Wednesday, 13 October 2010

NEW IEEE 802.3aq enables cost effective 10 gig network adoption

NEW IEEE enables cost effective 10 gig network adoption

Over 78% of the fiber deployed on the campus and in building backbones are multimode fibe.

Cost effective upgrade to 10 Gig require new Fiber inetrfacing , NEW IEEE standard 802.3aq addresses this issue

Support of distance up to approx 200 Meters on all grades of MMF , Yes , You got it right if you have OM1 Fiber installed you can have it upgraded to 10 Gig

Cisco is the first in the industru to offer 10 G Base - LRM (long Range Multimode) Optical intreface to be used in Campus high speed LAN

Cisco SFP-10G-LRM

The Cisco 10GBASE-LRM Module supports link lengths of 220m on standard Fiber Distributed Data Interface (FDDI) grade multimode fiber (MMF). To ensure that specifications are met over FDDI-grade, OM1 and OM2 fibers, the transmitter should be coupled through a mode conditioning patch cord.

No mode conditioning patch cord is required for applications over OM3. For additional information on mode conditioning patch cord requirements please see:

Wednesday, 6 October 2010

Cisco Router not saving the Config

Hi Guys,

I have come across one very strange problem , I asked my colleague to take some old routers from store , as we were planned to use old Cisco 1800 for the new deployment , as we don't know the old password , so He reset it and went of Sick ,

a week before Deployment i thought to do some stress testing , when i start setting up router in lab environment every thing seems working .I roughly generated 60 commands of confing ,

thought to reboot and test it , When i reboot it and i was .... OOOOOHHHHH

No config factory default and was sooo much ...*£$%

there come troubleshooting , started and finally figure out the problem ,

Look at the out put;

Show version :-

Router#show version
Cisco IOS Software,
Synched to technology version 12.3(7.11)T1
Technical Support: »
Copyright (c) 1986-2004 by Cisco Systems, Inc.
Compiled Fri 25-Jun-04 17:56 by ealyon

ROM: System Bootstrap, Version 12.2(11r)YV5, RELEASE SOFTWARE (fc1)
ROM: Cisco IOS Software,
Router uptime is 1 minute
System returned to ROM by power-on
System image file is "flash:

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
If you require further assistance please contact us by sending email to

Cisco C831 (MPC857DSL) processor (revision 0x500) with 58983K/6553K bytes of memory.
Processor board ID FHK101224P2 (1431813270), with hardware revision 0000
CPU rev number 7
3 Ethernet interfaces
4 FastEthernet interfaces
128K bytes of NVRAM.
12288K bytes of processor board System flash (Read/Write)
2048K bytes of processor board Web flash (Read/Write)

Configuration register is 0x142

Hell how can i miss this minute thing and it took me 3 Hours to troubleshoot, and i was about to .... Log a call with Cisco Tac ,

It was config register setting which causes the system software to ignore the contents of NVRAM

and the fix is simple

confreg 0x2102

Hope you don't spend that much time ... and you googled it first

Tuesday, 5 October 2010

iPhone 4 Problems

I phone no doubt a good Phone ,

I dont mean to market or badmouth it ,

I just need to put some major problems faced by the users,

Death Grip

when some one Left handed hold the phone it dies no signal,


Buy 20 £ bumper Case that works well

Glass Screen :-

Glass screen is more Vulnerable to Scratch and Glass is glass


Wrap it properly

proximity Problems during phonecalls sometimes when I end calls my fone Menu is in the middle of something else .

Offical statement about signals

Gripping any mobile phone will result in some attenuation of its antenna performance, with certain places being worse than others depending on the placement of the antennas. This is a fact of life for every wireless phone. If you ever experience this on your iPhone 4, avoid gripping it in the lower left corner in a way that covers both sides of the black strip in the metal band, or simply use one of many available cases.

Tuesday, 3 August 2010

Cisco Introduces New CCNP SP Operations Certification

Cisco is has formally announce the release of its new
Cisco Certified Network Professional Service Provider Operations (CCNP SP Ops) certification.

The CCNP Service Provider (SP) Operations certification validates knowledge and skills required of a Tier II or Tier III (Network Operations Center or NOC) support engineer to troubleshoot and maintain service provider IP Next Generation Networks (NGN) core infrastructures.

The CCNP SP Operations certification is made up of four recommended training courses and four required exams:

The Operational Foundations for Cisco Service Provider Core Networks (OFCN) course is designed to provide mid and upper level personnel exposure to the SP network operations environment, process management framework, network management tools, troubleshooting of SP technologies. It enables students to practice the primary job roles and tasks associated with Tier II and Tier III Network Operations.

The Maintaining Cisco Service Provider Routing Protocols (MSPRP) course provides learners with the knowledge needed to provide support in a service provider environment using Interior Gateway Protocols such as OSPF or IS-IS, and Exterior Gateway Protocol (BGP). It also provides learners with the understanding of advanced routing policies using both Cisco IOS and Cisco IOS XR.

The Maintaining Cisco Service Provider VPNs and MPLS Networks (MSPVM) course provides learners with the knowledge needed in monitoring and troubleshooting Multi-Protocol Label Switching (MPLS) and associated technologies in Service Provider networking environments and in both IOS and IOS XR operating environments.

The Maintaining Cisco Service Provider Quality of Service (MSPQS) course provides learners with the knowledge needed to implement QoS mechanisms using both Cisco IOS and IOS XR, manage performance and capacity based on QoS statistics gathered, and perform monitoring and troubleshooting of QoS in SP core infrastructures.

Wednesday, 23 June 2010

Implementation of ACL Summary

Some General Guideline for consideration while using ACLs

  • One ACL is allowed per intreface and protocol per direction , you can have multiple ACLs on a single device , but you can have maximum of two ACLs per interface one as inbound and other as outbound.

  • As ACLS is processed from Top to bottom, ACE entries need to be planned and most restrictive entries should be in the top.

  • It is possible to squeeze the ACE in ACL in newer version of IOS due to sequencing function.

  • Implicit Deny:- An ACL must have at least one Permit statement in avoid blockage of all traffic

  • Egress (outbound ACL) only check the traffic traversing through the router but not the traffic originated by router it self .

Friday, 28 May 2010

Cisco and SonicWall

Model Stateful VPN Gateway Anti- Content Intrusion
Throughput Throughput Anti-Virus Spam Filtering Protection
Cisco ASA 5505* 150 Mps 100 Mps x x x
TZ 210 200 Mps 75 Mps
Cisco ASA 5510* 300 Mps 170 Mps x x x
NSA 2400 775 Mps 300 Mps
Cisco ASA 5520* 450 Mps 225 Mps x x x
NSA 4500 2750 Mps 1000 Mps
Cisco ASA 5540* 650 Mps 325 Mps x x x
NSA E5500 3900 Mps 1700 Mps
Cisco ASA 5550* 1200 Mps 425 Mps x x x
NSA E6500 5000 Mps 2700 Mps
Cisco ASA 5580* 5000 Mps 1000 Mps x x x
NSA E7500 5600 Mps 3000 Mps

Friday, 14 May 2010

CCIE Security Written

CCIE™ Security Written 350-018

Candidates planing to appear in exam after 12 th of August 2010 need to prepare for Version 3 blueprint for CCIE security Written , I have comparison between V2 and V3 blueprints , and it dosent seems to be a huge difference between the blueprints.

Any feedback would be appreciated

CCIE Security Ver 2

CCIE Security Ver 3

Duration 2 Hrs


Questions 100


General Networking


Tunneling Protocols (GRE, NHRP)

Security Protocols, Ciphers and Hash Algorithms





Application Protocols



Security Technologies





Adaptive Threat Defense (ATD)


Cisco Secure Appliances and Applications



Cisco VPN 3000 Series Concentrators


Cisco Traffic Anomaly Detectors


Cisco Guard DDoS Mitigation Appliance


Cisco Traffic Anomaly Detector Module & Cisco Guard Service Module



Cisco IOS Firewall (CBAC, Zone-Based, PAM)






Cisco AnyConnect VPN Client


Cisco VPN Client


Cisco Secure Desktop (CSD)


Cisco Network Admission Control (NAC) Appliance


Cisco Security Agent (CSA)


Cisco Security Monitoring, Analysis and Response System (MARS)

Cisco Catalyst 6500 Series Security Modules (FWSM, IDSM, VPNSM, WebVPN, SSL modules

Cisco Catalyst 6500 Series Security Services Modules (FWSM, IDSM-2, VPNSPA)

Cisco Secure Management







Security Solutions

Theft of Information



DNS Security

Security General

Information Security Standards (ISO 17799, ISO 27001, BS7799)

Information Security Standards e.g. ISO/IEC 27001, ISO/IEC 27002)


Industry/Regulatory Compliance (e.g. SOX, HIPAA, GLBA, PCI DSS, FISMA

Friday, 9 April 2010

Job Interview Tips

Hi Folks ,

Today I have to discuss some interview tips and very common asked question , Some of you may now them before but these are really vital for a success full interview.

Most recent survey of around 1000 employers revealed top 5 reasons why they are not going to apply as specific candidate.

Inappropriate Dressing
Lack of enthusiasm or zest
Lack of preparation for the interview
Body language or communication skills
One work answer

The biggest thing to prepare before going for the interview you should always make sure that you are aware of the position that you are being interviewed , Like Job description , good awareness about the company ( the most appropriate way is to look into companies website).

If you do not understand a question or it is not specific enough, ask them to re-phrase or be specific. If you have been asked to do a presentation, make sure that this is prepared and you have practiced it, if not you may need to re-arrange your interview.

................To be continued

Tuesday, 26 January 2010

Cisco Announced Changes in CCNP Exam

Cisco has taken out almost most every topic from ONT and ISCW and then added Troubleshooting exam as NEW CCIE also include 2 Hours of CCIE Trublshooting LAB that focuses on routing and switching with a few other topics.

Thease chnages have Greater emphasis on troubleshooting ….. this revision will result in 3 Exam replacing old 4 Exams

# 642-902 Route
Implementing Cisco IP Routing
120 Minutes Exam
Fee 200 $

# 642-813 Switch
Implementing Cisco Switched Network
120 Minutes Exam
Fee 200 $

# 642-832 TSHOOT
Troubleshooting and maintaining Cisco IP Networks
120 Minutes Exam
Fee 200 $

Additional Switching topics includes
  • PVST and 802.1W RSTP
  • Network Monitoring in High avilability
  • Integrating WLAN

Additional Routing topics includes

  • EIGRP across HDLC , FrameRelay, MPLS, VPN, and MPLS virtual Circuit
  • Implement Alternative Path control
  • Implement IPV 6

ONT and ISCW will be retired as on 31st of July So good NEWS is if you finish CCNP before July 31st, your ISCW and ONT count.

If You cannot finish then your ISCW and ONT exams don't consider for your CCNP Certification

Special Beta Offer for CCNP TSHOOT Exam

New CCNP TSHOOT certification exam will first be available as a beta exam; candidates can register and take the beta (#643-832) from February 16 through March 26, 2010. To encourage beta testers, Cisco will provide the TSHOOT beta exam free of charge to the first 150 candidates who complete it. (Use the promo code TSBETA when registering)

So guys What you think.... ???

Some helpful Links

Wednesday, 20 January 2010

Authenticating VPN user from Active Directory

Hi Guys Today we are going to discuss how to setup Remote access
VPN connection between Remote Clients / Mobile Users / Cisco VPN
Clients ... (its same names) and ASA 5500 by authenticating Users
Against Active directory using MS 2003 IAS server (which is MS
RADIUS server)

IPSEC is configured in this example with these considerations

Cryptomap is applied on outside interface of ASA Appliance

Xauth (extended Authentication) of VPN clients will be happening against RADIUS (which would be ISA server Windows 2003)

DNS ( and Windows 2003 IAS server ( is sitting Inside

Here we go

interface Ethernet0
nameif outside
security-level 0
ip address
interface Ethernet1
nameif inside
security-level 100
ip address



#Create pool of Addresses for assignment of ip addresses
dynamically to remote VPN clients

ip local pool vpnclient

Nat (inside) 1

Global (ouside) x.y.z.a (

This depends upon your scenario)

# Appropriate Route inside and Route outside statements depending
upon the network Layout.

# Now create AAA server group named "VPN" and mention RADIUS and
add MS 20003 IAS server as a member of this "VPN" group and mention
Security Key as well which is "Cisco" in our case

aaa-server vpn protocol radius
aaa-server vpn host
key cisco

#Now create VPN user policy and specify DNS IP address and domain

group-policy VPNPOLICY internal
group-policy VPNPOLICY attributes
dns-server vlaue
default-domain value

# As specif VPN config PHASE 2 Configuration mentioning Encryption
type , Hash Algorithm

crypto ipsec transform-set myset esp-des esp-md5-hmac

# Dynamic Crypto map

crypto dynamic-map mydmap 10 set transform-set myset

# Enable RRI (reverse routre injection)

crypto dynamic-map mydmap 10 set reverse-route

# Binding map to ISAKMP

crypto map maymap 10 ipsec-isakmp dynamic mydmap

# Now specifying Interface to whihc cryptomap is attached to

Crypto map mymap interface outside

# ISAKMP PHASE 1 config is as under

isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 1000

#Create a new tunnel Group as Security appliance provides default
tunnel group for remote access whihc is (defaultRAGroup) but here
we will use our own group

tunnel-group mygroup general-attributes
address-pool vpnclient
authentication-server-group vpn (remember be case sensitive)
default-group-policy VPNPOLICY

# Enter Preshare key to configure authetication poilyc

tunnel-group mygroup ipsec-attributes
preshare key xyz


Now Go on VPN client appliaction

start > Program> Cisco VPN client

click New to create new Connection

Under host give outside interface ip address whihc is
in our case

Under authentication tab , Select group authentication radio button

Name = mygroup
password =xyz

Thats It and now you need to connect and it will ask for One more
Username and password whihc would be your IAS MS windows 2003
Server has in it

Microsoft Windows 2003 Server with IAS Configuration

Complete these steps to configure the Microsoft Windows 2003 server
with IAS.

first you need to install IAS server from Control panel and ADD/
Remove Program

Select Administrative Tools > Internet Authentication Service now
right click on RADIUS Client to add a new RADIUS client.

Give name and IP address of and select Client-Vendor to RADIUS
Standard, and shared secret is Cisco.

Go to Remote Access Policies, R.C (right click) on Connections to
Other Access Servers, and select Properties.Endure Grant Remote
Access Permissions is selected.

Click Edit Profile and check

under Authentication tab, check Unencrypted authentication (PAP,

under Encryption tab, ensure that the option for No Encryption is

Go in Administrative Tools > Computer Management > System Tools >
Local Users and Groups, R.C on Users and select New Users to add a
user into the local computer account.

I hope I don’t need to mention how to create a user .... If you feel
that you need this type of help ...... then go to Learn windows for
extreme Dumps’.com .. thanks For visiting ...

One thing i would suggest to check On Users screen under General
tab, ensure that the option for Password Never Expired is selected

Under Dial-in tab, select the option for Allow access

Here is one way to test either ASA is communicating with IAS Server
or not

test aaa authentication radius host

It will ask for username and password ..... give username and password that you just created on IAS server

And one last thing
dont forget

Debug Crypto ISAKMP
For troubleshooting

Tuesday, 19 January 2010

Cisco CCIE Mobile Labs Save Time and Expense


Mobile labs for Cisco CCIE
Routing and Switching and CCIE Security lab exams provide a more convenient testing alternative to extensive travel for individuals in countries without permanent testing facilities.

Upcoming mobile labs are planned for

Chicago, January 25-29;

Moscow, February 8-12;

Riyadh, Saudi Arabia, March 6-10;

Johannesburg, South Africa, April 19-23

Cisco has introduced the mobile lab program to provide candidates greater access to Lab testing while greatly reducing travel time and expenses.

Mobile CCIE Labs provide a convenient and cost-effective method for candidates to test for CCIE Routing and Switching and CCIE Security in areas which do not have permanent lab locations.

Saturday, 16 January 2010

IPS (Intrustion Prevention Ssytem) Compaison

Network Intrusion prevention system can detect and block attacks and can act as a Patched shield for Information System.

As Network IPS Market continues to mature and evolve that had considered the IDS Intrusion detection System several years ago.

Most vendors in market issue Vulnerability facing IPS signatures with in 24 Hours of patch release, which is habitually faster than an enterprise's ability to patch system before it gets too late. So finally for this reason IPS signatures never really go away and ability of IPS boxes to maintain Wire speed with large signature database or a list is Critical.

I am considering IPS products on the basis of true IPS feature which are as under

Perform Packet normalization and inspection As in Cisco normalization engine collects fragment of TCP packets and assemble them prior to inspection

Wire speed performance when running inline mode, and don’t cause performance Bottleneck

Can perform Multiple actions upon data packet streams such as anomaly analysis, signature analysis, scanning and behaviour analysis

Not only reset the abnormal sessions but also drop them

Rate limiting capability and QoS up to some extent (Optional)

Here we go with Comparison; I am not going to be prejudiced during my comparison

Check Point software

Well established Security Company well known due to its Firewall products IPS-1 Sensor appliances (ranging in price from $7,000 to $115,000 and in-line performance from 50Mbps to 2000Mbp)


IPS-1 can be considered by the customers that are already running checkpoint devices or already have relation with vendor, or due to smart defence system (that provides intrusion prevention capabilities that are integrated into Check Point products. SmartDefense also helps to minimize threats by providing defences that can be used before vendor supplied patches become available or are fully installed throughout a network)

Checkpoint is committed to add some more resources in R&D of IPS to produce better and advanced product in the market in next couple of years.

Appliance Operating system is the dame as used in Check point Firewalls and it is fast and powerful

In April 2009 Checkpoint has purchased Nokia Security Appliances which can give good future patch in IPS appliances market


IPS-1 cannot work with Other Check point appliances in single SmartCenter Console

Checkpoint strategy for IPS is unclear

IPS-1 Deployments across the glob is limited

Cisco Systems

Cisco has different flavours of IPS ranging from stand alone appliance and IDS services Module Switch Blade, Cisco has also introduced add-in hardware module for ASA series firewall and software based IPS within IOS based routers. After the acquisition of Ironport in Mid 2007 and Protego Networks , Cisco now has Email , Web and behaviour analysis products that can be used with IPS Products.


Cisco offers a Wide range of intrusion prevention choices.

Cisco has Global support and broad geographic hold.

Has recently introduces Free IPS manager Express can monitor upto 5 Devices

Risk rating feature can be adjusted based upon alert factors.

Cisco is one of the Top 5 vendors according to market share in 2008


Cisco IPS Device manager console is not as good as comparison to the most leading IPS products (though SM-MARS can adress some short comings but an expensive option)

Risk Rating feature need experienced administrator to tune.

Though Cisco has made lot of improvement in signature quality during last 12 months but it is still an issue.

Juniper Networks

Juniper has good history in Security products based on Netscreen acquisition in 2002. Its Intrustion Prevention (IDP) appliance has four models running on Linux kernel. IPS is also available in ISG firewall and SRX. Current challenge with Juniper is to migrate all products using ScreenOS and linux to JUNOS


It is one of the Top 5 vendors according to market share in 2008

Satisfied Customers, and outstanding post sales support.

Juniper IDP support highest number of virtual IPS instances.

Juniper console and NSM are considered competitive.


During past couple of years IDP has less visibility in market, because juniper had made advances in different fields basically focused on competing with Cisco.

JUNOS operating system need to maintain a low rate of vulnerabilities on all products

JUNOS don’t have reputable feeds with Web Security gateways and Email Security.

McAfee IntruShield

McAfee is well known Security brand, it has made considerable investment in Hardware Security Products. Recently Intrushield Product is renamed as McAfee Network Security Platform. However McAfee has recently acquired Secure Computing.


High throughput making it an ideal product for Enterprise Network

Preferred product for the Companies already running Mcafee Security Products like ePO, NAC

One of the Top 5 Vendors in the Market producing IPS appliances


Well-known Due to Host based Security Products.

Acquisition of Secure Computing may divert some Resources

...................... To be continued

Friday, 8 January 2010

Solarwinds Certified Professional

Network Management Certification

Solarwinds Certified Professional

Solarwinds Launched network management certification called SCP Solarwinds Certified Professional covering 5 Main topics.

Network Management Fundamentals

Use and explain network management protocols (e.g. SNMP, SNMP Traps, Syslog, ICMP, NetFlow, etc.)

Leverage MIBs, OIDs, and WMI performance counters to diagnose and troubleshoot network problems

Network Management Planning

Translate business requirements into monitoring needs, thresholds, and Orion NPM configurations

Design a reporting system that meets the needs of the various stakeholders

Determine monitoring scope and impact on the network

Determine the impact of network topology on monitoring

Network Management Operations

Network Fault and Performance Troubleshooting

Orion NPM Administration

Well Guys I have given the exam and passed It , dont underestimate the exam .. 77 Questions but its not as easy as pie and try to cover every expect of NPM as you can .... Dont forget to go through geek videos

Remeber difference between SNMP 1 and 2 is Get bulk as SNMP V 2 is scaleable

Calculate Bandwidth with octated given on interface like sampeling shows there are 44000,000 octates in 5 minutes you have to calculate bandwidth ....
44000,000 * 8 = 352,000,000 bits / (60*5) = 1173,333 bps
1,173,333 / 1024 = 1,146 Kbps
1146/1024 = 1.12 Mbps

don't cramm it..............

UDP port 514

Account limitations and view limitation by filters

SNMP port 161 and 162

guys dont forget to have a look on UnDP geek speak there a loads of question on this

Interface is showing … More than 100 % utilization so you have to customize the bandwidth of interface

Some cisco commands ... how to configure SNMP ..... why NMS can get SNMP Trap .....but cannot poll data.

Most of the time ... the questions end up with ICMP being blocked by firewalls

Due to some recent chnages ... network started responding slow ...

Some report generation related questions ... remeber where t geenrate reportrs

how to setup View limitation filters

what things we can setup in ssytem Manager .

due to huge sys logs message DB size in increasing so u have to delte unwanted logs

Due to budget constarint you cannot upgrade hardware what you would doo ... I sleecetd to chnage less frequent polling intreval

SSH is the most secure ...

Port 69 is for TFTP is any firewall blocks ... it means you NMS cannot do something related to IOS upadtes .

Remember 443 port is for HTTPS based access

Have a look on transform Undp

I have Just received this Mug and certificate .... Its good

.............................................................................................To Be Continued as soon as keep reminding any other tips i will update it



Step-1 :
Switch off the router and then switch it on after some time , within the first few seonds of booting press the CTRL+Break Keys
The router will enter the ROM Monitor mode .


Step-2: In the ROM Monitor mode change the configuration Register to 0x2142 to ignore the Startup Configuration file upon booting

Rommon1>confreg 0x2142

Rommon2>b(For initiating the boot sequence)

On Booting the router will enter the Setup mode .
Would you like to enter the initial configuration guidelines (yes/no):

Dont select any option (Yes or No) , just skip the setup mode by pressing CTRL+C.The router will now enter the User Exec mode


Enter the privilige mode and copy the startup configuration file to the RAM(Running-Config)


Router#copy startup-config running-config

Change the enable/enable secret or whatever password you want to change and then the configuration to the NVRAM

Router(config)#enable secret Cisco


Dont forget to change the config-register value to the default

Router(config)#config-register 0x2102

The procedure is quite useful in case someone has lost the password and wants to break it without affecting the rest of the configuration .