avoid anything that can't run IOS15 3 routers & 3 L3 switches 3560s and 2811s just to give you an idea.
https://www.reddit.com/r/ccna/comments/7xespa/recommended_hardware_for_obtaining_ccent_then_ccna/
Check out CCNA Netsim (https://routersimulator.certexams.com/network-simulator-designer.html), free trial version.
And CCNA Exam Sim (https://www.certexams.com/cisco/ccna/netsim-exam-details.htm)
Check this out:
https://networklessons.com/cisco/ccna-routing-switching-icnd1-100-105/recommended-lab-equipment-for-cisco-ccna
Flash Memory and RAM
Routers come with flash memory and RAM. The flash memory is used to store the operating system (Cisco IOS). The RAM is required to run Cisco IOS and its processes. The latest IOS images require that you have:
At least 64MB flash and 192MB of RAM for the 1800 series.
At least 128MB flash and 512MB of RAM for the 2800 series.
Make sure you check this before you buy your router. It's possible to upgrade this later but it's easier to buy a router that already has enough RAM and flash memory.
There's a difference between straight through and crossover cables. Modern switches and network cards support auto-sensing so it really doesn't matter what kind of cable you use. If you are going to connect your 2950 or 3550 switches to each other make sure you buy crossover cables since they don't support auto-sensing!
Autosensing means that the interface will figure out automatically if you connected a straight or crossover UTP cable.
There are some WAN (Wide Area Network) protocols that you will have to practice, these require serial interfaces and serial cables. It depends on your router model which interfaces and cables you will need. The picture below is a DB60 serial cable that can be used with the WIC 1-T serial interface:
You can connect Cisco router T1 CSU/DSU to Juniper firewall using serial link, check out
https://kb.juniper.net/InfoCenter/index?page=content&id=KB10530&cat=SECURITY&actp=LIST
Connecting 2 CSU/DSUs
https://community.cisco.com/t5/switching/cisco-2801-maximum-hwics/td-p/3070702
https://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/ic/hardware/installation/guide/oview_ic.html good
Modules supported by 1841 and others
Cisco Networking academy labs,
https:// courses.cs.ut.ee/MTAT.08.033/2015_fall/uploads/Main/6_3.pdf
IP Base Vs. IP Services image:
The IP base is for the Standard Multilayer Software Image (SMI) switches, and the IP services image is for the Enhanced Standard Multilayer Software Image (EMI) switches in Cisco IOS Software Release 12.2(25)SEB and later.
For the Catalyst 3750 and 3560 switches, Cisco IOS Software Release 12.2(25)SEA and earlier referred to the image that provides Layer 2+ (L2) features and basic Layer 3 routing as the Standard Multilayer Image (SMI). The image that provides full Layer 3 routing and advanced services was referred to as the EMI.
The inter VLAN routing feature is supported on both IP base or SMI and IP services or EMI image Layer 3 switches. For Layer 2-only switches, you require a Layer 3 routing device with any of the previous images.
The IP Base feature set includes advanced quality of service (QoS), rate limiting, access control lists (ACLs), and basic static and Routing Information Protocol (RIP) functions. Dynamic IP routing protocols (Open Shortest Path First (OSPF), BGPv4, Enhanced Interior Gateway Routing Protocol (EIGRP)) are available only on the IP services image.
The IP Services image provides a richer set of enterprise-class features, which includes advanced hardware-based IP unicast and IP Multicast routing. Support for IPv6 Layer 3 switching in hardware is also available with the addition of the Advanced IP Services license to either the IP Base or the IP Services images. Both the IP base Image and the IP services image allow for Layer 3 and Layer 4 lookups for QoS and security.
Hope to Help !!
Find changes to Cisco iOS revisions below:
https://www.networkworld.com/article/2232129/cisco-subnet-new-ipv6-features-in-cisco-ios-15-0.html
Note that Cisco jumped from major revision 12 to 15. There are no 13 or 14 revisions.
12.4(2)T
IPv6 ACL Extensions for Mobile IPv6
IPv6 BSR-Ability to Configure RP Mapping
IPv6 Default Router Preference
IPv6 Source Specific Multicast (SSM) Mapping
12.4(4)T
IPv6 IPsec Router-to-Router Tunnels
SYSLOG over IPv6
12.4(6)T
IPv6 IPSec on VAM2+
Configuring EIGRP for IPv6
GLBP Support for IPv6
IPv6 Switching Provider Edge Router over MPLS (6PE)
HSRP Support for IPv6
12.4(9)T
OSPF IPv6 (OSPFv3) IPSec ESP Encryption and Authentication
12.4(11)T
Mobile IPv6 Authentication Option Support
Mobile IPv6 Network Access Identifier (NAI) Support
12.4(15)T
DHCPv6 Stateless Enhancements
12.4(20)T
Flexible NetFlow - IPv6 Unicast Flows - Removal of IPv6 NetFlow
IPv6-CNS Agents
IPv6-Config Logger
IPv6-HTTP(S)
IPv6-IP SLAs (UDP Jitter, UDP Echo, ICMP Echo, TCP Connect)
IPv6-Netconf
IPv6-SOAP
IPv6-TCL
IPv6 ACL Extensions for IPsec Authentication Header
IPv6 over DMVPN
IPv6 VPN over MPLS (6VPE)
MPLS VPN-VRF CLI for IPv4 & IPv6 VPNs
Mobile IP-Mobile IPv6 HA Phase 2 - NEMO
12.4(22)T
IPv6 Boot Strap Router (BSR)
IPv6 Source Specific Multicast (SSM) Mapping
IPv6 ACL Extensions for Mobile IPv6
IPv6 Default Router Preference
12.4(24)T
Secure Neighbor Discovery (SeND)
DHCPv6 Individual Address Assignment
Hopefully Cisco will continue its development of IPv6 and we can expect even more features in coming releases of IOS 15.
Scott
Check this out for Cisco Network Academy discovery lessons.
http://web.nmsu.edu/~jbeasley/Cisco_Discovery_4-1/
Check this our for RJ48 Straight and Crossover cable pin out and connections
http://netmagie.blogspot.com/2016/07/e1t1-rj45-rj48-back-to-back-with-2mft.html
Check this out for basic switch configuration 29160
https://www.computernetworkingnotes.com/ccna-study-guide/basic-switch-configuration-guide-with-examples.html
Check this document for 3750 password recovery
https://www.cisco.com/c/en/us/support/docs/switches/catalyst-2950-series-switches/12040-pswdrec-2900xl.html
By holding break key etc. it won't go into rommon.
Youneed to hold down the Mode button in the front panel to get into rommon.
https://community.cisco.com/t5/switching/how-do-you-break-the-boot-sequence-for-a-ws-c3750v2/td-p/1576728
Checkout the following for wordpress based booking calander:
Free and seems to be good:
https://wordpress.org/plugins/booking/
https://wordpress.org/plugins/booking/
Check several of the booking or scheduling softwares for wordpress:
https://www.sourcewp.com/best-appointment-booking-plugins-for-wordpress/
The Cisco 1841 router has two interface card slots. Each slot can accommodate a Cisco WIC, VWIC (data only mode), or a single-wide high-speed WIC (HWIC).
Note Cisco double-wide HWICs are not supported in the Cisco 1841 router.
https://community.cisco.com/t5/routing/1841-interface-modules/td-p/1084961
Minimum Cisco IOS Software Requirements for Cisco Gigabit Ethernet EHWIC
Cisco 1941W ISR Release 15.1(4)M
Cisco 1941 ISR Release 15.1(4)M
Cisco 1921 ISR Release 15.1(4)M
https://community.cisco.com/t5/switching/ehwic-card-compatibility/td-p/2220815
Fast Ethernet HWICs Requires Cisco IOS Release 12.4(24)T or later. Supported on 1841, 2801,2811,2821, 2851, 3825,3845
1 * Cisco 2911 ISR router with VOICE and SEC license
2 * HWIC-2T
1 * HWIC-1T
1 * PVDM-3-16
2 * Cisco 2911 ISR routers with SEC and DATA licenses
2 * HWIC-2T
2 * Cisco 3750-POE switches with layer 3 capabilities
1 * Cisco 2960-24 switch
1 * Microsoft Windows Server
Security Labs Hardware:
1 * Cisco ASA5512X firewall
1 * Cisco 2911 ISR router with SEC license
1 * Cisco 2960-24 switch
3 * Microsoft Windows Server 2008 server
https://www.certiport.com/portal/common/documentlibrary/Practice-Labs-for-Cisco.pdf
Check this out for default network config:
https://networklessons.com/cisco/ccna-routing-switching-icnd1-100-105/recommended-lab-equipment-for-cisco-ccna
Check this link for Juniper manuals for SRX, and others:
https://www.juniper.net/documentation/product/en_US/srx100
Check out the port compatiblity matrix 3750 here:
https://community.fs.com/blog/connection-guide-for-cisco-catalyst-3750-series-switches.html
Re: 3750G-TS-S vs 3750G-TS-E
3750G-TS-S is a switch with standard image which supports basic Layer3 features like RIP 1/2 and static routing only.
3750G-TS-E is a switch with enhanced image which supports ehanced layer 3 routing features like EIGRP,OSPF, BGP, IS-IS, Policy based routing.
Please see the differnce below:
http://www.cisco.com/en/US/products/hw/switches/ps5023/products_qanda_item09186a00801b0971.shtml
What is the difference between 3750g and 3750
As per your question,G means all ports are Gigabitport.
e: Cisco 3750-X vs Cisco 3750G
Differences between 3750G and 3750X:
The 3750G uses stackwise and 3750X uses stackwise+. With Stackwise, EVERY packet has to go across the stack ring even if the destination port is on the local switch. With Stackwise+, the switches can do local switching.
Also, if you mix STackwise and Stackwise+ capable switches in the same stack, the Stackwise+ switches will still be able to switch locally and the Stackwise switches must continue to operate the same way.
Here's a link:
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5023/prod_white_paper09186a00801b096a.html
Cisco 3750 vs 3560
What is the difference between the Cisco 3750 and 3560? What about the 3750E vs 3750X? These question comes from clients time and time again. Here are the answers you need.
The main difference is that the 3750 supports Cisco StackWise, i.e. creating one large virtual switch out of multiple chassis. The 3560 has a "cluster" feature which while it sounds close, just means that you can control multiple switches from a single one.
https://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/ic/hardware/installation/guide/oview_ic.html
Compared all interface cards
Check this out: USD 5 per cable 2626X
https://www.aliexpress.com/item/32221983252.html
How IoT devices are connected to the Internet, check this out:
http://cactus.io/tutorials/web/connect-iot-device-to-the-internet
Check this out here
https://www.tp-link.com/us/support/faq/72/
To see if port is blocked:
https://www.portchecktool.com/
"Timed out" means that the ISP is blocking the port.
Default route, default network, default gateway:
https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/16448-default.html
Service password-encryption command
https://geek-university.com/ccna/service-password-encryption-command/
DHCP configuration step by step with examples:
https://www.networkstraining.com/cisco-dhcp-configuration/
Local username and pw configuration:
https://www.networkstraining.com/configuring-local-username-and-password-on-a-cisco-ios-router/
***Implementing network security:
https://learningnetwork.cisco.com/docs/DOC-15878
Using privilege command, etc.
Role based CLI
Cisco IOS Security Configuration Guide: Securing User Services, Release 12.4
https://www.cisco.com/c/en/us/td/docs/ios/sec_user_services/configuration/guide/12_4/sec_securing_user_services_12-4_book/sec_cfg_sec_4cli.html#wp1054587%0A
HTTP Services Configuration Guide, Cisco IOS Release 12.2SY
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/https/configuration/12-2sy/https-12-2sy-book/nm-http-web.html
Checkout the ecommerce stats,
https://kinsta.com/blog/ecommerce-statistics/
https://www.oncehub.com/scheduleonce/feature/booking-with-approval
hubspot.com/
Compare several scheduling softwares:
*** https://www.capterra.com/appointment-scheduling-software/?utf8=%E2%9C%93&feature%5B2%5D=38716&feature%5B6%5D=28794&feature%5B8%5D=38717&platform%5B1%5D=8&commit=Apply+Filters&sort_options=
https://www.acuityscheduling.com/
https://www.bookafy.com/#pricing
FREE:
https://easyappointments.org/
Check this out:
http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/867-cisco-router-site-to-site-ipsec-vpn.html
check this out:
https://serverfault.com/questions/273600/ping-from-specific-network-adapter-on-windows
syntax:
From Windows 7 (Version 6.1 Build 7601: Service Pack 1) ping /?
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] [-R] [-S srcaddr] [-4] [-6] target_name
Options:
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet (IPv4-only).
-i TTL Time To Live.
-v TOS Type Of Service (IPv4-only. This setting has been deprecated
and has no effect on the type of service field in the IP Header).
-r count Record route for count hops (IPv4-only).
-s count Timestamp for count hops (IPv4-only).
-j host-list Loose source route along host-list (IPv4-only).
-k host-list Strict source route along host-list (IPv4-only).
-w timeout Timeout in milliseconds to wait for each reply.
-R Use routing header to test reverse route also (IPv6-only).
-S srcaddr Source address to use.
-4 Force using IPv4.
-6 Force using IPv6.
Example:
dos> ping 192.168.100.1 -S 192.168.200.1
use CAPITAL S to specify source address from which ping will originate. in the above example, two network cards are placed in the windows computer. normal ping originates from 127.0.0.1 (local host IP). In the example the ping originate from 192.168.200.1
Check out wandell odoms blog here:
https://blog.certskills.com/labgear03/
Cisco iOS versions explained:
http://www.ciscopress.com/articles/article.asp?p=2106547
Cisco lab set up for CCNA and others,
https://learningnetwork.cisco.com/thread/123075?start=45&tstart=0
Configuring the Connection Timer on a AAA Server
sesssion timer configuration
The following example limits session time in a service policy map to 4800 seconds (80 minutes):
class-map type traffic match-any traffic-class
match access-group input 101
match access-group output 102
policy-map type service video-service
class traffic-class
police input 20000 30000 60000
police output 21000 31500 63000
timeout absolute 4800
class type traffic default
drop
Check: https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/12_2sba/feature/guide/isa_cg/issesmnt.html#wp1056089
https://www.cisco.com/c/en/us/td/docs/ios/termserv/command/reference/tsv_book/tsv_a1.html
Check out regular expressions here:
https://medium.com/tech-tajawal/regular-expressions-the-last-guide-6800283ac034
Table of Contents
Basic Matchers
Meta character
Full stop
Character set
Negated character set
Repetitions
The Star
The Plus
The Question Mark
Braces
Character Group
Alternation
Escaping special character
Anchors
Caret
Dollar
Shorthand Character Sets
Lookaround
Positive Lookahead
Negative Lookahead
Positive Lookbehind
Flags
Case Insensitive
Global search
Multiline
Greedy vs lazy matching
Its always unavailable, giving the link below:
http://www.sharontools.com/
Don't waster time if you find lab equipment unavailable.
Check below all revision history of Cisco ios software:
https://www.cisco.com/web/software/SPRIT/swretirement/IOSRetirementTable.html
Its difficult to find the memory types used by various cisco routers and switches. Memory cards often fail in cisco routers. check this out:
http://www.dslreports.com/faq/13438
Router
From my experiences, the following router model share the similar memory chip specification. Therefore, most of the time memory chip from one model is interchangeable with another.
1. DRAM
* 800 series prior to 850/870 series; SOHO 90 series; 1700 series; 2600XM series; 2650 & 2651 - 100 Pin DIMM, SDRAM, 125MHz/133MHz, Unbuffered, Non-parity, 8ns, 3.3V, 16Meg x 32
* 800 series: 870 series - (provided by bigsy ) 168 pin DIMM low-profile CL3 non-ECC PC 133, i.e. Kingston KVR133X64C3L/128 works (full specification is clickable here), modules that are not low profile will not fit in the case correctly
* 800 ISR series: 880 series - (provided by jmbronk , RuggeR ) 512MB PC2 4200 SODIMM, i.e. Samsung PC2-4200S-444-12-A and Samsung 512MB PC2-4200S-444-12-A3 work
* 2600 series (excluding XM models and the 2650, 2651, and 2691) - 100 Pin DIMM, EDO, 60ns
* All 1800 routers EXCEPT 1841 - 200 Pin SODIMM, SDRAM, 266MHz DDR, Non-ECC CL2.5 e.g. Kingston KVR266X64SC25/256
* 1841 - 144 Pin SODIMM, SDRAM, 133MHz, Non-ECC CL3 e.g. Kingston KVR133X64SC3/256
* 2811/21/51 - (provided by kamikatze from this post) ECC DDR266/333/400 DDR. Kingston do a 512MB upgrade - KCS-D2800/512
* 3825/45 - (provided by kamikatze ) DDR333 or higher with ECC and at least CL2.5 (@333MHz). Kingston do 256MB & 512MB upgrades - KCS-D3825/256 & KCS-D3825/512
Note from cramer
Cisco 3845: ECC, DDR333 (PC2700) ONLY
System only supports 166Mhz DDRs /PC3200 DIMMs
DRAM: Non ECC memory not supported !!
DRAM: DIMM0, invalid Module Data Width of 64
(non-ECC DIMMs)
DRAM: DIMM 0 width not supported - 4
DRAM: DIMM1 width not supported - 4
(1G DIMMs)
* 2900 - (provided by Brainbug and kamikatze from this post)
HP 2GB PC2-5300 CL5 DDR2-667 ECC UDIMM RAM Module - Part Number PC2-5300E-555-12-G0
Kingston ValueRAM
KVR667D2E5/2G
2GB 256M x 72-Bit DDR2-667
CL5 ECC 240-Pin DIMM
2. Flash
* 800, 820
* 2500; 2600 (2610, 2611, 2612, 2613, 2620, 2621, 2650, 2651); 3600; 4000 (4000/4000M, 4500/4500M, 4700/4700M)
* All 2600XM models
3. Compact Flash and USB Flash
Newer routers, (modular) switches, and firewalls that use Compact Flash instead of legacy Flash memory chips are able to share at least 16 MB size. With newer ROMMON version (upgradable), 32 MB size or larger are also interchangeable.
This category includes 1800, 2800, 3700, 3800, 2900, 3900, and ASR series (routers); Catalyst 4500, 6500 series (switches); ASA 1st Generations and X models (2nd Generations)
Further Info
For more info, check out the following Cisco link.
Cisco 1700 series
Cisco 2600 and 2600XM series
ASA 5500
ASA5505 DRAM: (provided by bigsy ) 184 pin PC3200 DIMM CL3 UB Non-ECC i.e. Kingston KVR400X64C3A/512 works (full specification is clickable here), MAX 512MB
ASA5505 Flash: CompactFlash (512MB SanDisk works)
https://www.ebay.com/itm/Hynix-8GB-2X-4GB-PC3-10600-DDR3-1333MHz-204pin-SODIMM-Laptop-RAM-Memory-Notebook-/112960899184?hash=item1a4cfe8870
Checkout free driver download:
https://www.usb-drivers.org/realtek-usb-2-0-fast-ethernet.html
Check out the slot booking software which is open source here:
https://sourceforge.net/projects/phpscheduleit/
Scheduling software, advanced.
Check this out for boot rom upgrade (boot image)
https://www.cisco.com/c/en/us/support/docs/routers/1600-series-routers/6301-rommon-boot-image.html
Upgrading the Cisco IOS Software
https://www.cisco.com/c/en/us/td/docs/routers/access/1900/software/configuration/guide/Software_Configuration/upgrade.html
Check this out for some cisco ios image files:
https://www.careercert.info/new-cisco-ios-version-124-collection/comment-page-1/
SFP+ cables are widely used to connect optical ports on cisco modules. Compatibility matrix for the same given below:
https://www.cisco.com/c/en/us/products/collateral/interfaces-modules/transceiver-modules/data_sheet_c78-455693.html
https://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733510.html
Check out CCNA Security lab kit here:
https://www.certificationtrainingsolutions.com/product/ccna-security-standard-lab-kit/?gclid=EAIaIQobChMIjL_t85uC5gIVx5-zCh2O2AmxEAYYASABEgLPWPD_BwE
https://www.oreilly.com/library/view/cisco-ios-cookbook/0596527225/ch01s04.html
https://miloserdov.org/?p=55
https://bz.apache.org/bugzilla/show_bug.cgi?id=54520
httpd.exe -k install -n "Apache HTTP Server"
To start apache type
httpd.exe (works fine)
To stop restart etc type
C:\Apache24\bin>httpd.exe -k restart
httpd.exe -k stop
httpd.exe -k restart
Press Windows+R to open the "Run" box. Type "cmd" into the box and then press Ctrl+Shift+Enter to run the command as an administrator. And with that, you have three very easy ways to run commands in the Command Prompt window as administrator.Jul 3, 2017
https://httpd.apache.org/docs/2.4/platform/windows.html
cHECK THIS OUT:
https://www.liquidweb.com/kb/how-to-install-apache-on-a-windows-server/
Configure Windows' Firewall
To allow connections from the Internet to your new web server, you will need to configure a Windows Firewall rule to do so. Follow these steps:
Click the "Windows Start" button, and enter "firewall." Click the "Windows Firewall With Advanced Security" item.
Click "New Rule" on the right-hand sidebar.
HOw to check MySQL is installed :
C:\mysql-8.0\bin>mysqlshow -h localhost -u root
+--------------------+
| Databases |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
C:\mysql-8.0\bin>
By default MySQL user name root and no password (at least in our case it is so)
C:\PHP>php -v
PHP 7.4.1 (cli) (built: Dec 17 2019 19:24:02) ( ZTS Visual C++ 2017 x64 )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
C:\PHP>
https://opensourceforu.com/2016/12/setting-apache-php-windows/
Installing php on Windows 10 computer along with Apache 2 and mysla (php 7.4.1)
https://www.sitepoint.com/how-to-install-php-on-windows/
The PHPMyAdmin may give error when installed. Give the following commands to fix it:
mysql> alter user root@localhost identified with mysql_native_password by '';
Query OK, 0 rows affected (0.11 sec)
mysql>
Error:
windows mysqli::real_connect(): The server requested authentication method unknown to the client [caching_sha2_password]
Check out this example for PPPOE configuration using SRX100:
https://www.fir3net.com/Firewalls/Juniper/srx-pppoe.html
Also see this:
http://networkingbodges.blogspot.com/2015/04/quick-build-pppoe-client-on-junos.html
explained well.
Also see:
https://forums.whirlpool.net.au/archive/1349641
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-interface-config-pppoe.html
CONFIGURATION
Below shows the required configuration for PPPoE.
set interfaces fe-0/0/7 unit 0 encapsulation ppp-over-ether
set interfaces pp0 unit 0 ppp-options chap default-chap-secret <PASSWORD>
set interfaces pp0 unit 0 ppp-options chap local-name <USERNAME>
set interfaces pp0 unit 0 ppp-options chap passive
set interfaces pp0 unit 0 pppoe-options underlying-interface fe-0/0/7.0
set interfaces pp0 unit 0 pppoe-options idle-timeout 0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 3
set interfaces pp0 unit 0 pppoe-options client
set interfaces pp0 unit 0 family inet mtu 1492
set interfaces pp0 unit 0 family inet negotiate-address
set routing-options static route 0.0.0.0/0 next-hop pp0.0
set security zones security-zone untrust interfaces pp0.0
TROUBLESHOOTING
STATISTICS
The following commands are used to display ppp and pppoe statistics.
root@srx100> show ppp statistics
Session statistics from PPP process
Total sessions: 1
Sessions in disabled phase : 0
Sessions in establish phase : 0
Sessions in authenticate phase: 0
Sessions in network phase : 1
Bundles in pending phase : 0
root@srx100> show pppoe statistics
Active PPPoE sessions: 1
PacketType Sent Received
PADI 2 0
PADO 0 2
PADR 2 0
PADS 0 2
PADT 0 0
Service name error 0 0
AC system error 0 0
Generic error 0 0
Malformed packets 0 0
Unknown packets 0 0
Timeout
PADI 0
PADO 0
PADR 0
INTERFACE INFORMATION
The following command is used to display use information for the pp0 interface.
root@srx100# run show interfaces pp0
Physical interface: pp0, Enabled, Physical link is Up
Interface index: 128, SNMP ifIndex: 502
Type: PPPoE, Link-level type: PPPoE, MTU: 1532
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps
Link type : Full-Duplex
Link flags : None
Input packets : 0
Output packets: 0
Logical interface pp0.0 (Index 78) (SNMP ifIndex 532)
Flags: Point-To-Point SNMP-Traps 0x0 Encapsulation: PPPoE
PPPoE:
State: SessionUp, Session ID: 6,
Session AC name: Vigor2000 PPPoE, Remote MAC address: xx:xx:xx:xx:xx:xx,
Configured AC name: None, Service name: None,
Auto-reconnect timeout: 30 seconds, Idle timeout: Never,
Underlying interface: fe-0/0/7.0 (Index 77)
Input packets : 1341
Output packets: 1153
Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3
Keepalive: Input: 5 (00:00:19 ago), Output: 26 (00:00:06 ago)
LCP state: Opened
NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: Not-configured
CHAP state: Success
PAP state: Closed
Security: Zone: untrust
Allowed host-inbound traffic : dns https ike ping ssh traceroute
Protocol inet, MTU: 1492
Flags: Sendbcast-pkt-to-re, User-MTU, Negotiate-Address
Addresses, Flags: Kernel Is-Preferred Is-Primary
Destination: x.x.x.x, Local: x.x.x.x
Checkthis out for basic switch configuration:
http://www.ciscopress.com/articles/article.asp?p=2181836&seqNum=4
****
https://www.practicalnetworking.net/stand-alone/cisco-asa-nat/
Part 1 – NAT Syntax
There are two sets of syntax available for configuring address translation on a Cisco ASA. These two methods are referred to as Auto NAT and Manual NAT. The syntax for both makes use of a construct known as an object. The configuration of objects involve the keywords real and mapped. In Part 1 of this article we will discuss all five of these terms.
Objects
An object is a construct which represents any single item in your network environment. Two types of objects can be configured:
a network object — represents one IP address, or one IP Subnet, or one IP address range
a service object — represents one set of a Protocol, Source Port, and/or Destination port
The idea is to configure and define an object, then reference that one item in your configuration by the object's name.
Network Objects
To configure a network object, first use the following syntax to create the object:
object network <Object Name>
Then define the content of the object as either a single IP Address, or a single IP Subnet, or a single IP Address range using either of the commands below:
host <IP Address>
subnet <Network ID> <Subnet Mask>
range <Start IP Address> <End IP Address>
Below are examples of each of the three types of network objects:
To create a network object which represents your web server's IP address, you would use the following syntax:
object network WEB-SERVER
host 172.16.30.15
To create a network object which represents your Inside network, you would use the following syntax:
object network INSIDE-NETWORK
subnet 172.16.30.0 255.255.255.0
Lastly, to create a network object which represents a particular IP address range, you would use the following syntax. This will define a range that includes all five IP addresses in the inclusive range of 72.6.6.10 through 72.6.6.14.
object network PUBLIC-IPs
range 72.6.6.10 72.6.6.14
Service Objects
To configure a service object, first use the following syntax to create the object:
object service <Object Name>
The content of the service object must include at least a protocol, and can also include a source port, destination port, or both. Here are examples of all four possibilities:
object service PROTOCOL
service esp
object service PROT-DST
service tcp destination eq 80
object service PROT-SRC
service tcp source gt 1023
object service PROT-SRC-DST
service udp source eq 53 destination eq 53
The specific port number the object represents can be identified using certain operators – the example above uses eq and gt. Five different operators exists:
eq <Port#> Port must be equal to <Port#>
gt <Port#> Port must be greater than <Port#> (equal to <Port#> will not match)
lt <Port#> Port must be lesser than <Port#> (equal to <Port#> will not match)
neq <Port#> Port must be not equal to <Port#>
range <Start#> <End#> Port must be in the inclusive range of <Start#> to <End#>
Viewing Objects
Two commands are available to view objects:
The show run object command lists the objects essentially as they were configured above:
asa98# show run object
object service PROTOCOL
service esp
object service PROT-DST
service tcp destination eq www
object service PROT-SRC
service tcp source gt 1023
object service PROT-SRC-DST
service udp source eq domain destination eq domain
object network WEB-SERVER
host 172.16.30.15
object network INSIDE-NETWORK
subnet 172.16.30.0 255.255.255.0
object network PUBLIC-IPs
range 72.6.6.10 72.6.6.14
And the show run object in-line command displays the same as above, except every object definition will be on the same line as the object name:
asa98# show run object in-line
object service PROTOCOL service esp
object service PROT-DST service tcp destination eq www
object service PROT-SRC service tcp source gt 1023
object service PROT-SRC-DST service udp source eq domain destination eq domain
object network WEB-SERVER host 172.16.30.15
object network INSIDE-NETWORK subnet 172.16.30.0 255.255.255.0
object network PUBLIC-IPs range 72.6.6.10 72.6.6.14
Using the in-line variant makes it much easier to "pipe include" and search for a specific object name and/or definition:
asa98# show run object in-line | include WEB
object network WEB-SERVER host 172.16.30.15
If you had done the "pipe include" without the in-line option you just would have received the full name of the object, but not the object's definition.
https://www.networkstraining.com/configuring-aaa-authentication-on-cisco-asa-firewall/
https://community.cisco.com/t5/policy-and-access/tacacs-configuration-for-cisco-asa/td-p/1243814
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ host x.x.x.x
key test
aaa authentication ssh console TACACS+
aaa authentication enable console TACACS+
aaa authentication http console TACACS+
https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/access_management.html#wp1054101
http://www.ciscopress.com/articles/article.asp?p=1722547&seqNum=4
https://www.networkstraining.com/configuring-aaa-authentication-on-cisco-asa-firewall/
https://www.practicalnetworking.net/stand-alone/cisco-asa-nat/ (Basic conf)
Authorization?
Check this out for example configuration. (Note asa5505 tacacs+ commands for aaa authentication/authorization/accounting are different for other iOS commands used on Cisco ruoters/switches):
https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/a1.html
You need to write ACLs for each user in 5505
http://www.ciscopress.com/articles/article.asp?p=1552963&seqNum=5
https://www.routerfreak.com/aaa-cisco-asa/
Set ASA5505 config register to 0x1 to boot using startup config.
https://community.cisco.com/t5/firewalls/startup-config-won-t-load/td-p/1353921
ASA(config)# config-register 0x1
Save config to startup and reboot. The changes will be effective after reboot. It will boot to startup config. Note that in Cisco routers, it should be set to 0x2102 to boot using startup config. use 0x2142 to skip startup config in ios routers and switches.
If both privilege level and command authorization (using tacacs+), the first privilege filter is applied and then command authorization filter is applied before executing the command by cisco ios
https://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-unix/4104-8.html
http://notthenetwork.me/blog/2012/04/02/how-to-upgrading-the-software-and-asdm-images-on-a-cisco-asa/
ASA5505 image downloads available here:
http//lod.com/cisco/
ASA ASDM compatibility matrix
https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html
Check out the details on LAP 1132 Access Point that works in conjunction with WLC 2106/2112
https://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-4_21a_JA1/configuration/guide/scg12421aJA1/scg12421aJA1-chap4-first.html#wp1121114
Power supply 48 V 260mA 2.5/5.5mm PS connector
Mod Reset button under hood
PoE connector to work with WLC 2106
Serial Console connector under hood
Difference between login and login local commands:
https://www.interfacett.com/blogs/cisco-ios-the-difference-between-login-and-login-local/
https://www.interfacett.com/blogcategory/cisco/
https://certforums.wordpress.com/
Parcer view
OmniSecuR1(config)#username jajish privilege 15 view OmniSecuPV secret OmniSecuPass
Telnet user name: jajish
Telnet pw: OmniSecuPass
https://www.omnisecu.com/ccna-security/parser-views-role-based-access-control-rbac.php
Official certification guide
epub book
https//b-ok.cc/book/5279006/733c2a
Cisco ASDM downloads
http://52.37.188.255/asa/ASDM/Old/?C=D;O=D
[ ] asdm-7101.bin
Cisco SDM downloads:
http://www.firewall.cx/downloads/cisco-tools-a-applications/44-cisco-security-device-manager.html
cisco-sdm-v25.zip
Cisco DNA article
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/tech_notes/b_dnac_sda_lan_automation_deployment.html