WAN Technology

WAN Technology Definition: WAN Technology is pretty much about a point-to-point (or multi-point) private (represents Bandwidth is exclusively used) leased line Connecting customer’s private LAN to SP or Carrier, or link together separate LANs over a wide area.WAN technology solves the problem about how to allocat the BW that ISP Access Point provided to customers …

Continue reading ‘WAN Technology’ »

Tips Infos Shortcuts

Shoutcuts for SecureCRT: Alt+1/2/3/4/5…/9 —— 切换到第1/2/3/4/5…/9个标签 Ctrl+a —— 光标移至行首。 Ctrl+e —— 光标移至行末。 Ctrl+d —— 删除光标后一位字符。 Ctrl+k —— 删除当前光标至行末内容。 Ctrl+w —— 删除当前光标至行首内容。 Alt+b ——打开新的终端 Alt+Enter——全屏 Alt + Enter — 全屏   Alt + B –打开新的连接  Alt + 1/2/3/4/5…/9 — 切换到第1/2/3/4/5…/9个标签   Ctrl + A — 光标移至行首。   Ctrl + B — 光标前移1个字符   Ctrl + D — 删除光标后1个字符   Ctrl + …

Continue reading ‘Tips Infos Shortcuts’ »

GNS3 tutorial

The way GNS3 emulate hardwareEach virtual device (e.g, cisco router or switch) or its component (NVRAM, Hard driver etc) that GNS3 emulates is actually a file stored on local computer, thus it can be stored separately or imported into another GNS3 LAB instance as required. Concepts for GNS3 Projects Storing Device Subsections: Settings for ram, …

Continue reading ‘GNS3 tutorial’ »

Virtual and Real Memory in PC

Real memory: refers to the physical memory chips that are physically installed in the computer. All programs actually run in this physical memory. However, as the programs concurrently running on a PC increase, real memory might not enough to accommodate those programs. Therefore, it is useful to allow PC to temporarily rent hard disk space …

Continue reading ‘Virtual and Real Memory in PC’ »

VTI-Based Site-to-Site IPsec VPN

VTI (Virtual Tunnel Interface) Virtual tunnel interface is a full-featured routable interface, many of the common interface options that can be applied to physical interfaces can now be applied to the IPsec virtual tunnel interface. Using VTI in IPsec VPN makes the static mapping between the IPsec crypto map and physical interface no longer an …

Continue reading ‘VTI-Based Site-to-Site IPsec VPN’ »

Cisco IPsec VPN

IPSec VPN Components Internet Key Exchange (IKE): IKE is a protocol defined by RFC 2408 that uses parts of several other protocols, such as Internet Security Association Key Management Protocol (ISAKMP), Oakley, and Secure Key Exchange Mechanism (SKEME), to dynamically create a shared security policy and authenticated keys for services that require keys, such as …

Continue reading ‘Cisco IPsec VPN’ »

Cisco Site-to-Site VPN Basics

When designing a Site to Site VPN solution, there are mainly three components to consider: Choosing VPN LAN Topology: the overall logical network architecture which depicts the way in which different sites are interconnected with each other. When choosing between different VPN LAN Topology, traffic pattern must be gathered and analyzed as well as connectivity …

Continue reading ‘Cisco Site-to-Site VPN Basics’ »

Cisco IOS IPS

IPS Basic Concepts and Components Intrusion Detection System (IDS) uses sensors to monitor, analyze and detect the malicious activities, and generate alerts or syslog to notice administrator to take action to prevent further attack. While Intrusion Prevention system (IPS), is designed to detect, classify and take real-time actions to prevent further malicious activities automatically without …

Continue reading ‘Cisco IOS IPS’ »

Zone Based Policy Firewall (ZBPFW)

Each organization can be separated into several security zones, internal, DMZ, External etc. Then all network devices interfaces are assigned to different security zones. Different security policies are applied between different security zones for each connection direction. Unlike previous cisco IOS based firewall feature which was called Context-Based Access Control (CBAC), ZBPFW defines traffic of …

Continue reading ‘Zone Based Policy Firewall (ZBPFW)’ »

BGP Concepts

BGP Basic concepts BGP neighbors do not have to reside in the same subnet as long as IP address is accessible. BGP neighbors use TCP connection (179) to exchange topology information. 16-bit ASN assignments  Next-Hop in BGP advertisement: For EBGP, the next hop is always the IP address of the neighbor specified in the neighbor …

Continue reading ‘BGP Concepts’ »