Tag: security

Cisco – dot1x port configuration

Radius connection interface GigabitEthernet0/1 aaa new-model ! aaa group server radius ISE-RADIUS server name ISE-KEY ! aaa authentication dot1x default group ISE-RADIUS aaa authorization network default group ISE-RADIUS aaa accounting dot1x default start-stop group ISE-RADIUS ! ip device tracking !…

Protection ACL for WAN INTERFACE

An protection ACL for WAN interfaces ip access-list extended PERIMETER-IN remark ANTI-SPOOFING deny ip INTERNAL NETWORKS any remark BROADCAST deny ip 0.0.0.0 0.255.255.255 any remark RFC 1918 – private networks deny ip 10.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.255.255 any…

RSYSLOG – new file for SNMP

Sometimes it is annoying that all entries are written inti the /var/log/messages log file. Especially of you run SNMP on your host and each single packet gets recorded. There are two options available. The first one is to reduce the…

ICMP / UDP / TCP Flood – hping3

During my study of different firewall vendors and capabilities I came accross a pretty need tool called hping3. Kind of old but well know but for testing valuable: Here are some commandline examples ICMP flooding for DOS sensor testing: #ICMP…

Cisco ASA 5510 access http ssh

To get access to your precious Cisco ASA 5510 firewall via SSH ssh or http seems to be an easy task. But sometimes it turns into a dilema. SSH Access: access your firewall via terminal and configure your management link…

Cisco site to site VPN brief setup

I have just two sites with Cisco equipment setup. now I need to get a VPN over the internet. Assumed that both routers are configured: Router A   ! crypto isakmp policy 20 encr aes 256 authentication pre-share group 2…