ACL - Free Network

Home Internet Setup using Cisco as NAT Router (PAT) and DHCP server

PAT or Port Address Translation or also known as NAT Overloading is like a modified form of dynamic NAT where multiple inside local addresses are translated to single inside global IP address. It is the most popular form of NAT as the setup is the same what we use on our home connectivity as your Internet Service Provider (ISP) usually will only provide you 1 public IP to communicate with their internet router. Just remember the word many-to-one mapping. Objective:…

Cisco

ACL binding Cisco dhcp NAT Overload PAT pool port router translation

NAT Configuration on Cisco Routers (Static, Dynamic and NAT Overload)

Here are the basic configuration on implementing different types of Network Address Translation (NAT) on Cisco Routers. Fig.1 Static NAT (1-to-1 Translation) (Objective: to translate PC-1 private IP of 192.168.0.2 to public IP 200.200.200.3) Configuration: Router1 Main Static NAT configuration: ip nat inside source static <Inside local IP> <Inside global IP> Sample Config: Router1(config)# ip nat inside source static 192.168.0.2 200.200.200.3 interface FastEthernet0/0 description Connection to PC-1 ip address 192.168.0.1 255.255.255.0 ip nat inside interface FastEthernet0/1 description Connection to Router2…

Cisco

ACL configuration Dynamic NAT network address translation PAT Static

One Comment

Best Security Practices for Huawei Routers on Management Plane

It is recommended to implement the separation of management and data/customer traffic in your Huawei Service Routers (e.g. NE40E Series). Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. These are the steps on hardening the security on Huawei Routers. Management instance can be configured using these commands: ip vpn-instance STRING<1-31> description TEXT<1-242> ipv4-family Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization…

Huawei

AAA ACL authentication Banner header huawei info-center login management NTP password security SNMP SSH Syslog tacacs timezone vpn-instance

SSH Configuration on Huawei Router

SSH Configuration Examples in Huawei Router Here are the configuration examples: whereas: 192.168.100.100 = Jumphost IP (Allowed IP to SSH into the device) Enable the SSH service stelnet server enable 2. Configure key exchange algorithm ssh server key-exchange { dh_group_exchange_sha256 dh_group_exchange_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep} 3. Configure encryption algorithm ssh server cipher { aes256_ctr aes128_ctr aes256_cbc aes128_cbc 3des_cbc } 4. Configure HMAC algorithm ssh server hmac { md5 | md5_96 | sha1 | sha1_96 | sha2_256 | sha2_256_96 } 5.…

Huawei

AAA ACL huawei SSH vty

One Comment

Bogon IPv4 Ingress and Egress Filtering in Cisco IOS-XR

As mentioned from the previous post, Bogon prefixes or routes should never appear in the Internet routing table. Network Engineers should implement “Best Practices” in their network, that includes filtering of bogons as it maybe used in DDoS attacks or Spams. Refer to https://freenetworktutorials.com/ipv4-and-ipv6-bogon-address-list for more info. “Martians” bogons may changed occasionally so at least make sure private address mentioned in https://freenetworktutorials.com/ipv4-classful-and-reserved-addresses are filtered so it wont leak out into the Internet. Here is sample steps and configuration. 1. Create the Ingress…

Cisco

ACL bogon ipv4 RFC1918

2 Comments

This server has received 520793 hits from both ipv4 and ipv6.
IPv4	91.9%
IPv6	8.1%

Tag: <span>ACL</span>

Home Internet Setup using Cisco as NAT Router (PAT) and DHCP server

NAT Configuration on Cisco Routers (Static, Dynamic and NAT Overload)

Best Security Practices for Huawei Routers on Management Plane

SSH Configuration on Huawei Router

Bogon IPv4 Ingress and Egress Filtering in Cisco IOS-XR