free-pnc-cisco: 2015

Monday 14 December 2015

Friday 4 December 2015

How to run .jlnp file on Ubuntu

To install javaws under Ubuntu 12.10/12.04 and Linux Mint 14/13 or older, open the terminal and run these commands:

sudo apt-get install icedtea-netx

Via the terminal, cd to the folder containing your plnp file and run this command:

javaws filename.jlnp

Cisco Switchport Port Security Feature

Overview

When configuring the security for a network, it is important to take advantage of the security features of all deployed devices. One of the security features available with Cisco switches (among other vendors) is switchport security.

The switchport security feature offers the ability to configure a switchport so that traffic can be limited to only a specific configured MAC address or list of MAC addresses.

Secure MAC Address Types

To begin with, there are three different types of secure MAC address:

Static secure MAC addresses—This type of secure MAC address is statically configured on a switchport and is stored in an address table and in the running configuration.

Dynamic secure MAC addresses—This type of secure MAC address is learned dynamically from the traffic that is sent through the switchport. These types of addresses are kept only in an address table and not in the running configuration.

Sticky secure MAC addresses—This type of secure MAC address can be manually configured or dynamically learned. These types of addresses are kept in an address table and in the running configuration.

Switchport Security Violations

The second piece of switchport port-security that must be understood is a security violation including what it is what causes it and what the different violation modes that exist. A switchport violation occurs in one of two situations:

When the maximum number of secure MAC addresses has been reached (by default, the maximum number of secure MAC addresses per switchport is limited to 1)
An address learned or configured on one secure interface is seen on another secure interface in the same VLAN

The action that the device takes when one of these violations occurs can be configured:

Protect—This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, no notification action is taken when traffic is dropped.
Restrict—This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, a syslog message is logged, a Simple Network Management Protocol (SNMP) trap is sent, and a violation counter is incremented when traffic is dropped.
Shutdown—This mode is the default violation mode; when in this mode, the switch will automatically force the switchport into an error disabled (err-disable) state when a violation occurs. While in this state, the switchport forwards no traffic. The switchport can be brought out of this error disabled state by issuing the errdisable recovery cause CLI command or by disabling and reenabling the switchport.

Configuration

Monday 30 November 2015

CCNA2, Chapter 1 Summary

We have seen that the trend in networks is towards convergence using a single set of wires and devices to handle voice, video, and data transmission. In addition, there has been a dramatic shift in the way businesses operate. No longer are employees constrained to physical offices or by geographic boundaries. Resources must now be seamlessly available anytime and anywhere. The Cisco Borderless Network architecture enables different elements, from access switches to wireless access points, to work together and allow users to access resources from any place at any time.

The traditional three-layer hierarchical design model divides the network into core, distribution, and access layers, and allows each portion of the network to be optimized for specific functionality. It provides modularity, resiliency, and flexibility, which provides a foundation that allows network designers to overlay security, mobility, and unified communication features. In some networks, having a separate core and distribution layer is not required. In these networks, the functionality of the core layer and the distribution layer are often collapsed together.

Cisco LAN switches use ASICs to forward frames based on the destination MAC address. Before this can be accomplished, it must first use the source MAC address of incoming frames to build up a MAC address table in content-addressable memory (CAM). If the destination MAC address is contained in this table, the frame is forwarded only to the specific destination port. In cases were the destination MAC address is not found in the MAC address table, the frames are flooded out all ports, except the one on which the frame was received.

Switches use either store-and-forward or cut-through switching. Store-and-forward reads the entire frame into a buffer and checks the CRC before forwarding the frame. Cut-through switching only reads the first portion of the frame and starts forwarding it as soon as the destination address is read. Although this is extremely fast, no error checking is done on the frame before forwarding.

Every port on a switch forms a separate collision domain allowing for extremely high-speed full-duplex communication. Switch ports do not block broadcasts and connecting switches together can extend the size of the broadcast domain often resulting in degraded network performance.

Switch forwarding decision

Fundamental Switching Concept

The fundamental concept of switching refers to a device making a decision based on two criteria:

Ingress port

Destination address

The decision on how a switch forwards traffic is made in relation to the flow of that traffic. The term ingress is used to describe where a frame enters the device on a port. The term egress is used to describe frames leaving the device from a particular port.

When a switch makes a decision, it is based on the ingress port and the destination address of the message.

Common consideration to choose a "switch"

Cost - The cost of a switch will depend on the number and speed of the interfaces, supported features, and expansion capability.
Port Density - Network switches must support the appropriate number of devices on the network.
Power - It is now common to power access points, IP phones, and even compact switches using Power over Ethernet (PoE). In addition to PoE considerations, some chassis-based switches support redundant power supplies.
Reliability - The switch should provide continuous access to the network.
Port Speed - The speed of the network connection is of primary concern to end users.
Frame Buffers - The ability of the switch to store frames is important in a network where there may be congested ports to servers or other areas of the network.
Scalability - The number of users on a network typically grows over time; therefore, the switch should provide the opportunity for growth.

Access, Distribution and Core layer (3-tier architecture)

Access Layer

The access layer represents the network edge, where traffic enters or exits the campus network. Traditionally, the primary function of an access layer switch is to provide network access to the user. Access layer switches connect to distribution layer switches, which implement network foundation technologies such as routing, quality of service, and security.

To meet network application and end-user demand, the next-generation switching platforms now provide more converged, integrated, and intelligent services to various types of endpoints at the network edge. Building intelligence into access layer switches allows applications to operate on the network more efficiently and securely.

Distribution Layer

The distribution layer interfaces between the access layer and the core layer to provide many important functions, including:

Aggregating large-scale wiring closet networks

Aggregating Layer 2 broadcast domains and Layer 3 routing boundaries

Providing intelligent switching, routing, and network access policy functions to access the rest of the network

Providing high availability through redundant distribution layer switches to the end-user and equal cost paths to the core

Providing differentiated services to various classes of service applications at the edge of network

Core Layer

The core layer is the network backbone. It connects several layers of the campus network. The core layer serves as the aggregator for all of the other campus blocks and ties the campus together with the rest of the network. The primary purpose of the core layer is to provide fault isolation and high-speed backbone connectivity.

In some cases, because of a lack of physical or network scalability restrictions, maintaining a separate distribution and core layer is not required. In smaller campus locations where there are fewer users accessing the network or in campus sites consisting of a single building, separate core and distribution layers may not be needed. In this scenario, the recommendation is the alternate two-tier campus network design, also known as the collapsed core network design.

Cisco Borderless Networks

Cisco Borderless Networks is the brand name for a set of hardware and software technologies which allow "anyone, anywhere, anytime, and on any device" to connect to an organization's network.