The other day someone asked me to explain subnetting. It had been a while so I dusted off my CCNA books and attempted to answer his questions. So I thought this would be an ideal time to jot down some notes for future reference. This isnt a tutorial or guide but just some some notes … Read more
Below is a guide to the main areas and features that you should be aware of to ensure that your Cisco Catalyst switch is fully secured within your network. 1. PASSWORDS First of all passwords are configured. One password is used for the enable password and the other will later be assigned to the console … Read more
Reflective access-lists allows the router to pass “established” tcp traffic that has been previously allowed via another ACL. Due to routers to not having (by default) a state table, this ensures that you do not have to create additional access list entries to allow the return traffic of a permitted tcp session. (config)# ip access-list … Read more
In a worst case scenario someone could gain access to your router, clear the boot image and config. This would result in a lengthy down time and a lot stress. Cisco have tried to address this but the use of the following commands which prevents the clearing of your config and boot image (config) # … Read more
Below shows a number of commands that you can use for securing your Cisco router. Block Denied Logins – Useful for delaying denied logins when someone is trying to brute force your router. (config)# login block-for [seconds] attempts [attempts] within [seconds] Quiet Login – Allows you to still login once the router has blocked login … Read more
CLI Views allow your to to create sub administrator within your Cisco device. This can also be thought of as an extension to privilege levels, giving you further granularity over what your users are allowed to do. Creating views Below shows you the commands required to create a view mode. In all the examples we … Read more
TACACS+ (Terminal Access Controller Access-Control System Plus) is a Cisco proprietary protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ uses port tcp 49 and provides separate authentication, authorization and accounting services. Below shows you the general steps involved, First of all … Read more
SDM (Security Device Manager) allows you to configure and manage your router via the use of a GUI. Please find the steps below : Download the SDM-Vxx.zip file from Cisco’s website. Ensure that you have the sdmconfig*.cfg file within your routers flash for your version of router. You can confirm this by using the command … Read more
This was a question i raised a while ago but never ended up getting round to creating an article. So as we know the basics of traceroute is that it sends out a bunch of UDP packets each packet with a TTL 1 higher then the previous one. When the hop receives the packet and … Read more
A floating route uses a higher preference to ensure that it is used a primary route. In the event of the floating route being removed from the routing table (due to Dynamic Routing or an Interface going down) the other route takes preference and is used. set route [dst ip]/[mask] vrouter [vr name] preference [perf]
When troubleshooting ADSL issues there are 2 tests that you can do to help you troubleshoot your problem. They are : Quiet Line Test Unplug any extension phones, extension cables, answer machines or fax.. Plug a normal touch tone phone directly into the BT master socket. Dial 17070, press option 2 (quiet line test) You … Read more
Below shows you the steps on how to create a tunnel interface on a Cisco router with the inclusion of OSPF based commands so that Dynamic routing updates can be sent across the link to the remote peer. interface Tunnel0ip address [IP] [Mask]ip ospf network point-to-pointip ospf mtu-ignoretunnel source FastEthernet0/0tunnel destination [remote peer ip]
ADSL (Asymmetric Digital Subscriber Line) is a technology (method) for the transmission of data across a standard phone line. It does this by using frequencies that are not used by standard telephone calls. This is where the term “Broadband” comes from as a broad band of frequencies are used to transmit high speed data and … Read more
NAT-T (NAT Transversal) allows for IP-ESP packets to transverse devices which introduce NAT.The problem with IPSec is that it uses the IP-ESP protocol naively. The ESP protocol doesn’t have “port-numbers” like TCP and UDP so NAT does not know how to translate the traffic because NAT/PAT is based on port numbers. With NAT-T the ESP … Read more
In this article we will be covering SSH port forwarding also known as SSH tunneling. As previously discussed in our previous article Proxing Web Traffic across a SSH Tunnel using SSH Dynamic Port Forwarding, SSH port forwarding (or tunneling) re-routes TCP/IP connections through an established SSH connection. Being encapsulated within SSH provides security benefits along … Read more
SSH port forwarding (or tunneling) re-routes TCP/IP connections through an established SSH connection. Being encapsulated within SSH provides security benefits along with the ability to route traffic through firewalls using just port 22 (SSH). In this example we will proxy our web traffic via our remote server across an established SSH connection. This is achieved … Read more
URG This flag indicates that the packet contains urgent data that should be processed as soon as possible. This flag is used to provide two virtual channels within one TCP connection. The URG flag is also known as out-of-band. This is usefful for a sender to present data that can overtake any bytes queued … Read more
Instant Messaging is a Global Communications Medium for Business and Consumers. 85% of organizations report that they use IM for business usage and there are a reported 400 million global IM users.IM though does present a number of security issues. Unprotected IM is vulnerable to viruses and spam. In addition to this its ability to … Read more
SMTP is an Application layer protocol (RFC 821,1982). Being a completely ASCII text based communication protocol, any binary or not text based attachments must be encoded before it can be sent using SMTP. To allow users to send rich content is MIME (Multipurpose Internet Mail Extension) was introduced. MIME is an Internet standard that extends … Read more
GNS3 (Graphical Network Simulator) requires 4 installed dependencies for Fedora. Please note that this is based on GNS3 0.5. 1. Qt >= 4.3 2. Python >= 2.4 3. Sip >= 4.5 4. PyQt >= 4.1 To install all 4 in Fedora run the following command, sudo yum -y install python sip qt4 PyQt4
Issue When trying to add a device I get the error A hypervisor is already running on port 7200 Solution This is due to some Dynaip processes not finishing after the closure of the previous GNS3 session. Close the GNS3 GUI and run the command (via CLI) pkill -9 dyna
Issue When I start VPSC, in GNS3 I get the following, When I try and click test under Dynamips I get Failed to start dynamips When I try and drag a router over to the main screen I get Cant start Dynamips on port 7200 Resolution Copy the file cygwin1.dll from your VPCS folder into … Read more
Issue When I try and click test under Dynamips I get test failed to start dynamips When I try and drag a router over to the main screen I get Cant start Dynaips on port 7200 Resolution This is normally down to the paths in “Perferences > Dynamips” not being correct, check that both … Read more
Issue When I try to open a PIX or drag it over to the main window I get the error Cant`t start pemu on port 10525. Resolution Under the “Perferences > Pemu > Working Directory”, change the directory to C:\Documents and Settings\%username%\Local Settings\Temp
Who are Akamai ? Akamai Technologies was founded in 1998 to provide a distributed computing platform for global Internet content and application delivery. The word Akamai in Hawaiian means smart or intelligent. Akamai has developed a global array of interconnected servers that cache content supplied by its Internet customers. This way the content is physically … Read more
File Transfer Protocol (FTP) is a network protocol used to transfer data from one computer. In order to download and upload files to an FTP site, you need to connect using an FTP client/server. FTP runs exclusively over TCP and listens on port 21 (command port) by default. Data is transferred across a separate data … Read more
This is by no-means a full guide to MTU or PMTU but a small collection of notes. Protocol Overhead VLAN Tag (Dot1q) 4 Bytes MPLS 4 Bytes IP 20 Bytes TCP Header 20 Bytes UDP Header 8 Bytes ICMP Header 8 Bytes Example To send a ping with a full 1500 byte packet , you … Read more
DNS servers are based on a recursive look up as you can see below. Below you can see XP forwarding the request to its DNS server. The DNS Server then recursively resolves the DNS request. Once it has the answer to the Clients request, it forwards the answer back to the client. A great tool … Read more
Below shows you how to enable SSH on your router using a username of “mr” and a password of “bean”, allowing access from the fa0/0 interface. Router(config)#ip ssh source-interface fastEthernet 0/0Router(config)#ip ssh authentication-retries 3Router(config)#ip ssh version 2 Router(config)#ip domain-name local.netRouter(config)#crypto key generate rsa modulus 768Router(config)#username mr password 7 bean Router(config)#line vty 0 15Router(config-line)# transport input … Read more
Below gives you an example of how to create a named Access-List, router(config)#ip access-list extended OUTSIDE_INrouter(config-ext-nacl)#permit ip any any
You will need to have already set your interfaces to inside and outside using the commands, ip nat ouside ip nat inside Once done you can add the command below. This would allow the IP 10.8.8.8 to be accessed on port 23 via the IP address of the interface fa 0/0 using port 2333. ip … Read more
To setup logging on your Cisco switch is pretty straight forward, you enable logging, you tell it what to log and then were to send it. Below is an example, Switch1#config t Enter configuration commands, one per line. End with CNTL/Z. Switch1(config)#logging ? Hostname or A.B.C.D IP address of the logging host buffered Set buffered … Read more
Below are a few steps to set up basic security on a router, Banner Set Banner. (config)#banner motd Passwords Set Secret enable password. (config)#enable secret <password> Set Line terminal passwords. (config)#line <terminal> <number>(config-line)#password <password>(config-line)#login Line Timeout On VTY set timout out (config-line)#exec-timeout <min> Copy the Config changes #(config) Copy running-config startup-config
In application software v6.0 and later, the Rapid Spanning Tree Protocol (RSTP) replaces the 802.1D Spanning Tree Protocol (STP). STP is pretty slow at recovering from a failure in the network. RSTP was created to decrease this recovery time. When a switch is running RSTP, a port can change from blocking to forwarding more quickly … Read more
Below shows the basic minimal configuration for create a Trunk Port. This will allow all VLANs to be sent (still VLAN tagged) out of fast ethernet 0/11. (config)#Int fast0/11(config-if)#switchport mode trunk(config-if)#switchport trunk encapsulation dot1q
A DTE (Date Terminating Equipment) cable is the normal cable you should use. Being DTE you should expect the other end to provide clocking.A DCE (Data Communication Equipment) means that this device must provide the clocking on the wire. If your device is the DCE, you must provide clocking using the clock rate command.
The Cisco Discovery Protocol (CDP) is a proprietary layer 2 network protocol developed by Cisco Systems that runs on most Cisco equipment and is used to share information about other directly connected Cisco equipment such as the operating system version and IP address. Globally (config)# cdp run(config)# no cdp run Interface To disable, (config-if)# no … Read more
Use the following commands to dictate which interface should be defined as the inside and outside. (config)access-list 1 permit 10.10.0.0 0.0.0.255 (config)#ip nat inside source list 1 interface FastEthernet0/0 overload Show/Debug Commands show ip nat translations debug ip nat no debug all
You will need to first install the flash module into the device. Then run the following commands via the console port (rommon), to check your systems resources for the install. rommon 1 > devrommon 2 > meminfo Then to copy it from your tftp server… rommon 3 > IP_ADDRESS=192.168.4.1 rommon 4 > IP_SUBNET_MASK=255.255.255.0 rommon 5 … Read more