Making the most of your Network Management System
|
|
- Shannon Gray
- 5 years ago
- Views:
Transcription
1 Making the most of your Network Management System Karl Solie, CCIE 4599, CCSI Ramsey County Technical Services '()*+,-&.&/(0( &9:&/(1;45160&:(,<51(8&=(6>&:?(156058)& Author of CCIE Practical Studies Volume 1 & Volume 2 &
2 Making the most of your Network Management System Session Outline Components of a Managed Network (Technical, and fun, Section) Simple Network Management Protocol (SNMP) Configuring Basic Management Detailed Management Template for Cisco Routers and Switches Securing SNMP and Network Management Gaining the most of NMS (Fun Section) Network Maps Configuration Management Alerting Visual Path Tracking Other Features Make your NMS evolutionary not revolutionary, and a valuable tool for your team. RFC Listing What is a NMS /+&26-(&);(&2+8)&+@&A+3,&'B:C&5)&58&<(,A&52?+,)64)&)+&34>(,8)64>&);(& D34>62(4)608&+@&:'BEF&/;58&?,+)+1+0&*500&-(A&54&?,+<5>54G&600&);(&1++0&H(008&64>&& I;58)0(8&>+*4&);(&,+6>F&& & J4&:'BEK2646G(>&4()*+,-&1+4858)8&+@&);,((&-(A&1+2?+4(4)8L& B646G(>&M(<51(8& JG(4)8&.&B9N8& '()*+,-K2646G(2(4)&8A8)(28&O'B:8PF "&
3 What is a NMS B646G(>&>(<51(8&6,(&2+45)+,(>&64>&1+4),+00(>&3854G&@+3,&H6851&:'BE& >8L&"#$%&'()"%&)#*%&64>&)#+",#-&.*"#/.0,F&& & /;(&"#$&1+2264>&58&38(>&HA&64&'B:&)+&2+45)+,&2646G(>&>(<51(8F&/;(&'B:& (R6254(8&>5S(,(4)&<6,56H0(8&);6)&6,(&2654)654(>&HA&2646G(>&>(<51(8F& && /;(&'()"&1+2264>&58&38(>&HA&64&'B:&)+&1+4),+0&2646G(>&>(<51(8F&/;(&'B:& 1;64G(8&);(&<603(8&+@&<6,56H0(8&8)+,(>&*5);54&2646G(>&>(<51(8F&& & /;(&)#*&1+2264>&58&38(>&HA&2646G(>&>(<51(8&)+&68A41;,+4+380A&,(?+,)& (<(4)8&)+&);(&'B:F&I;(4&1(,)654&)A?(8&+@&(<(4)8&+113,C&6&2646G(>&>(<51(& 8(4>8&6&),6?&)+&);(&'B:F&& & 1#+",#-&.*"#/.0,&6,(&38(>&HA&);(&'B:&)+&>()(,254(&*;51;&<6,56H0(8&6& 2646G(>&>(<51(&83??+,)8&64>&)+&8(T3(47600A&G6);(,&54@+,267+4&54&<6,56H0(& )6H0(8C&831;&68&6&,+374G&)6H0(F&& SNMP Simple Network Management Protocol (SNMP) UDP port 161, 162 (Traps) 2345&6",(.0&7&& :'BE<&58&6&852?0(&,(T3(8)#,(8?+48(&?,+)+1+0F&/;(&4()*+,-K2646G(2(4)&8A8)(2&5883(8&6&,(T3(8)C& 64>&2646G(>&>(<51(8&,()3,4&,(8?+48(8F&/;58&H(;6<5+,&58&52?0(2(4)(>&HA&3854G&+4(&+@&@+3,&?,+)+1+0& +?(,67+48L&U()C&U()'(R)C&:()C&64>&/,6?F&/;(&U()&+?(,67+4&58&38(>&HA&);(&'B:&)+&,(),5(<(&);(&<603(&+@& +4(&+,&2+,(&+HV(1)&548)641(8&@,+2&64&6G(4)& & 2345&6",(.0&8&& O:'BE<"&64>&:'BE/<"1P&58&64&(<+037+4&+@&);(&545760&<(,85+4C&:'BE<F&:'BE<"1&58&541+2?67H0(&*5);& :'BE<&54&)*+&-(A&6,(68L&2(886G(&@+,26)8&64>&?,+)+1+0&+?(,67+48F&:'BE<"1&2(886G(8&38(& >5S(,(4)&;(6>(,&64>&?,+)+1+0&>6)6&345)&OEMWP&@+,26)8&@,+2&:'BE<&2(886G(8F&:'BE<"1&608+&38(8& )*+&?,+)+1+0&+?(,67+48&);6)&6,(&4+)&8?(15X(>&54&:'BE<F&D3,);(,2+,(C&YDZ&"[%\&>(X4(8&)*+&?+885H0(&:'BE<#<"1&1+(R58)(41(&8),6)(G5(8F&& & 2345&6",(.0&9&& :'BE&<(,85+4&Q&O:'BE<QP&?,+<5>(8&8(13,(&(R1;64G(8&+@&2646G(2(4)&>6)6&H()*((4&4()*+,-&>(<51(8& 64>&2646G(2(4)&8)67+48F&/;(&(41,A?7+4&64>&63);( &@(6)3,(8&54&:'BE<Q&(483,(&;5G;& 8(13,5)A&54&),648?+,74G&?61-()8&)+&6&2646G(2(4)&1+48+0(& Q&
4 SNMP SNMP Data and message flow Configuring basic Management SNMP is one of the primary building blocks for your management system. Managed devices can be anything depending on how much detail you want from and to provide to that device. To get the most of your Network Management system, consider the following for managed devices: SNMP support (Versions) ICMP Support NTP and standardize clocks (Stratum 1-3) Independent IP address/ranges for mngt Syslog Server SNMP Read, Read/Write Community Strings SSHv2 Support Develop a standard template that can be used to mange a ranges of devices. Management Template for Cisco Routers and Switches $&
5 Configuring basic Management on Cisco Routers and Switches SETUP Proper timestamps service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone clock timezone CST -6 clock summer-time CDT recurring SETUP NTP for consistent clocks on all devices ntp server ntp server SETUP a high privilege level for your NMS username NMS-1 privilege 15 password MN-Symposium-2017 SETUP a Management Interface for your NMS (Virtual addresses are always up) interface Loopback1 description mngt-id ip address Configuring basic Management on Cisco Routers and Switches SETUP SSHv2 for configuration backup and secure writing ip domain-name co.countyname.mn.us crypto key generate rsa general-keys modulus 2048 ip ssh time-out 20 ip ssh authentication-retries 2 ip ssh version 2 SETUP a SYSLOG Server for your NMS logging host session-id hostname SETUP SNMP READ and WRITE strings snmp-server community R@mseyn3t-sym2017-w RW snmp-server community R@mseyn3t-sym2017-r RO [&
6 Configuring basic Management on Cisco Routers and Switches SETUP SSH access to the router and switch line vty 0 4 login local no transport input exec-timeout 20 logging sync transport input ssh Securing SNMP and Network Management Always Secure SNMP and management access: SNMP is often overlooked Consider the following security enhancements: Disable older management protocols like TELNET Disable public SNMP community and/or read read/write keys Use Complex SNMP Community strings Only allow your NMS Server and other key subnets reachability to your managed devices. (Use loopbacks, VRFs) Use the highest version of SNMP you can, SNMPv3 if available Use SSHv2 and above only (Set Modulus for 2048 bits.) Use ACLs to restrict SSH, SNMP community access. \&
7 Securing SNMP and Network Management SETUP ACL for the NMS platform and other privileged access access-list 99 permit host access-list 99 permit SETUP ACLs for SNMP snmp-server community RW 99 snmp-server community RO 99 REMOVE and public community strings no snmp-server community public RO SETUP Secure access for SSH line vty 0 4 access-class 99 in Gaining the most of your NMS; Maps Make your Maps Shine Make Maps meaningful A quick glance to tell what's going on. Keep your teams and MNGT informed. Make Maps Color coded, and Dynamic (Be Creative) Make Maps viewable on all devices (Tablets, Phones, etc) Use NOC views. Keep them up to date. Maps and data must be accurate, your NMS must have Integrity. Making detailed, color coded dynamic maps takes time and a lot of work. Keep working on your maps and evolve them over years. Remember your Maps must have Integrity. Upkeep is essential %&
8 ]&
9 "#$#%& ^&
10 "#$#%& Change and Configuration Management Just don t backup. Make the Backups Useful Backup Startup - Sundays 06:00 a.m. Backup Active Memory Fridays 6:00 p.m. Compare for Weekly Change Audit _&
11 Change Advanced Alerting Use automated Alerting, but be careful Too many s means no one reads them. Be selective on what and who gets the alerts Test the alerts before adding people to the list Use more then just down alerts Make headers very descriptive. Use High Priority when it is a high priority. Use different key words, alert, warning, critical Track on High availability timers, but only send these to key personal. &
12 Alerts Alerts: Use detailed descriptions so you can ascertain the issue just by headers: Alerts: Track High Availability Timers "&
13 Visual path trackers Use Visual Trace Route applications to isolate problems. Launch agents from your NMS, Test segments and known good segments to isolate path and network problems. Know exactly what path, the probability of that path, latency, delay, etc, and even owner s phone number. NetPath Google Q&
14 Net Path Net Path $&
15 Integration to other systems opens up even more features LADP Integration can provide User Device Tracking Net flow for traffic analysis and QoS Hardware EOS/EOL Support List, warning, and other OS related info HIPPA, PCI, security audits and recommendations. Mass configuration changes and custom jobs, automation Parting Notes Make your NMS evolutionary not revolutionary. Make good use of your information, (Informed to information overload) Upkeep, is essential for the integrity of the system. Make your NMS work for your team and your organization. Make it a valuable tool. RFC List included in the back. [&
16 RFC Lists YDZ&[[& O:/M&\P&`&"#$%"$#&'()*'+*&),-%(,.)'./'0()(1&2&)"'+)/.#2(,.)'/.#'"3&' (:&*'+)"&#)&":&& YDZ&[\& Oa58)+,51P&`&0()(1&2&)"'+)/.#2(,.)';(:&'/.#'<&"=.#>'0()(1&2&)"'./' (:&*'?)"&#)&":&& YDZ&[%& YDZ&"Q& O:/M&%P&`&0()(1&2&)"'+)/.#2(,.)';(:&'/.#'<&"=.#>'0()(1&2&)"'./' (:&*'?)"&#)&":E'0+;8++&YDZ&$["& YDZ&^_& OcR?(,52(4)60P&`&+)"#.*$%,.)'".'5.22$)?"K89(:&*'<06GI&& YDZ&^_"& OM,6d&:)64>6,>P&`&"#$%"$#&'./'0()(1&2&)"'+)/.#2(,.)'/.#'<06GI&ObH8+0()(>&HA&YDZ&"[%]P&& YDZ&^_]& O:)64>6,>8&/,61-P&`&5.&F?:"&)%&'9&"=&&)'L&#:?.)'H'()*'L&#:?.)'I'./'"3&'+)"&#)&"8:"()*(#*'<&"=.#>'0()(1&2&)"'J#(2&=.#>&YDZ&"[%_& &YDZ&"[%]& O:/M&[]P&`&"#$%"$#&'./'0()(1&2&)"'+)/.#2(,.)'L&#:?.)'I'C0+GID&& YDZ&Q$_& \&
17 RFC Lists YDZ&Q$& YDZ&Q$"& &`&0&::(1&'6#.%&::?)1'()*'N?:A("%3?)1'/.#'"3&'?2AB&'<&"=.#>'0()(1&2&)"'6#.".%.B'C<06D& YDZ&Q$Q& YDZ&Q$$& &`&O:Y(:&*'&%$#?"K'0.*&B'CO0D'/.#'G&#:?.)'M'./'"3&'?2AB&'<&"=.#>'0()(1&2&)"'6#.".%.B'C<06GMD& YDZ&Q$[& YDZ&Q$\& &`&L&#:?.)'I'./'"3&'6#.".%.B'PA&#(,.):'/.#'"3&'?2AB&'<&"=.#>'0()(1&2&)"'6#.".%.B'C<06D& YDZ&Q$%& &`&4#():A.#"'0(AA?)1:'/.#'"3&'?2AB&'<&"=.#>'0()(1&2&)"'6#.".%.B'C<06D& YDZ&Q$]& &`&0()(1&2&)"'+)/.#2(,.)';(:&'C0+;D'/.#'"3&'?2AB&'<&"=.#>'0()(1&2&)"'6#.".%.B'C<06D& RFC Lists YDZ&Q$Q_& OcR?(,52(4)60P&`&?2AB&'<&"=.#>'0()(1&2&)"'6#.".%.B'C<06D'.G&#'4#():2?::?.)'5.)"#.B'6#.".%.B'C456D'4#():A.#"'0(AA?)1&& YDZ&Q[]$& ONZE&%$P&`&5.&F?:"&)%&'9&"=&&)'L&#:?.)'HQ'L&#:?.)'IQ'()*'L&#:?.)'M'./'"3&'+)"&#)&"8:"()*(#*'<&"=.#>'0()(1&2&)"'J#(2&=.#>&& YDZ&Q]"\& YDZ&$%]^& OE,+?+8(>P&`&?2AB&'<&"=.#>'0()(1&2&)"'6#.".%.B'C<06D'.G&#'+RRR'STI'<&"=.#>:&& YDZ&[Q$Q& O:/M&%]P&`&?2AB&'<&"=.#>'0()(1&2&)"'6#.".%.B'C<06D'5.)"&F"'R)1?)&+N'N?:%.G&#K&& YDZ&[[^_& O:/M&%]P&`&4#():A.#"'$9:K:"&2'/.#'"3&'?2AB&'<&"=.#>'0()(1&2&)"'6#.".%.B'C<06D&& YDZ&[[^& O:/M&%]P&`&4#():A.#"'&%$#?"K'0.*&B'/.#'"3&'?2AB&'<&"=.#>'0()(1&2&)"'6#.".%.B'C<06D&& YDZ&[[^"& OE,+?+8(>P&`&&%$#&'3&BB'4#():A.#"'0.*&B'/.#'"3&'?2AB&'<&"=.#>'0()(1&2&)"'6#.".%.B'C<06D&& YDZ&[\_]& YDZ&\Q[Q& O:/M&%]P&`&4#():A.#"'W(K&#'&%$#?"K'C4WD'4#():A.#"'0.*&B'/.#'"3&'?2AB&'<&"=.#>'0()(1&2&)"'6#.".%.B'C<06D&& YDZ&%\Q_& %&
18 ]&
Note that you can also use the password command but the secret command gives you a better encryption algorithm.
Router Device Security Lab Configuring Secure Passwords 1. Configure the enable secret and password enable password TRUSTME enable secret letmein Look at the configuration: show config terminal Note the
More informationSecurity Hardening Checklist for Cisco Routers/Switches in 10 Steps
Security Hardening Checklist for Cisco Routers/Switches in 10 Steps Network infrastructure devices (routers, switches, load balancers, firewalls etc) are among the assets of an enterprise that play an
More informationCisco Configuration. Network Monitoring and Management
Network Monitoring and Management Cisco Configuration These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationNetwork security session 9-2 Router Security. Network II
Network security session 9-2 Router Security Network II Router security First line of defense of the network Compromise of a router can lead to many issues: Denial of network services Degrading of network
More informationConfiguring the Management Interface and Security
CHAPTER 5 Configuring the Management Interface and Security Revised: February 15, 2011, Introduction This module describes how to configure the physical management interfaces (ports) as well as the various
More informationNetwork Monitoring and Management Cisco Configuration
Network Monitoring and Management Cisco Configuration These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationPacket Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations (Instructor Version)
Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only.
More informationLab Guide 1 - Basic Configuration and Interface Configuration
IXP Workshop Lab Lab Guide 1 - Basic Configuration and Interface Configuration Objective: All the workshop lab routers are set to the default configuration and cabling requirements are prebuild according
More informationAutoSecure. Finding Feature Information. Last Updated: January 18, 2012
AutoSecure Last Updated: January 18, 2012 The AutoSecure feature secures a router by using a single CLI command to disable common IP services that can be exploited for network attacks, enable IP services
More informationOverview of the Cisco NCS Command-Line Interface
CHAPTER 1 Overview of the Cisco NCS -Line Interface This chapter provides an overview of how to access the Cisco Prime Network Control System (NCS) command-line interface (CLI), the different command modes,
More informationModule 11 Advanced Router Configuration
Module 11 Advanced Router Configuration ISP/IXP Networking Workshop Lab Objective: Create a basic physical lab interconnection with two autonomous systems. Each AS should use OSPF, ibgp and ebgp appropriately
More informationLab Configuring and Verifying Extended ACLs Topology
Topology 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.10.1
More informationPayload Types At Different OSI Layers: Layer 2 - Frame Layer 3 - Packet Layer 4 - Datagram
Payload Types At Different OSI Layers: Layer 2 - Frame Layer 3 - Packet Layer 4 - Datagram Default Cisco Terminal Options: 9600 bits/second No hardware flow control 8-bit ASCII No parity 1 stop bit Setting
More informationLab 7 Configuring Basic Router Settings with IOS CLI
Lab 7 Configuring Basic Router Settings with IOS CLI Objectives Part 1: Set Up the Topology and Initialize Devices Cable equipment to match the network topology. Initialize and restart the router and switch.
More informationPROTECTING NETWORK INFRASTRUCTURE - ROUTERS, SWITCHES, ETC.
PROTECTING NETWORK INFRASTRUCTURE - ROUTERS, SWITCHES, ETC. Configuration Corrupt Config Database RADB Intercept Configuration Transport Transport Attacks Trojan Horses in Code 2-4-2 Network Infrastructure
More informationIPsec Anti-Replay Window Expanding and Disabling
IPsec Anti-Replay Window Expanding and Disabling Cisco IP security (IPsec) authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence
More informationIPsec Anti-Replay Window: Expanding and Disabling
IPsec Anti-Replay Window: Expanding and Disabling First Published: February 28, 2005 Last Updated: March 24, 2011 Cisco IP security (IPsec) authentication provides anti-replay protection against an attacker
More informationDiscover Your Network
About Discovery, on page 1 Discovery Prerequisites, on page 2 Discovery Credentials, on page 2 Preferred Management IP Address, on page 4 Discovery Configuration Guidelines and Limitations, on page 5 Perform
More informationChapter 10 Lab 10-2, Securing VLANs INSTRUCTOR VERSION
CCNPv7.1 SWITCH Chapter 10 Lab 10-2, Securing VLANs INSTRUCTOR VERSION Topology Objectives Background Secure the server farm using private VLANs. Secure the staff VLAN from the student VLAN. Secure the
More informationTroubleshooting Tools. Tools for Gathering Information
Internetwork Expert s CCNP Bootcamp Troubleshooting Tools http:// Tools for Gathering Information Before implementing a fix, information must be gathered about a problem to eliminate as many variables
More informationSSG Configuration Example
APPENDIX A Example A-1 is a sample SSG configuration for the Cisco 10000 series router based on the topology in Figure A-1. The configuration includes AAA, PPP, SSG, and RADIUS. The SSG configuration enables
More informationThree interface Router without NAT Cisco IOS Firewall Configuration
Three interface Router without NAT Cisco IOS Firewall Configuration Document ID: 13893 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations
More informationConfiguring Secure Shell (SSH)
Prerequisites for Configuring Secure Shell, page 1 Restrictions for Configuring Secure Shell, page 2 Information About Configuring Secure Shell, page 2 How to Configure Secure Shell, page 4 Monitoring
More informationSample Business Ready Branch Configuration Listings
APPENDIX A Sample Business Ready Branch Configuration Listings The following is a sample configuration of a Business Ready Branch. There are many permutations of feature combinations when setting up the
More informationChapter 4. Network Security. Part II
Chapter 4 Network Security Part II CCNA4-1 Chapter 4-2 Introducing Network Security Securing Cisco Routers CCNA4-2 Chapter 4-2 Router Security Issues The Role of Routers in Network Security: Router security
More informationConfiguring Secure Shell (SSH)
Starting with Cisco IOS XE Denali 16.3.1, Secure Shell Version 1 (SSHv1) is deprecated. Finding Feature Information, on page 1 Prerequisites for Configuring Secure Shell, on page 1 Restrictions for Configuring
More informationConnecting to the Management Network and Securing Access
CHAPTER 3 Connecting to the Network and Securing Access This chapter provides Cisco NX-OS recommended best practices for connecting a Cisco Nexus 7000 Series switch to the management network(s) and securing
More informationTeacher s Reference Manual
UNIVERSITY OF MUMBAI Teacher s Reference Manual Subject: Security in Computing Practical with effect from the academic year 2018 2019 Practical 1: Packet Tracer - Configure Cisco Routers for Syslog, NTP,
More informationConfiguring Secure Shell (SSH)
Finding Feature Information, on page 1 Prerequisites for Configuring Secure Shell, on page 1 Restrictions for Configuring Secure Shell, on page 2 Information About Configuring Secure Shell, on page 2 How
More informationLab Configure Basic AP Security through IOS CLI
Lab 8.3.1.2 Configure Basic AP Security through IOS CLI Estimated Time: 30 minutes Number of Team Members: Students will work in teams of two. Objective In this lab, the student will learn the following
More informationSetting Up Physical Inventory
CHAPTER 4 Devices Every network element that Cisco Prime Fulfillment manages must be defined as a device in the system. An element is any device from which Prime Fulfillment can collect information. In
More informationLab Using the CLI to Gather Network Device Information Topology
Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.1.1 255.255.255.0 N/A Lo0 209.165.200.225 255.255.255.224 N/A S1 VLAN 1 192.168.1.11 255.255.255.0
More informationLab Configuring Dynamic and Static NAT (Solution)
(Solution) Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway Gateway G0/1 192.168.1.1 255.255.255.0 N/A S0/0/1 209.165.201.18 255.255.255.252 N/A ISP S0/0/0 (DCE)
More informationAppendix A Command Index A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
The command index includes all the commands in the Comware Command Manual, which are arranged alphabetically. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A access-limit accounting accounting optional
More informationUsing the Management Interfaces
The following management interfaces are provided for external users and applications: Gigabit Ethernet Management Interface, page 1 SNMP, page 7 Gigabit Ethernet Management Interface Gigabit Ethernet Management
More informationco Configuring PIX to Router Dynamic to Static IPSec with
co Configuring PIX to Router Dynamic to Static IPSec with Table of Contents Configuring PIX to Router Dynamic to Static IPSec with NAT...1 Introduction...1 Configure...1 Components Used...1 Network Diagram...1
More informationLab Configuring Dynamic and Static NAT (Instructor Version Optional Lab)
(Instructor Version Optional Lab) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Optional activities are designed to enhance understanding and/or
More informationConfiguring Secure Shell
Configuring Secure Shell Last Updated: October 24, 2011 The Secure Shell (SSH) feature is an application and a protocol that provides a secure replacement to the Berkeley r-tools. The protocol secures
More informationChapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM
Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM This lab has been updated for use on NETLAB+ Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet Interfaces.
More informationCCNA Security PT Practice SBA
A few things to keep in mind while completing this activity: 1. Do not use the browser Back button or close or reload any Exam windows during the exam. 2. Do not close Packet Tracer when you are done.
More informationConfiguring Security for the ML-Series Card
19 CHAPTER Configuring Security for the ML-Series Card This chapter describes the security features of the ML-Series card. This chapter includes the following major sections: Understanding Security, page
More informationChapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM
Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet Interfaces. 2016 Cisco and/or its affiliates. All
More informationCCNA Security Instructor Packet Tracer Manual
1.0.1 Instructor Packet Tracer Manual This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use
More informationChapter 6 Global CONFIG Commands
Chapter 6 Global CONFIG Commands aaa accounting Configures RADIUS or TACACS+ accounting for recording information about user activity and system events. When you configure accounting on an HP device, information
More informationLab 8.5.2: Troubleshooting Enterprise Networks 2
Lab 8.5.2: Troubleshooting Enterprise Networks 2 Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway Fa0/0 192.168.10.1 255.255.255.0 N/A R1 Fa0/1 192.168.11.1 255.255.255.0
More informationLab - Examining Telnet and SSH in Wireshark
Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.1.1 255.255.255.0 N/A PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1 Part 1: Configure the Devices
More informationPolicy Based Routing with the Multiple Tracking Options Feature Configuration Example
Policy Based Routing with the Multiple Tracking Options Feature Configuration Example Document ID: 48003 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram
More informationCCNP TSHOOT. Quick Reference Sheet Exam
CCNP TSHOOT Quick Reference Sheet Exam 300-135 Chapter 1. Network Principles Troubleshooting Steps Problem Identification Collection of Information Examination and Action Plan Verification Basic Troubleshooting
More informationConfiguring Secure Shell (SSH)
Finding Feature Information, page 1 Prerequisites for Configuring the Switch for Secure Shell (SSH) and Secure Copy Protocol (SCP), page 1 Restrictions for Configuring the Switch for SSH, page 2 Information
More informationCCNA Security 1.0 Student Packet Tracer Manual
1.0 Student Packet Tracer Manual This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors
More informationConfiguring Secure Shell (SSH)
Finding Feature Information, page 1 Prerequisites for Configuring Secure Shell, page 1 Restrictions for Configuring Secure Shell, page 2 Information about SSH, page 3 How to Configure SSH, page 5 Monitoring
More informationConfiguring Secure Shell (SSH)
Finding Feature Information, page 1 Prerequisites for Configuring Secure Shell, page 1 Restrictions for Configuring Secure Shell, page 2 Information about SSH, page 2 How to Configure SSH, page 5 Monitoring
More informationConfiguring Secure Shell (SSH)
Finding Feature Information, page 1 Prerequisites for Configuring the Switch for Secure Shell (SSH) and Secure Copy Protocol (SCP), page 1 Restrictions for Configuring the ControllerDevice for SSH, page
More informationExamples of Cisco APE Scenarios
CHAPTER 5 This chapter describes three example scenarios with which to use Cisco APE: Access to Asynchronous Lines, page 5-1 Cisco IOS Shell, page 5-3 Command Authorization, page 5-5 Note For intructions
More informationCSCI Computer Networking: Cisco Routers George Blankenship. Routers George Blankenship 1
CSCI 6431 Computer Networking: Cisco Routers George Blankenship Routers George Blankenship 1 Lesson Outline Communication Processors Router introduction IOS Configuration The Zoom Integrated Products intranet
More informationHP 6125G & 6125G/XG Blade Switches
HP 6125G & 6125G/XG Blade Switches Network Management and Monitoring Configuration Guide Part number: 5998-3162b Software version: Release 2103 and later Document version: 6W103-20151020 Legal and notice
More informationConfiguring a Terminal/Comm Server
Configuring a Terminal/Comm Server Document ID: 5466 Introduction Prerequisites Requirements Components Used Conventions Cabling Design Strategy Configure Network Diagram Configurations Command Summary
More informationHP 6125 Blade Switch Series
HP 6125 Blade Switch Series Network Management and Monitoring Configuration Guide Part number: 5998-3162 Software version: Release 2103 Document version: 6W100-20120907 Legal and notice information Copyright
More informationDevice Interface IP Address Subnet Mask Default Gateway. Ports Assignment Network
Felix Rohrer Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway S1 VLAN 99 172.17.99.11 255.255.255.0 N/A S2 VLAN 99 172.17.99.12 255.255.255.0 N/A S3 VLAN 99 172.17.99.13
More informationCisco WAAS Software Command Summary
2 CHAPTER This chapter summarizes the Cisco WAAS 4.0.7 software commands. lists the WAAS commands (alphabetically) and indicates the command mode for each command. The commands used to access modes are
More informationGoCertify Advanced Cisco CCIE Lab Scenario # 1
GoCertify Advanced Cisco CCIE Lab Scenario # 1 (http://www.gocertify.com) IPexpert, Inc. is a leading provider in on-line Cisco CCNA, CCNP and CCIE training material. For more information please visit
More informationSupport for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only.
Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only. Transparently Routing Web Traffic to the Barracuda Web Security Gateway This article demonstrates
More informationNetwork Infrastructure Filtering at the border. PacNOG19 28th November - 2nd December 2016 Nadi, Fiji
Network Infrastructure Filtering at the border PacNOG19 28th November - 2nd December 2016 Nadi, Fiji Issue Date: [Date] Revision: [XX] What we have in network? Router Switch CPE (ADSL Router / WiFi Router)
More informationConfiguring IP SLAs TCP Connect Operations
This module describes how to configure an IP Service Level Agreements (SLAs) TCP Connect operation to measure the response time taken to perform a TCP Connect operation between a Cisco router and devices
More informationCCNA Semester 2 labs. Labs for chapters 2 10
CCNA Semester 2 labs Labs for chapters 2 10 2.2.2.5 Lab - Configuring IPv4 Static and Default Routes 2.3.2.4 Lab - Troubleshooting Static Routes 3.2.1.9 Lab - Configuring Basic RIPv2 5.2.2.9 Lab - Configuring
More informationWorking with Nodes. Managing Nodes CHAPTER
CHAPTER 2 Nodes are the devices that perform the actual application-oriented networking in an AON environment. Nodes are primarily managed by AMC, but they also have a command-line interface (CLI) through
More informationChapter 3 Lab 3-1, Assembling Maintenance and Troubleshooting Tools
Chapter 3 Lab 3-1, Assembling Maintenance and Troubleshooting Tools Physical Topology All contents are Copyright 1992 2010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
More informationConfiguring Auto IP SLAs in IP SLAs Engine 3.0
This document describes the auto IP Service Level Agreements (SLAs) function in IP SLAs Engine 3.0, including the following: Auto-measure groups--each template, endpoint list, and scheduler can be configured
More informationLab Securing Network Devices
Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.1.1 255.255.255.0 N/A S1 VLAN 1 192.168.1.11 255.255.255.0 192.168.1.1 PC-A NIC 192.168.1.3
More informationChapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM
Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces. 2015 Cisco and/or its affiliates. All rights
More informationUser and System Administration
CHAPTER 2 This chapter provides information about performing user and system administration tasks and generating diagnostic information for obtaining technical assistance. The top-level Admin window displays
More informationWireless Access Points (Part 2)
Wireless Access Points (Part 2) Details The lab is a virtual simulation of the Cisco Aironet 1200 Wireless Access Point (WAP). Initially the screen should be as in Figure 1. Figure 1: Initial startup screen
More informationNumerics INDEX. 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC g 3-6, x authentication 4-13
INDEX Numerics 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC 1-8 802.11g 3-6, 3-9 802.1x authentication 4-13 A AAA server group 4-25 aaa authentication login command 4-24 aaa authorization command 4-27 aaa
More informationIPsec Management Configuration Guide Cisco IOS Release 12.4T
IPsec Management Configuration Guide Cisco IOS Release 12.4T Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS
More informationImplementing IPv6 for Network Management
Implementing IPv6 for Network Management Last Updated: August 1, 2012 This document describes the concepts and commands used to manage Cisco applications over IPv6 and to implement IPv6 for network management.
More informationDeployment of Cisco IP Mobility Solution on Enterprise Class Teleworker Network
Deployment Guide Deployment of Cisco IP Mobility Solution on Enterprise Class Teleworker Network The Cisco Service Oriented Network Architecture (SONA) framework helps enterprise customers evolve their
More informationDynamic Domain Name Server Updates
CHAPTER 9 This chapter discusses DNS update methods and Server Address assignment, and provides configuration details of those features. This chapter contains the following sections: IP Reachability, page
More informationECMP Load Balancing. MPLS: Layer 3 VPNs Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series) 1
Equal-cost multi-path routing (ECMP) is a routing strategy where next-hop packet forwarding to a single destination can occur over multiple "best paths" which tie for top place in routing metric calculations.
More informationCisco Nexus 1000V for KVM Security Configuration Guide, Release 5.x
Cisco Nexus 1000V for KVM Security Configuration Guide, Release 5.x First Published: August 01, 2014 Last Modified: November 13, 2015 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San
More informationSecure Shell Configuration Guide, Cisco IOS Release 15M&T
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationIOS Router : Easy VPN (EzVPN) in Network Extension Mode (NEM) with Split tunnelling Configuration Example
IOS Router : Easy VPN (EzVPN) in Network Extension Mode (NEM) with Split tunnelling Configuration Example Document ID: 63098 Contents Introduction Prerequisites Requirements Components Used Conventions
More informationSetting Up the MPLS VPN Environment
CHAPTER 2 Cisco VPN Solutions Center: MPLS Solution is an MPLS VPN provisioning and auditing tool. The software focuses on the provider edge routers (PEs), customer edge routers (CEs), and the link between
More informationConsole Port, Telnet, and SSH Handling
Console Port Overview, on page 1 Connecting Console Cables, on page 1 Installing USB Device Drivers, on page 1 Console Port Handling Overview, on page 2 Telnet and SSH Overview, on page 2 Persistent Telnet,
More informationL2TP IPsec Support for NAT and PAT Windows Clients
L2TP IPsec Support for NAT and PAT Windows Clients The L2TP IPsec Support for NAT and PAT Windows Clients feature allows mulitple Windows client to connect to an IPsec-enabled Cisco IOS Layer 2 Tunneling
More informationConfiguring Layer 2 Tunneling Protocol (L2TP) over IPSec
Configuring Layer 2 Tunneling Protocol (L2TP) over IPSec Document ID: 14122 Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations Verify Troubleshoot
More informationCisco.Actualtests v New Questions.by.Nev.32q.vce
Cisco.Actualtests.200-120.v2014-01-10.New Questions.by.Nev.32q.vce Number: 200-120 Passing Score: 800 Time Limit: 120 min File Version: 1.0 http://www.gratisexam.com/ Exam A QUESTION 1 1 Which three are
More informationC H A P T E R Commands Cisco SFS Product Family Command Reference OL
CHAPTER 3 This chapter documents the following commands: aaa accounting, page 3-8 aaa authorization, page 3-9 action, page 3-11 addr-option, page 3-12 authentication, page 3-14 auto-negotiate (Ethernet
More informationTroubleshooting Network analysis Software communication tests and development Education. Protocols used for communication (10 seconds capture)
Lab 1 Wireshark Wireshark is an open source and free packet analyser used for many purposes, such as: Troubleshooting Network analysis Software communication tests and development Education This reports
More informationInitial Configuration for the Switch
Options for Initial Configuration, page 1 Configuring the Switch Using the Web User Interface, page 1 Configuring the Switch Using the CLI, page 4 Configuring the Switch in the ROMMON Mode, page 12 Options
More informationWhatsConfigured v3.1 User Guide
WhatsConfigured v3.1 User Guide Contents Table of Contents Welcome to WhatsConfigured v3.1 Finding more information and updates... 1 Sending feedback... 2 Deploying WhatsConfigured STEP 1: Prepare the
More informationConfiguring the Cisco NAM 2220 Appliance
CHAPTER 5 This section describes how to configure the Cisco NAM 2220 appliance to establish network connectivity, configure IP parameters, and how to perform other required administrative tasks using the
More informationDesign and Implementation Plan for Network Based on the ALOHA Point of Sale System. Proposed by Jedadiah Casey. Introduction
Design and Implementation Plan for Network Based on the ALOHA Point of Sale System Proposed by Jedadiah Casey Introduction The goal of this design document is to provide a framework of suggested implementation
More informationChapter 7 Lab 7-1, Synchronizing Campus Network Devices using Network Time Protocol (NTP) INSTRUCTOR VERSION
CCNPv7.1 SWITCH Chapter 7 Lab 7-1, Synchronizing Campus Network Devices using Network Time Protocol (NTP) INSTRUCTOR VERSION Topology Objective Background Configure network to synchronize time using the
More informationConfiguring SNMP. Understanding SNMP CHAPTER
22 CHAPTER Configuring SNMP This chapter describes how to configure the ML-Series card for operating with Simple Network Management Protocol (SNMP). Note For complete syntax and usage information for the
More informationImplementing IPv6 for Network Management
Implementing IPv6 for Network Management Last Updated: July 31, 2012 This document describes the concepts and commands used to manage Cisco applications over IPv6 and to implement IPv6 for network management.
More informationSend document comments to
CHAPTER 8 This chapter describes how to configure Telnet and includes the following topics: Information About the Telnet Server, page 8-1 Prerequisites for Telnet, page 8-1 Guidelines and Limitations,
More informationLab Configuring Port Address Translation (PAT) (Instructor Version)
(Instructor Version) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Objectives Device Interface IP Address Subnet Mask
More informationModule 11 Advanced Router Configuration
ISP Workshop Lab Module 11 Advanced Router Configuration Objective: Create a basic physical lab interconnection with two autonomous systems. Each AS should use OSPF, ibgp and ebgp appropriately to construct
More informationSkills Assessment. CCNA Routing and Switching: Connecting Networks. Topology. Assessment Objectives. Scenario
Skills Assessment Topology Assessment Objectives Part 1: Configure Device Basic Settings (15 points, 15 minutes) Part 2: Configure PPP Connections (20 points, 10 minutes) Part 3: Configure IPv4 ACL for
More informationConfiguring SNMP CHAPTER. This chapter describes how to configure the Simple Network Management Protocol (SNMP) on your access point.
CHAPTER 18 This chapter describes how to configure the Simple Network Management Protocol (SNMP) on your access point. Note For complete syntax and usage information for the commands used in this chapter,
More information