Search This Blog

Wednesday, March 12, 2014

Cisco Prime Infrastructure, comparison of Editions



Cisco Prime Infrastructure, comparison of Editions

 Prime Infrastructure Minimum Requirements
Requirement
Express
Standard
Pro
VMWare Version
ESXi 4.1 or later
ESXi 5 or ESXi 5.1
ESXi 5 or ESXi 5.1
Virtual CPUs
4
16
16
Memory (DRAM)
12GB
16GB
24GB
HDD Size
300GB
900GB
1200GB
Throughput (Disk I/O)
200 MB/s
200 MB/s
200 MB/s

Table 3 Supported Scale for Prime Infrastructure Installation Options (includes Assurance)
Parameter
Express
Standard
Pro
Max Wired Devices
300
6,000
13,000
Max Controllers
5
500
1,000
Max Unified APs
300
5,000
20,000
Max Autonomous APs
300
3,000
3,000
Max NAMs
5
500
1,000
Max Wired Clients
6,000
50,000
50,000
Max Wireless Clients
4,000
75,000
200,000
Max Changing Clients
1,000
25,000
40,000
Max Events Sustained Rate (events per second)
100
300
1,000
Max NetFlow Rate (flows per second)
3,000
16,000
80,000
Max Concurrent GUI Clients
5
25
25
Max Concurrent API Clients
2
5
5
Max Number of Sites per Campus
200
2,500
2,500
Max Groups: User-Defined + Out of the Box + Device Groups + Port Groups
50
150
150
Max Virtual Domains
100
1,000
1,000
Max Interfaces
12,000
250,000
350,000
Max NAM Data Polling Enabled
5
20
40


Posted by at No comments:
Labels:

Wednesday, March 5, 2014

Cisco ASA URL Filtering [ASDM]

In this post i will show how to configure Cisco ASA to do URL filtering without need of server or websense appliance.

The process involve in 5 steps:
1. Configure RegExp for the domain/FQDN you wish to allow/block
2. Configure RegExp class map to group two or more RegExp
3. Set HTTP class map
4. Set HTTP inspection map
5. Configure Service Policy Rule

Let's start:

1. Got to Configuration > Firewall > Objects > Regular Expressions:



2. Click add to configure regular expression for the domain\FQDN you like to allow block, in my example i used Cisco.com and Microsoft.com

 


Then below click on add to create regular expression class, add the two newly created RegExp to this class:

 
3. Go to Configuration > Firewall > Objects > Class Maps > HTTP, configure new HTTP class map:


Set the criterion to Request Header Field, choose predefined field host and choose the RegExp class map.

4. Go to Configuration > Firewall > Objects > Inspect Maps > HTTP, configure new HTTP inspect map:


Choose the HTTP class map you just created, set the action and log options.

5. Go to Configuration > Firewall > Service Policy Rules, choose the relevant interface clikc on insert to add new rule:

 

 
 
 
click on configure:

 


Finally click on apply and there you go...


CLI configuration:

regex Cisco "\.cisco\.com"
regex Microsoft "\.microsoft\.com"
!
class-map type regex match-any RE_CLASS
 description Regular Expression Class
 match regex Cisco
 match regex Microsoft
!
class-map type inspect http match-all HTTP_CLASS_MAP
 match request header host regex class RE_CLASS
!
policy-map type inspect http HTTP_INSPECT_MAP
 parameters
  protocol-violation action drop-connection
 class HTTP_CLASS_MAP
  drop-connection log
!
policy-map PM_ICMP
 class CM_ICMP
  inspect icmp
 class INSIDE100-BLOCK_DOMAIN
  inspect http HTTP_INSPECT_MAP
!
service-policy PM_ICMP interface INSIDE100
 
 Next post how to block file types.







Posted by at 2 comments:
Labels: , ,
Subscribe to: Posts (Atom)