Friday, March 31, 2017

ACLs (interface access rules) on Cisco ASA



With Cisco ASA, because all traffic from a higher security level to the lower security level is allowed by default, ACL enables us to either allow traffic from the lower security level interfaces OR restrict traffic from the higher security level interface

Before configuring interface access control in your ASA you need to answer the following question :  which hosts are allowed to communicate with each other, using which specific applications through the ASA

Things to know:

  • if a packet arrives at an ASA's interface, it either must match expected definition from an existing session (existing session are kept in a state stable or session table) or will be compared against the inbound interface security policy applied to that interface. 

Tuesday, March 28, 2017

PAT (port address translation) on Cisco ASA - nat | global commands


For an ASA to perform translations, 4 pieces of information are required (if of the following 4 parameters are missing, the ASA will not perform address translation) :
  • original source IP address (and port) in the packet
  • interface where the original packet enters the ASA (ingress interface)
  • interface where the packet will exit the ASA (egress interface)
  • translated address (and, optionally, port) to insert into the packet

Friday, March 24, 2017

Cisco interface's statistics : explained


  • Overruns : number of times that the device was incapable of handing received data to a hardware buffer because the input rate exceeded the device capability to handle the data
  • underruns : number of times that the transmitter ran faster than the device could handle

Monday, March 20, 2017

How to configure SSH on Cisco IOS

1-configure a hostname
(config)#hostname Jrter1
2-configure a domain name
(config)#ip domain-name jni.local

Disable TELNET! Cisco finds 0-Day affecting over 300 Network Switch Models



How to BLOCK URL (HTTP and HTTPS) using Cisco

I have been asked days ago on how to block URL using Cisco specifically HTTPS traffic.
Here is what i have found : the Cisco ASA 5500 series Content security and Control Security Services Modules (CSC-SSM).


This Cisco ASA CSC-SSM provides :
  • antivirus
  • antispyware
  • file blocking
  • anti-spam
  • anti-phishing
  • URL blocking
  • URL filtering
  • content filtering

Friday, March 17, 2017

Setting up NIC teaming for Windows Server 2012*/2012 R2*/2016*

NIC TEAMING is a Windows feature that enables administrators to join multiple network adapters into a single entity for performance enhancement or fault tolerance purpose.

Hyper-v VMs can also take advantage of NIC TEAMING but they are limited to TEAMS of only 2 as oppposed to the host operating system which can have teams of up to 64 NICs

Wednesday, March 15, 2017

FREE tutorial to master subnetting !!!

Binary and hexadecimal numbers are a complete mystery for many of us. Often we don't find it really interesting because on the internet there are plenty of "subnet" or "binary" calculators where you can easily calculate from decimal to binary to hexadecimal or the other way around, without knowing how the exact calculations works.

This is no problem when you are not configuring or designing networks on a daily basis, but it will be a problem as soon as you take a networking exam, so it's best to know how to do these calculations off the top of your head.

Tuesday, March 14, 2017

Great links for those who want to practice before their exam ...

Hey, while i was browsing today, i saw the following interesting links for those who want to practice before their exam :

ICND1 V3.0
ICND2 V3.0
CCNP ROUTE V2.0 
CCNP SWITCH V2.0 
CCNP TSHOOT V2.0

"Practice Makes Perfect" .................................

How Does a host dynamically figure out its IPv6's INTERFACE-ID ?

An IPv6 has 128 bits : 8 groups of 16 bits and 4-digit Hexadecimal numbers.

Monday, March 13, 2017

Etherchannel between a Cisco switch and a SERVER

If you have ever been wondering how the server side of configuration looks like. I find this Cisco link very interesting

Why i love the "(config)#ip access-list" command rather than the "(config)#access-list" command

The (config)#ip access-list...... command uses sequence numbers. Each line in a LIST has a sequence number which can be used to squeeze additional lines in between other lines or easely remove lines in a LIST without deleting the whole ACL

How to configure a Cisco device to remotely access it ?

What i am about to list are the basic of what is needed to access a Cisco device remotely. A Cisco device has to have 3 of the following settings for it to be managed remotely :
  • an IP address
  • The privilege mode has to have a password
  • the vty port has to be configured