Bambang F. Indarto

The Journey… The Shares

Posts Tagged ‘Cisco’

CCNA Concentration

Posted by bfindarto on August 22, 2008

According to Cisco literature, Cisco announced three new Associate-level concentrations that are relevant, role-based, and designed with the growing knowledge requirements of IT professionals and organizations in mind. These highly specialized associate-level concentrations represent areas of rapid development in technology convergence that makes up today’s sophisticated network environments and also offer a career stepping stone to the professional-level credentials.

The three CCNA concentration certification are:

  • CCNA Security
  • CCNA Voice
  • CCNA Wireless

All of those three concentration certification require you to have CCNA.

CCNA Security Certification
Exam Code: 640-553 IINS: Implementing Cisco IOS Network Security (IINS)

CCNA Security Certification meets the needs of IT professionals who are responsible for network security. It confirms an individual’s skills for job roles such as:

  • Network Security Specialists
  • Security Administrators, and
  • Network Security Support Engineers.

This certification validates skills including installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security structure

Students completing the recommended Cisco training will gain an introduction to core security technologies as well as how to develop security policies and mitigate risks. IT organizations that employ CCNA Security-holders will have IT staff that can develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats.

CCNA Voice Certification
Exam Code: 640-460 IIUC: Implementing Cisco IOS Unified Communications (IIUC v1.0)

The Cisco® CCNA Voice certification confirms that you have the required skill set for specialized job roles in voice technologies such as:

  • Voice technologies administrator
  • Voice engineer, and
  • Voice manager.

It validates skills in VoIP technologies such as IP PBX, IP telephony, handset, call control, and voicemail solutions. Candidates also get exposure to the Cisco Unified Communications architecture and design covering mobility, presence, and TelePresence applications.

The CCNA Voice Certification enables employers to validate that their staff possess a strong foundation in voice applications and infrastructure concepts; and are capable of performing baseline installation, operating, and maintenance tasks on Cisco VoIP solutions, particularly the Smart Business Communications System from 8-250 lines.

CCNA Wireless Certification
Exam Code: 640-721 IUWNE: Implementing Unified Wireless Networking Essentials (IUWNE v1.0)

CCNA Wireless recognizes the critical importance of professionals supporting wireless LANS including:

  • Networking Associates/Administrators
  • Wireless Support Specialists, and
  • WLAN project managers.

The CCNA Wireless Certification validates candidate’s skills in the configuration, implementation and support of wireless LANs, specifically those networks using Cisco equipment. Students completing the recommended Cisco training are provided with information and practice activities to prepare them for, configuring, monitoring and troubleshooting basic tasks of a Cisco WLAN in SMB and Enterprise networks. Employers will be able to validate their staff have the skills needed for basic wireless networking on a Cisco WLAN in SMB and enterprise networks after completing certification.

All of these three CCNA concetration certification are valid for three years. To recertify, Pass any current CCNA concentration exam (wireless, security, voice) OR pass a current 642 professional exam, OR pass the current CCIE written exam or the current CCDE written exam.

Source: Cisco, and other links.

Posted in Cisco Networking | Tagged: , , , | Leave a Comment »

Service Command in Cisco Routers

Posted by bfindarto on June 1, 2008

The service command is the beginning of 24 other subcommands. Some of these commands are relatively unimportant, but others are so important that you probably know them by heart. However, as you know, many commands seem unimportant — until you need them. You may list all the service subcommands by typing service ? at configuration mode.

From all 24 service subcommandshere the list of some most important commands you should know.

1. service dhcp
You can use the service dhcp command to enable or disable the Cisco IOS DHCP server and relay agent. The Cisco IOS enables this command by default.

However, if you’re turning on DHCP or it isn’t functioning, you should check the status of the service dhcp command. (You can disable the server using the no service dhcp command.)

2. service linenumber
This command notifies the user of the router’s or switch’s async line number used at login. This can come in handy if you’re having problems with your VTY line — it reminds you what line you’re on. It even works on the console. Here’s an example:

myRoutercon0 is now available
Press RETURN to get started.

myRouter line 0


3. service password-encryption
This command should be one you’ve already enabled. While disabled by default, the service password-encryption command is one that I recommend everyone turn on.

This command encrypts the Cisco IOS passwords stored in the router’s NVRAM configuration files. This helps prevent anyone from browsing the passwords if the configuration finds its ways to something like a TFTP server.

4. service nagle
Nagle is a congestion control algorithm used to reduce the transmission of small packets. It’s a bandwidth-saving feature for keystroke-based applications (such as Telnet). While the Cisco IOS turns off Nagle by default, you can enable it with the service nagle command.

5. service prompt config
The service prompt config command displays the configuration prompt.

If you enter no service prompt config, you’ll get no prompt when going into Global Configuration Mode. In other words, you can still type, but you don’t get any kind of prompt. This would really throw off someone who wasn’t familiar with this command.

Here’s an example:

myRouter(config)# no service prompt config

myRouter# conf t
Enter configuration commands, one per line.  End with CNTL/Z.

service prompt config

6. service sequence-numbers
You can use the service sequence-numbers command to insert sequence numbers into log files. This can be important when log entries are coming really quickly. In fact, they can come so quickly that they appear at the same time. Here’s an example of sequence numbers:

000377: *Mar 17 23:06:33.609: %SYS-5-CONFIG_I: Configured from console by console

(where the 000377 is the sequence number)

7. service tcp-keepalives
You can use the service tcp-keepalives-in and the service tcp-keepalives-out commands to monitor TCP connections to and from the router. They can terminate connections if the router or switch doesn’t receive a response from the remote device.

8. service tcp-small-servers
The Cisco IOS disables the service tcp-small-servers command by default. Enabling this command turns on the following services on the router: Echo, Discard, Chargen, and Daytime.

I don’t recommend enabling this service because it could be a security concern. If you see any routers that have this command enabled, I suggest disabling it unless there’s a purpose for these services.

9. service timestamps
You can use the service timestamps command to create timestamps on the router’s log files. Since version 11.3, the Cisco IOS has enabled certain timestamps by default, so most of us have this on. However, there are additional timestamps options that you can enable as well as places where timestamps are probably off by default.

Here’s an example of turning on all timestamp options for logging and debugging:

service timestamps log datetime localtime msec show-timezone year
service timestamps debugging datetime localtime msec show-timezone year

10. service password-recovery
The service password-recovery command enables the password recovery capability. This lets you recover the enable-mode password if you lose it by changing the config-register.

The no service password-recovery command can be dangerous. If you use this command, there’s no way to recover the enable-mode password if you lose it.

Posted in Cisco Networking | Tagged: , , , | Leave a Comment »

EIGRP with Authentication

Posted by bfindarto on May 4, 2008

Enhanced Interior Gateway Routing Protocol (EIGRP) is a routing protocol used to select the best suitable route for packets within a network. Basically EIGRP is the enhanced version of IGRP protocols and developed by Cisco Systems. EIGRP uses a bandwidth and delay method to calculate the metric of a network route.

In its configuration, EIGRP may help you to enable authentication protect routing table. In this case, we will try to configure two different routers with routing protocol EIGRP and then perform the authentication between them using the IP authentication key-chain eigrp interface command.

We will use network topology of two different class network in given figure:

EIGRP Sample Topology

Configuration to Enable EIGRP on Router A:
A (config# router eigrp 210 // Enable EIGRP protocol and 20 is Autonomous number.
A (config-router)# network //Advertised router A Serial Network
A (config-router)# network //Advertised router A Ethernet Network

Configuration to Enable EIGRP on Router B:
B (config) # router eigrp 210 //Enable EIGRP protocol and 20 is Autonomous number.
B (config-router) # network //Advertised router B Serial Network
B (config-router) # network //Advertised router B Ethernet Network .

Now Configure EIGRP Authentication on Router A

A (config) # key chain myKey //Create the key chain name, eg. myKey.
A (config-keychain) # key 1 //Set the key number, eg. 1.
A (config-keychain-key) # key-string ironman //Set the key string, eg. “ironman”.
A (config-keychain-key) # end

Now specify the interface that you want to configure EIGRP message authentication.

A (config) # interface serial 0/0/0
A (config-if) # ip authentication key-chain eigrp 1 myKey
A (config-if) # ip authentication mode eigrp 1 md 5
A (config-if) # end

Now Configure EIGRP Authentication on Router B

B (config) # key chain myKey //Create the key chain name, eg. myKey.
B (config-keychain) # key 1 //Set the key number, eg. 1.
B (config-keychain-key) # key-string ironman //Set the key string, eg. “ironman”.
B (config-keychain-key) # end

Now specify the interface that you want to configure EIGRP message authentication.

B (config) # interface serial 0/0/0
B (config-if) # ip authentication key-chain eigrp 1 myKey
B (config-if) # ip authentication mode eigrp 1 md 5
B (config-if) # end

Posted in General | Tagged: , , , , | Leave a Comment »