Sunday, December 28, 2008

TestInside V3.50

Image

Cisco Certified Network Associate

Exam Number/Code: 640-802
Exam Name: Cisco Certified Network Associate
Questions and Answers: 183 Q&As
Price: $100.00
Update Time: 2008-9-22



TestInside 640-802 Exam Features

Quality and Value for the 640-802 Exam
TestInside Practice Exams for Cisco 640-802 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.

100% Guarantee to Pass Your 640-802 Exam
If you prepare for the exam using our TestInside testing engine, we guarantee your success in the first attempt. If you do not pass the 640-802 exam (Cisco Certified Network Associate) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.

DOWNLOAD:
http://kewlshare.com/dl/7edb36d396d9/T.I_CCNA_640-802_v3.50.rar.html

TestKing V23

Image
Exam Name: Cisco Certified Network Associate
Questions and Answers:767


Guarantee your 640-802 success with our 640-802 Exam Resources. Our exams are developed by experiences IT Professionals working in today's prospering companies and date centers. All our practice exams including 640-802 exam guarantee you the exam success you need.

640-802 can be a challenging exam, measuring your 640-802 Exam skills, and compliments the other exams in this certification.

DOWNLOAD:
http://kewlshare.com/dl/0d6a443d258d/T.K_CCNA_640-802_V23.rar.html

SemSim: Cisco CCNA Exam Router Simulator

Image

SemSim is internationally acclaimed Cisco CCNA exam router simulation software that helps aspiring candidates prepare for the Cisco Certified Network Associate certification exam. Not only does it provide an understanding of networking concepts – through router simulation based virtual labs and practice tests, but also recreates an environment for real-life network configuration practice. It opens new vistas in personal flexibility and time management. SemSim provides you with a classroom quality-learning environment at an affordable price. Start a successful career as a Cisco certified network professional with SemSim now ! We even offer an online free CCNA Study center to provide some helpful articles on basic exam information.


Save Time, Save Money, Prepare Better
- with SemSim Router Simulator, your choice to make for success in the exam

Save Time

SemSim offers you valuable time savings in your preparation for Cisco certification exam, without compromising on the quality of preparation. With Sem-Sim you will get the following time management advantages:

* Do your practicals at your convenience.
* Practice as often as you want.
* No need to enroll at a training lab and wait your turn.
* Save time on the certification exam:
* Simulation questions typically consume the most time on the exam. However with SemSim simulator, exhaustive practice with mock exam simulation questions will ensure that you save time on the exam. This will provide you with better time management to ensure that you have sufficient time to answer the multiple choice/theory questions.

Save Time

SemSim offers you valuable time savings in your preparation for Cisco certification exam, without compromising on the quality of preparation. With Sem-Sim you will get the following time management advantages:

Do your practicals at your convenience.
Practice as often as you want.
No need to enroll at a training lab and wait your turn.
Save time on the certification exam:
Simulation questions typically consume the most time on the exam. However with SemSim simulator, exhaustive practice with mock exam simulation questions will ensure that you save time on the exam. This will provide you with better time management to ensure that you have sufficient time to answer the multiple choice/theory questions.



Today Cisco has introduced a suite of network management software named Network Magic 5.0 . This tool will improve various network tasks like- connecting and sharing computers(content & printer), control computers on network while accessing Internet, connection repairing features, manage performance problem to provide optimize performance and many more. This tool run in the background and indicate/alert each time when new device connect to your network.
The Network Magic 5.0 suit provide the various functionality and provide capability to






* Connect and share content or a printer across a network
* Manage, monitor and control how computers on the network access the Internet
* Diagnose and repair connection and performance problems
* Optimize performance and reliability
* Track network history and usage through reporting capabilities
* Manage active connections and get status updates Control user
* Access and help secure the network from intruders

Features:

* Connect your devices together in minutes.
* Share Internet connections, printers and files.
* Protect your network with enhanced WPA security capabilities and
status alerts.
* Repair your network and Internet connections to stay online and
productive.
* Control access to the Internet and track online activity with remote
desktop screenshots.
* And much more!


http://rapidshare.com/files/167126691/Cisco_Network_Magic_Pro_5.0.8282_-_uygarozdemir.rar

Wednesday, December 24, 2008




As a final preparation tool providing a review of TUC exam topics, the CCVP TUC Quick Reference Sheets complement official Cisco curriculum, other books, or other exam preparatory material.
This digital Short Cut provides you with detailed, graphical-based information, highlighting the key topics on the latest TUC exam in a quick-review format. These fact-filled Quick Reference Sheets allow certification candidates to get all-important information at a glance, helping you focus your study on areas of weakness and enhance memory retention of important concepts.

The CCVP certification recognizes a candidate’s ability to create an IP telephony solution that is transparent, scalable, and manageable. Earning a CCVP certification validates a robust set of skills in implementing, operating, configuring, and troubleshooting a converged IP network. The certification content focuses on Cisco Systems Unified CallManager, quality of service (QoS), gateways, gatekeepers, IP phones, voice applications, and utilities on Cisco routers and Cisco Catalyst switches.

DOWNLOAD



Preparing for 650-393 certifications using 650-393 study guides and 650-393 certification products has never been easier. 650-393 certifications study aides and resources are top of the line products copied by 650-393 braindump sites, but mastered by none.

alone can provide your 650-393 training for your 650-393 certifications. 650-393 training for the 650-393 certifications is complete and guaranteed to be 650-393 braindump free.




Which 650-393 exam is next on your list of the 650-393 exams? will provide you with the 650-393 training and certification products you require to complete your 650-393 exam preparation. 650-393 exams study material is comprehensive, yet affordable. Guarantee your success with your next 650-393 exam today, by using the 650-393 exams resources and tools.

specializes in helping you, the 650-393 certification candidate, in preparing for your 650-393 certification and for the IT life after you obtain 650-393 certifications.

Selecting for your 650-393 Exams, 650-393 certifications and 650-393 training is the only option when you must pass the first time. 650-393 training is guaranteed to outperform 650-393 braindump sites and the 650-393 braindumps the provide. A 650-393 bootcamp with 650-393 training ensure the success, unlike 650-393 braindump sites.

The 650-393 products you find at .com are compiled and created in the effort that every one of our 650-393 resources will bring you closer to 650-393 Certification success. 650-393 products are frequently updated, keeping every 650-393 tool current and an asset to your 650-393 arsenal.

DOWNLOAD



It is well known that Cisco CCNP certification training is experiencing a great demand in IT industry area. In recent years, the CCNP certification has become a global standard for many successful IT companies.

Using the online virtual CCNP practice engine at Pass4sure, no need to purchase anything else or attend expensive training, we promise that you can pass the CCNP certification exam at the first try , or else give you a FULL REFUND. In addition, Pass4sure offers free CCNP practise tests with best questions.



642-825
http://rapidshare.com/files/174313846/642-825_V3.10.rar

642-845
http://rapidshare.com/files/174313847/642-8453_V.10.rar

642-901
http://rapidshare.com/files/174313848/642-9013.10.rar

642-812
http://rapidshare.com/files/174313849/642812_V3.10.rar


Saturday, December 13, 2008

Having determined that its growth in the enterprise has pretty much stalled, Cisco is looking at video to help it sell equipment to carriers. To do that it’s positioning video traffic as the new data — ready to take over the web.

Because if you’re going to convince service providers to shell out for equipment that can process 6.4 terabytes of data per second, by golly, there needs to be 6 terabytes of traffic to handle. Video files are fat enough to make that threat a reality.

For Cisco, all video — from teleconferencing to cable — is the answer to its growth problem. Its executives anticipate video adding up to $20 billion to the equipment maker’s bottom line. Cisco is betting that cable operators and carriers panicked by the rise of video content are going to start building their own optimized video networks that Cisco calls a medianet. The company believes that others, such an enterprises and content creation companies, will need their own medianets.

Murali Nemani, the director of service provider video solutions, says Cisco is grouping efforts from its consumer, enterprise and service provider businesses under this medianet umbrella. For the enterprise market, Cisco has launched a media encoder that basically lives inside Cisco gear (it is available through a software upgrade), and can convert video files to the appropriate format automatically. Meh. There’s also telepresence, and the promise of unified communications tied to quick video chats. Consumer-side products include some combo device to be announced next year that combines Cisco’s Linksys home router expertise and its acquisition of set-top-box maker Scientific Atlanta.

The service provider side is where it gets interesting. The edge router Cisco announced in November has the ability to cache video, insert ads into video and control errors in transmission. Combine this with what Cisco dubs virtualization in the core of a provider’s network, and suddenly Cisco’s medianet products looks like a cross between a video cloud and a content delivery network. It’s not alone in making this CDN effort.

Nemani says in the coming months Cisco will release some customer wins that illustrate this concept fully, (including a large cable company) but essentially Cisco is building boxes that can host a service such as “Start Over” or a video-on-demand library in one location and deliver those services (with ads!) to all major markets. This eliminates the time delay of deploying a new service across multiple regions and the infrastructure costs of hosting content in multiple locations close to the end user.

“Service providers are asking themselves, “How do I manage all of these assets so they don’t get duplicated across my network, and how do I make it so the content I’m pushing is being delivered efficiently?’” Nemani says.

With Cisco offering equipment at the core and near the edge of their networks, the cable guys may embrace Cisco — after all this is a market with few organized end-to-end products. Ericsson, Motorola, Arris and a plethora of smaller equipment vendors provide equipment, but in cable especially, this is a market where Cisco’s might and wide breadth of product offerings could win.


Fully authorized by the exam developers at the CWNP program, this comprehensive study guide thoroughly covers all the topics on the CWNA certification exam. Work at your own pace through a system of lessons, scenarios, and review questions to learn the material quickly and easily.

CWNA Certified Wireless Network Administrator Official Study Guide will help you prepare for the exam by showing you, step-by-step, how to implement, troubleshoot, and maintain wireless LANs. Get the only study guide endorsed by the creators of the CWNA exam and start your career as an expert wireless network administrator.

Maximize your performance on the exam by learning:

* Wireless Standards, Organizations, and Applications
* Radio Frequency and Antenna Fundamentals
* Spread Spectrum Technologies
* IEEE 802.11
* WLAN Design Models, Topologies, and Infrastructure
* Site Surveying and Network Planning
* Infrastructure and Client Hardware and Software
* Security
* Troubleshooting

Click here for free DOWNLOAD


Friday, December 12, 2008


The ultimate DSL deployment guides and reference

* Teaches the reader how to design and implement the network to offer services such as voice, video, and data
* Explains the various access and core architectures for xDSL technologies
* Details how to do mass provisioning and how to manage an end-to-end network
* Includes case studies that depict some of the most common deployed architectures, how they evolved, problems they faced, and how they were overcome

Design and Implementation of DSL-Based Access Solutions addresses various architectures for DSL-based networks. It focuses on how to design and implement an end-to-end solution for service providers, considering various business models such as retail, wholesale, VPN, etc.

This book depicts the different architectures, and helps you understand the key design principles in deploying them. It covers both access encapsulations such as bridging, PPPoA, PPPoE, and routing, as well as core architectures such as IP, L2TP, MPLS/VPN, and ATM. Because it focuses on end-to-end solutions, Design and Implementation of DSL-Based Access Solutions talks about how to do mass provisioning of subscribers and how to manage networks in the most efficient way. It also includes discussions of real-life deployments, their design-related issues, and their implementation.

For Free download click here


Wednesday, December 10, 2008

I got asked the question the other day, if it was possible only to receive an email, when Incidents were of the RED Severity.

Now if you think about it, its an option to get an email when an Incident is created, but you cannot be selective if this was RED, AMBER or GREEN.

Now there is a noddy way to achieve this, if you want to go the trouble, and this would be based on duplicating rules...

Consider this RULE below...

If fires based on events received in the Info/UncommonTraffic/Chat and Info/UncommonTraffic/Chat/Proxy groups, but for ANY severity. There is no "Action" defined for this Rule.

If we duplicate the Rule in question, then edit the Severity to be RED Only, then we can apply an Action of email.

If you leave the default rule, to ANY, then you will probably get 2 Incidents Fired, but only 1 email.

So it may be worth changing the default rule, or duplicating again, to set GREEN or YELLOW Severity Events. (You may want to create a second offset, with an OR operation).

You would need to proceed with caution with this method, as the example choosen has only 1 condition to be met. If you select a more complex rule, then you may get in hot water, and render the rule useless!!!




Friday, December 5, 2008


The comprehensive, hands-on guide to all Cisco IOS(r) Software BGP-4 commands

* The complete BGP-4 command reference
* invaluable for network designers, engineers, and architects
* Provides configuration, troubleshooting, and verification scenarios for every possible BGP-4 command supported by Cisco IOS Software that can be implemented on a minimum number of routers

* Groups BGP-4 commands by area of implementation route aggregation, auto-summary, route filtering, and route advertisement, just to name a few
* Provides clear and concise commentary on the initial release, purpose, syntax, and usage of each BGP-4 command
* Offers excellent CCIE certification preparation from one of the CCIE Program Managers
* Includes supplementary information on regular expressions, route map logic, and RFC 1771, A Border Gateway Protocol 4 (BGP-4)

Cisco BGP-4 Command and Configuration Handbook is an exhaustive practical reference to the commands contained within BGP-4. For each command/subcommand, author Bill Parkhurst explains the intended use or function and how to properly configure it. Then he presents scenarios to demonstrate every facet of the command and its use, along with appropriate show and debug commands. Through the discussion of functionality and the scenario-based configuration examples, Cisco BGP-4 Command and Configuration Handbook will help you gain a thorough understanding of the practical side of BGP-4.


The definitive guide to PacketCable network design, provisioning, configuration, management, and security
# Comprehensive guide for the latest information on emerging Cable IP standards
# Includes extensive coverage of VoIP protocols in PacketCable networks
# Learn from case studies, sample network designs, and sample configurations using real-life examples

PacketCable networks use Internet protocol (IP) technology to enable a wide range of multimedia services, such as IP telephony, multimedia conferencing, interactive gaming, and general multimedia applications. Such business and residential services delivered over a cable infrastructure is a natural extension of a cable network and is a key component of the cable industry's business growth strategy. The cable industry need for knowledgeable engineering professionals is expected to increase dramatically. PacketCable Implementation will supply IP networking information to those versed in cable video networks and help those deploying cable IP networks understand the ramifications of deploying PacketCable service on the cable network. Real-world case studies, tips, sample configurations, and sample network designs are included in this book. Tables and charts in every chapter will serve as quick and easy references to key points and each chapter will close with a summary section and chapter review questions, which will assess the readers understanding of the subject matter.

* Discover the PacketCable "big picture," including key application opportunities

* Learn about the latest generation of PacketCable standards and specifications, including PacketCable 2.0 and DOCSIS 3.0
* Understand the functional components of a PacketCable network and how they fit together

* Walk step-by-step through provisioning, including protocols, flows, and MTA configuration

* Gain an in-depth understanding of call signaling: message formats, Network-based Call Signaling (NCS), PSTN interconnects, Call Management Server Signaling (CMSS), and more
* Implement efficient, high-performance media streaming

* Deploy, analyze, manage, and troubleshoot a state-of-the-art QoS framework
* Manage crucial network considerations, including lawful intercept

DOWNLOAD





First off, the tunnel endpoint configuration (for example a 7200 router)

Router#conf t
Router(config)#aaa group server radius dialin
Router(config-sg-radius)#server-private 10.0.0.5 auth-port 1812 acct-port 1813 key MYSECRET
Router(config-sg-radius)#server 10.0.0.5 auth-port 1812 acct-port 1813
Router(config-sg-radius)#exit
Router(config)#aaa authentication ppp default group dialin
Router(config)#aaa authorization network default group dialin
Router(config)#aaa accounting network default start-stop group dialin
Router(config)#vpdn enable
Router(config)#vpdn authorize directed-request
Router(config)#vpdn-group dialingroup
Router(config-vpdn)#accept-dialin
Router(config-vpdn-acc-in)#protocol l2tp
Router(config-vpdn-acc-in)#virtual-template 1
Router(config-vpdn-acc-in)#exit
Router(config-vpdn)#source-ip 10.0.0.1
Router(config-vpdn)#local name vpnrouter
Router(config-vpdn)#lcp renegotiation always
Router(config-vpdn)#no l2tp tunnel authentication
Router(config-vpdn)#ip mtu adjust
Router(config-vpdn)#interface loopback 5
Router(config-if)#description Loopback for VPDN clients
Router(config-if)#ip address 10.0.1.1 255.255.255.0
Router(config-if)#interface virtual-template 1
Router(config-if)#ip unnumbered Loopback5
Router(config-if)#ip tcp adjust-mss 1420
Router(config-if)#ip policy route-map clear-df
Router(config-if)#peer default ip address pool dialinpool
Router(config-if)#no keepalive
Router(config-if)#ppp mru match
Router(config-if)#ppp authentication pap chap
Router(config-if)#exit
Router(config)#ip local pool dialinpool 10.0.1.2 10.0.1.254

Now, we need the radius server on 10.0.0.5 to work
I installed this on a debian system, the freeradius version used there was 1.1.7-1build4

Just run this command as root to install Freeradius and MySQL

apt-get install freeradius-mysql freeradius mysql-server-5.0

You may need to edit /etc/freeradius/radiusd.conf to have the modules pap

and chap loaded if the part is commented out. (the # in the beginning of the lines (not comments) should be removed)

You may also need to remove the comment for

$INCLUDE ${confdir}/sql.conf

Example /etc/freeradius/sql.conf

sql {
driver = “rlm_sql_mysql”
server = “localhost”
login = “freeradius”
password = “mysqlpassword”
radius_db = “radius”
acct_table1 = “radacct”
acct_table2 = “radacct”
postauth_table = “radpostauth”
authcheck_table = “radcheck”
authreply_table = “radreply”
groupcheck_table = “radgroupcheck”
groupreply_table = “radgroupreply”
usergroup_table = “usergroup”
nas_table = “nas”
deletestalesessions = yes
sqltrace = yes
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 5
connect_failure_retry_delay = 60
sql_user_name = “%{Stripped-User-Name}”
# I know my blog design bugs here
authorize_group_check_query = “SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op FROM ${groupcheck_table},${usergroup_table} WHERE ${usergroup_table}.UserName = ‘%{SQL-User-Name}’ AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName ORDER BY ${groupcheck_table}.id”
authorize_group_reply_query = “SELECT ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${groupreply_table}.op FROM ${groupreply_table},${usergroup_table} WHERE ${usergroup_table}.UserName = ‘%{SQL-User-Name}’ AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName ORDER BY ${groupreply_table}.id”
accounting_onoff_query = “UPDATE ${acct_table1} SET AcctStopTime=’%S’, AcctSessionTime=unix_timestamp(’%S’) - unix_timestamp(AcctStartTime), AcctTerminateCause=’%{Acct-Terminate-Cause}’, AcctStopDelay = ‘%{Acct-Delay-Time}’ WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= ‘%{NAS-IP-Address}’ AND AcctStartTime <= '%S'"
accounting_update_query = "UPDATE ${acct_table1} \
SET FramedIPAddress = '%{Framed-IP-Address}', \
AcctSessionTime = '%{Acct-Session-Time}', \
AcctInputOctets = '%{Acct-Input-Octets}', \
AcctOutputOctets = '%{Acct-Output-Octets}' \
WHERE AcctSessionId = '%{Acct-Session-Id}' \
AND UserName = '%{SQL-User-Name}' \
AND NASIPAddress= '%{NAS-IP-Address}'"

accounting_update_query_alt = "INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')"

accounting_start_query = "INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"

accounting_start_query_alt = "UPDATE ${acct_table1} SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"

accounting_stop_query = "UPDATE ${acct_table2} SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"

accounting_stop_query_alt = "INSERT into ${acct_table2} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"
simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
postauth_query = "INSERT into ${postauth_table} (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())"
}

Also this is done in /etc/freeradius/proxy.conf

realm mydsl.com {
type = radius
authhost = LOCAL
accthost = LOCAL
}

Now get the SQL database up and running, login to the MySQL CLI as root and do:

mysql> CREATE DATABASE `radius`;
Query OK, 1 row affected (0.03 sec)
mysql> GRANT ALL PRIVILEGES ON `radius`.* to ‘radius’@'localhost’ IDENTIFIED BY ‘mysqlpassword’;
Query OK, 0 rows affected (0.03 sec)
mysql> USE radius;
Database changed

Then these tables needs to be created

CREATE TABLE `nas` (
`id` int(10) NOT NULL auto_increment,
`nasname` varchar(128) NOT NULL,
`shortname` varchar(32) default NULL,
`type` varchar(30) default ‘other’,
`ports` int(5) default NULL,
`secret` varchar(60) NOT NULL default ’secret’,
`community` varchar(50) default NULL,
`description` varchar(200) default ‘RADIUS Client’,
PRIMARY KEY (`id`),
KEY `nasname` (`nasname`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

CREATE TABLE `radacct` (
`RadAcctId` bigint(21) NOT NULL auto_increment,
`AcctSessionId` varchar(32) NOT NULL default ”,
`AcctUniqueId` varchar(32) NOT NULL default ”,
`UserName` varchar(64) NOT NULL default ”,
`Realm` varchar(64) default ”,
`NASIPAddress` varchar(15) NOT NULL default ”,
`NASPortId` varchar(15) default NULL,
`NASPortType` varchar(32) default NULL,
`AcctStartTime` datetime NOT NULL default ‘0000-00-00 00:00:00′,
`AcctStopTime` datetime NOT NULL default ‘0000-00-00 00:00:00′,
`AcctSessionTime` int(12) default NULL,
`AcctAuthentic` varchar(32) default NULL,
`ConnectInfo_start` varchar(50) default NULL,
`ConnectInfo_stop` varchar(50) default NULL,
`AcctInputOctets` bigint(20) default NULL,
`AcctOutputOctets` bigint(20) default NULL,
`CalledStationId` varchar(50) NOT NULL default ”,
`CallingStationId` varchar(50) NOT NULL default ”,
`AcctTerminateCause` varchar(32) NOT NULL default ”,
`ServiceType` varchar(32) default NULL,
`FramedProtocol` varchar(32) default NULL,
`FramedIPAddress` varchar(15) NOT NULL default ”,
`AcctStartDelay` int(12) default NULL,
`AcctStopDelay` int(12) default NULL,
`XAscendSessionSvrKey` varchar(10) default NULL,
PRIMARY KEY (`RadAcctId`),
KEY `UserName` (`UserName`),
KEY `FramedIPAddress` (`FramedIPAddress`),
KEY `AcctSessionId` (`AcctSessionId`),
KEY `AcctUniqueId` (`AcctUniqueId`),
KEY `AcctStartTime` (`AcctStartTime`),
KEY `AcctStopTime` (`AcctStopTime`),
KEY `NASIPAddress` (`NASIPAddress`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

CREATE TABLE `radcheck` (
`id` int(11) unsigned NOT NULL auto_increment,
`UserName` varchar(64) NOT NULL default ”,
`Attribute` varchar(32) NOT NULL default ”,
`op` char(2) NOT NULL default ‘==’,
`Value` varchar(253) NOT NULL default ”,
PRIMARY KEY (`id`),
KEY `UserName` (`UserName`(32))
) ENGINE=MyISAM AUTO_INCREMENT=374 DEFAULT CHARSET=latin1;

CREATE TABLE `radgroupcheck` (
`id` int(11) unsigned NOT NULL auto_increment,
`GroupName` varchar(64) NOT NULL default ”,
`Attribute` varchar(32) NOT NULL default ”,
`op` char(2) NOT NULL default ‘==’,
`Value` varchar(253) NOT NULL default ”,
PRIMARY KEY (`id`),
KEY `GroupName` (`GroupName`(32))
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

CREATE TABLE `radgroupreply` (
`id` int(11) unsigned NOT NULL auto_increment,
`GroupName` varchar(64) NOT NULL default ”,
`Attribute` varchar(32) NOT NULL default ”,
`op` char(2) NOT NULL default ‘=’,
`Value` varchar(253) NOT NULL default ”,
PRIMARY KEY (`id`),
KEY `GroupName` (`GroupName`(32))
) ENGINE=MyISAM AUTO_INCREMENT=6 DEFAULT CHARSET=latin1;

CREATE TABLE `radippool` (
`id` int(11) unsigned NOT NULL auto_increment,
`pool_name` varchar(30) NOT NULL,
`FramedIPAddress` varchar(15) NOT NULL default ”,
`NASIPAddress` varchar(15) NOT NULL default ”,
`CalledStationId` varchar(30) NOT NULL,
`CallingStationID` varchar(30) NOT NULL,
`expiry_time` datetime NOT NULL default ‘0000-00-00 00:00:00′,
`username` varchar(64) NOT NULL default ”,
`pool_key` varchar(30) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

CREATE TABLE `radpostauth` (
`id` int(11) NOT NULL auto_increment,
`user` varchar(64) NOT NULL default ”,
`pass` varchar(64) NOT NULL default ”,
`reply` varchar(32) NOT NULL default ”,
`date` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

CREATE TABLE `radreply` (
`id` int(11) unsigned NOT NULL auto_increment,
`UserName` varchar(64) NOT NULL default ”,
`Attribute` varchar(32) NOT NULL default ”,
`op` char(2) NOT NULL default ‘=’,
`Value` varchar(253) NOT NULL default ”,
PRIMARY KEY (`id`),
KEY `UserName` (`UserName`(32))
) ENGINE=MyISAM AUTO_INCREMENT=1974 DEFAULT CHARSET=latin1;

CREATE TABLE `usergroup` (
`UserName` varchar(64) NOT NULL default ”,
`GroupName` varchar(64) NOT NULL default ”,
`priority` int(11) NOT NULL default ‘1′,
KEY `UserName` (`UserName`(32))
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

# This is the replies that every user that belongs to the group ‘clients‘ will receive
INSERT INTO `radgroupreply` VALUES (1,’clients’,'Service-Type’,':=’,'Framed-User’)
INSERT INTO `radgroupreply` VALUES (2,’clients’,'Framed-Protocol’,':=’,'PPP’)
INSERT INTO `radgroupreply` VALUES (3,’clients’,'Framed-Routing’,':=’,'Broadcast-Listen’),
INSERT INTO `radgroupreply` VALUES (4,’clients,’Framed-MTU’,':=’,'1420′)
INSERT INTO `radgroupreply` VALUES (5,’clients’,'Framed-Compression’,':=’,'Van-Jacobsen-TCP-IP’);

# This creates a user with username ‘testuser’ and password ‘testpassword’
INSERT INTO `radcheck` VALUES (1,’testuser’,'User-Password’,':=’,'testpassword’);

# This assigns 10.0.1.2 to the user ‘testuser’
INSERT INTO `radreply` VALUES (1,’testuser’,'Framed-IP-Address’,':=’,'10.0.1.2′)

# This adds the user ‘testuser’ to the group ‘clients’, then it will receive all correct attributes from radgroupreply.
INSERT INTO `usergroup` VALUES (’testuser’,'clients’,1);

Now just restart MySQL and Freeradius and the only thing left to do is to configure the VPDN client.

This is configured on a Cisco 850 series router with the WAN link on FastEthernet 4

Client#conf t
Client(config)#ip domain name mydsl.com
Client(config)#l2tp-class l2tpclass1
Client(config)#pseudowire-class pwclass1
Client(config-pw-class)#encapsulation l2tpv2
Client(config-pw-class)#protocol l2tpv2 l2tpclass1
Client(config-pw-class)#ip local interface FastEthernet4
Client(config-pw-class)#interface virtual-ppp 1
Client(config-if)#ip address negotiated
Client(config-if)#ip tcp adjust-mss 1420
Client(config-if)#ip policy route-map clear-df
Client(config-if)#ppp authentication pap chap callin
Client(config-if)#ppp chap hostname testuser@mydsl.com
Client(config-if)#ppp chap password testpassword
Client(config-if)#ppp pap sent-username testuser@mydsl.com password testpassword
Client(config-if)#ppp ipcp route default
Client(config-if)#pseudowire 10.0.0.1 10 pw-class pwclass1

That should be about it! Don’t be afraid of the comment box!






I am (as always) doing this with Ubuntu linux and so I just have to apt-get the packages I need.

espen@server:~$ sudo apt-get install tac-plus
Password:
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed:
tac-plus
0 upgraded, 1 newly installed, 0 to remove and 104 not upgraded.
Need to get 105kB of archives.
After unpacking 324kB of additional disk space will be used.
Get:1 http://no.archive.ubuntu.com feisty/universe tac-plus 1:4.0.4.alpha-14 [105kB]
Fetched 105kB in 0s (331kB/s)
Selecting previously deselected package tac-plus.

(Reading database … 227388 files and directories currently installed.)
Unpacking tac-plus (from …/tac-plus_1%3a4.0.4.alpha-14_i386.deb) …
Adding system user `tacacs’ (UID 64005) …
Adding new group `tacacs’ (GID 64005) …
Adding new user `tacacs’ (UID 64005) with group `tacacs’ …
Not creating home directory `/home/tacacs’.
Setting up tac-plus (4.0.4.alpha-14) …
Starting Tacacs+ server: tac_plus.

Wow, that was quick… The tacacs+ server is already running!
But wait, we have to configure it just a bit.

For this article I will just focus on the logging part (accounting), but I will continue to write about authentication and authorization to fully comply fully with AAA.

Now, open up /etc/tac-plus/tacacs.conf in your favourite editor, mine is vim.
Be sure to uncomment and set the key, set the accounting file and you should be ready to roll.

key = tercesym
accounting file = /var/log/tac-plus/account

Just restart the tacacs daemon:

espen@server:/etc/tac-plus# sudo /etc/init.d/tac-plus restart
Restarting Tacacs+ server: tac_plus.
espen@server:/etc/tac-plus#

Now to configure this on your cisco equipment, please follow the steps in this article first.
Then to make sure the Cisco IOS Switch or Router will notify your tacacs deamon of accounting events, this is the configuration you need.

Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#aaa accounting delay-start
Router(config)#aaa accounting exec default start-stop group tacacs+
Router(config)#aaa accounting commands 15 default start-stop group tacacs+
Router(config)#tacacs-server host 10.0.0.50 key tercesym

! If you want the Router to source from a specific IP address
Router(config)#ip tacacs source-interface Loopback 1

Router(config)#end
Router#

Now you can verify accounting

Router#show accounting

Active Accounted actions on tty1, User admin Priv 1
Task ID 17, EXEC Accounting record, 00:16:58 Elapsed
task_id=17 start_time=1226261207 timezone=CET service=shell

There is one accounting session running, and you can also check the server to see if any accounting records are recorded.

espen@server:~# sudo tail /var/log/tac-plus/account
Sun Nov 9 21:26:58 2008 10.0.0.98 admin tty1 10.0.0.5 stop task_id=26 start_time=1226262225 timezone=CET service=shell priv-lvl=15 cmd=show accounting

Perfect, now there will be no doubt about who dropped that ‘no router bgp’ command on your Cisco Router!






be refreshing!

I’ll get to IPv6 in the bottom of this, it might prove extremely useful to understand the concept at first.

What are Access Control Lists?
ACLs are simple rulesets, they can be used to filter network traffic, routing updates, matching packets and a lot of different uses. The most common and basic usage must be to restrict network traffic to your router by applying it on the vty lines.

The access control lists have numbers and can also have text as identifiers, each number or string represents a specific access control list.

There are several “classes” of Access Control Lists, the most common ones are

  1. IP Standard Access List

    List numbers 1-99, can only define source or destination, not source and destination.
  2. IP Extended Access List
    List numbers 100-199, can define both source and destination as well as port and protocol numbers.

Okay, I understand…. but how do I configure it?

A IP standard access control list with two entries is configured like this

Router#conf t
Router(config)#ip access-list standard 5
Router(config-std-nacl)#5 permit 192.168.0.0 0.0.0.255
Router(config-std-nacl)#10 permit 192.168.1.0 0.0.0.255

To apply this inbound on an interface, just use

Router#conf t
Router(config)#int te 1/1
Router(config-if)#ip access-group 5 in

The alternative way to define an access list number 5 with two entries is

Router#conf t
Router(config)#access-list 5 permit 192.168.0.0 0.0.0.255
Router(config)#access-list 5 permit 192.168.1.0 0.0.0.255
Router(config)#

To apply this one inbound on a line interface

Router#conf t
Router(config)#line vty 1
Router(config-line)#access-class 5 in

Nice, now I have a lot of ACLs configured in my network for all the IPv4 traffic, mon ami! But IPv6 traffic still seems to keep flowing right through, thought you said you were supposed to make sense of all this in the end?

Yeah, I know I promised that and as long as you understand the IPv4 basics you will understand IPv6 pretty well. You will need to understand basic IPv6 subnetting theory to be able to filter subnets (obviously), if anyone wants me to write an article about it, just comment about it and I will get on to it ASAP. When you learn that, you will see that IPv6 access control lists are pretty much the same as for IPv4.

Anyways, I take for granted you understand IPv6 subnetting by now so I will just get right on to the configuration, an example for an IPv6 access list in Cisco IOS follows

Router#conf t
Router(config)#ipv6 access-list myfirewall
Router(config-ipv6-acl)#permit 3ffe:200::/32 any
Router(config-ipv6-acl)#permit 3ffe:100::/32 any

To verify the access-lists just look at this

Router#show access-lists myfirewall
IPv6 access list myfirewall
permit ipv6 3FFE:200::/32 any sequence 10
permit ipv6 3FFE:201::/32 any sequence 20
Router#

To apply this IPv6 Access Control List to an interface, just do as follows

Router#conf t
Router(config)#int te 1/1
Router(config-if)#ipv6 traffic-filter myfirewall in

To apply this IPv6 access control list to a line

Router#conf t
Router(config)#line vty 1
Router(config-line)#ipv6 access-class myfirewall in






Here is a little tutorial on configuring IPv6 BGP peering sessions on Cisco IOS.

First set the IP address on the interface, if this is a private peering session you can use a small network from your own PA block, on an exchange this IP address should be assigned by the exchange administrators.

Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int fa 0/0
Router(config-if)#ipv6 address 3ffe:1234:1234::1/64

Then, it can be an idea to nullroute the prefix you are going to announce, I think it is good practice because it will also effectively blackhole traffic destined to unexisting networks.

This will be announced into BGP with the redistribute static configuration item.

Router#conf t
Router(config)#ipv6 route 3ffe:2000::/32 null 0

Now we create a prefix list that permits only this network, this is very important to avoid leaks of prefixes to your peers. This prefix list is going to be applied outbound on to the BGP peering.

Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ipv6 prefix-list announceAS65001-ipv6 seq 5 permit 3FFE:2000::/32
! better safe than sorry
Router(config)#ipv6 prefix-list announceAS65001-ipv6 seq 5000 deny ::/0 le 128

Now we are ready to configure the BGP peering session, this is just a simple example and most of these commands can be applied to peer groups, so that each configuration gets easier.

Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router bgp 65001
Router(config-router)#redistribute static
Router(config-router)#neighbor 3ffe:1234:1234::2 remote-as 65002
Router(config-router)#address-family ipv6 unicast
Router(config-router-af)#neighbor 3ffe:1234:1234::2 activate
Router(config-router-af)#neighbor 3ffe:1234:1234::2 soft-reconfiguration inbound
Router(config-router-af)#redistribute static
Router(config-router-af)#neighbor 3ffe:1234:1234::2 prefix-list announceAS65001-ipv6 out

This will redistribute the static nullroute we made earlier to the peer at 3ffe:1234:1324::2, and the peering session should be up by now.

I can verify it on the other end:

Router2#sh ip bgp ipv6 unicast
BGP table version is 8, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 3FFE:2000::/32 3FFE:1234:1234::1
0 0 65001 ?

As you can see, the network 3ffe:2000::/32 is now announced on this peering session, the route is sourced from AS65001. You can also get this on the summary:

Router2#sh ip bgp ipv6 unicast summary
BGP router identifier 10.0.0.1, local AS number 65002
BGP table version is 8, main routing table version 8
1 network entries using 152 bytes of memory
1 path entries using 76 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 500 total bytes of memory
BGP activity 2/1 prefixes, 4/3 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
3FFE:1234:1234::1
4 65001 26 23 8 0 0 00:05:54 1

If you want to see the prefixes announced to a peer or received from a peer. (This requires soft reconfiguration inbound configured on the peering session, neighbor 3ffe:1234:1234::2 soft-reconfiguration inbound in configuration.

Router2#sh ip bgp ipv6 unicast neighbors 3ffe:1234:1234::1 received-routes
BGP table version is 8, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 3FFE:2000::/32 3FFE:1234:1234::1
0 0 65001 ?

Total number of prefixes 1

The prefix 3ffe:2000::/32 is received from 3ffe:1234:1234::1.

Router#sh ip bgp ipv6 unicast neighbors 3ffe:1234:1234::2 advertised-routes
BGP table version is 3, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 3FFE:2000::/32 :: 0 32768 ?

Total number of prefixes 1

Voila, a better understanding and some real life examples of IPv6 BGP peering in Cisco IOS.




1. Reverse Path Forwarding
When you enable Reverse Path Forwarding (RPF) on an interface, the router will check with a lookup in the FIB/CEF table to see that there exists a path back to the source address on the interface on which it receives a packet. This avoids spoofing of packets.

The way to configure reverse path forwarding is like this

Router#configure terminal
Router(config)#interface GigabitEthernet 2/1
Router(config-if)#ip verify unicast reverse-path

2. Silence that port
A lot of networks leak sensitive information on their switchports, this should be a pretty silent switchport.

Switch#configure terminal
Switch(config)#interface GigabitEthernet0/16
Switch(config-if)#no cdp enable
Switch(config-if)#spanning-tree bpdufilter enable
Switch(config-if)#no keepalive

This will supress CDP (Cisco Discovery Protocol), spanning-tree bpdu’s and ethernet keepalives on that interface. In my last post I wrote a little about storm-control and port security.

3. Configure AAA and ACL’s for secure VTY access
VTY’s are for example the telnet connections on Cisco, to configure who should be able to access your switch via telnet just do like this:

Switch#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#access-list 80 permit 10.0.0.0 0.0.0.255
Switch(config)#access-list 80 permit 192.168.0.0 0.0.255.255
Switch(config)#line vty 0 15
Switch(config-line)#access-class 80 in
Switch(config-line)#end
Switch#

This will limit VTY access to 10.0.0.0/8 and 192.168.0.0/16, the netmask is a Cisco wildcard mask, troubles figuring them out? Try the wildcard cheat.

If you want to have separate users (will show up in logs) instead of the regular password prompt, you can configure AAA as such:

Switch#configure terminal
Switch(config)#username cisco secret mypassword
Switch(config)#aaa new-model
Switch(config)#aaa authentication login default local
Switch(config)#line vty 0 15
Switch(config-line)#login authentication default
Switch(config-line)#^Z
Switch#

4. Encrypt passwords in Configuration
Do you see this in your configuration?

Switch#show run | include ^username
username admin password 0 mysecret

To enable encryption of passwords just configure

Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#service password-encryption
Switch(config)#end
*Mar 4 10:21:10.343: %SYS-5-CONFIG_I: Configured from console by console
Switch#show run | include ^username
username admin password 7 060B1632494D1B1C11

This gives Cisco Type 7 encryption (which, I am sorry to say; is very crackable), but it is at least something.
I like to use ’secret’ instead of ‘password’ which gives MD5 passwords in the configuration file, I am not sure of the difference, but it seems to give me what I want.

5. More secure routing protocols with passive-interface default
A passive interface is an interface which does not send nor receive routing information. Passive-interface default is supported by all routing protocols, and is configured quickly.

router routing-protocol
passive-interface default
no passive-interface interface

Passive-interface default sets all interfaces passive, and no passive-interface activates one interface. I have a more real life configuration example below.

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#passive-interface default
Router(config-router)#no passive-interface fastEthernet 0/2
Router(config-router)#^Z
Router#
*Mar 4 10:36:17.931: %SYS-5-CONFIG_I: Configured from console by console

This will ensure that OSPF traffic is only exchanged on fastEthernet 0/2.





Configuring SSH for Cisco

In the CCNA level, we only know how to connect to Cisco devices using console connection and telnet connection.

We know that no one can tap on the console connection since it's directly connected to the Cisco device, but different story for the telnet connection.
Anyone can tap messages from the telnet session.

All messages send in clear text, so it's dangerous to leave default communication with Cisco devices just using telnet.

We can use SSH for secure connection to the Cisco devices. The SSH will encrypt all messages going from your computer to the Cisco devices.

First you're going to need Cisco IOS image that support SSH or IPSec, DES, or 3DES. How would you know that. Well you can just issue the following command:

router> ena
router# show ip ssh
% Invalid input detected at '^' marker.

If it's showing % Invalid input detected at '^' marker., then the IOS does not support SSH.

Now start with the configuration, you have to define a hostname for the Cisco device, and also the domain name for it.
In this example I use hostname of "netrouter" and domain name of "ciscolab.home".

router (config)# hostname netrouter
netrouter (config)# ip domain-name ciscolab.home

Next is to generate the rsa keypair used for the encryption, your device name plus the domain name will be the name of the key.
The modulus is the length of the key, the default value is 512 bits, Cisco recommends a length of 1024 bits.

netrouter (config)# crypto key generate rsa

The name for the keys will be: netrouter.ciscolab.home
Choose the size of the key modulus in the range of 360 to 2048
for your General Purpose Keys. Choosing a key modulus greater than
512 may take a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys ...[OK]

You can also configure some additional parameters for the SSH Connection:

netrouter (config)# ip ssh authentication-retries 5
netrouter (config)# ip ssh time-out 120
netrouter (config)# ip ssh version 2

The first command sets the number of retries if you failed or mistyped the username and password.
The second command sets the time out, the time required to enter the username and password in seconds.
The last command sets the version you want to use for the SSH.

Now we have generated keypair for the encryption, how will the Cisco device authenticates the users coming with SSH connection.
You can either use a AAA server like RADIUS or TACACS+ or you can just use the Cisco device local username and password. For now I'd just use local authentication, first set the username and password then configure the device to accept local authentication for the line vty connections.

netrouter (config)# username Cisco password homelab
netrouter (config)# line vty 0 4
netrouter (config-line)# login local

By now you have successfully configure SSH for Cisco, lets try the SSH, you can use putty for SSH connection, the default port for SSH is 22, you can use other port if you want by issuing ip ssh port 2000 from the global configuration mode.
Change the 2000 with other port ranging from 2000 to 10,000.

Here I'm using the default terminal from Macintosh:

Macintosh:~ krishananda$ ssh Cisco@192.168.1.1
Cisco@192.168.1.1's password:

netrouter>

There, the SSH is working. But the telnet session is also still working, now I want to restrict the Cisco device to only accept SSH connection and deny telnet connection.

WARNING!!!

Do not disconnect from your current connection especially if it's telnet session, in case you messed up with the configuration, you can always undo the changes.


netrouter (config)# line vty 0 4
netrouter (config-line)# transport input ssh

Now if I try to connect using telnet, the router will deny it:

Macintosh:~ krishananda$ telnet 192.168.1.1
Trying 192.168.1.1...
telnet: connect to address 192.168.1.1: Connection refused
telnet: Unable to connect to remote host





Questions & Answers 640-801 - Questions & Answers

Interactive Testing Engine Included!
1060 Questions

The TestKing 640-801 study materials have been designed to ensure your success the first time you take the test.

TestKing GUARANTEES that you will pass your 350-001 exam on your first attempt after using our training products. That's right, with the 100% pass rate, the exam tools that we have created for you are so good - we can't help but guarantee your results.

You can take advantage of the TestKing 350-001 Value Pack and save time and money while developing your skills to pass your exam. This value pack will provide all the training materials you need to build your learning foundation and ensure your success on the exam, for one low price.

Download




Questions & Answers 640-802 - Questions & Answers

Interactive Testing Engine Included!
771 Questions

The TestKing 640-802 exam products are designed to maximize your learning productivity and focus only on the important aspects that will help you to pass your exam.

We will provide you with exam questions and verified answers, with detailed explanations, that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. Our exam guides are not just questions and answers. Our questions have detailed explanations for every answer, ensuring that you fully understand the questions and the concept behind the questions.

Download





Tuesday, December 2, 2008


Dale Tesch is a product sales specialist for the Cisco Security MARS product line for the Cisco Systems® United States AT Security team. Dale came to Cisco Systems through the acquisition of Protego Networks in February 2005. Since then, he has had the primary responsibilities of training the Cisco sales and engineering team on SIM systems and Cisco Security MARS and for providing advanced sales support to Cisco customers.

Greg Abelar has been an employee of Cisco Systems since December 1996. He was an original member of the Cisco Technical Assistance Security team, helping to hire and train many of the team’s engineers. He has held various positions in both the Security Architecture and Security Technical Marketing Engineering teams at Cisco.

* Understand how to protect your network with a defense-in-depth strategy
* Examine real-world examples of cost savings realized by Cisco Security MARS deployments
* Evaluate the technology that underpins the Cisco Security MARS appliance
* Set up and configure Cisco Security MARS devices and customize them for your environment
* Configure Cisco Security MARS to communicate with your existing hosts, servers, network devices, security appliances, and other devices in your network
* Investigate reported threats and use predefined reports and queries to get additional information about events and devices in your network
* Use custom reports and custom queries to generate device and event information about your network and security events
* Learn firsthand from real-world customer stories how Cisco Security MARS has thwarted network attacks

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

DOWNLOAD FOR FREE


Use Cisco concentrators, routers, Cisco PIX and Cisco ASA security appliances, and remote access clients to build a complete VPN solution

* A complete resource for understanding VPN components and VPN design issues
* Learn how to employ state-of-the-art VPN connection types and implement complex VPN configurations on Cisco devices, including routers, Cisco PIX and Cisco ASA security appliances, concentrators, and remote access clients
* Discover troubleshooting tips and techniques from real-world scenarios based on the author’s vast field experience
* Filled with relevant configurations you can use immediately in your own network

With increased use of Internet connectivity and less reliance on private WAN networks, virtual private networks (VPNs) provide a much-needed secure method of transferring critical information. As Cisco Systems® integrates security and access features into routers, firewalls, clients, and concentrators, its solutions become ever more accessible to companies with networks of all sizes. The Complete Cisco VPN Configuration Guide contains detailed explanations of all Cisco® VPN products, describing how to set up IPsec and Secure Sockets Layer (SSL) connections on any type of Cisco device, including concentrators, clients, routers, or Cisco PIX® and Cisco ASA security appliances. With copious configuration examples and troubleshooting scenarios, it offers clear information on VPN implementation designs.


DOWNLOAD FOR FREE