Practical documentation and technical guides on network security, firewalls, Linux systems, monitoring, and automation.
We feature technical articles across the entire IT spectrum - Built from real-world experience and continuously updated.
In application software v6.0 and later, the Rapid Spanning Tree Protocol (RSTP) replaces the 802.1D Spanning Tree Protocol (STP). STP is pretty slow at recovering from a failure in the network. RSTP was created to decrease this recovery time. When a switch is running RSTP, a port can change from blocking to forwarding more quickly … Read more
To select a range of ports, (config)#interface range fast0/1 – 10 (config-if-range)# [any command required]
Below shows the basic minimal configuration for create a Trunk Port. This will allow all VLANs to be sent (still VLAN tagged) out of fast ethernet 0/11. (config)#Int fast0/11(config-if)#switchport mode trunk(config-if)#switchport trunk encapsulation dot1q
A DTE (Date Terminating Equipment) cable is the normal cable you should use. Being DTE you should expect the other end to provide clocking.A DCE (Data Communication Equipment) means that this device must provide the clocking on the wire. If your device is the DCE, you must provide clocking using the clock rate command.
The Cisco Discovery Protocol (CDP) is a proprietary layer 2 network protocol developed by Cisco Systems that runs on most Cisco equipment and is used to share information about other directly connected Cisco equipment such as the operating system version and IP address. Globally (config)# cdp run(config)# no cdp run Interface To disable, (config-if)# no … Read more
Use the following commands to dictate which interface should be defined as the inside and outside. (config)access-list 1 permit 10.10.0.0 0.0.0.255 (config)#ip nat inside source list 1 interface FastEthernet0/0 overload Show/Debug Commands show ip nat translations debug ip nat no debug all
When using a “inspect policy map” you need to add it to a “standard policy-map” to allow you to add it to the service policy.For each policy map there would be a class map, the inspect would match the FTP command, and then use the classmap “inspection-default” in the standard policy map. Running Config policy-map … Read more
Below shows the configuration syntax for configuring a Site to Site VPN on a Cisco PIX firewall. Configuration (config)#isakmp enable outside(config)#isakmp policy 10(config-isakmp-policy)# encryption aes-256(config-isakmp-policy)# hash sha(config-isakmp-policy)# authentication pre-share(config-isakmp-policy)# group 1(config-isakmp-policy)# lifetime 86400(config)#isakmp key shabba address 1.1.1.1 netmask 255.255.255.255 no-xauth(config)#access-list ED permit ip 172.16.1.0 255.255.255.0 172.16.5.0 255.255.255.0(config)#access-list nonat permit ip 172.16.1.0 255.255.255.0 172.16.5.0 255.255.255.0(config)#nat (inside) … Read more
Below shows 2 examples of a Remote Access configuration on version 6.x and 7.x of the Cisco PIX firewall. 6.x (config)#username 123 password 123(config)#isakmp enable outside(config)#ip local pool VPNIP 10.0.10.10-10.0.10.20 mask 255.255.255.0(config)#isakmp policy 1 authentication pre-share(config)#isakmp policy 1 encryption 3des(config)#isakmp policy 1 hash sha(config)#isakmp policy 1 group 2(config)#isakmp policy 1 lifetime 43200 (config)# crypto ipsec … Read more