VLAN Based Traffic Shaping Cisco Switch

VLAN Based Traffic Shaping:

Today i will discuss how to configure VLAN based traffic shaping on cisco Catalyst ME3400 switch. Suppose you have 4 vlan [21,22,23,24] on a trunk port & you want to bandwidth shaping specific vlan 21 & 22. Here we declare 5Mbps BW for Vlan 21 & 2Mbps BW for Vlan 22. [boxads]

You can enable bandwidth shaping on an interface (or sub-interface) in three easy steps. Just remember: class, policy & interface.

Class:

At first you need to create a class map for those Vlan. Here we create vlan21 & vlan22 as a class map.

class-map match-all vlan21
 match vlan  21
class-map match-all vlan22
 match vlan  22

policy:

Now it’s time to define our policy map. In this case, we’re going to take any traffic that matched the vlan21 & vlan22 class (which, as you remember, is all traffic) and apply a shaping policy to it. Also we create subvlan & mainvlan policy map.

Read more

Huawei switch bandwidth limit Configure

Huawei switch bandwidth limit Configure:

Today i discuss how to Huawei switch bandwidth limit Configure. will At first login your Huawei switch then follow bellow command. In this case i will show you how 1 MB Bandwidth limit configure in a huawei switch port.[boxads]

Configuration example:

system-view
interface Ethernet 0/0/1
qos lr inbound cir 1024 cbs 16000000
qos lr outbound cir 1024 cbs 16000000

Read more

Configure bandwidth limit cisco switch

How to Configure bandwidth limit cisco switch / bind switch port bandwidth

Today i will discuss how to configure bandwidth limit cisco switch port. At first create policy map then apply it into port which port you bind specific bandwidth. In this case i will show you how to configure 1 MB Bandwidth limit in a switch port.[boxads]

Go to config mode by: conf t command then follow bellow command.

Policy Map for Input traffic:

policy-map 1MBps
class class-default
police cir 1048576 bc 1000000
conform-action transmit
exceed-action drop

Read more

Cisco Switch Security Configuration

Cisco Switch Security Configuration

For security reason one password is used for the enable password and the other will later be assigned to the console port. [boxads]

SWITCH(config)#enable secret  [password]

SWITCH(config)#username admin password [password]

A password should be required to access the console line.  Even the basic user EXEC mode can provide significant information to a malicious user. In addition, the VTY lines must have a password before users can access the switch remotely.

Read more

Network Security Attacks and Defence

Network Security Attacks and Defence

Today I will discuss about Network Security Attacks and Defence. Network security involves the authorization of access to data in a network, which is controlled by the network administrator.

[boxads]

Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

Types of attacks include:

Active:
1.  Denial-of-service attack (DoS)
2.  Spoofing
3.  Man in the middle
4.  ARP poisoning
5.  DNS Spoofing
6.  Smurf attack
7.  Buffer overflow
8.  Heap overflow
9.  Format string attack
10.  SQL injection
11. Cyber attack

Passive:
1. Network
a. Wiretapping
b. Port scanner
c. Idle scan

Denial-of-Service Attack (DoS)

Denial of Service (DoS) attacks are among the most feared threats in today’s cybersecurity landscape. Difficult to defend against and potentially costly, DoS attacks can cause outages of web sites and network services for organizations large and small. DoS attacks can also be lucrative for criminals, some of whom use these attacks to shake down businesses for anywhere from thousands to millions of dollars.

Read more

Cisco Switch AAA Security

Cisco Switch AAA Security

Today i will discuss about Cisco Switch AAA Security. Typically, remote administrator access to a Cisco switch requires a password but no username. There is no accountability for which administrator has connected to the switch. Also, no mechanism is set by default for what an administrator is allowed to do. [boxads]

Cisco provides three security mechanisms called Authentication, Authorization and Accounting (AAA) that can address these vulnerabilities. Configure AAA on a switch in conjunction with a security server.

Use of AAA with a security server provides the security mechanisms described below.

  • Authentication– This mechanism identifies remote and local users before granting access to the switch.
  • Authorization– This mechanism controls access to remote services based on defined attributes associated with the authenticated user.
  • Accounting– This mechanism provides a secure logging capability for recording services accessed by a user as well as a user’s bandwidth consumption

AAA allows for security servers to use three types of protocols: RADIUS, TACACS+ and Kerberos.

This setting is important, especially if the administrator is configuring the switch remotely.

The following command shows an example of how to create a local user, including the username (e.g., shahed) with a privilege level (e.g., 0) and a password (e.g., g00d-P5WD) that will be MD5-encrypted.

Switch(config)# username shahed privilege 0 secret g00d-P5WD

To enable AAA, use the following command.

Switch(config)# aaa new-model

Specifying a security server or set of security servers can be done using the following Cisco Switch AAA Security commands for TACACS+ and RADIUS:

{tacacs-server | radius-server} host ip-address

{tacacs-server | radius-server} key key

Read more