How to Build a More Secure and Flexible Network?

No matter for businesses or home networks systems, keeping network secure is a constant struggle in this modern world. As Internet Security Threat Report estimates a 93 percent increase in Web attacks from 2010, protecting the valuable information against constantly evolving malware, identity theft, hacktivism, state sponsored hacking, etc. have gained more and more attention. But how to build the more secure and flexible networks practically?

1. Installing a firewall is necessary through firewalls are not almighty. ( if you need more details on Cisco firewall configuration, there are some materials to refer to:
http://blog.router-switch.com/2012/06/eight-commands-on-a-cisco-asa-security-appliance-you-should-know/     
http://blog.router-switch.com/2012/05/vlan-sub-interfaces-on-cisco-asa-5500-firewall-configuration/ )

2. Make sure anti-virus software is uploaded on every computer for third-party software such as Java, Adobe products and browsers are often gateways for malware.

3. PCs, tablets, switches and routers all need to be constantly updated and monitored to guard against network threats. Using a remote monitoring and management (RMM) tool that includes the ability for both operating system and third-party patching makes this process easy for a solution provider to update all software on an endpoint. （Juniper’s Care Plus and Cisco’s Smart Care are two examples. Those initiatives help solution providers ensure their entire customer networks are healthy, offer access to vendor technical support and also provide reporting on a scheduled basis.）

4. Be sure to change the default administrative password on the new devices such as wireless router, which is typically "password." If possible, create a new administrative user id, and disable the default, which is typically "admin." Perform all administration and configuration tasks through the LAN cable interface.

5. Pay attention to data encryption. Choose the highest encryption level that your computing equipment can support, and choose a pass-phrase that is easy for you to remember but hard for outsiders to guess.

Network Data Encryption

6. Remember to take MAC (Media Access Control), which is the actual address of your network interface that is typically burned in by the manufacturer. (Wireless routers allow you to build a table of authorized MAC addresses that may connect to your network. Through some degree of investigative work in determining the MAC address on each of your home computers may increase security for your network, the address can be spoofed (faked), and the hacker still has to know a valid MAC address in order to accomplish this task.)

7. Protect the SSID (Service Set Identifier) - the name that your router broadcasts for others to see. The default is typically the name of the manufacturer of your router, and you should change this to something obscure. Do not give it your family name, address, car tag number or anything else recognizable as your network. And be careful with whom you share your network name. For the maximum security on SSIDs simply turn off SSID broadcasts.
We have to admit that we cannot list all the solutions to protect the network safe absolutely, but remember that operating system and software patching, using the most up-to-date anti-malware programs, keeping the network infrastructure healthy and current, and performing regular security testing will go a long way toward ensuring solutions to secure networks and against evolving network threats. So let’s keep the network security from then on with paying attention to details.

How to Buy the Best Network Hardware and Set up By Yourself?

Generally speaking, computer hardware means knowledge of assembling different computer parte together for the proper functioning of a computer. Networking means linking the networks of various companies on a common platform so that the requisite data can be shared easily by the companies. Therefore, knowing the basic knowledge of choosing or buying network hardware is vital. But we all understand that it’s easier to say than to do. Now, we collected some materials after a long time of hard working aim to help those who are confused on buying the right network hardware.
1. Balancing network costs and performance
It’s no doubt that Speed, collaboration and connectivity reign supreme in the modern global economy. Thus, we should consider the quality of network hardware without doubt first, and Cisco-as the leading brand in this field, is the best choice certainly. But for some individuals, the related higher price may be a problem. Fortunately, there is a lot of Cisco refurbished network hardware to choose from at market, especially at online shops.
The most obvious reason is that a refurbished hardware typically sells for between 10 to 30% less than the equivalent brand new unit. Depending on the model, this can mean hundreds of dollars in savings. Besides, the refurbished hardware includes the same one-year limited warranty that comes with all new hardware. Therefore if the refurbished computer is not satisfactory, it can be returned without hassle. Meanwhile, Cisco pre-installs the operating software originally shipped with the hardware and it provides the strong technical support for all Cisco equipment no matter it's new or refurbished. However, there are also some disadvantages of refurbished hardware. For example, they are not subject to any customization. Memory, hard drive space or other upgrades must be purchased separately.
So, we advise the buyer choose the network hardware carefully according to your situations with the above tips.
2. Understanding the influence of your Internet connection
When planning your network infrastructure always consider how employees will share access, what type of records you would like to maintain, what type of flexibility your company demands such as wireless access and how you plan to incorporate peripherals.  Your network hardware and configuration are the key elements to driving employee collaboration and connectivity. While IT departments spend much of their time and budget on personal computer equipment, choosing your company's network hardware infrastructure is a critical business decision.
3. Selecting the proper wireless network components
The basic devices in a wireless network are: The Wired Network, Access Point or Wireless Router, Client Device, Client Bridge, and Repeater.  Each component has a specific function, and while some devices can operate in more than one function, they often have specific attributes that best suit them for a given function. If you are mean to know the details on each device/function more, please look at: http://www.wifihowto.net/basic-components-of-a-wireless-network
4. Setting up your Own Wireless Network
If you have known the importance of network hardware and bought one, the next step you must try is to set up your own wireless network. And this process is no longer difficult after you know how to connect the wireless router and configure it.

First, you need to locate your cable or DSL modem and unplug it. Next, you must connect your wireless router to your modem (modem must be stay directly connected to the Internet). Do this by plugging one end of a network cable into the modem and plug the other end to the Internet, WAN or WLAN port on the router. After hooking everything up, the computer will automatically connect wirelessly to the router, and the router will consequently send information through your modem to the Internet.
In terms of configuring the wireless router, you should use another network cable, temporarily connect your computer (through the network adapter) to one of the open network ports on your router (make sure the port is not labeled Internet, WAN or WLAN). When turned on, your computer will automatically connect to the router. Afterwards, open the Internet Explorer on your computer and type in the address in order to configure the router. The address (and password in some cases) varies depending on the brand of your router, so you would need to refer to the instruction manual.
(If you are still not very clear on how to configure Cisco routers, there are some materials for you to refer to:
http://www.router-switch.com/cisco-router-documents-pdc-15.html          http://blog.router-switch.com/category/how-to/)                          
If you are in the market for new equipment, make sure you choose a manufacturer with a good reputation. Router-switch.com (Yejian Technologies Co., Ltd) is the World's Leading Cisco Supplier, founded in 2002. We are a global provider of Cisco networking products with 8000+ customers in over 120 countries. We provide original new and used Cisco networking equipment, including Cisco routers, Cisco switches, Cisco firewalls, access points, IP Phones, GBICs, GLCs, WIC NM network modules, memory & flash, cables, and other network kits. Also we buy used surplus network & Telecom equipment. Committed to 100% customer satisfaction, cost-effective product and strict quality management, Router-switch.com continues to improve their service, optimize their purchase channel and adopt advanced management system.

50%-98% Discounts for High Quality Cisco Equipments with “Son”of router-switch.com Landing USA

With 10-year- anniversary, router-switch.com has prepared a lot of gifts for its regulars and new clients...
Having gone through 10 years of remorseless hard working and continuous improvement, the branch office of router-switch.com is landing in U.S.A. finally when it is also just welcoming its 10th anniversary in 2012.
To be trusted by a friend is not an easy task, and to be trusted by most of the Cisco resellers and customers is even harder. But router-switch.com have done it with the reputation of the leading Cisco supplier worldwide, the professional salesmen, high quality and sincere pre-sales and after-sales service, free CCIE technical support and creative marketing staff.
There are too much “prophecy”, fear and expectation for 2012, but it is coming peacefully with special significant, especially for router-switch.com. At the time of celebrating its 10-year birthday, router-switch.com have prepared a lot of gifts for its regulars and new clients, such as an album of telling its history and achievement, more discount for popular Cisco equipment (Cisco routers, Cisco switches, Cisco wireless Aps, etc.), new version of its official website, more collaborations with Cisco technical support units. With the same aim and more actions, router-switch.com is making itself more and more local to serve for customers better;
Once landing in “Router Switch” in U.S., its localization service will be strengthened. More professional local team will still offer sincere service (pre-Cisco buying consultation, updating of purchased Cisco hardware, free CCIE technical support, etc.) for the regulars and new clients.

Now, let’s look back at the Main Events over the Past 10 Years of router-switch.com:
Since 2002, router-switch.com has experienced a rapid development with sales volume maintaining 70% growth per year.
In 2004, CCIE technical support team was built with more and more clients’ technical requirement.
In 2007, it established its marketing department which can spread its reputation and gather freshest market information for Cisco business.
In 2008, most advanced management tools are adopted to improve efficiency greatly.
In 2012, it is making the great effort to be the worldwide largest Cisco reseller online.
Router-switch.com has accomplished its goals with customers’ trust, not only globalization, but also more localization, more humanization.
With a new “Router Switch” in U.S.A. , Professional Cisco Supply Service is Around You...

Tutorial of VLAN on Why to Use, What is and How to Configure VLAN?

Why to Use VLAN?

As most of us may know that traditional network designs use routers to create broadcast domains and limit broadcasts between multiple subnets. This prevents broadcast floods in larger networks from consuming resources, or causing unintentional denials of service unnecessarily. Unfortunately, the traditional network design methodology has some flaws in design：A switch can have anywhere from 12 ports to 80 or more, and by default all hosts connected to that switch are going to be in the same broadcast domain.

For some network services and protocols, a broadcast received by a host results in that receiving host transmitting a broadcast of its own. Then when all the hosts receive that broadcast, they all end up transmitting even more broadcasts. Pretty soon, all these broadcasts have snowballed into a broadcast storm, which can take up most of a network's bandwidth and make normal network operations almost impossible. Thus, applying VLAN is necessary with the following benefits: 1. VLAN can reduce administration costs associated with moves, adds, and changes; 2. VLAN can control broadcast activity and provide better network security; 3. VLAN have the function of leveraging existing investments with flexible and scalable segmentation

What is VLAN?

Generally speaking, a VLAN is a logical local area network (or LAN) that extends beyond a single traditional LAN to a group of LAN segments, given specific configurations. Because a VLAN is a logical entity, its creation and configuration is done completely in software.

Therefore, identifiers and configurations for a VLAN must be properly prepared for it to function as expected. Frame coloring is the process used to ensure that VLAN members or groups are properly identified and handled. With frame coloring, packets are given the proper VLAN ID at their origin so that they may be properly processed as they pass through the network. The VLAN ID is then used to enable switching and routing engines to make the appropriate decisions as defined in the VLAN configuration.

VLAN Configuration

How to Configure VLAN?

1. Log in to the Visual Switch Manager for the switch which you would like to enable VTP.

2. Select “VTP Management” from the “VLAN” tab of the menu bar.

3. Select the “VTP Configuration” tab. enter a “Domain Name” and “VTP Password,” and click “OK” to confirm settings. (The domain name and VTP password must be the same for all switches in the same VTP domain.)

4. Select “VTP Management” from the “VLAN” tab. Select the “VLAN Configuration” tab, and click the “New” button that appears at the bottom of the window.

5. Enter a new VLAN ID and descriptive name; click “OK” to confirm settings and exit the new VLAN dialog box. Click the “OK” button a second time to exit the VTP Management page.

6. Select “VLAN Membership” from the “VLAN” tab. Click on the Assign VLANs tab, and select a port or interface. Choose “ISL Trunk” or "802.1Q trunk" from the “Mode” drop-down field to configure the interface as a trunk port to accept traffic for more than one VLAN. (This will also allow this server to receive VTP messages from other servers on the network.)

7. Using "ISL Trunk" or "802.1Q Trunk" will vary based on the model of the switch. Newer switch models typically use "802.1Q Trunk."

8. Enter the VLAN IDs separated by commas in the “Assigned VLANs” column. Click “Apply” to confirm settings.

9. Click the “Trunk Configuration” tab, and then the “Modify” button to change the default settings for the interface or port. (You can limit the VLANs that send traffic over a trunk line and modify the list of VLANs that are pruning-eligible. VTP pruning stops unnecessary traffic for VLANs on trunk ports that are configured as pruning-eligible.)

10. Click "OK" to confirm settings and exit the VLAN Management window. This will return you to the Visual Switch Manager home page.

Details and Configuration of Cisco Catalyst 3750 Series

Cisco Catalyst 3750 Series are innovative products that improve LAN operating efficiency by combining industry-leading ease of use and the highest resiliency available for stackable switches. This new product series represents the next generation in desktop switches, and features Cisco Stack Wise technology, a 32-Gbps stack interconnect that allows customers to build a unified, highly resilient switching system-one switch at a time.

Using a 32-Gbps stack interconnect, Cisco Stack Wise technology is designed to respond to network changes of all kinds while maintaining constant high network performance. Cisco Stack Wise technology unites up to nine Catalyst 3750 switches into a single logical unit via special stack interconnect cables. The stack behaves as a single unit managed by a master switch elected from one of the member switches. Its advanced failover mechanisms create the highest levels of stackable resiliency for hardware and software reliability.

Now, let’s share the configuration process of Cisco Catalyst 3750 Series detailedly: 

1. Connect the switch's power supply to a grounded AC outlet till the switch's indicator lights "SYST" on the switch turns solid green.

2. Hold the "Mode" button at the bottom-left corner of the switch till the LEDs left of the "Mode" button turn green, and then release it.  

3. Connect an Ethernet cable to any of the switch's Ethernet ports then check whether the lights on the switch and your computer's Ethernet card are green or not, and wait 30 seconds.

4. Enter "10.0.0.1" into the address bar of your web browser, which brings you to the Cisco 3750's Express Setup page.

5. Enter "10.0.0.1" into the "IP Address" field of the "Basic Settings" tab.

(Note: If you are connecting the switch to the Internet through a modem or router, enter the modem or router's IP address in the "Default Gateway" field. The modem or router's IP address should be in its manual.)

6. Enter a password in the "Switch Password" field, and repeat it in the "Confirm Switch Password" field. (Enter a name for the switch and fill in the date, time and time zone information under "Optional Settings" if you wish).

Basic configuration is now complete, though you may wish to alter some advanced settings as well.

7. Click on the "Advanced Settings" tab.

8. Click "Enable" beside "Telnet Access" if you plan to use Telnet to manage the switch using a command-line interface. Enter a password into the "Telnet Password" and "Confirm Telnet Password" fields as well.

9. Click "Enable" beside "SNMP" to enable Simple Network Management Protocol (SNMP). This option should only be enabled if you plan to manage the switch using Cisco Works 2000 or another SNMP system. You must enter the "Read Community," "Write Community," "System Contact" and "System Location" information if you enable SNMP.

10. Check the "Enable IPv6" box if you wish to enable it. IPv6 features better support for mobile devices like cell phones and PDAs, simplified address auto-configuration, and improved data encryption, compared to IPv4. Enabling IPv6 will restart your switch when exiting Express Setup.

11. Click "Submit" to save and apply your settings. Your Cisco 3750 should now be configured and ready to install in your service network.

The Functions and Configuration of Cisco 2960 Series

The Cisco Catalyst 2960 Series having eight 10/100 ports with one 10/100/1000 PoE input port does not need a power supply and receives power through the uplink from an upstream PoE switch, providing deployment flexibility and availability. It is ideal for wiring and space-constraint applications. Meanwhile, Cisco Catalyst 2960 Series offer models with LAN Lite software that provide desktop Fast Ethernet connectivity for wiring closet and small branch-office networks to provide basic LAN services. The LAN Lite Cisco IOS Software provides entry-level security, quality of service (QoS), and availability capabilities while lowering the network's total cost of ownership.

Besides, the power adaptor (PWR-A=) and power cord of Cisco Catalyst 2960 series such as Cisco Catalyst 2960-8TT-L are optional and may be purchased separately.

After the simple description of the functions of Cisco 2960, now, let’s come to the steps of configuring Cisco 2960 series.

1. Connect the RJ-45 end of the cable that resembles a large telephone connector to the switch.

2. Connect the 9-pin d-shell end of the cable to your computer’s serial port.

3. Configure and establish a terminal session to the switch. (You can use any software that provides terminal emulation, and there are several free programs available on the Internet, including CRT, Putty and HyperTerminal. )

4. Set the terminal session parameters to Xon/Xoff flow control, 9600 baud, 8 data bits, 1 stop bit and no parity.

5. Power on the switch and look for the startup messages. Check your terminal session settings if you do not see the messages after a minute or so. Be sure the terminal session settings are correct.

6. Continue to the initial configuration dialog and basic management setup by accepting the defaults of “yes” at the prompts. (You can accept the defaults by just pressing “Enter.”)

7. Press “Enter” when prompted for the host name to accept the default of “Switch,” or enter a different host name and press “Enter.”

8. Enter the enable secret password, and press “Enter.” Repeat this process for the enable password and the virtual terminal password. Be sure to write down all three passwords and store them in a secure place.

9. If you are prompted about SNMP Network Management accept the default by pressing “Enter.” Enter “vlan1” and press “Enter." This will identify the interface that will be used to connect to the management network.

10. Enter “yes” when prompted to “Configure IP on this interface?” and press “Enter.” Enter the IP address for the switch and press “Enter.” Enter the subnet mask at the prompt and press “Enter.”

11. Enter “no” if prompted to “enable as a cluster command switch,” and press “Enter.” The switch will now display the current configuration, and you will be given three options.

12. Enter “2” and press “Enter” to save the configuration to NVRAM and exit. When the switch returns with its prompt, you are finished with the initial configuration for your Cisco 2960 switch.
This material referred to: http://www.ehow.com/how_6860565_do-configure-cisco-2960-switch_.html

Practical Tutorial on Cisco 2600 and 2800 Password Recovery Procedure

Sometimes, you may buy used Cisco device for your Cisco home lab, but that router/switch configuration most likely already erased to default configuration by the reseller. Or what if you got a router/switch with password in it but you forgot the password you gave to the device?

The password recovery procedure will wipe out all configurations in the router/switch, it is always a good idea to back up your configuration regularly and use the backup to reconfigure the router/switch after password recovery procedure. Now, make sure that we can solve some simple problems on Cisco 2600 and Cisco 2800 series by ourselves, let’s share the details at the following words. Through some devices might have different procedure for password recovery, (some Cisco switches series have a button on the chassis that you must press for password recovery), the steps that I'm showing here are for Cisco 2600 and 2800 series routers, but most routers have the common steps to follow.

Cisco 2800 password recovery procedure

Now that your hardware is connected, establish a serial connection with the router.

The settings you need are:

Baud: 9600

Data bits: 8

Parity: No

Stop bits: 1

Flow Control: None

Detailed steps：

Break the original Process.

1. Press the "Break" key within the first 60 seconds of restarting a router to break out of the boot process for Cisco routers copy the configuration file stored in their memory into the system on boot.; (For break key sequences, refer to this Cisco link:  

   http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note0...)

2. Type "confreg 0x2142" to boot from Flash, after you are dropped into the ROMmon console that allows you to modify some essential settings.

3. Type "reset" to restart the router.

4. Press "Ctrl" and "C" simultaneously to skip the initial setup procedure.

5. Type "enable" to begin reconfiguring the router.

Change the password

1. Type "configure memory" to copy the NVRAM into the router's system memory.

2. Type "show running-config" to view the configuration. If you were using unencrypted passwords, you will be able to view them. However, if they are encrypted, you will need to change to a new password.

3. Type "configure-terminal," then "enable secret PASS" where "PASS" is your new password.

Restart running

1. Type "config-register 0x2102" to change the router's configuration register back to the normal 0x2102.

2. Type "Ctrl" and "Z" simultaneously to exit the configuration mode.

3. Type "write memory" to write your changed settings to the NVRAM so the changes will stick when the router resets.

After those steps, we do the Cisco 2600 or 2800 password recovery successfully.

The article referred to:

http://www.ehow.com/info_8683062_cisco-router-2600-password-recovery.html