October, 2007

What’s the best certification training?

I’ll admit, right off, the point of this post is to get some discussion going. That said, slide the keyboard over–>

And prepare to comment on this one!

(and I hope you aren’t still using a VIC-20, like that one)

Continued »

Imagestream - Linux Router taking on the Giant

I am attending the Interop Tradeshow (formerly Network World) in New York City this week. This give me a great opportunity to see some amazing products, speak with the vendors, and meet other networker.

One of the many interesting products I ran across is the Imagestream Linux router and the thought of them taking on “the giant” - Cisco Systems.

Imagestream has taken Linux and created a lot of their own code to go around it. They take that then commericial product and put it on hardware. Imagestream then markets and sells these full hardware routers.

One thing that impressed me was that Imagestream sells these hardware routers all the way from their small box (called the Envoy) running at about $500, on up to their huge enterprise box (costing, obviously much much more). Still, their $500 smallest box is a great small branch office router. It it tiny (about 4lbs) but it still offers QoS, RIP, OSPF, BGP, firewall, SNMP, and more. It comes with 3 Ethernet ports and you can add a 1 or 2 port T1/E1 module. This would allow you to have a full router, with enterprise grade software features, for under $1000. This is probably a third of the cost of a comparable Cisco.

Here are a couple of links to product reviews for Imagestream’s router line:

Network Computing - ImageStreams’ TransPort Linux Router - Small and Light and Routed Just Right

Linux Journal - Product of the Day - Imagestream’s Rebel Router

Take a look at the feature of of even their lowest end router:

Software

ImageStream Linux™
High-performance Linux kernel
Scalable Inetics™ platform
Menu-driven configuration
CALEA intercept support
On-line & off-line upgrades
Local and remote logging
Real-time monitoring
Quality of Service (QoS)
Bandwidth limiting
Packet filtering
Peer-to-peer traffic control
Port forwarding
System scheduler
PPP, Cisco HDLC and frame relay
CEF-compatible bonder
MLPPP and MLFR and IMA
PPPoE and PPPoA
RIP & OSPF
SNMP or NetFlow® accounting
NAT firewall (1:1 & 1:many)
NTP clock synchronization
Concurrent bridging & routing
Secure telnet (ssh) v.2
L2TP, GRE, IPIP & CIPE tunneling
Remote RADIUS
TACACS+
DHCP client & server
VLAN tagging
IPSec & SSL VPN
VRRP
IPv6

Not that I am trying to sway everyone away from Cisco by talking first about Vyatta then about Imagestream, but I just find it fascinating that there are such great Linux-based options out there for routers today!

I think that Imagestream’s products deserve a second look. I am going to do that and I hope that you will too.

All the best to you,
David Davis, CCIE, VCP, CISSP

Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series

Saying goodbye to your Cisco Equipment with a Dear John letter

I have been interested in Vyatta’s open source router solution for a while (pronounced vee-AH-tah.). In fact, I have written at least one article about it and have tested it myself. It is an amazing solution - a free open source router that has an “IOS-like” interface and performs just about all the same functions as a Cisco router - but runs on your PC or in a virtual machine.

As a promo, Vyatta is asking its users to post “Dear John” letters on their website so that you can “say goodbye” to your Cisco routers and move over to open-source. So far, they have gotten a good response and many of the letters are entertaining and creative. I encourage you to checkout Vyatta’s “Dear John letter” blog. If you are a vyatta follower, I suggest you be creative and post your own letter.

Even if you, me, and all the other posters, don’t completely move away from Cisco routers, I hope that Cisco will get a message from some of these letters and use them to improve their organization. I do believe there are a lot of good tips for Cisco in these letters.

If nothing else, checkout this whitepaper on why Vyatta is better than Cisco (according to Vyatta, of course).

All the best to you,
David Davis, CCIE, VCP, CISSP

Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series

What is a Cisco console cable?

Say that you take a new Cisco router, switch, or firewall out of the box and hook it up. Does it work? No. It isn’t like a Linksys or Netgear router. It has no DHCP or anything like that. It has to be configured first.

How do you configure it? You have to connect to the console port, like this console port on a Cisco 1800 series router:

But what to connect to it? No, don’t use an Ethernet cable - it won’t work. This is a SERIAL port that needs to go to the serial/COM port on your PC or laptop (if you still have one). What what you need is a ROLLED cable. Here is what it looks like:

Cisco also has a good picture of one, below….

However, how are you going to get that rolled cable connected to your PC? Don’t plug it into the Ethernet port! Remember, it is a Serial Cable. You need to connect it to the 9 PIN serial port on your PC (hopefully you have one but I will tell you what to do if you don’t in a minute. To connect it, you need to convert the RJ45 end to Serial with an adaptor, like this:

Many times, these came with routers or were sold in a package alone with the rolled cable, like this:

Today, the DB9 to RJ45 converter is coming molded to the console cable, like this:

Once you have the router, switch, or firewall physicall connected with the right cable & adaptor, you need to use your terminal emulator to communicate with the console port. For more information on that topic, I recommend this article on how to use Hyperterminal to connect to your Cisco router.

All the best to you,
David Davis, CCIE, VCP, CISSP

Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series

How getting Involved benefits you and the entire Cisco Networking Community

I want to take a minute to talk about the importance of “getting involved” in the Cisco Networking community. No, this isn’t a “public service announcement” (okay, well maybe it is).

I will list ways that you can get involved in just a minute but first, let me give you some benefits of “getting involved”:

• you learn more and more
• you further your career both by learning more and by meeting others
• you help others
• eventually, the favor of helping other can be returned and you will get help

And those are just a few of the benefits. Sound good? So let’s find out what you can do to get involved!

1. Join an online community dedicated to Cisco Networking. Here are a list of them:

• Techtarget IT Knowledge Exchange - help fellow techies!
• Petri Cisco Routers & Switches How-to Forums
• HappyRouter.com Cisco Forums
• Cisco NetPro Forums

2. Join a local Cisco users group

In my home town, Dallas, TX, USA, we have the very popular DFW Cisco Users’ Group. However, there are many more of theses user groups around the world. In fact, there are about 7 million results for “cisco users group” on google.com

3. Volunteer to help others with Cisco networking issues. This is a great way to gain tons of experience, learn for free, and help someone else.

• Co-workers
• Friends
• Church
• Online

4. Start your own Blog

It doesn’t take much to start a blog these days. If you are interested, I recommend starting your own blog and tell us what is going on in your “Cisco world” and what configurations are you working on today! You can start your own blog, for free, on Blogger! No experience required.

In summary, I again, encourage you to get involved in your Cisco Networking Community! If you see a post you like, post a comment! If you see one that you don’t - again, post a comment again! There are always unanswers questions in the communities above - take a few minuets and take a “stab” at it.

All the best to you,
David Davis, CCIE, VCP, CISSP

Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series

Microsoft & VMware Virtualization Throwdown!

Okay, I know that this is a Cisco networking blog but I thought that this topic was so very interesting, I couldn’t resist but to post it. After this, I promise, I will get back to Cisco Networking….

I recently read a post by a Microsoft employee, Dave Northey. He was making all kinds claims about how Microsoft’s Windows Server Virtualization (WSV) was better than VMware ESX Server 3i.

Not surprisingly, there was a barrage of responders defending VMware. Although I didn’t post on his blog (because I would rather post over here), I do feel that VMware needs to be defended because they have a REAL enterprise grade product that you can buy today (and have been able to buy for many years). How can Microsoft say that their product is better when it isn’t even released to production yet? And how can they say that it is better when it hasn’t been proven in the Enterprise? I mean, you could install WSV and it could be completely insecure and unstable. VMware ESX is proven and used by hundreds of thousands of customers around the world.

To get someone’s take who is “in the know” on this topic, I checked in with Alessandro Perilli on this. He runs the Virtualization.info blog and is by far the best independant expert on virtualization that I know of. He said that, so far, this appears opinionated “our beta is better than your proven product” stance on Microsoft vs VMware appers to be limited to only this one Microsoft employee.

Have you tried either Windows Server Virtualization or VMware ESX 3i? (ESX 3i was handed out at VMworld and, you can try WSV by initializing it in the Win 2008 RC0 OS)

If you do try them - I recommend running them inside VMware Workstation (my favorite for OS testing). In fact, I recently created a video on how to run VMware ESX 3i Beta inside VMware Workstation (no more dedicated hardware or server).

Sound off your opinions in the comment section below!

The next post will be back to Cisco Networking!

All the best to you,
David Davis, CCIE, VCP, CISSP

Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series

Cisco’s new 1861 Remote office router packs a punch!

Have you heard about Cisco’s latest branch router? They recently released it and I admit that I am very impressed.

First, take a look at what it looks like:

Different, right?

I didn’t shrink the picture - it really isn’t full rack-width. It is pretty small actually. As you can see, it has switch ports, a HWIC slot, switch ports, and a CF card slot. But wait, there is more…

It can also come with:

• 256MB RAM & 512MB for optional voicemail
• Call Manager Express for VoIP (up to 8 user)
• Optional Unity Express for voicemail & auto attendant
• Call Manager survivability (SRST) if the circuit to a reall call manager goes down
• FXO/FXS VoIP ports to connect to the PSTN or analog phones
• Power over Ethernet (PoE) Ethernet ports for VoIP phones, perhaps
• optional IPSEC encryption, IPS, firewall, & more

And, no, I am not trying to sell the thing to you. I honestly like Cisco products and think that this all-in-one branch office router is pretty darn amazing! I sure would like to get my hands on one to try out! ((anyone from Cisco reading this? want to send me a loaner? ))

Oh yeah - and it does routing too!

In my humble opinion, the new Cisco 1861 ISR (as they call them) does really “pack a punch” - a small box with a lot of features.

For more information on the Cisco 1861, see Cisco’s complete list of features.

All the best to you,
David Davis, CCIE, VCP, CISSP

Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco CCNA & CCNP Video Training Series
Cirro - Quote Telecom Internet, Voice, and Data T1 circuits from an unbiased source

Common Sense is sometimes all it takes to protect your network from attackers

In a recent Information Week article, “A Crook Comes Clean“, a conviced malicious hacker admitted to helping a crime organization hack into companies networks and steal resources like thousands of minutes of free VoIP usage. One of the most obvious statements he made was this:

“it would have been easy for IT and security managers to detect him-if they’d been looking. “If they were just monitoring their boxes and keeping logs, they could easily have seen us logged in there,” he said. “If they had intrusion-detection systems set up, they could have easily seen that these weren’t their calls.”

IT technicians also could have set up access lists, telling their networks to allow only their own IP addresses to get in. “We came across only two or three boxes that actually had access lists in place,” Moore added. “The telecoms that we couldn’t get into had access lists or boxes that we couldn’t get into because of strong passwords.”

I think that this is a good reminder for us all to follow the basic security practices to secure our network. To me, this is as simple as what you should be doing to secure your data center physically - locks on the doors, no windows, strong doors, controlled access, etc.

I have published a number of articles and videos on how to secure your network. For example, here is a video on securing your router using IOS Access-Lists (ACL): FREE VIDEO: Harden your Cisco Router with IOS ACLs

Additionally, SANS has a great document on securing your network:SANS: Cisco Router Hardening Step by Step

Remember-

1. change default passwords & use complex passwords
2. use protocols that are secure (no http and telnet to manage routers)
3. password protect all entrances to the router and routing protocols
4. Apply ACL on your router to control management access and prevent spoofing
5. Use a firewall (in the router or a stand-alone box) to control inbound and outbound network access to and from the Internet

So much of security is just common sense and taking time to apply it.

Have a great day!

David Davis, CCIE

Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco CCNA & CCNP Video Training Series
Cirro - Quote Telecom Internet, Voice, and Data T1 circuits from an unbiased source

Cisco’s congressional lobbying and acquisitions

CNN recently reported that Cisco systems as so far spent $680,000 lobbying members of congress this year. This makes sense considering Cisco acquires so many companies that most of us cannot keep up. The first thing that comes into my mind is that Cisco doesn’t want to get so big that it suffers the same fate as Microsoft is an accused of being a monopoly. However, according to the list of topics that Cisco supposedly lobbied on, the “monopoly” topic wasn’t one of them (but then, how could it be?)

In 2007 alone, Cisco Systems has acquired 10 companies. And the year is not over yet.

My question is this - Can Cisco successfully integrate all of these companies and their technologies into sucessfull products? Typically, a very high number of acquisitions are financially unsuccessful. Will Cisco really be able to go from #1 Router & Switch maker to

• #1 cable set top box maker
• #1 DVR maker
• #1 video conferencing maker (home and business)
• #1 security vendor
• #1 toaster vendor

(okay, I threw that last one in there) But still, you start to wonder if they will stop the acquisitions one day and can they really become the top vendor, or one of the top vendors, in all the technology categories that they play in …?Here is the list of Cisco’s 2007 acquisitions from the Wikipedia

2007

• September 28, Latigent a developer of Call Center software.

• September 18, Cognio a provider of wireless analysis and management.

• May 22, BroadWare Technologies, provides software that enables web-based monitoring, management, recording and storage of audio and video that can be accessed anywhere by authorized users.^[1]

• March 28, SpansLogic, develops processors that improve packet processing speeds across the network.

• March 15, WebEx, makes applications that enable online group meetings and secure instant messaging.

• March 13, NeoPath, a provider of high-performance and highly scalable file storage management solutions.

• March 5, Utah Networks, acquired selected technology assets of Utah Networks, the operator of the social networking site Tribe.net.

• February 21, Reactivity, XML gateway provider enabling customers to deploy, secure, and accelerate XML and web services.

• February 8, Five Across, software developer of ’social networking’ technologies that allows businesses to create ‘MySpace-like’ communities on their websites.

• January 4, Ironport, a developer of security software that scans e-mail for viruses and spam.

David Davis, CCIE

Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco CCNA & CCNP Video Training Series
Cirro - Quote Telecom Internet, Voice, and Data T1 circuits from an unbiased source

Would you “Rent” your certification?

I heard about a website that connects people who have certifications with Microsoft and Cisco resellers who need certified people, on the payroll, to achieve a certain level of reseller status.

How this works is - say that I sell Cisco equipment but I want larger discounts from Cisco (so I can make more profit when I sell it). To be a higher level of reseller (Silver, Gold, or whatever), you have to have a certain number of Cisco certified people on the payroll. For example, maybe you need 2 CCNA, 1 CCNP, and 1 CCIE.

Many up-and-coming resellers cannot afford to do this so the idea came that they could pay people who have these certs a flat monthy fee to register their cert # under the reseller’s name. Not a bad idea, I suppose, unless Cisco or Microsoft stop them.

And now an even better idea - www.rentacert.com

This site connects the people who have the cert with the resellers who want to “rent” it. The site makes a profit by taking a commission.

If you work for a company that is NOT a reseller but you have a cert, I suppose it would be nice to make some extra cash off of it and do nothing. It seems that both the renter and rentee would benefit but, I suppose the customer of that reseller looses out because the reseller really doesn’t have as much experience on hand as, perhaps, the other resellers at a similar level.

What do you think?

Would you rent your cert?

David Davis, CCIE

Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco CCNA & CCNP Video Training Series
Cirro - Quote Telecom Internet, Voice, and Data T1 circuits from an unbiased source