SENSS Passed

Just a short post for this week, as I've done recently.  This exam has completely consumed my time lately.  Because I had yesterday off, I scheduled my second attempt at the SENSS and nailed it this time with a score of 910.  Exams are a lot easier when you know what you need to know, aren't they?  This isn't a knock against Cisco's exam topics, I just didn't have a good idea of...

Netflow Collectors

One of the big topics currently in Cisco's security track is Netflow.  According to Cisco, "NetFlow provides valuable information about network users and applications, peak usage times, and traffic routing."  With all of it's known, and yet to be discovered uses, it's no doubt that NetFlow will continue to be a big part of Cisco's security exams for the foreseeable future, as well as potentially...

FreeCCNAWorkbook.com in Packet Tracer, Part 3

In two previous blog posts, which can be found here and here, I started going through the labs on the Free CCNA Workbook website and attempting to perform the labs in Packet Tracer.  My focus lately has been more on my own studies with my first attempt at the SENSS exam scheduled for next month, but with Cisco finally releasing Packet Tracer to the world (you no longer need to be a Cisco...

ACLs by Country

Have you ever wanted to create an ACL by country?  There's a number of different ways you can go about it.  Certain models of firewalls have this functionality built in.  IOS based routers and ASA firewalls have no such capability, so we'll have to do this a bit more manually.  I'll present two methods. The first method is detailed here.  In this post, wget goes out...

TCL Scripting

According to it's man page, "tclsh is a shell-like application that reads TCL commands from its standard input or from a file and evaluates them. If invoked with no arguments then it runs interactively, reading TCL commands from standard input and printing command results and error messages to standard output. It runs until the exit command is invoked or until it reaches end-of-file on its standard...

Resequencing an ACL

Here's a quick post on a very useful command when working with ACLs.  I first heard about it while watching a CBT Nugget video, and I can say that it was definitely not covered in the NetAcad curriculum when I went through the classes, because I remember bringing it up to the instructor and it was news to him. So let's begin by setting the scenerio.  You have the following ACL: show ip...

Reflexive ACLs on IOS Routers

In a nutshell, reflexive ACLs allow packets to be evaluated based on upper layer session information. You use reflexive ACLs in order to permit the return traffic from an established session, but deny all other traffic in that direction.  For example, you open up a browser and establish an HTTPS session with www.awesomewebsite.com.  Now obviously, you want the return traffic from the server...

Shortening ACLs

There are two main ways of shortening ACLs and improving their readability or performance. As you know, ACLs can grow to include hundreds of ACEs and cover many pages when printed.  So any way of minimizing the number of ACEs present may be welcomed.   A shorter ACL will consume less flash memory in the form of the startup configuration, less RAM in the form of the running configuration,...

Setting up the 2511 Part 2

There is one more feature of the Cisco access servers that I do not see mentioned very often. Maybe it's been talked to death and I just missed it. But either way, I think is hugely important. That is the ability to telnet through it to the connected devices without ever actually appearing to touch the access server itself. In this post, I'll go over that briefly. To recap, in the previous post,...

Setting up the Cisco 2511

Racked up in my lab, I have more routers, switches, firewalls and access points than I care to count.  These devices are all in the basement, which is a place I don't necessarily want to set up shop when I'm labbing due do a number of reasons such as the temperature and the constant hum of the dehumidifier.  So when I'm upstairs, any oopsie that causes loss of connectivity would require...

ASA Liscense Woes

This evening I was tasked with installing a PAK on an ASA 5512-X for a client.  Sales forwarded me the eDelivery Order Notification without event, I grabbed the serial number from the output of the "show version" command, and with a click on "Register Claim Certificates (PAKs)" within the email.  I already had this handy guide from one of my favorite blogs loaded up in my...

Building an ACL

The different types of ACLs are first identified by the line number used. Standard IP ACLs use numbers in the range of 1 – 99 and 1300 – 1999. Extended ACLs use numbers in the range 100 - 199 and 2000 – 2699. Other types of ACLs which filter traffic utilizing other protocols such as Appletalk, DECNet, IPX, and XNS use other number ranges, however those are rarely used today. Named ACLs of course do...