1) username xxxx password xxxx
2) passwd xxxxx
3) ssh x.x.x.x x.x.x.x {inside/outside}
4) crypto key generate rsa modulus {512/768/1024/2048}
5) aaa authentication ssh console LOCAL
https://learningnetwork.cisco.com/docs/DOC-2820
Penetration Testing, Vulnerability Assessment, Malware Analysis, Reverse Engineering, Packet Analysis, Wireshark, tshark, tcpdump, Tips & Tricks, Notes, Network Security, Unix, Solaris, Firewalls, Cisco ASA, Cisco PIX, Checkpoint, Netscreen
Friday, August 13, 2010
Wednesday, August 11, 2010
How to find files in Ms Windows using command line
dir c:\Local\Data\xxx\ /s /b | find "string"
Find
http://technet.microsoft.com/en-us/library/cc725655%28WS.10%29.aspx
Dir
http://technet.microsoft.com/en-us/library/cc755121%28WS.10%29.aspx
Examples
To display all lines from Pencil.ad that contain the string "Pencil Sharpener", type:find "Pencil Sharpener" pencil.ad
To find a string that contains text within quotation marks, you must enclose the entire string in quotation marks. Then you must use two quotation marks for each quotation mark contained within the string. To find "The scientists labeled their paper "for discussion only." It is not a final report." in Report.doc, type:
find "The scientists labeled their paper ""for discussion only."" It is not a final report." report.doc
If you want to search for a set of files, you can use the find command within the for command. To search the current directory for files that have the extension .bat and that contain the string "PROMPT", type:
for %f in (*.bat) do find "PROMPT" %f
To search your hard disk to find and display the file names on drive C that contain the string "CPU", use the pipe (|) to direct the output of the dir command to the find command as follows:
dir c:\ /s /b | find "CPU"
Because find searches are case-sensitive and dir produces uppercase output, you must either type the string "CPU" in uppercase letters or use the /i command-line option with find.
Saturday, August 7, 2010
EtherChannel, Port Channel, Trunking, Port trunking, Link aggregation
Po1, which stands for the interface "port-channel1". This is the logical interface created when an Etherchannel is built. We are now using both physical paths between the two switches at one time!
http://ezinearticles.com/?Cisco-CCNA-/-CCNP-Certification:-How-And-Why-To-Build-An-Etherchannel&id=93114
Etherchannel/port-channel
On different Cisco switches it is possible to create logical connections that are made-up off different fysical interface. It is needed that these interface do have the same speed.
Cisco switch show command’s
http://www.edgenetworks.nl/etherchannel.html
EtherChannel is a port trunking (link aggregation being the general term) technology or port-channel architecture used primarily on Cisco switches. It allows grouping several physical Ethernet links to create one logical Ethernet link for the purpose of providing fault-tolerance and high-speed links between switches, routers and servers. An EtherChannel can be created from between two and eight active Fast Ethernet, Gigabit Ethernet or 10-Gigabit Ethernet ports, with an additional one to eight inactive (failover) ports which become active as the other active ports fail. EtherChannel is primarily used in the backbone network, but can also be used to connect end user machines.
http://en.wikipedia.org/wiki/EtherChannel
Trunking
In modern communications, trunking is a concept by which a communications system can provide network access to many clients by sharing a set of lines or frequencies instead of providing them individually. This is analogous to the structure of a tree with one trunk and many branches. Examples of this include telephone systems and the VHF radios commonly used by police agencies. More recently port trunking has been applied in computer networking as well.
http://en.wikipedia.org/wiki/Trunking
Link aggregation/Port trunking
Link aggregation or IEEE 802.1AX-2008 is a computer networking term which describes using multiple network cables/ports in parallel to increase the link speed beyond the limits of any one single cable or port, and to increase the redundancy for higher availability.
http://en.wikipedia.org/wiki/Link_aggregation
http://en.wikipedia.org/wiki/Port_trunking
http://ezinearticles.com/?Cisco-CCNA-/-CCNP-Certification:-How-And-Why-To-Build-An-Etherchannel&id=93114
Etherchannel/port-channel
On different Cisco switches it is possible to create logical connections that are made-up off different fysical interface. It is needed that these interface do have the same speed.
Cisco switch show command’s
· show interfaces port-channel [channel-group-number]
· show etherchannel [channel-group-number] summary
http://www.edgenetworks.nl/etherchannel.html
EtherChannel between a switch and a server.
EtherChannel is a port trunking (link aggregation being the general term) technology or port-channel architecture used primarily on Cisco switches. It allows grouping several physical Ethernet links to create one logical Ethernet link for the purpose of providing fault-tolerance and high-speed links between switches, routers and servers. An EtherChannel can be created from between two and eight active Fast Ethernet, Gigabit Ethernet or 10-Gigabit Ethernet ports, with an additional one to eight inactive (failover) ports which become active as the other active ports fail. EtherChannel is primarily used in the backbone network, but can also be used to connect end user machines.
http://en.wikipedia.org/wiki/EtherChannel
Trunking
In modern communications, trunking is a concept by which a communications system can provide network access to many clients by sharing a set of lines or frequencies instead of providing them individually. This is analogous to the structure of a tree with one trunk and many branches. Examples of this include telephone systems and the VHF radios commonly used by police agencies. More recently port trunking has been applied in computer networking as well.
http://en.wikipedia.org/wiki/Trunking
Link Aggregation between a switch and a server
Link aggregation/Port trunking
Link aggregation or IEEE 802.1AX-2008 is a computer networking term which describes using multiple network cables/ports in parallel to increase the link speed beyond the limits of any one single cable or port, and to increase the redundancy for higher availability.
http://en.wikipedia.org/wiki/Link_aggregation
http://en.wikipedia.org/wiki/Port_trunking
How to use the OSI Model to Troubleshoot Networks
When a get a call from a user that explains a problem they are having, I would immediately visualize the OSI model. The user might say that they can’t bring up a graphic they are trying to download from the Internet. That graphic is brought up in an application. (layer 7 of the OSI model). I could either start at the top or the bottom, depending on what I suspected was the problem. I would usually start at the bottom (termed the “bottom up approach”). At the bottom of the OSI model is the physical layer (layer 1). So, I would proceed to ask them questions like this:
by David Davis, vExpert, VCP, CCIE 9369 - January 7, 2009
http://www.petri.co.il/csc_how_to_use_the_osi_model_to_troubleshoot_networks.htm
- Is your network cable plugged in? (physical)
- Is there a link light on the Ethernet switch and Ethernet NIC? (data-link)
- Do you have an IP address? (network)
- Can you ping your default gateway? (network, testing LAN IP connectivity)
- Do you have DNS server information?
- Can you ping your DNS server? (network, testing IP connectivity)
- Do you have a firewall configured? (network on up to application)
- Can you ping the host you are trying to get to by name? (application, DNS and network WAN IP connectivity)
- What format is the graphic in? Do you have a viewer for that format? (presentation)
- Can your web browser open up another website? (basic application troubleshooting)
by David Davis, vExpert, VCP, CCIE 9369 - January 7, 2009
http://www.petri.co.il/csc_how_to_use_the_osi_model_to_troubleshoot_networks.htm
WebVPN troubleshooting
Problems in authentication
1. Error in authentication
Type your username and password:
2. Slow Internet connection
If your Internet connection is slow or unstable, it might cause authentication error as a result of time out. Check your Internet connection.
3. Losing connection
Once you've logged in, every new URL that opens will begin with: https:///
If a new window opens without it, it's a sign you've lost connection to the VPN service.
4. Proxy settings
If you are connected successfully and you can't reach sites with your browser (The problem repeats itself especially when connected behind a router) - try to change your proxy settings.
Reference:
Thursday, August 5, 2010
AAA: Authentication, Authorization and Accounting
control traffic based on the IP address and protocol -> access lists
control access for specific users or groups -> authentication
control use for specific users or groups -> authorization
Authentication -> who the user is
Authorization -> what the user can do
Accounting -> what the user did
PIX/ASA : Cut-through Proxy for Network Access using TACACS+ and RADIUS Server Configuration Exampl
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml
AAA protocol
http://en.wikipedia.org/wiki/AAA_protocol
control access for specific users or groups -> authentication
control use for specific users or groups -> authorization
Authentication -> who the user is
Authorization -> what the user can do
Accounting -> what the user did
PIX/ASA : Cut-through Proxy for Network Access using TACACS+ and RADIUS Server Configuration Exampl
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml
Authentication
Authentication refers to the process where an entity's identity is authenticated, typically by providing evidence that it holds a specific digital identity such as an identifier and the corresponding credentials. Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called).Authorization
The "authorization" function determines whether a particular entity is authorized to perform a given activity, typically logging on to an application or service. Authorization may be determined based on a range of restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same entity or user. Examples of types of service include, but are not limited to: IP address filtering, address assignment, route assignment, Quality of Service/differential services, bandwidth control/traffic management, compulsory tunneling to a specific endpoint, and encryption.Accounting
Accounting refers to the tracking of the consumption of network resources by users. This information may be used for management, planning, billing, or other purposes. Real-time accounting refers to accounting information that is delivered concurrently with the consumption of the resources. Batch accounting refers to accounting information that is saved until it is delivered at a later time. Typical information that is gathered in accounting is the identity of the user, the nature of the service delivered, when the service began, and when it ended.AAA protocol
http://en.wikipedia.org/wiki/AAA_protocol
Subscribe to:
Posts (Atom)