While diagnosing your network because of performance issues, if you do determine that the network is not meeting technical expectations, you should isolate the source of the problem and diagnose the problem on that device. Whireshark is a cool tool to find out the root cause of a network performance issue. So, if i were to answer to the following question : which tool among many comes into your mind to pinpoint the root cause of a network performance issues ? I would have given the following answer : WIRESHARK.
Tuesday, September 5, 2017
Wednesday, August 30, 2017
Cisco Features navigator
Hi,
Have you ever asked yourself the following question : how could i know if my Cisco device can support a certain specific feature ?
Let say it this way : if you are given a Cisco device that you are not familiar with, how will you know which features does it support ? OR, if you are about to deploy a certain IT solution, how would you know which Cisco device you should buy to accomplish your deployment tasks and more ?
Check out the following video to learn what you should use and how you should use it before ordering a Cisco device :
Have you ever asked yourself the following question : how could i know if my Cisco device can support a certain specific feature ?
Let say it this way : if you are given a Cisco device that you are not familiar with, how will you know which features does it support ? OR, if you are about to deploy a certain IT solution, how would you know which Cisco device you should buy to accomplish your deployment tasks and more ?
Check out the following video to learn what you should use and how you should use it before ordering a Cisco device :
Friday, August 25, 2017
Main steps of troubleshooting network issues
The main steps of troubleshooting are :
- problem report (the first step is receiving the complaint from a user or from a monitoring tool (using a monitoring tool, we may detect a situation that could become a tshoot issue and resolve that situation before it impacts users : that is called proactive maintenance))
- diagnosis
- resolve the problem
Monday, August 21, 2017
Right way to configure default route in a router
The process of sending a lot of ARP requests can consume a big percentage of a router's CPU resources.
One Configuration that cause a router to send a lot of ARP requests is having a default-route configured that points to an ethernet interface ((config)#ip route 0.0.0.0 0.0.0.0 f0/1) instead of the next hop address ((config)#ip route 0.0.0.0 0.0.0.0 20.1.1.1).
When configured with an exit interface, the router instead of sending ARP request for MAC address of a next-hop address, it will send ARP request for the MAC address of the destination IP address
in each packet. That result in an excessive number of ARP requests which will cause a spike of the CPU.
Before jumping into a router and start troubleshooting it, we need to know that it's the router that is causing a poor network performance. Click here to read our blog post on how to detect the root cause of a network performance issues.
A router could be the root cause of your network performance. That is a fact. But we should not ignore that applications, servers, user's client can also be the root cause of our network performance. Click here to learn how to identify the source of your network performance.
_____________________________________
One Configuration that cause a router to send a lot of ARP requests is having a default-route configured that points to an ethernet interface ((config)#ip route 0.0.0.0 0.0.0.0 f0/1) instead of the next hop address ((config)#ip route 0.0.0.0 0.0.0.0 20.1.1.1).
When configured with an exit interface, the router instead of sending ARP request for MAC address of a next-hop address, it will send ARP request for the MAC address of the destination IP address
in each packet. That result in an excessive number of ARP requests which will cause a spike of the CPU.
Before jumping into a router and start troubleshooting it, we need to know that it's the router that is causing a poor network performance. Click here to read our blog post on how to detect the root cause of a network performance issues.
A router could be the root cause of your network performance. That is a fact. But we should not ignore that applications, servers, user's client can also be the root cause of our network performance. Click here to learn how to identify the source of your network performance.
_____________________________________
Detect the source of your network performace issues
that is bellow its normal level of operation. As a network administrator, you need to determine
what is the origine of the performance issue or what is network component causing the the poor performance. It could be a switch, a router, the user's client, the server or the application.
How will you know the root cause of your network performace issue ? The answer is by using : WIRESHARK.
With WIRESHARK, you can look into what is really happeing in the wire.
With the help of WIRESHARK you can analyse protocols and identify exactly the root cause of you network performance issues. Don't hesitate to contact us, we offer training on how to set and use WIRESHARK and how to analyse prorocols >> Here is our contacts if you wish to be part of our next WIRESHARK class
CCNP-TSHOOT teaches how to diagnose/troubleshoot Cisco routers and switches. Of course, before jumping into your Cisco routers or switches, you should first of all know the root cause of the poor performance issues of your network.
>> Here is our contacts if you wish to be part of our next WIRESHARK class
>> Here is our contact if you wish to attend CCNP-tshoot class
Sunday, July 9, 2017
How to configure NIC TEAMING in a system having Windows server 2008
Hi
NIC teaming is not something included with Windows Server 2008 or Windows Server 2008 R2. However, even if it can not be configured using server 2008 operating system, you can still take advantage of this feature if the network adapter supports it. Network adapters built by vendors such as Intel, Broadcom and HP can support it (please consult your network adapter documentation)
The following link redirects to a youtube video of "Rob Waggoner", showing how to configure an INTEL network adapter that supports NIC TEAMING >> Video Right here
Note that NIC teaming is supported on Windows server 2012. To know How to configure it, check it out >> right here
------------------------------Please feel free to leave an honest comment. It will be appreciated. Thanks.
NIC teaming is not something included with Windows Server 2008 or Windows Server 2008 R2. However, even if it can not be configured using server 2008 operating system, you can still take advantage of this feature if the network adapter supports it. Network adapters built by vendors such as Intel, Broadcom and HP can support it (please consult your network adapter documentation)
The following link redirects to a youtube video of "Rob Waggoner", showing how to configure an INTEL network adapter that supports NIC TEAMING >> Video Right here
Note that NIC teaming is supported on Windows server 2012. To know How to configure it, check it out >> right here
------------------------------Please feel free to leave an honest comment. It will be appreciated. Thanks.
Sunday, May 28, 2017
how to : Cisco ASA same security level + ACLs
By default, interfaces on the same security level can not communicate with each other. Allowing communication between same security interfaces let's traffic flow freely between all same security interface without access-lists.
To enable interfaces on the same-security level so that they can communicate with each other, enter the following command :
(config)#same-security-traffic permit inter-interface
But the question i have nerver asked myself is : what if we have 2 interfaces with the same security level and each having ACLs applied to each? Will the traffic still flow freely after typing the above command ? The answer is :
If you have "same-security-traffic permit inter-interface" configured and have 2 interfaces with same
"security-level" value and you have "access-list" configured on both interfaces then the ACLs will handle the decision of what traffic is allowed and what is not.
I found this answer right here, when i got this challenge of same-security level and ACLs.
Hope this will also help you.
Friday, May 26, 2017
How to identify what is blocking your traffic to pass through Cisco ASA
The packet-tracer comman can be used in privilege EXEC mode to generate packet against a firewall's current configurations.
It allows administrator to inject a virtual packet into the ASA and track the flow from ingress to egress, along the way, the packet is evaluated agains flow and route lookup, ACLs, protocol inspection, NAT, and IDS
If the traffic you are trying to get forwarded by an ASA from one of its interface to another of its interface is not working then "packet-tracer" tool can help you pinpoint exactly what in ASA is blocking your traffic to be forwarded. The power of this utility comes from the ability to simulate real-word traffic by specifying source and destination addresses with protocol and port information
The following link is an interesting YOUTUBE video that show how to use this tool using ASDM : Click Right Here To Access The Video
Thursday, May 18, 2017
What is the best tool to save and restore configurations of Cisco ASA
Wednesday, May 17, 2017
How to configure Cisco ASA interface Redundancy
By
default, each physical ASA interface operates independently of any
other interface. When an interface is down, the ASA can not send or
receive any data through it. To keep an ASA interface up and active all
the time, you can configure a logical interface having a pair of
physical interfaces set aside for the same function and connected to the
same network and only one is active at any given time, the other stays
in a standby state. The pair physical interfaces must be the same type
Thursday, April 20, 2017
Static inside NAT On Cisco ASA
Static inside NAT creates permanent, fixed translations between a local address and a global address even after reboots and have no idle timer leading to expiration
Because static translation always stays active, hosts from less secure networks can initiate communications to the statically translated local hosts, as long as the access list rules on the ASA permit such traffic
Recall that the following pieces of information are required every time you want to configure NAT on Cisco ASA :
Because static translation always stays active, hosts from less secure networks can initiate communications to the statically translated local hosts, as long as the access list rules on the ASA permit such traffic
Recall that the following pieces of information are required every time you want to configure NAT on Cisco ASA :
- original source IP address (and port) in the packet
- interface where the original packet enters the ASA (ingress interface)
- interface where the packet will exit the ASA (egress interface)
- translated address (and, optionally, port) to insert into the packet
Tuesday, April 18, 2017
Cisco objects group Vs simple access-list
Let's use a configuration example to illustrate the difference betwwen "object group" and "simple ACL" configuration. In this example, "simple access-list" have been used first and later "object group". At the end of this post, we will clarify the difference.
Tasks :
The example is about restricting several hosts having the following respective ip addresses 10.1.1.4, 10.1.1.78 and 10.1.1.89, located on the inside network from accessing several web servers (209.165.201.29, 209.165.201.16 and 209.165.201.78) . All other traffic is allowed.
Tasks :
The example is about restricting several hosts having the following respective ip addresses 10.1.1.4, 10.1.1.78 and 10.1.1.89, located on the inside network from accessing several web servers (209.165.201.29, 209.165.201.16 and 209.165.201.78) . All other traffic is allowed.
Friday, March 31, 2017
ACLs (interface access rules) on Cisco ASA
With Cisco ASA, because all traffic from a higher security level to the lower security level is allowed by default, ACL enables us to either allow traffic from the lower security level interfaces OR restrict traffic from the higher security level interface
Before configuring interface access control in your ASA you need to answer the following question : which hosts are allowed to communicate with each other, using which specific applications through the ASA
Things to know:
- if a packet arrives at an ASA's interface, it either must match expected definition from an existing session (existing session are kept in a state stable or session table) or will be compared against the inbound interface security policy applied to that interface.
Tuesday, March 28, 2017
PAT (port address translation) on Cisco ASA - nat | global commands
For an ASA to perform translations, 4 pieces of information are required (if of the following 4 parameters are missing, the ASA will not perform address translation) :
- original source IP address (and port) in the packet
- interface where the original packet enters the ASA (ingress interface)
- interface where the packet will exit the ASA (egress interface)
- translated address (and, optionally, port) to insert into the packet
Friday, March 24, 2017
Cisco interface's statistics : explained
- Overruns : number of times that the device was incapable of handing received data to a hardware buffer because the input rate exceeded the device capability to handle the data
- underruns : number of times that the transmitter ran faster than the device could handle
Tuesday, March 21, 2017
How to configure subinterfaces on Cisco ASA and mappe each to a vlan for ASA 5510 and higher
Monday, March 20, 2017
How to configure SSH on Cisco IOS
1-configure a hostname
(config)#hostname Jrter1
2-configure a domain name
(config)#ip domain-name jni.local
(config)#hostname Jrter1
2-configure a domain name
(config)#ip domain-name jni.local
Disable TELNET! Cisco finds 0-Day affecting over 300 Network Switch Models
Cisco is warning of a new critical zero-day IOS / IOS XE vulnerability that affects more than 300 of its switch models.
How to BLOCK URL (HTTP and HTTPS) using Cisco
I have been asked days ago on how to block URL using Cisco specifically HTTPS traffic.
Here is what i have found : the Cisco ASA 5500 series Content security and Control Security Services Modules (CSC-SSM).
This Cisco ASA CSC-SSM provides :
Here is what i have found : the Cisco ASA 5500 series Content security and Control Security Services Modules (CSC-SSM).
This Cisco ASA CSC-SSM provides :
- antivirus
- antispyware
- file blocking
- anti-spam
- anti-phishing
- URL blocking
- URL filtering
- content filtering
Friday, March 17, 2017
Setting up NIC teaming for Windows Server 2012*/2012 R2*/2016*
NIC TEAMING is a Windows feature that enables administrators to join multiple network adapters into a single entity for performance enhancement or fault tolerance purpose.
Hyper-v VMs can also take advantage of NIC TEAMING but they are limited to TEAMS of only 2 as oppposed to the host operating system which can have teams of up to 64 NICs
Hyper-v VMs can also take advantage of NIC TEAMING but they are limited to TEAMS of only 2 as oppposed to the host operating system which can have teams of up to 64 NICs
Wednesday, March 15, 2017
FREE tutorial to master subnetting !!!
Binary and hexadecimal numbers are a complete mystery for many of us. Often we don't find it really interesting because on the internet there are plenty of "subnet" or "binary" calculators where you can easily calculate from decimal to binary to hexadecimal or the other way around, without knowing how the exact calculations works.
This is no problem when you are not configuring or designing networks on a daily basis, but it will be a problem as soon as you take a networking exam, so it's best to know how to do these calculations off the top of your head.
This is no problem when you are not configuring or designing networks on a daily basis, but it will be a problem as soon as you take a networking exam, so it's best to know how to do these calculations off the top of your head.
Tuesday, March 14, 2017
Great links for those who want to practice before their exam ...
Hey, while i was browsing today, i saw the following interesting links for those who want to practice before their exam :
ICND1 V3.0
ICND2 V3.0
CCNP ROUTE V2.0
CCNP SWITCH V2.0
CCNP TSHOOT V2.0
"Practice Makes Perfect" .................................
ICND1 V3.0
ICND2 V3.0
CCNP ROUTE V2.0
CCNP SWITCH V2.0
CCNP TSHOOT V2.0
"Practice Makes Perfect" .................................
How Does a host dynamically figure out its IPv6's INTERFACE-ID ?
Monday, March 13, 2017
Etherchannel between a Cisco switch and a SERVER
If you have ever been wondering how the server side of configuration looks like. I find this Cisco link very interesting
Why i love the "(config)#ip access-list" command rather than the "(config)#access-list" command
The (config)#ip access-list...... command uses sequence numbers. Each line in a LIST has a sequence number which can be used to squeeze additional lines in between other lines or easely remove lines in a LIST without deleting the whole ACL
How to configure a Cisco device to remotely access it ?
What i am about to list are the basic of what is needed to access a Cisco device remotely. A Cisco device has to have 3 of the following settings for it to be managed remotely :
- an IP address
- The privilege mode has to have a password
- the vty port has to be configured
Subscribe to:
Posts (Atom)