In the coming hours I hope to be back on the ball and ready to pick up where I left off with a series of news, tips and opinions.

Until the next article……..take care!!

So thanks to Barcelona for the last few years but in 2011 Cisco Live has a change of venue and comes to the ICC ExCeL in London and will be there between January 31st and February 3rd 2011.

Super early bird registration is now open and if you register before the 5th October then you qualify for £400 off the £1695 fee.

http://www.ciscolive.com/europe/

http://www.ciscolive.com/europe/registration

Comment if you are going or you have an opinion on venue or cost!!

Anyway all that is about to come to an end next week when I attend my first Juniper course. I must admit I am actually quite excited about the prospect as from what I have seen the interface and configuration seems to me to be quite intuitive, well laid out and has some cool features like candidate configuration.

In preparation for the course I have just gone through Junipers prep course called “Junos as a second language” which is designed for people like me who have worked with IOS and have a good understanding if it and routing in general that are about to embark on the journey to learn Junos as well.

If you curios, the course is free and can be found at:

JSL Course For Network Engineers

Highly recommended for engineers in the same position as me or simply those curious of the what other vendors offer.

Pornographic Videos Flood YouTube

Very interesting if a little concerning!!

A router is there to serve a purpose and the clue to that purpose is in the name! Routers route between subnets and you will rarely see a router with less than 2 interfaces. The only exceptions I can think of would be route reflectors or routers in badly designed networks

So with all those interfaces which one does it choose as the source interface of, lets say a ping? Well its actually really simple. If you look in the routing table and perform a “show ip route 1.1.1.1″, for example, obviously replace 1.1.1.1 with your address, then you will see the next hop IP address in the output. Using the IP address returned perform another show ip route and you will see the egress interface that the packet will leave. Look at that interfaces’ address, that’s the address the router will use, simple!!

Now, that’s the same for your unicast traffic, TFTP, ICMP, SSH, Telnet etc, in fact any packet that the router will generate. You can, however, manipulate this behaviour, using various source interface command statements. See below for some examples:

ip tftp source-interface Loopback0

ip tacacs source-interface Loopback0

snmp-server trap-source Loopback0

Wireless Security on a Belkin Router

This got me thinking about how many times I have seen huge lists of open access points from my mobile devices. It would appear that even with simplified web based GUI interfaces that a lot of home and business users for that matter are confused when it comes to setting up their wireless equipment. Not because the interfaces are particularly hard to navigate but more due to an understanding of the implications of each setting.
I don’t intend this to be a step by step guide or how to blah blah blah but more of a general set of good practice steps to securing your wireless network.

I posted in the question that these are the things that I would look to do and would suggest as a basic set of rules for any network administrator.

Do not broadcast your SSID

Why do it? You know what its called, you configured it after all and it doesn’t need to be visible to connect to it. If it’s not a public access point and you are going to configure clients manually then why let everyone know its name? There are 2 pieces of information most secure networks will need in order to connect to them (SSID and password/key) and you are giving one of them away free!

Use MAC address filtering to permit only your machines network interface cards on the network

This ones can become labour intensive so I will caveat this for smaller SOHO networks. If your network does not have too many devices then add the MAC address into your access points MAC address permit table. This means that only the devices with the hardware addresses you specified will be able to connect to your network, regardless of whether they know the SSID and password or not!

Use strong Encryption

As the heading says. Use the strongest encryption that all your devices can support. If they can all support WAP then don’t use WEP. Encryption as well is only software. Some vendors will update software and include updates. Keep and eye out and here is my list of preference in descending order.

1. WPA2 + AES
2. WPA + AES
3. WPA + TKIP (maximum security commonly supported by older wireless adapters – can be cracked in 15 seconds since august 2009)
4. WEP (easily cracked in 5 minutes)
5. None (hmmm, dont bother)

Use strong password / Keys

Passwords are used for both accessing the equipment (AP) and the network itself. Passwords like “password” or “letmein” or dare I say it “1234″ are not secure. Be a bit more inventive and if you can’t then there are tons of random password generators out there on the web.

I have had this little gem now for a few years and having read it cover to cover I fell that it has given me a great insight into how routers and switches are actually put together. It’s a blinding book and fills all those little knowledge gaps.

If you deal with IOS on a daily basis then it’s a must have as far as I am concerned. Anyway, again, no bias towards Amazon but…….

Inside Cisco IOS Software Architecture

This has always been a bit of a grey area for me and I have high hopes for this book, its content and the new knowledge it will bring. I know TcL is a very powerful tool and since its incorporation into 12.3(2)T I have been waiting for such a book.

Anyway you can find it at all good bookshops, but for the lazy out there…….

TcL Scripting for Cisco IOS

Anyone who performs that sort of role, supporting LAN, WAN devices or remote CPE like me will have at some point made a change and then…………noooooooooo!!!!!!!!!! You have just locked yourself out or worse broke it Now this is not to say you are a bad engineer or a cowboy but for that one moment……..ow……..then you start to feel all hot :S

So what are the consequences? It could just be plain annoying and you might have to get someone on site to undo your mistake but in more extreme situations you could have just caused an outage and for users passing through an unmanned site. Lets face it these types of cock ups can range from the providing your colleagues with amusement to career limiting mistakes.

Now if its appropriate and lets say you are making changes to access-lists, crypto configuration or something that could lock you out or stop the router performing its primary function then use the “reload” command to protect yourself.

Before you commence that dangerous step simply type:

“reload in X” (where X is in minutes)

….then do what you need to……in less than however minutes you specified…..phew…..type:

“reload cancel”

That’s it, it’s done! And if the worst happens you know you will be able to get back on to it in a few minutes following a reload.