April 22, 2025 - Reading time: 17 minutes

On our previous lesson, we explored the fundamentals of standard ACLs, which filter traffic based solely on the source IP address. We discussed the importance of applying them close to the destination and how each ACL ends with an implicit ‘deny all’ that can unintentionally block desired traffic if not carefully managed. We also went through best practices, such as verifying ACL matches using show access-lists and ensuring the correct inbound/outbound direction is specified when applying the ACL to an interface. By understanding these essentials, you can now confidently create and troubleshoot standard ACLs in various network scenarios.

This time, we'll tackle extended ACLs, a more advanced type of ACL that not only checks source and destination IP addresses but can also evaluate protocols, TCP/UDP ports, and other criteria. Extended ACLs are typically placed close to the source to block unwanted traffic early, preventing it from traversing your network unnecessarily. With extended ACLs, you can allow specific types of traffic (like HTTP on port 80) while denying others (like Telnet on port 23). In the next lesson, we will walk through the configuration and verification steps to harness this added flexibility for granular traffic control.

Read more

April 8, 2025 - Reading time: 16 minutes

Access Control Lists (ACLs) on Cisco devices are fundamental tools used to identify, permit, or deny network traffic based on various criteria. They are commonly applied to interfaces to control data flows through the router. ACLs ensure only authorized traffic passes according to configured rules.

In this lesson we will focus on the Standard Access Control Lists. Standard Access Control Lists (ACLs) on Cisco devices use only the source IP address to allow or deny traffic. They are typically assigned numbers between 1 and 99 and are most effective when placed close to the destination. With fewer matching criteria than extended ACLs, standard ACLs offer a simple way to filter traffic based on source IP addresses only.

Read more

March 25, 2025 - Reading time: 14 minutes

Dynamic Host Configuration Protocol (DHCP) allows a router to automatically assign IP addresses and other network parameters (such as default gateway and DNS server) to hosts. In a router-on-a-stick setup, one physical interface on the router is divided into multiple subinterfaces, each subinterface corresponding to a VLAN. The router will act as a DHCP server for each VLAN.

Read more

March 11, 2025 - Reading time: 13 minutes

The Password Recovery procedure is used to regain administrative access to a device when passwords are lost or forgotten. This method involves interrupting the boot process to enter ROMMON mode, bypassing the startup configuration, and then resetting the necessary credentials. The recovery process requires precise use of configuration register changes to ensure the device boots properly without the previous settings. By following these steps, administrators can restore secure access while maintaining the integrity of the existing configuration.

Read more

March 4, 2025 - Reading time: 9 minutes

Common Mistakes and How to Avoid Them 

When configuring BGP, several common mistakes can cause session failures, missing routes, or improper route propagation. These mistakes can cause sessions to remain in Idle/Active states or prevent advertised routes from being installed in the routing table.

Below are the most frequent errors, their causes, and how to troubleshoot them effectively. To view a detailed explanation for each issue, simply click the provided links.

Read more

February 15, 2025 - Reading time: 13 minutes

In the previous lesson, we established iBGP peering between two routers in the same Autonomous System (AS 2350) and configured network advertisements.

Last Lesson's Summary:

• iBGP Peering Setup – We configured two routers (Router0 & Router1) to form an iBGP relationship.
• Network Advertisements – Router0 advertised 50.50.50.0/24 and 70.70.0.0/16 into BGP.
• Reachability Requirements – iBGP neighbors must be IP reachable before a BGP session can establish.
• Synchronization & Auto-Summary – The configuration assumes that synchronization is disabled and auto-summary is off to ensure proper route advertisement.

We ended the lesson with a challenge to verify iBGP was properly advertising routes and to advertise Loopback1 on both devices.

Read more