Topics that don't fit in to the other categories
(ISC)2 CAP Video Course

@felicity-collins,

You can make an official course request through the course library. In the bluish area look for a link to Course Request. This allows you post a request or if you already see the request that will allow you to upvote or downvote a particular request.

Using the above instructions will make sure that your request is logged and then others may also be looking for the course may upvote your request. This will allow us to prioritize what ITProTV members want to see produced!

This is the official way to getting courses produced! :)

read more
A+, Network+, Strata IT Fundamentals
Network+ OSI Episode

Hey Tyler,

Great question! The OSI model forms a basis for a lot of what we do in networking so I would watch the OSI first, however you do not have to. Cherokee is right in the fact that we follow the objectives as a guideline. When it comes to the order of content for Network+ you can watch in any order than you need to, so that you can get familiar with the topics!

Congrats on your certification! Keep up the great work. Remember that when you have questions please do not hesitate to ask in the forums!

read more
CCENT, CCNA Routing & Switching, CCNA Security
Setting RIP metric to 3 in a route map
M

iosv-4#sh run | s router
router ospf 1
redistribute connected metric 2000 subnets
redistribute static metric 2000 subnets route-map rip-into-ospf
redistribute rip metric 2000 subnets route-map rip-into-ospf
network 10.0.3.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 0
router rip
version 2
redistribute connected
redistribute static route-map ospf-into-rip
redistribute ospf 1 route-map ospf-into-rip
network 172.16.0.0
default-metric 1
no auto-summary
iosv-4#

route-map rip-into-ospf:
This route-map first does a deny on OSPF sent back into OSPF from RIP
second, sets the rip route tag to 120 and third allows anything through

route-map rip-into-ospf deny 10
match tag 110
!
route-map rip-into-ospf permit 20
set tag 120
!
route-map rip-into-ospf permit 30

route-map ospf-into-rip:
This route-map on 5 and 7 does both methods of tagging 192.168.3.0 to a metric of 3
and tag of 110 (OSPF). 10 is a deny on all RIP routes back into RIP. 20 tags all OSPF
routes as 110 (OSPF). 30 permits all traffic.

5 and 7 use a access-list 3 and 103 (extended) to map traffic from 192.168.3.0/24.

!
route-map ospf-into-rip permit 5
match ip address 103
set metric 3
set tag 110
!
route-map ospf-into-rip permit 7
match ip address 3
set metric 3
set tag 110
!
route-map ospf-into-rip deny 10
match tag 120
!
route-map ospf-into-rip permit 20
set tag 110
!
route-map ospf-into-rip permit 30
!
!
access-list 3 permit 192.168.3.0 0.0.0.255
access-list 103 permit ip any 192.168.3.0 0.0.0.255

On iosv-1 amd iosv-4, no auto-summary is enabled so that the routes so up in RIP.

iosv-1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

R 10.0.0.0/8 [120/1] via 172.16.5.1, 00:00:13, GigabitEthernet0/1
R 10.0.3.0/24 [120/1] via 172.16.3.1, 00:00:25, GigabitEthernet0/2
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
C 172.16.1.0/24 is directly connected, GigabitEthernet0/3
L 172.16.1.2/32 is directly connected, GigabitEthernet0/3
C 172.16.3.0/24 is directly connected, GigabitEthernet0/2
L 172.16.3.2/32 is directly connected, GigabitEthernet0/2
C 172.16.5.0/24 is directly connected, GigabitEthernet0/1
L 172.16.5.2/32 is directly connected, GigabitEthernet0/1
R 192.168.1.0/24 [120/1] via 172.16.1.1, 00:00:07, GigabitEthernet0/3
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, GigabitEthernet0/4
L 192.168.2.1/32 is directly connected, GigabitEthernet0/4
R 192.168.3.0/24 [120/1] via 172.16.5.1, 00:00:13, GigabitEthernet0/1
R 192.168.4.0/24 [120/1] via 172.16.5.1, 00:00:01, GigabitEthernet0/1
[120/1] via 172.16.3.1, 00:00:25, GigabitEthernet0/2
R 192.168.5.0/24 [120/1] via 172.16.5.1, 00:00:13, GigabitEthernet0/1
iosv-1#

R 192.168.3.0/24 [120/1] via 172.16.5.1, 00:00:13, GigabitEthernet0/1

Now 192.168.3.0 has only one route in RIP with a metric of 1.

If I do a shut on int g0/1 to iosv-2, it forces the route change to use iosv-4:

interface GigabitEthernet0/1
description to iosv-2
ip address 172.16.5.2 255.255.255.0
shutdown
duplex full
speed auto
media-type rj45

iosv-1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 2 subnets

R 10.0.1.0 [120/1] via 172.16.3.1, 00:00:13, GigabitEthernet0/2
R 10.0.3.0 [120/1] via 172.16.3.1, 00:00:13, GigabitEthernet0/2
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
C 172.16.1.0/24 is directly connected, GigabitEthernet0/3
L 172.16.1.2/32 is directly connected, GigabitEthernet0/3
C 172.16.3.0/24 is directly connected, GigabitEthernet0/2
L 172.16.3.2/32 is directly connected, GigabitEthernet0/2
R 172.16.5.0/24 [120/1] via 172.16.3.1, 00:00:13, GigabitEthernet0/2
R 192.168.1.0/24 [120/1] via 172.16.1.1, 00:00:21, GigabitEthernet0/3
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, GigabitEthernet0/4
L 192.168.2.1/32 is directly connected, GigabitEthernet0/4
R 192.168.3.0/24 [120/3] via 172.16.3.1, 00:00:13, GigabitEthernet0/2
R 192.168.4.0/24 [120/1] via 172.16.3.1, 00:00:13, GigabitEthernet0/2
R 192.168.5.0/24 [120/1] via 172.16.3.1, 00:00:13, GigabitEthernet0/2
iosv-1#

R 192.168.3.0/24 [120/3] via 172.16.3.1, 00:00:13, GigabitEthernet0/2

Now, 192.168.3.0/24 has a metric of 3 using the bottom route through iosv-4.

read more
MTA, MCSA Windows 8, MCSE Windows Server 2012
Advice on Sites and Subnets

Hey @shifty ,

I don't think it will break your current AD setup, but I can't guarantee that. Microsoft recommends "making a system state backup of the Schema master and at least one other domain controller from each domain in the forest." The only failures I've ever seen are permission issues (account used to run adprep must be in the domain admins, enterprise admins, and schema admins groups) or connectivity issues (cannot contact schema master) or replication issues (cannot verify successful replication on schema master). These errors occur when adprep is running tests, before it changes anything.

That being said, there is nothing wrong with running it manually. Especially if it gives you peace of mind and reduces your stress levels :) Plus it's a great experience, like you are pulling back the curtain and seeing the magic behind the scenes,, lol.

Are you familiar with the process of running adprep? You'll need to run /forestprep, /domainprep, and /gpprep (maybe). There also some new parameters, like /wssg, which returns an expanded set of exit codes, instead of just 0 (Success) and 1 (Failure).

Here is a link to a great Technet article. It has steps to prepare for each command, and how to verify they completed successfully before running the next command.

read more
Security+, CASP, CEH, SSCP and CISSP
PFSense with 3 NICs

@CyberWarrior ,

Please check the following to make the interfaces connect to internet from pfSense.

Check your firewall rules, verify that your LAN2 traffic has a rule where LAN2 is your source and then * is your destination . Also that protocol is any. Check your NAT Rules under outbound verify you have NAT rules for the WAN interface with your LAN2 subnet using the WAN address.

If you don't have #1, then Adam's advice will help and you'll need to set up the rule for LAN2.

But it's not all, because you're using Private IP Addresses (RFC 1918) for your LAN2, you'll also need to configure NAT to work with them. If this outbound NAT is missing, traffic will not be allowed out either.

Try both of these and let me know what the result is...I may have missed something!

addendum you may also need to set your DNS servers for LAN2 as well.

read more
ACA, ACSP and ACTC
certificates

Hey Russell,

If you would like to see the results of different types of invalidate certificates you can browse to https://badssl.com/
which is a site that I use on the show to demonstrate certificate valid. It is from some of the Google and Mozilla dev crew. Hopefully you find it valuable too.

read more

IT Service Managment

ITIL Intermediate Service Operations - slides

@Derek-Agar252,

The slides are proprietary to PassionIT. If you sign up through PassionIT, it will provide you with the course materials that is mentioned in the show that Jo Peacock. The slide deck will probably not be available.

read more