Routing ¢3 Switelhing
Version F.0
Infrastructure Security
www.noasolutions.com
loor Opposite to banjara function hall,Banjarahills road no
7036826345 Page 1About the Author
Sikandar Shaik, a dual CCIE (RS/SP# 35012). is a highly experienced and extremely driven senior technical
instructor and network consultant. He has been training networking courses for more than 10 years, teaching on
a wide range of topics including Routing and Switching, Service Provider and Security (CCNA to CCIE). In
addition, he has been developing and updating the content for these courses. He has assisted many engineers in
passing out the lab examinations and securing certifications.
Sikandar Shaik is highly skilled at designing, planning, coordinating, maintaining, troubleshooting and
iplementing changes to various aspects of multi-scaled, multi-platform, multi-protocol complex networks as
well as course development and instruction for a technical workforce in a varied networking environment. His
experience includes responsibilities ranging from operating and maintaining PC's and peripherals to network
control programs for multi-faceted data communication networks in LAN, MAN and WAN environments.
Sikandar Shaik has delivered instructor led trainings in several states in India as well as in abroad in countries like
China, Kenya and UAE. He has also worked as a Freelance Cisco Certified Instructor globally for Corporate
Major Clients.
Acknowledgment
First and foremost | would like to thank the Almighty for his continued blessings and for always being there for
me. You have given me the power and confidence to believe in myself and pursue my dreams. | could never
have done this without the faith | have in you, Secondly | would like to thank the NOA Solutions team for their
continued support, dedication and hard work which helped me in delivering a better product. | would like to
thank my family for understanding my long nights at the computer. | have spent a lot of time on preparing
workbooks and this workbook would not have been possible without their support and encouragement. |
would also like to recognize the cooperation of my students who took my trainings and workbooks. | believe
my workbooks have helped them in upskilling themselves with respect to the subject and technologies and | will
continue preparing workbooks for the updated technology versions.
Shaik Gouse Moinuddin Sikandar
CCIE x 2 (RS/SP)
Feedback
Please send feedback if there are any issues with respect to the content of this workbook. | would also
appreciate suggestions from you which can improve this workbook further. Kindly send your feedback and
suggestions at info@noasolutions.com
NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1
Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution
on’ Page 2INDEX
Access-Controllist
Standard ACL... 5
LAB: STANDARD ACCESS-LIST u
Extended ACL... 15
LAB: EXTENDED ACCESS-LIST .. 19
Named ACL 22
LAB : Restricting Telnet Access ... 28
Routing protocol and ACL... 32
LAB : Routing protocol and ACL : ....-seseseeee ceosesesseesesseesee cesses 34
LAB: Deny OSPF / EIGRP Traffic: 38
TIME BASED ACL .
LAB-2 : Time Based ACL
IPv6 ACL.
Device Access Security
Basic Login passwords .. 59
65
70
Login password Enhancements .o.s.sssosssssscstesesseseesnstensese
LAB : Cisco Login Enhancements .
Cisco IOS Resilient Configuration...
AAA Authenitcation using external servers ..ssssesseseeeeteetea
LAB: AAA Authentication: ....ccsesssssssssssseeeesesesusstssssssssessessessesesesessesisessnssssseee OT
User Accounts & Privilege levels 99
LAB : User accounts and privilege Levels 102
Role based Access control 107
LAB : Role Based Access Control ( Views) ..
Layer2 Seaur
Understanding switch security issues 4
Port security 6
LAB: PORT-SECURITY .. 122
DHCP snooping 128
LAB : DHCP Snooping : 131
LAB : IP Source Guard 14
Dynamic ARP inspection 144
Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1
Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution
om Page 3LAB : Dynamic ARP inspection 151
StOFM COMO! sevseeneeee Sere ee 156
Private VLAN 158
LAB : PRIVATE VLAN 165
Vian ACL. W7
IPv6 First Hop security .. 179
IPv6 RA Guard 183
DHCPv6 Guard . 186
NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1
Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution
‘on Page 4NA.
ACCESS CONTROL LIST (ACL)
ACCESS CONTROL LIST (ACL) NGA,
» ACLisa set of rules which will alow or deny the specific traffic moving through the
router
> Itisa Layer 3 security which controls the flow of traffic from one router to another.
so called as Packet Filtering Firewall,
NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1
Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 5Types of Access-list MOA.
NA.
‘STANDARD ACCESS LIST EXTENDED ACCESS LIST
V. The access-list number range is1 99 1. The access-list number range is 100
199
Can block a Network, Host and Subnet 2. We can allow or deny @ Network,
All services are blocked. Host, Subnet and Service
Implemented closest to the destination. 3, Selected services can be blocked.
Filtering is done based on only source IP | 4. Implemented closest to the source.
address
5. Filtering is done based on source IP .
destination IP , protocol, port no
Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1
Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions..com Page 6Lab : standard access-list NEA
hd.
“TASK: Configure the Appropriate router as per the rules given
peel ney eee an artes
Berea cere eters
ps Poem ore pene eae
See
NOTE: the Above ACL rules should not affect the other communication
NA.
Router(config)# accesslist
(Studies in Reformed Theology) Hans Burger (Ed.), Arnold Huijgen (Ed.), Eric Peels (Ed.) - Sola Scriptura - Biblical and Theological Perspectives On Scripture, Authority, and Hermeneuti