Back to Basics : Access-Lists and Types
Today I am going to talk about the Access Lists and how we can use that access lists in our network. These Access lists are used in many ways. We have different ways to use it and we also have different configurations for different Access Lists.
Before we start with the various access lists, let's talk about what the Access Lists actual are and why they are used. So answer to your question is Access-List is the way to filter the IP packets entering to the network. So with the use of Access-Lists you can permit or deny the IP packets on the base of IPs, Names, protocols and so on and the routing table decide the traffic routing on the basis of the set of rules we authorised.
Below is just a Sample diagram showing using the Access-Lists and has no relevance with any of the configuration used below.
We have different kinds of Access-lists and I am taking a short note and the configuration part of these access-lists one by one. These access-lists are :
Let's Continue reading
Before we start with the various access lists, let's talk about what the Access Lists actual are and why they are used. So answer to your question is Access-List is the way to filter the IP packets entering to the network. So with the use of Access-Lists you can permit or deny the IP packets on the base of IPs, Names, protocols and so on and the routing table decide the traffic routing on the basis of the set of rules we authorised.
Below is just a Sample diagram showing using the Access-Lists and has no relevance with any of the configuration used below.
 |
| Sample Diagram showing Access-Lists |
We have different kinds of Access-lists and I am taking a short note and the configuration part of these access-lists one by one. These access-lists are :
- Standard Access-Lists
- Extended Access-Lists
- IP Named Access-Lists
- Lock and Key Access-Lists
- Reflexive access-Lists
- Context-Based Access Control
- Turbo Access-Lists
Let's Continue reading
Dark Fiber and Cisco OTV – Basic Approach and connectivity
Today I am going to discuss on the connectivity of the two datacenter and in the Active-Active state or you can called them as Connecting Multiple Active Datacenter with OTV and Dark Fiber.
First let's talk about the technologies, Cisco OTV is a Overlay Transport Virtualization technology and is used to extend the LAN segments across the datacenter or in other words you can say that extending the Layer 2 traffic over the Layer 3 network.
Note : Cisco OTV supports on Cisco Nexus 7K series switches and is not supported in Cisco Nexus 9K Switches.
Cisco OTV- Overlay Transport Virtualization technology
As I said, that Cisco OTV is the way to extend your layer 2 network across the datacenter via the Layer 3 links. OTV actually works on the MAC routing concept.
MAC and Routing ..What :)
Yes, control plane protocol in Cisco OTV is used to exchange MAC reachability information between network devices providing LAN extension functionality. This is a huge change from Layer 2 switching that traditionally leverages data plane learning, and it is justified by the need to limit flooding of Layer 2 traffic across the transport infrastructure.
Layer 2 communications between sites Continue reading
First let's talk about the technologies, Cisco OTV is a Overlay Transport Virtualization technology and is used to extend the LAN segments across the datacenter or in other words you can say that extending the Layer 2 traffic over the Layer 3 network.
Note : Cisco OTV supports on Cisco Nexus 7K series switches and is not supported in Cisco Nexus 9K Switches.
Cisco OTV- Overlay Transport Virtualization technology
As I said, that Cisco OTV is the way to extend your layer 2 network across the datacenter via the Layer 3 links. OTV actually works on the MAC routing concept.
MAC and Routing ..What :)
Yes, control plane protocol in Cisco OTV is used to exchange MAC reachability information between network devices providing LAN extension functionality. This is a huge change from Layer 2 switching that traditionally leverages data plane learning, and it is justified by the need to limit flooding of Layer 2 traffic across the transport infrastructure.
Layer 2 communications between sites Continue reading
Another Cyber-attack : Petya Cyberattack after Wannacry Shutdowns Europe
Another Cyber-attack shocked Europe as many of the Firms like Airport industries, Banks, Government departments effected by this Petya Cyberattack. It was said that it is the beginning of the attacks and will have many more attacks in near future. Cyber security is one of the most demanding feature now a days who can save you from these cyber attacks.
Experts says, Petya Ransomware attack is just a test and will come up with more worse in the future. So you need to take care about the attacks by applying best security features like Cisco OpenDNS as a first line of security of the big and the other enterprise networks.
Many of the vendors come up with their inputs on the cyberattack where most of the industries across Ukraine, Russia and some part of Europe effected. Most of the firms from Danish and Spanish are effected as well. It may grow towards the Asia and the American region but still no footprints of these attacks.
It is said that ( the effected industries review)- The virus is believed to be ransomware - a piece of malicious software that shuts down a computer system and Continue reading
 |
| Fig 1.1- Petya Cyberattack After Wannacry |
Experts says, Petya Ransomware attack is just a test and will come up with more worse in the future. So you need to take care about the attacks by applying best security features like Cisco OpenDNS as a first line of security of the big and the other enterprise networks.
Many of the vendors come up with their inputs on the cyberattack where most of the industries across Ukraine, Russia and some part of Europe effected. Most of the firms from Danish and Spanish are effected as well. It may grow towards the Asia and the American region but still no footprints of these attacks.
It is said that ( the effected industries review)- The virus is believed to be ransomware - a piece of malicious software that shuts down a computer system and Continue reading
Cisco Vs Ruckus Wireless Systems
There is always a great tussle between Cisco and Ruckus on the wireless upfront where both the vendors are working hard to grip the market with the features they are providing in their wireless domain. Today I am going to talk about the head to head discussion of Cisco and Ruckus, Although there are lot of point which i am not going to cover here in this discussion.
Ruckus Wireless:
Ruckus wireless controllers address deployments of any size i.e. from a very small Field Sales Office to a Managed Service Provider solution. Clustered SCG 200s offer one of the highest scalability levels and are available in an appliance form factor as well as a virtual controller. EMS functions are built-in and integration via REST API is supported.
Full range of wireless controllers scaling from the entry level ZoneDirector 1200 which supports up to 75 AP’s, all the way up to the SmartCellTM Gateway controller which, with available clustering support, is capable of managing tens of thousands of AP’s and providing access for hundreds of thousands of mobile devices
Virtual SmartZone
High Scale (vSZ-H) - up to10,000 APs, up to 100,000 clients
vSZ-H cluster of 4 - up to 30,000 Continue reading
High Scale (vSZ-H) - up to10,000 APs, up to 100,000 clients
vSZ-H cluster of 4 - up to 30,000 Continue reading
Static Routing configuration different ways
Today I am going to talk about the Static routing and default routing. Some of you already know about the both these but some of you guys are still not aware about this stuff. This article is basically for the starters in the Networking field.
 |
| Fig 1.1- Sample Static routing configuration |
Let's talk about the IP routing first with the static routing. When using the ip route command, you can identify where packets should be routed to in two ways:
- The next-hop address
- The exit interface
Way-1 :The Next-Hop Address
Router(config)#ip route 172.16.20.0 255.255.255.0 172.16.10.2
172.16.20.0 = destination network255.255.255.0 = subnet mask
172.16.10.2 = next-hop address
172.16.10.2 = next-hop address
Way-2 :The exit interface
Router(config)#ip route 172.16.20.0 255.255.255.0 s0/0
172.16.20.0 = destination network
What does it means: To get to the destination network Continue reading
255.255.255.0 = subnet mask s0/0 = exit interface
OSPF Basic configuration Step by step on Cisco Routers
Today I am going to talk about the basic configurations of OSPF on Cisco routers step by step. OSPF is one of the link state routing protocol and I already wrote some of the articles on OSPF as below:
OSPF Basics- Theory
OSPF point to Multipoint Configuration- Cisco & Juniper
OSPF States
Difference between OSPF Vs RIP routing Protocols
From the above given links, you will able to understand much more about the OSPF. This article is all about the basic configurations on router about the OSPF.
Below is the basic topology of the OSPF which has not any relevance with the configuration part. The topology is just to show you what kind of network you have in the OSPF separated in the areas but with have one process id.
There is no relevance of the IP addresses uses here with any of the live networks or with any of the enterprise networks.
Lets talk step by step in OSPF
In Step 1, I am talking about how to enable the OSPF routing protocol on Cisco routers by putting the OSPF process id. Make sure you know about the process id, It is similar Continue reading
OSPF Basics- Theory
OSPF point to Multipoint Configuration- Cisco & Juniper
OSPF States
Difference between OSPF Vs RIP routing Protocols
From the above given links, you will able to understand much more about the OSPF. This article is all about the basic configurations on router about the OSPF.
Below is the basic topology of the OSPF which has not any relevance with the configuration part. The topology is just to show you what kind of network you have in the OSPF separated in the areas but with have one process id.
 |
| Fig 1.1- Sample OSPF Topology |
There is no relevance of the IP addresses uses here with any of the live networks or with any of the enterprise networks.
Lets talk step by step in OSPF
In Step 1, I am talking about how to enable the OSPF routing protocol on Cisco routers by putting the OSPF process id. Make sure you know about the process id, It is similar Continue reading
Cisco and Juniper Routers : OSPF point to multipoint configurations
Today I am going to discuss on the OSPF configuration part, As you already know about the OSPF protocol and the network types in OSPF.
OSPF is a link state routing protocol and i wrote some of the articles on OSPF earlier as well. Please go through that articles to understand more about OSPF protocol
OSPF Basics
OSPF States
OSPF vs RIP protocols
Routing Basics : Distance Vector vs Link State Routing Protocol
Above are some of the articles on OSPF will help you more in the interview preparation.
OSPF Point to Multipoint Networks
Apart from all these today I am going to have sample configurations on OSPF point to multipoint networks.
Here in this article I am going to take a topology of OSPF point to multipoint network and let you know the Continue reading
OSPF is a link state routing protocol and i wrote some of the articles on OSPF earlier as well. Please go through that articles to understand more about OSPF protocol
OSPF Basics
OSPF States
OSPF vs RIP protocols
Routing Basics : Distance Vector vs Link State Routing Protocol
Above are some of the articles on OSPF will help you more in the interview preparation.
OSPF Point to Multipoint Networks
In the point-to-multipoint configurations, we need to emulate broadcast capability, it seeks to organise the PVCs into a collection of point-to-point networks. In the case of OSPF point to multipoint networks, the hello packets must still be replicated and transmitted individually to each neighbor, but the multipoint approach offers two distinct advantages: no DR/BDR is needed, and the emulated point-to-point links can occupy a common subnet.
Apart from all these today I am going to have sample configurations on OSPF point to multipoint networks.
Here in this article I am going to take a topology of OSPF point to multipoint network and let you know the Continue reading
Cisco Catalyst 6500 Chassis VSS Configuration ( Switch1 and Switch2 )
Today I am going to talk about VSS and tell you guys how to configure the VSS in the live environment. I am going to explain VSS first and then we will come up with the VSS configuration for both the switches which will be participate in the VSS.
Although we have three switches who can be used as VSS, It can be
- Cisco catalyst 4500 Series Switches
- Cisco Catalyst 6500 Series Switches
- Cisco Catalyst 6800 Series Switches
In this article I am taking the example of Cisco 6500 Switches in the VSS. Lets talk about VSS first now followed by the configurations:
Cisco Catalyst 6500 Series Virtual Switching System (VSS) is a technique by which we are going to merge two physical Cisco Catalyst 6500 Series switches together into a single, logically managed entity. In the case of Cisco catalyst 6500 where you can manage two chassis as a single control plane but you can have the dual data plane after enabling Cisco Virtual Switching System.
 |
| Fig 1.1-Sample Topology Cisco VSS Physical and Logical View |
It uses Cisco IOS Stateful Switchover (SSO) technology, as well as Non-Stop Forwarding (NSF) extensions to routing protocols, to provide a single, Continue reading
VPLS basic configurations in MPLS environment: Cisco Routers
Today I am going to tell you about the basic configurations of VPLS on the Cisco routers. Let's take an scenario where i can say that there is a MPLS network where we have PE1, PE2 and PE3 connected at the edges of the MPLS network and beyond that there are customer edge routers.
Let me explain little bit how Layer 2 split horizon enabled in the VPLS scenario. So on the edge of the MPLS PE routers VLAN packets received from the customer network can be forwarded to one or more local interfaces and or emulated VCs in the VPLS domain. To avoid broadcasted packets looping around in the network, no packet received from an emulated VC can be forwarded to any emulated VC of the VPLS domain on a PE router. That is, the Layer 2 split horizon should always be enabled as the default in a full-mesh network.
Below is the topology showing the VPLS connectivity across the three Service Provider Edge routers that i mentioned above. We have three PE routers and named as PE1, PE2 and PE3 routers. Below the topology we have the configurations on all these PE routers step by step. All Continue reading
Cisco Catalyst 9400 Switches – A new Launch
As in my earlier article i talked about the new launch of the Cisco catalyst 9300 and explain the features of that catalyst switch. Now I am going to talk about the other 2 series which Cisco launches. Cisco understand the requirement of the market and also competing with the other vendors for Next generation networks like SDN where open APIs can be used to stitch third party applications.
Cisco come up with the solution for the campus where they are going to deploy the fabric network on the top of traditional IP network. I will come up with another article where I can explain the architecture of the SD-Access network for the campus network designed by Cisco Systems.
With the launch of Cisco 9300, 9400 and 9500 cisco is running ahead in the field of enterprise network architecture. For Cisco catalyst 9300 please check the below mentioned link
Cisco Catalyst 9300 Switches for Campus
Now let me talk about the other two series of switches launched by Cisco Systems for campus or enterprise network named Cisco catalyst 9400 and 9500 switches.
Cisco Catalyst 9400 Switch:
With the help of Cisco catalyst 9400 switch you will achieve Advanced persistent security threats, Continue reading
Cisco come up with the solution for the campus where they are going to deploy the fabric network on the top of traditional IP network. I will come up with another article where I can explain the architecture of the SD-Access network for the campus network designed by Cisco Systems.
With the launch of Cisco 9300, 9400 and 9500 cisco is running ahead in the field of enterprise network architecture. For Cisco catalyst 9300 please check the below mentioned link
Cisco Catalyst 9300 Switches for Campus
Now let me talk about the other two series of switches launched by Cisco Systems for campus or enterprise network named Cisco catalyst 9400 and 9500 switches.
Cisco Catalyst 9400 Switch:
With the help of Cisco catalyst 9400 switch you will achieve Advanced persistent security threats, Continue reading
Cisco Launches Catalyst 9300 series Switches
Today I am going to talk about the new launch of Cisco. Cisco Launches Catalyst switches in 9000 series and they are not Nexus. If you are confused that it is catalyst switches or Nexus Switches, well It is not Nexus Series it is pure Catalyst switches after Cisco Catalyst 6800 switches.
New Launch : Cisco 9300 series switches and these switches are not Nexus switches in case you are confused.
In addition to all the earlier switches, Cisco take a step ahead from other vendors by adding Cisco 9300, Cisco 9400 and Cisco 9500 Switches in their portfolio. These switches are excellent with the high end capabilities and has many new features added. With the help of these high end switches you can granularly expand your network at core, distribution and access layers and with these switches you will have a leverage of cloud based or Next generation solutions.
Cisco already have the following switches in their portfolio and these switches are
With the existing models as shown above, Cisco launches three new catalyst switches series Continue reading
New Launch : Cisco 9300 series switches and these switches are not Nexus switches in case you are confused.
In addition to all the earlier switches, Cisco take a step ahead from other vendors by adding Cisco 9300, Cisco 9400 and Cisco 9500 Switches in their portfolio. These switches are excellent with the high end capabilities and has many new features added. With the help of these high end switches you can granularly expand your network at core, distribution and access layers and with these switches you will have a leverage of cloud based or Next generation solutions.
Cisco already have the following switches in their portfolio and these switches are
- Cisco 2960 Series
- Cisco 3650 Series
- cisco 3750 Series
- Cisco 3850 Series
- Cisco 4500 Series
- Cisco catalyst 6500 series
- Cisco catalyst 6800 series
With the existing models as shown above, Cisco launches three new catalyst switches series Continue reading
Understanding DHCP Snooping and Basic Configurations : Cisco, Juniper and Huawei
Today I am going to talk about the DHCP Snooping concept in this article. There are lot of queries on DHCP Snooping where people want to understand why it has been used in the enterprise network. Some of the questions i will put here.
What is DHCP Snooping?
What is the different between Trusted and un-trusted hosts, Servers and Ports ?
How DHCP Snooping works ?
These are the basic questions on DHCP Snooping, let me take you guys through it.
What is DHCP Snooping?
What is the different between Trusted and un-trusted hosts, Servers and Ports ?
How DHCP Snooping works ?
These are the basic questions on DHCP Snooping, let me take you guys through it.
DHCP Snooping is a feature which told you about the traffic sources and that can be trusted traffic sources or untrusted traffic sources. DHCP snooping ensures that DHCP clients obtain IP addresses from authorised DHCP servers and records mappings between IP addresses and MAC addresses of DHCP clients, preventing DHCP attacks on the network.Trusted sources can be the sources which you already allow in your network but untrusted sources will be an attack. To prevent such types of attacks in the network you can have the DHCP snooping feature which will filters messages and rate-limits traffic from untrusted sources.
If you have a network which includes switches, routers and firewalls all these sources are trusted source as they are Continue reading
Juniper Routers Sample BGP Configurations : Quick and Easy
As in my earlier post i wrote about the basic configurations on Cisco Router where i define configurations on Route Reflector, Confederation, Route-Maps, Prefix Lists, Local Preference, AS-Path, MED, Communities and Peer groups.
In this article I am just going to put Juniper router basics BGP configurations. In the later articles I will cover all the configurations like Route Reflector, Confederation, Route-Maps, Prefix Lists, Local Preference, AS-Path, MED, Communities and Peer groups on juniper and Huawei routers.
Below is the basic network topology with configuration as below
Here in the above shown topology, we have Router A, Router B, Router C, Router D and Router E. Router A, B and C are in the AS 22 while Router D is in AS 79 and Router E is in AS 17
In this article I am just going to put Juniper router basics BGP configurations. In the later articles I will cover all the configurations like Route Reflector, Confederation, Route-Maps, Prefix Lists, Local Preference, AS-Path, MED, Communities and Peer groups on juniper and Huawei routers.
Below is the basic network topology with configuration as below
 |
| Fig 1.1- Juniper Router BGP Topology |
Configure the interfaces to Peers A, B, C, and D
Router_NB# set ge-1/2/0 unit 0 description to-A
Router_NB# set ge-1/2/0 unit 0 family inet address 10.10.10.1/30
Router_NB# set ge-0/0/1 unit 5 description to-B
Router_NB# set ge-0/0/1 unit 5 family inet address 10.10.10.5/30
Router_NB# set ge-0/1/0 unit 9 description to-C
Router_NB# set ge-0/1/0 unit 9 family inet address Continue reading
Cisco Routers Sample BGP Configurations : Quick and Easy
Today I am going to talk about the configurations of BGP on Cisco Routers. I will explain some of the terms which we are going to use in the configurations. Please let me know if you guys required any specific configuration in BGP or you can share the design with us so that we can create the configurations accordingly.
Sometimes if it difficult to set up a BGP configurations in the lab or in the live environment, so here in this article i am just posting the sample configurations which will help you guys to configure BGP in you labs or in the live environment. There is no relevance of this configuration with any of the live networks. All IPs taken in the configuration is just a sample IP addresses taken.
BGP is a wide routing protocol which is used on to connect the WAN links between two different AS. AS stands for autonomous systems. Below is a sample BGP topology and is not relevant what sample configurations shared with you in the below article.
 |
| Fig 1.1- Sample BGP Topology |
We have two kinds of BGP sessions; one is iBGP which is internal BGP and other is eBGP which Continue reading
Cisco Advanced Malware Protection (AMP) Threat Grid Sandboxing
Cisco AMP so called as Advance Malware Protection is a term used for Malware file detection technology. AMP will provides you threat intelligence and analytics, point-in-time detection, continuous analysis, and retrospective security of malware files
AMP- Advance Malware Protection can be used at various levels of the network. It can be used as Threat Grid, Endpoints, Network. These all products actually make up an architecture and is not just a different products in the cisco portfolio.
In my earlier post i wrote about the Cisco AMP product for endpoints only. If you want to look that article, please go through the below link
Cisco AMP for Endpoints
We have following various AMP features at Cloud, Endpoint, Networks, web and email. In this article i am only covering the AMP for Threat Grid.
AMP- Advance Malware Protection can be used at various levels of the network. It can be used as Threat Grid, Endpoints, Network. These all products actually make up an architecture and is not just a different products in the cisco portfolio.
In my earlier post i wrote about the Cisco AMP product for endpoints only. If you want to look that article, please go through the below link
Cisco AMP for Endpoints
We have following various AMP features at Cloud, Endpoint, Networks, web and email. In this article i am only covering the AMP for Threat Grid.
- AMP Threat Grid
- AMP for Endpoints
- AMP for Networks
- AMP for Web
- AMP for Email
AMP Threat Grid:
AMP threat Grid can be used for appliances or in the cloud. Huge organisations with compliance and policy restrictions can analyze malware with the help of AMP Threat Grid locally by submitting samples to the appliance. It helps you effectively defend against both targeted attacks and threats from advanced malware Continue reading
Switching Basics : Private VLANs
Today I am going to talk about “Private VLANs”. By using Private VLANs you can restrict the specific port from the network and it can only communicate with the uplink port with which it connects.
We have two kind of VLANs; One is Primary VLAN and other is Secondary VLANs. Primary VLANs is a type of VLAN which is used to forward frames downstream to all Secondary VLANs.while Secondary VLANs are further divided in to the 2 types and these types are :
Isolated VLANs :
As name suggested, it is isolated from all the port except the ports in the Primary VLAN or you can say the isolated VLAN port can only talk with the uplink port and will be isolated from the other ports in the network.
Community VLANs:
As name suggest. if two ports are in the community they can talk to each other and talk to the uplink port as well but not able to talk to the other members of the VLANs. They are restricted to have a communication with the isolated VLANs in the network.
 |
| Fig 1.1- Private VLANs |
Most common question what i am thinking now;
If two different Ports Continue reading
Cisco Port Security Basics and configurations
Today I am going to talk about the Switching topic and that topic is Port Security. Port security is required in the case you want to control the traffic by allowing Specific MAC address entries, which means if the invalid MAC addresses traffic comes, it will be blocked or dropped.
Lets talk about the port security and the modes of port security. So the question is why port security required, may be want to safe from the attacks as well.
Why Port Security is important ?
Well port security is generally used so that you can easily prevent the unwanted MAC address traffic from the external or the internal network.
Port security can be enabled in three different ways are defined as below:
Lets talk about the port security and the modes of port security. So the question is why port security required, may be want to safe from the attacks as well.
Why Port Security is important ?
Well port security is generally used so that you can easily prevent the unwanted MAC address traffic from the external or the internal network.
Port security can be enabled in three different ways are defined as below:
- Protect : In the protected state, switch port will drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.
- Restrict : In the restrict state, switch port will drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment
- Shutdown : In the shutdown state, switch port will Continue reading