Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Networks and Network Devices

Published byTobias Cook Modified over 8 years ago

Similar presentations

Presentation on theme: "Managing Networks and Network Devices"— Presentation transcript:

1 Managing Networks and Network Devices
S7C10 – Access Control Managing Networks and Network Devices

2 Access Policies Manage Network Devices User access via VLAN management
Physical Security Access Control to devices via data communications User access via VLAN management Access to servers and services Define traffic permitted in and out of switch block Define filtering to core block and between switch blocks

3 Three-Layer Hierarchical Cisco Model
Access Allows legitimate users into network Port security and passwords Distribution Layer 3 routing decisions; home of most access policy Ensures only necessary traffic gets to core Advertises correct routing and service information for core Core Little or no policy control Pass information as quickly as possible

4 Device Management Physical security Passwords Privilege levels
Establish configurations for access policies Provide proper physical environment Control direct access to devices Secure access to network links Passwords (out-of-band) Console, Auxiliary, (in-band) TFTP CiscoWorks 2000, VTY ports Login with password or login authentication Privilege levels Restrict virtual terminal and telnet access Session timeouts

5 Privilege Levels 0 disable, enable, exit, help, logout
Not included for levels greater than 0 1-15 define commands Privilege exec level 2 ping Privilege exec level show ip route

6 Virtual Terminal Access
5 VTY lines by default; more can be defined Access-class applies access lists HTTP Authentication can be enforced Ip http authentication [aaa|enable|local]

7 Access Layer Policy Port Security VLAN Management
Limit MAC addresses that are allowed to use switch Lockdown – MAC address different from configured address Not usually available for trunk ports Static – assigned Dynamic– first address seen on port Set port security 3/1 enable aab.bcc.dde.eff Port secure [max-mac-count 6] -- can range 1-132 VLAN Management Can move management vlan from VLAN 1

8 Distribution Layer Policy
Define user traffic between VLANs Define which routes are seen by core block Define which services will be advertised Control information with filters Standard and extended access lists Access-list, access-group, access-class, distributge-list In general, outbound list processes more efficiently than inbound list

9 Filtering Routing Update Traffic
Reduces size of routing table at core clock Presvents users from getting to networks that have not been advertised Prevents incorrect information from propagating Route summarization Distribution lists Which routes the distribution layer can advertise

10 Core Layer QoS Congestion management and avoidance Queuing
Minimize use of access lists

11 CWI A GUI alternative to the CLI and Simple Network
Management Protocol (SNMP) interfaces the CWI provides a real-time graphical representation of the switch and detailed information, such as port status, module status, type of chassis, and modules. Uses HTTP to download Catalyst CV from the server to the client. HTTP is the TCP/IP protocol that the World Wide Web uses to exchange HTML documents.

12 CWI The Catalyst® Web Interface (CWI) is a browser-based tool
Can use to configure the Catalyst 6000, 5000, and 4000 Family Switches. Consists of a graphical user interface (GUI) that runs on the client, Catalyst CV 5.0 (Catalyst version of CiscoView 5.0), and an HTTP server that runs on the switch.

Download ppt "Managing Networks and Network Devices"

Similar presentations

© 2003, Cisco Systems, Inc. All rights reserved..

© 2003, Cisco Systems, Inc. All rights reserved..
Mitigating Layer 2 Attacks

Mitigating Layer 2 Attacks
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implement VTP LAN Switching and Wireless – Chapter 4.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implement VTP LAN Switching and Wireless – Chapter 4.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
Virtual LANs.

Virtual LANs.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.

CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen

1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.
Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.

Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Troubleshooting the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Troubleshooting the Network Connecting Networks.
CCNA 2 v3.1 Module 2.

CCNA 2 v3.1 Module 2.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
Layer 2: Redundancy and High Availability Part 1: General Overview on Assignment 1.

Layer 2: Redundancy and High Availability Part 1: General Overview on Assignment 1.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.

Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
Routers A router is a computer Computers have four basic components:

Routers A router is a computer Computers have four basic components:

Similar presentations

Ads by Google