CCNA Security – Yes I passed.

Another exam and yes it was another milestone. In fact it was a really good one, because I use the knowledge at work which I gained by doing this certification. Plus security is one of my favorite area of interest.

Because I am so passionate about security and I have been reading security related articles and tutorials since I was 17, this exam was really easy for me. Difficulty level I would say 6/10.

Most important thing(s) I have learn from this course

Layers of security – you will have good understanding of levels of security in Information Security. If you dont understand this then you wont go any where with security.

Good introduction to Cryptography, Encryption, VPN technologies, ACLs – I would highly recommend this course marital for listed areas.

Study Materials I used

CCNA Security Official Book – I personally purchased this book for AUD $54, you can download this for free from the web – [My rating 8/10]

CBT Nuggets Series for CCNA Sec by Jeremy Cioara – You can purchase this online from CBT nuggets – [My rating 10/10]

Pass4sure Questions for CCNA sec -Look  some questions are really stupid. Some of them doesnt even give any real life exp at all. But hey you need to pass the exam some how. Just go through those 138 odd questions from Pass4Sure few times before you go to the exam – [My rating 9/10]

Whats next for me – Hmmm few modules of CCSP, CCNP Routing Module, CCNA Voice and Certified Ethical Hacker course.

Terminal Length in Cisco

Default terminal length is sometimes be a pain in the neck. Specailly when you want to record an out of a command such as “Show Run”. You have noticed that you need to type the space bar or “enter” key to move down the output. This is because there is set number by default on your cisco terminal.

#show terminal — will show you the settings of the terminal.

#terminal length 0 — will take out the lengthing

#terminal default length — will make it back to default

#no pager — sometimes you have to use this command to do the same thing. Depending on the devices. For example, Cisco PIX is using “no pager” command instead.

hope this helps!

Rav

How to break a traceroute on Cisco devices

Ok here is the thing, when you do a trace route to an IP address, regardless if it’s valid or not the device will try to find the IP address. This finding will only stop once it reaches it’s 30 hops.

Normal case in command prompt you could stop this by doing CTRL+C or CTRL+break.

But in Cisco Devices you can only stop this by doing CTRL+SHIFT+6 which is one of the break sequence on Cisco devices.

Small things helps when you are frustrated!

Ravindu Denawaka

Netscreen Firewall: Copy Config From One to Another

 
Click on config file.
Click on save config file. (Just save it in to your desktop)
Console in to the 2nd Netscreen where you need to copy the config. In my case there was an existing config in the 2nd Juniper. So I simply erase that off.
Commands used.
#unset all
#reset
Firewall will reboot and now you need to use the default Netscreen root user name password (netscreen/netscreen).
Now you need to enable the WebUI on the Netscreen. It’s because now its back to factory default settings.
# set interface eth1 ip manageable
# set admin manager-ip 192.168.1.1 255.255.255
Plug your Ethernet cable in to eth1 port of the firewall and configure your network settings to.
IP Address: 192.168.1.2
Default Gateway: 192.168.1.1
Network Mask: 255.255.255.0
By default the Netscreen Eth1 is configured with 192.168.1.1 IP address.
Open your browser and type 192.168.1.1
Login as root again. So username :netscreen and password: netscreen.
Go to the same section as above image. (Configuration>update>config file)
Now you have the option to replace the current config. (2nd option)
Browse in to the config file you saved before and click on apply/upload.
That’s it will reboot by it self once it’s uploaded the new config.

I am not a Juniper specialist, I am a Cisco freak! Too bad Juniper is taking a big sector in the IT industry. So I think you need to know both in near future. I am replacing one of the internal Juniper Netscreen firwals in my company. Here is the easiest and fastest solution that I came up with. 

Login to current Netscreen WebUI.
Click on config file. 
Click on save config file. (Just save it in to your desktop) 
Console in to the 2nd Netscreen where you need to copy the config. In my case there was an existing config in the 2nd Juniper. So I simply erase that off.

Commands used.
#unset all
#reset

Firewall will reboot and now you need to use the default Netscreen root user name password (netscreen/netscreen).

Now you need to enable the WebUI on the Netscreen. It’s because now its back to factory default settings. 
# set interface eth1 ip manageable
# set admin manager-ip 192.168.1.1 255.255.255

Plug your Ethernet cable in to eth1 port of the firewall and configure your network settings to. 
IP Address: 192.168.1.2
Default Gateway: 192.168.1.1
Network Mask: 255.255.255.0
By default the Netscreen Eth1 is configured with 192.168.1.1 IP address.

Open your browser and type 192.168.1.1
Login as root again. So username :netscreen and password: netscreen. 
Go to the same section as above image. (Configuration>update>config file)
Now you have the option to replace the current config. (2nd option)
Browse in to the config file you saved before and click on apply/upload.

That’s it will reboot by it self once it’s uploaded the new config.

Hope this helps someone…

Ravindu Denawaka

Juniper Netscreen/ScreenOS Web User Interface in IE

The default settings in IE will not allow to comminicate with Netscreen or ScreenOS system over HTTP or HTTPS. It’s becuase IE by default uses TLS 1.0 is and it’s not supported in Netscreen or ScreenOS.

Solution:

Tools>Internet Options>Advanced> Under “Security” > Un tick TLS.

Cisco POE Switches Switch ports Can be Power Disabled

For some reason one of the poe switch Cisco 3750 was not providing enough power to IP phones. When plug an IP phone it will take the power from another IP phone which plugged in to the same switch.

I had two options, either provide IP phones power by an adapter or shutdown the power of few other switch ports which they don’t use the power feature.

How to disable power on a switch port?

Step 1
configure terminal – Enter global configuration mode.

Step 2
interface interface-id – Enter interface configuration mode for the physical interface to be configured.
eg: interface fa 0/1

Step 3
power inline {auto | never} -Configure PoE on the interface:
eg: power inline never

Step 4
end – Return to privileged EXEC mode.

Step 5
show power inline [interface-id | module switch-number] – Display PoE status for a switch or switch stack, for the specified interface, or for a specified stack member.

Step 6
write memory- Save your entries in the configuration file. Else when the switch restarts all the changes will be lost.

How to reset you’re Cisco Switch Password

This document covers all the steps you need to recover/reset Cisco Switch

http://www-tss.cisco.com/eservice/compass/common/activities/password_cat_2950.htm

Awesome tutorial !