How To Use Xcode’s Auto Layout To Center Elements In An iOS App

Centering elements in Interface Builder is very simple, because Xcode will snap items to the vertical or horizontal center of the canvas, the same way that other Apple apps help you center items in a document (Pages and Keynote are the first examples that came to my mind).

However, when it comes to iOS apps, just because an element looks centered in the canvas, doesn’t mean that it will be centered all the time on every device: if you switch to a device with a different screen size (even in the simulator), the elements won’t be centered anymore.

This is because, in Interface Builder, you place elements with fixed positioning by default. If you want your app to look the same on every screen size, you will have to use a technique called Auto Layout.

Continue reading

How To Add A Launch Screen To An iOS App

I have recently started to play around with Swift programming as I always wanted to code something for iOS, but always ended up either lacking the time to do it, or developing for Android, a platform with which I am more experienced since my university days.

One of the most confusing things for me, coming from Android development and its interfaces in plain XML, was getting used to Interface Builder in Xcode, finding the elements I need, ultimately, getting the storyboard files to do what I want them to do. Also, navigating the Xcode project settings is no easy task for a beginner, so I am still finding roadblocks every time I try to do the most simple tasks.

Continue reading

Apple Refuses To Comply With FBI’s Request To Build A Backdoor To The iPhone

From yesterday’s letter by Tim Cook to Apple customers:

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

Continue reading

Microsoft Acquired Swiftkey

The news became official yesterday, as published on the Swiftkey and Microsoft blogs. An extract from the Swiftkey blog:

We’re excited to announce an important milestone on SwiftKey’s journey. As of today, we have agreed to join the Microsoft family.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. Our mission is to enhance interaction between people and technology. We think these are a perfect match, and we believe joining Microsoft is the right next stage in our journey.

I must say that I could see this coming sooner or later (not that Microsoft specifically would buy it, but that one of the big players would do so).

I must also say that perhaps Microsoft is the least of all evils when it comes to this kind of things (remember what happened to the beautiful Sparrow app when it was acquired by Google?) If anything, at least now we will have Swiftkey on Windows Phone as well, which is one of the apps I was missing the most on the Lumia I own, having become so accustomed to using it daily on my Android phone.

IOS for CCENT – The Most Useful Show Commands

As the last entry of the series, I thought it might be nice to have a reference of some of the most useful show commands, as they are of fundamental importance not only for the exam labs but in real world deployments as well. I will try to break them down into different sections, grouping the commands by area whenever possible.

This should not be considered a comprehensive list, but simply the show commands that you are more likely to be using more than others while preparing for the CCENT exam.

Continue reading

IOS for CCENT – Configuring IPv6

First things first: routers using IOS are shipped with only IPv4 routing enabled by default. This means that when you turn on a Cisco router for the first time, you don’t have to type ip routing, but IPv6 is disabled by default, and you need to explicitly enable it with the ipv6 unicast-routing command.

Most of the commands will remain pretty much the same, with the exception that they will be introduced by the ipv6 command instead of the ip command. So for example, these are some IPv6 counterparts of some of the IPv4 commands that we have met in this series already:

  • ipv4 address $address/$netmask_bits
  • show ipv6 interface brief
  • ping ipv6 $address
  • show ipv6 route and ipv6 route
  • ipv6 router

Speaking about the ipv6 router command, here is where Cisco introduced the biggest differences: configuring OSPF in its IPv6 version is quite different but, luckily, easier.

Configuring OSPFv3

OSPFv3 is the IPv6 version of OSPF. There are two main differences between OSPFv2 and OSPFv3 when it comes to configure them on Cisco routers:

  • If your network is using IPv6 only, then OSPF will fail to generate a valid router ID. OSPFv2 does this automatically, selecting the highest IP address available on any IPv4 interface. Since you don’t have any IPv4 addresses to choose from, however, you need to specify a router ID manually
  • The network command and its confusion is gone. Now you enable OSPF directly in interface configuration mode rather than in OSPF configuration mode

These are the steps to configure OSPFv3 on IOS:

ipv6 router ospf $ospf_process_id
router-id A.B.C.D

Now, instead of specifying the network and the wildcard mask like it was necessary on the IPv4 version, you simply assign the interfaces that are going to run OSPF to your OSPF process id:

ipv6 ospf $process_id area $area_number

That’s it, you have now successfully configured OSPF.

IOS for CCENT – Configuring DHCP and NAT

Configure DHCP

Configuring DHCP is pretty straighforward, you just need to decide what network is going to be served, the DNS server and the default router information that are going to be pushed to the clients. Before beginning, make sure you have assigned an IP address to your router interface.

ip dhcp excluded-address $first_excluded_ip $last_excluded_ip
ip dhcp pool LAN
network $dhcp_network $netmask
dns-server $dns_ip
default-router $router_ip

DHCP relay

Most of the time, you will find DHCP servers on networks rather than DHCP services on routers. In cases like this, the DHCP server might be on a remote network, so by default, requests from clients for an IP address will fail (the client sends a broadcast to request an IP address, but broadcasts are blocked by routers). In this scenario you need to configure an IP helper address on the router that is going to take care of DHCP requests and will be used to forward them to the DHCP server.

To do this, go into interface configuration mode (the interface should be the local LAN interface of clients requesting IP addresses) and type the following command:

ip helper-address $DHCP_server_ip

This request will be encapsulate in a unicast frame for the DHCP server, and the source IP address will be the router’s incoming interface. This will assure that the DHCP server will be able to pick an IP address from the correct address pool based on the subnet of the LAN from which the request is coming.


The steps to follow to configure NAT vary based on the type of NAT you want to configure: static, dynamic or PAT (also called NAT overload).

Static NAT

These are the high level steps necessary to configure static NAT:

  1. Identify interfaces
  2. Configure mappings and enable NAT

And these are the IOS commands to do it:

ip nat inside # On the inside interface
ip nat outside # On the outside interface
ip nat inside source static $inside_local_address $inside_global_address

Dynamic NAT

These are the high level steps necessary to configure dynamic NAT:

  1. Identify interfaces
  2. Use an ACL to configure the address pool that is going to be translated
  3. Configure the pool of outside addresses to use
  4. Enable NAT using these two pools

And these are the IOS commands to do it:

ip nat inside # On the inside interface
ip nat outside # On the outside interface
access-list $acl_number permit # A standard ACL is enough
ip nat pool $pool_name $first_address $last_address
ip nat inside source list $acl_number netmask $netmask


These are the high level steps necessary to configure PAT:

  1. Identify interfaces
  2. Use an ACL to configure the address pool that is going to be translated
  3. Enable NAT using this ACL and the outside interface, specifying it’s going to be NAT overload

And these are the IOS commands to do it:

ip nat inside # On the inside interface
ip nat outside # On the outside interface
access-list $acl_number permit # A standard ACL is enough
ip nat inside source list $acl_number interface $outside_interface overload

NAT overload is optional of course, but without it, only the first client will get an outside IP address and will therefore get connected to the external network.

IOS for CCENT – Configuring Access Control Lists

There are two types of Access Control Lists on which the CCENT focuses on: standard and extended access control lists. Even though the syntax differs quite a bit between the two, the basic configuration steps to apply them are the same: create the ACL and apply it to the relevant interfaces.

Standard Access Control Lists

From global configuration mode:

access-list  < deny | permit | remark > < any | $ip_address $wildcard | $host $ip_address >

$wildcard is simply the flipped netmask in binary. The concept is similar to what you would use in the OSPF network command: every time the router sees a 0, this tells it to actually check the value of that octet.

If you want to use a named access list instead:

ip access-list standard $acl_name

Named access lists also allow you to specify the sequence number of each ACL entry.

Now apply the access list to the correct interface from interface configuration mode:

ip access-group $acl_name_or_number < in | out >

To check if it has been correctly applied, run

show ip access-lists

Extended Access Control Lists

The high-level structure of an extended ACL looks like this: action protocol source destination. The source and destination parts follow the same syntax used in standard access lists.

From global configuration mode:

access-list  < deny | dynamic | permit | remark > $protocol < any | $ip_address $wildcard | $host $ip_address > < any | $ip_address $wildcard | $host $ip_address >

Applying the extended access lists to an interface uses the same ip access-group command used to apply standard access lists.

Also, should you want to create a named access list instead, use the same command used for standard access lists, but specifying extended instead:

ip access-list extended $acl_name

IOS for CCENT – Configuring Routing

If you use VLANs, then you need to configure an IP address for each of the router interfaces, so that clients in each subnet will be able to reach their own default gateways.

While you could do this using several physical interfaces, the recommended way consists in using one physical interface and multiple virtual subinterfaces.

Configure router subinterfaces

configure terminal
interface gigabitEthernet 0/0.10
encapsulation dot1q $vlan
ip address $ip $netmask

An alternative to this method consists in using a Layer 3 switch (which, thanks to ASIC, would be more performant than a router which does everything in software), but this is out of scope for the CCENT.

Configure static routing

ip route $destination_network $destination_netmask $next_hop_ip_address | $outgoing_interface

To configure a default route (which is going to be used anytime an incoming packet does not match any entry in the router’s routing table):

ip route $isp_router_ip_address

Configure floating static routes

Floating static routes are nothing more than static routes with a manually set administrative distance. As such, they are very useful as a backup, for example as a backup of the default route.

ip route 1-255

Configure OSPF

router ospf 1
network $interface $wildcard area $area

network identifies the interfaces OSPF is going to send hello messages on (effectively, the interfaces on which you will form neighbour relationships) and will advertise that network to other routers.

So for example:

network area 0

is going to send hello messages and advertise the every network starting with 10.10.10. Where the wildcard is 255, the value in that octet will be ignored.

To enable OSPF on every interface, the command would be

network area 0

The more specific you get, the better, so something like the following is better than any of the previous commands:

network area 0

To stop OSPF from sending hello messages on an interface but still make it advertise that network, set that interface to passive with the passive-interface $interface command. For security reasons, it is recommended to set all interfaces to passive by default, and only manually enable the ones you want to send hello messages from:

passive-interface default

in OSPF configuration mode, and to manually disable passive mode on the specific interfaces with the no passive-interface command.

To check if OSPF is working, run

show ip ospf neighbor
show ip protocols

Followed by a

show ip route

IOS for CCENT – Port Security and VLAN Configuration

This is the second entry in the series. After configuring the basic settings on a Cisco switch in the previous post, it is now time to configure VLANs. When it comes to configuring VLANs on a Cisco switch, you don’t technically need to enable port security, but this is a recommendes step nonetheless.


Disclaimer: this series is not meant to be a replacement for your own testing or for the recommended documentation and training material. It just aims at offering a quick reference for some of the most important tasks you might have to engage with when preparing for the exam. For a comprehensive list of commands and related explanations, please use the official Cisco documentation.


Enabling port security

Port security can only be enabled on access interfaces. It doesn’t make sense to enable port security on trunks because you don’t really want to limit the number of allowed MAC addresses on a trunk which, by definition, allows frames to travel through VLANs. In addition to this, trunks between switches are considered trusted connections.

By default, on Cisco switches all interfaces are set to dynamic desirable (which means that they can be either an access port or a trunk port, but they would prefer to be trunks), a mode that does not allow you to configure port security, therefore you must manually set the port as an access port before being able to configure port security on it.

configure terminal
interface fastEthernet 0/1
switchport mode access
switchport port-security

switchport port-security is the command that effectively enables port security, so it should be left for last and all the configuration commands should be run before it.

Possible options:

  • switchport port-security maximum $number: only a maximum of $number devices are allowed at the time, no specific devices, so you can switch devices and the switch will not block any of them
  • switchport port-security violation < protect | restrict | shutdown >
  • switchport port-security mac-address $mac_address [ sticky ]

If you combine the maximum option with the sticky option, the switch will automatically learn the first n devices that connect to the port.

Finally, if a port goes in err-disabled state because of a port security violation, the way to bring it back up consists in running a shutdown followed by a no shutdown in interface configuration mode. Shutting down a port clears the port security violation that occurred.

Configuring VLANs

To configure VLANs, you need to configure both access ports and trunking ports.

Configuring access ports

configure terminal
interface $interface
switchport mode access
switchport access vlan $vlan number

Configuring trunk ports

switchport trunk encapsulation dot1q
switchport mode trunk

The switchport trunk encapsulation dot1q might not even be accepted on some switches because the protocol defaults to 802.1Q already.

Configure the VLANs that are allowed over a trunk

switchport trunk allowed vlan $options

Deleting a VLAN

To delete a VLAN (in switch configuration mode): no vlan $vlan_number or no interface vlan $vlan_number.

© 2018 Daniel's TechBlog

Theme by Anders NorénUp ↑

%d bloggers like this: