The definitive guide to PacketCable network design, provisioning, configuration, management, and security
# Comprehensive guide for the latest information on emerging Cable IP standards
# Includes extensive coverage of VoIP protocols in PacketCable networks
# Learn from case studies, sample network designs, and sample configurations using real-life examples
PacketCable networks use Internet protocol (IP) technology to enable a wide range of multimedia services, such as IP telephony, multimedia conferencing, interactive gaming, and general multimedia applications. Such business and residential services delivered over a cable infrastructure is a natural extension of a cable network and is a key component of the cable industry's business growth strategy. The cable industry need for knowledgeable engineering professionals is expected to increase dramatically. PacketCable Implementation will supply IP networking information to those versed in cable video networks and help those deploying cable IP networks understand the ramifications of deploying PacketCable service on the cable network. Real-world case studies, tips, sample configurations, and sample network designs are included in this book. Tables and charts in every chapter will serve as quick and easy references to key points and each chapter will close with a summary section and chapter review questions, which will assess the readers understanding of the subject matter.
* Discover the PacketCable "big picture," including key application opportunities
* Learn about the latest generation of PacketCable standards and specifications, including PacketCable 2.0 and DOCSIS 3.0
* Understand the functional components of a PacketCable network and how they fit together
* Walk step-by-step through provisioning, including protocols, flows, and MTA configuration
* Gain an in-depth understanding of call signaling: message formats, Network-based Call Signaling (NCS), PSTN interconnects, Call Management Server Signaling (CMSS), and more
* Implement efficient, high-performance media streaming
* Deploy, analyze, manage, and troubleshoot a state-of-the-art QoS framework
* Manage crucial network considerations, including lawful intercept
DOWNLOAD
Sunday, December 28, 2008
TestInside V3.50
Cisco Certified Network Associate
Exam Number/Code: 640-802
Exam Name: Cisco Certified Network Associate
Questions and Answers: 183 Q&As
Price: $100.00
Update Time: 2008-9-22
TestInside 640-802 Exam Features
Quality and Value for the 640-802 Exam
TestInside Practice Exams for Cisco 640-802 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.
100% Guarantee to Pass Your 640-802 Exam
If you prepare for the exam using our TestInside testing engine, we guarantee your success in the first attempt. If you do not pass the 640-802 exam (Cisco Certified Network Associate) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.
DOWNLOAD:
http://kewlshare.com/dl/7edb36d396d9/T.I_CCNA_640-802_v3.50.rar.html
TestKing V23
Exam Name: Cisco Certified Network Associate
Questions and Answers:767
Guarantee your 640-802 success with our 640-802 Exam Resources. Our exams are developed by experiences IT Professionals working in today's prospering companies and date centers. All our practice exams including 640-802 exam guarantee you the exam success you need.
640-802 can be a challenging exam, measuring your 640-802 Exam skills, and compliments the other exams in this certification.
DOWNLOAD:
http://kewlshare.com/dl/0d6a443d258d/T.K_CCNA_640-802_V23.rar.html
Labels: CCENT, CCIE, CCNA, CISCO, Cisco configure, Cisco IOS, Cisco Network, Cisco Press, Cisco Router, Cisco Switches, CWNA, Ebooks
SemSim: Cisco CCNA Exam Router Simulator
SemSim is internationally acclaimed Cisco CCNA exam router simulation software that helps aspiring candidates prepare for the Cisco Certified Network Associate certification exam. Not only does it provide an understanding of networking concepts – through router simulation based virtual labs and practice tests, but also recreates an environment for real-life network configuration practice. It opens new vistas in personal flexibility and time management. SemSim provides you with a classroom quality-learning environment at an affordable price. Start a successful career as a Cisco certified network professional with SemSim now ! We even offer an online free CCNA Study center to provide some helpful articles on basic exam information.
Save Time, Save Money, Prepare Better
- with SemSim Router Simulator, your choice to make for success in the exam
Save Time
SemSim offers you valuable time savings in your preparation for Cisco certification exam, without compromising on the quality of preparation. With Sem-Sim you will get the following time management advantages:
* Do your practicals at your convenience.
* Practice as often as you want.
* No need to enroll at a training lab and wait your turn.
* Save time on the certification exam:
* Simulation questions typically consume the most time on the exam. However with SemSim simulator, exhaustive practice with mock exam simulation questions will ensure that you save time on the exam. This will provide you with better time management to ensure that you have sufficient time to answer the multiple choice/theory questions.
Save Time
SemSim offers you valuable time savings in your preparation for Cisco certification exam, without compromising on the quality of preparation. With Sem-Sim you will get the following time management advantages:
Do your practicals at your convenience.
Practice as often as you want.
No need to enroll at a training lab and wait your turn.
Save time on the certification exam:
Simulation questions typically consume the most time on the exam. However with SemSim simulator, exhaustive practice with mock exam simulation questions will ensure that you save time on the exam. This will provide you with better time management to ensure that you have sufficient time to answer the multiple choice/theory questions.
Labels: CCNA, CISCO, Cisco Network, Ebooks
Cisco Network Magic Pro 5.0.8282 FuLL - TESTED + PATCH
0 comments Posted by Fraternity.5!7 at 1:45 AMToday Cisco has introduced a suite of network management software named Network Magic 5.0 . This tool will improve various network tasks like- connecting and sharing computers(content & printer), control computers on network while accessing Internet, connection repairing features, manage performance problem to provide optimize performance and many more. This tool run in the background and indicate/alert each time when new device connect to your network.
The Network Magic 5.0 suit provide the various functionality and provide capability to
* Connect and share content or a printer across a network
* Manage, monitor and control how computers on the network access the Internet
* Diagnose and repair connection and performance problems
* Optimize performance and reliability
* Track network history and usage through reporting capabilities
* Manage active connections and get status updates Control user
* Access and help secure the network from intruders
Features:
* Connect your devices together in minutes.
* Share Internet connections, printers and files.
* Protect your network with enhanced WPA security capabilities and
status alerts.
* Repair your network and Internet connections to stay online and
productive.
* Control access to the Internet and track online activity with remote
desktop screenshots.
* And much more!
http://rapidshare.com/files/167126691/Cisco_Network_Magic_Pro_5.0.8282_-_uygarozdemir.rar
Labels: CCNA, CISCO, Cisco Core, Cisco Network, Cisco Switches, CWNA, Ebooks
Wednesday, December 24, 2008
CCVP TUC Quick Reference Sheet - Official Cisco Quick Reference
0 comments Posted by Fraternity.5!7 at 11:40 PM
As a final preparation tool providing a review of TUC exam topics, the CCVP TUC Quick Reference Sheets complement official Cisco curriculum, other books, or other exam preparatory material.
This digital Short Cut provides you with detailed, graphical-based information, highlighting the key topics on the latest TUC exam in a quick-review format. These fact-filled Quick Reference Sheets allow certification candidates to get all-important information at a glance, helping you focus your study on areas of weakness and enhance memory retention of important concepts.
The CCVP certification recognizes a candidate’s ability to create an IP telephony solution that is transparent, scalable, and manageable. Earning a CCVP certification validates a robust set of skills in implementing, operating, configuring, and troubleshooting a converged IP network. The certification content focuses on Cisco Systems Unified CallManager, quality of service (QoS), gateways, gatekeepers, IP phones, voice applications, and utilities on Cisco routers and Cisco Catalyst switches.
DOWNLOAD
Labels: CISCO, Cisco Core, Cisco Network, Cisco Press, Cisco Router, Cisco Switches, Ebooks
Cisco's Cisco Lifecycle Services Express (650-393) - Actual test dump
0 comments Posted by Fraternity.5!7 at 11:39 PMPreparing for 650-393 certifications using 650-393 study guides and 650-393 certification products has never been easier. 650-393 certifications study aides and resources are top of the line products copied by 650-393 braindump sites, but mastered by none.
alone can provide your 650-393 training for your 650-393 certifications. 650-393 training for the 650-393 certifications is complete and guaranteed to be 650-393 braindump free.
Which 650-393 exam is next on your list of the 650-393 exams? will provide you with the 650-393 training and certification products you require to complete your 650-393 exam preparation. 650-393 exams study material is comprehensive, yet affordable. Guarantee your success with your next 650-393 exam today, by using the 650-393 exams resources and tools.
specializes in helping you, the 650-393 certification candidate, in preparing for your 650-393 certification and for the IT life after you obtain 650-393 certifications.
Selecting for your 650-393 Exams, 650-393 certifications and 650-393 training is the only option when you must pass the first time. 650-393 training is guaranteed to outperform 650-393 braindump sites and the 650-393 braindumps the provide. A 650-393 bootcamp with 650-393 training ensure the success, unlike 650-393 braindump sites.
The 650-393 products you find at .com are compiled and created in the effort that every one of our 650-393 resources will bring you closer to 650-393 Certification success. 650-393 products are frequently updated, keeping every 650-393 tool current and an asset to your 650-393 arsenal.
DOWNLOAD
Labels: CCENT, CCIE, CCIP, CCNP, CISCO, Cisco configure, Cisco Core, Cisco IOS, Cisco Press, Cisco Switches, CWNA
Pass4sure Cisco CCNP Latest Dumps - 642-825 - 642-845 - 642-901 - 642-812
0 comments Posted by Fraternity.5!7 at 11:36 PM
It is well known that Cisco CCNP certification training is experiencing a great demand in IT industry area. In recent years, the CCNP certification has become a global standard for many successful IT companies.
Using the online virtual CCNP practice engine at Pass4sure, no need to purchase anything else or attend expensive training, we promise that you can pass the CCNP certification exam at the first try , or else give you a FULL REFUND. In addition, Pass4sure offers free CCNP practise tests with best questions.
642-825
http://rapidshare.com/files/174313846/642-825_V3.10.rar
642-845
http://rapidshare.com/files/174313847/642-8453_V.10.rar
642-901
http://rapidshare.com/files/174313848/642-9013.10.rar
642-812
http://rapidshare.com/files/174313849/642812_V3.10.rar
Labels: Cisco configure, Cisco Core, Cisco Network, Cisco Router, Cisco Switches, Ebooks
Saturday, December 13, 2008
Having determined that its growth in the enterprise has pretty much stalled, Cisco is looking at video to help it sell equipment to carriers. To do that it’s positioning video traffic as the new data — ready to take over the web.
Because if you’re going to convince service providers to shell out for equipment that can process 6.4 terabytes of data per second, by golly, there needs to be 6 terabytes of traffic to handle. Video files are fat enough to make that threat a reality.
For Cisco, all video — from teleconferencing to cable — is the answer to its growth problem. Its executives anticipate video adding up to $20 billion to the equipment maker’s bottom line. Cisco is betting that cable operators and carriers panicked by the rise of video content are going to start building their own optimized video networks that Cisco calls a medianet. The company believes that others, such an enterprises and content creation companies, will need their own medianets.
Murali Nemani, the director of service provider video solutions, says Cisco is grouping efforts from its consumer, enterprise and service provider businesses under this medianet umbrella. For the enterprise market, Cisco has launched a media encoder that basically lives inside Cisco gear (it is available through a software upgrade), and can convert video files to the appropriate format automatically. Meh. There’s also telepresence, and the promise of unified communications tied to quick video chats. Consumer-side products include some combo device to be announced next year that combines Cisco’s Linksys home router expertise and its acquisition of set-top-box maker Scientific Atlanta.
The service provider side is where it gets interesting. The edge router Cisco announced in November has the ability to cache video, insert ads into video and control errors in transmission. Combine this with what Cisco dubs virtualization in the core of a provider’s network, and suddenly Cisco’s medianet products looks like a cross between a video cloud and a content delivery network. It’s not alone in making this CDN effort.
Nemani says in the coming months Cisco will release some customer wins that illustrate this concept fully, (including a large cable company) but essentially Cisco is building boxes that can host a service such as “Start Over” or a video-on-demand library in one location and deliver those services (with ads!) to all major markets. This eliminates the time delay of deploying a new service across multiple regions and the infrastructure costs of hosting content in multiple locations close to the end user.
“Service providers are asking themselves, “How do I manage all of these assets so they don’t get duplicated across my network, and how do I make it so the content I’m pushing is being delivered efficiently?’” Nemani says.
With Cisco offering equipment at the core and near the edge of their networks, the cable guys may embrace Cisco — after all this is a market with few organized end-to-end products. Ericsson, Motorola, Arris and a plethora of smaller equipment vendors provide equipment, but in cable especially, this is a market where Cisco’s might and wide breadth of product offerings could win.
Labels: CCENT, CCIE, CCIP, CCNP, CISCO, Cisco configure, CISCO MARS, Cisco Network, Cisco Press, Cisco Router, Cisco Switches
CWNA Certified Wireless Network Administrator Official Study Guide (Exam PW0-100)
0 comments Posted by Fraternity.5!7 at 10:58 PM
Fully authorized by the exam developers at the CWNP program, this comprehensive study guide thoroughly covers all the topics on the CWNA certification exam. Work at your own pace through a system of lessons, scenarios, and review questions to learn the material quickly and easily.
CWNA Certified Wireless Network Administrator Official Study Guide will help you prepare for the exam by showing you, step-by-step, how to implement, troubleshoot, and maintain wireless LANs. Get the only study guide endorsed by the creators of the CWNA exam and start your career as an expert wireless network administrator.
Maximize your performance on the exam by learning:
* Wireless Standards, Organizations, and Applications
* Radio Frequency and Antenna Fundamentals
* Spread Spectrum Technologies
* IEEE 802.11
* WLAN Design Models, Topologies, and Infrastructure
* Site Surveying and Network Planning
* Infrastructure and Client Hardware and Software
* Security
* Troubleshooting
Click here for free DOWNLOAD
Labels: CCENT, CCIE, CCNA, CISCO, Cisco configure, Cisco IOS, CISCO MARS, Cisco Network, Cisco Press, Cisco Router, Cisco Switches, CWNA, Ebooks
Friday, December 12, 2008
Design and Implementation of DSL-Based Access Solutions (Cisco Core)
0 comments Posted by Fraternity.5!7 at 11:02 PM
The ultimate DSL deployment guides and reference
* Teaches the reader how to design and implement the network to offer services such as voice, video, and data
* Explains the various access and core architectures for xDSL technologies
* Details how to do mass provisioning and how to manage an end-to-end network
* Includes case studies that depict some of the most common deployed architectures, how they evolved, problems they faced, and how they were overcome
Design and Implementation of DSL-Based Access Solutions addresses various architectures for DSL-based networks. It focuses on how to design and implement an end-to-end solution for service providers, considering various business models such as retail, wholesale, VPN, etc.
This book depicts the different architectures, and helps you understand the key design principles in deploying them. It covers both access encapsulations such as bridging, PPPoA, PPPoE, and routing, as well as core architectures such as IP, L2TP, MPLS/VPN, and ATM. Because it focuses on end-to-end solutions, Design and Implementation of DSL-Based Access Solutions talks about how to do mass provisioning of subscribers and how to manage networks in the most efficient way. It also includes discussions of real-life deployments, their design-related issues, and their implementation.
For Free download click here
Labels: CCENT, CCIE, CCIP, CCNA, CCNP, CISCO, Cisco configure, Cisco Core, CISCO MARS, Cisco Router, Cisco Switches, CWNA, Ebooks
Wednesday, December 10, 2008
Now if you think about it, its an option to get an email when an Incident is created, but you cannot be selective if this was RED, AMBER or GREEN.
Consider this RULE below...
If we duplicate the Rule in question, then edit the Severity to be RED Only, then we can apply an Action of email.
If you leave the default rule, to ANY, then you will probably get 2 Incidents Fired, but only 1 email.
So it may be worth changing the default rule, or duplicating again, to set GREEN or YELLOW Severity Events. (You may want to create a second offset, with an OR operation).
You would need to proceed with caution with this method, as the example choosen has only 1 condition to be met. If you select a more complex rule, then you may get in hot water, and render the rule useless!!!
Labels: CCIE, CCIP, CCNA, CCNP, CISCO, Cisco configure, CISCO MARS, Cisco Network, Cisco Switches, Ebooks
Friday, December 5, 2008
The comprehensive, hands-on guide to all Cisco IOS(r) Software BGP-4 commands
* The complete BGP-4 command reference
* invaluable for network designers, engineers, and architects
* Provides configuration, troubleshooting, and verification scenarios for every possible BGP-4 command supported by Cisco IOS Software that can be implemented on a minimum number of routers
* Groups BGP-4 commands by area of implementation route aggregation, auto-summary, route filtering, and route advertisement, just to name a few
* Provides clear and concise commentary on the initial release, purpose, syntax, and usage of each BGP-4 command
* Offers excellent CCIE certification preparation from one of the CCIE Program Managers
* Includes supplementary information on regular expressions, route map logic, and RFC 1771, A Border Gateway Protocol 4 (BGP-4)
Cisco BGP-4 Command and Configuration Handbook is an exhaustive practical reference to the commands contained within BGP-4. For each command/subcommand, author Bill Parkhurst explains the intended use or function and how to properly configure it. Then he presents scenarios to demonstrate every facet of the command and its use, along with appropriate show and debug commands. Through the discussion of functionality and the scenario-based configuration examples, Cisco BGP-4 Command and Configuration Handbook will help you gain a thorough understanding of the practical side of BGP-4.
Labels: CCIE, CCNA, CCNP, CISCO, Cisco configure, Cisco IOS, Cisco Network, Cisco Press, Cisco Router, Cisco Switches, Ebooks
PacketCable Implementation (Cisco Press Networking Technology)
0 comments Posted by Fraternity.5!7 at 10:57 PMLabels: CCNA, Cisco configure, Cisco Network, Cisco Press, Cisco Router, Cisco Switches, Ebooks
Cisco IOS Dialin VPN Configuration With Radius Users in MySQL
0 comments Posted by Fraternity.5!7 at 10:46 PMFirst off, the tunnel endpoint configuration (for example a 7200 router)
Router#conf t
Router(config)#aaa group server radius dialin
Router(config-sg-radius)#server-private 10.0.0.5 auth-port 1812 acct-port 1813 key MYSECRET
Router(config-sg-radius)#server 10.0.0.5 auth-port 1812 acct-port 1813
Router(config-sg-radius)#exit
Router(config)#aaa authentication ppp default group dialin
Router(config)#aaa authorization network default group dialin
Router(config)#aaa accounting network default start-stop group dialin
Router(config)#vpdn enable
Router(config)#vpdn authorize directed-request
Router(config)#vpdn-group dialingroup
Router(config-vpdn)#accept-dialin
Router(config-vpdn-acc-in)#protocol l2tp
Router(config-vpdn-acc-in)#virtual-template 1
Router(config-vpdn-acc-in)#exit
Router(config-vpdn)#source-ip 10.0.0.1
Router(config-vpdn)#local name vpnrouter
Router(config-vpdn)#lcp renegotiation always
Router(config-vpdn)#no l2tp tunnel authentication
Router(config-vpdn)#ip mtu adjust
Router(config-vpdn)#interface loopback 5
Router(config-if)#description Loopback for VPDN clients
Router(config-if)#ip address 10.0.1.1 255.255.255.0
Router(config-if)#interface virtual-template 1
Router(config-if)#ip unnumbered Loopback5
Router(config-if)#ip tcp adjust-mss 1420
Router(config-if)#ip policy route-map clear-df
Router(config-if)#peer default ip address pool dialinpool
Router(config-if)#no keepalive
Router(config-if)#ppp mru match
Router(config-if)#ppp authentication pap chap
Router(config-if)#exit
Router(config)#ip local pool dialinpool 10.0.1.2 10.0.1.254
Now, we need the radius server on 10.0.0.5 to work
I installed this on a debian system, the freeradius version used there was 1.1.7-1build4
Just run this command as root to install Freeradius and MySQL
apt-get install freeradius-mysql freeradius mysql-server-5.0
You may need to edit /etc/freeradius/radiusd.conf to have the modules pap
and chap loaded if the part is commented out. (the # in the beginning of the lines (not comments) should be removed)
You may also need to remove the comment for
$INCLUDE ${confdir}/sql.conf
Example /etc/freeradius/sql.conf
sql {
driver = “rlm_sql_mysql”
server = “localhost”
login = “freeradius”
password = “mysqlpassword”
radius_db = “radius”
acct_table1 = “radacct”
acct_table2 = “radacct”
postauth_table = “radpostauth”
authcheck_table = “radcheck”
authreply_table = “radreply”
groupcheck_table = “radgroupcheck”
groupreply_table = “radgroupreply”
usergroup_table = “usergroup”
nas_table = “nas”
deletestalesessions = yes
sqltrace = yes
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 5
connect_failure_retry_delay = 60
sql_user_name = “%{Stripped-User-Name}”
# I know my blog design bugs here
authorize_group_check_query = “SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op FROM ${groupcheck_table},${usergroup_table} WHERE ${usergroup_table}.UserName = ‘%{SQL-User-Name}’ AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName ORDER BY ${groupcheck_table}.id”
authorize_group_reply_query = “SELECT ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${groupreply_table}.op FROM ${groupreply_table},${usergroup_table} WHERE ${usergroup_table}.UserName = ‘%{SQL-User-Name}’ AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName ORDER BY ${groupreply_table}.id”
accounting_onoff_query = “UPDATE ${acct_table1} SET AcctStopTime=’%S’, AcctSessionTime=unix_timestamp(’%S’) - unix_timestamp(AcctStartTime), AcctTerminateCause=’%{Acct-Terminate-Cause}’, AcctStopDelay = ‘%{Acct-Delay-Time}’ WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= ‘%{NAS-IP-Address}’ AND AcctStartTime <= '%S'"
accounting_update_query = "UPDATE ${acct_table1} \
SET FramedIPAddress = '%{Framed-IP-Address}', \
AcctSessionTime = '%{Acct-Session-Time}', \
AcctInputOctets = '%{Acct-Input-Octets}', \
AcctOutputOctets = '%{Acct-Output-Octets}' \
WHERE AcctSessionId = '%{Acct-Session-Id}' \
AND UserName = '%{SQL-User-Name}' \
AND NASIPAddress= '%{NAS-IP-Address}'"accounting_update_query_alt = "INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')"
accounting_start_query = "INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"
accounting_start_query_alt = "UPDATE ${acct_table1} SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
accounting_stop_query = "UPDATE ${acct_table2} SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = "INSERT into ${acct_table2} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"
simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
postauth_query = "INSERT into ${postauth_table} (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())"
}
Also this is done in /etc/freeradius/proxy.conf
realm mydsl.com {
type = radius
authhost = LOCAL
accthost = LOCAL
}
Now get the SQL database up and running, login to the MySQL CLI as root and do:
mysql> CREATE DATABASE `radius`;
Query OK, 1 row affected (0.03 sec)
mysql> GRANT ALL PRIVILEGES ON `radius`.* to ‘radius’@'localhost’ IDENTIFIED BY ‘mysqlpassword’;
Query OK, 0 rows affected (0.03 sec)
mysql> USE radius;
Database changed
Then these tables needs to be created
CREATE TABLE `nas` (
`id` int(10) NOT NULL auto_increment,
`nasname` varchar(128) NOT NULL,
`shortname` varchar(32) default NULL,
`type` varchar(30) default ‘other’,
`ports` int(5) default NULL,
`secret` varchar(60) NOT NULL default ’secret’,
`community` varchar(50) default NULL,
`description` varchar(200) default ‘RADIUS Client’,
PRIMARY KEY (`id`),
KEY `nasname` (`nasname`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;CREATE TABLE `radacct` (
`RadAcctId` bigint(21) NOT NULL auto_increment,
`AcctSessionId` varchar(32) NOT NULL default ”,
`AcctUniqueId` varchar(32) NOT NULL default ”,
`UserName` varchar(64) NOT NULL default ”,
`Realm` varchar(64) default ”,
`NASIPAddress` varchar(15) NOT NULL default ”,
`NASPortId` varchar(15) default NULL,
`NASPortType` varchar(32) default NULL,
`AcctStartTime` datetime NOT NULL default ‘0000-00-00 00:00:00′,
`AcctStopTime` datetime NOT NULL default ‘0000-00-00 00:00:00′,
`AcctSessionTime` int(12) default NULL,
`AcctAuthentic` varchar(32) default NULL,
`ConnectInfo_start` varchar(50) default NULL,
`ConnectInfo_stop` varchar(50) default NULL,
`AcctInputOctets` bigint(20) default NULL,
`AcctOutputOctets` bigint(20) default NULL,
`CalledStationId` varchar(50) NOT NULL default ”,
`CallingStationId` varchar(50) NOT NULL default ”,
`AcctTerminateCause` varchar(32) NOT NULL default ”,
`ServiceType` varchar(32) default NULL,
`FramedProtocol` varchar(32) default NULL,
`FramedIPAddress` varchar(15) NOT NULL default ”,
`AcctStartDelay` int(12) default NULL,
`AcctStopDelay` int(12) default NULL,
`XAscendSessionSvrKey` varchar(10) default NULL,
PRIMARY KEY (`RadAcctId`),
KEY `UserName` (`UserName`),
KEY `FramedIPAddress` (`FramedIPAddress`),
KEY `AcctSessionId` (`AcctSessionId`),
KEY `AcctUniqueId` (`AcctUniqueId`),
KEY `AcctStartTime` (`AcctStartTime`),
KEY `AcctStopTime` (`AcctStopTime`),
KEY `NASIPAddress` (`NASIPAddress`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;CREATE TABLE `radcheck` (
`id` int(11) unsigned NOT NULL auto_increment,
`UserName` varchar(64) NOT NULL default ”,
`Attribute` varchar(32) NOT NULL default ”,
`op` char(2) NOT NULL default ‘==’,
`Value` varchar(253) NOT NULL default ”,
PRIMARY KEY (`id`),
KEY `UserName` (`UserName`(32))
) ENGINE=MyISAM AUTO_INCREMENT=374 DEFAULT CHARSET=latin1;CREATE TABLE `radgroupcheck` (
`id` int(11) unsigned NOT NULL auto_increment,
`GroupName` varchar(64) NOT NULL default ”,
`Attribute` varchar(32) NOT NULL default ”,
`op` char(2) NOT NULL default ‘==’,
`Value` varchar(253) NOT NULL default ”,
PRIMARY KEY (`id`),
KEY `GroupName` (`GroupName`(32))
) ENGINE=MyISAM DEFAULT CHARSET=latin1;CREATE TABLE `radgroupreply` (
`id` int(11) unsigned NOT NULL auto_increment,
`GroupName` varchar(64) NOT NULL default ”,
`Attribute` varchar(32) NOT NULL default ”,
`op` char(2) NOT NULL default ‘=’,
`Value` varchar(253) NOT NULL default ”,
PRIMARY KEY (`id`),
KEY `GroupName` (`GroupName`(32))
) ENGINE=MyISAM AUTO_INCREMENT=6 DEFAULT CHARSET=latin1;CREATE TABLE `radippool` (
`id` int(11) unsigned NOT NULL auto_increment,
`pool_name` varchar(30) NOT NULL,
`FramedIPAddress` varchar(15) NOT NULL default ”,
`NASIPAddress` varchar(15) NOT NULL default ”,
`CalledStationId` varchar(30) NOT NULL,
`CallingStationID` varchar(30) NOT NULL,
`expiry_time` datetime NOT NULL default ‘0000-00-00 00:00:00′,
`username` varchar(64) NOT NULL default ”,
`pool_key` varchar(30) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;CREATE TABLE `radpostauth` (
`id` int(11) NOT NULL auto_increment,
`user` varchar(64) NOT NULL default ”,
`pass` varchar(64) NOT NULL default ”,
`reply` varchar(32) NOT NULL default ”,
`date` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;CREATE TABLE `radreply` (
`id` int(11) unsigned NOT NULL auto_increment,
`UserName` varchar(64) NOT NULL default ”,
`Attribute` varchar(32) NOT NULL default ”,
`op` char(2) NOT NULL default ‘=’,
`Value` varchar(253) NOT NULL default ”,
PRIMARY KEY (`id`),
KEY `UserName` (`UserName`(32))
) ENGINE=MyISAM AUTO_INCREMENT=1974 DEFAULT CHARSET=latin1;CREATE TABLE `usergroup` (
`UserName` varchar(64) NOT NULL default ”,
`GroupName` varchar(64) NOT NULL default ”,
`priority` int(11) NOT NULL default ‘1′,
KEY `UserName` (`UserName`(32))
) ENGINE=MyISAM DEFAULT CHARSET=latin1;# This is the replies that every user that belongs to the group ‘clients‘ will receive
INSERT INTO `radgroupreply` VALUES (1,’clients’,'Service-Type’,':=’,'Framed-User’)
INSERT INTO `radgroupreply` VALUES (2,’clients’,'Framed-Protocol’,':=’,'PPP’)
INSERT INTO `radgroupreply` VALUES (3,’clients’,'Framed-Routing’,':=’,'Broadcast-Listen’),
INSERT INTO `radgroupreply` VALUES (4,’clients,’Framed-MTU’,':=’,'1420′)
INSERT INTO `radgroupreply` VALUES (5,’clients’,'Framed-Compression’,':=’,'Van-Jacobsen-TCP-IP’);# This creates a user with username ‘testuser’ and password ‘testpassword’
INSERT INTO `radcheck` VALUES (1,’testuser’,'User-Password’,':=’,'testpassword’);# This assigns 10.0.1.2 to the user ‘testuser’
INSERT INTO `radreply` VALUES (1,’testuser’,'Framed-IP-Address’,':=’,'10.0.1.2′)# This adds the user ‘testuser’ to the group ‘clients’, then it will receive all correct attributes from radgroupreply.
INSERT INTO `usergroup` VALUES (’testuser’,'clients’,1);
Now just restart MySQL and Freeradius and the only thing left to do is to configure the VPDN client.
This is configured on a Cisco 850 series router with the WAN link on FastEthernet 4
Client#conf t
Client(config)#ip domain name mydsl.com
Client(config)#l2tp-class l2tpclass1
Client(config)#pseudowire-class pwclass1
Client(config-pw-class)#encapsulation l2tpv2
Client(config-pw-class)#protocol l2tpv2 l2tpclass1
Client(config-pw-class)#ip local interface FastEthernet4
Client(config-pw-class)#interface virtual-ppp 1
Client(config-if)#ip address negotiated
Client(config-if)#ip tcp adjust-mss 1420
Client(config-if)#ip policy route-map clear-df
Client(config-if)#ppp authentication pap chap callin
Client(config-if)#ppp chap hostname testuser@mydsl.com
Client(config-if)#ppp chap password testpassword
Client(config-if)#ppp pap sent-username testuser@mydsl.com password testpassword
Client(config-if)#ppp ipcp route default
Client(config-if)#pseudowire 10.0.0.1 10 pw-class pwclass1
That should be about it! Don’t be afraid of the comment box!
Labels: CCNA, CISCO, Cisco configure, CISCO MARS, Cisco Network, Cisco Router, Cisco Switches
Log Commands on your Cisco Routers and Switches with Tacacs+ on Linux
0 comments Posted by Fraternity.5!7 at 10:44 PMI am (as always) doing this with Ubuntu linux and so I just have to apt-get the packages I need.
espen@server:~$ sudo apt-get install tac-plus
Password:
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed:
tac-plus
0 upgraded, 1 newly installed, 0 to remove and 104 not upgraded.
Need to get 105kB of archives.
After unpacking 324kB of additional disk space will be used.
Get:1 http://no.archive.ubuntu.com feisty/universe tac-plus 1:4.0.4.alpha-14 [105kB]
Fetched 105kB in 0s (331kB/s)
Selecting previously deselected package tac-plus.
(Reading database … 227388 files and directories currently installed.)
Unpacking tac-plus (from …/tac-plus_1%3a4.0.4.alpha-14_i386.deb) …
Adding system user `tacacs’ (UID 64005) …
Adding new group `tacacs’ (GID 64005) …
Adding new user `tacacs’ (UID 64005) with group `tacacs’ …
Not creating home directory `/home/tacacs’.
Setting up tac-plus (4.0.4.alpha-14) …
Starting Tacacs+ server: tac_plus.
Wow, that was quick… The tacacs+ server is already running!
But wait, we have to configure it just a bit.
For this article I will just focus on the logging part (accounting), but I will continue to write about authentication and authorization to fully comply fully with AAA.
Now, open up /etc/tac-plus/tacacs.conf in your favourite editor, mine is vim.
Be sure to uncomment and set the key, set the accounting file and you should be ready to roll.
key = tercesym
accounting file = /var/log/tac-plus/account
Just restart the tacacs daemon:
espen@server:/etc/tac-plus# sudo /etc/init.d/tac-plus restart
Restarting Tacacs+ server: tac_plus.
espen@server:/etc/tac-plus#
Now to configure this on your cisco equipment, please follow the steps in this article first.
Then to make sure the Cisco IOS Switch or Router will notify your tacacs deamon of accounting events, this is the configuration you need.
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#aaa accounting delay-start
Router(config)#aaa accounting exec default start-stop group tacacs+
Router(config)#aaa accounting commands 15 default start-stop group tacacs+
Router(config)#tacacs-server host 10.0.0.50 key tercesym! If you want the Router to source from a specific IP address
Router(config)#ip tacacs source-interface Loopback 1Router(config)#end
Router#
Now you can verify accounting
Router#show accounting
Active Accounted actions on tty1, User admin Priv 1
Task ID 17, EXEC Accounting record, 00:16:58 Elapsed
task_id=17 start_time=1226261207 timezone=CET service=shell
There is one accounting session running, and you can also check the server to see if any accounting records are recorded.
espen@server:~# sudo tail /var/log/tac-plus/account
Sun Nov 9 21:26:58 2008 10.0.0.98 admin tty1 10.0.0.5 stop task_id=26 start_time=1226262225 timezone=CET service=shell priv-lvl=15 cmd=show accounting
Perfect, now there will be no doubt about who dropped that ‘no router bgp’ command on your Cisco Router!
be refreshing!
I’ll get to IPv6 in the bottom of this, it might prove extremely useful to understand the concept at first.
What are Access Control Lists?
ACLs are simple rulesets, they can be used to filter network traffic, routing updates, matching packets and a lot of different uses. The most common and basic usage must be to restrict network traffic to your router by applying it on the vty lines.
The access control lists have numbers and can also have text as identifiers, each number or string represents a specific access control list.
There are several “classes” of Access Control Lists, the most common ones are
- IP Standard Access List
List numbers 1-99, can only define source or destination, not source and destination. - IP Extended Access List
List numbers 100-199, can define both source and destination as well as port and protocol numbers.
Okay, I understand…. but how do I configure it?
A IP standard access control list with two entries is configured like this
Router#conf t
Router(config)#ip access-list standard 5
Router(config-std-nacl)#5 permit 192.168.0.0 0.0.0.255
Router(config-std-nacl)#10 permit 192.168.1.0 0.0.0.255
To apply this inbound on an interface, just use
Router#conf t
Router(config)#int te 1/1
Router(config-if)#ip access-group 5 in
The alternative way to define an access list number 5 with two entries is
Router#conf t
Router(config)#access-list 5 permit 192.168.0.0 0.0.0.255
Router(config)#access-list 5 permit 192.168.1.0 0.0.0.255
Router(config)#
To apply this one inbound on a line interface
Router#conf t
Router(config)#line vty 1
Router(config-line)#access-class 5 in
Nice, now I have a lot of ACLs configured in my network for all the IPv4 traffic, mon ami! But IPv6 traffic still seems to keep flowing right through, thought you said you were supposed to make sense of all this in the end?
Yeah, I know I promised that and as long as you understand the IPv4 basics you will understand IPv6 pretty well. You will need to understand basic IPv6 subnetting theory to be able to filter subnets (obviously), if anyone wants me to write an article about it, just comment about it and I will get on to it ASAP. When you learn that, you will see that IPv6 access control lists are pretty much the same as for IPv4.
Anyways, I take for granted you understand IPv6 subnetting by now so I will just get right on to the configuration, an example for an IPv6 access list in Cisco IOS follows
Router#conf t
Router(config)#ipv6 access-list myfirewall
Router(config-ipv6-acl)#permit 3ffe:200::/32 any
Router(config-ipv6-acl)#permit 3ffe:100::/32 any
To verify the access-lists just look at this
Router#show access-lists myfirewall
IPv6 access list myfirewall
permit ipv6 3FFE:200::/32 any sequence 10
permit ipv6 3FFE:201::/32 any sequence 20
Router#
To apply this IPv6 Access Control List to an interface, just do as follows
Router#conf t
Router(config)#int te 1/1
Router(config-if)#ipv6 traffic-filter myfirewall in
To apply this IPv6 access control list to a line
Router#conf t
Router(config)#line vty 1
Router(config-line)#ipv6 access-class myfirewall in
Labels: CISCO, Cisco configure, Cisco IOS, CISCO MARS, Cisco Network, Cisco Router, Cisco Switches
Here is a little tutorial on configuring IPv6 BGP peering sessions on Cisco IOS.
First set the IP address on the interface, if this is a private peering session you can use a small network from your own PA block, on an exchange this IP address should be assigned by the exchange administrators.
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int fa 0/0
Router(config-if)#ipv6 address 3ffe:1234:1234::1/64
Then, it can be an idea to nullroute the prefix you are going to announce, I think it is good practice because it will also effectively blackhole traffic destined to unexisting networks.
This will be announced into BGP with the redistribute static configuration item.
Router#conf t
Router(config)#ipv6 route 3ffe:2000::/32 null 0
Now we create a prefix list that permits only this network, this is very important to avoid leaks of prefixes to your peers. This prefix list is going to be applied outbound on to the BGP peering.
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ipv6 prefix-list announceAS65001-ipv6 seq 5 permit 3FFE:2000::/32
! better safe than sorry
Router(config)#ipv6 prefix-list announceAS65001-ipv6 seq 5000 deny ::/0 le 128
Now we are ready to configure the BGP peering session, this is just a simple example and most of these commands can be applied to peer groups, so that each configuration gets easier.
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router bgp 65001
Router(config-router)#redistribute static
Router(config-router)#neighbor 3ffe:1234:1234::2 remote-as 65002
Router(config-router)#address-family ipv6 unicast
Router(config-router-af)#neighbor 3ffe:1234:1234::2 activate
Router(config-router-af)#neighbor 3ffe:1234:1234::2 soft-reconfiguration inbound
Router(config-router-af)#redistribute static
Router(config-router-af)#neighbor 3ffe:1234:1234::2 prefix-list announceAS65001-ipv6 out
This will redistribute the static nullroute we made earlier to the peer at 3ffe:1234:1324::2, and the peering session should be up by now.
I can verify it on the other end:
Router2#sh ip bgp ipv6 unicast
BGP table version is 8, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight Path
*> 3FFE:2000::/32 3FFE:1234:1234::1
0 0 65001 ?
As you can see, the network 3ffe:2000::/32 is now announced on this peering session, the route is sourced from AS65001. You can also get this on the summary:
Router2#sh ip bgp ipv6 unicast summary
BGP router identifier 10.0.0.1, local AS number 65002
BGP table version is 8, main routing table version 8
1 network entries using 152 bytes of memory
1 path entries using 76 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 500 total bytes of memory
BGP activity 2/1 prefixes, 4/3 paths, scan interval 60 secsNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
3FFE:1234:1234::1
4 65001 26 23 8 0 0 00:05:54 1
If you want to see the prefixes announced to a peer or received from a peer. (This requires soft reconfiguration inbound configured on the peering session, neighbor 3ffe:1234:1234::2 soft-reconfiguration inbound in configuration.
Router2#sh ip bgp ipv6 unicast neighbors 3ffe:1234:1234::1 received-routes
BGP table version is 8, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight Path
*> 3FFE:2000::/32 3FFE:1234:1234::1
0 0 65001 ?Total number of prefixes 1
The prefix 3ffe:2000::/32 is received from 3ffe:1234:1234::1.
Router#sh ip bgp ipv6 unicast neighbors 3ffe:1234:1234::2 advertised-routes
BGP table version is 3, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight Path
*> 3FFE:2000::/32 :: 0 32768 ?Total number of prefixes 1
Voila, a better understanding and some real life examples of IPv6 BGP peering in Cisco IOS.
Labels: CISCO, Cisco configure, Cisco IOS, Cisco Network, Cisco Router, Cisco Switches
1. Reverse Path Forwarding
When you enable Reverse Path Forwarding (RPF) on an interface, the router will check with a lookup in the FIB/CEF table to see that there exists a path back to the source address on the interface on which it receives a packet. This avoids spoofing of packets.
The way to configure reverse path forwarding is like this
Router#configure terminal
Router(config)#interface GigabitEthernet 2/1
Router(config-if)#ip verify unicast reverse-path
2. Silence that port
A lot of networks leak sensitive information on their switchports, this should be a pretty silent switchport.
Switch#configure terminal
Switch(config)#interface GigabitEthernet0/16
Switch(config-if)#no cdp enable
Switch(config-if)#spanning-tree bpdufilter enable
Switch(config-if)#no keepalive
This will supress CDP (Cisco Discovery Protocol), spanning-tree bpdu’s and ethernet keepalives on that interface. In my last post I wrote a little about storm-control and port security.
3. Configure AAA and ACL’s for secure VTY access
VTY’s are for example the telnet connections on Cisco, to configure who should be able to access your switch via telnet just do like this:
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#access-list 80 permit 10.0.0.0 0.0.0.255
Switch(config)#access-list 80 permit 192.168.0.0 0.0.255.255
Switch(config)#line vty 0 15
Switch(config-line)#access-class 80 in
Switch(config-line)#end
Switch#
This will limit VTY access to 10.0.0.0/8 and 192.168.0.0/16, the netmask is a Cisco wildcard mask, troubles figuring them out? Try the wildcard cheat.
If you want to have separate users (will show up in logs) instead of the regular password prompt, you can configure AAA as such:
Switch#configure terminal
Switch(config)#username cisco secret mypassword
Switch(config)#aaa new-model
Switch(config)#aaa authentication login default local
Switch(config)#line vty 0 15
Switch(config-line)#login authentication default
Switch(config-line)#^Z
Switch#
4. Encrypt passwords in Configuration
Do you see this in your configuration?
Switch#show run | include ^username
username admin password 0 mysecret
To enable encryption of passwords just configure
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#service password-encryption
Switch(config)#end
*Mar 4 10:21:10.343: %SYS-5-CONFIG_I: Configured from console by console
Switch#show run | include ^username
username admin password 7 060B1632494D1B1C11
This gives Cisco Type 7 encryption (which, I am sorry to say; is very crackable), but it is at least something.
I like to use ’secret’ instead of ‘password’ which gives MD5 passwords in the configuration file, I am not sure of the difference, but it seems to give me what I want.
5. More secure routing protocols with passive-interface default
A passive interface is an interface which does not send nor receive routing information. Passive-interface default is supported by all routing protocols, and is configured quickly.
router routing-protocol
passive-interface default
no passive-interface interface
Passive-interface default sets all interfaces passive, and no passive-interface activates one interface. I have a more real life configuration example below.
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#passive-interface default
Router(config-router)#no passive-interface fastEthernet 0/2
Router(config-router)#^Z
Router#
*Mar 4 10:36:17.931: %SYS-5-CONFIG_I: Configured from console by console
This will ensure that OSPF traffic is only exchanged on fastEthernet 0/2.
Labels: CCNA, CISCO, Cisco configure, Cisco IOS, CISCO MARS, Cisco Network, Cisco Router, Cisco Switches
We know that no one can tap on the console connection since it's directly connected to the Cisco device, but different story for the telnet connection.
Anyone can tap messages from the telnet session.
All messages send in clear text, so it's dangerous to leave default communication with Cisco devices just using telnet.
We can use SSH for secure connection to the Cisco devices. The SSH will encrypt all messages going from your computer to the Cisco devices.
First you're going to need Cisco IOS image that support SSH or IPSec, DES, or 3DES. How would you know that. Well you can just issue the following command:
router> ena
router# show ip ssh
% Invalid input detected at '^' marker.
If it's showing % Invalid input detected at '^' marker., then the IOS does not support SSH.
Now start with the configuration, you have to define a hostname for the Cisco device, and also the domain name for it.
In this example I use hostname of "netrouter" and domain name of "ciscolab.home".
router (config)# hostname netrouter
netrouter (config)# ip domain-name ciscolab.home
Next is to generate the rsa keypair used for the encryption, your device name plus the domain name will be the name of the key.
The modulus is the length of the key, the default value is 512 bits, Cisco recommends a length of 1024 bits.
netrouter (config)# crypto key generate rsa
The name for the keys will be: netrouter.ciscolab.home
Choose the size of the key modulus in the range of 360 to 2048
for your General Purpose Keys. Choosing a key modulus greater than
512 may take a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys ...[OK]
You can also configure some additional parameters for the SSH Connection:
netrouter (config)# ip ssh authentication-retries 5
netrouter (config)# ip ssh time-out 120
netrouter (config)# ip ssh version 2
The first command sets the number of retries if you failed or mistyped the username and password.
The second command sets the time out, the time required to enter the username and password in seconds.
The last command sets the version you want to use for the SSH.
Now we have generated keypair for the encryption, how will the Cisco device authenticates the users coming with SSH connection.
You can either use a AAA server like RADIUS or TACACS+ or you can just use the Cisco device local username and password. For now I'd just use local authentication, first set the username and password then configure the device to accept local authentication for the line vty connections.
netrouter (config)# username Cisco password homelab
netrouter (config)# line vty 0 4
netrouter (config-line)# login local
By now you have successfully configure SSH for Cisco, lets try the SSH, you can use putty for SSH connection, the default port for SSH is 22, you can use other port if you want by issuing ip ssh port 2000 from the global configuration mode.
Change the 2000 with other port ranging from 2000 to 10,000.
Here I'm using the default terminal from Macintosh:
Macintosh:~ krishananda$ ssh Cisco@192.168.1.1
Cisco@192.168.1.1's password:
netrouter>
There, the SSH is working. But the telnet session is also still working, now I want to restrict the Cisco device to only accept SSH connection and deny telnet connection.
WARNING!!!
Do not disconnect from your current connection especially if it's telnet session, in case you messed up with the configuration, you can always undo the changes.
netrouter (config)# line vty 0 4
netrouter (config-line)# transport input ssh
Now if I try to connect using telnet, the router will deny it:
Macintosh:~ krishananda$ telnet 192.168.1.1
Trying 192.168.1.1...
telnet: connect to address 192.168.1.1: Connection refused
telnet: Unable to connect to remote host
Labels: CCNA, CISCO, Cisco configure, Cisco IOS, Cisco Network, Cisco Router, Cisco Switches
Test King 640-801 CCNA (Cisco Certified Network Associate) Free
0 comments Posted by Fraternity.5!7 at 10:30 PM
1060 Questions
The TestKing 640-801 study materials have been designed to ensure your success the first time you take the test.
TestKing GUARANTEES that you will pass your 350-001 exam on your first attempt after using our training products. That's right, with the 100% pass rate, the exam tools that we have created for you are so good - we can't help but guarantee your results.
You can take advantage of the TestKing 350-001 Value Pack and save time and money while developing your skills to pass your exam. This value pack will provide all the training materials you need to build your learning foundation and ensure your success on the exam, for one low price.
DownloadLabels: CCNA, CISCO, Cisco configure, Cisco IOS, Cisco Network, Cisco Router, Cisco Switches, Ebooks
771 Questions
The TestKing 640-802 exam products are designed to maximize your learning productivity and focus only on the important aspects that will help you to pass your exam.
We will provide you with exam questions and verified answers, with detailed explanations, that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. Our exam guides are not just questions and answers. Our questions have detailed explanations for every answer, ensuring that you fully understand the questions and the concept behind the questions.
Download
Labels: CCNA, CISCO, Cisco configure, Cisco IOS, Cisco Network, Cisco Router, Ebooks
Tuesday, December 2, 2008
Security Threat Mitigation and Response: Understanding Cisco Security MARS (Networking Technology)
0 comments Posted by Fraternity.5!7 at 8:32 PM
Dale Tesch is a product sales specialist for the Cisco Security MARS product line for the Cisco Systems® United States AT Security team. Dale came to Cisco Systems through the acquisition of Protego Networks in February 2005. Since then, he has had the primary responsibilities of training the Cisco sales and engineering team on SIM systems and Cisco Security MARS and for providing advanced sales support to Cisco customers.
Greg Abelar has been an employee of Cisco Systems since December 1996. He was an original member of the Cisco Technical Assistance Security team, helping to hire and train many of the team’s engineers. He has held various positions in both the Security Architecture and Security Technical Marketing Engineering teams at Cisco.
* Understand how to protect your network with a defense-in-depth strategy
* Examine real-world examples of cost savings realized by Cisco Security MARS deployments
* Evaluate the technology that underpins the Cisco Security MARS appliance
* Set up and configure Cisco Security MARS devices and customize them for your environment
* Configure Cisco Security MARS to communicate with your existing hosts, servers, network devices, security appliances, and other devices in your network
* Investigate reported threats and use predefined reports and queries to get additional information about events and devices in your network
* Use custom reports and custom queries to generate device and event information about your network and security events
* Learn firsthand from real-world customer stories how Cisco Security MARS has thwarted network attacks
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
DOWNLOAD FOR FREE
Labels: CCENT, CCIE, CCIP, CCNA, CCNP, CISCO, Cisco configure, Cisco IOS, CISCO MARS, Cisco Network, Cisco Router, Ebooks
Cisco Press The Complete Cisco VPN Configuration Guide
0 comments Posted by Fraternity.5!7 at 8:30 PM
Use Cisco concentrators, routers, Cisco PIX and Cisco ASA security appliances, and remote access clients to build a complete VPN solution
* A complete resource for understanding VPN components and VPN design issues
* Learn how to employ state-of-the-art VPN connection types and implement complex VPN configurations on Cisco devices, including routers, Cisco PIX and Cisco ASA security appliances, concentrators, and remote access clients
* Discover troubleshooting tips and techniques from real-world scenarios based on the author’s vast field experience
* Filled with relevant configurations you can use immediately in your own network
With increased use of Internet connectivity and less reliance on private WAN networks, virtual private networks (VPNs) provide a much-needed secure method of transferring critical information. As Cisco Systems® integrates security and access features into routers, firewalls, clients, and concentrators, its solutions become ever more accessible to companies with networks of all sizes. The Complete Cisco VPN Configuration Guide contains detailed explanations of all Cisco® VPN products, describing how to set up IPsec and Secure Sockets Layer (SSL) connections on any type of Cisco device, including concentrators, clients, routers, or Cisco PIX® and Cisco ASA security appliances. With copious configuration examples and troubleshooting scenarios, it offers clear information on VPN implementation designs.
DOWNLOAD FOR FREE
Wednesday, November 26, 2008
Mac OS X Advanced System Administration v10.5 Download
0 comments Posted by Fraternity.5!7 at 11:25 PM
Product Details
* Paperback: 384 pages
* Publisher: Peachpit Press; 1 edition (July 28, 2008)
* Language: English
* ISBN-10: 032156314X
* ISBN-13: 978-0321563149
Product Description
This in-depth look at advanced topics in Mac network administration shows system administrators and other IT professionals how to use Mac OS X Server v10.5 within a multiplatform, heterogeneous environment. Following the learning objectives of the Apple Certified System Administrator course, this book is a perfect study aid for the Apple Certified System Administrator exam.
About the Author
Ed Marczak owns and operates Radiotope, a technology consulting practice focusing on network integration; he is also the executive editor of MacTech magazine and a frequent speaker at Macworld Expo.
DOWNLOAD FOR FREE
Updated with Cisco Confirmation: If you want to know how bad it is going to get for all of us in Silicon Valley, just look at Cisco Systems. For first time in its history the company is going to shut down for four days at the end of the year, according to a report by UBS Research. Remember when such shutdowns were associated with industrial era companies? Well, this is the new past as they say. I heard that a major internal annual event has been put on hold as well.
Cisco’s four-day shutdown is part of an effort by the company to save $1 billion. It might be more than just cost savings because Cisco (and many of us) doesn’t have visibility into 2009. Cisco, as a company has just seen Wall Street, a major customer shrink in size. At the same time it is facing low-cost competition from Dell, HP and Huawei. The New York Times is correct in identifying HP’s ProCurve businesses as slowly becoming a major competitor to Cisco. “HP is a much more formidable challenger to Cisco, and it has sent an obvious message,” Nikos Theodosopoulos, an analyst at UBS Securities told The Times.
Cisco has confirmed the shutdown and other cuts in a blog posting pointing out that it had started talking about these initiatives following its Q1 2009 earnings release
We will be target reductions in travel and discretionary-related expenses, including offsites, outside services, equipment, events, trade shows, marketing and other activities. As part of this effort, we will also implement a year-end shutdown of the US-Canada theater from December 29, 2008, through January 2, 2009 (note that January 1 is already a holiday). There will be some exceptions for targeted business-critical teams including technical assistance services and channel partner and customer product ordering services.
While this is not our first year-end shutdown as we followed this longstanding Silicon Valley practice in our early years as a company, it is our first in over a decade. Given the difficult macroeconomic conditions, we believe our cost control focus at this time is appropriate while still providing our partners and customers with critical services over the holiday period.
Labels: CISCO
Cisco today announced a new edge router capable of moving 6.4 terabytes of data — the equivalent of 200 full length movies — per second. Om anticipated the product last week, pointing out that the influx of data traveling over the Web requires better and faster equipment to manage such complexity and traffic growth. What we also need is a different type of chip.
Routers have to process a lot of data really quickly. They are the air traffic controllers of the Internet: Each time someone types in a URL, the router has to figure out how to get the request to the correct end point. Since the number of possible routes grows every year, as does the number of times a router is consulted, old processors just can’t cut it anymore, especially at the edge where this Cisco router will sit. Instead of making chips for such devices more powerful (and more power-hungry), engineers are following in the footsteps of the server world and adding more cores.
Multicore chips are gaining in use in the embedded world for networking gear, set-top boxes and other applications. In recent routers Cisco had turned to Tensilica, a maker of specialized embedded multicore chips that can take tasks such as routing and video encoding and speed them up without requiring a lot of power. Tensilica calls its products data plane processors or DPUs. Cisco used those DPUs on its QuantumFlow processor.
Cisco is still using the QuantumFlow processor, but has its own custom-designed cores replacing the Tensilica core, inside this latest router, according to sources. However, Intel uses Tensilica cores for audio processing in its new line of systems on a chip built for video players). Other chipmakers, such as Freescale, which in June announced a new family of processors called QorIQ (say “Core IQ”), are tackling the problem of dealing with real-time data in low-power environments with more flexible, multicore embedded processors.
As real-time data processing becomes more important in areas such as reading routing tables and video and audio processing, Tensilica’s DPU cores and Freescale’s chips offer a way to process that information using less power than a general purpose CPU or even a graphics processor that might also be used for the task. Scientists at the Lawrence Berkeley National Lab are even using the Tensilica cores to try to build an energy-efficient supercomputer. In a connected world where devices have to do more but consume less, this type of design may be the way to go.
Labels: Cisco Router
Title: Selecting MPLS VPN Services
Chapter: Implementing Quality of Service
Author: Chris Lewis and Steve Pickavance
Published: February 13, 2006
ISBN: 1587051915
A guide to using and defining MPLS VPN services
- Analyze strengths and weaknesses of TDM and Layer 2 WAN services
- Understand the primary business and technical issues when evaluating IP/MPLS VPN offerings
- Describe the IP addressing, routing, load balancing, convergence, and services capabilities of the IP VPN
- Develop enterprise quality of service (QoS) policies and implementation guidelines
- Achieve scalable support for multicast services
- Learn the benefits and drawbacks of various security and encryption mechanisms
- Ensure proper use of services and plan for future growth with monitoring and reporting services
- Provide remote access, Internet access, and extranet connectivity to the VPN supported intranet·Provide a clear and concise set of steps to plan and execute a network migration from existing ATM/Frame Relay/leased line networks to an IP VPN.......
Title: CCIE Security Exam Certification Guide (CCIE Self-Study)
Chapter: Operating Systems and Cisco Security Applications
Author: Henry Benjamin
Published: April 7, 2003
ISBN: 1587200651
Official self-study test preparation guide for the CCIE Security written exam
Review all CCIE Security written exam topics, including:
- Switching concepts, routing protocols, and WAN protocols, including PPP, ISDN, and Frame Relay
- DNS, TFTP, Secure Shell, Secure Socket Layer Protocol, NTP, and SNMP
- Cisco IOS(r) Software specifics, including password security, password recovery, and standard and extended access lists
- Encryption technologies and security protocols, including TACACS+, RADIUS, and Kerberos Windows and UNIX operating system security issues
- Cisco security applications, including Cisco PIX(r) Firewall, VPN, IDS, and Cisco Policy Manager
- Basic security methods and the evolution of new secure networks including packet filtering, proxies, and NAT/PAT
- Network security policies, vulnerabilities, and protection techniques.......
Title: CCNP Practical Studies: Troubleshooting (CCNP Self-Study)
Chapter: Shooting Trouble with IP
Author: Donna HarringtonPublished: April 4, 2003
ISBN: 1587200570
Gain hands-on experience of CCNP Troubleshooting topics with lab scenarios aligned to the CIT course.
Whether you are seeking practical knowledge to enhance your preparation for the CCNP Troubleshooting exam or you are looking for hands-on experience, CCNP Practical Studies: Troubleshooting (CCNP Self-Study) has what you need to take your skills to the next level.
- Real-word practice labs for all topics included in the CCNP Troubleshooting exam complement theoretical study materials
- Guides show you how to set up a test lab
- Lab scenarios enable readers to test their ability to independently complete a lab
- Comprehensive appendix lists Cisco equipment resellers
Title: CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide (CCSP Self-Study)
Chapter: Getting Started with the Cisco PIX Firewall
Author: Christian Degu and Greg Bastien
Published: April 2, 2003
ISBN: 1587200678
Official self-study test preparation guide for the Cisco 9E0-111 and 642-521 CSPFA exams.
Coverage of the CSPFA topics enables you to identify and fill your knowledge gaps before the exam date. You'll learn about:
- The comprehensive line of Cisco PIX Firewall products and the technology and features central to each one
- Transport protocols, Network Address Translation (NAT), and Port Address Translation (PAT)
- Using access control lists and URL filtering
- Use and configuration of group objects
- Attack guards and intrusion detection
- Concepts that support failover as well as configuration information
- Enabling a secure virtual private network (VPN)
- Using Cisco PIX Device Manager to configure a firewall and to create VPNs
Title: CCSP Cisco Secure VPN Exam Certification Guide (CCSP Self-Study)
Chapter: Configuring Cisco VPN 3000 for Remote Access Using Preshared Keys
Author: John Roland and Mark Newcomb
Published: April 2, 2003
ISBN: 1587200708
Official self-study test preparation guide for the Cisco 9E0-121 and 642-511 CSVPN exams.
Coverage of the CSVPN topics enables you to identify and fill your knowledge gaps before the exam date. You'll learn about:
- Configuring Cisco VPN 3000 concentrators and VPN 3002 Hardware Clients for remote access Enabling secure VPNs using IPSec technologies
- Peer authentication using preshared keys and digital certificates
- Using Network Address Translation (NAT) and Port Address Translation (PAT) over VPNs
- Administering and monitoring VPN concentrators in remote-access and LAN-to-LAN networks Utilizing IPSec protocols and features
- Configuring VPN Client personal firewall support through the VPN concentrator
- Integrated unit and interactive user authentication through the Cisco VPN 3002 Hardware Client
Title: CCNP BSCI Exam Certification Guide (CCNP Self-Study)
Chapter: Using OSPF Across Multiple Areas
Author: Clare Gough
Published: February 11, 2003
ISBN: 1587200783
The official self-study test preparation guide for the Cisco BSCI exam #640-901
Coverage of the CCNP/CCDP/CCIP BSCI exam topics enables you to identify and fill your knowledge gaps before the exam date. You'll learn about:
- Key routing information including classful and classless routing protocols, distance vector and link-state protocol operation, and the fields of the routing table
- Extending IP addresses using VLSMs and route summarization and configuring the IP helper address to manage broadcasts
- Configuring OSPF in a single area and interconnecting multiple OSPF areas
- Configuring and managing integrated IS-IS, ISO addressing, and Level 1 and 2 area design in IS-IS
- Configuring EIGRP, how EIGRP supports the use of VLSM and route summarization, and how EIGRP operates in an NBMA environment
- Configuring and implementing BGP in a scalable network, including how BGP policy-based routing works within an autonomous system, configuring route reflectors, and BGP synchronization
- Optimizing routing update operation by controlling routing update traffic, configuring route redistribution, and configuring policy-based routing
Title: DWDM Network Designs and Engineering Solutions
Chapter: WDM Network Design -1
Author: Ashwin Gumaste and Tony Antony
Published: December 13, 2002
ISBN: 1587050749
A comprehensive book on DWDM network design and implementation solutions
Design Software Included
- Study various optical communication principles as well as communication methodologies in an optical fiber
- Design and evaluate optical components in a DWDM network
- Learn about the effects of noise in signal propagation, especially from OSNR and BER perspectives
- Design optical amplifier-based links
- Learn how to design optical links based on power budget
- Design optical links based on OSNR
- Design a real DWDM network with impairment due to OSNR, dispersion, and gain tilt
- Classify and design DWDM networks based on size and performance
- Understand and design nodal architectures for different classification of DWDM networks
- Comprehend different protocols for transport of data over the DWDM layer
- Learn how to test and measure different parameters in DWDM networks and optical systems
Title: Network Security Principles and Practices (CCIE Professional Development)
Chapter: Secure LAN Switching
Author: Saadat Malik
Published: November 15, 2002
ISBN: 1587050250
Expert solutions for securing network infrastructures and VPNs
- Build security into the network by defining zones, implementing secure routing protocol designs, and building safe LAN switching environments
- Understand the inner workings of the Cisco PIX Firewall and analyze in-depth Cisco PIX Firewall and Cisco IOS Firewall features and concepts
- Understand what VPNs are and how they are implemented with protocols such as GRE, L2TP, and IPSec
- Gain a packet-level understanding of the IPSec suite of protocols, its associated encryption and hashing functions, and authentication techniques
- Learn how network attacks can be categorized and how the Cisco IDS is designed and can be set upto protect against themControl network access by learning how AAA fits into the Cisco security model and by implementing RADIUS and TACACS+ protocols
- Provision service provider security using ACLs, NBAR, and CAR to identify and control attacks
- Identify and resolve common implementation failures by evaluating real-world troubleshooting scenarios
Title: IP Addressing Fundamentals
Chapter: Variable-Length Subnet Masks
Author: Mark Sportack
Published: October 31, 2002
ISBN: 1587050676
The reader-friendly explanation of how the IP address space works and how it is used
- A reader-friendly introduction to the complex and confusing topic of IP addressing
- Thorough and understandable explanations of the binary mathematics behind IP addressing
- Complete coverage of the IPv4 address space without distractions of routing or transport protocols
- Detailed explanations of subnetting and supernetting, Variable Length Subnet Masks (VLSMs), CIDR, NAT, portable address spaces, and IPv6
- Strategies for managing an address space for enterprise WANs, data centers, and ISPs
- Numerous examples and an easy-to-read style of writing that imparts a profound understanding of IP addressing
Title: E-Support: How Cisco Systems Saves Millions While Improving Customer Support
Chapter: Site Architecture
Author: Andrew Connan and Vince Russell
Published: August 26, 2002
ISBN: 158720052X
Cisco's(r) e-support system, known as TAC Web, has benefits for both Cisco and its customers:
- Customers save time because they don't have to wait on hold
- Customers are empowered, finding solutions to many of their problems
- Cisco Systems saves hundreds of millions of dollars in customer-support costs
- TAC Web content solves over 150,000 customer issues per month that would otherwise have gone to phone-based support
CLICK HERE TO DOWNLOAD.........
Labels: CISCO
Saturday, November 22, 2008
Cisco Voice over IP CVoice Authorized Self-Study Guide 2nd Edition
0 comments Posted by Fraternity.5!7 at 10:35 PM
Cisco Voice over IP, Second Edition, is a Cisco®-authorized, self-paced learning tool for Cisco Certified Voice Professional (CCVP) voice over IP (VoIP) foundation learning. This book provides you with the knowledge you need to implement and support data and voice integration solutions at the network-access level. By reading this book, you will gain a thorough understanding of basic IP telephony operation and router configuration, support, troubleshooting, and integration with an existing public switched telephone network (PSTN).
Cisco Voice over IP lays the foundation for gaining hands-on skills and a significant understanding of packet telephony. Coverage includes analog and digital voice connections, voice interface configuration, voice dial peer configuration, VoIP fundamentals, VoIP signaling and call control protocols, and voice quality improvement and maintenance. Chapter review questions, practice items, real-world examples, and hands-on lab exercises all help reinforce learning. Whether you are preparing for CCVP certification or simply want to gain a better understanding of VoIP, you will benefit from the foundation information presented in this book.
Cisco Voice over IP is part of a recommended learning path from Cisco Systems® that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press®. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit: www.cisco.com/go/authorizedtraining.
Kevin Wallace, CCIE® No. 7945, CCVP, CCNP®, CCDP®, is a full-time instructor for Thomson NETg. With 17 years of Cisco internetworking experience, Kevin has been a network design specialist for The Walt Disney World Resort and a network manager for Eastern Kentucky University.
* Understand traditional telephony network concepts and operation as well as the building blocks of packet telephony networks
* Examine the interactions of telephony operations at an electrical level
* Evaluate strategies for overcoming specific challenges in a VoIP network, such as the transmission of fax and modem tones
* Attach a Cisco voice-enabled router to existing telephony devices, such as a PBX or an analog phone
* Add call-routing intelligence to a Cisco voice-enabled router through the use of dial peers
* Address potential challenges and design considerations associated with sending voice across an IP-based network
* Understand the theory and configuration of the call control protocols including H.323, SIP, and MGCP
* Mitigate voice quality issues with various Cisco quality of service (QoS) mechanisms
This volume is in the Certification Self-Study Series offered by Cisco Press®. Books in this series provide officially developed self-study solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations.
http://www.mediafire.com/?dm0xdnlbvxn