tag:blogger.com,1999:blog-51308183998521349242024-02-20T19:22:24.659+01:00TCAM INTERRUPTA blog about IT/Cisco/CCIE RS.Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.comBlogger30125tag:blogger.com,1999:blog-5130818399852134924.post-88458753888760118182011-01-10T13:15:00.000+01:002011-01-10T13:15:50.987+01:00Initial DraftAfter 3 months at <a href="http://tcam-interrupt.blogspot.com/" target="_blank" title="TCAM INTERRUPT">TCAM-INTERRUPT</a>, I have decided to combine forces with my good friends; <a href="http://twitter.com/coolbomb" target="_blank">Daniel Rodriguez</a> and <a href="http://twitter.com/jomihu" target="_blank">Jose Miguel Huertas</a> (CCIE #27028) to create <a href="http://blog.initialdraft.com/">Initial Draft</a> on a more flexible blogging platform and post content on a regular basis, focused but not limited to our preparation for the CCIE R&S lab (I'm known for going off-topic).<br />
<br />
The interesting content of this blog was migrated and <a href="http://blog.initialdraft.com/archives/116" target="_self" title="Troubleshooting OSPF network type mismatches against a Backbone device">Daniel</a> and <a href="http://blog.initialdraft.com/archives/117" target="_self" title="Using OSPF sham-links on a basic MPLS VPN">Jomi</a> posted a couple of interesting articles for the unveiling of the site, and hopefully we will have new content every week.<br />
<br />
So, please update your bookmarks to <a href="http://blog.initialdraft.com/">Initial Draft</a>, drop us a line on the comment section or follow us on <a href="http://twitter.com/initialdrafts" target="_blank">twitter</a>.Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-57887024002298659272010-12-24T12:42:00.000+01:002010-12-24T12:42:02.197+01:00CCIE R&S v4.0 Lab Exam Demo VideoOn forums I find a lot of people asking about the interface used for the CCIE R&S Lab exam. Around 6 months ago, Cisco released a video with a tour of the interface, the narrator is not the most exciting in the land but you get the general idea and feel of the lab:<br />
<br />
<a href="https://learningnetwork.cisco.com/static/video-wp/CCIE_RS_v4_Lab_Exam_Demo_640x480-v2.htm" target="_new">CCIE R&S v4.0 Lab Exam Demo</a><br />
<br />
"This demo will familiarize candidates with the online interface that has replaced paper exams, which presents the virtual topology, test questions, documentation and tools. Strongly recommended for all candidates"Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com2tag:blogger.com,1999:blog-5130818399852134924.post-82949785617659887522010-12-23T17:52:00.000+01:002010-12-23T17:52:56.022+01:00Cisco IOS menu autocommand with AAA/Cisco ACS<div class="MsoNormal">A customer has a router dedicated to a site-to-site IPSec VPN , the users of that VPN are a small group that are not directly responsible for the router. They want a way to check the status of the WAN connection, the IPSec tunnel and also to force a clear crypto sa.<o:p></o:p></div><div class="MsoNormal"><br />
</div><div class="MsoNormal">This could be solved with a <a href="http://www.shrubbery.net/rancid/" target="_new">looking glass</a> but that would require a web server. An alternative solution could be a special user with a menu auto command:<o:p></o:p></div><div class="MsoNormal"><br />
</div><div style="background: #E6E6E6; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-element: para-border-div; padding: 1.0pt 4.0pt 1.0pt 4.0pt;"><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN title @ VPN VERIFICATION / RESET MENU @<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN text 1 ping Internet (OpenDNS)<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN command 1 ping 208.67.222.222<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN text 2 ping VPN (192.168.0.1)<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN command 2 ping 192.168.0.1 source gi0/1/0<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN text 3 sh crypto isakmp sa<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN command 3 sh crypto isakmp sa<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN text 4 sh crypto ipsec sa<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN command 4 sh crypto ipsec sa<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN text 5 Reset VPN (clear crypto ipsec sa)<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN command 5 clear crypto sa<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN text 6 Exit<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN command 6 exit<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN clear-screen<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN status-line<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN line-mode<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">menu VPN single-space<o:p></o:p></span></div></div><div class="MsoNormal"><br />
</div><div class="MsoNormal" style="text-align: justify;">My environment uses AAA with a Cisco ACS, so the special user has to be created in the Internal ACS database, restricted to only that router (<b style="mso-bidi-font-weight: normal;"><span style="color: black;">Per User Defined Network Access Restrictions</span></b><span style="color: black;">), allowing shell (exec) access and the auto command menu VPN (<b>TACACS+ Settings</b>)<o:p></o:p></span></div><div class="MsoNormal" style="text-align: justify;"><br />
</div><div class="MsoNormal" style="text-align: justify;"><span style="color: black;">The router has to refer to the authorization for exec to the ACS:<o:p></o:p></span></div><div class="MsoNormal" style="text-align: justify;"><br />
</div><div style="background: #E6E6E6; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-element: para-border-div; padding: 1.0pt 4.0pt 1.0pt 4.0pt;"><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm; text-align: justify;"><span style="font-family: 'Courier New';">aaa authorization exec default group tacacs+ local<o:p></o:p></span></div></div><div class="MsoNormal" style="text-align: justify;"><br />
</div><div class="MsoNormal" style="text-align: justify;">Of course, if you don’t use ACS and only use AAA with the local database, Ivan @ <a href="http://blog.ioshints.info/2009/06/autocommands-in-aaa-environment.html?spref=tw" target="_new">Cisco IOS Hints has a great example</a>.<o:p></o:p></div><div class="MsoNormal" style="text-align: justify;"><br />
</div><div class="MsoNormal" style="text-align: justify;">Testing:<o:p></o:p></div><div class="MsoNormal" style="text-align: justify;"><br />
</div><div style="background: #E6E6E6; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-element: para-border-div; padding: 1.0pt 4.0pt 1.0pt 4.0pt;"><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">Server "VPN-Router" Line 6 Terminal-type xterm<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><br />
</div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';"> VPN VERIFICATION / RESET MENU<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><br />
</div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';"> 1 ping Internet (OpenDNS)<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';"> 2 ping VPN (192.168.0.1)<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';"> 3 sh crypto isakmp sa<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';"> 4 sh crypto ipsec sa<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';"> 5 Reset VPN (clear crypto ipsec sa)<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';"> 6 Exit<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><br />
</div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">Selection: 1<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><br />
</div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">Type escape sequence to abort.<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">Sending 5, 100-byte ICMP Echos to 208.67.222.222, timeout is 2 seconds:<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">!!!!!<o:p></o:p></span></div><div class="MsoNormal" style="background: #E6E6E6; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;"><span style="font-family: 'Courier New';">Success rate is 100 percent (5/5), round-trip min/avg/max = 84/95/140 ms<o:p></o:p></span></div></div><div class="MsoNormal"><br />
</div><div class="MsoNormal">More info:<o:p></o:p></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="color: black;"><a href="http://books.google.com/books?id=JK4wrT7e6icC&lpg=PA177&ots=Oe6ulDrfLu&dq=autocommand%20cisco%20acs&pg=PA172#v=onepage&q=autocommand%20cisco%20acs&f=false" target="_new">Cisco access control security: AAA administrative services (Brandon Carroll)</a></span><span style="color: black;"><o:p></o:p></span></div><div class="MsoNormal"><span style="color: black;"><a href="http://www.cisco.com/en/US/partner/docs/ios/fundamentals/configuration/guide/cf_connections_ps6441_TSD_Products_Configuration_Guide_Chapter.html" target="_new">DocCD <span lang="ES">Managing Connections, Menus, and System Banners</span></a><o:p></o:p></span></div>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-703760488809672132010-12-21T22:33:00.003+01:002010-12-21T22:44:06.351+01:00INE CCIE R/S 4.X Expanded Study Blueprint with linksAfter my bootcamp with <a href="http://twitter.com/compsolv" target="_new">Anthony Sequeira</a>, I decided to guide my studies using the <a href="http://blog.ine.com/2009/05/12/ccie-rs-4x-expanded-study-blueprint/" target="_new">INE CCIE R/S 4.X Expanded Study Blueprint</a>, the original doesn't have links for all the topics, so here it is with links for almost everything. Any feedback is appreciated, specially for the few areas where I couldn't find any relevant information.<br />
<br />
<a href="https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B-Eugz9MbcF5NGM3ZjhjOGItMDJiMy00YTU0LWE3YTYtY2MwOTM0ZGZiOTVk&hl=en&authkey=CJvQiNUO" target="_new">There is also a PDF version for download.</a><br />
<br />
<h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; font-weight: normal; letter-spacing: -0.1pt;">1.00 Implement Layer 2 Technologies<o:p></o:p></span></h3><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">1.10 <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swstp.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Implement Spanning Tree Protocol (STP)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a)<span class="apple-converted-space"> </span><a href="http://blog.internetworkexpert.com/2009/03/07/understanding-stp-convergence-part-i/" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">802.1d</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b)<span class="apple-converted-space"> </span><a href="http://blog.internetworkexpert.com/2009/09/07/rstp-and-fast-convergence/" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">802.1w</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c)<span class="apple-converted-space"> </span><a href="http://blog.internetworkexpert.com/2008/07/27/mstp-tutorial-part-i-inside-a-region/" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">802.1s</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swstpopt.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Loop guard</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swstpopt.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Root guard</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swstpopt.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Bridge protocol data unit (BPDU) guard</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (g)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swtrafc.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Storm control</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (h)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swtrafc.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Unicast flooding</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (i)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swmstp.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Port roles, failure propagation, and loop guard operation</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (j)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swstp.html#wp1170388" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">STP manipulation through timers</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (k)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swstpopt.html#wp1031116" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">PortFast, UplinkFast, BackboneFast</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (l)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swstpopt.html#wp1046220" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">BPDUFilter</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (m)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swstp.html#wp1039614" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Root Bridge Placement</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (n)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swstp.html#wp1020470" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">STP Port Cost and Port Priority</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (o)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swudld.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">UDLD</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">1.20 <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swvlan.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Implement VLAN, Network Management and VLAN Trunking Protocol (VTP)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swvtp.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">No VTP (TRANS)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b)<span class="apple-converted-space"> </span><a href="http://books.google.com/books?id=3CaYld1w5-8C&pg=PA15&lpg=PA15&dq=%22VTP+Pruning%22&source=bl&ots=Z0yTuaEjHA&sig=_cbPiEoeBNaHBN8-9XLgLQAIPA8&hl=en&ei=Jh_ESvKlHtDX8AaHtf08&sa=X&oi=book_result&ct=result&resnum=2&ved=0CA0Q6AEwATgU#v=onepage&q=%22VTP%20Pruning%22&f=false" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Pruning</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/bridging/configuration/guide/br_transprnt_brdg_ps6350_TSD_Products_Configuration_Guide_Chapter.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Bridging – Transparent, IRB, CRB</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swvtp.html#wp1035165"><span style="color: black;">VTP Authentication</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swvtp.html#wp1212172"><span style="color: black;">VTP Versions</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swmacro.html#wp1221071"><span style="color: black;">Regular Macros</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (g) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swmacro.html"><span style="color: black;">Smart Macros</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (h) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swsnmp.html"><span style="color: black;">SNMP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (i) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swauthen.html#wp1020691"><span style="color: black;">Telnet and Telnet Controls</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (j) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swauthen.html#wp1227177"><span style="color: black;">SSH</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (k) <a href="http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/cf_connections_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1001226"><span style="color: black;">Banners</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (l) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swint.html#wp2028385"><span style="color: black;">Switch Virtual Interfaces (SVIs)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (m) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swvoip.html"><span style="color: black;">3560s and VoIP Phone Support</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">1.30 <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swvlan.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Implement trunk and trunk protocols, EtherChannel, and load-balance</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_see/command/reference/cli2.html#wp3432567" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Static Config (No DTP)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_see/command/reference/cli2.html#wp3432983" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Allowed VLAN</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_vlan_cfg_rtg_ps6441_TSD_Products_Configuration_Guide_Chapter.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Router on a Stick</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_52_se/command/reference/cli3.html#wp1948736" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Native VLAN</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swvlan.html#wp1586242"><span style="color: black;">ISL</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swvlan.html#wp1586242"><span style="color: black;">802.1Q</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (g) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swethchl.html#wp1275725"><span style="color: black;">Manual EtherChannel</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (h) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swethchl.html#wp1275628"><span style="color: black;">PaGP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (i) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swethchl.html#wp1275680"><span style="color: black;">LACP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (j) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swethchl.html#wp1275731"><span style="color: black;">Load Balancing Manipulation in EtherChannel</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (k) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swtunnel.html"><span style="color: black;">QinQ Tunneling</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">1.40 <a href="http://en.wikipedia.org/wiki/Ethernet" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Implement Ethernet technologies</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/interface/configuration/guide/ir_cfg_lan_if_ps6350_TSD_Products_Configuration_Guide_Chapter.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Speed and duplex</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/interface/configuration/guide/ir_cfg_lan_if_ps6350_TSD_Products_Configuration_Guide_Chapter.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Ethernet, Fast Ethernet, and Gigabit Ethernet</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/bbdsl/configuration/guide/bba_pppoe_baa_ps6350_TSD_Products_Configuration_Guide_Chapter.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">PPP over Ethernet (PPPoE)</span></a> <o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">1.50 <a href="http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Implement Switched Port Analyzer (SPAN), Remote Switched Port Analyzer (RSPAN), and flow control</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swspan.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">SPAN and RSPAN</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swint.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Flow Control (DOC-CD)</span></a> <a href="http://blog.internetworkexpert.com/2008/07/08/8023x-flow-control/" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">(Blog)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">1.60 <span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/wan/configuration/guide/wan_cfg_frm_rly_ps6350_TSD_Products_Configuration_Guide_Chapter.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Implement Frame Relay</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/internetworking/technology/handbook/Frame-Relay.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Local Management Interface (LMI)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b)<span class="apple-converted-space"> </span><a href="http://www.internetworkexpert.com/resources/01700368.htm" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Traffic shaping</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/internetworking/design/guide/nd2009.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Topologies</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/wan/configuration/guide/wan_cfg_frm_rly_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1002874" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Discard eligible (DE)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f)<span class="apple-converted-space"> </span><a href="http://www.ciscopress.com/articles/article.asp?p=170741&seqNum=4" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Static versus Dynamic L2 to L3 Resolution</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (g)<span class="apple-converted-space"> </span><a href="http://blog.internetworkexpert.com/2008/08/14/that-pesky-frame-relay-interface-dlci-command/" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Frame-Relay Interface-DLCI</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (h)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/partner/docs/ios/wan/configuration/guide/wan_cfg_frm_rly_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1002616" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Broadcast Queue</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (i)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/partner/docs/ios/wan/configuration/guide/wan_cfg_frm_rly_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1001904" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Frame End to End Keepalives</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (j)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ftfrmibe.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Load Interval</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (k)<span class="apple-converted-space"> </span><a href="http://blog.internetworkexpert.com/2009/12/02/ping-thyself-in-frame-relay/" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">PING Local Interface</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (l)<span class="apple-converted-space"> </span><a href="http://blog.internetworkexpert.com/2008/01/26/ppp-multilink-interleaving-over-frame-relay/" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Multilink Frame Relay</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (m)<span class="apple-converted-space"> </span><a href="http://blog.internetworkexpert.com/2008/01/07/understanding-ppp-over-frame-relay-pppofr/" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">PPP over Frame-Relay</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (n)<span class="apple-converted-space"> </span><a href="http://blog.internetworkexpert.com/2008/06/29/understanding-frame-relay-mappings-to-0000/" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Dynamic Mappings to 0.0.0.0</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (o)<span class="apple-converted-space"> </span><a href="http://blog.internetworkexpert.com/2008/03/25/resolving-reachability-between-spokes-in-a-hub-and-spoke-frame-relay-network/" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Troubleshooting Hub and Spoke</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (p)<span class="apple-converted-space"> </span><a href="http://blog.internetworkexpert.com/2009/12/01/ccie-rs-sample-trouble-tickets-part-3/" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Frame Relay Switch Configuration</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (q)<span class="apple-converted-space"> </span><a href="http://www.ciscopress.com/articles/article.asp?p=170741&seqNum=5" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Subinterfaces</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">1.70 <a href="http://www.cisco.com/en/US/docs/ios/dial/configuration/guide/dia_media-ind_multi_ppp_ps6441_TSD_Products_Configuration_Guide_Chapter.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Implement High-Level Data Link Control (HDLC) and PPP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/interface/command/reference/ir_c2.html#wp1011644" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Clock Rate</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/dial/configuration/guide/dia_media-ind_multi_ppp_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1053601" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">CHAP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/dial/configuration/guide/dia_media-ind_multi_ppp_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1053601" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">PAP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/dial/configuration/guide/dia_media-ind_multi_ppp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1054123" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Peer Neighbor Route</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/12_2/dial/configuration/guide/dafppp.html#wp1001080" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Link Quality Monitoring</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f) <a href="http://www.cisco.com/en/US/docs/ios/11_3/dial/configuration/guide/dcppp.html#wp6111"><span style="color: black;">PPP Reliable Transmission</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (g) <a href="http://www.cisco.com/en/US/docs/ios/12_2/dial/configuration/guide/dafppp.html#wp1001479"><span style="color: black;">PPP Half Bridging</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (h) <a href="http://www.cisco.com/en/US/docs/ios/dial/configuration/guide/dia_media-ind_multi_ppp_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">MLP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (i)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/dial/command/reference/dia_p1.html#wp1014364" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">PPP Encryption MPPE</span></a><o:p></o:p></span></div><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; letter-spacing: -0.1pt;"><o:p style="font-weight: normal;"> </o:p></span></h3><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; font-weight: normal; letter-spacing: -0.1pt;">2.00 Implement IPv4<o:p></o:p></span></h3><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">2.10 <a href="http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_config_ipadd_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement IP version 4 (IPv4) addressing, subnetting, and variable-length subnet masking (VLSM)</span></a> <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml"><span style="color: black;">[2]</span></a> <a href="https://learningnetwork.cisco.com/docs/DOC-1757"><span style="color: black;">[3]</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://blog.ine.com/2010/03/17/a-simple-ipv4-prefix-summarization-procedure/"><span style="color: black;">Calculating the Optimum Summary Address</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_config_ipadd_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1074391"><span style="color: black;">Binary Math Manipulation</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (1) <a href="http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml"><span style="color: black;">Matching multiple networks with a single access list line</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (2) <a href="http://routerjockey.com/2010/05/19/using-discontiguous-wildcard-masks-in-acls/"><span style="color: black;">Matching odd or even subnets with a single access list line</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">(c)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_config_ipadd_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1055213" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">IP Unnumbered</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">(d) <a href="http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_config_ipadd_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1096110"><span style="color: black;">/31 Mask</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">2.20 <a href="http://deepakarora1984.blogspot.com/2010/08/gre-tunnels-unleashed-making-breaking.html"><span style="color: black;">Implement IPv4 tunneling and Generic Routing Encapsulation (GRE)</span></a> <a href="http://www.cisco.com/en/US/tech/tk827/tk369/tk287/tsd_technology_support_sub-protocol_home.html"><span style="color: black;">[2]</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094690.shtml"><span style="color: black;">Recursive Routing Issue</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a008048cffc.shtml" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">GRE Tunnel Keepalives</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">2.30 <a href="http://www.cisco.com/en/US/docs/ios/iproute_rip/configuration/guide/irr_cfg_rip_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement IPv4 RIP version 2 (RIPv2)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/iproute_rip/configuration/guide/irr_cfg_rip_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1061851"><span style="color: black;">Authentication</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/iproute_rip/configuration/guide/irr_cfg_rip_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1085783"><span style="color: black;">Offset List</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/ios/iproute_pi/configuration/guide/iri_ip_prot_indep_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1056644"><span style="color: black;">Distribute List</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (1) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094374.shtml#protocols"><span style="color: black;">Gateway Option</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/docs/ios/iproute_rip/configuration/guide/irr_cfg_rip_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1085783"><span style="color: black;">Timer Manipulation</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/docs/ios/iproute_rip/configuration/guide/irr_cfg_rip_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1083601"><span style="color: black;">Disabling Validation of Source IP Addresses</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f) <a href="http://www.cisco.com/en/US/docs/ios/iproute_rip/configuration/guide/irr_cfg_rip_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1068014"><span style="color: black;">Split Horizon and Secondary IP Addresses</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (g) <a href="http://www.cisco.com/en/US/docs/ios/iproute_rip/configuration/guide/irr_cfg_rip_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1064500"><span style="color: black;">Summarization</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (h) <a href="http://www.cisco.com/en/US/docs/ios/12_3t/ip_route/command/reference/ip2_c1gt.html#wp1094465"><span style="color: black;">Default Information Originate</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (i) <a href="http://www.cisco.com/en/US/docs/ios/12_0/np1/configuration/guide/1crip.html#wp4639"><span style="color: black;">Unicast Routing Updates</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (j) <a href="http://www.cisco.com/en/US/docs/ios/iproute_pi/configuration/guide/iri_ip_prot_indep_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056595"><span style="color: black;">Passive Interface</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (k) <a href="http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/trigrip.html"><span style="color: black;">Triggered Updates on WAN link</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">2.40 <a href="http://www.cisco.com/en/US/docs/ios/iproute_ospf/configuration/guide/iro_cfg_ps6350_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement IPv4 Open Shortest Path First (OSPF)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094aaa.shtml"><span style="color: black;">Standard OSPF areas</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094aaa.shtml"><span style="color: black;">Stub area</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094aaa.shtml"><span style="color: black;">Totally stubby area</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094aaa.shtml"><span style="color: black;">Not-so-stubby-area (NSSA)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094aaa.shtml"><span style="color: black;">Totally NSSA</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f) <a href="https://learningnetwork.cisco.com/docs/DOC-7924"><span style="color: black;">Link-state advertisement (LSA) types</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (g) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml#t20"><span style="color: black;">Adjacency on a point-to-point and on a multi-access network</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (1) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml#t27"><span style="color: black;">OSPF Network Types</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (h) <a href="http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/gr_ospf.html#wp1054910"><span style="color: black;">OSPF graceful restart</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (i) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a8f.shtml"><span style="color: black;">Demand Circuit</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (j) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml#t11"><span style="color: black;">Authentication – methods of configuration and authentication types</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (k) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml#t28"><span style="color: black;">Summarization</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (l) <a href="http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/ospfatc.html"><span style="color: black;">Area Transit Capabilities</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (m) <a href="http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/routmap.html"><span style="color: black;">Inbound Route Filtering</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (n) <a href="http://www.cisco.com/en/US/docs/ios/12_0/np1/command/reference/1rospf.html#wp1030598"><span style="color: black;">Auto Cost Reference Bandwidth</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (o) <a href="http://www.cisco.com/en/US/docs/ios/12_2/iproute/command/reference/1rfospf.html#wp1018589"><span style="color: black;">Unicasting Hello Packets</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (p) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml#t6"><span style="color: black;">Cost Manipulation</span></a> <a href="https://supportforums.cisco.com/docs/DOC-5349"><span style="color: black;">[2]</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (1) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml#t6"><span style="color: black;">ip ospf cost</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (2) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a0080094704.shtml#qtwo"><span style="color: black;">Bandwidth Manipulation</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (3) <a href="http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fs_spftrl.html"><span style="color: black;">SPF Throttling</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (4) <a href="http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/ospfispf.html"><span style="color: black;">Incremental SPF</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (5) <a href="http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fsolsath.html"><span style="color: black;">LSA Throttling</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (6) <span class="apple-style-span"><a href="http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/ospfopro.html#wp1049690"><span style="color: black;">OSPF Link-State Database Overload Protection (was LSA Overhead Protection)</span></a><o:p></o:p></span></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (q) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a0080094704.shtml#qone"><span style="color: black;">Loopback Advertising (Natural Mask)</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (1) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a0080094704.shtml#qone"><span style="color: black;">Network Type (P2P)</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (2) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml#t29"><span style="color: black;">Area Range</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (3) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml#t32"><span style="color: black;">Redistribution</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (r) <a href="http://www.cisco.com/en/US/docs/ios/iproute_ospf/configuration/guide/iro_cfg_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1054174"><span style="color: black;">Timer Manipulation</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (s) <a href="http://www.cisco.com/en/US/docs/ios/iproute_ospf/configuration/guide/iro_abr_type_3_ps6350_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">OSPF ABR Type 3 LSA Filtering</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (t) <a href="http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftoadsup.html"><span style="color: black;">Forwarding Address Suppression in Translated Type-5 LSAs</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (u) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080117102.shtml#topic1"><span style="color: black;">Router ID</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">2.50 <a href="http://www.cisco.com/en/US/docs/ios/iproute_eigrp/configuration/guide/ire_cfg_eigrp_ps6350_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement IPv4 Enhanced Interior Gateway Routing Protocol (EIGRP)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f07.shtml"><span style="color: black;">Best path</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f07.shtml"><span style="color: black;">Loop-free paths</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f07.shtml"><span style="color: black;">EIGRP operations when alternate loop-free paths are available, and when they are not available</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094cb7.shtml#queryrange"><span style="color: black;">EIGRP queries</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094cb7.shtml#summarization"><span style="color: black;">Manual summarization and autosummarization</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f) <a href="http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/eigrpstb.html"><span style="color: black;">EIGRP stubs</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (g) <a href="http://www.cisco.com/en/US/docs/ios/iproute_eigrp/configuration/guide/ire_cfg_eigrp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1060221"><span style="color: black;">Authentication</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (h) <a href="http://www.cisco.com/en/US/docs/ios/iproute_eigrp/configuration/guide/ire_cfg_eigrp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1060038"><span style="color: black;">Composite Metric Manipulation</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (i) <a href="http://www.cisco.com/en/US/docs/ios/iproute_eigrp/configuration/guide/ire_cfg_eigrp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1060081"><span style="color: black;">Applying Offsets to Metrics</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (j) <a href="http://www.cisco.com/en/US/docs/ios/iproute_eigrp/configuration/guide/ire_cfg_eigrp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1060238"><span style="color: black;">Adjusting Timers</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (k) <a href="http://www.cisco.com/en/US/docs/ios/iproute_eigrp/configuration/guide/ire_cfg_eigrp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1060027"><span style="color: black;">Unicasting updates</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (l) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094374.shtml#route0.0"><span style="color: black;">Use of the 0.0.0.0 in the network command</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (m) <a href="http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfeigrp.html#wp1001004"><span style="color: black;">Manipulate the Bandwidth used by EIGRP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (n) <a href="http://www.cisco.com/en/US/docs/ios/iproute_pi/configuration/guide/iri_ip_prot_indep_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056644"><span style="color: black;">Distribute lists</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (o) <a href="http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gteigrpr.html"><span style="color: black;">Route Map Support</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (p) <a href="http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gteigmib.html"><span style="color: black;">SNMP Support</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (q) <a href="http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/cs_epls.html"><span style="color: black;">EIGRP Prefix Limit</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (r) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f0a.shtml"><span style="color: black;">Passive Interface</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (s) <a href="http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_ensf.html"><span style="color: black;">NSF Awareness</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (t) <a href="http://www.cisco.com/en/US/docs/ios/12_2/iproute/command/reference/1rfeigrp.html#wp1031884"><span style="color: black;">Router ID</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">2.60 <a href="http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_overview_ps6350_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement IPv4 Border Gateway Protocol (BGP)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_int_features.html"><span style="color: black;">iBGP</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (1) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#synch"><span style="color: black;">Synchronization</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (2) <a href="http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_int_features.html#wp1054003"><span style="color: black;">Confederation</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (3) <a href="http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_int_features.html#wp1054036"><span style="color: black;">Route-Reflection</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (4) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#synch"><span style="color: black;">Non-BGP Speaker in Transit Path</span></a> <a href="http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800ade18.shtml"><span style="color: black;">[2]</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 72pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">(a) Tunnel<o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 72pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">(b) Redistribute<o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 72pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">(c) Static route<o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 72pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">(d) Default route<o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 72pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">(e) Policy route<o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">(5) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093fb7.shtml"><span style="color: black;">Peer Groups</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_external_sp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1053960"><span style="color: black;">eBGP</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (1) <a href="http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_external_sp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1054057"><span style="color: black;">Multihop</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (2) <a href="http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_external_sp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1054075"><span style="color: black;">Next Hop Issues</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_external_sp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1055581"><span style="color: black;">Filtering, redistribution, summarization, attributes and other advanced features</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (1) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080b52107.shtml"><span style="color: black;">Authentication</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (2) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431.shtml#bestpath"><span style="color: black;">Router ID</span></a> <a href="http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_basic_net.html#wp1054254"><span style="color: black;">[2]</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (3) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800945ff.shtml"><span style="color: black;">Prefix Advertisement</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (4) <a href="http://www.cisco.com/en/US/docs/ios/iproute_bgp/command/reference/irg_bgp1.html#wp1100582"><span style="color: black;">Automatic Summarization</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (5) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094826.shtml"><span style="color: black;">Manual Summarization including suppression techniques</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (6) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008010a28a.shtml"><span style="color: black;">Maximum Prefix Limit</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (7) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml"><span style="color: black;">Load Balancing</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (8) <a href="http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_external_sp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1054204"><span style="color: black;">Path Manipulation</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#localpref"><span style="color: black;">Local Pref</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#metricattribute"><span style="color: black;">MED</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#aspathattribute"><span style="color: black;">AS PATH</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#weight"><span style="color: black;">Weight</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (9) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#communityattribute"><span style="color: black;">BGP Communities</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (10) <a href="http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/s_rexpe.html"><span style="color: black;">Regex Engine Performance Enhancement</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (11) <a href="http://www.cisco.com/en/US/docs/ios/12_2t/12_2t11/feature/guide/ft11bhla.html"><span style="color: black;">Hide Local AS</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> <st1:street w:st="on"><st1:address w:st="on">(12) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094309.shtml"><span style="color: black;">Conditional Route</span><span style="color: black;"> Advertisement</span></a><o:p></o:p></st1:address></st1:street></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (13) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f27.shtml"><span style="color: black;">Remove Private AS</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (14) <a href="http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_external_sp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1055772"><span style="color: black;">AS PATH Filtering</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (15) <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094e88.shtml"><span style="color: black;">BGP Policy Accounting</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (16) <a href="http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_adv_features_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056763"><span style="color: black;">NSF Awareness</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (17) <a href="http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gt_btsh.html"><span style="color: black;">Support for TTL <span style="border: 1pt none windowtext; padding: 0cm;">Security</span> Check</span></a><o:p></o:p></span></div><div style="margin: 0cm; text-indent: 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">(18) <a href="http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_bsfda.html"><span style="color: black;">Support for Fast Peering Session Deactivation</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (19) <a href="http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/sbbnhop.html"><span style="color: black;">Support for Next-Hop Address Tracking</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (20)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_external_sp_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1054758" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Outbound Route Filtering</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">2.70 <a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml"><span style="color: black;">Implement policy routing</span></a> <o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtpbrtrk.html"><span style="color: black;">PBR Support for Multiple Tracking Options</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_pbr.html"><span style="color: black;">PBR Recursive Next Hop</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">2.80 <a href="http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/ps8787/product_data_sheet0900aecd806c4ee4.html"><span style="color: black;">Implement Performance Routing (PfR) and Cisco Optimized Edge Routing (OER)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/oer/configuration/guide/oer-overview_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1054051"><span style="color: black;">Profile Phase</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/oer/configuration/guide/oer-overview_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1054056"><span style="color: black;">Measure Phase</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/ios/oer/configuration/guide/oer-overview_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1054065"><span style="color: black;">Apply Policy Phase</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/docs/ios/oer/configuration/guide/oer-overview_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1054070"><span style="color: black;">Control Phase</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/docs/ios/oer/configuration/guide/oer-overview_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1054078"><span style="color: black;">Verify Phase</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">2.90 <a href="http://www.cisco.com/en/US/docs/ios/iproute_pi/configuration/guide/iri_ip_prot_indep_ps6350_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement filtering, route redistribution, summarization, attributes, and other advanced features</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/iproute_pi/configuration/guide/iri_ip_prot_indep_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1057169"><span style="color: black;">Administrative Distance Manipulation</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/iproute_pi/configuration/guide/iri_ip_prot_indep_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1057197"><span style="color: black;">Redistribution</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (1) <a href="http://www.cisco.com/en/US/docs/ios/iproute_pi/configuration/guide/iri_ip_prot_indep_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1057507"><span style="color: black;">Default Seed Metric</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (2) <a href="http://www.cisco.com/en/US/docs/ios/iproute_pi/configuration/guide/iri_ip_prot_indep_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056342"><span style="color: black;">Setting parameters with a Route Map</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">2.95 <a href="http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfodr.html"><span style="color: black;">On Demand Routing (ODR)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; font-weight: normal; letter-spacing: -0.1pt;">3.00 Implement IPv6<o:p></o:p></span></h3><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">3.10 <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html"><span style="color: black;">Implement IP version 6 (IPv6) addressing and different addressing types</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1038771"><span style="color: black;">Global Unicast</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1038809"><span style="color: black;">Link Local</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1112696"><span style="color: black;">Multicast</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1052470"><span style="color: black;">Anycast</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1038809"><span style="color: black;">Site Local</span></a> <o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1334130"><span style="color: black;">Unique Local Address</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">3.20 <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1282543"><span style="color: black;">Implement IPv6 neighbor discovery</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/switches/datacenter/mds9000/sw/5_0/configuration/guides/ipsvc/fm/ipv6.html#wp1206035"><span style="color: black;">Router Discovery</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1038169"><span style="color: black;">Prefix Discovery</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/white_paper_c11-563156.html"><span style="color: black;">Parameter Discovery</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_autoconfig.html"><span style="color: black;">Address Autoconfiguration</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">3.30 <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1027188"><span style="color: black;">Implement basic IPv6 functionality protocols</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1282362"><span style="color: black;">ICMP version 6</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">3.40 <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-tunnel.html"><span style="color: black;">Implement tunneling and transition techniques</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-tunnel.html#wp1055738"><span style="color: black;">Manual</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-tunnel.html#wp1055871"><span style="color: black;">GRE/IPV4</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-tunnel.html#wp1055999"><span style="color: black;">6to4</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-tunnel.html#wp1056264"><span style="color: black;">ISATAP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-nat_trnsln_ps6350_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">NAT-PT</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">3.50 <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-ospf.html"><span style="color: black;">Implement OSPF version 3 (OSPFv3)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://en.wikipedia.org/wiki/Open_Shortest_Path_First#Area_types"><span style="color: black;">Special Area Types</span></a> <a href="https://learningnetwork.cisco.com/docs/DOC-1554"><span style="color: black;">[2]</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-ospf.html#wp1070147"><span style="color: black;">Summarization</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">3.60 <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-eigrp_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement EIGRP version 6 (EIGRPv6)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-eigrp_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1059465"><span style="color: black;">Summarization</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">3.70 <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-eigrp_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1055769"><span style="color: black;">Implement filtering and route redistribution</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">3.80 <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-rip_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement RIPng</span></a><o:p></o:p></span></div><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; letter-spacing: -0.1pt;"><o:p style="font-weight: normal;"> </o:p></span></h3><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; font-weight: normal; letter-spacing: -0.1pt;">4.00 <a href="http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_cfg_layer3_vpn.html"><span style="color: black;">Implement MPLS Layer 3 VPNs</span></a><o:p></o:p></span></h3><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">4.10 <a href="http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_mpls_overview_ps6350_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement Multiprotocol Label Switching (MPLS)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_ldp_overview_ps6350_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">MPLS LDP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_ldp_inbound_filtr.html"><span style="color: black;">MPLS Label Filtering</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">4.20 <a href="http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_cfg_layer3_vpn.html#wp1051693"><span style="color: black;">Implement Layer 3 virtual private networks (VPNs) on provider edge (PE), provider (P), and customer edge (CE) routers</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_cfg_layer3_vpn.html#wp1062389"><span style="color: black;">PE-CE Routing with RIP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_cfg_layer3_vpn.html#wp1063080"><span style="color: black;">PE-CE Routing with EIGRP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_cfg_layer3_vpn.html#wp1062224"><span style="color: black;">PE-CE Routing with OSPF</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_cfg_layer3_vpn.html#wp1062232"><span style="color: black;">PE-CE Routing with BGP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_ospf_com_backbone.html#wp1048163"><span style="color: black;">OSPF Sham Link</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f) <a href="http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/s_mvesoo.html"><span style="color: black;">EIGRP SOO and Cost Community</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (g) <a href="http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_neighbor_soo_ps10591_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">BGP SOO</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (h) <a href="http://www.cisco.com/en/US/docs/ios/12_0t/12_0t7/feature/guide/VPN_EN.html#wp1045899"><span style="color: black;">BGP AS Override</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (i) <a href="http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801445fb.shtml"><span style="color: black;">Internet Access</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">4.30 <a href="http://www.cisco.com/en/US/docs/ios/12_0t/12_0t5/feature/guide/VPN.html#wp15966"><span style="color: black;">Implement virtual routing and forwarding (VRF) and Multi-VRF Customer Edge (VRF-Lite)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/vrflitsb.html"><span style="color: black;">VRF-Lite</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/12_4t/ip_route/configuration/guide/tbrbover.html#wp1051737"><span style="color: black;">MP-BGP VPNv4</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) MP-BGP Prefix Filtering<o:p></o:p></span></div><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; letter-spacing: -0.1pt;"><o:p style="font-weight: normal;"> </o:p></span></h3><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; font-weight: normal; letter-spacing: -0.1pt;">5.00 <a href="http://www.cisco.com/en/US/docs/ios/ipmulti/configuration/guide/imc_basic_cfg_ps6350_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement IP Multicast</span></a><o:p></o:p></span></h3><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">5.10 <a href="http://en.wikipedia.org/wiki/PIM_Sparse_Mode"><span style="color: black;">Implement Protocol Independent Multicast (PIM) sparse mode</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/ipimt_ov.htm#wp17760"><span style="color: black;">Source-based Trees</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/ipimt_ov.htm#wp17769"><span style="color: black;">Shared Trees</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/ios/ipmulti/configuration/guide/imc_basic_cfg_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1054929"><span style="color: black;">Bidirectional PIM</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">5.20 <a href="http://www.cisco.com/en/US/docs/ios/12_0t/12_0t7/feature/guide/msdp.html"><span style="color: black;">Implement Multicast Source Discovery Protocol (MSDP)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/12_4t/12_4t2/htmsdpmd.html"><span style="color: black;">Authentication</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/12_2/ipmulti/command/reference/1rfmsdp.html#wp1034402"><span style="color: black;">SA Message Limiting</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/ios/12_2/ipmulti/command/reference/1rfmsdp.html#wp1040368"><span style="color: black;">Timer Adjustments</span></a> <a href="http://www.cisco.com/en/US/docs/ios/12_2/ipmulti/command/reference/1rfmsdp.html#wp1040625"><span style="color: black;">[2]</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/docs/ios/12_2sx/12_2sxh/feature/guide/sxmsdpcp.html"><span style="color: black;">MSDP Compliance with IETF RFC 3618</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfmsdp_ps1835_TSD_Products_Configuration_Guide_Chapter.html#wp1001055"><span style="color: black;">Filtering and TTL Thresholds</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f) <a href="http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_msdp.html"><span style="color: black;">Monitoring MSDP with SNMP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">5.30 <a href="http://www.cisco.com/en/US/tech/tk828/tech_brief09186a00800e9952.html#wp17692"><span style="color: black;">Implement interdomain multicast routing</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">5.40 <a href="http://www.cisco.com/en/US/docs/ios/solutions_docs/ip_multicast/White_papers/rps.html"><span style="color: black;">Implement PIM Auto-Rendezvous Point (Auto-RP), unicast rendezvous point (RP), and bootstrap router (BSR)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/tech/tk828/technologies_tech_note09186a0080094821.shtml#autowithone"><span style="color: black;">Auto-RP</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (1) <a href="http://www.cisco.com/en/US/docs/ios/12_2/ipmulti/command/reference/1rfmult2.html#wp1090395"><span style="color: black;">ip pim autorp listener</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (2) Static mapping of Auto-RP groups:<o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 108pt; text-indent: 36pt;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="background: none repeat scroll 0% 0% rgb(230, 230, 230); border: 1pt solid windowtext; margin-left: 108pt; margin-right: 117pt; padding: 1pt 4pt;"><div align="center" style="background: none repeat scroll 0% 0% rgb(230, 230, 230); border: medium none; margin: 0cm; padding: 0cm; text-align: center;"><span style="font-size: xx-small;"><i><span style="color: black; font-family: 'Courier New'; font-weight: normal;">ip pim rp-address 192.168.0.1 55<o:p></o:p></span></i></span></div><div align="center" style="background: none repeat scroll 0% 0% rgb(230, 230, 230); border: medium none; margin: 0cm; padding: 0cm; text-align: center;"><span style="font-size: xx-small;"><i><span style="color: black; font-family: 'Courier New'; font-weight: normal;">access-list 55 permit 224.0.1.39<o:p></o:p></span></i></span></div><div align="center" style="background: none repeat scroll 0% 0% rgb(230, 230, 230); border: medium none; margin: 0cm; padding: 0cm; text-align: center;"><i><span style="color: black; font-family: 'Courier New'; font-size: 8pt; font-weight: normal;"><span style="font-size: xx-small;">access-list 55 permit 224.0.1.40</span><o:p></o:p></span></i></div></div><div style="margin: 0cm 0cm 0cm 144pt;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">(3) <a href="http://www.cisco.com/en/US/docs/ios/solutions_docs/ip_multicast/White_papers/rps.html#wp1029241"><span style="color: black;">PIM Sparse-Dense Mode</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">(4) <a href="http://www.cisco.com/en/US/docs/ios/12_0/np1/configuration/guide/1cmulti.html#wp5435"><span style="color: black;">IP Multicast Boundary</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/tech/tk828/technologies_tech_note09186a0080094821.shtml#sparsemode"><span style="color: black;">Static RP Assignment</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/ios/ipmulti/configuration/guide/imc_basic_cfg_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1054362"><span style="color: black;">BSR</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (1) <a href="http://www.cisco.com/en/US/docs/ios/ipmulti/command/reference/imc_04.html#wp1056382"><span style="color: black;">BSR Border Interface</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">5.50 <a href="http://www.cisco.com/en/US/docs/ios/ipmulti/configuration/guide/imc_basic_cfg_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement multicast tools, features, and source-specific multicast</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/solutions_docs/ip_multicast/White_papers/mcst_ovr.html#wp1009036"><span style="color: black;">RPF</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/solutions_docs/ip_multicast/White_papers/mcst_ovr.html#wp1009036"><span style="color: black;">RPF Check</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/ios/ipmulti/configuration/guide/imc_cfg_ssm_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">SSM</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfmulti.html#wp1002616"><span style="color: black;">Multicast Helper</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/docs/ios/12_3t/ip_mcast/command/reference/ip3_i1gt.html#wp1076237"><span style="color: black;">Multicast Rate Limiting</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f) <a href="http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfmulti.html#wp1002753"><span style="color: black;">Stub IP Multicast Routing</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (g) <a href="http://www.cisco.com/en/US/docs/ios/12_0/np1/configuration/guide/1cmulti.html#wp5098"><span style="color: black;">sdr Listener Support</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (h) <a href="http://www.cisco.com/en/US/docs/ios/12_4t/ip_mcast/configuration/guide/mctlsplt.html"><span style="color: black;">Load Splitting Multicast Traffic</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (i) <a href="http://www.cisco.com/en/US/docs/ios/12_0t/12_0t5/feature/guide/mrm.html"><span style="color: black;">Multicast Routing Monitor</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (j) <a href="http://www.cisco.com/en/US/docs/ios/ipmulti/configuration/guide/imc_monitor_maint_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1046512"><span style="color: black;">Multicast Heartbeat</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (k) <a href="http://www.cisco.com/en/US/products/ps6902/prod_release_note09186a0080665c77.html#wp65111"><span style="color: black;">Anycast</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">5.60 <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-multicast_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement IPv6 multicast, PIM, and related multicast protocols, such as Multicast Listener Discovery (MLD)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-multicast_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1055384"><span style="color: black;">IPv6 Multicast Addressing</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-multicast_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1055643"><span style="color: black;">MLD</span></a><o:p></o:p></span></div><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; letter-spacing: -0.1pt;"><o:p style="font-weight: normal;"> </o:p></span></h3><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; font-weight: normal; letter-spacing: -0.1pt;">6.00 <a href="http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/12_4t/sec_data_plane_12_4t_book.html"><span style="color: black;">Implement Network Security</span></a><o:p></o:p></span></h3><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">6.01 <a href="http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_accs_list_rmap_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement access lists</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftdistac.html"><span style="color: black;">Time-based Access Lists</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/web/about/security/intelligence/acl-logging.html"><span style="color: black;">Log</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/web/about/security/intelligence/acl-logging.html"><span style="color: black;">Log-input</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml#ex"><span style="color: black;">Block RFC 1918</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml#ex"><span style="color: black;">RFC 3330 Filtering</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f) <a href="http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_example09186a0080470c39.shtml"><span style="color: black;">VLAN Access Maps (VACLs)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (g) <a href="http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_example09186a0080470c39.shtml"><span style="color: black;">MAC Access Lists</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">6.02 <a href="http://blog.internetworkexpert.com/2008/10/16/cisco-ios-zone-based-firewall-overview/" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Implement Zone Based Firewall</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a)<span class="apple-converted-space"> </span><a href="http://blog.internetworkexpert.com/2009/08/15/ccie-rs-4-x-zone-based-firewall-tier-1/" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Basic Configuration</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_zone_polcy_firew_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1054965" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Parameter Maps</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">6.03 <a href="http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_unicast_rpf_ps6441_TSD_Products_Configuration_Guide_Chapter.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Implement Unicast Reverse Path Forwarding (uRPF)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_unicast_rpf_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1003800" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Access Lists with uRPF</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">6.04 <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_se/configuration/guide/swdhcp82.html#wp1154649"><span style="color: black;">Implement IP Source Guard</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">6.05 <a href="http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfaaa.html"><span style="color: black;">Implement AAA</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) Client Side in IOS<o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">6.06 <a href="http://www.cisco.com/en/US/docs/ios/sec_control_plane/configuration/guide/sec_control_plane_overview_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement Control Plane Policing (CoPP)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">6.07 <a href="http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a0080094e8b.shtml"><span style="color: black;">Implement Cisco IOS Firewall</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">6.08 <a href="http://blog.internetworkexpert.com/2009/09/02/cisco-ios-intrusion-prevention-system-ips-tier-1-part-1/" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Implement Cisco IOS Intrusion Prevention System (IPS)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a)<span class="apple-converted-space"> </span><a href="http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_ips_ps6441_TSD_Products_Configuration_Guide_Chapter.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Basic Configuration</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">6.09 <a href="http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_secure_shell_ps6441_TSD_Products_Configuration_Guide_Chapter.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Implement Secure Shell (SSH)</span></a><br />
6.10 <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_20_se/configuration/guide/sw8021x.html"><span style="color: black;">Implement 802.1x</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">(a) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_20_se/configuration/guide/sw8021x.html#wp1091383"><span style="color: black;">Reauthentication</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_20_se/configuration/guide/sw8021x.html#wp1025793"><span style="color: black;">Quiet Period</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_20_se/configuration/guide/sw8021x.html#wp1025995"><span style="color: black;">Host Mode</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_20_se/configuration/guide/sw8021x.html#wp1026004"><span style="color: black;">Guest VLAN</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_20_se/configuration/guide/sw8021x.html#wp1093988"><span style="color: black;">Accounting</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">6.11 <a href="http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_consv_ps6350_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement NAT</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">6.12 <a href="http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfroutr.html"><span style="color: black;">Implement routing protocol authentication</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">6.13 <a href="http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_authentifcn_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement device access control</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftprienh.html"><span style="color: black;">Privilege Levels</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_role_base_cli_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Command Line Views</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">6.14 Implement security features<o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_20_se/configuration/guide/swpvlan.html"><span style="color: black;">Private VLANs</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_resil_config_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">IOS Resilient Configuration</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_image_verifctn_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Image Verification</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_ip_srce_trackr_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">IP Source Tracker</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_rawip.html"><span style="color: black;">IP Traffic Export</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_20_se/configuration/guide/swdynarp.html"><span style="color: black;">Dynamic ARP Inspection</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (g) <a href="http://www.cisco.com/en/US/docs/ios/12_3/12_3y/12_3ya8/gtnsvpwd.html"><span style="color: black;">NO SERVICE PASSWORD-RECOVERY</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (h) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.1_19_ea1/configuration/guide/swtrafc.html"><span style="color: black;">Switchport Traffic Controls</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (1) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.1_19_ea1/configuration/guide/swtrafc.html#wp1063295"><span style="color: black;">Storm Control</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (2) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.1_19_ea1/configuration/guide/swtrafc.html#wp1029319"><span style="color: black;">Protected Ports</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (3) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.1_19_ea1/configuration/guide/swtrafc.html#wp1087814"><span style="color: black;">Port Blocking</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (4) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.1_19_ea1/configuration/guide/swtrafc.html#wp1038501"><span style="color: black;">Port Security</span></a><o:p></o:p></span></div><div style="margin: 0cm 0cm 0cm 36pt;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; font-weight: normal; letter-spacing: -0.1pt;">7.00 <a href="http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/12_4t/iap_12_4t_book.html"><span style="color: black;">Implement Network Services</span></a><o:p></o:p></span></h3><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">7.10 <a href="http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_hsrp_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement Hot Standby Router Protocol (HSRP)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">7.20 <a href="http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_glbp_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement Gateway Load Balancing Protocol (GLBP)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">7.30 <a href="http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_vrrp_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement Virtual Router Redundancy Protocol (VRRP)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">7.40 <a href="http://www.cisco.com/en/US/docs/ios/12_1/configfun/configuration/guide/fcd303.html#wp1001170"><span style="color: black;">Implement Network Time Protocol (NTP)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">7.50 <a href="http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfdhcp.html"><span style="color: black;">Implement DHCP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">7.60 <a href="http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_wccp_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement Web Cache Communication Protocol (WCCP)</span></a><o:p></o:p></span></div><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; letter-spacing: -0.1pt;"><o:p style="font-weight: normal;"> </o:p></span></h3><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; font-weight: normal; letter-spacing: -0.1pt;">8.00 <a href="http://www.cisco.com/en/US/tech/tk543/tk757/technologies_white_paper09186a008017f93b.shtml"><span style="color: black;">Implement Quality of Service (QoS)</span></a><o:p></o:p></span></h3><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">8.10 <a href="http://www.cisco.com/en/US/technologies/tk543/tk545/technologies_white_paper09186a0080123415.html"><span style="color: black;">Implement Modular QoS CLI (MQC)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_trfc_nbar_map_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Network-Based Application Recognition (NBAR)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/config_wfq_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1041636"><span style="color: black;">Class-based weighted fair queuing (CBWFQ)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/products/hw/routers/ps167/products_tech_note09186a0080094c00.shtml#topic1"><span style="color: black;">modified deficit round robin (MDRR)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/llq_with_pps_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">low latency queuing (LLQ)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/classification_oview_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Classification</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/polcing_shping_oview_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Policing</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (g) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/polcing_shping_oview_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Shaping</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (h) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/mrkg_netwk_traffic_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Marking</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (1) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_35_se/configuration/guide/swqos.html#wp1032169"><span style="color: black;">CoS</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (2) <a href="http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a0080094acb.shtml#topic2"><span style="color: black;">DE</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (3) <a href="http://www.cisco.com/en/US/tech/tk828/technologies_q_and_a_item09186a00800a43f5.shtml#wp27270"><span style="color: black;">Experimental Bits</span></a> <a href="http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fsqosen.html#wp1024980"><span style="color: black;">[2]</span></a> <o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (4) <a href="http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcclass.html#wp5706"><span style="color: black;">IP Precedence</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (5) <a href="http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a00800949f2.shtml"><span style="color: black;">DSCP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (i) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/config_wred_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Weighted random early detection (WRED)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (j) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/hdr_comp_roadmap_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Compression</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (1) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/config_rtp_hdr_comp_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">RTP Header Compression</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (2) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/config_tcp_hdr_comp_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">TCP Header Compression</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (3) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/config_cb_hdr_comp_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Class-Based Header Compression Methods</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (k) Legacy QoS<o:p></o:p></span></div><div style="margin: 0cm; text-indent: 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">(1) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/config_cq_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">CQ</span></a><o:p></o:p></span></div><div style="margin: 0cm; text-indent: 36pt;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">(2) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/config_pq_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">PQ</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (3) <a href="http://www.cisco.com/en/US/docs/routers/10000/10008/configuration/guides/qos/10qlgacy.pdf"><span style="color: black;">FRTS</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (4) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/config_car_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">CAR</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">8.20 <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_se/configuration/guide/swqos.html"><span style="color: black;">Implement Layer 2 QoS</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/tech/tk389/tk813/technologies_tech_note09186a00801558cb.shtml#topic4"><span style="color: black;">weighted round robin (WRR)</span></a> <o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/configuration/guide/swqos.html#wp1163879"><span style="color: black;">shaped round robin (SRR)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/configuration/guide/swqos.html#wp1032145"><span style="color: black;">policies</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">8.30 <a href="http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcflfifr.html"><span style="color: black;">Implement link fragmentation and interleaving (LFI) for Frame Relay</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">8.40 <a href="http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfgts.html"><span style="color: black;">Implement generic traffic shaping</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">8.50 <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/config_rsvp_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement Resource Reservation Protocol (RSVP)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">8.60 <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/autoqos_voip_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement Cisco AutoQoS</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/autoqos_voip_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1054090"><span style="color: black;">Requirements</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/autoqos_voip_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">VoIP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/autoqos_enterprise_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">AutoQoS for Enterprise</span></a><o:p></o:p></span></div><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; letter-spacing: -0.1pt;"><o:p style="font-weight: normal;"> </o:p></span></h3><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; font-weight: normal; letter-spacing: -0.1pt;">9.00 Troubleshoot a Network<o:p></o:p></span></h3><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">9.10 <a href="http://www.cisco.com/en/US/products/hw/switches/ps5528/prod_tech_notes_list.html"><span style="color: black;">Troubleshoot complex Layer 2 network issues</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">9.20 <a href="http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.0/troubleshooting/guide/tr40ips.pdf"><span style="color: black;">Troubleshoot complex Layer 3 network issues</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">9.30 <a href="http://www.cisco.com/en/US/technologies/tk648/tk362/tk920/technologies_white_paper0900aecd8017531d.html"><span style="color: black;">Troubleshoot a network in response to application problems</span></a> <o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">9.40 <a href="http://www.cisco.com/en/US/tech/tk648/tk362/tsd_technology_support_troubleshooting_technotes_list.html"><span style="color: black;">Troubleshoot network services</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">9.50 <a href="http://www.cisco.com/en/US/solutions/ns170/tac/security_tac_podcasts.html"><span style="color: black;">Troubleshoot network security</span></a><o:p></o:p></span></div><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; letter-spacing: -0.1pt;"><o:p style="font-weight: normal;"> </o:p></span></h3><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; font-weight: normal; letter-spacing: -0.1pt;">10.00 Optimize the Network<o:p></o:p></span></h3><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">10.01 <a href="http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htnmsylg.html"><span style="color: black;">Implement syslog and local logging</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">10.02 <a href="http://www.cisco.com/en/US/docs/ios/ipsla/configuration/guide/sla_overview_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement IP Service Level Agreement SLA</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">10.03 <a href="http://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/12_4t/fnf_12_4t_book.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Implement NetFlow</span></a><br />
10.04 Implement SPAN, RSPAN, and router IP traffic export (RITE)<o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.1_19_ea1/configuration/guide/swspan.html#wp1036816"><span style="color: black;">SPAN</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.1_19_ea1/configuration/guide/swspan.html#wp1081130"><span style="color: black;">RSPAN</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_rawip.html"><span style="color: black;">Router IP Traffic Export</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (1) <a href="http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_rawip.html#wp1027195"><span style="color: black;">Configure IP Traffic Export</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (2) <a href="http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html#wp1051438"><span style="color: black;">Configure IP Traffic Capture</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (3) <a href="http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_rawip.html#wp1053105"><span style="color: black;">Filter with ACLs</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (4) <a href="http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_ip_traff_export_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1050481"><span style="color: black;">Filter with Sampling</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (5) <a href="http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_ip_traff_export_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1052992"><span style="color: black;">Capture Bidirectional Traffic</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">10.05 <a href="http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cfg_snmp_sup_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement Simple Network Management Protocol (SNMP)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cfg_snmp_sup_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1200341"><span style="color: black;">Version 2</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cfg_snmp_sup_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1201017"><span style="color: black;">Version 3</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">10.06 <a href="http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_cli.html" target="_blank"><span style="border: 1pt none windowtext; color: black; padding: 0cm;">Implement Cisco IOS Embedded Event Manager (EEM)</span></a><br />
10.07 <a href="http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cfg_rmon_sup_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement Remote Monitoring (RMON)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">10.08 <a href="http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/cf_file-transfer_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1001421"><span style="color: black;">Implement FTP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">10.09 <a href="http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/cf_file-transfer_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1000896"><span style="color: black;">Implement TFTP</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">10.10 <a href="http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/cf_file-transfer_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1000912"><span style="color: black;">Implement TFTP server on router</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">10.11 <a href="http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_secure_copy_ps6350_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement Secure Copy Protocol (SCP)</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">10.12 <a href="http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/cf_file-trnsfer_http_ps6350_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">Implement HTTP and HTTPS</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;">10.13 Implement Telnet<o:p></o:p></span></div><div style="margin: 0cm;"><span class="Apple-style-span" style="font-weight: normal;"><br />
</span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (a) <a href="http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml#restrictssh"><span style="color: black;">Access-Class</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (b) <a href="http://www.cisco.com/en/US/docs/ios/12_2/termserv/configuration/guide/tcftrmop.html#wp1001125"><span style="color: black;">Session Limits</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (c) <a href="http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf004.html#wp1001164"><span style="color: black;">Busy, Vacant, Refuse, and Custom Messaging</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (d) <a href="http://www.cisco.com/en/US/docs/ios/12_2/termserv/configuration/guide/tcfterm.html#wp1055530"><span style="color: black;">Onscreen Message Suppression</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (e) <a href="http://www.cisco.com/en/US/docs/ios/12_0/configfun/configuration/guide/fcgenral.html#wp3911"><span style="color: black;">Hiding Telnet Addresses</span></a><o:p></o:p></span></div><div style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 10.5pt; font-weight: normal;"> (f) <a href="http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_login_enhance_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1047623"><span style="color: black;">Login Enhancements</span></a><o:p></o:p></span></div><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; letter-spacing: -0.1pt;"><o:p style="font-weight: normal;"> </o:p></span></h3><h3 style="margin: 0cm;"><span style="color: black; font-family: Arial; font-size: 16pt; font-weight: normal; letter-spacing: -0.1pt;">11.00 Extra<o:p></o:p></span></h3><div class="MsoNormal"><span lang="ES" style="color: black; font-size: 10.5pt; font-weight: normal;">10.01 <a href="http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_config_dns_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">DNS</span></a><o:p></o:p></span></div><div class="MsoNormal"><span lang="ES" style="color: black; font-size: 10.5pt; font-weight: normal;">11.02 <a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swsdm.html"><span style="color: black;">SDM</span></a><o:p></o:p></span></div><div class="MsoNormal"><span lang="ES" style="color: black; font-size: 10.5pt;"><span class="Apple-style-span" style="font-weight: normal;">11.03 <a href="http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_tcp_ps6441_TSD_Products_Configuration_Guide_Chapter.html"><span style="color: black;">TCP</span></a></span><o:p></o:p></span></div><div class="MsoNormal"><br />
</div>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com1tag:blogger.com,1999:blog-5130818399852134924.post-41964127486131256962010-12-13T10:12:00.000+01:002010-12-13T10:12:53.735+01:00CCIE R&S::Things to remember after 12 days of bootcamp - Part 2I went to a bootcamp on September and wrote "<a href="http://tcam-interrupt.blogspot.com/2010/09/things-to-remember-after-12-day-ccie-r.html">Things to remember after 12 days of bootcamp</a>", I just got back from another one, so here is Part 2:<br />
<ul><li>Do the initial verification / diagramming / check for 0.0.0.0 mappings in the first 10 minutes. The idea here is to check that the initial configs on the devices match the diagram and if there are any 0.0.0.0 mappings on Frame-Relay, reloading the routers ASAP. Useful commands <b><i>sh run | i no, sh ip alias, sh frame-relay map</i></b></li>
<li>Even reading word by word, I was missing critical bits in the questions so I decided to read the questions twice and after I had done the configuration, reading the question again to see If I missed anything. Focus on key words such as "<b>industry-standard</b>" and "<b>proprietary protocol</b>".</li>
<li>Identify <b>Core </b>vs <b>Non-Core</b> tasks, this is useful when deciding if its really worth it to spend 30 minutes on a 2 points VRF-lite question.</li>
<li>Debugs are good, I did use them a lot more this time, specially <i><b>debug ip routing </b></i>during the mock labs and <i><b>debug ip icmp</b></i>.</li>
<li>Test reachability with tcl, the script I used was basic but to the point:</li>
<ul><li style="text-align: justify;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">foreach ip {</span></li>
<li style="text-align: justify;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">10.10.10.1</span></li>
<li style="text-align: justify;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">192.168.1.2</span></li>
<li style="text-align: justify;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">172.16.1.3} {ping $ip rep 2}</span></li>
</ul><li>Tackle troubleshooting in layers, is this adjacency not coming up because an issue with Layer 2 or Layer 3?</li>
<li>The DocCD is our friend, <a href="http://www.cisco.com/cisco/web/psa/default.html" target="_new">use it</a>.</li>
<li> Time management and tracking skipped tasks is critical.</li>
<li>Verify, verify, verify and after that verify again. This is so important, you might fix an adjacency on a trouble ticket and think thats it, but then it turns out you had <b><i>distance 255</i></b> configured in the routing process, so no routes and no points there.<br />
</li>
</ul>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com1tag:blogger.com,1999:blog-5130818399852134924.post-7483521900647946272010-12-02T17:29:00.000+01:002010-12-02T17:29:54.214+01:00RansomwareI just read a report from Fortinet where a virus rewrites the MBR and asks from ransom, scary stuff out there:<br />
<br />
<a href="http://blog.fortinet.com/all-your-drives-are-belong-to-us/" target=_new>Fortinet Security Blog::All your drives are belong to us</a>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-22803908204512398192010-11-18T18:41:00.032+01:002010-11-21T12:20:08.479+01:00Watchguard PPTP VPN user validation via RADIUS using Cisco ACS 4.2Wow that title is a mouthful.<br />
<br />
A customer has a Watchguard Firebox firewall and a Cisco ACS, all the users for Cisco related activities are on the ACS and the customer wants to migrate all the PPTP VPN users from the firewall to the Cisco ACS.<br />
<br />
Both the ACS and Firebox support RADIUS, so it sounds quite easy.<br />
<br />
I did the initial configuration; creating the AAA client in the ACS, changing the VPN configuration on the watchguard so it asks the ACS for the users, creating a test user and a test group with the following RADIUS parameters:<br />
<br />
<span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><b>[011] Filter-Id PPTP-Users</b></span></span><br />
<span class="Apple-style-span" style="line-height: 14px;"><b><span class="Apple-style-span" style="font-family: inherit;"></span></b></span><span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><b><br />
</b></span><b> </b></span><span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><b>[311\007] MS-MPPE-Encryption-Policy "Encryption Required"</b></span></span><span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><b><br />
</b></span><b> </b></span><span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><b>[311\008] MS-MPPE-Encryption-Types "128-bit"</b></span></span><span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><b><br />
</b></span><b> </b></span><span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><b>[311\012] MS-CHAP-MPPE-Keys</b></span></span><span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><b> </b></span></span><span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><b><br />
</b></span><b> </b></span><span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><b>[311\016] MS-MPPE-Send-Key</b></span></span><span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><b> </b></span></span><span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><b><br />
</b></span><b> </b></span><span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><b>[311\017] MS-MPPE-Recv-Key</b></span></span><br />
<br />
Testing with a Windows 7 Enterprise client, I got the error:<br />
<b></b><br />
<span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><i><b>Error 734: The PPP link control protocol was terminated. </b></i></span></span><br />
<span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><br />
The logs on the firewall showed:</span></span><br />
<br />
<span class="Apple-style-span" style="font-family: verdana, geneva, sans-serif; font-size: small;"><span class="Apple-style-span" style="font-size: 11px; line-height: 14px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">level=''3'' msg=''pri=''3'' msg_id=''1401-3003'' msg=''pptp MSCHAPv2 authentication ok for peer wg''''<br />
level=''7'' msg=''sent [CHAP Success id=0x32 ''S=5F85A740C65AD93F308ED6681B455486FC2EF4F5 M=Access granted'']'' new_msg='' level=''7'' msg=''sent [CHAP Success id=0x32 ''S=5F85A740C65AD93F308ED6681B455486FC2EF4F5 M=Access granted'']'''' Debug<br />
pppd[1255] <b>MPPE required, but keys are not available. Possible plugin problem?</b><br />
pppd <b>MPPE required but not available</b>'''</span></span></span><br />
<br />
<span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;">Basically the issue seemed to be MPPE related, since the configuration requires encryption, no MPPE = no VPN.</span></span><br />
<span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;"><br />
</span></span><span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;">In the ACS the authentication showed as successful and little else. I checked and double checked the RADIUS attributes. After sometime with Watchguard support, they suggested to get a packet capture of the ACS RADIUS response:</span></span><br />
<span class="Apple-style-span" style="font-family: verdana, geneva, sans-serif; font-size: small;"><span class="Apple-style-span" style="font-size: 11px; line-height: 14px;"><br />
</span></span><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_koJNhC0MZLU/TOVhSBncIUI/AAAAAAAAJQQ/X5VWuweoCIE/s1600/radius-ietf-acsreply.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="165" src="http://3.bp.blogspot.com/_koJNhC0MZLU/TOVhSBncIUI/AAAAAAAAJQQ/X5VWuweoCIE/s400/radius-ietf-acsreply.png" width="400" /></a></div><br />
<span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;">Using Wireshark, it was clear that the ACS was not sending any MPPE related attributes and in fact the only Microsoft attribute was the one indicating that the authentication was OK. </span></span><br />
<br />
<span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;">I replicated the VPN configuration using a cisco router and it worked without issues, after that, I was checking everything again and noticed that the cisco router was defined in the ACS AAA client section as "RADIUS (Cisco IOS/PIX 6.0)" while the Watchguard Firewall was defined as "RADIUS (IETF)"</span></span><br />
<br />
<span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;">I changed the firewall to </span></span><span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;">"RADIUS (Cisco IOS/PIX 6.0)" and ta-da, everything worked.</span></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_koJNhC0MZLU/TOVi8LZX1vI/AAAAAAAAJQU/chJwpXbrANY/s1600/radius-ios-acsreply.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="285" src="http://4.bp.blogspot.com/_koJNhC0MZLU/TOVi8LZX1vI/AAAAAAAAJQU/chJwpXbrANY/s400/radius-ios-acsreply.png" width="400" /></a></div><br />
<span class="Apple-style-span" style="line-height: 14px;"><span class="Apple-style-span" style="font-family: inherit;">All the Microsoft attributes were there and all was well in the land. Of course after reading the ACS help, it seems obvious:</span></span><br />
<br />
<span class="Apple-style-span" style="font-family: verdana, geneva, sans-serif;"><span class="Apple-style-span" style="line-height: 14px;">"</span></span><b>RADIUS (IETF).</b> These are the standard IETF RADIUS attributes. Select this option if you are using devices supporting RADIUS but do not need to make use of the vendor-specific attributes (VSA) of the manufacturer.<br />
<br />
<b>RADIUS (Cisco IOS/PIX 6.0)</b> Select the RADIUS (Cisco IOS) option when using a Cisco Systems IOS device as a AAA client. This option enables you to <span lang="en-us"></span>make use of the Cisco IOS and PIX 6.0 RADIUS VSAs."Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-78624481343611456202010-11-18T12:36:00.002+01:002010-11-18T12:37:11.505+01:00IPexpert Contest Entry<div class="separator" style="clear: both; text-align: justify;">There was/is my entry for the Free CCIE bootcamp/I love IPexpert Nov contest at IPexpert:</div><div class="separator" style="clear: both; text-align: justify;"><br />
</div><div class="separator" style="clear: both; text-align: justify;"><span class="Apple-style-span" style="border-collapse: collapse;"><span class="Apple-style-span" style="font-family: inherit;">I replicated the logo using utp cables, serial cables, octopus cables, console cables and router faceplates, great fun with the help of <a href="http://twitter.com/scontreraf">@scontreraf</a> and <a href="http://twitter.com/coolbomb">@coolbomb</a></span></span></div><div class="separator" style="clear: both; text-align: justify;"><br />
</div><div class="separator" style="clear: both; text-align: center;">The final image:</div><div class="separator" style="clear: both; text-align: justify;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_koJNhC0MZLU/TOUON4cHEHI/AAAAAAAAJQI/YW8kUdrhyb4/s1600/I-love-ipexpert.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="http://2.bp.blogspot.com/_koJNhC0MZLU/TOUON4cHEHI/AAAAAAAAJQI/YW8kUdrhyb4/s400/I-love-ipexpert.jpg" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;">One of the many of how it was done:</div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_koJNhC0MZLU/TOUOVGugJaI/AAAAAAAAJQM/vba9-_S_dts/s1600/how-it-was-made-I-love-ipexpert-small.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="239" src="http://3.bp.blogspot.com/_koJNhC0MZLU/TOUOVGugJaI/AAAAAAAAJQM/vba9-_S_dts/s320/how-it-was-made-I-love-ipexpert-small.jpg" width="320" /></a></div>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-60836611804682889152010-11-08T17:06:00.002+01:002010-11-18T12:26:29.028+01:00Cisco IOS Site-to-Site IPSec VPN using CertificatesAfter a couple of weeks trying to get a Site-to-Site IPSec tunnel to work using a Watchguard firewall, I decided to simply do it with a Cisco Router.<br />
<div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">These are the steps involved in the configuration, hopefully this will help someone else or myself in the future.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">In my particular case, the remote end uses certificates for the VPN and has a Certification Authority, so first we have to generate a certificate and ask them to sign it, the CSR can be generated on the IOS but for backup purposes I always tend to use openssl, that way if the router/firewall dies, we have backups:</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">openssl req -new -nodes -keyout example.key -out example.csr</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><br />
</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">Generating a 1024 bit RSA private key</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">.............++++++</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">............++++++</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">writing new private key to 'example.key'</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">-----</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">You are about to be asked to enter information that will be incorporated</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">into your certificate request.</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">What you are about to enter is what is called a Distinguished Name or a DN.</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">There are quite a few fields but you can leave some blank</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">For some fields there will be a default value,</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">If you enter '.', the field will be left blank.</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">-----</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">Country Name (2 letter code) [AU]:</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">State or Province Name (full name) [Some-State]:</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">Locality Name (eg, city) []:</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">Organization Name (eg, company) [Internet Widgits Pty Ltd]:</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">Organizational Unit Name (eg, section) []:</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">Common Name (eg, YOUR name) []:</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">Email Address []:</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><br />
</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">Please enter the following 'extra' attributes</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">to be sent with your certificate request</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">A challenge password []:</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">An optional company name []:</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Now that the CSR its done, the CA has to sign it.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">After the CA does the signing, we need to import the certificates into the IOS device. There are many ways of doing this, but I prefer the PKCS#12 method since it's self-contained and simpler.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">To use PKCS#12, we need to create the p12 file, I do this with openssl:</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">openssl pkcs12 -export -in example.cer -inkey example.key -certfile ca.cer -name "name" -out example.p12</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">Enter Export Password:</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">Verifying - Enter Export Password:</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Now that we have the certificate signed and in PKCS#12 format, we have to import it to the IOS device, for that we have to create a pki trustpoint:</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">R1(config)#crypto pki trustpoint EXAMPLE-VPN</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">R1(ca-trustpoint)#revocation-check none</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">With the trustpoint created, we can import the certificate. There are several methods, I use TFTP:</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="background-color: white;">R1(config)#crypto ca import EXAMPLE-VPN pkcs12 tftp: PASSWORD</span></span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="background-color: white;">% Importing pkcs12…</span></span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="background-color: white;">Address or name of remote host []? 1.1.1.1</span></span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="background-color: white;">Source filename [trustpoint]? example.p12</span></span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="background-color: white;">Reading file from tftp://1.1.1.1/example.p12</span></span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="background-color: white;">Loading example.p12 from 1.1.1.1 (via FastEthernet0/0): !</span></span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="background-color: white;">[OK - 1245 bytes]</span></span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="background-color: white;"><br />
</span> </span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="background-color: white;">CRYPTO_PKI: Imported PKCS12 file successful</span></span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">We can verify that everything was imported correctly with the commands:</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">show crypto pki trustpoints</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">show crypto pki certificates</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Now that the certificates are out of the way, we can focus on the VPN configuration itself.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">The tunnel parameters for this example are:</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">IKE Phase 1</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><ul><li>Encryption 3DES</li>
<li>Hash SHA</li>
<li>DH-Group 2</li>
</ul><div><br />
</div></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">IKE Phase 2</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><ul><li>ESP-3DES-MD5</li>
<li>Local Network: 192.168.2.1/32</li>
<li>Remote Network: 192.168.1.0/24</li>
</ul><div><br />
</div></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">IKE Phase 1:</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">crypto isakmp policy 1</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">encr 3des</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">authentication rsa-sig</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">hash sha</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">group 2</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">This can be verified using <span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">show crypto isakmp policy</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Transform-Set(s):</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">crypto ipsec transform-set TRANSFORM-SET-NAME esp-3des esp-md5-hmac</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">This can be verified using <span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">show crypto ipsec transform-set</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Interesting traffic and NATing the source:</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Lets assume that my network is 192.168.0.0/24, the remote network 192.168.1.0/24 and that the remote side has told me that all of my traffic has to come from 192.168.2.1</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">ip access-list extended NAT-IP-VPN</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">permit ip host 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><br />
</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">ip nat pool VPN-NAT 192.168.2.1 192.168.2.1 prefix-length 30</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><br />
</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">ip nat inside source list NAT-IP-VPN pool VPN-NAT overload</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><br />
</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">ip access-list extended TRAFFIC-VPN</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">permit ip host 192.168.2.1 192.168.1.0 0.0.0.255</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Be careful with the NAT because if you have more than one statement the order matters. This can be verified using <span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">show ip nat translations</span>, <span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">show access-lists</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Crypto Map:</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">This is where we put it all together for the IKE Phase 2</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">crypto map VPN-Map-1 10 ipsec-isakmp</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">set peer 1.1.1.1</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">set security-association lifetime seconds 86400</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">set transform-set TRANSFORM-SET-NAME</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">match address </span><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">TRAFFIC-VPN</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Apply the crypto map/nat on the interfaces:</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">interface FastEthernet0/0</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">description LAN</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">ip nat inside</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><br />
</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">interface ATM0.1 point-to-point</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">description WAN</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">ip nat outside</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">crypto map VPN-Map-1</span></div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Verification:</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Now all we have to do is generate interesting traffic and test what happens, some useful commands are <span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">show crypto isakmp sa</span> and <span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">show crypto ipsec sa</span>.</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><br />
</div><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">Useful Links:</div><div><br />
</div><div style="text-align: justify;"><a href="http://sites.google.com/site/amitsciscozone/home/ipsec/site-to-site-ipsec-vpn-using-digital-certificates" target="_new"><span class="Apple-style-span" style="font-family: inherit;"><span class="Apple-style-span" style="color: black;"><b>Site-to-site IPSec VPN using Digital Certificates</b></span></span></a></div><div><div class="book-heading"><div class="chapter-title" style="text-align: justify;"><a href="http://www.cisco.com/en/US/docs/security/vpn_modules/6342/configuration/guide/6342site3.html" target="_new"><span class="Apple-style-span" style="font-family: inherit;"><span class="Apple-style-span" style="color: black;"><b>Site-to-Site and Extranet VPN Business Scenarios</b></span></span></a></div><div class="chapter-title"><div class="chapter-title" style="text-align: justify;"><span class="Apple-style-span" style="font-family: inherit;"><a href="http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/ps6664/product_data_sheet0900aecd80313df7.pdf" target="_new"><span class="Apple-style-span" style="color: black;"><b>Deploying Cisco IOS Security with a Public-Key Infrastructure</b></span></a></span><br />
<span class="Apple-style-span" style="color: black;"><b><a href="http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/ps6664/product_data_sheet0900aecd80313df7.pdf" target="_new"></a></b></span><a href="http://www.flatmtn.com/article/creating-pkcs12-certificates" target="_new"><span class="Apple-style-span" style="color: black;"><span class="Apple-style-span" style="font-family: inherit;"><b>Creating PKCS12 Certificates</b></span></span></a></div></div></div></div><div style="text-align: justify;"><a href="http://www.booches.nl/2010/02/11/import-pkcs12-certificate-on-ios-router/" rel="bookmark" target="_new" title="Permanent Link: Import PKCS12 certificate on IOS router"><span class="Apple-style-span" style="font-family: inherit;"><span class="Apple-style-span" style="color: black;"><b>Import PKCS12 certificate on IOS router</b></span></span></a></div>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-53437222085081400662010-11-03T17:24:00.002+01:002010-11-03T17:59:17.829+01:00Basic Cisco ASA 8.2 TemplateA basic Cisco ASA 8.2 template.This is meant to used as a starting point for a production configuration and obviously it has to be customized to meet your particular security requirements.<br />
<br />
This templates uses:<br />
<br />
*3 Interfaces (outside 192.168.100.0/24, inside10.0.0.0/24 and dmz 172.16.0.0/24)<br />
*Management interface (192.168.0.0/24)<br />
*Banner for motd and ADSM.<br />
*CET/CEST timezone.<br />
*Firewall/NAT rules that allow IP/icmp traffic from inside to outside with nat, inside to dmz without nat, dmz to outside with nat.<br />
*Static NATs for both dmz and inside hosts (tcp 80 and tcp 8080).<br />
*AAA configuration with a local validation in case the AAA servers are unreachable or down (notacacsuser).<br />
*SNMP access<br />
*SSH/ASDM access everywhere except the dmz<br />
*NTP<br />
<br />
Configuration:<br />
<br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">ASA Version 8.2(3) </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">!</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">hostname ASA-TEMPLATE</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">domain-name foo.bar</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">names</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">!</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">interface GigabitEthernet0/0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> nameif outside</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> security-level 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> ip address 192.168.100.2 255.255.255.0 </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">!</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">interface GigabitEthernet0/1</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> nameif inside</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> security-level 100</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> ip address 10.0.0.1 255.255.255.0 </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">!</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">interface GigabitEthernet0/2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> nameif dmz</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> security-level 50</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> ip address 172.16.0.1 255.255.255.0 </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">!</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">interface Management0/0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> nameif management</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> security-level 100</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> ip address 192.168.0.22 255.255.255.0 </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> management-only</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">!</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">banner motd -----------------------------------------------</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">banner motd WARNING: You have accessed a restricted system.</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">banner motd -----------------------------------------------</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">banner asdm -----------------------------------------------</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">banner asdm WARNING: You have accessed a restricted system.</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">banner asdm -----------------------------------------------</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">ftp mode passive</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">clock timezone CEST 1</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 2:00</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">dns server-group DefaultDNS</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> domain-name foo.bar</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">object-group service Web8080 tcp</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> port-object eq 8080</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">access-list inside_access_in extended permit icmp 10.0.0.0 255.255.255.0 any </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">access-list inside_access_in extended permit ip 10.0.0.0 255.255.255.0 any </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">access-list inside_access_in extended permit icmp 172.16.0.0 255.255.255.0 10.0.0.0 255.255.255.0 </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">access-list outside_access_in extended permit icmp any any </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">access-list outside_access_in extended permit tcp any interface outside eq www </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">access-list outside_access_in extended permit tcp any interface outside object-group Web8080 </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">access-list dmz_access_in extended permit icmp 172.16.0.0 255.255.255.0 10.0.0.0 255.255.255.0 echo-reply </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">access-list dmz_access_in extended deny ip 172.16.0.0 255.255.255.0 10.0.0.0 255.255.255.0 </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">access-list dmz_access_in extended permit ip 172.16.0.0 255.255.255.0 any </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">access-list dmz_access_in extended deny icmp 172.16.0.0 255.255.255.0 10.0.0.0 255.255.255.0 </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">access-list dmz_access_in extended permit icmp 172.16.0.0 255.255.255.0 any </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">pager lines 24</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">logging enable</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">logging timestamp</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">logging buffer-size 96000</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">logging buffered debugging</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">logging asdm informational</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">logging host outside 192.168.102.245</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">mtu outside 1500</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">mtu inside 1500</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">mtu dmz 1500</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">mtu management 1500</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">no failover</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">icmp unreachable rate-limit 1 burst-size 1</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">asdm image disk0:/asdm-634-53.bin</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">no asdm history enable</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">arp timeout 14400</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">global (outside) 1 interface</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">nat (inside) 1 10.0.0.0 255.255.255.0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">nat (dmz) 1 172.16.0.0 255.255.255.0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">static (inside,outside) tcp interface www 10.0.0.45 www netmask 255.255.255.255 </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">static (dmz,outside) tcp interface 8080 172.16.0.10 www netmask 255.255.255.255 </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">static (dmz,outside) 192.168.100.3 172.16.0.2 netmask 255.255.255.255 </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">static (inside,dmz) 10.0.0.0 10.0.0.0 netmask 255.255.255.0 </span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">access-group outside_access_in in interface outside</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">access-group inside_access_in in interface inside</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">access-group dmz_access_in in interface dmz</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">route outside 0.0.0.0 0.0.0.0 192.168.100.1 1</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">timeout xlate 3:00:00</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">timeout tcp-proxy-reassembly 0:01:00</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">dynamic-access-policy-record DfltAccessPolicy</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">aaa-server tacacs protocol tacacs+</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">aaa-server tacacs (management) host 192.168.0.5</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;"> key tacacssecret</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">aaa authentication ssh console tacacs LOCAL</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">aaa authentication telnet console tacacs LOCAL</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">aaa authentication serial console tacacs LOCAL</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">aaa authentication enable console tacacs LOCAL</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">aaa authentication http console tacacs LOCAL</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">aaa authorization command tacacs LOCAL</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">http server enable</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">http 0.0.0.0 0.0.0.0 management</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">http 0.0.0.0 0.0.0.0 inside</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">http 0.0.0.0 0.0.0.0 outside</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">snmp-server host inside 1.1.1.1 poll community test version 2c</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">snmp-server location LOCATION</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">snmp-server contact super-firewall-admin@foo.bar</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">snmp-server enable traps snmp authentication linkup linkdown coldstart</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">sysopt noproxyarp outside</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">sysopt noproxyarp inside</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">sysopt noproxyarp dmz</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">sysopt noproxyarp management</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">crypto ipsec security-association lifetime seconds 28800</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">crypto ipsec security-association lifetime kilobytes 4608000</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">telnet timeout 5</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">ssh 0.0.0.0 0.0.0.0 outside</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">ssh 0.0.0.0 0.0.0.0 inside</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">ssh 0.0.0.0 0.0.0.0 management</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">ssh timeout 5</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">ssh version 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">console timeout 5</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">threat-detection basic-threat</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">threat-detection statistics access-list</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">ntp server 1.1.1.1</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">webvpn</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">username notacacsuser password notacacsuser privilege 15</span></span>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com2tag:blogger.com,1999:blog-5130818399852134924.post-47826221138905691632010-10-18T11:28:00.006+02:002010-10-18T11:35:21.686+02:00CiscoSecure ACS for Windows Router PPTP AuthenticationIf you need to migrate your PPTP users from a IOS device/PIX to a Cisco ACS, this is a good starting point:<br />
<br />
<a href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a008009436a.shtml">Configuring CiscoSecure ACS for Windows Router PPTP Authentication</a><br />
<br />
I was having an odd issue with this configuration, everything seemed fine but on my Windows 7 Test client I got the Error 742: "<b>The remote server does not support encryption</b>" every time I tried to connect, the ACS 4.2 showed the authentication as successful and nothing else, the debug on the router pretty much the same thing with the exception of :<br />
<br />
"<span class="Apple-style-span" style="font-family: monospace;"><span class="Apple-style-span" style="white-space: pre;">Vi1 MPPE: RADIUS keying material missing"</span></span><br />
<span class="Apple-style-span" style="font-family: monospace;"><span class="Apple-style-span" style="white-space: pre;"></span></span><br />
<div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">After 2 weeks with TAC, We came to the conclusion that the issue was caused by the fact that starting with Vista, MS-CHAP v1 is deprecated, so in order for MS-CHAP v2 to work we needed to enable the extra MPPE Attributes:</div><br />
<span class="Apple-style-span" style="font-family: monospace; font-size: 13px;"><b>[311\016] MS-MPPE-Send-Key</b></span><span class="Apple-style-span" style="font-family: monospace; font-size: 13px;"><b><br />
</b></span><span class="Apple-style-span" style="font-family: monospace; font-size: 13px;"><b>[311\017] MS-MPPE-Recv-Key</b></span><br />
<br />
In the new Cisco ACS 5.x family, enabling the these particular attributes does not seem to be necessary since "<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; font-size: 12px;"><a href="http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/migration/guide/Appendix_A_ACS_missing_Attributes.html#wp1052013">These are added to the profile as required</a></span><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; font-size: 12px;">". </span>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-34690578088716463602010-10-16T18:47:00.002+02:002010-10-18T18:04:19.053+02:00EIGRP K ValuesJust for reference:<br />
<br />
K1 = bandwidth<br />
K2 = load<br />
K3 = delay<br />
K4 = reliability<br />
K5 = Additional Reliability modifier [<a href="https://learningnetwork.cisco.com/message/40672">reference</a>]<br />
<br />
Good sumary <a href="http://www.rhyshaden.com/eigrp.htm">here</a><br />
<br />
<a href="http://www.cisco.com/en/US/docs/ios/iproute_eigrp/command/reference/ire_i1.html#wp1034496">Cisco docs</a>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com4tag:blogger.com,1999:blog-5130818399852134924.post-49564459558769131882010-10-14T17:14:00.019+02:002010-10-14T17:51:01.493+02:00VMWare ESXi Hardware MonitoringSo I have some ESXi servers running and needed to do hardware monitoring with Nagios.<br />
<br />
I found <a href="http://www.claudiokuenzler.com/ithowtos/nagios_check_esxi_wbem.php">check_esx_wbem.py</a> a Python script that uses VMWare CIM (if you need to enable CIM, read more <a href="http://www.virtuallifestyle.nl/2009/01/enabling-cim-on-esxi/">here</a>)<br />
<br />
The script requires <a href="http://www.python.org/download/">python </a>and the <a href="http://sourceforge.net/projects/pywbem/">pywbem </a>module. In my case, I did aptitude install ;)<br />
<br />
The usage is simple really:<br />
<br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">Usage : ./check_esx_wbem.py hostname user password [verbose]<br />
Example : ./check_esx_wbem.py https://myesxi:5989 root password</span><br />
<br />
Using verbose, you get a lot of output such as this:<br />
<br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:14 Check classe CIM_ComputerSystem</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 7:1</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 7:2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 7:3</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 7:4</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 7:5</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 7:6</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 7:7</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 7:8</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 7:9</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Internal Expansion Board 16:1</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Internal Expansion Board 16:2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Internal Expansion Board 16:3</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Internal Expansion Board 16:4</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Internal Expansion Board 16:5</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Internal Expansion Board 16:6</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Internal Expansion Board 16:7</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = esxi.example.com</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = Hardware Management Controller (Node 0)</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Check classe CIM_NumericSensor</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 8 Power Meter</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 7 Temp 24</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 6 Temp 23</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 5 Temp 22</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = Drive Backplane 1 Temp 21</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = Memory Module 9 Temp 20</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = Processor 3 Temp 19</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Internal Expansion Board 7 Temp 18</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Internal Expansion Board 6 Temp 17</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Internal Expansion Board 5 Temp 16</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Internal Expansion Board 4 Temp 15</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Internal Expansion Board 3 Temp 14</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Internal Expansion Board 2 Temp 13</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Internal Expansion Board 1 Temp 12</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = Memory Module 8 Temp 11</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = Memory Module 7 Temp 10</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = Memory Module 6 Temp 9</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = Memory Module 4 Temp 7</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = Memory Module 3 Temp 6</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = Memory Module 2 Temp 5</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = Memory Module 1 Temp 4</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = Processor 1 Temp 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = External Environment 1 Temp 1</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 4 Fans</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 2 Fan 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Name = System Board 1 Fan 1</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:15 Check classe CIM_Memory</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = Proc 1 Level-1 Cache</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = Proc 1 Level-1 Cache</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = Proc 1 Level-1 Cache</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = Proc 1 Level-1 Cache</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = Proc 1 Level-2 Cache</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = Proc 1 Level-2 Cache</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = Proc 1 Level-2 Cache</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = Proc 1 Level-2 Cache</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = Proc 1 Level-3 Cache</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Op Status = 0</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = Memory</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Check classe CIM_Processor</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = Proc 1</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Check classe CIM_RecordLog</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = IPMI SEL</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Check classe OMC_DiscreteSensor</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = Power Supply 3 Power Supplies</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Op Status = 2</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = System Chassis 3 Ext. Health LED</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = System Chassis 2 Int. Health LED</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Element Name = System Chassis 1 UID Light</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Check classe VMware_StorageExtent</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:16 Check classe VMware_Controller</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:17 Check classe VMware_StorageVolume</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:17 Check classe VMware_Battery</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><span class="Apple-style-span" style="font-size: small;">20101014 17:09:17 Check classe VMware_SASSATAPort</span></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">OK</span><br />
<br />
<span style="color: #333333; line-height: 18px;"><span class="Apple-style-span" style="font-family: inherit;"><u><b>Nagios Integration</b></u></span><br />
<br />
Create a check command definition in nagios such as this:<br />
<br />
define command {<br />
command_name check_esxi<br />
command_line /usr/bin/python /usr/lib/nagios/plugins/check_esx.py https://'$HOSTADDRESS$':5989 '$ARG1$' '$ARG2$' verbose<br />
}<br />
<br />
Create a service tied to a host:<br />
<br />
define service {<br />
host_name ESXi-server<br />
service_description Hardware ESXi<br />
use generic-service<br />
check_command check_esxi!root!password<br />
register 1<br />
}<br />
<br />
Restart Nagios and Presto, now you are monitoring the hardware on your ESXi server.</span>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-62497401832160685092010-10-08T13:05:00.000+02:002010-10-08T13:05:33.024+02:00Free CCIE INE vSeminarsFrom <a href="http://blog.ine.com/2010/10/07/more-details-on-upcoming-vseminars/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+ine+%28INE+CCIE+Blog%29" target="_new">INE</a>:<br />
<br />
"As Anthony announced last week, we have a few new vSeminars coming up shortly, and I wanted to post the details of exactly when they would be, as well as provide a link to register for them.<br />
<b>Routing and Switching:</b><br />
<ul><li>October 15, 2010 – 11:00 AM EST</li>
<li>Instructor: Anthony Sequeira, CCIE #15626</li>
<li>Topic: Developing Tier 2 Knowledge</li>
</ul><ul><li>November 10, 2010 – 03:00 PM EST</li>
<li>Instructor: Anthony Sequeira, CCIE #15626</li>
<li>Topic: “I CANNOT REACH THE BACKBONE!”</li>
</ul><b>Voice:</b><br />
<ul><li>October 22, 2010 – 03:00 PM EST</li>
<li>Instructor: Mark Snow, CCIE #14073</li>
<li>Topic: Unified Mobility Interactions with Local Route Group and Globalization</li>
</ul><ul><li>December 14, 2010 – 03:00 PM EST</li>
<li>Instructor: Mark Snow, CCIE #14073</li>
<li>Topic: LDAP Synchronization and Authentication in Unified Communications</li>
</ul>To register for any of these, simply <a href="http://www.ine.com/free-ccie-vseminar.htm#Register" target="_new" title="Register for an INE Online vSeminar Event">click here</a> and fill in your name and email, and you will be notified via email the week of the event."Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-67878402386851969942010-10-07T10:03:00.002+02:002010-10-07T10:04:49.160+02:00Cisco ACS 4.2:: Quick and easy way to admin devices via TACACS+A quick template for Cisco ACS 4.2 TACACS+ administration for IOS devices.<br />
<br />
<u>On the IOS device (taken from a switch):</u><br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">enable secret <SECRET></span><br />
<span style="font-family: "Courier New",Courier,monospace;">no enable password</span><br />
<span style="font-family: "Courier New",Courier,monospace;">no username <ANY CURRENT USERS></span><br />
<span style="font-family: "Courier New",Courier,monospace;">username panicuser secret 0 <PANIC USER PASSWORD></span><br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">ip tacacs source-interface <MANAGEMENT INT></span><br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">tacacs-server directed-request</span><br />
<span style="font-family: "Courier New",Courier,monospace;">tacacs-server key <SECRET></span><br />
<span style="font-family: "Courier New",Courier,monospace;">tacacs-server host <ACS IP></span><secret><any current="" usernames=""><failover password="" user=""><admin vlans=""><secret tacacs=""><acs ip=""><br style="font-family: "Courier New",Courier,monospace;" /> <br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> aaa new-model</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">aaa authentication login default group tacacs+ local</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">aaa authentication login no-tacacs none</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">aaa authentication enable default group tacacs+ enable</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">aaa authorization config-commands</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">aaa authorization exec default if-authenticated</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">aaa authorization commands 1 default if-authenticated</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">aaa authorization commands 15 default group tacacs+ local</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">aaa authorization console</span><br />
<br />
Exit the IOS device and enter with an ACS username:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">aaa accounting exec default start-stop group tacacs+</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">aaa accounting commands 0 default start-stop group tacacs+</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">aaa accounting commands 1 default start-stop group tacacs+</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">aaa accounting commands 15 default start-stop group tacacs+</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">aaa accounting connection default start-stop group tacacs+</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">aaa accounting system default start-stop group tacacs+</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">aaa session-id common</span></acs></secret></admin></failover></any></secret><br />
<secret><any current="" usernames=""><failover password="" user=""><admin vlans=""><secret tacacs=""><acs ip=""></acs></secret></admin></failover></any></secret><br />
<u>Cisco ACS:</u><br />
<br />
Interface Configuration->TACACS+ (Cisco IOS)->Advanced TACACS+ Features and Display enable default (Undefined) service configuration<br />
<br />
Network Configuration-> AAA Clients Add Entry-> IOS Device IP Address/Secret/TACACS+ (Cisco IOS)<br />
<br />
Group Setup-> The group you want to use->Rename Group-> Meaningful name (Eg: Networking Admins)<br />
<br />
Group Setup-> Networking Admins->Edit Settings:<br />
<br />
->Enable Options->Level 15<br />
->TACACS+ Settings->Shell (exec)<br />
->TACACS+ Settings->Privilege level->15<br />
->TACACS+ Settings->Shell Command Authorization Set->Per Group Command Authorization->Permit<br />
->Submit + Restart<br />
<br />
User Setup->Name of the user to create->Add/Edit<br />
<br />
->User Setup->Password<br />
->User Setup->Group to which the user is assigned:->Networking Admins<br />
->Advanced TACACS+ Settings-> TACACS+ Enable Control:->Use Group Level Setting <br />
->Advanced TACACS+ Settings-> TACACS+ Enable Password->Use CiscoSecure PAP password<br />
->Submit<br />
<br />
That's it, now everything AAA related goes to the TACACS+ and if the IOS device can't reach it, you have the panicuser that gives you local access to the device.<secret><any current="" usernames=""><failover password="" user=""><admin vlans=""><secret tacacs=""><acs ip=""><br />
</acs></secret></admin></failover></any></secret>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-69630789365541456882010-10-03T21:01:00.000+02:002010-10-03T21:01:14.856+02:00Odds & evens0.0.0.0 255.255.254.255 <br />
0.0.1.0 255.255.254.255Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-14052411943460125732010-10-01T09:22:00.003+02:002010-10-01T09:23:34.457+02:00CCIE INE::Mark Your Calendar for Upcoming Free vSeminarsFrom the <a href="http://blog.ine.com/2010/09/30/mark-your-calendar-for-upcoming-free-vseminars/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+ine+%28INE+CCIE+Blog%29" target="_new">INE Blog</a>:<br />
<br />
"We have some exciting free vSeminars on the way. More details will follow, but I wanted everyone to mark the dates now. These events will be recorded and added to:<br />
<br />
<a href="http://www.ine.com/free-ccie-vseminar.htm" target=_new>http://www.ine.com/free-ccie-vseminar.htm</a><br />
<br />
<b><u>Routing and Switching</u></b><br />
<br />
October 15, 2010 – Developing Tier 2 Knowledge<br />
<br />
November 10, 2010 – “I CANNOT REACH THE BACKBONE!”<br />
<br />
<b><u>Voice</u></b><br />
<br />
October 22, 2010 – Unified Mobility Interactions with Local Route Group and Globalization<br />
<br />
December 14, 2010 - LDAP Synchronization and Authentication in Unified Communications"Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-17757331793941489792010-09-30T12:28:00.005+02:002010-09-30T13:16:06.398+02:00Cisco Catalyst 2950 HTTP: out of linesThis week I have being working on a lab setup to test some new features on an ACS deployment for a customer. For the lab, I took a couple of Catalyst 2950s/3550s and did some AAA configuration on them, so that pretty much everything AAA related went to the ACS servers.<br />
<br />
After everything was done, I was doing verification on different things and everything was working as it should and then it was HTTP turn on the 2950s, the configuration was there but nothing was happening, all I got was a blank page every time I tried to enter the Web GUI.<br />
<br />
Doing a <b><span style="font-family: "Courier New",Courier,monospace;">debug ip http transactions</span></b> showed:<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">000605: Sep 30 09:58:32.736 CEST: HTTP: out of lines</div><div style="font-family: "Courier New",Courier,monospace;">000606: Sep 30 09:58:32.748 CEST: HTTP: out of lines</div><div style="font-family: "Courier New",Courier,monospace;">000607: Sep 30 09:58:32.768 CEST: HTTP: out of lines</div><div style="font-family: "Courier New",Courier,monospace;">000608: Sep 30 09:58:32.780 CEST: HTTP: out of lines</div><br />
My first thought was check to see if indeed the switch was out of lines, but that wasn't the case:<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">SW1#sh users all<br />
Line User Host(s) Idle Location<br />
0 con 0 00:00:00<br />
* 1 vty 0 lab idle 00:00:00 1.1.1.1</div><div style="font-family: "Courier New",Courier,monospace;"> 2 vty 1 00:00:00<br />
3 vty 2 00:00:00<br />
4 vty 3 00:00:00<br />
5 vty 4 00:00:00<br />
6 vty 5 00:00:00<br />
7 vty 6 00:00:00<br />
8 vty 7 00:00:00<br />
9 vty 8 00:00:00<br />
10 vty 9 00:00:00<br />
11 vty 10 00:00:00<br />
12 vty 11 00:00:00<br />
13 vty 12 00:00:00<br />
14 vty 13 00:00:00<br />
15 vty 14 00:00:00<br />
16 vty 15 00:00:00<br />
<br />
</div><div style="text-align: justify;">Some searching later I <a href="https://cisco-support.hosted.jivesoftware.com/thread/184136?decorator=print&displayFullThread=true" target=_new>found </a>that apparently on the 2950s (Version 12.1(22)EA13) if you have <b style="font-family: "Courier New",Courier,monospace;">transport input ssh</b> on the vty lines, HTTP doesn't work, the issue was solved changing the vty lines configuration to <b style="font-family: "Courier New",Courier,monospace;">transport input ssh telnet</b>.</div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;">I wasn't able to reproduce the same behavior on the 3550s (Version 12.2(53)SE).</div>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com3tag:blogger.com,1999:blog-5130818399852134924.post-9525143566092921022010-09-28T13:38:00.004+02:002010-09-28T13:51:37.761+02:00Cisco Secure ACS password recovery<div style="text-align: justify;">So today I got an ACS backup from a client to test some features on a lab setup and since I had never done it, instead of asking for the GUI password, I decided to do password recovery.</div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;">After some googling, I found a couple of ways, both on the official Cisco <a href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_qanda_item09186a0080094bac.shtml#qa3" target="_new">FAQ</a>:</div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;">1. Using <tt>allowAutoLocalLogin </tt>to enable that if you are opening the GUI from the server, it doesn't ask for a password.</div>2. Removing existing entries in:<br />
<pre><span class="content">HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoAAA##\CSAdmin\Administrators</span></pre><div style="text-align: justify;">Unfortunately, neither of those methods seemed to work on my version of ACS (4.2(1) Build 15 Patch 2), the keys were not in the Windows registry, so after more searching I got the fabulous news that:<br />
<br />
"<a href="https://supportforums.cisco.com/docs/DOC-3564" target="_new">On ACS 4.0 or later, reinstallation is the only way</a>" </div><div style="text-align: justify;"><br />
So, I'm supposed to reinstall? Come on, this makes no sense at all, specially considering that after reinstalling, the next logical step would be to load the last good backup, which will <b>use the same administrator password that you don't know</b>. Not only you are supposed to reinstall but you are also supposed to reconfigure the ACS again by hand?.<br />
<br />
Bad design, just bad.<br />
<br />
I guess I'm going to take extra extra extra care of my production ACS passwords now ;)</div><span class="content"></span>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-44939897103795425302010-09-24T11:59:00.002+02:002010-09-28T13:54:22.830+02:00Uber CCIE R&S bootcamp Tour de force: Narbik, Scott and EmanFrom <a href="http://routing-bits.com/" target="_new">Routing-Bits</a>:<br />
<br />
<div style="padding-left: 30px;">"<span style="color: black;">Today was a real busy day for me (Eman). I drove to visit with Narbik at one of his CCIE Boot Camps he was teaching in Herndon, VA. Since I was driving so far to see him I asked our mutual friend Scott Morris to join us for lunch. I am amazed at how the fifteen students in Narbik’s class responded to Scott dropping by to say hello. He is still held in awe by many neophyte CCIEs and some well established CCIEs around the world. Both Scott and Narbik have paid their dues as CCIE trainers and mentors. Both have made their mark on the CCIE community by giving freely of their time to motivate, mentor and improve the arena as a whole. For me sitting with the two of them was a treat because I have known them both for so long and only at the CCIE party this past Cisco Live have I had the pleasure of their company together.</span></div><div style="padding-left: 30px;"><br />
<h3 style="padding-left: 30px;"><span style="color: black;"><b>Where?</b></span></h3><div style="padding-left: 30px;"><span style="color: black;">Bangalore is our first stop for the dynamic duo. January 2011 Narbik and Scott will hold the first of these historic twelve day sessions. This will be followed by Sydney, Australia in April, Milton Keynes, UK in July and finally Wilmington, Delaware in October. These twelve day comprehensive classes will equip aspiring CCIEs for success.</span></div><h3 style="padding-left: 30px;"><span style="color: black;"><b>How Much?</b></span></h3><div style="padding-left: 30px;"><span style="color: black;">You pay only, $4,500 for both Narbik and Scott, for twelve days of learning unavailable from any other source, anywhere in the world. There may be other twelve day or longer classes offered but none have these two dynamos taking the lead. You might pay more and you might now find lower priced venues, but the CCIE Flyer has both Narbik and Scott.</span></div><h3 style="padding-left: 30px;"><span style="color: black;"><b>More!</b></span></h3><div style="padding-left: 30px;"><span style="color: black;">You want more? Well how about the chance to pay nothing for the second attempt at the lab if you fail the first attempt after taking this class? Yup, both are Cisco 360 Learning trainers. So you get the added insurance of knowing you are joined on your journey by Cisco Systems approved trainers. The two weeks of training will also have a few surprises after class activities and career networking opportunities.</span></div><div style="padding-left: 30px;"><br />
</div><div style="padding-left: 30px;"><span style="color: black;">COME JOIN EMAN, NARBIK AND SCOTT FOR TWELVE DAYS OF LIFE ALTERING CAREER ENHANCING TRAINING!"</span></div><div style="padding-left: 30px;"><br />
</div> For details email to <a href="mailto:eman@ccieflyer.com">eman@ccieflyer.com</a> <br />
<div style="padding-left: 30px;"><br />
</div><div style="padding-left: 30px;"><span style="color: black;"><a href="http://routing-bits.com/2010/09/22/narbik-scott-and-eman/#more-2508" target="_new">More info</a></span></div></div>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-81375485980620985042010-09-23T21:59:00.000+02:002010-09-23T21:59:24.377+02:00CCIE R&S::Review Sheets / Guides / NotesThere are some interesting review sheet / guides / notes out there:<br />
<br />
<a href="http://routing-bits.com/ccie-rs-short-notes-v4/" target=_new>CCIE R&S Short Notes</a> | <a href="http://ruhann.files.wordpress.com/2010/03/rssn-4-21-demo.pdf" target=_new>Demo Switching Chapter</a><br />
<a href="http://inetcon.org/study/CCIE_RS_Quick_Review_Kit.pdf" target=_new>CCIE Routing and Swithing Quick Review Kit</a><br />
<a href="http://packetlife.net/library/cheat-sheets/" target=_new>Packet Life Cheat Sheets </a>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-65683567672457230942010-09-22T18:01:00.001+02:002010-09-22T18:04:51.233+02:00CCIE FREE vLecture sessionsFrom IPexpert:<br />
<br />
"All our vLecture sessions are recorded and available for those who have missed our FREE vLecture and for participants who want to review the vLectures sessions again. We have saved the session recordings for you. Watch our world renowned CCIE instructors explaining specific technical topic in our technology-focused classes and capture the technical knowledge needed to increase your chances of passing CCIE exam."<br />
<br />
<a href="http://www.facebook.com/pages/IPexpert/24586557119?v=app_7146470109&ref=ts" target="_new">More</a>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-49644912864809547062010-09-21T16:06:00.002+02:002010-09-22T18:05:13.483+02:00FREE CCIE Lab training from IPexpertFrom <a href="http://www.ipexpert.com/" target="_new">IPexpert</a>:<br />
<br />
"IPexpert’s vLectures are pre-scheduled <b>(and free!) </b>online technology-focused lectures that last between 2 to up to 4 hours in length. Join one of our <a href="http://www.ipexpert.com/company/team" target="_blank">industry-recognized instructors</a>, in our online classroom, and listen to them discuss and configure various topics seen on the CCIE Lab exam. Our vLectures are <b>FREE</b> to existing clients and will also be recorded and available in our client’s Member’s Area so they can be watched at a later date"<br />
<br />
<a href="http://www.ipexpert.com/Cisco/CCIE/Routing-and-Switching/Free-Mentoring/vLecture" target="_new">Schedule R&S</a><br />
<a href="http://www.ipexpert.com/Cisco/CCIE/Security/Free-Mentoring/vLecture" target="_new">Schedule Security</a><br />
<a href="http://blog.ipexpert.com/2010/09/21/join-one-of-ipexpert%E2%80%99s-industry-recognized-instructors-for-free-online-ccie-training-this-week-9/" target="_new">More info</a>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-40929696469145401552010-09-21T12:39:00.006+02:002010-09-21T12:45:12.275+02:00WCCP<div style="font-family: Arial,Helvetica,sans-serif;">A summary on WCCP:</div><div style="font-family: Arial,Helvetica,sans-serif;"><br />
</div><div style="font-family: Arial,Helvetica,sans-serif;"></div><div style="font-family: Arial,Helvetica,sans-serif;"></div><div style="font-family: Arial,Helvetica,sans-serif;"><b>WCCPv1</b></div><ul style="font-family: Arial,Helvetica,sans-serif;"><li>Only a single router services a cluster of systems</li>
<li>Supports <a class="mw-redirect" href="http://en.wikipedia.org/wiki/HTTP" title="HTTP">HTTP</a> (<a href="http://en.wikipedia.org/wiki/Transmission_Control_Protocol" title="Transmission Control Protocol">TCP</a> port 80) traffic flows only</li>
<li>Provides generic routing encapsulation (<a href="http://en.wikipedia.org/wiki/Generic_Routing_Encapsulation" title="Generic Routing Encapsulation">GRE</a>) to prevent packet modification</li>
<li>Routers and cache engines communicate to each other via a control channel based on <a href="http://en.wikipedia.org/wiki/User_Datagram_Protocol" title="User Datagram Protocol">UDP</a> port 2048</li>
</ul><div style="font-family: Arial,Helvetica,sans-serif;"><b>WCCPv2</b></div><ul style="font-family: Arial,Helvetica,sans-serif;"><li>Allows for use across up to 32 routers (WCCP servers)</li>
<li>Supports up to 32 engines/accelerators (WCCP clients)</li>
<li>Supports any IP protocol including any TCP or UDP</li>
<li>Supports up to 256 service groups (0-255)</li>
<li>Adds <a href="http://en.wikipedia.org/wiki/MD5" title="MD5">MD5</a> shared secret security</li>
</ul><b><u>Configuration</u></b>:<br />
<br />
Enable WCCP:<br />
<div style="font-family: "Courier New",Courier,monospace;"><b>R1(config)#ip wccp web-cache</b></div><br />
Optional things for the global command<br />
<br />
Redirect-list: what traffic gets redirected to the web-cache (eg: send only requests from 192.168.0.1)<br />
Group-list: which cache server gets used<br />
Password: credentials for auth cache.<br />
<br />
If the web-cache is in the same interface that requests are coming in: <br />
<div style="font-family: "Courier New",Courier,monospace;"><b>R1(config-if)#ip route-cache same-interface </b></div><br />
Outside int where requests go (Internet facing connection):<br />
<div style="font-family: "Courier New",Courier,monospace;"><b>R1(config-if)#ip wccp web-cache redirect out</b></div><br />
Inside int where requests come in (LAN connection):<br />
<b><span style="font-family: "Courier New",Courier,monospace;">R1(config-if)#ip wccp web-cache redirect in</span></b><br />
<br />
<b><u>Verification</u></b>:<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;"><b>R1</b><b>#</b><b>show ip wccp web-cache detail</b></div><br />
<a href="http://en.wikipedia.org/wiki/Web_Cache_Communication_Protocol">Wikipedia WCCP</a><br />
<a href="http://cisco.biz/en/US/docs/switches/lan/catalyst3750/software/release/12.2_37_se/configuration/guide/swwccp.html#wp1031033">Cisco Docs</a>Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0tag:blogger.com,1999:blog-5130818399852134924.post-66198214548108003362010-09-20T09:53:00.004+02:002010-09-21T12:14:05.023+02:00TCAMINTERRUPTThe name of the blog comes from an odd error I got on a customer 4510R-E switch running 12.2(50)SG1, the log showed: <br />
<br />
<div style="font-family: "Courier New",Courier,monospace;"><span style="font-size: small;">%C4K_SWITCHINGENGINEMAN-4-TCAMINTERRUPT: flCam0 aPErr interrupt. errAddr: 0x2464 dPErr: 1 mPErr: 0 valid: 1</span></div><div style="font-family: "Courier New",Courier,monospace;"><br />
</div><div style="font-family: "Courier New",Courier,monospace;"><span style="font-size: small;">%C4K_SWITCHINGENGINEMAN-4-TCAMINTERRUPT: flCam0 aPErr interrupt. errAddr: 0x2464 dPErr: 1 mPErr: 0 valid: 1</span></div><div style="font-family: "Courier New",Courier,monospace;"><br />
</div><div style="font-family: "Courier New",Courier,monospace;"><span style="font-size: small;">%C4K_SWITCHINGENGINEMAN-4-TCAMINTERRUPT: flCam0 aPErr interrupt. errAddr: 0x2464 dPErr: 1 mPErr: 0 valid: 1</span></div><div style="font-family: "Courier New",Courier,monospace;"><br />
</div><div style="font-family: "Courier New",Courier,monospace;"><span style="font-size: small;">%C4K_SWITCHINGENGINEMAN-4-TCAMINTERRUPT: flCam0 aPErr interrupt. errAddr: 0x2976 dPErr: 1 mPErr: 0 valid: 1</span></div><br />
The device was not affected, even though according to the <a href="http://www.c-i-s-c-o.org/en/US/docs/switches/lan/catalyst4500/12.2/50sg/system/messages/error.pdf">docs</a>, this is supposed to mean "A parity error in a TCAM entry was detected. Contents of the log register are printed out Software will automatically perform error recovery on the defective TCAM entry"<br />
<br />
It the end it was the result of the following IOS bug:<br />
<br />
<a href="http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsv17545">CSCsv17545</a> <span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">%C4K_SWITCHINGENGINEMAN-4-TCAMINTERRUPT: flCam0 aPErr interrupt</span></span><br />
Externally found severe (Sev2) bug: R-Resolved<br />
<br />
<u>Symptoms</u><br />
Under normal operation we see the following messages appearing frequently in the logs:<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;"><span style="font-size: small;">%C4K_SWITCHINGENGINEMAN-4-TCAMINTERRUPT: flCam0 aPErr interrupt. errAddr: 0x2947 dPErr: 1 mPErr: 0 valid: 1</span></div><div style="font-family: "Courier New",Courier,monospace;"><br />
</div><div style="font-family: "Courier New",Courier,monospace;"><span style="font-size: small;">%C4K_SWITCHINGENGINEMAN-4-TCAMINTERRUPT: flCam0 aPErr interrupt. errAddr: 0x2B59 dPErr: 1 mPErr: 0 valid: 1</span></div><br />
<u>Conditions</u><br />
The issue appears to happen under normal operation, so far this has been observed after around two weeks of uptime, but needs to be confirmed.<br />
<br />
<u>Workaround</u><br />
None At Present.<br />
<br />
<u>Solution</u><br />
Upgrade software to IOS version 12.2(52)SG or later OR 12.2(50)SG4 or later.Jose Leitaohttp://www.blogger.com/profile/14847237220788754117noreply@blogger.com0