Apr 21

Separate the configuration of the virtual terminal, or, reserve two virtual terminal access from external networks and three from the internal network.

line vty 0 1
line vty 2 4

Keep the outdoor can be accessed only via SSH, and telnet from the internal network or via SSH.

Not address the technical issues of the SSH protocol, the network is filled with good explanations. Just know that at the moment. SSH (Secure Shell) is a protocol that allows to establish an encrypted remote session (all data from the client until they reach the terminal is encrypted or not traveling light as telnet).

line vty 0 1
transport input ssh
line vty 2 4
transport input telnet ssh

Then set up access via SSH.

Meanwhile, make sure that the domain name and hostname are configured. Serves as the basis to generate a cryptographic key. If your router is not set a hostname or the hostname you default, you should change it. Read the rest of this entry »

Posted in Router | No Comments »
Apr 19

Router # configure terminal
Enter configuration commands, one per line. End with CNTL / Z.
Router (config) # no ip http server
Router (config) # enable VPDN
Router (config) # PPPoE VPDN-group
Router (config-VPDN) # request-dialin
Router (config-VPDN-req-in) # protocol pppoe
Router (config-VPDN-req-in) # exit
Router (config-VPDN) # exit
Router (config) # interface ethernet0
Router (config-if) # ip address 10.10.10.1 255.255.255.0
Router (config-if) # ip nat inside
Router (config-if) # no shutdown
Router (config-if) # exit
Router (config) # interface atm0
Router (config-IF) # pvc

Router (config-if) # no shutdown
Router (config-if-atm-vc) # pppoe-client-pool-number dial 1
Router (config-if-atm-vc) # exit
Router (config-if) # exit
Router (config) # int dialer 1 Read the rest of this entry »

Posted in Cisco | No Comments »
Apr 15

Suppose we have a network like this:

Interfaces on the routers:
LAN: FastEthernet0 / 0
WAN-VPN: Serial0 / 0

Based in: 10.1.1.0/24
See B: 10.1.2.0/24
PtP Link: xyzk/30

The two sites communicate via an IPsec VPN tunnels. We are not here to cover the configuration of a VPN with IPsec and ISAKMP, but what if you want to go out on a host of Internet-based via NAT? Cisco IOS process before the rules after those of NAT and VPN, L3 changing the source address of the package with ‘Inside Global Address (xyzk) thus causing the non-match ip source that activates the IPsec tunnel. Now we must configure IOS so that NAT is denied for traffic through the VPN link and instead allowed for the rest. Here the config: Read the rest of this entry »

Posted in Generic | No Comments »
Apr 9

In this article the details of frame format is described. First you need to consider that the frames are different, there are different versions depending on which transport protocols and speeds of Ethernet. Analyze the IEEE 802.3 Ethernet frame and the Ethernet II Frame. (Developed by DIX).

IEEE 802.3 Ethernet is thus formed:

Pre | SFD | Destination | Source | Length/Type | Data/Filling | FCS

Pre: The preamble is a binary pattern of alternating zero and one, was used for Ethernet implementations of synch <= 10 Mbps Ethernet In new versions the preamble is not necessary but is maintained for compatibility. It consists of 7 octect.

SFD: Start of Frame Delimiter is a one octet field (1 byte) which marks the end of the preamble and then the timing information. Its bit pattern is 10101011.

Destination: It can be a unicast, multicast or broadcast. Read the rest of this entry »

Posted in Generic | No Comments »
Apr 4

Target of this lab is:

  1. Having the network 172.16.10.0 and 172.16.65.0 reachable from NY link (preferred path)
  2. Having the 172.16.220.0 network reachable from the SF link (preferred path)
  3. Having AS3 not a transit network for AS1 and AS2
  4. Having AS3 from the SF link that allows only AS1 and AS1 directly attached AS’s routes (AS3 SF link Accepts only AS1 and AS7 routes)

Read the rest of this entry »

Posted in Lab | No Comments »
Apr 1

DHCP snooping is a security feature for filtering untrusted DHCP messages, and can protect clients on the network from peering up with an unauthorized DHCP server. When enabled, it builds a table of MAC address, IP address, lease time, binding type, and interface information .

There is also an important difference between trusted and untrusted interfaces when talking about DHCP snooping. . An untrusted interface is an interface that is configured to receive messages from outside the network or firewall. A trusted interface is an interface that is configured to receive only messages from within the network. Read the rest of this entry »

Posted in Security, Switching | No Comments »



Designed By :Xperwebbuilder.com  All Right Reserved