Tag: <span>security</span>

It is recommended to implement the separation of management and data/customer traffic in your Juniper devices (e.g. QFX Series Switches, MX Series).  Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization and Accounting (AAA) -preferably to setup centralized TACACS+ to manage all your devices, implement central network management that can impose security protocol to…

Juniper

It is recommended to implement the separation of management and data/customer traffic in your Datacenter switches like  Cisco Nexus devices (e.g. Nexus 7000, Nexus 9000).  Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization and Accounting (AAA) -preferably to setup centralized TACACS+ to manage all your devices, some uses Cisco® Identity Services Engine (ISE)…

Cisco

As per Cisco website definition: Control Plane Policing (CoPP) is a Cisco IOS-wide feature designed to allow users to manage the flow of traffic handled by the route processor of their network devices. CoPP is designed to prevent unnecessary traffic from overwhelming the route processor that, if left unabated, could affect system performance. Here’s a sample configuration in applying CoPP. Step1: Create necessary ACLs a. Important services,e.g.NTP,SSH,SNMP   ip access-list extended SSH-ACL  permit tcp host 192.168.10.10 any eq 22  permit…

Cisco

Here’s sample firewall configuration in protecting the box and its services. ICMP: ICMP message types are essential for network administration and troubleshooting. There are quite a number of ICMP parameters, you can refer to IANA ICMP Parameters for the list or if you want to learn more details about ICMP can refer to RFC792. Here’s the 4 types I consider useful for troubleshooting and need to be allowed. Type 0 — Echo Reply –> response from target to host Type 8 — Echo…

Juniper

As per Cisco official site definition of FPD: An FPD refers to any programmable hardware device on a router, which includes a Field Programmable Gate Array (FPGA) and Read Only Memory Monitor (ROMMON). Cisco IOS® XR routers use a number of FPDs that are crucial for the function of route processors, line cards, shared port adapters (SPAs), SPA Interface Processors (SIPs), and fan trays. Sample of upgrading fpd in ASR9000 running in IOS-XR. Linecard used is 24x10GE Tomahawk linecard. A.…

Cisco Juniper

Nmap, or short for Network Mapper, is a free and pen-source tool for scanning vulnerabilities and can also be used for network discovery. It can help identify what devices are running on their systems, discovering hosts that are available and the services they running. To see the open ports or running daemon/services in your routers or switches, you can use nmap to test your routers. where: 192.168.1.1 is your router IP Sample1: To scan using default safe scripts nmap -sV…

Cisco