Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ASK THE EXPERT - STATEFUL APPLICATION INTELLIGENCE AND INTEGRATED SECURITY

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to learn with Cisco expert Sachin Gupta how embedded deep packet inspection capabilities on the Catalyst 6500 deliver Stateful Application Intelligence and Integrated Security. Sachin is a senior manager in the Catalyst 6500 product management team. He has been at Cisco for 10 years and has held leadership roles in Customer Advocacy and the IOS Technologies division before joining the Catalyst 6500 team four years ago.

Remember to use the rating system to let Sachin know if you have received an adequate response.

Sachin might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through June 1, 2007. Visit this forum often to view responses to your questions and the questions of other community members.

22 REPLIES
Community Member

Re: ASK THE EXPERT - STATEFUL APPLICATION INTELLIGENCE AND INTEG

Dear Cisco,

I have Cisco Airo Net 1300, when I give Manual IP then its giving me the error (Reload Reason: Could Not Fallback to DHCP) and after this it reload.

please guide me who is the expert/correct person which i can contact and he resolve my problem.

waiting for your prompt response

Nasir Mehmood

System Administrator

+92-300-5125583

nasir.cdcu@gmail.com

Pakistan

Cisco Employee

Re: ASK THE EXPERT - STATEFUL APPLICATION INTELLIGENCE AND INTEG

Hi Nasir,

This forum is really to discuss new application intelligence and security capabilities of the Catalyst 6500 with Supervisor Engine 32 PISA. I recommend that you get your question answered through Cisco TAC.

Sachin

Community Member

Re: ASK THE EXPERT - STATEFUL APPLICATION INTELLIGENCE AND INTEG

Hi sir;

I know this is for the expert,, but im not an expert, just started my carrer in networking, hope you could help me with my wonderings :) :) I am very much interested in multi-layer switching, using RSM and the route switch feature card and the supervisor engines management specifically on switching, bridging, trunking, STP, routing(internal-routing), ACL, though i had already an idea on those i mention, just want to know how the multilayer switch deal with those since it is already integrated, its operations, how, to's,, do you mind sir if you can give me something to read for me know its operation.. Hope you could help me sir,, your help would greately appreciated. thank so much.

Community Member

Re: ASK THE EXPERT - STATEFUL APPLICATION INTELLIGENCE AND INTEG

Hi,

Planning to implement DARPI with DHCP Snooping and Port Security on 3750 edge switch which is connected to 6513. DHCP server connected to 6513.

How can we implement?

Cisco Employee

Re: ASK THE EXPERT - STATEFUL APPLICATION INTELLIGENCE AND INTEG

I'm not familiar with DARPI. Can you please clarify what you are trying to implement?

Community Member

Re: ASK THE EXPERT - STATEFUL APPLICATION INTELLIGENCE AND INTEG

Hello,

DARPI - Dynamic ARP Inspection. This is a serious Layer 2 security vulnerability where attacker can use ARP poisoning. To mitigate this issue, DHCP Snooping along with Port Security need to be configured.

Anyone implemented in an Enterprise level, please help

Cisco Employee

Re: ASK THE EXPERT - STATEFUL APPLICATION INTELLIGENCE AND INTEG

Community Member

Re: ASK THE EXPERT - STATEFUL APPLICATION INTELLIGENCE AND INTEG

Hi Sachin,

What does Flexible Packet Matching (FPM) do for me that I can't do with Access Control Lists (ACLs)?

Thanks,

Bill

Cisco Employee

Re: ASK THE EXPERT - STATEFUL APPLICATION INTELLIGENCE AND INTEG

Hi Bill,

Flexible Packet Matching allows you to filter at any offset in the packet whereas ACLs are limited to L4 ports. For example, the Slammer worm is a UDP packet that has a certain bit string at a 224 byte offset - ACLs can't match this exactly but FPM can. You can examples of FPM filters at:

http://www.cisco.com/cgi-bin/tablebuild.pl/fpm

Sachin

Community Member

Re: ASK THE EXPERT - STATEFUL APPLICATION INTELLIGENCE AND INTEG

Hi sir;

I know this is for the expert,, but im not an expert, just started my carrer in networking, hope you could help me with my wonderings :) :) I am very much interested in multi-layer switching, using RSM and the route switch feature card and the supervisor engines management specifically on switching, bridging, trunking, STP, routing(internal-routing), ACL, though i had already an idea on those i mention, just want to know how the multilayer switch deal with those since it is already integrated, its operations, how, to's,, do you mind sir if you can give me something to read for me know its operation.. Hope you could help me sir,, your help would greately appreciated. thank so much.

Community Member

Re: ASK THE EXPERT - STATEFUL APPLICATION INTELLIGENCE AND INTEG

Hi,

I'm running currently Cat6513 with SUP720..

what is the added value that can entice to upgrade to PISA ?

Cisco Employee

Re: ASK THE EXPERT - STATEFUL APPLICATION INTELLIGENCE AND INTEG

Hi,

You are good with Sup720! If you are using your 6513 in a campus access (wiring closet) or Enterprise WAN type of deployment, Sup32 PISA offers you the ability apply QoS and Security policies to traffic flows based on application or based on patterns deep in the packets. Basically, you can prioritize based on HTTP URL, or match things like Citrix or VoIP statefully. You can also block BitTorrent or Skype - if that is your corporate policy. And you can do all this in hardware at multi-Gigabit speeds.

Sachin

Community Member

Re: ASK THE EXPERT - STATEFUL APPLICATION INTELLIGENCE AND INTEG

Dear sirs

I am new in forum but i want to ask for a cisco 876

I have 2 cisco 876 , 2 isp and one windows 2003 server as gateway for my network .

I want to use pbr to route the www to isp 1 and smtp to isp 2.

The ISP,s give me 16 realy ip each

It is possible this .. i read that with PBR i can do this

Cisco Employee

Re: ASK THE EXPERT - STATEFUL APPLICATION INTELLIGENCE AND INTEG

I'm sorry, but I don't have the expertise to answer this question. I would recommend that you contact TAC.

46
Views
0
Helpful
22
Replies
CreatePlease to create content