Ruby Guide Table of Contents Getting started with Ruby (This is the first part of a two-part series. Click here to view part two!) Variables Are Barewords Scope $global_var = "this has a global scope!" value = 10

ASA Firewall Configuration [toc] --- Getting Started ASA CLI Overview The ASA command line interface has a similar look and feel to the Cisco router IOS. However, the ASA CLI also has different commands. This table contrasts common IOS router and ASA commands.

Network Security Configuration [toc] --- {%hackmd r8ZvM3noSwKf-NviH6Qb3Q %} Dynamic Routing Protocol Security Routing systems can be attacked by disrupting peer network routers, or by falsifying or spoofing the information carried within the routing protocols. Spoofing routing information may generally be used to cause systems to misinform each other, cause a DoS attack, or cause traffic to follow a path it would not normally follow.

VPN Configuration [toc] --- Overview To secure network traffic between sites and users, organizations use virtual private networks (VPNs) to create end-to-end private network connections. VPNs are private in that traffic over a VPN is encrypted to keep the data confidential while it is transported across a public network. :::info The first types of VPNs were strictly IP tunnels that did not include authentication or encryption of the data. For example, Generic Routing Encapsulation (GRE), which does not include encryption services, is used to encapsulate IPv4 and IPv6 traffic inside an IP tunnel to create a virtual point-to-point link.

Network Traffic Control [toc] --- Network Access Management using AAA AAA network security services provide the primary framework to set up access control on a network device. Network and administrative AAA security in the Cisco environment has three functional components: Authentication, Authorization, and Accounting Authentication AAA Authentication can be used to authenticate users for administrative access or it can be used to authenticate users for remote network access. Authentication can be established using username and password combinations, challenge and response questions, token cards, and other methods.

Cisco IOS Reference Guide [toc] Packet Switching Concepts Device Initialization IOS Command-Line Interface Overview Basic Switch Configuration Basic Router Configuration IOS Security Configuration

Device Initialization [toc] --- Onboard LED Indicators

Spanning Tree Protocol [toc] --- Overview Spanning Tree Protocol (STP) is a loop-prevention network protocol that allows for redundancy while creating a loop-free Layer 2 topology. Without STP enabled, Layer 2 loops can form, causing broadcast, multicast and unknown unicast frames to loop endlessly. This can bring down a network within a very short amount of time.

VLAN Management [toc] --- Virtual Local Area Networks (VLANs) provide segmentation and organizational flexibility in a switched network, and allow an administrator to segment networks based on factors such as function, team, or application, without regard for the physical location of the users or devices. A group of devices within a VLAN communicate as if each device was attached to the same cable. VLANs are based on logical connections, instead of physical connections; any switch port can belong to a VLAN. However, each switch port can be assigned to only one VLAN (except for a port connected to an IP phone or to another switch). Unicast, broadcast, and multicast packets are forwarded and flooded only to end devices within the VLAN where the packets are sourced. Packets initiated within a VLAN that are destined for devices outside of the VLAN must be forwarded through a device that supports routing.

Static Routes [toc] --- Types of Static Route The difference between an Ethernet multi-access network and a point-to-point serial network is that a point-to-point serial network has only one other device on that network, the router at the other end of the link. With Ethernet networks, there may be many different devices sharing the same multi-access network, including hosts and even multiple routers. :::success It is recommended that when the exit interface is an Ethernet network, that the static route includes a next-hop IP address.

First-Hop Redundancy Protocols [toc] --- Hot-Standby Redudancy Protocol HSRP is a Cisco-proprietary FHRP that is designed to allow for transparent failover of a first-hop IP device. HSRP Priority HSRP priority can be used to determine the active router. The router with the highest HSRP priority will become the active router. By default, the HSRP priority is 100. If the priorities are equal, the router with the numerically highest IPv4 address is elected as the active router.

DHCP Addressing [toc] --- DHCPv4 Config Exclude IPv4 Addresses Router(config)# ip dhcp excluded-address <low-address> [<high-address>]

Port Clustering and Aggregation [toc] --- EtherChannel Configuration Link Aggregation Control Protocol Configure the ports Fa0/1 and Fa0/2 as members of channel-group 1, using LACP unconditionally. S1(config)# interface range FastEthernet 0/1 - 2

WLANs and WLCs [toc] --- COMING SOON... {%hackmd 7PGmjAHeTXak2VUM3iw5Wg %}

Device Management Configuration [toc] --- Network Security Using Syslog When certain events occur on a network, networking devices have trusted mechanisms to notify the administrator with detailed system messages. Syslog is the most common method of accessing system messages sent across the network. Syslog uses UDP port 514 to send event notification messages across IP networks to event message collectors. The syslog logging service on Cisco IOS provides three primary functions, as follows:

--- title: HackMD Dark Theme tags: Formatting, Theme description: Use `{%hackmd Y7Gu-IQIQUWGHO_MeieqvQ %}` syntax to include this theme, or insert from template. --- <style> /*--------------- view ---------------*/ body[style], body[style*="background-color: black;"] { background-color: #1e1e1e !important; } body { color: #abb2bf; } .ui-view-area, .markdown-body, .ui-content { background: #ffff; background-color: #333; color: #abb2bf; } h1, h2, h

IOS Security Configuration [toc] --- {%hackmd r8ZvM3noSwKf-NviH6Qb3Q %} Secure Administrative Access Authentication To secure user EXEC mode access, enter line console configuration mode using the line console 0 global configuration command. Specify the user EXEC mode password using the password password command. Finally, enable user EXEC access using the login command.

Basic Switch Configuration [toc] --- SVI Configuration – Switch Management Access Enter global configuration mode. Configure the default gateway for the switch (if it will be managed remotely from networks that are not directly connected). Enter interface configuration mode for the SVI.

Basic Router Configuration [toc] --- Initial Configuration Steps The following configuration tasks should always be performed: Name the device to distinguish it from other routers, and configure passwords. Router# configure terminal

IOS Command-Line Interface [toc] --- Basic Commands Switch> enable Switch# configure terminal Switch(config)# end Switch# show running-config