Router management features allow sophisticated configuration, utilization tracking, and diagnostics. Advanced features, like BGP enable non-stop Internet connectivity, and really separate Cisco from the pack.
Monday, February 1, 2010
why Used Cisco Security Systems
Used Cisco security systems can help companies maintain their network's security, without having to spend more on the cost of brand new equipment. Companies today invest a great deal of money in strengthening their network infrastructure. They place great importance on securing their data against any outside attack, while making their management system and processes more efficient with the use of technology that can address their company's unique needs.
The amount of attention a company gives to their IT infrastructure can affect the way their proprietary or mission-critical data is kept safe. However, as most IT managers can attest, keeping the operational costs down while effectively securing their proprietary data can be a tough balancing act. Implementing a powerful security system for data is, after all, a very costly investment.
This is where used Cisco security systems come in. With secondary market Cisco equipment, you can guarantee that your company will receive the best network and data security features it needs at a much lower cost compared to brand systems. For many years, Cisco has maintained its position as the leading provider of networking products and services.
And why choose used Cisco equipment? Cisco Systems manufactures high quality and durable networking equipment. Because of this, many small and medium-sized businesses rely on secondary market networking hardware to enhance their existing IT infrastructure.
The Internet is full of resources on used Cisco security systems. With a bit of research, you will find a reliable distributor that offer high-quality refurbished Cisco equipment.
The amount of attention a company gives to their IT infrastructure can affect the way their proprietary or mission-critical data is kept safe. However, as most IT managers can attest, keeping the operational costs down while effectively securing their proprietary data can be a tough balancing act. Implementing a powerful security system for data is, after all, a very costly investment.
This is where used Cisco security systems come in. With secondary market Cisco equipment, you can guarantee that your company will receive the best network and data security features it needs at a much lower cost compared to brand systems. For many years, Cisco has maintained its position as the leading provider of networking products and services.
And why choose used Cisco equipment? Cisco Systems manufactures high quality and durable networking equipment. Because of this, many small and medium-sized businesses rely on secondary market networking hardware to enhance their existing IT infrastructure.
The Internet is full of resources on used Cisco security systems. With a bit of research, you will find a reliable distributor that offer high-quality refurbished Cisco equipment.
WHY SELECT FORTINET
Many advantages can be obtained by combining several separate point based security systems into one unified security platform. The most popular reasons why customers choose Fortinet over other leading security vendors include the following 10 reasons.
1. Integrated security platform that provides 7 key security components to provide customers the greatest flexibility and protection available in a modern security platform: Stateful Firewall, Antivirus, Intrusion Detection & Prevention, IPSec Virtual Private Network (VPN), Web Content Filtering, Anti-Spam (including Spyware/Grayware), and Bandwidth Shaping. Fortinet's security solutions are the only security products that are certified in four ICSA Lab categories - Firewall, VPN, IPS, and Antivirus.
2. Fortinet's award winning technology is consistent across its entire family of products and provides the same leading edge protection regardless of company size (SoHo to SME to large enterprise to service provider). Smaller customers benefit by taking advantage of enterprise and carrier class security features while larger customers benefit from Fortinet's experience in designing strong security products that are intuitive, easy to deploy and use. In September 2004, IDC named Fortinet's technology as the leader in the Unified Threat Management (UTM) security category with 29.5% market share. And in April 2004, Gartner named Fortinet's technology as Visionary in their Enterprise Firewall Magic Quadrant.
3. FortiGate products lower Security TCO. Eliminating multiple security devices and collapsing them into one security choke-point decreases the Capital Expenditure (CAPEX) and Operating Expenditure (OPEX) costs. Implementing single purpose point security products is not only more expensive than Fortinet's FortiGate security platforms, but it also lacks the Dynamic Threat Prevention System capabilities of Fortinet's combined technologies - which greatly increases the detection rate of modern stealth and blended threats. With Fortinet's simple "per box" licensing, ongoing maintenance, support, and product update costs are greatly reduced over competing products that are licensed on a "per user" basis.
1. Integrated security platform that provides 7 key security components to provide customers the greatest flexibility and protection available in a modern security platform: Stateful Firewall, Antivirus, Intrusion Detection & Prevention, IPSec Virtual Private Network (VPN), Web Content Filtering, Anti-Spam (including Spyware/Grayware), and Bandwidth Shaping. Fortinet's security solutions are the only security products that are certified in four ICSA Lab categories - Firewall, VPN, IPS, and Antivirus.
2. Fortinet's award winning technology is consistent across its entire family of products and provides the same leading edge protection regardless of company size (SoHo to SME to large enterprise to service provider). Smaller customers benefit by taking advantage of enterprise and carrier class security features while larger customers benefit from Fortinet's experience in designing strong security products that are intuitive, easy to deploy and use. In September 2004, IDC named Fortinet's technology as the leader in the Unified Threat Management (UTM) security category with 29.5% market share. And in April 2004, Gartner named Fortinet's technology as Visionary in their Enterprise Firewall Magic Quadrant.
3. FortiGate products lower Security TCO. Eliminating multiple security devices and collapsing them into one security choke-point decreases the Capital Expenditure (CAPEX) and Operating Expenditure (OPEX) costs. Implementing single purpose point security products is not only more expensive than Fortinet's FortiGate security platforms, but it also lacks the Dynamic Threat Prevention System capabilities of Fortinet's combined technologies - which greatly increases the detection rate of modern stealth and blended threats. With Fortinet's simple "per box" licensing, ongoing maintenance, support, and product update costs are greatly reduced over competing products that are licensed on a "per user" basis.
How to Network Your Home Computers
How many computers do you have at home? How many of those are in use? Do you have a number of computer users as well? One in the study, couple in the kid's room, one for the kitchen, if you have more than two computers and computer users in your home then you may try networking all the computers.
What are the benefits of home networking?
• If connected to a network, files can be sent back and forth by each computer.
• You can play music and video files from another computer.
• You can access the printer and the scanner that is connected to one computer from any other computer that is within the network.
• You can avail of the best features of the computer with highest configuration.
• If one computer in the network serves as a server, then you can store important files as back up in the server.
• You can share one Internet account to reap its benefits from different computers at the same time.
• Imagine playing Age of Empires or racing cars with real opponents at different computers in the house!
Yes, networking allows you to have multi-player games.
So how do you get home networking?
Networking can be done by using a wireless networking connection or by an Ethernet cable. All you need for Ethernet networking are:
- Number of networking cables
- Networking cards
- A router
Once you have these, follow the following steps.
- Select the computers that you want to be in the network
- Install a networking card in each
- Connect a cable to each which will in turn be connected to the router
- The router will then be connected to the server
- The router will then be connected to the modem machine in order to enable internet access to all the machines
- Once the hardware connections are in place, set up internet in each computer by configuring the Local Area Network (LAN) settings
- Finally use the router manual to access the password and set up internet connection on each computer through the router
So what are the precautions that you need to take while connecting your home computers in a network?
First and foremost you need to realize that whatever data you have in each computer will be accessible by everybody.
So start by defining the rights to each drive and folder of your respective computers. Since people other than family members who sit on someone's computer can also access the information in other computers, ideally only 'read' right should be given to folders and drives with sensitive information, so that someone else cannot copy, edit or delete such information.
You can even deny 'read' rights to folders if need be. Since you are connecting to the internet through your network, you must install a firewall for maximum security. Install anti-virus software on each computer.
Connecting home computers in a network is a good idea, helps in staying connected and also make full utilization of the facilities available in each computer. With a little bit of precaution, networking can only be fun!
by Greg Hall
What are the benefits of home networking?
• If connected to a network, files can be sent back and forth by each computer.
• You can play music and video files from another computer.
• You can access the printer and the scanner that is connected to one computer from any other computer that is within the network.
• You can avail of the best features of the computer with highest configuration.
• If one computer in the network serves as a server, then you can store important files as back up in the server.
• You can share one Internet account to reap its benefits from different computers at the same time.
• Imagine playing Age of Empires or racing cars with real opponents at different computers in the house!
Yes, networking allows you to have multi-player games.
So how do you get home networking?
Networking can be done by using a wireless networking connection or by an Ethernet cable. All you need for Ethernet networking are:
- Number of networking cables
- Networking cards
- A router
Once you have these, follow the following steps.
- Select the computers that you want to be in the network
- Install a networking card in each
- Connect a cable to each which will in turn be connected to the router
- The router will then be connected to the server
- The router will then be connected to the modem machine in order to enable internet access to all the machines
- Once the hardware connections are in place, set up internet in each computer by configuring the Local Area Network (LAN) settings
- Finally use the router manual to access the password and set up internet connection on each computer through the router
So what are the precautions that you need to take while connecting your home computers in a network?
First and foremost you need to realize that whatever data you have in each computer will be accessible by everybody.
So start by defining the rights to each drive and folder of your respective computers. Since people other than family members who sit on someone's computer can also access the information in other computers, ideally only 'read' right should be given to folders and drives with sensitive information, so that someone else cannot copy, edit or delete such information.
You can even deny 'read' rights to folders if need be. Since you are connecting to the internet through your network, you must install a firewall for maximum security. Install anti-virus software on each computer.
Connecting home computers in a network is a good idea, helps in staying connected and also make full utilization of the facilities available in each computer. With a little bit of precaution, networking can only be fun!
by Greg Hall
High-Tech Computer Rental for Business Promotion
In current development of technology, everyday comes with some enhancements in latest technology. To grow business and to compete with competitors, high tech equipments are required for office use and to organize conferences, trade show & seminars. Rather than going to shop and purchasing these equipments, we can take all the required computer equipments from computer rental services. It helps us to perform our tasks nicely and also aware us to the latest technology.
Whether you are holding a tradeshow, hotel convention, or any type of business meeting, you can always count on Professional Computer Equipment Rental Services. By combining premium AV rental equipment, top-quality computer rentals, reasonable rates, and unsurpassed staff, your experience with these services will make you comfortable to organize any Business conference and other Business meetings as well as you can fulfill your office needs without investing a lot of money on these High Tech Equipments by approaching business technology rental centers.
Equipment dependability at your tradeshow or convention means knowing that the proper equipment will be delivered, set up, and operating when you need it and where you need it. Dependability is the reason why convention and tradeshow producers, as well as exhibitors, have been looking to Computer Rental Services to handle their audiovisual needs.
When you call for Computer Rental Services, you can depend on their trained experts to combine their extensive tradeshow and convention experience with broad selection of top audiovisual and computer rental inventory. The result is an impressive well-managed event.
These Services are providing audiovisual rental selection includes plasma screens, high-resolution LCD monitors, and high-lumen LCD projectors – all of which draw attention and visitors to your individual exhibit or tradeshow production. Their trained technicians can design a standard or wireless sound system for any size audience or any type room configuration. If computer rentals, laptops or desktops, servers, and printers are needed, they are carefully selected for your exact requirements, be it for a computer-enhanced display, sophisticated Internet cafe, or for a busy registration area.
Simply choose your audiovisual or computer rental equipment and let Agency deliver, set up, and provide support for everything from registration desks to full-service press rooms and breakout rooms.
Once selected, your equipment will be handled by their team of experts, who will deliver, set up, test, and provide the vital technical support necessary to ensure seamless, smooth performance for your convention or tradeshow.
About the Author
Michael Braganza is an eminent analyst and writer in Computers & Technology related topics like Internet, SEO, Website Design and Computer Rental.
form:88db.com
Whether you are holding a tradeshow, hotel convention, or any type of business meeting, you can always count on Professional Computer Equipment Rental Services. By combining premium AV rental equipment, top-quality computer rentals, reasonable rates, and unsurpassed staff, your experience with these services will make you comfortable to organize any Business conference and other Business meetings as well as you can fulfill your office needs without investing a lot of money on these High Tech Equipments by approaching business technology rental centers.
Equipment dependability at your tradeshow or convention means knowing that the proper equipment will be delivered, set up, and operating when you need it and where you need it. Dependability is the reason why convention and tradeshow producers, as well as exhibitors, have been looking to Computer Rental Services to handle their audiovisual needs.
When you call for Computer Rental Services, you can depend on their trained experts to combine their extensive tradeshow and convention experience with broad selection of top audiovisual and computer rental inventory. The result is an impressive well-managed event.
These Services are providing audiovisual rental selection includes plasma screens, high-resolution LCD monitors, and high-lumen LCD projectors – all of which draw attention and visitors to your individual exhibit or tradeshow production. Their trained technicians can design a standard or wireless sound system for any size audience or any type room configuration. If computer rentals, laptops or desktops, servers, and printers are needed, they are carefully selected for your exact requirements, be it for a computer-enhanced display, sophisticated Internet cafe, or for a busy registration area.
Simply choose your audiovisual or computer rental equipment and let Agency deliver, set up, and provide support for everything from registration desks to full-service press rooms and breakout rooms.
Once selected, your equipment will be handled by their team of experts, who will deliver, set up, test, and provide the vital technical support necessary to ensure seamless, smooth performance for your convention or tradeshow.
About the Author
Michael Braganza is an eminent analyst and writer in Computers & Technology related topics like Internet, SEO, Website Design and Computer Rental.
form:88db.com
Subscribe to:
Posts (Atom)