Cisco Routers: Unlock 3 key features for more efficiency
Today many Chicago businesses are looking to squeeze more productivity out of their existing technology infrastructure. It just so happens that I love helping them unlock features that they never knew existed to provide a cost-effective technology solution to a business need.
For example, many organizations own a mysterious blue box buried in a wiring closet somewhere with the words “Cisco 2800” printed in white across the front bezel. I am of course talking about a Cisco router; it usually runs for years with little or no intervention.
It never ceases to amaze me how these little devices are underutilized; they are FILLED with potential functionality. I would like to share with you three really cool—but little known– features of your router that offer big benefits. Since every IOS feature set is different depending on the version, check the Cisco Feature Navigator to verify support.
DISCLAIMER: A misconfigured router can leave your network in a nonfunctional state and we never recommend tampering with ISP-owned CPE equipment. Always work with a certified IT professional before making network hardware configuration changes.
Network Based Application Recognition (NBAR)
NBAR is a mechanism by which your router can identify predefined types of traffic. Once the traffic is identified, it can be added to a class map, which can be added to a policy map (QoS feature) and thus marked for special handling.
So what does that mean? You know all of that BitTorrent traffic, such as Kazaa, Napster, and Grokster? Your router can pinpoint this traffic and slow it to a crawl (police/shape) or drop it completely. Conversely, we can also prioritize other types of traffic such as SQL and Kerberos. The advantage of NBAR over traditional class map mechanisms is that it can classify services that are more dynamic than a simple TCP/UDP port or source/destination IP.
Intrusion Prevention System (IPS)
Intrusion Prevention System or IPS is a method of intelligently identifying traffic patterns or certain types of traffic based on a signature file or “suspicious pattern” (called heuristic detection) and block the malicious traffic. Think of it as a police officer that sits in line with the traffic flowing inside your network. While there are certain hardware-based IPS devices, certain IOS versions have it built in with no extra hardware required.
GRE Tunnel IPsec VPN
Many organizations are running some sort of IPSec VPN already, yet there is a little known variant called an IPsec VPN GRE Tunnel. What is the difference, you ask? In terms of functionality, it is somewhat similar to a traditional site-to-site VPN, but the GRE Tunnel has the added benefit of being able to propagate dynamic routing traffic such as OSPF LSA’s and EIGRP Hello messages. This is a crucial distinction: you can run a dynamic routing protocol across geographical, separate locations with all of the benefits such as dynamic path selection, route summarization and greater scalability.
If you have any questions about these features, or if you would like to realize more IT efficiency in your operation, give our Chicago IT consultants a call. Or register for our upcoming Lunch and Learn event, Microsoft and Cisco: A Perfect Match on September 16.