SOUTHwarrior

Good luck. They definitely made it a bit more difficult with the new revamps. Working on my CCNP now, switch completed, Route and troubleshoot still left to take. You are right on that, My mistake. When I first got into cisco I was always told that was the case with standard ACL's, after that never bothered to mess with them besides redistributing static routes back into a dynamic protocol so never had the need to modify the sequence order, so I didnt bother with them ever again just went straight to extended and never looked back.

Bow to my Internets! Perks of working for a company that lets the network engineers have rack space and a full 1g connection to the core. Sadly though my 3845 will only handle this much throughput. I had an ASAv appliance running I sent my traffic out temporarily and it handled the gigabit connection. Only using it now as a vpn concentrator. I graphed my usage and I never even hit 100mbps like Ever. Usually average around 20 up constant though.

1-99 are standard acl's. 100-199 are extended. Please for the love of God do not use numbered ACL's. Named are alot easier to manage as well as being able to insert lines in between statements incase you need to modify them in the future. General rule of thumb I go by is set increment the statements by 5. This way if you need to permit something almost identical but with different IP's you can do that and have similar statements in the same general area so its not a nightmare trying to find out which part of the ACL is doing what. With the numbered ones you need to remove the ACL completely if you wish to change one line. Oh dont forget to remove it from the interface before you modify any ACL. You can get locked out very easily if you do not.

I believe the term you are looking for is vlan. VTP is a cisco protocol meant to propagate all your switches with vlan information. so you just need to modify your vtp server switch with the new vlan information and it will distribute to the rest of the switches in the same vtp domain.

I believe the issue you are having is the VPN you are using is a full tunnel VPN. Meaning all your traffic goes through the VPN peer. I doubt any free vpn on the web will give you what you are wanting. Corporate VPN's typicaly have whats called a split tunnel that will make a virtual network adapter on the VPN client side and will have routes for the specific networks you are wanting access to and everything else goes across your local internet connection. I have never had this problem of needing a VPN to the internet, besides some equipment I have in a server rack in a data center which my home firewall handles that traffic, so another forum member might know of some software to where you can specify which network adapter to send which traffic you want.

I hate videos like this. DNS Server has little to no impact on speed. The response time to the dns will only speed up how quick the domain name resolves which isnt very much data to begin with. The only time it might is if the isp's dns servers are being overloaded but if your isp cant handle dns queries for their customers I'd be getting a new ISP. You can only go as fast as the slowest link. If your internet connection is only a few mbps you will only get a few mbps. Back in the day you could get in the firmware of your cable modem and change the rate limit they put on it but im pretty sure they have blocked that finally. That is about the only chance youd have of not having to pay to get a faster connection but its highly illegal and you could get in serious trouble if caught. Option 2 is basically a qos implementation that only allows you to send as fast as your connection is. That is why you set it to your speed you are getting from your provider. You can overload your circuit and slow it down so this one has more credit than just changing the dns.

Topic... Best Wireless router for security.... posts reply. Dont worry I know all about secure things. Sorry I had to, but everybody that has mentioned about disabling wps and using wpa2-aes256 and using a strong password is your best bet for home wireless. You can disable broadcast to keep nosy neighbors from seeing your wireless but anybody that knows about wireless a sniffer will pick up the ssid's still. Personally I use a asus ac56r and it has great range at a decent price. I wish I would have went with the next model up with the 3 antennas but I dont have anything that can connect from that far away so it would have been pointless. On a side note it also has ddns/vpn support so you can have it update a domain name automatically incase your public ip changes and still be able to reach your vpn anytime you need. https://www.asus.com/us/Networking/RTAC56R/

Well for me personally and practices that my company does. I keep a backup of every device that our company manages. IE running configs, system inventory, vlan information. and a visio diagram of every device and what ports/speed they are connected at. You can also have snmp that will send reports about what you set up for it to report back to a central server that will send email alerts based on the severity level of what you want to monitor. We do this in case a device were to fail we can get them back up and running next day as well as having early alerts for potential device failures.

To signup (more for IT professionals and people involved with network operations for companies) https://puck.nether.net/mailman/listinfo/outages Great find. Nice to have being in the field.

Best thing to figure out if you are truly getting ddos'd is to run a packet capture. Run it see what type of requests youre getting on your external network. Theres many many types of ddos attacks that could range from dns to icmp. All of which kill bandwidth just keep a look out for traffic thats all the same that you know isnt yours. Theres really no way to prevent it because itd take forever to track down each IP and block them and by the time you do theres already other new ips that are being used. Id tell your brother to quit being an idiot on the internet and you shouldnt have to worry much more about getting ddos'd. Just my .02

As long as you arent maxing out your bandwidth you shouldnt be running into latency. If you are maxing your bandwidth with Qos something will still have to suffer regardless in terms of latency. Biggest thing you could do is just purchase a faster connection. The reason I say that is the router builds a que with the data you are sending and you classify which type of traffic you want to have higher priority in the que so if you are using that 30 down it wont help any. But as most people have already said you really need to buy a good quality router to help solve your lack of Qos settings, but me personally id buy a bigger pipe before investing in a better router.

Its good forever.

I love dream spark. got server 2012 datacenter edition and windows 8.1 for free.

Lol vpn then dos attack. and no anonymous would not bother to ddos some random person. Now you want to talk about DDos attack at work we host some stuff for the state and its been getting ddos'd for three weeks now averaging about 500Mbps up. no way to block it other than increasing bandwidth so it doesnt get starved from legit traffic.

You can build a pfsense box for much, much less. It doesnt need a 300-500$ build to run. The most I would do is a dual core 2 gigs ram and a 250gb hdd. Nothing fancy really it just runs linux as the backend and pfsense is just the interface for it.

Sorry for the multiple quotes, Reading through this and replying as I read. If yall have an esxi server you can throw on ASAV and use it is a vpn termination point, Also PFsense is really easy to set up remote access ipsec tunnels which are alot more secure than most other options.

If your work has a server Im assuming they possibly have a decent router and or firewall. If you have cisco equipment pm me and I can help depending on the model. But server 08 has a ssl vpn http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Configuring-Windows-Server-2008-Remote-Access-SSL-VPN-Server-Part3.html You will need to forward the port to the server as well. Wouldnt want to do use pptp as All the hosts connected from home will get all their traffic (stuff on the work lan and their internet traffic thats not destined for the work lan) out the internet connection and work using up bandwidth thats not needed to be used. Also itd be better to get it working how you want it to be from the start so you dont have to retrain all the employees on how to vpn in.

Wow. Followed this build almost from the beginning. Good job turned out great.

Yes but why would you want to have 2 modems? I can understand redundancy but if comcast's service goes down both modems are down. You would be better off instead of paying for another modem and not increasing your speed to just buy faster speed.

Most of the new stuff in the CCNP Switch requires higher end layer 3 switches. Equipment for Stackwise and VSS can get expensive as the stackwise switches are a bit more expensive than usual switches. I personally didnt have any lab questions on VSS when I took the 300-115, but I did have questions about it. you might though which the only switches that support that are 4500's and up. But what I used for everything else was a 3845 router, 2 3550g's, and a couple 2960's and that should cover everything you need to do besides what I mentioned.

If its on cisco equipment the config on the router should look something like this int gi0/0 no shutdown int gi0/0.10 encap dot1q (Vlan #) ip addr 192.168.10.1 255.255.255.0 and on the switch you need to make sure you trunk the interface going to the router int gi0/0 no switchport access switchport mode trunk If you have portfast enable on that interface before you trunk it be sure to remove the port fast as it wont form the trunk properly. If you need some help on figuring out the config PM me and I can help you mock it up before implementing it.

You can configure them with vlans and they will still have the broadcast addresses for each network, as different vlans have different layer 3 networks. Simplifies management by alot.