482 Results Found
The triple constraints model has been one of the main staples for teaching project management for as long as I can remember. The model is generally represented by a triangle with Scope on the horizontal leg, Time on the left leg, Cost or Resources on the right leg an...
Telepresence is a set of technologies that allow video conferencing in such a way that the user feels as if they are actually at the remote site. Cisco sells a variety of platforms in the telepresence space supporting up to three 65” high definition video displays,...
If you create presentations using the notes feature in PowerPoint, you probably have found yourself wanting to print multiple slides on one page (handouts) with the notes associated with those slides displayed on the same page. This layout can often help you better p...
When integrating a Voice over IP (VoIP) system into an existing network it is very important to have a good understanding of how much bandwidth is utilized for each call on the network. For most people, just starting out the bandwidth calculations can be a very daunt...
You may have noticed that it’s the dynamic routing protocols that get all the glory. Since I like rooting (routing?) for the underdog, let’s talk about static routes! As you may recall, a router has three methods for learning a route. A route can appear in the routi...
Recently we've been comparing using Telnet with Secure Shell protocol to allow remote access to a device such as a router or switch. Now, we're going to compare File Transfer Protocol (FTP) and Trivial File Transfer protocol (TFTP) for a Cisco router or switch. These...
RIP is a protocol that is used for routing IP networks. It was designed in the early 1980’s for communication between gateways (computers with two NIC’s). It is the oldest routing protocol used by the network industry and is considered by many to be inefficient or bo...
So far, in our discussion of Router Information Protocol (RIP), we’ve discussed the basics and also verified and reviewed RIP version1. We stated that RIP version 1 is a classful routing protocol that used FLSM and sent it routing updates without the subnet mask. In...
Devices must send dual-tone-multi-frequency (DTMF) when a phone call is routed to an automated system. Automated attendant (AA), voicemail (VM), or interactive voice response (IVR) systems are some examples of the types of automated systems that can pick up phone calls.
Exchange 2010 builds upon the significant changes to the transport that were made in Exchange 2007. In this article, I'll review the transport pipeline and routing components and list some of the new architectural and administrative enhancements to the Exchange 2010...
Call Admission Control (CAC) is often times included as part of the same topic as Quality of Service (QoS), when in actuality CAC is a separate and complete topic itself. QoS is defined as traffic engineering on a packet switched network. This definition means movin...
Find out which OSI layer is concerned with reliable end-to-end delivery of data - and more. Get answers to your OSI reference model and network layer questions here.
When sending data end-to-end through a network, routers are used in internetworking to create a virtual network from one device to another, either locally or globally. Routers are configured to operate with most common network protocols. That means they know the form...
Cisco Unified Communications Manager (CUCM) includes a feature called "call throttling" that denies new call attempts when the system is in a state that may lead to delayed dial tone. The Real Time Monitoring Tool (RTMT) will generate a code yellow alert when call t...
No matter what book or manual you use to study for the CCNA examination, you will see various protocols and processes referencing an RFC. And, although frequently referenced, the RFCs are seldom actually included in the documentation. So, the logical question becomes...
In the previous discussion on QoS, the uses of Per-Hop Behaviors DiffServ to mark packets were identified and discussed in detail. Today’s post will identify the mechanisms to implement QoS. The five main categories of tools used to implement QoS are as follows. Cl...
Cisco IP phones support a variety of different audio codecs. In this post, I will explain some of the differences and explain which versions of CUCM and the Cisco IP phones support the various audio codecs. Audio codecs are responsible for sampling human speech (a s...
ASA and PIX software version 7.0 introduced the configuration command nat-control which didn’t exist in previous versions of code. Although training course material for both the SNAF (Securing Networks with ASA Fundamentals) and SNAA (Securing Networks with ASA Advan...
There are some common misconceptions on the part of some of my students as to how VPN sessions are established from either a remote location or remote user to the ASA firewall. In particular, a “gray area” seems to be when the attributes from the tunnel group are app...
One aspect of Unified Communications is this concept of trunk groups. I will discuss what they are, what benefit they can provide and how to configure them for Cisco gateways. First of all the official definition of a trunk group is “A group of trunks serving the s...
Last blog we looked at how we can use Trunk groups to ease the configuration of dial-peers and digit manipulation using analog FXO ports for an E911 solution. Now let’s take a look on how it can be used for T-1 CAS configurations and ISDN channel selection. The firs...
Project procurement activities are often managed by specialists. By this I mean that the procurement department takes over responsibility for purchasing and contract management from the project manager. As a result of this separation of responsibilities, the steps and stages of procurement are often poorly understood by PMs. In this and the next few blog submissions, I will attempt to shed light on procurement activities and relate these activities to the PMI PMBOK.
Internet Protocol (IP) routing protocols have one primary goal: to fill the IP routing table with the current best routes it can find. The goal is simple, but the process and options can be complicated. Routing protocols define various ways that routers chat among th...
In light of the recent tragic events in Haiti, it might be a good time to review some of the requirements for a well designed Uninterruptible Power Source (UPS) to be included in all of our critical network installations. As a CCNA, we are called upon to help maintai...
I recently was presented with the challenge of logging ALL of the pertinent connection, disconnection, and termination messages associated with the Cisco SSL AnyConnect client without overwhelming the syslog capture display with extraneous messages. This blog will br...
Recently, I was asked the following question: “We plan to implement Windows 7 in our network very soon. We want to use Windows 2003 Domain Controllers for the next couple of years. Can we make the hundreds of new Group Policy setting available to Windows 7 Windows Server 2003 DCs?” This is not an unusual situation. Some organizations find they need to replace their desktop computers immediately because of age or obsolescence and others wish to upgrade to Windows 7 because of its superior security and performance. But there may be no budget or desire to upgrade to Windows 2008 or 2008 R2. Luckily, it is not difficult to adapt Server 2003 to work with Windows 7.
In my last post, we learned that the Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts, identified as DHCP clients, to retrieve IP address assignments and other configuration information. DHCP uses a client-server architectur...
There are many interesting new issues that seem to have come with the addition of voice and video to the data network. Most of the engineers that are now working on VoIP networks come from either a pure data network background or a traditional phone system background...
Learn how to calculate QOS Bandwidth Percent vs Bandwidth Remaining Percent using a Cisco-defined formula. Read on for answers and examples from the experts at Global Knowledge!
Windows 7 can be a good file server on very small workgroup networks. Although Windows 7 is limited to only 10 concurrent client connections as a file server it can do a good job making files accessible over a network. Windows 7 shares a great deal of code with Windo...
Even in professionally managed network environments it is still possible for mistakes to happen. If an Active Directory object such as a user or computer account is accidentally deleted network access will be lost. Worker productivity will decline until the account...
The subject of this week’s post was actually prompted by a question from a former colleague. Soon after the PIX Firewall added support for IPSec Virtual Private Networks, a command was added to the command-line, sysopt connection permit-ipsec. This command was subse...
Windows Vista introduced AERO, a desktop experience that had four major elements; Windows Flip, Windows Filmstrip, AERO Glass transparency and fully realized thumbnail views on the Taskbar. Windows 7 added several new features to AERO, including AERO Snap, AERO Shake...
Occasionally as I'm teaching a Cisco training class, I get an idea for a blog post and it happened again this week. The Securing Networks with ASA Fundamentals curriculum is mostly based on the Adaptive Security Device Manager (ASDM). While the class describes the us...
I recently came across an opportunity to use a relatively new feature in Cisco Unified Communications Manager (CUCM). Suppose you are the telecom administrator at a community hospital. During business hours, the Facilities Department is staffed and team members simpl...
Windows Software Update Services (WSUS) is commonly used to distribute security patches and updates for Windows operating systems and Microsoft applications. WSUS is a web application that runs within Internet Information Services (IIS) on Windows Server. When client...
Adding a new computer to an Active Directory domain can be a disruptive process, particularly if that computer is part of a large, high-speed deployment. Djoin.exe is a command line tool that permits the joining of a Windows 7 or Server 2008 R2 computer to Active Dir...
A feature common to IPSec Virtual Private Network implementations throughout the Cisco product line is Perfect Forward Secrecy (PFS). This optional additional component is now a default supplied configuration setting with the Adaptive Security Device Manager (ASDM) I...
As any network administrator will tell you, the ASA Security appliance (as well as its forerunner, the PIX) are capable of generating massive amounts of log messages, especially when the firewall/security appliance is set to log messages at debug level to the syslog...
As is sometimes the case, the idea for this article originated with a student question I received during one of the Securing Networks with ASA Fundamentals classes I have taught this summer. The course material mentions a simple scenario whereby IP Telephony traffic...
No matter which IT field you're working in, there are several skills that are useful for every IT professional to know. Here, seven experienced IT professionals working in the networking, programming, project management, and security fields, share what they believe a...
As is frequently the case these days, I get a brainstorm for an article during a Cisco Security training class I conduct. This summer I taught the Securing Networks with ASA Fundamentals class, which concentrates heavily on the Adaptive Security Device Manager (ASDM)...
When the hostname.domainname associated with my Small Office Home Office (SOHO) failed to update after a power outage, and a new DHCP-assigned external address was assigned to my router, I was reminded of the need for Dynamic DNS. This article will explore the implem...
Dcdiag is an often overlooked tool that can discover problems in a domain controller’s configuration. If client computers can't locate a domain controller or if domain controllers can't replicate Active Directory, you can run tests with Dcdiag to look for a solution.
Interior Gateway Routing Protocol (IGRP) was a Cisco-proprietary Distance-Vector (D-V) classful routing protocol - basically an improved version of RIPv1. Like other D-V protocols, each IGRP router periodically flooded its routing table, but it differed from RIP in two ways. First, RIP’s advertisement interval was thirty seconds but IGRP’s was ninety seconds, which allowed IGRP to scale to larger networks than RIP. Second, RIP used a simple hop count metric, but IGRP’s more sophisticated metric was based on minimum path bandwidth and total path delay, with options to include link reliability and interface loading.
One command that had a fairly long history first with the PIX Firewall and now the ASA is the shun command. In this post we’ll examine this command’s history, why it’s useful, and its new-found resurgence in threat detection implementation.
I attended a meeting this week with a customer of mine and a potential new vendor. The new vendor was there to pitch his configuration and setup service offerings for a specific ITSM toolset. My customer has already had one bad experience with an ITSM tool configuration vendor who promised one thing and delivered much less. He ended up with a tool that’s minimally used and not configured to match his business needs. He’s looking for a vendor that can understand his business needs and priorities and quickly help him get his tool configured and working in a short time frame. Then the topic of standard changes came up. My customer asked for examples of standard changes. The vendor responded, “Server reboots are an example of standard changes.”
This week’s post highlights some of the features and implementation specifics regarding the Datagram Transport Layer Service (DTLS) protocol used in Virtual Private Networks with the Cisco AnyConnect® SSL client. I’ll provide some background as well as some screenshots and supported CLI commands.
In the fourth of his five-part series, Eric Strause explores the hardware and application benefits inherent in a cloud-based architecture.
According to the OSI layer concept, routing, or best path selection, takes place on Layer 3 and is based on the logical address. In this post, we want to discuss some of the points in that statement.
According to the OSI layer concept, routing, or best path selection, takes place on Layer 3 and is based on the logical address. In this post, we want to discuss some of the points in that statement.
An attacker needs to destroy evidence of his presence and activities for several reasons like being able to maintain access and evade detection (and the resulting punishment). Erasing evidence of a compromise is a requirement for any attacker who wants to remain obscure and evade trace back. This usually starts with erasing the contaminated logins and any possible error messages that may have been generated from the attack process.
Relational databases are important not only because of the information they store but, more importantly, for the data we retrieve from them. The select statement allows us to ask the database a question. It’s the way we retrieve information from the database system.
The Global Site Selector (GSS) leverages the Domain Name System (DNS) to provide clients with reliable and efficient content services. Domain to IP address mapping is performed with consideration for availability, location, and load of content servers. Using the GSS in combination with Cisco’s Content Services Switch (CSS), Cisco’s Catalyst 6000 Content Switching Module (CSM), or Cisco’s Application Control Engine (ACE) allows users to create Global Server Load Balancing (GSLB) networks.
Although the GSS can be configured to be authoritative for an entire domain, e.g. cisco.com (option 1), the GSS is designed to be integrated into an existing traditional BIND-based or any DNS system. The GSS operates as an A-record DNS server for Hosted Domains (HD) for which it has been delegated authority from a higher-level name server, which generally would be a name server (NS) controlled by an Enterprise or ISP. In addition to A-record support, the GSS is able to proxy for other query types using NS Forwarding and a back-end name server such as BIND.
In this post I’ll focus on a topic that’s mentioned in the Cisco FIREWALL training class but isn’t emphasized there or in the online Cisco ASA documentation. When configuring failover on a pair of ASA security appliances, a situation can arise in which network disruption occurs due to the secondary ASA in a failover pair becoming active first and then the primary comes online second. Both the documentation and the courseware point out that this causes the secondary (and active ASA) to swap its interface MAC addresses with those of the primary. Being naturally skeptical about this behavior, I decided to investigate. The rest of this post illustrates my confirmation of this phenomenon.
The official Cisco CCNP Security FIREWALL training course (as well as other documentation) recommends enabling the inspection of the Internet Control Message Protocol (ICMP), even though it’s disabled by default. The image below displays the recommended practice as configured in ASDM, but the curious student might wonder what the unchecked “ICMP Error” box is. That’s what I’ll focus on in this post.
As long as I've been involved in service management, one of the perennial debates that's really never been resolved focuses around how many discrete processes ITIL describes. No such single list exists in the ITIL core books. However, section 4.1 of each of the ITIL 2011 core books shows the processes described within that specific book. When we deliver accredited ITIL training, if it is describe in section 4.1 of any of the ITIL core books, then it is considered a "process".
As many of you work on integrating Avaya Aura System and Session Manager into your networks, the case for troubleshooting will indeed occur. There are built in tests in the System Manager that allow you to run tests on 14 different areas, including Session Manager. But what do you do with the results when you get them? I am going to outline six of the most common problems and solutions when installing and implementing System and Session Manager and what steps you can take to troubleshoot and correct the problem.
For us wireless folks that aren’t stellar routing and switching guys, one of the most daunting network tasks is integrating our WLAN infrastructure with the existing wired infrastructure and its services. Understanding wired design topics is pretty fundamental to installing or managing any network, so it really should be on our priority list to spruce up those skills. To give you a nudge on your journey, let’s talk about DHCP for wireless clients.
The Cisco UCS is truly a “unified” architecture that integrates three major datacenter technologies into a single, coherent system: Computing Network Storage Instead of being simply the next generation of blade servers, the Cisco UCS is an innovative architecture designed from scratch to be highly scalable, efficient, and powerful with one-third less infrastructure than traditional blade servers.
Previously, I talked about the logical and physical steps to building a basic certification lab, concentrating mostly on the CCENT/CCNA Routing and Switching level. Once you have that set of certifications under your belt, there are several options for specialization. Each of these advanced technology tracks serve as methods of enhancing your professional skill set as follows:
Anyone who’s managed switches over the years knows that the Spanning-tree protocol (STP) is both the best and worst thing to ever happen to the data center at layer 2 of the OSI model. On the plus side, the Spanning-tree protocol is what first allowed us to create redundant paths within our switching infrastructure, making our data center much more resilient to outages than ever before. Anyone who’s experienced a “broadcast storm” knows the full value of Spanning-tree in the traditional switching environment. We’ve also seen many improvements in Spanning-tree over the years to make it work faster and more efficiently (i.e. Rapid Spanning-tree, Bridge Assurance, and many others).
Configuring a wireless lab for study and testing capabilities is a bit more involved than you might think at first glance. Most of the requirements take place on the management devices, but the underlying switch infrastructure requires some preparations as well. The tasks involved are as follows:
Good question! There are lots of networks, so I’m sorry to say that it depends. Let me explain. The smallest computer-based networks are usually PANs or Personal Area Networks. They can connect a wireless keyboard, mouse, or other devices to a computer. You may find them wirelessly linking a printer to your computer. You may have noticed these all include wireless connections. A PAN most often uses wireless technologies like infrared and Bluetooth, so it is really a WPAN (Wireless Personal Area Network).
In my last post I discussed aspects of problem management in the context of a real-life situation regarding the first vehicle I owned. In that scenario, and throughout this series of posts, I’ve demonstrated a real-life situation from a standpoint of the incident and problem management processes that ITIL describes.
In the previous post, we discussed the need for VXLAN in the cloud along with the issues it solves. In this post, we will focus more on how VXLAN works.
The term "life cycle" implies two things: that a process is perpetual and that the sequence of events is obligatory or uni-directional. There is no beginning or end to a life cycle and the sequence of events cannot change. A seed cannot go directly to being a mature plant nor revert back to the blossom stage.
XenApp 6.5 brings a host of features and benefits that most companies will need as the technology continues to evolve and user requirements continue to expand.
During a recent ITIL foundation class, a student asked an interesting question. She wanted to know: “What is the difference between a project and a service?” To be honest, I haven’t spent much time thinking about this distinction. However, I think that those of us who practice ITIL consulting and training should have good answers to questions such as this. Here’s how I answered this question.
What's the correct sequence of activities for handling an incident? Find out why categorization occurs before initial diagnosis in the ITIL incident management process flow so you can answer this common ITIL Foundation exam question.
None of us have much time to waste, so what can you do when your environment changes quickly and you need to come up to speed on a device that you have never seen before? You find the quickest way to bring yourself up to speed. Some of you will have experience with other vendors’ equipment, and some of you will not have much experience at all; therefore, we will focus on topics that will get your feet wet the quickest and have you talking Junos in no time.
Both technologies, Ethernet and FC, satisfied the two conditions at that time, but there was a catch. Read more.
“Twisted Pair” is another way to identify a network cabling solution that’s also called Unshielded Twisted Pair (UTP) and was invented by Alexander Graham Bell in 1881. Indoor business telephone applications use them in 25-pair bundles. In homes, they were down to four wires, but in networking we use them in 8-wire cables. By twisting the pairs at different rates (twists per foot), cable manufacturers can reduce the electromagnetic pulses coming from the cable while improving the cable’s ability to reject common electronic noise from the environment.
As mentioned in last week’s post, interviews that require ITIL Intermediate level knowledge will most likely be targeted to specific process areas and activities. If I interviewed someone for a job that required ITIL Intermediate level knowledge, in addition to other questions about the specific technical responsibilities of the job, I might ask the following questions:
This week we'll review the IPv4 Address Classes including subnet masks, examples of Class C, Class B, and Class A subnet masks, and planning IPv4 addresses.
Previously I discussed service providers and their risks in the example of my involvement with a landscaping company. ITIL clearly states that services, “…deliver value to customers by facilitating outcomes customers want to achieve…” However, sometimes organizations and people focus on outputs as opposed to outcomes, which sacrifices some of the value of the service. This leads to a question, what is the difference between an outcome and an output?
Lessons learned is a theory, or conclusion, based on evidence at a given time and describes what went wrong (as well as what went right) throughout the lifecycle of a project. Although it’s completed during the project closeout process, it should occur during the entire project lifecycle to ensure all information is captured and documented. Consequences of not having a project review of lessons learned are the increased likelihood of repeating actions that might have caused:
In the last two posts I discussed aspects of services in the context of some landscaping work that I’m having done. This is clearly what many people would call a “non-IT example.” I often use similar examples in my classes. However, I might initially describe an example that seems unrelated to IT, but will conclude with a challenge to students. That challenge is, “identify the IT in this example.” The truth of the matter is that most businesses these days are underpinned by some form of information technology. In fact, technology has become so ingrained into everyday services that often even the service providers themselves don’t realize how technology supports their business.
The most obvious difference is that hubs operate at Layer 1 of the OSI model while bridges and switches work with MAC addresses at Layer 2 of the OSI model. Hubs are really just multi-port repeaters. They ignore the content of an Ethernet frame and simply resend every frame they receive out every interface on the hub. The challenge is that the Ethernet frames will show up at every device attached to a hub instead of just the intended destination (a security gap), and inbound frames often collide with outbound frames (a performance issue).