Currently browsing category

Networking

PKI 102 – Digital Certificates

1. Digital Certificates One of the most important things when it comes to crytpography is authentication which is the process of verifying that an entity really is who it claims to be. In modern cryptography this is usually done through a digital certificate. A digital certificate binds an entity’s identity …

SSH Client 101

1. On the client host 1.1 Connect to a (remote) host To connect to a SSH server use

If no identity file is specified, the client will try to look for one in

. That is for RSA keys. For other key types there are corresponding default locations:

. …

PKI 101 – Key pairs

Public Key Infrastructure, aka PKI, is a set of roles, procedures and policies used to manage digital certificates and public key encryption. The end goal is to provide a secure method of exchaning information between parties. 1. Public Key Cryptography 1.1 Symmetric Encryption With symmetric encryption, the same key is …

NetFlow 102 – FNF – Flexible NetFlow

Netflow configuration is different by platform and IOS version. Initially, Cisco IOS supported what is now known as “Traditional/Original Netflow(TNF)”, but newer versions of the IOS support “Flexible Netflow (FNF). Support for Traditional Netflow configuration is being dropped from neweer IOS versions, so if available, use Flexible Netflow configuration on …

DMVPN

1. DMVPN DMVPN – Dynamic Multipoint VPN is a technology that uses IPSec, mGRE and NHRP to provide a dynamic VPN infrastructure. DMVPN evolved in several phases as follows: DMVPN phase 1: Hub and Spoke – spokes only communicate via Hub DMVPN phase 2: Hub and spoke with spoke to …

How CEF works

1. Process Switching 1.1 How it works Network interface detects a new packet on the wire. The interface will receive the packet and will place it in the I/O memory. It will then send a “receive interrupt” to the processor to indicate that a new packet needs to be switched. …

MPLS L3 VPN

This article assumes the “provider” network already has an IGP in place and that the LDP is configured to advertise label bindings between LSRs. Check MPLS 101 on how to do that. 1. Verify LDP is working within provider network One common mistake when configuring L3 MPLS VPN appears when …

IS-IS Mechanics – CLNP

1. ISO OSI Terminology ISO OSI term TCP/IP Equivalent End System Host Intermediate System Router Circuit Interface Area Area Domain Autonomous System IS-IS = Intermediate System to Intermediate System CLNP = Connection-Less Network Protocol = Layer 3 network protocol that is used to communicate between ESes. CLNP offers a CLNS …

IS-IS 101

1. Starting the routing process Starting IS-IS process requires a 2 step configuration: 1. In the global config R(config)# router isis [AREA-TAG] !AREA-TAGs are used to run multiple IS-IS processes. Default: NULL R(config-router)# net NETWORK-ENTITY-TITLE !NETWORK-ENTITY-TITLE is in NSAP format. E.g 49.0001.0010.0100.1001.00 2. On the interfaces that will be enabled …

Cisco Enterprise Architecture

1. Hierarchical Model Cisco Enterprise Architecture is based on a hierarchical model that consists of: Access Layer: provides connectivity without compromising network integrity Distribution Layer controls access to resources that are available in the core efficient Bandwidth usage implementation of QoS policies (policy-based traffic control) Core Layer (aka Backbone) optimize communication …