background preloader


Facebook Twitter

Cisco ASA Configuration Cleanup Tool - TunnelsUP. Visio Stencils for 2015. Update 2: Now includes even more VMware NSX shapes!

Visio Stencils for 2015

I can’t believe it has been almost a year since I last posted the VMware vSphere and End User Computing stencil set for Microsoft Visio. After a few instances with broken links this past few weeks I decided the icons and graphics needed an update for 2015 anyway. I’ve now included App Volumes and removed some older graphics, in addition to including many application icons such as Microsoft Office 2013, 2010, Windows 8 and Windows 10. These are not official VMware stencils, but I often use these when putting diagrams or presentations together. You can also copy these from Microsoft Visio to PowerPoint with a simple copy & paste. These are free to use and share so click the Twitter link at the bottom of this post and share with the community!

Download the Stencil Set: VMware EUC and Datacenter 2015 Visio Stencil Set The Legal Bit! This is a collection of publicly available icons taken from the sources listed below, in Microsoft Visio format. Hour 10: Static Route interface vs Next hop vs Both. I’ve been reading on static routes and there seems to be some malpractices and confusion on some of the ways to use them.

Hour 10: Static Route interface vs Next hop vs Both

I will be talking about the pros and the cons of using static routes specifying the interface as next hop vs using the IP address of the next hop vs using both. The first method to define a static route is to specify the interface as next hop. For example: ip route f0/0 Pros: This method will take the the route out of the routing table if the interface status changes to up/down or down/down. Cons: Can cause excessive amount of traffic on the a broadcast network and might eat up the router’s memory. Note: Before IOS release 12.2 static routes pointing to a connected interface had administrative distance of 0.

The second method is to specify an IP address as next hop. Ip route The third method is pointing your static route to a connected interface AND a next-hop IP address. OSI model LAN. VTP Pruning. Introduction As you would be aware a switched network creates one broadcast domain, similar to that of a VLAN powered network where all nodes belonging to the same VLAN are part of the same broadcast domain, receiving all broadcasts sent on their network.

VTP Pruning

The Broadcast And Unicast Problem In VLAN Networks What we are about to see is how these broadcasts can actually create problems by flooding the VLAN network with unnecessary traffic, and depending on your network setup, this can prove to be a huge problem. The reason for this is because the trunk links interconecting your network switches will carry these broadcasts to every switch in the network, regardless of which VLAN the broadcast is intended for. As shown and described, a host connected to a port configured for VLAN 2 on Switch 1 (first switch on the left), generates a network broadcast. In addition, the Catalyst switch will forward the broadcast out its trunk link, so it may reach all ports in the network assigned to VLAN 2. Old CCIE Myths: VTP. Every aspiring CCIE knows this one.

Old CCIE Myths: VTP

VTP has 3 versions, of which one we don’t have available in the lab – version 3. Versions 1 and 2 behave differently when the switch is configured in VTP transparent mode. This blog takes a stab at that established truth. Theory. What are Dynamic ACLs? for ACL. HSRP,VRRP,GLBP Comparison. Secondary IP addresses and HSRP. Enhanced Interior Gateway Routing Protocol. Introduction Enhanced Interior Gateway Routing Protocol (EIGRP) is an interior gateway protocol suited for many different topologies and media.

Enhanced Interior Gateway Routing Protocol

In a well designed network, EIGRP scales well and provides extremely quick convergence times with minimal network traffic. EIGRP Theory of Operation Some of the many advantages of EIGRP are: very low usage of network resources during normal operation; only hello packets are transmitted on a stable network when a change occurs, only routing table changes are propagated, not the entire routing table; this reduces the load the routing protocol itself places on the network rapid convergence times for changes in the network topology (in some situations convergence can be almost instantaneous) EIGRP is an enhanced distance vector protocol, relying on the Diffused Update Algorithm (DUAL) to calculate the shortest path to a destination within a network.

Major Revisions of the Protocol There are two major revisions of EIGRP, versions 0 and 1. Basic Theory. Download Cisco IOS 12.4. ASAv with the License Authority. Smart Software Licensing for the ASAv 9.3(2) and Later Cisco Smart Software Licensing lets you purchase and manage a pool of licenses centrally.

ASAv with the License Authority

Unlike product authorization key (PAK) licenses, smart licenses are not tied to a specific serial number. You can easily deploy or retire ASAvs without having to manage each unit’s license key. Smart Software Licensing also lets you see your license usage and needs at a glance. Supported Licenses This section lists the license entitlements available for the ASAv. ASAv5 and ASAv10 ASAv30. Cisco Hardening. Desde ya hace bastante tiempo que deseo publicar esto... se trata de algunas de las practicas más comunes utilizadas para hacer de tu equipo de redes Cisco un dispositivo más seguro.

Cisco Hardening

Esta claro que las necesidades de seguridad de persona a persona, pero como un muy buen amigo me dijo una vez "la seguridad nunca esta de más". Cisco IOS hardening. Cisco ASA hardening. Cisco-router-hardening-step-by-step. /Cisco/Firewall/ASA/ASDM/7.x/7.4.x. Security Appliance System Log Messages, Version 7.0 - Messages Listed by Severity Level  [Cisco ASA 5500 Series Adaptive Security Appliances. Table Of Contents Messages Listed by Severity Level. PPTP vs L2TP vs OpenVPN vs SSTP vs IKEv2 - With Edward Snowden’s shocking revelations that the NSA has for years been working to crack and subvert VPN encryption technologies, together with the fact that it is becoming increasingly obvious that most such technologies have been developed and certified by the US government’s National Institute of Standards and Technology (NIST) and may therefore be considered suspect, we have decided it is time to revisit and update this popular article.

PPTP vs L2TP vs OpenVPN vs SSTP vs IKEv2 -

We will start with a rundown of the major differences between the different VPN protocols and how they affect you, before looking in more detail at the key concepts involved in cryptography, and how the NSA’s assault on encryption standards affects VPN users. The discussion below is rather technical, and although I have made every effort to make it as approachable as possible, you may prefer to just jump to the end of the article for a quick summary. Pros Client built-in to just about all platformsVery easy to set upFast Cons. L2L-VPN - ikev2 - troubleshooting. I would like to review the commons mistakes in the L2L VPN (ikev2) configuration on IOS routers ans Cisco ASAs. 1) ikev2 pre-share-key mismatch :

L2L-VPN - ikev2 - troubleshooting

Most Common L2L and Remote Access IPsec VPN Troubleshooting Solutions. Introduction This document contains the most common solutions to IPsec VPN problems.

Most Common L2L and Remote Access IPsec VPN Troubleshooting Solutions

These solutions come directly from service requests that the Cisco Technical Support have solved. Many of these solutions can be implemented prior to the in-depth troubleshooting of an IPsec VPN connection. As a result, this document provides a checklist of common procedures to try before you begin to troubleshoot a connection and call Cisco Technical Support. Understanding OSPF Database. Introduction OSPF, being a link-state protocol, allows for every router in the network to know of every link and OSPF speaker in the entire network. From this picture each router independently runs the Shortest Path First (SPF) algorithm to determine the best path through the network.

All of this information is stored in the "Link State Database" (LSDB). Every network engineer has seen the LSDB at some point by running show ip ospf database but few actually know how to read the details. By looking only at the LSDB we should have enough information to draw a topology diagram from scratch. Link State Advertisements OSPF uses "Link State Advertisements" (LSAs) to provide information about links and link-costs to neighboring OSPF speakers. Building the Topology Starting on a router named r120 we can get a high level overview of the network (or at least our Area).

How the network statement works! Special-Use IPv6 Addresses. [Docs] [txt|pdf] [draft-ietf-v6ops-...] [Diff1] [Diff2] [IPR] Obsoleted by: 6890 INFORMATIONAL Network Working Group M. Blanchet Request for Comments: 5156 Viagenie Category: Informational April 2008 Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. MicroNugget: Configuring SPAN and RSPAN on a Cisco Switch. Bandwidth Chart. IOS upgrade! Anytime Cisco releases a new IOS image for its network switch (or router), it is recommended that you upgrade it. This article explains 7 easy steps to upgrade IOS image on a cisco switch or router.

Since you’ll be upgrading the IOS image, make sure you have physical access to the switch and you are in front of it. Use a console cable to connect to the switch. Please note that the steps given below will be similar to both switches and routers. However this examples shows how to upgrade ios image on a cisco catalyst switch. 1. After you login, go to enable mode, by entering the enable password. IOS 15.1S Command References.