Thousands of people are searching the web every day to find training resources to study for their Cisco CCNA exam. Many are searching about practice exam questions, self study guides, books, training videos etc. There are several free online resources available for the CCNA exam but most of them are either outdated (they don’t cover the latest 640-802 CCNA exam) or they are not comprehensive. For a serious CCNA candidate, the free resources should be used only to compliment a professional CCNA training package.

Most people know that the professional training packages are the best, so they search for pirated free download copies over peer-to-peer, rapidshare and torrent networks. In addition that you can get sued for piracy and copyright infringements, you run also the risk of getting infected with malware, Trojans, botnet agents etc from those pirated copies.

My advice for you is to invest in your professional career, and the first step is to invest some money in a trusted professional training, rather than trying to download pirated copies. Especially for the CCNA exam, which is the foundation of Cisco Networking, you should invest in a proven training that will offer you the required solid base knowledge for your further Cisco certification and career development. Trainsignal is the leader in Cisco CCNA Video Training, offering an excellent CCNA Computer Based Training (CCNA CBT) package that will help you to pass your exam guaranteed. Instead of running the risk to download free pirated copies of CCNA training, just buy the official Trainsignal CCNA Video Package. Its value is multiple times bigger than the price you will pay for it. After obtaining your CCNA, you will pay back the price for Traisignal in a few days!! Download your CCNA Video Training with 90-days Total Experience Guarantee.

In a previous post I explained how to configure VLANs on Cisco Switches. That was a simple scenario with just two switches connected with a trunk port and having shared VLANs belonging to both switches. Now, imagine the situation where you need to manage a huge Layer 2 switched network with tens or hundreds of switches and with VLANs spread across all switches in the network. This would be a daunting task for any network administrator as he would have to connect on all switches and add or remove VLANs accordingly every time a new vlan is required in the network.

The Cisco Vlan Trunk Protocol (VTP) is a proprietary protocol available on all Cisco Catalyst switches and is designed to reduce the administration complexity and effort of managing many Layer 2 switches. Basically you select one switch in the network (usually a central switch) and configure it to be the VTP Server of the network. All other switches are configured as VTP Clients. Now, all VLAN administration is done on the VTP Server switch only. If you add a new VLAN on the VTP server switch, this configuration change is propagated on all VTP client switches which automatically add this VLAN to their database. Similarly, by deleting a VLAN on the server, all client switches delete that VLAN from their database.

A Cisco switch can be configured to operate in three VTP modes:

• VTP Server Mode – This is the default mode for switches. A VTP server switch can add, modify and delete VLANs for the whole VTP domain.
• VTP Transparent Mode – In this mode, the switch does not participate in the VTP domain. The switch passes VTP messages transparently to other switches but it does not synchronize its VLAN database according to these VTP messages.
• VTP Client Mode – This is the mode that you configure all switches that you need to have them synchronize their VLAN database according to the VTP server database.

 
Caution: Because VTP Server is the default mode, whenever you connect a new switch in the network, you need to make sure that you configure this switch as VTP Client BEFORE connecting it to the network. This is to avoid the situation where a new switch connected might take the role of the VTP Server for the whole domain and since its VLAN database is still empty, it will cause all other switches in the network to delete all their VLANs.

Another important precaution is to configure also a password for the VTP domain, so that any new switch connected must have the domain password configured by the administrator before participating in the domain.

Configuration:

VTP Server Switch:

! Configure first a name for the VTP domain
Vtp-server(config)# vtp domain mynetworkvtpname

! Configure the switch in server mode
Vtp-server(config)# vtp mode server

! Configure a password for the domain
Vtp-server(config)# vtp password vtp123

VTP Client Switch:

! Configure first a name for the VTP domain
Vtp-client(config)# vtp domain mynetworkvtpname

! Configure the switch in client mode
Vtp-client (config)# vtp mode client

! Configure the domain password in order to be able to participate
Vtp-client(config)# vtp password vtp123

NetFlow is a protocol initially developed by Cisco but it is also supported on many other network devices. NetFlow’s purpose is to collect IP traffic information and send the collected records to a NetFlow Collector server or NetFlow Analyzer. NetFlow is useful for administrators to have an inside-view to the traffic passing through the network and collect information about bandwidth usage, type of traffic, traffic volume etc.

Only Cisco IOS Routers were supporting NetFlow in the past. Regarding Cisco ASA, NetFlow was only supported on Cisco ASA 5580 with software version 8.1. With the introduction of Cisco ASA software version 8.2, NetFlow is now supported on ALL ASA Models. This new feature on ASA is called NetFlow Security Event Logging (NSEL) which is an adaptation of NetFlow version 9.

Configuring NetFlow on Cisco ASA:

 There are three event types that trigger the creation of a NetFlow record. These are flow-create, flow-denied, flow-teardown. You can use all as well to trigger a netflow record for all events. You need to define a netflow collector IP address to which the ASA appliance will send flow records. You can use the Modular Policy Framework to customize the details of NetFlow functionality.

Example: Log Flow Creation events between hosts 10.1.1.1 and 10.2.2.2

The Internal NetFlow Collector server is 192.168.100.1

 
ASA (config)#  flow-export destination inside 192.168.100.1 2055

ASA (config)# access-list flow_export_acl permit ip host 10.1.1.1 host 10.2.2.2

ASA (config)# class-map flow_export_class
ASA (config-cmap)# match access-list flow_export_acl

ASA (config)# policy-map flow_export_policy
ASA (config-pmap)# class flow_export_class
ASA (config-pmap-c)# flow-export event-type flow-creation destination 192.168.100.1

! You can use also event-type all to trigger records for all flow events

ASA (config)# service-policy flow_export_policy global 

! Disable Logging for flow export events for performance increase
ASA (config)# logging flow-export syslogs disable