Some Photos From My Holiday in Australia – May 2008.

Mooloolbah Beach

With Friends – Coffeee Club in Brisbane

Hervey Bay

Koala Sanctuary

Coffee Club – Mooloolbah Beach

Are You Using a Router Simulator?

I am writing a round up of router sims. I don’t really recommend them but I do accept that it may be hard to get your hands on live kit at times.

I will be reviewing as many sims as possible so please send me details of any you are using so I can include it. I will be covering some by large companies such as Boson and some written by one man bands which seem very good to me.

Contact me at help@howtonetwork.net.

Video Request?

We are happy to add content about various Cisco subjects which you may find useful. They don’t have to be included in the CCNA syllabus but should be general enough to be of use to a lot of people who visit the site.

Please drop us a line at:

help@howtonetwork.net

Cisco IINS – Implementing Cisco IOS Network Security

What You’ll Learn

1. Develop a comprehensive network security policy to counter threats against information security
2. Configure routers on the network perimeter with Cisco IOS Software security features
3. Configure a Cisco IOS zone-based firewall to perform basic security operations on a network
4. Configure site-to-site VPNs using Cisco IOS features
5. Configure IPS on Cisco network routers
6. Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic

Course Outline

1. Introduction to Network Security Principles

* Network Security Fundamentals * Network Attack Methodologies * Operations Security * Security Policy * Building Cisco Self-Defending Networks

2. Perimeter Security

* Securing Administrative Access to Cisco Routers * Cisco SDM * Configuring AAA on a Cisco Router Using the Local Database * Configuring AAA on a Cisco Router to Use Cisco Secure ACS * Implementing Secure Management and Reporting * Locking Down the Router

3. Network Security Using Cisco IOS Firewalls

* Firewall Technologies * Creating Static Packet Filters Using ACLs * Configuring Cisco IOS Zone-Based Policy Firewall

4. Site-to-Site VPNs

* Cryptographic Services * Symmetric Encryption * Cryptographic Hashes and Digital Signatures * Asymmetric Encryption and PKI * IPsec Fundamentals * Building a Site-to-Site IPsec VPN * Configuring IPsec on a Site-to-Site VPN Using Cisco SDM

5. Network Security Using Cisco IOS IPS

* IPS Technologies * Configuring Cisco IOS IPS Using Cisco SDM

6. LAN, SAN, Voice, and Endpoint Security Overview

* Endpoint Security * SAN Security * Voice Security * Mitigating Layer 2 Attacks

Finding Your Dream Cisco Job Part II – What Is True?

What Is True?

You might want to print this page out.

When I ask you about your beliefs surrounding finding work
as an IT or network engineer I wonder what thoughts come to
mind. What I mean is, what beliefs do you have about what
will happen and what your chances are?

Is it going to be a breeze or almost impossible. Are you a
great candidate which any company would be lucky to have or
are you desperate and will take anything that comes up?

I just want to find out where you are and perhaps challenge
a few beliefs that may not be helping you at the moment so
can you write down a few things you believe to be true about
your quest to find an IT job.

Belief #1

Q. Where did you get this information from?

Q. What if that source was not as reliable as you think or
worse still, wrong?

Q. Is this belief helping or hurting you in your job
hunting quest?

Q. What would a better belief be?

Belief #2

Q. Where did you get this information from?

Q. What if that source was not as reliable as you think or
worse still, wrong?

Q. Is this belief helping or hurting you in your job
hunting quest?

Q. What would a better belief be?

Belief #3

Q. Where did you get this information from?

Q. What if that source was not as reliable as you think or
worse still, wrong?

Q. Is this belief helping or hurting you in your job
hunting quest?

Q. What would a better belief be?

What I want to do here is loosen your model of the world.
The painful truth is that we decide what type of world
we want to see on the inside and project it outside. I
have seen students pass their CCNA with no previous
experience and then walk into a really nice job and then
others never ever get the role they want.

What is that all about? If both have the same qualification
and no IT experience apart from their CCNA prep then what
is the difference that makes all the difference?

See you next time.

Paul Browning

Network Troubleshooting Tips – Part I
An absolutely essential skill for any network engineer is
knowing how and where to find answers to questions. The
easiest thing to do if you get stuck is to put a question
on a discussion forum and wait for the answer.

Is this always the best way though?

I have been there myself and to be honest, I have just
gone onto a board, posted the question and waited for
somebody else to answer it for me. There may be a better
way though.

Firstly, you don’t want to be thought of as the board pain
which is the person who continually posts question after
question, shows no attempt to research their own problems
and never thanks people for their time.

Second. If you don’t take the time to find out answers or
to find out how to find out the answers you are going to
come to a point where you are stuck one day and people
are not there to help you.

Here is what I recommend you do if you are stuck on a
problem you need the answer to:

First – define the issue. Is the problem where you see it
or is something else behind it. You can often be called
by a user who claims that the network is down when it is
just his PC or they can call you saying that their PC is
down when it is actually the entire network.

Second – can you articulate what is actually happened, if
there have been any changes recently and what steps you
have taken so far to resolve it?

Third – have you read up on any books, documentation or
spoken to any other people about the problem? The best
resource I have found is obviously Google.com

next time I am going to tell you how to get the best out
of discussion boards.

Finding Your Dream Cisco Job Part III – Write It Down

You might want to print this page out.

If I asked you to describe your dream IT job what would you
say to me?

You may say something like ‘Doing network support for a big
company’ or ‘I just want to get a break into IT, I don’t
mind what it is.’

The funny thing is that if you don’t know what your goal is
then how are you supposed to achieve it? If you went to the
travel agent wanting to go on holiday she would ask you
what sort of holiday you wanted. Somewhere hot, exotic, an
ocean view or in a city, near to home or many miles away?

So I ask you again. Describe to me your dream IT job.

What I am getting you to do is to have a think about the
sort of place you want to be working and what you want your
role to consist of. Would you like to work on a very busy
IT desk with lots happening and very large projects or
would you prefer a slower pace of a smaller company where
things are not so hectic.

Would you like to be part of a small team or do you love
working and chatting with lots of people. Do you want to
be installing equipment and getting your hands dirty or
would you prefer remote support and configuration?

Your job hunting strategy depends upon who your target is
and if you don’t know who your target is you either won’t
find it or worse you will take a role which you know deep
down you will be unhappy in.

Next time we will get into the how to of job hunting for
IT roles. Before then please write down your answers to
these questions:

Where would you like to be working? Near to home or far.
In a big city or small town or village?

What size team would you like to be working with?

What sort of technologies do you want to work with?

Would you like to be busy or prefer a slower pace where
you can focus on one thing at a time?

Would you like to be closely supervised or be free to work
on your own?

What sort of training would you like? Would you like you
employer to sponsor you or would you prefer to learn
yourself in your own time?

How long would you like to be working there before you
move on to another role?

See you next time.

Paul Browning

Getting the Most From IT Discussion Boards

When I first left the police and went into a career in IT
I noticed quite a few changes.

First, that the character type of IT people was very
different to that of police. I suppose different character
types are attracted to certain roles. Most police were
action oriented, good with people, confident and coped well
with stress. I found many IT people wanted to avoid people,
were uncertain of themselves and wanted very much to focus
on problems which had to be fixed.

There is nothing wrong with this of course, I just found it
a bit hard to get used to.

Which leads me onto discussion forums for IT people. When I
started to use these as part of my study system I was very
surprised by what I found. Most of the questions had
nothing to do with technical issues. People were looking for
career advice or even worse, certification advice. It was
questions like this:

1. Should I finish my degree or do the CCNA

2. Should I do the MCSE or CCNA

3. I have passed my CCNA, what should I do now?

and so on.

My mother always says, ‘Ask a silly questions and you get
a silly answer.’ The answers to these type of questions are
as good as useless because the question is useless. And do
you even know who is answering it? Is it a 15 year old
programmer or some bitter and twisted employee who has been
stuck in the same role for 20 years?

People cannot tell you what you should and shouldn’t do with
your life and career. Only you know the answers to those
questions.

I also found another thing. There are many people who gain
significance in their lives from answering questions on
the discussion boards. You will see them because they have
been on there for years, have to list ever single exam they
have ever taken to show you how clever they are. If you
ever dare to argue with them they will unleash a torrent of
abuse at you for daring to challenge their opinion.

The worst offenders I have seen consistently give poor advice
such as telling you not to even dare to apply for a job
until you have 3 years experience and you must start at the
very bottom. They tell you to do the same thing they did
which is learn how to fix PCs, then servers before you go
into Cisco.

The list is endless but the result is the same. People make
life altering decisions based upon very bad advice.

I have no agenda here by the way. I am not saying that
they are wrong and you should do what I say instead. I am
just bemused at the scenario I see played over and over
again.

I would personally advise that you use the discussion
forums to seek answers to technical questions rather than
to use it for surrogate life coaching.

When you post a question:

1. Please be specific. What is the problem you want help
with? Which device and IOS release is it? What are you
doing when the problem happens (exactly).

2. What steps have you taken to resolve or research the
problem. If you have just posted a question without even
trying to find the answer then you may find that people
don’t want to help you.

You can find answers on:

google
cisco.com
cisco books and manuals
replicating it on similar equipment
searching forums where your question has been asked

3. Always take time to thank the people who answer your
question. They don’t get paid to help you so the least you
can do is thank them.

I hope my ramblings help.

Paul Browning

Cisco Access Server Configuration.

Configuring a Cisco Access Server

Introduction

——————-

Cisco access servers are used to give you multiple connections to the console port of Cisco devices. The cisco access server models are:

Model 2509

1 Ethernet port

2 synchronous serial ports

8 asynchronous serial ports

Model 2510

1 Token Ring

2 synchronous serial ports

8 asynchronous serial ports

Model 2511

1 Ethernet

2 synchronous serial ports

16 asynchronous serial ports

Model 2512

1 Token Ring

2 synchronous serial ports

16 asynchronous serial ports

You can read more about these models via the below link which is a shortened like to a Cisco.com page:

http://tinyurl.com/4lglbp

You will need an octal cable which you can easily buy from ebay if you search for ‘Cisco octal cable.’ The octal cable plugs into your asynchronous port on you router and you then plug the 8 console leads into the console ports on the routers or switches you wish to connect to.

Each console lead should have a number on it from 1-8 and when you configure the Cisco access server you number the ports from 2001 to 2008 which indicates the number on the console lead.

Configuring the Access Server

————————————-

You need to add an IP address to the access server. It can either be on the loopback interface or if you wish to connect it to your LAN it can be on the ethernet interface. The above models have the old style AUI ethernet connectors so you will need to use an adaptor if you wish to plug in an ethernet cable.

router(config)#interface loopback 0 router(config-if)#ip add 192.168.1.1 255.255.255.0

next you determine host names and which ones are plugged into which routers

ip host R1 2001 192.168.1.1
ip host R2 2002 192.168.1.1

so in the above config we are using console leads 1 and 2 to connect to Router 1 which is called R1 and Router 2.

We then add a very minimal config to the console lines. We will have lines 1-8 with a one asynch router and 1-8 then 9-16 on a router with two asynch ports. Please double check which port you connect to and remember that all octal cables are numbered 1-8 so if you plug a second one in, on the config it will start with port 2009.

On the console lines you have several options. You need to determine which traffic can open the line with the ‘transport input’ command.

router(config)#line 1 8
router(config-line)#transport input all

You can also specify timeouts if the line is quiet with ‘session-timeout’ command. You can specify the exec timeout with the ‘exec-timeout 0 8’ command.

I would apply the bare minimum commands you can get away with which will be the ‘transport input all’ command.

In order to test the connection you can simply put the hostname of the router after the router pound sign:

router#r1
Trying r1 (192.168.1.1 , 2001)….Open Hit enter key

(you then press the enter key)

Router>

And hey presto you are on Router1.

To quit hold down the control-shift-6 keys together and then let go and press the x key (don’t ask me who thought that up).

You can use the ‘show line’ command on the access server to see which lines are in use as indicated by the *.

Somtimes you try to connect to the router but it says:

% Connection refused by remote host

This means that somebody else is on the router console port or it didn’t clear. Clear it with the ‘clear line 1’ command (for line 1) and press enter to confirm.

You can use the ‘show users’ command to see what connections have been made to the router. Also try the ‘show users’ command.

I hope it helps.

Paul

10 Reasons Why You Must Pass Your CCNA

Yes, I know you have been meaning to get on with passing your CCNA. You have some books and maybe a few other study tools but you never seem to be able to knuckle down and follow the study plan you keep meaning to write.

Now is the best time for you to pass your CCNA. There are big transitions taking place in the global ecomony at the moment and the certified engineer will always have the advantage over the person who says he or she can do the job but has never bothered to take the exam to prove it.

Here are a few reasons you need to get certified ASAP:

1. You can demand a higher salary than non qualified peers.

2. You are less likly to be made redundant

3. You will be recognised as an authority by others.

4. You will gain the respect of peers and your boss.

5. Your confidence levels will dramatically increase.

6. You will prove to yourself you have self discipline.

7. You can begin to build a list of private clients who need network support.

8. Your resumee will be at the top of searches made by recruitment agents.

9. Your IT knowledge will be right up to date with latest technologies and trends.

10. Because your are worth it!

You are about 4-6 weeks hard work away from passing your CCNA or CCENT even if you are a novice. It just takes 2 hours per day and the discipline to commit to do what it takes to passing.

When you do pass you keep your CCNA qualification for three years before you need to re-certify.

Thanks

Paul Browning