Network Technologies and Trends

Nov 23 2009   5:24AM GMT

Do you know there are 20782 CCIE Professionals Worldwide?

Posted by: Yasir Irfan
CCIE, total CCIE Professionals, CCIE Routing and Switching, CCIE Security, CCIE Voice, CCIE Wireless, CCIE Service Providers, CCIE Certifications, Cisco certification, Cisco Systems, Cisco Certified Professionals, Network Technologies and Trends, Cisco Certification updates

We all know CCIE is a dream for all the certification aspirers, especially those who are Cisco Certified Professionals. I was just wondering how many CCIE certified Experts exists? As per Cisco Systems latest update on 26^th of October 2009 there are 20782 CCIE Professionals Experts worldwide. Interestingly 86% (17891) of CCIE professionals are certified in Routing and Switching and the second choice is being the CCIE Security with mere 2337 Security professional. That’s a reason why I always hear there is a lack of CCIE Security Professionals. So CCIE Security can be good options for CCIE aspirers.

One Interesting fact is the total number of CCIE Voice Professionals they are growing wow. Quite a sharp growth in a short span of time.

Pic Courtesy: Cisco Systems

Total of Worldwide CCIEs:		20782   (last updated 10/26/2009)
Total of Routing and Switching CCIEs:		17891
Total of Security CCIEs:		2337
Total of Service Provider CCIEs:		1625
Total of Storage Networking CCIEs:		148
Total of Voice CCIEs:		1082
Total of Wireless CCIEs:		15

 

Multiple Certifications:

 

Many CCIEs have gone on to pass the certification exams in additional tracks, becoming a “multiple CCIE.” Below are selected statistics on CCIEs who are certified in more than one track.

 

Total with multiple certifications worldwide:		2264
Total of Routing and Switching and Security CCIEs:		751
Total of Routing and Switching and Service Provider CCIEs:		656
Total of Routing and Switching and Storage Networking CCIEs:		34
Total of Routing and Switching and Voice CCIEs:		289
Total with 3 or more certifications		384

 

Nov 21 2009   11:36AM GMT

How to configure the System prompt in a Cisco Router or a Cisco Switch?

Posted by: Yasir Irfan
Cisco Router, Cisco Router tips, Cisco Switches, Cisco Tips, How to configure the System prompt in a Cisco Router or a Cisco Switch, System prompt, no prompt, TTY, VTY, config t, hostname, Cisco Hostname, %h:%n%p, active telnet sessions, Telnet, Cisco Device, Network Tips, Network Technologies and Trends

 

There is a cool handy way to know TTY sessions established in any Cisco Router or a Cisco Switch. By using this feature you can know the number of active telnet sessions from the prompt itself.

Normally whenever you log to any Cisco Router or Switch you will find this menu

ITKE-AS01#

 

By using the “prompt” command you can see the difference

 

You might be wondering how come this is possible, ok now let me show you how to enable this feature in a Cisco Router or a Cisco Switch,

Log in to your Cisco Device and use the following command “prompt %h:%n%p”

 

ITKE-AS01#config t

ITKE-AS01 (config)# prompt %h:%n%p
ITKE-AS01 (config)# exit

 

In the example I have used three escape sequences to set the prompt name to the hostname (%h), followed by the command number (%n) and then followed by the appropriate prompt character for the current command mode (%p).

You can see the difference in the hostname after applying the “prompt %h:%n%p” command.

ITKE-AS01:1#sho users

    Line       User       Host(s)              Idle       Location

*  1 vty 0     yasir      idle                 00:00:00 10.0.0.5

 

  Interface      User        Mode                     Idle     Peer Address

ITKE-AS01:1#

 

As the number of TTY session increases you can see the incremental change in the hostname with the sequence number as displayed below.

Example with two TTY sessions

ITKE-AS01:2#sho users

    Line       User       Host(s)              Idle       Location

   1 vty 0     yasir      idle                 00:00:23 10.0.0.5

*  2 vty 1     itkeuser      idle                 00:00:00 10.0.0.5

 

  Interface      User        Mode                     Idle     Peer Address

 

ITKE-AS01:2#

 

Example with three TTY sessions

ITKE-AS01:3#sho users

    Line       User       Host(s)              Idle       Location

   1 vty 0     yasir      idle                 00:01:14 10.0.0.5

   2 vty 1     itkeuser      idle           00:00:50 10.0.0.6

*  3 vty 2     itkeadmin   idle         00:00:00 10.0.0.7

 

  Interface      User        Mode                     Idle     Peer Address

 

ITKE-AS01:3#

 

Example with four TTY sessions

ITKE-AS01:4#sho users

    Line       User       Host(s)              Idle       Location

   1 vty 0     yasir      idle                 00:01:43 10.0.0.5

   2 vty 1     itkeuser      idle            00:01:20 10.0.0.6

   3 vty 2     itkeadmin   idle            00:00:29 10.0.0.7

*  4 vty 3     yasir      idle                 00:00:00 10.0.0.5

 

  Interface      User        Mode                     Idle     Peer Address

 

ITKE-AS01:4#

 

I you want to disable the TTY display enter the “no prompt” command as shown below.
ITKE-AS01:4#config t
ITKE-AS01:4 (config)# no prompt

 

Following are the prompt Variables available for the “prompt” command.

Nov 18 2009   1:06PM GMT

How to archive your Cisco Router or Switch Configuration?

Posted by: Yasir Irfan
Cisco Router tips, Cisco Switches tips, Cisco Tips, Network Tips, Cisco IOS tips, archive command, archive config, configure replace flash, IOS version 12.3 (4) T, IOS Version, Cisco Systems, Cisco Routers, Cisco Switches, Cisco IOS configuration, Cisco Configuration, Router Configuration, Network Technologies and Trends, running config, FTP, HTTP, HTTPS, RCP, SCP, TFTP, protocols, How to archive your Cisco Router or Switch Configuration?

Do you all know there is a great way to archive the tasks you carry out in your Cisco Router or a Cisco Switch? Especially whenever you perform a “write memory or copy run start” in your Cisco Router or a Cisco Switch.

Most people do not realize starting an IOS version 12.3 (4) T and higher an “archive” and “archive config” commands were introduced by Cisco Systems.

The main advantage of advantage of an “archive” command is to have incremental backups of your Cisco Router or Switches configurations and for some reasons if you have blowup with the configuration then using the this feature you can retrieve the old configuration file into your Cisco router or switch.

The “archive config” command allows you to save Cisco IOS configurations in the configuration archive using a standard location and filename prefix that is automatically appended with an incremental version number (and optional timestamp) as each consecutive file is saved.
Once the maximum number of file saved in the archive, the oldest file will be automatically replaced by the next file.

The “show archive” command displays information for all configuration files saved in the Cisco IOS configuration archive.
In this example, we will save the archive configuration files on the flash memory; however, you can also store the configuration files remotely using such protocols as FTP, HTTP, HTTPS,RCP, SCP, and TFTP.
By using following set of commands we can enable archive feature in a Cisco Router or a Cisco Switch provided the IOS version is either 12.3 (4) T or higher . In this example, the location and filename prefix is specified as disk0: itkebackup

ITKE-AS0 (config)#archive

ITKE-AS01(config-archive)#path flash:itkebackup

To save the current running configuration in the configuration archive use the “archive config” command as shown below

ITKE-AS01# archive config

The “show archive” command displays information of the files saved in the configuration archive as shown in the following example:

ITKE-AS01#show archive

         There are currently 3 archive configurations saved.

         The next archive file will be named flash: itkebackup -3

         Archive # Name

         0

         1 flash: itkebackup -1

         2 flash: itkebackup -2 <- Most Recent

         3

         4

         5

         6

         7

         8

         9

         10

         11

         12

         13

         14

 

ITKE-AS01#

By using the “configure replace flash” command you can restore the configuration

ITKE-AS01#configure replace flash: itkebackup -2

         This will apply all necessary additions and deletions

         to replace the current running configuration with the

         contents of the specified configuration file, which is

         assumed to be a complete configuration, not a partial

         configuration. Enter Y if you are sure you want to proceed. ? [no]: y

         Total number of passes: 0

         Rollback Done

The “archive” command is quite handy to keep the he is great for keeping multiple copies of the running config in an archive.

Nov 17 2009   6:38AM GMT

How to disable SSH in Cisco Devices?

Posted by: Yasir Irfan
How to disable SSH in Cisco devices, SSH, Cisco Router, Cisco Switch, crypto key zeroize rsa, enable SSH, Disable SSH, Cisco-remote-access, remote access, Routing and Switching, ssh disable, ssh enable, ssh reconfigure, Cisco Tips, Cisco Networking, Router Configuration, Switch Configuration, disable SSH in Cisco routers, disable SSH in Cisco Switches, Network Technologies and Trends, Cisco Commands

We all know the importance of SSH, and it is one of most used method for remote access of Cisco Devices either it might be a Cisco Router or a Cisco Switch. Most of the Network Engineers I come across say it is so complicated to either enable or disable the SSH in Cisco Devices.

 If you simply try to use “no commands” used to enable SSH it will not work. Here is the tip to disable the SSH in either Cisco Router or Cisco Switches.

 Commands used to enable SSH in a Cisco Device

ITKE-AS1(config)#ip domain-name itke.com

ITKE-AS1(config)#crypto key generate rsa general-keys modulus 512

The name for the keys will be: ITKE-AS1.itke.com

 

% The key modulus size is 512 bits

% Generating 512 bit RSA keys, keys will be non-exportable…[OK]

 

ITKE-AS1(config)#

ITKE-AS1(config)#aaa new-model

ITKE-AS1(config)#aaa authentication login default local

ITKE-AS1(config)#aaa authentication exec default local

 

Commands used to disable SSH in a Cisco Device

Do notice if you use the command “no crypto key generate rsa” it will not work rather the device will suggest you to use the ‘crypto key zeroize rsa’ command, amazing isn’t it

ITKE-AS1(config)#no crypto key generate rsa

% Use ‘crypto key zeroize rsa’ to delete signature keys.

 

ITKE-AS1(config)#crypto key zeroize rsa

% All RSA keys will be removed.

% All router certs issued using these keys will

will also be removed.

Do you really want to remove these keys? [yes/no]: yes

ITKE-AS1(config)#

Nov 14 2009   7:13AM GMT

How to configure Secure Copy (SCP) in Cisco Devices?

Posted by: Yasir Irfan
How to configure Secure Copy, How to configure SCP, Secure Copy, SCP, SSH, SSH Protocol, Port 22, encrypted tunnel, IOS transfer, Configuration backup, Cisco IOS 12.0(21)S, Cisco IOS 12.2(25)S, PIX/ASA firewalls 7.1, FWSM 3.1, Cisco Catalyst Switches, Cisco Routers, Cisco PIX/ASA TFPT, FTP, HTTPS, What is Secure Copy (SCP), secure, authenticated, Cisco Systems, Cisco Tips, Cisco Router tips, Cisco Switches tips, Network Tips, Network Technologies and Trends

In my previous post I was talking about the Secure Copy (SCP) what is it?  , now let’s see how to configure Secure Copy (SCP) in a Cisco Router or a Switch.

In order to configure Secure Copy (SCP) in a Cisco Router make sure the SSH is enabled and its working.

Step 1) Lets enable the SSH and AAA features in the Cisco Device

 

ITKE-AS1(config)#ip domain-name itke.com

ITKE-AS1(config)#crypto key generate rsa general-keys modulus 512

The name for the keys will be: ITKE-AS1.itke.com

 

% The key modulus size is 512 bits

% Generating 512 bit RSA keys, keys will be non-exportable…[OK]

 

ITKE-AS1(config)#

ITKE-AS1(config)#aaa new-model

ITKE-AS1(config)#aaa authentication login default local

ITKE-AS1(config)#aaa authentication exec default local

 

Step 2) In order to use the SCP feature to manage configuration we must have at least once user account with enough privilege to access it

ITKE-AS1(config)#

ITKE-AS1(config)#username itke privilege 15 password secret itkeleads

 

Step 3) Now you are ready to enable the SCP server on:

ITKE-AS1(config)#ip scp server enable

 

 

Just by following these 3 simple steps we can enable Secure Copy (SCP) in a Cisco router or a Switch. For any further clarifications you can always have a close look at Cisco’s document on Secure Copy (SCP). 

Nov 10 2009   6:07AM GMT

Fortinet October ’09 Threatscape Report Shows Highest Malware Levels Detected all Year

Posted by: Yasir Irfan
ZBot keylogger, Fortinet, Malware, security solutions, threatscape report, unified threat management, AntiVirus Pro 2010, Trojan, Bredolab, Scareware, October Threatscape report, Network Technologies and Trends

According to the latest Threatscape report (October 2009) released by Fortinet, the total amount of malware detected is more than a year, with levels four times greater than in the previous month (September 2009).

The two main Bredolab variants detected this month were W32/Bredo.G and W32/Bredolab.X, most notably included in fake DHL invoice spam campaigns.

Derek Manky, project manager, cyber security and threat research, Fortinet commented: “We’re seeing record levels of scareware building off volume from September, and the danger in these threats is only becoming more serious as the methods for delivery evolve and the blending of attacks bring more complexity.
“As we’ve seen in the consistency of repeated threats, the old schemes are still proving to be good methods. Enterprises and consumers must take equal responsibility in understanding the disguises of these threats and implementing a multi-pronged security solution that addresses the different and changing characteristics of tried and true tactics,” he added

During the month of October 2009 Scareware tactics have reached all time high, with worst ever attacks reported. Seven of the top ten malware variants detected linked back to scareware, with scareware tactics diverging to include botnets, corrupted advertisements and SEO attacks.

The most notable development in October 2009 was the preponderance of AntiVirus Pro 2010 rogue security software, which when installed will contact a remote server in order to obtain malicious payload and receive updated copies; a trojan downloader named Bredolab which is now downloading AntiVirus Pro 2010 installers and the ZBot keylogger; and the ongoing development of affiliate programs that tempt participants with a handsome pay-out on each software download purchased. Tools and kits are readily available to participating affiliates, accelerating the distribution of scareware and other malicious components.

Read the full October Threatscape report, which includes the top threat rankings in each category.

Nov 9 2009   6:47AM GMT

What is Secure Copy (SCP)?

Posted by: Yasir Irfan
Secure Copy, SCP, SSH, SSH Protocol, Port 22, encrypted tunnel, IOS transfer, Configuration backup, Cisco IOS 12.0(21)S, Cisco IOS 12.2(25)S, PIX/ASA firewalls 7.1, FWSM 3.1, Cisco Catalyst Switches, Cisco Routers, Cisco PIX/ASA TFPT, FTP, HTTPS, What is Secure Copy (SCP), secure, authenticated, Cisco Systems, Cisco Tips, Cisco Router tips, Cisco Switches tips, Network Tips, Network Technologies and Trends

 

We are all aware of the traditional way of transferring IOS files from and to Cisco Catalyst Switches, Cisco Routers and Cisco PIX/ASA firewall devices using TFPT, FTP and lately https. However there is also one more way to copy the IOS files, which is known as Secure Copy (SCP). The Secure Copy (SCP) is a secure and authenticated method of copying a configuration file or transferring an Image files to Cisco Catalyst Switches, Cisco Routers and Cisco PIX/ASA firewall devices.

 

Cisco Systems introduced the Secure Copy (SCP) feature in the following IOS releases

 

Release	Modification
12.2(2)T	This feature was introduced.
12.0(21)S	This feature was integrated into Cisco IOS 12.0(21)S.
12.2(25)S	This feature was integrated into Cisco IOS 12.2(25)S.

PIX/ASA firewalls 7.1 and above, FWSM 3.1 and above.

  

The Secure Copy (SCP) works on SSH protocol on port 22 which is like an encrypted tunnel. This tool is very useful especially to transfer files for upgrades or to perform safe backups.

 

In my next post you will find the commands to configure SCP in a Cisco Router and Switch.

Oct 15 2009   10:32PM GMT

Windows 7 is amazing in terms of Systems restoration

Posted by: Yasir Irfan
Windows 7, Windows 7 System Restore, Windows 7 Backup, Windows 7 Systems and Security, Backup your Computer, Introducing Windows 7, Windows 7 tips, Windows 7 System Image, system repair disk, Control panel, Windows 7 installation, USB hard disk, laptop, Restore your computer, Microsoft outlook 2007, Hibernation, Network Technologies and Trends, Network Tips

I am using Windows 7, since beta days and then now with RC release.  Couple of week’s back I was attending a Seminar “Introducing Windows 7” organized by Microsoft for their partners. I did asked few questions; one of them was related to Windows restore and hibernation. I asked them if I have a complete Backup of my computer in my external USB hard disk, is it possible to restore Windows 7 and all applications in a new hard disk. The gentleman said it’s not possible. I was not convinced thought of testing myself.

 First using the Systems and Security menu from Control panel I selected the option “Backup your Computer” and I selected I created a System Image in my External USB hard disk.

 

Then I created a System repair disk by using the menu “Create a system repair disk” from the Systems and Security menu from Control panel.

 

Once I am done with these things I replaced the existing hard disk in my laptop with a new one. Then I installed Windows 7 in my laptop, after completion of Windows 7 installation I restarted my laptop with the restore disk I created and I made sure my External USB hard disk is connected my laptop as well. I booted the laptop using the System repair disk and then I click next once I got this menu,

 

And then I selected the option “Restore your computer using a system image that you created earlier”

Then I selected the latest available system image which by default selected the image stored in my external USB hard disk,

 If by change if the latest system image is not shown you always have an option to select the image manually. Once I selected the image file stored in my external USB hard disk I was able to restore my laptop with all applications and documents stored in my original hard disk. Cool utility that too GUI from Microsoft in Windows 7. For some reason I forget to take the backup of my contacts in my Microsoft Outlook 2007 so again I removed the new hard disk and replaced it with the original one. When I restarted the laptop with the original hard disk, the laptop started back from the Hibernation mode. As I forget to shutdown my laptop before starting this whole operation. It was hibernated with lot of open files and windows. Amazing isn’t it.

 

Oct 14 2009   5:58AM GMT

Cisco intends to acquire advance wireless gear maker Starent Networks Corp for 2.9 billion dollars

Posted by: Yasir Irfan
Cisco Systems, Starent Networks Corp, Starent, Network Technologies and Trends, smart mobile, mobile internet, advance wireless, Wi-Max technology, Cisco Blog, WI-Max, Cisco acquisitions, Tandberg, Cisco News, Cisco Updates, next-generation networks

Yet another acquisition is planned by Cisco Systems. Cisco Systems is planning to buy advance wireless telecommunication equipment makers Starent Networks Corp for 2.9 billion dollars to boost its product offerings as phone carriers build out next-generation networks. This will be a second major acquisition this month for Cisco Systems after billion buyout of videoconferencing leader Tandberg for roughly 3 billion dollars.

According to a post in Cisco blogs, by acquiring Starent Networks Corp - Cisco Systems can expand their product portfolio in mobile internet market. As we all know the Emerging markets are seeing the success of Wi-Max technology. Surely this acquisition will help Cisco to broaden its presence in the Wi-Max area.

“The growth of smart mobile devices and net books has fundamentally changed consumer behavior with regards to how they use the Internet,” said Ned Hooper, Cisco’s chief strategy officer who also oversees the consumer business.

By first half of year 2010, the acquisition is expected to close. Until then Cisco Systems and Starent Networks Corp  will continue to operate as separate companies. Upon completion of the transaction Starent Networks Corp will become the new Mobile Internet Technology Group led by Starent President and CEO Ashraf Dahod. Starent was founded in 2000 and completed its initial public offering in 2007. The company is based in Tewksbury, Mass., and has approximately 1,000 employees worldwide.

Oct 11 2009   6:05AM GMT

“Show processes cpu sorted” good command to troubleshoot a Cisco Router CPU utilization

Posted by: Yasir Irfan
Cisco Routers, Cisco Switches, CPU Utilization, show processes cpu sorted, show processes cpu history, troubleshooting, Router Troubleshooting, switch troubleshooting, IOS 12.2 T, CPU utilization graph, Yasir, Network Technologies and Trends

During base lining or troubleshooting activity you may need to determine out the CPU Utilization of your Cisco router or Switch. While exploring to find out the top 10 ten CPU utilization process in a Cisco router, I discovered the sorted option of the “show processes cpu” command.

The sorted option is really a beneficial option in the “show processes cpu” command which can help you to find out the load of your Cisco router or a Switch over the last 5 seconds, 1 minute and 5 minutes. Starting in IOS 12.2 T, the “show processes cpu history” command gives a nice CPU utilization graph.

At times it is helpful to sort the processes by their percentage of CPU utilization. To do this you can use the show processes cpu sorted command as follows:

Some of the sample output is as follows

…. rest deleted……