I've seen it happen time and again to programmers, network engineers and administrators, and other IT personnel. They get a solid IT position, a good-paying job, and they get comfortable. They stop keeping up with the latest technologies, they stop studying, they no longer keep their CCNA, MCSE, and other industry certifications up-to-date.... and then one day, their comfortable job is gone.
Maybe they get laid off, maybe the company moves and they don't want to move with it... but for one reason or another, they're in the worst position possible. They have no job, and they have allowed their IT skills to deteriorate to the point where they are no longer employable.
If you're in IT, you must be constantly learning. You must continually take the long view, and ask yourself three important questions. First, where do you want to be in three years? Second, what are you doing now in order to reach this goal? And finally, if you were laid off today, are your current skills sharp enough to quickly get another job?
That third question can be the hardest of all to answer honestly. I'm reminded of Microsoft announcing years ago that they would no longer be recognizing the MSCE 4.0 certification, since the network operating systems that certification was based upon would no longer be supported by MS. (Keep in mind that this change was announced months in advance, giving those holding the MCSE 4.0 plenty of time to earn the latest MS certification.)
Some MCSE 4.0s just went nuts. Microsoft's certification magazine printed letter after letter from angry MCSEs saying that their company would always run NT 4.0, and that there was no reason for them to ever upgrade their certification.
This wasn't just denial. This was career suicide. Let's say that their network never moved from NT 4.0. Let's also say that they got laid off yesterday. Would you want to go out into the current IT workplace and have your most recent network operating system experience be on NT 4.0 ? I sure wouldn't.
The fact is that you've got to continue studying, continue growing, and continue learning new things if you want to have a successful long-term IT career. If you plan on studying only one topic, getting into IT, and then never cracking a book again, you're entering the wrong field. And for those of us who have been in it for a while - again, ask yourself this question: "Am I prepared for what would happen if I were laid off today?" And if you're not, do something about it!
Showing posts with label router. Show all posts
Showing posts with label router. Show all posts
Wednesday, January 7, 2009
Sunday, December 28, 2008
Setting Up and Securing Your Wireless Network
There are more and more individuals opting to work from home than ever before. The advantages to this are many including avoiding the morning and evening rush hours, being able to spend time with your kids and significant other, and doing everything on your own time. Though the pitfalls are many, the one that I will be focusing on in this article is that of setting up a secure wireless network for your home based business. Right now somewhere out there, there is someone with a receiver waiting to pick up on an unsuspecting person’s wireless local area network. Their hope is to garner some sensitive information that may lead to identity theft, and stolen proprietary business information.
Most businesses owners are not technically inclined, though they may be power users, in general security settings is not one of the first things they want to mess around with in their day to day operations. This makes most wireless LANs a great target for information predators.
Here are some general guidelines to follow in setting up your wireless network. Though it may vary from vendor to vendor, the gist is more or less the same:
1. Setup the wireless access/router point via a wired client.
2. Always change the factory setting password to something difficult for someone to guess.
3. Enable 128-bit Wired Equivalency Privacy (WEP) encryption on both your access point and network card. From time to time change the WEP key entries. If your hardware does not support a minimal of 128 bit WEP encryption, then it may be time to replace this dinosaur. WEP is only a minimal security precaution, which is better than none at all.
4. Alter the factory default SSID on the access/router point to a convoluted difficult to guess string. Initiate your computer to connect to this configured SSID by default.
5. Setup your access point not to broadcast the SSID if available.
6. Block off anonymous internet requests and pings.
7. P2P Connections should be disabled.
8. Enable MAC filtering.
9. Enable firewall on the network router/access point with demilitarized zone function disabled. Enable client firewalls for each computer in the network.
10. Update router and access point firmware as updates become available.
11. Make sure the physical router is hidden so that a random person can’t reset the settings.
12. Position the physical router near the middle of the establishment as opposed to near windows to prevent others outside from receiving the signals.
These and other settings will collectively help prevent any unwanted intrusions on your private data.
Most businesses owners are not technically inclined, though they may be power users, in general security settings is not one of the first things they want to mess around with in their day to day operations. This makes most wireless LANs a great target for information predators.
Here are some general guidelines to follow in setting up your wireless network. Though it may vary from vendor to vendor, the gist is more or less the same:
1. Setup the wireless access/router point via a wired client.
2. Always change the factory setting password to something difficult for someone to guess.
3. Enable 128-bit Wired Equivalency Privacy (WEP) encryption on both your access point and network card. From time to time change the WEP key entries. If your hardware does not support a minimal of 128 bit WEP encryption, then it may be time to replace this dinosaur. WEP is only a minimal security precaution, which is better than none at all.
4. Alter the factory default SSID on the access/router point to a convoluted difficult to guess string. Initiate your computer to connect to this configured SSID by default.
5. Setup your access point not to broadcast the SSID if available.
6. Block off anonymous internet requests and pings.
7. P2P Connections should be disabled.
8. Enable MAC filtering.
9. Enable firewall on the network router/access point with demilitarized zone function disabled. Enable client firewalls for each computer in the network.
10. Update router and access point firmware as updates become available.
11. Make sure the physical router is hidden so that a random person can’t reset the settings.
12. Position the physical router near the middle of the establishment as opposed to near windows to prevent others outside from receiving the signals.
These and other settings will collectively help prevent any unwanted intrusions on your private data.
Router - Transmitting Packets
In a previous article we discussed the basics of what a router did. We're now going to get into a more detailed, and yes technical, explanation of how packets are transmitted as well as a few other tech specs of how routers work. So put on your learning caps because you're in for a real mind bender.
Internet data, whether it be in the form of a web page, a downloaded file or an email message, travels over what is called a packet switching network. Basically what happens is that the data is broken up into individual packets because there is only so much data that can be transmitted at one time. Each packet is about 1500 bytes long. Each packet contains quite a bit of information including the sender's address, the receiver's address and of course the information being sent which includes the order of each packet how it should be put back together so that the end user can make sense of the data. The packet is sent off to its destination based on what the router believes to be the best route to follow, which is usually the route with the least amount of traffic and if possible, the shortest route. Each packet may actually given a different route depending on conditions at the time, which in a high traffic network can change every second. By doing this, the router can balance the load across the network so that no one segment gets overloaded. Also, if there is a problem with one piece of equipment in the network, the router can bypass this piece of equipment and send the packet along another route. This way if there is a problem, the entire message will still arrive intact.
In conducting this process, routers have to speak to each other. They tell each other about any problems on the network and make recommendations on routes to take. This way, paths can be reconfigured if they have to be. However, not all routers do all jobs as routers come in different sizes and have different functions.
There are what we call simple routers. A simple router is usually used in a simple small network. Simple routers simply look to see where the data packet needs to go and sends it there. It doesn't do much else.
Slightly larger routers, which are used for slightly larger networks, do a little bit more. These routers will also enforce security for the network, protecting the network from outside attacks. They are able to do a good enough job of this that additional security software is not needed.
The largest routers are used to handle data at major points on the Internet. These routers handle millions of packets of information per second. They work very hard to configure the network as efficiently as possible. These are stand alone systems and actually have more in common with supercomputers than with a simple server one might have in a small office.
In our next instalment we'll look at how to actually trace the path that a message has taken and some examples of transmitting packets.
Internet data, whether it be in the form of a web page, a downloaded file or an email message, travels over what is called a packet switching network. Basically what happens is that the data is broken up into individual packets because there is only so much data that can be transmitted at one time. Each packet is about 1500 bytes long. Each packet contains quite a bit of information including the sender's address, the receiver's address and of course the information being sent which includes the order of each packet how it should be put back together so that the end user can make sense of the data. The packet is sent off to its destination based on what the router believes to be the best route to follow, which is usually the route with the least amount of traffic and if possible, the shortest route. Each packet may actually given a different route depending on conditions at the time, which in a high traffic network can change every second. By doing this, the router can balance the load across the network so that no one segment gets overloaded. Also, if there is a problem with one piece of equipment in the network, the router can bypass this piece of equipment and send the packet along another route. This way if there is a problem, the entire message will still arrive intact.
In conducting this process, routers have to speak to each other. They tell each other about any problems on the network and make recommendations on routes to take. This way, paths can be reconfigured if they have to be. However, not all routers do all jobs as routers come in different sizes and have different functions.
There are what we call simple routers. A simple router is usually used in a simple small network. Simple routers simply look to see where the data packet needs to go and sends it there. It doesn't do much else.
Slightly larger routers, which are used for slightly larger networks, do a little bit more. These routers will also enforce security for the network, protecting the network from outside attacks. They are able to do a good enough job of this that additional security software is not needed.
The largest routers are used to handle data at major points on the Internet. These routers handle millions of packets of information per second. They work very hard to configure the network as efficiently as possible. These are stand alone systems and actually have more in common with supercomputers than with a simple server one might have in a small office.
In our next instalment we'll look at how to actually trace the path that a message has taken and some examples of transmitting packets.
Router - Tracing Your Packets
Few people will really care about the path that your packet takes when sending a message, but if you're one of those high tech egg heads then this article may be of great interest to you. It can become very addictive so proceed with caution.
If you're using a Microsoft Windows based operation system, then it's very easy to trace the route that your message has taken. Not only that, you can see exactly how many routers it took to get your message from point A to point B. You can do this by using a program that is on your computer called Traceroute. That is exactly what the program does. It traces the route a message takes to get to its final destination.
To run the program you have to go to a DOS prompt. After doing this, go to the C:\windows directory and type tracert followed by the URL of the Internet site you're connected to at the time. It will give you a rather technical spec sheet of every IP address it stopped at along the way until it got to its final destination.
The first number on the spec sheet tells you how many routers it went through to get to its final destination. Then each individual router listed on the page is numbered from 1 down to the last one which is actually the final destination. The next 3 numbers on each line for each router shows how long the packet took to get to that router. The next piece of information on each line is the actual name of the router the information went through. Yes, routers have names. This may be important to the users but is totally irrelevant to the router itself. Finally, the last piece of info on each line is the actual IP address of the router itself.
The amount of time it takes information to get from one router to another varies depending on how much traffic there is on that route at the time. Normally, it is no more than a couple of seconds. But occasionally, it can be longer. That is why sometimes you will be trying to access a web site and it seems to take forever. This can be for a number of reasons, but usually it is because along the way one of the routers is not working correctly and has to be bypassed. Sometimes the actual final location itself is down or having problems and the delay is the last router in the chain trying to connect to the network.
Traceroute is not limited to just checking the number of routers between you and an Internet site. You can use it to check the number of routers between you and any other computer on a network. As long as you know the IP address of the other computer you can trace the route of the packets between you and the other computer.
In our next instalment we're going to look at how routers handle denial of service attacks and other problems.
If you're using a Microsoft Windows based operation system, then it's very easy to trace the route that your message has taken. Not only that, you can see exactly how many routers it took to get your message from point A to point B. You can do this by using a program that is on your computer called Traceroute. That is exactly what the program does. It traces the route a message takes to get to its final destination.
To run the program you have to go to a DOS prompt. After doing this, go to the C:\windows directory and type tracert followed by the URL of the Internet site you're connected to at the time. It will give you a rather technical spec sheet of every IP address it stopped at along the way until it got to its final destination.
The first number on the spec sheet tells you how many routers it went through to get to its final destination. Then each individual router listed on the page is numbered from 1 down to the last one which is actually the final destination. The next 3 numbers on each line for each router shows how long the packet took to get to that router. The next piece of information on each line is the actual name of the router the information went through. Yes, routers have names. This may be important to the users but is totally irrelevant to the router itself. Finally, the last piece of info on each line is the actual IP address of the router itself.
The amount of time it takes information to get from one router to another varies depending on how much traffic there is on that route at the time. Normally, it is no more than a couple of seconds. But occasionally, it can be longer. That is why sometimes you will be trying to access a web site and it seems to take forever. This can be for a number of reasons, but usually it is because along the way one of the routers is not working correctly and has to be bypassed. Sometimes the actual final location itself is down or having problems and the delay is the last router in the chain trying to connect to the network.
Traceroute is not limited to just checking the number of routers between you and an Internet site. You can use it to check the number of routers between you and any other computer on a network. As long as you know the IP address of the other computer you can trace the route of the packets between you and the other computer.
In our next instalment we're going to look at how routers handle denial of service attacks and other problems.
Router - Denial Of Service Attacks
Routers are not perfect. For that matter, nothing is. So if somebody wants to give a router more than it can handle there is a way to do this. We're going to take a look at what are called denial of service attacks.
A router can only handle so much information coming into it at one time. Every machine has its limits and routers are no exceptions. Well, when the nasty trend of denial of service attacks started early this century, routers were unprepared for them. As they began to understand what was happening they began to compensate for the problem. But there was still a way around it. To understand this we first have to understand what a denial of service attack is.
A denial of service attack is just as it sounds. It is when someone prevents the router or routers from servicing the network. The question is, how do they do this? As previously stated, a router can only handle so much information coming into it to be routed at a time. If too much information starts coming in then the router gets overloaded and can't forward the information fast enough. Ultimately, what happens is this slows the network down to the point where nobody can access it. In a denial of service attack, which is a deliberate attempt to cause this problem, a person will send an enormous amount of information from one computer to the router at one time. Eventually this will effectively shut down the network. The reason is because of the trickle down effect. Once the main routers start to get overloaded they start to send messages to the rest of the network that the connection is full. These messages start to cascade through the entire network until all the pathways in the network are full and nobody can communicate with any server on the network.
When companies and web sites began to understand what was happening then started to put safeguards in place. They would put checks in the router software to see if a large amount of information was coming from one IP address. If so, then it simply discarded the information and didn't attempt to pass it on. It seemed that the problem was solved. Not so.
Hackers began to figure out that if they send this enormous amount of information from multiple computers or IP addresses, the routers would have no way of knowing that a denial of service attack was in progress because it would see all this information coming in from multiple locations. Ultimately again, the network would effectively be shut down.
In response to this, manufacturers of routers have placed additional safeguards into their routers to simply check for unusual traffic. The problem with this is that in some cases there is a large amount of traffic that is normal, like in the case of a news site being hit with an overload because a major breaking story hits the airwaves.
It remains to be seen if the hackers or the router manufacturers are going to win this war.
A router can only handle so much information coming into it at one time. Every machine has its limits and routers are no exceptions. Well, when the nasty trend of denial of service attacks started early this century, routers were unprepared for them. As they began to understand what was happening they began to compensate for the problem. But there was still a way around it. To understand this we first have to understand what a denial of service attack is.
A denial of service attack is just as it sounds. It is when someone prevents the router or routers from servicing the network. The question is, how do they do this? As previously stated, a router can only handle so much information coming into it to be routed at a time. If too much information starts coming in then the router gets overloaded and can't forward the information fast enough. Ultimately, what happens is this slows the network down to the point where nobody can access it. In a denial of service attack, which is a deliberate attempt to cause this problem, a person will send an enormous amount of information from one computer to the router at one time. Eventually this will effectively shut down the network. The reason is because of the trickle down effect. Once the main routers start to get overloaded they start to send messages to the rest of the network that the connection is full. These messages start to cascade through the entire network until all the pathways in the network are full and nobody can communicate with any server on the network.
When companies and web sites began to understand what was happening then started to put safeguards in place. They would put checks in the router software to see if a large amount of information was coming from one IP address. If so, then it simply discarded the information and didn't attempt to pass it on. It seemed that the problem was solved. Not so.
Hackers began to figure out that if they send this enormous amount of information from multiple computers or IP addresses, the routers would have no way of knowing that a denial of service attack was in progress because it would see all this information coming in from multiple locations. Ultimately again, the network would effectively be shut down.
In response to this, manufacturers of routers have placed additional safeguards into their routers to simply check for unusual traffic. The problem with this is that in some cases there is a large amount of traffic that is normal, like in the case of a news site being hit with an overload because a major breaking story hits the airwaves.
It remains to be seen if the hackers or the router manufacturers are going to win this war.
IT Networks: How to Argue for a Bigger Budget
IT network managers have to fight the "if it ain't broke don't fix it" mindset to win resources. With computer networks, that mindset is dangerously complacent. IT networks will keep pumping data until they die or let in hackers. Here are some winning arguments against "if it ain't broke…"
IT Network Maintenance: Better Analogies
Don’t let your IT network's budget get lumped with IT in general--or worse, operations in general. "If it ain't broke, don't fix it" sometimes makes sense in IT or operations. Upgrading workstations or desks can cost productivity, making it self-defeating.
You have to stress that IT networks are different from workstations or desks.
- IT networks are harder to repair.
- IT networks cannot be done without until fixed. You depend on them for email, web, file transfers, and in some organizations, printing, fax and telephone. If your network breaks you may be forced to rely on hand-written letters.
- IT network improvements rarely lower productivity on the front line. Instead, a faster, more reliable network can improve front-line productivity.
Here are the analogies you should stress to counter "if it ain't broke":
- Plumbing: IT networks will appear to function until they burst. The damage will be more expensive than maintenance ever could have been. In the meantime, you are losing productivity to all the little "leaks."
- Dams: If a poorly maintained IT network bursts, the eventual flood will harm overall productivity.
- War: There is no such thing as "good enough" when you are in competition. With an IT network, you're in a quiet arms race with hackers. You are also competing with your business competitors in terms of productivity.
- Health: Your IT network has to be in top physical condition. You can't make up for bad habits with a week or two of "rejuvenation." Meanwhile, your day-to-day performance will suffer.
- Cars: Don't wait for your IT network to conk out. Get a regular tune-up of up-to-date equipment.
IT Network Maintenance: What Can Go Wrong
Now, let's drive the point home. Here are some concrete, easy-to-explain reasons to keep your network up-to-date:
- Power supplies. Without redundant backups, your network is vulnerable to a shutdown. The lost productivity will make extra equipment seem inexpensive in comparison.
- Integrity. Faulty or contradictory data can break older networks. Newer equipment has solved these problems. Again, the potential cost of lost productivity makes newer equipment a good value.
- Firewalls. Hackers can leak trade secrets stolen from unprotected networks. Firewall software upgrades are relatively inexpensive.
- VOIP. Organizations worldwide are switching to VOIP--not just outside-line telephones but also switchboard and teleconferencing. If your network is out-of-date, it may fail when you eventually try this new technology.
- Speed. Older platforms such as 10BASET will throttle your bandwidth. You can now upgrade to a Terabit or more. Just think of the seconds, minutes, hours, and days lost as staff wait for email to arrive and web pages to load.
Final tip: show how cost-effective IT network maintenance really is. Get a firm cost estimate from a vendor. Just make sure your cost estimate is as competitive as it can be. You can often get new equipment at half the cost of retail by buying refurbished equipment.
Close your case for a better network with this wisdom: no matter what you pay, keeping your network up-to-date is cheaper than the consequences of letting it fall into disrepair.
Saturday, December 27, 2008
Tips On Buying A Cisco CCNA / CCNP Home Lab Kit
Buying a CCNA / CCNP home lab is the best way to be totally prepared for your Cisco exams. Most home labs are put together one router or switch at a time, but many CCNA / CCNP candidates prefer to buy kits where you get multiple routers and switches, along with all the cables and other connection devices you'll need.
While this is a good idea, keep a few things in mind when purchasing Cisco home lab kits.
Don't buy anything you don't need. The problem is that when you're first starting out with your Cisco home lab, you don't know everything that you need. (I sure didn't!) Keep in mind that you only need one transceiver per AUI port on a Cisco router, so if you're getting routers with two AUI ports in all, you don't need five transceivers in the kit. It doesn't hurt to have one spare, but three is a little too much.
More importantly, don't buy kits with old CCNA or CCNP study guides included. I've seen kits with books that were three years old and were of no use to the candidate. If you see a kit that looks good but includes books or manuals you just don't want, ask the vendor for a price that doesn't include the books. It never hurts to ask.
Watch the IOS version. Unless you've got access to IOS upgrades, you'll be working with the IOS version that's on the routers and switches when you buy the kit for a while. You don't necessarily need the latest and greatest IOS version for CCNA study, but don't buy routers with IOS versions beginning with "10" unless you have an IOS to upgrade them with. (And make sure the routers have enough memory to handle the IOS you plan on putting on them.)
Purchasing a Cisco CCNA / CCNP Home Lab is one of the best investments in your career that you will ever make. Exercise just a bit of caution when purchasing your kit, and you'll be on your way to true Cisco success, in the exam room and on your network!
While this is a good idea, keep a few things in mind when purchasing Cisco home lab kits.
Don't buy anything you don't need. The problem is that when you're first starting out with your Cisco home lab, you don't know everything that you need. (I sure didn't!) Keep in mind that you only need one transceiver per AUI port on a Cisco router, so if you're getting routers with two AUI ports in all, you don't need five transceivers in the kit. It doesn't hurt to have one spare, but three is a little too much.
More importantly, don't buy kits with old CCNA or CCNP study guides included. I've seen kits with books that were three years old and were of no use to the candidate. If you see a kit that looks good but includes books or manuals you just don't want, ask the vendor for a price that doesn't include the books. It never hurts to ask.
Watch the IOS version. Unless you've got access to IOS upgrades, you'll be working with the IOS version that's on the routers and switches when you buy the kit for a while. You don't necessarily need the latest and greatest IOS version for CCNA study, but don't buy routers with IOS versions beginning with "10" unless you have an IOS to upgrade them with. (And make sure the routers have enough memory to handle the IOS you plan on putting on them.)
Purchasing a Cisco CCNA / CCNP Home Lab is one of the best investments in your career that you will ever make. Exercise just a bit of caution when purchasing your kit, and you'll be on your way to true Cisco success, in the exam room and on your network!
Passing Your CCNA and CCNP: Configuring And Troubleshooting Router-On-A-Stick
For CCNA and CCNP candidates, it's hard not to laugh the first time you hear the phrase "router on a stick". Let's face it, that's a pretty silly term. But as those who have passed the CCNA and CCNP exams know, this is a vital exam topic that you must know how to configure and troubleshoot.
Basic Cisco theory states that for hosts in different VLANs to communicate, a Layer 3 device must be involved to handle the routing between the VLANs. That device is a router, and there are special considerations that must be taken into account for both the physical router itself and the configuration you'll be writing.
The router will be connected to a switch via a FastEthernet port (or higher). The router port cannot be a regular Ethernet port, since the router port will need the ability to send and receive data at the same time.
The configuration of the interface is where things get interesting. Let's say we have two VLANs that will be using router-on-a-stick to communicate.
Here is the VLAN information:
VLAN 20: 20.20.20.0 /24
VLAN 40: 40.40.40.0 /24
The port on the switch that will be connected to the router's FastEthernet port must be in trunking mode, and you must know the trunking protocol in use. We'll go with the Cisco-proprietary ISL here.
The physical FE port on the router will not have an IP address. The use of router-on-a-stick mandates the use of logical subinterfaces. While we don't have to use the VLAN numbers for the subinterface numbers, I've found this helps you keep the interfaces straight. One subinterface must be given an IP address in VLAN 20, and the other will have an IP address in VLAN 40.
After creating subinterfaces fast 0.20 and fast 0.40, the config looks like this:
interface fastethernet0
no ip address
interface FastEthernet 0.20
ip address 20.20.20.1 255.255.255.0
interface FastEthernet 0.40
ip address 40.40.40.1 255.255.255.0
Believe it or not, you're almost done! Now we need the encapsulation statement under each subinterface. The subinterface statement must reflect both the VLAN number and the encapsulation type being used. When we're finished, the config would look like this:
interface fastethernet0
no ip address
interface FastEthernet 0.20
ip address 20.20.20.1 255.255.255.0
encapsulation isl 20
interface FastEthernet 0.40
ip address 40.40.40.1 255.255.255.0
encapsulation isl 40
And that's it! Your hosts in VLAN 20 should now be able to communicate with hosts in VLAN 40, and vice versa.
A couple of final troubleshooting points - the most common error with router-on-a-stick is to put the wrong vlan number in the encapsulation statement. Also, make sure you have configured the router's IP address in VLAN 20 as the default gateway for hosts in VLAN 20, and do the same for VLAN 40.
I hope you've enjoyed this look at router-on-a-stick. While the name may get a chuckle out of you, it's still used in quite a few networks out there, and knowing how to configure and troubleshoot it will get you that much closer to earning your CCNA and CCNP.
Basic Cisco theory states that for hosts in different VLANs to communicate, a Layer 3 device must be involved to handle the routing between the VLANs. That device is a router, and there are special considerations that must be taken into account for both the physical router itself and the configuration you'll be writing.
The router will be connected to a switch via a FastEthernet port (or higher). The router port cannot be a regular Ethernet port, since the router port will need the ability to send and receive data at the same time.
The configuration of the interface is where things get interesting. Let's say we have two VLANs that will be using router-on-a-stick to communicate.
Here is the VLAN information:
VLAN 20: 20.20.20.0 /24
VLAN 40: 40.40.40.0 /24
The port on the switch that will be connected to the router's FastEthernet port must be in trunking mode, and you must know the trunking protocol in use. We'll go with the Cisco-proprietary ISL here.
The physical FE port on the router will not have an IP address. The use of router-on-a-stick mandates the use of logical subinterfaces. While we don't have to use the VLAN numbers for the subinterface numbers, I've found this helps you keep the interfaces straight. One subinterface must be given an IP address in VLAN 20, and the other will have an IP address in VLAN 40.
After creating subinterfaces fast 0.20 and fast 0.40, the config looks like this:
interface fastethernet0
no ip address
interface FastEthernet 0.20
ip address 20.20.20.1 255.255.255.0
interface FastEthernet 0.40
ip address 40.40.40.1 255.255.255.0
Believe it or not, you're almost done! Now we need the encapsulation statement under each subinterface. The subinterface statement must reflect both the VLAN number and the encapsulation type being used. When we're finished, the config would look like this:
interface fastethernet0
no ip address
interface FastEthernet 0.20
ip address 20.20.20.1 255.255.255.0
encapsulation isl 20
interface FastEthernet 0.40
ip address 40.40.40.1 255.255.255.0
encapsulation isl 40
And that's it! Your hosts in VLAN 20 should now be able to communicate with hosts in VLAN 40, and vice versa.
A couple of final troubleshooting points - the most common error with router-on-a-stick is to put the wrong vlan number in the encapsulation statement. Also, make sure you have configured the router's IP address in VLAN 20 as the default gateway for hosts in VLAN 20, and do the same for VLAN 40.
I hope you've enjoyed this look at router-on-a-stick. While the name may get a chuckle out of you, it's still used in quite a few networks out there, and knowing how to configure and troubleshoot it will get you that much closer to earning your CCNA and CCNP.
Passing The Cisco CCNA Exam: An Illustrated Guide To Router Modes
When you're getting started on your CCNA studies, learning the different router modes is key to passing your Intro and ICND exams. But keeping those modes straight can be very difficult. (At least it was for me!) Let's take a look at the various router modes you'll need to know about to pass your CCNA, and use IOS Help to illustrate the different uses of each mode.
The first mode you'll see on a router (if the person before you logged off as they should have) is user exec mode. This is also the default mode a user is placed into when using Telnet to connect to a router. The prompt will look like this:
R1>
You can't write or add to a configuration in this mode, but you can run quite a few show commands. This is a good mode to have users in who need to see the configuration, but shouldn't be allowed to change it.
To get to the next level, type enable at the user exec prompt:
R1>enable
R1#
Notice that the prompt changed. This mode has two names, the official one being privileged exec mode. It's more commonly referred to as enable mode, since "enable" is what you type to get into this mode.
This mode gives you more options for show and other commands, but you still can't configure anything. To configure global commands, use "configure terminal", or "conf t", to enter global configuration mode.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
The prompt has changed again, and now global configuration commands such as hostname and no ip domain-lookup can be entered.
From here, you've got a lot of options, but we'll look at three you need to know for your CCNA exams. To apply configuration commands to an interface, enter interface configuration mode, as shown here:
R1(config)#interface serial0
R1(config-if)#
You must be in global config mode to get into interface config mode you cannot go from enable mode straight to interface configuration mode.
R1#interface serial0
^
% Invalid input detected at '^' marker.
Interface configuration mode allows you to apply an IP address to the interface, as well as many other commands related to frame relay, ISDN, and dynamic routing protocols.
For the CCNA, you need to know about two other configuration modes. To configure console commands (such as password protection), enter line configuration mode as shown here:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
The prompt "(config-line)" indicates that you're in line configuration mode. Your console line is not the only line you'll be configuring for the CCNA, though your vty lines are used for incoming telnet connections and must be configured in a similar fashion.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
Notice that you do not have to exit one interface mode to go to another one. Let's say that you've configured your vty lines and now want to put an IP address on your Ethernet interface. You don't have to go out with ctrl-z and then start again you can go straight to interface config mode from line config mode. Just make sure you see the prompt change!
R1(config-line)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#interface ethernet0
R1(config-if)#ip address 15.1.1.1 255.255.255.0
When you're preparing for CCNA exam success, there's a lot to absorb. Just take it one piece at a time, get some hands-on experience to go with your theory, and before you know it you're moving around in the different Cisco router configuration modes without giving it a second thought. Keep studying and your CCNA exam success is assured!
The first mode you'll see on a router (if the person before you logged off as they should have) is user exec mode. This is also the default mode a user is placed into when using Telnet to connect to a router. The prompt will look like this:
R1>
You can't write or add to a configuration in this mode, but you can run quite a few show commands. This is a good mode to have users in who need to see the configuration, but shouldn't be allowed to change it.
To get to the next level, type enable at the user exec prompt:
R1>enable
R1#
Notice that the prompt changed. This mode has two names, the official one being privileged exec mode. It's more commonly referred to as enable mode, since "enable" is what you type to get into this mode.
This mode gives you more options for show and other commands, but you still can't configure anything. To configure global commands, use "configure terminal", or "conf t", to enter global configuration mode.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
The prompt has changed again, and now global configuration commands such as hostname and no ip domain-lookup can be entered.
From here, you've got a lot of options, but we'll look at three you need to know for your CCNA exams. To apply configuration commands to an interface, enter interface configuration mode, as shown here:
R1(config)#interface serial0
R1(config-if)#
You must be in global config mode to get into interface config mode you cannot go from enable mode straight to interface configuration mode.
R1#interface serial0
^
% Invalid input detected at '^' marker.
Interface configuration mode allows you to apply an IP address to the interface, as well as many other commands related to frame relay, ISDN, and dynamic routing protocols.
For the CCNA, you need to know about two other configuration modes. To configure console commands (such as password protection), enter line configuration mode as shown here:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
The prompt "(config-line)" indicates that you're in line configuration mode. Your console line is not the only line you'll be configuring for the CCNA, though your vty lines are used for incoming telnet connections and must be configured in a similar fashion.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
Notice that you do not have to exit one interface mode to go to another one. Let's say that you've configured your vty lines and now want to put an IP address on your Ethernet interface. You don't have to go out with ctrl-z and then start again you can go straight to interface config mode from line config mode. Just make sure you see the prompt change!
R1(config-line)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#interface ethernet0
R1(config-if)#ip address 15.1.1.1 255.255.255.0
When you're preparing for CCNA exam success, there's a lot to absorb. Just take it one piece at a time, get some hands-on experience to go with your theory, and before you know it you're moving around in the different Cisco router configuration modes without giving it a second thought. Keep studying and your CCNA exam success is assured!
Passing The CCNA and CCNP Exams: Setup Mode
CCNA and CCNP candidates need to know all about Setup Mode, why a router goes into that mode, and as you'll see, how to get out of that mode. Practicing Setup Mode at work is a good way to get fired, though, so you need to practice this on your CCNA / CCNP home lab or rack rental. In this article, we'll take a look at a Cisco 2500 router going into setup mode and a few tips that will help you pass the exams and excel at your job.
First, why does a router go into Setup Mode in the first place? When a Cisco router boots up, the router looks into Non-Volatile RAM (NVRAM) for the startup configuration file. If such a file is not found, and the router has not been programmed to look to a TFTP server for this file, the router enters setup mode.
The most common reason for a router not to have a startup configuration file is that the file's been erased. We will now erase this file on our 2500 router. As you'll see, the Cisco router warns us about erasing NVRAM and makes us confirm this choice, which it acknowledges with the OK message.
R1#write erase
Erasing the nvram filesystem will remove all files! Continue? [confirm]
[OK]
Erase of nvram: complete
R1#
The router will now be reloaded. There is a slightly misleading message displayed during reboot:
R1#reload
Proceed with reload? [confirm]
00:15:21: %SYS-5-RELOAD: Reload requested
System Bootstrap, Version 11.0(10c)XB1, PLATFORM SPECIFIC RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1997 by cisco Systems
2500 processor with 14336 Kbytes of main memory
Notice: NVRAM invalid, possibly due to write erase.
That notice doesn't mean the NVRAM is corrupt or unusable; this message means the NVRAM doesn't have a startup configuration file.
The router will continue to boot and finally present you with this prompt:
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
Almost every WAN engineer I know answers "no" to this question, because Setup Mode is a long, clumsy way to set up a router (in my humble opinion). We will answer "yes" in order to see this mode in action.
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: y
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system
Would you like to enter basic management setup? [yes/no]: y
Configuring global parameters:
Enter host name [Router]: R1
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret:
% No defaulting allowed
Enter enable secret:
Already, there's something about Setup Mode that you might not like. This mode forces you to set an enable password and an enable secret password. As you continue in this mode, you'll see this mode ask you questions about every single interface on the router, even if you're not planning to use that interface. Using Setup Mode really does get quite old after a while, again in my opinion.
One of the most important things about Setup Mode is knowing how to get out of it without saving the configuration. One way is at the very end of this mode, where you can answer "no" to "Do you want to save this configuration?" I personally never make it that far! Instead of waiting until the end of Setup Mode, we can use the CTRL-C key combination to abort this mode and ignore the changes.
Configuration aborted, no changes made.
Press RETURN to get started!
Setup Mode is not a mode that CCNA and CCNP candidates get a great deal of practice with, but you will be tested on your knowledge about it both in the exam room and on the job. And once you start configuring a router with this mode, you'll be glad you know how to get out of it!
First, why does a router go into Setup Mode in the first place? When a Cisco router boots up, the router looks into Non-Volatile RAM (NVRAM) for the startup configuration file. If such a file is not found, and the router has not been programmed to look to a TFTP server for this file, the router enters setup mode.
The most common reason for a router not to have a startup configuration file is that the file's been erased. We will now erase this file on our 2500 router. As you'll see, the Cisco router warns us about erasing NVRAM and makes us confirm this choice, which it acknowledges with the OK message.
R1#write erase
Erasing the nvram filesystem will remove all files! Continue? [confirm]
[OK]
Erase of nvram: complete
R1#
The router will now be reloaded. There is a slightly misleading message displayed during reboot:
R1#reload
Proceed with reload? [confirm]
00:15:21: %SYS-5-RELOAD: Reload requested
System Bootstrap, Version 11.0(10c)XB1, PLATFORM SPECIFIC RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1997 by cisco Systems
2500 processor with 14336 Kbytes of main memory
Notice: NVRAM invalid, possibly due to write erase.
That notice doesn't mean the NVRAM is corrupt or unusable; this message means the NVRAM doesn't have a startup configuration file.
The router will continue to boot and finally present you with this prompt:
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
Almost every WAN engineer I know answers "no" to this question, because Setup Mode is a long, clumsy way to set up a router (in my humble opinion). We will answer "yes" in order to see this mode in action.
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: y
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system
Would you like to enter basic management setup? [yes/no]: y
Configuring global parameters:
Enter host name [Router]: R1
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret:
% No defaulting allowed
Enter enable secret:
Already, there's something about Setup Mode that you might not like. This mode forces you to set an enable password and an enable secret password. As you continue in this mode, you'll see this mode ask you questions about every single interface on the router, even if you're not planning to use that interface. Using Setup Mode really does get quite old after a while, again in my opinion.
One of the most important things about Setup Mode is knowing how to get out of it without saving the configuration. One way is at the very end of this mode, where you can answer "no" to "Do you want to save this configuration?" I personally never make it that far! Instead of waiting until the end of Setup Mode, we can use the CTRL-C key combination to abort this mode and ignore the changes.
Configuration aborted, no changes made.
Press RETURN to get started!
Setup Mode is not a mode that CCNA and CCNP candidates get a great deal of practice with, but you will be tested on your knowledge about it both in the exam room and on the job. And once you start configuring a router with this mode, you'll be glad you know how to get out of it!
Friday, December 26, 2008
Passing The CCNA and CCNP: Home Lab Shopping On Ebay
Whether you're just getting ideas for your Cisco home lab or adding to your existing lab, ebay is a great place to get ideas for your lab as well as pick up some great bargains.
Of course, the internet being what it is, there are always going to be a few people looking to take your money while shipping you inferior merchandise, or worse, no merchandise at all. While these "dealers" are in the minority, you still need to be careful when purchasing Cisco equipment on ebay. In this article, I'll give you several tips on browsing ebay ads for home lab ideas, and a few things to look out for when purchasing equipment on ebay.
For those of you just starting your Cisco certification pursuit, the idea of purchasing a home lab kit -- a set of routers, switches, and perhaps some cables and study guides -- seems like a good idea. Instead of putting your lab together one piece at a time, these kits allow you to get a head start on your studies.
One thing to watch out for in these kits is outdated equipment, or the inclusion of outdated study guides. Often, vendors will use these kits as a way to get rid of unwanted inventory.
The Cisco 1900 family of switches falls into this category. A recent search on ebay for "ccna lab" showed seven different CCNA lab kits that contained 1900 switches. The problem here is that the current CCNA exams do not test on the 1900 switches, which are menu-driven and do not have an IOS. You'll need to be well-versed with switches that do have an IOS, such as the 2950s.
The plus side here is that you will probably save money by using 1900 switches. If you're on a tight budget, having a 1900 switch is better than no switch at all. If at all possible, though, get a Cisco switch with an IOS.
The cables and transceivers included with these kits are generally exactly what you need to set up that particular kit, and this can be very helpful to those CCNA candidates who are new to the various cables needed to physically configure a home lab. Just make sure you're not buying a kit with 10 transceivers (used on AUI ports) when you've only got two routers with Ethernet ports.
Watch out for kits that include outdated study guides. I've seen four-year-old CCNA books included with some kits. If you already have your study guides, feel free to ask the vendor how much the kit costs without the books.
That leads me to the most important point. Get to know the vendor before buying anything. Visit their website and check their ebay feedback. If buying from an individual as opposed to a reseller, find out what conditions the router or switch has been kept in, and make sure to define the terms under which they will accept returns.
There's nothing wrong with buying equipment from someone who's selling their CCNA/CCNP/CCIE home lab, but just make sure you ask the right questions first. Professional resellers generally have their return policy right in their ebay ad; if they don't, ask for a copy.
Building your own CCNA and/or CCNP home lab is a little intimidating at first, but speaking as someone who has climbed the Cisco certification ladder from the CCNA to the CCIE, I can tell you that it is the best investment you can make in your career. Use a little caution, ask the right question, and soon you'll be leaving the world of "router simulators" behind - and you'll be developing your skills as a true professional should: On real Cisco routers and switches!
Of course, the internet being what it is, there are always going to be a few people looking to take your money while shipping you inferior merchandise, or worse, no merchandise at all. While these "dealers" are in the minority, you still need to be careful when purchasing Cisco equipment on ebay. In this article, I'll give you several tips on browsing ebay ads for home lab ideas, and a few things to look out for when purchasing equipment on ebay.
For those of you just starting your Cisco certification pursuit, the idea of purchasing a home lab kit -- a set of routers, switches, and perhaps some cables and study guides -- seems like a good idea. Instead of putting your lab together one piece at a time, these kits allow you to get a head start on your studies.
One thing to watch out for in these kits is outdated equipment, or the inclusion of outdated study guides. Often, vendors will use these kits as a way to get rid of unwanted inventory.
The Cisco 1900 family of switches falls into this category. A recent search on ebay for "ccna lab" showed seven different CCNA lab kits that contained 1900 switches. The problem here is that the current CCNA exams do not test on the 1900 switches, which are menu-driven and do not have an IOS. You'll need to be well-versed with switches that do have an IOS, such as the 2950s.
The plus side here is that you will probably save money by using 1900 switches. If you're on a tight budget, having a 1900 switch is better than no switch at all. If at all possible, though, get a Cisco switch with an IOS.
The cables and transceivers included with these kits are generally exactly what you need to set up that particular kit, and this can be very helpful to those CCNA candidates who are new to the various cables needed to physically configure a home lab. Just make sure you're not buying a kit with 10 transceivers (used on AUI ports) when you've only got two routers with Ethernet ports.
Watch out for kits that include outdated study guides. I've seen four-year-old CCNA books included with some kits. If you already have your study guides, feel free to ask the vendor how much the kit costs without the books.
That leads me to the most important point. Get to know the vendor before buying anything. Visit their website and check their ebay feedback. If buying from an individual as opposed to a reseller, find out what conditions the router or switch has been kept in, and make sure to define the terms under which they will accept returns.
There's nothing wrong with buying equipment from someone who's selling their CCNA/CCNP/CCIE home lab, but just make sure you ask the right questions first. Professional resellers generally have their return policy right in their ebay ad; if they don't, ask for a copy.
Building your own CCNA and/or CCNP home lab is a little intimidating at first, but speaking as someone who has climbed the Cisco certification ladder from the CCNA to the CCIE, I can tell you that it is the best investment you can make in your career. Use a little caution, ask the right question, and soon you'll be leaving the world of "router simulators" behind - and you'll be developing your skills as a true professional should: On real Cisco routers and switches!
More Questions To Ask A Computer Training School Before Paying
The decision to attend a computer training school is one of the most important you'll ever make, and even more important is which one to attend. Asking the right questions can give you an idea of whether a given IT school is a good investment. An earlier article I wrote on this subject was so popular that I thought I'd offer some more advice on the questions to ask before you write that check or take out that loan.
If the school offers a placement service, ask to talk to the people working in that department and ask them how they go about placing graduates. Most schools offer a list of companies that they've placed students with. Get this list and start calling some of these companies. Ask to speak to their HR department, and ask them for their opinion of the school. Even if they don't say a lot, their tone of voice can speak volumes.
Ask to meet some of their teachers, and don't be afraid to ask them how long they've taught at that particular school. If the average teacher has been there a while, that's a good sign. If there seems to be quite a bit of turnover at the school, that's not as good a sign.
Another key area is the availability of the computer labs during class and after the class is over. Speaking from experience, I can tell you that getting hands-on experience with the various software and hardware you'll be working with in the field is the #1 way to get ahead - just reading books won't do it. If you're taking a router class, does the school have real routers for you to work on? If you're taking a PC repair class, are there plenty of PCs for everyone in your class to work on, or do you have to share?
You want classes that offer hands-on experience during class, and you should be able to get into the computer labs after class. You may not be able to use the labs at night if the school offers night classes, but again I speak from experience - the time you spend in the computer labs after class is just as valuable as the time you spend in class. Make sure the labs will be available after class - and then get in there and work!
If the school offers a placement service, ask to talk to the people working in that department and ask them how they go about placing graduates. Most schools offer a list of companies that they've placed students with. Get this list and start calling some of these companies. Ask to speak to their HR department, and ask them for their opinion of the school. Even if they don't say a lot, their tone of voice can speak volumes.
Ask to meet some of their teachers, and don't be afraid to ask them how long they've taught at that particular school. If the average teacher has been there a while, that's a good sign. If there seems to be quite a bit of turnover at the school, that's not as good a sign.
Another key area is the availability of the computer labs during class and after the class is over. Speaking from experience, I can tell you that getting hands-on experience with the various software and hardware you'll be working with in the field is the #1 way to get ahead - just reading books won't do it. If you're taking a router class, does the school have real routers for you to work on? If you're taking a PC repair class, are there plenty of PCs for everyone in your class to work on, or do you have to share?
You want classes that offer hands-on experience during class, and you should be able to get into the computer labs after class. You may not be able to use the labs at night if the school offers night classes, but again I speak from experience - the time you spend in the computer labs after class is just as valuable as the time you spend in class. Make sure the labs will be available after class - and then get in there and work!
How To Succeed At A Computer Training School
One of the best decisions you can ever make is to attend a computer training school. As I've written in several other articles, you have to ask the right questions before writing a check or taking out a student loan, but when you find the right school you are indeed on your way to a successful career.
There's a big difference between attending a tech school and excelling at the classes, though. Whether you just "float through" the school or really work hard is totally up to you. From my personal experience at such a school, I'd like to offer you one simple tip that will quadruple your chances of success at the school and in the job market.
Get there early and stay late.
When I attended a tech school years ago, I admit I was surprised that most of my classmates had what I call the "junior high school" mentality - they would get there late and leave as soon as class is over. Guess what? You're no longer in junior high. You're attending this school to create a career for yourself. Get to class early, get some extra study and work in while you're waiting for class to start, and then stay after class!
The most important part of your computer school studies is getting hands-on experience with the technologies that you're learning. If you're taking a Cisco class, you need to work with a router or switch as often as you can. If you're learning a software program, you need to work with that program in the school's labs as much as possible. Reading books alone will not teach you everything you need to know. The best time to get extra work in is after class. You may not be able to work in the computer labs at night if the school offers night classes, but odds are there are very few people in there during the afternoon. You need to be one of those people.
Doing only what is required of you is not the path to excellence. You need to go beyond the requirements of the school and invest the extra time and effort into your career. I speak from experience - there is no field in the world that rewards individual effort more than the IT field. Develop the habit of going "above and beyond" today, and this will pay huge dividends for you in the future.
There's a big difference between attending a tech school and excelling at the classes, though. Whether you just "float through" the school or really work hard is totally up to you. From my personal experience at such a school, I'd like to offer you one simple tip that will quadruple your chances of success at the school and in the job market.
Get there early and stay late.
When I attended a tech school years ago, I admit I was surprised that most of my classmates had what I call the "junior high school" mentality - they would get there late and leave as soon as class is over. Guess what? You're no longer in junior high. You're attending this school to create a career for yourself. Get to class early, get some extra study and work in while you're waiting for class to start, and then stay after class!
The most important part of your computer school studies is getting hands-on experience with the technologies that you're learning. If you're taking a Cisco class, you need to work with a router or switch as often as you can. If you're learning a software program, you need to work with that program in the school's labs as much as possible. Reading books alone will not teach you everything you need to know. The best time to get extra work in is after class. You may not be able to work in the computer labs at night if the school offers night classes, but odds are there are very few people in there during the afternoon. You need to be one of those people.
Doing only what is required of you is not the path to excellence. You need to go beyond the requirements of the school and invest the extra time and effort into your career. I speak from experience - there is no field in the world that rewards individual effort more than the IT field. Develop the habit of going "above and beyond" today, and this will pay huge dividends for you in the future.
How To Earn Cisco’s Firewall Specialist Certification
Security is a hot topic in today's networks, and will continue to be for a long time to come. With that in mind, you must consider adding a Cisco security certification to your resume and firewall skills to your skill set.
It's quite a jump from the CCNA to the CCSP (Cisco Certified Security Professional), and Cisco has made that leap more manageable by adding Specialist certifications. These certifications can give quite a boost to both your resume and your skill set, and act as a great "stepping stone" to the CCSP.
At present, Cisco offers four VPN/Security certifications, those being Cisco Firewall Specialist, Cisco IPS Specialist, Cisco VPN Specialist, and Cisco VPN/Security Sales Specialist. Since every WAN engineer has contact with Cisco firewalls on a regular basis, we'll take a closer look at this popular certification first. (And those who want to be WAN engineers had better learn something about firewalls, too!)
At the writing of this article (October 21, 2005), Cisco is offering an option for each of the two exams you'll need to pass to earn this certification. For the first exam, you can take either the 642-551 SND (Securing Cisco Network Devices) or 642-501 SECUR (Securing Cisco IOS Networks). The final day to register for the SECUR exam is December 19, 2005.
For either, you'll need to be able to answer questions regarding the proper use of Cisco security devices; how to configure security on a Cisco switch and on a router, including syslog logging, AAA, ACLs, and security for router services and interfaces.
The choices for the second exam are the 642-522 SNPA (Securing Network with PIX and ASA) and 642-521 CSPFA. Topics for these exams include , IPSec, NAT, firewalls, AAA, and policy mapping. (As always, you should check for the latest exam blueprints at Cisco's website. Click "Learning And Events" on the main page, www.cisco.com).
The only prerequisite for this certification is that you must hold a valid CCNA certification.
As always, getting some hands-on experience is the best way to prepare for your Cisco exams. (Your employer is going to get a little upset if you practice your configs on his or her PIX. It would be a good idea to have a good lawyer, too.) There are online rack rental services that include Cisco security devices in their pods.
Cisco certifications are a great way to help protect your career as well as your network. The more you know, and the more varied your skills, the more valuable you are to your present and future employers. Use your CCNA as a foundation, and keep building on your skills!
It's quite a jump from the CCNA to the CCSP (Cisco Certified Security Professional), and Cisco has made that leap more manageable by adding Specialist certifications. These certifications can give quite a boost to both your resume and your skill set, and act as a great "stepping stone" to the CCSP.
At present, Cisco offers four VPN/Security certifications, those being Cisco Firewall Specialist, Cisco IPS Specialist, Cisco VPN Specialist, and Cisco VPN/Security Sales Specialist. Since every WAN engineer has contact with Cisco firewalls on a regular basis, we'll take a closer look at this popular certification first. (And those who want to be WAN engineers had better learn something about firewalls, too!)
At the writing of this article (October 21, 2005), Cisco is offering an option for each of the two exams you'll need to pass to earn this certification. For the first exam, you can take either the 642-551 SND (Securing Cisco Network Devices) or 642-501 SECUR (Securing Cisco IOS Networks). The final day to register for the SECUR exam is December 19, 2005.
For either, you'll need to be able to answer questions regarding the proper use of Cisco security devices; how to configure security on a Cisco switch and on a router, including syslog logging, AAA, ACLs, and security for router services and interfaces.
The choices for the second exam are the 642-522 SNPA (Securing Network with PIX and ASA) and 642-521 CSPFA. Topics for these exams include , IPSec, NAT, firewalls, AAA, and policy mapping. (As always, you should check for the latest exam blueprints at Cisco's website. Click "Learning And Events" on the main page, www.cisco.com).
The only prerequisite for this certification is that you must hold a valid CCNA certification.
As always, getting some hands-on experience is the best way to prepare for your Cisco exams. (Your employer is going to get a little upset if you practice your configs on his or her PIX. It would be a good idea to have a good lawyer, too.) There are online rack rental services that include Cisco security devices in their pods.
Cisco certifications are a great way to help protect your career as well as your network. The more you know, and the more varied your skills, the more valuable you are to your present and future employers. Use your CCNA as a foundation, and keep building on your skills!
How To Become a Cisco CCNP
Congratulations on your decision to earn your CCNP certification! As a CCIE, I can tell you that Cisco certifications are both financially and personally rewarding.
To earn your CCNP, you first have to earn your CCNA certification. Then you're faced with a decision - take the three-exam CCNP path, or the four-exam path? They're both quite demanding, so let's take a look at each path.
The four-exam CCNP path includes the Building Scalable Cisco Internetworks exam (BSCI), Building Cisco Multilayer Switched Networks exam (BCMSN), Building Cisco Remote Access Networks (BCRAN), and Cisco Internetwork Troubleshooting (CIT) exam.
The three-exam path combines the BSCI and BCMSN exams into a single exam, called the Composite exam.
I'm often asked what order I recommend taking the exams in. After earning your CCNA, I recommend you begin studying for the BSCI exam immediately. You will find the fundamentals you learned in your CCNA studies will help you a great deal with this exam. You're going to add to your CCNA knowledgebase quite a bit when it comes to OSPF and EIGRP, as well as being introduced to BGP.
I don't have a preference between the BCMSN and BCRAN exams, but I do recommend you take the CIT exam last. You'll be using all the skills you learned in the first three exams to pass the CIT. It's a very demanding exam, and it's a little hard to troubleshoot technologies that you haven't learned yet!
The CCNP is both financially and personally fulfilling. Once you complete your CCNA studies, take a little breather and then get started on your CCNP studies. The more you know, the more valuable you are in today's ever-changing IT job market.
To earn your CCNP, you first have to earn your CCNA certification. Then you're faced with a decision - take the three-exam CCNP path, or the four-exam path? They're both quite demanding, so let's take a look at each path.
The four-exam CCNP path includes the Building Scalable Cisco Internetworks exam (BSCI), Building Cisco Multilayer Switched Networks exam (BCMSN), Building Cisco Remote Access Networks (BCRAN), and Cisco Internetwork Troubleshooting (CIT) exam.
The three-exam path combines the BSCI and BCMSN exams into a single exam, called the Composite exam.
I'm often asked what order I recommend taking the exams in. After earning your CCNA, I recommend you begin studying for the BSCI exam immediately. You will find the fundamentals you learned in your CCNA studies will help you a great deal with this exam. You're going to add to your CCNA knowledgebase quite a bit when it comes to OSPF and EIGRP, as well as being introduced to BGP.
I don't have a preference between the BCMSN and BCRAN exams, but I do recommend you take the CIT exam last. You'll be using all the skills you learned in the first three exams to pass the CIT. It's a very demanding exam, and it's a little hard to troubleshoot technologies that you haven't learned yet!
The CCNP is both financially and personally fulfilling. Once you complete your CCNA studies, take a little breather and then get started on your CCNP studies. The more you know, the more valuable you are in today's ever-changing IT job market.
Four Important Commands For Your CCNA / CCNP Home Lab
More CCNA and CCNP candidates than ever before are putting together their own home practice labs. It's more affordable than it ever has been, and I receive emails daily from new CCNAs and CCNPs who say it's the best thing they could have done to improve their studies.
There are some commands you can configure on your lab routers that won't necessarily be on your CCNA or CCNP exams, but they will make life a lot easier for you. Let's take a look at just a few of these.
The command "no exec" is short, yet powerful. Occasionally you'll have what is referred to as a "rogue EXEC" process tie up a line, and you end up having to continually clear lines, which disrupts your practice. If you have an access server, I highly recommend you configure this command on your lines, as shown here:
ACCESS_SERVER(con)#line 1 8
ACCESS_SERVER(con)#no exec
From your CCNA studies, you know that the command "no ip domain-lookup" prevents a Cisco router from sending a broadcast to find a DNS server anytime you enter something that is not an IOS command - and that includes mistyped commands, which happens to all of us sooner or later. Make sure to run that command in global configuration mode on all your practice routers.
There are two commands I like to configure on the console line on all my practice routers and switches. The first is "exec-timeout 0 0", which prevents you from being kicked out of enable mode and back into user exec after a few minutes of inactivity. (This doesn't sound like much, but you'll get pretty tired of typing "enable" after a while.) The first zero refers to minutes, the second zero to seconds. Setting them both to zero disables the exec-timeout function.
The second command prevents the router from interrupting the command you're typing with a console message. If you've ever been in the middle of typing a router command and suddenly you're interrupted with a logging message, you know that can be pretty annoying. We don't want the router to not display the message, but we do want the router to wait until we're done entering data. The command to perform this is "logging synchronous".
R1(config)#line console 0
R1(config-line)#exec-timeout 0 0
R1(config-line)#logging synchronous
You won't see many of these commands on your exams, but after you configure them on your home lab devices, you'll wonder how you did without them!
There are some commands you can configure on your lab routers that won't necessarily be on your CCNA or CCNP exams, but they will make life a lot easier for you. Let's take a look at just a few of these.
The command "no exec" is short, yet powerful. Occasionally you'll have what is referred to as a "rogue EXEC" process tie up a line, and you end up having to continually clear lines, which disrupts your practice. If you have an access server, I highly recommend you configure this command on your lines, as shown here:
ACCESS_SERVER(con)#line 1 8
ACCESS_SERVER(con)#no exec
From your CCNA studies, you know that the command "no ip domain-lookup" prevents a Cisco router from sending a broadcast to find a DNS server anytime you enter something that is not an IOS command - and that includes mistyped commands, which happens to all of us sooner or later. Make sure to run that command in global configuration mode on all your practice routers.
There are two commands I like to configure on the console line on all my practice routers and switches. The first is "exec-timeout 0 0", which prevents you from being kicked out of enable mode and back into user exec after a few minutes of inactivity. (This doesn't sound like much, but you'll get pretty tired of typing "enable" after a while.) The first zero refers to minutes, the second zero to seconds. Setting them both to zero disables the exec-timeout function.
The second command prevents the router from interrupting the command you're typing with a console message. If you've ever been in the middle of typing a router command and suddenly you're interrupted with a logging message, you know that can be pretty annoying. We don't want the router to not display the message, but we do want the router to wait until we're done entering data. The command to perform this is "logging synchronous".
R1(config)#line console 0
R1(config-line)#exec-timeout 0 0
R1(config-line)#logging synchronous
You won't see many of these commands on your exams, but after you configure them on your home lab devices, you'll wonder how you did without them!
Computer Training School Tutorial: Know Your Instructor
Making the decision to attend a computer tech school can be one of the best decisions of your life. Another great decision is to tap a hidden wealth of knowledge that is right before every student at schools such as ECPI and ITT, but very few students take advantage of it.
When you're attending a computer training school, you must avoid the mentality that some other students will have - "I gotta go to school, I gotta be here, I can't wait to leave and go home". When you're preparing for a career working with computers, you've got to take advantage of every learning experience you can get, and that includes getting to know the most valuable resource at your school - your teachers!
Your teachers have busy schedules, but it was my experience that every single time I asked for help or had questions outside of class, my teachers went the extra mile to help me. I’m sure yours will do the same for you, but you have to let them know you want that help!
At your tech school, you must develop the skills and work ethic that you will use to succeed in the IT field. By staying after class, working overtime in the computer labs, and getting to know your instructors, you'll be astonished at the additional knowledge you can pick up. Almost any good teacher is going to have real-world experience, and you need to draw on that knowledge. Having lunch with an instructor is another great idea, as it allows you to get to know them away from the classroom.
Part of success in any field is making contacts for the future. You may not be in the IT field yet, but you should already be getting to know people with IT experience - and who better than your teachers? Besides, they hear about job openings all the time from friends, and the more you stand out from the crowd, the more likely you are to be remembered for such opportunities!
When you're attending a computer training school, you must avoid the mentality that some other students will have - "I gotta go to school, I gotta be here, I can't wait to leave and go home". When you're preparing for a career working with computers, you've got to take advantage of every learning experience you can get, and that includes getting to know the most valuable resource at your school - your teachers!
Your teachers have busy schedules, but it was my experience that every single time I asked for help or had questions outside of class, my teachers went the extra mile to help me. I’m sure yours will do the same for you, but you have to let them know you want that help!
At your tech school, you must develop the skills and work ethic that you will use to succeed in the IT field. By staying after class, working overtime in the computer labs, and getting to know your instructors, you'll be astonished at the additional knowledge you can pick up. Almost any good teacher is going to have real-world experience, and you need to draw on that knowledge. Having lunch with an instructor is another great idea, as it allows you to get to know them away from the classroom.
Part of success in any field is making contacts for the future. You may not be in the IT field yet, but you should already be getting to know people with IT experience - and who better than your teachers? Besides, they hear about job openings all the time from friends, and the more you stand out from the crowd, the more likely you are to be remembered for such opportunities!
Computer Certification: Become A Utility Player
In baseball, a "utility player" is one who plays more than one position. These players are usually backups, but they have a job in the major leagues because of their value to the team; since they can play more than one position, they have that much more value to their employer.
Too often in IT, workers become either LAN or WAN engineers, knowing little if anything about the other side. Many LAN administrators I worked with knew little about routing and switching, while many WAN engineers I knew not only didn't know much about the LAN side of their network, but they didn't want to know anything about the servers!
In today's IT world, it's a bad idea to specialize in only one thing and not know how to do anything else. Not only does it limit your future career prospects, but it limits your current prospects as well. Employers don't want to hire someone and have them get up to speed on the job - they want someone who can walk right in and do the job. The more you know, the better your chance of getting a better job - or quickly being able to get another job if you were laid off tomorrow.
A term often heard on Wall Street is "diversification", meaning that investors should not invest heavily or totally in only one stock; if that stock plummets, they're in big trouble. Your career is the most important stock you will ever own, and you're 100% in charge of it. Diversify. If you're working primarily with servers, learn some routing and switching. If you know the routing protocols your company uses on its WAN, learn something about that protocol. (If you don't know the protocol, ask!)
While you’re adding these skills, get certified while you’re at it! Adding a CCNA, MCSE, or other computer certification looks great on your resume while signaling to employers that you’re constantly adding to your skills.
Adding more skills and knowledge to your IT skill set is always a good idea. Don't limit yourself to the technologies you work with every day. Make an investment in yourself and become a well-rounded network engineer. This will help you keep the job you have - and open doors in the future that might otherwise have remained closed.
Too often in IT, workers become either LAN or WAN engineers, knowing little if anything about the other side. Many LAN administrators I worked with knew little about routing and switching, while many WAN engineers I knew not only didn't know much about the LAN side of their network, but they didn't want to know anything about the servers!
In today's IT world, it's a bad idea to specialize in only one thing and not know how to do anything else. Not only does it limit your future career prospects, but it limits your current prospects as well. Employers don't want to hire someone and have them get up to speed on the job - they want someone who can walk right in and do the job. The more you know, the better your chance of getting a better job - or quickly being able to get another job if you were laid off tomorrow.
A term often heard on Wall Street is "diversification", meaning that investors should not invest heavily or totally in only one stock; if that stock plummets, they're in big trouble. Your career is the most important stock you will ever own, and you're 100% in charge of it. Diversify. If you're working primarily with servers, learn some routing and switching. If you know the routing protocols your company uses on its WAN, learn something about that protocol. (If you don't know the protocol, ask!)
While you’re adding these skills, get certified while you’re at it! Adding a CCNA, MCSE, or other computer certification looks great on your resume while signaling to employers that you’re constantly adding to your skills.
Adding more skills and knowledge to your IT skill set is always a good idea. Don't limit yourself to the technologies you work with every day. Make an investment in yourself and become a well-rounded network engineer. This will help you keep the job you have - and open doors in the future that might otherwise have remained closed.
Cisco Home Lab Tutorial: Buying And Building A Frame Relay Switch
One of the major topics on your CCNA and CCNP exams is Frame Relay. Additionally, Frame Relay is one of the most popular WAN technolgies in today's networks. Getting hands-on experience with Frame Relay in Cisco networks isn't just a good idea, it's a necessity. Let's face it, your employer is going to get a little touchy if you start experimenting with your network's Frame Relay setup.
To practice all your important Frame Relay commands for your exams, you need a working Frame Relay cloud in your home lab. A production network's Frame cloud consists of a lot of Frame switches, but if you choose wisely, a single Cisco router can act as your home lab's entire Frame cloud!
Before we look at the configuration of such a router (hereafter referred to as a "frame relay switch"), let's look at the physical requirements.
The more serial ports you have, the better. You should get a router with at least four serial ports. For frame switching purposes, it doesn't matter if the ports are synchronous or asynchronous - you just need the ports.
You will also need some DTE/DCE cables. The DCE end of the cables will be connected to the frame switch.
A great configuration for a CCNA practice lab is three routers that serve as "production" routers, and a 4th router as a frame relay switch. (You'll want an access server as well, but that's another article.)
What I use in my student and customer pods is a setup where R1 is connected to the frame switch's S1 port, R2 is connected to S2 on the frame switch, and R3 is connected to the frame switch's S3 port.
Now comes the tricky part - the configuration. A frame relay switch's config can be hard to find, so here's a copy of mine. Pay particular attention to the config on ports s1, s2, and s3.
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname FRAME_SWITCH
!
!
ip subnet-zero
no ip domain-lookup
frame-relay switching
!
!
!
interface Ethernet0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0
ip address 10.1.1.2 255.255.255.0
clockrate 56000
!
interface Serial1
no ip address
no ip directed-broadcast
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
clockrate 56000
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 122 interface Serial2 221
frame-relay route 123 interface Serial3 321
!
interface Serial2
no ip address
no ip directed-broadcast
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
clockrate 56000
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 221 interface Serial1 122
!
interface Serial3
no ip address
no ip directed-broadcast
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
clockrate 56000
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 321 interface Serial1 123
!
interface BRI0
ip address 150.1.1.1 255.255.255.252
no ip directed-broadcast
encapsulation ppp
dialer map ip 150.1.1.2 name R2 broadcast 2335552221
dialer-group 1
!
ip classless
!
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
line aux 0
line vty 0 4
login
!
end
The key command in the global configuration is frame-relay switching. You must have this configured before you can configure the interfaces.
The interfaces will be configured with the frame route command. Let's take a look at what each value means in the command frame-relay route 122 interface Serial2 221.
frame-relay route - the command
122 - the incoming DLCI on this interface
interface serial2 - the interface the data will be sent out
221 - the outgoing DLCI
This command on S1 means that anything that comes in on this port on DLCI 122 will be sent out interface serial2 on DLCI 221.
It's a good idea to hard-code the interfaces to act as DCEs with the frame intf-type dce command. Since these interfaces are acting as DCEs, the clockrate command is needed for the line protocol to come up.
Once you've configured your frame switch as shown and have configured the frame map statements on the "production" routers, you can test the frame switch configuration. On the frame switch, run the command show frame route .
FRAME_SWITCH#show frame route
Input Intf Input Dlci Output Intf Output Dlci Status
Serial1 122 Serial2 221 active
Serial1 123 Serial3 321 active
Serial2 221 Serial1 122 active
Serial3 321 Serial1 123 active
You should see "active" for all the interfaces. If you see "deleted", make sure your frame switch interfaces are open if they are, check the router configs.
Keep in mind that you can still configure routing protocols to run on ports that you're not using for frame switching. The router we used here had an ethernet port and BRI port, and the BRI port has been configured as part of the production network. Running frame switching does not disable IP routing.
Purchasing and configuring your own frame relay switch is an invaluable part of your Cisco education. By practicing your frame commands and configuring frame connections over your own frame relay cloud, you're polishing your Cisco skills and gaining knowledge that cannot be duplicated by simulator programs.
To your success,
Chris Bryant
CCIE #12933
To practice all your important Frame Relay commands for your exams, you need a working Frame Relay cloud in your home lab. A production network's Frame cloud consists of a lot of Frame switches, but if you choose wisely, a single Cisco router can act as your home lab's entire Frame cloud!
Before we look at the configuration of such a router (hereafter referred to as a "frame relay switch"), let's look at the physical requirements.
The more serial ports you have, the better. You should get a router with at least four serial ports. For frame switching purposes, it doesn't matter if the ports are synchronous or asynchronous - you just need the ports.
You will also need some DTE/DCE cables. The DCE end of the cables will be connected to the frame switch.
A great configuration for a CCNA practice lab is three routers that serve as "production" routers, and a 4th router as a frame relay switch. (You'll want an access server as well, but that's another article.)
What I use in my student and customer pods is a setup where R1 is connected to the frame switch's S1 port, R2 is connected to S2 on the frame switch, and R3 is connected to the frame switch's S3 port.
Now comes the tricky part - the configuration. A frame relay switch's config can be hard to find, so here's a copy of mine. Pay particular attention to the config on ports s1, s2, and s3.
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname FRAME_SWITCH
!
!
ip subnet-zero
no ip domain-lookup
frame-relay switching
!
!
!
interface Ethernet0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0
ip address 10.1.1.2 255.255.255.0
clockrate 56000
!
interface Serial1
no ip address
no ip directed-broadcast
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
clockrate 56000
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 122 interface Serial2 221
frame-relay route 123 interface Serial3 321
!
interface Serial2
no ip address
no ip directed-broadcast
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
clockrate 56000
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 221 interface Serial1 122
!
interface Serial3
no ip address
no ip directed-broadcast
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
clockrate 56000
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 321 interface Serial1 123
!
interface BRI0
ip address 150.1.1.1 255.255.255.252
no ip directed-broadcast
encapsulation ppp
dialer map ip 150.1.1.2 name R2 broadcast 2335552221
dialer-group 1
!
ip classless
!
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
line aux 0
line vty 0 4
login
!
end
The key command in the global configuration is frame-relay switching. You must have this configured before you can configure the interfaces.
The interfaces will be configured with the frame route command. Let's take a look at what each value means in the command frame-relay route 122 interface Serial2 221.
frame-relay route - the command
122 - the incoming DLCI on this interface
interface serial2 - the interface the data will be sent out
221 - the outgoing DLCI
This command on S1 means that anything that comes in on this port on DLCI 122 will be sent out interface serial2 on DLCI 221.
It's a good idea to hard-code the interfaces to act as DCEs with the frame intf-type dce command. Since these interfaces are acting as DCEs, the clockrate command is needed for the line protocol to come up.
Once you've configured your frame switch as shown and have configured the frame map statements on the "production" routers, you can test the frame switch configuration. On the frame switch, run the command show frame route .
FRAME_SWITCH#show frame route
Input Intf Input Dlci Output Intf Output Dlci Status
Serial1 122 Serial2 221 active
Serial1 123 Serial3 321 active
Serial2 221 Serial1 122 active
Serial3 321 Serial1 123 active
You should see "active" for all the interfaces. If you see "deleted", make sure your frame switch interfaces are open if they are, check the router configs.
Keep in mind that you can still configure routing protocols to run on ports that you're not using for frame switching. The router we used here had an ethernet port and BRI port, and the BRI port has been configured as part of the production network. Running frame switching does not disable IP routing.
Purchasing and configuring your own frame relay switch is an invaluable part of your Cisco education. By practicing your frame commands and configuring frame connections over your own frame relay cloud, you're polishing your Cisco skills and gaining knowledge that cannot be duplicated by simulator programs.
To your success,
Chris Bryant
CCIE #12933
Cisco Certification: The "Secret" Key To Getting Your CCNA And CCNP
Whether you're working on your CCNA or CCNP, Cisco certification exams are the most demanding computer certification exams in the IT field. Cisco exams are not a test of memorization, they're a test of your analytical skills. You'll need to look at configurations and console output and analyze them to identify problems and answer detailed questions. To pass these demanding exams, you've got to truly understand how Cisco routers and switches operate - and the key to doing so is right in front of you.
The debug command.
Of course, there is no single "debug" command. Using IOS Help, you can quickly see that there are hundreds of these debugs, and I want to mention immediately that you should never practice these commands on a production router. This is one major reason you need to get some hands-on experience with Cisco products in a home lab or rack rental. No software program or "simulator" is going to give you the debug practice you need.
Now, why am I so insistent that you use debugs? Because that's how you actually see what's going on. It's not enough to type a frame relay LMI command, you have to be able to see the LMIs being exchanged with "debug frame lmi". You don't want to just type a few network numbers in after enabling RIP, you want to see the routes being advertised along with their metrics with "debug ip rip". The list goes on and on.
By using debugs as part of your CCNA and CCNP studies, you're going beyond just memorizing commands and thinking you understand everything that's happening when you enter a command or two. You move to a higher level of understanding how routers, switches, and protocols work -- and that is the true goal of earning your CCNA and CCNP.
The debug command.
Of course, there is no single "debug" command. Using IOS Help, you can quickly see that there are hundreds of these debugs, and I want to mention immediately that you should never practice these commands on a production router. This is one major reason you need to get some hands-on experience with Cisco products in a home lab or rack rental. No software program or "simulator" is going to give you the debug practice you need.
Now, why am I so insistent that you use debugs? Because that's how you actually see what's going on. It's not enough to type a frame relay LMI command, you have to be able to see the LMIs being exchanged with "debug frame lmi". You don't want to just type a few network numbers in after enabling RIP, you want to see the routes being advertised along with their metrics with "debug ip rip". The list goes on and on.
By using debugs as part of your CCNA and CCNP studies, you're going beyond just memorizing commands and thinking you understand everything that's happening when you enter a command or two. You move to a higher level of understanding how routers, switches, and protocols work -- and that is the true goal of earning your CCNA and CCNP.
Subscribe to:
Posts (Atom)
