My Netwok Dictionary

The configuration and management of a Cisco PIX have logic similar to that of the IOS on the router and the same commands tend, with new releases to look alike.

Especially with the release 6.x, were introduced to the IOS commands common but has been maintained compatibility with older equivalent.

As in any multiuser OS, there are regular and privileged users (enabled). It becomes the root of a Pix with:
Pix> enable
Pix# The prompt changes from> to #
From here you enter configuration mode:
configure terminal
You save the configuration in memory resident (NVRAM, FLASH…) with:
write memory
It displays the current configuration:
write terminal or show running-config
You can view the log messages (to be activated configuration may remain in a local buffer (occupying memory), or logged on syslog remote server) with:
show logging Read the rest of this entry »

The Cisco Discovery Protocol (CDP) is used to obtain information from routers and switches that are connected locally. The CDP is a Cisco proprietary protocol, for neighbor discovery and is independent of the media and the routing protocol. Although the CDP will only display information about directly connected neighbors, this is a very useful tool.

The CDP Protocol is a Layer 2 protocol that connects lower physical media with the network protocols of the upper layers. Read the rest of this entry »

Static configuration:

It was performed manually by an administrator assigned to the respective ports VLANs. By default all ports belong to VLAN1 until the administrator change these settings.

Dynamic configuration:

The IOS Catalyst switches support dynamic configuration through a server belonging to VLAN (VMPS). The VMPS server can be a high end switch that is running an operating system based on set (CatOS). Read the rest of this entry »

Let’s see how to protect our home LAN by configuring a Cisco firewall, or PIX 501 (see image below).

First we set the name and the security level associated to the external and the internal interface we are using (after entering the configuration mode by typing commands and then ena conf t):

pixfirewall (config) # nameif ethernet0 outside security0
pixfirewall (config) # nameif inside Ethernet1 security100

As you can see, we call interface ethernet0 “outside” and to it we associate the level of security “security0. A similar concerns interface Ethernet1. Read the rest of this entry »

The materials used in this lab:-

• 2 Cisco Routers with serial interface
• 2 Cables V35-DTE
• Teleco DCE Modem 2 TD-3 604T
• 2 Cables V35-DTE
• 1 Cable RJ11 (modified for the connection of two modems DCE-3)

Read the rest of this entry »

PIX Security Appliance RSSI. Cisco PIX security applications can enforce policies on users and applications. Cisco PIX can protect against many different networks and Internet-based attacks. Cisco PIX provides secure connectivity, using methods such as SSHv2 Secure Shell and two virtual private networks VPNs.

It’s pretty easy to install.

Cisco PIX can provide VoIP Voice over Internet protocol secure.
Internet Protocol Security IPSec can be installed for VPN. Read the rest of this entry »

In this lab Modular QoS CLI is used to ensure minimum bandwidth to the PC according to the criterion IP lowest bigger bandwidth.

Note using the default CBWFQ the sum of bandwidth allocated must not exceed 75% of the total bandwidth of the interface. To change this value using max-reserved-bandwidth [1-100]

access-list 101 permit udp host 192.168.0.101 Any access-list 102 permit udp host 192.168.0.102 Any access-list 103 permit udp host 192.168.0.103 Any class-map match-all pc101 match access-group 101 class-map match- pc_103 to match access-group 103 Class-map match-all pc_102 match access-group 102 policy-map class rules pc101 bandwidth percent 30 percent 20 class class pc_102 bandwidth pc_103 bandwidth percent 10 interface Serial0 ip address 10.0.0.2 255.0.0.0 max- reserved-bandwidth 100 service-policy output rules. Read the rest of this entry »

The ethernet interface of the router is on the same network as the TFTP server and the procedure is performed via the console and not via telnet, as the routing functions are disabled during the process. Having said that we can proceed to configure the ethernet interface of the router with an IP address:

Router # configure terminal
Router (config) # interface ethernet0
Router (config-if) # ip address 192.168.0.2 255.255.255.0
Router (config-if) # no shutdown
Router (config-if) # exit
Router (config) # exit
Router # Read the rest of this entry »

RAM / DRAM
The RAM is the current configuration and also reserves the ARP cache, fast-switching cache, the buffer occupied by the packets and the routing tables. RAM contents are lost at shutdown or reboot the router.

NVRAM
Not Volatile Ram. There is the startup configuration / backups, which contrary to what happens in RAM, this is not lost when shutdown or reboot the router. Read the rest of this entry »

To increase the security level of our router is of course possible to use passwords but also the so-called Privileged Levels.

Passwords
Regarding the password there are two types: Line Enable Password and Password. The Enable password is the password needed to switch state of Privileged Mode while the Line Password protect against unauthorized access as the console port, auxiliary port and telnet.

The Enable Password

We can set the Enable password in two ways: a safe and a no. But should address both:

Router # conf t
Enter configuration commands, one per line. End with CNTL / Z.
Router (config) # enable password test
Router (config) # Read the rest of this entry »