Are you over 18 and want to see adult content?
More Annotations
![A complete backup of impulse-schule.de](https://www.archivebay.com/archive/52707460-280b-4e29-b28d-07bc85303282.png)
A complete backup of impulse-schule.de
Are you over 18 and want to see adult content?
![A complete backup of agf1967.livejournal.com](https://www.archivebay.com/archive/95c4fad5-1768-4272-b72e-414e9c79307b.png)
A complete backup of agf1967.livejournal.com
Are you over 18 and want to see adult content?
![A complete backup of oikodiaxeirisi.gr](https://www.archivebay.com/archive/9273ee7d-6a39-4ca2-8768-c87380bd849d.png)
A complete backup of oikodiaxeirisi.gr
Are you over 18 and want to see adult content?
![A complete backup of educamundo.com.br](https://www.archivebay.com/archive/fcc908f6-e4bc-4a9d-8f01-c5cc2cfaef02.png)
A complete backup of educamundo.com.br
Are you over 18 and want to see adult content?
![A complete backup of colegiodivinosalvador.edu.co](https://www.archivebay.com/archive/24593978-665a-49c7-9551-1124b97d304b.png)
A complete backup of colegiodivinosalvador.edu.co
Are you over 18 and want to see adult content?
![A complete backup of insanetranslations.wordpress.com](https://www.archivebay.com/archive/37fb23f5-801e-46b6-b6db-2e751e04d2d2.png)
A complete backup of insanetranslations.wordpress.com
Are you over 18 and want to see adult content?
![A complete backup of kingandmcgaw.com](https://www.archivebay.com/archive/a8403e2e-1848-4cab-9a35-00a71d2c5618.png)
A complete backup of kingandmcgaw.com
Are you over 18 and want to see adult content?
Favourite Annotations
![A complete backup of mountainviewamphitheater.com](https://www.archivebay.com/archive2/78b20fd2-ec45-4b62-a151-e8bc05d00ef4.png)
A complete backup of mountainviewamphitheater.com
Are you over 18 and want to see adult content?
![A complete backup of mudsweattrails.nl](https://www.archivebay.com/archive2/a54380d0-f6dc-4dca-acbc-fe35b3891a57.png)
A complete backup of mudsweattrails.nl
Are you over 18 and want to see adult content?
![A complete backup of simplybars.co.uk](https://www.archivebay.com/archive2/b4f45925-f0ce-4979-bbb4-d3b2176975f4.png)
A complete backup of simplybars.co.uk
Are you over 18 and want to see adult content?
![A complete backup of componentpartners.com](https://www.archivebay.com/archive2/3be9e3cb-c8bf-4764-9fed-b943694d53e1.png)
A complete backup of componentpartners.com
Are you over 18 and want to see adult content?
![A complete backup of indiafantasy.com](https://www.archivebay.com/archive2/786ab677-3a27-4141-a994-3853f06e6aa5.png)
A complete backup of indiafantasy.com
Are you over 18 and want to see adult content?
![A complete backup of tapeterecords.de](https://www.archivebay.com/archive2/72a46324-1b19-442d-9daf-872af2f391b5.png)
A complete backup of tapeterecords.de
Are you over 18 and want to see adult content?
![A complete backup of expressdebanat.ro](https://www.archivebay.com/archive2/fc54d97b-93ad-4b6d-b53b-bec707596dbb.png)
A complete backup of expressdebanat.ro
Are you over 18 and want to see adult content?
![A complete backup of teneues-books.us](https://www.archivebay.com/archive2/e3bd353e-ddc4-442e-b976-9cc0fffeedab.png)
A complete backup of teneues-books.us
Are you over 18 and want to see adult content?
Text
scroll
CONFIGURING RANCID
In my last post I talked about Installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so I’ll walk through on how to setup Rancid to login into network equipment and get configurations.TYPES OF WAN LINKS
A dedicated circuit path is created between endpoints. Best example is dialup connections. Less expensive. Call Setup. PPP, ISDN. Packet Switch. Devices transport packets via a shared single point-to-point or point-to-multipoint link across. Variable UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updates SVIS AND "ROUTED" PORTS switch (config-if)# ip add 192.168.253.5 255.255.255.252. 4. switch (config-if)# no shutdown. 5. switch (config-if)# exit. We would do the same thing on the other side of the link and make sure our networks match so that each switch can reach other out of the two routed ports we created and in this example they can. RBAC RADIUS WITH MICROSOFT NPS 2012 R2 5. aaa authentication login RADIUS-LOCAL group radius local-case. 6. aaa authorization exec default group radius if-authenticated. The router needs to know where radius server is located, we also need to put in a radius key and this needs to match between both the router and radius server. 1. radius server RADIUS. 2. ENABLE THE NX-OS API ip address 172.16.1.192/24. Once the management interface is configured we now can enable the NX-API by one command. 1. nx-osv9000-1# config t. 2. nx-osv9000-1 (config)# feature nxapi. Open a web browser to the management IP address and login with a username and password. Welcome to NX-API Sandbox! FMCV - CHANGE IP ADDRESS It's that easy(almost too easy) I had to move the VMDK of this thing to a different vSphere install as well as in a different data center. So I just cloned the original moved the clone and turned it on, ran the CLI script and in about 15 minutes all of my devices checked inautomatically.
CONFIGURING LAYER THREE ETHERCHANNEL We now reference the same steps that we did with SW1 and SW2 on SW3. Let’s create two different port-channels because these are going to two different switches on SW3. 1. SW3 (config)# interface ethernet2/1-2. 2. SW3 (config-if-range)# channel-group 11 mode active. 3. SW3 (config-if-range)# no shutdown. 4. CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!! CISCO FTD STANDALONE MP4 FTDv. Once the device is ready to go, connect via HTTPS to the management IP address of the appliance with a web browser, and login into the system with the password you configured. When you first login the setup wizard will walk you through setting up two zones, and inside zone and an outside zone. Or you could skip this step if youscroll
CONFIGURING RANCID
In my last post I talked about Installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so I’ll walk through on how to setup Rancid to login into network equipment and get configurations.TYPES OF WAN LINKS
A dedicated circuit path is created between endpoints. Best example is dialup connections. Less expensive. Call Setup. PPP, ISDN. Packet Switch. Devices transport packets via a shared single point-to-point or point-to-multipoint link across. Variable UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updates SVIS AND "ROUTED" PORTS switch (config-if)# ip add 192.168.253.5 255.255.255.252. 4. switch (config-if)# no shutdown. 5. switch (config-if)# exit. We would do the same thing on the other side of the link and make sure our networks match so that each switch can reach other out of the two routed ports we created and in this example they can. RBAC RADIUS WITH MICROSOFT NPS 2012 R2 5. aaa authentication login RADIUS-LOCAL group radius local-case. 6. aaa authorization exec default group radius if-authenticated. The router needs to know where radius server is located, we also need to put in a radius key and this needs to match between both the router and radius server. 1. radius server RADIUS. 2. ENABLE THE NX-OS API ip address 172.16.1.192/24. Once the management interface is configured we now can enable the NX-API by one command. 1. nx-osv9000-1# config t. 2. nx-osv9000-1 (config)# feature nxapi. Open a web browser to the management IP address and login with a username and password. Welcome to NX-API Sandbox! FMCV - CHANGE IP ADDRESS It's that easy(almost too easy) I had to move the VMDK of this thing to a different vSphere install as well as in a different data center. So I just cloned the original moved the clone and turned it on, ran the CLI script and in about 15 minutes all of my devices checked inautomatically.
CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!!STORE AND FORWARD
Store-and-Forward vs. Cut-Through Switching. Switching in the network can happen in two ways, these layer-two devices send frames but they can forward them in different ways. These different modes have positive and negative effects which depend on the type of network environment that runs through them! Store-and-forward is just like thename
UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updatesCONFIGURING SSH
1 Router_or_Switch# 2 Router_or_Switch#configure terminal 3 Enter configuration commands, one per line. End with CNTL/Z. 4 Router_or_Switch(config)#line vty 0 4 5 Router_or_Switch(config-line)#login local 6 Router_or_Switch(config-line)#transport input telnet ssh 7 Router_or_Switch(config-line)#exit 8 Router_or_Switch(config)#username ciscoskills password ENABLE THE NX-OS API ip address 172.16.1.192/24. Once the management interface is configured we now can enable the NX-API by one command. 1. nx-osv9000-1# config t. 2. nx-osv9000-1 (config)# feature nxapi. Open a web browser to the management IP address and login with a username and password. Welcome to NX-API Sandbox! ASA SITE TO SITE VPN (DHCP) In this guide, I’ll demo a site to site VPN with a pair of ASAs as well as some additional commands to allow DHCP across the tunnel so that your HQ DHCP server can hand out addresses instead of configuring a local DHCP server at the remote site. The table below goes over the agreed settings and what networks are protected. CREATING A SPAN PORT ON A 2960 Creating a SPAN Port on a 2960. Creating a mirroring port also called a SPAN port (Switched Port Analyzer) might be required for some network appliances to analyze network traffic. Since we have switches which run in separate collision domains per port we have to do some configuration on the switch first before we can analyze traffic. INSTALLING A GNS3 SERVER Ubuntu Server will download and add the GNS3 PPA (Personal Package Archive) once that finishes which takes about 10 to 15 minutes, go ahead and reboot the system. After a reboot we need to download OpenVPN client for your computer and download the configuration from the GNS3 server. You’ll notice a banner upon a successful login onthe GNS3
FACTORY RESET FIREPOWER 4100 & 9300 When kickstart loads you'll be at the switch (boot)# prompt, enter configuration mode. 1. switch (boot)#. 2. switch (boot)# config t. 3. Enter configuration commands, one per line. End with CNTL/Z. Under the configuration mode, type admin-password erase, this will erase everything and bring the system back to factory defaults. FACTORY RESET FIREPOWER 2100 When the unit starts to boot it will reinstall the FTD app-instance to default configuration. There are two ways to factory reset these Firepower 2100 units. If you can get into the device you can simply use these commands: connect local-mgmt erase configuration The other method is used for if you are unable to get into the unit becauseeither
CONFIGURING LAYER THREE ETHERCHANNEL We now reference the same steps that we did with SW1 and SW2 on SW3. Let’s create two different port-channels because these are going to two different switches on SW3. 1. SW3 (config)# interface ethernet2/1-2. 2. SW3 (config-if-range)# channel-group 11 mode active. 3. SW3 (config-if-range)# no shutdown. 4. CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!! CISCO FTD STANDALONE MP4 FTDv. Once the device is ready to go, connect via HTTPS to the management IP address of the appliance with a web browser, and login into the system with the password you configured. When you first login the setup wizard will walk you through setting up two zones, and inside zone and an outside zone. Or you could skip this step if youscroll
CONFIGURING RANCID
In my last post I talked about Installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so I’ll walk through on how to setup Rancid to login into network equipment and get configurations.TYPES OF WAN LINKS
A dedicated circuit path is created between endpoints. Best example is dialup connections. Less expensive. Call Setup. PPP, ISDN. Packet Switch. Devices transport packets via a shared single point-to-point or point-to-multipoint link across. Variable UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updates SVIS AND "ROUTED" PORTS switch (config-if)# ip add 192.168.253.5 255.255.255.252. 4. switch (config-if)# no shutdown. 5. switch (config-if)# exit. We would do the same thing on the other side of the link and make sure our networks match so that each switch can reach other out of the two routed ports we created and in this example they can. RBAC RADIUS WITH MICROSOFT NPS 2012 R2 5. aaa authentication login RADIUS-LOCAL group radius local-case. 6. aaa authorization exec default group radius if-authenticated. The router needs to know where radius server is located, we also need to put in a radius key and this needs to match between both the router and radius server. 1. radius server RADIUS. 2. ENABLE THE NX-OS API ip address 172.16.1.192/24. Once the management interface is configured we now can enable the NX-API by one command. 1. nx-osv9000-1# config t. 2. nx-osv9000-1 (config)# feature nxapi. Open a web browser to the management IP address and login with a username and password. Welcome to NX-API Sandbox! FMCV - CHANGE IP ADDRESS It's that easy(almost too easy) I had to move the VMDK of this thing to a different vSphere install as well as in a different data center. So I just cloned the original moved the clone and turned it on, ran the CLI script and in about 15 minutes all of my devices checked inautomatically.
CONFIGURING LAYER THREE ETHERCHANNEL We now reference the same steps that we did with SW1 and SW2 on SW3. Let’s create two different port-channels because these are going to two different switches on SW3. 1. SW3 (config)# interface ethernet2/1-2. 2. SW3 (config-if-range)# channel-group 11 mode active. 3. SW3 (config-if-range)# no shutdown. 4. CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!! CISCO FTD STANDALONE MP4 FTDv. Once the device is ready to go, connect via HTTPS to the management IP address of the appliance with a web browser, and login into the system with the password you configured. When you first login the setup wizard will walk you through setting up two zones, and inside zone and an outside zone. Or you could skip this step if youscroll
CONFIGURING RANCID
In my last post I talked about Installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so I’ll walk through on how to setup Rancid to login into network equipment and get configurations.TYPES OF WAN LINKS
A dedicated circuit path is created between endpoints. Best example is dialup connections. Less expensive. Call Setup. PPP, ISDN. Packet Switch. Devices transport packets via a shared single point-to-point or point-to-multipoint link across. Variable UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updates SVIS AND "ROUTED" PORTS switch (config-if)# ip add 192.168.253.5 255.255.255.252. 4. switch (config-if)# no shutdown. 5. switch (config-if)# exit. We would do the same thing on the other side of the link and make sure our networks match so that each switch can reach other out of the two routed ports we created and in this example they can. RBAC RADIUS WITH MICROSOFT NPS 2012 R2 5. aaa authentication login RADIUS-LOCAL group radius local-case. 6. aaa authorization exec default group radius if-authenticated. The router needs to know where radius server is located, we also need to put in a radius key and this needs to match between both the router and radius server. 1. radius server RADIUS. 2. ENABLE THE NX-OS API ip address 172.16.1.192/24. Once the management interface is configured we now can enable the NX-API by one command. 1. nx-osv9000-1# config t. 2. nx-osv9000-1 (config)# feature nxapi. Open a web browser to the management IP address and login with a username and password. Welcome to NX-API Sandbox! FMCV - CHANGE IP ADDRESS It's that easy(almost too easy) I had to move the VMDK of this thing to a different vSphere install as well as in a different data center. So I just cloned the original moved the clone and turned it on, ran the CLI script and in about 15 minutes all of my devices checked inautomatically.
CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!!STORE AND FORWARD
Store-and-Forward vs. Cut-Through Switching. Switching in the network can happen in two ways, these layer-two devices send frames but they can forward them in different ways. These different modes have positive and negative effects which depend on the type of network environment that runs through them! Store-and-forward is just like thename
UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updatesCONFIGURING SSH
1 Router_or_Switch# 2 Router_or_Switch#configure terminal 3 Enter configuration commands, one per line. End with CNTL/Z. 4 Router_or_Switch(config)#line vty 0 4 5 Router_or_Switch(config-line)#login local 6 Router_or_Switch(config-line)#transport input telnet ssh 7 Router_or_Switch(config-line)#exit 8 Router_or_Switch(config)#username ciscoskills password ENABLE THE NX-OS API ip address 172.16.1.192/24. Once the management interface is configured we now can enable the NX-API by one command. 1. nx-osv9000-1# config t. 2. nx-osv9000-1 (config)# feature nxapi. Open a web browser to the management IP address and login with a username and password. Welcome to NX-API Sandbox! ASA SITE TO SITE VPN (DHCP) In this guide, I’ll demo a site to site VPN with a pair of ASAs as well as some additional commands to allow DHCP across the tunnel so that your HQ DHCP server can hand out addresses instead of configuring a local DHCP server at the remote site. The table below goes over the agreed settings and what networks are protected. CREATING A SPAN PORT ON A 2960 Creating a SPAN Port on a 2960. Creating a mirroring port also called a SPAN port (Switched Port Analyzer) might be required for some network appliances to analyze network traffic. Since we have switches which run in separate collision domains per port we have to do some configuration on the switch first before we can analyze traffic. INSTALLING A GNS3 SERVER Ubuntu Server will download and add the GNS3 PPA (Personal Package Archive) once that finishes which takes about 10 to 15 minutes, go ahead and reboot the system. After a reboot we need to download OpenVPN client for your computer and download the configuration from the GNS3 server. You’ll notice a banner upon a successful login onthe GNS3
FACTORY RESET FIREPOWER 4100 & 9300 When kickstart loads you'll be at the switch (boot)# prompt, enter configuration mode. 1. switch (boot)#. 2. switch (boot)# config t. 3. Enter configuration commands, one per line. End with CNTL/Z. Under the configuration mode, type admin-password erase, this will erase everything and bring the system back to factory defaults. FACTORY RESET FIREPOWER 2100 When the unit starts to boot it will reinstall the FTD app-instance to default configuration. There are two ways to factory reset these Firepower 2100 units. If you can get into the device you can simply use these commands: connect local-mgmt erase configuration The other method is used for if you are unable to get into the unit becauseeither
CONFIGURING LAYER THREE ETHERCHANNEL We now reference the same steps that we did with SW1 and SW2 on SW3. Let’s create two different port-channels because these are going to two different switches on SW3. 1. SW3 (config)# interface ethernet2/1-2. 2. SW3 (config-if-range)# channel-group 11 mode active. 3. SW3 (config-if-range)# no shutdown. 4. CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!! CISCO FTD STANDALONE MP4 FTDv. Once the device is ready to go, connect via HTTPS to the management IP address of the appliance with a web browser, and login into the system with the password you configured. When you first login the setup wizard will walk you through setting up two zones, and inside zone and an outside zone. Or you could skip this step if youscroll
CONFIGURING RANCID
In my last post I talked about Installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so I’ll walk through on how to setup Rancid to login into network equipment and get configurations.TYPES OF WAN LINKS
A dedicated circuit path is created between endpoints. Best example is dialup connections. Less expensive. Call Setup. PPP, ISDN. Packet Switch. Devices transport packets via a shared single point-to-point or point-to-multipoint link across. Variable UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updates SVIS AND "ROUTED" PORTS switch (config-if)# ip add 192.168.253.5 255.255.255.252. 4. switch (config-if)# no shutdown. 5. switch (config-if)# exit. We would do the same thing on the other side of the link and make sure our networks match so that each switch can reach other out of the two routed ports we created and in this example they can. RBAC RADIUS WITH MICROSOFT NPS 2012 R2 5. aaa authentication login RADIUS-LOCAL group radius local-case. 6. aaa authorization exec default group radius if-authenticated. The router needs to know where radius server is located, we also need to put in a radius key and this needs to match between both the router and radius server. 1. radius server RADIUS. 2. ENABLE THE NX-OS API ip address 172.16.1.192/24. Once the management interface is configured we now can enable the NX-API by one command. 1. nx-osv9000-1# config t. 2. nx-osv9000-1 (config)# feature nxapi. Open a web browser to the management IP address and login with a username and password. Welcome to NX-API Sandbox! FMCV - CHANGE IP ADDRESS It's that easy(almost too easy) I had to move the VMDK of this thing to a different vSphere install as well as in a different data center. So I just cloned the original moved the clone and turned it on, ran the CLI script and in about 15 minutes all of my devices checked inautomatically.
CONFIGURING LAYER THREE ETHERCHANNEL We now reference the same steps that we did with SW1 and SW2 on SW3. Let’s create two different port-channels because these are going to two different switches on SW3. 1. SW3 (config)# interface ethernet2/1-2. 2. SW3 (config-if-range)# channel-group 11 mode active. 3. SW3 (config-if-range)# no shutdown. 4. CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!! CISCO FTD STANDALONE MP4 FTDv. Once the device is ready to go, connect via HTTPS to the management IP address of the appliance with a web browser, and login into the system with the password you configured. When you first login the setup wizard will walk you through setting up two zones, and inside zone and an outside zone. Or you could skip this step if youscroll
CONFIGURING RANCID
In my last post I talked about Installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so I’ll walk through on how to setup Rancid to login into network equipment and get configurations.TYPES OF WAN LINKS
A dedicated circuit path is created between endpoints. Best example is dialup connections. Less expensive. Call Setup. PPP, ISDN. Packet Switch. Devices transport packets via a shared single point-to-point or point-to-multipoint link across. Variable UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updates SVIS AND "ROUTED" PORTS switch (config-if)# ip add 192.168.253.5 255.255.255.252. 4. switch (config-if)# no shutdown. 5. switch (config-if)# exit. We would do the same thing on the other side of the link and make sure our networks match so that each switch can reach other out of the two routed ports we created and in this example they can. RBAC RADIUS WITH MICROSOFT NPS 2012 R2 5. aaa authentication login RADIUS-LOCAL group radius local-case. 6. aaa authorization exec default group radius if-authenticated. The router needs to know where radius server is located, we also need to put in a radius key and this needs to match between both the router and radius server. 1. radius server RADIUS. 2. ENABLE THE NX-OS API ip address 172.16.1.192/24. Once the management interface is configured we now can enable the NX-API by one command. 1. nx-osv9000-1# config t. 2. nx-osv9000-1 (config)# feature nxapi. Open a web browser to the management IP address and login with a username and password. Welcome to NX-API Sandbox! FMCV - CHANGE IP ADDRESS It's that easy(almost too easy) I had to move the VMDK of this thing to a different vSphere install as well as in a different data center. So I just cloned the original moved the clone and turned it on, ran the CLI script and in about 15 minutes all of my devices checked inautomatically.
CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!!STORE AND FORWARD
Store-and-Forward vs. Cut-Through Switching. Switching in the network can happen in two ways, these layer-two devices send frames but they can forward them in different ways. These different modes have positive and negative effects which depend on the type of network environment that runs through them! Store-and-forward is just like thename
UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updatesCONFIGURING SSH
1 Router_or_Switch# 2 Router_or_Switch#configure terminal 3 Enter configuration commands, one per line. End with CNTL/Z. 4 Router_or_Switch(config)#line vty 0 4 5 Router_or_Switch(config-line)#login local 6 Router_or_Switch(config-line)#transport input telnet ssh 7 Router_or_Switch(config-line)#exit 8 Router_or_Switch(config)#username ciscoskills password ENABLE THE NX-OS API ip address 172.16.1.192/24. Once the management interface is configured we now can enable the NX-API by one command. 1. nx-osv9000-1# config t. 2. nx-osv9000-1 (config)# feature nxapi. Open a web browser to the management IP address and login with a username and password. Welcome to NX-API Sandbox! ASA SITE TO SITE VPN (DHCP) In this guide, I’ll demo a site to site VPN with a pair of ASAs as well as some additional commands to allow DHCP across the tunnel so that your HQ DHCP server can hand out addresses instead of configuring a local DHCP server at the remote site. The table below goes over the agreed settings and what networks are protected. CREATING A SPAN PORT ON A 2960 Creating a SPAN Port on a 2960. Creating a mirroring port also called a SPAN port (Switched Port Analyzer) might be required for some network appliances to analyze network traffic. Since we have switches which run in separate collision domains per port we have to do some configuration on the switch first before we can analyze traffic. INSTALLING A GNS3 SERVER Ubuntu Server will download and add the GNS3 PPA (Personal Package Archive) once that finishes which takes about 10 to 15 minutes, go ahead and reboot the system. After a reboot we need to download OpenVPN client for your computer and download the configuration from the GNS3 server. You’ll notice a banner upon a successful login onthe GNS3
FACTORY RESET FIREPOWER 4100 & 9300 When kickstart loads you'll be at the switch (boot)# prompt, enter configuration mode. 1. switch (boot)#. 2. switch (boot)# config t. 3. Enter configuration commands, one per line. End with CNTL/Z. Under the configuration mode, type admin-password erase, this will erase everything and bring the system back to factory defaults. FACTORY RESET FIREPOWER 2100 When the unit starts to boot it will reinstall the FTD app-instance to default configuration. There are two ways to factory reset these Firepower 2100 units. If you can get into the device you can simply use these commands: connect local-mgmt erase configuration The other method is used for if you are unable to get into the unit becauseeither
CONFIGURING LAYER THREE ETHERCHANNEL We now reference the same steps that we did with SW1 and SW2 on SW3. Let’s create two different port-channels because these are going to two different switches on SW3. 1. SW3 (config)# interface ethernet2/1-2. 2. SW3 (config-if-range)# channel-group 11 mode active. 3. SW3 (config-if-range)# no shutdown. 4. CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!!CONFIGURING RANCID
In my last post I talked about Installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so I’ll walk through on how to setup Rancid to login into network equipment and get configurations. VLAN ACCESS LISTS (VACLS) 1. ip access-list extended BLK-DMZ-COMS permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255. This extended ACL is used to identify the source and destination traffic that we want to block. In this example this ACL matches DMZ servers talking to other DMZ servers in the 192.168.2.0/24 network. Next we have to build a VLAN access map,in this
CISCO FTD STANDALONE MP4 FTDv. Once the device is ready to go, connect via HTTPS to the management IP address of the appliance with a web browser, and login into the system with the password you configured. When you first login the setup wizard will walk you through setting up two zones, and inside zone and an outside zone. Or you could skip this step if youscroll
RBAC RADIUS WITH MICROSOFT NPS 2012 R2 5. aaa authentication login RADIUS-LOCAL group radius local-case. 6. aaa authorization exec default group radius if-authenticated. The router needs to know where radius server is located, we also need to put in a radius key and this needs to match between both the router and radius server. 1. radius server RADIUS. 2.TYPES OF WAN LINKS
A dedicated circuit path is created between endpoints. Best example is dialup connections. Less expensive. Call Setup. PPP, ISDN. Packet Switch. Devices transport packets via a shared single point-to-point or point-to-multipoint link across. Variable SVIS AND "ROUTED" PORTS switch (config-if)# ip add 192.168.253.5 255.255.255.252. 4. switch (config-if)# no shutdown. 5. switch (config-if)# exit. We would do the same thing on the other side of the link and make sure our networks match so that each switch can reach other out of the two routed ports we created and in this example they can. ENABLE THE NX-OS API ip address 172.16.1.192/24. Once the management interface is configured we now can enable the NX-API by one command. 1. nx-osv9000-1# config t. 2. nx-osv9000-1 (config)# feature nxapi. Open a web browser to the management IP address and login with a username and password. Welcome to NX-API Sandbox! TFTP & FTP SERVER ON CENTOS 7 This first part of this tutorial will go over installing TFTP followed by installing the FTP. If you want to skip TFTP installation, i.e you only need FTP, select the link: Install FTP Server on Centos. Add the TFTP rule to the Centos Firewall and reload it: 1. firewall-cmd --permanent --zone=public - CONFIGURING LAYER THREE ETHERCHANNEL We now reference the same steps that we did with SW1 and SW2 on SW3. Let’s create two different port-channels because these are going to two different switches on SW3. 1. SW3 (config)# interface ethernet2/1-2. 2. SW3 (config-if-range)# channel-group 11 mode active. 3. SW3 (config-if-range)# no shutdown. 4. CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!!CONFIGURING RANCID
In my last post I talked about Installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so I’ll walk through on how to setup Rancid to login into network equipment and get configurations. VLAN ACCESS LISTS (VACLS) 1. ip access-list extended BLK-DMZ-COMS permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255. This extended ACL is used to identify the source and destination traffic that we want to block. In this example this ACL matches DMZ servers talking to other DMZ servers in the 192.168.2.0/24 network. Next we have to build a VLAN access map,in this
CISCO FTD STANDALONE MP4 FTDv. Once the device is ready to go, connect via HTTPS to the management IP address of the appliance with a web browser, and login into the system with the password you configured. When you first login the setup wizard will walk you through setting up two zones, and inside zone and an outside zone. Or you could skip this step if youscroll
RBAC RADIUS WITH MICROSOFT NPS 2012 R2 5. aaa authentication login RADIUS-LOCAL group radius local-case. 6. aaa authorization exec default group radius if-authenticated. The router needs to know where radius server is located, we also need to put in a radius key and this needs to match between both the router and radius server. 1. radius server RADIUS. 2.TYPES OF WAN LINKS
A dedicated circuit path is created between endpoints. Best example is dialup connections. Less expensive. Call Setup. PPP, ISDN. Packet Switch. Devices transport packets via a shared single point-to-point or point-to-multipoint link across. Variable SVIS AND "ROUTED" PORTS switch (config-if)# ip add 192.168.253.5 255.255.255.252. 4. switch (config-if)# no shutdown. 5. switch (config-if)# exit. We would do the same thing on the other side of the link and make sure our networks match so that each switch can reach other out of the two routed ports we created and in this example they can. ENABLE THE NX-OS API ip address 172.16.1.192/24. Once the management interface is configured we now can enable the NX-API by one command. 1. nx-osv9000-1# config t. 2. nx-osv9000-1 (config)# feature nxapi. Open a web browser to the management IP address and login with a username and password. Welcome to NX-API Sandbox! TFTP & FTP SERVER ON CENTOS 7 This first part of this tutorial will go over installing TFTP followed by installing the FTP. If you want to skip TFTP installation, i.e you only need FTP, select the link: Install FTP Server on Centos. Add the TFTP rule to the Centos Firewall and reload it: 1. firewall-cmd --permanent --zone=public -STORE AND FORWARD
Store-and-Forward vs. Cut-Through Switching. Switching in the network can happen in two ways, these layer-two devices send frames but they can forward them in different ways. These different modes have positive and negative effects which depend on the type of network environment that runs through them! Store-and-forward is just like thename
CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!! ENABLE THE NX-OS API ip address 172.16.1.192/24. Once the management interface is configured we now can enable the NX-API by one command. 1. nx-osv9000-1# config t. 2. nx-osv9000-1 (config)# feature nxapi. Open a web browser to the management IP address and login with a username and password. Welcome to NX-API Sandbox!CONFIGURING SSH
1 Router_or_Switch# 2 Router_or_Switch#configure terminal 3 Enter configuration commands, one per line. End with CNTL/Z. 4 Router_or_Switch(config)#line vty 0 4 5 Router_or_Switch(config-line)#login local 6 Router_or_Switch(config-line)#transport input telnet ssh 7 Router_or_Switch(config-line)#exit 8 Router_or_Switch(config)#username ciscoskills password ENTER CISCO FIREPOWER CLI (READ-ONLY) We have to enter the Diagnostic CLI and we can do this in two ways: Once logged into the Firepower default prompt type system support diagnostic-cli command. 1. > system support diagnostic-cli. 2. Attaching to Diagnostic CLI Press 'Ctrl+a then d' to detach. 3. UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updates CONVERTING HEXADECIMAL TO DECIMAL AND BINARY The purpose of this post is to reference the CCNA Data Center (640-911) exam. This exam starts the conversation of IPv6 and since IPv6 is hexadecimal this post starts the talk about how we look at a hexadecimal values and learn how to convert them to binary anddecimal.
FACTORY RESET FIREPOWER 4100 & 9300 When kickstart loads you'll be at the switch (boot)# prompt, enter configuration mode. 1. switch (boot)#. 2. switch (boot)# config t. 3. Enter configuration commands, one per line. End with CNTL/Z. Under the configuration mode, type admin-password erase, this will erase everything and bring the system back to factory defaults. FACTORY RESET FIREPOWER 2100 In this short guide I wanted to walk through the steps to do a factory reset for the Cisco Firepower 2100 series. When doing these resets all configuration and the administrative password are removed, as well as the FTD (Firepower Threat Defense) app-instance. COLLISION DOMAINS VS BROADCAST DOMAINS Each port can be operated at full-duplex so the device can send and receive information at the same time. A Collision Domain with a switch. A broadcast domain is like a collision domain, however the difference is these broadcast domains belong to a set of devices in the same layer two domain. These kind of blur together between a layerthree
CONFIGURING LAYER THREE ETHERCHANNEL We now reference the same steps that we did with SW1 and SW2 on SW3. Let’s create two different port-channels because these are going to two different switches on SW3. 1. SW3 (config)# interface ethernet2/1-2. 2. SW3 (config-if-range)# channel-group 11 mode active. 3. SW3 (config-if-range)# no shutdown. 4. CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!!CONFIGURING RANCID
In my last post I talked about Installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so I’ll walk through on how to setup Rancid to login into network equipment and get configurations. VLAN ACCESS LISTS (VACLS) 1. ip access-list extended BLK-DMZ-COMS permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255. This extended ACL is used to identify the source and destination traffic that we want to block. In this example this ACL matches DMZ servers talking to other DMZ servers in the 192.168.2.0/24 network. Next we have to build a VLAN access map,in this
CISCO FTD STANDALONE MP4 FTDv. Once the device is ready to go, connect via HTTPS to the management IP address of the appliance with a web browser, and login into the system with the password you configured. When you first login the setup wizard will walk you through setting up two zones, and inside zone and an outside zone. Or you could skip this step if youscroll
RBAC RADIUS WITH MICROSOFT NPS 2012 R2 5. aaa authentication login RADIUS-LOCAL group radius local-case. 6. aaa authorization exec default group radius if-authenticated. The router needs to know where radius server is located, we also need to put in a radius key and this needs to match between both the router and radius server. 1. radius server RADIUS. 2.TYPES OF WAN LINKS
A dedicated circuit path is created between endpoints. Best example is dialup connections. Less expensive. Call Setup. PPP, ISDN. Packet Switch. Devices transport packets via a shared single point-to-point or point-to-multipoint link across. Variable SVIS AND "ROUTED" PORTS switch (config-if)# ip add 192.168.253.5 255.255.255.252. 4. switch (config-if)# no shutdown. 5. switch (config-if)# exit. We would do the same thing on the other side of the link and make sure our networks match so that each switch can reach other out of the two routed ports we created and in this example they can. ENABLE THE NX-OS API ip address 172.16.1.192/24. Once the management interface is configured we now can enable the NX-API by one command. 1. nx-osv9000-1# config t. 2. nx-osv9000-1 (config)# feature nxapi. Open a web browser to the management IP address and login with a username and password. Welcome to NX-API Sandbox! TFTP & FTP SERVER ON CENTOS 7 This first part of this tutorial will go over installing TFTP followed by installing the FTP. If you want to skip TFTP installation, i.e you only need FTP, select the link: Install FTP Server on Centos. Add the TFTP rule to the Centos Firewall and reload it: 1. firewall-cmd --permanent --zone=public - CONFIGURING LAYER THREE ETHERCHANNEL We now reference the same steps that we did with SW1 and SW2 on SW3. Let’s create two different port-channels because these are going to two different switches on SW3. 1. SW3 (config)# interface ethernet2/1-2. 2. SW3 (config-if-range)# channel-group 11 mode active. 3. SW3 (config-if-range)# no shutdown. 4. CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!!CONFIGURING RANCID
In my last post I talked about Installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so I’ll walk through on how to setup Rancid to login into network equipment and get configurations. VLAN ACCESS LISTS (VACLS) 1. ip access-list extended BLK-DMZ-COMS permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255. This extended ACL is used to identify the source and destination traffic that we want to block. In this example this ACL matches DMZ servers talking to other DMZ servers in the 192.168.2.0/24 network. Next we have to build a VLAN access map,in this
CISCO FTD STANDALONE MP4 FTDv. Once the device is ready to go, connect via HTTPS to the management IP address of the appliance with a web browser, and login into the system with the password you configured. When you first login the setup wizard will walk you through setting up two zones, and inside zone and an outside zone. Or you could skip this step if youscroll
RBAC RADIUS WITH MICROSOFT NPS 2012 R2 5. aaa authentication login RADIUS-LOCAL group radius local-case. 6. aaa authorization exec default group radius if-authenticated. The router needs to know where radius server is located, we also need to put in a radius key and this needs to match between both the router and radius server. 1. radius server RADIUS. 2.TYPES OF WAN LINKS
A dedicated circuit path is created between endpoints. Best example is dialup connections. Less expensive. Call Setup. PPP, ISDN. Packet Switch. Devices transport packets via a shared single point-to-point or point-to-multipoint link across. Variable SVIS AND "ROUTED" PORTS switch (config-if)# ip add 192.168.253.5 255.255.255.252. 4. switch (config-if)# no shutdown. 5. switch (config-if)# exit. We would do the same thing on the other side of the link and make sure our networks match so that each switch can reach other out of the two routed ports we created and in this example they can. ENABLE THE NX-OS API ip address 172.16.1.192/24. Once the management interface is configured we now can enable the NX-API by one command. 1. nx-osv9000-1# config t. 2. nx-osv9000-1 (config)# feature nxapi. Open a web browser to the management IP address and login with a username and password. Welcome to NX-API Sandbox! TFTP & FTP SERVER ON CENTOS 7 This first part of this tutorial will go over installing TFTP followed by installing the FTP. If you want to skip TFTP installation, i.e you only need FTP, select the link: Install FTP Server on Centos. Add the TFTP rule to the Centos Firewall and reload it: 1. firewall-cmd --permanent --zone=public -STORE AND FORWARD
Store-and-Forward vs. Cut-Through Switching. Switching in the network can happen in two ways, these layer-two devices send frames but they can forward them in different ways. These different modes have positive and negative effects which depend on the type of network environment that runs through them! Store-and-forward is just like thename
CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!! ENABLE THE NX-OS API ip address 172.16.1.192/24. Once the management interface is configured we now can enable the NX-API by one command. 1. nx-osv9000-1# config t. 2. nx-osv9000-1 (config)# feature nxapi. Open a web browser to the management IP address and login with a username and password. Welcome to NX-API Sandbox!CONFIGURING SSH
1 Router_or_Switch# 2 Router_or_Switch#configure terminal 3 Enter configuration commands, one per line. End with CNTL/Z. 4 Router_or_Switch(config)#line vty 0 4 5 Router_or_Switch(config-line)#login local 6 Router_or_Switch(config-line)#transport input telnet ssh 7 Router_or_Switch(config-line)#exit 8 Router_or_Switch(config)#username ciscoskills password ENTER CISCO FIREPOWER CLI (READ-ONLY) We have to enter the Diagnostic CLI and we can do this in two ways: Once logged into the Firepower default prompt type system support diagnostic-cli command. 1. > system support diagnostic-cli. 2. Attaching to Diagnostic CLI Press 'Ctrl+a then d' to detach. 3. UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updates CONVERTING HEXADECIMAL TO DECIMAL AND BINARY The purpose of this post is to reference the CCNA Data Center (640-911) exam. This exam starts the conversation of IPv6 and since IPv6 is hexadecimal this post starts the talk about how we look at a hexadecimal values and learn how to convert them to binary anddecimal.
FACTORY RESET FIREPOWER 4100 & 9300 When kickstart loads you'll be at the switch (boot)# prompt, enter configuration mode. 1. switch (boot)#. 2. switch (boot)# config t. 3. Enter configuration commands, one per line. End with CNTL/Z. Under the configuration mode, type admin-password erase, this will erase everything and bring the system back to factory defaults. FACTORY RESET FIREPOWER 2100 In this short guide I wanted to walk through the steps to do a factory reset for the Cisco Firepower 2100 series. When doing these resets all configuration and the administrative password are removed, as well as the FTD (Firepower Threat Defense) app-instance. COLLISION DOMAINS VS BROADCAST DOMAINS Each port can be operated at full-duplex so the device can send and receive information at the same time. A Collision Domain with a switch. A broadcast domain is like a collision domain, however the difference is these broadcast domains belong to a set of devices in the same layer two domain. These kind of blur together between a layerthree
CONFIGURING LAYER THREE ETHERCHANNEL We now reference the same steps that we did with SW1 and SW2 on SW3. Let’s create two different port-channels because these are going to two different switches on SW3. 1. SW3 (config)# interface ethernet2/1-2. 2. SW3 (config-if-range)# channel-group 11 mode active. 3. SW3 (config-if-range)# no shutdown. 4. RBAC RADIUS WITH MICROSOFT NPS 2012 R2 5. aaa authentication login RADIUS-LOCAL group radius local-case. 6. aaa authorization exec default group radius if-authenticated. The router needs to know where radius server is located, we also need to put in a radius key and this needs to match between both the router and radius server. 1. radius server RADIUS. 2. VLAN ACCESS LISTS (VACLS) 1. ip access-list extended BLK-DMZ-COMS permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255. This extended ACL is used to identify the source and destination traffic that we want to block. In this example this ACL matches DMZ servers talking to other DMZ servers in the 192.168.2.0/24 network. Next we have to build a VLAN access map,in this
CISCO FTD STANDALONE MP4 FTDv. Once the device is ready to go, connect via HTTPS to the management IP address of the appliance with a web browser, and login into the system with the password you configured. When you first login the setup wizard will walk you through setting up two zones, and inside zone and an outside zone. Or you could skip this step if youscroll
SVIS AND "ROUTED" PORTS switch (config-if)# ip add 192.168.253.5 255.255.255.252. 4. switch (config-if)# no shutdown. 5. switch (config-if)# exit. We would do the same thing on the other side of the link and make sure our networks match so that each switch can reach other out of the two routed ports we created and in this example they can. UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updatesCONFIGURING RANCID
In my last post I talked about Installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so I’ll walk through on how to setup Rancid to login into network equipment and get configurations. TFTP & FTP SERVER ON CENTOS 7 This first part of this tutorial will go over installing TFTP followed by installing the FTP. If you want to skip TFTP installation, i.e you only need FTP, select the link: Install FTP Server on Centos. Add the TFTP rule to the Centos Firewall and reload it: 1. firewall-cmd --permanent --zone=public - FACTORY RESET FIREPOWER 2100 When the unit starts to boot it will reinstall the FTD app-instance to default configuration. There are two ways to factory reset these Firepower 2100 units. If you can get into the device you can simply use these commands: connect local-mgmt erase configuration The other method is used for if you are unable to get into the unit becauseeither
COLLISION DOMAINS VS BROADCAST DOMAINS Each port can be operated at full-duplex so the device can send and receive information at the same time. A Collision Domain with a switch. A broadcast domain is like a collision domain, however the difference is these broadcast domains belong to a set of devices in the same layer two domain. These kind of blur together between a layerthree
CONFIGURING LAYER THREE ETHERCHANNEL We now reference the same steps that we did with SW1 and SW2 on SW3. Let’s create two different port-channels because these are going to two different switches on SW3. 1. SW3 (config)# interface ethernet2/1-2. 2. SW3 (config-if-range)# channel-group 11 mode active. 3. SW3 (config-if-range)# no shutdown. 4. RBAC RADIUS WITH MICROSOFT NPS 2012 R2 5. aaa authentication login RADIUS-LOCAL group radius local-case. 6. aaa authorization exec default group radius if-authenticated. The router needs to know where radius server is located, we also need to put in a radius key and this needs to match between both the router and radius server. 1. radius server RADIUS. 2. VLAN ACCESS LISTS (VACLS) 1. ip access-list extended BLK-DMZ-COMS permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255. This extended ACL is used to identify the source and destination traffic that we want to block. In this example this ACL matches DMZ servers talking to other DMZ servers in the 192.168.2.0/24 network. Next we have to build a VLAN access map,in this
CISCO FTD STANDALONE MP4 FTDv. Once the device is ready to go, connect via HTTPS to the management IP address of the appliance with a web browser, and login into the system with the password you configured. When you first login the setup wizard will walk you through setting up two zones, and inside zone and an outside zone. Or you could skip this step if youscroll
SVIS AND "ROUTED" PORTS switch (config-if)# ip add 192.168.253.5 255.255.255.252. 4. switch (config-if)# no shutdown. 5. switch (config-if)# exit. We would do the same thing on the other side of the link and make sure our networks match so that each switch can reach other out of the two routed ports we created and in this example they can. UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updatesCONFIGURING RANCID
In my last post I talked about Installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so I’ll walk through on how to setup Rancid to login into network equipment and get configurations. TFTP & FTP SERVER ON CENTOS 7 This first part of this tutorial will go over installing TFTP followed by installing the FTP. If you want to skip TFTP installation, i.e you only need FTP, select the link: Install FTP Server on Centos. Add the TFTP rule to the Centos Firewall and reload it: 1. firewall-cmd --permanent --zone=public - FACTORY RESET FIREPOWER 2100 When the unit starts to boot it will reinstall the FTD app-instance to default configuration. There are two ways to factory reset these Firepower 2100 units. If you can get into the device you can simply use these commands: connect local-mgmt erase configuration The other method is used for if you are unable to get into the unit becauseeither
COLLISION DOMAINS VS BROADCAST DOMAINS Each port can be operated at full-duplex so the device can send and receive information at the same time. A Collision Domain with a switch. A broadcast domain is like a collision domain, however the difference is these broadcast domains belong to a set of devices in the same layer two domain. These kind of blur together between a layerthree
CONFIGURING SSH
1 Router_or_Switch# 2 Router_or_Switch#configure terminal 3 Enter configuration commands, one per line. End with CNTL/Z. 4 Router_or_Switch(config)#line vty 0 4 5 Router_or_Switch(config-line)#login local 6 Router_or_Switch(config-line)#transport input telnet ssh 7 Router_or_Switch(config-line)#exit 8 Router_or_Switch(config)#username ciscoskills password CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!! CONFIGURING ETHERCHANNEL (PAGB) Here are some Guidelines for Configuring EtherChannel: You can configure the port in two ways: PAgp which is Cisco proprietary protocol. LACP which is an industry standard 802.3ad. You can combine from two links to eight links. All ports MUST be identical such as: CISCO FTD STANDALONE MP4 FTDv. Once the device is ready to go, connect via HTTPS to the management IP address of the appliance with a web browser, and login into the system with the password you configured. When you first login the setup wizard will walk you through setting up two zones, and inside zone and an outside zone. Or you could skip this step if youscroll
CONVERTING HEXADECIMAL TO DECIMAL AND BINARY The purpose of this post is to reference the CCNA Data Center (640-911) exam. This exam starts the conversation of IPv6 and since IPv6 is hexadecimal this post starts the talk about how we look at a hexadecimal values and learn how to convert them to binary anddecimal.
CONNECTING FEX (5K TO 2K) Let’s get started! So I needed a couple of SFPs as the only way to connect the 5k to the 2k is a FET-10G SFP along with that was some multimode fiber (OM3) with LC connectors. Looking at the simple diagram below our end goal is to be able to configure the 2k from the 5k. That is the point of the 2k extenders less switches to manage inthe
UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updates CONFIGURE STATIC ROUTING Plugging Cisco routers together and hoping they work out of the box is not something you should hope for. A router can learn about networks in two ways, manually from configured static routers which we will talk about today and dynamic routing protocols FACTORY RESET FIREPOWER 2100 In this short guide I wanted to walk through the steps to do a factory reset for the Cisco Firepower 2100 series. When doing these resets all configuration and the administrative password are removed, as well as the FTD (Firepower Threat Defense) app-instance. CREATING A SPAN PORT ON A 2960 Creating a SPAN Port on a 2960. Creating a mirroring port also called a SPAN port (Switched Port Analyzer) might be required for some network appliances to analyze network traffic. Since we have switches which run in separate collision domains per port we have to do some configuration on the switch first before we can analyze traffic. CONFIGURING LAYER THREE ETHERCHANNEL We now reference the same steps that we did with SW1 and SW2 on SW3. Let’s create two different port-channels because these are going to two different switches on SW3. 1. SW3 (config)# interface ethernet2/1-2. 2. SW3 (config-if-range)# channel-group 11 mode active. 3. SW3 (config-if-range)# no shutdown. 4. RBAC RADIUS WITH MICROSOFT NPS 2012 R2 5. aaa authentication login RADIUS-LOCAL group radius local-case. 6. aaa authorization exec default group radius if-authenticated. The router needs to know where radius server is located, we also need to put in a radius key and this needs to match between both the router and radius server. 1. radius server RADIUS. 2. VLAN ACCESS LISTS (VACLS) 1. ip access-list extended BLK-DMZ-COMS permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255. This extended ACL is used to identify the source and destination traffic that we want to block. In this example this ACL matches DMZ servers talking to other DMZ servers in the 192.168.2.0/24 network. Next we have to build a VLAN access map,in this
CISCO FTD STANDALONE MP4 FTDv. Once the device is ready to go, connect via HTTPS to the management IP address of the appliance with a web browser, and login into the system with the password you configured. When you first login the setup wizard will walk you through setting up two zones, and inside zone and an outside zone. Or you could skip this step if youscroll
SVIS AND "ROUTED" PORTS switch (config-if)# ip add 192.168.253.5 255.255.255.252. 4. switch (config-if)# no shutdown. 5. switch (config-if)# exit. We would do the same thing on the other side of the link and make sure our networks match so that each switch can reach other out of the two routed ports we created and in this example they can. UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updatesCONFIGURING RANCID
In my last post I talked about Installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so I’ll walk through on how to setup Rancid to login into network equipment and get configurations. TFTP & FTP SERVER ON CENTOS 7 This first part of this tutorial will go over installing TFTP followed by installing the FTP. If you want to skip TFTP installation, i.e you only need FTP, select the link: Install FTP Server on Centos. Add the TFTP rule to the Centos Firewall and reload it: 1. firewall-cmd --permanent --zone=public - FACTORY RESET FIREPOWER 2100 When the unit starts to boot it will reinstall the FTD app-instance to default configuration. There are two ways to factory reset these Firepower 2100 units. If you can get into the device you can simply use these commands: connect local-mgmt erase configuration The other method is used for if you are unable to get into the unit becauseeither
COLLISION DOMAINS VS BROADCAST DOMAINS Each port can be operated at full-duplex so the device can send and receive information at the same time. A Collision Domain with a switch. A broadcast domain is like a collision domain, however the difference is these broadcast domains belong to a set of devices in the same layer two domain. These kind of blur together between a layerthree
CONFIGURING LAYER THREE ETHERCHANNEL We now reference the same steps that we did with SW1 and SW2 on SW3. Let’s create two different port-channels because these are going to two different switches on SW3. 1. SW3 (config)# interface ethernet2/1-2. 2. SW3 (config-if-range)# channel-group 11 mode active. 3. SW3 (config-if-range)# no shutdown. 4. RBAC RADIUS WITH MICROSOFT NPS 2012 R2 5. aaa authentication login RADIUS-LOCAL group radius local-case. 6. aaa authorization exec default group radius if-authenticated. The router needs to know where radius server is located, we also need to put in a radius key and this needs to match between both the router and radius server. 1. radius server RADIUS. 2. VLAN ACCESS LISTS (VACLS) 1. ip access-list extended BLK-DMZ-COMS permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255. This extended ACL is used to identify the source and destination traffic that we want to block. In this example this ACL matches DMZ servers talking to other DMZ servers in the 192.168.2.0/24 network. Next we have to build a VLAN access map,in this
CISCO FTD STANDALONE MP4 FTDv. Once the device is ready to go, connect via HTTPS to the management IP address of the appliance with a web browser, and login into the system with the password you configured. When you first login the setup wizard will walk you through setting up two zones, and inside zone and an outside zone. Or you could skip this step if youscroll
SVIS AND "ROUTED" PORTS switch (config-if)# ip add 192.168.253.5 255.255.255.252. 4. switch (config-if)# no shutdown. 5. switch (config-if)# exit. We would do the same thing on the other side of the link and make sure our networks match so that each switch can reach other out of the two routed ports we created and in this example they can. UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updatesCONFIGURING RANCID
In my last post I talked about Installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so I’ll walk through on how to setup Rancid to login into network equipment and get configurations. TFTP & FTP SERVER ON CENTOS 7 This first part of this tutorial will go over installing TFTP followed by installing the FTP. If you want to skip TFTP installation, i.e you only need FTP, select the link: Install FTP Server on Centos. Add the TFTP rule to the Centos Firewall and reload it: 1. firewall-cmd --permanent --zone=public - FACTORY RESET FIREPOWER 2100 When the unit starts to boot it will reinstall the FTD app-instance to default configuration. There are two ways to factory reset these Firepower 2100 units. If you can get into the device you can simply use these commands: connect local-mgmt erase configuration The other method is used for if you are unable to get into the unit becauseeither
COLLISION DOMAINS VS BROADCAST DOMAINS Each port can be operated at full-duplex so the device can send and receive information at the same time. A Collision Domain with a switch. A broadcast domain is like a collision domain, however the difference is these broadcast domains belong to a set of devices in the same layer two domain. These kind of blur together between a layerthree
CONFIGURING SSH
1 Router_or_Switch# 2 Router_or_Switch#configure terminal 3 Enter configuration commands, one per line. End with CNTL/Z. 4 Router_or_Switch(config)#line vty 0 4 5 Router_or_Switch(config-line)#login local 6 Router_or_Switch(config-line)#transport input telnet ssh 7 Router_or_Switch(config-line)#exit 8 Router_or_Switch(config)#username ciscoskills password CONFIGURING NAT (ONE TO ONE MAPPING) 1. Router (config)#interface s0/0/1. 2. Router (config-if)#ip nat outside. This command tells us that the serial interface of s0/0/1 and anything connected to it is the outside network (We don't have control over it.) You can also assign or have more than one ip nat outside interface. That's it!! CONFIGURING ETHERCHANNEL (PAGB) Here are some Guidelines for Configuring EtherChannel: You can configure the port in two ways: PAgp which is Cisco proprietary protocol. LACP which is an industry standard 802.3ad. You can combine from two links to eight links. All ports MUST be identical such as: CISCO FTD STANDALONE MP4 FTDv. Once the device is ready to go, connect via HTTPS to the management IP address of the appliance with a web browser, and login into the system with the password you configured. When you first login the setup wizard will walk you through setting up two zones, and inside zone and an outside zone. Or you could skip this step if youscroll
CONVERTING HEXADECIMAL TO DECIMAL AND BINARY The purpose of this post is to reference the CCNA Data Center (640-911) exam. This exam starts the conversation of IPv6 and since IPv6 is hexadecimal this post starts the talk about how we look at a hexadecimal values and learn how to convert them to binary anddecimal.
CONNECTING FEX (5K TO 2K) Let’s get started! So I needed a couple of SFPs as the only way to connect the 5k to the 2k is a FET-10G SFP along with that was some multimode fiber (OM3) with LC connectors. Looking at the simple diagram below our end goal is to be able to configure the 2k from the 5k. That is the point of the 2k extenders less switches to manage inthe
UPDATE FIREPOWER DEVICES On the FMC it will stay on "Initializing" for an hour and timeout so here are the steps to manually update your Firepower Sensor: You can manually update this by either connecting to the console or ssh into the sensor. Once in you'll need to the bash shell so type the command "expert" to get into it. SCP copy the update to the /var/sf/updates CONFIGURE STATIC ROUTING Plugging Cisco routers together and hoping they work out of the box is not something you should hope for. A router can learn about networks in two ways, manually from configured static routers which we will talk about today and dynamic routing protocols FACTORY RESET FIREPOWER 2100 In this short guide I wanted to walk through the steps to do a factory reset for the Cisco Firepower 2100 series. When doing these resets all configuration and the administrative password are removed, as well as the FTD (Firepower Threat Defense) app-instance. CREATING A SPAN PORT ON A 2960 Creating a SPAN Port on a 2960. Creating a mirroring port also called a SPAN port (Switched Port Analyzer) might be required for some network appliances to analyze network traffic. Since we have switches which run in separate collision domains per port we have to do some configuration on the switch first before we can analyze traffic.Skip to content
Menu
* About
* Contact
CISCOSKILLS.NET
CISCO SKILLS
In the Cisco World, Expect Anything FMCV – CHANGE IP ADDRESS Posted on October 1, 2019October 1, 2019by Ryan
Welcome Back
Think about this for a bit, its been years ago when we first configured the our Cisco FMCv in our virtual environment perhaps this is running for years with no problems. (Lucky us!) All of our firewalls connect to it, policies are pushed correctly, IPS rules are updated correctly and we even have URL filtering turned on some devices, and upgrades work out of the box, it just works, again lucky us! We have remote backups working but we never needed them… Continue reading “FMCv – Change IP Address” →Advertisements
Report this ad
Advertisements
Report this ad
SHARE THIS:
* Click to email this to a friend (Opens in new window) * Click to print (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to share on Twitter (Opens in new window) * Click to share on Reddit (Opens in new window)*
LIKE THIS:
Like Loading... Tagged cisco ,FMC , Internet
, technology
Leave a comment
I WAS A 10X ENGINEER. AND I’M SORRY. Posted on July 18, 2019July 18, 2019by Ryan
> Saw this post, glad Tom shared it something to always remember, > don’t be the machine that runs the company! Share your knowledge > and be a resource!!>
> –Ryan
The Networking Nerd
You probably saw the big discussion this past weekend on Twitter about 10x Engineers. It all started with a tweet about how to recognize a 10x Engineer, followed by tons of responses about how useless their were and how people that had encountered them were happy to be rid of them. All that discussion made me think back to my old days as a Senior Network Rock Star. As I reminisced I realized that I was, in fact, a 10x Engineer. And I was miserable. POUR SOME WORK ON ME I wasn’t always the epitome of engineering hatred. I used to be a wide-eyed technician with a hunger to learn things. I worked on a variety of systems all over the place. In fact, I was rising through the ranks of my company as a Novell Engineer in an environment with plenty of coverage. I was just learning the ropes…View original post
1,016 more words
SHARE THIS:
* Click to email this to a friend (Opens in new window) * Click to print (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to share on Twitter (Opens in new window) * Click to share on Reddit (Opens in new window)*
LIKE THIS:
Like Loading... Leave a comment GRAYLOG WITH AWS ELASTICSEARCH Posted on June 21, 2019June 10, 2019by Ryan
Graylog has been through some changes last time I talked about them, hitting version 3.0 in February is awesome and one of things that make Graylog run well is Elasticsearch backend. Although Elasticsearch is not too hard to setup it usually runs better on bare metal, so there is cost of that as well as maintenance of the cluster is important, updates and upgrades. Depending your team experience you may not have time to learn it or run it the way it should be. That last thing you want is your logging setup to go down because of poormaintenance.
So in this post we will walk though setting up a Graylog Server and using AWS Elasticsearch service for our backend. Without having a quick Elasticsearch cluster Graylog experience suffers, so let’s getstarted.
Continue reading “Graylog with AWS Elasticsearch” →SHARE THIS:
* Click to email this to a friend (Opens in new window) * Click to print (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to share on Twitter (Opens in new window) * Click to share on Reddit (Opens in new window)*
LIKE THIS:
Like Loading... Tagged AWS , Elasticsearch , graylog, Open source
, technology
Leave a comment
CHANGES ON THE HORIZON – CISCO Posted on June 10, 2019by
Ryan
Continue reading “Changes on the Horizon – Cisco” →SHARE THIS:
* Click to email this to a friend (Opens in new window) * Click to print (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to share on Twitter (Opens in new window) * Click to share on Reddit (Opens in new window)*
LIKE THIS:
Like Loading... Tagged Certification, cisco
, technology
Leave a comment
SVIS AND “ROUTED” PORTS Posted on May 14, 2019March 9, 2019by Ryan
So you have a this nice multiplayer switch, and want to take advantages of all of the features it has to offer. Well there are two different types interface ports on these type of switches. SVIs (Switched Virtual Interface) and “routed” ports, fundamentally they are same and clients/users wouldn’t be able to tell if you were using/going through an SVI or a “routed” port. However they are different and in this post we’ll talk about these two and when and were it would be recommended to place an SVI or a routed port. Continue reading “SVIs and “Routed” Ports” →SHARE THIS:
* Click to email this to a friend (Opens in new window) * Click to print (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to share on Twitter (Opens in new window) * Click to share on Reddit (Opens in new window)*
LIKE THIS:
Like Loading... Tagged cisco ,Network , Routing
, SVI
Leave a comment
POSTS NAVIGATION
Older posts
Older posts
Advertisements
Report this ad
TOP POSTS & PAGES
* Install Rancid and ViewVC on Centos 7 * Factory Reset Firepower 2100* Configuring RIPv2
* Installing a GNS3 Server * Configuring Rancid * Configure Router on a Stick * Color Code Your Routers * Configuring NAT (One to One Mapping) * Laser Printing Process * Enter Cisco Firepower CLI (Read-Only)BLOGROLL
* CheckTLS.com
* Cisco Blog
* Cisco Communities
* Cisco Learning Network * Cisco Support and Documentation * Enterprise Networking – Reddit * GNS3: Graphical Network Simulator * Internetworking Perspectives – Ivan Pepelnjak* Packet Pushers
* PacketBomb
* PacketLife.net
* The Networking Nerd * The Packet Thrower's Blog * VIRL – Virtual Internet Routing Lab * Wendell's CCENT Skills BlogARCHIVES
Archives Select Month October 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 January 2017 December 2016 October 2016 September 2016 August 2016 July 2016 April 2016 March 2016 February 2016 January 2016 November 2015 August 2015 June 2015 May 2015 April 2015 February 2015 January 2015 December 2014 October 2014 September 2014 August 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011January 2011
Advertisements
Report this ad
* View lewiryan’s profile on Twitter * View lewiryan’s profile on GitHubRSS - Posts
RSS - Comments
Search for:
Create a website or blog at WordPress.comPost to
Cancel
* Follow
*
* Cisco Skills
* Customize
* Follow
* Sign up
* Log in
* Report this content * Manage subscriptions* Collapse this bar
%d bloggers like this: Send to Email Address Your Name Your Email AddressCancel
Post was not sent - check your email addresses! Email check failed, please try again Sorry, your blog cannot share posts by email.Details
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0