Hey everyone, As most of my readers know by now I like to help people get started with their careers and help them along with their studies. I’ve been quite active on the Cisco Learning Network lately and also I
Quick notes on Zone Based Policy Firewall (ZBFW)
Continuing to check things off from the blueprint. Did some ZBFW labbing today. Here are some important stuff to be aware of. ZBFW is basically a wrapper for CBAC. We create policys between zones and assign interfaces to zones instead
AAA new-model – What does it do?
To enable AAA we need the AAA new-model command but what does it really do? Many of us makes assumptions about this command. By default if we have an empty config then we will be able to use the console
Quick post on IP applications
I’m going through the blueprint and now I checked off IP accounting. The feature is very simple, it lets us see which source destination pairs that are sending traffic to each other. We can also configure to look what precedence
Quiz – AAA authorization
I’m doing the security section of Vol1 right now and this is something I think people might have confused. Look at the following configuration: ! Scenario 1 aaa authentication login default group tacacs+ none aaa authorization exec default none !
Generate traffic with traceroute
I found a very useful tool when practicing the INE labs. How to generate traffic with traceroute. I’ve used telnet lots of times to generate TCP traffic on different ports but what if we want to generate UDP traffic instead?
Lock and key ACL
The lock and key ACL is one of those features you’re not sure how to use in production but it is viable for the CCIE lab. The lock and key ACL is a form of dynamic ACL which requires a
Filtering traffic with a route-map
This post describes how to filter packets with a route-map. I have never used a route-map for the sole purpose of filtering packets before. I ran into this while doing a vol2 lab and the task was to filter ICMP
Filtering traffic with VLAN access maps
While doing a vol2 lab I got stumped by one of the tasks in the lab. The task was to filter ICMP packets coming from the backbone destined to a network on the internal routers. The topology looks like this.
Reflexive access-lists is a way of filtering traffic where only return traffic is allowed if it belongs to a session initiated on the “inside”. In a regular access-list we can use the keyword established for filtering but that only looks