Security

Oct 18 2009   6:09AM GMT

CCIE Routing and Switching Official Certification Guide to be released in November 2009

Posted by: Yasir Irfan
CCIE Routing and Switching Official Certification, CCIE, Routing, Switching, Cisco Press, Rough Cuts, LAN Switching, CCNA, CCNP Books, CCNP, Cisco Press authors, Wendell Doman, Rus Healy, Denise Donohue, Cisco, Cisco Press Books, CCIE Routing and Switching Official Certification Guide, OSI model, bridging, IP and IP Routing protocols, Add new tag

I was just accessing the rough cuts for the Cisco CCIE Routing and Switching Official Certification Guide, 4^th Edition. I had a great first impression. I had a chance to read “LAN Switching” part. It was a great firsthand experience. This segment is organized well and the approach is similar to CCNA, CCNP books, starts with a brief introduction and then the most useful section of Cisco Press Books “Do I Know This Already?” Quiz followed by “Foundation topics and “Foundation Summary”.

 

Pic Courtesy: Cisco Press

 

The Cisco Press authors Wendell Odom, Rus Healy and Denise Donohue did a credible job; I liked the way they presented the topics, since I spent most of my time on Switching I really enjoyed the “LAN Switching” part. Though I am familiar with most of the things they were talking but it was great experience to refresh my info.

 

The CCIE Routing and Switching Official Certification Guide 4^th Edition is to be released on 19^th of November 2009 by Cisco Press, they are offering great discount do check Cisco Press web site for more details, but make sure you registered yourself to Cisco Press website to get more discount. Once the book released I will try to write a review on this book.

 

Oct 11 2009   6:05AM GMT

“Show processes cpu sorted” good command to troubleshoot a Cisco Router CPU utilization

Posted by: Yasir Irfan
Cisco Routers, Cisco Switches, CPU Utilization, show processes cpu sorted, show processes cpu history, troubleshooting, Router Troubleshooting, switch troubleshooting, IOS 12.2 T, CPU utilization graph, Yasir, Network Technologies and Trends

During base lining or troubleshooting activity you may need to determine out the CPU Utilization of your Cisco router or Switch. While exploring to find out the top 10 ten CPU utilization process in a Cisco router, I discovered the sorted option of the “show processes cpu” command.

The sorted option is really a beneficial option in the “show processes cpu” command which can help you to find out the load of your Cisco router or a Switch over the last 5 seconds, 1 minute and 5 minutes. Starting in IOS 12.2 T, the “show processes cpu history” command gives a nice CPU utilization graph.

At times it is helpful to sort the processes by their percentage of CPU utilization. To do this you can use the show processes cpu sorted command as follows:

Some of the sample output is as follows

…. rest deleted……

 

Oct 6 2009   7:55AM GMT

Hotmail passwords leaked online due to phishing attack

Posted by: Yasir Irfan
Hotmail password, pastebin, website, Hotmail, windows live, Neowin, password change, Security, phishing, illegal, hacking, Hotmail accounts, Virus, scam, password, protection, phishing attack, Microsoft's Security Response Center, Microsoft's PR teams, Windows live blog, @hotmail.com, @msn.com, @live.com, Hotmail passwords leaked

 

According to CNET latest updates, thousands of Windows Live Hotmail passwords have been leaked online due to phishing attack.  Some sources say more than 10,000 Windows Live accounts briefly appeared on web site PasteBin, including accounts on email domains like @hotmail.com, @msn.com, and @live.com. The list of leaked addresses starts with A & B. This news is raising fears among the Windows Live Hotmail users.

 

Microsoft has confirmed this news and it was first reported by Neowin. So if you’re a Live Hotmail user and you suspect you may have been affected, now’s the time to change that password and security credentials. If you are using the same password for other sites it’s strongly recommended to change the passwords and security credentials as well. Do act now

 

Do check the Windows live blog for more updates as well. And Microsoft strongly recommends its customers to using the following protective security measures

• Renew their passwords for Windows Live IDs every 90 days
• For administrators, make sure you approve and authenticate only users that you know and can verify credentials
• As phishing sites can also pose additional threats, please install and keep anti-virus software up to date

Neowin was to first act by reporting this incident immediately to Microsoft’s Security Response Center and to Microsoft’s PR teams in the UK and US. After leaning this breach, Microsoft “immediately requested that the credentials be removed and launched an investigation to determine the impact to customers,” it wrote on its Windows Live blog. 

 

Sep 14 2009   7:56AM GMT

R & M brings revolution by launching the new product Cat. 6A – Copper Cabling for High-Performance Data Networks

Posted by: Yasir Irfan
RJ 45 Connection Module, Cat6A, Copper Cabling, High Performance Data Center, Reichle & De-Massari, R & M, Cat. 6A standard, ISO/IEC, Network, Network Bandwitdh, Ineltec conference, Basel

Yesterday I received an email from the Area Manager Mohammed Fazal, of the leading Swiss cabling specialist, Reichle & De-Massari. According to his email R & M unveiled a major breakthrough in copper cabling, a new RJ45 connection module which meets the Cat. 6A standard as specified by ISO/IEC had been launched.

 

Jean Pierre Labry, managing director of R&M Middle East & Africa, said: “Cat 6A is the key to new maximum performance and greater operating reliability in data networks.”

 

He also added that the new devices allow companies to boost their network’s bandwidth and transmission quality without having to abandon the reasonably-priced and reliable RJ45 connector standard.

 

 

 

 

In a recently held Ineltec conference in Basel R & M unveiled the high speed RJ45 connection module.

 

The R & M development lab has discovered a new way of shielding individual twisted pairs from electromagnetic interference and the company claims the new devices will be suitable for transmission of data at speeds greater than 10Gbps.

Also check the press release from R & M.

The new research sponsored by Brockade and Eaton suggests still data centers are being driven by performance issues.

Sep 8 2009   9:45AM GMT

Remote Telnet useful tips!

Posted by: Yasir Irfan
Switches, Cisco, Cisco Tips, Cisco 3560, Cisco Learning, Network Troubleshooting, IOS commands, Cisco Routers, reload, Cisco Switch, Cisco Troubleshooting, Router Troubleshooting, Telnet, SSH

 

We all work remotely with Cisco routers and Switches, we often do login to do some configuration changes in the Cisco routers and Switches. What if we configured wrongly in the live Cisco routers and Switches which are located in the remote sites, we don’t enjoy the liberty of resetting the devices unless we have control over the power distribution.

 

In this scenario the “reload” command proves to be very handy and useful. Just before making any changes to the configuration we can use the “reload” command as demonstrated below

 

ITKE-Cisco#reload in ?

Delay before reload (mmm or hhh:mm)

 

ITKE-Cisco#reload in 10

 

System configuration has been modified. Save? [yes/no]: no

Building configuration…

[OK]

Reload scheduled in 10 minutes by yasir on vty0 (10.0.0.5)

Proceed with reload? [confirm]

ITKE-Cisco#

ITKE-Cisco#

 

 

***

*** — SHUTDOWN in 0:05:00 —

***

 

The above demonstrated command will reload the device in 10 minutes. After applying the “reload” command we can proceed with the configuration changes. If things go wrong and we lost connectivity

to the device, then try back after 10 minutes as the device will get reloaded with the original startup-configuration which can helps us to restore the connectivity to the device.

 

Once we are sure about the new configuration and its working properly without any hassles there is always a way  “reload cancel” command is there to cancel the reload.

 

ITKE-Cisco#reload cancel

 

I find this command to be very handy and useful especially when we have to telnet or SSH to remote Cisco router or a Switch.

Sep 5 2009   8:07AM GMT

Review for CCNP BCMSN Official Exam Certification Guide (4th Edition)

Posted by: Yasir Irfan
CCNP, CCNP BCMSN, CCNP Books, Cisco BCMSN (642-812) exam, CCNP BCMSN Official Exam Certification Guide, CCNP Official Certification Library, Cisco Press, Review for CCNP BCMSN Official Exam Certification Guide, Yasir, Boson Exams, HSRP, GLBP, David Hucaby, Router, Supervisor and Power redundancy, Switching, Switches, Router Supervisor and Power redundancy, Cisco Exams, CCNP Preparation

 

Hi folks, as I received a CCNP Official Certification Library, fifth edition thanks to Cisco Press (Jamie) for the great support lending on me all the time. To brief about the CCNP Official Certification Library, fifth edition is a comprehensive package for the four Cisco CCNP exams BCMSN, BSCI, ISCW and ONT. Starting from this post I will try my best review all the four Certification books comes with the CCNP Official Certification Library, fifth edition thanks. To start with I will go with the CCNP BCMSN Official Exam Certification Guide, fourth edition.

The CCNP BCMSN Official Exam Certification Guide, fourth edition is a true guide for preparing for the Cisco BCMSN (642-812) exam. The author David Hucaby did a wonderful job by the explaining the material in short concise way that facilitates easy learning.

The CCNP BCMSN Official Exam Certification Guide, fourth edition is divided into six parts , each part is well written and  more over its easy to understand. The most liked chapter for me is the Router, Supervisor and Power redundancy. Thanks to David Hucaby, I was able to migrate our network from HSRP to GBLP succefully. He explained the concept very well like I said it’s really easy to understand.

The CCNP BCMSN Official Exam Certification Guide, fourth edition does have the Scenarios for final preparations  There are nine scenarios covering wide range of concepts and are helpful not only from the exam point of view but also it can be used to troubleshoot the problems in real networks faced by some folks.

One more amazing thing I liked in the CCNP BCMSN Official Exam Certification Guide, fourth edition is the practice exams which are handful for the folks who has little exposure to real world networks, but it’s always recommend to have some hands on experience with Switches configuration and analysis.

Overall an excellent guide which can leads you to taste the success of passing Cisco BCMSN (642-812) exam. I would rate this guide 4.5 out of 5.

Aug 22 2009   8:46AM GMT

Configuring Multiple SSIDs in Cisco 1250 Access Points Series 6

Posted by: Yasir Irfan
Multiple SSID, Configuring Multiple SSID in Cisco Access Point, Cisco Aironet 1250 Series Access Points, configuring multiple SSIDs, VLANS, Cisco Configurations, Wireless, Cisco Wireless, Cisco Access Points, Cisco Aironet 1250, Cisco Aironet 1250 Access Point, Sample Configurations, configuration scenarios, Windows 2003 Server, Wireless Clients, SSIDs, Native VLAN, Cisco Catalyst 3560 Switch, Cisco Catalyst 6500 Series Switch, IOS Version 12.4(10b) JDA3, IOS version 12.2(44) SE1, IOS version 12.2(18) SXF14, Cisco IOS

In this post I will just post the snap shots for SSIDS ADMIN and GUEST, where you can see the SSIDS are connected, they got an IP address and they can ping the default gateway as well. It’s just to confirm  connectivity.

ADMIN SSID Connectivity

The PC is getting an IP from the DHCP Server for the SSID ADMIN  and VLAN 101

The PC can ping the default gateway

GUEST SSID Connectivity

The PC is getting an IP from the DHCP Server for the SSID GUEST and VLAN 102

 The PC can ping the default gateway

So with this I will conclude this series. If any body have any comments please do comment.

Aug 18 2009   7:47AM GMT

Configuring Multiple SSIDs in Cisco 1250 Access Points Series 5

Posted by: Yasir Irfan
Multiple SSID, Configuring Multiple SSID in Cisco Access Point, Cisco Aironet 1250 Series Access Points, configuring multiple SSIDs, VLANS, Cisco Configurations, Wireless, Cisco Wireless, Cisco Access Points, Cisco Aironet 1250, Cisco Aironet 1250 Access Point, Sample Configurations, configuration scenarios, Windows 2003 Server, Wireless Clients, SSIDs, Native VLAN, Cisco Catalyst 3560 Switch, Cisco Catalyst 6500 Series Switch, IOS Version 12.4(10b) JDA3, IOS version 12.2(44) SE1, IOS version 12.2(18) SXF14, Cisco IOS, Running Configuration, show running-config, ping command, Ping

 

Dear all lets proceed further with the configuration of the Cisco Catalyst 3560 Switch

 

Configure the Cisco Catalyst 3560 Switch.

 

In this step we will configure the Cisco Catalyst 3560 Switch port which is connected to the Cisco Aironet 1250 Series Access Point to the wired network. We will configure the Cisco Catalyst 3560 Switch port, which is connected to the Cisco Aironet 1250 Series Access Point as trunk port because this port will carries traffic for all the VLANs on the wired network. In our case the VLANs are VLAN 101, 102 and the native VLAN 100.

When you configure the Cisco Catalyst 3560, which connects to the Cisco Aironet 1250 Series Access Point ,ensure that the native VLANs that you configure match the native VLAN on the Cisco Aironet 1250 Series Access Point. Otherwise, frames are dropped. In order to configure the trunk port on the Cisco Catalyst 3560 Switch, use the following commands from the CLI on the Cisco Catalyst 3560 switch:

Note: In our scenario the Cisco Aironet 1250 Series Access Point is connected to a Cisco Catalyst 3560 Switch to the port number Giga Ethernet 0/20

ITKE-Cisco(config)#interface interface gigabitEthernet 0/20

ITKE-Cisco(config-if)# switchport mode trunk

ITKE-Cisco(config-if)#switchport trunk encapsulation dot1q

ITKE-Cisco(config-if)#switchport trunk native vlan 100

ITKE-Cisco(config-if)#switchport trunk allowed vlan 101,102

ITKE-Cisco(config-if)#switchport nonegotiate

ITKE-Cisco(config-if)#

 

(The above commands configures the Giga Ethernet port 0/20  as trunk port, with a dot1q encapsulation , with VLAN 100 as a native trunk VLAN ).

 

Note: Cisco IOS Software-based Aironet wireless equipment does not support Dynamic Trunking Protocol (DTP). Therefore, the Cisco Catalyst 3560 must not try to negotiate DTP.

With this configuration we have successfully completed the configuration of multiple SSIDs in the Cisco Aironet 1250 Series Access Point . In the coming post I will post the snap shots for the connection established to SSIDS ADMIN and GUEST. Basically we will test the connectivity with the ping command.

 

 

Aug 17 2009   5:40AM GMT

Configuring Multiple SSIDs in Cisco 1250 Access Points Series 4

Posted by: Yasir Irfan
Multiple SSID, Configuring Multiple SSID in Cisco Access Point, Cisco Aironet 1250 Series Access Points, configuring multiple SSIDs, VLANS, Cisco Configurations, Wireless, Cisco Wireless, Cisco Access Points, Cisco Aironet 1250, Cisco Aironet 1250 Access Point, Sample Configurations, configuration scenarios, Windows 2003 Server, Wireless Clients, SSIDs, Native VLAN, Cisco Catalyst 3560 Switch, Cisco Catalyst 6500 Series Switch, IOS Version 12.4(10b) JDA3, IOS version 12.2(44) SE1, IOS version 12.2(18) SXF14, Cisco IOS, Running Configuration, show running-config

 

In the previous post we looked at configuration of the VLANs and SSIDS in a Cisco Aironet 1250 Series Access Point.  The final configuration in the Cisco Aironet 1250 Series Access Point should be as follows, I am just posting the complete running configuration from the Cisco Aironet 1250 Series Access Point

 

 

ITKE-AP-01# show running-config

Building configuration…

 

Current configuration : 2693 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ITKE-AP-01

!

enable secret 5 $1$d1hx$IvRMqYGHs0JXjIgy8/.Ms0

!

no aaa new-model

!

!

!

dot11 ssid ADMIN

   vlan 101

   authentication open

!

dot11 ssid GUEST

   vlan 102

   authentication open

   guest-mode

   mbssid guest-mode

!

power inline negotiation prestandard source

!

!

username Cisco password 7 00271A150754

!

bridge irb

!

!

interface Dot11Radio0

 no ip address

 no ip route-cache

 !

 ssid ADMIN

 !

 ssid GUEST

 !

 mbssid

 station-role root

!

interface Dot11Radio0.100

 no ip route-cache

!

interface Dot11Radio0.101

 encapsulation dot1Q 101

 no ip route-cache

 bridge-group 101

 bridge-group 101 subscriber-loop-control

 bridge-group 101 block-unknown-source

 no bridge-group 101 source-learning

 no bridge-group 101 unicast-flooding

 bridge-group 101 spanning-disabled

!

interface Dot11Radio0.102

 encapsulation dot1Q 102

 no ip route-cache

 bridge-group 102

 bridge-group 102 subscriber-loop-control

 bridge-group 102 block-unknown-source

 no bridge-group 102 source-learning

 no bridge-group 102 unicast-flooding

 bridge-group 102 spanning-disabled

!

interface Dot11Radio0.100

 encapsulation dot1Q 100 native

 no ip route-cache

 bridge-group 1

 bridge-group 1 subscriber-loop-control

 bridge-group 1 block-unknown-source

 no bridge-group 1 source-learning

 no bridge-group 1 unicast-flooding

 bridge-group 1 spanning-disabled

!

interface Dot11Radio1

 no ip address

 no ip route-cache

 !

 ssid ADMIN

 !

 dfs band 3 block

 channel dfs

 station-role root

 bridge-group 1

 bridge-group 1 subscriber-loop-control

 bridge-group 1 block-unknown-source

 no bridge-group 1 source-learning

 no bridge-group 1 unicast-flooding

 bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

 no ip address

 no ip route-cache

 duplex auto

 speed auto

!

interface GigabitEthernet0.101

 encapsulation dot1Q 101

 no ip route-cache

 bridge-group 101

 no bridge-group 101 source-learning

 bridge-group 101 spanning-disabled

!

interface GigabitEthernet0.102

 encapsulation dot1Q 102

 no ip route-cache

 bridge-group 102

 no bridge-group 102 source-learning

 bridge-group 102 spanning-disabled

!

interface GigabitEthernet0.100

 encapsulation dot1Q 100 native

 no ip route-cache

 bridge-group 1

 no bridge-group 1 source-learning

 bridge-group 1 spanning-disabled

!

interface BVI1

 ip address 10.0.0.99 255.255.254.0

 no ip route-cache

!

ip default-gateway 10.0.0.1

ip http server

no ip http secure-server

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

 login local

!

end

 

ITKE-AP-01#

 

In my next post as promised I will post the configuraton for the Cisco Catalyst 3560 Switch.

Aug 16 2009   4:53AM GMT

Configuring Multiple SSIDs in Cisco 1250 Access Points Series 3

Posted by: Yasir Irfan
Multiple SSID, Configuring Multiple SSID in Cisco Access Point, Cisco Aironet 1250 Series Access Points, configuring multiple SSIDs, VLANS, Cisco Configurations, Wireless, Cisco Wireless, Cisco Access Points, Cisco Aironet 1250, Cisco Aironet 1250 Access Point, Sample Configurations, configuration scenarios, Windows 2003 Server, Wireless Clients, SSIDs, Native VLAN, Cisco Catalyst 3560 Switch, Cisco Catalyst 6500 Series Switch, IOS Version 12.4(10b) JDA3, IOS version 12.2(44) SE1, IOS version 12.2(18) SXF14, Cisco IOS, DHCP Server, IP Address

 

In today’s entry we will focus on configuration of VLANs and SSIDs in a Cisco Aironet 1250 Series Access Point. The procedure is as follows.

 

Configure

 

In this section, you will see the configuration steps required to complete the above mentioned scenario.

 

1^st Step: Configure the Native VLAN on the Cisco Aironet 1250 Series Access Point

The Native VLAN is a VLAN to which the Cisco Aironet 1250 Series Access Point and the Cisco Catalyst 3560 Switch are connected. Native VLAN of the Cisco Aironet 1250 Series Access Point is usually different from the other VLANS configured in the Cisco Aironet 1250 Series Access Point (In our case VLAN 101 and VLAN 102). The IP address used for the management of the Cisco Aironet 1250 Series Access Point is assigned to its BVI Interface and the IP address assigned is in the native VLAN. (In our case VLAN 100). . The traffic, for example, management traffic, sent to and by the Point itself assumes the native VLAN (VLAN 100), and it is untagged. All untagged traffic that is received on an IEEE 802.1Q (dot1q) trunk port is forwarded with the native VLAN (VLAN 100) that is configured for the port. If a packet has a VLAN ID that is the same as the native VLAN ID of the sending port, the Cisco Catalyst 3560 Switch sends the packet without a tag. Otherwise, the switch sends the packet with a tag.

In order to configure a native VLAN on a Cisco Aironet 1250 Series Access Point, issue the following commands in the global configuration mode on the Cisco Aironet 1250 Series Access Point

 

ITKE-AP-01(config)#interface gigabitEthernet 0.100

ITKE-AP-01(config-subif)# encapsulation dot1Q 100 native

ITKE-AP-01(config-subif)#exit

 

(The above commands will configure the encapsulation as dot1q and assign VLAN 100 as the native VLAN on the Giga Ethernet interface.)

 

ITKE-AP-01(config)#interface dot11radio 0.100

ITKE-AP-01(config-subif)# encapsulation dot1Q 100 native

ITKE-AP-01(config-subif)#exit

 

(The above commands will configure the encapsulation as dot1q and assign VLAN 100 as the native VLAN on the radio interface.)

 

 

2^nd Step: Configure the SSIDs on the Cisco Aironet 1250 Series Access Point

In this step we will configure two VLANs (VLAN 101 & VLAN 102) one for the ITKE administration department and other for the guest users only with an internet access.  The SSIDs are also need to be associated with specific VLANS as shown below.

 

·         VLAN 101 for the ITKE administration department and uses the SSID ADMIN.

·         VLAN 102 for the guest users and uses the SSID GUEST.

 

In order to configure a VLAN101 and 102 on a Cisco Aironet 1250 Series Access Point, issue the following commands in the global configuration mode on the Cisco Aironet 1250 Series Access Point

 

ITKE-AP-01(config)#dot11 ssid ADMIN

ITKE-AP-01(config-ssid)#authentication open

ITKE-AP-01(config-ssid)#vlan 101

 (The above commands will create an ssid ADMIN, assigned to VLAN 101 and with an open authentication.)

 

ITKE-AP-01(config)#dot11 ssid GUEST

ITKE-AP-01(config-ssid)#authentication open

ITKE-AP-01(config-ssid)#vlan 102

(The above commands will create an ssid GUEST, assigned to VLAN 102 and with an open authentication).

 

ITKE-AP-01(config)#interface gigabitEthernet 0.101

ITKE-AP-01(config-subif)#encapsulation dot1Q 101

ITKE-AP-01(config-subif)#bridge-group 101

ITKE-AP-01(config-subif)#exit

ITKE-AP-01(config)#

(The above commands will set the encapsulation dot1q for VLAN 101 and assigns the sub interface to bridge group 101 to the giga Ethernet).

 

ITKE-AP-01(config)#interface dot11Radio 0.101

ITKE-AP-01(config-subif)#encapsulation dot1Q 101

ITKE-AP-01(config-subif)#bridge-group 101

ITKE-AP-01(config-subif)#exit

ITKE-AP-01(config)#

 

(The above commands will set the encapsulation dot1q for VLAN 101 and assigns the sub interface to bridge group 101 to the sub interface on the radio interface).

 

 

ITKE-AP-01(config)#interface gigabitEthernet 0.102

ITKE-AP-01(config-subif)#encapsulation dot1Q 102

ITKE-AP-01(config-subif)#bridge-group 102

ITKE-AP-01(config-subif)#exit

ITKE-AP-01(config)#

(The above commands will set the encapsulation dot1q for VLAN 102 and assigns the sub interface to bridge group 102 to the giga Ethernet).

 

ITKE-AP-01(config)#interface dot11Radio 0.102

ITKE-AP-01(config-subif)#encapsulation dot1Q 102

ITKE-AP-01(config-subif)#bridge-group 102

ITKE-AP-01(config-subif)#exit

ITKE-AP-01(config)#

(The above commands will set the encapsulation dot1q for VLAN 101 and assigns the sub interface to bridge group 101 to the sub interface on the radio interface).

 

3^rd Step: Assign the multiple SSIDs to the radio interface on the Cisco Aironet 1250 Series Access Point

 

ITKE-AP-01(config)#interface dot11Radio 0

ITKE-AP-01(config-if)#ssid ADMIN

ITKE-AP-01(config-if)#ssid GUEST

ITKE-AP-01(config-if)#mbssid

(The above commands assigns the multiple SSIDs ADMIN and GUEST  to the radio interface dot11radio 0 ).

 

Note: The SSIDs ADMIN and GUEST are configured for open authentication, For information on how to configure different authentication types on the Cisco Aironet 1250 Series Access Point , refer the Cisco document “Configuring Authentication Types”.

In next post we will look at the configuration for the Cisco 3560 Switch .