Cisco

Sadly, the PIX Firewall is Discontinued…

What is the name that everyone thinks of when they think of firewalls? The “PIX” firewall, right?

Sadly, the PIX will be discontinued by Cisco, as of January 27, 2009.  This was announced on January 28, 2008 in this Cisco Press Release. If you are a PIX owner, the good news is that Cisco will support it until the year 2013 so, no rush huh?

Of course, we all know that the PIX will be replaced by the ASA 5500 line. When the ASA was announced we all saw this coming, even though Cisco said that they had no plans to discontinue the PIX and that there was a place in the marketplace for both. Still, it just made sense to discontinue the PIX.

So can the ASA become as well known as the PIX? Instead of asking for a firewall will admins just say “we need to install an ASA”? And is it pronounced “A.S.A.” or “Aay-Sah-Uh”? Only time will tell…

But seriously, the ASA is a very strong firewall and it can do a lot of things that the PIX could not do because the ASA is a real “UTM” or “Anti-X Appliance”. That means that, when combined with the CSC-SSM card (the card that really provides the Anti-X / UTM), the ASA is a much more complete firewall. The ASA is what businesses need today because, today, it isn’t enough to just maintain TCP states and drop traffic. You need intrusion prevention. You need filtering of traffic for viruses, worms, and malicious attack signatures in the real time. You want content filtering of web traffic. The ASA can do all that and more.

Do you have a Cisco ASA? What do you think of it? I’d like to hear from you! 

For more information on the Cisco ASA, checkout the ASA homepage over at Cisco.com

-David
Personal Website: HappyRouter.com
Checkout David’s Video Training:
VMware ESX Server Video Training
Cisco CCNA & CCNP Video Training

David’s top Cisco articles of 2007 - Check em’ out!

I am pleased to announce that 8 of the top 30 Searchnetworking.com articles of 2007 were written by - who? - David Davis!

As these were so popular, I hope that you will check them out! Here is the list:

WAN TIPS

3. Screencast: Configuring VLANs by David Davis
VLANs are a convenient way to connect ports from different switches and different buildings onto the same network and broadcast domain, preventing the need for a complex system of subnets. Learn how to configure a VLAN in this step-by-step, automated, 15-minute demo.

WIRELESS TIPS

2. Cisco wireless access point configuration from scratch by David Davis
Learn what the Cisco 1242 wireless access point can do for you and how to configure one from scratch.

4. Configure Cisco wireless bridges for point-to-point networking by David Davis
Point-to-point wireless bridging is ideal for many business networks. In this tip, learn how point-to-point wireless bridging can help you, the pros and cons of using it, and the configuration of the Cisco wireless bridges that make it work.

ENGINEERING TIPS

1. How routers work by David Davis
Learn how routers use routing tables to direct IP packets, find the best route to a destination, modify Ethernet packets with their MAC addresses, and perform encapsulation, or convert protocols, to route traffic through your network.

3. Network summarization — Supernetting and wildcard masks by David Davis
Network engineers need to understand supernetting, how to read routes received from other providers and how to create an access list that references these multiple networks in a single summarized statement. In this tip, you’ll learn more about the IP addressing-related topics of network summarization, supernetting and wildcard masks.

9. Screencast: Hardening your router — Increasing security with ACLs by David Davis
Learn how to harden your router in this step-by-step, automated, ten-minute demo. Expert David Davis walks you through the steps you’ll need to take to use Cisco IOS access control lists (ACLs) to define and filter traffic for increased network security.

NETWORK MANAGEMENT

7. Configure network monitoring for optimal performance by David Davis
Learn how to optimize network performance monitoring settings so that the monitoring system conserves bandwidth and takes into account the optimal performance of the network.

8. Using VMware to test open source network analysis tools by David Davis
Find out how open source network analysis tools can be beneficial to your network monitoring strategy, and learn how you can try out the open source network protocol analyzer Wireshark inside a VMware Player Guest OS.

-David
Personal Website: HappyRouter.com
Checkout David’s Video Training:
VMware ESX Server Video Training
Cisco CCNA & CCNP Video Training

How to secure your router with IOS Access-Lists (ACL)

I wanted to mention to all my blog readers out there about a video that I posted on my website entitled: Harden your Cisco Router with IOS ACLs

In this video, I walk you through:

1. What you need to know about Cisco IOS Access-lists (the 3 P’s of ACLs)
2. How to create an ACL
3. How to apply an ACL to your router

Keep in mind that ACLs aren’t just used to restrict or filter traffic. ACLs are used across many functions of a Cisco router - from security, to encryption, to QoS, to route filtering!

For all those new to ACLs or if you would just like a refresh on ACLs - this tip is for you!

-David
Personal Website: HappyRouter.com
Checkout David’s Video Training:
VMware ESX Server Video Training
Cisco CCNA & CCNP Video Training

Setting up a VLAN with the Cisco IOS

Recently, in my forums at my personal website, I have a VLAN Question thread going with over 20 posts and 638 views. Additionally, I have a free video where I demonstrate how to configure VLANs in the Cisco IOS. This video is one of the most popular free videos on my site.

Because of the popularity of these two sites, I wanted to take a second to cover the basics on VLAN configuration. Here are some crucial VLAN “show” commands on a switch:

————————–

Show vlan brief
Show interfaces switchport
Show ip interface brief
Show int trunk

————————–

And here is how you would configure a VLAN routing on your router with some show commands:
Router commands
Interface fastethernet 4.1
Encapsulation dot1q 10

Interface fastethernet 4.2
Encapsulation dot1q 20

Interface fastethernet 4
No shutdown

Show ip interface brief
Show vlans

—————————–

And here is how you would configure a VLAN on your switch:

Switch commands
Interface fastethernet 2/0
Switchport access vlan 10
No shutdown

Interface fastethernet 5/0
Switchport access vlan 20
No shutdown

Interface vlan 10
Ip address x.x.x.x y.y.y.y
No shutdown

Interface vlan 20
Ip address x.x.x.x y.y.y.y
No shutdown

———————-

I hope that sample configuration helps you out and don’t forget about my VLAN Configuration video where you can see how it is configured, step by step.

-David
Checkout David’s Video Training:
VMware ESX Server Video Training
Cisco CCNA & CCNP Video Training

Cisco CCIE History

Being a CCIE myself, I just love CCIE History. I read a great article over at NetworkWorld submitted by Brad Reese.

Here are some cool things I learned from the story:

• The CCIE was announced on September 27, 1993
• Now the very successful CEO of Cisco Systems, John Chambers was insturmental in getting the CCIE certification launched. Back then, Mr Chambers was a “merit vice president”.
• The very first CCIE number was 1024 and was assigned to the testing lab. They did not start the number at 1.
• Stuart Biggs (who designed the lab and wrote the test) was assigned CCIE# 1025
• The first non-Cisco employee to achieve the CCIE was Terry Slatterly, with CCIE# 1026.

You can read more about Terry and the history of the CCIe at Terry Slattery - the very first Cisco CCIE in history and at Terry’s Blog.

-David
Personal Website: HappyRouter.com
Checkout David’s Video Training:
VMware ESX Server Video Training
Cisco CCNA & CCNP Video Training

“LinkLove” to fellow Cisco Bloggers

I’d like to take a moment to offer some “link love” (as they say on “the net”) to a couple of great Cisco blogs I have found and have learned a lot from. They are:

CCIE Pursuit

IOS Hints and Tricks

Both of these guys post some excellent Cisco tips regularly and I want to take a moment to offer them both a public THANK YOU!

-David
Personal Website: HappyRouter.com
Checkout David’s Video Training:
VMware ESX Server Video Training
Cisco CCNA & CCNP Video Training

Cisco’s new version of PoE

Cisco launched a new version of PoE called ePoE or “enhanced” power over ethernet. What’s this? Confusing marketing at its finest? Let’s find out…

This new version of PoE is only available in the Catalyst 3750-E and 3560-E Series switches, with ePoE availability for Cisco’s Catalyst 6500 and Catalyst 4500-E Series devices scheduled to follow in the second quarter of this year.

One of the reasons for this new type of PoE is because of 802.11n wireless AP’s. These APs use a lot of power - more power than older APs. This was causing customers to have to supply two PoE cables to every 802.11n wireless AP. With the new ePoE, they don’t have to do that.

The cool thing is that you can just upgrade the IOS of your supported switch and get the new ePoE update. The downside is that ePoE is proprietary so you must use Cisco 802.11n wireless APs to take advantage of this new feature. You can read more about ePoE at Cisco’s website.

-David
Personal Website: HappyRouter.com
Checkout David’s Video Training:
VMware ESX Server Video Training
Cisco CCNA & CCNP Video Training

How to download and run a FREE Cisco Router emulator

I posted an article recently on how to download and run a FREE Cisco router emulator (see Practice Cisco Router Configuartion using a free emulator). I want to tell you up front, the only real catch is that you have to have a copy of the Cisco IOS that will run in the emulator. However, the emulator supports a number of different types of routers.

The cool thing about the emulator is that, on a single PC, you can run multiple routers and switches. You can design the network topology and connect all the devices together. Then, you can configure each of the routers in the LAN or WAN network.

It is a very powerful tool for creating & testing configurations as well as just learning about Cisco routers. The cost and trouble of purchasing and setting up a number of physical Cisco routers makes running an emulator on your PC a “no-brainer”.

Yes, there are simulators but emulators are much better because you are running the REAL IOS so you have 100% compatibility with the “real thing”.

I hope you will check out my article and try this very cool emulator out for yourself!

-David
Personal Website: HappyRouter.com
Checkout David’s Video Training:
VMware ESX Server Video Training
Cisco CCNA & CCNP Video Training

Are you concerned about IP version 6 (IPv6)?

Are you concerned about IPv6? Should you start learning about it and converting to it now?

These are all valid concerns. I mean, “everyone” has been talking about how IPv4 (our current IP addressing scheme) will run out of IP addresses for a long long time. “Everyone” says that you need to convert to IPv6 but has anyone done it?

Anyone out there?

I can tell you that I have read and checked it out but haven’t started doing anything related to IPv6 for any of the servers and networks that I support. However, if you worked at a university or a very large company, I am sure that you need to be ahead of a medium size company like the one that I support.

So, if you are concerned and have a few minutes, you should check out these links on IPv6 to help prepare:

IPv4 Progress Report

The IPv6 Forum

Cisco IPv6 eBook

Internetworking IPv6 with Cisco Routers

-David
Personal Website: HappyRouter.com
Checkout David’s Video Training:
VMware ESX Server Video Training
Cisco CCNA & CCNP Video Training

Anyone out there a CCENT?

I am curious to hear from those who are working on their CCENT certification. Have you tried it? Or have you even heard of the CCENT yet?

The CCENT is the Cisco Certified Entry Networking Technician and it is what you achieve if you take just 1 Cisco test (640-822 ICND1). The CCENT prepares you for the CCNA exam and you Cisco has some nice resources for it at both the CCENT Instant Answers webpage and the CCNA Prep Center.

I have heard from a number of my associates and they have been using the Train Signal CCENT Video Training package and have been impressed with it. I know they have a free demo at that URL.

So - how about you? Are you already a CCENT? What did you think of the experience? Are you aspiring to be a CCENT? What questions do you have? Post em’ here!

-David
Personal Website: HappyRouter.com
Checkout David’s Video Training:
VMware ESX Server Video Training
Cisco CCNA & CCNP Video Training