Cisco IOS – How to Configure OSPF

Introduction With this article, we will look at the basic commands used within Cisco IOS to configure OSPF. Basic Configuration To initially configure OSPF, at a minimum, you must configure three things – process ID, router ID, and the network. Process ID – Defines the OSPF process ID that OSPF will run under. This is … Read more

Route Leaking within an MPLS Network

Introduction First of all, what is a route leak? A route leak is the propagation of routing announcement(s) beyond their intended scope – RFC7908 Within this article we will look at 2 methods of route leaking within an MPLS environment – static routes and route maps. To demonstrate both methods we will look at 2 … Read more

How to Configure an L3 MPLS VPN on Cisco IOS

Introduction Within this article we will walk through the various steps required in configuring MPLS. NOTE This article does not look to explain the various terms and concepts of MPLS, for details around these please see Getting to Know MPLS. Overview Within our example we will have 2 customers COSTA and STARBUCKS. Each customer consisting … Read more

What is CEF (Cisco Express Forwarding)?

cisco_cef

Introduction Cisco Express Forwarding (CEF) is a packet-switching technique used within Cisco routers. The main purpose of CEF is to optimize the forwarding of packets and increase the packet switching speed. History Prior to CEF there were 2 methods for packet-switching – Process- Switching and Fast-Switching. Process-Switching The first method, process-switching is the oldest and … Read more

How To Adjust the MSS on a Vyatta vRouter

In order to adjust the MSS of your traffic on a vRouter, also known as MSS clamping, a policy route is defined. Once the policy route is created it is then assigned to the outside interface. MSS Clamping is typically used for IPSEC based traffic to ensure that traffic does not exceed the MTU of … Read more

Create Site to Site VPN Between AWS & Vyatta vRouter

Within this article we will show you how to create an IPSEC site to site VPN from a Vyatta vRouter into the AWS cloud. Due to the nature of AWS VPNs, explained further on a tunnel based VPN will be created. The main difference with a route based VPN is that a tunnel interface (VTI) … Read more

Vyatta – How to create a Firewall Policy

Within this article we will show you how to create a firewall policy for a Brocade Vyatta router. Firewalls policies are created much like any other device, using a combination such  source IP , destination IP etc etc. Once created it is then applied to an interface. Group Types There are 3 types of groups they are … Read more

Vyatta – WebUI Randomly Disconnects

Issue When using the WebUI you may experience random disconnects.. Solution This is due to a bug VSE-7850. This is fixed within 6.6R4. The other work around is to disable the WebUI and make all configuration changes via the CLI.

Vyatta – How to Configure a Remote Access VPN

Purpose The purpose of this document is to explain the various steps required in configuring a remote access VPN on a Vyatta appliance. Vyatta Configuration The Vyatta configuration steps are pretty straight forward. You enable the outside interface with IPSEC, the IP pool, along with the secret passphrase and usernames and passwords, then your good … Read more

Vyatta – How do I configure NAT ?

Introduction Within this article we will look at the various way to configure NAT on a Vyatta appliance. To configure NAT source and destination rules are defined using the ‘set nat source’ and ‘set nat destination’ commands. The source rules relate to the translation of the source address, and the destination rules relate to the … Read more

Vyatta Unable to log into GUI: “Username or password is incorrect”

Issue When trying to access the GUI you may observe the following error, Username or password is incorrect.Failed to parse server data. Solution This is due to a bug with VSE 6.5 R2. Which is caused by the Vyatta Appliance not having an interface named ‘eth0’ present. To resolve this, Edit the file ’/config/config.boot’ via … Read more

Vyatta – How do I secure management access ?

In order to secure management access you will need to A) enable the firewall and B) create a firewall policy and assign this to your management interface. Enable Firewall First of all enable the firewall. set firewall                                         set firewall state-policy related action accept      set firewall state-policy established action accept   set firewall state-policy invalid action drop … Read more

Vyatta – How to configure an IPSEC site to site VPN

Within this article we will show the necessary steps required to build a site to site IPSEC VPN. The following example consists of the following encryption domain:  Local  Remote Peer  2.2.2.2  1.1.1.1 Endpoint  192.168.3.0/24  172.16.0.0/16 NAT First of all 2 NAT rules are configured to ensure the traffic is not NAT`d. set nat source rule … Read more

Vyatta – How to enable flow accounting

Flow accounting provides the ability to display statistics on your network traffic. And is defined on a per interface basis. Below shows you a quick summary on how to enable flow accounting and also how to view the statistics. Enable First of all flow accounting is enabled on each of the interfaces. vyatta@vyatta# set system … Read more

DMVPN Tutorial

Introduction DMVPN (Dynamic Multipoint Virtual Private Network) is a feature within the Cisco IOS based router family which provides the ability to dynamically build IPSEC tunneling between peers based on an evolved iteration of hub and spoke tunneling. DMVPN uses a combination of the following technologies : Multipoint GRE (mGRE) Next-Hop Resolution Protocol (NHRP) Dynamic … Read more

Configure Pre-Shared Site to Site VPN between Cisco Routers

Below shows the configuration for one side of a Site to Site VPN between 2 Cisco routers using pre-shared keys. router(config)# crypto isakmp enable Phase 1 router(config)# crypto isakmp policy 10 router(config-isakmp)# authenticaton pre-share router(config-isakmp)# encryption [?] router(config-isakmp)# group [?] router(config-isakmp)# hash [?] router(config-isakmp)# lifetime 86400 router(config)# crypto isakmp identity address router(config)# cryption isakmp [key] … Read more

What are reflective access-lists ?

Reflective access-lists allows the router to pass “established” tcp traffic that has been previously allowed via another ACL. Due to routers to not having (by default) a state table, this ensures that you do not have to create additional access list entries to allow the return traffic of a permitted tcp session. (config)# ip access-list … Read more

Securing your IOS configuration and files

In a worst case scenario someone could gain access to your router, clear the boot image and config. This would result in a lengthy down time and a lot stress. Cisco have tried to address this but the use of the following commands which prevents the clearing of your config and boot image (config) # … Read more

How to Secure your Cisco Router

Below shows a number of commands that you can use for securing your Cisco router. Block Denied Logins – Useful for delaying denied logins when someone is trying to brute force your router. (config)# login block-for [seconds] attempts [attempts] within [seconds] Quiet Login – Allows you to still login once the router has blocked login … Read more

Creating CLI Views on a Cisco Router

CLI Views allow your to to create sub administrator within your Cisco device. This can also be thought of as an extension to privilege levels, giving you further granularity over what your users are allowed to do. Creating views Below shows you the commands required to create a view mode. In all the examples we … Read more

Configuring TACACS+ on a Cisco Router

TACACS+ (Terminal Access Controller Access-Control System Plus) is a Cisco proprietary protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ uses port tcp 49 and provides separate authentication, authorization and accounting services. Below shows you the general steps involved, First of all … Read more

How to enable SDM on your router

SDM (Security Device Manager) allows you to configure and manage your router via the use of a GUI. Please find the steps below : Download the SDM-Vxx.zip file from Cisco’s website. Ensure that you have the sdmconfig*.cfg file within your routers flash for your version of router. You can confirm this by using the command … Read more

How do I create a tunnel interface on a Cisco Router ?

Below shows you the steps on how to create a tunnel interface on a Cisco router with the inclusion of OSPF based commands so that Dynamic routing updates can be sent across the link to the remote peer. interface Tunnel0ip address [IP] [Mask]ip ospf network point-to-pointip ospf mtu-ignoretunnel source FastEthernet0/0tunnel destination [remote peer ip]

Cisco Router – How to configure SSH

Below shows you how to enable SSH on your router using a username of “mr” and a password of “bean”, allowing access from the fa0/0 interface. Router(config)#ip ssh source-interface fastEthernet 0/0Router(config)#ip ssh authentication-retries 3Router(config)#ip ssh version 2 Router(config)#ip domain-name local.netRouter(config)#crypto key generate rsa modulus 768Router(config)#username mr password 7 bean Router(config)#line vty 0 15Router(config-line)# transport input … Read more

Router – Named Access-Lists

Below gives you an example of how to create a named Access-List, router(config)#ip access-list extended OUTSIDE_INrouter(config-ext-nacl)#permit ip any any 

Router – Port Forwarding

You will need to have already set your interfaces to inside and outside using the commands, ip nat ouside ip nat inside Once done you can add the command below. This would allow the IP 10.8.8.8 to be accessed on port 23 via the IP address of the interface fa 0/0 using port 2333. ip … Read more

Router – Secure a Router – Basic

Below are a few steps to set up basic security on a router, Banner Set Banner. (config)#banner motd Passwords Set Secret enable password. (config)#enable secret <password> Set Line terminal passwords. (config)#line <terminal> <number>(config-line)#password <password>(config-line)#login Line Timeout On VTY set timout out (config-line)#exec-timeout <min> Copy the Config changes #(config) Copy running-config startup-config

Router – DTE / DCE

A DTE (Date Terminating Equipment) cable is the normal cable you should use. Being DTE you should expect the other end to provide clocking.A DCE (Data Communication Equipment) means that this device must provide the clocking on the wire. If your device is the DCE, you must provide clocking using the clock rate command.

Router – NAT

Use the following commands to dictate which interface should be defined as the inside and outside. (config)access-list 1 permit 10.10.0.0 0.0.0.255 (config)#ip nat inside source list 1 interface FastEthernet0/0 overload  Show/Debug Commands show ip nat translations debug ip nat no debug all

Router – Access-lists

Below shows you a basic access-list configuration. R3>enableR3#configure terminalR3(config)#access-list 56 permit 192.12.10.3R3(config)#access-list 56 deny 192.12.10.0 0.0.0.255R3(config)#access-list 56 permit anyR3(config)#interface serial 0R3(config-if)#ip access-group 56 inR3(config-if)#exitR3(config)#exit

Router – Installing IOS onto new FLASH

You will need to first install the flash module into the device. Then run the following commands via the console port (rommon), to check your systems resources for the install. rommon 1 > devrommon 2 > meminfo    Then to copy it from your tftp server… rommon 3 > IP_ADDRESS=192.168.4.1     rommon 4 > IP_SUBNET_MASK=255.255.255.0   rommon 5 … Read more

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial