Posts in 2013
-
AAA Authentication
Thursday, September 05, 2013 in Cisco Networking
Cisco Docs: Securing User Services Configuration>Authentication Authorization and Accounting http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/12-4t/sec-cfg-authentifcn.html This is pretty straight forward, because on CCIE …
-
Multiple Spanning Tree Protocol (MST)
Friday, August 16, 2013 in Cisco Networking
Supports up to 4096 instances of Spanning Tree (config)#spanning-tree mode mst (config)#spanning-tree mst configuration (config-mst)#revision 1 (config-mst)#instance 1 vlan 12, 34 (config-mst)#instance 2 vlan 56, 90 (config-mst)#name CCIE <— …
-
Advanced Spanning Tree
Friday, August 16, 2013 in Cisco Networking
root primary - sets the priority to: if ROOT > 24576 - sets to 24576 (priority 24576 sys-id-ext 12) if ROOT =< 24576 - sets to 4096 root secondary - sets the priority to 28762 GREAT COMMAND: #show spanning-tree bridge <- See the MAC address …
-
Private VLANs
Friday, August 16, 2013 in Cisco Networking
*REQUIRES VTP MODE to be set to TRANSPARENT!!! This belongs to L2 SECURITY rather then L2 SWITCHING 1. Promiscuous - belongs to PRIMARY VLAN, can communicate with EVERYONE (config)#vlan 10 (config-vlan)#private-vlan primary (config-vlan)#private-vlan …
-
VMPS: VLAN Membership Policy Server
Friday, August 16, 2013 in Cisco Networking
VLAN Membership Policy Server - provides a centralized server for selecting the VLAN for a port dynamically based on the MAC address of the device connected to the port. VMPS uses a UDP port to listen to VQP (VLAN Query Protocol) requests from …
-
uRPF - Unicast Reverse Path Forwarding
Friday, July 26, 2013 in Cisco Networking
Cisco Docs: Cisco Docs: Secure DATA PLANE>Security Configuration Guide: Unicast Reverse Path Forwarding http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_urpf/configuration/12-4t/sec-data-urpf-12-4t-book.html The Unicast RPF feature helps to …
-
Zone Based Firewall
Wednesday, July 17, 2013 in Cisco Networking
Cisco Docs: Secure DATA PLANE>Security Configuration Guide:Zone-Based Policy Firewall http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/12-4t/sec-data-zbf-12-4t-book.html To configure the Zone Based FW, the approach is …
-
BGP Regular Expressions - explained with the examples
Sunday, May 19, 2013 in Cisco Networking
REMINDER of the META Characters ^ - START of Line $ - END of Line | - Logical OR _ - ANY DELIMETER ? - ZERO instances of the PRECEDING character * - ZERO OR MODE instances of the PRECEDING character - ONE OR MORE instances of the PRECEDING character …
-
BGP Filters: Distribution and Prefix lists
Sunday, May 19, 2013 in Cisco Networking
The main difference between applying the DISTRIBUTE list and the PREFIX list to the BGP neighbor is: - DISTRIBUTE LIST: You need to define the ACL, and apply it in the form of a Distribution List: (config)#access-list 1 deny 172.12.25.0 0.0.0.255 …
-
BGP: Advanced Tuning using the known Attributes
Sunday, May 19, 2013 in Cisco Networking
BGP is all about tuning. The non-tuned BGP is basically a RIP, but once you adjust it to your needs - no other routing protocol can come even close. The basic and well-known BGP Tuning Attributes are: 1. AS-Path (The less ASs in the path - the …