Month: February 2017

IPv4 Subnetting

by Samuel Mitchell, posted in Uncategorized

While studying for the CCNA exam, at the time I was struggling with subnetting of IPv4 addresses and understanding how they arrive at the answer provided. I can now safely say that I have developed a method to master the subnetting without even working out the binary results.

Here we go:

  1. We need to know the basic/ standard addressing scheme (classful):
    • Class A :                       1 – 126
    • Class B:                        128 – 191
    • Class C:                        192 – 223
    • Class D (multicast):  224 – 239
    • Class E (reserved):    240 – 255
  2.  To be continued…..

Standard configuration of an access layer switch (Cisco)

by Samuel Mitchell, posted in Routing & Switching, Security

Over the years I have developed a number of parameters that needs to be configured on the Cisco switch. See below the features that you should consider to be enable or configured on the switch:

  1. logging synchronous – this feature allows your commands not to be interrupted by syslog messages because it can be annoying when you are typing a command and in the middle of it, you get a syslog message which breaks your command line.
  2. service password-encryption – this feature enables your system password to be encrypted with MD5 hash which is usually stored in the startup or running configuration file as clear text. This helps to add another layer of security for on-lookers. Although the MD5 hash password is easily reversible using google search, alteast it is not easily readable with just a glance. Note: this only encrypts password for the commands enable password, line vty and console passwords. Enable secret uses an irreversible encryption.
  3. enable secret – it is best to use this privilege mode password command than using enable password since it is more secure and the password is encrypted which is irreversible as mentioned in previous point.
  4. vtp mode transparent – although VLAN Trunking Protocol (VTP) is a great way of managing the vlan database for multiples switch, it can pose a problem if anything goes wrong with misconfiguration from any switches that is apart of the VTP domain.  It is also cisco’s best practice to convert all switches to transparent mode and manually manage the vlan  individually on each switches which will leave no room for error. This error can in fact cause a network outage that will take hours to reconfigure depending on the scale of your LAN.
  5. transport input ssh – it is good practice to secure your connection to your switches using ssh as it prevent persons from using tools such as wireshark to get password information for protocol (telnet) which send username and password in clear text. SSH encrypts the username and password in transit from source to device. this feature can be applied at the line vty port.

As I go along, I will update this article to reflect more parameters to configure on a network device for the best performance and security.

Setting up an Cisco Lightweight AP previously configured

by Samuel Mitchell, posted in Wireless

We had a problem at work where we had to change the IP address of the Cisco Wireless controller (WLC) and as a result all the APs were orphans with no way to rejoin the WLC.

In our environment, we did not have the CISCO-WAP-CONTROLLER configured in the DNS server so the APs had no way of getting the new WLC IP address.

I had to connect to each APs via the console port (blue) using a serial cable. When I connected to it, I used the default login of Cisco/Cisco which is factory default configured username and password for any APs that joins an cisco WLC.

When I login and went to the privilege mode using command enable. after you have entered the privilege mode, you can use the following AP commands to manually configure the AP network settings and controller IP address to ensure it rejoins the WLC:

  • AP# capwap ap ip address 192.168.0.5 255.255.255.0
  • AP# capwap ap ip default-gateway 192.168.0.1
  • AP# capwap ap controller ip address 192.168.0.2 255.255.255.0

These commands sets the AP’s IP address manually and the controller ip address that the AP should use to register.

 

 

CCNA Routing & Switching Preparation Tools

by Samuel Mitchell, posted in Routing & Switching

When preparing for my exam, I have used the following resources to get started on my journey to ensure I had allow areas covered:

  1. Exam Blueprint (cisco.com)
  2. CCENT/CCNA ICND1 100-105 Official Cert Guide
  3. CCNA Routing and Switching ICND2 200-105 Official Cert Guide
  4. Cisco Packet Tracer (Network Simulator) or GNS3 for ICND2
  5. Practice Test – (when you purchase the premium ebook, you get the exam engine from pearson it certification or you can use MeasureUp)
  6. Video training (CBTNuggets.com) – they include practice test depending on packager selected.

Mentor Training

by Samuel Mitchell, posted in Routing & Switching

I have started to do mentorship training for the CCNA Routing & Switching certification exam 100-105 and 200-105.
I noticed that when I begin to teach or train others in what I know and understand in the cisco networking skills, I have a better chance of retaining the knowledge of the skills learned and developed over the years when studying for the CCNA exam.

I am now taking thing a step further to develop a blog that will allow me to sharing and impart the know I have about CCNA certification so it can better prepare me for the study of the CCNP R&S exam.

I look forward to sharing my knowledge and you my friends to add and develop on it.