Ruby Guide
Table of Contents
Getting started with Ruby
(This is the first part of a two-part series. Click here to view part two!)
Variables Are Barewords
Scope
$global_var = "this has a global scope!"
value = 10
Faelin Landy changed a year agoView mode Like Bookmark
ASA Firewall Configuration
[toc]
---
Getting Started
ASA CLI Overview
The ASA command line interface has a similar look and feel to the Cisco router IOS. However, the ASA CLI also has different commands.
This table contrasts common IOS router and ASA commands.
Faelin Landy changed 4 years agoView mode Like Bookmark
Network Security Configuration
[toc]
---
{%hackmd r8ZvM3noSwKf-NviH6Qb3Q %}
Dynamic Routing Protocol Security
Routing systems can be attacked by disrupting peer network routers, or by falsifying or spoofing the information carried within the routing protocols. Spoofing routing information may generally be used to cause systems to misinform each other, cause a DoS attack, or cause traffic to follow a path it would not normally follow.
Faelin Landy changed 4 years agoView mode Like Bookmark
VPN Configuration
[toc]
---
Overview
To secure network traffic between sites and users, organizations use virtual private networks (VPNs) to create end-to-end private network connections. VPNs are private in that traffic over a VPN is encrypted to keep the data confidential while it is transported across a public network.
:::info
The first types of VPNs were strictly IP tunnels that did not include authentication or encryption of the data. For example, Generic Routing Encapsulation (GRE), which does not include encryption services, is used to encapsulate IPv4 and IPv6 traffic inside an IP tunnel to create a virtual point-to-point link.
Faelin Landy changed 4 years agoView mode Like Bookmark
Network Traffic Control
[toc]
---
Network Access Management using AAA
AAA network security services provide the primary framework to set up access control on a network device. Network and administrative AAA security in the Cisco environment has three functional components: Authentication, Authorization, and Accounting
Authentication
AAA Authentication can be used to authenticate users for administrative access or it can be used to authenticate users for remote network access. Authentication can be established using username and password combinations, challenge and response questions, token cards, and other methods.
Faelin Landy changed 4 years agoView mode Like Bookmark
Spanning Tree Protocol
[toc]
---
Overview
Spanning Tree Protocol (STP) is a loop-prevention network protocol that allows for redundancy while creating a loop-free Layer 2 topology.
Without STP enabled, Layer 2 loops can form, causing broadcast, multicast and unknown unicast frames to loop endlessly. This can bring down a network within a very short amount of time.
Faelin Landy changed 4 years agoView mode Like Bookmark
VLAN Management
[toc]
---
Virtual Local Area Networks (VLANs) provide segmentation and organizational flexibility in a switched network, and allow an administrator to segment networks based on factors such as function, team, or application, without regard for the physical location of the users or devices.
A group of devices within a VLAN communicate as if each device was attached to the same cable. VLANs are based on logical connections, instead of physical connections; any switch port can belong to a VLAN. However, each switch port can be assigned to only one VLAN (except for a port connected to an IP phone or to another switch).
Unicast, broadcast, and multicast packets are forwarded and flooded only to end devices within the VLAN where the packets are sourced. Packets initiated within a VLAN that are destined for devices outside of the VLAN must be forwarded through a device that supports routing.
Faelin Landy changed 4 years agoView mode Like 1 Bookmark
Static Routes
[toc]
---
Types of Static Route
The difference between an Ethernet multi-access network and a point-to-point serial network is that a point-to-point serial network has only one other device on that network, the router at the other end of the link. With Ethernet networks, there may be many different devices sharing the same multi-access network, including hosts and even multiple routers.
:::success
It is recommended that when the exit interface is an Ethernet network, that the static route includes a next-hop IP address.
Faelin Landy changed 4 years agoView mode Like Bookmark
First-Hop Redundancy Protocols
[toc]
---
Hot-Standby Redudancy Protocol
HSRP is a Cisco-proprietary FHRP that is designed to allow for transparent failover of a first-hop IP device.
HSRP Priority
HSRP priority can be used to determine the active router. The router with the highest HSRP priority will become the active router. By default, the HSRP priority is 100. If the priorities are equal, the router with the numerically highest IPv4 address is elected as the active router.
Faelin Landy changed 4 years agoView mode Like Bookmark
Port Clustering and Aggregation
[toc]
---
EtherChannel Configuration
Link Aggregation Control Protocol
Configure the ports Fa0/1 and Fa0/2 as members of channel-group 1, using LACP unconditionally.
S1(config)# interface range FastEthernet 0/1 - 2
Faelin Landy changed 4 years agoView mode Like Bookmark
Device Management Configuration
[toc]
---
Network Security Using Syslog
When certain events occur on a network, networking devices have trusted mechanisms to notify the administrator with detailed system messages. Syslog is the most common method of accessing system messages sent across the network. Syslog uses UDP port 514 to send event notification messages across IP networks to event message collectors.
The syslog logging service on Cisco IOS provides three primary functions, as follows:
Faelin Landy changed 4 years agoView mode Like Bookmark
IOS Security Configuration
[toc]
---
{%hackmd r8ZvM3noSwKf-NviH6Qb3Q %}
Secure Administrative Access
Authentication
To secure user EXEC mode access, enter line console configuration mode using the line console 0 global configuration command. Specify the user EXEC mode password using the password password command. Finally, enable user EXEC access using the login command.
Faelin Landy changed 4 years agoView mode Like Bookmark
Basic Switch Configuration
[toc]
---
SVI Configuration – Switch Management Access
Enter global configuration mode.
Configure the default gateway for the switch (if it will be managed remotely from networks that are not directly connected).
Enter interface configuration mode for the SVI.
Faelin Landy changed 4 years agoView mode Like Bookmark
Basic Router Configuration
[toc]
---
Initial Configuration Steps
The following configuration tasks should always be performed:
Name the device to distinguish it from other routers, and configure passwords.
Router# configure terminal
Faelin Landy changed 4 years agoView mode Like Bookmark