Back in January 2010, I created a list of goals to achieve before 2011. We’re half way through year and its about time to review those goals. At this point I would take a look at the list:

• CCNA Certified
• Project Oriented
• Microsoft Server Expert
• GTD Evangelist

The items crossed off above mean I have completed those goals. So the next steps include reviewing how I completed my goals, add new goals, remove goals or modify my goals.

Review

CCNA Certified

It took me at least a year to complete this goal. I’ve been working on it since the summer of 2009. Studying for the CCNA certification was usually on and off at times but realized that it takes time and dedication to know the material. Mind you, I have the equipment at my workplace and occasionally work within Cisco gear but to actually know the test material is a different story.

What I should have done differently was set a goal date and work towards completing my studies by that date. I always moved it around which resulted in me acquiring my certification a year later. Secondly, study when there are no other distractions around and be sure to practice on either virtual or physical labs.

Project Oriented

I’ve began using Microsoft Project 2010 to plan out my projects ahead of time. There’s a statistic somewhere on the interwebz that say 70% of IT projects fail. That’s an alarming statistic and with this economy I cannot afford to have my projects fail near that rate. I subscribe to project management email lists and read a few IT project management websites occasionally.

I am no expert, to say the least, but I have started a new mindset on projects, planning, and implementation. I will continue to grow in this field.

Microsoft Server Expert & GTD Evangelist

If you were to see me on a time line I would be at the Microsoft Server section. Like the CCNA certification, it has been a laborious task to make time for studying. With the juggle of work, personal life and rest it can get difficult. Nevertheless, I will have to implement the GTD (getting things done) Evangelist side of me to knock things out.

So this is where I stand with my IT goals. I will not be adding anything new since I have my own work-related goals to exceed. My fear is running into a state of burnout.

Where do you stand with your goals?

Related posts:

1. 2010 IT Goals and Skills
2. Update to 70-640 Certification
3. How To Install GNS3 in Ubuntu 9.04

I’ve changed my reading material to the Microsoft Press series, Configuring Windows Server 2008 Active Directory Training Kit. I found that the sybox book did not fit in well with my studies so I will be trying this book out. But before studying I have decided to take a break from reading any certification material and relax a bit.

For a good year I’ve been studying for my CCNA certification and have finally passed and my projects at work have started to ramp up.

I will get back to studying this year though and will continue to publish more blog posts here.

Related posts:

1. Update to My Information Technology Goals
2. Training for MCTS 70-640 Certification
3. 2010 IT Goals and Skills

I’ve taken quite an extended break from my last CCNA certification. After much thought, I’ve stepped back and decided to go towards a Microsoft certification. In particular, I will be training myself for the Microsoft MCITP: Enterprise Administrator.

The prerequisites for the MCITP: Enterprise Administrator are 70-640, 70-642, 70-643, 70-647 and either 70-680 or 70-620 or 70-624.

Right now I am starting off with the 70-640. At my organization we already have some Windows Server 2008 machines deployed but I’d like to get an expert grasp with this technology. I’d like to acquire more knowledge in creating solutions and deploying. The maintaining part is natural to me.

The tools I will be using to train myself for the MCTS 70-640:

• Sybex MCTS Windows Server 2008 Active Directory Configuration Study Guide by William Panek and James Chellis

• Various online material from Microsoft and Techexams

• Practice tests from the Sybex book

• Lab environment – physical or virtual

Since I do have a couple years experience working with Windows Server I will be putting myself on a fast track study guide. I plan on finishing the book and labs within 2 months and shortly after completing some practice tests I will take the real certification exam.

The most challenging part of all this will be managing time and resources. With full dedication I have no doubt that I can acquire this new knowledge and become MCTS certified through Microsoft.

Do you have any tips on studying for the MCTS 70-640? I’d love to hear them.

Related posts:

1. Update to 70-640 Certification

After a year of on and off again studying of Cisco’s CCNA I can finally say that I am CCNA certified. It’s not an easy exam to pass. The CCNA exam is a lot harder compared to the Network+, which was my last certification. The format between the Comptia and Cisco exams are definitely different. The CCNA requires a lot more studying and with experience it may be a lot easier.

Hands on experience is a plus with the CCNA. Physical routers and switches are a big advantage for doing labs while doing theory. If purchasing hardware is out of the question there is Packet Tracer which you receive complimentary if you’re part of the Cisco Academy. I’ve played around with Packet Tracer and it will help you get a lot closer to passing the CCNA exam.

Another application very useful and very popular is GNS3. With GNS3 you have the flexibility of creating various network topologies. The downside to using GNS3 is that you need to supply your own IOS images which can be found on Cisco.com.

After thinking about my CCNA journey I felt that I did not do enough lab work. I recommend getting as much lab work as possible before taking the CCNA exam. It will help you memorize the commands needed to answer exam questions. If you have commands burned into your brain then you will not waste any time guessing and using the “?”.

For a long time I wasn’t studying properly. I would just read without taking any notes or review. Now what I do is write down any important topics worth memorizing for the test and for the real world. Afterwards I review my notes and make sure I memorize commands and other important items pertaining to each technology.

Along with reading Wendell Odom’s ICND1 and ICND2 books I watched videos from Trainsignal. Computer based training alongside good theory and labs will help you pass the CCNA exam.

Related posts:

1. How To Study For the CCNA Exam
2. CCNA ICND1 Test is Scheduled!
3. I Successfully Passed the Cisco ICND1 Exam!

If you’re looking for a community to discuss networking topics such as Cisco, certifications, Microsoft certifications, etc. then these two forums will be a great resource for you:

• Sadikhov
• Networking-forum

No related posts.

In the past I’ve focused on To Do lists and they never really pan out well for me. This year will be a little different. The To Do list will still be there but it will reflect my “To Be” list. I recently attended an inspirational talk and he got me thinking about focusing on what you want to be.

When you focus in that aspect it will eventually define what you need to do to get there. So what I’ve done is listed here what I want to be in regards to Information Technology. Of course, what I want to be may change in the future but this is what I want to be at the moment.

What I want to be will define what I want to do which will in the end help me achieve my goals (of what I want to be). I’m looking at the end result here and working backwards.

CCNA Certified. I’ve worked my way to earn my Network+ and now I’m about have way to obtaining my CCNA Certification. So far I’ve been lagging a bit but my test date for ICND2 is on February 5th so I’m pushing it! Reading both ICND1 and ICND2 books has allowed me to extend my knowledge in the networking field and will allow me to grow as an individual in IT. I look forward to passing that certification and continue working on Cisco gear.

Project oriented. Being in IT means there will be projects to accomplish. There has to be an efficient process to get things done and being project oriented will get me in that direction. As of now I do not have a solid plan or structure for any projects.

A Microsoft Server expert. I work in a Microsoft shop. Most of our servers are driven by Microsoft so it only makes sense to become an absolute expert in this field. I’ve been influenced by one of our vendors who constantly amazes me with his in-depth knowledge of Active Directory. That is where I want to be. I want to know the ins and outs.
An efficient reader. There’s a lot to read and learn to become an expert in my field. To get there I’ll have to learn how to read quickly with efficiency. No one likes to spend their time reading so I’ll have to maximize my time and teach myself how to read faster while still retaining information.

A GTD evangelist. I’ll admit that I’m on the procrastinator side but I’m learning to overcome that. I’ve been given the book, Getting Things Done by David Allen. I hope to achieve what he has and work on becoming an advocate for getting things done. It would sure make my life much more easier!

What do you want to be?

Related posts:

1. Update to My Information Technology Goals
2. How To Install GNS3 in Ubuntu 9.04
3. I Successfully Passed the Cisco ICND1 Exam!

When configuring VLANs on a layer 3 Cisco switch we often tend to segment our network by grouping devices in certain VLANs for security/departmental/geographical purposes.

Enabling inter-VLAN routing allows all the devices on different VLANs to communicate with each other.

If you’ve placed DHCP devices on a VLAN separate from the DHCP server you’ll notice that those devices will not receive an IP address.

For example, your DHCP server is on VLAN 2 and your users are on VLAN 3. To allow your users’ computers to acquire an IP address from the DHCP server on VLAN 2 you’ll have to configure the ip helper-address command on VLAN 3:

Enter VLAN 3 interface configuration

conf t
int vlan 3

configure the ip helper-address command to point to your DHCP server

ip helper-address 192.168.1.5
exit

When the DHCP devices on VLAN 3 send a broadcast over the network for DHCP, VLAN 3 will forward this request to 192.168.1.5. Be sure to replace 192.168.1.5 with your own DHCP server.

Related posts:

1. How To Configure a Router-on-a-Stick
2. 5 Easy Steps to Securing Your Cisco Switch or Router
3. Virtual LANs Notes

Here’s a great tip for newbie Systems Administrators:

Check regularly for updated drivers and firmware

You’ll never know when things start breaking on you.

No related posts.

Virtual LAN Concepts

All LAN devices are in the same broadcast domain.

Common reasons to use vlans:

• flexible designs by departments or groups instead of by location
• reduce overhead to each host in a vlan by segmenting
• reduce workload of STP by limiting a vlan to a single access switch
• enforce better security
• separate traffic sent from an IP phone

Trunking with ISL and 802.1Q

VLAN trunking is used on segments to share VLAN information between multiple connected switches.

Two types of trunking protocols:

• ISL (Inter-Switch Link)
• 802.1Q

ISL

Inter-switch link. Cisco proprietary
Only used between Cisco switches
Encapsulates original ethernet frame in an ISL header and trailer
Supports normal & extended vlan range
Allows multiple spanning trees
Doesnt use native vlan

802.1Q

IEEE Standard
Inserts extra 4-byte VLAN header into original Ethernet frame
Supports normal & extended vlan range
Allows multiple spanning trees
Uses native vlan

VLAN Trunking Protocol (VTP)

Cisco proprietary way of sharing vlan information with other cisco switches.

There are three VTP modes:

• Server
• Client
• Transparent

To disable VTP put switch in transparent mode.

VTP Server has the capabilities of creating new vlans & the vtp server distributes that information over ISL or 802.1Q trunks.

Updates are based on revision numbers and are incremented by 1.

VTP clients simply receive and forward VTP messages and update the local vlan.dat to a newer revision, if available.

VTP servers & clients send VTP messages every 5 minutes

VTP Transparent switches don’t update their vlan configuration but they do forward along VTP messages to other switches (done with VTP version 2)

Three requirements for VTP to work between two switches:

1. Link between switches must be operating as a trunk, either ISL or 802.1Q
2. Both switches must have matching, case-sensitive, VTP domain name
3. Switches VTP, case-sensitive, passwords must match

VLAN information is stored in the vlan.dat database.
To delete the contents use command:

delete flash:vlan.dat

VTP Pruning

Allows VTP to dynamically determine which switches don’t need frames from certain vlans.

VTP prunes vlans from the appropriate trunks.

VTP pruning increases the available bandwidth in a network.

VLAN & VLAN Trunking Configuration & Verification

Configuring a VLAN Trunk

switchport trunk encapsulation {dot1q | isl | negotiate} an interface subcommand

Administrative mode refers to the configuration setting on an interface which means “what is configured”

Operational mode refers to what is currently happening on the switch.

Trunking Administrative Modes

• access – prevents trunking and puts interface as always nontrunk
• trunk – always uses trunking
• dynamic desirable – initiates negotiation of deciding to start using trunking and defines the encapsulation
• dynamic auto – waits for the negotiation of trunking

Reasons why a switch could prevent a particular vlan from crossing a trunk:

• vlan was removed from the trunk’s allowed vlan list
• the vlan doesn’t exist or it is inactive
• the vlan was pruned
• STP placed the trunk interface into a state other than forwarding

VTP Configuration & Verification

Configuring VTP

vtp mode {server | client}
vtp domain domain-name
vtp password password (optional)
vtp pruning (optional)
vtp version 2 (optional)

Where VTP Clients and Servers Store VLAN Related Configuration

Troubleshooting VTP

Step 1: Confirm switch names, tpology and vtp modes

Step 2: Use show vlan command on two sets of neighboring switches and see if the vlan database differs

Step 3: On differing databases, verify the following:

Related posts:

1. How To Configure a Router-on-a-Stick
2. 5 Easy Steps to Securing Your Cisco Switch or Router
3. User VLAN Do Not Acquire DHCP Address

Every network administrator should know how to secure their network so that they lessen the encounter of malicious activity. Sometimes it really just comes down to following some best practices in securing a Cisco switch or router. Here are 5 easy steps to secure your Cisco switch or router.

enable secret

When you use the command,

show run

do you see your passwords in plain text? That’s a no-no. Use

enable secret your-password

to encrypt it to keep nosy people from seeing your password and entering your switch or router. Enable secret will encrypt your password – AWAY WITH PLAIN TEXT.

encrypt plain text passwords

If you’ve moved over to encrypted passwords and noticed that your existing passwords are still in plain text then run the global configuration command:

service password-encryption

to encrypt all your passwords.

secure console access

Physical security should be your first line of defense. But what if you have shotty physical security? Then use console security to stop curious users from connecting to your console port:

conf t
  line con 0
  login
  password your-password

Be aware that this does not protect your Cisco device from the password recovery procedure. This is why physical security is important!

secure remote access

What protocol are you using to remote into your Cisco switches and routers for management? If you said Telnet, shame on you! Telnet does not encrypt any traffic between you and your Cisco devices. Everything you type is in cleartext. The best alternative is to use SSH. All traffic between you and your Cisco switch or router will be encrypted.

conf t
 line vty 0 4
 login local
 transport input ssh
username user password user-password
ip domain-name domain
crypto key generate rsa

The above commands will allow only SSH traffic to your Cisco switch or router and will prompt for a username and password, in which the user account should be on the switch.

parking lot or shutdown the interface

Organize your network with the use of virtual local area networks (vlans). Put accounting on their own vlan, HR on their own vlan, IT on their own vlan. Not only is it good to segment these departments, you can also create a parking lot vlan. A parking lot vlan is where you can put all unused interfaces. So if a malicious user wanted to connect to your network via an open port from the wall, they wouldn’t be able to connect to anything because that unused port would be put on a vlan that is not being used.

conf t
 vlan 3
 name parking-lot
int fa0/15
 switchport mode access
 switchport access vlan 3

A better solution would be to shutdown an unused interface. When an interface is shut down that means it cannot be used until you use the no shutdown command to bring the interface back up.

conf t
 int fa0/15
 shutdown

To bring it back to a working interface:

conf t
 int fa0/15
 no shut

And those are my 5 easy steps to securing your Cisco switch or router. There are other advanced ways but if you’re new to Cisco then the above steps will be better than having a non-secured network. If you have any questions or feedback please comment below!

Related posts:

1. How To Configure a Router-on-a-Stick
2. User VLAN Do Not Acquire DHCP Address
3. Virtual LANs Notes