CCNA

How to secure your router with IOS Access-Lists (ACL)

I wanted to mention to all my blog readers out there about a video that I posted on my website entitled: Harden your Cisco Router with IOS ACLs

In this video, I walk you through:

1. What you need to know about Cisco IOS Access-lists (the 3 P’s of ACLs)
2. How to create an ACL
3. How to apply an ACL to your router

Keep in mind that ACLs aren’t just used to restrict or filter traffic. ACLs are used across many functions of a Cisco router - from security, to encryption, to QoS, to route filtering!

For all those new to ACLs or if you would just like a refresh on ACLs - this tip is for you!

-David
Personal Website: HappyRouter.com
Checkout David’s Video Training:
VMware ESX Server Video Training
Cisco CCNA & CCNP Video Training

Anyone out there a CCENT?

I am curious to hear from those who are working on their CCENT certification. Have you tried it? Or have you even heard of the CCENT yet?

The CCENT is the Cisco Certified Entry Networking Technician and it is what you achieve if you take just 1 Cisco test (640-822 ICND1). The CCENT prepares you for the CCNA exam and you Cisco has some nice resources for it at both the CCENT Instant Answers webpage and the CCNA Prep Center.

I have heard from a number of my associates and they have been using the Train Signal CCENT Video Training package and have been impressed with it. I know they have a free demo at that URL.

So - how about you? Are you already a CCENT? What did you think of the experience? Are you aspiring to be a CCENT? What questions do you have? Post em’ here!

-David
Personal Website: HappyRouter.com
Checkout David’s Video Training:
VMware ESX Server Video Training
Cisco CCNA & CCNP Video Training

FREE VIDEO: How to Configure VLAN s in the Cisco IOS

Recently, I created a short video that shows you how to configure and use VLAN s on a Cisco IOS Router & Switch. It is a step-by-step 15 minute video. It was originally published over at SearchNetworking.com.

In this video, you will learn how to configure a VLAN in this step-by-step, automated, 15-minute demo. As a CCIE Cisco networking expert, I will walk you through the steps you’ll need to configure your routers and switches, set up and assign the trunk ports, and perform the necessary tests to get traffic moving across your VLAN successfully. You can view the configuration commands I used in the video at the bottom of this page.

This video is published in two places:

• HappyRouter.com
• SearchNetworking.com

ENJOY!

-David
Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series

Bridged ports on a Cisco 851 & 871 series routers

Recently I had a question from a Cisco router admin and I suspect that many of you out there could benefit from the answer. This admin had a Cisco 871W and was having trouble creating VLANs.

I believe that the confusion on this topic comes from the fact that the Cisco 851 & 871 series routers have 4 LAN Ethernet ports + 1 Additional Ethernet. The 4 LAN port (Fa0 to Fa3) are intended to be your local LAN switch ports to your, say, 4 devices on your LAN. The 1 Additional Ethernet  port (Fa4) is intended to be connected to something like a DSL modem or cable modem.

These 4 special internal LAN ports on the Cisco 851 & 871 are special and don’t work like other ports on other Cisco routers or switches with 4+ Ethernet ports. These 4 LAN ports on the 851 & 871 cannot be turned into VLANs and cannot be configured individually.

According to the 871 specs, you can create up to 4 VLANs with the 871w. These can include wireless VLANs.

I think the problem that is coming up here is that FastEthernet ports 0-3 are all in a bridge. You cannot create a subinterface on Fa0-3 but you can on Fa4.

Here is how I created a subinterface for a VLAN off of Fa4:

Router#sh ip int brie
Interface                  IP-Address      OK? Method Status  Protocol
FastEthernet0              unassigned      YES unset  up       down
FastEthernet1              unassigned      YES unset  up        down
FastEthernet2              unassigned      YES unset  up        down
FastEthernet3              unassigned      YES unset  up        down
FastEthernet4              unassigned      YES unset  administratively        down    down
FastEthernet4.1            unassigned      YES unset  administratively        down    down
Dot11Radio0                unassigned      YES TFTP   administratively        down     down
Vlan1                      unassigned              YES unset  up                down
Virtual-Dot11Radio0        unassigned      YES TFTP   administratively   down    down
Router#

Still, not all of us are going to want to have a VLAN only on Fa4. So the answer is, as I understand it (haven’t tried it) to use the bridge group function. You put certain Fa ports in a certain bridge group, then put that bridge group in a VLAN.

Please see this Cisco doc for more information

And take a look at George Ou’s Examples of configuring VLANs on the 871.

He offers a downloadable Excel template. Now, if I recall he is configuring wireless VLANs but the same principles should apply.

http://articles.techrepublic.com.com/5100-1035-6102399.html 
http://articles.techrepublic.com.com/5100-1035_11-6112367.html?tag=nl.e138

So if you are trying this yourself, I think this knowledge and those configs will give you examples of what you are looking to do.

-David
Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series

How do you reset your lost Router or Switch password?

Just as with the Windows OS, one of the most frequent questions from new Cisco router or switch users is “how do I reset my lost IOS password”? Perhaps you inherited an old router from another network admin. Perhaps you bought your router on ebay. Or perhaps you just plain forgot what the password was for the router.

Now, you cannot get into the IOS. What do you do?

This involves changing the configuration register to 0×2142, rebooting, recovering or changing the password, and changing the configuration register back to 0×2102.

Instead of telling you HOW to do it, better yet, I would like to SHOW you how to do it.

I created a 10 minute video on my website where I SHOW you how to reset your lost router or switch password. I have gotten a ton of positive reviews on this video with many people saying it “saved their day”. I hope it helps you out too!

-David
Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series

Michael’s CCNA Success Story - How he passed the Cisco CCNA

Are you studying for the Cisco CCNA or looking for the best Cisco CCNA, routing, and switching resources available? If so, check out a recent post by Michael K. After studying and preparing for his CCNA, he passed and has been kind enough to share his story and detail out all the resources he used in passing his test.

His resources include the web links, videos, books, and websites that he used to pass the test.

Thanks Michael & Congratulations to you, Mr CCNA!

I hope these resources help you in your pursuit of the CCNA Certification as well!

-David
Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series

What’s the best certification training?

I’ll admit, right off, the point of this post is to get some discussion going. That said, slide the keyboard over–>

And prepare to comment on this one!

(and I hope you aren’t still using a VIC-20, like that one)

Continued »

What is a Cisco console cable?

Say that you take a new Cisco router, switch, or firewall out of the box and hook it up. Does it work? No. It isn’t like a Linksys or Netgear router. It has no DHCP or anything like that. It has to be configured first.

How do you configure it? You have to connect to the console port, like this console port on a Cisco 1800 series router:

But what to connect to it? No, don’t use an Ethernet cable - it won’t work. This is a SERIAL port that needs to go to the serial/COM port on your PC or laptop (if you still have one). What what you need is a ROLLED cable. Here is what it looks like:

Cisco also has a good picture of one, below….

However, how are you going to get that rolled cable connected to your PC? Don’t plug it into the Ethernet port! Remember, it is a Serial Cable. You need to connect it to the 9 PIN serial port on your PC (hopefully you have one but I will tell you what to do if you don’t in a minute. To connect it, you need to convert the RJ45 end to Serial with an adaptor, like this:

Many times, these came with routers or were sold in a package alone with the rolled cable, like this:

Today, the DB9 to RJ45 converter is coming molded to the console cable, like this:

Once you have the router, switch, or firewall physicall connected with the right cable & adaptor, you need to use your terminal emulator to communicate with the console port. For more information on that topic, I recommend this article on how to use Hyperterminal to connect to your Cisco router.

All the best to you,
David Davis, CCIE, VCP, CISSP

Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series

How getting Involved benefits you and the entire Cisco Networking Community

I want to take a minute to talk about the importance of “getting involved” in the Cisco Networking community. No, this isn’t a “public service announcement” (okay, well maybe it is).

I will list ways that you can get involved in just a minute but first, let me give you some benefits of “getting involved”:

• you learn more and more
• you further your career both by learning more and by meeting others
• you help others
• eventually, the favor of helping other can be returned and you will get help

And those are just a few of the benefits. Sound good? So let’s find out what you can do to get involved!

1. Join an online community dedicated to Cisco Networking. Here are a list of them:

• Techtarget IT Knowledge Exchange - help fellow techies!
• Petri Cisco Routers & Switches How-to Forums
• HappyRouter.com Cisco Forums
• Cisco NetPro Forums

2. Join a local Cisco users group

In my home town, Dallas, TX, USA, we have the very popular DFW Cisco Users’ Group. However, there are many more of theses user groups around the world. In fact, there are about 7 million results for “cisco users group” on google.com

3. Volunteer to help others with Cisco networking issues. This is a great way to gain tons of experience, learn for free, and help someone else.

• Co-workers
• Friends
• Church
• Online

4. Start your own Blog

It doesn’t take much to start a blog these days. If you are interested, I recommend starting your own blog and tell us what is going on in your “Cisco world” and what configurations are you working on today! You can start your own blog, for free, on Blogger! No experience required.

In summary, I again, encourage you to get involved in your Cisco Networking Community! If you see a post you like, post a comment! If you see one that you don’t - again, post a comment again! There are always unanswers questions in the communities above - take a few minuets and take a “stab” at it.

All the best to you,
David Davis, CCIE, VCP, CISSP

Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series

Would you “Rent” your certification?

I heard about a website that connects people who have certifications with Microsoft and Cisco resellers who need certified people, on the payroll, to achieve a certain level of reseller status.

How this works is - say that I sell Cisco equipment but I want larger discounts from Cisco (so I can make more profit when I sell it). To be a higher level of reseller (Silver, Gold, or whatever), you have to have a certain number of Cisco certified people on the payroll. For example, maybe you need 2 CCNA, 1 CCNP, and 1 CCIE.

Many up-and-coming resellers cannot afford to do this so the idea came that they could pay people who have these certs a flat monthy fee to register their cert # under the reseller’s name. Not a bad idea, I suppose, unless Cisco or Microsoft stop them.

And now an even better idea - www.rentacert.com

This site connects the people who have the cert with the resellers who want to “rent” it. The site makes a profit by taking a commission.

If you work for a company that is NOT a reseller but you have a cert, I suppose it would be nice to make some extra cash off of it and do nothing. It seems that both the renter and rentee would benefit but, I suppose the customer of that reseller looses out because the reseller really doesn’t have as much experience on hand as, perhaps, the other resellers at a similar level.

What do you think?

Would you rent your cert?

David Davis, CCIE

Personal Website: HappyRouter.com - home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco CCNA & CCNP Video Training Series
Cirro - Quote Telecom Internet, Voice, and Data T1 circuits from an unbiased source