I spent sometime this morning playing around with different roles you can assign, similar to the privileged levels that you can assign for specific users in the IOS. I created a role called "simple" that only allowed for looking at the running configuration on the router and that's it. the show parser view shows what role/view you're in. The default "root" view is the only view that allows you to create other views...it's like a riddle I know but it makes sense once you play around with it.
I also learned how you can help prevent DoS attacks on the IOS itself. You can limit the amount of times someone can try to access a Cisco device within a certain time period. If someone attempts to login unsuccessfully within a certain amount of time, the IOS can block out any further attempts within a specified time period. As shown in the picture above, this command is called the login block-for and login quiet-mode.
A personal detailed view of a journey of acquiring IT certifications and career progression.
Sunday, February 20, 2011
Monday, February 7, 2011
Risk Management
Today I read through more of chapter 1, it's one of the longest chapters I've ever read through in an IT book. I'm on page 91 with at least 10-20 more pages to go. I read up about basic risk management and the ways that you can analysis risk within a business. It's all about weighing the benefits between cost and security along with some guess work about if the risk will ever happen i.e. a tsunami hitting the middle of Missouri. I hope to have the rest of the chapter knocked out by tomorrow or Wednesday.
Sunday, February 6, 2011
System Design Life Cycle
This weekend I read through a good portion of Chapter 1 in the Cisco IINS book regarding the System Design Life Cycle (SDLC) and how to create a security policy. I played around with a low-level network scanner tool called Nmap. It's pretty cool, it can scan various things in your network such as UDP/TCP ports and can even graph a simple network topology out of it! I also played around with Cisco's security policy creator template which creates a ready to go security policy with pretty much everything you need. Starting this week I'm going to begin really digging into my studies work and weather permitting. I'm honestly not sure if I'll sit this exam but i do want to up my knowledge on security, even if it's just general knowledge.
Sunday, January 16, 2011
Certification Plans
Well I believe I have my plan laid out regarding which certs I'm going to pursue next. I'm hopping right into the CCNA:Security exam now, security is by far my weakest subject. After Security I'm going to most likely restart my CCNP studies again. I believe I would be doing myself a huge disservice if I didn't establish a solid fundamental understanding regarding IP networking and the protocols that's used to transport it. After that I might back track to CCDA or finally begin the new CCNP: Voice cert. I'm starting to realize in my current environment that troubleshooting and configuring networks is only one half of a solution. Properly designing the network to begin with will make or break a network. With an improperly designed network it can be hard to scale or troubleshoot the simplest of tasks.
Tuesday, January 4, 2011
Officially CCNA: Voice Certified!
Woohoo...I haven't posted in a while but I've been doing some major reviewing along with tearing down and building up my home lab about 5-10 more times over the last 4 weeks. I took my test today and passed with quite a bit or margin compared to my CCNA exam. My worst section was the UC520 platform which I figured, there's just something wrong about trying to learn about information that's nothing more than a sales pitch.
Sunday, December 12, 2010
Cisco Network Assistant
Automatic Topology Creation via CDP |
Configuring Switch Port Settings through 2D GUI |
I went through all the various tabs i could find and I will admit that it's a lot more feature rich than what i expected, especially if you're connecting a a compatible CCA Cisco device to it, such as the UC520. Tomorrow's lab will consist of configuring FXS connectivity using the following lab diagram:
Verifying FXS Connectivity Lab 5-1 |
I will say that the IP Telephony CME Labs are quite handy as it's teaching me different ways to manipulate the CME features in different environments.
Tuesday, December 7, 2010
Be careful of the IP Route command on a Switch Pt. II
As I was making a frozen pizza (don't laugh!) it hit me that I believe the reason I couldn't ping any of the other VLAN's was because the ip route command turned my switch into a L3 capable device. I didn't tell my switch how to get to the other subnets via a static route/dynamic route since it was now basically a router as well. It could reach the router still because it was on the same subnet 10.1.0.0 /24.
I didn't have time to test this theory but I'm 90% positive this was the issue!
I didn't have time to test this theory but I'm 90% positive this was the issue!
Subscribe to:
Posts (Atom)