The Wizard of id

Members
  • Content count

    263
  • Joined

  • Last visited

Community Reputation

0 Neutral

About The Wizard of id

  • Rank
    Advanced Member
  • Birthday 12/31/75

Profile Information

  • Gender
    Male
  • Location
    id
  1. Access lists on VLANs do not work in the same way as on interfaces. Indeed, the work almost opposite. If you apply and access list "in" on an interface it inspects traffic entering the switch/router, likewise, applying it as "out" inspects outbound traffic for interesting traffic and permits and denies accordingly. On VLANs. the ACL applied "in" actually inspects traffic leaving the VLAN and heading of to wherever its routed. Applying an ACL "out" will inspect traffic coming it to it from other locations. Confusing I know, not my decision and I don't know why Cisco wouldn't change this!
  2. For the 5505 you need to have a Sceurity Plus licence, they cost about £330. Failover isn't possible on the ASA 5505 and 5510, only on th 5520 upwards.
  3. Cisco ACS can be used for all your logins, if ou have Active Directory, you can get your guys to use their domain logins. Otherwise login credtentials can be created on ACS and level of access can be set via group setting. It will also record all attempted logins (successful or otherwise) and the name and IP address of the device used, the commands enter should a successful login happpen and can limit which commands a user can do or use. How "ow leve" is the information you require to answer your question "Also I would like to know the the best way of securing the routers and switches with basic configuration."
  4. Thanks othmanjo, I'll give that a try!
  5. Might be being stupid here but any help would be appreciated. I've got to ASA 5520's with a tunnel between them on the outside interfaces (going through the ISP cloud between them), and a 3750 on the inside interface on both sides. The management ports for the ASAs is also connected to the same siwtch in a seperate managment VLAN. All traffic is going through as per my defined rules so no issue there, with one exception, I cannot connect via SSH to the manamgement port, I have it set up to allow this on it's inside interface as a work around but I want to get this working. The ASA automatically puts a route into its table showing the management subnet and I have one in there directing that subnet and everything else out of the inside interface. Any ideas? Soory I haven't got the config I'm using as it's not contactable from the internet.
  6. Scales, ": You writing Cisco Certified Whatever, Master of XYZ, Bachelor of Anything " You have Technical Expert under your name, people in glass houses etc. Appreciate it is a user level, I do think that a little patronising but thats just me and I apolgise if that point of view differs from your but I live in a free country so I can say that. I not sure you're getting my point, there's load I still don't know and I'm constantly finding new and interesting stuff to bore people with, however it wasn't just one person, we have interviewed 43 people for this job (before we filled it). All had at least a CCNA certification on their CV even if not current, many were more certified, and at least three years in a network role, this wasn't just one person! At least 30 couldn't tell me the number of usable address in a /22 subnet. I do believe this to be a CCNA level question and certainly someone with a CCDA or CCNP cert should be able to work this out (we do supply paper and a pen if they need to write questions or do any working out), apperntly not. We wouldn't expect someone to be jack the bicuit so to speak, every environment and company has it's own way of working with emphasis on various technologies, dependant upon what they do. I'm not going to go further into the technologies we use of the industry we work in, but at an interview we don't just ask questions about Cisco we ask other questions as well. The techie questions we as are far reaching, some routing, subnetting, general network knowledge switching etc. Someone with a CCNA and several years experience on their CV, such as the people we interviewed, should be able to get most, if not all the questions we asked, we designed them that way. I'm not trying to critise people here, just pointing out my disappointment of the amount of people on here still willing to braindump a cert in hope of getting a job with it. In other words, learn and pass the cert properly. Apologies if I inferred differently or hit another raw nerve.
  7. Hey mods, As this is the only post from this guy, and it's an ad for a P2P game, shouldn't this be deleted as spam?
  8. I hope they're never put in a situation where network downtime has occured and their company/customer is losing £100,000 a minute, if they get nervous at an informal(ish) interview like that, with that supposed certification level and 12 years experience, I would worry. Mark, as previously stated, all CV's are sent and they don't appear to ask for (despite our request to ask our HR to get the agencies to get a certmanager email from the candiate) any clarification. A lot of people are now just listing equipment on their CV. Another guy came in and had packeteers in his experience list on his CV. We ask him his level of experience with them like can you conifgure them from scratch, answer "no", so you have you used policy centre then?, "no", what have you done with them then. The answer, quite shockingly was, "nothing, the company I work for has one." My point is, part of being professional is knowing your limits, expand upon them, but never lie about them. If someone in the interview says, not sure or don't no, fair enough, just don't lie!
  9. Wait for the users to complain, thats always a sure sign!
  10. A port channel is configured exactgly as any other interface is (loopback, fastethernet etc.) if on a layer 3 switch then IP addresses can be configured. A few things worth remembering, the Port-Channel number is arbituary, like VLANs they are only locally significant, I always use the same on each side of it as it's easier to remember and they must be the same on each side. Also are you using LACP or PagP etc. This link should help: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/configuration/guide/swethchl.html Good luck
  11. On a slightly seperate note, when I did the SNRS exam 3 years ago there was a sim asking to allow ICMP from one host to a device, but not from the other host. Obviously an ACL was required and no matter what I tried to put in it kept reject the commands. Obviously I was using the wrong commands (to this day I still don't know what I was doing wrong), anyway, I clicked next and abandoned the exam hoping I'd done enough on the other questions to pass, which luckily I did, 1000 out of 1000! I guess not every question is marked as some may be "beta" questions. Still I weren't moaning, really thought I had thrown the exam!
  12. http://www.cisco.com/web/learning/le3/learning_about_recertification.html
  13. I've only just came boack on here are a little sabatical, my certifications needed renewing and I thought I'd dip my toe in and see whats happening. I cannot believe the amount of people still looking for the answers to exam questions they've seen on dumps. If you're going to use them, look up the answer to the question you don't know and learn about the topic, it will help you understand and answer all the other questions about that subject. We have interviewd about 20 people for a simple support job, CCNA level stuff. At interview we ask simple questions and give the interviewee paper and a pen if they need to work something out. The ammount of "professional level" people who cannot tell you how many usable addressees they're are in a /22 is unbelieveable. I think any half decent CCNA shold be able to work this out. We just had one guy in last week who in the space of a year had passed CCNA, CCNA Voice, CCDA, CCDP, CCNP and was studying for his CCNA Wireless. On top of this he had several MCP and a MCSE cert and had been working in the server field for the last 12 years. He couldn't answer even the most basic network question, for example, which type of cable would you use a switch to another switch. If anyone reading this is thinking of using dumps, just be aware there is no point saying you can do something you actually can't as someday, someone will ask you to do it and you'll look very, very silly. The person asking will not be impressed and I guess you'll be looking for other employment. Know your subject, question packs are only useful is you can genuinely answer them without learning the parrot fashion. Sorry for the rant, just finding a suitable guy for the team has been very frustrating! I hope this shared experience just spurs someone to actually learn their subject and not just get the certificate who wasn't going to. Good luck with your studies!
  14. Oh, and well done!
  15. Hi Leopard, Answering this is a hard one, it would depend on your expertise, if you know you're firewalls and find that easy, go for it. I think this is one you need to answer. Godd luck with whatever one you choose!