Wednesday, April 24, 2013

EOS Announcement for Hot-sale Cisco 2960, Cisco 3560, 3750 switches and EHWIC Cards VS the Replacements-part 2

EOS for Cisco 2960, Cisco 3560 and Cisco 3750 switches
End-of-Sale Product: WS-C3750G-24TS-S1U
Key Features:
24 Ethernet 10/100/1000 ports
4 SFP-based Gigabit Ethernet ports
32-Gbps, high-speed stacking bus
1 RU stackable, multilayer switch
IP Base software feature set (IPB)
Replacement: WS-C3750X-24T-S
Overview:
Stackable 24 10/100/1000 Ethernet ports
350W AC power supply
1 RU
IP Base feature set
 WS-C3750X-24T-S
End-of-Sale Product: WS-C3750G-48TS-S
Key Features:
48 Ethernet 10/100/1000 ports
4 SFP-based Gigabit Ethernet ports
32-Gbps, high-speed stacking bus
1 RU stackable, multilayer switch
IP Base software feature set (IPB)
Replacement: WS-C3750X-48T-S
Overview:
Stackable 48 10/100/1000 Ethernet ports
350W AC power supply
1 RU
IP Base feature set
WS-C3750X-48T-S
End-of-Sale Product: WS-C3750G-24PS-S
Key Features:
24 Ethernet 10/100/1000 ports with IEEE 802.3af and Cisco pre-standard PoE
4 SFP-based Gigabit Ethernet ports
32-Gbps, high-speed stacking bus
1 RU stackable, multilayer switch
IP Base software feature set (IPB)
Replacement: WS-C3750X-24P-S
Overview:
Stackable 24 10/100/1000 Ethernet PoE+ ports
715W AC Power Supply
1 RU
IP Base feature
WS-C3750X-24P-S
End-of-Sale Product: WS-C3750G-48PS-S
Key Features:
48 Ethernet 10/100/1000 with IEEE 802.3af and Cisco pre-standard PoE ports
4 SFP-based Gigabit Ethernet ports
32-Gbps, high-speed stacking bus
1 RU stackable, multilayer switch
IP Base software feature set (IPB)
Replacement: WS-C3750X-48P-S
Overview:
Stackable 48 10/100/1000 Ethernet PoE+ ports
with 715W AC Power Supply
1 RU
IP Base feature
WS-C3750X-48P-S 
End-of-Sale Product: HWIC-1FE
Key Features:
Cabling Type: Ethernet 10Base-T, Ethernet 100Base-TX
Data Link Protocol: Ethernet, Fast Ethernet
Data Transfer Rate: 100 Mbps
Network / Transport Protocol: TCP/IP, L2TP, PPPoE
Compliant Standards: IEEE 802.2, IEEE 802.3, IEEE 802.3u, IEEE 802.1Q, IEEE 802.3x
Replacement:  EHWIC-1GE-SFP-CU
Overview:
Gigabit Ethernet connectivity but will not support line rate
1 SFP slot supports a Cisco SFP and a copper RJ-45 port
monitor real-time parameters of the SFP
EHWIC-1GE-SFP-CU
End-of-Sale Product: HWIC-4ESW
Key Features: please see the details at: http://www.router-switch.com/hwic-4esw-p-1110.html
Replacement: EHWIC-4ESG
Overview:
8 quality-of-service (QoS) queues per port
Shaped Deficit Weighted Round Robin (SDWRR)
dynamic secure port, intra-chassis cascading
up to 20W of PoE per port, and PoE per-port monitoring and policing
Multigigabit Fabric (MGF) is enabled for direct module-to-module communication
EHWIC-4ESG

EOS Announcement for Hot-sale Cisco 2960, Cisco 3560, 3750 switches and EHWIC Cards VS the Replacements-part 1

With the glorious history, some of the most popular Cisco switches (including Cisco 2960 series, Cisco 3560 series, Cisco 3750 series switches and some hot sale Cisco HWIC cards are coming to its EOS. Without those Cisco devices, our network may suffer many problems. Fortunately, all EOS devices have their replacements which are even better than themselves. Now, let’s share the most popular hot sale devices and their replacements.
End-of-Sale Product: WS-C2960G-24TC-L
Key Features:
20 Ethernet 10/100/1000 ports
4 dual-purpose uplinks 
1 RU fixed-configuration
LAN Base image
Replacement: WS-C2960S-24TS-L
Overview:
24 Ethernet 10/100/1000 ports
2 1 Gigabit Ethernet SFP uplink ports
Optional Cisco FlexStack stacking support
LAN Base image
WS-C2960S-24TS-L
End-of-Sale Product: WS-C2960G-48TC-L
Key Features:
44 Ethernet 10/100/1000 ports
4 dual-purpose uplinks
1 RU fixed-configuration
LAN Base image
Replacement: WS-C2960S-48TS-L
Overview:
48 Ethernet 10/100/1000 ports
2/1 Gigabit Ethernet SFP uplink ports
Optional Cisco FlexStack stacking support
WS-C2960S-48TS-L
End-of-Sale Product: WS-C3560G-24TS-S
Key Features:
24 Ethernet 10/100/1000 ports and 4 SFP-based Gigabit Ethernet ports
1RU fixed-configuration, multilayer switch
Enterprise-class intelligent services delivered to the network edge
IP Base software feature set (IPB)
Overview: 
Standalone 24 10/100/1000 Ethernet ports
350W AC power supply
1 RU
IP Base feature set
WS-C3560X-24T-S
End-of-Sale Product: WS-C3560G-48TS-S
Key Features:
48 Ethernet 10/100/1000 ports and 4 SFP-based Gigabit Ethernet ports
1RU fixed-configuration, multilayer switch
Enterprise-class intelligent services delivered to the network edge
IP Base software feature set (IPB)
Replacement: WS-C3560X-48T-S
Overview:
Standalone 48 10/100/1000 Ethernet ports
350W AC power supply
1 RU
IP Base feature set
WS-C3560X-48T-S
End-of-Sale Product: WS-C3560G-24PS-S
Key Features:
24 Ethernet 10/100/1000 ports and 4 SFP-based Gigabit Ethernet ports
1RU fixed-configuration, multilayer switch
Enterprise-class intelligent services delivered to the network edge
IEEE 802.3af and Cisco pre-standard
IP Base software feature set (IPB)
Replacement: WS-C3560X-24P-S
Overview: 
Standalone 24 10/100/1000 Ethernet PoE+ ports
with 715W AC power supply
1 RU
IP Base feature set
WS-C3560X-24P-S
End-of-Sale Product: WS-C3560G-48PS-S
Key Features:
48 Ethernet 10/100/1000 ports and 4 SFP-based Gigabit Ethernet ports
1RU fixed-configuration, multilayer switch
Enterprise-class intelligent services delivered to the network edge
IEEE 802.3af and Cisco prestandard Power over Ethernet
IP Base software feature set (IPB)
Replacement: WS-C3560X-48P-S
Overview:
Standalone 48 10/100/1000 Ethernet PoE+ ports
with 715W AC power supply
1 RU
IP Base feature set
WS-C3560X-48P-S

Sunday, April 7, 2013

Best Answers for What is NAT, How NAT works & How to Configure NAT?

What is Network AddressTranslation?
The new Network Address Translation (NAT) functionality in the Cisco routers allows privately addressed networks to connect to public networks such as the Internet. When the privately addressed network (the "inside") sends a packet through the NAT router, the addresses are converted to legal (registered) IP addresses before being passed to the "outside". Many sites have been using pass-through firewall gateways to provide this functionality. Well, it's now available in your Cisco router!
I've been encountering more and more sites that need to connect to others, where both parties are using private addressing. Network 10.0.0.0 is particularly popular (along the "more is better" line of thinking?). Two sites that have both used the same private network number have to either coordinate addressing or re-address to avoid conflicts. Now, with NAT, the same address ranges can be used multiple times.
Some other sticky network problems that need NAT (Benefit of NAT)
We've already mentioned that NAT cures duplicate address ranges without readdressing host computers. The translation done by NAT can be either static or dynamic. Static translation is where we specify a lookup table, and one inside address is turned into one pre-specified outside address. Dynamic is where we tell the NAT router what inside addresses need to be translated, and what pool of addresses may be used for the outside addresses. There can be multiple pools of outside addresses. ICMP host unreachable messages are used when addresses run out.
NAT  with Peplink Balance Deployed in Drop-in Mode
2. Port multiplexing
With NAT, multiple internal hosts can also share a single outside IP address, which conserves address space. This is done by port multiplexing: changing the source port on the outbound packet so that replies can be directed back to the appropriate machine.
3. Load distribution
You can also do load distribution via NAT: have one external address (perhaps your Web server's name, www.cisco1900router.com, maps to this address). Then round-robin between different inside machines, so that incoming new connections are distributed across several machines. (Since each connection may involve state information, a given connection has to remain on one machine.)
4. Readdressing
Organizations that change service providers are now typically not allowed to take their address with them (because exceptions to CIDR addressing blocks have become a problem). NAT solves this by allowing re-addressing to occur at the gateway, allowing time to convert internal hosts to the new network number.
Additionally, NAT also enhances security---internal network topology and addresses are hidden from the outside world. The only thing NAT really can't do much about is sloppily-written applications, with hard-coded raw IP addresses.
Disadvantages of NAT
Address translation is not practical for large numbers of internal hosts all talking at the same time to the outside world. NAT just won't work well at a large scale.
Besides, performance may be a consideration. Currently, NAT only runs on Cisco 7500 routers with the RSP. Even there, NAT causes process switching on its configured interfaces. You can think of this as if the CPU has to look at every packet, deciding whether or not to translate it, and whether to alter the IP header, or possibly the TCP header. One doubts that this will be easily cache-able.
In terms of this problem, I refer you to the Cisco Command Configuration Guide, which is very lucid. The NAT section of the IP chapter is particularly well-written and clear. It has good illustrations and explains in detail what happens as a packet is forwarded through the NAT router.
Here's a minimal sample configuration for static address translation. We assume Ethernet 0 is "inside" and Serial 0 is "outside". Private network 10.0.0.0 is used inside, and 192.1.1.0 outside. We'll translate 10.1.2.3 to 192.1.1.2 (and vice versa). The words "inside source" emphasize that the inside source address is what's getting changed.
ip nat inside source static 10.1.2.3 192.1.1.2
interface ethernet 0
ip address 10.1.2.1 255.255.255.0
ip nat inside
interface serial 0
ip address 192.1.1.1 255.255.255.0
ip nat outside
You may add address mappings or inside or outside interfaces as necessary.
Let's look at dynamic (pooled) translation with the same network and addresses as before. We'll set up a pool of addresses, translating sources in the range 10.1.2.0 through 10.1.2.255 to the range 192.1.1.10 through 20. The access list indicates what source addresses can be translated. The idea of the third line is that inside source addresses matching list 20 get translated to addresses from the pool named LegalPool. It pretty much says that, doesn't it!
ip nat pool LegalPool 192.1.1.10 192.1.1.20
access-list 20 permit 10.1.2.0 0.0.0.255
ip nat inside source list 20 pool LegalPool
interface ethernet 0
ip address 10.1.2.1 255.255.255.0
ip nat inside
interface serial 0
ip address 192.1.1.1 255.255.255.0
ip nat outside
And then there's address overloading (port multiplexing). To obtain a sample configuration for doing port multiplexing, add the word "overload" at the end of the "ip nat inside source" line. This gives the router permission to start sharing addresses.
ip nat inside source list 20 pool LegalPool overload
You can configure outside source address translation similarly, changing "inside source" to "outside source" in the above examples.
Let's look at how to do static outside address translation, supposing subnet 10.1.5.0 occurs both inside and outside (we're connecting to another company here). We only need to talk to the outside machine 10.1.5.3, and we'll readdress it as private address192.168.1.1 on the inside (if we use 10.1.5.x, we have more complex routing issues to think about). This might call for something like the following.
ip nat outside source static 10.1.5.3 192.168.1.1
interface ethernet 0
ip address 10.1.2.1 255.255.255.0
ip nat inside
interface serial 0
ip address 10.1.3.1 255.255.255.0
ip nat outside
I'm ignoring routing issues here (as in, why does the inside net think network 192.168.1.0 is back through this NAT router?). This sort of thing can also be done dynamically, using a pool of inside addresses, and an access list to match the outside source address, much like our earlier dynamic example. You can even translate both ways, changing the source addresses as packets go through the router in either direction. Just combine the "inside source" and "outside source" configurations!
Finally, there's TCP Load Distribution. We define a pool of addresses containing the real hosts' addresses, ending with "type rotary". The access list now permits the IP address of the virtual host, i.e. what the outside world thinks is the host address. So the virtual host is 192.1.1.50, with the real hosts being 10.1.2.20 through 30.
ip nat pool ServerPool 10.1.2.20 10.1.2.30 type rotary
access-list 30 permit 192.1.1.50 0.0.0.0
ip nat inside destination list 30 pool ServerPool
interface ethernet 0
ip address 10.1.2.1 255.255.255.0
ip nat inside
interface serial 0
ip address 192.1.1.1 255.255.255.0
ip nat outside
There are also commands to tune address translation. The dynamic translations time out after non-use; the timeout period is configurable. (Without overloading, the timeout is 24 hours). The number is how many seconds before timeout.
IP NAT translation time out 3600
With overloading, there is finer control, for UDP, DNS, and TCP, also Finish and Reset packets:
ip nat translation udp-timeout 3600
ip nat translation dns-timeout 3600
ip nat translation tcp-timeout 3600
ip nat translation finrst-timeout 3600
(Please note I am not recommending 3600 seconds as a timeout, just using it to demonstrate the syntax of the command.)
Commands to Manage NAT
To clear the dynamic translation table before timeout occurs:
Clear ip nat translation *
You can also clear specific entries. To see what's there:
show ip nat translations
show ip nat translations verbose
There's also:
show ip nat statistics
There are also NAT debug commands. These include:
debug ip nat
debug ip nat 110
debug ip nat detailed
(Here the 110 is an access list number governing which NAT packets to display, as with other debug commands in recent IOS releases).
Don't use these debug commands in a production router, you'll have more output than you could possibly have wanted. They might be darn handy in a test scenario when you're trying to see how NAT works, or what it does!
This material is originally from: