Rajesh Kumar

Cell – 9996400506
Email- rjhajhra5@gmail.com

What type of problem you face?

How to trouble shoot network if one segment get isolate.- steps
What issue are facing in stp.
How router works
On firewall if application not working then what step will you checks.

Hi, I started a few years back using 

Another drawback that I found was that

Facing challenge------

Huh!! What happens when you need to configure a Cisco 3750 immediately for
production network but unfortunately you don’t have console, telnet, or SSH access? I
know it’s damn scary and if it happens at 02:00 hours then you have no one to help you.

Problem:
Recently during an installation, I faced the exact same situation where I was presented
with a Cisco 3750 switch but no methods of accessing it. Forget about SSH and Telnet as
no Management VLAN was configured in it [It was totally an unconfigured one].
You might be thinking of Console access. Right? Damn it was not accessible too. Let me
tell you the problems in brief.

 Only 1 PC had a Serial port and had only Ethernet to Console cable. No USB to
Serial Converter were there.
 Console only displayed debug messages but keystrokes were were accepted.
 All the settings on my hyper terminal were correct and it was as per Cisco’s
recommendation.
 Tried variations of Flow Control, baud rate etc but none helped.
 Tried atleast 4 different applications for console access including putty, hyper
terminal, secure crt, tera term. Results were all same.
 Tried 4 brand new console cables.
After spending about 1 hour trying to figure out getting access to console, I was pretty
sure something was messed up in the console access and I didnot have the USB converter
to check it alternatively.
Tried Recovery mode too but as keystrokes were not accepted no way of typing anything
into recovery mode.
Solution:
 Let the switch boot itself and you can see all the logging messages in the console
screen.
 After the switch is ready, press and hold the Mode button located in the front left
side of the switch.

 Release the button as all the light starts glowing.

 Now in your console screen you will see a message – “Express Setup Mode”.
 Connect an ethernet cable and plug it into the switch (any port). Make sure your
NIC is set to “Obtain IP Address Automatically”.
 You will notice that your PC will get an IP address in the 10.X.X.X series and
DHCP allocation message will also be displayed on the console screen.
 Now, find the default gateway assigned to you but the Switch’s DHCP Server.
 Login via telnet to that server. No password will be asked.
 Issue the following command – setup

 You will be presented with a “System configuration Dialog”. Type Yes to enter
the system.
 Give the following details one by one:
#Hostname
#Enable Secret
#Password
#Management Interface (I selected Management VLAN 1)
 #Assign IP & Subnet Mask (Assign some Class C or Class B IP. Don’t Give Class
A IP now as this is already assigned by DHCP Server, I gave 192.168.254.1/24)
 After you have given the above mentioned details, you will be presented with a
configuration script automatically created based on your given details.
 Double check all configurations. Then if your are sure then press 2.

 It will save the configs.

 Your remote connection will be terminated immediately as Express setup will now
exit followed by switch reboot but no worries.
 Next Set your PC’s IP to the same network as set in Management VLAN 1. ( I set
it to 192.168.254.254/24).
 Telnet into your switch’s IP (192.168.254.1). Enter the passwords and voila you
are good to go.
Enjoyed this post? Share it!




Network issues.-------------------------------
1. Duplicate IP Addresses
When two devices attempt to share a single IP, you see the dreaded “Address Already in Use”
error — with no ability to access the network.

The Quick Fix: The blame for this often rests with your router’s default DHCP configuration.
DHCP is probably trying to assign your new device an address at the beginning of your subnet,
and another device may already occupy these low-numbered addresses with static IPs. If you’ve
just introduced a new device or server to your network, it may have its own DHCP server.
Simply disable the DHCP server on that device to restore sanity to your network.

The Preventive Measure: You can take one simple step to avoid IP conflicts by modifying your
router’s configuration to begin assigning DHCP addresses near the top end of your subnet,
leaving the lower addresses available for devices that require static IPs.
2. IP Address Exhaustion
To troubleshoot this issue, use the ipconfig command. If the workstation has assigned itself an IP
address that begins with 169.x.x.x, it means that no IP address was available from the DHCP
server.

The Quick Fix: Some users on cable internet might not have a local router, in which case IP
addresses are assigned on a limited basis directly from your ISP. You have probably run out
of allowed IP addresses from your ISP. The solution to this is to purchase either a standalone
router or WiFi access point with an integrated router. This creates your own local pool of internal
addresses, ensuring you won’t run out.

If you already have a local router with DHCP, the default address pool might be too small for
your network. By accessing the DHCP settings on the router, you can adjust the size of the
address pool to meet your network’s needs.

The Preventive Measure: It’s important that any internet-connected network have a local router
in operation with NAT and DHCP, both for security reasons and to prevent IP address
exhaustion. The router needs to be the only device connected to the modem, with all other
devices connecting through the router.

3. DNS Problems
Errors such as The Network Path Cannot Be Found, IP Address Could Not Be Found, or DNS
Name Does Not Exist, can usually be traced to a DNS configuration issue. The command line
utility nslookup can be used to quickly show a workstation’s DNS settings.

The Quick Fix: Workstations and other network devices can be configured to use their own
DNS servers, ignoring the server assigned by DHCP. Checking the ‘Internet Protocol Version 4
(TCP/IP)’ settings for your adapter will show if an incorrect DNS server is specified, so just
select “Obtain DNS server address automatically” instead.

The Prevention Measure: Your local router might be configured to operate as a DNS Server,
creating a DNS pass-through to your ISPs servers. On busy networks, this may overload the
capabilities of the router. Change your network’s DHCP settings to directly access your DNS
servers.

4. Single Workstation Unable to Connect to the Network

If only a single workstation is displaying the “No internet” message when opening a web
browser, we can usually assume that the rest of the network is healthy and turn our attention to
any hardware and software that is particular to this system.

The Quick Fix: To resolve this network issue, start by eliminating the obvious communication
barriers such as a bad cable, poor WiFi signal, failing network card or incorrect drivers. Ensure
that the workstation’s network adapter is configured with the correct IP, subnet, and DNS
servers.

If that doesn’t solve the problem, check any firewall software on the device to ensure that
necessary ports are open to the external network. Common ports include 80 and 443 for web
traffic, plus 25, 587, 465, 110, and 995 for email.

The Preventive Measure: It’s usually best to leave all workstation TCP/IP settings to
“Automatically assigned.” Use a DHCP server to hand out a uniform configuration to all devices
on the network. If a static IP is needed on a particular workstation or server, most DHCP servers
allow the ability to create static IP mappings.

5. Unable to Connect to Local File or Printer Shares

Sharing problems are among the most difficult network problems to solve, due to the number of
components that need to be configured properly.

Most commonly, sharing problems arise due to conflicts between mixed security environments.

Even different versions of the same operating system sometimes use slightly different security
models, which can make interconnection of workstations difficult.

The Quick Fix: We can cure sharing problems most efficiently by drilling down through the
possibilities in this order:

1. Ensure that the required services are running. On Windows systems, the server, TCP/IP
NetBIOS Helper, workstation, and computer browser services all need to be running. On
Linux machines, Samba is the primary component required to share with Windows
systems.
2. Check your firewall(s). It’s very common for a workstation’s firewall to be configured to
block file and printer sharing traffic, especially if a new antivirus package is installed that
introduces its own firewall. Firewall issues can also exist at the hardware level, so ensure
that routers or managed switches are passing share traffic within the subnet. Speaking of
subnet….
3. Ensure all workstations are on the same subnet. This problem typically only appears on
complex networks, however, even simple networks sometimes have static-IP equipment
with an improperly configured subnet. The result is that external traffic will move about
just fine, while internal traffic will hit unexpected roadblocks.
4. All Windows network adapters will need File and Printer Sharing for Microsoft
Networks, Client for Microsoft Networks, and NetBIOS over TCP/IP enabled.
5. Once the above checks have passed, it’s finally time to check the most likely culprit,
permissions. There are multiple layers of access required, each with their own interface
within the OS. Check for:

         Systems configured with the wrong workgroup or domain.

         Incorrectly configured HomeGroup.
         Network type set to Public.
          Incorrect NTFS permissions.

6. Local Network is Unable to Connect to the internet

This situation can either be intermittent or persistent. Often times, the most difficult aspect of
dealing with any external network problem is finding the company responsible. And then tasking
them to solve the issue, particularly with intermittent failures that are difficult to trace. It can
sometimes be such a problem that organizations will have to switch internet providers in order to
solve the issue.

The Quick Fix: A router and modem reboot is the first order of business. The tracert then utility
can be used to identify communication breaks. It will clearly hiccup on the particular router hop
that is causing the problem. Contact your ISP with your findings, providing screenshots as
necessary.

The Preventive Measure: To avoid the finger-pointing that can prevent rapid resolution of
external issues, do some research to ensure that you procure connectivity only from local Tier 1
providers. Other ISPs are more than happy to sell you service, however, they are simply
piggybacking the Tier 1 connection, since they don’t actually own the infrastructure in your area.

The goal is to remove as many middle-men as possible, so that when (not if) you experience a
problem, one phone call is all that is required to identify the issue and get technicians to work on
it.

7. Slow Internet Performance

Slow performance is typically due to congestion, or sometimes poor quality connections that
have corroded or otherwise deteriorated. Congestion may not be directly related to bandwidth
exhaustion, as a single overloaded port on a switch or router can diminish network performance.

This can be especially true on leased lines where dedicated bandwidth is to be expected, but
speed tests indicate the network is not reaching it’s rated potential.

The Quick Fix: Use speed test websites, conducting tests from geographically remote servers.
This can pinpoint areas of congestion on the ISP’s network. In the case of cable internet, the
local network is shared amongst your neighbors, committing your ISP to a costly bandwidth
upgrade when saturation occurs. Report your findings to your ISP so that they can take steps to
resolve the issue.

DNS servers are an often overlooked aspect of internet performance. Using incorrect DNS
servers can result in routing congestion or load balancing problems. While you should typically
use your ISP’s DNS settings whenever possible, they may actually be routing traffic through
overloaded web caches. You can temporarily adjust your DNS settings to use OpenDNS instead.
The Preventive Measure: if internet performance is critical, you’ll need to procure adequate
connectivity. While cable internet may be inexpensive, you could be setting yourself up for
frequent jeers from employees. A local DSL operator may offer improved reliability for a
slightly higher cost, but for the most consistent performance, you may find that an expensive
leased line is a requirement for your organization.

There’s plenty of help out there — use it!

The good news is there are a plethora of resources for troubleshooting and solving network
issues, and many of them are free and built into most operating systems. Ping, tracert, ipconfig,
nslookup, and speedtest.net should be in the top drawer of every admin’s toolkit.

More advanced utilities such as Wireshark provide a detailed analysis of your network’s

potential stumbling points, while wardriving tools can be called upon to identify WiFi
performance or interference issues.

Ar

Problem #1: Unknown Assets on the Network

There are many businesses that don’t have a complete inventory of all of the IT
assets that they have tied into their network. This is a massive problem. If you
don’t know what all of the assets are on your network, how can you be sure your
network is secure?

The easiest fix for this is to conduct a review of all the devices on your network
and identify all of the various platforms they run. By doing this, you can know
what all of the different access points are on your network and which ones are
most in need of security updates.

Problem #2: Abuse of User Account Privileges

According to data cited by the Harvard Business Review, for the year of 2016,
“60% of all attacks were carried out by insiders.” Whether it’s because of honest
mistakes (accidentally sending info to the wrong email address or losing a work
device), intentional leaks and misuse of account privileges, or identity theft
arising from a phishing campaign or other social engineering attack that
compromises their user account data, the people inside your business represent
one of the biggest security problems you’ll ever face.

Because these threats come from trusted users and systems, they’re also among
the hardest to identify and stop.

However, there are ways to minimize your risk in case of an insider attack. For
example, if your company uses a policy of least privilege (POLP) when it comes
to user access, you can limit the damage that a misused user account can do. In
a POLP, every user’s access to the various systems and databases on your
network is restricted to just those things that they need to do their jobs.

Problem #3: Unpatched Security Vulnerabilities

Many businesses are concerned with “zero day” exploits. These exploits are
those unknown issues with security in programs and systems that have yet to be
used against anyone. However, zero day vulnerabilities aren’t the problem—
unpatched known vulnerabilities are the problem.

As noted in one CSO online article, “around 6,300 unique vulnerabilities

appeared in 2015. Symantec says that only 54 of them were classified as zero-
days.”

This is because when a “zero day” exploit is used it can be discovered—

becoming a known issue that the software vendor can begin working on. The
more often the exploit is used, the more likely it is to get discovered and patched.
Also, it takes a lot of effort to independently discover a completely unknown
vulnerability in a system.

So, attackers generally prefer to stick to known exploits. In fact, as noted in the
CSO article, “The Verizon Data Breach Report 2016 revealed that out of all
detected exploits, most came from vulnerabilities dating to 2007. Next was 2011.”
In other words, vulnerabilities that were almost a decade old accounted for most
of the breaches in 2016. Let that sink in.

The easiest fix for this problem is to maintain a strict schedule for keeping up with
security patches. Also, gradually changing the programs and operating systems
on your network to make them the same can simplify this process. For example,
if every system is Windows-based or Mac-based (rather than a hodgepodge of
Mac, Windows, Linux, etc.), then you only have to keep track of Mac OS or
Windows OS security patch schedules and alerts.

Problem #4: A Lack of Defense in Depth

Eventually, despite all of your best efforts, there will be a day where an attacker
succeeds in breaching your network security. However, just how much damage
this attacker will be capable of depends on how the network is structured.

The problem is that some businesses have an open network structure where
once an attacker is in a trusted system, they have unfettered access to all
systems on the network.

If the network is structured with strong segmentation to keep all of its discrete
parts separate, then it’s possible to slow down the attacker enough to keep them
out of vital systems while your security team works to identify, contain, and
eliminate the breach.

Problem #5: Not Enough IT Security Management

Another common issue for many companies is that even when they have all of
the best cybersecurity solutions in place, they might not have enough people in
place to properly manage those solutions.

When this happens, critical cybersecurity alerts may get missed, and successful
attacks may not be eliminated in time to minimize damage.

However, finding a large enough internal IT security team to manage all of your
needs can be an expensive and time-consuming process. Qualified professionals
are in demand, and they know it.

To build up IT security staff quickly, many businesses use the services of a

dedicated partner such as Compuquip Cybersecurity. This allows these
businesses to access a full team of experienced cybersecurity professionals for a
fraction of the cost of hiring them full-time internally.
Some businesses use these cybersecurity solutions partners to shore up their IT
security departments in the short-term while they’re preparing their own internal
cybersecurity teams.

Need to solve your network security problems quickly? Contact Compuquip

Cybersecurity to see how we can help you!

Objective:
- Contribute my skills and experiences to enhance the value of a great organization.
Career Summary:
8 + years of experience in design, installation, configuration, administration and
troubleshooting of LAN,VPN and WAN infrastructure and security using Cisco Routers, Switches,
cisco ASA Firewall and Basics of Checkpoint, Palo alto, Cyberoam Firewall. Have good
experience on Windows 7, Window Server and Active Directory.
Educational background:
- B. Tech in Information Technology from AIET FARIDKOT.
- Three year Polytecnic Diploma in Information Technology.
BPO CONVERGENCE
PRIVATE LIMITED, NOIDA
AS A Sr. IT Executive.
Roles & Responsibility (Job Profile):
- Administration and Managing Cisco ASA Firewall, Router and L3 Switches.
- Managing Company Site to site VPN Networks and company internal Network.
- Change Management (Performs network configurations and configuration changes of
various data equipment such as routers, switches and firewall.)
- Designing, implementation and support of the Production Network.
- Analysis, logs, tracks and resolves complex software/hardware matters of significance
pertaining to networking connectivity issues (Such as VLANS, VTP, STP, DTP, Trunking,
DOT1Q, ISL, Stacking, High Availability Protocols HSRP,VRRP,GLBP, Ether channel,) printer, servers,
and applications to meet business needs.
- Perform upgrades, new installations, enhancements and configuration changes as
needed.
- Provide L2/3 support ant troubleshooting to resolve issue, liaise with venders and other
IT personnel for issue resolution.
- Monitoring / evaluating network performance issues including availability, utilization,
throughput, good put, and latency; planning and executing the selection, installation,
configuration, and testing of equipment; defining network policies and procedures;
establishing connections and firewalls.
- Installation, Configuration and Administration of Windows Servers 2012, Active
Directory, FTP, DNS, DHCP.
 - Manage and troubleshoot the IT issue on daily basis.
- Coordinates hardware/software installations and upgrades to ensure work is properly
performed in accordance with company policy.
- Administration and managing Active Directory,

Velocis System Pvt. Ltd. Noida

From July, 2010 to 31 DEC 2018
As Customer Support Engineer
Network Service Engineer, Network Associate.
Projects Undertaken: Working on SWAN (HARYANA STATE WIDE AREA NETWORK)
Roles & Responsibility (Job Profile):

- Installation Configuration and Management of Window, Cisco ASA, Cisco Router, 3COM
Router, Cisco Switch, and H3C switch.
- Was involved in the designing, implementation and support of the WAN, LAN and VPN.
- Maintenance and Troubleshooting of Network connectivity (Such as BGP, EIGRP, OSPF,
Static Routing, Floating Static Routing, Failover. VLANS, VTP, STP, DTP, Trunking, DOT1Q, ISL, Stacking,
High Availability Protocols HSRP,VRRP, GLBP, Ether channel,) related problems, providing new LAN
connection and Configuration.
- Setting up And Managing New user Accounts and computer Accounts.
- Managing & Troubleshooting on Cisco 7200, 2800 & 1800 series Routers and 3COM
Router, Switch.
- Managing & Troubleshooting on Cisco 3700, 2900 & 3500 series Switches.
- Managing Fibre and UTP Connectivity of all Vertical and Horizontal Connectivity.
- Used to Troubleshoot Network Issues coming in day to day activity of Sites.
- Maintained the entire wide area network of 64 sites with multiple point to point leased
circuits.
- Establish the networking environment by designing system configuration, directing
system installation and defining, documenting and enforcing system standards.
- Undertake data network fault investigations in local and wide area environments using
information from multiple sources.
- Co-ordination with concerned vendors for H/W Failures and other concerned issues.
- Administrating LAN and WAN connectivity for Client Sites. Upgrade data network
equipment to the latest stable firmware releases.
- Provide remote support to on-site engineers and end users/customers during
installation.
- liaise with project management teams, third-line engineers and service desk engineers
on a regular basis
- Documents network problems and resolution for future reference.
- Maximizes network performance by monitoring performance; troubleshooting network
problems and outages; scheduling upgrades; collaborating with network architects on
network optimization
- Troubleshoot issues with Network connectivity – LAN,VPN and WAN.
 - Provide Call Support for the Customers to Fix the Issue.

HCL CDC HISSAR

July, 2009 to JUNE, 2010
As – Technical Trainee
Roles & Responsibility:
- Installation & administration of XP, Windows 2000 and 2003 Domain Controllers Active
Directory Design.
- Install active directory services in server and adding client system in to domain.
- Setting up user accounts, permissions and Passwords.
- Administration and Maintenance of Network consisting Windows based systems.
- Upgrading all software to latest technology according to user needs.
- Installation and maintenance of desktop systems along with different peripherals
- Installed and configured DHCP Client/Server, DNS Server, file server etc.
- Installation and configuration of peripherals and devices.
- Give the L1 support IN computer lab ,CCNA lab for Desktop, Laptop, Printers, Scanner,
Network/Power Devices-Router Switch Modem, Installation of Network equipment,
Desktop, Laser & Dot matrix printer, Desktop Management, Antivirus . Joining of
desktop to Domain, Network Printer configuration, Windows XP configuration &
troubleshooting.
- Installed Hard disks, Floppy drives, CD Drives, Sound Blaster cards, CPU, Memory, ,
Network card, Video graphics card, Hard disk controller card on PC systems
- Network setup and troubleshooting TCP/IP, DNS, DHCP, subnets, NIS and NFS for Linux
and Windows based systems.

FUNCTINAL & TECHNICAL SKILL:

 IP Addressing ,OSI Model, TCP/IP Model
 Services – Active Directory DNS, DHCP, FTP, TFTP, TELNET.
 Switching: VLAN, VTP, STP,VSS ,Ether channel, stacking
 Routers (Cisco)800 /1800/ 2841 / 7200,3845,ISR1000, 3Com-20-40
 Gateway Redundancy - HSRP, VRRP,GLBP
 Routing: EIGRP, OSPF, BGP, RIP, IP Routing, HDLC, PPP.
 Security: ACL, NAT, VPN IPsec Tunnel, Port Security,
 Hardware: Switch (Cisco) - Catalyst 2960 / 3550 / 3750 / 3Com-S3100
 Firewall –Checkpoint, ASA Firewall, IPSEC, SSL VPN.
 Active Directory, Window ,Window Server 2003,2008,2012
Training:
BSNL SIRSA:
Duration: One Month (Jan. 2005 - Feb. 2005)
Learn about: 1. Computer H/w Maintenance & Installation Techniques
 2. Transmissions Media.
3. Lease line, Local loop, Dial up Connection, Broadband.
HCL CDC HISSAR:
Duration: Six Month Industrial Training (July-Dec 2008)
Did: HCL Certification in CCNA, RHCE and MCSE