Jump to content
Sadikhov IT Certification forums


  • Content Count

  • Joined

  • Last visited

Community Reputation

-1 Poor

About linda86

  • Rank

Contact Methods

  • Website URL

Profile Information

  • Gender
  • Location
    Hong Kong
  • Interests
    Reading books, listening to music, making friends, and travel and all the interesting things...
  1. linda86

    AAA Easy to understand Tutorial.

    Thank Technical Experts very much for sharing so many practcial details step by step... It's really a hard work to make clear something on Cisco... But you make this thing easier a lot! Amazing!
  2. The co-operation between persons is becoming stronger and stronger in this Internet time. So does the shared materials. Imagine that you want to share your internet accessibility options with other notebooks or desktops in your room with all your friends or colleagues, but you have to do a series of connection with routers or access points. Thus, leaving apart internet is the trend. But how to create a wireless network without applying routers is a problem. There are two ways you can choose: by Wi-Fi or ad-hoc network. First, let’s make clear what is the different between Wi-Fi and ad-hoc network. 1. Generally, to set up Ad Hoc networking, your main computer needs to have an Ethernet based Internet connection as well as a Wireless (WLAN) network adapter. But in the case of Virtual Wi-Fi, the Ethernet card is optional so you can turn a laptop into a hotspot even if your laptop itself is connected to a Wireless network and not to an Ethernet cable. 2. Computers and other wireless devices in ad hoc networks must be within 30 feet of each other but there’s no such restriction in the case of Virtual Wireless networks. 3. Ad-Hoc wireless networking is available on Windows XP, Vista and Windows 7 while Virtual WiFi, which is much easier to setup, is available on Windows 7 or Windows Server 2008. Second, let’s share the advantages and disadvantages of no-router wireless network. Advantage: 1. It is easy to setup with no additional Software being needed 2. It's Free without purchasing any hub or routers or service. 3. Nowadays, by default Wi-fi or Wireless Card is included when you bought a computer especially in laptops. 4. It has strong portability and mobility Disadvantage: 1. The computer that is connected to the Internet (Gateway) must always be turned on. Unlike using a router, you can turn off any computers in the network. 2. Wireless communication quality and the Data safety performance are not so well as Bluetooth. 3. Its distance and range are limited. Third, let’s come to the steps of creating no-router wireless network 1. Choose a computer to use as a router, which must be operating for any other computers or devices to connect to the network. 2. In the Control Panel, click on “Network and sharing center”. Select “Set up a connection or Network”. 3. Choose “Set up a wireless ad-hoc (computer-to-computer) network” and click on it. If the box is grayed out, press "Advanced" in the "Wireless Networks" tab and choose "Computer to computer (ad hoc) network." 4. Type a name for the network. Choose whether to use a wireless network key or not. 5. Always remember to make the security type “WPA-2 Personal”. Notify that this security type prevails over other types since it enables genuine wireless network security. 6. Make sure you select “Save this network” option else the ad hoc network will be removed if no other computers / devices are connecting to the network. (You can also choose your network type as “WEP”. Give a preferred network name and chose the “Security type” as “WEP”. The next step deals with providing a security key to the network to be built.) 7. Enable ICS on the router computer, which will allow you to share your Internet connection. Right click your Internet connection and then choose "Advanced." Check the "Allow other network users to connect through this computer's Internet connection" check box. Choose "Wireless Network Connection" and press "OK." 8. Select the shared network from other computers to connect. Right click the wireless networks icon in the notification tray. Press "View Available Networks." Select the appropriate network name and press "Connect." Additionally, if you are on Windows 7, you can instantly turn your computer into a personal Wi-Fi hotspot without having to configure anything. All you need is the free software called Virtual Router and the computer connected to the internet must be running Windows 7.
  3. Do you also ask these questions? are you still looking for the answers? Ok, you come to the right place... What is a firewall? What is the Difference between firewall and distributed firewall? How do you get pass the firewall if need? What are basic functions of Firewalls? How to configuration firewalls? What is a firewall? A firewall is system or group of system (router, proxy, or gateway) that implements a set of security rules to enforce access control between two networks to protect "inside" network from "outside" network. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. A network's firewall builds a bridge between an internal network that is assumed to be secure and trusted, and another network, usually an external (inter)network, such as the Internet, that is not assumed to be secure and trusted. Which is worthy of noticing is that application of firewalls must have at least two network interfaces, one for the network which is intended to protect, and one for the network which is exposed to. A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. What is the Difference between firewall and distributed firewall? This question will be clear after we know what distributed firewall is. Generally speaking, distributed firewalls are host-resident security software applications that protect the enterprise network's servers and end-user machines against unwanted intrusion. They offer the advantage of filtering traffic from both the Internet and the internal network. This enables them to prevent hacking attacks that originate from both the Internet and the internal network. This is important because the most costly and destructive attacks still originate from within the organization. They are like personal firewalls except they offer several important advantages like central management, logging, and in some cases, access-control granularity. These features are necessary to implement corporate security policies in larger enterprises. Policies can be defined and pushed out on an enterprise-wide basis. There are a few advantages with distributed firewall: The most obvious is that there is no longer a single chokepoint. Thus, throughput is no longer limited by the speed of the firewall; in many cases, however, that redundancy is purchased only at the expense of an elaborate (and possibly insecure) firewall-to-firewall protocol. With a distributed firewall, all machines have some rule concerning port 25. The mail gateway permits anyone to connect to that port; other internal machines, however, permit contact only from the mail gateway, as identified by its certificate. Note how much stronger this protection is: even a subverted internal host cannot exploit possible mailer bugs on the protected machines. It is more subtle. Today's firewalls don't have certain knowledge of what a host intends. Instead, the distributed firewalls with the sending host, however, know. Relying on the host to make the appropriate decision is therefore more secure. Distributed firewall is clearer when it comes to protocols such as FTP. Today's firewalls--even the stateful packet filters--generally use an application-level gateway to handle such commands. With a distributed firewall, the host itself knows when it is listening for a particular data connection, and can reject random probes. The most important advantage, though, is that distributed firewalls can protect hosts that are not within a topological boundary. There is no protection whatsoever when the tunnel is not set up. By contrast, a distributed firewall protects the machine all of the time, regardless of whether or not a tunnel is set up. Corporate packets, authenticated by IPSEC, are granted more privileges; packets from random Internet hosts can be rejected. And no triangle routing is needed. How do you get pass the firewall if need? If you need to bypass a firewall in order to allow access for certain peer to peer networking or gaming software, you will need to allow those sites and the ports they are accessed through in the firewall software itself. Depending on the program in use, you would look in the options or preferences for instructions on how to allow those sites and ports. A firewall shouldn’t stop MySpace. That’s just port 80. You are probably dealing with some sort software on the proxy (or router but less likely) that is stopping the site. There are many sites on the web that allow you to get around these: http://www.freeproxy...oxy.htm… is a site with a list of free sites that can do that. What are basic functions of Firewalls? Firewalls primarily provide access control for connections between networks. Usually this will be the connection between a corporate network and the Internet. For our security purposes we classify networks at here: 1 Trusted: this is usually the corporate LAN. It is assumed that all PCs and servers in the LAN are under your administrative control. If users are able to change their IP address and install software at their will. 2 Untrusted: the Public Internet, the Firewall's WAN interface; 3 Partially trusted: the Firewall's DMZ interface. These are machines under our control, but freely accessible from the Internet. These are not fully trusted because it is assumed that being accessible they will be compromised or hacked at some time. The LAN is allowed to access the WAN and DMZ which is allowed to access the WAN on certain ports for certain services determined according to your security policies. Services not explicitly allowed are blocked. And the WAN is allowed to access the WAN and DMZ on certain ports for certain services. (For example a Mail server in the DMZ may be allowed to access a few DNS servers on port 53 only; also it would be allowed outgoing access to any SMTP server on port 25. Incoming access would be on POP3, port 110. ) A setup as described above provides 1) Excellent security from external threat 2) Control the connections that LAN pcs are allowed out to the WAN 3) Proper utilization of expensive bandwidth 4) Full speed access to internal and external resources
  4. linda86

    Internet Load Balancing in Cisco 1841 Router

    That's very useful... we do have to use GLBP to load balance the traffic. thank you very much. ..
  5. linda86

    Private Vlans

    That's really kind of difficult...if you want to know it very clearly, i think you'd better make clear what are routers, what are switches, what is VPN and how do they work and connect with each other... Haha, good luck!
  6. There are 5 commands that every Cisco network administrator should know. These are core administration commands that will help you to really know what is going on. If you are new to Cisco Networking, these are good commands to memorize. On the other hand, even if you are a seasoned administrator, you may find a few commands in this article on which you could use a refresher. We will start the list at the bottom and move to #1. IOS Command #5 – show interfaces It is important to know what interfaces are on your router, important statistics about those interfaces, and whether they are up or down. The show interfaces command is a very verbose command that provides a lot of output. You may have to pick through that output to find what you are looking for; just about everything to do with interfaces is shown in the output from this command. For example: errors on an interface, bandwidth utilization, and interface speed. This command can be abbreviated as sh int. IOS Command #4 – copy running-config startup-config Once you make your configuration changes, you need to save those changes. This command copies the configuration in RAM that you have been modifying to the configuration in flash. By copying it to flash, it will be saved when the router is powered off and restarted. A shortcut for this command is wr (short for write memory). IOS Command #3 – show ip route Once you know that your interfaces are up and you have saved your configuration, you need to know if you have full network reach-ability. In other words, are your routing protocols working? What static routes have you entered? With the show ip route command, you can find out. This command can be abbreviated sh ip ro. IOS Command #2 – show ip interface brief We saw the show interfaces command. This is the show ip interface brief command. So, you are only showing information about the interfaces as it pertains to the IP protocol. You are also asking for brief output. This command gives you the best summary of the status and IP addresses of your interfaces. This command can be abbreviated sh ip int brie And the #1 most important command that every network administrator should know is… IOS Command #1 – show running-config With the show running-config command, you see the entire router’s config. It’s that simple. You see the IP addresses, interfaces, passwords (that are in clear text), routing protocols, and other settings. This command can be abbreviated sh ru or wr t. Using the Cisco IOS is all about knowing what command to type in order to do what you need to do. The 5 commands shown in this article are just a few of the thousands of possible Cisco IOS commands. However, these commands are some of the core commands that every network administrator should know.
  7. Why to Use VLAN? As most of us may know that traditional network designs use routers to create broadcast domains and limit broadcasts between multiple subnets. This prevents broadcast floods in larger networks from consuming resources, or causing unintentional denials of service unnecessarily. Unfortunately, the traditional network design methodology has some flaws in design:A switch can have anywhere from 12 ports to 80 or more, and by default all hosts connected to that switch are going to be in the same broadcast domain. For some network services and protocols, a broadcast received by a host results in that receiving host transmitting a broadcast of its own. Then when all the hosts receive that broadcast, they all end up transmitting even more broadcasts. Pretty soon, all these broadcasts have snowballed into a broadcast storm, which can take up most of a network's bandwidth and make normal network operations almost impossible. Thus, applying VLAN is necessary with the following benefits: 1. VLAN can reduce administration costs associated with moves, adds, and changes; 2. VLAN can control broadcast activity and provide better network security; 3. VLAN have the function of leveraging existing investments with flexible and scalable segmentation What is VLAN? Generally speaking, a VLAN is a logical local area network (or LAN) that extends beyond a single traditional LAN to a group of LAN segments, given specific configurations. Because a VLAN is a logical entity, its creation and configuration is done completely in software. Therefore, identifiers and configurations for a VLAN must be properly prepared for it to function as expected. Frame coloring is the process used to ensure that VLAN members or groups are properly identified and handled. With frame coloring, packets are given the proper VLAN ID at their origin so that they may be properly processed as they pass through the network. The VLAN ID is then used to enable switching and routing engines to make the appropriate decisions as defined in the VLAN Configuration. VLAN Configuration How to Configure VLAN? 1. Log in to the Visual Switch Manager for the switch which you would like to enable VTP. 2. Select “VTP Management” from the “VLAN” tab of the menu bar. 3. Select the “VTP Configuration” tab. enter a “Domain Name” and “VTP Password,” and click “OK” to confirm settings. (The domain name and VTP password must be the same for all switches in the same VTP domain.) 4. Select “VTP Management” from the “VLAN” tab. Select the “VLAN Configuration” tab, and click the “New” button that appears at the bottom of the window. 5. Enter a new VLAN ID and descriptive name; click “OK” to confirm settings and exit the new VLAN dialog box. Click the “OK” button a second time to exit the VTP Management page. 6. Select “VLAN Membership” from the “VLAN” tab. Click on the Assign VLANs tab, and select a port or interface. Choose “ISL Trunk” or "802.1Q trunk" from the “Mode” drop-down field to configure the interface as a trunk port to accept traffic for more than one VLAN. (This will also allow this server to receive VTP messages from other servers on the network.) 7. Using "ISL Trunk" or "802.1Q Trunk" will vary based on the model of the switch. Newer switch models typically use "802.1Q Trunk." 8. Enter the VLAN IDs separated by commas in the “Assigned VLANs” column. Click “Apply” to confirm settings. 9. Click the “Trunk Configuration” tab, and then the “Modify” button to change the default settings for the interface or port. (You can limit the VLANs that send traffic over a trunk line and modify the list of VLANs that are pruning-eligible. VTP pruning stops unnecessary traffic for VLANs on trunk ports that are configured as pruning-eligible.) 10. Click "OK" to confirm settings and exit the VLAN Management window. This will return you to the Visual Switch Manager home page.
  8. linda86

    CCNA Frequently Asked Questions

    Hi, guy, I can understand you very well, because a few days ago, i answer the same question like you, and i did much research to know VLAN, no i know it completely...Please have a look at my Cisco Router Blog in this forum, I'll share my article " Tutorial of VLAN on Why to Use, What is and How to Configure VLAN?" to you, hope to help...Good luck!
  9. linda86

    CCNA Frequently Asked Questions

    Your answer is concise and professional, thank you very much!
  10. linda86

    What is the Best wireless product ?

    Yes, can't agree with you more... Cisco is really the most professional brand on Acess Point...
  11. OSPF is an interior gateway protocol that routes Internet Protocol (IP) packets solely within a single routing domain (autonomous system). It gathers link state information from available routers and constructs a topology map of the network. The topology determines the routing table presented to the Internet Layer which makes routing decisions based solely on the destination IP address found in IP packets. OSPF was designed to support variable-length subnet masking (VLSM) or Classless Inter-Domain Routing (CIDR) addressing models. OSPF detects changes in the topology, such as link failures, very quickly and converges on a new loop-free routing structure within seconds. It computes the shortest path tree for each route using a method based on Dijkstra’s algorithm, a shortest path first algorithm. The OSPF dynamic routing protocol is probably the most popular LAN routing protocol today. OSPF can scale to the largest LANs but can also start out small. While OSPF can be complex to configure, its basic configuration isn’t difficult. How to configure OSPF in the Cisco IOS? Do the steps as follows What do You Need to Know about OSPF? Before you configure OSPF, there are three things you should know about it first. Here they are: OSPF stands for open shortest path first. It also uses the SPF (shortest path first) algorithm to determine the best route to its neighbors. OSPF is a standard routing protocol, as defined by RFC2328 and RFC1247. This means that OSPF can run on just about any company’s’ routers and OSPF routes from a non-Cisco router can be exchanged with Cisco routers. The administrative distance for OSPF is 110. The entire network that OSPF routes for is called an “Autonomous System”, or “AS”. All OSPF routing updates must traverse area 0. Because of this, you should carefully design your network before you begin deploying OSPF. With OSPF, every router has its own unique “picture” (topology map) of the network. Routers use “HELLO” packets to periodically check with routers to ensure they are still there. Every router in OSPF is identified with a “router ID”. The router ID can be manually entered or OSPF will automatically choose the IP address with the highest number. What Features does OSPF Offer? OSPF offers the following features that are found in a number of routing protocols: A standards-based routing protocol that works is very interoperable between different vendors routers and firewalls Supports variable length subnet masks (VLSM), making it a classless routing protocols Authentication of routing updates are supported Route redistribution is supported between different routing protocols OSPF works well in point to point and point to multipoint, broadcast or non-broadcast configurations OSPF also offers a number of OSPF-specific features such as stub areas, virtual links, and OSPF on demand circuits. How do You Configure OSPF in the Cisco IOS? To configure OSPF in the Cisco IOS, just follow these steps: Set the bandwidth on your interfaces using the bandwidth command Router (config-if)#bandwidth XX (where XX signifies the bandwidth of the WAN connection) Start the OSPF routing process and specify your process number. The process number is an arbitrary number. It is recommended that the number match on all routers but it is not required. The process ID number does not have to be the AS number, although many people confuse that it is. Router (config)# router ospf {process-ID#} Next, instruct the router to advertise the networks that are directly linked to it by entering network statments with the area ID number for that network, like this: Router (config-router)# network {X.X.X.X} {Y.Y.Y.Y} area {z} In this example, the X.X.X.X is the network id of a network that is linked directly to the router. The Y.Y.Y.Y is the wildcard mask for that network. The wildcard mask is the inverse mask of the subnet mask. The “z” parameter is the area id number. For small networks, this can always be zero (0) but for larger networks, the area IDs need to be properly planned as all routing updates must traverse area 0. You should enter a network statement for every network directly attached to the router. Once OSPF is configured, you can check the status using the show ip route and show ip ospf commands. For more information on configuring OSPF, see the official Cisco OSPF documentation.
  12. linda86

    PIX to ASA migration tool

    Wow, that's really amazing. If i were you, maybe, i will change all things of PIX to ASA, and reinstall... Learned a lot! Thank you very much!
  13. Wow, you really did a god job, thanks a lot! and hope that you can share more about ASA...Many things of Cisco are really a little complicated for some girls like me, your post is very helpful...
  14. linda86

    telephone config issue

    Yes, maybe it's result from some errors of configuring, maybe you can find some materials to configure the Cisco Unified IP Phone 7900, and there is much such kind of info. when you type "how to configure cisco unified 7900 series rightly" on google, you will find the right answer. Good luck!
  15. Cisco 2800 routers include protocols designed to dynamically update network routing tables and ease network administration. However, there are certain network configurations, such as when connecting the Cisco 2800 router to an Internet Service Provider network through a high-speed serial line, in which a static routing configuration is preferred. So i hope these experts can list the details for me, thank you very much!