Network World

How to set a reserved bandwidth for 2 different lan passing throught a Cisco 7200 serial?

Cisco says.. 

The problem description sounds like policing is not required, but queueing. As far as I understand you want to give minimum bandwidth guarantees to each LAN and allow for utilizing up to the max bandwidth available.
CBWFQ will do exactly that. An example config:

ip cef

class-map match-all LAN1
match interface FastEthernet0/1

class-map match-all LAN2
match interface FastEthernet0/2

class-map match-all class-default
match any

policy-map 4SerialOUT
class LAN1
bandwidth percent 30
class LAN2
bandwidth percent 30
class class-default
fair-queue

interface Serial1/0
bandwidth 1024
service-policy output 4SerialOUT

This would guarantee 30% of the bandwidth at the Serial to all traffic from LAN1 and 30% to LAN2. In case there is no other traffic each LAN could use the full Serial bandwidth. You would need to adjust numbers and interfaces to your needs.

I have the following setup: Border router which has a serial interface connected to the ISP and 2 internal FE interfaces which need to be connected to 2 different switches in the LAN-side for redundancy. Of course, the 2 FE interfaces should have addresses from the same subnet; but when I try to assign those interfaces different IP addresses from the same subnet an error message reading Overlap in IP addresses appear to me.

The question is how can I assign the 2 interfaces different addresses from the same subnet to achieve redundancy?

Cisco says

You need to configure the bridging between two ethernet interface and also have to configure the bridge virtual interface. with the help of bridging you can have both the interface in same subnet. The link below should help:

http://www.cisco.com/en/US/tech/tk389/tk689/technologies

My last task before leaving the company - to remove microhub from my clients LAN segment, n connect their WAN router directly to the core switch.. the purpose is to allow WAN access without passing through the NetAsq Firewall. (i’ll attach the diagram shortly..)

for this particular task, i had to work out with people from mesiniaga & alcatel - the task, at first thought to be straight forward, turned out to be more complex than expected..  the previous flow was, SNA traffic bypassing the firewall n straight to the WAN, but IP traffic still went thru the firewall before passing on to the router

phewww without the diagram, i bet no one would understand the scenario rite?? hahhah

the solution is pretty simple.. we create 2 vlan tagging.. each for SNA traffic and IP traffic.. so none would be broadcast to other unwanted segment (firewall in this case) configuration wise, we remove all WAN routing from the firewall, paste it back to the alcatel core switch.. n create subinterface vlan tagging on WAN router n the switch!

That simple! 

im officially jobless! but for only 1 week that is haha

on 5th of June, ill be joining those so-called IT savvy people in the technoglamarous world of cyberjaya warghhh that’s 60km back n forth fr home.. the petrol hike i can still manage but to drive all the way there, getting up extra early n beating those traffic nightmares tskkk maybe i should stick to being jobless haha

quitting my old job meaning i had to give up my laptop -the once king of all lap machines - compaq evo N1000 phew.. 4 yrs mannnn.. tenx for all the wonderful memories hehe

tanywayyy.. i just found the (perfect??) replacement

tadaaaaa… i present u Compaq Presario - powered by AMD Turion 64! it costs me a mere $3000, with 3 yrs complete warranty.. plus a thousand more, u can fetch a Centrino. but who cares! Turion or Centrino, it won’t matter.. performance wise both are equivalent (from what i read thru forums/reviews).. or does it?

i’ve been using this new laptop for 3 weeks now n wat i can say is - Turion easily overheated. Even with Pentium M, i never had this problem before.. but bcoz im not a heavy gamer - it doesnt affect me that much.. n one plus point - the graphics, which powered by ATI radeon xpress, are quite superb.. again, if u’re a light pc user, for the purpose of surfing the net n maybe office works.. this one is value for money. else, if u’re a gamer, even moderate, better stick with Pentium.. 

it has been a couple of weeks since i last updated this blog, mainly due to my tight work + study schedule.. i started ccnp course 2 years back but bcoz my ccna gonna be valid up to this upcoming october - y not wait till the last minute! haha

i took the 1st module - bsci, last friday n found out to be rather ‘tricky’.

fortunately, i passed but barely.. n some even told that cisco had changed the test format due to high percentage passing mark in the past demmit.. should have taken it sooner haha i have this one friend who purchased the ‘highly recommended’ TESTKING exam questions, n it was quite expensive too.. $99 for the whole BSCI package.. but in the end, he was sooo furious as none of the testking questions came out! luckily i had time browsing the book cd, few questions from there popped up n i think people should stick with just the normal conventional method of studying, which is - read the whole book!! hahha

How do OSPF choose its Router ID?

Cisco says..

OSPF picks up the highest IP address as a router ID. If there are no interfaces in up/up mode with an IP address, it returns this error message. To correct the problem, configure a loopback interface. 

For more OSPF FAQ, visit www.cisco.com/ospf-faq

For OSPF config, go here  www.cisco.com/ospf-config

I have to design the full Giga LAN infrastructure for a new building. 

Requirements as below:

1. 5 floors, 4 floors with staff (total - 360 people)
2. 10/100/1000 Mbps connectivity to each port
3. Each desk requires 2 Data port + 1 IP phone port

Pls help.

Cisco says.. 

The requirements are a bit over the top (3 ports per desk??)

3550 is not a choice since they are not in production anymore, the successor 3560 might fit. Then u should go for Cisco Catalyst 3560G-48TS (48 10/100/100 + 4SFP)

But I would suggest Cisco Catalyst 3750G-48TS as access-switches on each floor. They have 48 10/100/1000 copper and 4 SFP-slots. Then, most IP-phones have a switch integrated so there is no need to have separate port on switch for this. So in that case you would only need 2 ports for each desk.

That would make 180 ports/floor. You need 4 switches/floor.

And 2x Cisco Catalyst 3750G-12S, stacked in the "basement2. They are equipped with 12 SFP-slots each. Ciscos new StackWise stacking gives a very high level of resiliency, automation, and performance.

Use one fibre-pair (or if you use WDM, one fiber) for each switch on each floor with 1Gbps instead of 10Gbps feeding each floor. 10Gbps makes the whole installation MUCH more expensive.

recently a friend of mine asked me to do some research into internet marketing. he planned to propose to one of his client, which includes website design & hosting. the client has long ventured into company registration bizz n now intend to make it online.

one thing about malaysia -  there are not much competitors utilizing online marketing tools. n especially on this registration services - i found out only 3 serious competitors. dmcorporate.com, readycompanies.com & zealliance.com. All has major flaws which should make it easier for my client to stand out.

You can check out the findings here - Company Registration Analysis 

VoIP has been described by technology pundits as the upcoming hot technology since two or three years ago. The basis of the technology is definitely older as it has been around since the dial-up Internet days back in the 90s.

We’re still waiting for that “explosion” that has been promised and prophesied. At one point, telecommunications players had deemed that such use of undercutting their traditional voice-call services via Internet access services as being criminal. The situation has now changed. Even a telecommunications provider like TM, which TM Net is obviously a part of, has jumped onto the bandwagon along with Jaring with their 015 services and a string of discount phone call telcos. Yes, people want cheaper phone calls. But the figures show that people want to make phone calls using an uncomplicated traditional voice phone and not something new-fangled like a VoIP phone connected to a computer.

Arguably, IP-based telephony is about connecting to a computer at some point and uses IP technology, just like regular Internet-connected computers. There are even wireless-fidelity (Wi-Fi) VoIP phones which resembles regular mobile phones, to enable VoIP calls (free or discounted) when you jump into a Wi-Fi area.

Yes, people like paying less. Corporates have taken advantage of such services for years. But for the Average Joe, the problem remains that making VoIP calls is still a scary prospect, with visuals of complicated technology rituals popping into mind. Hence, the efforts by a number of VoIP hardware and services vendors to come out with something seamless and easy to use. In the end, telcos need to realise that consumers are the ones who decide on the emerging technology acceptance.

A hassle-free and good experience will assure VoIP’s place in the future of telecommunications.

(read the whole article at ntsp emedia) 

As i mentioned on the previous post - Protect against Porn - i stressed on deploying web content filtering as our standard network requirement. Recently, my team had just completed a VPN project involving more than 10,000 schools across the country, which gives millions of students protection against unlawful sites (porn, gambling, gaming etc). We are currently using Websense, the leading web filtering software, and shall later on cover the whole government agencies (comprised of 2 million personnel nationwide)

What so good about this product anyway? 

Websense Enterprise 5 is a mature and flexible solution that addresses the most important issues in Web filtering and beyond. For companies that want fine control over employees’ Web access, no other product equals it. Websense Enterprise has more protocols, categories, and soft-blocking choices than its competitors, and its higher cost is more than offset by its higher quality.

Its support for a vast set of firewalls, proxies, and caching products is further evidence of its maturity. Websense Enterprise integrates with these products if they’re already at the periphery of your network, or it can work in standalone mode. While configuration was a bit more complex than with the appliances, we had no trouble setting it up.

The Windows-based management interface makes good use of color, keeps a multitude of information well organized, and gives you more options than other products. Although we like the convenience of Web-based interfaces, Windows-based management interfaces are slicker. Administrators can work remotely over a single TCP port, set policies once, and distribute them to multiple filters throughout a widespread organization. Most companies will opt for Websense Enterprise’s integration with Windows domains and directories to set policies based on existing network users and groups, but there’s no delegated administration.

Websense Enterprise’s flexibility is most apparent when you’re configuring filtering policies. A set of 88 categories makes important distinctions between sex education and sex, between prescribed medications and abused drugs. In addition to blocking, it can limit usage by a time quota or display a couple of soft-blocking variants suggesting that the user surf these sites after work hours. Administrators can also block by file type and keywords. Companies can opt to use WebCatcher, a tool that captures unknown URLs and sends them to Websense for analysis.

In addition to using categories, administrators can block protocols for such applications as instant messaging, streaming media, and newsgroups. We tried this successfully with AOL and Yahoo!. Websense updates these protocols daily, just as it does category block lists. This became critical for us, as Yahoo! changed a number of log-on servers during our testing. The database update addressed the new servers and blocked traffic flawlessly. The optional bandwidth optimizer ($5 per user per year) lets administrators set usage policies for network hogs like streaming media and Internet radio.

Websense offers three complementary tools to detect, monitor, and report on traffic. The Real-Time Analyzer monitors recent traffic, with flexible views into the data. This lets you see what’s going on in the network before configuring policies. Websense Reporter, a powerful Windows-based tool, has more precision and flexibility than we found in other products we reviewed. Administrators can see any slice of information and schedule reports to be sent via e-mail. Risk Reports—particularly helpful—show any bad stuff happening at a glance. Websense Explorer, a Web-based tool, lets nontechnical users drill down into questionable activity.

Optional categories, called Premium Groups (for ensuring productivity and eliminating high-bandwidth sites as well as those that pose security threats) will bump the price up higher by $5 per group. The optional Client Application Manager ($25 per seat per year) protects and controls client machines using your network and the Internet.

I heard Websense will be opening up their S.E Asia regional office here soon. A wise move indeed considering our government policies of making it a compulsory IT standard. Cheers!