My Fan Club

As I've mentioned a few times in the past, I act as an admin for one of the largest, if not the largest, Facebook groups dedicated to CCNA study.  You can find that group right here, or through the Facebook button in the top right corner of any page on this blog.  The group has a few...

Registering ASP.NET for Office Web Apps Error

Here's a quick and dirty post for something that came up recently in the lab.  I was setting up an Office Web Apps server, and was getting the following error: Can't create new Office Web Apps farm: The server must be joined to a domain. Seeing this error message was a bit frustrating to say the least, because the server was indeed joined to a domain.  After a bunch of searching with Google,...

SENSS Passed

Just a short post for this week, as I've done recently.  This exam has completely consumed my time lately.  Because I had yesterday off, I scheduled my second attempt at the SENSS and nailed it this time with a score of 910.  Exams are a lot easier when you know what you need to know, aren't they?  This isn't a knock against Cisco's exam topics, I just didn't have a good idea of...

CCNA Question of the Week 4

This week, we had an open ended question that covers a lot of areas.  This is a take on a question that was asked during the phone screening for my first I.T. job.  As with all questions in this series, do not make assumptions, and do not answer a question that was not asked. Just answer the question as completely as your knowledge allows. Your computer was just started and you just logged...

The Official CCNA Group Rules

Group Rules: 1.This is a network for the network associate. All legitimate things CCNA related, as well as most other I.T. topics may be discussed here.2.Things that may not be discussed here include (but is not limited to): Brain-dumps, any other form of copyright infringement, any illegal activity, spam, politics, and personal attacks. It doesn’t matter if it’s legal where you live, Facebook...

CCNA Question of the Week 2

In the following image, you'll see a network topology.  In this topology, the routers are running the RIP routing protocol.  As is traditional with these questions, I'm going to strip out all the irrelevant information.  We're not going to see any router configuration, IP addressing,...

CCNA Question of the Week 1

Group member Donovan Bone posted this question in a discussion, and I thought that it would be a great "Question of the Week" for the group.  So a new thread was started for just it, and a lot of members attempted to answer the question. I didn't expect the majority to get it right, but only one got it right in the three hours I watched the replies.  Not surprisingly, the one person who...

The Official CCNA Group FAQ

I've been one of the admins of the group for a few years now, and there's a handful of questions that I see repeatedly posted.  I'm talking about the things that somebody asks at least once a week in the group.  So I've started compiling this FAQ for the group that can be posted as a response to any question that falls within this list.  As with many posts relating to the Facebook group,...

I'm New, What Should I be Reading?

In the CCNA group, an often posted question is "what books should I be reading?" or the less inspired "What is the best networking book?"  Well, it's never quite that simple.  What are you looking to learn?  Do you want to become proficient in networking in general, or are you looking to become proficient in Cisco related networking?  Yes, there is a difference.  Do you want...

Netflow Collectors

One of the big topics currently in Cisco's security track is Netflow.  According to Cisco, "NetFlow provides valuable information about network users and applications, peak usage times, and traffic routing."  With all of it's known, and yet to be discovered uses, it's no doubt that NetFlow will continue to be a big part of Cisco's security exams for the foreseeable future, as well as potentially...

FreeCCNAWorkbook.com in Packet Tracer, Part 3

In two previous blog posts, which can be found here and here, I started going through the labs on the Free CCNA Workbook website and attempting to perform the labs in Packet Tracer.  My focus lately has been more on my own studies with my first attempt at the SENSS exam scheduled for next month, but with Cisco finally releasing Packet Tracer to the world (you no longer need to be a Cisco...

Why is Everyone Upset with RadioShack?

The following is a position paper that I wrote in April of 2015 To set the timeline, this was merely weeks if not days after RadioShack announced that it was selling it's customer information database, which came shortly after it's bankruptcy. You know, that database that was assembled with the information demanded of you at the register every time you stopped in to grab a pack of batteries. This...

Symmetric Traffic and IPS

A well known problem for network and security professionals in the enterprise is asymmetric routing.  At it's simplest, this is where traffic flows outbound through Router A, while the return traffic returns through Router B, or through both Routers A and B.   If you're using a reflexive ACL, for example, this will lead to some, if not all of the return traffic being blocked as...

The Accuracy of Sampled Netflow

To alleviate the fear of overburdening the CPU due to the collection of NetFlow statistics, Cisco gives us the option of using Sampled NetFlow. Sampled NetFlow allows you to sample 1 out of 10 packets, 1 out of 100 packets, or however much of a subset of the total number of packets. The theory is that...

IOS Zone Based Firewall

One of the most commonly covered security features when it comes to Cisco security is the ZBF.  It wouldn't be much of a network security blog without at least one post on this topic, so here's my take. With IOS version 12.4(6)T, Cisco introduced the Zone Based Firewall (ZBF), sometimes referred to as the Zone Policy Based Firewall.  With this, the Classic IOS Firewall or Context-Based...

Server 2003 IAS RADIUS Server

Since I'm sure many home labbers are still rocking Server 2003, I'll put it up in hopes that someone will still find it useful. This post was originally done a number of years ago when Server 2008R2 was still new and memory was still at a premium on my virtual machine host. I was hoping to save a few...

ACLs by Country

Have you ever wanted to create an ACL by country?  There's a number of different ways you can go about it.  Certain models of firewalls have this functionality built in.  IOS based routers and ASA firewalls have no such capability, so we'll have to do this a bit more manually.  I'll present two methods. The first method is detailed here.  In this post, wget goes out...

TCL Scripting

According to it's man page, "tclsh is a shell-like application that reads TCL commands from its standard input or from a file and evaluates them. If invoked with no arguments then it runs interactively, reading TCL commands from standard input and printing command results and error messages to standard output. It runs until the exit command is invoked or until it reaches end-of-file on its standard...

Hard Code DNS Servers with PowerShell

The following is a PowerShell script to quickly hard code DNS servers for every network interface present on a computer. It will overwrite the existing DNS servers configured on that machines interfaces.  In this example, we'll be using the IP addresses for OpenDNS servers. # The servers that we want to use $newDNSServers = "208.67.220.220","208.67.222.222" # Get all network adapters that already...

Do the Google

It still surprises me that in 2016, there are still people out there who cannot, or will not, use Google to find the answer to their question.  I'm the admin of a large group on Facebook that exists primarily for people pursuing the CCNA certification, though most technical discussion that stays on the right side of the law is permitted.  Since we get at least one question a day...

Resequencing an ACL

Here's a quick post on a very useful command when working with ACLs.  I first heard about it while watching a CBT Nugget video, and I can say that it was definitely not covered in the NetAcad curriculum when I went through the classes, because I remember bringing it up to the instructor and it was news to him. So let's begin by setting the scenerio.  You have the following ACL: show ip...

Reflexive ACLs on IOS Routers

In a nutshell, reflexive ACLs allow packets to be evaluated based on upper layer session information. You use reflexive ACLs in order to permit the return traffic from an established session, but deny all other traffic in that direction.  For example, you open up a browser and establish an HTTPS session with www.awesomewebsite.com.  Now obviously, you want the return traffic from the server...

Installing NDES on the Issuing CA

The Network Device Enrollment Service (better known as NDES) is a component of Active Directory Certificate Services.  It's based on the industry standard Simple Certificate Enrollment Protocol (SCEP) which is an Internet Draft by the Internet Engineering Task Force (IETF).  SCEP is designed...

Backup Your Blog on Blogger

Here's a little quick and dirty post on backing up your blog on Blogger since every howto that I have seen online is a bit dated and things have moved.   But that's to be expected, things are always moving when it comes to Google.  Like all things in IT, you should make a regular backup of your blog just in case you have an oopsie, or Google determines you have violated their terms and shuts...

Research Results

Our survey was posted online for a period of one week. Following this period, data was pulled down from SurveyMonkey in the form of a Microsoft Excel spreadsheet. Survey results were converted from text to numeric answers. All statistical analysis was conducted in IBM SPSS v23 for Linux on the OpenSUSE Leap 42.1 operating system....

Building the Issuing CA

In the last post, we went through building the root CA which followed building the domain and generating a mess of test users.  Moving along this time, we're going to start building the issuing CA for the domain and for our network devices.  Once we get through this stage, the root...

Building the Root CA

In the lab, a single Windows Server running Active Directory and Active Directory Certificate Services.  But if you haven't figured out yet, I am a big fan of overkill and never do anything only to the level of minimum required.  I always like to do everything bigger and better, as there will...