Cisco, being one of the leaders in network innovations, understands this trend and tackles this need with the implementation of the CCNA Wireless certification track.

The CCNA Wireless Certification is one of Cisco’s Associate level certifications that is available along with two other specialized tracks, together known as the CCNA Concentrations.

For those of you who may not know what the CCNA Concentrations include, take a look at some of my previous articles where I describe what potential candidates need in order to prepare for and pass these exams:

• CCNA Certification Overview
• CCNA Security Certification
• CCNA Voice Certification

CCNA Wireless Certification

The CCNA Wireless Certification Exam, otherwise known as the Implementing Cisco Unified Wireless Network Essential (IUWNE) exam (640-721) consists of approximately 75-85 questions which must be completed in a time frame of 90 minutes.

If you want to get certified in Cisco’s Wireless field, you will want to begin with the associate level wireless cert, as it is a prerequisite for the professional level CCNP Wireless certification.

Like most of Cisco associate level exams, you have a number of options to choose from depending on your native language. These include English, Japanese, Chinese, Russian, Portuguese, Korean, French and Spanish, with all other languages, except English, given an additional 30 minutes. All this really means is that, if English is not the native language for the country you’re taking the exam in, you’ll be allotted that extra 30 minutes.

CCNA Wireless Exam Objectives

Now, let’s get into exactly what technologies and topics are covered on the CCNA Wireless 640-721 exam. You will be tested on your ability to install, configure and troubleshoot small to medium-sized Wireless Local Area Networks (WLANs).

These are the topics covered on the 640-721 exam as outlined on Cisco’s Learning Network:

Describe WLAN fundamentals

• Describe the basics of spread spectrum technology (modulation, DSS, OFDM, MIMO, Channels reuse and overlap, Rate-shifting, CSMA/CA)
• Describe the impact of various wireless technologies (Bluetooth, WiMAX, ZigBee, cordless phone)
• Describe wireless regulatory bodies, standards and certifications (FCC, ETSI, 802.11a/b/g/n, WiFi Alliance)
• Describe WLAN RF principles (antenna types, RF gain/loss, EIRP, refraction, reflection, ETC)
• Describe networking technologies used in wireless (SSID –> WLAN_ID –> Interface — >VLAN, 802.1q trunking)
• Describe wireless topologies (IBSS, BSS, ESS, Point-to-Point, Point-to-Multipoint, basic Mesh, bridging)
• Describe 802.11 authentication and encryption methods (Open, Shared, 802.1X, EAP, TKIP, AES)
• Describe frame types (associated/unassociated, management, control, data)

Install a basic Cisco wireless LAN

• Describe the basics of the Cisco Unified Wireless Network architecture (Split MAC, LWAPP, stand-alone AP versus controller-based AP, specific hardware examples)
• Describe the Cisco Mobility Express Wireless architecture (Smart Business Communication System — SBCS, Cisco Config Agent — CCA, 526WLC, 521AP – stand-alone and controller-based)
• Describe the modes of controller-based AP deployment (local, monitor, HREAP, sniffer, rogue detector, bridge)
• Describe controller-based AP discovery and association (OTAP, DHCP, DNS, Master-Controller, Primary-Secondary-Tertiary, n+1 redundancy)
• Describe roaming (Layer 2 and Layer 3, intra-controller and inter-controller, mobility groups)
• Configure a WLAN controller and access points WLC: ports, interfaces, WLANs, NTP, CLI and Web UI, CLI wizard, LAG AP: Channel, Power
• Configure the basics of a stand-alone access point (no lab) (Express setup, basic security)
• Describe RRM

Install Wireless Clients

• Describe client OS WLAN configuration (Windows, Apple, and Linux)
• Install Cisco ADU
• Describe basic CSSC
• Describe CCX versions 1 through 5

Implement basic WLAN Security

• Describe the general framework of wireless security and security components (authentication, encryption, MFP, IPS)
• Describe and configure authentication methods (Guest, PSK, 802.1X, WPA/WPA2 with EAP- TLS, EAP-FAST, PEAP, LEAP)
• Describe and configure encryption methods (WPA/WPA2 with TKIP, AES)
• Describe and configure the different sources of authentication (PSK, EAP-local or -external, Radius)

Operate basic WCS

• Describe key features of WCS and Navigator (versions and licensing)
• Install/upgrade WCS and configure basic administration parameters (ports, O/S version, strong passwords, service vs. application)
• Configure controllers and APs (using the Configuration tab not templates)
• Configure and use maps in the WCS (add campus, building, floor, maps, position AP)
• Use the WCS monitor tab and alarm summary to verify the WLAN operations

Conduct basic WLAN Maintenance and Troubleshooting

• Identify basic WLAN troubleshooting methods for controllers, access points, and clients methodologies
• Describe basic RF deployment considerations related to site survey design of data or VoWLAN applications, Common RF interference sources such as devices, building material, AP location Basic RF site survey design related to channel reuse, signal strength, cell overlap
• Describe the use of WLC show, debug and logging
• Describe the use of the WCS client troubleshooting tool
• Transfer WLC config and O/S using maintenance tools and commands
• Describe and differentiate WLC WLAN management access methods (console port, CLI, telnet, ssh, http, https, wired versus wireless management)

For an entry level cert, this sure does cover quite a number of topics. But then again, this is Cisco, the leader in Network innovation, so you can’t really expect anything less from them.

Why Get the CCNA Wireless Certification?

As I mentioned before, the wireless job market is beginning to pick up pace, with more and more companies expanding their infrastructure to include wireless. This is definitely going to require network engineers who have the skills needed to support these infrastructures and having a CCNA Wireless added to your resume will surely demonstrate this to potential and prospective employers.

The certification will help you set yourself apart from other candidates, or perhaps, get a pay raise or bonus, which is always a good thing. Another reason for getting it may be that you’re already working within the wireless field, but mainly with open source or other vendor platforms, and you’re interested in breaking into the Cisco world of wireless. Beginning with the CCNA Wireless will definitely give you the knowledge needed to understand how Cisco’s wireless technology works, which is the most important thing needed before you strive for the higher level certs.

CCNA Wireless Recommended Training

For reading materials I would recommend the Cisco Press CCNA Wireless Official Exam Certification Guide (CCNA IUWNE 640-721) by Brandon James Carroll and Sybex’s CCNA Wireless Study Guide by Todd Lammle. Both of these books go in depth on the topics covered within the exam.

Unfortunately, Cisco Press is yet to release a Quick Reference Guide for the CCNA Wireless track. This might be a disappointment to some, especially if you’re a big fan of Cisco’s Quick Reference Guides.

Cisco’s Learning Network also has a wealth of documentation that will help you with your studies. Plus, don’t forget to check out the Quick Learning Modules under the wireless section.

Turns out, finding training materials for this track can be quite a challenge. Train Signal along with Transcender are yet to release training and practice exams for the CCNA Wireless to their collections.

Finding simulators for your lab also is proving to be a challenge. My guess is that, as time goes on and the wireless field grows more and gets even higher in demand, then you will start to find training materials much easier.

At this point, there’s not much that I can recommend to you but I’ll be sure to update this post as soon as I find a recommended training, practice exam and simulation solution for the CCNA wireless track.

I hope you found this overview of the CCNA Wireless track informative and kindly feel free to post comments if you have any other recommended solutions for learning. Good Luck!

• Cisco CCNA Certification Guide
• Cisco CCNA Security Certification Guide

Today, I’ll be continuing with another one of the CCNA concentrations: CCNA Voice. I will follow the same format as in my previous articles, where I provide you with a brief overview of what the exam entails and what materials can be used to help you prepare and pass your exam.

Voice technology is also another field that has gained quite a lot of interest over the past couple of years and will continue to do so for some time to come. The Cisco CCNA Voice certification is geared towards candidates wanting to demonstrate their knowledge and skills in this field.

With a CCNA Voice cert added to your resume, you’re validating to employers that you have the necessary skills required to deploy and maintain a Cisco Voice infrastructure. Some of the technologies covered on the certification are Voicemail solutions, IP PBX, IP Telephony and call control.

Does CCNA Voice Have 2 Certification Options Like the Foundation CCNA?

The quick answer is yes.

Just like the CCNA, the CCNA Voice also has two options available to candidates:

• CCNA Voice Enterprise

The CCNA Voice Enterprise option is suited for professionals that will be working in large Voice environments. Candidates are required to be knowledgeable in how the Cisco Unified Communication Manager 6.0 (CUCM) works.

The advantage of taking this option is that, if you do later decide to go for your Cisco Certified Voice Professional (CCVP), you would have already completed one of the required 5 exams. Whereas, if you decide to take the commercial option outlined below, you’ll still have to complete all 5 exams.

The required exam for the enterprise option is 642-436.

• CCNA Voice Commercial

The CCNA Voice Commercial option focuses more on the technologies used by smaller to medium-sized organizations consisting of less than 2,000 employees. The Cisco Call Manager Express (CME) and the Cisco Unity Express (CUE) are the area’s most focused on.

The required exam for the commercial option is 640-460.

CCNA Voice Exam Objectives

As mentioned above, there are two exam options available to candidates, each with a different exam.

Let’s first take a look at the topics covered in the Enterprise (exam 642-436) option. The CVoice exam consists of approximately 60-70 questions that must be completed in 75 minutes. As a prerequisite for the CCNA Voice track, candidates are required to have a valid CCNA Certification (aka Not Expired).

Exam Objectives for CVoice – Enterprise (Exam 642-436)

These are just some of the objectives for this exam; for the complete list of topics, see Cisco’s Learning Network.

Describe the components of a gateway

• Describe the function of gateways
• Describe DSP functionality
• Describe the different types of voice ports and their usage

Describe a dial plan

• Describe a numbering plan
• Describe digit manipulation
• Describe path selection

Describe the basic operation and components involved in a VoIP call

• Describe VoIP call flow
• Describe RTP, RTCP, cRTP, and sRTP
• Describe H.323

Implement a gateway

• Describe the gateway call routing process
• Configure analog voice ports
• Configure digital voice ports
• Describe considerations for PBX integration

Describe the function and interoperation of gatekeepers within an IP Communications network

• Describe the function and types of gatekeepers
• Describe the interoperation of devices with a gatekeeper
• Describe gatekeeper signaling

Implement a gatekeeper

• Configure devices to register with a gatekeeper
• Configure gatekeeper to provide dial-plan resolution
• Configure gatekeeper to provide call admission control

Implement an IP-to-IP gateway

• Describe the IP-to-IP gateway features and functionality
• Configure gatekeeper to support an IP-to-IP gateway
• Configure IP-to-IP gateway to provide address hiding

Exam Objectives for CCNA Voice – Commercial (Exam 640-460)

Now, let’s look at some of the topics covered in the Commercial option (exam 640-460). The commercial option has approximately 60-70 questions with an allotted time of 90 minutes.

Describe the components of the Cisco Unified Communications Architecture

• Describe the function of the infrastructure in a UC environment
• Describe the function of endpoints in a UC environment
• Describe the function of the call processing agent in a UC environment

Describe PSTN components and technologies

• Describe the services provided by the PSTN
• Describe time division and statistical multiplexing
• Describe supervisory, informational, and address signalling

Describe VoIP components and technologies

• Describe the process of voice packetization
• Describe RTP and RTCP
• Describe the function of and differences between codecs
• Describe H.323, MGCP, SIP, and SCCP signalling protocols

Describe and configure gateways, voice ports, and dial peers to connect to the PSTN and service provider networks

• Describe the function and application of a dial plan
• Describe the function and application of voice Gateways
• Describe the function and application of voice ports in a Gateway

Describe and configure a Cisco network to support VoIP

• Describe the purpose of VLANs in a VoIP environment
• Describe the environmental considerations to support VoIP
• Configure switched infrastructure to support voice and data VLANs

Implement UC500 using Cisco Configuration Assistant

• Describe the function and operation of Cisco Configuration Assistant
• Configure UC500 device parameters
• Configure UC500 network parameters

Implement Cisco Unified Communications Manager Express to support endpoints using CLI

• Describe the appropriate software components needed to support endpoints
• Describe the requirements and correct settings for DHCP, NTP, and TFTP
• Configure DHCP, NTP and TFTP

Implement voicemail features using Cisco Unity Express

• Describe the Cisco Unity Express hardware platforms
• Configure the foundational elements required for Cisco Unified Communications Manager Express to support Cisco Unity Express
• Describe the features available in Cisco Unity Express

Perform basic maintenance and operations tasks to support the VoIP solution

• Describe basic troubleshooting methods for Cisco Unified Communications Manager Express
• Explain basic troubleshooting methods for Cisco Unity Express
• Explain basic maintenance and troubleshooting methods for UC500

CCNA Voice Training Options

As usual, the first place to look for training is the Cisco Press store. At least, this is where I usually start. From here you’ll find the 2 recommended books for both the Commercial and Enterprise options.

CCNA Voice Official Exam Certification Guide (640-460 IIUC) covers all the topics required for the commercial option.

Cisco Voice over IP (CVOICE) Authorized Self-Study Guide, 3rd Edition covers everything you need to know for the enterprise option.

There is also the Quick Reference Guides available for both books. Remember that these guides can be used in the review stages of your studies, basically the final stages just before you take the exam.

If you’ve read my past articles on Packet Tracer, you would have seen that this could be used for your CCNA and CCNA Security preparations. However, this is not the case for the CCNA Voice concentration. Your options for lab exercises are going to be Dynamips or Rack Rentals.

As is customary, I always recommend Transcender’s practice exams to use as practice before you sit the actual exam. The questions are usually to a slightly higher degree of difficulty than the real exam which is a good strategy to use. This way, when you sit the real exam, everything seems a lot easier. Of course, with proper preparation, all the questions will be manageable regardless of whether or not you use the Transcender engine.

CCNA Voice Track

If you’ve recently completed your CCNA and are currently looking to go further into the networking field, then you may want to consider taking the Voice path. A lot of jobs today require engineers to have some knowledge of voice technology and how to support it — the CCNA Voice track is an excellent cert to have.

Let us know your thoughts and if you have any other recommended training solutions. Good Luck!

The Packet Tracer, by Cisco, is a really cool tool for CCNA candidates, but it really can’t be used by candidates who are preparing for their professional and Expert level certs. The scenarios and labs that are done at these levels are way too complex.

As a professional level candidate you have just 3 options that are available to you.

You can invest the money to build your own lab using real Cisco gear. However, this is the most expensive option that not everyone can afford. Just the cost of the Cisco routers and switches will be enough to make anyone scream, not to mention the added charges to your electricity bill.

Your second option would be to rent rack time at one of the many vendors that provide this service. This is not a bad option. It is way cheaper than building your own lab and you get to practice on real equipment. The only down side to this is having to schedule your lab for an available time.

This might not seem like a big deal to most, but for me, it really is as my mind works differently; I usually have these phases that I like to call my “In the Zone” phases when I’m so focused on my studies that I can’t be bothered with whatever else is going on around me. Having to schedule my lab time to a date that is available and not exactly when I would like to do the lab (NOW!!!) can be somewhat inconveniencing. The only available date might be at a time when you just had a bad day, or you’re really just not in the mood for studying.

This is where your third option come in really handy. It’s called the GNS3 network simulator.

What is GNS3 Really About?

The GNS3 network simulator is free, open source software that can be downloaded and used by anyone. You can access the download at this link.

GNS3 works by using real Cisco IOS images which are emulated using a program called Dynamips.

GNS3 is really like the GUI part of the overall product. With this GUI, users get an easy to use interface that allows them to build complex labs consisting of a variety of supported Cisco routers.

The program that does the real job of emulating the routers using real IOS images is Dynamips. Most people refer to this as the back-end to the whole operation whereas Dynagen is referred to as the front-end. This is mainly because Dynagen communicates with Dynamips using a Hypervisor — all this put together helps to make the configuration process simpler.

Now, take this added usability and throw in the GUI provided by GNS3, and you’ve gotten yourself a really powerful, easy to use simulator.

Some Supported GNS3 Features

GNS3 website lists the following as some of the features provided by the simulator:

• Design of high quality and complex network topologies
• Emulation of many Cisco router platforms and PIX firewalls
• Simulation of simple Ethernet, ATM and Frame Relay switches
• Connection of the simulated network to the real world
• Packet capture using Wireshark

GNS3 Supported Platforms

These are the current platforms supported by GNS3.

As you can see from the table, you’ve got quite a list of devices that can be used with GNS3 to build your labs.

This is definitely another great feature of this simulator.

As you all know, with each different model of Cisco devices, you have more or less features supported by that model.

These mostly range from the types of commands supported on the particular IOS you’re running for that platform.

Using the GNS3 Network Simulator

Next, we’re going to take a look at some screen shots so that you get an idea of what an actual lab looks like.

This is the basic look of GNS3 when you start the program. To the left of the image is where all the devices are listed. From this area you would drag the devices you are going to use for the particular lab to the work area –center of the screen.

Here we have a shot of a Frame Relay lab consisting of 3 routers.

Finally, you can see the results of issuing the show run command.

Some Final Considerations

There is definitely a lot that can be done with the GNS3 network simulator. As you’ve seen from the screen shots above, you’re able to really configure your own labs using the devices you need, thereby giving you exactly the required practice needed for a particular Cisco exam.

However, there are some drawbacks to using GNS3. The main one being that you need your own Cisco IOS images in order to make use of the simulator. GNS3 does not come with built-in IOS images and explicitly states on the front of their page that users must provide their own IOS images.

In order for you to obtain IOS images you will need a CCO account, after which you’re able to download the images directly from Cisco’s website. We do not encourage getting these images by any other means.

Another drawback would be the amount of CPU resources used by GNS3. Well, to be technically correct, it isn’t GNS3 that is actually using up the resources of your CPU. It’s actually Dynamips and this can be seen from your Task Manager in Windows.

I’ve used GNS3 on a number of occasions while preparing for different Cisco exams and when I wanted to test a configuration in the lab before putting it into production. It’s really a good tool to have as an aspiring Cisco Engineer and as a network admin in general.

If you would like to learn more about GNS3 and how to configure different labs using it, check out this article that covers both GNS3 and Dynagen configurations or visit the GNS3 website where you’ll find access to a number of documentations.

The ONT exam is focused more on the Quality of Service (QoS) side of networking, whilst introducing some basic Wireless Local Area Network (WLAN) management and security solutions.

Basically, you will gain an understanding of why users experience better performance in some networks as opposed to others. One example of this is why during a call to another department or branch office you may experience difficulties hearing the person on the other end, or the call might be breaking up (also called jitter).

You gain knowledge of what it takes to provision for, and support a VOIP network, securing, and providing QoS for a Cisco WLAN solution.

The ONT exam consists of approximately 50-60 questions that must be completed in 90 minutes, for English speaking nationals, with an additional 30 minutes for everyone else.

How to Become a CCNP

As I mentioned in one of my previous posts, the requirements to become a CCNP include a valid CCNA certification and passing the following exams:

ONT 642-845 Exam Topics

The topics covered for the Optimizing Converged Cisco Networks are:

Describe Cisco VoIP implementations

• Describe the functions and operations of a VoIP network (e.g., packetization, bandwidth considerations, CAC, etc.)
• Describe and identify basic voice components in an enterprise network (e.g. Gatekeepers, Gateways, etc.)

Describe QoS considerations

• Explain the necessity of QoS in converged networks (e.g., bandwidth, delay, loss, etc.)
• Describe strategies for QoS implementations (e.g. QoS Policy, QoS Models, etc.)

Describe DiffServ QoS implementations

• Describe classification and marking (e.g., CoS, ToS, IP Precedence, DSCP, etc.)
• Describe and configure NBAR for classification
• Explain congestion management and avoidance mechanisms (e.g., FIFO, PQ, WRR, WRED, etc.)
• Describe traffic policing and traffic shaping (i.e., traffic conditioners)
• Describe Control Plane Policing
• Describe WAN link efficiency mechanisms (e.g., Payload/Header Compression, MLP with interleaving, etc.)
• Describe and configure QoS Pre-Classify

Implement AutoQoS

• Explain the functions and operations of AutoQoS
• Describe the SDM QoS Wizard
• Configure, verify, and troubleshoot AutoQoS implementations (i.e., MQC)

Implement WLAN security and management

• Describe and Configure wireless security on Cisco Clients and APs (e.g., SSID, WEP, LEAP, etc.)
• Describe basic wireless management (e.g., WLSE and WCS). Configure and verify basic WCS configuration (i.e., login, add/review controller/AP status, security, and import/review maps)
• Describe and configure WLAN QoS

Preparing for Your CCNP ONT Exam

  •   CCNP ONT Books

The only book that I would recommend is the CCNP ONT Official Exam Certification Guide from Cisco Press.

It covers all of the 642-845 exam topics and it is the official study guide for the ONT exam. The book also includes practice exam questions on a CD-ROM and it’s reasonably priced.

If you have another CCNP ONT book that you’d like to recommend feel free to post it in the comments below.

  •   CCNP ONT Training Videos

Train Signal’s CCNP Training Package covers all 4 of the CCNP exams in detail including: BSCI (642-901), BCMSN (642-812), ISCW (642-825) and ONT (642-845), but you can get the single ONT Training if you’d like.

Chris Bryant CCIE #12933 is an excellent instructor. I really enjoy his videos and I’m still using them to prepare for my final two CCNP exams.

Forgive me for using the “CCIE #12933″, but it’s literally stuck in my head. It’s usually how Chris begins each video series. And having watched his videos for hours after hours, well, it’s only right that I remembered

  •   Cisco Learning Network

The Cisco Learning Network is a fantastic community to be a part of while preparing for any Cisco exam.

Make sure you browse the ONT Section and join the study group for that section. Doing this enables you to receive emails every time someone posts a comment or question to that part of the community. I found this particularly helpful. I was literally receiving emails all the time, and even when I’m not at a PC, I’d still get emails to my mobile, so I was always able to keep up to date with the latest discussions that were taking place.

Also, the moderators are very fast at responding to your questions, so you don’t have to wait a long time before you get a response.

  •   Cisco Simulators

Personally I didn’t use any simulators for this exam. I found the materials to be mostly theoretical, with probably a couple of straightforward commands to use in order to implement the QoS technique that best suits your configuration.

This was another reason why I really found this particular exam to not be as interesting as the ISCW exam, or even the BCMSN and BSCI.

However, for those of you who must practice the commands, there are a variety of rack rental vendors you can choose from. Unfortunately, you can’t use Packet Tracer to practice these commands as it’s only suited for the CCNA and CCNA Security certs. But here’s what you can use:

• Internetworkexperts
• IPexpert

  •   CCNP ONT Practice Exams

As usual, my choice for practice exams is the Transcender test engine.

Taking practice exams after you’ve finished going through the study materials helps you to identify your weak areas. It also gives you detailed explanations for each incorrect answer, thereby further helping you to zone in on that subject area.

Another great feature about this particular test engine is that the explanations aren’t just for the correct answers. It explains why each option would be either correct or incorrect.

How I Prepared For and Passed My ONT Exam

Well, immediately after passing the ISCW exam on Friday, November 13th (a so called black Friday , I began reading the Cisco CCNP ONT 642-845 Official Exam Certification Guide that I mentioned above.

Let me be honest, I hated this particular exam. The chapters seemed to take forever to finish, and when I finally completed them, I felt as if someone tried to teach me French. I was reading stuff about sample rate, paketization, Quality of Service, Nyquist theorem. Whoa! This stuff can literally give you a headache if you didn’t like theory.

At this stage I was really feeling dumb for not understanding the materials. Luckily, after watching Chris Bryant explain the topics, it began to get clearer to me. And suddenly, before you knew it, I was grasping the concepts.

Let’s take the Nyquist theorem for example. The name alone sounds daunting, and with the added graphs the book had, it reminded me of a Physics class. But it turned out that it wasn’t that bad after all. Personally I felt the book went too deep into the explanations of this particular topic, which completely confused me, but that was probably just my lack of understanding.

It took me approximately a month and a half to prepare for this exam which was about the same for the ISCW. Actually, the ironic part to this whole story is that my score on the ONT was actually higher than my score for ISCW! And I loved the technologies that were a part of the ISCW materials as opposed to the ONT stuff.

I completed my ONT exam in just about an hour with lots of time to spare.

Next Step on My CCNP Journey

As for my next exam, I’m still pondering on whether to do the 642-892 Composite or whether to take the BCMSN followed by the BSCI. Either way, you’ll know exactly which path I chose and why in my next post about my CCNP journey.

Best of luck on your next exam and feel free to post if you have any suggestions for Cisco study materials or methods used.

This is where network simulators come in handy. Simulators allow you to practice the commands used to configure actual devices, thereby giving you an idea of what to expect when you do get the chance to configure real Cisco hardware.

As with most software solutions, you have a variety of vendors to choose from, with each providing more features than the other and each being a different price.

However, Cisco’s Packet Tracer can be downloaded at Cisco’s Networking Academy website at NO cost. There is one catch to this though, you have to be a member of the Networking Academy, either by being a student or an instructor.

Cisco Packet Tracer allows you to simulate different networking scenarios using virtual Cisco Routers and Switches. It allows you to perform a number of functions that will help you learn how to use Cisco technology. These include being able to simulate, visualize and work together on collaborative scenarios.

Please Note: Only Cisco Networking Academy users are allowed to legally use the Cisco Packet Tracer.

As you can see from the picture below, Packet Tracer’s interface is really intuitive and straightforward to follow.

You’re able to configure different routing protocols like RIP,RIPv2, OSPF and EIGRP and witness routing convergence. Below you can find a list of protocols supported by Cisco’s packet tracer.

Supported Operating Systems for Cisco Packet Tracer

Currently the latest version of Packet Tracer is 5.2 and supports the following operating systems:

• Windows XP
• Windows 2000
• Vista Home Basic
• Vista Home Premium
• Linux (Ubuntu 7.10 and Fedora 7)

System Requirements for Cisco Packet Tracer

These are the minimum system requirements to successfully install and run the Packet Tracer:

• CPU: Intel Pentium 300 MHz or equivalent
• Listed Operating Systems above
• RAM: 96 MB
• Storage: 250 MB of free disk space
• Screen resolution: 800 x 600 or higher
• Macromedia Flash Player 6.0 or higher
• Language fonts supporting Unicode encoding (if viewing in languages other than English)
• Latest video card drivers and operating system updates

However, Cisco recommends these for optimal performance

• CPU: Intel Pentium II 500 MHz or better
• OS: Microsoft Windows XP
• RAM: 256 MB or more
• Storage: 300 MB of free disk space
• Screen resolution: 1024 x 768
• Sound card and speakers
• Internet connection: 56K dial-up or faster (if using the multiuser feature)

Protocols Supported by Cisco Packet Tracer

One of the really cool things I love about version 5.2 is the number of supported protocols that enable to test most, if not all, of the CCNA objectives, whilst also providing some new security commands that enable you to configure technologies like Site-to-Site VPN.

These are the current supported protocols on version 5.2:

Application:

• HTTP, HTTPS, TFTP, Telnet, SSH, DNS, DHCP, NTP, SNMP, AAA, Radius, TACACS, Syslog

Transport:

• TCP and UDP, TCP Nagle Algorithm & IP Fragmentation

Network:

• IPv4, ICMP, ARP, IPv6, ICMPv6, IPSec, GRE, ISAKMP
• RIPv1/v2/ng, Multi-Area OSPF, EIGRP, Static Routing
• Multilayer Switching, L3 QoS, NAT
• Context Based Access Lists , Zone-based policy firewall and Intrusion Protection System on the ISR

Network Access/Interface:

• Ethernet (802.3), 802.11, HDLC, Frame Relay, PPP
• STP, RSTP, VTP, DTP, CDP, 802.1q, PAgP, LACP
• L2 QoS, SLARP, Auto Secure, Simple WEP, WPA, EAP

As you can see from the list above, you’re clearly able to perform a number of simulations to test your knowledge.

Using Cisco Packet Tracer

Below are some screen shots to give you an idea of what a typical Packet Tracer lab would look like.

In this lab I simulated the configuration for Inter-Vlan Routing, using a Cisco 1811 router, Cisco 2950 Switch, 3 Client PCs and the Cloud to represent the internet.

Clicking on the device brings up the following window with 3 tabs:

• Physical
• Config
• CLI

Depending on the device clicked on, the tabs will have different configuration options pertaining to that particular device.

Cisco Packet Tracer: Physical Tab

From this screen you’re able to make physical adjustments to the device such as adding additional add-in cards (Cisco 1811 in this case).

Cisco Packet Tracer: Config Tab

The Config tab allows you to make quick configuration changes to the device as opposed to using the CLI.

Cisco Packet Tracer: CLI Tab

Using the CLI tab, you gain access to the command line interface where you can configure the device using the actual Cisco Commands. This is where the real fun begins!

And finally we have an overview image of what the lab looks like.

Cisco Packet Tracer: Is It Right For You?

In my opinion, Cisco Packet Tracer really stands out from the other vendor options of network simulation software. It comes equipped with a suite of supported protocols that allow students to perform simulations and really get a good idea of what actual configurations on real devices look and feel like.

Cisco candidates are able to work in groups or individually to complete these tasks. However, there is one thing that the Packet Tracer doesn’t simulate (as of yet anyway), and that is the Cisco Security Device Manager (SDM). SDM is becoming an important part of the CCNA curriculum and as such, you are definitely going to need some way of getting familiar with it.

At the moment, Cisco Packet Tracer only supports features that will assist you, while preparing for your CCNA exam and the CCNA Security exam. So, for those pursuing any of the other CCNA Specializations, you might need to look into renting rack time to be able to practice your labs.

I hope you find Cisco Packet Tracer to be as fun as I did while preparing for my CCNA. Have fun, and go knock those labs out!

Cisco Packet Tracer Resources:

• Cisco Packet Tracer at a Glance
• Cisco Packet Tracer Datasheet
• Cisco Packet Tracer Trivia Game
• Cisco Packet Tracer Video

For those of you that are familiar with my articles here on Train Signal Training, you already know that I’m CCNA certified and I’m currently working on my CCNP.

Since I just recently started my journey towards that goal, I figured I might as well share each and every step I take towards my CCNP it with all of you, so that you can have an idea of what my experiences were like — and what you can expect if you’re getting CCNP certified.

About Cisco’s Professional Certifications

The Cisco Certified Network Professional (CCNP) is Cisco’s Professional level of certification in the routing and switching field.

Since Cisco has several Professional level certifications, you might be wondering why I chose this path as opposed to, say, a CCNP Wireless, CCVP (Voice Specialist) or a CCSP (Security Specialist).

For me, it was more about my passion for the routing and switching environment. I also took into consideration the fact that the CCNP certification would help me advance my networking career faster and provide me with more opportunities, while I continue along the path to becoming an expert in Cisco.

However, the career path you choose might be different.

My advice on choosing your next level of Cisco certification would be to look for a field you really love while comparing it to your local job market needs. Currently in my region, Cisco routers and switches are selling faster than, let’s say, Cisco IP Phones, so if I had chosen the Voice path, I wouldn’t have gotten to really put my skills to work after attaining the cert.

So take your time and do lots of surveying to make sure that the path you choose has some kind of immediate market need and of course, that you have an interest for that field.

How to Become a CCNP

As you might already know, you need a valid CCNA certification in order to take any of the Professional level exams.

Based on the current CCNP requirements, you need to sit and pass 3 or 4 exams in order to become a CCNP. As with your CCNA, there’s also a composite exam, which can help you to attain your cert even faster.

These are the current exams as listed on Cisco’s Website:

• Building Scalable Cisco Internetworks (BSCI 642-901)
• Building Cisco Multilayer Switched Networks (BCMSN 642-812)
• Implementing Secure Converged Wide Area Networks (ISCW 642-845)
• Optimizing Converged Cisco Networks (ONT 642-825)
• Composite BSCI and BCMSN (642-892)

Today, I’ll be touching on the ISCW exam as this was the first exam I took and passed ( thankfully).

CCNP ISCW (642-845) Exam

The Implementing Secure Converged Wide Area Networks exam validates a Cisco professional’s ability to expand and secure corporate networks using Cisco routers and switches, more so, routers.

Topics consist of being able to secure routers and switches (also called hardening), configuring IPSec VPNs using both the CLI (Command Line Interface) and Cisco’s SDM (Security Device Manager), configuring CBAC Firewalls and site-to-site VPNs.

Below are the exam objectives as listed on Cisco’s Learning Network (BTW, I love this site):

Implement basic teleworker services

• Describe Cable (HFC) technologies
• Describe xDSL technologies
• Configure ADSL (i.e., PPPoE or PPPoA)
• Verify basic teleworker configurations

Implement Frame-Mode MPLS

• Describe the components and operation of Frame-Mode MPLS (e.g. packet-based MPLS VPNs)
• Configure and verify Frame-Mode MPLS

Implement a site-to-site IPSec VPN

• Describe the components and operations of IPSec VPNs and GRE Tunnels
• Configure a site-to-site IPSec VPN/GRE Tunnel with SDM (i.e. pre-shared key)
• Verify IPSec/GRE Tunnel configurations (i.e., IOS CLI configurations)
• Describe, configure, and verify VPN backup interfaces
• Describe and configure Cisco Easy VPN solutions using SDM

Describe network security strategies

• Describe and mitigate common network attacks (i.e., Reconnaissance, Access, and Denial of Service)
• Describe and mitigate Worm, Virus, and Trojan Horse attacks
• Describe and mitigate application-layer attacks (e.g., management protocols)

Implement Cisco Device Hardening

• Describe, Configure, and verify AutoSecure/One-Step Lockdown implementations (i.e., CLI and SDM)
• Describe, configure, and verify AAA for Cisco Routers
• Describe and configure threat and attack mitigation using ACLs
• Describe and configure IOS secure management features (e.g., SSH, SNMP, SYSLOG, NTP, Role-Based CLI, etc.)

Implement Cisco IOS firewall

• Describe the functions and operations of Cisco IOS Firewall (e.g., Stateful Firewall, CBAC, etc.)
• Configure Cisco IOS Firewall with SDM
• Verify Cisco IOS Firewall configurations (i.e., IOS CLI configurations, SDM Monitor)

Describe and configure Cisco IOS IPS

• Describe the functions and operations of IDS and IPS systems (e.g., IDS/IPS signatures, IPS Alarms, etc.)
• Configure Cisco IOS IPS using SDM

How I Studied for my CCNP ISCW Exam

To prepare for my first Professional level exam, I started off by reading the Cisco Press ISCW Official Exam Guide along with watching Chris Bryant’s CCNP ISCW training videos from Train Signal.

From time to time, I also used Cisco’s Quick Learning Modules to hone in on specific topics.

I would usually read one chapter of the book, and then if I wasn’t too clear on it, I would watch the Chris Bryant videos on that particular topic, before re-reading the chapter again. I found this method really works for me because gradually the topics began to get really clear.

I would say it took me roughly about a month and a half to two months to prepare for this exam. This consisted of hours and hours of reading (lol, something I only recently started to like) from Sunday to Sunday.

Sometimes I read so much that my head started to hurt and I even complained to my Twitter buddies how I must be going blind, because after those intense periods of reading, I usually noticed the letters on other programs looking way smaller than they were (I still haven’t gotten my eyes checked to verify if I am indeed going blind lol).

Also, don’t forget to utilize Cisco’s Quick Learning Modules that can be found on their Learning Network website. There was one particular topic that gave me a tough time at first — IPSec VPNs — and really understanding how the different phases of authentication and negotiations worked. After looking at Cisco’s Quick Learning Module presentation on this topic, I was amazed at how quickly I grasped the concept.

This is another reason why having multiple learning sources can greatly help you with your exam preparation.

Practice Makes Perfect — Even for the CCNP ISCW Exam

Of course no Cisco exam is complete without some simulation being thrown into the mix and for this phase of my studies I used the famous GNS3.

In my opinion, this simulation totally beats any other simulation out there — reason being, you are using real Cisco IOS images and the only thing that is simulated is the hardware. Awesome stuff, I know.

With the GNS3 I was able to practice my IPSec VPN site-to-site configurations along with the basic MPLS configurations. Getting experience with CBAC Firewall configurations, Intrusion Prevention Systems and hardening Cisco routers all came from a project I was working on while I was studying. Yup, I’m a pretty lucky guy huh.

Part of the project consisted of installing and configuring a Cisco router to allow VPN access for clients, so I was able to practice with SDM (of course, before actually putting the gear into production).

How I Passed my CCNP ISCW Exam

After about 1.5 months of intense preparation, I felt really confident — confident enough to register for the exam.

The CCNP ISCW exam consists of approximately 50 to 60 questions that must be answered in 90 minutes.

Luckily for me, I’m currently in a location where English is not the main language so I was automatically awarded 30 minutes extra, and trust me — those 30 minutes came in handy. I actually used up all the time that was allotted to me.

So what does that say about the exam? Was it that difficult that I wasn’t able to complete it in the regular 90 minutes and had to use the extra 30 minutes?

Well, to be honest, I wouldn’t say it was extremely difficult, but it wasn’t easy either. Challenging would actually be the perfect word to describe the ISCW exam.

I think I spent more time than I should have on certain questions because I knew that once I clicked next, I would not be able to go back and review my answer. So remember, your first answer is your final answer on Cisco exams.

Then there were the simulation questions. These proved to be quite more challenging than I first thought, so I spent a lot of time working on these.

But all in all, it has been a very exciting experience. It provided me with exactly the skills I needed to complete the project I was working on at work while the exam itself and my approach to answering the questions, highlighted areas in which I needed to improve on for my next exam.

 
Best of luck to you! I hope you will continue to follow me along on my journey towards getting my CCNP! For me, the ONT (642-845) exam is next!

Quick List of Resources I Used to Prepare for my ISCW Exam

• Cisco Press CCNP ISCW Official Exam Certification Guide
• Cisco Press CCNP ISCW Quick Reference Sheets
• Cisco Learning Network
• Train Signal Chris Bryant CCNP Training Videos
• GNS3 Simulator

Today, I’m going to be focusing on one of the specialty certificates which you may want to get after completing your CCNA — the CCNA Security Certification: Implementing Cisco IOS Network Security (exam 640-553).

We’ll take a look at the exam objectives and some recommended training materials that will help you prepare for your CCNA Security certification.

Network Security: The Most In Demand IT Skill Today

Why would you want to get the CCNA Security cert?

Well for one thing, it’s a great move for your career, as all companies are looking for security savvy IT pros. If you look at the current job postings for networking professionals, you will notice that security is one of the top skills that companies are looking for.

Network security is also one of the most important factors in today’s business environments, thus the need for you to be proactive in your approach towards securing your company’s data.

As technology advances, so does the kinds of vulnerabilities that an attacker can use to exploit your network. Cisco understands this concept and is keen in ensuring that their products aren’t just the best in terms of performance and reliability, but also in ensuring that they’re at the top of their game when it comes to security.

The CCNA Security certification track prepares candidates to be able to do just that. It covers a wide range of topics, focusing on securing Cisco routers and switches (also called Hardening Cisco Devices).

CCNA Security candidates will gain the knowledge needed to mitigate network attacks by properly configuring Cisco devices.

Cisco CCNA Security Exam (640-553) Objectives

To take the CCNA Security exam, you must have a valid CCNA certification. Once you pass your exam, your CCNA Security certification will be valid for three years.

These are the objectives for the CCNA Security Exam: Implementing Cisco IOS Network Security (640-553) as listed on Cisco Learning Network:

Describe the security threats facing modern network infrastructures

• Describe and list mitigation methods for common network attacks
• Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
• Describe the Cisco Self Defending Network architecture

Secure Cisco routers

• Secure Cisco routers using the SDM Security Audit feature
• Use the One-Step Lockdown feature in SDM to secure a Cisco router
• Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements
• Secure administrative access to Cisco routers by configuring multiple privilege levels
• Secure administrative access to Cisco routers by configuring role based CLI
• Secure the Cisco IOS image and configuration file

Implement AAA on Cisco routers using local router database and external ACS

• Explain the functions and importance of AAA
• Describe the features of TACACS+ and RADIUS AAA protocols
• Configure AAA authentication
• Configure AAA authorization
• Configure AAA accounting

Mitigate threats to Cisco routers and networks using ACLs

• Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets
• Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI
• Configure IP ACLs to prevent IP address spoofing using CLI
• Discuss the caveats to be considered when building ACLs

Implement secure network management and reporting

• Use CLI and SDM to configure SSH on Cisco routers to enable secured management access
• Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server

Mitigate common Layer 2 attacks

• Describe how to prevent layer 2 attacks by configuring basic Catalyst switch security features

Implement the Cisco IOS firewall feature set using SDM

• Describe the operational strengths and weaknesses of the different firewall technologies
• Explain stateful firewall operations and the function of the state table
• Implement Zone Based Firewall using SDM

Implement the Cisco IOS IPS feature set using SDM

• Define network based vs. host based intrusion detection and prevention
• Explain IPS technologies, attack responses, and monitoring options
• Enable and verify Cisco IOS IPS operations using SDM

Implement site-to-site VPNs on Cisco Routers using SDM

• Explain the different methods used in cryptography
• Explain IKE protocol functionality and phases
• Describe the building blocks of IPSec and the security functions it provides
• Configure and verify an IPSec site-to-site VPN with pre-shared key authentication using SDM

Recommended Training Materials for the CCNA Security Exam

Cisco Press really should be your first place to look when considering purchasing study materials for this exam as the material is authorized and published by Cisco. This means that you are guaranteed that the topics covered in the books are exactly what Cisco recommends you study in order to prepare and pass your exam.

  •   CCNA Security Books

The CCNA Security Official Exam Certification Guide by Michael Watkins and Kevin Wallace is the recommended book and can be found on the Cisco Press website.

It covers all of the exam objectives while providing you with questions to test your knowledge of the subject matter.

However, I would not recommend this book to be your only source of exam preparation. This text is a good place to start as it will help you get ready for the 640-553 exam, but make sure too utilize other training materials including practice exams and simulators as well.

The CCNA Security Quick Reference is another good book to check out. After you have completed most of your studies and are at the final stages before your exam, this reference guide is a really good tool to provide you with quick reminders of the main topics the exam covers, stuff you should know before actually taking the exam.

  •   CCNA Security Training Videos

As you know by now, I’m a big fan of Train Signal’s training videos. I’ve used them for my CCNA and currently I’m using them for my CCNP studies as well. They truly are one of the best providers of self paced training materials.

Chris Bryant is your instructor for the CCNA Security track as was the case with the CCNA training. This guy is really good, trust me.

Plus the training covers all of the exam objectives and Chris Bryant goes over lots of examples, which can be helpful when you’re practicing your commands on a simulator.

  •   Cisco Simulators

Cisco updated their Packet Tracer to 5.2 which was a really cool upgrade. It now includes commands to help you pass your CCNA Security exam, like being able to configure site-to-site VPNs, and AAA on your device.

GNS3 is probably the closest you’ll come to actually testing the Cisco IOS commands on a real IOS, without actually having the hardware.

Sounds confusing? It’s really not. What GNS3 actually does is use real Cisco IOS images and simulate the hardware so that you can do actual configurations using the IOS. Awesome stuff!

  •   Cisco Learning Network

Again I must stress how useful the Cisco Learning Network can be when preparing for any Cisco Certification.

As I mentioned in my previous article, make sure to sign up and join this community of peers just like you — aspiring to get their Cisco certifications. You gain access to a wealth of resources, one of my favorite being the Quick Learning Modules, which are simple and short videos, explaining various topics covered on the exam.

  •   CCNA Security Practice Exams

Yes! The famous Transcender test engines. These exams truly are amazing at how they test your knowledge of the exam materials.

They even provide you with explanations to each question you got wrong, so that when you are reviewing your practice exam results, you’ll know exactly why you got that particular question wrong.

Set Yourself Apart with the Cisco Security Certification

Overall, the CCNA Security track covers topics that are instrumental in providing technicians with the skills they need to properly secure corporate networks using Cisco switches and routers.

Achieving your CCNA Security certification also sets you apart from other applicants, mainly because it provides proof to current and potential employers that you do in fact know your security stuff as opposed to just putting on your resume that you have some security experience. You will also feel more comfortable in your role as a network admin because you will have a better understanding of security.

I hope this article has been informative to you. Let me know if you have any other recommended materials to share.

Good luck on your next Cisco exam!

It provides professionals with the skills needed to manage small to medium size companies and branch offices, including being able to configure, troubleshoot and maintain Cisco routers and switches.

Getting your CCNA can be quite a challenge, but with a set goal, determination and a good study strategy, you too can quickly become a CCNA.

Today, I’ll be giving you an overview of the CCNA exams, the different paths available to get your CCNA and some preparation techniques — techniques I found useful when I was preparing for my CCNA.

How to Choose the Right CCNA Path

There are two paths you can take to get your CCNA:

1. The first path consists of taking two exams: the 640-822 ICND1 and the 640-816 ICND2
2. The second path consists of taking just one exam: the 640-802 CCNA

Your choice will depend heavily on your current knowledge and experience.

If, let’s say, you’re someone that already has some networking experience and you’ve administered small networks before, then you might find the single exam a better option.

On the other hand, if you’re practically new to networking and have no experience at all within this field, then you’ll definitely want to take the first path, which breaks the materials down into two exams, thereby teaching you the very basics of networking before heading into Cisco technology.

CCENT Exam 640-822: Interconnecting Cisco Networking Devices Part 1

Interconnecting Cisco Networking Devices Part 1 (aka ICND1) exam provides candidates with a basic foundation in networking technologies and troubleshooting.

These range from the OSI Model, routing and switching, TCP/IP, configuring RIP/RIPv2, NAT, DHCP, and, of course, learning the basics of how to use Cisco’s IOS operating system.

The ICND1 exam number is 640-822 and consists of approximately 40 to 50 questions which must be completed within 90 minutes. And the exam is currently available in 8 different languages.

Passing the 640-822 exam earns you your Cisco Certified Entry Network Technician (CCENT) certificate.

ICND1 Exam Objectives

Here are just some of the objectives as listed on Cisco’s Learning Network for the ICND1 exam:

Describe the operation of data networks

• Describe the purpose and functions of various network devices
• Select the components required to meet a given network specification
• Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network
• Describe common networking applications including web applications
• Describe the purpose and basic operation of the protocols in the OSI and TCP models

Implement a small switched network

• Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts
• Explain the technology and media access control method for Ethernet technologies
• Explain network segmentation and basic traffic management concepts

Implement an IP addressing scheme and IP services to meet network requirements for a small branch office

• Describe the need and role of addressing in a network. Create and apply an addressing scheme to a network
• Assign and verify valid IP addresses to hosts, servers, and networking devices in a LAN environment
• Explain the basic uses and operation of NAT in a small network connecting to one ISP
• Describe and verify DNS operation

Implement a small routed network

• Describe basic routing concepts (including: packet forwarding, router lookup process)
• Describe the operation of Cisco routers (including: router bootup process, POST, router components)
• Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts
• Configure, verify, and troubleshoot RIPv2

For the complete list of objectives for the ICND1 exam see this link on Cisco’s Learning Network — note that you will need to create a user account to view this information.

CCNA Exam 640-816: Interconnecting Cisco Networking Devices Part 2

ICND2 picks up where ICND1 left off, by going into further details on those networking technologies you learned about, while introducing you to more advanced topics.

Some of the topics include configuring and troubleshooting VLANs, RSTP, STP, EIGRP, OSPF, Frame Relay connection and point-to-point connections and ACLs.

The ICND2 exam number is 640-816 and consists of approximately 40 to 50 questions which must be completed in 75 minutes. The time difference for this exam alone says it all. ICND2 is definitely more difficult than ICND1.

By passing the ICND2 exam you will earn the CCNA certification.

ICND2 Exam Objectives

Some of the objectives for ICND2 are as follows:

Configure, verify and troubleshoot a switch with VLANs and interswitch communications

• Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q)
• Describe how VLANs create logically separate networks and the need for routing between them
• Configure, verify, and troubleshoot VLANs
• Configure, verify, and troubleshoot trunking on Cisco switches
• Configure, verify, and troubleshoot interVLAN routing

Implement an IP addressing scheme and IP Services to meet network requirements in a medium-size Enterprise branch office network

• Calculate and apply a VLSM IP addressing design to a network
• Determine the appropriate classless addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment
• Describe the technological requirements for running IPv6 (including: protocols, dual stack, tunneling, etc)

Configure and troubleshoot basic operation and routing on Cisco devices

• Compare and contrast methods of routing and routing protocols
• Configure, verify and troubleshoot OSPF
• Configure, verify and troubleshoot EIGRP
• Verify configuration and connectivity using ping, traceroute, and telnet or SSH

Implement, verify, and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network

• Describe the purpose and types of access control lists
• Configure and apply access control lists based on network filtering requirements
• Configure and apply an access control list to limit telnet and SSH access to the router
• Verify and monitor ACL’s in a network environment

Implement and verify WAN links

• Configure and verify Frame Relay on Cisco routers
• Troubleshoot WAN implementation issues
• Describe VPN technology (including: importance, benefits, role, impact, components)
• Configure and verify PPP connection between Cisco routers

For the complete list of objectives for the ICND2 exam see this link on Cisco’s Learning Network –note that you will need to create a user account to view this information.

CCNA Exam 640-802: Cisco Certified Networking Associate

The CCNA 640-802 exam is what is known as the composite exam for the CCNA. As the name suggest, the exam consists of objectives from both the ICND1 and ICND2.

It’s basically a one shot one kill exam — pass the 640-802 exam and you’re automatically CCNA certified.

Now I know a lot of you might be tempted to go straight for this option — but be warned! The 640-802 exam is very difficult to pass.

It requires a lot of dedication and studying mainly because you need to know everything from both of the ICND exams and be able to answer the questions in less time. It requires a lot of speed, especially when working on subnetting problems.

Approximately 45 to 50 questions must be answered within the allotted time of 90 minutes.

Like all Cisco Certifications, the CCNA is only valid for 3 years, and must be renewed before expiration.

There are a number of options available when it comes to recertification. For a list of these have a look at Cisco’s Website.

How to Prepare for Your CCNA Exam

Deciding which method of learning suits you best should be your first plan of action before starting to study.

If you’re working and don’t have the time to dedicate to in-class boot camps, I would suggest self study programs. With this approach, you’re able to study on your terms, which means whenever you’re comfortable and have time to fully focus.

This was personally the case with me while I was preparing for my CCNA exams. I found self study to be the right fit, mainly because I could study anytime, anywhere, anyhow. Whenever I had a break at work, I would usually pull up the materials and begin studying.

Another reason why I would definitely recommend self study as opposed to an in-class training session is mainly because it’s a cost effective solution that just makes sense. The average cost for a CCNA boot camp ranges from $2,500 to as high as $3,500 from some research I did at the time of this writing.

Now I don’t know about you, but to me, that’s just insane. Why pay all that money for a course that tries to pack everything into 5 to 10 days of class? When you’ve finished with the boot camp, you still have to do self study before you take the exams, that is, if you really want to get a good understanding of the materials.

Contrast that to just buying one or two books and CCNA video training, and the savings are unbelievable.

Recommended CCNA Training Materials

Now that you’ve decided which method of learning suits you, your next step is to actually acquire the training materials. This is another area that can cause some confusion given the plethora of resources available out there.

Below are just some of the materials I would definitely recommend; these are what I used when I was preparing for my exam.

• CCNA video training

Personally, I found Train Signal’s CCNA video training to be really useful. Chris Bryant is the instructor for this series and I found his teachings very helpful. He’s good at breaking down the complex subject areas and making them simple to understand.

Train Signal offers CCNA as well as CCENT training, so whether you choose to go the CCENT route, or take the single exam — you’re covered. Here are the links to their CCNA training:

• Cisco INCD1 640-822 Exam training
• Cisco ICND2 640-816 Exam training
• Cisco CCNA 640-802 Exam training

You can check out a few of the CCNA training videos for free here to see if you like them.

If you don’t want to go with Train Signal, check out some of the other video training options — having someone show you how to do things and then explain everything is really nice.

• CCNA books

For books, I used Cisco’s Official CCNA Study Guide along with Sybex CCNA Study Guide by Todd Lammle.

However, there are many other CCNA books out there for you to choose from, just make sure that the book you get is current and that it covers all of the objectives you need to know for the exam.

• Cisco Learning Network

Join Cisco’s Learning Network — it’s a really good community to be a part of. You get monthly updates on study topics via email and have a chance to meet peers that are also pursuing their CCNA so you can interact, share ideas and also get help while you prepare.

I was truly excited about the level of interaction I experienced after I joined. You get access to games that help develop your skills in various objectives like subnetting and a whole lot more. Trust me, you will not regret joining.

• Router & Switch Simulators

If you can’t get hold of actual routers or switches, then simulators are your next best bet. I found Cisco’s Packet Tracer to be really cool. It allows you to setup up your own virtual labs, using as many routers and switches provided by the software to test your knowledge. Packet tracer really helped me with mastering topics like STP, VLANs, RIPv2, EIGRP, OSPF and Frame Relay.

Another great simulator is Boson’s CCNA Network Simulator. To me, the advantage of using the Boson Simulator is the way in which the labs are designed. They provide a step by step approach, starting from very simple stuff like configuring interfaces and Static Routes, to moving onwards to configuring routing protocols such as RIPv2 and OSPF.

• CCNA Practice Exams

Finally, before taking the actual exam, it’s a good idea to do a lot of practice exams. By doing this, you are able to highlight your weak areas and dedicate more time to focus on those areas.

Over the years I have written quite a few certification exams, and have never sat one without first doing some practice on Transcender Test Engine. I would definitely rate Transcender as one of the best practice exam engines to use before taking the actual exam. The questions are tough, but they prepare you for what the real thing is like.

And just so you know, Train Signal’s CCNA training (including CCENT and ICND2 courses) includes a full version of Transcender’s practice exam.

Don’t Forget Your Passion for Networking!

Getting your CCNA is a huge step towards truly building a solid career in networking; that’s certainly the case for me. My knowledge base has grown so much more and continues to everyday.

I’m more motivated and excited about advancing my career in networking. Not to mention the opportunities that will open up, like scoring a salary raise, or finding a better job, one that allows you to put your new found knowledge to use.

I truly believe that you must be passionate about what you want in life, and your approach towards getting your CCNA is no different. It has to be something you really want, something you desire.

Once you have that passion for it, then you’ll see just how easy the journey can be and pretty soon you’ll be past your Associates level, heading for the Professional and Expert levels.

Good luck with your CCNA and let me know if you find any great learning resources you’d like to share.

It is, therefore, imperative that we are able to ascertain and prevent most, if not all, vulnerabilities that may exist. One such weakness is Telnet to which SSH is the alternative.

Today we’ll take a deeper look at how you can enable and configure your Cisco Router to use SSH and why we should always use SSH where possible as opposed to using Telnet.

We all know that when it comes to security within the networking universe, Cisco is one of the biggest players. However, just having a Cisco device doesn’t mean that you are secured. The onus is on you to ensure that you’ve configured that device properly to prevent most, if not all, loopholes.

Why Use Secure Shell (SSH)?

Secure Shell (SSH) improves network security by providing a means of establishing secure connections to networking devices for management, thereby preventing hackers from gaining access.

Using Digital Certificates, in a Public/Private Key Cryptography, SSH is able to authenticate clients or servers ensuring that the device or server you are about to connect to is exactly who they claim to be.

Ok, so now that we have a very brief idea of how SSH secures network traffic, the next step is figuring out where to get this thing we call a digital certificate. Do we have to go into a store to purchase it?

Digital Certificates can be acquired in generally three different ways. The most secure (and expensive) is requesting it from a trusted company called a CA – Certificate Authorities. An example of one such company is VeriSign, which is highly popular within the CA Industry for their role in providing worldwide trusted certificates; these certificates can however cost quite a bit.

There are two other ways of requesting a certificate. One is by using an internally trusted CA (trusted within a company) also called an enterprise CA or by generating a self sign certificate on the device itself. The last one is the least secure form, but provides more than enough security to lock down your average network device. This self signed certificate can be generated using the built in commands on your Cisco router.

What About Telnet?

Like SSH, Telnet can also be used to connect to your router but, the main disadvantage of using Telnet is that it does not encrypt its connections. This means that if a hacker is able to capture packets from a Telnet session, he or she would be able to view information contained within those packets, such as a client’s username and password, therefore gaining access to your router.

The diagram below will give you an idea of how this works.

SSH Router Configuration

Now that we have an understanding of how SSH works and why we should use it instead of Telnet, the next step is actually getting down to configuring the device, which is always my favorite part.

For this exercise I will be using a Cisco 871 series SOHO router with IOS ver. 12.4 software. Depending on whether your router is brand new or currently in a production environment, you’re going to have to either connect via a Console session or through a Telnet session.

Take a look at my article on configuring a Cisco router to use RADIUS for authentication for the steps needed to connect via a Console session or you can check this article on Cisco’s website.

Here are the steps:

 
1. Configure a hostname for the router using these commands.

yourname#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
yourname (config)#hostname LabRouter
LabRouter(config)#

2. Configure a domain name with the ip domain-name command followed by whatever you would like your domain name to be. I used CiscoLab.com.

LabRouter(config)#ip domain-name CiscoLab.com

3. We generate a certificate that will be used to encrypt the SSH packets using the crypto key generate rsa command.

Take note of the message that is displayed right after we enter this command: “The name for the keys will be: LabRouter.CiscoLab.com” — it combines the hostname of the router along with the domain name we configured to get the name of the encryption key generated; this is why it was important for us to, first of all, configure a hostname then a domain name before we generated the keys.

Notice also that it asks us to choose a size of modulus for the key we’re about to generate. The higher the modulus, the stronger the encryption of the key. For our example, we’ll use a modulus of 1024.

4. Now that we’ve generated the key, our next step would be to configure our vty lines for SSH access and specify which database we are going to use to provide authentication to the device. The local database on the router will do just fine for this example.

LabRouter(config)#line vty 0 4
LabRouter(config-line)#login local
LabRouter(config-line)#transport input ssh

5. You will need to create an account on the local router’s database to be used for authenticating to the device. This can be accomplished with these commands.

LabRouter(config)#username XXXX privilege 15 secret XXXX

Fine Tuning Your SSH Configuration

We’ve pretty much completed all the steps needed to configure and use SSH on your router; however, there are some other configurations that can be made to further secure your device.

For one, I would highly recommend you enabling an exec time-out on your router to prevent anyone from gaining access to the device in cases you forgot to logout or got distracted because of an emergency. This way, the router will automatically log you out after the session has been idle for a set time.

You must configure this command on the line interface as depicted below.

LabRouter(config)#line vty 0 4
LabRouter(config-line)# exec-timeout 5

This means that if the session has been idle for 5 minutes, the router will automatically disconnect the session.

Use Access Control Lists (ACL) as an added layer of security; this will ensure that only devices with certain IP address are able to connect to the router.

So let’s say the IP Subnet for your LAN is 192.168.100.0/24, you would create an acl to permit only traffic from that subnet and apply this acl to the vty lines.

LabRouter(config)#access-list 1 permit 192.168.100.0 0.0.0.255
LabRouter(config)#line vty 0 4
LabRouter(config-line)#access-class 1 in

Final Tip: Enable SSH2

Another crucial point to note is the use of SSH2 as opposed to using SSH1. SSH2 improves on a lot of the weaknesses that existed within SSH1 and for this reason I recommend always using SSH2 where possible.

Enable SSH version 2 with this command:

LabRouter(config)#line vty 0 4
LabRouter(config)#ip ssh versopn 2

Detailed reading on SSH can be done at RFC 4251

With that comes the added administrative burden of having to manage all the different accounts on each device. Remote Authentication Dial In User Service (RADIUS), is one means of countering this issue by providing a centralized infrastructure for authentication and accounting.

Now there are a lot of technical papers on configuring devices for RADIUS but I’m going to be doing things a little different in this article; I’m going to be giving you a brief overview of RADIUS, how it operates and how to incorporate it into any Cisco routers that you may have in your network.

What is RADIUS?

RADIUS is a widely implemented networking protocol sometimes referred to as a client/server protocol, which provides a centralized mechanism of administering user account information. These can be usernames, passwords and privilege levels for each account.

AAA which stands for Authentication, Authorization and Accounting, are the core foundations upon which RADIUS is built.

Authentication is the process by which the RADIUS server verifies the user requesting access before it is granted, whereas Authorization deals more with the level of access granted to a particular account. The Accounting aspect logs user’s session, thereby allowing an administrator to establish the length of time a specific account may be using the resource for and also to perform other administrative tasks.

Before a device can become a RADIUS client it first must be configured with the same pre-shared key as is configured on the RADIUS server thus allowing it to be able to pass user credentials onto the RADIUS server for verification.

When a user needs to access resources, they are required to provide credentials so as to verify that they have the required privileges to get that level of access to the given resource; this may be access to a Router, Switch, Access Point, Firewall or just data on a File Server.

These credentials are passed to a RADIUS client who then forwards it to the RADIUS server. The RADIUS server queries the credentials against its database before a result of access-accept or access-reject is sent back to the RADIUS client.

Note: for our example the RADIUS client will be a Cisco800 series router, specifically a Cisco 871; the database will be Active Directory configured and running on a Windows Server 2008 box. Today we will focus on the configuration of the Cisco router.

Showing the Authentication process when the user tries to access the router

How to Configure the Cisco 871

As a Cisco administrator you should already know the very basics of setting up your device, but for those of you who have never configured one before, I’m going to go through these basic steps so that even if you’re a novice you will be able to get any Cisco router configured to use RADIUS.

To connect to your Cisco Device you will need a terminal program such as HyperTerminal that comes with Windows XP or if you’re using Windows Vista like me then you’ll need a third party software. I like PUTTY so I’ll be using this throughout the lab.

 
1. First we need to configure the terminal software with the correct Serial settings as listed below after which we would begin the session by clicking open.

• Bits per sec : 9600
• Data bits : 8
• Parity : none
• Stop bits : 1
• Flow control : none

2. After you click open, you will be prompted to enter the credentials to gain access to the device. These credentials are what you have configured before on the router or if it’s a brand new router you will have to use Cisco’s default credentials for that particular model.

As was stated before the model of router I’m using is a Cisco 871 series and the default credentials for that are cisco for the username and password.

3. Next we configure a host name with the following commands:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Cisco871

4. Depending on the role your router is going to play in your network your interfaces will be configured accordingly. For this example I already have a fully operational network therefore I only need to configure the WAN interface to receive an IP address and enable the telnet interface so that I can access the router from any pc or laptop as opposed to using the direct serial connection.

Cisco871(config)# interface fastethernet 4
Cisco871(config-if)#ip address dhcp
Cisco871(config-if)#noshutdown

5. Then we enable the AAA new-model, specify the RADIUS server and a group to be used.

Cisco871(config)#aaa new-model
Cisco871(config)#aaa authentication login CISCO group radius local

6. Specify which interface RADIUS will be accepting connections on.

Cisco871(config)#ip radius source-interface FastEthernet 4

7. Continuing along, we’re going to add the RADIUS server and the key; note that the key used is the same key that was configured on the RADIUS server.

Cisco871(config)#radius-server host xxx.xxx.xxx.xxx
Cisco871(config)#radius-server key xxxx

8. Our last step is to configure the same RADIUS group (CISCO) we defined earlier under the vty lines as the authentication method to be used.

Cisco871(config)#line vty 0 4
Cisco871(config)# login authentication CISCO
Cisco871(config)#transport input telnet

At this stage you should be able to use telnet to connect to the router and provide the credentials of a user in your Active Directory database with the required “dial in” access.

If you’re interested in learning more about RADIUS check out article RFC 2865 on the Internet Engineering Task Force (IETF) website.