Network technologies and trends

April 29, 2011  4:29 PM

Ten top popular and paying Cisco Certifications-part1

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Recently Global Knowledge and TechRepublic partnered to create a comprehensive IT salary survey. The survey revealed few surprises especially when it comes to Cisco Certification, I thought it would be a great to compile popular Cisco Certifications and their associated pay.  No doubt CCIE R&S: Cisco Certified Internetwork Expert Routing & Switching leads the path but the surprise element is CCDP: Cisco Certified Design Professional stands second when it comes to remuneration. I am going to reveal the top 10 Cisco Certifications in terms of pay and popularity. Note the rankings are purely based on the recent survey carried out by Global Knowledge and meant only for the US market. You can access their web site for more details.

1. CCIE R&S: Cisco Certified Internetwork Expert Routing & Switching ($120,008)

Cisco Certified Internetwork Expert (CCIE®) certifies the expert-level skills required of network engineers to plan, prepare, operate monitor, and troubleshoot complex, converged network infrastructure. Professionals who achieve CCIE have demonstrated their technical skills at the highest level. There are no formal prerequisites for CCIE certification. Other professional certifications or training courses are not required. Instead, candidates must first pass a written qualification exam and then the corresponding hands-on lab exam. You are expected to have an in-depth understanding of the topics in the exam blueprints and strongly encouraged to have three to five years of job experience before attempting certification.

2. CCDP: Cisco Certified Design Professional ($107,878)

There are two tracks at the Associate and Professional levels – Designing and Networking. The Cisco Certified Design Professional (CCDP) certification demonstrates that the individual who has passed the required exams possesses advanced knowledge of Cisco network design concepts and principles. The CCDP certified individual can discuss, design, and create advanced networks.

With the CCDP certification, you can plan addressing and routing schemes, security, network management, data center, and IP multicast complex multi-layered enterprise architectures that include virtual private networking and wireless domains. The CCDP curriculum includes building scalable internetworks, building multilayer switched networks, and designing network service architecture1.

3. Cisco IP Telephony Design Specialist ($105,871)

The Cisco IP Telephony Design Specialist certification was developed for those who design IP Telephony multi-service network solutions. Cisco IP Telephony Design Specialists can design a scalable, converged network using QoS, Cisco Call Manager clustering, H.323, MGCP, or SIP signaling protocols, and assess the scope of work required to integrate legacy TDM PBXs and voice mail systems into an existing data network.

4. CCNP Voice  ($98,290)

Cisco Certified Network Professional CCNP Voice validates advance knowledge and skills required to integrate into underlying network architectures. Furthermore, this certification validates a robust set of skills in implementing, operating, configuring, and troubleshooting a converged IP network. With a CCNP Voice certification, a network professional can create a collaboration solution that is transparent, scalable, and manageable. The CCNP Voice focuses on Cisco Unified Communications Manager (formerly Unified CallManager), quality of service (QoS), gateways, gatekeepers, IP phones, voice applications, and utilities on Cisco routers and Cisco Catalyst switches. Additionally, the integration and troubleshooting of Cisco Unified Communications applications are now covered in the CCNP Voice, specifically the Cisco Unity Connection and Cisco Unified Presence applications.

5. CCDA: Cisco Certified Design Associate ($97,995)

The Cisco Certified Design Associate (CCDA) demonstrates that the individual who has passed the required exams has the requisite knowledge, experience and understanding required to design a Cisco converged network. A CCDA certified individual has the skills to design a routed and switched network infrastructure and services involving LAN, WAN, and broadband access for businesses and organizations.

In upcoming post I will disclose rest of the five most popular Cisco Certifications.

April 27, 2011  8:22 AM

One more Major Security breach – Sony PlayStation Network

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Sony Play Station Network went down one more security beach, according to Sony Official PlayStation blog there is no evidence for stolen credit card detail but Sony even not ruling out the possibility.

“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number [excluding security code] and expiration date may have been obtained. For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information,” said Patric Seybold in the blog post.

I would suggest all PlayStation users to be careful and be vigilant until Sony comes out clean. Make sure to review your account statements and monitor your credit reports daily.

Sony is currently working hard to restore the PlayStation network and hired a recognized security firm to conduct a thorough investigation into what happened.

April 27, 2011  8:03 AM

What happened to Cisco’s Flip video camera?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

In 2009 Cisco acquired Pure Digital Technologies was not the brave move, eventually it led to back away from the consumer market by the closure of Flip as part of restructuring. Cisco is expected to reduce its headcount by 550 workers.

May be a better idea for Cisco Systems to concentrate on its core business, especially when there is a rising competition from its rival Juniper Networks and Huawei. I am seeing Huawei gradually making its strong presence in the Middle East market.

According Analysts Flip flopped due to its lack of Internet connectivity, and the proliferation of high end smartphones.

“We have disappointed our investors and we have confused our employees.  Bottom line, we have lost some of the credibility that is foundational to Cisco’s success – and we must earn it back. Our market is in transition, and our company is in transition. And the time is right to define this transition for ourselves and our industry.  I understand this.  It’s time for focus.” said John Chambers CEO of Cisco Systems.

I am looking forward to see how Umi home telepresence going to perform.

April 27, 2011  7:40 AM

Major cyber-attacks on critical infrastructure expected?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

A report called ‘In the Dark: Crucial Industries Confront Cyber-attacks’, produced by McAfee and the Center for Strategic and International Studies (CSIS) has revealed that 40% of 200 IT security executives polled believe a major cyber-attack on critical infrastructures may occur over a span of year.


This report surveyed 200 IT security executives from critical electricity infrastructure enterprises in 14 counties, focused on the critical civilian energy infrastructure that depends most heavily on industrial control systems.

Forty percent of the IT security executives from critical electricity infrastructure enterprises believed that the industry’s vulnerability had increased almost 30% and believed that their company was not ready for cyber-attacks.

“We found that the adoption of security measures in important civilian industries badly trailed the increase in threats over the last year,” said Stewart Baker, who led the study for CSIS.

“Ninety to 95% of the people working on the smart grid are not concerned about security and only see it as a last box they have to check,” said Jim Woolsey, former United States director of Central Intelligence.

Some of the key findings of this report

  • Eighty percent of respondents have faced a large-scale denial of service attack
  • Twenty-five percent of respondents have been victims of extortion attempts
  • More than 40 percent of executives believe that their industry’s vulnerability has increased
  • Almost 30 percent believe their company is not prepared for a cyber-attack
  • More than 40 percent expect a major cyber-attack within the next year
  • Energy sector increased its adoption of security technologies by only a single percentage point, at 51 percent
  • Oil and gas industries increased by only three percentage points, at 48 percent
  • Nearly 70 percent of respondents frequently found malware designed to sabotage their systems
  • A quarter of respondents reported daily or weekly DDoS attacks

After reading the complete report it’s evident that there has been an increase in cyber-attacks on critical infrastructure and still most of the organizations are unprepared. Time has come to design the critical infrastructure systems with cyber-security in mind, and organizations need to implement stronger network controls, to avoid being vulnerable to cyber-attacks.

April 26, 2011  5:00 AM

The war of Smartphones, next version of iPhone?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Since its arrival Android is giving a tough time for Apple, plenty of new tablets invented working on Android platform; never the less, Blackberry with its Playbook is expected to do well at least at Enterprise level, HP TouchPad seems to give a tough fight as well. Microsoft is working on Windows 8 eyeing the tablet market and expected to have a demo in June. When all these developments are happening how come Apple can stay idle?

According Reuters the next version of iPhone will go on sale in September 2011, citing three sources with direct knowledge of Apple’s supply chain, the news agency said that production of the iPhone 5 is likely to start in July or August.

The Apple’s next-generation iPhone will have a faster processor but it will be similar in appearance to the iPhone 4, Reuters identified a number of components suppliers for the new phone, namely camera module maker Largan Precision for camera, Wintek to supply the touchscreen, and Foxconn Technology to supply the casing, but none of the vendors would confirm the reports.

Some market observers have suggested that the new phone will be unveiled at an as-yet unscheduled Apple event in September, as Apple has normally held a music-related product launch event in that month. It’s too early to predict the move Apple is going to take; at least I would love to see some restrictions pertained to flash and additional memory expansion  are overcome in the new version of iPhone. Not to forget Android is doing an amazing job and its market share is increasing day by day.

Perhaps Apple can come out with a new version of iPad by testing the success of it’s new version of iPhone. Especially when the tablet market is growing exponentially.

April 25, 2011  5:10 AM

DNS Queries in Windows 2008 R2 Server fails – Part 2

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

In my previous post I was talking about the DNS query problem we were facing with Windows 2008 R2 server. The solution is quite simple. Immediately I started monitoring the logs in the Cisco PIX 525 firewall using ADSM and syslog. I figured out the DNS queries were replied back from the ISP but were dropped by the Cisco PIX 525 Firewall.

%PIX-4-410001: Dropped UDP DNS reply from outside:x.x.x.x/53 to

inside:y.y.y.y/49746; packet length 768 bytes exceeds configured limit of 512

I was wondering what might be the reason, then figured out the packets received from ISP is of 768 bytes whereas by default the Cisco PIX 525 Firewall allows 512 bytes as shown below.

The problem was with the default DNS inspection policy-map. By default in Cisco PIX 525, Cisco ASA it’s configured to 512 bytes

The moment I changed the default DNS inspection policy-map from 512 bytes to 1000 bytes things were normal the Windows 2008 R2 Server was resolving the DNS queries.

The commands I used to change the default DNS inspection policy-map is as follows.

MBGF-DAC-525-FW01# configure t

MBGF-DAC-525-FW01(config)# class-map inspection_default

MBGF-DAC-525-FW01(config-cmap)# match default-inspection-traffic

MBGF-DAC-525-FW01(config-cmap)# policy-map global_policy

MBGF-DAC-525-FW01(config-pmap)# class inspection_default

MBGF-DAC-525-FW01(config-pmap-c)# inspect dns maximum-length 1000


April 24, 2011  5:36 AM

DNS Queries in Windows 2008 R2 Server fails – Part 1

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

In our new Data Center we added new HP Blade servers and installed Windows 2008 R2 on those servers. Our Servers are connected inside our network behind a Cisco PIX 525 firewall. We are looking to resolve all our DNS queries for the external network using a DNS IP address provided by our ISP which is 212.x.x.2.

In windows 2008 Server we have specified the DNS forwarder as shown in the below diagram.

But it always fails to resolve the DNS queries from internal network to external network using nslookup command from the command prompt of the Windows 2008 Server as well when we are testing the simple and recursive query to other DNS Servers it’s failing as demonstrated below

We have done the following to

1)      The internal IP address for the Windows 2008 R2 server is PATed in our PIX 525 Firewall, I could browse the internet.

2)      In Windows 2008 R2 Server we have specified the DNS IP Address provided by our ISP.

3)      All our servers in the DMZ zone are working fine.

I am working on this issue; meanwhile if any one of you knows who to resolve this issue, your comments are always welcomed.

April 20, 2011  5:16 AM

Cisco Systems launches new appliance, Cisco Identity Services Engine (ISE)

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Cisco Systems new appliance Cisco ISE: Identity Service Engine , which can be deployed as an appliance or a Virtual machine basically designed to help Organizations to gain enterprise wide visibility into their network, allowing authentication, authorization, accounting, posture profiling gathering real-time  contextual information from the network, users, and devices, and make proactive governance decisions by enforcing policy across the network infrastructure.

The Cisco Identity Services Engine (ISE) is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline service operations. It is an integral part of the overall Cisco TrustSec® solution and SecureX architecture.

The Cisco Identity Services Engine (ISE)is a  policy-based service-enablement platform which ensures corporate and regulatory compliance.

Some of the highlights of Cisco Identity Services Engine (ISE are as follows

  • Context-aware enforcement: Gathers information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network.
  • Business-relevant policies: Create and enforce consistent policy from the head office to the branch office.
  • Systemwide visibility: Let IT see who and what is on the network for advanced discovery and troubleshooting.
  • Flexible architecture: Combine authentication, authorization, and accounting (AAA), posture, profiling, and guest management

Currently the Cisco Identity Services Engine (ISE) is available in following models and platforms

Platforms Options
Appliance Identity Services Engine 3315 (small) 1000-endpoint target

Identity Services Engine 3355 (medium) 5000-endpoint target

Identity Services Engine 3395 (large) 10,000-endpoint target

Software/virtual machine 1, 5, or 10 virtual machines

For further info please check the Cisco Identity Services Engine (ISE) home page at Cisco Systems.

April 14, 2011  9:45 PM

CCIE Service Provider v3.0 Exams Released

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

According Cisco they will release an updated v3.0 CCIE Service Provider written and Lab exams in all testing location worldwide and the v2.0 exam will retire simultaneously. CCIE Service Provider aspirers willing to take exam on or after April 18th 2011 should expect to be tested on the CCIE SP v3.0 Written and CCIE SP v3.0 Lab Exam topics, which were released in October 2010.

To brief the updated exam will cover configuration and optimization of IP core technologies, aggregation and edge technologies, and remote access technologies-all of which are key to service provider infrastructures. The exams will also cover managing services for voice, video, and security traversing the core IP network.

For further info check Cisco Learning Network.

April 12, 2011  12:36 PM

Cisco Learning Labs Provide Hands-On Training

Yasir Irfan Yasir Irfan Profile: Yasir Irfan


Whenever you are preparing for the Cisco CCNA ®, Cisco CCNP®, and Cisco CCIP® certifications especially when you are doing a self-study the major concern is lab experience to answer the simulated questions. Often many of us end up looking for real Cisco hardware from eBay, as most of the present day simulators fail to fulfill our requirements. To certain extent GNS3 did an amazing job by emulating the power of Cisco IOS in our machines. But GNS3 does have some limitations; when it comes to switching GNS3 have no answer.

Current high end systems fail to handle most complex GNS3 topologies. To ease all these hurdles Cisco has an answer. Yeah you can experience the Cisco real labs. A more flexible option is here known as Cisco Learning Labs. For the first time, Cisco certifications aspirers can secure hands-on Cisco IOS® Software lab practice for both routing and core switching.

Cisco Learning Labs are powered by Cisco IOS® Software on UNIX and enable critical, hands-on lab experience for future networking engineers interested in attaining Cisco certifications.

Key Facts

  • Cisco Learning Labsare currently available forCisco CCNA®,CCNP®andCCIP®study, through theCisco Learning Network Storeand Cisco Authorized Learning Partners.
  • Accessible from the convenience of the user’s PC,Cisco Learning Labsprovide complete lab preparation experience for routing and switching skills.
  • Multiple labs are available in each lab bundle, accessible anytime for 90 days, for up to 25 hours. Supplemental lab time is available in increments of five hours.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: