Friday, August 13, 2010

Five steps to configure SSH in Cisco ASA

1) username xxxx password xxxx
2) passwd xxxxx
3) ssh x.x.x.x x.x.x.x {inside/outside}
4) crypto key generate rsa modulus {512/768/1024/2048}
5) aaa authentication ssh console LOCAL

https://learningnetwork.cisco.com/docs/DOC-2820

Wednesday, August 11, 2010

How to find files in Ms Windows using command line

dir c:\Local\Data\xxx\ /s /b | find "string"

Find
http://technet.microsoft.com/en-us/library/cc725655%28WS.10%29.aspx

Dir
http://technet.microsoft.com/en-us/library/cc755121%28WS.10%29.aspx

Examples

To display all lines from Pencil.ad that contain the string "Pencil Sharpener", type:

find "Pencil Sharpener" pencil.ad


To find a string that contains text within quotation marks, you must enclose the entire string in quotation marks. Then you must use two quotation marks for each quotation mark contained within the string. To find "The scientists labeled their paper "for discussion only." It is not a final report." in Report.doc, type:

find "The scientists labeled their paper ""for discussion only."" It is not a final report." report.doc


If you want to search for a set of files, you can use the find command within the for command. To search the current directory for files that have the extension .bat and that contain the string "PROMPT", type:

for %f in (*.bat) do find "PROMPT" %f 


To search your hard disk to find and display the file names on drive C that contain the string "CPU", use the pipe (|) to direct the output of the dir command to the find command as follows:

dir c:\ /s /b | find "CPU" 


Because find searches are case-sensitive and dir produces uppercase output, you must either type the string "CPU" in uppercase letters or use the /i command-line option with find.

Saturday, August 7, 2010

EtherChannel, Port Channel, Trunking, Port trunking, Link aggregation

Po1, which stands for the interface "port-channel1". This is the logical interface created when an Etherchannel is built. We are now using both physical paths between the two switches at one time!
http://ezinearticles.com/?Cisco-CCNA-/-CCNP-Certification:-How-And-Why-To-Build-An-Etherchannel&id=93114

Etherchannel/port-channel
On different Cisco switches it is possible to create logical connections that are made-up off different fysical interface. It is needed that these interface do have the same speed.

Cisco switch show command’s
· show interfaces port-channel [channel-group-number]
· show etherchannel [channel-group-number] summary

http://www.edgenetworks.nl/etherchannel.html
 EtherChannel between a switch and a server.

EtherChannel is a port trunking (link aggregation being the general term) technology or port-channel architecture used primarily on Cisco switches. It allows grouping several physical Ethernet links to create one logical Ethernet link for the purpose of providing fault-tolerance and high-speed links between switches, routers and servers. An EtherChannel can be created from between two and eight active Fast Ethernet, Gigabit Ethernet or 10-Gigabit Ethernet ports, with an additional one to eight inactive (failover) ports which become active as the other active ports fail. EtherChannel is primarily used in the backbone network, but can also be used to connect end user machines.
http://en.wikipedia.org/wiki/EtherChannel

Trunking
In modern communications, trunking is a concept by which a communications system can provide network access to many clients by sharing a set of lines or frequencies instead of providing them individually. This is analogous to the structure of a tree with one trunk and many branches. Examples of this include telephone systems and the VHF radios commonly used by police agencies. More recently port trunking has been applied in computer networking as well.
http://en.wikipedia.org/wiki/Trunking

Link Aggregation between a switch and a server

Link aggregation/Port trunking
Link aggregation or IEEE 802.1AX-2008 is a computer networking term which describes using multiple network cables/ports in parallel to increase the link speed beyond the limits of any one single cable or port, and to increase the redundancy for higher availability.
http://en.wikipedia.org/wiki/Link_aggregation
http://en.wikipedia.org/wiki/Port_trunking

How to use the OSI Model to Troubleshoot Networks

When a get a call from a user that explains a problem they are having, I would immediately visualize the OSI model. The user might say that they can’t bring up a graphic they are trying to download from the Internet. That graphic is brought up in an application.  (layer 7 of the OSI model). I could either start at the top or the bottom, depending on what I suspected was the problem. I would usually start at the bottom (termed the “bottom up approach”). At the bottom of the OSI model is the physical layer (layer 1). So, I would proceed to ask them questions like this:
  • Is your network cable plugged in? (physical)
  • Is there a link light on the Ethernet switch and Ethernet NIC? (data-link)
  • Do you have an IP address? (network)
  • Can you ping your default gateway? (network, testing LAN IP connectivity)
  • Do you have DNS server information?
  • Can you ping your DNS server? (network, testing IP connectivity)
  • Do you have a firewall configured? (network on up to application)
  • Can you ping the host you are trying to get to by name? (application, DNS and network WAN IP connectivity)
  • What format is the graphic in? Do you have a viewer for that format? (presentation)
  • Can your web browser open up another website? (basic application troubleshooting
How to use the OSI Model to Troubleshoot Networks
by David Davis, vExpert, VCP, CCIE 9369 - January 7, 2009
http://www.petri.co.il/csc_how_to_use_the_osi_model_to_troubleshoot_networks.htm

WebVPN troubleshooting

Problems in authentication

1. Error in authentication
Type your username and password:

2. Slow Internet connection
If your Internet connection is slow or unstable, it might cause authentication error as a result of time out. Check your Internet connection.

3. Losing connection
Once you've logged in, every new URL that opens will begin with: https:///
If a new window opens without it, it's a sign you've lost connection to the VPN service.

4. Proxy settings
If you are connected successfully and you can't reach sites with your browser (The problem repeats itself especially when connected behind a router) - try to change your proxy settings. 

Reference:

Thursday, August 5, 2010

AAA: Authentication, Authorization and Accounting

control traffic based on the IP address and protocol -> access lists
control access for specific users or groups -> authentication
control use for specific users or groups -> authorization

Authentication -> who the user is
Authorization -> what the user can do
Accounting -> what the user did

PIX/ASA : Cut-through Proxy for Network Access using TACACS+ and RADIUS Server Configuration Exampl
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml

Authentication
Authentication refers to the process where an entity's identity is authenticated, typically by providing evidence that it holds a specific digital identity such as an identifier and the corresponding credentials. Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called).

Authorization
The "authorization" function determines whether a particular entity is authorized to perform a given activity, typically logging on to an application or service. Authorization may be determined based on a range of restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same entity or user. Examples of types of service include, but are not limited to: IP address filtering, address assignment, route assignment, Quality of Service/differential services, bandwidth control/traffic management, compulsory tunneling to a specific endpoint, and encryption.

Accounting
Accounting refers to the tracking of the consumption of network resources by users. This information may be used for management, planning, billing, or other purposes. Real-time accounting refers to accounting information that is delivered concurrently with the consumption of the resources. Batch accounting refers to accounting information that is saved until it is delivered at a later time. Typical information that is gathered in accounting is the identity of the user, the nature of the service delivered, when the service began, and when it ended.

AAA protocol
http://en.wikipedia.org/wiki/AAA_protocol

Related post:

Related Posts with Thumbnails