September 2012
1 post
CCNA-Security Exam; Passed
I passed my CCNA-Security exam on Friday. 977/1000 - BOOM!
For anybody looking to take it, I got heavily tested on IPSec VPN, IOS Intrusion Prevention System and Zonal Based Firewalls, along with the basic encryption stuff, ACLs etc.
I got a switch simulation where I had to configure port-security, how spooky is that? My post here: http://johntear.tumblr.com/post/25374619695/switch-port-security...
June 2012
1 post
7 tags
Switch Port Security
I recently had to protect the switch ports on a Cisco switch. This is a good idea for all businesses, particularly if the switches are not physically secured (in a comms room) or the switch ports are patched through to outlets in offices.
As far as I can see there are four methods for securing the ports on a Cisco switch:
Shut down the ports that aren’t in use.
Use the Cisco proprietary...
March 2012
2 posts
EIGRP Metric Calculation
I set up a simple lab to have a look at EIGRP metric calculation:
The default metric calculation is as follows:
( 10,000,000 / lowest bandwidth ) x 256 + ( sum of delay ) x 256 = metric
An important note is that the delay is summed as tens of microseconds and the delay is shown in the router as microseconds. So if the interface shows 20000 usec then the calculation will use a value of 2000.
...
6 tags
Frame Relay, EIGRP and Routing Tables
I was working through a lab for my CCNP ROUTE studies and came across a strange event when testing connectivity over a frame relay network by issuing ping commands between some network addresses.
My frame relay was set up fine and EIGRP was working fine. I tried to test connectivity between router WEST and one of the loopback addresses on router EAST but I got a timeout.
The way my topology was...
February 2012
4 posts
8 tags
Updating Cisco Router IOS Remotely
Upgrading the IOS on a Cisco Router should always be done on site if possible. If you are unable to physically get to the site it is possible to update the router remotely.
You need to be running a TFTP server to download and upload from. You will also need to place the new IOS in the root folder for the TFTP server. In this example I am replacing c850-advsecurityk9-mz.124-15.T12.bin with...
11 tags
Load Balancing Using Spanning Tree
Problem
I had a number of VLANs either side of a fibre optic trunk (8-core) between two buildings connected via two Cisco catalyst switches. The switches had 4 of the fibres connected in two pairs for redundancy. If one of the fibres failed the other would come online. Spanning tree is used to make sure both links don’t come up at once and create a Layer 2 network loop.
By default spanning...
8 tags
Configuring Network Address Translation
There are three main types of NAT that can be configured on a Cisco router. Here’s what they are and how to configure them.
Terms
Inside Local - The IP address of a host on the inside network (usually a private IP address).
Inside Global - The IP address of the host on the inside network as seen from the outside network (usually a public IP address).
Outside Local - The IP address of the...
6 tags
Cisco Router Console Authentication Against RADIUS...
Problem
A Policy requirement to authenticate users that connect to the console and VTY (telnet/SSH) lines using two factor authentication via a RADIUS server was made. I was required to configure a number of Cisco devices to comply with the policy.
Details
RADIUS Server: Proprietary Server Software running on Windows 2008.
Router: Cisco 2651XM 12.3(1a)
Solution
First I needed to enable...
January 2012
1 post
13 tags
BAD ADDRESS entries in DHCP database.
Problem
Following the installation of a Cisco ASA our DHCP server on the same broadcast domain started listing BAD ADDRESS entries in the database when clients were trying to renew or get a new IP address. The result was that no client could could get a valid IP address and was reporting IP address conflicts.
Details
DHCP Server: Windows 2008 Server.
DHCP Client(s): Windows 7.
Firewall: ASA...
