Enterprise Level General Network Design

Final_network design2



Auto Secure Command on Cisco Routers – Part 2

In previous post we discussed about benefits & what auto secure command does on Cisco devices.

In this post we will see the configuration and it’s output.

Router#auto secure

— AutoSecure Configuration —

*** AutoSecure configuration enhances the security of

the router, but it will not make it absolutely resistant

to all security attacks ***

Read More »

VLAN Trunking Protocol (VTP)

VLAN is a group of devices/users physically connected to one or more switches, but they are logically separated. All devices in a single VLAN receive broadcast sent by a device in that respective VLAN. By default, all interfaces of switch are in a single VLAN or single broadcast domain.

It’s a very simple job to configure VLANs on few switches; you just have to manually access every switch and configure VLANs. But it will be a very tedious job to configure VLANs manually on each and every switch in the large network.

Read More »

Minimum Default Configuration on Cisco Switch/Router

  • Hostname

Hostnames must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphens. Names must be 63 characters or fewer. If you establish sessions to multiple devices, the hostname helps you keep track of where you enter commands. Creating an all numeric hostname is not recommended but the name will be accepted after an error is returned.

  • Enable secret

To provide an additional layer of security, particularly for passwords that cross the network, this allow you to establish an encrypted password that users must enter to access enable mode (the default), or any privilege level you specify.Read More »

Infrastructure Access List (iACL)

As we know, the main purpose of private IP address range (RFC 1918) is that they are used only for internal network (LAN). Therefore private IP address range should not be advertised on internet cloud.

Another IP address range is organization’s own public IP pool, purchased from IANA or provided by ISP, which is used for NAT. That range normally used for web server, mail server, LAN users etc. Hence this unique IP address range should not be seen as a source IP address on outside interface of the gateway router.

Read More »

Trunk Links

Trunk links have a capability to carry multiple VLANs on a single link and should be used for interconnecting switches. By default, switch interfaces can carry only one VLAN data.

As in Figure 1, there are two VLANs on SW-A, VLAN 2 and 3. User A-1 is in VLAN 2 and User A-2 is in VLAN 3. Same way there is two VLANs on SW-B. User B-1 is in VLAN 3 and User B-2 is in VLAN 3.

Read More »