access-list 5 permit 10.0.0.1
access-list 5 permit 10.0.0.2
access-list 5 permit 192.168.3.1
access-list 5 permit 192.168.0.1
access-list 5 deny any
!
line con 0
line vty 0 4
access-class 5 in
login
Friday, November 21, 2008
How to limit access from network host to a Cisco device
Sometime you may like to limit only certain IP address to access your Cisco router / switch by using telnet. You may implement it by configuring the access list and apply it to the line vty 0 4 line.
Thursday, November 20, 2008
Default VLAN
The default VLAN on all switches is VLAN 1.
By default, all ports in a Cisco switch belong to VLAN 1. With all ports in the same VLAN (in this case VLAN 1), all ports can communicate with each other without going through a router.
However, if you change the VLAN assignment for a switch port to another VLAN, that switch port will not be able to communicate with the rest of the devices on other ports. In this case, you will need a router to route packet from one network to another network.
By default, all ports in a Cisco switch belong to VLAN 1. With all ports in the same VLAN (in this case VLAN 1), all ports can communicate with each other without going through a router.
However, if you change the VLAN assignment for a switch port to another VLAN, that switch port will not be able to communicate with the rest of the devices on other ports. In this case, you will need a router to route packet from one network to another network.
Wednesday, November 19, 2008
How to encrypt Cisco Password
One of the way to secure a Cisco router / switch is to encrypt password in it.
In order to encrypt passwords that are saved in the Cisco devices configuration file, you may use the “service password-encryption” global configuration command.
This command should be used as a simple cipher to prevent unauthorized users from viewing the passwords in router / switch configuration file. It is not against someone who obtains a copy of the router / switch configuration file as some software instantly can decode any passwords encrypted with the MD5 encryption scheme.
In order to encrypt passwords that are saved in the Cisco devices configuration file, you may use the “service password-encryption” global configuration command.
This command should be used as a simple cipher to prevent unauthorized users from viewing the passwords in router / switch configuration file. It is not against someone who obtains a copy of the router / switch configuration file as some software instantly can decode any passwords encrypted with the MD5 encryption scheme.
Monday, November 17, 2008
Workgroup vs. Domain in Windows 2003 environment
There are two modes of operation in Windows 2003 environment. Basically a computer can work as workgroup computer or domain computer. Most home and small business environments will be Workgroup, and most enterprise businesses will run in domain mode.
Basically when you install Windows 2003 server, by default it is a workgroup computer. Workgroup environment is suitable for a limited number of computers (usually no more than 10 computers) in close proximity. However, if the number of computer is huge, it is advisable to join individual computer into domain.
In Workgroup environment, each computer store ID and password locally. There is no centralized management in this case. A user needs a user account on each computer that he/she requires access. This means, if a user needs to access to several computers in the network, each of this computer will need to have the ID and password of the user store locally. It is not an easy task for administrator if there are many computers need to be managed and configured. It may take up a lot of time to just setting up account in various PCs for a new user. Changes to user accounts, such as changing a user’s password or adding a new user account, must be made on each computer in the workgroup. As a result, passwords can become out of synchronization, if changed happened on one computer and not others.
Basically when you install Windows 2003 server, by default it is a workgroup computer. Workgroup environment is suitable for a limited number of computers (usually no more than 10 computers) in close proximity. However, if the number of computer is huge, it is advisable to join individual computer into domain.
In Workgroup environment, each computer store ID and password locally. There is no centralized management in this case. A user needs a user account on each computer that he/she requires access. This means, if a user needs to access to several computers in the network, each of this computer will need to have the ID and password of the user store locally. It is not an easy task for administrator if there are many computers need to be managed and configured. It may take up a lot of time to just setting up account in various PCs for a new user. Changes to user accounts, such as changing a user’s password or adding a new user account, must be made on each computer in the workgroup. As a result, passwords can become out of synchronization, if changed happened on one computer and not others.
Monday, November 10, 2008
Quick fix to solve network connectivity problem in vmware guest virtual machine
This is a quick fix to vmware network virtualization.
Sometime while using vmware, your guest virtual machine may face the problem with network connectivity. I have this problem with two of my virtual machines the other day. Only one of the virtual machines is able to connect to the network. (By the way, both are created using same image) After trouble shooting for a while (such as changing the physical address of Ethernet, restarting it, or changing the network type to bridge or host-only networking and so on), I decided to add in an extra network interface to one of the virtual machine. After that I removed the existing Ethernet interface from it. Surprisingly these steps solved my problem.
Sometime while using vmware, your guest virtual machine may face the problem with network connectivity. I have this problem with two of my virtual machines the other day. Only one of the virtual machines is able to connect to the network. (By the way, both are created using same image) After trouble shooting for a while (such as changing the physical address of Ethernet, restarting it, or changing the network type to bridge or host-only networking and so on), I decided to add in an extra network interface to one of the virtual machine. After that I removed the existing Ethernet interface from it. Surprisingly these steps solved my problem.
Tuesday, November 4, 2008
Cisco Static Route
In my previous post on Static route configuration, I have touched on some basic of static route configuration. In this post, I will show you more details on how to configure static routing in Cisco devices.
IP routing is enabled on Cisco routers by default. If it has been previously disabled on your router, you can turn it on in config mode with the command ip routing.
As mentioned in my previous post, static routes are hard-coded on a router or switch. They tell the network device exactly where to send traffic, no matter what. It is a very quick and effective way to route data from one subnet to another subnet although it does not scale well in large network.
IP routing is enabled on Cisco routers by default. If it has been previously disabled on your router, you can turn it on in config mode with the command ip routing.
Router0(config)#ip routingFor routers to send or forward packets to networks that are not directly connected, they must know the path to reach the destination network. This information can be manually configured in router by network administrator -- the use of static routes. The router can also learn routes information by using a dynamic routing protocol. Anyway, static route is much easier to be configured. However, it provides very little fault tolerance or ability to discover new routes as the network changes.
Router0(config)#ctrl-Z
As mentioned in my previous post, static routes are hard-coded on a router or switch. They tell the network device exactly where to send traffic, no matter what. It is a very quick and effective way to route data from one subnet to another subnet although it does not scale well in large network.
Wednesday, October 29, 2008
Cisco CCNA Certification
It is good to have CCNA credential if you would like to work as a network engineer. It shows that you have the basic foundation in the area of networking especially in the field of Cisco networking. Frankly, it would be easier when you are marketing yourself for a new IT job if you have this certification. Having CCNA may demonstrate that you are keeping up with technology. This is something important.
According to Cisco Systems,
According to Cisco Systems,
The Cisco CCNA network associate certification validates the ability to install, configure, operate, and troubleshoot medium-size routed and switched networks, including implementation and verification of connections to remote sites in a WAN.At a minimum, CCNA should have a basic understanding of the TCP/IP network technology, know how to configure Cisco IOS, Cisco access list, routing - static route and dynamic routing and install Cisco router, switch and even operating LAN and WAN.
Subscribe to:
Posts (Atom)