From the monthly archives: November 2008

Cisco: Layer 2 traffic filtering

By On November 27, 2008 · 1 Comment

Layer 2 traffic filtering can be very useful when you want to drop packets closer to
the source because you can do this on L2 next-hop which is the switch where the
devices are connected. Based on mac-address, Layer 2 filtering can be apply using
one of the two most common method: Port Security and MAC Access Groups.

Port Security is the more secure method of the two. To use it, map a switch port to the
specific MAC address of [...]

Continue Reading

Cisco: Packet sniffing

By On November 26, 2008 · Leave a Comment

The official term of Cisco for Packet sniffing is  SPAN ( Switched Port Analyzer ) also called sometimes port mirroring or port monitoring and it’s purpose is to select traffic from a source and send to a destination with a network analyzer tool. You can find out there terms like RSPAN, PSPAN, VSPAN, ESPAN, but this are at their basic functionality nothing more than SPAN with some enhanced features ( e.g. ESPAN – Enhanced SPAN ) or describing their primary functionality ( e.g. VSPAN – [...]

Continue Reading

Cisco: SSH enable | disable | reconfigure tutorial

By On November 25, 2008 · 4 Comments

One of the most used method for remote access today is SSH protocol. Even most on the network engineer say what is so complicated in the process of the enable , disable , reconfigure of the SSH process, my experience proved me that it can be really complicated, if you mess up stuff there.

One of the situation that I see very often, is that after a network engineer (administrator, beginner…) reconfigure SSH or hostname / domain-name on the Cisco routers is that they tell [...]

Continue Reading

Cisco: Spoof detection

By On November 24, 2008 · 2 Comments

Spoofing is a kind of network attack to compromise your network security with the intention of traffic capture which will enable an attacker to get access to confidential data. Usually a spoof attach is associated with IP spoofing, which means that the source IP of the packet which arrive to your device has been changed with intention. For example, let’s assume that you are having a plain http communication with mail server and you want to login to your mail account. You sent the intial [...]

Continue Reading

Cisco: Configuring Compressed Real-Time Protocols

By On November 20, 2008 · 1 Comment

I had lately to configure compressed real-time protocols (CRTP) over a Frame-relay link.
I thought that it will be good to make a tutorial about how to configure this on the Serial interfaces (with HDLC or PPP encapsulation) and on the Frame-relay interface. Another type of interface supporting this is and ISDN interface, but the configuration there is the same like in the Serial interface case.
If you were asking why I don’t configure this on a Ethernet interface, well this is because [...]

Continue Reading

Cisco: How-to limit HTTP traffic on weekdays during working hours

By On November 19, 2008 · Leave a Comment

Some time ago a person asked me to set the HTTP traffic to 256 kbits during weekdays from 8:00 – 16:00, to limit “the fun” in the office while other are working. In theory I’m against this type of policy, because if you have a team of network engineers and they have to access cisco.com in the same time for information and other stuff like IOS download, then this will take a lot of time. Of course if you see that the productivity is going [...]

Continue Reading

Cisco: Multilink PPP over Frame Relay (MLPoFR)

By On November 19, 2008 · Leave a Comment

In this tutorial I propose to show something that is not very used these days, or at least not every day, but which can be tricky if you don’t know how to approach this type of configuration. To understand this, I assume that you know the basics about PPP, FR and Multilink. I will make a short summary here but I will not go into details:

PPP or Point-to-Point protocol is used to establish direct connection between two network points. It can provide authentication, encryption [...]

Continue Reading

Cisco: Deny false information routing injection into OSPF domain

By On November 17, 2008 · 3 Comments

In a well controlled environment, false information routing should not reach your OSPF domain, as network engineer take care what to advertise and what not into OSPF. But there are cases when you have to deal with 3rd party companies somehow, and you want to be sure that nothing in injected by mistake into your domain. Also this can be a task for CCIE RS lab exam.

And since I specified that this can be an exam task, let take some “DO NOT USE” rule [...]

Continue Reading

Interface macro command on a Cisco switch

By On November 16, 2008 · 1 Comment

From the beginning let me tell you that I don’t see very useful this command, as I prefer to use “interface range…” syntax, but since I saw it as a requirement in one of the task for CCIE RS lab exam, and maybe somebody will find it usable in real environment, I said I should put it here in a tutorial.

As many of you already know, you can control a range of interfaces by typing the command “interface range Fa0/1 – 6″ (for example), [...]

Continue Reading

Limit traffic on a Cisco switch L2 port with minimal configuration

By On November 14, 2008 · 1 Comment

Let’s say that somebody (or some task in a test) ask you to limit the inbound traffic on a switch Layer 2 port by using minimal configuration possible. I must say that in the first steps I failed this task miserable, but actually is very simple to do it.

I will use a plain layer 2 Cisco 2950 switch for this task. I observed that I could not implement this on a Cisco 3500XL. I don’t know if the IOS image was wrong, but I [...]

Continue Reading