Tag: Network Administration

How to copy an Image file to another network device

In general, we copy/upload IOS image files to either flash or bootflash from a TFTP server. In case of timeouts or network delays with the TFTP server, we could use either USB or Memory Slots in order to copy image files to a network device. Once you are done copying the image to flash/bootflash, we can simply configure the network device itself as a TFTP server and can be used to copy image files across other devices. 

NOTE: Please make sure all the devices are in the same subnet 

In our example, we have used 2 Routers. Router 01 is preloaded with the Image files and will be configured as the TFTP server. Router 02 will be the TFTP client. 

Step 01: Make sure, the image file is already copied to the file location (flash or bootflash)

# show bootflash:

Step 02: Configure the Router as a TFTP server. And then assign the relevant image file

(config)# tftp-server bootflash:/“imagename”

Step 03: Log into Router 02 and copy the Image file from the TFTP server (Router 01)

#copy tftp bootflash:

 

[source: Cisco KB]

 

 

Policy-Based VPN vs Route Based VPN

When we are planning for VPN solutions, we should have an understanding of 2 VPN solutions (Policy Based and Route Based). 

Policy-based VPNs encrypt a subsection of traffic flowing through an interface as per configured policy in the access list. The policy dictates either some or all of the interesting traffic should traverse via VPN.

A Route-based VPN works on routed tunnel interfaces as the endpoints of the virtual network. All traffic passing through a tunnel interface is placed into the VPN. Rather than relying on an explicit policy to dictate which traffic enters the VPN, static and/or dynamic IP routes are formed to direct the desired traffic through the VPN tunnel interface.

To summarize, let’s see a comparison table with the main differences between Policy-Based and Route-Based VPN solutions.

Policy-based VPN Route-based VPN

Supported on most network devices (Cisco Routers, Cisco ASA, other vendors, etc)

Supported only on Cisco IOS Routers. Very limited interoperability with other vendors

Routing Protocols cannot pass through the VPN tunnel

Routing Protocols can pass through the VPN tunnel

Strong Security natively

 Need additional configuration

Complex Configuration

Simplified Configuration
Supports P2P network topology while Hub and Spoke topology is not supported Supports Hub-spoke , P2P and P2MP network topologies
Traffic flowing through the VPN tunnel can’t be NATTed Traffic flowing through the VPN tunnel can be NATTed since it passes through either the tunnel interface or gateway IP address specified as next-hop in routing.
VPN failover group provides redundant VPN tunnels. SD-WAN policy routing with backup gateway configuration provides redundant routes.
Small networks with limited network expansion. Large networks experiencing rapid growth.