ASK THE EXPERT - CISCO VIRTUAL OFFICE

Unanswered Question
Oct 3rd, 2008
User Badges:
  • Gold, 750 points or more

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get an update for the Cisco Virtual Office with Cisco experts Pedro Leonardo and Anand Nuggihalli. Pedro Leornardo is the Cisco Virtual Office Security Solution Manager in the Access Routing Technology Group (ARTG). His group focuses on providing router- and switch-based comprehensive solutions for for teleworkers, mobile workers, small offices, branches, campuses, and service providers. Security is the basis of all solutions, on top of which are laid common applications and services including data, voice, video, telepresence, wireless, multicast, and more using the Zero Touch Deployment (ZTD) methodology. Pedro joined Cisco in 2000. He holds a bachelor's degree in computer science and telecommunications, and a master's degree in information management from the University of Porto, Portugal. Anand Nuggihalli is the Product Manager for Cisco Virtual Office. Anand has been with Cisco for more than 10 years, promoting Cisco IOS Software based strategy and services including VPN, security, and Data-Link Switching Plus (DLSw+). He holds a bachelor of technology degree from Indian Institute of Technology, Madras, and a postgraduate diploma in management from Indian Institute of Management, Calcutta.


Remember to use the rating system to let Pedro and Anand know if you have received an adequate response.


Pedro and Anand might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through October 17, 2008. Visit this forum often to view responses to your questions and the questions of other community members.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (5 ratings)
Loading.
miss_chio Fri, 10/03/2008 - 15:18
User Badges:

Hi


I'm new to this I would like to learn how to configure routers and switches that articles do you recommend to get started?

leleonar Sun, 10/05/2008 - 21:38
User Badges:
  • Cisco Employee,

Hello!


One good way to get started with Networking is get the Cisco Certified Network Associate (CCNA) certification (http://www.cisco.com/web/learning/le3/le2/le0/le9/learning_certification_type_home.html). Even if you don't do the exam just yet, the exam guides provide a comprehensive introduction to networking, and thus routers and switches.


In addition, many Cisco IOS routers can be configured with a GUI based device manager, called Security Device Manager (SDM). SDM can also be download from www.cisco.com under support - download software. With SDM, it becomes easier to get started configuring IOS routers.


Best Regards,

Pedro

miss_chio Wed, 10/08/2008 - 06:56
User Badges:

thanks. I begin with the tutorials at the page cisco

leleonar Thu, 10/16/2008 - 15:23
User Badges:
  • Cisco Employee,

Great, good luck.


Regards,

Pedro Leonardo

Goodday Anand,


This is Shivanand here and have compleated diploma in electronics engineering(10+3).Also i have passed CCNA one year back only and having orall 3 years network expeince


I want to earn ccie (R&S) and to become cisco employee.Could you please guide me on the same.


Waiting for ur reply.


Regards,

Shivanand

leleonar Mon, 10/06/2008 - 18:19
User Badges:
  • Cisco Employee,

Hello Shivanand,


going from the CCNA directly to the CCIE become a hard job,

I would recommend doing the CCNP first, which introduces the right level of complexity for a professional level, but lets you grow your expertise in a sound, progressive fashion.


Best Regards,

Pedro

leleonar Thu, 10/09/2008 - 11:15
User Badges:
  • Cisco Employee,

Hello,


I would recommend the Cisco exam certification study guides for the CCNP - they cover in detail routing and switching.


Please visit http://www.cisco.com/web/learning/le3/le2/le37/le10/learning_certification_type_home.html and then go to the Cisco Press to find the respective books.


For routing, the self-study guide it the: CCNP BSCI Official Exam Certification Guide, 4th Edition


For switching, the CCNP BCMSN Official Exam Certification Guide, 4th Edition


But do look in the http://www.ciscopress.com, as there are other option there.


Best Regards

Pedro Leonardo

leleonar Sat, 10/11/2008 - 00:02
User Badges:
  • Cisco Employee,

Hello,


I'm afraid I'm not aware of free versions of bandwidth monitoring tools.


However, Cisco has a Network Analysis Module (NAM) which is installed in an Integrate Services Router, like a 2800 or a 3800 series. This NAM module analysis all traffic, and has a GUI interface to display results.


You can read more about it here:

http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps7176/product_data_sheet0900aecd8058214d.html


Best Regards,

Pedro Leonardo

leleonar Mon, 10/06/2008 - 18:24
User Badges:
  • Cisco Employee,

Hi Shivanand,


to upgrade the Switch Software, please follow the instructions describer in this document:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/release/notes/OL14630.html#wp697759


In order to check the current power usage, issue the command "show power inline"


You can read more about it here:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/release/notes/OL14630.html#wp784383

tenaro.gusatu.novici Sat, 10/04/2008 - 22:03
User Badges:

Hi Pedro,


could you please describe what Cisco products are covered by "Cisco Virtual Office"? Are there any software products included? An example will help a lot, too.


Thanks in advance,

Tenaro

leleonar Sun, 10/05/2008 - 21:26
User Badges:
  • Cisco Employee,

Hi Tenaro,


the Cisco Virtual Office (CVO) consists of three main components: CPE, head-ends, management.

For CPE, we have the new Cisco 881 Wireless router. In many cases, a Cisco IP phone is deployed at the remote location. All common Cisco IP phones are supported with CVO.

For the head-end side, we typically deploy a 7206 VXR router with a VSA encryption card.

For management, the main tool is Cisco Security Manager, which provides centralized, GUI based, management of CPEs and head-ends.


Hope this helps,

Pedro


tkohlcisco Sun, 10/05/2008 - 04:40
User Badges:

I am a High School Academy Instructor. A student using a series 2500 router erased the flash and changed the config register. The router boots to Router(boot)>. The router will not let me reset the config-register. How can I fix this?

mauricio.r.mendoza Mon, 10/06/2008 - 08:04
User Badges:

I am working on setting up a live network, but I can not find out what version of OSPF the switches are running. The switches that I am working with are 6509's image "s72033-advipservicesk9_wan-mz.122-18.SXF14"


I tried using "show ip ospf" command but did not see any information regarding the version that the switches are running.


Regards,


Mauricio

leleonar Mon, 10/06/2008 - 18:17
User Badges:
  • Cisco Employee,

Hello Mauricio,

by default, the switch will use RFC 2328 to calculate summary router costs.

However, you can tell the switch to become compatible with RFC 1583:


!

router ospf 1

compatible rfc1583

!


Best Regards,

Pedro

leleonar Thu, 10/16/2008 - 15:24
User Badges:
  • Cisco Employee,

Glad to be of assistance,


Best Regards,

Pedro Leonardo

syedmazod Tue, 10/07/2008 - 05:09
User Badges:

Hi

I have ASA 5510 now i want dedicated internet connection, i can install WIC-DSL DSL Card please tell me about this thanks.it mean ASA 5510 same Router or not.

jcarvalh Tue, 10/07/2008 - 08:43
User Badges:

Hello Pedro.


I am curious on how ZTD works. Can you provide me a brief description?


Thanks,


Joao Carvalho


leleonar Tue, 10/07/2008 - 16:52
User Badges:
  • Cisco Employee,

Hello Joao!


ZTD does not require any specific technical knowledge or training and takes less than five minutes from start to finish. The user simply launches a web browser and inputs valid user credentials. Once the process is initiated, end-to-end information security is maintained over encrypted links, and security policies and service details are deployed, managed, and audited from central management equipment. Separate ZTD provisioning models are used for routers, IP telephony, and video conferencing.


For a home office, you just need to plug the router into your Internet access device. The router automatically receives the appropriate configuration that is required based on the services that you need. Your corporate IP phone automatically registers with the Cisco Unified Communications Manager, assuming its MAC address was registered for you.


For the corporate headquarters, Cisco Virtual Office uses Cisco IOS Software at the remote site to manage a digital certificate infrastructure and for VPN concentration. All of these devices are managed from a single user interface with a Cisco management tool.


To provision a new home office, you first fill out a request form. Cisco Security Manager is configured with all the security policies ready to deploy. Your user profile and the device are created on the back-end Cisco Secure Access Control Server (ACS), the authentication, authorization, and accounting (AAA) server. After you receive the Cisco Virtual Office home router and connect it to the Internet, type a URL in a browser (for example, https://join-my-company-cvo.company.com) to authenticate your one-time password (OTP) AAA credentials (or whatever authentication policy is defined by company policies). This process triggers router configuration.


For more detailed information, please visit:

http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns430/ns855/qa_c67-492371.html


Best Regards,

Pedro

vgershman Tue, 10/07/2008 - 12:30
User Badges:

hello,


How do i post a new question? How do i check which version of EEM i am running? i am trying to execute EEM action to send out a trap, but i am not receiving anything on my receiver. Please, help


Thanks

leleonar Tue, 10/07/2008 - 16:40
User Badges:
  • Cisco Employee,

Hello,


To see the EEM version, you need Cisco IOS Software Version 12.4(20)T or above.

The respective command is "show event manager version"


Regarding how EEM can send a trap, we need more information about what kind of trap you need to track down. Is it an SNMP trap, or a Syslog message? Is the receiver the router or another external box?


Thanks

Pedro

b.speltz Thu, 10/09/2008 - 08:21
User Badges:
  • Bronze, 100 points or more

What is the minimum ISP uplink speed that will allow us to have very good voice quality?

leleonar Thu, 10/09/2008 - 10:51
User Badges:
  • Cisco Employee,

Hello,


The minimum ISP ulplink speed depends on the Codec used.


If G.729 is used, you will need 64Kb (up and down). This 64Kbps include overheads for IPSec and other encapsulations.


Also important would be to implement voice Vlans and QoS.


Some of the more obvious needs your VoIP requirements list should take into consideration includes the end-user features and services that are needed. VoIP systems are known for the rich set of user features they provide (for ex: Caller ID). Voice makes different demands of networks than data. You need to satisfy voice network requirements for jitter, latency, packet loss, and quality of service as some security planning( for ex: Will your voice calls need encryption?).


Remember you will need to constantly monitor the network performance parameters to insure that the network continuously supports the level of quality you need.


With regards to Cisco Virtual Office (CVO), we recommend have more than 200Kbps per second so that an ISP connection can be shared between the corporate employee and spouse and kids, or guest. With 200Kbps, you can run the G.711 codec, which has a Mean Opinion Score (MOS) of 4.5/5, which is very good.



Best Regards,

Pedro Leonardo

meacuuecu Fri, 10/10/2008 - 15:53
User Badges:

Does Cisco offer any products that would analyze my syslogs. My current syslog records ASA, routers, Windows events, etc.. and I am looking for an analysis/correlation tool.

leleonar Fri, 10/10/2008 - 23:55
User Badges:
  • Cisco Employee,

Hi,


Cisco has the Cisco Security Monitoring, Analysis and Response System Response System (MARS). MARS is a monitoring tool that can can identify and analyze security threats. It works with IOS Routers, Calayst OS, and some ASA devices:


For more detailed information please visit: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5739/ps6241/data_sheet_c78-458671.html


Best Regards,

Pedro Leonardo


LeeNorman Tue, 10/14/2008 - 17:43
User Badges:

Hello to you Both, ...


Very kind of you &/or Cisco to offer this forum.


I working with a uBR7114 router, erased the flash and changed the config register. The router boots to Router(boot)>. The router does let me reset the config-register back to 0x2102, yet I still get the dreaded

Router(boot)> How can I fix this?

Additionally, I am only able to gain "Guest Registration" status. What Cisco tools for Routers can I download from the Cisco site?



leleonar Thu, 10/16/2008 - 10:42
User Badges:
  • Cisco Employee,

Hello,


You will first need to have a valid Cisco IOS software in the router flash to boot from there.

Since you erased your flash, there is nothing there, so now you will need to copy a valid IOS Software image to flash first, before you reload.


If you need to format your flash, follow these steps:

Router# format flash:


Format operation may take a while. Continue? [confirm] Format operation will destroy all data in "flash:". Continue? [confirm] Enter volume ID (up to 64 chars)[default flash]:

Current Low End File System flash card in flash will be formatted into DOS File System flash card! Continue? [confirm] Format:Drive communication & 1st Sector Write OK...

Writing Monlib sectors ............................

Monlib write complete

..

Format:All system sectors written. OK...

...

Format of flash complete/


If you don't have a Cisco IOS Software valid for this platform, you can follow these steps to get it:

http://www.cisco.com/en/US/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html.


After you get the IOS image, you can tftp it to the router flash, it the router has network connectivity, or you can use the procedure exemplified here: http://www.cisco.com/en/US/products/hw/routers/ps259/products_tech_note09186a008015bfac.shtml



In order to fix your www.cisco.com login problem, get in touch with: [email protected]

They will help you.


Best Regards,

Pedro

KQCISMARS Tue, 10/14/2008 - 21:42
User Badges:

Hi,

one of our LAN swiitch 3560 POE keeps on hanging

kindly assist on what could be the problem

Thanks

Andrew

leleonar Thu, 10/16/2008 - 10:52
User Badges:
  • Cisco Employee,

Hello Andrew,


First, try to see if it is a configuration issue or a switch issue:

- Remove any configuration on the switch so that configuration can't be a issue (save the config somewhere safe).



If that does not work, and the switch it not booting its image, then try the following steps:

- Do a password recovery process to see if it can recover, in case the problem is in NVRAM (here's how he can do it:

http://www.cisco.com/en/US/products/hw/switches/ps5528/prod_password_recoveries_list.html);

If you get to enable mode you can try to "write erase" to wipe out the NVRAM content also.


One more idea:

- upgrade the image in the switch, format the flash, copy a new image and boot it.


Best Regards,

Pedro Leonardo

qureshi_asrar Thu, 10/16/2008 - 21:15
User Badges:

I need to know th command for debug the vpn tunnel in Cisco router


through which i should able to find the all the source ip address enterning or leaving the vpn tunnel in details.

leleonar Thu, 10/16/2008 - 22:33
User Badges:
  • Cisco Employee,

Hello,


it depends on the IOS version that you are running. On the latest IOS versions, the "show crypto session" show both end-points of a tunnel, the local and the remote. Otherwise, the "show crypto ipsec sa" will show the ipsec peer end points.


The "show crypto ipsec sa" shows all the security association flows currently built in the router.

Router#sh cry ips sa

interface: Tunnel0

Crypto map tag: head-end-1, local addr 172.16.0.1

protected vrf: (none)

local ident (addr/mask/prot/port): (172.16.0.1/255.255.255.255/0/0)

remote ident (addr/mask/prot/port): (10.20.4.1/255.255.255.255/0/0)

current_peer 172.16.20.5 port 500


In this example, the tunnel end-point are 172.16.0.1 and 172.16.20.5

and the remote site has a flow for 10.20.4.1


if you want to see, debug, actual traffic going in the tunnel, I would create a "permit ip any any log" access list and attach it to the tunnel interface. This way you can see the hit on the access list when you issue "show ip access". This is a better way to see what traffic is passing then a debug command that will affect performance at a higher level.


Otherwise, that is not specif command to debug traffic for a tunnel, only the global commands.


Best Regards,

Pedro Leonardo


Thanks

Pedro

Actions

This Discussion