The ASA 5500 and 5500-X series firewall can work as DHCP relay agent which means that it receives DHCP requests from clients on one interface and forwards the requests to a DHCP server on another interface. Usually the DHCP server is located in the same layer 3 subnet with its clients. There are situations however […]
How to configure a Cisco Layer 3 Switch-InterVLAN Routing Without Router
UPDATED: 2020 – Cisco Catalyst switches equipped with the Enhanced Multilayer Image (EMI) can work as Layer 3 devices with full routing capabilities. For example, some switch models that support layer 3 routing are the 3550, 3750, 3560 etc. On a Layer3-capable switch, the port interfaces work as Layer 2 access ports by default, but you […]
Permitting Traffic to Enter and Exit the Same Interface on Cisco ASA
With the older Cisco PIX firewall appliances, there was no way for traffic to enter a specific interface and then exit back from the same interface again. With the new Cisco ASA models, this is also not supported by default, but you can enable this functionality with the same-security-traffic permit intra-interface command. The schematic above […]
Cisco ASA Policy Based Routing (PBR) Configuration
Policy Based Routing (PBR) is a feature that has been supported on Cisco Routers for ages. However, Cisco ASA firewalls didn’t support this until version 9.4.1 and later. Finally Cisco acknowledged the usefulness of PBR on firewall devices and has implemented this on ASA as well. In this article I will show you how to […]
Configuring NAT on Cisco Routers Step-by-Step (PAT, Static NAT, Port Redirection)
The depletion of the public IPv4 address space has forced the internet community to think about alternative ways of addressing networked hosts. Network Address Translation (NAT) therefore was introduced to overcome these addressing problems that occurred with the rapid expansion of the Internet. Even if NAT was suggested as a temporary solution, it has been […]
How to Disable Telnet and Enable SSH on Cisco Devices
I should have written this article from the very beginning of starting this blog because it is one of the most fundamental configuration steps for managing a Cisco networking device (router, switch, firewall etc). Disabling Telnet and enabling SSH on a networking device is also a step forward in increasing security in the whole network. […]
IP Telephony and VoIP Tutorial
Although this is a Cisco networks dedicated blog, I decided to start a series of tutorial posts about a general technology which is not directly related to Cisco but it is a field in which Cisco is again a major player. This is IP Telephony and Voice over IP (VoIP). Image Source The two terms, […]
HSRP Vs VRRP Vs GLBP Redundancy Protocols
In this article we will discuss the similarities and differences between the 3 “First Hop Redundancy” protocols supported by Cisco devices. These are Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing Protocol (GLBP). The main purpose of the above protocols is to provide redundancy to the default gateway (router […]
Cisco Networking Tutorials for Beginners and Experts
My name is Harris Andrea and I would like to extend a warm welcome to you. About me in a few words. Let me tell you a story. When I was in my last year in University (in the late 90’s) I had to take some courses around TCP/IP and computer networking. That was the […]
How I Use NMAP in Penetration Testing Engagements
As a network security engineer, among tens of other tasks, I run also security assessment and penetration testing projects. One of the most popular and widely used network scanning tool is NMAP. This is one of the tools that I use at the beginning of a penetration testing engagement and helps tremendously in identifying targets, […]
KRACK WiFi Vulnerability – WPA2 has been breached
On October 16, 2017 a serious security vulnerability has been published by researchers from KU Leuven, a university in Belgium. This has to do with WPA2 protection in WiFi networks, which is the modern security standard considered to be very safe so far. This vulnerability has to do with the WPA2 technology itself and is […]
How to Block Access to Websites with a Cisco ASA Firewall (with FQDN)
In this article I will show you how to deny access to specific websites (domain names) with a normal Cisco ASA firewall. This works on either the older 5500 models or the new 5500-X series devices. The only pre-requisite for the firewall is to run software version 8.4.2 and later. Also, you don’t need to […]
How to Scan your Network for MS17-010 SMB Eternalblue Vulnerability
Last week the whole world, and especially the information security community, has been buzzing around the massive ransomware attacks that infected thousands of computers in hundreds of countries. But how did all started? Many of you know the story, but let’s summarize it once again: NSA had developed some secret exploits that took advantage of […]