Archive of Ciscoskills
In the Cisco World, Expect Anything
In 2011 I started a blog on wordpress.com. I originally I called it systemstechblog (not very original, right?) Since this was on wordpress.com, you can blog for free and so with that a writer was born. đ
Over the years the website changed its name to ciscoskills.net and really just focused on Cisco products and configurations as well as at the time following my progress in Cisco certifications. It’s a good history read, I moved off the website in 2021 and I haven’t done much with it since then, besides move the content around as well as some edits. It’s got some useful info, but its also been aging as well. Its very interesting seeing your writing age and how technology quickly changes in our lifetime.
I used this blog a lot to help me study and learn from where I am today, its a part of this place so enjoy and learn.
Ten Years
A new year, a new plan and a new direction, its been ten years since I started this thing and I have to be honest I loved everything about it. 2020 was crazy⌠I think were getting close in seeing an ending, but everyoneâs life has been affected by this. My work/home life has changed. My priorities have shifted, and because of that this website is going to go static for a while with an unknown date of return. Itâs time for change.
January 3, 2021
Fortigate ECMP with BGP
Itâs like clock workâŚaround this time the seasons are changing..autumn colors are out, and the colder air reminds us that things are changing around here, embrace it! One thing that Iâve been working with is AWS Transit gateways, a common theme this year is all cloud! AWS Transit Gateways make it easier to move towards that! AWS Transit gateways relatively new, (couple years old now) so instead of attaching to each AWS VPC environment independently we can connect to the transit gateway and attach VPCs to the gateway. If you enable BGP your routes will propagate. Iâve been working with ECMP, specifically with Fortigates.
October 11, 2020
It's Always Changing
Something that Iâve been pondering while working from home and I think everybody is doing this⌠re-evaluating their priorities. I like to call it the loop, we get so caught into repetitionâŚits our comfort when things are predictable but when something comes along and changes our lives, good or bad we have to adapt to those changes and potentially change our life direction. Earlier in January and last year I recognized my personal life had been the status quo for way too long. I talked about Goals. I started to think about where do I see my personal life in five, ten, twenty years from now? What about my professional life?
August 15, 2020
VTIs with ASA
Iâve been stuck in more ways then one this yearâŚworking from home indefinitely seems to be the status quo right now, and Iâm in âtunnelâ mode for most part. Most of these projects Iâm working on all of common theme.. connect on-premise to more cloud resources! One way to do that is using VTIs. (Virtual Tunnel Interfaces) VTIs which are not newâŚbeen around for a bit, Cisco IOS had the feature available like 10+ years ago! We only got introduced into this technology with ASA when version 9.7 (2017) and above arrivedâŚ.
August 8, 2020
The World Keeps Turning
Well..couple of things have changed these past months that have had a lasting impact on everyone on this earth. A single reminder that we all share a common home on this place, even though we sometimes think were worldâs apart from each other. During this time Iâve been working from home, and busier then ever making sure the lights stay on. I like to think of myself as a lighthouse keeper or some type of engineer maintaining a spacecraft floating in space sending âpingsâ waiting for reply⌠Weâll get a response and when we do, weâll be ready for the next adventure, we always are!
May 21, 2020
Goals
Every year I think about goals, either how to conquer them, reflect on them, and recently change them. We all have been there, we have a plan in our head that we follow for a handful of years or even decades⌠something happens⌠all of sudden things change. Itâs this change that I believe is so important to life, we canât and shouldnât be static, we have to change in order to grow ourselves.
January 3, 2020
FMCv - Change IP Address
Welcome Back ;) Think about this for a bit, its been years ago when we first configured the our Cisco FMCv in our virtual environment perhaps this is running for years with no problems. (Lucky us!) All of our firewalls connect to it, policies are pushed correctly, IPS rules are updated correctly and we even have URL filtering turned on some devices, and upgrades work out of the box, it just works, again lucky us! We have remote backups working but we never needed themâŚ
October 1, 2019
Graylog with AWS Elasticsearch
Graylog has been through some changes last time I talked about them, hitting version 3.0 in February is awesome and one of things that make Graylog run well is Elasticsearch backend. Although Elasticsearch is not too hard to setup it usually runs better on bare metal, so there is cost of that as well as maintenance of the cluster is important, updates and upgrades. Depending your team experience you may not have time to learn it or run it the way it should be. That last thing you want is your logging setup to go down because of poor maintenance. So in this post we will walk though setting up a Graylog Server and using AWS Elasticsearch service for our backend. Without having a quick Elasticsearch cluster Graylog experience suffers, so letâs get started.
June 21, 2019
Changes on the Horizon - Cisco
Well we finally got an answer, Cisco is upping their Certifications and making some big changes. The CCNA track is taking a hit as all of the secondary exams under CCNA are being retired. If you are studying for any of these CCNA secondary exams keep in mind these wonât transfer over after February 24th 2020. If you complete any current CCNA/CCDA certification before February 24, youâll receive the new CCNA certification and a training badge in the corresponding technology area. (No idea what a training badge is)
June 11, 2019
SVIs and "Routed" Ports
So you have a this nice multiplayer switch, and want to take advantages of all of the features it has to offer. Well there are two different types interface ports on these type of switches. SVIs (Switched Virtual Interface) and âroutedâ ports, fundamentally they are same and clients/users wouldnât be able to tell if you were using/going through an SVI or a âroutedâ port. However they are different and in this post weâll talk about these two and when and were it would be recommended to place an SVI or a routed port.
May 14, 2019
Passed 300-115
Just a short post about my recent Cisco exam, I was able to pass the 300-115 to renew all my lower CCNA certifications. The last time I took a Cisco exam was almost 3 years ago when I passed the CCNA Data Center certification. Overall the exam was fair although you will need multiple study resources to make sure you cover all the exam objectives. The primary reason for doing this exam first instead of ROUTE or TSHOOT was I felt it was maybe the hardest one? Wonât really know until I take the other two. The resources I used:
April 2, 2019
Dual ISP - Cisco ASA HA Active/Standby
So a single ISP isnât cutting it anymore you need a backup just in case the primary fails and might as well add a second ASA into this design, more redundancy equals more up-time, right? On paper it sounds good but in the ârealâ world there probably is tipping point, more redundancy increases complexity. In this post weâll aim to keep it simple, with setting up a Cisco ASA HA active/standby pair and then add in the second ISP. Letâs get started! So this is what our topology will look like all said and done, we have two firewalls and two different ISPs. The primary ISP is ISP-1 and the secondary ISP is ISP-2. We will always be using ISP-1 as the primary and wonât be load balancing between the two. ISP-2 will only be used when ISP-1 goes offline. When ISP-1 comes back online we will switch back over to ISP-1.
March 12, 2019
FMC Syslog with Graylog Extractor
Letâs continue to talk about the Cisco Firepower Management Center, in this post we are going to look at sending connection events over to syslog. In this example Iâm using Graylog which is an open source logging platform and although any syslog server would work, one of the problems with syslogs is there is little uniformity when you have different systems sending these logs. One of the things that Graylog can to do is extract the raw message and put each part of message into a separate searchable field. Weâll configure the FMC to send syslogs and then configure an extractor on Graylog.
February 5, 2019
Oh Spanning Tree
Itâs the âSâ word we donât like to hear, and often times it has degraded networks or even took them down entirely. (All Systems Down - an older but classic story) Itâs also one of those things that nobody really likes, we even had network companies, as well as IEEE try to replace it with something else. Remember the names like TRILL, and IEEE 802.1aq (SPB) or Ciscoâs FabicPath technologies? You had all of these different flavors that showed a lot progress, but they never really took off for one reason or another. The funny part is this protocol we are all trying kill off is still alive and doing well, so letâs look at spanning tree in the meantime because you will likely run into it.
January 2, 2019
Barracuda Load Balancer- Powershell
Working on my Powershell skills, I was playing around with a Barracuda Load Balancer and noticed it supported some APIs which is kind of cool. At first I was playing around with it in postman and got to login and put some servers in maintenance mode, but then thought it would be really neat if I could get this working in Powershell, that way us humans can just run a script and even thinking in the âfutureâ maybe have some automated process (a.k.a AI) handle this for us. ;) So in this post Iâll talk about the script I created and some of the small challenges I had with this overall it was kind of neat putting this together. TLDR: Here is the script if you donât want to read:
December 14, 2018
Automation Dance
I keep doing the automation dance, (yeahâŚthatâs me) there are a lot of different tooling products out there. I have been trying to understand a use case around using it with network automation. Recently I have been dancing around with Ansible. My personal belief is that using any type of these tools would be helpful but it can be a steep learning curve if you really donât have any programming knowledge. This is not something that is relatively easy to use or understand, donât expect to have a working network automated tool in production on day one. I think this is great for learning, and using this in a network sandbox. If you donât have programming mindset it might make your job harder on day one before it gets easier, but just like learning to dance you have to learn the steps, the moves, and maintain the rhythm. So with that letâs at least figure out the starting points, and begin learning the steps of the automation dance. ;)
November 13, 2018
Enable a RESTful ASA API
Starting from ASA 9.3(2) and onward the 5500-X hardware supports a RESTful API as an additional method for configuration/monitoring ASA hardware. Infrastructure as code as they call it, not anything new but I was reading a post that Ivan Pepelnjak wrote and as he points out there are two types of styles when we are dealing with IaC, the data model or CRUD. When reading information about the ASA RESTful API it was interesting what the ASA falls into, CRUD is the method it uses and although this method works, I have similar feeling to what Ivan posted, it wonders me if this is really a step forward into IaC. In this post weâll go through the steps to enable it and you can be the judge, does this RESTful API help?
October 8, 2018
Verifying DNS Lists - FMC
We are back with another post about Ciscoâs Firepower Management Center and this time we are working with the DNS list which if you have a protect license you can have your Firepower modules or your FTD (Firepower Threat Defense) devices look at DNS requests and deny the requests if they are malicious. These have to be applied on your access control policy to be able to use it and in this post we are going verify some of the domain names that are in this lists.
September 7, 2018
Installing a GNS3 Server
Although GNS3 can run local on your computer and you can use VMware Workstation and have the GNS3 appliance. I found it much more stable and predictable to run GNS3 on a dedicated server. Using this type of installation, all the projects, and images are stored on the GNS3 server, so I can install the GNS3 client any computer and get access to the same projects I was working on. You can also have multiple people working on different projects that are on the same server. I find that neat for educational use or if you where helping someone with a project. In this post Iâll walk though the steps needed to set up a GNS3 server.
August 17, 2018
Cisco FTD Standalone
No management centers here, sometimes a standalone firewall is all you need. In this post I have a FTD appliance and there really isnât a need tie this into Ciscoâs Firepower Management Center. So weâll configure appliance in standalone mode and go through the initial first steps that are required to get it online and walk through Firepower Device Manager. If you worked with Cisco FMC youâll find its pretty similar, so with introductions out-of-the-way letâs get started!
July 18, 2018
Too Many TCP Resets
So, recently we enforced some firewall rules on a new environment, we did testing of the environment and everything was working as expected. In about 24 hours a lot of traffic from the web infrastructure was being denied and it continued, at first glance it looked like return traffic was being dropped, the web servers were sourcing at port 443 and the destination ports were using dynamic ports (RFC 6335) No user or application problems were reported when we enforced rules, and we waited additional days to see if anything came up. Nothing came up, the only thing was a spike in amount of syslog messages of dropped traffic coming from the web servers.
June 20, 2018
Configuring Layer Three EtherChannel
When you want more speed all you need is EtherChannel, EtherChannel can be configured as a layer three logical interface instead of just sitting at layer two. This is very helpful if we are running layer three down to the access layer switches, instead of at the distribution layer. You also could see this in a collapsed core design, we also donât have to worry too much about STP when we configure EtherChannelâs. The only requirements to use layer three EtherChannels is your switch need is support layer three âroutedâ interfaces, so with that letâs get started!
May 7, 2018
Wireless VLANs
Itâs been fun four months of 2018 so far and Iâm back to talk about Wireless VLANs. With 802.11ax around the corner (2019) I think we all can agree that âweirdâ connections although less likely have interference isnât as mobile as a wireless LAN. Also, with 802.11ax the maximum theoretical throughput is 10Gbps! Weâre going to need some serious backend infrastructure available to be able to support that type of bandwidth. So, letâs look at configuring a wireless VLANs for our mobile users!
April 16, 2018
Private VLANs
Letâs start out 2018 with private VLANs, with PVLANs the network gets a little more privacy added to it. When we have privacy on the network we can seclude certain parts of it. Essentially, âyou can go about your business - move along, move alongâ. Private VLANs allow us to segment networks within a single VLAN. So in this post weâll go over the types of PVLANs as well as setup a network topology with private VLANs, Letâs get started!
January 9, 2018
Factory Reset Firepower 2100
In this short guide I wanted to walk through the steps to do a factory reset for the Cisco Firepower 2100 series. When doing these resets all configuration and the administrative password are removed, as well as the FTD (Firepower Threat Defense) app-instance. When the unit starts to boot it will reinstall the FTD app-instance to default configuration. There are two ways to factory reset these Firepower 2100 units. If you can get into the device you can simply use these commands: connect local-mgmt erase configuration The other method is used for if you are unable to get into the unit because either you donât know the password or something else has happened to make this appliance unstable enough that a factory reset is needed.
December 1, 2017
VLAN Access Lists (VACLs)
VACLs are another good layer of security to help control who can talk to who, much like access control lists that are in firewalls and routers, however the difference is VACLs operate at layer two of the OSI model. There could be situations where you have multiple hosts on the same LAN and want to block traffic from reaching certain hosts within that same network, how would you go about blocking that type of traffic without using a router or firewall? (Hint: Create a VACL)
November 20, 2017
Enable the NX-OS API
So what has changed in the past 20 years? Take for example the network equipment that was manufactured in 1997, how did you configure that equipment? I would imagine it involved a serial port, HyperTerminal and trusty command line. Was API even a thing back in 1997, was it common to have an API interface in network equipment like today? Why do we even need an API on the equipment in the first place? What changed? Well the year isnât 1997 anymore, that past us 20 years ago and the equipment we work with today looks and operates much differently than it did in 1997.
October 18, 2017
Enter Cisco Firepower CLI (Read-Only)
You have the FMC installed and connect to FTD device with configuration deployed but for what ever reason there is a problem and you need to enter the CLI on the Firepower device to troubleshoot the equipment and although you canât configure anything you can do show and debug commands to troubleshoot via the CLI. We have to enter the Diagnostic CLI and we can do this in two ways:
September 20, 2017
GLBP Load Balancing
We could use HSRP or VRRP to have a redundant default gateway for our PC/server networks. Although this works well we now have hardware powered-on and just sitting around waiting for its counterpart to fail, we are not actively using it. We could split up networks or use multiple default gateways within the same network but who does that? Well if your router or layer three switch happens to have that Cisco logo on it and a software release of at least 12.2(14)S, please welcome and âslow clapâ the Gateway Load Balancing protocol, who has been around since 2002!
August 17, 2017
Update Firepower Devices - Manually
This is short and hopefully helpful post on how to manually update Cisco Firepower Devices. I have run into this problem a couple of times which is pushing this update with the FMC sometimes just fails and it never really seems to download the update to the Firepower sensor. On the FMC it will stay on âInitializingâ for an hour and timeout so here are the steps to manually update your Firepower Sensor:
July 12, 2017
Cisco FTDv in Cisco VIRL
Cisco is actively pushing their Firepower Threat Defense software with the new Firepower 2100 units on their way this summer in effort to eventually replace the ASA5525-X, ASA5545-X and ASA5555-X platforms. When using FTD you must also have the Firepower Management Center (FMC) available to manage and configure these devices. This gets difficult especially if you want to test things out because not everyone has Cisco Firepower lying around unused. How are you supposed to test and learn the depths of this product? (Hint: Cisco VIRL)
June 14, 2017
Configuring EIGRP - Named Mode
From its older brother IGRP which was developed in 1980s to overcome the limitations of RIP, EIGRP was an âEnhancedâ IGRP protocol. The main purpose of EIGRP was to overcome the limitations of classful networks and make EIGRP a classless routing protocol. During designing of this protocol a different convergence algorithm was used making EIGRP that âhybridâ between distance-vector and link-state routing protocols. In this post weâll go over a basic design and setup for EIGRP, however instead of using the âclassic wayâ letâs look at configuring EIGRP using named mode which is available in Cisco IOS starting in version 15.2
May 25, 2017
ASA Site to Site VPN (DHCP)
If you donât already know, site to site VPNs can be a cost-effective way for remote sites to connect to HQ resources instead of a lease line like using MPLS or Metro-E circuits. We can instead use a standard internet connection with a static IP, this is usually cheaper than a dedicated circuit. Our next steps are purchasing a firewall for the remote site (assuming you already have one at HQ) and setup a site to site VPN connection to make the connection. In this guide, Iâll demo a site to site VPN with a pair of ASAs as well as some additional commands to allow DHCP across the tunnel so that your HQ DHCP server can hand out addresses instead of configuring a local DHCP server at the remote site.
April 19, 2017
ASA Site to Site VPN (PATed)
If you ever needed to hide multiple systems behind a single IP address you would use PAT. (Port Address Translation) besides using this to connect to the internet when using an RFC 1918 address, you can configure PAT for VPN connections. The benefit is the same, hide multiple systems behind a single IP address with the advantage being you can have many systems on one side of the VPN tunnel all using that single IP.
March 8, 2017
Cisco VIRL and Windows VMs
One of the neat features of Cisco VIRL is it runs on an open platform, with OpenStack as the orchestration program running on top of an Ubuntu operating system. This gives VIRL additional flexibly by being able to run third-party VMs with KVM begin the hypervisor. In this guide Iâll walk through some of the steps I took to get Windows XP up and running in VIRL. :) If you have a more recent version of Windows thatâs in the current decade following this guide is pretty much the same just adjust the disk space and RAM to fit the requirements. I picked Windows XP is because its light weight, and with an average RAM usage under 100MB it makes easy to add multiple instances if you needed all without wasting too much resources on VIRL host. To get started:
January 7, 2017
Don't get stuck with "speed-groups"
I was working with a Cisco 9372TX switch, and on it I had two 40Gbps uplinks that we where using out of the available four. Talking with our VAR because we where planning on connecting in additional equipment that only supported SFP+ interfaces. So the solution was to connect to this switch with QSFP to SFP+ adapters. Thinking this would be a simple change because we are just plugging in additional adapters on the QSFP ports we planned our maintenance window and rollback plans but I wasnât expecting a rollback for this one :) The interfaces were configured in a shutdown status before we plugged in the adapters and cables so didnât see anything out of the ordinary, when it was time to do the maintenance letâs bring up the interfaces with the command of no shutdown and we should be upâŚ
December 21, 2016
Factory Reset Firepower 4100 & 9300
I got my hands on some Cisco Firepower 4100 units and after playing around with them I wanted to reset them to factory settings, essentially erase the âstartup-configâ on the FXOS. The Firepower units act a little differently than your normal Cisco IOS or ASA and you canât just erase startup-config and reload the device, that would be too easy. (Edit: 7-21-17) After Gabriele made this comment - âconnect local-mgmtâ and then âerase configurationâ it looks like you can. Thanks Gabriele
October 19, 2016
TFTP & FTP Server on Centos 7
If you ever needed a TFTP or an anonymous FTP server to transfer files, logs, or crash debugs to and from your network devices it can be a little tricky if you donât have anything setup. There are some free quick programs out there if you are in a pinch for one-time transfers but if you ever wanted to have something in infrastructure that is ready to go for this kind of stuff just follow this tutorial below.
September 16, 2016
Passed the 640-916 DCICT
Itâs been a little more than year in the making since I passed my last Cisco exam the 640-911 but I finally did it and passed the 640-916. I can now call myself CCNA Data Center Certified. :) If you ever get the chance to take go up Data Center route it really is interesting of all the products and services Cisco has in their portfolio. Cisco UCS, OTV, Fabicpath and FCoE are just really cool technologies to learn about.
August 27, 2016
Cisco UCS Emulator 3.1(1ePE1)
If you are studying any Cisco Data Center certs this tool might come in handy for some hands on learning. The Cisco UCS emulator is a VM you can spin up in VMware Workstation,Fusion or in ESXi. This emulator can be helpful in understanding the UCS platform and UCS manager. You are able to push policies and alter configurations and even import/export these configurations into and out of the ârealâ world to apply them/test them.
July 16, 2016
New Problems, New Job, and a New Look
I still consider myself a rookie in this field even though I started my âofficialâ career in the Network/IT space 5 years ago. Why is that? Is part of the reason because of the rapid push that applications are demanding from the infrastructure? For example if we want XYZ app to be ready for testing today and production in a week how would you be able to stand that up manually? You canât, it really could take weeks to be ready for just testing and that doesnât fly anymore.
July 13, 2016
RBAC Radius with Microsoft NPS 2012 R2
In this configuration Iâm at looking at using Microsoft NPS 2012 R2 as radius server and Iâm going to skip the installation of NPS because it really is just a next, next, finish installation. In this demo I already have this NPS system connected to a Windows domain, my goal is to create role based access on Cisco IOS routers while using radius to login. Iâll have a couple for active directory accounts each them will represent different types of allowed access to these IOS routers. One account will get full administrative access while the other will only get read access, how cool cat is that ;)
April 12, 2016
Rancid canât SSH to older ISRs?
Well its 2016 and you still have that one-of-kind Cisco ISR 2811 or 3845 running in the environment? You followed and installed Rancid, all the new stuff works like it should but when you try to connect to that âone-of-kindâ 2811 with Rancid it closes the connection⌠:/ This is a simple fix and the bug is reported here: LINK. The bug is something with OpenSSH which is installed on your Linux operating system and Rancid rides on top of it. You would have the same issue if you just tried SSH to thing directly from your Rancid machine. The bug looked to be fixed starting OpenSSH 6.9 but as right now at least in Centos 7 the version it goes up to is OpenSSH 6.6. You can verify this by using sshd -V to output the OpenSSH version you are using.
March 3, 2016
iPerf Throughput Testing
Testing a networkâs throughput is a good move, if you are testing a new service you stood up or making sure you getting what you paid for. iPerf is good free open source tool when there isnât really a need to use commercial more expensive tools. In this short tutorial Iâll go over how to configure iPerf which is a CLI tool so letâs get started. iPerf needs client and server on each end of the connection in order to test the throughput. There is also a list of available iPerf servers that are over the internet if you wanted to test internet speed and that information is also where you would download the latest version of iPerf at: https://iperf.fr/ If you are in Windows you have to download the compressed folder from the website and extract it somewhere on your machine. Open command prompt at where the uncompressed files are located: Run from Command Prompt (Youâll get a list of the available CLI switches)
February 12, 2016
Installing Graylog on Centos 7
Letâs start out 2016 with setting up a logging system called Graylog. If you have not used Graylog before then I encourage you to check it out. This is an open source log management system and is pretty flexible as it can capture, index and analyze almost anything. Once up and running this system can be scaled out for an enterprise wide log management system. High availability, clustered, and replicated is what Graylog thrives on. In this demo I am going to have two systems. One is the Graylog server, web server and will also have a Mongo database. The other system will be an Elasticsearch node which is what will have the actual data stored in and indexed. For bigger âproductionâ ready setups you just scale this out to separate systems.
January 1, 2016
Cisco VIRL â Update
Cisco released VIRL almost a year ago and itâs not at the 1.0 version yet but itâs getting close as they have done some good work towards the product since it first lunched. Cisco VIRL is like GNS3 which is simulation platform that runs Ciscoâs current operating systems so instead of buying used Cisco hardware you can run this program on your computer. This software is geared towards proof-of-concept designs, for personal and training on Cisco Certifications. Letâs talk about it!
November 18, 2015
Configuring OSPF - The Basics
We have to start somewhere so letâs look at the basics of configuring OSPF. Remember OSPF is an IGP (Interior Gateway Protocol) and allows packet authentication as well as IP multicast when sending and receiving updates. In this post we are configuring OSPF in a single area. In this topology we have four routers and two PCs. The PCs subnet are 172.30.2.0/24 and 172.30.3.0/24. We have point to point connections between each router.
August 13, 2015
PRTG Daily Email Powershell Script
So I donât write much powershell but recently I needed a way to send daily emails out of PRTG. Thanks Paessler which has kept it simple with their PRTG monitoring system as the hardest part of this script was getting the data in HTML, remember I donât write much powershell. ;) If you have not used PRTG before check it out if you need some alerting in your environment. Personally this is one of my favorite systems for just monitoring because a lot of other monitoring systems include everything but the kitchen sink and reality we just need to know whatâs up and whatâs down. This script grabs an XML file that PRTG builds and saves it as âtable.xmlâ I have the script check if there are any sensors in trouble if not send an email. If PRTG is reporting a sensor or sensors that are in trouble this scripts builds an HTML document with a table and list the sensors in trouble highlighting the status column with the appropriate color and sends an email.
June 3, 2015
Passed the 640-911 DCICN
Cisco started this exam back in 2012 and I have thought/semi-studied about this test for about over a year now, just did not feel comfy about it until recently. I took the test last week and passed, however there were some questions on the exam I noticed that werenât on the exam blueprint so that kind of surprised me. I was happy to still be able to pass the exam but I was caught off guard. So with that Iâll let you know what I used to study and what areas I think might help so you wonât be as âsurprisedâ as I was.
May 14, 2015
Converting Hexadecimal to Decimal and Binary
The purpose of this post is to reference the CCNA Data Center (640-911) exam. This exam starts the conversation of IPv6 and since IPv6 is hexadecimal this post starts the talk about how we look at a hexadecimal values and learn how to convert them to binary and decimal. If you know subnetting skills then this wonât be that difficult. If you are new then check out The Wonders of Binary post as well as Part 1 and Part 2 of subnetting. Letâs get started!
April 22, 2015
Configuring Rancid
In my last post I talked about Installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so Iâll walk through on how to setup Rancid to login into network equipment and get configurations. To recap: Rancid is a great tool to help monitor a device configuration for any changes. It also keeps track of them by using CVS (Concurrent Version System) for backups, so you can go back and compare versions or revert to a previous configuration. Rancid supports multiple hardware from Cisco, HP, Dell, Juniper and more. This is all open-source so you can create custom scripts or add commands to really make this a personal repository that fits your company.
February 27, 2015
Install Rancid and ViewVC on Centos 7
In this post I want to walk though the steps to install Rancid on CentOS 7 minimal. Rancid is a great tool to help monitor a device configuration for any changes. It also keeps track of them by using CVS (Concurrent Version System) for backups, so you can go back and compare versions or revert to a previous configuration. Rancid supports multiple hardware from Cisco, HP, Dell, Juniper and more. This is all open-source so you can create custom scripts or add commands to really make this a personal repository that fits your company. During this install guide several things are required when we install Rancid, I have tired to make this as simple as possible but its not just a type and watch it install. You have to customize some of the scripts to make Rancid work like it should. Read it though and follow along.
January 3, 2015
Cisco VIRL is out ... for a price
Just wanted to put this up has Cisco has recently released VIRL. This is a network simulation platform that you can run Cisco operating systems on which are the same operating systems that run on Cisco hardware so anything you do in this simulation environment would be realistic if it was running on dedicated hardware. You would be able to test your changes before throwing them in production. Some things that are different between VIRL and CML (Cisco Modeling Labs)
December 5, 2014
Setting up GNS3 1.1 on Ubuntu
Itâs only been a week since GNS3 1.0 was released and itâs already been updated to 1.1 so in this post I have Ubuntu 14.04 LTS with the latest updates and its time to set up GNS3. GNS3 is an open source tool that helps network professionals run a virtual network right on their computer, GNS3 is not a simulation program but rather an emulation program. So if you wanted to test a configuration change but did not want to run it on production you can run it in GNS3 instead. This gives network professionals testing without touching any physical hardware or purchasing that expensive test lab for certification studies. Letâs get started. Like I mentioned I have Ubuntu 14.04 LTS and installing GNS3 in Linux can be a little difficult if you are just not that familiar with it. Iâm giving credit to Chris Welsh as he wrote out a nice script that installs everything you need to get started using GSN3, so installing itâs pretty easy. Check out the post on GNS3 Jungle: Installing GNS3v1 on Linux.
October 28, 2014
GNS3 1.0 Public is Out
Get your IOS, IOU, XRV, 1000v, HP, Juniper, Arista, and other images ready because thatâs the beauty of GNS3, itâs here and ready to download. Iâm excited for this release although the last post I did was In May of 2014, which was about getting GNS3 Alpha 3 working on Windows, you can see the full post here: GNS3 Alpha â Install and Setup. I have followed the GNS3 releases throughout the six months of them releasing Alpha and beta releases, as well as looking at changlogs of each release.
October 21, 2014
Setting up Enhanced vPC on Nexus 5600
So Iâve played around with two Cisco Nexus 5672UPÂ switches which will be in production soon but before that I wanted to see what it took to get enhanced vPCÂ online. Along the way I was into some new territory as I never stood up vPCÂ before, so in this post I have posted some things to keep in mind and running-config examples, all of which I hope is helpful for a reference.
September 10, 2014
Some QoS Guidelines
When I started taking classes from the Cisco CCNA Discover books years ago, I remember for the first part of the book it talked about QoS and the theory behind it. To me QoS was a very interesting but after a chapter or two we never mentioned it again or really knew how to configure it. It seemed like it disappeared but it always something being tested on so we know it was there, somewhere⌠QoS can be a little boring and it does get a reputation of being difficult to understand, like where and how do I implement QoS? Most of the time QoS is not configured which causes applications to suffer in the end have an impact of end user performance.
August 5, 2014
Cisco Modeling Labs ⌠Waiting
Just waiting for CML, (Cisco Modeling Labs) itâs been little over a month since going to Cisco Live in San Francisco and with all the information of next-generation hardware and security with Source Fire I was pretty beat with a lot of note taking and PowerPoint slides. However the last session on the last day of the Cisco Live talked about Ciscoâs Modeling Lab program. I also tried it out in the Cisco DevNet area earlier in the week during Cisco Live and I was impressed with the product. When does CML release? Well during the session it was said to wait for about 60 days, which would put this release towards the end of July/August time frame hopefully. ;)
June 28, 2014
Install RSYSLOG & LogAnalyzer on CentOS 6-5
I am looking at rsyslog which is fast syslog system and Loganalyzer as an upfront web GUI for those logs. The Loganalyzer application offers searching of various syslogs, all of which is open source and available to download. In this guide I will go through the steps to get these two applications to work together and in the end of this tutorial we should have a working syslog system ready to take logs! The operating system I am using is the latest CentOS 6.5 minimal. Letâs get started.
June 11, 2014
GNS3 Alpha â Install and Setup
So Alpha 3 came out last week with a bunch updates and I decided to give it run this week. Iâm not doing anything that difficult with the program so maybe Iâm not breaking it in all the way but I also was looking at some installation notes for Ubuntu and other Linux flavors, I figured Iâll try to install it on a Windows machine and not Linux (call me lazy) feel free to follow this guide. To install GNS3, here is what I had
May 10, 2014
640-911 (Chapter 12 & 13)
We are at the last chapters of the CCNA Data Center 640-911 by Todd Lammle. Chapter 12 talks about redundant switched technologies and chapter 13 talks about security. Just like before I will go over the high-points, so letâs get started! Chapter 12 Overview: In this chapter we get to learn about Spanning Tree Protocol and some history with it. With networks we like multiple ways to a destination however in the layer two area redundancy does not play well and thatâs where spanning tree can help us. So know what spanning tree and its purpose. Spanning tree has several terms that are important to remember for the exam, I would look over page 387. For the exam know some show commands for spanning tree, like show spanning-tree, and show spanning-tree summary. This chapter also talked about the different types of spanning-tree but could not tell if this would be on 640-911 exam as well as port-channels which helps eliminate blocked STP ports. :)
April 19, 2014
640-911 (Chapter 10 & 11)
Just like before if you have followed, I have gone over the CCNA Data Center Study Guide from Todd Lammle and in this post we cover two chapters. Feel free to comment below if you have any questions on either of these two chapters. Chapter 10 Overview: Chapter 10 starts us back in the book, before we do any configuring and we learn about routing protocols, and remember the difference between static and dynamic routing (name implies it) Also know the default administrate distances of the different routing protocols (starts on page 297). We also got a crash course in distance vector, link-state and hybrid routing protocols. Out of RIP, RIPv2, EIGRP and OSPF where does each protocol belong? Know the differences between RIP and RIPv2 (there is a couple of them) Know what EIGRP does and it available features it offers as well as OSPF.
April 16, 2014
640-911 (Chapter 8 & 9)
Back where we left off, if you have followed I have gone over the CCNA Data Center Study Guide from Todd Lammle and in this post we will cover two chapters 8 and 9. Comment below if you have any questions on these two chapters letâs get started. Chapter 8 Overview: We are actually making some progress, we configure the NX-OS with CLI there is not a GUI that I am aware of although SDN could be kind of in there but for this exam it does not even exist. Remember the ways to connect to the NX-OS for configuration and verification this is the same with IOS devices, Console, Telnet, SSH and Auxiliary. Just like IOS we can erase the entire NX-OS switch to factory settings by using the write erase boot, along with using the same commands available in IOS. (Copy run start, erase start config) In the exam we need to understand and add SVIs, remember to turn on that feature. The NX-OS brings two user roles out of the box without implementing any access-control when logging into the NX-OS you can have network-operators and network-admins, know the difference between these two. Just like IOS learn how to use the help functions available in the NX-OS along with knowing how to create a hostname and finally the know the advantages of using SSH and the requirements to set up SSH.
March 30, 2014
Inter-VLAN Routing on the Nexus 5k
I previously had the chance to play around with the 5596UP switch, and made some notes on how to configure inter-vlan routing. Since this was a 5596UP switch I needed a layer 3 card to take advantage of it. The next-generation units the 5600 include layer 3 without a card required along with introducing 40GB uplinks! However in this post letâs go back to the basics and configure inter-vlan routing on a nexus switch and in this case I am using a 5596UP. In this example I have already configured a FEX port with a 2k check out the my earlier post Connecting FEX (5k to 2k) so letâs start right after that and login into the 5k.
March 13, 2014
640-911 (Chapter 7)
If you made it past the earlier chapters this one should be interesting, like before I am going through each chapter of the CCNA Data Center Study Guide from Todd Lammle. Comment below if you have questions in this chapter, last week we learned about subnetting and in this chapter we will learn about the NX-OS which is Ciscoâs Data Center switches. Letâs begin! Overview: This was short chapter in introducing the NX-OS product line and into the virtualized enviroments that data centers are now becoming. In this chapter you will discover that Cisco wants all traffic both SAN and LAN unified on one switch instead of being separate devices. The NX-OS is a Linux system with some pretty neat isolation features with the data and control plane separated and the ability to offload crunching to dedicated CPUs instead of sharing the load. I also liked how the system manger worked, it reminds me of a watchdog making sure everything is running in par and the ability to restart processes with automatic restart thanks to PSS. (Persistent Storage Service) Being able to upgrade the software and still being able to forwarded traffic is also very cool, thanks ISSU (No downtime around here :) )
February 27, 2014
640-911 (Chapter 6)
Letâs start chapter six of the CCNA Data Center Study Guide from Todd Lammle, feel free to post questions if you have any. Like before I have covered the topics of the each chapter. Last week we learned about the different IP classes and today we get a course in subnetting. Letâs go over what you should know if you want to pass the exam. Overview: It seems I have talked subnetting to death on this blog, repetition, repetition, repetition. So known the advantages of subnetting why would you use it along with knowing what IP subnet zero is. You also should be able to take a classful network and break it into smaller networks some math is involved but itâs not rocket science, if you get lost go over it again youâll start seeing pattern when subnetting. Since we are subnetting, know the purpose of the subnet mask thatâs associated with the IP address. Also be sure you can explain what CIDR is and the difference between a classful network.
February 20, 2014
640-911 (Chapter 5)
Last week we covered chapter four which talked about the TCP/IP and the DoD models and what role they cover in networking as we learned that every application like FTP, DNS, DHCP depend on it. Like always post questions if you have any about the book CCNA Data Center Study Guide from Todd Lammle. Iâll continue to cover topics of each chapter of the book, plus any examples the book offers and to get an idea of what the Cisco exam would cover. Letâs go over chapter five.
February 13, 2014
640-911 (Chapter 4)
Continuing where we left off on Chapter 3 on CCNA Data Center Study Guide from Todd Lammle. Like before feel free to post questions below. In these post I am only going over the topics of each chapter of the book, plus any examples the book offers and to get an idea of what the Cisco exam would cover. In chapter three we discussed about Ethernet Technologies and in chapter four we will learn about the TCP/IP protocol which is fundamentally the protocol that makes the Internet work.
February 6, 2014
CCNP Security Refresh
Cisco recently published its 2014 Annual Security Report, and some interesting data was captured in 2013. One of the details was a talent gap in network security and because of this gap Cisco has a major revision in the CCNP Security certification starting in April. Its estimated that in short term or already present is shortage of more than a million security professionals worldwide! Like mentioned because of this Cisco is reworking the CCNP Security track. Letâs get into the details of the changes coming in April 22nd 2014. One thing I noticed is the exam names themselves such as the old exams are specifying Ciscoâs own technologies to solve these security issues.
February 3, 2014
640-911 (Chapter 3)
Picking up were we left on off on a series of blog posts that follow the CCNA Data Center Study Guide from Todd Lammle. Feel free to post questions below. In these post I am only going over the topics of each chapter of the book, plus any examples the book offers and to get an idea of what the Cisco exam would cover. In chapter two we discussed about internetworking and in chapter three we will learn about Ethernet technologies.
January 30, 2014
640-911 (Chapter 2)
I am continuing the ongoing of series of blog posts that follow the CCNA Data Center Study Guide from Todd Lammle. I figured that this type of post would help me and anybody else looking at studying for the exam. Feel free to post questions below as if on a study group, In these post I am only going over the topics of each chapter of the book, plus any examples the book offers and to get an idea of what the Cisco exam would cover. Continuing where we left off from chapter one letâs begin chapter 2.
January 23, 2014
640-911 (Chapter 1)
So I bought the CCNA Data Center Study Guide from Todd Lammle. I have decided it would be a good idea to go over the topics of each chapter of this book in series of blog posts. The idea of this is to work together if on a study group, go over the topics in each chapter of the book, talk about examples and to get an idea of what the exam would cover. Below are my thoughts about chapter one.
January 16, 2014
Creating a SPAN Port on a 2960
Creating a mirroring port also called a SPAN port (Switched Port Analyzer) might be required for some network appliances to analyze network traffic. Since we have switches which run in separate collision domains per port we have to do some configuration on the switch first before we can analyze traffic. (Think back to Collision domains vs. Broadcast domains) In this example I have a 24-port Cisco Catalyst 2960 switch with no configuration on it. I have two PCs that are connected to this switch, One PC (PC2) will be my destination of copied frames while the other PC (PC1) will be the source of those frames. PC2 will have Wireshark installed and be capturing the output, while PC1 will browsing the web and checking for windows updates. If all goes correct I should be able to see traffic that PC1 is sending and receiving from PC2.
January 1, 2014
Connecting FEX (5k to 2k)
I was pretty excited to get my hands on some of the Cisco Nexus product line which focuses on switching in the data center. The gear I have is an evaluation unit so I made some notes and one thing I was impressed is how easy it is to connect a Nexus 5K to a Nexus 2k also known as a fabric extender. I have kept it simple as the gear I have is a single Nexus 5596 along with a single Nexus 224TP-E who needs redundancy right? So in this post Iâll explain how to connect a 5k Nexus to a 2k extender. Letâs get started!
December 1, 2013
GNS3 1.0 Campaign
Itâs been almost 24 hours since GNS3 launched a campaign to bring in funds to support the open source network simulator and bring it up to version 1.0. A lot of new features are on the list, like switching, cloud processing, hassle free configuration, labs/training materials and 3rd party integrations. All of which are in the works for this new version added along with some pretty cool plug-ins. As of writing this post they are at $106,973 dollars which is 300 percent over funded!
November 21, 2013
Configuring EtherChannel (PAgb)
Bundling physical links into one logical link is a common practice to up the bandwidth between switches, you may have this also configured on a server to bundle connections as well. In this tutorial I have two 2960 switches both of them trunking all VLANs on two gigabit ports. So in the end game is get 2gbps instead of 1gbps between switches while using Ciscoâs proprietary protocol PAgb.
October 12, 2013
CCNA 2-0 What's New?
I brought this topic up in March of this year (See original post) but I wanted to re-post it to add some information because as of today this was your last day to pass the older CCNA exams. Cisco has a refreshed all the CCNA Routing and Switching exams. That includes the ICND1 (640-822), the ICND2 (640-816), and the all in wonder exam (640-816). You will notice some old references no longer mentioned on this refresh, so letâs go over the differences and some of the changes Cisco has made to the associate-level certification track. Starting at the CCNA the refreshed exams are the following, 100-101 ICND1 (which replaces 640-822 exam), 200-101 ICND2 (which replaces 640-816 exam), and the all in wonder 200-120 CCNA (which replaces the all in wonder 640-802 exam). Like I mentioned earlier the last day to take these older exams are September 30th of 2013 so good luck :) What has changed:
September 30, 2013
Why Go Professional with Cisco Certs?
I have had the opportunity to take and thankfully pass Cisco certifications at the associate levels and there is one more associate exam, the CCNA Data Center which hopefully I will get later next year. While looking at the CCNA Data Center exam I also glanced over the professional arena that Cisco offers and if youâre like me I always like learning new things especially in technical field. Getting those âaha momentsâ once in a while makes it worth it, but beyond just over all knowledge of additional technologies why would you go on taking a professional Cisco cert?
September 14, 2013
Copy Running-Config From PowerShell
I will be up front on this I really never had that much experience with power-shell scripts but I wanted a quick way to connect to routers and switches and issue the show run command and have that script output everything into one file. So some searching around I decided to drive into power-shell to see if I could get something to work. One of my first problems was to find a way to have power-shell SSH into my devices I found out about SharpSSH which look interesting but I also found SSH.NET. So I went with my second choice and decided to try the SSH.NET module. I would not of went that far if I did not stumble across this website which helped out a lot.
August 16, 2013
Is Your Network Healthy?
Networks are becoming more âborderlessâ as Cisco likes to call it and itâs definitely true. Having the ability to get access to resources remotely without having to be at our office physically is a nice touch, you may even notice higher productivity and who doesnât want that! Networks have to be in a healthy state in order for people remotely and people at the office to get their work done. An unhealthy network at a business usually loses productivity and customers which in the end comes down to money. How do you know if your network is reaching its capacity along with the general health state of it? Letâs look at some commands and general best practices! Your checklist to a healthy network is:
July 19, 2013
Look at GNS3 - New Version
Look at GNS3 - New Version: A new version of GNS3 released on July 5th 2013 is available for download. You can download GNS3 v0.8.4 at gns3.net. This release includes improvements and new features. Some of the important one are: Lots of GUI improvements. New hub device. New Idlemax and Idlesleep settings (advanced manipulation of IDLE PC). IOS image and settings test button. New Tool menu to start external scripts/tools. Drag & drop of multiple devices when pressing SHIFT. Temporary projects are created by default. VirtualBox interface numbering starts at 0 (e.g. e0 = VirtualBox interface 1 = eth0 on Linux). Support for 36 network cards in VirtualBox (using ICH9 chipset) New option to save traffic captures in project directories. Experimental auto IDLE PC calculation feature (requires Dynamips greater than 0.2.8-RC5, which is included in Windows all-in-one and OSX DMG). Added entries to have Dynamips/Qemu/VirtualBox hypervisors bind/listen to all available IP/host addresses (optional). AW+ router support by Allied Telesis from New Zealand (educational version of their OS to be released). Removed the âSave IOS configs optionâ in project settings. IOS configs are always saved. Qemu FLASH files are automatically saved in a directory named âqemu-flash-drivesâ (in the project directory). Dynamips version 0.2.8 You can also read the changelog for a full list of changes! I have used GNS3 off and on with my certification studies, it has always been a great program for that âwhat if question.â Currently I am using if for some OSPF routing redundancy checks and some proof of concept designs. What are some good topologies for GNS3 have you seen? Post some links! I have just downloaded the new version and I will get back with you :) Have questions about GNS3? Post them on the GNS3 Forum.
July 6, 2013
Passed 640-554!
Short story, I am proud to say that I passed! I have studied off and on in the beginning of the year but I did set a date to take the exam which was June 28th .As that date was getting closer I buckled down and reviewed the materials again and focused in on some areas that IÂ knew I was weak in. So how was the 640-554 exam, what did I use to pass the exam and what exam am I focusing on next? The 640-554 exam that I took surprised me which left me at the edge of the seat the entire testing period! 8-O There where lot of difficult questions that I would have missed if I hadnât of re-reviewed the study materials, along with the amount of questions I had to go through to meet the 90 minute deadline, but it was worth it! After I saw my passing score on screen it definitely was a fair score that I received. I did not feel cheated or have any questions that werenât on the exam topic list, so I was overall pleased with the results.
June 29, 2013
Site-To-Site VPN via CCP
I have ran through before on how to create a site-to-site VPN with Cisco SDM which sounds like a repeat but I thought why not bring CCP into light and since Iâm studying the newly created CCNA Security (640-554) I figured letâs create a tutorial on it. In this lab I am going to post the running-config of both locations so you can either run it through Packet Tracer or live equipment if you wish. I am running two Cisco 2811s with Advanced Security Version 12.4(24)T8. Letâs do it!
May 2, 2013
Configuring AAA â Locally
A while back I talked about AAA but never put out a post on how configure it until now. In this post I am going to be going over the configuration steps of how to configure AAA locally on a Cisco router, (The same commands would also work on Cisco switch). To review what exactly AAA does check my earlier post Understanding AAA. Like mentioned in my earlier post of Understanding AAA it gets better if you have some type of radius or tacacs+ server. Letâs at least take look at configuring it locally first and Iâll be sure to include another post on configuring a radius and tacacs+ server.
April 3, 2013
CCNA Version 2.0 Refresh
I think we knew it was coming at some point and Cisco has recently announced a refresh for the 640-822 (ICND1), 640-816 (ICND2) and the all in one 640-802 (CCNA) the last day to take these tests and get certified are September 30th of 2013. You will notice some old references no longer mentioned on this refresh, so letâs go over the differences and some of the changes Cisco has made to the associate-level certification track. Starting at the CCNA the refreshed exams are the following, 100-101 ICND1 (which replaces 640-822 exam), 200-101 ICND2 (which replaces 640-816 exam), and the all in wonder 200-120 CCNA (which replaces the all in wonder 640-802 exam). Like I mentioned earlier the last day to take these older exams are September 30th of 2013 so good luck :) What has changed:
March 26, 2013
Introduction into Cisco Configuration Professional
Letâs walk through the basics with Cisco Configuration Professional as it is a helpful tool to use at the associate levels of the Cisco certification track and needed if you are looking at getting the CCNA Security certification. In this introduction we will introduce CCP and setup a community and then finally discover our devices within CCP. This is not the first GUI tool Cisco has produced to manage individual routers, an older tool called Cisco SDM also helped Network Administrators which supports the ISR Generation 1 routers. In this blog a while back I talked about Cisco SDM and walked through some tutorials on using it. Although itâs reaching age with Cisco support it is still officially supported until February 28th 2014. The good news with CCP is it supports these older ISR Generation 1 routers as well as the new ISR Generation 2 routers, were Cisco SDM only support ISR G1 routers. In this tutorial I am using CCP version 2.6 and to get your hands on CCP all you need is a login into Cisco (which is free), your account does not need to have any current support contracts tied to it, just be sure to download the 160MB file and install it on a PC that has access to the supported Cisco routers. The system requirements to run CCP is to have Java installed and Adobe Flash player along with at least 1GB of RAM (it wonât let you install it if you have less). NOTE: I have had the hardest time getting this working on Windows 7 with Internet Explorer 9 so I bailed and went to running Windows XP SP3 with Internet Explorer 8. Let me know if you can get it working with Windows 7, according to Cisco itâs supported, here the Release Notes for Cisco Configuration Professional 2.6 to prove it. UPDATE: Thanks to Kevin and his suggestion I was able to get CCP working with Windows 7 and Windows Vista using Internet Explorer 9. In either Windows 7 and Windows Vista, Right-Click on the CCP icon and select Run as Administrator (An easy fix) :) After CCP is installed youâll need a router, or if you just want to see what it looks like you can demo this program. When you demo this program not all features will be enabled, but it does get you familiar with the CCP interface. When you first open CCP you will be presented a screen to manage your community. A community is a group of routers that may or may not share something in common. This could be that all routers in community called group A are physically at building A, or you could use the hierarchical model and have a community for all core routers but then a separate community for all branch routers. Or you could have all of your routers in one community in the end the design of how to organize it is up to you. A CCP Community can have up to ten routers in one community, so if you have more ten routers you will have to use at least two different communities. In this example you can see I have three routers all in one community called Acme Corporation. If you noticed on the Manage Community page there is an option to connect securely, this is recommend if this is in a production environment as it protects the username and password with SSH and HTTPS. In this example I selected the check box Discover all devices which is towards the bottom of the Manage Community page, CCP would attempt to login into each router with the username and password I provided and read its current running-configuration. You could also discover each device manually if you did not want to discover all routers in the community by just selecting the routerâs IP address and choosing the option Discover. I would say thatâs a good introduction into CCP. I would go ahead and download the program and get comfortable with it. Because it is an area the CCNA Security exam is likely to test on. CCP has a lot of features to it and we only started at the basics for getting the program running and discovering our devices. Check back often as I would like to go through some of the wizards within CCP as well as some of the advanced functionally that is available with CCP, you donât always have to go command-line commando and I would consider CCP a good program to use for your technical toolbox. Like always I hope this information is helpful. :)
March 10, 2013
Archive your Configuration
It is important to save your router and switch configuration but what happens if the device fails or if you saved a configuration mistake, without having to manually worry about it? Well if your Cisco router or switch has Cisco IOS 12.3T and higher you would be able to set up an auto archive within the flash memory of the unit or you can send that configuration file to a server that does either FTP, HTTP, SCP. TFTP, etc. Letâs work through on setting up the archive feature on a Cisco Router.
January 22, 2013
Configure DHCP on a Cisco Router
Data-connect-computer In this short tutorial letâs configure a DHCP server on a Cisco Router. Why would we want to do that? Well configuring a basic DHCP server on a router is a good idea if this is a branch/satellite office or just a small business. There are some pros and cons of configuring DHCP on a Cisco Router so letâs briefly discuss them and then start configuring.
December 1, 2012
CCNA Data Center
Cisco has now introduced another associate level exam, the CCNA Data Center exam. Like the name suggests this exam focuses on the Data Center and if passed you can continue up the stack by also taking the CCNP Data Center exam which was also recently introduced as well. Still want more a little more, if you are up for the challenge you can also tackle the CCIE Data Center which is an exam that was introduced in March of 2012.
November 21, 2012
The Network and its Forces
communication I have started looking CCDA information and some of it is interesting, towards the beginning the material started out at design methodologies. It talked about the âforcesâ of a new network framework and in this post Iâll focus on the business forces that make a new framework necessary. I find it interesting when looking at companies because although customer service is important to sustain a company, I also think it will and may already have depend on who embraces the technology wheel, those that do will ultimately win.
October 30, 2012
Cisco Lab Setup
A Cisco Lab When it comes to learning and getting started with Cisco there are some tools that will help out a lot like Packet Tracer, GNS3 and other emulators. These are great tools for that âsimulationâ of hands on learning, but you canât always stay in that area. I find it best to get hands on with ârealâ Cisco Gear and so with this post Iâll go through my current setup of what I have and ask that question when it is a good time to get a lab? Just because you may want to get a lab that does not guarantee youâll actually learn and or pass. Iâll cut right to it and break it down; I have the following items:
September 8, 2012
Why IPv6?
Although this protocol has been around since 1996 it has been anticipated that IPv4 would one day be exhausted. In February 2011 the Internet Assigned Numbers Authority (IANA) assigned the last /8 address blocks to the Regional Internet Registries so time is getting close but you have heard this warning before right? Letâs go over IPv6 at least just an overview some the features and changes compared to IPv4 because one day it will happen itâs just a matter of when. :) So the first thing to understand about IPv6 is that itâs a 128-bit binary value, which is displayed as 32 hexadecimal digits. What does this mean in the size or scope of the addresses?
August 22, 2012
Password Recovery â Cisco IOS Routers
 Secure In this post I want to cover how to recover passwords on a Cisco IOS Router. This is helpful in lab environments as well as production environments. Although this method can be used the correct âlegalâ way you can also use this method to break into these devices âillegallyâ if you have physical console access to the device. However to get into it physical power must be turned off first causing a disruption in the environment, let get started!
July 21, 2012
Upgrade ASA IOS via ASDM
In this short but helpful post, Iâll go through the process of upgrading the ASA IOS via the ASDM. This is a pretty painless method if all goes well the only thing you have to do schedule downtime if this box is in production, and grab the ASA IOS image from Cisco. For this post all have been covered letâs get started! First things first is always backup your configuration before upgrading and I always read the release notes that Cisco provides when I download the IOS image, itâs good reading and important because usually new features are introduced and sometime the ASDM canât paraphrase and parse the new configuration which way I usually upgrade the ASDM first.
June 29, 2012
Basic Cisco ASA Overview
Firewall The Cisco 5500 Series Adaptive Security Appliances are of course an excellent firewall but the ASA also offers (depending on the model) other security services as well, like IPS systems, VPN, content security, unified communications and remote access. These ASAâs can be used as a standalone applianceâ that can handle the need for branch offices to enterprise data centers. Or they can be included in high-performance blades that work together with the Cisco Catalyst 6500 Series, and recently new they can also run in a virtual instance which provides tenant isolation for public and private clouds!
June 24, 2012
CCNA Security - 640-554
network-security-lock Out with the old and in with new Cisco is updating its well-known certification CCNA Security. Candidates that are studying for the older exam (640-553) are suggested to take it on or before September 30th 2012. What has changed in the exam? For the most part Cisco SDM is no longer covered, as it has reached its âEnd of Lifeâ and in fact Cisco Engineering stopped covering the product from developing and testing on February 26th 2012. You can still renew the product for support (Cisco SmartNet) until March 24th of 2013 and the last date the product will get support will be February 28th of 2014 after that it will become an old friend :). Letâs compare these two CCNA Security Exams and see what has changed, removed and added. (640-553 & 640-554) I have compared these two exams side-by-side. If you take look at these two exams, the red on the older exam means it is no longer covered on the (640-554 exam) and the blue on the new exam is new material that is not covered on the (640-553 exam). For the most part Cisco SDM is no longer available instead it is the Cisco Configuration Professional along with that the new exam mentions the Cisco ASA system and walking you into the ASDM along with the different products and services the ASA system offers.
May 28, 2012
ICND2 - Passed!
So I just passed my ICND2 exam, Iâm now CCNA certified! This was a long road to travel over a year ago I passed ICND1 which I recived the CCENT certification but with just general life getting in the way I also saw my chance of getting CCNA status stepping further in the distance. If you read how I passed ICND1 will find that the way I studied for this exam was totally different from studying for the ICND1. When I finished the ICND2 exam I saw my score and I was proud that I passed but I knew I could have done better but I donât think I wouldâve. Why?
May 14, 2012
Part 2 â The Joys of Subnetttting â VLSM!
So here we are on Part 2 of subnetting. What makes me laugh is that I really think a lot of people over think this stuff, and the fact that I mispelled subnetting! (Really? 4Ts) Itâs really not the complicated and it should not scare you. Another thing to mention is that usually in the real world you usually have calculators and another pair of eyes to double-check your work unlike the exam you will need to fully understand it if you would like to pass the ICND2 or the CCNA test. So letâs get started! On Part 1 of my subnetting post I was spiting up networks into equal parts.
April 23, 2012
Part 1 - The Joys of Subnetting!
Since network technicians work with IP addressing, it is hugely important to understand subnetting. I remember back when I started to learn subnetting it was confusing and I wanted nothing to do with it. The thing that made me change my mind was after I understood it and how important it is. In the âCisco worldâ they donât cover useless topicsâŚright? ;) there is always a reason why they expect you to know this and itâs not just for the exams. Subnetting has always had its moments with people and in this blog Iâll do my best to show you what I have done to make subnetting an easier experience. Eons ago I talked about âThe Wonders of Binaryâ which talked about how to convert these ones and zeros into decimal value and is another stepping stone into understanding the subnet world.
April 1, 2012
What is the Nexus 1000v?
network_cloud I have worked with the Nexus 1000v product and wanted to share my thoughts on it. I want to explain in this blog what this product is and what it does. The Nexus 1000v can be virtual or a hardware appliance and is considered to be a virtual switch that runs in VMware. The major benefit to this product is the visibly you get when running in a virtual environment. Remember in the virtual environment the network engineer has a cloudy vision of whatâs going, because the built-in switch within VMware does not get that technical it just works.
March 17, 2012
EIGRP⌠The Basics
Routing_Updates Enhanced Interior Gateway Routing Protocol (EIGRP) is an impressive set of features for IP Routing, which converges quickly and is on par and sometimes faster than OSPF. This routing protocol requires less processing time, less memory, and less network design than compared to OSPF. Whatâs the catch? This protocol is Cisco proprietary, if you have a network that uses non-Cisco routers, EIGRP will not and cannot be used on those routers. (Edit: Cisco has open this up to the IETF but you could still see issues if you found a vendor that supported EIGRP and not all features are supported***) EIGRP does not really fit into a specific spot of either Link-State or Distance vector, instead it stands on its own and is called hybrid routing protocol. EIGRP has tree tables it keeps a track of, EIGRP Neighbor, the topology table, and routing table:
February 29, 2012
HDLC vs. PPP
HDLC and PPP are considered to be in layer 2 of the OSI model. There are some differences between which will be describe in this post, If you would like to learn more about at least the basic configuration of PPP including PAP and CHAP check out the post I wrote about year ago. (Basic PPP Configuration) HDLC was first developed by the ISO Cisco tweaked the protocol sometimes called cHDLC and because of this it only works with Cisco equipment. PPP is defined by RFC 1968 which is an open standard and is able to work on multi-vender equipment. The default setting of a Cisco serial interfaces is to use HDLC encapsulation, You generally donât have to change this unless you are working with multivendor environments. Then you are going to have to change that encapsulation type to PPP or if you want some of the features that PPP offers. PPP offers many features that HDLC does not including the following:
February 22, 2012
Trunking Administrative Modes
cisco-switch-blade When looking at the CCNA it is good idea to get a hold of trunking between switches along with that there are a couple of administrative modes that each physical interface on Cisco switch can be when you are trunking between them. Remember that when we are trunking it usually carries all VLANs (This can be changed) but there are different ways to make trunking between links happen. When you are in an interface on a Cisco switch you can change the operational mode of that interface by issuing the switchport mode command. There are four commands that can be issued: [code]Switch(config-if)#switchport mode ? access Set trunking mode to ACCESS unconditionally dynamic Set trunking mode to dynamically negotiate access or trunk mode trunk Set trunking mode to TRUNK unconditionally[/code]
February 11, 2012
Configure Router on a Stick
A while ago I talked about putting different VLANs on a switch, remember a VLAN is virtual network that although physically it may look like on the same network that does not always mean the case. By having VLANs you are segmenting the network and the only way to get to the other side is having a router. I have already configured the Cisco switch as posted in Creating VLANs but in summary I have three VLANs total VLAN 1 which is the native VLAN, VLAN 2 and VLAN 3 (which is called support. If you like to understand how create VLANs on a switch follow the post above. If you look at the network topology below you can see where Cisco came up with the name âRouter on Stickâ each PC is on its own network and needs the router in order for traffic to pass between the networks. Like before I have three VLANs total. VLAN 1 which is the native VLAN, VLAN 2 and VLAN 3 (which is called âSupportâ).
January 31, 2012
The Three Tiers
network_switch Working towards the CCNA Cisco talks about a hierarchical network there are three layers to this design. Access Layer, distribution layer and the core layer. Each of them have their own set of functions and is also considered to be a best practice when the network continues to grow and for redundancy along with just a better way to manage it. The Access layer is the layer that devices connect to, such as PCs, printers, and IP Phones. The access layer can include routers, switches, bridges, hubs, wireless access points, etc. The main purpose is providing a means of connecting devices to the network, this is also your first line of defense of controlling who is on your network.
January 21, 2012
Basic Understanding of EtherChannel
network cables Letâs start the New Year with understanding EtherChannel which is having more than one link connected to a server, switch, or router and treating it like one logical link. This is a fault-tolerant technique that is becoming a common setup in highly available, core devices. Cisco has come up with their own proprietary version call EtherChannel. The open standard that IEEE approved is 802.3ad which works with other venders and is often called LAG for short. Why would I use EtherChannel? One big benefit is bandwidth you can combine up to eight parallel links and depending on the port speed and the physical cable you could in theory get up to 80 Gbit/s per second! (Using SPF+ links which can get up 10G a piece in theory) Etherchannel aggregates traffic across all available active ports which make it look like one logical cable. EtherChannel
January 4, 2012
Color Code Your Routers
I came across an interesting idea, what if you could color code your devices in command line? So such as if you were operating routers at a core level you could color code the CLI to the color red, and the branch routers green and etc. I wasnât sure if this would possible but doing some searching through the internet I found a guy Ivan Pepelnjak who wrote how to do this a couple years ago and wrote a couple books as well, check out his blog/website at http://www.ipspace.net there is tons of helpful information along with his original guide here.
November 30, 2011
Network Troubleshooting
Troubleshooting The thing that makes networks awesome is the fact that once you setup a network youâre not done. That may sound like a drawback but it is excellent job security! Engineers or administrators must watch the performance of an organizationâs network to make sure that productivity is not affected. Network outages can have a huge effect on an organization, lost revenue and the cost of unproductive employees can severely damage the organization, Earlier this year I also talked about the troubleshooting process which goes hand in hand with network troubleshooting. One of the major things a network engineer or administrator needs to have is documentation of the network.
November 11, 2011
OSPF...What a Protocol!
For today letâs discuss a routing protocol that was being thought of in 1987 by the Internet Engineering Task Force (IETF). OSPF currently has three versions and the first version was in the 1980s when the internet was still being used for research. What is interesting about the first version of OSPF is although one version ran on routers the other type of version ran on UNIX computers. When OSPFv2 come out in the 1990s the International Organization for Standardization (ISO) was working on another routing protocol called IS-IS (Intermediate System-to-Intermediate System). OSPF is considered to be an interior gateway protocol which is like IS-IS but unlike OSPF IS-IS runs on the data-link layer while OSPF runs at layer three the network layer. OSPF is considered to be a link-state protocol, unlike RIP, RIPv2 and IGRP , this protocol is what OSPF shines on. Instead of looking at hop-count like RIP, OSPF looks at the cost of the link. Take for example the picture below, two routes are available to the destination. One is one hop away while the other is two hops away. If we are using RIP then the route with the least amount of hops is the preferred route. However if OSPF was running it would look at the cost of the link like the bandwidth of the link. In this example the link with the lowest hop count is also the slowest of the two links. So OSPF would use the link with the highest hop count but in this example that link is also the fastest out of the two.
November 2, 2011
How to Configure SSH on Dell Power-Connect
keys Although not dealing with Cisco directly Dell switches are around in network closets and with my limited experience with them I thought this would be a perfect blog post to show the differences between Dell and Cisco. I like to think of Dell CLI like a dumb downed version of the Cisco CLI so I had some time to play around with a Dell 6248P switch and wanted to figure out how to get SSH working in the thing. Couple searches around the web and some guess and check methods I was able to get SSH working and disable telnet sessions from connecting to the switch. Compared to a Cisco switch dell has few commands when configuring SSH. This switch was configured with an IP address and user name and passwords before I touched it but I donât think would too hard to figure out. :)
October 26, 2011
Types of WAN Links
Iâve found this table that I created a while ago and it lists common WAN connections that businesses use. I have used this table like a reference guide to familiar myself into other protocols. People donât think of it much but the WAN is a different beast compared the LAN as it uses different protocols besides Ethernet. The WAN or wide area network is what connects us to remote locations within a organization. If we have an office in New York and another office in Wyoming we need these offices to be connected to each other so that they seem to be on the same network even though they are miles away these types of WAN connections and protocols would do it.
October 19, 2011
Windows 8 Developer Preview
Changing topics for today, I want to talk about the Windows 8 Developer Preview which was released on September 13th. I had the time to install it under virtual box and was pleasantly surprised! About how fast it installed the easy to understand install prompts and the new âMetroâ UI which is aimed at touched devices. Also the ability to switch to the standard Windows operating system. This is an alpha build so itâs not even on at the beta stages yet,
October 12, 2011
Store-and-Forward vs. Cut-Through Switching
Network-Cable-Color Switching in the network can happen in two ways, these layer-two devices send frames but they can forward them in different ways. These different modes have positive and negative effects which depend on the type of network environment that runs through them! Store-and-forward is just like the name suggests, the switch receives a frame on a port and stores the frame in itâs memory buffer until the frame has been completely received. The switch analyzes the frame for information about its destination and uses CRC (cyclic redundancy check) a mathematical formula based on the number of 1 bits in the frame to decide whether the frame has an error. After confirming its integrity the frame is forward out the correct port and toward its destination. If a frame is corrupted the switch discards it and less bandwidth is wasted on the unusable frame. Some other useful information about store and forward switching is it is required for QoS (Quality of Service).
October 5, 2011
Welcome CCT (Cisco Certified Technician Certification)
Switching gears for today, Cisco has introduced a certification for onsite support technicians, who need product-specific technical skills to diagnose, restore, repair, and replace critical Cisco equipment. This certification which was introduced this summer now has questions about it from CLN (Cisco Learning Network) and other Cisco sites. So what is this new cert and any changes to ICND1 or ICND2? Short answer is no, this certification is on par with ICND1 or CCENT according to Cisco but is focused on support groups like TAC (Technical Assistance Center), NOC (Network Operations Centers) and 3rd party support.
September 21, 2011
The Ending of Layer Two Redundancy
Although layer two redundancy should never end, this is the final chapter of understanding layer two redundancy in the network. Last week I talked about how and why STP (IEEE 802.1D) is important in the network and the problems and causes of not having it which can turn your network against you and everybody on it. Todayâs post will talk about how a switch decides which one is in charge on the network and which ones arenât
September 14, 2011
The Middle of Layer Two Redundancy
In the month of August I talked about the âbeginningsâ of layer two redundancy mainly looking at the basic foundations and fundamentals of having layer two redundancy. Letâs continue are discussion about redundancy in the layer two environment. To review what STP does (Spanning Tree Protocol) it works at layer two of the OSI model. If more than one path is available in the network the STP algorithm basically shutdowns the redundant links until the active link is unavailable (shutdown, disabled, etc.) So although there are multiple links connected physically to offer redundancy, logically the switches in the network only see one path that Ethernet frame can travel.
September 7, 2011
Link-State Protocols
Network-Cables Weeks ago and maybe months :), I talked about distance vector protocols and with that you probably got the feeling that when using a distance vector protocol it does not give a full network graphical representation of the entire network. Only the directly connected routes canât remember? Check out this post Distance Vector Routing. Link state protocols are faster to converge network changes compared to distance vector however when compared to distance vector setup they can be harder to set up, maintain, and troubleshoot when problems arise. Although the core design of a link-state protocol is like distance vector, meaning it will send updates to neighboring routers, it does this in an entirely different way. Routers that use link-state advertise every possible route in the network. This process is called flooding which means every router in the network has the same information. This information is stored in RAM and called the link-state database (LSDB).
August 31, 2011
The Codes of ICMP
In todayâs post I wanted to talk about the widely used Ping command. Which is one of the best methods (I think) to begin network troubleshooting. When part of the network goes down it is sometimes hard to figure out why? When you issue the ping command or the extended ping command in a Cisco router several ICMP codes can come up on the router. Letâs discuss them! The first status code â!â (Exclamation mark) is a good sign, when you issued the Ping command from the router it was able to get a ICMP echo reply from the device you specified in the command. This also verifies that routing is also working. If you get a reply from the device you are pinging it usually means everything is up and running.
August 24, 2011
The Beginnings of Layer Two Redundancy
network-diagram In a perfect world we would never need redundancy on a network infrastructure, but as you know as well as I know we donât live in a perfect world. Hardware will eventually fail, bottlenecks will appear, and the speed of our network will become slower when we max the bandwidth on links. So having redundancy in routers, connections, and having a hierarchy network is one of best choices to make when improving the efficiently of the network.
August 10, 2011
Welcome Super WiFi
WiFi_Logo Wow July is almost over and I only posted one topic! Before August comes up I wanted to post at least one more topic which deals with the wireless side of the networking world. Ever heard of Super WiFi? The IEEE has published this standard recently its official number is 802.22. What does Super WiFi bring to the table compared to other WiFi Standards? Well according to IEEE these speeds can bring up to 22Mbps to devices as far has 62 miles! How is this range possible? Well ever since the United States made the switch to digital over the air broadcasts there was this âextra spaceâ This space was at first used for Microsoft, Google and other big companies to experiment this âextra spaceâ or also called white space.
July 29, 2011
Cisco Discovery Protocol
In todayâs post letâs talk about CDP the Cisco Discovery Protocol. This protocol helps us in two ways, it first helps us verify that a connection between router or switch is set up correctly at least up to layer two in the OSI model. This also helps us discover Cisco devices that are in are network and which interfaces these devices are connected too and from are Cisco equipment. The Cisco discovery protocol is Cisco proprietary and before I go any further let me mention that CDP is a security risk because of the detailed information CDP gives out which helps you has a network administrator build a current network infrastructure, this can also hurt you because this information can easily be sniffed by programs that are easily searched on the internet. So what is the purpose of CDP? CDP can gather device information from neighboring switches and routers without the need for a password. Like mentioned before this is great for troubleshooting a problem, discovering new devices that are not documented in your network topology, and verifying that each device is physically connected to the correct interfaces according to network documentation. CDP can discover the following details from neighboring devices that support CDP:
July 6, 2011
Distance Vector Routing
Couple weeks ago I talked about routing protocols and in the post I mentioned two routing protocol features distance vector and link state. Although these protocols fundamentally do the same thing by getting information on remote networks they get this information in a different way. For today letâs introduce distance vector routing. With a distance vector routing protocol, a router learns about a route to a different network (thatâs the purpose of a routing protocol) the router only knows the âdistanceâ to get there this is usually called the metric.
June 15, 2011
World IPv6 Day!!
IPv6 So what is IPv6 day? Today major companies like Google, Facebook, Yahoo and ISPs (Internet Service Providers) test their IPv6 deployments. Why is this important? Well if you follow IPv4 news you might already know that IPv4 addresses have been exhausted and the need to move to different address space is critical, if new web services are to be deployed. The question is can we run both? Although running two different IP addressing protocols is likely, by âstackingâ them that is one reason the Internet Society wanted major sites and ISPs to test out the IPv6 address space. One of the main goals the Internet Society wants companies to look at is if there are potential issues, these issues are in controlled environments and can be addressed as soon as possible. So what should the average user see on Wednesday June 8th? Well if everything goes to plan the user should not noticed any difference.
June 8, 2011
Classful vs. Classless Routing
Cloud-Computing-icon Before the internet and general networking become popular into what it is now, there were and still are routing protocols that only do classful routing. What is classful routing? When I was talking about Dynamic Routing earlier (See the post Dynamic Routing Protocols) I mentioned there was a difference between classful routing and classless routing. So in todayâs post letâs focus on these two but important topics when using routing protocols.
June 1, 2011
Cisco IOS Commands
This is a master list of various Cisco IOS commands relevant to the CCNA track, along with brief descriptions of what each command does. Some commands may exceed CCNA requirements but provide valuable information. Table of Contents Privileged Mode Set a Password for Console Access Set a Password for Virtual Terminal (Telnet) Access Set a Password for Auxiliary (Modem) Access Setting up the Router General Commands Processes and Statistics CDP Commands Miscellaneous Commands Privileged Mode Router>enable Enters privileged mode.
May 25, 2011
Basic Wireless LAN Security
Wireless-Security-Icon Although having a wireless LAN sounds like a wonderful idea, there are things that need to be implemented like security. A wireless LAN can be uncontrollable has it is just radio waves and anybody can receive them. Having and using good security practices can help you be under control of your wireless LAN. Not having any security in a wireless LAN environment will cause anybody to have access to the network. Some threats that lead to wireless LANs can be the following:
May 18, 2011
Understanding VTP
Some people hate it, some people love it. Itâs the Cisco proprietary VLAN Trunking Protocol (VTP) which in short means that Cisco switches can exchange VLAN configuration, instead of manually configuring each switch with the same VLANs. I also suggest if you donât know what a VLAN is check out the post Creating VLANs Letâs get right into understanding VTP. The thing that makes VTP shine is what it does, although simple to understand it saves time by automatically distributing VLAN information. Take for example if you had 20 switches that need the same VLANs you could do it manually but this runs the risk of human error, with VTP if you configure one switch as a server and all other switches as clients then you can configure all of them. VTP uses Layer two messages to exchange information if a server switch changes or removes VLANS VTP will synchronize all switches so all switches have the same VLANs. VLAN_Trunking_Protocol The VTP server distributes VLAN configuration changes through VTP messages, sent over ISL and 802.1Q trunks.
May 11, 2011
Dynamic Routing Protocols
Dynamic Routing If you ever wanted to set up a network manually, you will quickly find how much overhead is required to get PCs, printers, and other network equipment. Thatâs where dynamic routing protocols come into play although they are helpful I strongly urge you to understand static routing first. (See the post Configure Static Routing) So for todayâs post letâs get the foundation of understanding dynamic routing protocols. By definition a routing protocol is a set of messages, rules and algorithms used by routers for the overall purpose of learning routes to other networks not physically connected to it. (RIP, EIGRP, OSPF, and BGP are all examples of routing protocols! When using a dynamic routing protocol routers learn âdynamicallyâ about other remote networks and automatically add these networks to its routing table. However keep in mind that when compared to static routing, dynamic routing require less administrator overhead but they will use the routers resources like, more RAM, more processing time (CPU), and even the network bandwidth Routing_Updates Although there are several routing protocols each of them have their benefits but they all focus on these key things:
May 4, 2011
Configure Static Routing
Plugging Cisco routers together and hoping they work out of the box is not something you should hope for. A router can learn about networks in two ways, manually from configured static routers which we will talk about today and dynamic routing protocols which will talk about on Wednesday. Letâs get started! Static routes are not that uncommon they at first need some attention to get set up but after it is working nothing needs to change. A good example of using a static route is with a stub network. A stub network is only accessed by a single router and no other routes are configured so there is only one path the network traffic can take. Notice the picture below and how any traffic going towards the network cloud from the 192.168.1.0 network will always pass the 172.16.5.0 network. Why waste putting a routing protocol here?) Stub Network In order to configure a static route you must be in the global configuration mode, the ip route command complete syntax is the following: ip route prefix mask {ip-address} | interface-type interface-number [ip-address]} [dhcp] [distance] [name next-hop-name] [permanent | track number] [tag tag] For the CCENT/CCNA the complete syntax is not relevant, letâs use a simpler version of the ip route syntax:
May 2, 2011
Understanding AAA
User The wonderful AAA which in the Cisco world means, Authentication, Authorization, and Accounting but what does that really mean? In todayâs post thatâs what we are going to be talking about. What is AAA and what are the benefits of using it along with what is it? The first âAâ of AAA is Authentication which provides the method of identifying users, including login and password dialog, challenge and response, messaging support, and, depending on the security protocol you select, encryption.
April 29, 2011
Configure a Site-to-Site VPN via SDM
So for todayâs post letâs learn how to configure a site-to-site VPN on a router using the Cisco SDM (Security Device Manger). The Cisco SDM is a Web-based device management tool a GUI for Cisco routers this can simplify router deployments and cut ownership costs. (See the post Configuring SDM) Letâs start configuring a site-to-site VPN with SDM! This tutorial is assuming that the configurations to set up Cisco SDM have already been completed. For this tutorial all we want to focus on is configuring the VPN. Since this using Cisco SDM the VPN wizard is pretty simple to understand. Before we get started however I like to have the Cisco SDM preview the commands before I deliver them to the router.
April 27, 2011
Configure IPS (Intrusion Prevention System) via SDM
Awhile back I talked about the differences between IPS and IDS. (See the post Cisco IDS vs. IPS ) So for todayâs post letâs learn how to configure an IPS (Intrusion Prevention System) on a router using the Cisco SDM (Security Device Manger). The Cisco SDM is a Web-based device management tool a GUI for Cisco routers this can simplify router deployments and cut ownership costs. ( See the post Configure Cisco SDM) Letâs start configuring an IPS with SDM!
April 22, 2011
Configuring Zone Based Firewalls via SDM
Last month I talked about the fundamentals for understanding zone based firewalls (See the post Understanding Zone Based Firewalls). So for todayâs post I want to go ahead and talk about configuring the zone based firewalls but with the Cisco SDM (Security Device Manger). The Cisco SDM is a Web-based device management tool a GUI for Cisco routers this can simplify router deployments and reduce ownership costs. (See the post Configure Cisco SDM) Instead of talking about what is zone based firewalls lets jump into the configuration of them.
April 20, 2011
Configure Cisco SDM
Today we will be going over the steps that are required to set up the Cisco SDM (Security Device Manger) The Cisco SDM is a Web-based device management tool a GUI for Cisco routers this can simplify router deployments and cut ownership costs. SDM is fairly easy to set up but you still need at least some experience in the router command-line to get SDM working. This tutorial is already assuming that the Cisco SDM program has been installed on the PC. If the router has enough flash you can also install SDM on the router, but it is usually slower and does take some CPU power. My advice is to install it on the PC. To support Cisco SDM the PC must have a Pentium III or faster processor and at least 512MB of RAM. Cisco SDM also needs Java version 6 or newer installed on the PC. I have found out by personal experience that the newer versions of Java donât work nice with SDM. The Java version I would stick with when using Cisco SDM is Java version 6 Update 6. I would also suggest that the PC using SDM not be in a production environment because of the older Java version.
April 18, 2011
Troubleshooting Process
Troubleshooting Todayâs post is going to be talking about troubleshooting and where to start the troubleshooting process. Yes there is an actual process that every technician should be aware of. You can also use this troubleshooting process at home, you may not know how to fix it but at least you know where the issue is and find someone who can. Before we begin if you havenât seen yet, let me introduce to you the troubleshooting process:
April 15, 2011
Cisco Learning Labs is Live!
Yesterday was kind of exciting at least for me when I got an e-mail in the morning about Cisco Learning Labs. Studying for the CCNA, CCNP or CCIE is in itself changeling, but getting that hands-on experience is a another problem! When money is short that last thing you want to do is spend it on routers and switches, and most of them on eBay are used and the risk of failing devices makes it a scary choice.
April 13, 2011
802.11n
On this Monday letâs wrap up the 802.11 wireless standards, Friday I talked about the 802.11g (See the post 802.11g) and before that I talked about the 802.11b (See the post 802.11b ) I also talked about 802.11a, (See the post 802.11a) I even talked about the 802.11 âLegacy (See the post 802.11 âLegacy) and in the beginning of last week I talked about the basic wireless concepts. (See the post Basic Wireless Concepts) So letâs end the discussion and talk about the 802.11n standard!
April 11, 2011
802.11g
Well again we are continuing the discussion about the wireless standards. Yesterday I talked about 802.11b (See the post 802.11b), and before that I talked about 802.11a,(See the post 802.11a) I even talked about the 802.11 âLegacy (See the post 802.11 âLegacy) and in the beginning of the week I talked about the basic wireless concepts. (See the post Basic Wireless Standards) So on this Friday letâs talk about the 802.11g standard!
April 8, 2011
802.11b
Continuing where we left off the discussion, todays post will be talking about 802.11b wireless standard that was developed by IEEE. Yesterdayâs post we talked about the 802.11a standard. (See the post 802.11a) We also we talked about the 802.11 â Legacy standard (See the post 802.11 â Legacy) and in the beginning of the week I went over some Basic Wireless Concepts (See the post Basic Wireless Concepts) So now that we are up to speed lets learn about the 802.11b standard. The 802.11b standard was developed the same time 802.11a went out, which was in 1999. Some key differences are that 802.11b works in the 2.4GHz range and only has a maximum bandwidth of 11 (Mbit/s).
April 7, 2011
802.11a
Continuing the discussion about wireless standards we talked about the 802.11 â Legacy standard (See the post 802.11 â Legacy) Todayâs post will be talking about the IEEE 802.11a standard. On Monday I talked about the Basic Wireless Concepts (See the post Basic Wireless Concepts) in that post I mentioned the wireless standards but did not go further into detail. This post will be going over the second standard 802.11a out of the five standards that make up the 802.11. The 802.11a was published in 1999 and operates in the 5GHz band instead of the 2.4GHz band because of this 802.11a uses only the Orthogonal Frequency Division Multiplexing
April 6, 2011
802.11 - Legacy
Yesterday we talked about the wireless concepts (See the post Basic Wireless Concepts) in that post I mentioned the wireless standards but did not go further into detail. This post one of the five standards that make up the 802.11. The 802.11 â Legacy has its called now and is not in use anymore by manufactures and is now obsolete was the first wireless standard available for consumer laptops. When the 802.11 - Legacy came out in 1997 you could expect speeds up to 2 megabits per second (Mbit/s) This standard was replaced quickly when 802.11b was released. The legacy standard range was about 70 feet indoors and around 330 feet outdoors at the time that was huge! Currently the 802.11 legacy standard is the only standard that used the Frequency-hopping spread spectrum.
April 5, 2011
Basic Wireless Concepts
wireless-connection-icon Mobility is now a common thing in a business environment, you no longer are fixed to specific cubicle in the work place anymore. What is also amazing is it will continue to change and become easier for employees to get work done, with their phone, tablet, and laptop computer. But what makes this possible? What is the underlying component? The internet is becoming more available in more locations, coffee shops, airports, and your cell phone service provider, with 3G and 4G speeds. Along with the United States of America which is also moving forward with the National Broadband Plan. So today letâs explore the wireless concepts! Wireless can be a scary as you canât control it. The signal is transmitted in radio waves and if set up insecurely the WLAN (Wireless Local Area Network) can easily be your weakest link compared to Ethernet LANs. There are four organizations that deal with the wireless standards and products:
April 4, 2011
Creating VLANs
Today this tutorial is going to be talking about creating VLANs (Virtual Local Area Networks) with a Cisco Catalyst switch. By creating a VLAN you are separating the network, why would you do this? There are some several reasons, like separating your production network from a guest network, and separating a test environment from a production network. This all adds security to your network. You can separate core critical network components from the rest of the production network for added security, easier troubleshooting along with separating or segmenting your network. This is breaking up the broadcast domains into smaller chucks, which will improve your network performance. Letâs get started!
April 1, 2011
Configuring Port Security
Secure Today this tutorial is going to be talking about how to configure port security on a Cisco Catalyst switch. Port security is one of the first things you can do to keep your network secure from unauthorized access. Port security can restrict devices so only devices you allow are granted access to network resources. If and when an unauthorized device is connected to a port you can decide what you want the switch to do. Letâs get started! There are three different settings you can configure with port security:
March 31, 2011
Collision Domains vs Broadcast Domains
These different types of domains mean different things and when designing a LAN both of these domains can harm the performance of your network. If you are not aware of the difference between these two, this tutorial should help you out. If you have a small network at your home there is usually the router/modem that is connected via phone line or cable to the ISP that router/modem is then connected to a switch or they even have a switch built into the device. You connect a few cables turn on some devices and you now have an internet connection ready to go. In larger networks you have more choices that need to looked at. For example when to use a hub, a switch, or a router and how much money do you want to spend? Usually the more money spent you get more ports, performance increases and more features are added. These are all types of components that need to be thought of when designing a LAN. This tutorial is going to be focusing on two major things collision domains and broadcast domains.
March 30, 2011
Configuring SSH
Today this tutorial is going be talking about how to configure SSH on a Cisco router or switch. SSH or Secure Shell encrypts the data that is sent from the terminal application to the device. Making if far more safer when it is compared to telnet which sends the data in plain text. To add support for SSH to a Cisco router or switch, the device needs some added information then just passwords. The device will need a username and password, this can be configured on a AAA server (Authentication Authorization and Accounting) or on the device locally this tutorial will focus on locally configured usernames and passwords. To set up SSH you need to configure that following information for the purpose of this tutorial the username will be ciscoskills and the password will be cisco.
March 29, 2011
Understanding UDP
Forever ago I talked about TCP (Understanding TCP) and I said that in that post that UDP would be another day, well this is the day where we get to understand UDP, which stands for User Datagram Protocol. UDP is the total opposite of the TCP communication. UDP in short sends information or data without notifying the receiver that its sending data. UDP is considered a connectionless protocol, and does not guarantee the reliability or order the packets like TCP does. Therefor packets may be dropped and are never recovered.
March 28, 2011
How I passed the ICND1 Exam
Well my first of the many Cisco certifications that I plan take in the future was a success! I was able to pass the ICND1 exam. This blog post is going to be a little different in that I want to share how I was able to pass this test and talk about my experience. Well in January after finishing the Cisco Networking Academy in the Exploration series I wanted to go ahead and take shot at the ICND1 exam. Now I knew that this was not going to be easy, by looking at online sites like CLN (Cisco Learning Network) and reading the horror stories of people missing by one point, having a hard time understanding the material, not fully prepared, etc. But also reading success stories about how people passed and what they did to pass, really made me jump on the opportunity. Another thing that made me want to try it was the discounted price I was able to get, by going into the Cisco Networking Academy and doing fairly well I was able to apply for a voucher, which helped that determination I had when studying for the ICND1 exam.
March 21, 2011
Understanding Zone Based Firewalls
Earlier we talked about using CBAC (See the post Understanding CBAC) the âclassic firewallâ and we mention some information about zone based firewalls but not nearly enough. So today we will be talking about zone based firewalls. Why are they different? We also will learn the basics about what is zone based and what are the advantages compared to CBAC. You can think of zone based has making interfaces in a quarantine zone, each interface by default if set up in a zone is denied access to any other interface. This helps isolate networks that have private and or secure information that does not need the public network to have access to it. The firewall policies are configured using the Cisco Common Classification Policy Language (C3PL), this uses a hierarchical structure to define network protocol inspection and allows network devices to be grouped under one inspection policy. Believe it or not it should be easier to configure zone based firewall compared to CBAC Remember that CBAC has these limitations:
March 18, 2011
Common Network Attacks
Network attacks have always been around but they are getting more advanced every day. These attacks are also easy to set up and use. In the past these types of attacks would have to be pulled off by someone who really knew about computers and to know what they are doing. Thatâs a true hacker, now there are programs that do the same damage and sometimes more with a couple clicks of a mouse, so now anybody can bring down a network. The only thing that changes is the motivation of the person. Some People that run scripts or programs donât always know what the program does, so they click on some buttons and the program does its thing, if it fails sometimes the person stops there and gives up. But there are people who want to do some real damage to a company these people usually have organizations like the Anonymous group. So what are some of the common attacks people or organizations do? Well in a company the network administrators might focus on the outside of the network, but have their inside network unsecure or extremely weak. So if somebody on the inside was able to execute and attack it could have a huge effect on the network. So attacks that could occur:
March 17, 2011
How a Router Routes
This tutorial will be going over the basic information of how a router routes IP packets. Routers are used in the OSI layer three or the network layer. These routers have IP addresses and forward IP packets to the proper destination. This guide is somewhat basic and is assuming you have some information of how IP addressing works and along with what routing protocols are. So letâs focus first on how a host or a computer forwards traffic and then look at how a router forwards traffic. Computers forward or send packets based on these two steps.
March 16, 2011
Cracking WEP
BackTrack is Linux network security audit tool for security professionals. This tool is used for testing and penetrating networks. That being said** This tutorial is for educational use only. This is meant only to teach that WEP is an insecure option, and is recommend to use a harder encryption. Using this tutorial on a network that you do not have permission to access or is not yours, could be illegal! ** This was tested on BackTrack version 4 and the steps outlined in this tutorial were successful. (this tutorial is assuming that you have BackTrack 4 installed and are ready with a shell prompt)
March 14, 2011
Telecommuting Services
This post is going to talk about the major technologies that make Teleworking or also called telecommuting possible. This is when an employee performs his or her job away from the office, usually from their home office. By doing this it allows personal convenience, less travel to and from the workplace. At an Organization level it provides continuity of operations, Secure, reliable and manageable access to information, cost-effective integration of data, voice, video and applications. Broadband refers to advance communications systems that can offer high-speed transmission of services, such as data, voice, and video over the internet.
March 11, 2011
Crossover or Straight through?
The EIA/TIA puts the standards in UTP cable, and when cabling a network there are two standards. T568A and T568B these standards are important when deciding to put a crossover cable or straight through cable This tutorial is going to be talking about when and where to apply these different standards. We are going to be focusing on the UTP cable and with the RJ-45 connectors; in order for the communication to work properly we need to make sure we understand where to put these cables.
March 10, 2011
Cisco IDS vs. IPS
There are tons of network attacks out there. Using a firewall helps but does look for signature based attacks. Access Control Lists are like firewalls and only look at the protocols like HTTP, FTP POP, etc. Cisco has developed some tools that will help network administrators combat the issue; IDS, (Intrusion Detection System) and IPS. (Intrusion Prevention System) Letâs go into IDS first, Cisco IDS is a physical device and is like an alarm system it will alert you when an attack happens but thatâs it, the system wonât block the connection. The IDS system is deployed in promiscuous mode meaning the sensor is placed where it can hear all the network traffic but is not in direct connect with the network making it an advantage when using an IDS:
March 9, 2011
Laser Printing Process
Letâs move away from Cisco for at least a day, So this post will be talking about the six steps in the laser printing process, this is good for technicians who fix or repair printers along with a good learning experience. With my limited knowledge of printers I used this process to at least help diagnose the problem. If you have no idea how a printer works, I would not try to fix it. People have become hurt with these machines leave it to the professionals.
March 8, 2011
WordPress.com Hit by a DoS Attack
Yesterday, (March 3rd 2011) there was a massive DoS attack that hit WordPress.com. Cisco Skillâs uses WordPress.com has a hosting provider but is not believed to one of the sites hit. There still is no word on who or why they targeted WordPress.com but goes to show that Denial of Service is still a popular type of attack and although simple to set up they can still bring down enterprise networks.
March 4, 2011
Install BackTrack
This is a full install of BackTrack 4 this can be in a virtual machine, dual-boot, or the main OS. So you burned the image that you downloaded from http://www.backtrack-linux.org/ and are ready to go! If not I would recommend you do that first. BackTrack is a Linux penetration testing for network security. This is a free tool that IT administrators can use to audit their network. First put the disk into the tray and restart your computer. This depends on your BIOS setup but you can either set the boot order or go into a boot menu and select the CD tray as the boot device. This is the first thing you will see when you boot into BackTrack you can play around with the different options later but select the screen resolution that is close to your screen size. backtrack Main Once you select the option you want you will see a loading page, this can take some time so be patient! backtrackLoad Once backtrack is done loading then you can start from there and have fun with command-line but if your CLI skills are a little rusty then you can go into the GUI by typing startx and hit enter. backtrack loadst From here you can run BackTrack now (itâs called a Live CD) this could be useful if you just want to look at it and play around with settings that you have no idea what they are or do. That why if you mess something up you can always restart and go back into it without it saving anything! But letâs install this thing! Click on the Install.sh icon. install shell This next window is the installer, it is pretty simple to understand, you want to select your location that is in the same time-zone as you. Install Page 1 This next window is the keyboard layout, Usually USA works for me. install page 2 This next page is the partition manager thing, from here you can dual-boot if you have another OS. (You want to be careful if you do have another OS on the hardrive because you can wipe your other OS from here) For this example I am taking the whole drive. install page 3 The next page gives you a review before you start installing BackTrack this is also a good time to make sure everything is set up properly before you install BackTrack installpage 4 After you click install the installer will start installing!! (amazing! right!) Here you can watch the bar go across the screen or do something productive in this timeframe it takes about 20 to 30 minutes but this also depends on the hardware you have. installpage 5 After it finishes it gives you two options, stay on the live CD or reboot to start BackTrack. (Hint: reboot) Once the machine is rebooting it will take some time so be patient as it is loading. Once it is ready it will ask you for your username and password. The username is root and the password is toor . Once you type that youâre in CLI again, if you want to go to the GUI just type startx backtrack start Once you type startx it will load the GUI and you now have a full install of BackTrack! From here you can go to http://www.backtrack-linux.org/ for more information on how to audit your network. backtrackdesk I hope this tutorial was helpful
March 1, 2011
Intel Thunderbolt
Intel announced on Friday (February 25th 2011) the new high speed connector that will coexists with USB 3.0. Apple also announced that it will be appearing first on the MacBook Pros. Thunderbolt known before has Light Peak is a new high-speed PC connection technology. This cable can combine data and high-definition all in one cable running at 10Gbps. So you could say it is like the all in wonder HDMI cable that combines video and audio into one cable. How fast is 10Gbps? Well if you had a full length HD movie so on average 120 minutes it would be able to transfer that movie in less than 30 seconds!! Although the codename was called Light Peak Intel Is running the new technology as an electrical current based on copper. Intel has said that it will work and move the technology over to optical but not schedule has been released yet.
February 28, 2011
Understanding TCP
This tutorial is going to be talking about the TCP protocol. Every time you connect to a website you are using the HTTP protocol, but below that you are also using a TCP protocol. The nature of TCP is to provide error recovery; there are other services or applications that use TCP. HTTP however is a common protocol that is used in online applications. Remember TCP is not the only protocol in the transport layer of the OSI model, there is another called UDP but thatâs another day. :)
February 25, 2011
Understanding CBAC
Although using hardware firewalls are an excellent step forward when securing your network. They can cost money and are not cheap to set up and configure. Using CBAC is built-into the Cisco IOS router and helps filter those unwanted protocols that are in your network. When setting up routers as firewalls you have some choices like using CBAC the âClassicâ firewall, or zone based policy (ZBF). Today we will talk about CBAC and how to understand the core components of what make CBAC possible. CBAC stands for Content-Base-Access-Control and uses ACLs. (Access Control Lists) Unlike the established TCP session and reflexive ACLs CBAC has several advantages:
February 22, 2011
802.11ac Standard
Some things are making news in the wireless world, the IEEE wants another wireless standard in the mix called the 802.11ac, now the fastest standard they have is the 802.11n(speeds up to 300 Mbps), which was recently published in October of 2009. What is so great about the 802.11ac development? Well one thing is the speed, it is estimated that it will be able to carry up to 1 gigabit per second! The IEEE has been working on 802.11ac in 2009 and wants to put up a draft on it soon (this year). Products are not yet ready but could be around 2012. It is estimated that a billion 802.11ac devices could be expected in 2015. The standard will be using the existing radio spectrum in ranges below 6GHz and reports say it will have backwards compatibility for older devices.
February 21, 2011
Cisco IOS Routers: Auto Secure
Auto Secure is useful for small businesses or IT administrators who know how to configure a router with networking protocols, set up IP interfaces, and networks but may not have a strong understanding of router security. Cisco has implemented a script called Auto Secure, which simplifies securing a router by prompting the user with âyesâ or ânoâ questions. Some answers may require additional network-specific details. Getting Started with Auto Secure To begin, enter user mode on the router, then enable privileged EXEC mode:
February 17, 2011
The Wonders of Binary
When working with IP addresses and subnet masks you need to have an understanding of how binary works. Binary is still used in computers today, when computers use numbers and letters they use them in a binary format. This guide will be going over numbers, and focusing on the IP addresses in how a computer sees that decimal number. Binary is a relatively easy in understanding and is just another way of looking at numbers. You can do the same basic math in binary as with decimal numbers like adding and multiplying them. The first thing in understanding how binary works is that in binary there is only two digits zeros (0) and ones (1). Working with these two numbers seems easy but if the number is large, it does take some time in converting to binary and from binary. Binary works in the power of twos so with that said letâs look at how to convert binary into a decimal number.
February 15, 2011
TACACS Plus and RADIUS
TACACS+ and RADIUS are both used to control access to network resources, but both of these protocols are different in how they operate depending how you want to secure your network. These protocols need to have (AAA) authentication, authorization, and accounting setup on the routers before you can set up these access server protocols. First letâs get some information on why we would need this type of access server protocol setup. Usually you will find this setup in medium to enterprise environments. What the access server does is provide a central location of all the users and privileges these users can do on network resources. If we did not have a server we would have to put these users manually on the Cisco IOS software and that could be time-consuming depending on how many devices (routers, switches) there are in your network infrastructure.
February 10, 2011
Configuring RIPv2
This guide will go over how to configure RIPv2 on Cisco routers. This guide follows a packet tracer activity that is posted at the end of this tutorial. RIPv2 configuration is pretty simple to understand with really only three required commands to use besides the network command which depends how many networks are connected to your router. RIPv2 Layout So following the packet tracer that is used with this tutorial the first step is to configure the hostname on the routers. Enter into the router and type the command enable to move into privilege EXEC mode, then type configure terminal to move into global configuration mode and type hostname then the name of the router. (this example is for R1)
February 9, 2011
Access Control Lists
Understanding Access Control Lists is an important role for moving up into the CCNA area. ACLs can get confusing and cause network problems if not implemented correctly. I think what I outlined below explains in a nutshell of what you can expect from ACLs. I would still read and find more information about ACLs on the web and or reading material (becuase I donât trust myself!). By securing networks with ACLs you are adding another barrier to your network although ACLs canât fool-proof your network they add additional level of security from the outside world. The simple definition of an ACL (access control list) is a sequential list of permit or deny statements that apply to the IP address and or upper-layer protocols. ACLs are a powerful way to control network traffic into and out of your network. Packet filtering sometimes called static filtering, controls access to a network by analyzing the incoming and outgoing packets. A router is considered a packet filter when it forwards or denies packets according to filtering rules. Packet filtering works at the network layer of the OSI model. The ACL can get the following information from the packer header:
February 7, 2011
IPv4 Meet IPv6
IPv4 maybe on its last leg with only a few blocks of IPv4 addresses available, computer estimates say that the IANA address depletion was January 27, 2011. Also the calculations for all central IPv4 pool addresses will be depleted by July 25, 2012. These are estimates and may change as of writing this post. Iâll be sure to update if needed, but the thing to understand is that IPv4 wonât be available within weeks if not months. So what happens then? Well we move into IPv6 which has the capacity to hold 2^128th addresses that number is 340,282,366,920,938,463,463,374,607,431,768,211,456. If you want to know what that number is called it is 340 undecillion, 282 decillion, 366 nonillion, 920 octillion, 938 septillion, 463 sextillion, 463 quintillion, 374 quadrillion, 607 trillion, 431 billion, 768 million, 211 thousand and 456 addresses.
February 3, 2011
Common Weaknesses Cybercriminals Exploit
While reading the Cisco Annual Report they came up with seven common social engineering attacks that cybercriminals use. Now these types of attacks are common and are not unheard of. You should be familiar with most if not all these weaknesses that cybercriminals use. Sex appeal, which means scammers will try to find or put up attractive man or woman. Then tempt the user for information. People should remember if you donât know the person this will more than likely not be romance but something else. (Like your personal information)
January 27, 2011
Basic Router Configuration
One of the things you do first when setting up a Cisco router in lab environments and production environments is basic router configuration. By having a good understanding of basic router configuration you will have the essential building blocks and be able to apply additional knowledge upon router configuration. This tutorial is assuming that you are in a lab environment, additional security measures for production environments are recommended and are not discussed in this tutorial. Also this tutorial is assuming a terminal emulator session is on and ready. (Hyper-Terminal, Putty, etc).
January 26, 2011
Cybercriminals Focusing on Mobile Platforms
If I were to tell you four years ago that cybercriminals were going to focus on mobile phones instead of computers would you believe me? This shift in focusing on mobile devices and platforms instead of computers means one thing, itâs easier. What does that mean? Well think of it this way if I was hacker wanting to gain access to somebodyâs personal information, and I had a choice between their computer or their mobile phone which one would I choose? Now before I give my answer think of this, computer operating systems like Windows, and Mac have been around for a while so they both have had their share of virus, worms, and trojans especially Windows as itâs a widely and commonly used operating system.
January 24, 2011
Configuring NAT (One to One Mapping)
In this simple tutorial we are going to be configuring a static NAT which is a one-to-one mapping between an inside IP address and an outside IP address. (One private to one permanent address) Using this type of NAT would be helpful for outside devices accessing your inside devices. (Like a web server) Letâs get started!! Looking at the topology above you can see that we have a server inside of are network and want people to access this server outside of are network. Using NAT will help us accomplish this task! (This tutorial is assuming that all configurations, like basic router configurations and IP addresses are in place and working before NAT is enabled for the above topology) In order for one to one mapping to work we first need to make an IP route that forwards the public IP address or addresses out towards the ISP. So on the router we would make an IP route to forward that IP address to the ISP router or the internet cloud.
January 21, 2011
Configuring PAT
This tutorial will help you configure PAT (Port Address Translation), or sometimes called NAT (Network Address Translation) with overload on a Cisco router. PAT uses multiple private IP addresses and translates them into a single or very few public IP addresses. This is possible because the private IP addresses are mapped to the port number of the PC. Letâs get started!!! With the above shown topology we see that we are using two routers called ISP and R1 we also have one switch (default configuration) and a PC connected to R1âs Fa0/0 interface. Both routers need to be setup with basic router configuration and IP address added to the interfaces of ISP and R1 along with the PC to be configured with the supplied IP address. Also a default-gateway on the PC and clock rate on ISPâs serial interface before we can get stated. (This tutorial is assuming you can already do that) ;) Now that the basic setups have been configured we need an IP route on R1 to ISP. We want to define that any IP address not in R1âs routing table needs to be sent to the ISP. To do that move to global configuration mode and type the command ip route and the IP address of ISPâs serial interface:
January 19, 2011
Basic PPP Configuration
This tutorial will be going over Basic Configuration of PPP (Point-to-Point Protocol). This tutorial includes Basic Configuration tasks on a router, Configuring OSPF routing protocol, and Configuring PPP PAP and CHAP authentication. Letâs get started! We can see in the above diagram we will be using three routers, a loop back connection, two switches (which we will leave them at their default configuration) and two PCs If you are using packet tracer or using real devices than cable the network. The next couple of steps are assuming you already know the material. Next perform Basic Router Configurations (hostname, disable DNS lookup, EXEC password, message-of-the-day banner, and password for console and VTY connections, along with synchronous logging). After that, configure the interfaces on R1, R2, and R3 (with the IP addresses from the addressing table (remember to include the clock rate on serial DCE interfaces). Make sure that the IP addressing is correct and the interfaces are active by issuing the show ip interface brief command. Test and configure ethernet interfaces on PC1 and PC3 (test by pinging the default gateway)
January 18, 2011
The OSI Layer
It is the foundation that makes understanding networks possible the wonderful OSI layer. While studying for the CCENT exam I had a basic understanding of the OSI Model but when reviewing the material I found myself saying over and over, âOh ya I remember thatâ! meaning I totally forgot about a certain protocol or how and what services where in each layer. So I wrote down the basics on the ITS forum and decided why not post it here as well.
January 17, 2011