ACLs. Cisco & Radius. Asa. I had a request to limit the bandwidth of some hosts in a LAN only on the business hours. Not knowing that time-based ACLs are supported I decided to do that without the time component on the local ASA 5510 firewall located at the border of the network. After doing that something caught my eye browsing trough the ASDM: The "Time ranges" object. This has a very flexible definition: it has 2 layers; the first layer defines the start time and the end time (for example: the time range of the second layer will begin on 03.03.2008, 2100 hours and end on 05.03.2008, 0800 hours); the second second layer is weekly-based - eighter select the days of the week with a hourly interval or select a weekly interval when this range will be active.
For example, if you want to define the range of working hours (9:00 to 17:00) you can do it like this: time-range working_hours periodic weekdays 9:00 to 17:00 make a class-map: class-map class match access-list limit Or you can do it with ASDM :D. Cisco router IPSEC VPN configuration. How To Secure Your Cisco Router Using Cisco AutoSecure Feature. In today’s complex network environments securing your network routers can be a daunting task, especially when there are so many CLI commands and parameters with different security implications for your Cisco router device.
Thankfully, since Cisco IOS version 12.3 and later, Cisco provides an easy way for administrators to lock down their Cisco router without entering complex commands and parameters. This feature was smartly introduced to help remove the complexity of the task and ensure the lock-down is performed according to Cisco’s best security practices. The Cisco AutoSecure feature is available to all IOS version 12.3 and above and supported on all hardware platforms, including all newer Cisco 870, 880, 1800, 1900, 2800, 2900, 3800 and 3900 series routers. To maximize flexibility the Cisco AutoSecure command supports two different modes depending on your needs and flexibility required: We’ll examine the practical difference between the two commands soon. 1. 2. 3. 4. 5. 6. No cdp run. Activation de ssh sur un switch Cisco. How to Recover a Lost Password on a Cisco Switch. By David Davis - January 7, 2009 So you lost the password on your Cisco switch.
Maybe the old administrator left or maybe you just haven’t used this switch in a while and don’t recall the password. No matter what the case, you need to change the password on the switch so you can create a new password. How do you do this on a Cisco switch? I want to point out that this article is based on a Cisco Catalyst 2900, 3500XL, 2940, 2950, 2955, and 3550 switches. To recover a password on a Cisco switch, you will have to be connected to the console port of the Cisco switch using 9600 baud, 8 bits, no parity, 1 stop bit, and xon/xoff flow control. Once you are connected and see something on the terminal window when you press enter, unplug the power cable. On a 2900, 3500XL or 3550 (like the one shown) release the mode button after the 1x port LED goes out.
You should now see something like this (taken from a 3550 switch): Notice that it says that the password-recovery mechanism is enabled. Password Recovery for the Catalyst 2900XL, 3500XL, 2950, and 3550 Series Switches. Introduction Step-by-Step Procedure This document describes the password recovery procedure for the Cisco Catalyst 2900XL, 3500XL, 2950, and 3550 series switches. Attach a terminal or PC with terminal emulation (for example, Hyper Terminal) to the console port of the switch. Use the following terminal settings: Bits per second (baud): 9600 Data bits: 8 Parity: None Stop bits: 1 Flow Control: Xon/Xoff Unplug the power cable.
Hold down the mode button located on the left side of the front panel, while reconnecting the power cable to the switch. For 2900/3500XL and 3550 Series switches: release the mode button after the LED above Port 1x goes out. Note: LED position may vary slightly depending on the model. Catalyst 3524XL For 2950 Series switches: release the mode button after the STAT LED goes out.
The following instructions appear: The system has been interrupted prior to initializing the flash filesystem. VLAN et Trunk 802.1q. En relisant quelques anciens billets, je me suis rendu compte que je n’avais pas abordé précisément la notion de vlan et de trunk dans une architecture réseau. Corrigeons donc cela rapidement. Un VLAN est un réseau Virtuel. Dans un réseau local physique, vous pouvez donc mettre en place des réseaux logiques, séparés les uns de autres, on parle alors de « segmentation ». Pour pouvoir mettre cela en place, il vous faut donc un switch qui supporte cette fonctionnalité. Si maintenant vous désirez propager plusieurs VLANs sur un même lien physique, il faut configurer un « trunk » et la norme établie est la 802.1q aussi appelé couramment : dot1q. Pour cela, il faudra que vos paquets soit « taggués », c’est à dire qu’ils contiennent dans leurs en-têtes le numéro du vlan (VLAN ID) pour lequel ils sont destinés. (Cisco supporte bien évidemment cette norme sur ses équipements, mais également sa propre norme propriétaire, ISL « Inter Swtich Link », dont je ne parlerais pas ici).
Réseau Perso Guiguiabloc.