Skip to main content

Securing a Cisco Network

By

Securing a Cisco Network

Security is always a concern, and your Cisco network needs to be properly secured. In the following sections, you see how to secure your Cisco network by configuring NAT, by configuring an ACL, and by applying that ACL.

Securing your Cisco network by configuring NAT

The following commands are used to configure NAT overload services on a router called Router1. In this example, a list of source address is created in access list #1, which is then used as the inside source list. The FastEthernet 0/0 port is the overloaded public address port that all inside addresses get translated to.
Router1>enable
Router1#configure terminal
Router1(config)#access-list 1 permit 10.0.0.0 0.255.255.255
Router1(config)#ip nat inside source list 1 interface FastEthernet 0/0 overload
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ip nat outside
Router1(config-if)#interface FastEthernet0/1
Router1(config-if)#ip nat inside

Securing your Cisco network by configuring an access control list (ACL)

ACLs are used to control traffic flow. They can be used allow or deny the flow of traffic. The two main types of ACLs are:
  • Standard ACLs, which have fewer options for classifying data and controlling traffic flow than Extended ACLs. They are only able to manage traffic based on the source IP address. These ACLs are numbered from 1–99 and from 1300–1999.
  • Extended ACLs, which offer the ability to filter or control traffic based on a variety of criteria such as source or destination IP addresses, as well as protocol type such as, ICMP, TCP, UDP, or IP. These ACLs are numbered from 100–199 and from 2000–2699.
To create a standard ACL, you can use the following example which will create an ACL that allows traffic for the 192.168.8.0/24 network.
Switch1>enable
Switch1#configure terminal
Switch1(config)#access-list 50 permit 192.168.8.0 0.0.0.255
To create an extended ACL you can use the following example which will create an ACL that allows traffic with addresses in the 192.168.8.0/24 network and tcp ports of either 80 (http) or 443 (https):
Router1>enable
Router1#configure terminal
Router1(config)#access-list 101 remark This ACL is to control the outbound router traffic.
Router1(config)#access-list 101 permit tcp 192.168.8.0 0.0.0.255 any eq 80
Router1(config)#access-list 101 permit tcp 192.168.8.0 0.0.0.255 any eq 443

Securing your Cisco network by applying an access control list

After you have created an Access Control List (ACL), such as ACL 101 created above, you can apply that ACL to an interface. In the following example, this ACL is placed to restrict outbound traffic on FastEthernet0/1.
Router1>enable
Router1#configure terminal
Router1(config)#interface FastEthernet0/1
Router1(config-if)#ip access-group 101 out
Labels:

Comments

Post a Comment

Popular posts from this blog

Duplicate IP Address has been Detected Rule

By
A duplicate IP address has been detected on the network Rule Knowledgebase Summary This rule generates an alert when Windows® detects that he local machine’s IP address is in conflict with one or more identical IP addresses on the network. Until the IP address conflict is resolved, remote clients and applications may have difficulty accessing resources on any of the effected computers. Additionally, the local computer may not be able to access network resources. Related Events This rule generates an alert whenever the following events occur and are recorded in the System Event Log: The system detected an address conflict for IP address %2 with the system having network hardware address %3. The local interface has been disabled. Source: TCPIP; Event ID: 4198; The system detected an address conflict for IP address %2 with the system having network hardware address %3. The local interface has been disabled. Source: TCP...
1 comment
Read more

Schedule Automatic backup config in Cisco Nexus

By
Schedule Automatic backup config in Cisco Nexus Nexus-Sw1(config)#feature scheduler   //Enable scheduler service in Nexus Nexus-Sw1(config)#scheduler job name backup-daily      // Job Name Nexus-Sw1(config)#scheduler aaa-authentication username abcd password abcd@123     // AAA - Authentication for Job created above (If AAA configured) Nexus-Sw1(config)#scheduler job name backup-daily copy running-config tftp://192.168.1.23/$(SWITCHNAME)-cfg.$(TIMESTAMP)         //IP of TFTP SERVER , file will saved with switch name and timestamp exit Nexus-Sw1(config)#scheduler schedule name backup-daily   // Setup Schedule to run for the JOB Nexus-Sw1(config-schedule)# time ?   daily    Specify a daily schedule   monthly  Specify a monthly schedule   start    Specify a future time schedule   weekly   Specify a weekly schedule...
Post a Comment
Read more

VMware CPU and Memory Reservations: Fixing Insufficient resources to satisfy configured failover level for HA

By
Source Knowledge From :-  http://geekswing.com/geek/vmware-cpu-and-ram-reservations-fixing-insufficient-resources-to-satisfy-configured-failover-level-for-ha/ VMware CPU and Memory Reservations: Fixing Insufficient resources to satisfy configured failover level for HA This post comes from a few days of poring over manuals as well as some technical support. This is a good one. The error came from trying to power on a VM in our VMware cluster and we would get these errors: “Insufficient resources to satisfy configured failover level for HA” And this alert on our cluster “Insufficient resources to satisfy HA failover level on cluster vmCluster in vmTST” Our way of thinking was we had to power one off to power another one on. But that didn’t work. Here we is the actual solution. (p.s. Great VMware HA education for me on this one!) PROBLEM SOURCE: VMware HA is turned on and you are violating constraints VMware HA is turned on, and you have i...
1 comment
Read more