November 2008 Archives

CCNA Voice...It's Finally Here!

November 24, 2008 10:27 AM | 22 Comments

My latest work has finally come to fruition: Cisco Press CCNA Voice. In approaching this book, I took a different strategy of writing. Rather than focusing solely on covering exam topics, it's written from a "let's build a VoIP network...step-by-step." It contains configuration example after configuration example, which is what I love when I'm looking for technical documentation. Check it out!

Looking for a Cisco Job?

November 21, 2008 9:41 AM | 4 Comments

I never knew this, but Cisco has a "Cisco Learning Network Job Portal" to help you find jobs by certification level. Looks pretty awesome!

Click here to check it out: Cisco Learning Network Job Portal

Template Parameter Access List

November 12, 2008 3:21 PM | 13 Comments

My friend Mike Storm has come up with a good "base" ACL for use on Internet facing routers and firewall devices. While he has it listed on his blog, I am referencing it here for my own future reference.

Assuming my PubNet range is a block of 32 66.238.29.0 - 31. See below

! no fragments
access-list 100 deny tcp any 66.238.29.0 0.0.0.31 log fragments
access-list 100 deny udp any 66.238.29.0 0.0.0.31 log fragments
access-list 100 deny icmp any 66.238.29.0 0.0.0.31 log fragments
! no snmp inbound from the Internet
access-list 100 deny udp any any eq snmp
access-list 100 deny udp any any eq snmptrap
! RFC 2827 Ingress, RFC 3804 Martian Filtering and RFC 1918 private Address Filtering
access-list 100 deny ip 127.0.0.0 0.255.255.255 any log
access-list 100 deny ip 255.0.0.0 0.255.255.255 any log
access-list 100 deny ip 224.0.0.0 31.255.255.255 any log
access-list 100 deny ip host 0.0.0.0 any log
access-list 100 deny ip 10.0.0.0 0.255.255.255 any log
access-list 100 deny ip 172.16.0.0 0.15.255.255 any log
access-list 100 deny ip 192.0.2.0 0.0.0.255 any log
access-list 100 deny ip 192.168.0.0 0.0.255.255 any log
access-list 100 deny ip 14.0.0.0 0.255.255.255 any log
access-list 100 deny ip 169.254.0.0 0.0.255.255 any log
access-list 100 deny ip 198.18.0.0 0.0.255.255 any log
access-list 100 deny ip 66.238.29.0 0.0.0.31 any log
! no routing protocols inbound (unless needed)
access-list 100 deny tcp any any eq bgp log
access-list 100 deny tcp any eq bgp any log
access-list 100 deny ipinip any any
access-list 100 deny gre any any
access-list 100 deny pim any any
access-list 100 deny 90 any any
access-list 100 deny ospf any any log
access-list 100 deny eigrp any any log
access-list 100 deny udp any eq rip any log
access-list 100 deny udp any any eq rip log
access-list 100 permit now begins your permits...if any

Notes:
192.0.2.0 0.0.0.255 any log (range known to be used exploit default pw on WLA devices)
4.0.0.0 0.255.255.255 any log (Known as Net-14, a Public use network, possibly used by attackers)
69.254.0.0 0.0.255.255 any log (RFC2026 Link Local)
198.18.0.0 0.0.255.255 any log (block for benchmark tests of network interconnect devices, RFC2544)

The Handy, Dandy Cisco Product Quick Reference Guide

November 4, 2008 3:54 PM | 6 Comments

This guide rocks - it's every router, switch, or miscellaneous widget that Cisco makes and the modules each can handle. Very handy when trying to figure out what to buy for a project.

You can conveniently download it from here.

-Summer 2008 Edition

« October 2008 | Main Index | Archives | December 2008 »

Search

About this Archive

This page is an archive of entries from November 2008 listed from newest to oldest.

October 2008 is the previous archive.

December 2008 is the next archive.

Find recent content on the main index or look in the archives to find all content.