A new software version 8.2 was released for the Cisco ASA 5500 appliance in mid-April 2009. All prior ASA releases (7.0, 7.2, 8.0, and 8.1) can be upgraded to version 8.2. If you have a Cisco SMARTnet services contract you can download version 8.2 free of charge. All ASA models (from 5505 up to 5580) support the new 8.2 version.

This release introduces some new features. The most important of them are the following:

• Traffic Filter for Botnet Attacks: This is a licensed feature. You need an extra yearly license fee to enable it. With this feature, the ASA appliance communicates with an external dynamic database administered by the Cisco Security Intelligence Operations center to identify botnet domains and hosts. The ASA also monitors network ports for rogue activity and detects internal hosts that might be compromised by a botnet network.
• ASA 5505 supports now IPS: With the addition of a plug-in module (AIP SSC-5) you can add IPS functionality with up to 75Mbps throughput.
• Transparent firewall mode support for IPv6 addressing: IPv6 addressing is supported in layer2 transparent firewall mode.
• Cisco ASA 5580 VLANs: The Cisco ASA 5580 now supports 250 VLANs instead of 50.
• AIP SSM modules support IPv6: Customers can send IPv6 packets from the ASA to the AIP SSM modules for both IPv6 and IPv4 IPS inspection.
• Microsoft SharePoint 2007 support: Officially supported the Microsoft SharePoint 2007 for clientless SSL VPN.
• SNMPv3 support

Check out all the new features of Cisco ASA 8.2 Software HERE.

This post is by no means an exhaustive tutorial about Cisco Routers and how to configure their numerous features. It is just a step-by-step guide for the most basic configuration needed to make the router operational. When you first power on a new Cisco Router, you have the option of using the “setup” utility which allows you to create a basic initial configuration. However, in this post I will show you how to do this basic setup with the Command Line Interface (CLI). Mastering the Cisco Router CLI is essential for more complex configuration tasks and it is the most important knowledge you should acquire if you want to become a Cisco network administrator.

The basic CLI modes that we will be referring below are as following:

Router>  <– User EXEC Mode
Router#  <– Privileged EXEC mode
Router(config)#  <– Global Configuration Mode
Router(config-if)# <– Interface Configuration Mode
Router(config-line)# <– Line Configuration Mode

I assume that you already have some basic knowledge of CLI and how to navigate between different configuration modes (user mode, privileged exec mode etc), so let’s get started:

Step1: Configure Access Passwords

The first step is to secure your access to the router by configuring a global secret password and also passwords for Telnet or Console as needed.

Enter into Global Configuration mode from the Privileged EXEC mode:

Router# configure terminal  <– Privileged EXEC mode
Router(config)#  <– Global Configuration Mode

In Global Configuration Mode you configure parameters that affect the whole router device. Here we will configure the Enable Secret password that you will be using from now own to enter into Privileged EXEC Mode from User EXEC Mode.

Router(config)#  enable secret “somestrongpassword”

From now on, when you log in from user EXEC mode you will be asked for a password.

It is suggested also to configure a password for the Telnet Lines (VTY lines) which will secure your access when connecting via Telnet over the network.

Router(config)#  line vty 0 4
Router(config-line)# password “strongTelnetPass” 
Router(config-line)# login

Step2: Configure a Router Hostname

To differentiate your Router from other devices in the network, you should configure a Hostname for your device.

Router(config)#  hostname My-Router
My-Router(config)#

Notice that your Router prompt changes to the new hostname that you have just set.

Step3: Configure IP addresses for Router Interfaces

This is an essential step in order for your router to be able to forward packets in the network. The most basic parameter for a Router Interface is the IP address. From Global Configuration Mode you need to enter into Interface Configuration Mode:

My-Router(config)# interface serial 1/1
My-Router(config-if)# ip address 100.100.100.1 255.255.255.252
My-Router(config-if)# no shutdown
My-Router(config-if)# exit

My-Router(config)# interface fastethernet 0/1
My-Router(config-if)# ip address 192.168.10.1 255.255.255.0
My-Router(config-if)# no shutdown
My-Router(config-if)# exit

Step4: Configure Routing (Static or Dynamic)

The Router’s main purpose is to find the best route path towards a destination network and forward packets according to the best path. There are two main ways a router knows where to send packets. The administrator can assign static routes, or the router can learn routes by using a dynamic routing protocol. For simple network topologies, static routing is preferred over dynamic routing. Let’s see how to configure static routes from Global Configuration Mode.

My-Router(config)#  ip route [destination network] [subnet mask] [gateway]   

My-Router(config)#  ip route 200.200.200.0 255.255.255.0 100.100.100.2

The command above tells the router that network 200.200.200.0/24 is reachable via gateway address 100.100.100.2.

Another popular static route that we usually configure on Internet Border routers is the default static route:

My-Router(config)#  ip route 0.0.0.0 0.0.0.0 50.50.50.1

The default static route above instructs the router to send ALL packets that the router does not have a more specific route entry to gateway address 50.50.50.1 (which might be the ISP gateway address).

Step5: Save your configuration

Save your current running configuration into NVRAM. This will overwrite the startup configuration.

My-Router(config)# exit
My-Router# copy running-config startup-config

You can display your current configuration to verify your settings as following:

My-Router# show running-config

This post will deal with configuring Layer 2 VLANs on Cisco switches. Up to 4094 VLANs can be configured on Cisco catalyst switches. By default, only VLAN 1 is configured on the switch, so if you connect hosts on an out-of-the-box switch they all belong to the same Layer 2 broadcast domain.

The need to configure several Layer 2 VLANs on a switch arises from the need to segment an internal Local Area Network (LAN) into different IP subnetworks. If you want for example to separate the different departments of your enterprise into different IP subnetworks, then each department should belong to its own Layer 2 VLAN. For example, let’s assume the following scenario:

• Accounting Department: IP Subnet 192.168.2.0/24 –> VLAN 2
• Management Department: IP Subnet 192.168.3.0/24 –> VLAN 3
• Engineering Department: IP Subnet 192.168.4.0/24 –> VLAN 4

By separating the internal LAN into different IP subnets (and thus different VLANs) allows the network administrators to enforce traffic restrictions if needed between departments and have better control of internal hosts.

VLAN assignment on a switch is configured on a per-interface basis. That is, each switch port interface is assigned individually into a Layer 2 VLAN. If you have more than one switch connected and you want the same VLANs to belong across all switches, then a Trunk Port must be configured between the switches. The Trunk Port passes all VLANs between the switches. Let’s see the following network scenario to help us clarify some concepts.

On the LAN network above, we have three VLANs. VLAN 2,3, and 4. VLAN 4 belongs both to SWITCH 1 and SWITCH 2, therefore we need a Trunk Port between the two switches in order for hosts in VLAN4 in Switch 1 to be able to communicate with hosts in VLAN4 in Switch 2.

The ports of the two switches shall be configured as following:

SWITCH 1:
Fe0/1 – Fe0/2 –> VLAN 2 (Accounting)
Fe0/10 – Fe0/11 –> VLAN 4 (Engineering)
Fe0/24 –> Trunk Port

SWITCH 2:
Fe0/1 – Fe0/2 –> VLAN 3 (Management)
Fe0/10 – Fe0/11 –> VLAN 4 (Engineering)
Fe0/24 –> Trunk Port

Configuration:

Switch 1 Configuration:
!  Create VLANs 2 and 4 in the switch database
Switch1# configure terminal
Switch1(config)# vlan 2
Switch1(config-vlan)# name Accounting
Switch1(config-vlan)# end

Switch1(config)# vlan 4
Switch1(config-vlan)# name Engineering
Switch1(config-vlan)# end

!  Assign Ports Fe0/1 and Fe0/2 in VLAN 2
Switch1(config)# interface fastethernet0/1
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 2
Switch1(config-if)# end
Switch1(config)# interface fastethernet0/2
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 2
Switch1(config-if)# end

!  Assign Ports Fe0/10 and Fe0/11 in VLAN 4
Switch1(config)# interface fastethernet0/10
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 4
Switch1(config-if)# end
Switch1(config)# interface fastethernet0/11
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 4
Switch1(config-if)# end

!  Create Trunk Port Fe0/24
Switch1(config)# interface fastethernet0/24
Switch1(config-if)# switchport mode trunk
Switch1(config-if)# switchport trunk encapsulation dot1q
Switch1(config-if)# end

Switch 2 Configuration:
!  Create VLANs 3 and 4 in the switch database
Switch2# configure terminal
Switch2(config)# vlan 3
Switch2(config-vlan)# name Management
Switch2(config-vlan)# end

Switch2(config)# vlan 4
Switch2(config-vlan)# name Engineering
Switch2(config-vlan)# end

!  Assign Ports Fe0/1 and Fe0/2 in VLAN 3
Switch2(config)# interface fastethernet0/1
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 3
Switch2(config-if)# end
Switch2(config)# interface fastethernet0/2
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 3
Switch2(config-if)# end

!  Assign Ports Fe0/10 and Fe0/11 in VLAN 4
Switch2(config)# interface fastethernet0/10
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 4
Switch2(config-if)# end
Switch2(config)# interface fastethernet0/11
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 4
Switch2(config-if)# end

!  Create Trunk Port Fe0/24
Switch2(config)# interface fastethernet0/24
Switch2(config-if)# switchport mode trunk
Switch2(config-if)# switchport trunk encapsulation dot1q
Switch2(config-if)# end

A few days ago I stumbled upon a post on About.com which listed the top 10 technical certifications for 2009. The rankings were evaluated according to the website’s visitors feedback, to the profitability and relevancy to today’s market, and from the popularity of the certifications discussed on the site. First on the list is Cisco CCIE. The site provides also an indicative average salary for each certification, which however depends on many factors such as experience, work location, company etc. Let’s summarize the top ten certification list below:

1.      Cisco CCIE: As one of the most difficult certifications to obtain, the CCIE is an excellent credential for a professional. The thriving networking field demands high skilled professionals and the CCIE is the top of the line. Average Salary $93,000.

2.      CISA: The Certified Information Systems Auditor certification from ISACA association is also very popular and profitable. CISA professionals serve the company as Information Systems auditors dealing with security controls and business controls of Information Systems. Average Salary $115,000.

3.      CCSE: The Checkpoint Certified Security Engineer is another high level security certification for professionals working with the Checkpoint Firewall-1 product. Average Salary $90,000

4.      MCSD: This is a Microsoft certification about solution designs using Microsoft products. The Microsoft Certified Solution Developer is expected to know all enterprise Microsoft solutions and use business analysis skills to suggest the best solution for a specific customer. Average Salary $88,000

5.      PMP: Another certification that requires high skills and lots of experience. The Project Management Professional is required to possess extensive experience in project management such as a Bachelor’s degree with 4,500 hours of project management work. Average Salary $101,000.

6.      CISSP: Another security certification in the list shows that security is a hot topic for getting certified in 2009. A Certified Information Systems Security Professional is required to pass a rigorous 6 hours exam (250 questions) covering 10 domains in information security. It is said that the CISSP knowledge is 10 inch deep by 10 miles wide!! Average Salary $94,000.

7.      RHCE: Red Hat Linux is the most popular linux flavor. Red Hat Certified Engineers should possess the skills to configure networking and security on Red Hat OS. The exam is actually a 5-hours hands-on test on configuring Linux. Average Salary $83,000.

8.      SCJP 6.0: This is the Sun Certified Java Programmer certification. Designed for programmers with skills on Java 2 development platform. Average Salary $75,000.

9.      CAPM: This is another project management certification, but less demanding compared to the PMP. The Certified Associate in Project Management requires professionals to possess 1,500 hours of project management experience. Both CAPM and PMP certifications are awarded by the Project Management Institute (PMI) which is a highly respected institution in the industry. Average Salary $75,000.

10.   Cisco CCVP: The Cisco Certified Voice Professional comes as number 6 in latest ZDNET survey for highest paying certifications. Voice over IP and IP Telephony technologies are always hot and should be expanding even more in the future. Cisco holds maybe the top position in IP telephony, that is why CCVP engineers are in high demand. Average Salary $89,000.