Just in time for Valentines. Kudo’s to our ASR team. I like this. The product stuff is easy to find more on at www.cisco.com/go/asrThe rest of the hijinks can be found at www.techedgeweekly.comRobb
Reducing costs related to the power consumed by devices is the mantra of today’s accounting team. This time consuming process involves the comparisonof device efficiency, power consumption, and the total number of devices needed. What we lack is a holistic means to measure the day-to-day powerconsumed by all network-attached devices which includes the traditional facilities like heating, cooling, and lighting resources. Ethernet is giving us a new way of utilizing power management correlation in a Cisco network. That is the tag line right? I can tell you that my experience with EnergyWise was very cool. The coders at Cisco really did this one right. They used the cloud computing model as a template for EnergyWise and they integrated directly into IOS. I believe this is going to be a real big deal this year. I know that SolarWinds is working on a management package to take advantage of this feature, plus many others as. We are premiering EnergyWise on TechWiseTV on 19Feb09. Then we are doing a more detailed follow on WebEX workshop with one of the code jockeys that wrote it up John Parello. As IT folks we are always looking for ways to advance our career and stand out in a crowd. I strongly believe the energy conservation (and Data Center but I will save that for another blog) are going to be huge fields. Join us for both events ! Jimmy Ray Purser
ComputerWorld Blogger Eric Lundquist wrote that we have outsmarted our competition by not only focusing on bringing real economical value to the ongoing ‘green’ movement these days but doing so while others have focused on new home technology and such. “In a slow economy, companies are only going to invest in projects with a measurable ROI and a cost saving equation. In this shattered economy, the ROI imperative rules supreme.” Eric wrote. He went on to say “Microsoft and H-P took their eye off the ball when they all became enamored with developing in-home media networks rather than networks that would monitor and manage home power and utility use.” Thanks Eric. I of course agree. Hope all of you can see the geeky details behind all of this when we air our next TechWiseTV epsiode “Network Energy Efficiency” on February 19.
One of the most visited booths at NRF in New York was focused on security and the PCI Architecture that Cisco offers. This is always a sticky subject of course and it is interesting to see the foundational nature of security still given some focus in a bad economy. Now, in my experience, people talking about security and people actually working on it and/or spending money to improve can often be from two different groups. None-the-less, take a look at this short overview I got from Wayne Kennedy while I was out there.Robb
This can be a tough topic to understand for sure. A Private is not a VLAN nor do any of the essential VLAN rules apply. A VLAN is a layer 2 boundary and a Private VLAN is really a layer 1 boundary kinda… A Private VLAN is really port isolation. When I config up a private VLAN I am basically telling the switch, ignore port X from your bridge table. A Private VLAN is really allowing YOU the network admin to dictate communication behavior. Consider, I have a hotel or apartment and I want to provide Internet access for all folks BUT I do not want them to see each other. With the VLAN model, I have to route to do this PLUS carry all of the VLAN protocol overhead.A better way, would be to define one common port for Internet access that every port would access, lets say port 1. On a 48 port switch, the other 40 ports, need only to access port 1 and that is it, but the remaining 5 ports need to talk to each other because they are the door security system. So a private VLAN fits the bill here in a simple fashion. port 1 is a community port. I would set up a private vlan that would allow ports 2-43 to access only port 3 and the is it. Then another private vlan would be for my security system which would allow the doors to communicate with the server, but that is it.So the REAL question is, are they secure? Well, they can indeed isolate your ports in their own micro segment. If a hacker cracks one device they can not use it as a jumping off point to all the rest in that subnet. I caution folks when calling VLANs and Private VLANs a security feature. In my testing here in the code cave, I have noticed that a packet sent from a device on an isolated port to another device on another isolated port will not be passed by the switch. Works as planned right? Very true but a packet sent from a device to the MAC address of the default gateway will be passed through the switch. If at an IP layer, it’s addressed to another isolated device, the GW will pass it. I always recommend access lists as to protect against this behavior. I love ‘um and use them often, I just know they are part of my security tool chest and not the end all to be all. Of course in security, what is? Summing it up:Private VLANS: Are only used per switch.VLANS: can span the entire networkPrivate VLANS: allow only data traffic to and from the mapped portsVLANS: allow maintenance protocols per VLAN like NTP, VTP, ICMP, etcPrivate VLANS: have specific uses like; service providers, hotels, DMZ’sVLANS: are used for applications like wireless, voice, political boundaries, etc..Jimmy Ray Purser