Cisco AAA and how to get Locked Out

Cisco AAA is a very important security tool to restrict access to your network equipments to only those who are Network administrators. It is an important topic for CCIE Lab and in real life as well. The problem with Network Security is that sometimes due to human error, the network gets so secured that even the Network Administrator does not get access to the equipments. To make such a mistake is very easy because not many people know what exactly goes on after enabling AAA. In this blog, we will look into ways of enabling AAA and possible ways to get out of lock out if there was a proper exit strategy. Continue reading

Multicasting with GNS3 and Virtualbox

There were many times during my CCIE Lab preparation that I wanted to have an actual Multicast server to lab up multicasting but I had always been left with ping to test and troubleshoot multicasting. There were 2 problems to it. The first is that it is a dull and boring multicast source which can be easily switched from one router to the other which if you think, is not a good thing because multicast sources are servers which remain steady in one place. When you shift your multicast source, clarity is lost about where the source is and where the destinations could be. The second is that a receiver is simulated using an IGMP join group which again is a simulation and not an actual receiver. It could be useful in testing but not perfect. With the release of GNS3 with Virtualbox, we can simulate the whole Internet over it, if we wished (and obviously if we had resources for it). By using GNS3 and Virtualbox, we are going to send Multicast Traffic from multicast source to any multicast receiver who intends to listen to it. In this blog, we will see how to send and receive actual multicast traffic through a routed network. I could have just put a multicast source and receiver on the same router to show that multicasting works on GNS3 and Virtualbox but it wouldn’t help anyone of us gaining knowledge. So I decided to run multicasting on a 6 Router topology so that we could run multicast routing, pim sparse mode and maybe look into some issues which multicasting can give us. Continue reading

Say No to Cisco passwords

Folks from the networking Industry might be well aware of the limitations of Cisco Passwords generally called Type 7 passwords. What “service password encryption” (command to make clear text password into type 7 password) does is garble the password so that people who glance over your shoulder will not be able to make out the password. These passwords are also vulnerable if you store your configurations at a not so secure location or if you share your configuration with others for troubleshooting. The reason why many people are deceived by it is possibly because it says service password “encryption”. Anyone in IT knows that you encrypt data so that it is close to impossible to decrypt it except by the one for whom the data is meant. The other reason why people still use it is because they don’t care much about security and assume that nobody is malicious. Your equipments have passwords of every Admin which can easily be compromised but nobody cares.  There are softwares which decode these password.  There are even several websites which decrypt such passwords. The worst part of the tale is that you can use the Router itself to decrypt it. Continue reading