Nexus 7 tablet

It was my birthday in early October. Right before Network Field Day before. I received amongst many other treats a Nexus 7 tablet. I was very spoilt. Here within is my Nexus 7 review and how I have used it. The Tablet Tech Specs here. Physical The tablet has a sound build quality. The  seven-inch tablet has a delicious 1280×800 resolution with IPS display. The ten-point touch screen provides sound and snappy responsiveness. The backlit screen I have found is fantastic; others will argue that it isn’t bright. Mine has had no issues of bleeding like some report. I sometimes wonder if I am just lucky or some people are UBER fussy. MicroUSB is the connection type at the base; it is compatible with many things! The weight is quite light. Sure, it isn’t the lightest on the market but nothing that will give your hands or arms aches. Battery … Continue reading

Opengear Challenge

Note This is the first of a few posts on Opengear. My #NFD4 posts will be in any order at all. Disclaimer about my #NFD4 posts On the first day our second presentation was Opengear. Before starting, a parcel was placed on each of our desks. Inside the box contained an Opengear console server. The model was the ACM 5004-G. It is a 3G cellular router that is the army knife of out of band management; endless features with a myriad of use. I will review the presentation and the device in a later post but this is more of post to the delegates. Traditionally the application of an emergency access 3G connection is great to hit that DC in the night and regain control. Opengear showed pictures of some Salmon Boats with the device installed. With all spawned salmon being tagged it is hard to know when they come home to breed. … Continue reading

NAT Enhancements

NAT enhancements There are a few little tricks to improve NAT performance. The first would be translation timeout. Translation timeout returns a translated address back to the pool. The default is 3:00 hours. If you have a smaller pool or find that PAT is being used too much you can adjust this timer. I personally like a smaller timer and depending on the application and/or load use 15 or 20 minute timers.

The ASDM configuration window resides at Configuration > Firewall > Advanced > Global Timeouts. Modify the Translation Slot field. The other feature is DNS rewriting. You are able to intercept and rewrite DNS requests that hit the ASA firewall. By default a DNS server may only know the public IP address of networkinferno.net but the DNS server has a private IP address. DNS rewrite will allow NAT translation of the IP address inside the DNS reply.

Continue reading

DNS on the ASA

I hope you enjoy this extract from my upcoming ebook – Deploying Cisco ASA firewalls. –DNS on ASA– This section looks at the provision of DNS functions on the ASA. Whilst it cannot provide DNS AAA records it does provide forwarding functions. DNS based name-to-IP-address mapping requires definition of a server group; this will then allow name-to-IP-address resolution. First we define which interface we want lookups performed on.

Next we create the DNS server group. I will name it CI-DNS and list my DNS servers in it.

The final DNS server listed acts as a backup which is actually Google’s Public DNS. Also defined is the domain-name the actual ASA resides in.

The FQDN of the ASA is now asa1.ciscoinferno.net. Provided the DNS servers are contactable, you can issue the ping command with a website url and you will see the … Continue reading

Inter vs Intra

There are 101 security levels on the ASA. This may not be enough and you might be required to use the same security level a few times. We know that higher security level interfaces can talk pass traffic to lower security interfaces by default but what if they are the same security level? By default this is not permitted. Even if you define access-lists to permit traffic it is still denied. Inter-interface Inter interface communication allows communications between different interfaces of the same security level. ASDM Navigate to Configuration > Device Setup > Interfaces Select the check box entitled Enable traffic between two or more interfaces which are configured with the same security levels. CLI

Intra-interface Intra-interface permits flows of traffic that comes in on an interface and routed back out the same interface. By default this is denied by default. An example of this would be hair-pinning; Hub and Spoke VPN … Continue reading

Why must we go to area 0?

OSPF is something that still mystifies me. I know it is a vast and large protocol and I do hope I can dispel something today for you. “Why do other areas need to connect to area 0?” Picture a tree. Nice big tall trunk and it has many branches. Area 0 is the trunk of your network whilst other areas are in essence branches. As we know every router in an area shares information about itself and the links it contains. This information is shared with all routers in an area. In turn, each router creates a link-state database. SPF is run on each router in the area and the “tree” is formed. When areas become large and OSPF areas have a large link state database it is important to break networks into areas like the above. This allows control of the database and ensure efficient convergence. I like to apply areas … Continue reading

Remote Labbing – Lab long and prosper!

Certification requires a lot of lab time. I mean a lot. Hundreds of hours of thorough, insightful, and meaningful labbing. Let alone the time invested behind the CLI of a CCIE certification. There are two routes these days that most people go. Hiring rack time or building their own lab. I am going to discuss the latter today including reproducing my setup! Physical vs Semi-physical There are two types of physical labs we can create. IF you have access to ex production kit, you are very wealthy, or happen to get lucky on eBay then a full physical topology is great. Routers, Switches, FR devices. When looking into a vendor topology for the CCIE lab you quickly realize it could be quite expensive. In this economic climate it ends up being quite expensive. http://www.ine.com/topology.htm Albeit this is classed as a cheaper lab there are a lot of interfaces and expansion … Continue reading

RIDs. Spare a thought for the non-configured.

The router-ID. (RID). Such a fundamental concept in so many regards. One of the more important parts of a routing protocol. I could almost argue that it is one of the easily forgotten things to configure. With routing protocols relying on their RID to keep a stable topology my mind drifted to planning and scoping addressing space. Speaking with @networkjanitor today briefly we discussed this. His words are as always wise. Divide up a /24 subnet. Further divide these addresses into /32′s Assign to a loopback interface. Set OSPF network type as point-to-point. Set passive-interface. How do you ensure your topology is stable? Do you carve up a subnet and issue IP addresses to a loopback? Do you leave it up to chance and rely on your intimate knowledge of said network? Share your thoughts below about how you address RID’s to ensure a stable and easy to work with … Continue reading

The importance of skinning cats

Once again the VLAN topic comes to the forefront but immediately I know this will apply to all aspects of the blueprint. The old adage goes something like “There are many ways to skin a cat”. Lets take the example of creating a VLANs. How many ways can you do it? Well I know of three. I will give an example of each below to show my point. First Method – VLAN Database

Note here that we have added a VLAN into the VLAN Database. Remember that you can only have VLANs that are in the standard range which consists of 1-1004. Note also that this method is being deprecated but at time of writing still relevant. Second Method – Global Configuration

This method is quite easy in comparison. This method is what has replaced directly interacting with vlan.dat via the VLAN database. This is the method that most … Continue reading

Starting my CCIE Written (prematurely?)

Today is a significant day. After much tossing and turning and discussions with my wife I have finally decided to start down the path of the CCIE Study. Those who follow my blog may know that I am not yet a CCNP ( I still have SWITCH to go) and that is fine. The reason I am waiting is financial. I am saving my pennies after a 0.9 percent miss on SWITCH back in may. I felt that continuing onwards will reinforce what I know and allow me to align study time to defined goals. I am not taking this goal lightly. I understand the gravity of the task at hand. I have many good friends who are on the path, looking back on the path, and standing right beside me. Join my adventures by subscribing to my blog or come chat over at #cciestudy on freenode.

IOS CLI Shortcuts!

Found this neat list of IOS Short cuts! Adding for future reference. Ctrl + K  is my favourite!

How can you help get the MSCE out of the toilet?

  2012 – A server odyssey With Windows Server 2012 nearing launch the Microsoft Developer Network has released a great book on the features and offerings the new OS has built in. A quick glance gives options regarding blah blah cloud deployments, improved monitoring and more. With over 256 pages split to 5 chapters of Microsoft Server goodness I am sure there is something new in there for all Systems Administrators. The new MSCE Server Infrastructure exams are on their way. This will help give you a leg up and get certified as soon as possible. With a lot of 03 boxes around and 08 (nonR2) many will find the path to server 2012 requiring a certified expert. Earn your stripes and get your teeth into some serious deployments/migrations. Take Note – The quality of Microsoft exams don’t necessarily mean you are an Expert. That part is up to you. Notorious for being … Continue reading

GNS3 and Cisco ASA 8.4 (Part 2)

Alright! Bam! Excited? I surely am. Cisco ASA on my laptop and I can lab anywhere!  Now lets establish more than console access via GNS3 and get SSH/HTTPS/ASDM running. The reason I am so pushy to get ASA on a device is because certification guides all show how to do a task both ways. Handy in my opinion. Plus it doesn’t hurt for study reasons! Requirements tftpd32 – TFTP application Legal version of ASDM 8.4.2 – Pretty GUI for the ASA Administrator Rights – Need to bridge your interfaces! Setup GNS3 for a host Before we go making SSH access we need to connect our device into GNS3. Simple enough but can be daunting for some. I currently use Windows 7 on my lab machine due to the speed of spinning up VMs and the easy of connecting them in. I have dabbled with taps in Linux and it hurts … Continue reading

GNS3 and Cisco ASA 8.4 (Part 1)

GNS3 has been a stable to my personal study. When I first achieved ROUTE on my way to CCNP I worked in a heavily switched environment. I had worked on routers and routing technologies about 5 percent of the time. It wasn’t enough to brush over the material and blitz the exam. I required a deep dive into the materials offered. I ended up using GNS3 and could create multi-area OSPF topologies, Giant EIGRP networks, and BGP with cheeky redistribution. This was only the beginning. My current place of employment is about to have ASA’s come out of the nether regions. 5585-CX is the flavour of the day. As a part of all this I am being sent to a Cisco partner course covering FIREWALL topics. I guess this aligns with the CCNP Security FIREWALL  curriculum. My ASA exposure is quite limited and I have to admit that I generally … Continue reading