Currently Browsing: Cisco

CCIE notes – Security part 2

Layer 3 Security

 

Recommendation
1. Enable secure Telnet access to a router and use SSH
2. Enable SNMP security, adding SNMPv3 support
3. Turn off unnecessary services on the router platform
4. Turn on logging to provide on audit trail
5. Enable protocol authentication
6. Enable CEF

 

General Layer3 Security Considerations

1. Smurf Attacks

– a large number of ICMP Echo Requires with same typical IP address in the packet
– the destination address is a subnet broadcast address, also known as a direct broadcast address

Solutions
(more…)

CCIE notes – Security part 1

Router & Switch Device Security

– to encrypt passwords with the following command #service password-encryption
– “#no service password-encryption” – does not automatically decrypt the password. It waits until a new password is added.
– #enable secret – encrypts the password as md5
– #enable password – type 7 password
#username password <pass> – encrypts the password as MD5

 

AAA – Authentication, Authorization and Accounting

Radius vs Tacacs

RADIUS TACACS
Scope of Encryption: Packet Payload or just Password  Password Only  Entire Payload
 Layer 4 Protocol  UDP  TCP
 Well Known ports  1812/1645  49/49
 Standard or Cisco Propriety  Standard  Cisco

(more…)

CCIE notes – MPLS

Below are some notes from my CCIE written. Hope you enjoy them

 

MPLS IP Forwarding: Data Plane

– MPLS routers inject (push) or remove (pop) or forwards packets based on labels
– MPLS relies on the CEF while expanding the logic and data structures as well

 

LSR (Label Switch Router)

– any router that has awareness of MPLS Labels
FIB – used for incoming unlabled packets
LFIB – used for incoming labeled packets

MPLS header and Label
– header of 4 bytes, located before the IP header

MPLS header

(more…)

CCIE Security v4 Blueprint is out

Well,

It seems that Cisco launched the CCIE Security new lab blueprint.

Links to both the new v4 blueprint and v4 hardware/software equipment list, as well as a more detailed checklist for studying:

CCIE Security v4 Blueprint

CCIE Security v4 Equipment List

CCIE Security v4 Checklist

Hope you guys are not far with your CCIE Security studies..i know i am not.

INE CCNA Voice – Free

Hi,

It seems that ine.com is offering the CCNA:Voice track videos free of charge!

Thas is great new for everybody, and i always wanted to take a look at their videos, as they are pretty good.

Here is the link to the free CCNA videos: link

 

Have fun!