Contents

To become a master network administrator and earn your CCNA, youve got to understand not just why Cisco switches trunk, but how. Learn the important details in this free tutorial from Chris Bryant, CCIE #12933.

Cisco CCNA Certification: How And Why Switches Trunk

Cisco CCNA Certification:  How And Why Switches TrunkYour CCNA studies are going to include quite a bit of information about switches, and for good reason. if you don't understand basic switching theory, you can't configure and troubleshoot Cisco switches, either on the CCNA exam or in the real world. That goes double for trunking!Trunking is simply enabling two or more switches to communicate and send frames to each other for transmission to remote hosts. There are two major trunking protocols that we need to know the details of for exam success and real-world success, but before we get to the protocols, let's discuss the cables we need.Connecting two Cisco switches requires a crossover cable. As you know, there are eight wires inside an ethernet cable. In a crossover cable, four of the cables "cross over" from one pin to another. For many newer Cisco switches, all you need to do to create a trunk is connect the switches with a crossover cable. For instance, 2950 switches dynamically trunk once you connect them with the right cable. If you use the wrong cable, you'll be there a while!There are two different trunking protocols in use on today's Cisco switches, ISL and IEEE 802.1Q, generally referred to as "dot1q". There are three main differences between the two. First, ISL is a Cisco-proprietary trunking protocol, where dot1q is the industry standard. (Those of you new to Cisco testing should get used to the phrases "Cisco-proprietary" and "industry standard".) If you're working in a multivendor environment, ISL may not be a good choice. And even though ISL is Cisco's own trunking protocol, some Cisco switches run only dot1q.ISL also encapsulates the entire frame, increasing the network overhead. Dot1q only places a header on the frame, and in some circumstances, doesn't even do that. There is much less overhead with dot1q as compared to ISL. That leads to the third major difference, the way the protocols work with the native vlan.The native vlan is simply the default vlan that switch ports are placed into if they are not expressly placed into another vlan. On Cisco switches, the native vlan is vlan 1. (This can be changed.) If dot1q is running, frames that are going to be sent across the trunk line don't even have a header placed on them; the remote switch will assume that any frame that has no header is destined for the native vlan.The problem with ISL is that is doesn't understand what a native vlan is. Every single frame will be encapsulated, regardless of the vlan it's destined for.Switching theory is a big part of your CCNA studies, and it can seem overwhelming at first. Just break your studies down into smaller, more manageable parts, and soon you'll see the magic letters "CCNA" behind your name!

Cisco CCNA / CCNP Certification Exam: Frame Relay Encapsulation Types

Cisco CCNA / CCNP Certification Exam:  Frame Relay Encapsulation Types

When you're studying to pass the Cisco CCNA and CCNP certification exams, you quickly learn that there's always something else to learn. (You'll really pick up on this in your CCIE studies, trust me!) Today we'll take a look at an often-overlooked topic in Frame Relay, the encapsulation type. You don't exactly change this on a daily basis in production networks (not if you want to stay employed, anyway!), but it's an important exam topic that you must be familiar with.The DCE and DTE must agree on the LMI type, but there's another value that must be agreed upon by the two DTEs serving as the endpoints of the VC. The Frame encapsulation can be left at the default of Cisco (which is Cisco-proprietary), or it can be changed to the industry-standard IETF, as shown below. If a non-Cisco router is the remote endpoint, IETF encapsulation must be used. Note that the default of Cisco isn't listed as an option by IOS Help, so you better know that one by heart! R1(config)#int s0R1(config-if)#encap frame ? ietf Use RFC1490/RFC2427 encapsulation R1(config-if)#encap frame ietfWhat if a physical interface is in use and some remote hosts require Cisco encapsulation and others require IETF? The encapsulation type can be configured on a per-PVC basis as well. One encap type can be used on the interface, and any map statements that require a different encap type can have that specified in the appropriate map statement. In the following example, all PVCs will use the default Cisco encapsulation type except for PVC 115. The frame map statement using that PVC has ietf specified.R1(config)#int s0/0R1(config-if)#encap frameR1(config-if)#frame map ip 172.12.123.3 123 broadcastR1(config-if)#frame map ip 172.12.123.2 122 ietf broadcastshow frame map shows us that the mapping to DLCI 123 is using Cisco encapsulation, and DLCI 122 is using IETF.R1#show frame mapSerial0 (up): ip 172.12.123.3 dlci 123(0x7B,0x1CB0), static broadcast, CISCO, status defined, activeSerial0 (up): ip 172.12.123.2 dlci 122(0x7B,0x1CB0), static broadcast, ietf, status defined, activeJust remember that Cisco is the default, and all PVCs will use Cisco unless you specify IETF in the frame map statement itself. You could also change the entire interface to use IETF for all mappings with the frame-relay encapsulation IETF command. For Cisco exams, as well as work on production networks, it's always a good idea to know more than one way to do something!

Cisco CCNA Certification: The Value Of The CCNA And CCNP

Cisco CCNA Certification:  The Value Of The CCNA And CCNP

One question I see often on the 'Net is "Is it worth my time to earn a CCNA / CCNP / CCIE certification?" My personal answer to that is a resounding yes. The power of Cisco certifications has allowed me to create a tremendous career, and they can do the same for you.There has never been a better time to accelerate your IT career, and earning a technical certification is a great way to do just that. I don't care if you're looking at earning an MCSE, a Cisco certification, Red Hat, or any other vendor - you are always better off having a technical certification than not having one. Technical certifications are an excellent way to market yourself and stand out from the crowd. Earning certifications shows a potential employer (and your current one) that you are willing to go the extra mile.Sadly, when you ask this question on most Internet message boards, you're going to get some very negative people giving you their "unbiased" opinion. Ask yourself this question: Do you want to entrust the direction of your career to someone you don't know, has no accountability for what they say, and has some kind of ax to grind? Do you want someone like that to decide whether you should earn a CCNA or CCNP?I can speak from experience on this point. When I told a few people that I was going to earn my CCIE, almost 100% of the responses I got were negative. "It's too hard", "no one can pass that", "the CCIE isn't worth the work", etc. Every single one of these statements is false, and again I speak from firsthand experience. The same is true for the CCNA, CCNP, and MCSE. All of these certifications can add value to your career and put more money in your pocket. But you have to make the decision to earn them and to "keep your goals away from the trolls".Don't ask anonymous strangers whether it's "worth the time" to get a CCNA, MCSE, or other computer certification. The only person you should ask that question of is yourself. Whether you want to start an IT career or jumpstart your current one, make the decision to move forward in your career - and then follow through on that decision.

How To Earn Ciscos Firewall Specialist Certification

How To Earn Ciscos Firewall Specialist Certification

Security is a hot topic in today's networks, and will continue to be for a long time to come. With that in mind, you must consider adding a Cisco security certification to your resume and firewall skills to your skill set.It's quite a jump from the CCNA to the CCSP (Cisco Certified Security Professional), and Cisco has made that leap more manageable by adding Specialist certifications. These certifications can give quite a boost to both your resume and your skill set, and act as a great "stepping stone" to the CCSP.At present, Cisco offers four VPN/Security certifications, those being Cisco Firewall Specialist, Cisco IPS Specialist, Cisco VPN Specialist, and Cisco VPN/Security Sales Specialist. Since every WAN engineer has contact with Cisco firewalls on a regular basis, we'll take a closer look at this popular certification first. (And those who want to be WAN engineers had better learn something about firewalls, too!)At the writing of this article (October 21, 2005), Cisco is offering an option for each of the two exams you'll need to pass to earn this certification. For the first exam, you can take either the 642-551 SND (Securing Cisco Network Devices) or 642-501 SECUR (Securing Cisco IOS Networks). The final day to register for the SECUR exam is December 19, 2005.For either, you'll need to be able to answer questions regarding the proper use of Cisco security devices; how to configure security on a Cisco switch and on a router, including syslog logging, AAA, ACLs, and security for router services and interfaces.The choices for the second exam are the 642-522 SNPA (Securing Network with PIX and ASA) and 642-521 CSPFA. Topics for these exams include , IPSec, NAT, firewalls, AAA, and policy mapping. (As always, you should check for the latest exam blueprints at Cisco's website. Click "Learning And Events" on the main page, www.cisco.com).The only prerequisite for this certification is that you must hold a valid CCNA certification. As always, getting some hands-on experience is the best way to prepare for your Cisco exams. (Your employer is going to get a little upset if you practice your configs on his or her PIX. It would be a good idea to have a good lawyer, too.) There are online rack rental services that include Cisco security devices in their pods. Cisco certifications are a great way to help protect your career as well as your network. The more you know, and the more varied your skills, the more valuable you are to your present and future employers. Use your CCNA as a foundation, and keep building on your skills!

Cisco CCNP Certification / BCMSN Exam Tutorial: The HSRP MAC Address

To pass the BCMSN exam and earn your CCNP, you've got to know HSRP inside and out! Part of that is knowing how the MAC address of the virtual router is derived, and another part is knowing how to change this address. We'll look at both features in this tutorial.We've got two routers on a segment running HSRP, so first we need to find out what the MAC address of the HSRP virtual router is. The show command for HSRP is show standby, and it's the first command you should run while configuring and troubleshooting HSRP. Let's run it on both routers and compare results.R2#show standbyEthernet0 - Group 5 Local state is Standby, priority 100 Hellotime 3 sec, holdtime 10 sec Next hello sent in 0.776 Virtual IP address is 172.12.23.10 configured Active router is 172.12.23.3, priority 100 expires in 9.568 Standby router is local 1 state changes, last state change 00:00:22R3#show standbyEthernet0 - Group 5 Local state is Active, priority 100 Hellotime 3 sec, holdtime 10 sec Next hello sent in 2.592 Virtual IP address is 172.12.23.10 configured Active router is local Standby router is 172.12.23.2 expires in 8.020 Virtual mac address is 0000.0c07.ac05 2 state changes, last state change 00:02:08R3 is in Active state, while R2 is in Standby. The hosts are using the 172.12.123.10 address as their gateway, but R3 is actually handling the workload. R2 will take over if R3 becomes unavailable.An IP address was statically assigned to the virtual router, but not a MAC address. However, there is a MAC address under the show standby output on R3, the active router. How did the HSRP process arrive at a MAC of 00-00-0c-07-ac-05?Well, most of the work is already done before the configuration is even begun. The MAC address 00-00-0c-07-ac-xx is reserved for HSRP, and xx is the group number in hexadecimal. That's a good skill to have for the exam, so make sure you're comfortable with hex conversions. The group number is 5, which is expressed as 05 with a two-bit hex character. If the group number had been 17, we'd see 11 at the end of the MAC address - one unit of 16, one unit of 1.On rare occasions, you may have to change the MAC address assigned to the virtual router. This is done with the standby mac-address command. Just make sure you're not duplicating a MAC address that's already on your network!R2(config-if)#standby 5 mac-address 0000.1111.22221d12h: %STANDBY-6-STATECHANGE: Ethernet0 Group 5 state Active -> LearnR2#show standbyEthernet0 - Group 5 Local state is Active, priority 150, may preempt Hellotime 4 sec, holdtime 12 sec Next hello sent in 3.476 Virtual IP address is 172.12.23.10 configured Active router is local Standby router is 172.12.23.3 expires in 10.204 Virtual mac address is 0000.1111.2222 configured 4 state changes, last state change 00:00:001d12h: %STANDBY-6-STATECHANGE: Ethernet0 Group 5 state Listen -> ActiveThe MAC address will take a few seconds to change, and the HSRP routers will go into Learn state for that time period. A real-world HSRP troubleshooting note: If you see constant state changes with your HSRP configuration, do what you should always do when troubleshooting - check the physical layer first. Best of luck on your BCMSN exam!

The Advantages of Official Microsoft and Cisco Certification Training Courses

Lots of aspirants in design and network management channel all their efforts in order to obtain highly recognized certifications such as MCSE (Microsoft Certified System Engineer) and MCSA (Microsoft Certified System Administrator). These world-recognized certifications are much desired, as they can easily make the difference between a prosperous, lucrative career in designand an average, low-rewarding job as a programmer. Most people would do anything to obtain such world-recognized certifications and they invest lots of money and time in the process, with little or no prospect of ever achieving their goals.There are thousands of scammers on the Internet who commonly lure people into buying various second-hand tutorials and self-study oriented training programs, promising great results with minimal effort. However, there are also many solid, reliable websites on the World Wide Web that provide students with elaborate, well-structured and comprehensive materials, facilitating the process of learning and guaranteeing success. Considering this fact, it is very important to distinguish between average speculants and professional websites that actually provide effective MCSE and MCSA training programs.If your time allows it, consider attending to a short classroom training course instead of using self-study oriented programs. There are websites that offer advanced MCSE and MCSA accelerated training courses, laboratories and seminaries, taught by well-trained, experienced professionals. Such classes are far superior to self-training programs, as they involve active participation, better comprehension and learning, stimulating students thinking and enhancing their overall skills. By participating to a 14-day official MCSE and MCSA training course, one is able to rapidly assimilate vital information regarding solution design and network management with the help of well-trained professionals. In addition, such training programs allow students to acquire a complete set of practical abilities that will help them in their future careers. Official MCSE and MCSA training programs guarantee graduates acceptance in the best companies of the w orld!Similar to MCSE and MCSA, CCNA (Cisco Certified Network Associate) and CCIE (Cisco Certified Internetwork Expert) certifications are also highly requested in present. There are various professional training centers that offer people the opportunity to participate to elaborate CCNA and CCIE training programs in exchange for a reasonable sum of money. By attending a five or six-day CCNA and CCIE training course, students can quickly familiarize themselves with latest Cisco technologies and hardware. During CCNA and CCIE training sessions , attending students receive constant support and feed-back from well-trained professionals. Such training courses are not only focused on theory; they are also aimed at forming and enhancing students practical skills regarding various aspects of Cisco technologies and hardware. Thousands of graduates recommend professional CCNA and CCIE training courses to people who wish to build a solid, successful c areer in the field.

Summary

To become a master network administrator and earn your CCNA, youve got to understand not just why Cisco switches trunk, but how. Learn the important details in this free tutorial from Chris Bryant, CCIE #12933.