Thanks for recommending us!
I do work for CBT Nuggets and would be happy to answer any questions you have. Also, we just started a 7 day free trial that you could use to check out our teaching style and see if it's right for you.
Another thing, getting in practice is incredibly useful. For the CCENT you can usually get away with doing everything virtually (Packet Tracer/GNS3) but putting together a home lab can be invaluable as you dive in deeper.
Good luck!
There is a free course on Cisco NetAcad for beginners:
https://www.netacad.com/courses/packet-tracer/introduction-packet-tracer
Router(config)#platform hardware throughput level ?
200000 throughput in kbps
400000 throughput in kbps
Once again, reddit users come though when TAC fails miserably
I highly recommend checking out CBTNuggets, Jeremy is awesome! Some of the information in the old books might be relevant but honestly I would invest in some new material
http://www.cbtnuggets.com/it-training/cisco-ccna-icnd1-100-101
It is released now.
​
** Amazon showed it avail 16 Jan, but I have already received mine from pearson.
I found a router that has the image, I just copied it over and I have the crypto command, Now what I am wanting to do is connect this router to a VPN so I can have all my devices on the VPN. I heard that this is in deed possible but can I do it with a provider like NordVPN?
For a provider like NordVPN, you can use L2TP IPSec or IKEv2, which should be compatible with the 2821; though, I'm not 100% on IKEv2 working... it's been a while since I did a new VPN configuration on a Cisco ISR. You'll have to fill in the gaps between the NordVPN information provided in their help sections, and find a server that supports your payload type (whether IKEv2 or L2TP), since it appears not all of their servers support all of the protocols.
I'm convinced this can work with the right VPN provider, but it will be a bit of a trick to get all the pieces in the right place.
What I do know is that NordVPN offers some protocols that the Cisco absolutely will not work with, like OpenVPN. Not sure on most of them.
But if you're learning and want to try to make it work, go for it. it might take a few days to get everything right though.
I've never seen anywhere in CallManager / CME to see serial numbers, but if you browse to the phones webpage it shows the serial. There's a utility I've used with success before (instead of manually browsing to every phone) - I think it was this, though there may be a better/newer utility by now.
I'd recommend checking out Safari. For about $30 a month or so you get access to loads of books. I know when I had a subscription still (left my old job and they cut off my access) I was looking for CCNA books and found dozens of them on there. Plus just about every other topic you can think of. They have an iPad app and it works just like the Kindle app for the books they have. Have a lot of videos, test prep books, etc as well.
​
1 - DHCP - IMO a really bad idea. The appliance's interfaces should be static IP's. You have to be able to manage it and it needs the same IP. You could do a DHCP reservation, but at that point, why not go ahead and leave it static? It has to be reachable to be managed, and if it's a gateway device, those interfaces have to be reachable.
2 - Not at work right now, but I seem to remember the Device > Interfaces page has a field to set the MAC. Never done the virtual though so YMMV.
3 - In the FMC ACP page there's a search box in the upper right. It searches for whatever you type in any field in the ACP. Up and down arrows to scroll through all the matches. Same in the Objects pages.
4 - I haven't really looked, but it would be nece to get more than 25 at a time.
5 - Todd Lammle writes a really good book that you can get on Amazon.
His class is also excellent. Better than Cisco's by a mile. Did both last summer. Cisco's spends more time on the non-ASA devices, but that's probably not an issue for 90% of people. The concepts are the same across the ASA and Sourcefire devices. The execution is a little different. If I had 5X the budget, I'd love to have one of the Sourcefire-designed devices.
You are almost certainly pushing the fiber to it's limits. Theoretically multimode can be pushed to 2km (1.2 miles) @ Fast eth or 550m (.34 miles) @ 1gbE
How is the port set? You might get better performance by forcing 100mbit on the switchport and replacing the converters using 100mbit ones.
But really, you need SM fiber. You do <not> need to worry about:
Because on the vm side its a 3 floor distance between the fiber termination and the switch. Now we have it with the fiber converter and the fiber termination in the basement and a cat6 run to the switch. I guess I could try it on the other side.
Because you can run a 2nd fiber run from the server to the termination and join them using a bulkhead adapter.
I would also buy a switch(s) that has an SFP port so you can connect this up without the fiber converters.
This is a Fibre Channel Fabric Switch used for SANs. These things are not ethernet switches. It looks like they are going as low as $130 on ebay (http://www.ebay.com/itm/CISCO-EMC2-DS-C9020-20K9-MDS-9020-31171-05-SB3600-20A-/270822800790?pt=COMP_EN_Hubs&hash=item3f0e4bfd96#ht_3934wt_1185). The more expensive ones have all of the SFP modules. The SFP modules are probably the most expensive things you have but you could probably only sell them for $25 a piece.
Oddly enough I have some progress. I found a flexconnect group with no vLan mappings and added them... https://onedrive.live.com/redir?resid=30F3DD2961DF4044!734&authkey=!ANmba_mcvYXPlKg&v=3&ithint=photo%2cJPG
Now all ports list Auth yes... https://onedrive.live.com/redir?resid=30F3DD2961DF4044!735&authkey=!ABvTAcbouu9aQfY&v=3&ithint=photo%2cJPG
And instead of 0.0.0.0 I have 169's. Strange progress but progress indeed.
This might be useful, if you haven't seen it already: http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
That error message indicates an RPC failure. I notice that you are permitting traffic TO the domain controller but I don't see anything permitting traffic FROM the domain controller. Routers/switches are not stateful like the firewalls so you need to specify which traffic is allowed in both directions.
Safari is pretty good. For a few bucks a month you get videos, books, etc for Cisco and just about everything else you can think of. Just for CCNA there were dozens of books, study guides, etc. Unfortunately I lost my subscription when I left my old job and haven't gotten around to signing up again. What's nice is that the books work well via their app on an iPad so it's just like having a Kindle copy of them.
​
My research indicates this to be a lost cause too. I would try to return the phones and move on.
http://www.tek-tips.com/viewthread.cfm?qid=1713822 http://serverfault.com/questions/507710/factory-reset-cisco-spa504g-without-admin-password
Don't worry about understanding everything you see right off the bat. Packet tracer is going to make more and more sense as you go thru your course since it's meant to realistically simulate every piece of a network - individually, and the additional complexity that emerges when you add things together.
this might help you get going with a better foundation. stay with it. it's worth it.
https://www.netacad.com/courses/packet-tracer/introduction-packet-tracer
Along with what others have said - buy the Official Cert Guide for CCNA Routing and Switching! - you should consider downloading Packet Tracer in order to learn networking.
Why not Packet Tracer? It's designed to be complete for what you'll need for CCNA. It may even be good through CCNP, I'm not sure.
https://www.netacad.com/courses/packet-tracer-download/
You can even find the pre-made labs if you look around.
This is a good observation / reminder.
https://www.netacad.com/courses/packet-tracer-download/
Packet Tracer is imperfect. It certainly contains some frustrations & limitations.
But it is free, much more quiet to listen to than a 12 year old stack of 1841s, and is generally perfectly adequate for CCENT and CCNA Route/Switch.
GNS3 is a more precise routing simulator and addresses a bunch of limitations of Packet Tracer.
But GNS3 is a memory hog, and requires you to obtain specific IOS images, which is an activity that technically violates EULA agreements.
Personally I'm a big fan of Loki, it's a lesser known log aggregator but it does it's job really well for me. You might also want to pair it up with Prometheus in case you need a powerful metrics database.
This is what I've used (I passed): http://hotfile.com/dl/131194977/757ea33/ yes, it is annoying since the PDF isn't searchable (someone obviously scanned the material) but it is better than what else is out there. If someone finds a searchable PDF version of this material please post a link!
Here are the Packet Tracers, the Cisco PPT's for each chapter, and the Packet Tracer Security Lab Manual.
https://drive.google.com/folderview?id=0BzVFqqgsyt1sRUFDQWlGb2Q1V1k&usp=sharing
On a similar note, Sublime Text has a Cisco IOS Syntax highlighter which I've heard good things about, but never used personally.
I've always went with this and it's never failed.
With a standard cisco blue rollover cable you can find in any cisco box.
I purchased this one recently and can confirm it also works well, I used it to configure Cisco AP's and switches. I'm sharing this one in case anyone prefers the flat cable design, it roles up really clean for storage.
This is the one that I use.
https://smile.amazon.com/gp/product/B078PVJ5ZQ/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1
It's not, as others have already said. A 1U rack shelf could be your friend in this case.
All depends on how many people who have available to assist for the project, how many AP's there are, how the APs are mounted, if the APs are visible or not, is your cabling / wall ports / patch panels reliably labeled?
My recommendation is to go ahead and on paper name each AP at each location (so F1-H3-AP2 (ect); where F=Floor;H=Hall;AP=AccessPoint). Now when you identify the AP during the project you have a clear name and reference point (this is particularly helpful if you have others working with you).
Now, as for the technical side of recognizing each AP here's some tools at your disposal:
1) WiFi Analyzer (App on Smartphone), will tell you all SSID's it sees, the MAC address of the AP broadcasting the SSID, and the Channel # the AP is broadcasting the SSID on. WiFi Analyzer for Android.
2) Thru Cisco WLAN controller you have the ability to make the LED's on an individual AP blink/flash for a set amount of time more info on Cisco WLAN Controller.
Cisco devices are notoriously picky about the usb drives that they will recognize. Ive had days where a certain drive will work and days that the same exact drive doesnt work. Try using a few different drives if you have them available. If not you will probably need to purchase one. I bought the following drives on Amazon and they work perfectly for me after formatting them as FAT16 with a 2 GB capacity.
https://www.amazon.com/gp/product/B0828Y6692/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&th=1
Sadly the issue might be that you're trying to run the image on a router without enough DRAM.
Fortunately, I believe 2800 routers use standard DIMMs.
https://www.plchardware.com/products/1/891974/891994/default.aspx
Boom:
https://www.amazon.com/MEM2801-128D-Memory-MEM-2801-128D-Compatible-MemoryMasters/dp/B01BE98E3U
$15 solution.
I just passed my CCNA a couple weeks ago and now going for my CCNP Security... I'm reading Cisco Press' CCNP and CCIE Security SCOR 350-701 Official Cert Guide by Omar Santos right now. There are a other materials out there to check out too. Just search it up and you'll find other things. Good luck!
This is a link to the CCNA cert book. I used it to nail the main topics of the CCNA cert exam and it helped me tremendously with passing the exam. It comes with online practice exams, cards, etc. to help you study the material. You’ll find how to register those extra materials within the books if you go this route. Keep in mind, it covers mostly everything. It ain’t perfect but it will get you very far.
YouTube and many social media applications have been blocked here for so long and those which are not, won’t give access because of US sanctions. Privacy has never been a priority here, sadly. Once the situation is over and I’m not desperate anymore, I’ll go back to using my ProtonVPN subscription. Thank you for the heads up.
YouTube and many social media applications have been blocked here for so long and those which are not, won’t give access because of US sanctions. Privacy has never been a priority here, sadly. Once the situation is over and I’m not desperate anymore, I’ll go back to using my ProtonVPN subscription. Thank you for the heads up.
You can try reading this Visio 2010 book, it explains all important concepts https://www.amazon.co.uk/gp/product/0789742977/
Very little changed over last 10 years with Visio.
It is written by fairly famous Visio dude - http://www.visguy.com/about/
I thought the 2921s still had screw holes that let you rotate the mounting ears, but the 'right' way to do it would be a vertical mounting rack like https://www.amazon.com/NavePoint-Vertical-Mountable-Server-Hardware/dp/B01M05Y5KR
I think it was plugged in for about 5 minutes before we tried swapping fiber patch cables and testing the optics on interface Eth1/1. When testing in Eth1/1 the port cable up within seconds. So the issue is only with Eth1/2. Again Eth1/2 has a 1gb RJ45 SFP and we are changing it to Cisco SFP-10G-SR
I use this everyday https://www.amazon.nl/Length-Console-Express-Network-Routers/dp/B09H6ZRTGN/ to connect to 1815I AP's.
No need for special cables.
We previously had an on-prem avaya phone system that was installed over 15 years ago. Our front door had a magnetic lock with a Bogen ADP1 speaker. Visitors could push the button and it would call the receptionists group extension. They could then dial a shortcode or use a wireless remote to unlock door. No mobile capability. Employees entered the building using an IEI ProxPad that was right next to the bogen speaker.
None of this would work with Cisco Webex Calling, even if using an ATA device. Since migrating to webex calling, I bought a tone generator and hooked the door phone button to it, as well as a cordless landline phone. So when someone pushes the door phone button, the cordless phone rings. Not ideal, but it works. This is what we're trying to get away from and get something more modern and mobile.
When there is an IP conflict, it doesn't block the MAC, there is another machine that is using the IP address is presenting its MAC address. For example, let's say I have one machine that's using 172.23.56.4 and has a MAC of aaa.aaa.aaa. My machine wants to reach 172.23.56.4 and does an ARP request to find the MAC of the machine and I get aaa.aaa.aaa.
Then another machine comes online later with an IP of 172.23.56.4 and a MAC of bbb.bbb.bbb. In reality, I want the bbb.bbb.bbb machine to be the "real" 172.23.56.4, but my computer already has aaa.aaa.aaa in my ARP table as 172.23.56.4, so I'm just going to send traffic to the aaa computer.
The best way, in my experience, to solve an IP address conflict is to turn off the "real" machine, do an "arp -a -d" from a command prompt (if you're on Windows), and ping the IP address. That will clear your ARP table, which stores MAC addresses, and allows your to pick up the MAC of the "fake" device. You can then do an "arp -a" and find the MAC address that's reporting as your IP address. Plug that MAC address into an OUI lookup (https://www.wireshark.org/tools/oui-lookup.html is a good one) and see the manufacturer. You'll see from the MAC address what kind of device it is and hopefully track it down.
From your description, it sounds like there's an IP conflict with your workstation, not the Cisco system. Take a look at your interface settings, ACL settings, and do some test pings to see if everything is correctly set up on your ASA. From your ASA, try pinging something on its local network, such as 172.23.56.4. If that doesn't work, something basic on your ASA has an issue. From your ASA, try pinging the 192.168.255.1 interface on itself and also 192.168.255.2. That'll test the basic connectivity of your WAN setup. Hopefully that gives you enough troubleshooting info to figure it out from there!
Ok - download freeftpd
http://www.freesshd.com/?ctt=download
​
When you setup, create a simple username and location for the files. Use that instead.
copy disk://FILETOCOPY ftp://ftpuser:password@FTPSERVERIP/FILENAME
Cisco Users group is a monthly meeting hosted by Cisco SEs in their area. I am sure the Houston area has at least one Cisco users group meeting a month if not more. What is really good about guys looking to break into the business is that a lot of Cisco customers go to these meetings to hear about Cisco's latest offerings. Most of the time they are just marketing events, but it is usually a good way to find out who some of the networking players are in the area.
https://www.linkedin.com/grps/Houston-Cisco-User-Group-3119776/about? edit:found the houston linked in page.
Console connections are serial, not ethernet. No devices these days have DB-9 serial ports, so you need a USB adapter.
Cables like this are pretty commonly used these days.
As /u/Krandor1 already mentioned, I'd just stick with the vendor documentation. And then hit Google for any specific questions. Packet Tracer is not providing you with a full featured ASA, so any book we recommned is going to be overkill for your needs.
That being said, if you do want to learn the platform beyond Packet Tracer and your currently project, this book is a bit dated at this point but probably still the go to bookf for the ASA. I've heard a lot of good things about [this book]9https://www.amazon.com/Cisco-Firewall-Fundamentals-Step-Step-ebook/dp/B00M9IS54Y/ref=sr_1_1?keywords=Cisco+ASA+Firewall+Fundamentals&qid=1643041657&s=books&sr=1-1) as well but I haven't read it myself.
>our main company in Australia is already using this and all connected with our network here in Singapore ... meaning they juz call ext to ext to save the cost of international billing.
Hold on. Wait. Just think for a moment this statement you've just made.
This means the UC560 is exposed to the internet.
You must really deserve a medal for being brave.
<code>https://www.shodan.io/search?query=net%3A</code><UC560 IP ADDRESS>
Would you be able to enter the following into Shodan? I am really curious to know what software vulnerability is visible.
No need to send back the result. I want you (and your "boss") to know how risky your network is.
Is this a company phone you're using at work, or a personal/home lab phone?
If it's a company phone, you could check with your IT team to see if they use Jabber. if so, you can use that as a softphone on your computer and connect your phone to your PC, eliminating the need for a physical desk phone at all.
If your company doesn't use or offer Jabber, or if this is a home lab phone (and you're not running CUCM/IM&P), there are adapters that will convert the headset port on a Cisco phone to a 3.5mm plug, but I've never used one and cannot speak for the quality of them:
https://www.amazon.com/Smartphone-3-5mm-Cisco-Phones-Adapter/dp/B01N2UQVJE
Flip the phone on it's front. Look at the back. Is there a 3.5mm socket for the speaker and the headset?
If there is one, then you will need to fine a headset splitter (aka Y-cable). The Y-cable have three ends, one is a male 3.5mm jack for headset, one male 3.5 mm jack for the mic and a female 3.5 mm.
A good example is THIS.
Alternatively, the phone has bluetooth and can pair with the Bose headset.
These are the transceivers that I’m currently using. If the ports are gigabit, it definitely sounds like the culprit: Cable Matters 2-Pack 10GBASE-SR SFP+ to LC Multi Mode 10G Fiber Transceiver Modular for Cisco, Ubiquiti, TP-Link, Huawei, Mikrotik, Netgear, and Supermicro Equipment https://smile.amazon.com/dp/B07TTKHG6T/ref=cm_sw_r_cp_api_glt_fabc_BH306AYY8J00XYP0QB9P?_encoding=UTF8&psc=1
Do you mind linking me? All of the “LH” models I’m seeing specify SM. Not seeing “LH” in this one, but looks like it might work? Cable Matters 2-Pack 1000BASE-SX SFP to LC Multi Mode 1G Fiber Transceiver Modular for Cisco, Ubiquiti, TP-Link, Huawei, Mikrotik, Netgear, and Supermicro Equipment https://smile.amazon.com/dp/B07TYSVP3R/ref=cm_sw_r_cp_api_glt_fabc_3KWY7Q6DSMD7YGWSMAJG
Is there any benefit to using the two separate halves over something like this all in one cable?
Thanks man this sent me down the right path. I had made this change earlier in the day but at the same time I made the change the customer decided to reboot their firewall and it didn't come back up on its own. This made me think I broke remote access.
The cisco documentation on this command is terrible but i did find a better forum thread explaining the command http://serverfault.com/questions/346557/what-does-the-cisco-asa-command-management-access-do
SSL for free is based off of LetsEncrypt
Take a look here, speficially about Cross Signing https://letsencrypt.org/certificates/
" When configuring a web server, the server operator configures not only the end-entity certificate, but also a list of intermediates to help browsers verify that the end-entity certificate has a trust chain leading to a trusted root certificate. Almost all server operators will choose to serve a chain including the intermediate certificate with Subject “Let’s Encrypt Authority X3” and Issuer “DST Root CA X3.” "
​
There are links to download those certs on that page as well...
It seems this issue is not a cisco problem. I have a feeling it is the HP 2848 switch configuration. If interested, please take a look at my diagram and documentation at the following link. https://onedrive.live.com/view.aspx?cid=797473DE3AA14549&resid=797473DE3AA14549!1368&app=Word
The switch is non-cisco. It's a HP Procurve 2848. I can give you idea of what I'm working with...
Thanks again guys for helping. I am able to ping 8.8.8.8 from the router and from the Mac via terminal however I still can not access the internet. I'll keep reviewing documentation and suggestions. Here are my updated configurations.
I went ahead and put up my new configuration info. I'm going to continue reviewing NAT documentation and see if I can figure this out. It is looking very promising!
Yes these are 5 static IPs allocated by my ISP.
No problem. This is a document hosted on my onedrive with my network topology, router config, nat stat, nat tran, and ip int brief.
No problem. This is a document hosted on my onedrive with my network topology, router config, nat stat, nat tran, and ip int brief.
Actually I do. I had asked this exact question a few months back.
I will now pass onto you the help that was given to me.
Lan Switching and Wireless Companion Guide.
You will need Calibre to convert it to .pdf.
Mine was showing errors about the battery to - I just got a replacement off amazon, I cannot remember the exact part but looking in my Amazon history I have this in there.
VARTA Batteries Electronics... https://www.amazon.co.uk/dp/B00005NPS0?ref=ppx_pop_mob_ap_share
Well, I mean the 1921 was positioned for about 75Mbps of performance.
https://community.cisco.com/legacyfs/online/legacy/2/7/6/138672-ISR_G2_Perfomance.pdf
The 3825 was positioned for fractional DS-3, or ~25Mbps of routing.
The 3845 was positioned for a full DS-3, or ~45Mbps of routing.
Here is a 3925 for $135:
https://www.amazon.com/Cisco-CISCO3925-3925-SPE100-4EHWIC/dp/B07L8LB2BQ/
A 3825 is really old.
Still a nice learning platform, but a lot of physical space for 25 or 50 usable megabits of routing capacity.
The 2600/3800 routers launched back in 2004 after a year or two of development effort.
So, those are legit 20-year old technology.
This is a 1921 router with the Security Feature license for $188:
https://www.amazon.com/Cisco-CISCO1921-SEC-1921-Router-Renewed/dp/B07SNBTBB9/
That will blow the doors off a 3825.
If I’m completely honest, I’m trying to look for a decent desk phone that will work with my landline. The only think I could find was this but I’m not too keen. Panasonic KX-TGF320 Corded and Cordless Home office Telephone Kit with Answerphone and Nuisance Call Blocker - Black https://www.amazon.co.uk/dp/B00Y0QL6TO/ref=cm_sw_r_cp_api_glt_fabc_DB85JHVVAXWHRGSJ6MHF
Gotcha! So you want to run your own IP PBX. Hosted or On-Prem?
The cheapest and simpliest op-prem IP PBX it have used is the Grandstream UCM6202 https://www.amazon.com/Grandstream-UCM6202-IP-PBX-Port/dp/B01LW7P8X9 . You prorbaly can get a used one off ebay for a lot cheaper.
Once you disconnect Anyconnect your traffic will no longer be sent to the university. But in the event you forget to disconnect and start browsing the internet, all your traffic will be sent to the university. In regards to someone on the university network gaining access to your personal files, yes it is possible while you are connected. Make sure you don't have an files shares open on your computer.... But if you are really paranoid about someone gaining access to your files maybe you should run the VPN in a Virtual Machine, or buy a cheap chromebook and install Anyconnect and RDP on it.
If you are looking for a serial console terminal app, look up zterm (http://www.dalverson.com/zterm/).
For telnet and ssh to remote systems, open the terminal.app built in app and just enter "telnet host" or "ash host". I also like iTerm as mentioned here- the main difference between iTerm and Terminal is that iTerm is a bunch more flexible with colors, terminal emulation control, and other miscellaneous stuff
And after INE, CBT Nuggets! So if you're a fan of his training you can check out his newest courses on cbtnuggets.com with a 7 day free trial.
Do this or any of the other respected vendors that are already established in this space.
http://www.trainsignal.com/Cisco-CCNA-Training.aspx
my personal favorite http://www.cbtnuggets.com/it-certifications/cisco-ccna
VLC does support g.711 😎. Both A-law and u-law, website confirms it my friend (https://www.videolan.org/vlc/features.html) you won’t need VLC to transcode it if you make sure the source file is 8000hz mono (use something like gold wave or audacity to convert from .wav to correct format) and then stream RTP media to multicast address. You should be golden!
Some stuff you can also do in the GNS3 using 3725 with NM-16ESW card. You can disable the L3 stuff globally or also just on specific port. Some links https://www.gns3.com/support/docs/switching-simulation-in-gns3-ver
http://commonerrors.blogspot.sk/2011/05/how-to-use-cisco-switch-in-gns3.html
This wasn't very clear at all on their site. I used to have an account through my College, but it's been a couple years since I graduated and the college deactivated my account. I thought I could sign up for a free Netacad account now by enrolling in the free packet tracer course.
https://www.netacad.com/courses/packet-tracer/introduction-packet-tracer
You can buy CCNA kits on eBay on the cheap (few hundred bucks for a bunch of older hardware to play on). Or if you're on a budget download Packet Tracer. I really need to get myself motivated to do more networking stuff and learn myself, just been busy learning a lot of other stuff currently. Some day, when I'm sort of caught up on the rest of it.
SmartScreen is a part of Windows that inspects downloaded programs to try to stop you from installing malware. Look up the specific SmartScreen errors and try to figure out how to bypass or get around them, since it sounds like it's having trouble contacting Microsoft's servers from your PC right now.
Note: Packet Tracer is free, so if you're downloading it from Cisco's Netacad website, you can trust that it is malware free and do whatever you need to do to bypass those SmartScreen messages. If you are trying to download it from a third-party, STOP, don't do that, it may actually contain malware. In the past, Packet Tracer was not free, so it was (and still is) commonly available through piracy channels, where it may be bundled with malware.
*Super Sidebar*
Since you're starting out maybe look into Packet Tracer/Network Academy?
Thats helped me a lot https://www.netacad.com/courses/packet-tracer
Am currently learning Packet Tracer for college myself.. Cisco have a great online course to teach you the basics of Packet Tracer. So far I’m thoroughly impressed with the software!
Use Cacti?
When you run the commands on the devices, it only shows the current stats. If you load cacti on a server it will poll over time so you can see how it changes during the day.
Looked in my Cacti server on a 3560, it's using:
.1.3.6.1.4.1.9.9.109.1.1.1.1.5.1
for CPU utilization, does this come about?
edit: also, have you seen this? https://www.zabbix.com/forum/showthread.php?t=20813
Look at either PacketFence for the free version to prevent this, or Cisco Identity Services Engine for a paid version.
If I was to sum them into one line, "They make written network access policies a reality." In most cases, companies have a written policy something like "iPads are not allowed on the corporate network." But really have no way to enforce that policy. ISE can, and Packetfence should be able to.
GlobalProtect has been merged upstream into the official OpenConnect as of v8.00.
If you are using Okta, you still need to use an external script to do the Okta authentication flow. Probably start with this one: https://github.com/nicklan/pan-globalprotect-okta/
(I developed the GlobalProtect support in OpenConnect. I would love to make the Okta support simpler, but I have no access to a VPN with Okta myself, so no way to test it.)
> Without backend changes is their a way to use the cisco anyconnect client to connect to the globalprotect vpn and then continue authentication via okta?
No. Cisco AnyConnect and GlobalProtect use completely different protocols.
However… you can use openconnect or one of its graphical clients. OpenConnect supports the GlobalProtect protocols (as well as AnyConnect and Juniper protocols) as of the recently released v8.00.
Source: I wrote the whole GlobalProtect protocol support. :-P
Here is Visio, a little updated from your one. Print it and write on it, trust me.
Also I really recommend you connect all Video streaming devices to a Ethernet port, don't rely on wireless.
The other quick win is to change the DHCP settings for DNS on your KID vlan to the Open DNS ip. Open DNS has kid friendly DNS so that lots of bad content on the web is unreachable. https://www.opendns.com/home-internet-security/parental-controls/opendns-home/
You need to read up a bit on the function different kinds of appliances have in a network.
A switch is for switching packets, it should not do any packet inspection, it is there to look at the layer 2 header and forward the packet depending on the MAC address. Usually a switch is there to add more physical ports to the network.
A router checks that the l2 header is addressed to it and then discards the l2 frame. It then checks the layer 3 header and routes the packet depending on the IP address in that header. A router typically has very few ports.
A firewall or other packet inspection equipment looks at both the l3 header and higher layers of the TCP/IP stack and then decides to forward, drop or reroute the packet depending on that information.
The border between these three types of equipment can get a bit fuzzy because nowdays you can do a lot of things in both hardware and software which makes a lot of routers look at layer 4 information and a lot of switches to do some functions of a router.
So the big question is: What are you going to use it for?
Maybe a software firewall is the way to go? pfSense can do a lot of different things and is a great and cheap tool for setting up VPNs, firwall rules and routing traffic onto different VLANs.
To avoid doing something like this at work, I implemented SoftEther VPN on an old Windows laptop. Works great and seems secure.
Worth considering. Of course there are other VPN solutions, but this is free.
Your job doesn't have a Cisco device? But don't they have the ASA or that ASA is at home? If it's a personal ASA then go nuts, it doesn't matter what you open there.
You can configure a software VPN server, using this for example - https://www.softether.org/
> This is true, but also shows every mac address connected to the APs :/
Copy-paste the list into this OUI lookup tool. Should narrow it down.
The show cdp neighbor
command as mentioned by someone else may be helpful depending on your setup - I believe some APs name themselves according to their MAC address by default. Though I'm not into wifi stuff so don't take my word. Either way, show cdp neighbor detail
should also give you the management IP of the AP - which you could then correlate with ARP entries on your layer 3 switch.
Edit: If you have CLI access to the APs themselves I believe you can display their CDP cache as well - which would just show you outright which switch and which switchport that AP is plugged into.
If you have a separate VLAN specifically for APs (such that the clients are on a separate VLAN from the APs themselves) then you should also be able to show mac address-table vlan <vlan-id>
to filter just for APs.
Wow, really? FreeCCNAWorkbook's nagware is annoying as hell.
It's not free if your website tracks my browsing habits and pops up ads intrusively into whatever I'm looking at. So, for those who would like it, skip the nagware with one of these:
Using the desktop? Blurred backgrounds won’t be available until later this year. Blurring your face is not available and I doubt this will ever be available, provided most people don’t have the requirement to blur their face.
BUT, you can use https://snapcamera.snapchat.com/ which you can integrate with Webex. You can customize filters, including blurring your face.
It's been over 6 years since I've used RANCID. When I was using it for config changes and back ups, it would also send out e-mail when a whole card died (e.g., http://www.shrubbery.net/rancid/#sample) and if memory serves me correctly, when a power supply had issues or died.
I would go download and read their documentation to be totally sure. http://www.shrubbery.net/rancid/
Can you check the logs of the switch? Wouldnt hurt to look at the config as well just to make sure nothing changed.
speedof.me isnt a great test site as Im sure you know.
Can you re-run it with iperf? This way you can get a better idea of whats happening.
I was in the same position as you years ago, I bought an asa on ebay and was clueless on the setup.
I connected the firewall to my internet modem and lost all internet access. I knew I had to figure this thing out because I wanted to hop on my Xbox.
I found soundtraining on YouTube and followed the steps for getting setup out of the box, within an hour I was up and running with a basic understanding of how some things worked.
I later ordered their book from Amazon which is basically some of the same things you can find on the videos. As of now, I only work in security, mostly asa and Palo Alto. I would suggest grabbing a Pa-200 and if you have other interest grab a Fortigate. Each piece should be under $50 on ebay. Once you understand one, you will quickly get the others down.
Cisco ASA for Accidental Administrators: An Illustrated Step-by-Step ASA Learning and Configuration Guide https://www.amazon.com/dp/0983660751/ref=cm_sw_r_apan_glt_fabc_X8J0YAHK9ETKHF9GG5NG
You're very welcome! The modularity and features richness of these routers make them very handy.
They are definitely not power houses (I think I maxed out at around 220mbps and that wasn't with NAT enabled, just Zone Based Firewall), but they will not let you down in the feature and reliability department. Just the fact that you can throw in a ehwic-4g-lte for example and have LTE as a backup (or primary) connection is nice; even the switch module that you mentioned as well... very cool stuff!
I've seen these things used anywhere from being a "one stop shop" all in one device in smaller networks, to just sitting there terminating an MPLS circuit. I know that for production purposes a newer ISR 4k or even ASR in some cases could be more desirable, but I think for what you are wanting to do it sounds perfect.
Here is a link to the fans that I used: https://www.amazon.com/gp/product/B009NQMESS
I also rigged a low profile blower style fan the the cpu heatsink when I first did this... I was concerned that the Noctua fans wouldn't be enough, but I think that it would have been fine even without that.
Either way, good luck with this and if you have any questions about the fan installation please feel to let me know and I can send some pictures of what I did with mine and write up a little guide.
I am in Canada! It will arrive too late.
I have a 3850 in my lab and 2 3560x 24P.
With respect to the gigabit router, I was more referring to one in which I could use a consumer VPN with such as NordVPN or even Proton on.
I know, different worlds, but it would be nice.