Link Layer Discovery Protocol (LLDP)

LLDP is a layer two discovery protocol, similar to Cisco’s CDP. The big difference between the two is that LLDP is a standard while CDP is a Cisco proprietary protocol.

Cisco devices support the IEEE 802.1ab version of LLDP. This allows non-Cisco devices to advertise information about themselves to our network devices.

Continue reading

Cisco IOS Time Based Access-List

Sometimes it might be useful to block certain traffic on specific days or during business hours. For example, maybe you want to block all facebook traffic from monday to friday between 9:00 – 17:00.

We can achieve this by using time ranges in our access-lists. When you use these, the statement in the access-list will only be active during the time range that you specified. Let’s take a look at an example!

Continue reading

Infrastructure Access-List

As we discussed about the router security policy in the previous blog, routers are often used at the edge of our network where they are vulnerable to attacks. Because of this, you should have an access-list that blocks some of the most common attacks while you only permit traffic that is really required.

What your access-list will look like really depends on the the role of your router. Do you use it for NAT/PAT with some users behind it for Internet access or is it a transit router on the Internet? Do you use any VPNs or BGP? What kind of traffic flows through your router? These are all questions that you need to answer before you create an infrastructure access-list.

Continue reading

Unicast Reverse Path Forwarding (uRPF)

Normally when your router receives unicast IP packets it only cares about one thing:

  • What is the destination IP address of this IP packet so I can forward it?

If the IP packet has to be routed it willl check the routing table for the destination IP address, select the correct interface and it will be forwarded. Your router really doesn’t care about source IP addresses as it’s not important for forwarding decisions.

Continue reading

How to install TACACS+ on Linux CentOS

TACACS+ (Terminal Access Controller Access-Control System Plus) is commonly used to authenticate network devices like routers and switches using a central server. Instead of using the local database on a router or switch, we can use the credentials that are stored on the TACACS+ server. Whenever you try to log onto a network device, the credentials that you supply will be forwarded to the TACACS+ server. Besides authentication, TACACS+ also allows us to configure authorization and accounting. Authorization lets us define what commands a user is able to use on the router or switch, and accounting lets us log whatever commands the user is typing.

Continue reading

Cisco Network Time Protocol (NTP)

NTP (Network Time Protocol) is used to allow network devices to synchronize their clocks with a central source clock. For network devices like routers, switches or firewalls this is very important because we want to make sure that logging information and timestamps have the accurate time and date. If you ever have network issues or get hacked, you want to make sure you know exactly what and when it happened.

Continue reading

Introduction to Cisco NetFlow

Network management protocols like SNMP allow us to monitor our network. We can check things like cpu load, memory usage, interface status and even the load of an interface. Other tools like NBAR allow us to see what kind of protocols are used.

Continue reading