Intended traffic that will be allowed and be inspected from inside to outside zone class-map type inspect match-any fw-cmap match protocol ssh match protocol telnet match protocol http match protocol https match protocol ftp match protocol dns match protocol ntp match protocol smtp match protocol isakmp match protocol ipsec-msft Class map can be used for … Continue reading Security: Zone based firewall rules
Tag: cisco
How to convert from broadcast to multicast and vice versa using Cisco router.
Scenario: ABC corporation and XYZ company has merged into one huge organization known as EFG. Your employer company - MTA has been engaged to come out a solution to merge the IT departments of both companies without changing the existing corporate IP addresses and existing softwares. Two departments reside on different network, so in order … Continue reading How to convert from broadcast to multicast and vice versa using Cisco router.
Number of vlans that can be created for each cisco switch models
Number of vlans that can be created for each cisco switch models by Cyrus Lok on Monday, August 9, 2010 at 11:45pm 2950: standard ios supports up to 64 vlans, able to use vlan id from 1 - 4094. Enhanced image supports up to 250 vlans, able to use vlan id from 1 - 4094 … Continue reading Number of vlans that can be created for each cisco switch models
Private-vlan and protected ports
Private-vlan and protected ports by Cyrus Lok on Wednesday, August 18, 2010 at 11:32am Private vlan introduction If you want to limit the communication among devices under the same subnet you can configure private vlan to achieve this objective. One private vlan primary can service only one isolated vlan and many community vlans. There are … Continue reading Private-vlan and protected ports
EIGRP Objective 1
EIGRP Objective 1 by Cyrus Lok on Sunday, September 5, 2010 at 5:43pm Background: MTA stands for Megasource TechnoActive, a new startup system integrator that provide wide area network solutions, home office solution, enterprise infrastructure maintenance, process network solution, process network maintenance, network security services...etc You are hired as a network engineer by MTA, recently … Continue reading EIGRP Objective 1
VRRP – using 2651xm
VRRP - using 2651xm by Cyrus Lok on Monday, August 30, 2010 at 11:22pm No worries if 3550 does not support VRRP. 2651xm real router does! 2651xm-1#sh ip int bri Interface IP-Address OK? Method Status Protocol FastEthernet0/0 172.16.1.1 YES NVRAM up down FastEthernet0/1 unassigned YES NVRAM administratively down down Note: If I use real address … Continue reading VRRP – using 2651xm
Configuring a frame relay switch (or frame relay cloud)
Configuring a frame relay switch (or frame relay cloud) by Cyrus Lok on Sunday, September 5, 2010 at 9:33pm Ever since I have started out cisco networking career last year I have only learned how to configure routers to connect the frame relay cloud, nothing and not a single thing was mentioned on how to … Continue reading Configuring a frame relay switch (or frame relay cloud)
Multicast
Multicast by Cyrus Lok on Friday, August 20, 2010 at 12:08am I had always mixed up between broadcast and multicast but not anymore, they do have similarity i.e. both send each copy of the packet to every nodes. But there's a significant difference. Broadcast is like a brute, a node sends a broadcast; all nodes … Continue reading Multicast
Flawed configuration: Broadcast to Multicast and Multicast to broadcast translation
WARNING: THE BELOW CONFIGURATION HAS FLAWS. IP PIM SPARSE-MODE NEEDS A RENDEZVOUS POINT WHICH IS NOT DEFINED HENCE MULTICAST ROUTING IS NOT POSSIBLE. I WILL READ UP MORE ABOUT PIM TO UNDERSTAND BETTER. THIS POST IS RESERVED FOR ARCHIVE. I just found out that Multicast is a hated subject by many people, in my opinion … Continue reading Flawed configuration: Broadcast to Multicast and Multicast to broadcast translation
Upgrading ASA from 7.2(4) to 8.2(1)
Upgrading ASA from 7.2(4) to 8.2(1) by Cyrus Lok on Thursday, April 8, 2010 at 8:33pm Verify free disk space, ASA flash allows multiple copies of image files to be loaded as long as it has sufficient space. ciscoasa# dir flash: Directory of disk0:/ 6 -rw- 8515584 08:42:32 Dec 11 2009 asa724-k8.bin 7 -rw- 4181246 … Continue reading Upgrading ASA from 7.2(4) to 8.2(1)
cyruslab 