CCNA Lab Kit

Started by certforumz, February 14, 2018, 08:15:33 PM

Previous topic - Next topic

certforumz


C:\PHP>php -v
PHP 7.4.1 (cli) (built: Dec 17 2019 19:24:02) ( ZTS Visual C++ 2017 x64 )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies

C:\PHP>

certforumz

#46
https://opensourceforu.com/2016/12/setting-apache-php-windows/

Installing php on Windows 10 computer along with Apache 2 and mysla (php 7.4.1)

https://www.sitepoint.com/how-to-install-php-on-windows/

certforumz

The PHPMyAdmin may give error when installed. Give the following commands to fix it:

mysql> alter user root@localhost identified with mysql_native_password by '';
Query OK, 0 rows affected (0.11 sec)

mysql>

Error:

windows mysqli::real_connect(): The server requested authentication method unknown to the client [caching_sha2_password]

certforumz

#48
Check out this example for PPPOE configuration using SRX100:

https://www.fir3net.com/Firewalls/Juniper/srx-pppoe.html

Also see this:
http://networkingbodges.blogspot.com/2015/04/quick-build-pppoe-client-on-junos.html

explained well.

Also see:
https://forums.whirlpool.net.au/archive/1349641
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-interface-config-pppoe.html


CONFIGURATION
Below shows the required configuration for PPPoE.

set interfaces fe-0/0/7 unit 0 encapsulation ppp-over-ether

set interfaces pp0 unit 0 ppp-options chap default-chap-secret <PASSWORD>
set interfaces pp0 unit 0 ppp-options chap local-name <USERNAME>
set interfaces pp0 unit 0 ppp-options chap passive

set interfaces pp0 unit 0 pppoe-options underlying-interface fe-0/0/7.0
set interfaces pp0 unit 0 pppoe-options idle-timeout 0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 3
set interfaces pp0 unit 0 pppoe-options client

set interfaces pp0 unit 0 family inet mtu 1492
set interfaces pp0 unit 0 family inet negotiate-address

set routing-options static route 0.0.0.0/0 next-hop pp0.0
set security zones security-zone untrust interfaces pp0.0

TROUBLESHOOTING
STATISTICS
The following commands are used to display ppp and pppoe statistics.

root@srx100> show ppp statistics
Session statistics from PPP process
  Total sessions: 1
    Sessions in disabled phase    : 0
    Sessions in establish phase   : 0
    Sessions in authenticate phase: 0
    Sessions in network phase     : 1
    Bundles in pending phase      : 0

root@srx100> show pppoe statistics
Active PPPoE sessions: 1
  PacketType                       Sent         Received
    PADI                              2                0
    PADO                              0                2
    PADR                              2                0
    PADS                              0                2
    PADT                              0                0
    Service name error                0                0
    AC system error                   0                0
    Generic error                     0                0
    Malformed packets                 0                0
    Unknown packets                   0                0
  Timeout
    PADI                              0
    PADO                              0
    PADR                              0

INTERFACE INFORMATION
The following command is used to display use information for the pp0 interface.

root@srx100# run show interfaces pp0
Physical interface: pp0, Enabled, Physical link is Up
  Interface index: 128, SNMP ifIndex: 502
  Type: PPPoE, Link-level type: PPPoE, MTU: 1532
  Device flags   : Present Running
  Interface flags: Point-To-Point SNMP-Traps
  Link type      : Full-Duplex
  Link flags     : None
    Input packets : 0
    Output packets: 0

  Logical interface pp0.0 (Index 78) (SNMP ifIndex 532)
    Flags: Point-To-Point SNMP-Traps 0x0 Encapsulation: PPPoE
    PPPoE:
      State: SessionUp, Session ID: 6,
      Session AC name: Vigor2000 PPPoE, Remote MAC address: xx:xx:xx:xx:xx:xx,
      Configured AC name: None, Service name: None,
      Auto-reconnect timeout: 30 seconds, Idle timeout: Never,
      Underlying interface: fe-0/0/7.0 (Index 77)
    Input packets : 1341
    Output packets: 1153
  Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3
  Keepalive: Input: 5 (00:00:19 ago), Output: 26 (00:00:06 ago)
  LCP state: Opened
  NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: Not-configured
  CHAP state: Success
  PAP state: Closed
    Security: Zone: untrust
    Allowed host-inbound traffic : dns https ike ping ssh traceroute
    Protocol inet, MTU: 1492
      Flags: Sendbcast-pkt-to-re, User-MTU, Negotiate-Address
      Addresses, Flags: Kernel Is-Preferred Is-Primary
        Destination: x.x.x.x, Local: x.x.x.x



certforumz

****
https://www.practicalnetworking.net/stand-alone/cisco-asa-nat/

Part 1 – NAT Syntax

There are two sets of syntax available for configuring address translation on a Cisco ASA. These two methods are referred to as Auto NAT and Manual NAT. The syntax for both makes use of a construct known as an object. The configuration of objects involve the keywords real and mapped. In Part 1 of this article we will discuss all five of these terms.
Objects

An object is a construct which represents any single item in your network environment. Two types of objects can be configured:

    a network object — represents one IP address, or one IP Subnet, or one IP address range
    a service object — represents one set of a Protocol, Source Port, and/or Destination port

The idea is to configure and define an object, then reference that one item in your configuration by the object's name.
Network Objects

To configure a network object, first use the following syntax to create the object:

object network <Object Name>

Then define the content of the object as either a single IP Address, or a single IP Subnet, or a single IP Address range using either of the commands below:

  host <IP Address>

  subnet <Network ID> <Subnet Mask>

  range <Start IP Address> <End IP Address>

Below are examples of each of the three types of network objects:

To create a network object which represents your web server's IP address, you would use the following syntax:

object network WEB-SERVER
  host 172.16.30.15

To create a network object which represents your Inside network, you would use the following syntax:

object network INSIDE-NETWORK
  subnet 172.16.30.0 255.255.255.0

Lastly, to create a network object which represents a particular IP address range, you would use the following syntax. This will define a range that includes all five IP addresses in the inclusive range of 72.6.6.10 through 72.6.6.14.

object network PUBLIC-IPs
  range 72.6.6.10 72.6.6.14

Service Objects

To configure a service object, first use the following syntax to create the object:

object service <Object Name>

The content of the service object must include at least a protocol, and can also include a source port, destination port, or both. Here are examples of all four possibilities:

object service PROTOCOL
  service esp

object service PROT-DST
  service tcp destination eq 80

object service PROT-SRC   
  service tcp source gt 1023

object service PROT-SRC-DST
  service udp source eq 53 destination eq 53

The specific port number the object represents can be identified using certain operators – the example above uses eq and gt. Five different operators exists:
eq <Port#>    Port must be equal to <Port#>
gt <Port#>    Port must be greater than <Port#> (equal to <Port#> will not match)
lt <Port#>    Port must be lesser than <Port#> (equal to <Port#> will not match)
neq <Port#>    Port must be not equal to <Port#>
range <Start#> <End#>    Port must be in the inclusive range of <Start#> to <End#>
Viewing Objects

Two commands are available to view objects:

The show run object command lists the objects essentially as they were configured above:

asa98#  show run object
object service PROTOCOL
  service esp
object service PROT-DST
  service tcp destination eq www
object service PROT-SRC
  service tcp source gt 1023
object service PROT-SRC-DST
  service udp source eq domain destination eq domain
object network WEB-SERVER
  host 172.16.30.15   
object network INSIDE-NETWORK
  subnet 172.16.30.0 255.255.255.0
object network PUBLIC-IPs
  range 72.6.6.10 72.6.6.14

And the show run object in-line command displays the same as above, except every object definition will be on the same line as the object name:

asa98#  show run object in-line
object service PROTOCOL service esp
object service PROT-DST service tcp destination eq www
object service PROT-SRC service tcp source gt 1023
object service PROT-SRC-DST service udp source eq domain destination eq domain
object network WEB-SERVER host 172.16.30.15
object network INSIDE-NETWORK subnet 172.16.30.0 255.255.255.0
object network PUBLIC-IPs range 72.6.6.10 72.6.6.14

Using the in-line variant makes it much easier to "pipe include" and search for a specific object name and/or definition:

asa98#  show run object in-line | include WEB
object network WEB-SERVER host 172.16.30.15

If you had done the "pipe include" without the in-line option you just would have received the full name of the object, but not the object's definition.


certforumz

Check this out for example configuration. (Note asa5505 tacacs+ commands for aaa authentication/authorization/accounting are different for other iOS commands used on Cisco ruoters/switches):

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/a1.html

You need to write ACLs for each user in 5505
http://www.ciscopress.com/articles/article.asp?p=1552963&seqNum=5

https://www.routerfreak.com/aaa-cisco-asa/


Set ASA5505 config register to 0x1 to boot using startup config.
https://community.cisco.com/t5/firewalls/startup-config-won-t-load/td-p/1353921

ASA(config)# config-register 0x1
Save config to startup and reboot. The changes will be effective after reboot. It will boot to startup config. Note that in Cisco routers, it should be set to 0x2102 to boot using startup config. use 0x2142 to skip startup config in ios routers and switches.

If both privilege level and command authorization (using tacacs+), the first privilege filter is applied and then command authorization filter is applied before executing the command by cisco ios
https://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-unix/4104-8.html


certforumz

Check out the details on LAP 1132 Access Point that works in conjunction with WLC 2106/2112

https://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-4_21a_JA1/configuration/guide/scg12421aJA1/scg12421aJA1-chap4-first.html#wp1121114

Power supply 48 V 260mA 2.5/5.5mm PS connector
Mod Reset button under hood
PoE connector to work with WLC 2106
Serial Console connector under hood


certforumz

#55
Difference between login and login local commands:
https://www.interfacett.com/blogs/cisco-ios-the-difference-between-login-and-login-local/

https://www.interfacett.com/blogcategory/cisco/


https://certforums.wordpress.com/

Parcer view

OmniSecuR1(config)#username jajish privilege 15 view OmniSecuPV secret OmniSecuPass

Telnet user name: jajish
Telnet pw: OmniSecuPass

https://www.omnisecu.com/ccna-security/parser-views-role-based-access-control-rbac.php

certforumz

#56
Official certification guide
epub book
https//b-ok.cc/book/5279006/733c2a

Cisco ASDM downloads
http://52.37.188.255/asa/ASDM/Old/?C=D;O=D
[ ]   asdm-7101.bin

Cisco SDM downloads:
http://www.firewall.cx/downloads/cisco-tools-a-applications/44-cisco-security-device-manager.html
cisco-sdm-v25.zip