Networking & Security

Spanning Tree Protocol and its variations is responsible for elimination loops and ensuring efficiency at layer 2 . Despite was invented 30 years ago and nowadays very often between Access and Distribution layers routing is utilized, it is still good to know how works and what is responsible for. 

FlexVPN is being called “one to rule them all” and there is no exaggeration in this statement. VPN that allows you for site to site connection with the remained VPNs like VTI, DMVPN and by the way for remote access as well. Let’s break FlexVPN down  based on site to site configuration. 

During designing and implementation of wireless network you will come across on Layer 2 and 3 roaming. Both of them improve scalability of the wireless network  and simplify end user life, but work differently.

When we think AAA server we think about Radius and TACACS+ servers. The servers that are responsible for authentication, authorization and accounting. What is, what we may get of AAA server and how to use its, let’s check it on real examples.

Since routers and multilayer switches use Cisco Express Forwarding feature, the true that switches are much more faster than routers is not a true anymore. Nowadays routers can make decision with the wirespeed likely switches with ASICS. What is CEF, how works and how helps out the routers in packets routing ?

In simple network that doesn’t consists of a large numbers of routers, doesn’t relay on more than one routing protocol or doesn’t use BGP you may never come across Route Maps, but if one of above conditions is fullfiled then for sure sooner or later you will have to consider using route maps. What are, when and…

Usually if we mention about Public Key Infrastructure we think about external Certificate Authority like Verisign or GoDaddy. It turns out, there is a SCEP protocol that enables us running our own CA in Cisco environment and that certificates we may use during ISAKMP IKEv1 or IKv2 authentication.

You may be familiar very well with BGP protocol but probably until you don’t start use MPLS L3 VPN or IPv6 you will not have awareness that the other kind of BGP addresses exist. For carrying the other BGP addresses responsible is Multi Protocol BGP,  that we  break down right now.

Zone Based Firewall in IOS, combines 2 concepts: Modular Policy Framework and well-known Zones from ASA firewalls. ZBF solution is more secure than ACLs, easier to implement and to troubleshoot. Rely on statefull filtering what is also well-known from ASA firewalls. Despite this, is not fresh solution, but still works out very well.  

One of the first thing during designing campus network is an IP addressation scheme and its assigning at Access Layer. For handing out IP addresses responsible is DHCP protocol,  proper deployment of DHCP server in large environment can spare us a lot of trouble and issues.

By default Cisco router doesn’t provide any security regarding the access. You have to secure the router by yourself. In this article I’ll show how to do this for console and VTY lines .

NX-OS that we may come across on Cisco Nexus switches provide very interesting feature which is called FabricPath. FabricPath has evolved from TRILL,  consists in “layer 2 routing” and definitely is one od the most important feature in modern datacenter.

Everything is going seamlessly regarding redistribution if we have only one point of redistribution, but when we add another router on the edge of 2 routing protocols, for instance in order to provide “high availability” by adding another point of failure to get redundancy,  then our network is exposed to very inefficient sub-optimal routing.

Since ASDM and “wizards” are being used, knowing Command Line Interface on ASA to configure its seems to be unnecessary, but knowledge about what particular commands are responsible for and how they work is demanding if you will have to  troubleshoot SSL. In this topic you will se how to configure Remote Access with SSL and VPN.with command…

There is no doubt, on the edge of the network some kind of the redundancy is always desireable.In this article I am going to discuss 2 examples to provide redundancy. First one: there is ONE router with 2 WAN connections leading to different ISPs and second one we have TWO switches with 2 WAN connections leading…