As the end of the year is almost here, I have decided to make a round-up of my blog posting activity for year 2009. I have gathered the 3 most popular posts for my blog in 2009 and listed them below. It seems that anything related with Cisco ASA Firewalls is very popular. This is because the Cisco ASA configuration is kind of difficult to comprehend, especially for beginners in the field of network security. Not only that but also official documentation for Cisco ASA is unfortunately limited to mostly description of configuration commands and explanations for only a small fraction of the huge feature list of the Cisco ASA. Therefore people are searching the web for more information and solutions about their network firewall implementations. Another popular topic is Cisco switches. Although a switch is sometimes considered a plug-and-play device, I’ve got hundreds of hits on two posts related with Vlans and Layer3 functionality on a Cisco switch. Let’s see the three most popular posts that received the most hits for 2009:

Most Popular Post:

This is a Cisco ASA 5510 basic configuration tutorial. The ASA 5510 is one of the most popular ASA models since is mostly used in Small-Medium-Business networks. The tutorial will guide you step by step to configure a 5510 for basic Internet access.

Second Popular Post:

This post describes how to configure vlan in cisco switch. The example network diagram shows two Layer 2 switches connected with a trunk port and three Vlans spanning both switches. It is a very common switch network implementation so I hope people have found that post useful.

Third Popular Post:

Another switch related post which deals with Cisco L3 switch routing. A Layer 3 Cisco switch can prove very useful in a LAN network since it can both aggregate Layer 2 connections and also offer Layer 3 InterVlan routing, thus avoiding the use of a dedicated Router in the network.

This is my last post for 2009, so have a Happy New Year and will talk to you soon in 2010. I wish you all happiness, health, and prosperity in your life.

In my workplace (I work in an ISP provider in Europe) we always encourage junior network engineers to follow a Cisco certification path, either through the Routing and Switching path or other important technology paths such as network security and VoIP. I have been in this industry for more than a decade and I firmly believe that in order to succeed in the networking professional career one must earn relevant professional certifications.

Cisco is one of the leader companies offering professional certifications, which are highly recognized in the industry as excellent qualifications for an employee. Earning a Cisco certification means that you have a good grasp of the technology and most importantly you are competent to design and implement Cisco solutions and products. The Cisco Certified Network Professional (CCNA) certification is the entry level qualification and is very popular among junior engineers. To pass CCNA you need a high quality training and dedication towards your goal.

There are several training options available for CCNA preparation, such as self-study via books, instructor based training (boot camp style), video training, simulation exams etc. From my own experience when studying for my Cisco exams, and also from discussions with other certified colleagues, one of the best ways to study for CCNA is using a CCNA Video Training package. Especially when you combine a video training package with exam practice questions, you will have a complete preparation method for passing your exam. A video training package includes DVD quality videos with a real instructor teaching the course and guiding you through the exam objectives to help you pass.

The two best companies offering CCNA Video Training packages are Trainsignal and CBT Nuggets. Both training companies offer top-quality material and are very popular among technology professionals since they offer a wide range of vendor trainings (Microsoft, Cisco, CompTIA, VMWare etc). Especially for CCNA certification, the video training product from these two companies is an excellent choice. The two instructors (Chris Bryant for Trainsignal training and Jeremy Cioara for CBT Nuggets training) are highly experienced teachers who will help you tremendously to learn the CCNA material. Go ahead and check out those two training options and I’m sure you will not get disappointed. I have prepared also a comparison table between Trainsignal Vs CBT Nuggets for getting a better idea of the two training packages for CCNA.

Because as technology geeks we spend many hours in front of the computer, I found the following article useful for all of us.

The screen

First, the computer screen should be as far away as possible from the office window and placed in parallel with it (ie as you work, the window should be right or left). This will reduce the direct illumination of the computer screen and the annoying and harmful reflections.

In any case it is wrong to place the monitor in such a way that we you can directly see the window. So, in addition that we limit reflections, we also avoid the high light intensity from the side of the window.

A second step in the right direction is the placement of the computer screen so that the upper edge is at about our eye level. So we avoid eyestrain when reading and movements of the head for continuous reading become smaller.

Since in most cases the papers from which we read have black letters on white background, the same color must also be used on the computer screen (white background-black letters).

Brightness and Contrast

With the help of brightness settings we need to set our screen so that the black spots are actually black and not grey. The contrast should be adjusted so that the white parts of the image are actually white. In short, the shades of grey should be distinguished as much as possible on our screen.

The distance from the screen should be roughly between 45 – 70 cm and ideally 60 cm. Within that distance, the letters on the screen must have a minimum size of 3 mm.

The screen size must be at least 15 and ideally 17 inches. Attention should be paid to the high refresh rate. The minimum refresh rate suggested by standards is 73 Hz. The bigger the screen the greater must be the refresh rate. For 15 inch screen, an analysis of 800×600 pixels is suggested. While higher analysis will result in better resolution, the letters and symbols are very small and tiring for the eye. For a screen of 17 inches, an ideal analysis is 1024×768. Higher analysis should only be used on larger screens.
The formula for calculating the minimum vertical scan frequency is: Vertical resolution in pixels * refresh rate * 1.06

Lighting

For an office position which is illuminated by day light, use light intensity of at least 300 Lux. In other cases (evening, enclosed spaces, etc.) use a minimum illumination of 500 Lux.

In many office positions the lighting changes greatly during the day, for this reason window blinds or similar means are suggested for reducing the very strong light.

Radiation
To keep radiation as low as possible, the computer monitor shall at least meet the requirements of MPR II standard. Better standards are TCO 1995 or TCO 1999.

HSRP (Hot Standby Router Protocol) is the Cisco proprietary protocol for providing redundancy in router networks. The standard router redundancy protocol which is used by other vendors is VRRP (Virtual Router Redundancy Protocol), however Cisco has created its own proprietary protocol (HSRP) which works very well on Cisco routers.

In a Local Area Network (LAN), all hosts (PC, Servers etc) have a single default gateway address configured which is used to route packets outside the LAN. If that single default gateway fails, then communication outside the LAN is not possible. With HSRP we can have two gateway routers, one active and one standby, which will provide resiliency regarding the default gateway address. Using HSRP, the two routers will have a physical IP address configured on their LAN-facing interface, but they will have also a Virtual (HSRP address) which will be used as the default gateway address for hosts on the LAN. No matter which router gateway is up and running (either the primary or the secondary), the virtual HSRP address will stay the same.

Let’s see a diagram below to explain this functionality.

First of all, HSRP must be configured between interfaces that have Layer2 connectivity between them. From the diagram above, HSRP will be running between interfaces FE0/1 on the two LAN routers. Interface FE0/1 on RTR-A will have a physical IP address 10.10.10.1 and interface FE0/1 on RTR-B will have a physical IP address 10.10.10.2. An HSRP address 10.10.10.3 will be also configured on both routers. This address will serve as the default gateway address for all hosts on the LAN. RTR-A will be configured as the Active HSRP router by setting a higher hsrp priority.

With HSRP, we can also track a specific interface. This means that if the tracked interface of the active router fails, then HSRP will trigger a failover to the standby router.

Let’s see an actual configuration below:

Configuration

Router RTR-A
RTR-A(config)# int fa0/1
RTR-A(config-if)# ip address 10.10.10.1 255.255.255.0

! enable HSRP group 1 and set the virtual address to 10.10.10.3
RTR-A(config-if)# standby 1 ip 10.10.10.3

! preempt allows the router to become the active router when its priority is higher
RTR-A(config-if)# standby 1 preempt

! increase its priority to 110 to make it active (default priority  is 100)
RTR-A(config-if)# standby 1 priority 110

! track the WAN interface FE0/0
RTR-A(config-if)# standby 1 track fa0/0

Router RTR-B
RTR-B(config)# int fa0/1
RTR-B(config-if)# ip address 10.10.10.2 255.255.255.0

! enable HSRP group 1 and set the virtual address to 10.10.10.3
RTR-B(config-if)# standby 1 ip 10.10.10.3

! preempt allows the router to become the active router when its priority is higher
RTR-B(config-if)# standby 1 preempt

! set priority to 100 to make it the standby router (this is the default value)
RTR-B(config-if)# standby 1 priority 100

! track the WAN interface FE0/0
RTR-B(config-if)# standby 1 track fa0/0

That’s it. Now configure a default gateway address of 10.10.10.3 for your LAN hosts.