December 18, 2024

Cisco Switch AAA Security

Cisco Switch AAA Security Today i will discuss about Cisco Switch AAA Security. Typically, remote administrator access to a Cisco switch requires a password but no username. There is no accountability for which administrator has connected to the switch. Also, no mechanism is set by default for what an administrator is allowed to do. [boxads] Cisco provides three security mechanisms called Authentication, Authorization and Accounting (AAA) that can address these vulnerabilities. Configure AAA on a switch in conjunction with a security server. Use of AAA with a security server provides the security mechanisms described below. Authentication– This mechanism identifies remote …

Cisco Switch AAA Security Read More

Access Control Lists Security

Access Control Lists Security Today I will discuss about Access Control Lists Security issue. A switch with either no access control list (ACL) or a permissive ACL applied to its interfaces allows broad access for TCP/IP connections (e.g., FTP, telnet, DNS, HTTP, SNMP, ICMP) through the switch to any system (e.g., critical server) on the protected network. [boxads] In preparation for implementing ACLs, categorize systems attached to the switches into groups that use the same network services. Grouping systems this way helps reduce the size and complexity of associated ACLs. ACLs can permit or deny each packet based on the …

Access Control Lists Security Read More

Cisco Network Security Services

Cisco Network Security Services Today I will discuss about Cisco Network Security issue. Switches can have a number of network services enabled. Many of these services are typically not necessary for a switch’s normal operation; however if these services are enabled then the switch may be susceptible to information gathering or to network attacks. The characteristics or the poor configuration of the network services on a switch can lead to compromise. Most of these services use one of the following transport mechanisms at Layer 4 of the OSI RM: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). If possible, …

Cisco Network Security Services Read More

Cisco Switch Port Security Configuration

Cisco Switch Port Security Configuration Today I will discuss about Cisco Switch Port Security issue. Layer 2 interfaces on a Cisco switch are referred to as ports. A switch that does not provide port security allows an attacker to attach a system to an unused, enabled port and to perform information gathering or attacks. A switch can be configured to act like a hub, which means that every system connected to the switch can potentially view all network traffic passing through the switch to all systems connected to the switch. Thus, an attacker could collect traffic that contains usernames, passwords …

Cisco Switch Port Security Configuration Read More

Errdisable reason and recovery procedure

Errdisable reason and recovery procedure:  This document defines the errdisabled reason & describes how to recover from it, and provides examples of errdisable recovery. [boxads] Note: The port status of err-disabled displays in the output of the show interfaces interface_number status command. Function of Errdisable: When a switch port is error disabled state, it is effectively shut down and no traffic is sent or received on that port. The port LED is set to the color orange and, when you issue the show interfaces command, the port status shows err-disabled. bellow is an example of  error-disabled port status looks like from …

Errdisable reason and recovery procedure Read More

Configuring Q-in-Q vlan tunnels on cisco Switch port

Configuring Q-in-Q vlan tunnels on cisco Switch port: Today i will discuss how to Configuring Q-in-Q vlan tunnels in cisco switch. At first login your Switch then apply bellow command. Here i use FastEthernet 0/1 interface. [boxads] conf t interface FastEthernet 0/1 description “your description here” port-type nni switchport access vlan 92               switchport mode dot1q-tunnel no keepalive duplex full storm-control broadcast level 1.00 l2protocol-tunnel cdp no cdp enable no cdp tlv server-location no cdp tlv app spanning-tree bpdufilter enable N.B: Here  92=q-in-q VLAN id.

Configuring Q-in-Q vlan tunnels on cisco Switch port Read More
error: Content is protected !!