I wanted to update this blog that I have put off studying to take care of myself physically, as I have been going from Work laptop -> Study laptop -> Bed -> Work Laptop, and it started to take a toll on my physical well being so I decided to take a much needed break. … Continue reading SWITCH exam postponed until I have time to dedicate to covering material and going for the Pass!
This will be a brief look at Authorization and Accounting, with minimal labbing I won't have a huge post for this one (except CLI output to review), but I did want to show some CLI output and explain concepts, for a taste for Authorization and Accounting. AAA Authorization fundamentals and CLI output from the … Continue reading AAA – Authorization and Accounting fundamentals and some labbing – Then time to crunch review / labbing for exam day!
A quick note before hitting the lab to configure Authentication I did revert my TACACS+ and RADIUS configs back to the "depreciated" commands that have the hyphen in them, as I believe that is how this will be tested on exam day: ! ! tacacs-server host 10.0.0.200 key CCNP2 radius-server host 10.0.0.100 key CCNP1 ! … Continue reading AAA – Configuring login Auth for TACACS+ / RADIUS, local fallback explained, and tons of important labbing notes for exam day!
LET ME START BY SAYING THIS TOPIC IN ITS ENTIRETY IS IMPORTANT FOR EXAM DAY, SO COVER THESE CONCEPTS / CONFIGS UNTIL YOU MEMORIZE THEM! That goes for the entire series of Blog Posts regarding AAA Authentication! That being said, ahem. The illustration above shows the "logical" Topology as I do not have two spare … Continue reading AAA – Fundamentals, TACACS+ vs RADIUS, Basic Config using old and newer syntax, and key config to AAA Servers!
IP SLA was also covered in ROUTE studies, but I believe it should be recovered here as two types of FHRP (VRRP / GLBP) use object tracking for their thresholds to participate in their Router Groups, so very important to know solid for the SWITCH exam. Fundamentals and need to know theory for exam day … Continue reading IP SLA – Fundamentals, SLA / Scheduling configuration, Verification Commands, and important behaviors for Exam Day!
Config of Clock Set, NTP Server / Client, Authentication, but first Fundamentals! Without NTP not only is your network logging going to be a nightmare to match up, but various other services rely on NTP being correct, which is why my configuration of a local MLS being the Master Clock is a TERRIBLE idea! … Continue reading NTP (Network Time Protocol) – Fundamentals, Configuration, Verification, and Authentication!
Thank you to Wikipedia.com for the above diagram, not sure if it entirely helps explain the data-flow, but it shows the components of SNMP (and yes I've made my donation!) This is a lot to cram into the brain with the slam of complex topics toward the end, so I'd just try to keep the … Continue reading SNMP – Refresher from ROUTE studies, important to know basic terminology and concepts, and some (long winded) syntax examples if you dare!
Not for the R/S exams, but real world info that will probably help many engineers, Thank you again Marufu for this equivalency / mapping between 8.2 and 8.3+!!! @@@@@@@ PORT FORWARDONG ASA 8.2 CODE @@@@@@@@@ port forward using the outside interface to inside address of 172.16.2.14 for ports 15515 and 15516, the outside interface … Continue reading Network Job Stuff – ASA 8.2 to 8.3+ equivalent config example, ASA Anyconnect (working) Template!
The point of this post is to discuss how to secure Switch management in the network, by not only using SSH (as it encrypts traffic!), but also how to disable Telnet sessions AND even create our old friend an Access-Class map to act as our Management ACL! I will get right to it, by first … Continue reading Telnet vs SSH – How to secure your Switch Management (Transport) protocols, explained and labbed!
The illustration above points out the defaults you must know for exam day, but there is a lot more to both protocols, which will be covered in this post! I will get right into it, as there is a lot of ground to cover with labbing / output examples. CDPv1 and CDPv2 CDPv2 is run … Continue reading CDP vs LLDP – CDPv1 to v2 updates, timers and behaviors, comparisons to LLDP, and both labbed / verified to demonstrate!
I'm just going to re-use the Topology we had going from the Dynamic ARP Inspection, as IP Source Guard uses DHCP Snooping as well as the mechanism that allows it to work, though Static Bindings can be configured (Which is why Host B now has a Static IP). IP Source Guard nor VLAN Hopping are … Continue reading IP Source Guard / VLAN Hopping / Switch Spoofing – Fundamentals, configuration, verification, and all concepts explained!
This is meant to be more geared "CEF" Packet Switching technology, but you can't really appreciate the evolution of Packet Switching, without first knowing its history along with the Cisco hardware modules on their current devices that make CEF possible. The being said, a quick review of Packet Switching methods leading up to CEF! Process-Switching … Continue reading MLS Packet Switching – A brief history, CEF, Adjacency Table, Terminology, Hardware explanations and SDM Template considerations!
The above Topology perfect (sort of) why Dynamic ARP Inspection exists! Dynamic ARP Inspection exists to protect against the possibility of what can happen in the above Topology if Host B (Man in the Middle) gets a copy of an ARP request for a Data Server on the network, then sets its own IP Address … Continue reading Dynamic ARP Inspection (DAI) – Fundamentals, configuration, ARP ACL config, Verification, and lots of details!
(I did actually plug in a Rogue server for the sake of time this lab, but its there!) Consider the above Topology, and how DHCP works from the Client side, that the Client accepts the first DHCP Offer message it receives - What if a Rogue DHCP Server is placed on the network segment with … Continue reading DHCP Snooping – Fundamentals, Design Issues explained, Config / Verification output demonstrated, other misc info!
I will start with the basic Fundamentals of how DHCP requests work first here A Client initiates the DHCP Process by sending out a "DHCP Discover" Broadcast packet to the network, to find a DHCP Server that will respond back with a "DHCP Offer" Broadcast packet, the Offer packet containing Usable IP Address / Lease … Continue reading DHCP – Fundamentals, DHCP Pool Config / Verification, Dynamic and Static Bindings, and DHCPv6 explained!