Best Institute For CCNA Course in Delhi, India

About Rooman Technologies

Best Institute For CCNA Course in Delhi, India

Rooman is a premier IT Training company, which has been voted as India ‘s No.1 in Networking and Internet Security. Countless international tie-ups and world class training facilities have set us apart and established our stand of being the best training institute for Hardware, Networking and Internet Security. With Rooman’s wide network of branches in India and abroad, internationally certified faculty, proven instructional methodology and a well connected placement cell, one is sure to soar into great career heights.

Course Outlet

Cisco certification ensures high standards of technical expertise. You will develop a complete understanding of Wide Area Networking and how different network topologies work together to form a network. This is beneficial to every networking job and is the reason Cisco certification is in such high demand, even at companies with few Cisco devices. Achieving Cisco certification—at any level—means joining the ranks of skilled network professionals who have earned recognition and respect in the industry. The CCNA certification is the first in the new line of Cisco certifications and is a precursor to all current Cisco certifications.

Audience : Those who are taking their first steps into WAN Admin and want to learn how to administer Cisco Routers and Switches.

Prerequisite : Working knowledge of Local Area Network.

Duration of the course : Part Time : 30 Sessions (2 hrs/day)
Full Time  : 7 Sessions (8 hrs/day)

Key Benefits : By the end of the course, students will be able to Plan IP Addressing, Install and configure Cisco Router in an Internetwork, secure Network by access-list and Manage Virtual LAN & WAN.

Rooman Technologies Vikaspuri Pvt Ltd.

Center :                        Rooman, Vikaspuri
Contact Person(s) :     Sandeep Barsaiyan
Address :                     C-9,New Krishna Park, Near west Janakpuri Metro Station
Phone :                         011- 41582663, +919891093219
Email :                
Web Blog:         


Asus Launching 5 New Routers

Asus Routers

Asus is getting ready to revamp its entire router product range and it seems like the company got really fond of its “Black Diamond” series design as we’re looking at no less than five new models based on the same overall design. The best news of it all is that Asus is finally ready to launch the RT-N66U dual band router, but the design has changed quite a bit since it was first shown way back at CES in January.

Asus’ first router in the Black Diamond series was the RT-N56U, although it has very recently been joined by the RT-N53 which is Asus’ second dual band router, although it’s a much more basic model with only 2×2 MIMO, no simultaneous dual band and no USB connectivity, although it’s about half the price of the RT-N56U and it keeps the Gigabit switch.

Starting at the bottom of the new models we have the RT-N10 LX which is a basic 802.11n single antenna 150Mbps router with a standard 10/100Mbps switch and a mere 4MB of flash and 16MB of RAM. Moving up a step we have the RT-N12 LX which gains 2×2 MIMO support which offers 300Mbps connectivity speeds, but is otherwise near identical in terms of functionality to the RT-N10 LX. Both of these models sit flat and have fixed external antennas unlike the other Black Diamond series routers.

Next up we have the RT-N15U and this model has a pair of PCB antennas and support for 300Mbps MIMO connectivity. It also has a Gigabit switch, a Gigabit WAN port and a single USB port (although some specs we’ve seen is suggesting it might have two) that supports storage devices and printers. It also sports a built in FTP server and supports UPnP AV. The RT-N15U will likely replace the current RT-N16 over time.

Finally the top of the line model is the highly anticipated RT-N66U which initially was thought to be an Asus R.O.G. branded router, but now that’s expected to be the rumoured RT-N76U. The RT-N66U is a simultaneous dual band router with Gigabit speed for the WAN and LAN ports, three detachable antennas that are used for both the 2.4GHz and 5GHz bands and Wi-Fi speeds of up to 450Mbps on both bands. It also sports two USB 2.0 ports which can be used with storage devices and printers. The router sports a new UI which we sadly don’t have a high enough resolution picture of to post, but the general layout and design is similar to that of Asus’ UEFI. There’s of course support for FTP server, UPnP AV and various other features. The RT-N66U should be based on a 600MHz SoC paired up with 32MB of Flash and 1GB of DDR2 memory if initial specs prove to be correct.

In addition to the new routers, Asus is also launching the USB-N53, a dual band USB dongle with 2×2 MIMO antennas for speeds of up to 300Mbps and it’s been designed to go with the Black Diamond series of routers. Asus has started to make some pretty impressive network kit and our only reservation about Asus’ Wi-Fi products is the comparatively high price of some of its products, such as the RT-N56U which is still one of the more expensive consumer routers out there. Sadly we don’t know what the new models will cost, but we’re expecting that the RT-N66U will be even pricier than the RT-N56U.

Note: Do note that the specs of the RT-N66U were based on what was said back in January when the unit was demoed at CES, it’s likely that it’ll come with 256MB of RAM, but we don’t know the actual specifications, so we’ll just have to wait and see when it launches.

Asus 5 Routers

Asus 5 Routers

How To Configure Standard Access Control List with Simple Steps

Because a standard access list filters only traffic based on source traffic, all you need is the IP address of the host or subnet you want to permit or deny. ACLs are created in global configuration mode and then applied on an interface. The syntax for creating a standard ACL is
access-list {1-99 | 1300-1999} {permit | deny} source-address
[wildcard mask] 

In this article we will configure standard access list. If you want read the feature and characteristic of access list reads this previous article.

In this article we will use a RIP running topology. Which we created in RIP routing practical.

Download this RIP routing topology and open it in packet tracer

Three basic steps to configure Standard Access List

  • Use the access-list global configuration command to create an entry in a standard ACL.
  • Use the interface configuration command to select an interface to which to apply the ACL.
  • Use the ip access-group interface configuration command to activate the existing ACL on an interface.

With Access Lists you will have a variety of uses for the wild card masks, but typically For CCNA exam prospective you should be able to do following:

  1. Match a specific host,
  2. Match an entire subnet,
  3. Match an IP range, or
  4. Match Everyone and anyone

Match specific hosts

You have given a task to block from gaining access on While must be able to communicate with networks. Other computer from the network of must be able to connect with the network of

Decide where to apply ACL and in which directions.
Our host must be able to communicate with other host except so we will place this access list on FastEthernet 0/1 of R2 (2811) connected to the network of Direction will be outside as packet will be filter while its leaving the interface. If you place this list on R1(1841) then host will not be able to communicate with any other hosts including

To configure R2 double click on it and select CLI (Choose only one method result will be same)

R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#access-list 1 deny host
R2(config)#access-list 1 permit any
R2(config)#interface fastEthernet 0/1
R2(config-if)#ip access-group 1 out


R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#access-list 1 deny
R2(config)#access-list 1 permit any
R2(config)#interface fastEthernet 0/1
R2(config-if)#ip access-group 1 out

To test first do ping from to it should be request time out as this packet will filter by ACL. Then ping it should be successfully replay.


Pinging with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


Pinging with 32 bytes of data:

Request timed out.
Reply from bytes=32 time=140ms TTL=126
Reply from bytes=32 time=156ms TTL=126
Reply from bytes=32 time=112ms TTL=126

Ping statistics for
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 112ms, Maximum = 156ms, Average = 136ms

As we applied access list only on specific host so other computer from the network of must be able to connect with the network of To test do ping from to


IP Address......................:
Subnet Mask.....................:
Default Gateway.................:


Pinging with 32 bytes of data:

Request timed out.
Reply from bytes=32 time=141ms TTL=126
Reply from bytes=32 time=140ms TTL=126
Reply from bytes=32 time=125ms TTL=126

Ping statistics for
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 125ms, Maximum = 141ms, Average = 135ms

Match an entire subnet


You have given a task to the network of from gaining access on While must be able to communicate with networks .


Wildcards are used with access lists to specify an individual host, a network, or a certain range of a network or networks.

Formula to calculate wild card mask for access list

The key to matching an entire subnet is to use the following formula for the wildcard mask. It goes as follows:
Wildcard mask = – subnet
So for example if my current subnet was, the mask would be
255 .0 .0 .0 -
0. 255 .255.255

Once you have calculated the wild card mask rest is same as we did in pervious example

Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#access-list 2 deny
R2(config)#access-list 2 permit any
R2(config)#interface fastethernet 0/1
R2(config-if)#ip access-group 2 out

To test first do ping from to it should be request time out as this packet will filter by ACL. Then ping it should be successfully replay.
Now do ping from to an
d further result should be same as the packet is filtering on network based

Match an IP range

You are a network administrator at You task is to block an ip range of – from gaining access to the network of


Our range is – In order to find the mask, take the higher IP and subtract from it the lower IP. -

In this case the wildcard mask for this range is
To permit access to this range, you would use the following:

Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#access-list 2 deny
R2(config)#access-list 2 permit any
R2(config)#interface fastethernet 0/1
R2(config-if)#ip access-group 2 out

One thing to note is that each non-zero value in the mask must be one less than a power of 2, i.e. 0, 1, 3, 7, 15, 31, 63, 127, 255.

Match Everyone and Anyone

This is the easiest of Access-Lists to create, just use the following:
access-list 1 permit any
access-list 1 permit

Secure telnet session via standard ACL

This is among the highly tested topic in CCNA exam. We could use extended ACL to secure telnet session but if you did that, you’d have to apply it inbound on every interface, and that really wouldn’t scale well to a large router with dozens, even hundreds, of interfaces.Here’s a much better solution:
Use a standard IP access list to control access to the VTY lines themselves.
To perform this function, follow these steps:

  1. Create a standard IP access list that permits only the host or hosts you want to be able to telnet into the routers.
  2. Apply the access list to the VTY line with the access-class command

Secure R2 in a way that only can telnet it beside it all other telnet session should be denied

R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#access-list 3 permit host
R2(config)#line vty 0 4
R2(config-line)#password vinita
R2(config-line)#access-class 3 in

To test do telnet from first is should be successful.


IP Address......................:
Subnet Mask.....................:
Default Gateway.................:

Trying ...

User Access Verification


Now telnet it from any other pc apart from it must be filter and denied


IP Address......................:
Subnet Mask.....................:
Default Gateway.................:

Trying ...

% Connection refused by remote host

Network Security Reconnaissance Attack Password attack methods

 Reconnaissance Attack
A reconnaissance attack occurs when an adversary tries to learn information about your network Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities.
Reconnaissance is also known as information gathering and, in most cases, precedes an actual access or DoS attack. First, the malicious intruder typically conducts a ping sweep of the target network to determine which IP addresses are alive. Then the intruder determines which services or ports are active on the live IP addresses. From this information, the intruder queries the ports to determine the type and version of the application and operating system running on the target host.
Reconnaissance is somewhat analogous to a thief investigating a neighborhood for vulnerable homes, such as an unoccupied residence or a house with an easy-to-open door or window. In many cases, intruders look for vulnerable services that they can exploit later when less likelihood that anyone is looking exists.

Access Attacks

An access attack occurs when someone tries to gain unauthorized access to a component, tries to gain unauthorized access to information on a component, or increases their privileges on a network component. Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information.

DoS Attacks

DoS attacks involve an adversary reducing the level of operation or service, preventing access to, or completely crashing a network component or service.

Password Attacks

A password attack usually refers to repeated attempts to identify a user account, password, or both. These repeated attempts are called brute-force attacks. Password attacks are implemented using other methods, too, including Trojan horse programs, IP spoofing, and packet sniffers.

Password attack threat-mitigation methods

A security risk lies in the fact that passwords are stored as plaintext. You need to encrypt passwords to overcome risks. On most systems, passwords are processed through an encryption algorithm that generates a one-way hash on passwords. You cannot reverse a one-way hash back to its original text. Most systems do not decrypt the stored password during authentication; they store the one-way hash. During the login process, you supply an account and password, and the password encryption algorithm generates a one-way hash. The algorithm compares this hash to the hash stored on the system. If the hashes are the same, the algorithm assumes that the user supplied the proper password.
Remember that passing the password through an algorithm results in a password hash. The hash is not the encrypted password, but rather a result of the algorithm. The strength of the hash is that the hash value can be recreated only with the original user and password information and that retrieving the original information from the hash is impossible. This strength makes hashes perfect for encoding passwords for storage. In granting authorization, the hashes, rather than the plain password, are calculated and compared.
Password attack threat-mitigation methods include these guidelines:

  • Do not allow users to have the same password on multiple systems. Most users have the same password for each system they access, as well as for their personal systems.
  • Disable accounts after a specific number of unsuccessful logins. This practice helps to prevent continuous password attempts.
  • Do not use plaintext passwords. Use either a one-time password (OTP) or an encrypted password.
  • Use strong passwords. Strong passwords are at least eight characters long and contain uppercase letters, lowercase letters, numbers, and special characters. Many systems now provide strong password support and can restrict users to strong passwords only.
The standard authentication protocols used by various network services, such as RAS and VPN, for authentication include the following:

Password Authentication Protocol

Password Authentication Protocol (PAP) The Password Authentication Protocol sends the user’s username and password in plain text. It is very insecure because someone can analyze and interpret the logon traffic. This is the authentication protocol used by the basic authentication method mentioned previously.

Challenge Handshake Authentication Protocol

Challenge Handshake Authentication Protocol (CHAP) With the Challenge Handshake Authentication Protocol, the server sends a client a challenge (a key), which is combined with the user’s password. Both the user’s password and the challenge are run through the MD5 hashing algorithm (a formula), which generates a hash value, or mathematical answer, and that hash value is sent to the server for authentication. The server uses the same key to create a hash value with the password stored on the server and then compares the resulting value with the hash value sent by the client. If the two hash values are the same, the client has supplied the correct password. The benefit is that the user’s credentials have not been passed on the wire at all.

Microsoft Challenge Handshake Authentication Protocol MS-CHAP

Microsoft Challenge Handshake Authentication Protocol MS-CHAP uses the Microsoft Point-to-Point Encryption (MPPE) protocol along with MS-CHAP to encrypt all traffic from the client to the server. MS-CHAP is a distinction of the CHAP authentication protocol and uses MD4 as the hashing algorithm versus MD5 used by CHAP.


MS-CHAPv2 With MS-CHAP version 2 the authentication method has been extended to authenticate both the client and the server. MS-CHAPv2 also uses stronger encryption keys than CHAP and MS-CHAP.

Extensible Authentication Protocol (EAP)

Extensible Authentication Protocol (EAP) The Extensible Authentication Protocol allows for multiple logon methods such as smartcard logon, certificates, Kerberos, and public-key authentication. EAP is also frequently used with RADIUS, which is a central authentication service that can be used by RAS, wireless, or VPN solutions.

How to Configure Switch Port Security Ethereal Channel

In this article I will show you that how can you

  • Configuring the IP address and subnet mask
  • Setting the IP default gateway
  • Enable telnet session for switch
  • Enable Ethereal Channel
  • Enable port security

To perform this activity download this lab topology and load in packet tracer or create your own topology as shown in figure

Configure IP address subnet mask and default gateway

IP address and default gateway is used to configure switch remotely via telnet or SSH. Without this essential configurations you have connect with switch via console cable each time. That’s very tedious as you have to go near to switch each time.

Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S1
S1(config)#interface vlan 1
S1(config-if)#ip address
S1(config-if)#no shutdown
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
S1(config)#ip default-gateway

Enable Telnet and password protect the line

You can secure a switch by using passwords to restrict various levels of access. Using passwords and assigning privilege levels are simple ways of providing both local and remote terminal access control in a network. Passwords can be established on individual lines, such as the console, and to the privileged EXEC (enable) mode. Passwords are case sensitive. By default There are five VTY ports on the switch, allowing five simultaneous Telnet sessions, noting that other Cisco devices might have more than five logical VTY ports. The five total VTY ports are numbered from 0 through 4 and are referred to all at once as line vty 0 4.

S1(config)#line console 0
S1(config-line)#password vinita
S1(config)#line vty 0 4
S1(config-line)#password vinita

Enable Switch port security

this feature set allows you (among several other options) to disable a port if more than one MAC address is detected as being connected to the port. This feature is commonly applied to ports that connect security-sensitive devices such as servers. You can use the port security feature to restrict input to an interface by limiting and identifying MAC addresses of the stations allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward packets with source addresses outside the group of defined addresses.

Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S2
S2(config)#interface fastEthernet 0/1
S2(config-if)#switchport mode access
S2(config-if)#switchport port-security
S2(config-if)#switchport port-security maximum 1
S2(config-if)#switchport port-security mac-address sticky
S2(config-if)#switchport port-security violation shutdown

You can verify port security.

  • Click on the red x button on the right hand portion of the PT window. This will allow you to delete a connection in the topology. Place the x over the connection between Server and S2 and click. The connection should disappear.
  • Select the lightening bolt button on the bottom left-hand corner of the PT window to pull up connection types. Click the “copper straight-through” connection. Click the TestPC device and select the fastethernet port. Next, click on S2 and select port Fa0/1.
  • From the command prompt of TestPC type the command ping The ping should fail.
  • On S3, enter the command show port-security interface fa0/1.

Port security is enabled, port-status is secure-shutdown, security violation count is 1.

Configure Ethereal channel

Ethereal Channel allows you to combine switch ports to increase more bandwidth. If you connect switch ports without Ethereal Channel configurations STP switch’s in built function will shutdown one of these port to avoid loop. You can download this example topology for practice of Ethereal Channel .

  • To enable EtherChannel on DLS1, enter the interface range mode for ports F0/11 and F0/12 on with the command interface range f0/11 - 12.
  • Enter the command switchport mode trunk.
  • Enter the command channel-group 1 mode desirable.
  • Repeat steps a through c on DLS2.
DLS1#configure terminal
DLS1(config)#interface range fastEthernet 0/11 - 12
DLS1(config-if-range)#switchport mode trunk
DLS1(config-if-range)#channel-group 1 mode desirable

WiFi Hacking Is Now Legal in Dutch !

Breaking in to an encrypted router and using the WiFi connection is not an criminal offence, a Dutch court ruled. WiFi hackers can not be prosecuted for breaching router security.

A court in The Hague ruled earlier this month that it is legal to break WiFi security to use the internet connection. The court also decided that piggybacking on open WiFi networks in bars and hotels can not be prosecuted. In many countries both actions are illegal and often can be fined.

The ruling is linked to a case of a student who threatened to shoot down everyone at the Maerlant College in The Hague, a high school. He posted a threat on the internet message board using a WiFi connection that he broke into. The student was convicted for posting the message and sentenced to 20 hours of community service, but he was acquitted of the WiFi hacking charges.

The Judge reasoned that the student didn’t gain access to the computer connected to the router, but only used the routers internet connection. Under Dutch law breaking in to a computer is forbidden.

A computer in The Netherlands is defined as a machine that is used for three things: the storage, processing and transmission of data. A router can therefore not be described as a computer because it is only used to transfer or process data and not for storing bits and bytes. Hacking a device that is no computer by law is not illegal, and can not be prosecuted, the court concluded.

If a secure WiFi connection is hacked or an open network is used for WiFi leeching, the action could be tried under civil law, said criminal lawyer Mathieu van Linde of Blokzijl Advocaten . The ruling led to some controversy in The Netherlands. Van Linde found the verdict “remarkable”. He reckoned that most people from The Netherlands assume hacking a WiFi network is illegal. He also added that the law used by the court in this case was formed in the early nineties, and could be outdated, since it was not intended to cover WiFi networks.
The Dutch attorney general decided to appeal the verdict. Within two years the case will be reviewed by the High Court of The Netherlands that will decide if a router can be defined as a computer under Dutch law.

Hacking or even ‘piggybacking’ on an open WiFi connection is illegal in a wide variety of nations. In some states in the US unauthorized access of a network is an criminal offense, in other states piggybacking can be fined. WiFi leechers in the UK can be fined or arrested, depending on the intentions of the leecher.

Subnet Mask Quick Reference Chart

Subnet Mask Quick Reference Chart
What Is Subnet Mask?
A mask used to determine what subnet an IP address belongs to. An IP address has two components, the network address and the host address. For example, consider the IP address Assuming this is part of a Class B network, the first two numbers (150.215) represent the Class B network address, and the second two numbers (017.009) identify a particular host on this network.

Subnetting enables the network administrator to further divide the host part of the address into two or more subnets. In this case, a part of the host address is reserved to identify the particular subnet. This is easier to see if we show the IP address in binary format. The full address is:


The Class B network part is:


and the host address is


If this network is divided into 14 subnets, however, then the first 4 bits of the host address (0001) are reserved for identifying the subnet.

The subnet mask is the network address plus the bits reserved for identifying the subnetwork. (By convention, the bits for the network address are all set to 1, though it would also work if the bits were set exactly as in the network address.) In this case, therefore, the subnet mask would be 11111111.11111111.11110000.00000000. It’s called a mask because it can be used to identify the subnet to which an IP address belongs by performing a bitwise AND operation on the mask and the IP address. The result is the subnetwork address:

Subnet Mask 11111111.11111111.11110000.00000000
IP Address 10010110.11010111.00010001.00001001
Subnet Address 10010110.11010111.00010000.00000000

The subnet address, therefore, is

Cisco UCS Leads the Industry in Server Performance and Productivity

On April 5th, 2011, Cisco participated in the Intel® Xeon® Processor E7 Product Family Announcement with NINE new world record performance benchmark results highlighting the Cisco Unified Computing System’s outstanding performance and IT productivity across key data center workloads. Cisco also announced the broadening of its server portfolio with the introduction of the Cisco UCS C260 enterprise server, an Intel Xeon processor E7 family based platform designed for most data demanding business critical IT challenges. The Cisco Unified Computing System’s outstanding performance benchmark results are highlighted in the Intel® Xeon® processor E7 Family-based Platform Performance Highlights (April 5, 2011) announcement.

Fundamentally, this record setting performance further reinforces the Cisco Unified Computing System’s ability to deliver next generation compute across bare-metal, high performance computing (HPC) and in the most complex virtualization and cloud computing environments in the data center. Check out the Performance Brief for additional information on the nine new Cisco UCS world record benchmarks. The detailed benchmark disclosure reports are available here.

So the momentum continues…In two short years, the Cisco UCS has captured over 40 world records for performance and IT productivity taking its place among the most trusted server vendors on the market. Check out the Cisco Unified Computing System™ Performance Leadership Presentation.