Skip to content

Network Ninja

The Long Road to Cisco

  • Home
  • About
  • Legal Disclaimer
  • Archives
Less
More
Trim
Untrim
« Older
Home
Loading
Newer »

Tag Archive for 'Partner'

CCIE Command Memorizer

Published
by
Deon Botha
on September 12, 2008
in Asides, Off-Topic, Support and Vine
. 2 Comments

About a two weeks ago David Bombal from Configure Terminal contacted me about doing a write up for  CCIE Command Memorizer. As a current CCNP student there is obviously some of the CCIE content that still goes over my head but most of the stuff I am fairly okay with. David didn’t seem to mind that I wasn’t a CCIE as yet and I sure didn’t mind giving CCIE Command Memorizer a spin so below are my thoughts and feelings.

During my initial research on the CCIE Command Memorizer I found that CCIE Command Memorizer was geared towards the CCIE Routing and Switching (R&S) Lab. When I received the application Monday two weeks ago my initial impression was that it covers without many frills and spills in an effective and efficient manner the commands in a Do-It-Yourself fill in the blanks task to objective orientated format. There is no round-about, search for things “what now” moments; everything is straight and to the point. Another bonus is that the download isn’t enormous either.

The CCIE Command Memorizer application itself is written in an e-book format, which works for the content and in that format. If like myself you like using the keyboard when you get going on command line (IOW dislike moving between the mouse+keyboard) some of the shortcuts might feel “off” and take a bit to get use to. Take heart that once you get going it all starts flowing like second nature.

My feelings on how the CCIE Command Memorizer would fit into my studies it that as a study tool / study aid as it helps you practice commands anywhere at any time as long as you have your notebook handy (face it as a CCNP I realize I am a Geeks and my notebook goes on holiday with me so this pretty much means anywhere). My current situation with a LAB is that I am busy getting racks, cabling, and other kit together to put a LAB up, the actual LAB is non-existent. In my situation the CCIE Command Memorizer is my stop-gap for actual “command” time practice as I don’t really have kit and at times no block time to zero in on a specific Technology Area and do some quick revision work with a specific focus only on that technology. This is different from the LAB where you need to setup and configure peripheral services and technologies to get to the meat close to the bone, CCIE Command Memorizer lets you focus ONLY on those parts to give you practice on those parts.

In my opinion students that would find the CCIE Command Memorizer useful would be individuals who have problems with instant recall of information when under stress or duress (people with classic test condition issues that forget as they walk through the door when in normal day-to-day they are Uber networkers) and students who need to drill things to remember (repetition, repetition, repetition) information to get it to pass from short term into long term memory (this one would be me). Most other students may also find it handy to bridge the book theory and lab practical (where you just went through the theory to quickly go over the practical again to cement the knowledge just a bit more).

From my perspective as a CCNP student the CCIE Command Memorizer shares most (if not all) of the content material with the CCNP that I cared to check up on. In the two weeks I have been working through EIGRP and OSPF (notes to follow shortly) for the BSCI. Everything I covered in theory the CCIE Command Memorizer covered + some more.

To close off for those who want a one-size-fits-all study solution don’t mistake the CCIE Command Memorizer for something it wasn’t built to be. The CCIE Command Memorizer is a STUDY TOOL / STUDY AID and not a “Complete Blended Solution” or All-In-One (aio) Product like the guys from IP Expert offer. This will mean that you will probably either attend classes from a Cisco Learning Partner and/or do labs at home or through a Rack Rental Company and/or also have Cisco Press books that will ADD TO THE VALUE the CCIE Command Memorizer.

In summation I suggest taking a serious look at the CCIE Command Memorizer and how to integrate it into your study plans. Taking all things into consideration I would seriously recommend the CCIE Command Memorizer even to current CCNP level students. The value add is easy to find and it helps to have something that you can take along as you travel that does command line study effectively without the need to spend hours on “setting up other things” before you get to play with advanced topics.

BSCI Update For August

Published
by
Deon Botha
on August 20, 2008
in Asides
. 3 Comments

It came as a bit of a shock to me that my last post was on the 14th of August and several days have come and gone and I haven’t touched my studies. I have had to sit down and think about what has been going on that made this happen.

The company I work for is a big-ish Hewlett Packard house and about a week ago (14th of August) I was forwarded an email stating Certification criterea required for continued partnership at our level. The email also very bluntly stated that for partnership status to roll over without side-effects in Quarter 1 Certification had to be done by September (Whether this was beginning or end September is anyones guesse but I am going to try and play it save and assume beginning September).

Most of my attention has been focused on getting everyone else prepped, ready and geared for the Exam. This has included helping with study materials, creating in-house study material that can be printed (The HP material doesn’t allow for that) because some of the people don’t have internet connections or computers at home and translating some of the more Business Jargon / IT Jargon in the material into Afrikaans for those that aren’t as strong in English.

Along with this I am also trying to get myself up to speed as I will probably be writing all the technical tracks, sales tracks and marketing tracks to take load off other employees and hedge bets should there be failures. The content for the Exams aren’t rocket science but like any Corporate Certifications they are written in special “HP Speak” and the exam will not only test your abilities but also your knowledge of “HP Speak”.

Other than that my week has been totally normal, my Cisco studies have just taken a back seat to HP studies for a little bit.

Cisco’s winner for an Extreme Business Makeover

Published
by
Deon Botha
on August 14, 2008
in Cisco Systems and Vine
. 0 Comments

Pimping

Last night in Johannesburg (13th August 2008) Cisco announced the winner of the Extreme Business Makeover Competition.

This competition might just be the thing a growing SMB needs to get more competitive, agile and ready for business in the fast paced economy of today so that the SMB can communicate at the speed of business unlike Extreme Makeover: Home Edition that’s the show where the people go and demolish the families house, build a totally new house and pimp it out with stuff the family couldn’t afford in the first place in a month of Sundays.

Where this prize from Cisco will be different from the Extreme Makeover: Home Edition is that

  • Cisco products are reliable in that they generally don’t just break down,
  • Cisco products and solutions are well integrated and
  • If one compares apples with apples Cisco products are cost effective (I’m not going to go get technical here but comparing other SMB products and what you get between vendors I feel Cisco is very well priced with lots of Enterprise Class Technology).

For SMB companies that are struggling with managing vast amounts of data in a secure, reliable and cost effective manner there really is only one technology partner that offers you complete peace of mind in one neat package. All this while offering employees, customers, partners, and vendors access information anywhere and any time without breaking the bank.

On the topic of breaking the bank generally SMB business have cash-flow issues because operational activities take precedence over large capital expenditure projects and Cisco knows this and run amazing leasing deals and rentals offers (recently prime less 4%) for those of us not lucky enough to get this kit for free.

But now back to the competition; The competition was launched in March 2008 and invited local businesses to compete for the first price of a total network transformation featuring all the pimped out Cisco products and solution worth R 300,000 ( $ 37,500 USD). In Cisco products and solutions that should do some heavy pimping!

The winner of the first prize was a company by the name of redpeg a SETA accredited education and training services provider that offers training programs and workplace interventions. The company broadly operates within the workplace HIV/Aids arena and consults to businesses of all sizes to enable them to build capacity to implement manageable and sustainable HIV/Aids workplace programmes.

New Cisco IOS Software Activation and Licensing Workflows

Published
by
Deon Botha
on July 22, 2008
in Cisco Systems and Vine
. 7 Comments

I was introduced to this new Cisco IOS Software Activation and Licensing idea at a Partner Enablement session on the 6th of June and my first impression was “Windows Activation on steroids”. A post by Joe Harris has a visual workflow  link that explains this process if this whole thing confuses you.

One of my questions to the presenter afterwards was what impact would this have on the simulation software packages like dynamips. My position being that I wasn’t able to build a lab simply for learning/studies even with Cisco discounts at this point in my career. He understood my point of view and knew of many other partners in similar positions but couldn’t really answer me.

What I gathered from my session on the 6th of June was that not all Router and Switch platforms will migrate to this new activation and licensing platform but it will happen over a period of time. This activation and licensing system is being implemented because the “gentlemans agreement” system Cisco has used in the past isn’t working where there is misuse of the current system.

That being said I did ask how this will directly affect me and the answer was that on initial order/sale not a whole lot. When a customer purchases a switch/router they generally purchase what they want with the licensing they want. On a scenario like that the IOS and feature is installed and activated before being shipped to the customer or me and then I go install.

This new system will start becoming a bother when upgrading from IP Base to another feature license. This will require the following steps:

  1. The order of a Product Authorization Key (PAK) from Cisco
  2. The Unique Device Identifier (UDI) from the Router/Switch
  3. Entered this information into the Cisco Licensing Portal
  4. Taking the information from the Portal and installing the license onto the Switch/Router

The installation of the license file can be done using the *.lic file that you receive from the Portal using the Command line interface or the Cisco License Manager software. Using the command line:

Switch#license install tftp://x.x.x.x/license.lic

Alternatively one can use the call-home feature and the PAK Number, this however would mean that you have an internet connection to the Router/Switch and you feel comfortable that you won’t have the *.lic file when things go wrong as the Switch/Router installs this directly from the License Portal:

Switch#license call-home install PAK PAK-NUMBER
CCO Username: abcdef
CCO Password:
!......................
Follow the prompts to install the license

There was talk about an emergency license availability for “emergency purposes” where say for example a customer has a current desperate need for an upgrade feature set this very instant and the order cycle would take a couple of days to fulfil. The emergency license would take a couple of hours at most and last for a finite period while the order process ran its couse.

Cisco Partner Enablement Training

Published
by
Deon Botha
on July 18, 2008
in Cisco Systems and Support
. 0 Comments

I am at the local Cisco offices today for Partner training. It’s basically Cisco letting Partners know where to find what on Cisco.com. For those of you that haven’t tried to find/navigate the Cisco Website it can be a little daunting at first (I remember how it was for me). The nuts and bolts of this training is Cisco letting Partners know what tools are available and giving us a bit of a demo (selling us on them).

I am writing this post so that I can keep these links in a central place; If you find them useful that’s cool. There are more tools available from Cisco like Quote Builder, Competitive Edge Portal, Sales Accelerator and others that I am not covering.

Most if not all of the tools I will be babbling on about will require a valid CCO login and that your CCO be linked to a valid Cisco Partner.

A good place to start if you are a new Cisco partner or just getting started on a new job at a Cisco Partner would be the Partner Enablement Page; from there you can find most of the tools that Cisco provide listen under logical headings that I will describe shortly below.

The first heading you will find is Develop whether this be business development or personal development it’s listed under here. First off the bat we have The Partner Enablement Page that gives you one click access to most of the Cisco tools that you will need under this section. Including tools like the Partner Enablement Navigator that is an online wizard for Partner enablement tools and resources to give you quick access to what you need when you need it. There is also a link to Partner Practice Builder that helps Partners create a strategic development plan for various decision making functions (i.e. whether to do Unified Communications or not?). Finally there is Partner Education Connection that provides online course content for most of their courses; the courses range from free to providing links to where training is available at Cisco Learning Partners.

Next up we have Market and this is a kind of obvious one this is links to tools that either help you market Cisco products (Campaign Builder) or give you specific and relevant information assist you to be more effective in marketing Cisco products (Cisco Customized Partner Intelligence).

Then we have Sell for those in the sales teams or supporting sales teams. Starting off with Cisco Demo Solutions which is a boxed demo solution available for purchase from Cisco. Then we have the Cisco Partner Helpline that gives partners access to technical product information, including assistance with network design and product selection.

Finally Deliver where you can find Steps to Success that has resources for selling, delivering and supporting business solutions throughout the network lifecycle.

Cisco South Africa Partner Career Day

Published
by
Deon Botha
on July 15, 2008
in Cisco Systems and Vine
. 0 Comments

Cisco Conference key note by deputy minister of education

So I attended the Cisco South Africa Career Day 2008 and it was well worth going. The event was hosted by Cisco in conjunction with the Cisco Networking Academy and the University of Pretoria.

A way that I have used to gauge the importance of an event has been to look at the “headline” act. In todays case the introduction was done my General Manager of Cisco Systems, Mr Steve Midgley and the key note address was given by Deputy Minister of Education Mr Enver Surty.

The drill-down of the presentations was that there is a skills shortage and there are initiatives already happening and in the pipelines to help address this global problem.

The event took place at the the University of Pretoria in the Entertainment Hall and Lecture Room 100 and centred around the development and availability of skill in the Information and Communication Technology (ICT) Sector mainly locally but also touched on it globally (China and India).

The event was held at the University of Pretoria to provide Cisco Networking Academy graduates the opportunity to get some “face time” with Cisco channel partners. The event provided the Cisco partners an opportunity to meet the future talent and interview graduates face-to-face. This exposed Cisco Networking Academy graduates to openings within Partner organisations, while allowing Partners to asses prospective employees.

From Cisco systems there was a clear message that they were going to be actively involved in developing and building the skills needed to assist partners and in turn the local economy through various initiatives. They drove this message home by making this the “public” launch of the Cisco Talent Partner Portal that I posted about here 2 weeks ago.

I stole a few business cards myself and talked to some of the bigger partners, one never knows when that might come in handy.

Related: http://it-online.co.za/content/view/353879/97/

Kudos again to JP for organizing the invite.

Cisco Talent of the Future

Published
by
Deon Botha
on July 7, 2008
in Asides, Business, Cisco Systems and Vine
. 0 Comments

As a heads up I’m going to be attending the Cisco South Africa Partner Career Day happening at the University of Pretoria. This event rolls into one many things I am really passionate about (I think most Cisco Certified individuals are passionate about at least some of these things) namely skills, the youth, Information Communication Technology (ICT) and training.

The event sounds similar to the Cisco Global Talent Acceleration Program (GTAP) (More at ITWEB) launch a while back and although that event was not really directly relevant to me (I was a little late out of uni myself to benefit directly or apply) or my business (we are Cisco Partner and this was basically a Cisco Post Graduate Training Program with a twist) there was talk about this programs content being extended or made available in some shape or form to the Partner Community (that means everyday businesses that are somehow connected to Cisco Systems in the ecosystem).

What this would in effect mean to me and you (partner based students of the network world that either work for Cisco Partners or are trying to skill up on our lonesome) without the frills is a fast track, hard hitting, quick and to the point series of training provided by an accredited Cisco learning partner and tested by Cisco Systems themselves that gets you to written CCIE level as quickly and efficiently as possible.

Lets see what this event holds in store for us, I will post it afterwards. Thanks goes out to JP for the heads up and hooking me up with an invite (its nice and conveniently close to my offices).

EMEA Cisco Recruiting

Published
by
Deon Botha
on July 3, 2008
in Cisco Systems and Vine
. 2 Comments

This may be old-ish news but I found this interesting. This is a Cisco initiative to help Channel Partners Address Technology Skills Shortfall with a new Partner Talent Portal in Middle East and Africa. Stories like this always lead me off the beaten track and thinking about interconnected things (I’m weird, that’s what makes me specials).

Demand and Supply

The management side of me finds this interesting, its probably more complex than this explanation but this is the basics of something called supply and demand (which is something I got drilled into my head when I was studying). The graph basically shows a single supply source for qualified individuals (that would be you and me) and a radical change in demand (market driven demand from Channel partners and even Cisco) and if you are wondering the other axis (not market) is generally what your pay might be as demand increases.

In times when there is growth (2010 World cup in South Africa, good economic conditions recently) there is a strong demand for “skilled” individuals (skill + experience), this creates a supply problem because there is then a short supply (due to (1) skill shortage in the form of certified individuals in this case (2) the certified individuals having no real world experience) to fill the demand.

This will always happens when there is a rapid upturn in the market, supply lags behind demand because oversupply is in most cases expensive (having certified individuals on staff with nothing to do) and counter productive (carrying the expense of certifying individuals when there is no work for them or need for them). There are many factors that play on this that I haven’t included because this can get overly complicated fairly quickly if you consider them for example in a South African context the massive skilled brain drain to other more developed markets, political factors, crime, local employment and training policies employed by companies, private sector willingness to skill and give experiential training, etc.

What is interesting and will be interesting about this scenario is what will happen in the short to long term future with the downturn in the global market, what I have already encountered (in the last couple of months) is that customers are less willing to undertake CAPEX spending (uncertainty about what will happen in the short to near term), which is bad as networking and network equipment is seen as a CAPEX spend.

If doom and gloom is on the horizon it doesn’t however mean the end of the world as OPEX spending to keep operations going will continue in the form of maintenance of currently installed equipment (which still needs certified skilled individuals to maintain) the only difference will be that the lifecycle of installed kit will be extended as customers will hold onto their kit longer to squeeze the Return on Investment ratio dry or the kit actually breaks.

Thanks goes to JP for the heads up.

Certguard and a Blog

Published
by
Deon Botha
on June 16, 2008
in Off-Topic
. 2 Comments

Since late last week there has been some waves in the online networking community about a post by Robert Williams from CertGuard. Since that post many things have happened, I am however not going to talk about the specific situation, how it is probably affecting the mentioned CCIE etc. Some notable comment can be read from members of the networking community like Colin McNamara, Arden Packeer and Greg Ferro

I have been following the situation and reading responses and trying to figure this out for myself. I am however finding myself with more questions than answers as I try and get information to make an educated decision as to the this whole story. My main questions are around Certguard.

To kick off why this whole thing is upsetting me and probably many other people. I practice what I do on my good name, If it calls for it I spend extra non-billing hours (working days without sleep) keeping my good name in tact with clients who are not happy with a product or service either I or a competitor placed because my good name and the good name of my vendor of choice is important to me. This extends into daily life where dressing appropriately for functions, being on time for meetings (early ussually) and being affable and amiable in company goes to preserving my good name. I have spent time, been careful and made sure my name is not sullied and not dragged through any mud or tarnished by schoolboy playground antics because people buy products and services from people. Basic marketing theory says that word of mouth is the best and worst marketing where one good experience brings maybe one extra customer; one bad experience sends 10 customers away forever. In the end of the day my good name is very important to me because it is my brand and my image. This situation is upsetting because it has to do directly with this concept and the sullying of someone’s good name in a disgraceful very underhanded way.

CertGuard seems to be a self appointed Information Technology (IT) Watchdog where it concerns test taking and certifications. How this is done around the back-end isn’t so clear to me at this point. I have read that they have no affiliation with Cisco or Pearson Vue (I only care about their links with Cisco I don’t much care whether Microsoft or another vendor uses their products/services). Their website isn’t exactly transparent as to all their specifics but I will outline my thoughts and findings below.

I want to know WHAT they do, they say they keep the industry clean by focusing on braindumps websites. For those who don’t know what braindumps are these are basically compiled documents of test questions that may or may not appear in the exams. A braindump is not certified study material according to the agreement you sign every time you take a Cisco exam. The fact remains to me that they aren’t affiliated with Cisco and they make a leap somewhere from “braindumps websites” to “decertifying individuals” that is a bit far fetched and I don’t know how that happens. This leap is more than just bothering me, its annoying me, I have looked through the CertGuard website, done Google Searches and tried asking others but no one knows WHAT they do other than selling a product type service.

Personally I learnt in grade school that cheating was wrong, I received a degree without trying to write crib notes on various body parts to get them into exams (a girl wrote half the theory on her breasts in one exam thinking it was the only place the invigilator wouldn’t look) and I certainly know that unless I know something outright I am not going to pass any exam (sometime down the line I am going to look stupid if I don’t know how to do something I have written an exam on). The company doesn’t seem to be closing down braindump websites but monitoring them, they dont seem affiliated with Cisco to take away a certifications from individuals and they seem to be selling information based products to end-users and not vendors. This whole thing leaves me with more questions than answers.

What CertGuard is doing is great in theory (noble and almost altruistic) protecting the intrinsic value of something like a certification (which is not like a conferred degree) is in everyones interest that is working towards getting that certification. What is rubbing me raw though is what do they actually do? Are they working for a Vendor at a higher level or are they trying to create a new economy for validating online 3rd party course content information? Are they trying to become the de facto “trusted authority” for who you can use for content and who you cant? Or are they none of the above and I’m just to stupid to see what they really do and don’t do.

One of the links in the pecking order that’s also bothering me is how CertGuard can share/give/pass information as a “trusted authority” to Cisco/Vue (other) and as a trusted authority Cisco/Vue acts on the information by tripping someone of a certification (if at all). My concern here is that I have paid a small fortune to get learning material, certifications, hardware and training from Cisco and/or Cisco Partners, I have spent countless hours in front of books, PEC, and at training losing sleep, weekends and time I could have spent focusing on other activities. If a company who is not affiliated with Cisco, recognized by Cisco and was not given a mandate by Cisco starts to act “as-if” they are working on behalf of Cisco I am going to be a very unhappy camper and would hope Cisco Systems and the community at large cuts them down to size instead of siding with them because you may be next.

I am unsure of CertGuards place in the macro network environment and how they interact with the ecosystem at this point. Is this a fear based marketing and advertising ploy in very bad taste to drum up traffic and in the end sales for their products. Network World seems to rubber stamp them and if not endorse them fully by allowing them a place from which to gather an audience. Their website doesn’t clearly state anything substantial about them, I want specifics, facts and concrete information if they are so important to the industry. I want to know that my future as a small fish in a big pond in the network industry isn’t going to be jepordized by some unknown CEO from a company who you know but also dont know what they do (I don’t trust them nor know anything about nor care about them*) turns my world upside down one sunny day.

The modus operandi of using a highly visible public platform in the network industry to blackball a blogger without prior consultation or attempted mediation is uncouth to say the least. This is something that I don’t think I can agree was/is the correct method(s) or acceptable in the least. As a person who is active online, who writes (in my case notes from various sources) and posts them to a blog, my concern is am I going to be the next lamb to slaughter (probably not but the fear is there). As rational or irrational as that is who will be the next target for Mr Williams? If you note their services they offer Blog & Forum Monitoring (feels like big brother is watching).

I certainly don’t get paid for blogging I also don’t know anyone who does, I am certainly not going to jeopardize my future so that someone can take me out at the knees for something because they feel a need to scratch something that itches.

*An online business without a complete website explaining at least Who they are, What they do, How they do it, Where they come from, How they relate to me, Why I should care, Why they should be there and have a Telephone number and Physical address FOR THE REASON I VISITED THE SITE in plain view without the need to search for it or do a whois on the domain in my experience is trying to scam me in some way.

In this case Who is Certguard to me as a Cisco Networker? What does CertGaurd have to do with Cisco? How does Certguard do what they do with relation to Cisco and Cisco Certification and the mechanics of it? Where is their value proposition with relation to Cisco and Cisco Certification? How this relates to my studies and certification process with Cisco? Why this will and will not affect me and my life? Why CertGaurd should be there and exist at all and affect my life? and where can I call someone if they make my life hell and/or buy a plane ticket to come make someones life hell if need be?

Finally I have probably edited this thing a 100 times to get it to say what I want I am adding links to the Disclaimer and if you want to know about me and finally should anyone try and muck me around thus far all posts fall under the following notice:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

Followup: Ethan Banks is back in action, his blog post can be found here.

Followup: Robert Williams public apology to Ethan Banks and the Network Community.

Cisco and DDNS

Published
by
Deon Botha
on June 4, 2008
in Cisco Systems, Concepts and Constructs, DDNS and Support
. 3 Comments

A little off-topic (switching being topic at the moment) but I ran into this today again and wanted to jot it down quick.

WARNINGS: The commands below enable public access to internal resources. This should not be done if you do not understand Access Control Lists (ACL) and/or have a proper Firewall (not windows Firewall) installed maybe a PIX or ASA even ISA Server would do. I prefer not doing this at all because it creates a rather obvious place for network attacks to happen. You must know that these commands are what I know to work, you may disagree and I would love to hear what you do/use. I take no responsibility whatsoever as to how you use these commands and you shall be responsible for your losses or your clients losses if you do not implement this correctly or data/information is stolen.

Dynamic Domain Name Service (DDNS) is a service that lets anyone on the internet gain access to resources on a local network when that local network is connected to the internet through a Dynamic (constantly changing) IP Address connection (most ADSL connections).

To understand the concept Domain Name Service (DNS) is the mapping of IP Addresses (192.168.0.1) to human-readable computer hostnames (www.companyweb.org) that is used by routers and other networking infrastructure to delivery information as needed. The internet uses DNS so that we can go to www.google.co.za and not have to remember the IP Address for google and the million other sites online.

DDNS makes it possible for Small, Medium Business (SMB) to allow employees, customers, partners and other stakeholders access to internal resources (mail, intranet, pricelists, documents, etc) without the requirement to pay for static IP address access to the internet. This is not limited to SMB as some larger companies have dynamic connections and also use the service. There are of course security concerns and problems with DDNS.

By enabling DDNS you allow external (untrusted) access to internal (trusted) resources. This leads to not just known (employees, customers, partners and other stakeholders) visitors but unknown (random hits, hackers, etc). If you do not implement the proper security you may and probably will lose information and data without even knowing it.

On the SMB range Cisco Series Routers upward the DDNS command is supported and services like Dyndns can be configured without much hassle. There are some small things to watch out for though that I will cover below.

Step 1: Open an Account with DynDNS (Other services work with Cisco Routers). I however have only used DynDNS and I am happy with them. Check the config guide from Cisco for the other commands. Once you have the DynDNS account setup a free DynDNS hostname they have many options like your-option.domain.com and write down this and your username and password.

Step 2: Add DynDNS.org to your Host list and Statically apply your ISP DNS servers. This works best, you could just not do this but it works better if you do.

Router(config)#ip host members.dyndns.org 63.208.196.96
Router(config)#ip name-server xxx.xxx.xxx.xxx
Router(config)#ip name-server xxx.xxx.xxx.xxx

Things to change xxx.xxx.xxx.xxx is your ISP DNS Server address, primary first address, secondary address second.

For those with ISPs that love changing their DNSs regularly (I know some ISPs change their DNS servers monthly, they have a list of DNSs and the active ones any given month would be any persons lucky assumption) this is great if you charge by the hour and bad for your client because they will see you every month (i.e. bad for Cisco’s image because a client thinks his Cisco kit breaks every month).

Via Etherealmind you can give OpenDNS a try. OpenDNS is DNS with a little extra as they inlcude Phising protection and spelling correction in their service.

Step 3: This is tricky because it uses a special character, play around with this and see what happens. When you get to the special character in the line press Ctrl+V to allow for the character input in IOS

Router(config)#ip ddns update method dyndns
Router(DDNS-update-method)#HTTP
Router(DDNS-HTTP)#http://DYNDNS-USERNAME:DYNDNS-PASSWORD@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
Router(DDNS-update-method)#interval maximum 0 28 0 0

If you don’t get it, the special character I mentioned is the question mark, which won’t be allowed to be input without the CTRL+V. Things to Change DYNDNS-USERNAME is your DynDNS Username and DYNDNS-PASSWORD is your DynDNS Password

Step 4: On the Dialer interface (not the ATM, fastethernet, gigabitethernet interfaces). This could also be put on the Serial interface (say for a flapping link, if you have a Leased line for internet but then you would probably have a static IP address) why you would use DDNS then I dont know but it could and would probably work.

Router(config)#interface Dialer1
Router(config-if)#ip ddns update hostname your-option.domain.com
Router(config-if)#ip ddns update dyndns host members.dyndns.org

Things to change your-option.domain.com is the choice for the domain you made at DynDNS like game-server.dyndns.org.

Step 5: We are doing this for a reason and the reason behind DDNS is to have a private resource available to the public internet. To achieve this in IPv4 NAT or PAT is used when a single Internet connection is available. NAT basically takes multiple internal addresses and allows all those addresses to access the internet at once through a single internet connection. For this to work you need to configure your NAT inside and NAT outside.

Router(config)#interface Dialer1
Router(config-if)#nat outside
Router(config-if)#exit
Router(config)#interface vlan VLAN-Number
Router(config-if)#nat inside

I use a VLAN and map the VLAN to an fastethernet or gigabitethernet interface, you may or may not do it this way.

Step 6: Configure NAT extend a internal resource to the public. I am say doing this for Small Business Server 2003 (SBS) for Exchange Outlook Web Access (OWA). This uses HTTP port 80 and HTTPS port 443. Consider only doing this if you have Premium Edition (comes with ISA Server) so that you can excercise some control over what you publish and what you dont publish.

Router(config-if)#ip nat inside source list 101 interface Dialer1 overload
Router(config-if)#ip nat inside source static tcp xxx.xxx.xxx.xxx 80 interface Dialer1 80
Router(config-if)#ip nat inside source static tcp xxx.xxx.xxx.xxx 443 interface Dialer1 443

Things to change here would be the xxx.xxx.xxx.xxx which is the SBS IP address (default is 192.168.16.2)

Step 7: Disable the Router HTTP and HTTPS server so that you won’t be getting the routers login page when you try access the your-option.domain.com. Which is both annoying, could break the functionality and also is a security risk.

Router(config-if)#no ip http server
Router(config-if)#no ip http secure-server

This command will disable the WEB GUI!!!! If this is a problem consider not configuring DDNS. This command may break functionality because it also uses HTTP port 80 meaning that if you type the url the router wont know whether to give you OWA or WEB GUI. It’s a security problem because everyime someone comes to the external website on port 80 the router will ask for level 15 login and password (Cisco specific information and anyone that knows network kit knows this means Cisco kit lurks yonder) and they may well actually get into the router and factory-reset it for you should they be able to login or you haven’t chosen a secure password (which is not good).

Step 8: Configure ACLs (at least) for WAN traffic). Some ISR routers come with options of Firewall consider configuring that too. Disable CDP on external facing interfaces etc (IOW take due care and dilligence in setting up a proper secure router plus some more because you are letting the outside world into the private network).

Step 9: To Verify DDNS using the show commands

Router(config)#show ip ddns update

Alternatively you can use the debug command

Router(config-if)#debug ip ddns update

Step 10 :I’m not paranoid (all this talk of security), I just don’t like gambling with lady luck. Exposing any part of the internal network to the outside world is a security risk that can be mitigated (not totally) but controlled. Consider this and how to mitigate the risk before exposing something like SBS (which by all accounts is the Business Nervous System in a SMB).

Notes and Notices:

Anything free is meant to be taken with a pound of salt. I take no responsibility for loss or damage from implementation of the above commands on routers or networks without proper consultation and documentation done by myself in person with end-users. I do not suggest this configuration, by writing this I do not imply that this is a good idea to implement or configure in all situations.

In good afrikaans “Die is als voets-toets”.

Search

About

You are currently browsing the Network Ninja weblog archives for 'partner' tag.

Latest

RSS
  • Digital Growth with your Job
  • Open Shortest Path First – OSPF Fundamentals – Scenario
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 13
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 12
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 11
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 10
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 9
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 8
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 7
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 6

Archives

  • June 2009
  • April 2009
  • March 2009
  • February 2009
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008

Categories

  • 802.11 (7)
  • 802.1Q (1)
  • 802.1X (1)
  • AAA (1)
  • Access Point (7)
  • ACL (4)
  • Addressing (3)
  • Asides (31)
  • auto-summary (3)
  • AutoQoS (1)
  • Bandwidth (2)
  • BCMSN (55)
  • BDR (2)
  • BGP (1)
  • BPDU Filtering (1)
  • BPDU Guard (2)
  • BPDU Root Guard (1)
  • BSCI (67)
  • BSCI Notes (18)
  • BSCI Questions (48)
  • Business (1)
  • Cabling and Equiptment (3)
  • CAM (1)
  • CCDA (1)
  • CDP (1)
  • CEF (1)
  • Certification (123)
  • CIDR (2)
  • CIR (2)
  • Cisco Systems (144)
  • Concepts and Constructs (76)
  • CoS (1)
  • Cost (3)
  • DAI (1)
  • DDNS (1)
  • Debug (2)
  • DHCP Snooping (1)
  • DHCP Spoofing (1)
  • DR (3)
  • DUAL (1)
  • Dynamic ARP Inspection (1)
  • ECNM (5)
  • EIGRP (5)
  • Enterprise Architecture (7)
  • EtherChannel (1)
  • GLBP (1)
  • Hello Timer (2)
  • Hold Timer (2)
  • Hot Standby Router Protocol (1)
  • HSRP (1)
  • IGRP (1)
  • IIN (2)
  • Inter-Vlan Routing (1)
  • Interconnection Technologies (2)
  • IP Source Guard (1)
  • IS-IS (1)
  • ISL (1)
  • LACP (1)
  • Link State Advertisements (2)
  • Load Balancing (2)
  • Loop Guard (1)
  • MAC Address Flooding (1)
  • MLS (1)
  • MSTP (1)
  • NBAR (1)
  • NBMA (1)
  • Off-Topic (12)
  • OSPF (18)
  • PAgP (1)
  • passive-interface (1)
  • PoE (1)
  • Port Security (1)
  • Priority (2)
  • Proxy ARP (1)
  • PVC (1)
  • QoS (2)
  • RIP (1)
  • RIPv2 (1)
  • Root Guard (1)
  • RSTP (1)
  • Show (6)
  • Software (1)
  • SONA (2)
  • SSH (2)
  • STP (5)
  • Stub Router (3)
  • summary-address (1)
  • Support (4)
  • Switch Spoofing (1)
  • TCAM (1)
  • Telnet (2)
  • Troubleshooting (1)
  • Trunk (6)
  • Unidirectional Link Detection (1)
  • VACL (3)
  • VC (1)
  • Vine (20)
  • VLAN (11)
  • VLAN Hopping (1)
  • VLSM (1)
  • VoIP (1)
  • VRRP (1)
  • VTP (4)
  • VTY (1)
  • Wireless (7)

Styled with Sawchuk

Powered by WordPressabc and K21.0-RC7

Entries Feed and Comments Feed

48 queries. 2.3450 seconds.