How to configure logging on Cisco IOS

Rate this post

265 views

cisco

Overview

Device logs often offer valuable information when troubleshooting a network issue. Interface status, security alerts, environmental conditions, CPU process hog, and many other events on the router or switch can be captured and analyzed later by studying the logs. By default, all log messages on a Cisco router or switch are sent to the console port. Only users that are physically connected to the console port may view these messages. If you are connected to a Cisco device via Telnet or SSH and want to see console messages, you can enter the command terminal monitor in privileged exec mode. Cisco devices support five types of logging:

Continue reading…

How to configure port security on Cisco switches

Rate this post

154 views

cisco

Overview

In some environments, a network must be secured by controlling what stations can gain access to the network itself. Port security is a feature used on Cisco Catalyst switches which limits the MAC addresses allowed to appear on a specific port. In most cases network administrators use this to secure access to the physical network.

Using this feature only predefined static MAC addresses or limited number of dynamic MAC addresses can access the network. Suppose a user tries to connect to a port which has port security enabled and his MAC address does not appear on the list of allowed MAC addresses. In this case the port will be shut down or the packets arriving on that port will be dropped with a specific action. To resolve this issue the port must be re-enabled manually by the network administrator or automatically after a period of time if the errdisable cause is configured for automatic recovery (by default after 300 seconds).

Continue reading…

Understanding CDP (Cisco Discovery Protocol)

5 (100%) 1 vote

233 views

cisco

Overview

Cisco Discovery Protocol (CDP) is a Cisco proprietary protocol which is used to collect information about neighboring routers and switches. It operates at Layer2 (data link layer) and comes in two versions CDPv1 (initial release) available since IOS version 10.3 and CDPv2 available from IOS Version 12.0(3)T. CDP is very useful when you need to gather information about the network topology like IP addresses, device capabilities, platform and also offers a quick way for troubleshooting and documenting the network. CDP is enabled by default on all available interfaces. CDP traffic between devices is not encrypted so this can be a real security issue. As best practice is recommended that CDP should be disabled mainly on devices that connects to external networks.

Continue reading…

Configuring SSH on Cisco routers and switches

5 (100%) 1 vote

238 views

cisco

Overview

Older IOS images on Cisco devices used telnet as default login method for the vty lines. Nowadays using telnet is not safe because all traffic including usernames and passwords is transmitted in clear text. This way anybody using a protocol analyzer can gain access to the data. Lately telnet access method has been replaced by SSH which offers increased security by encrypting all traffic between source and destination. SSH protocol comes in two versions SSH1 and SSH2. Communication between the client and server is encrypted in both versions. You should implement SSH version 2 when possible because it uses a more enhanced security encryption algorithm. SSH1 became available in Cisco’s IOS, starting with release 12.1(1)T. In order to use SSH2 you need a IOS version 12.3(4)T or newer.

Continue reading…

Page 4 of 4« First...234