About Author

Cisco Switch AAA Security

by ShahedFebruary 15, 2011October 30, 20150

Cisco Switch AAA Security Today i will discuss about Cisco Switch AAA Security. Typically, remote administrator access to a Cisco switch requires a password but no username. There is no accountability for which administrator has connected to the switch. Also, no mechanism is set by default for what an administrator is allowed to do. [boxads] Cisco provides three security mechanisms called Authentication, Authorization and Accounting (AAA) that can address these vulnerabilities. Configure AAA on a switch in conjunction with a security server. Use of AAA with a security server provides the security mechanisms described below. Authentication– This mechanism identifies remote …

by ShahedFebruary 15, 2011October 30, 20150

Access Control Lists Security Today I will discuss about Access Control Lists Security issue. A switch with either no access control list (ACL) or a permissive ACL applied to its interfaces allows broad access for TCP/IP connections (e.g., FTP, telnet, DNS, HTTP, SNMP, ICMP) through the switch to any system (e.g., critical server) on the protected network. [boxads] In preparation for implementing ACLs, categorize systems attached to the switches into groups that use the same network services. Grouping systems this way helps reduce the size and complexity of associated ACLs. ACLs can permit or deny each packet based on the …

by ShahedFebruary 14, 2011October 30, 20150

Cisco Network Security Services Today I will discuss about Cisco Network Security issue. Switches can have a number of network services enabled. Many of these services are typically not necessary for a switch’s normal operation; however if these services are enabled then the switch may be susceptible to information gathering or to network attacks. The characteristics or the poor configuration of the network services on a switch can lead to compromise. Most of these services use one of the following transport mechanisms at Layer 4 of the OSI RM: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). If possible, …

by ShahedFebruary 13, 2011October 30, 20150

Cisco Switch Port Security Configuration Today I will discuss about Cisco Switch Port Security issue. Layer 2 interfaces on a Cisco switch are referred to as ports. A switch that does not provide port security allows an attacker to attach a system to an unused, enabled port and to perform information gathering or attacks. A switch can be configured to act like a hub, which means that every system connected to the switch can potentially view all network traffic passing through the switch to all systems connected to the switch. Thus, an attacker could collect traffic that contains usernames, passwords …

by ShahedFebruary 13, 2011October 24, 20150

Errdisable reason and recovery procedure: This document defines the errdisabled reason & describes how to recover from it, and provides examples of errdisable recovery. [boxads] Note: The port status of err-disabled displays in the output of the show interfaces interface_number status command. Function of Errdisable: When a switch port is error disabled state, it is effectively shut down and no traffic is sent or received on that port. The port LED is set to the color orange and, when you issue the show interfaces command, the port status shows err-disabled. bellow is an example of error-disabled port status looks like from …

by ShahedFebruary 3, 2011October 26, 20150

Configuring Q-in-Q vlan tunnels on cisco Switch port: Today i will discuss how to Configuring Q-in-Q vlan tunnels in cisco switch. At first login your Switch then apply bellow command. Here i use FastEthernet 0/1 interface. [boxads] conf t interface FastEthernet 0/1 description “your description here” port-type nni switchport access vlan 92 switchport mode dot1q-tunnel no keepalive duplex full storm-control broadcast level 1.00 l2protocol-tunnel cdp no cdp enable no cdp tlv server-location no cdp tlv app spanning-tree bpdufilter enable N.B: Here 92=q-in-q VLAN id.