In a previous post, we considered the need for route redistribution, and we also took a look at some configuration examples. This posts builds on that previous configuration and discusses how we can filter routes using route maps.
Specifically, the previous example performed mutual route redistribution between EIGRP and OSPF, where all routes were redistributed between the two autonomous systems. However, some design scenarios might want us to prevent the redistribution of every single route. One way to do that filtering is to use a route map.
For your reference, here’s the topology we’re working with:
Also, with our current route redistribution configuration, the IP routing table on router R1 looks like this:
Let’s say, for some reason, we don’t want the 192.168.2.0 /24 network redistributed from EIGRP into OSPF. One way to do that filtering is to use a route map that references an access control list (ACL).
First, let’s go to router R2 and...
If the security track is on your radar, particularly CCNA Security, you need to have a working understanding of configuration and troubleshooting with Cisco's Adaptive Security Device Manager (ASDM).
In this video, I'll walk through the setup of a basic clientless SSL VPN using Cisco's GUI-based ASDM software.
All the best,
Our organizational IT environments are constantly changing, driven by factors such as telecommuting, cloud technologies, and BYOD (Bring Your Own Device) policies. This requires modular and dynamic architectures in place, allowing flexibility while still maintaining a rigid security posture. One of the most foundational ways to accomplish this is through the use of network security zones, which we'll take a look at in this blog post. We'll cover common security zone types, and also zone filtering policy considerations for each.
A security zone is a portion of a network that has specific security requirements set. Each zone consists of a single interface or a group of interfaces, to which a security policy is applied. These zones are typically separated using a layer 3 device such as a firewall.
In a very broad sense, a firewall is used to monitor traffic destined to and originating from a network. Traffic is either allowed or denied based on a...
Introduction to Route Redistribution
Until there is one routing protocol to rule them all, there is a need to have multiple routing protocols peacefully coexist on the same network. Perhaps Company A runs OSPF, and Company B runs EIGRP, and the two companies merge. Until the newly combined IT staff agrees on a standard routing protocol to use (if they ever do), routes known to OSPF need to be advertised into the portion of the network running EIGRP, and vice versa.
Such a scenario is possible thanks to route redistribution, and that’s the focus of this blog post. Other reasons you might need to perform route redistribution include: different parts of your own company’s network are under different administrative control; you want to advertise routes to your service provider via BGP; or perhaps you want to connect with the network of a business partner. Consider the following basic topology.
In the simple topology show above, we’re wanting OSPF and...
I get asked a lot about home lab equipment by those interested in studying cybersecurity, particularly CCNA Cyber Ops and CompTIA CySA+ students. In this new video, I'll give you a look at my setup, and give some recommendations for creating your own basic security lab and why it's important.
All the best,
Whenever someone asks me what direction they should focus their IT career, particularly in regard to cybersecurity, my answer is always the same: “It depends.” It’s usually not a very satisfying answer, but it’s an honest one.
Early in my own career I learned the pitfalls of not specializing in something. While there’s always a place on a support team for someone who seems to know a little bit about everything, this makes for a very poor career move. On the surface it seems like a great idea, but in reality…
It’s simply not possible to be an expert in everything. Everyone hits their limits with time, memory, and determination eventually, so we must choose wisely what we want to specialize in. Having no specialty is a recipe for a mediocre career, especially in cybersecurity.
So, if you’re just kicking off your security career, or re-tooling and looking for inspiration, the best place to start is finding a specialty. A few...
One question that I get asked all the time goes something like this: “How can I break into the cybersecurity field without any experience?” We hear the stats all the time about zero-percent cybersecurity unemployment and over a million job openings, but is it actually possible to get into this sector with little or no real-world exposure?
Just as with many other careers, I think cybersecurity (and IT in general, I would argue) suffers from unrealistic expectations, particularly at the entry level. I’ve had discussions with so many students who are shocked that employers aren’t beating their door down, after they’ve obtained legitimately difficult and prestigious certifications. The truth is that competition is fierce. Degrees and certifications guarantee nothing, in reality. That’s why it’s so important to be well-prepared in every possible way.
So, the short answer is yes, it is possible to get into the cybersecurity field with...
Last month I had the privilege of presenting a session at Cisco Live US 2018 (in Orlando, Florida). If you couldn't make it to the live event, you can now check out the video of my presentation by clicking HERE.
Note that you have to login to the Cisco Live website. If you don't have an account, no worries, just click the Join Now button on that page to get your free Cisco Live account.
The presentation covers Quality of Service (QoS) topics. However, please don't let the "CCIE" in the title make you think it's super advanced. In the presentation, we start at the very basics and build to the CCIE level.
Here's the link: Kevin's Cisco Live Presentation
Kevin Wallace, CCIEx2 (R/S and Collaboration) #7945
I recently returned from the Cisco Live US 2018 event in Orlando, Florida. It was a great experience, with lots of conversations, sessions, and insight. You can expect more content about what I learned over the coming weeks.
But for now, I'd love for you to checkout an interview I did with Network Chuck. If you're not familiar with Network Chuck, you're in for a treat. He's an instructor at CBT Nuggets, but I've been a fan of his YouTube channel well before that. His enthusiasm for all things IT is contagious, and I'm sure you'll get some valuable insight from him in this interview.
If you'd like to follow Chuck on any of his social media channels, here are his links:
Kevin Wallace, CCIEx2 (R/S and Collaboration) #7945
I’m afraid we’ve over-romanticized the concept of cyber security in many ways. We imagine ourselves as Mr. Robot, staring at our terminals intensely, valiantly defending against state-sponsored DDOS attacks in real-time. I don’t want to discount the validity of these events, because they can and do happen quite frequently. The problem is, we often neglect to address the biggest and most prevalent vulnerability in our environments – the humans.
Studies consistently reveal that over 60 percent of security breaches are due to some sort of employee error. We’ve reached a saturation point where we’re rarely separated from our devices. Often this means that employees are always within arm’s reach of their corporate networks. Disaster is literally just one click away. There’s almost always a human element to a breach, whether that be malicious intent from a disgruntled employee or a simple oversight by well-intentioned personnel.