Resource Library

Despite advances in security, hackers continue to break through network defenses. In this hour-long webinar, network security specialist Catherine Paquet will examine the favorite methods and targets of hackers and will introduce you to the different categories of security technologies. In this foundational presentation, you will learn about the benefits of security solutions such as firewalls, VPNs, IPS, identity services and BYOD.

Security attacks have become more advanced; therefore, security solutions have needed to evolve to deal with those threats. Cisco's acquisition of Sourcefire brings a new paradigm to the security landscape. No longer is security a one-time, instantaneous event. Security now is threat based, network cognizant, and continuous. All organizations, public and private, need to be aware not only of the constantly changing threat environment, but must be prepared to respond in kind.

Cisco Collaboration Systems Release (CSR) 10.6, along with CUCM 10.5(2), enhances the user and administrator experiences and interactions. In many cases, a change to one product may necessitate changes to other products. For example, where the deployment options for video conference control changed to place all control behind the Telepresence Conductor, Cisco Prime Collaboration management tools had to be updated to reflect this new deployment approach. As new endpoints are added, CUCM and Prime Collaboration both needed to be updated to reflect the new endpoints.

When properly utilized, VLANs and trunks provide flexibility, stability and ease of troubleshooting. This paper provides technical details about VLANs and trunks, along with design options at a basic to intermediate level. Recommendations and commands are included throughout.

On February 17, 2015, Cisco announced changes to the existing voice and video certifications and detailed the new collaboration certification portfolio. This white paper provides an overview of the changes to Cisco certifications with respect to voice and video, outlining dates, and deadlines that may affect your certification process.

Switches play a vital role in moving data from one device to another. Specifically, switches greatly improve network performance, compared to hubs, by providing dedicated bandwidth to each end device, supporting full-duplex connectivity, utilizing the MAC address table to make forwarding decisions, and utilizing ASICs and CAM tables to increase the rate at which frames can be processed.

AWS is an incredibly rich ecosystem of services and tools, some of which have security aspects baked in (like S3 SSE), and others that provide overarching security capabilities (like IAM and VPC) that apply to many services. With regard to data storage, operating system, and applications, security functions largely the same in the cloud or on-premises software. Customers can and should continue to follow best practices that have served them well in their own data centers.

This paper explains uplink strategies for traffic coming in and out of a Cisco Unified Computing Solution (UCS) chassis. An uplink can be Ethernet, Fibre Channel, or FCoE and is a physical connection on the FI that leaves the UCS domain directed away from the B Chassis.

This paper covers the configuration of IP Multicast with Multiprotocol Label Switching (MPLS) including the basics of Multicast with the Group Encrypted Transport VPN (GETVPN).

A Dynamic Multipoint Virtual Private Network (DMVPN) can be used with other networks like Multiprotocol Label Switching (MPLS), but streaming multicast is accomplished quite well using "Default" and "Data" Multicast Distribution Trees (MDTs) with MPLS.

Cisco Unified Computing Solution (UCS) is a very popular and powerful solution. Cisco continues to provide updated UCS management options for the full range of data center installations.

The first big push toward implementation of IPv6 was mobile devices. Now, one of the driving forces is the Internet of Things. As the name implies, this means everything, including machine to machine communication (M2M).

Like it or not, Internet of Things (IoT) is upon us. There are a number of factors that will impact its adoption rate, and the inevitable privacy (or lack of) discussions will likely happen sooner than later. This is going to change the world as we know it, in many cases for the better. But we will need to keep an eye on the extent to which it invades our personal lives if it is going to be the positive force it has the potential to be.

While there are differences between the IP Multicast configuration in the IOS and the Nexus OS, the Protocol Independent Multicast (PIM) protocol remains fundamentally the same. If you feel comfortable configuring Multicast in the IOS, you should be able to acclimate fairly easily to the changes in the Nexus OS.

Multicast Sparse Mode and its derivatives are supported in the Nexus OS. This white paper explains how it has been implemented in the Nexus platform to provide optimum performance in both virtual PortChannel and FabricPath environments.

Discover how the enhanced performance and reliability of Amazon Aurora will help AWS customers reduce performance bottlenecks in their applications. The relatively low cost of Aurora will tempt many customers to migrate workloads to this implementation of RDS.

Now that we are moving towards IPv6, the logical move would be to also run OSPF for that protocol suite, which makes sense and reduces the learning curve for implementation and support. But, that would mean that you have to run two OSPF processes — one for IPv4 unicast and one for IPv6 unicast. That means two sets of policies have to be applied, including security for OSPF itself. Running OSPFv3 for both IPv4 and IPv6 reduces the number routing protocols and the configuration that goes with that. It makes it easier to implement policy in a consistent way for both protocol suites.

What is PBR? Policy-Based Routin (PBR) is the process of using a route map to match on something more than the destination and then defining the path out of the router based on those conditions. PBR could match on destination only, but typically we would match on more. PBR is considered to be an exception to the RIB and is looked at before examining the RIB.

Amazon Redshift opens up enterprise data warehouse (EDW) capabilities to even the smallest of businesses, yet its costs, security, and flexibility also make it appealing to the largest of enterprises. It allows companies to easily and conveniently scale their EDW needs both up and down, and as a managed service, it allows your team to offload all of the "undifferentiated heavy lifting" of building and maintaining an EDW. Its raw storage costs are about one-fifth to one-tenth of traditional in-house EDW, and AWS has taken great care to ensure its performance is still competitive with those in-house solutions. Before deciding to use Amazon Redshift, however, it's important to understand what it is and is not.

This white paper explores the native AWS storage solutions, enabling you to deliver applications in the cloud in the most efficient, cost-effective, and secure manner. In terms of storage, it's important to understand the characteristics of each AWS storage option so that you can implement one or more AWS storage services to meet your needs. Often, you'll find that utilizing multiple storage options together will give you the best outcomes.

Cisco provides a wide array of connectivity and isolation tools within the datacenter. This white paper addresses Virtual Routing and Forwarding (VRF), which is a Layer 3 isolation mechanism for routing protocols.

As I’ve stated before, I like Border Gateway Protocol (BGP). I think it’s an interesting protocol, and yes — it’s complicated, but I guess that part of why I like it. There are a lot of knobs to tweak in BGP, maybe too many, but that’s another post. Anyway, we are now running BGP version 4 and it has had extensions written that support more than just IPv4 unicast routing. We now have IPv4 multicast, IPv6 unicast and multicast, VPNv4, VPNv6, and a few others.

Where should you apply the CSS, and why are there two places to apply it? One approach is to pick one of the parameters and apply the permissions there. Quite often, an administrator will pick the phone-level CSS and configure it there so that it applies to all calls made from all lines. The goal is to specify what partitions are allowed to be called. 

For smaller companies, configuring a dial plan to account for variations in dialed numbers is often not a problem. However, companies that are larger and more global in nature encounter a number of issues when designing their dial plan approach.

Border Gateway Protocol (BGP) is a fascinating protocol because there are a lot of things that can be done with BGP. However, there has always been an issue with BGP, which is convergence (the time the network or protocol takes to accept change). BGP was designed for scale, not speed, so it’s something that we’ve had to tolerate from its inception.

License provisioning has always been a bit of a challenge in the CUCM environment. Prior to CUCM v9.0, licensing was managed on a per-cluster basis with each cluster requiring its own license files that were tied to the media access control (MAC) address of the cluster’s publisher. This approach to license management was limiting in the fact that one cluster might have unused licenses while another cluster may be at its limit and sharing between clusters was not possible.

Occasionally I am asked to configure the ability to block calls based on Caller ID. Prior to Cisco Unified Communications Manager (CUCM) v8, the only way to block these calls was to configure voice translation rules and profiles on the gateway receiving the calls. This has changed in CUCM v8 with the introduction of an additional parameter in translation patterns: Route Next Hop By Calling Party Number.

Moving data from one networked device to another requires several different functions. Each function has its own protocol or protocols that define how it is accomplished. Also, the process of delivering data from one device to another can vary. The main factor in data delivery is determining whether the two devices are directly connected or remotely connected.

Moving data from one networked device to another requires several different functions. Each function has its own protocol or protocols that define how it is accomplished. Also, the process of delivering data from one device to another can vary. The main factor in data delivery is determining whether the two devices are directly connected or remotely connected.

While most organizations have not yet fully (or in many cases even partially) adopted cloud computing, the trend is growing in all but the smallest businesses.

The process of learning how to subnet IP addresses begins with understanding binary numbers and decimal conversions along with the basic structure of IPv4 addresses. This paper focuses on the mathematics of binary numbering and IP address structure.

While the Internet uses IP addresses assigned by an Internet authority such as the American Registry for Internet Numbers (ARIN), there are too few of these numbers to uniquely identify the millions of computers and computing devices in the world. Therefore, most enterprises use private addresses which allow them to identify the aforementioned computers. Of course, these IP numbers cannot be allowed on the Internet because all private networks use the same ones so there would be vast overlapping of addresses, and the addresses are not compliant anyway. Therefore, it is necessary to change the identity of a private host to a legal public host. This process is called Network Address Translation (NAT) and may be implemented on Cisco firewall products and Cisco routers. The firewall device(s) at the Internet demarcation point is by far the more popular way to implement NAT, but routers are used in small offices or small-to-medium-sized networks in which a separate firewalling solution is not possible or affordable. The focus of this paper is on the router-based NAT solution.

Spanning Tree Protocol (STP) is dead, or at least it should be. It’s too slow to converge when there’s a change, and it causes issues with performance because there is only one forwarding path. It was developed in 1985 by Radia Perlman at Digital Equipment Corporation to allow for redundant paths within a Layer 2 topology, which was great in 1985. In fact, it was huge! So much so, that it was later standardized by the IEEE as 802.1D, and we’ve been living with it ever since.

Cisco Access Control Lists (ACLs) are used in nearly all product lines for several purposes, including filtering packets (data traffic) as it crosses from an inbound port to an outbound port on a router or switch, defining classes of traffic, and restricting access to devices or services. Knowing how to design, configure, and troubleshoot ACLs is required for all network engineers working within a Cisco network.

RTMT provides a set of canned views of both system resources and application counters that provide you with a snapshot of your environment right out of the box. Read on to learn how you can make RTMT even more helpful by customizing it to show you different views of your resources and CUCM environment.

In the spring of 2013, Cisco announced major updates to their Cisco Certified Network Associate (CCNA) curricula, including a new version of the CCNA Routing and Switching exam (200-120 CCNA). This paper provides a review of the CCNA Routing and Switching exam's critical concepts, as an aid to students preparing to pass the latest version of the CCNA Routing and Switching exam.

Many companies are already using VoIP while incorporating video capabilities into their portfolio of services. One question that I am often asked is, “How can we ensure that the voice and video quality is good and consistent when using VoIP?”

In this video, Practice Leader Craig Brown discusses how Microsoft Lync can function in enterprise environments to streamline communication and increase productivity.

If you’re in IT, you’ve likely heard the saying, “In technology, the only thing constant is change itself,” and boy is that right! For technical companies, if you are not moving forward, then you’re falling behind. There is no such thing as standing still! A perfect example of this mindset is in Cisco’s evolution of video conferencing and telepresence.

According to Cisco marketing, Dynamic Multipoint VPN (DMVPN) “will lower capital and operation expenses, simplifies branch communications, reduces deployment complexity, and improves business resiliency.” Okay. But what is it, really, and why should we care?

Amazon Web Services: An OverviewThere's a really good chance that Amazon Web Services (AWS) has more than a few products to help you work faster, smarter, and more cost effectively. After all, the depth and breadth of AWS is significant, comprising more than 30 services in dozens of data centers located in nine regions across the globe. They offer computing, storage, networking, deployment, management, and a host of supporting services, such as queues and email services. Getting a clear understanding of what AWS is and how it can help your business can be challenging. Never fear. In this hour-long webinar, Global Knowledge instructor and cloud and big data analyst Rich Morrow will help. He'll give an overview of AWS and its many benefits.

With the advent of video use in our everyday communications, a number of questions commonly surface. One of them is the question of terminology. What's the difference between video conferencing and telepresence? What is meant by immersive technologies? Frankly, there is no one single right answer.

The short answer (and a common one in our industry): it depends. When comparing Cisco IOS with Juniper Junos, the decision to choose one over the other is difficult and often boils down to cost. Of course, there are other factors to consider.

AWS has introduced Auto Scaling so that you can take advantage of cloud computing without having to incur the costs of adding more personnel or building your own software. You can use Auto Scaling to scale for high availability, to meet increasing system demand, or to control costs by eliminating unneeded capacity. You can also use Auto Scaling to quickly deploy software for massive systems, using testable, scriptable processes to minimize risk and cost of deployment.

Instructor Carol Kavalla talks about the advantages of taking a Cisco Data Center Unified Fabric Implementation class from Global Knowledge.

Amazon Web Services (AWS) offers increased agility, developer productivity, pay-as-you-go pricing and overall cost savings. But you might wonder where to start, what pitfalls exist and how can you avoid them? How can you best save time and money? Learn what you need to know and where to start before launching an AWS-hosted service.

Database Management Systems (DBMS) have been monolithic structures with their own dedicated hardware, storage arrays, and consoles. Amazon Web Services (AWS) realized that while each company can use unique methods of collecting and using data, the actual processes of building the management infrastructure are almost always the same. AWS remedies DBMS problems with its Amazon Relational Database Service (Amazon RDS).

In this report, I've reviewed the 15 most popular certifications according to our more than 12,000 North American respondents to our annual IT Skills and Salary Survey. For each certification, you'll find a brief description, the average salary, and some insight into why it is popular.

You know you need to invest in training, but how do you get the best return on investment (ROI) from your training dollars? To help you make smart training decisions, we've put together this guide, which illustrates some alternative and little-known payment options, the types of discounts and promotions available with training and a suggested list of courses that give you excellent value.

Need to control the digits contained in the telephone number that enter or leave a gateway? Digit manipulation involves adding, subtracting, and changing telephone numbers. You can manipulate calling numbers, called numbers, and redirecting numbers, as well as the numbering plan and ISDN number type. Learn about the techniques that are applied to incoming or outgoing calls, or globally to all calls. You can also manipulate telephone numbers before or after a dial peer is matched.

Frequently, questions come up in the Cisco Contact Center Express classes I teach concerning the ability of the system to perform this or that task. In this blog post, I will cover some of the more popular questions I get during class.

Instructor John Harmon explains subnetting using binary numbers and decimal conversions.

Instructor John Harmon continues his explanation of subnetting by showing how subnet masks can be used to sub-divide networks.

In numerous Cisco classes, students learn about IPv4 and IPv6 address subnetting, complex subnetting, variable length subnet masking (VLSM), summarization, prefix routing, and address aggregation. These are valuable skills. In order to apply these skills efficiently, a network designer should possess one additional skill. Planning the IP address space for a Class A or B IPv4 address is necessary to apply the complex skills listed above properly. Complex subnetting, VLSM, and IP address summarization can be implemented simply and efficiently with proper planning.

John Barnes, Global Knowledge's Cisco Course Developer, discusses enhancements to our UCS Troubleshooting Boot Camp and suggestions for students in preparation for this course.

Meet Global Knowledge course director and lab topology architect Joey DeWiele, a specialist in Unified Communications. Joey will walk you through the benefits of our exclusive Cisco UC lab architecture - a more scalable and stable approach to the all-important labs featured in unified communications courses. Our labs feature upgraded hardware and software including Custom Lenovo T61 PCs, 7965 IP Phones, 3560 Switches and Call Manager 7. With our flexible UC architecture, students are able to view and experience the full lab architecture regardless of which Cisco UC course they are taking or the skill set they are seeking. The lab architecture features a realistic network with redundant environments that are made rich with multiple machines, pre-deployed tools with shortcuts, online documentation that is particular to individual pods, and multiple OS support for all virtual machines (Windows, Linux, VMware).

Global Knowledge instructor Doug Notini discusses the benefits of our FIREWALL 2.0 - Deploying Cisco ASA Firewall Solutions course.

Diane Teare, Global Knowledge's Cisco Course Director, discusses the advantages to taking our CCNA Boot Camp.

Global Knowledge Course Director and Lab Topology Architect Joey DeWiele, a specialist in Unified Communications, explains presence.

A video covering our Cisco Unified Communications courses - ACUCW1 & ACUCW2 - by Global Knowledge Course Director and Lab Topology Architect Joey DeWiele, a specialist in Unified Communications.

Global Knowledge Course Director and Lab Topology Architect Joey DeWiele, a specialist in Unified Communications, discusses Cisco Unity, Unity Connection & Unity Express.

Course director Jim Thomas explains how our custom labs, which utilize external hosts, ISR routers, and DMZ, provide a real-world environment for students.

Rodger Foster, our senior Cisco instructor, reviews how multiple gateways are used to provide redundancy in the network.

This is another topic of heated debate, and it changes from network to network, but I found a simple approach that works in most cases. Since I have four queues and four classes of traffic, I need to categorize my important traffic into four classes. Strictly for explanation purposes I took some liberty in defining four categories of traffic that are very effective in both large and small networks. These classes are: Real Time Protocol (RTP), Network Management (NetMgt), Business Critical, and the Default.

That depends on their configurations. For example: While it makes very good sense to include redundant physical links in a network, connecting switches in loops, without taking the appropriate measures, will cause havoc on a network. Without the correct measures, a switch floods broadcast frames out all of its ports, causing serious problems for the network devices. The main problem is a broadcast storm where broadcast frames are flooded through every switch until all available bandwidth is used and all network devices have more inbound frames than they can process.

As we discussed previously, Cisco created the Nexus Operating System (NX-OS) to power its next-generation data-center switching platform. While this new OS shares many similarities to the original IOS, there are some definite differences that you need to be aware of as you begin using it.

The most obvious difference is that hubs operate at Layer 1 of the OSI model while bridges and switches work with MAC addresses at Layer 2 of the OSI model. Hubs are really just multi-port repeaters. They ignore the content of an Ethernet frame and simply resend every frame they receive out every interface on the hub. The challenge is that the Ethernet frames will show up at every device attached to a hub instead of just the intended destination (a security gap), and inbound frames often collide with outbound frames (a performance issue).

Global Knowledge Course Director and Lab Topology Architect Joey DeWiele, a specialist in Unified Communications, explains the difference between Cisco's Call Manager Express & Call Manager.

This week we'll review the IPv4 Address Classes including subnet masks, examples of Class C, Class B, and Class A subnet masks, and planning IPv4 addresses.

Both technologies, Ethernet and FC, satisfied the two conditions at that time, but there was a catch. Read more. 

In the previous post, we discussed the need for VXLAN in the cloud along with the issues it solves. In this post, we will focus more on how VXLAN works.

Global Knowledge Course Director and Lab Topology Architect Joey DeWiele, a specialist in Unified Communications, explains QoS.

Configuring a wireless lab for study and testing capabilities is a bit more involved than you might think at first glance. Most of the requirements take place on the management devices, but the underlying switch infrastructure requires some preparations as well. The tasks involved are as follows:

Anyone who’s managed switches over the years knows that the Spanning-tree protocol (STP) is both the best and worst thing to ever happen to the data center at layer 2 of the OSI model. On the plus side, the Spanning-tree protocol is what first allowed us to create redundant paths within our switching infrastructure, making our data center much more resilient to outages than ever before. Anyone who’s experienced a “broadcast storm” knows the full value of Spanning-tree in the traditional switching environment. We’ve also seen many improvements in Spanning-tree over the years to make it work faster and more efficiently (i.e. Rapid Spanning-tree, Bridge Assurance, and many others).

Previously, I talked about the logical and physical steps to building a basic certification lab, concentrating mostly on the CCENT/CCNA Routing and Switching level. Once you have that set of certifications under your belt, there are several options for specialization. Each of these advanced technology tracks serve as methods of enhancing your professional skill set as follows:

The Cisco UCS is truly a “unified” architecture that integrates three major datacenter technologies into a single, coherent system: Computing Network Storage Instead of being simply the next generation of blade servers, the Cisco UCS is an innova­tive architecture designed from scratch to be highly scalable, efficient, and powerful with one-third less infrastructure than traditional blade servers.

The official Cisco CCNP Security FIREWALL training course (as well as other documentation) recommends enabling the inspection of the Internet Control Message Protocol (ICMP), even though it’s disabled by default. The image below displays the recommended practice as configured in ASDM, but the curious student might wonder what the unchecked “ICMP Error” box is. That’s what I’ll focus on in this post.

In this post I’ll focus on a topic that’s mentioned in the Cisco FIREWALL training class but isn’t emphasized there or in the online Cisco ASA documentation. When configuring failover on a pair of ASA security appliances, a situation can arise in which network disruption occurs due to the secondary ASA in a failover pair becoming active first and then the primary comes online second. Both the documentation and the courseware point out that this causes the secondary (and active ASA) to swap its interface MAC addresses with those of the primary. Being naturally skeptical about this behavior, I decided to investigate. The rest of this post illustrates my confirmation of this phenomenon.

Although the GSS can be configured to be authoritative for an entire domain, e.g. cisco.com (option 1), the GSS is designed to be integrated into an existing traditional BIND-based or any DNS system. The GSS operates as an A-record DNS server for Hosted Domains (HD) for which it has been delegated authority from a higher-level name server, which generally would be a name server (NS) controlled by an Enterprise or ISP. In addition to A-record support, the GSS is able to proxy for other query types using NS Forwarding and a back-end name server such as BIND.

The Global Site Selector (GSS) leverages the Domain Name System (DNS) to provide clients with reliable and efficient content services. Domain to IP address mapping is performed with consideration for availability, location, and load of content servers. Using the GSS in combination with Cisco’s Content Services Switch (CSS), Cisco’s Catalyst 6000 Content Switching Module (CSM), or Cisco’s Application Control Engine (ACE) allows users to create Global Server Load Balancing (GSLB) networks.