My Netwok Dictionary

Broadcast storms can easily disrupt entire networks. They spread a layer 2 broadcast domain on the inside out. This can flat networks the entire network to be in, or in modern networks, a VLAN. A broadcast storm can disturb Router (high CPU load) and thus lead beyond the boundaries of a VLAN to disturbances.

The typical pays for a broadcast tower is the little switch in the office or on the conference table. Is there a mistake loop (Loop patched), this switch to the traffic generator.

The red wire on the small 3Com switch creates a loop on the second Layer The switch floods by the central switches on the green cable with all the broadcasts, multicasts and unicasts an unknown recipient. Read the rest of this entry »

Let’s see the configuration of TFTP server, which can be useful to download an image on a device not directly accessible.

Router # conf t
Router (config) # tftp-server?
Flash: Allow URL file TFTP load requests
null: Allow URL file TFTP load requests
nvram: Allow URL file TFTP load requests
system: Allow URL file TFTP load requests
Router (config) # tftp-server flash:?
flash: c1700-Y7-mz.123-13.bin Read the rest of this entry »

For those who often work on remote Cisco device is very useful to have the opportunity to recover the previous configuration changes made (perhaps because it has lost connectivity …).

To do this it is possible to set an automatic reload, which will allow us to restart the router with its original configuration (startup-config) and recover the connection.

The command is as follows:

Router # reload in?
Delay before reload (mmm or hhh: mm)
Router # reload in 45
Router # reload in 45?
LINE Reason for reload

Router # reload in 45 For Test?
LINE
Router # reload in 45 For Test
System Configuration Has Been Modified. Save? [Yes / no]: n
Reload scheduled for 12:18:08 MET +1 Thu Aug 3 2006 (45 minutes) by foo on vty0 (10.55.198.121)
Reload reason: For Test
Proceed with reload? [Confirm] Read the rest of this entry »

This is the default BGP behavior. Just turn on BGP, configure it correctly and everything is OK. No really worries about this.
Same for this point, this is the default BGP behavior.
For the first part: This is the default BGP behavior. For the second part: we do not want to go to AS4 via AS2 AS1 AS3 and AS4 between the unless link is down. We can reach this target using local preference. But anyway also we want to use the community attribute to simplify the policy for adding new customers. So let’s do this conf RTC: Read the rest of this entry »

There are generally two types of networks

• Peer to peer networks (peer to peer /equals)
• Networks organized around servers (Client /Server)

These two types of networks have different capabilities. The type of network to install depends on the following criteria:

• Company Size
• Security level required
• Activity Type
• Level of administration available
• Volume of traffic on the network
• Needs of network users
• Budget allocated for the operation of the network (not just the purchase but also maintenance and maintenance)

In this lab two local networks, each separated and protected by a firewall will be put into communication through an IPSec VPN. Verify by a sniffer placed on intermediate links, the traffic between two LAN is encrypted and therefore incomprehensible to the direct opposite of what other hosts as PC3. The occasion is also good to check the interoperability of IPSec between devices of different brands.

IPSec is the standard de facto used for VPNs. Guarantees confidentiality (data is encrypted in a serious way) integrity (the data can not be changed during transport) and authentication (end points are authenticated). Uses an asymmetric key mechanism to negotiate a symmetric key with which the data is actually encrypted in transit. The asymmetric key gives the opportunity to create an encrypted connection on an insecure channel, and then allow the subsequent exchange of a symmetric key. The latter is most effective encryption continues, and the key is renegotiated every few seconds of operation (or tot data travels through the tunnel), thus avoiding the possibility that someone, analyzing traffic, try to calculate the key time. Read the rest of this entry »

Solution

• Uses hub-and-spoke design
• Supports redundancy
• Does not use crypto maps
• Multipoint GRE Tunnel interfaces
• Spokes connect to the hub and never vice versa
• Multiple or single topology
• Single topology: only one subnet on the hub side
• Multiple topologies: multiple subnets on the hub side

Components

• Multipoint GRE (mGRE) tunnel interface
• Next Hop Resolution Protocol (NHRP)
• 20 years old, originally designed for tunnels ATM/X.25
• Before sending a packet, the spokes does an NHRP query to the hub That acts as an NHRP server
• The server answers with the real IP address and advertise the destination network
• If the destination is not the hub router, the spoke sets up an IPSec tunnel directly to the remote spoke, if using mGRE, Bypassing the router
• Spoke-to Automatically-spoke tunnels are removed if idle for a Certain Time
• IPSec profiles
• Replace static crypto maps

Read the rest of this entry »

Adequate infrastructure

The first thing to do when setting up a wireless network is to position intelligent access points depending on the area that you want to cover. It is not uncommon for the actual coverage is much greater than desired, in which case it is possible to reduce the power of the base station to adjust its scope to cover the area.

Avoid Defaults

During the first installation of an access point, it is configured with default values, including respect the password of the administrator. Many budding directors consider that from the moment the system works it is unnecessary to change the configuration of the access point. However the default settings are such that security is minimal. It is therefore imperative to connect to the administration interface (usually via a web interface on a port -specific access terminal) in order to define a password administration. Read the rest of this entry »