到现在为止学习CISCO已经一年了 ,在这一年里每天接触cisco,学习cisco让我慢慢的变的有自信 让我慢慢的觉得我不是那么笨 在这一年中有坚持也有放弃 庆幸的是我最后还是顺着自己的心走了 坚持下来了 学习cisco不是为了找工作 而是我的一个爱好和兴趣 也是我的梦想。现在每天不看cisco就好像是少了什么一样。现在在学习linux 比我想象中的难多了 就有点害怕脚本了 。好好练吧 想学cisco一样去学它 相信自己一定能学会它 加油。

- CEO
- 罗卓克 [7]
- 公司类型
- 外商独资
- 外文名称
- Cisco Systems
- 执行主席
- 约翰·钱伯斯
- 成立时间
- 1984年12月
- 年营业额
- 480亿美元(2018年) [5]
- 总部地点
- 美国加利福尼亚州圣何塞
- 经营范围
- 互联网解决方案,设备和软件产品
- 代 号
- Cisco Systems,Inc.
- 官 网
- http://www.cisco.com/
- 公司名称
- 思科系统公司
- 员工数
- 74200(2019年) [6]
- 简 称
- 思科公司或思科
-
CISCO
2010-12-17 16:23:02到现在为止学习CISCO已经一年了 ,在这一年里每天接触cisco,学习cisco让我慢慢的变的有自信 让我慢慢的觉得我不是那么笨 在这一年中有坚持也有放弃 庆幸的是我最后还是顺着自己的心走了 坚持下来了 学习cisco不是...转载于:https://blog.51cto.com/ghnhl/458266
-
Cisco安装包
2018-12-22 14:49:17Cisco模拟器软件,该软件可以用来学习计算机网络的 相关知识 -
英文 热备份Cisco CCNA,CCNA最新版本Cisco HSRP
2019-01-06 01:30:57热备份Cisco CCNA,CCNA最新版本Cisco HSRP 热备份Cisco CCNA,CCNA最新版本Cisco HSRP 热备份Cisco CCNA,CCNA最新版本Cisco HSRP 热备份Cisco CCNA,CCNA最新版本Cisco HSRP -
CISCO配置工具
2018-11-08 16:14:48cisco专用配置工具,解压后安装,必需先安装jav最新版,安装完运行输入cisco路由地址,接入后即可管理配置cisco,很方便。 -
CISCO Network
2018-11-29 16:05:09CCENT cisco certified entry network technician CCNA cisco certified network associate CCDA cisco certified design associate CCNP cisco certified nertwork professional CCDP cisco certified design profe...CCENT cisco certified entry network technician
CCNA cisco certified network associate
CCDA cisco certified design associate
CCNP cisco certified nertwork professional
CCDP cisco certified design professional
CCIP cisco certified internetwork professional
CCVP cisco certified voice professional = CCNP voice
CCSP cisco certified security professional
CCIE cisco certified internetwork expert
CCIE -> CCNP-> CCNA,CCENTGBIC Gigabit Interface Converter }
SFP Small Form-factor Pluggable }
PON passive optical network
GPON Gigabit-Capable Passive Optical Network)MIB management information base
RPS redundancy power system
VTP VLAN Trunking Protocol)
DTP dynamic trunk protocol}
ISL cisco inter-switch link protocol
DISL dynamic isl protocol
ISL inter satellite link
LANE lan emulation
VTY Virtual Teletype Terminal)
CDP Cisco DiscoveryProtocol
CCA Clear Channel AssessmentLDAP lightweight directory access protocol
RADIUS Remote Authentication Dial In User Service
CSMA/CA Carrier Sense Multiple Access with Collision Avoidance
CSMA/CD /CA /BA /CP
RTS ready to send)请求发送
CTS Clear to send
SNR signal noise ratio
EIRP Effective isotropic radiated power/equivalent isotropicradiated power
DSSS spread spectrum
LLC Logical Link Control
MAC media access control
TKIP Temporal Key Integrity Protocol
WEP wired equivalent privacy
IPS Intrusion Prevention System
EAP enterprise application platform
PSK pre-shared keY
MIC messages integrity check
CBC Cipher-block chaining
CBC Cell Broadcast Centre
CCMP Counter CBC-MAC Protocol
AAA authentication,authorization,accounting
BSA Basic Service Area
IBSS Independent Basic Service Set
ESS Extended Service Set
ESA enterprise service architechure
WZC Wireless Zero Config(WZC)
WMM wifi muti media
LEAP Cisco开发了一种名为轻量级EAP(LEAP或EAP-Cisco)
FHSS Frequency-Hopping Spread Spectrum 跳频技术 ()
SDM security device managerSLA Service-Level Agreement
KVM kernel-based virtual machine
NUMA non-uniform memmery access
SMP symmetric multi processing
SU/DSU 属于DCE(Data Communication Equipment,数据通信设备)
CSU Channel Service Unit,通道服务单元)
DSU DIgital Services Unit数据业务单元()
CATV Community Antenna Television
CPE Customer Premise Equipment 客户终端设备/用户驻地设备PSTN public switched telephone network
FR frame relay
ESD electro-static discharge
OTP one-time password
FCS frame check serial
PDU protocol data unit
IANA the internet assigned numbers authority
ICANN inernet corporation for assigned names and numbers
CIDR classless inter-domain routing
IETF the internet engineering task force
MTU maximum transmission unit
RTT round-trip time
SRTT smooth round-trip time
P-Bank Physical Bank
ICMP Internet Control Message Protocol)
SOF Start-of-Frame
UTP Unshilded Twisted Pair)
STP Shielded Twisted Pair)
RJ register jack
VLSM variable length subnet mask
DUAL diffusing update algorithm
IPX internetwork packet exchange protocolISAKMP internet密钥交换协议
IKE internet key exchange
RIP routing information protocol
EIGRP enhanced internal gateway routing protocol
enhanced interiorgateway routing protocol
OSPF open shortest path first
IGP interior gateway protocol
AS autonomous system
CLNS connectionless network service
XAUTH
OAUTH open authorization
GRE generic routing encapsulation
DRP disaster recovery planning
SDF standard delay format/special data format
three times handshake;three-way handshake
SYN Synchronize Sequence Numbers
ACK Ackowledgement
CWS crowded window sizeDVRP distance-vector routing protocol
LSRP link-state routing protocol
LSA link-state advitisement
BGP Border Gateway Protocol, BGP
IS-IS Intermediate system to intermediate system
CAM Context Addressable Memory
EIA electronic industry association
EMI electro magnito interference
RFI radio frequency interference
positive voltage = true voltage
NSAP network service access point
POST power on self test
TACACS terminal access controller access-control system
TDR time domain reflectometerDAS Decentralized autonomous society, DAS
Dapp Decentralized applications, Dapp
FPGA Field Programmable Gate Array
ASIC application specific integrated circuitMSB most significant bit
LSB least significant bit
DTE data terminal equipment
DCE date communication equipment
LAPF Link Access Procedure for Frame mode services
CO central office 中央局 / centrax office
DSLAM digital subscriber line access mutiplexer
DBS database systemDSL digital subscriber line
ADSL asymchronous digital subscriber line
CDSL consumer dsl
VDSL very-high-bit-rate dsl
SDSL sychronous dsl
HDSL high-speed dsl
IDSL isdn dsl
G.shdsl group. Single-pair High-speed Digital Subscriber LinePBE Private Branch Exchange
RSVP Resource Reservation Protocol
LCP link control protocol
NCP network control protol
PVC Permanent Virtual Circuit
SVC Switching Virtual Circuit
DLCI Data Link Connection Identifier
AD administrative distance
WCCP Web Cache Communication Protocol
SNAP sub net access protocol
FreeBSDPoS proof of stake
Pow proof of work
ICOs Initial Coin Offerings)
dBTF
共识机制
dBFT算法在实用拜占庭容错共识(PBFTSIMD Single Instruction Multiple Data
SSE Streaming SIMD Extensions
tera peta exa bronto
MIT Massachusetts Institute of Technology
GCC GNU C Compiler(gcc)
FSF Free Software Foundation
GNU GNU’s Not Unix
AL Assembly language
POSIX Portable Operating System Interface可携式操作系统接口()
LSB Linux Standard Base (LSB)
FHS Filesystem Hierarchy Standard (FHS)IPC$ Internet Process Connection)
TLDP The Linux Documentation Project
PS/2 Personal System 2
GNU GRUB(GRand Unified Bootloader简称“GRUB”)
UTC Coordinated Universal TimeACPI Advanced Configuration and Power Interface)
I node Index node
USR /usr 是 Unix Software Resource
BPDU Bridge Protocol Data Unit
RMON Remote Network Monitoring
SMB server message block
VMPS VLAN Management Policy Server,VMPS
PRI Primary Rate InterfaceSAID Security Association Identifier (Cisco) 安全协会的标识符(思
科)
SAID Service Agreement ID 服务协议的ID
BCR 超额认购率(Bid-to-cover ratio
PVST Per-VLAN Spanning Tree
RSTP rapid stp
PVRST per-vlan rapid stp
MSTP multi stp
VID vlan idEAP Extensible Authentication Protocol的缩写,
EAPOL EAP OVER LAN )
TR token ring
NSSA no-so-stubby area
ABR Area Border Router / Associativity-Based Routing(ABR)
ASBR autonumous system border router
DR designated router
BDR backup designated router
MD5 Message Digest Algorithm
RSAT Remote Server Administration Tools
yum Yellow dog Updater, Modified
RPM RedHat Package Manager
PDM protocol dependent modules
RTO retransport time out
AD advertisement distance
FD feasible distance
SIA Stuck-in-Active路由器太忙无法回答查询,这通常是路由cpu的使用率过高,或者趾器的内存不够,无法分配用于处理查询或追寻应答分组所需的内存
RTP Reliable Transport Protocol RTP
FSM finite-state machine DUAL FSM
FC Feasibility Condition,FC
Loop-Free Route
Unequal Cost Path Load Balancing
SMF single mode fiber, yellow
MMF multi mode fiber, green\oringe
RPC Remote Procedure Call Protocol
CAR Committed Access RateWell known ports/Registered ports/Dynamic and|or pravate ports
PME Photomagneto Electric Effect
PME Properties-Method-Eventip http authentication local
ip http timeout-policy 600 life 86400 requests 10000 -
Cisco ASDM 7.10.1
2018-12-07 14:56:00Cisco ASDM 7.10.1,Cisco Adaptive Security Device Manager for ASA 9.1, 9.2, 9.4, 9.6, 9.7, 9.8, and 9.9.and 9.10 Release Date: 25-Oct-2018,32.56 MB,MD5: aca8af8e44e127b88b0ad6bc812ee4a9 -
Cisco Packet Tracer 实验教程
2017-04-20 11:02:54Cisco Packet Tracer 实验教程 本笔记的实验来源是上学校计算机网路课程时的实验资料,我稍微整理了一些,在实现后的命令行添加了一些注释,实现不是唯一的,我的实现也不一定是最优的,如果有错谬,敬请指正...Cisco Packet Tracer 实验教程
本笔记的实验来源是上学校计算机网路课程时的实验资料,我稍微整理了一些,在实现后的命令行添加了一些注释,实现不是唯一的,我的实现也不一定是最优的,如果有错谬,敬请指正;
以下条目直接链接到我的为知笔记的外链,方便及时修改错误;
01. 开篇:组建小型局域网
02. 交换机的基本配置和管理
03. 交换机的Telnet远程登陆配置
04. 交换机的端口聚合配置
05. 交换机划分Vlan配置
06. 三层交换机实现VLAN间路由
07. 快速生成树协议
09. 路由器单臂路由配置
10. 路由器静态路由配置
11. 路由器RIP动态路由配置
12. 路由器OSPF动态路由配置
13. 路由器综合路由配置
14. 标准IP访问控制列表配置
15. 扩展IP访问控制列表配置
16. 网络地址转换NAT配置
17. 网络端口地址转换NAPT配置
-
cisco 路由器镜像
2018-10-07 21:43:46cisco镜像文件,路由器镜像。版本为15.4.1T,可以传入iou或者使用gns3进行路由器模拟。 -
cisco ASA
2016-05-17 18:06:56cisco ASA第一天:防火墙概述与初始化
第1部分:防火墙技术介绍
什么是防火墙?
防火墙是一个连接两个或多个网络区域,
并且基于策略限制区域间流量的设备。
防火墙的四种类型
·Stateless packet filtering(无状态包过滤)
·Stateful packet filtering (状态监控包过滤)
·Stateful packet filtering with Application Inspection and Control
(运用层监控和控制的状态包过滤)
·Proxy server(代理服务器)
什么是DMZ?
·Demilitarized Zone (非军事化区域)
·主要用于连接服务器和VPN设备
第2部分:Cisco ASA特性介绍
·基本网络访问控制特性
·高级网络访问控制特性
·远程访问和站点到站点VPN特性
·远程整合特性
·管理特性
第3部分:Cisco ASA产品线
ASA5500系列
Cisco ASA 5510、5520、and 5540
ASA5512X系列
ASA可以使用Security Services Module (SSM) 扩张功能和特性,
SSM能够安装在5510,5520和5540。
ASA 5550
第4部分:初始化ASA
Cisco ASDM 网管
ASA#write erase /清空Startup Configuration
ASA(config)#clear config all / 清空Running Configuration
ASA#reload /重启ASA
配置接口
interface Ethernet 0/1
nameif Inside
ip address 10.10.1.10 255.255.255.0
no shutdown
开启ASDM网管
开启HTTP服务器:
http server enable
允许源自于10.1.1.0/24网络,对Inside接口的HTTPS网管:
http 10.1.1.0 255.255.255.0 inside
指定ASDM文件(可选项):
asdm image flash:/asdm-645-204.bin
HTTPS登录界面
打开IE:
https://10.1.1.10/
Enter
配置主机名
ciscoasa(config)#hostname ASAFW
配置ethernet 0/0
ASAFW(config)#interface ethernet 0/0
ASAFW(config-if)#ip address 202.100.1.10 255.255.255.0
ASAFW(config-if)#nameif Outside
ASAFW(config-if)#no shutdown
配置ethernet 0/1
1.打开物理接口
ASAFW(config-if)#interface ethernet 0/1
ASAFW(config-if)#no shutdown
2.创建子接口“e0/1.3”并且启用VLAN封装
ASAFW(config)#interface e0/1.3
ASAFW(config-subif)#vlan 3
ASAFW(config-subif)#nameif Inside
ASAFW(config-subif)#ip address 10.1.1.10 255.255.255.0
3.创建子接口“e0/1.4”并且启用VLAN封装
ASAFW(config)#interface e0/1.4
ASAFW(config-subif)#vlan 4
ASAFW(config-subif)#nameif DMZ
ASAFW(config-subif)#security-level 50
ASAFW(config-subif)#ip address 192.168.1.10 255.255.255.0
相同安全级别的接口之间的通讯:
具体命令:same-security-traffic permit inter-interface
同一接口内的通讯:
具体命令:same-security-traffic permit intra-interface
配置静态路由
默认路由:
ASAFW(config)#route outside 0 0 202.100.1.1
静态路由:
ASAFW(config)#route inside 2.2.2.2 255.255.255.255 10.1.1.1
关于动态路由
ASA支持
- RIP
- OSPF
- EIGRP
配置方式与IOS安全相同(重分布,路由过滤...)
ASA 8.0 所有掩码都为正掩码(ACL,路由宣告)
router ospf 1
network 192.168.1.0 255.255.255.0 area 0
第5部分:监控ASA
可以在任何位置使用 show run
show run+特定关键字=查看running配置
- show run interface
- show run nat
- show run tunnel-group
show run all +特定关键字=查看详细配置
- show run all tunnel-group
监控性能
show cpu usage
show memory
show perfmon
show version
查看路由表
show route
查看接口状态
show interface
查看接口IP与nameif
show interface ip brief
show nameif
查看连接状态信息
ASAFW#show conn
本地连接表
ASAFW#show local-host
管理与清除连接
从连接表中删除一个连接,中断这个连接(如果是TCP会话,其他的会话能够重新创建它们的连接对象)
ASAFW#clear conn [all] [protocol {tcp|udp}] [address src_ip[-src_ip][netmask mask]]
[port src_port[-src_port]] [address dest_ip[-dest_ip[-dest_ip]
[netmask mask]] [port dest_port[-dest_port]]
清除一个本地主机对象(并且摧毁它的所有的连接)
ASAFW#clear local-host [ip_address] [all]
第二天:系统管理与日志
第1部分:基本设备管理
配置主机名:
hostname Yeslab-ASA
配置域名:
dns server-group DefaultDNS
domain-name yeslab.net
配置Enable密码:
enable password cisco
在DMZ区域启用DNS解析:
dns domain-lookup DMZ
配置DNS服务器为 192.168.1.100:
dns server-group DefaultDNS
name-server 192.168.1.100
DNS测试
Yeslab-ASA#ping outrouter
Yeslab-ASA#ping outrouter.yeslab.com
配置时间
配置时区:
clock timezone GMT +8
配置时间:
clock set 03:10:25 oct 19 2012
配置NTP同步
配置NTP:
ntp authenticate
ntp authentication-key 1 md5 cisco
ntp trusted-key 1
ntp server 202.100.1.1 key 1 source Outside
NTP测试
Yeslab-ASA#show clock detail
Yeslab-ASA#show ntp status
配置ASA启动文件
配置ASA启动OS:
boot system disk0:/asa842-k8.bin
配置ASDM文件:
asdm image disk0:/asdm-645-206.bin
配置ASA启动配置文件:
boot config disk0:/boot.cfg
第2部分:管理事件和会话日志
激活ASA的日志功能:
logging enable
日志的不同输出目的
把严重级别为“Information”的日志输出到本地缓存:
logging buffered informational
把严重级别为“Information”的日志输出到日志服务器:
logging trap informational
把严重级别为“debugging”的日志输出到ASDM:
logging asdm debugging
Event-List 事件过滤技术
创建Event-List:
logging list Test level critical
logging list Test level informational class ospf
使用Event-List技术对输出到console口的日志进行过滤:
logging console Test
修改特定日志
禁用日志106001,并且修改严重级别到errors:
no logging message 106001
logging message 106001 level errors
定义日志服务器:
logging host Inside 10.1.1.100
查看logging配置与本地buffered日志
Yeslab-ASA#show logging
第3部分:基本排错工具介绍
Yeslab-ASA#ping 10.1.1.1
Packet Tracer实例(Outbound)
Yeslab-ASA#packet-tracer input inside tcp 10.1.1.1 1024 202.100.1.1 23
Yeslab-ASA#packet-tracer input outside icmp 202.100.1.1 8 0 10.1.1.1
在命令行中使用Packet Capture
Yeslab-ASA#capture test interface inside
Yeslab-ASA#no capture test interface inside
Yeslab-ASA#show capture test
第4部分:配置管理访问
配置带外网管口(CLI)
配置Inside接口为专用带外网管口:
interface Ethernet 0/1
nameif Inside
security-level 100
ip address 10.1.1.10 255.255.255.0
management-only
·注意management0/0 接口默认为专用带外网管口
启用Telnet网管
telnet 10.1.1.1 255.255.255.255 Inside
telnet 0 0 DMZ (DMZ所有主机都能Telnet)
·最低安全级别的接口不支持Telnet(例如Outside)
用本地用户认证的配置如下:
- username admin password cisco123 privilege 15
- aaa authentication telnet console LOCAL
启用SSH网管
hostname ASAFW
domain-name mingjiao.com
crypto key generate rsa
SSH 10.1.1.1 255.255.255.255 Inside
SSH 0 0 DMZ (DMZ所有主机都能够SSH)
·远程网管必须使用SSH,不能使用Telnet
用本地用户认证的配置如下:
- username localadmin password cisco privilege 15
- aaa authentication SSH console LOCAL
创建本地管理员账号:
ASA(config)#username yeslabadmin password cisco
ASA(config)#username yeslabadmin attributes
ASA(config-username)#service-type ?
username mode commands/options:
admin User is allowed access to the configuration prompt.
nas-prompt User is allowed access to the exec prompt.
remote-access User is allowed network access.
HTTPS网管
启用HTTPS网管:
http server enable
http 10.1.1.0 255.255.255.0 Outside
产生密钥(CLI)
crypto key generate rsa label asa.mingjiao.org modulus 1024
产生自签名证书(CLI)
crypto ca trustpoint Yeslab-ASDM-TrustPoint
enrollment self
subject-name CN=ASA.mingjiao.org
keypair asa.mingjiao.org
在特定接口上使用自签名证书(CLI)
ssl trust-point Yeslab-ASDM-TrustPoint Inside
SNMP基本配置与V3用户(CLI)
snmp-server group Authentication&Encryption v3 priv
snmp-server user yeslabuser Authentication&Encryption v3 auth md5 123 priv des 321
snmp-server location CYTD601
snmp-server contact MINGJIAO
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
snmp-server host DMZ 192.168.1.100 verion 3 yeslabuser
SNMP服务器(CLI)
snmp-server host Inside 10.1.1.1 version 3 yeslabuser
第5部分:认证管理访问
配置AAA Server Group (CLI)
aaa-server 3A protocol tacacs+
aaa-server 3A (DMZ) host 192.168.1.241
key cisco
配置SSH使用AAA认证(CLI)
aaa authentication ssh console 3A LOCAL
第三天:访问控制列表与穿越用户认证
第1部分:访问控制列表
基本ACL配置(CLI)
配置访问列表:
access-list Outside_access_in extended permit tcp 202.100.1.0 255.255.255.0 10.1.1.0 255.255.255.0 eq telnet
access-list Outside_access_in extended permti tcp 202.100.1.0 255.255.255.0 192.168.1.0 255.255.255.0 eq www
access-list Outside_access_in extended deny ip any any log notifications
调用访问控制列表到Outside接口入方向:
access-group Outside_access_in in interface Outside
Telnet测试
Outside#telnet 10.1.1.1
Trying 10.1.1.1 ...Open
User Access Verification
Password:
Inside>
Outside#telnet 192.168.1.1 80
配置Time-range(CLI)
time-range MingJiao-Time
periodic weekdays 9:00 to 18:00
配置基于时间的ACL(CLI)
access-list Outside_access_in extended permit tcp 202.100.1.0 255.255.255.0 10.1.1.0 255.255.255.0 eq ftp time-range MingJiao-Time
创建网络类型Object-Group(CLI)
object network Inside-Server1
host 10.1.1.1
object network Inside-Server2
host 10.1.1.2
object network Inside-Server3
host 10.1.1.3
object-group network Inside-Server
network-object object Inside-Server1
network-object object Inside-Server2
network-object object Inside-Server3
创建服务类型Object-Group(CLI)
object-group service Inside-Service
service-object icmp
service-object esp
service-object tcp destination eq ftp
service-object udp destination eq domain
配置ACL(CLI)
access-list Outside_access_in extended permit object-group object-group Inside-Service 202.100.1.0 255.255.255.0 object-group Inside-Server
注意:你可以同时配置全局访问控制规则和接口的访问规则,在这种情况下,
接口访问规则总是优先于全局访问规则处理。
配置:Global ACL(CLI)
access-list global_access extended permit icmp any any
access-list global_access extended permit tcp any any eq telent
access-group global_access global
测试Global ACL
Outside#telnet 10.1.1.1 (permit pass)
Outside#telnet 192.168.1.1 (permit pass)
Outside#ping 10.1.1.1 (permit pass)
Outside#ping 192.168.1.1 (permit pass)
配置接口ACL(ACL)
access-list Outside_access_in extended deny tcp any any eq telnet
access-group Outside_access_in in interface Outside
测试接口ACL优先
Outside#ping 10.1.1.1 (permit pass)
Outside#ping 192.168.1.1 (permit pass)
Outside#telnet 10.1.1.1 (deny no-pass)
启用uRPF(CLI)
ip verify reverse-path interface Outside
命令行配置Shunning
限制10.1.1.1 穿越防火墙:
Yeslab-ASA#shun 10.1.1.1
查看shun的状态:
Yeslab-ASA#show shun statistics
查看shun:
Yeslab-ASA#show shun
清除shun:
Yeslab-ASA#clear shun
第2部分:Cut Through
基于用户策略(CUT-Through Proxy)
实验一:穿越Telnet认证
初始化配置(1)
hostname Outside
!
no ip domain lookup
!
username cisco privilege 15 password 0 cisco
!
interface FastEthernet 0/0
ip address 202.100.1.1 255.255.255.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 202.100.1.10
!
ip http server
ip http authentication local
!
line vty 0 15
password cisco
---------------------------
hostname Inside
!
no ip domain lookup
!
interface FastEthernet 0/0
ip address 10.1.1.1 255.255.255.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 10.1.1.10
!
line vty 0 15
password cisco
初始化配置(2)
hostname ASA
!
interface Ethernet 0/0
nameif Outside
security-level 0
ip address 202.100.1.10 255.255.255.0
!
interface Ethernet 0/1
nameif Inside
security-level 100
ip address 10.1.1.10 255.255.255.0
!
interface Ethernet 0/2
nameif DMZ
security-level 50
ip address 192.168.1.10 255.255.255.0
!
http server enable
http 0.0.0.0 0.0.0.0 Inside
!
username admin password cisco privilege 15
aaa authentication http console LOCAL
配置3A服务器(CLI)
配置3A服务器:
aaa-server MingJiao-ACS protocol radius
aaa-server MingJiao-ACS (DMZ) host 192.168.1.241
key cisco
测试3A服务器:
ASA#test aaa authentication MingJiao-ACS
Server IP Address or name: 192.168.1.241
Username: acsuser
Password: *****
INFO:Attempting Authentication test to IP address <192.168.1.241>(timeout:12 seconds)
INFO:Authentication Successful
Cut-Through Proxy(CLI)
配置ACL匹配认证流量:
access-list Inside_authentication extended permit tcp 10.1.1.0 255.255.255.0 host 202.100.1.1 eq telnet
对进入Inside接口的匹配“Inside_authentication”的流量进行认证:
aaa authentication match Inside_authentication Inside MingJiao-ACS
测试Cut-Through Proxy
Inside#telnet 202.100.1.1
trying 202.100.1.1 ... Open
Username:acsuser
Passsword:
User Access Verification
Password:
Outside>q
[Connection to 202.100.1.1 closed by foreign host]
查看用户认证信息
ASA#show uauth
Cut-through 安全问题
·剩余时间地址欺骗
·多用户操作系统
查看默认超时时间
ASA#show run timeout
调整超时时间(CLI)
调整认证绝对超时时间为1个小时:
ASA(config)#timeout uauth 1:00:00 absolute
调整认证闲置超时时间为10分钟:
ASA(config)#timeout uauth 0:10:00 inactivity
查看调整后uauth
ASA(config)#show uauth
实验二:穿越HTTP认证
Cut-Through Proxy (CLI)
配置ACL匹配认证流量:
access-list Inside_authentication extended permit tcp 10.1.1.0 255.255.255.0 host 202.100.1.1 eq www
对进入Inside接口的匹配“Inside_authentication”的流量进行认证:
aaa authentication match Inside_authentication Inside MingJiao-ACS
修改提示信息(CLI)
修改Cut-Through Porxy提示信息:
auth-prompt prompt Welcome MingJiao
auth-prompt accept Accepted By MingJiao
auth-prompt reject Rejected By MingJiao
实验三:HTTP重定向
配置HTTP重定向(CLI)
aaa authentication listener http Inside port www redirect
实验四:Secure HTTP
配置Secure HTTP(CLI)
aaa authentication secure-http-client
实验五:虚拟HTTP
配置虚拟HTTP地址(CLI)
virtual http 202.100.1.101 warning
第四天:Modular Policy Framework
第五天:基于用户的MPF、高级访问控制和地址转换
第六天:透明墙与多模式防火墙
第七天:接口和网络冗余技术 FO -
Undocumented Cisco Commands (CISCO隐藏命令)
2010-09-21 10:32:01Undocumented Cisco Commands Undocumented Cisco Commands Undocumented Cisco Commands Undocumented Cisco Commands Undocumented Cisco Commands Undocumented Cisco Commands Undocumented Cisco Commands ... -
Cisco ASA5510 IOS
2015-09-10 13:49:01Cisco ASA5510 IOS镜像文件 -
Cisco FEX
2020-04-10 22:07:20Cisco Nexus 2000 FEX作为N5K、N6K、N7K、FI的一个远程线卡,单独的2K是没有网管功能的,必须配合父系交换机使用。 主要解决TOR和EOR的问题,TOR,接线简单,管理接入层设备比较麻烦,EOR,接线比较麻烦,管理... -
CISCO模拟一看就会教程Cisco_Packet_Tracer
2015-07-30 23:59:22CISCO模拟一看就会教程Cisco_Packet_Tracer 快速上手Cisco_Packet_Tracer模拟器 -
Cisco产品与硬件、Cisco设备管理
2018-05-10 23:00:13Cisco产品与硬件、Cisco设备管理一、Cisco产品与硬件1、Cisco产品体系(1)Cisco路由产品体系分支公司级一般指中小公司或分支公司的网管路由器Cisco 3900和Cisco 3800Cisco 2900和Cisco 2800WAN汇聚级一般指规模较大... -
Cisco 7200 IOS
2016-01-22 13:31:28Cisco 7200 IOS,方便大家下载。 -
cisco DHCP
2017-09-19 20:41:22在一些路由器配置中,我们通常会遇到DHCP的使用。那么今天我们就针对这方面的一些设置来进行一下讲解。下面我们就来看看在cisco dhcp client...Cisco IOS 12.0 T1以后可以配置为DHCP relay,cisco DHCP Client,DHCP Ser -
CISCO CIMC - Hardware Components vanished
2020-12-01 17:11:55<p>over the last days for most, but not all, CISCO UCS CIMC's the hardware inventory disappeared or sensors got deleted. I attach debugs from two similar servers were the inventory is still there ... -
Cisco ASA 5525 配置手册
2018-07-19 16:33:34Cisco ASA 5525 配置手册,Cisco ASA 5525 配置手册,Cisco ASA 5525 配置手册 -
思科(cisco)c7200 ios。适合学习CISCO交换机配置的朋友用。
2018-04-21 14:56:59思科(cisco)7200 ios。适合学习CISCO交换机配置的朋友用。 -
创建了Cisco账号,Cisco 软件却无法登录
2020-05-26 09:28:52明明注册完了思科账户,依旧无法使用软件,提示Sorry, we can’t find a NetAcad account associated with this Cisco account,怎么回事呢? 思科旗下还有一个网络学院,软件要求思科账户和网络学院的账户要绑定才... -
Cisco IP Phone下载地址.txt
2020-04-29 10:39:20cisco IP Phone。cisco IP Phone。cisco IP Phone。cisco IP Phone。cisco IP Phone。cisco IP Phone。cisco IP Phone。cisco IP Phone。 -
Cisco network assistant 适用的cisco 交换机类型
2010-11-30 15:49:05Cisco network assistant 适用的cisco 交换机类型 -
cisco ISE认证配置
2018-05-31 22:55:41cisco无线安全ISE,portal ISE 配置指南,学习Cisco 无线技术及无线产品必备知识,欢迎加扣扣群互相学习交流,474372394 群分享各种技术文档AP ios等资源。 -
Cisco Packet Tracer 6.0
2018-10-15 19:15:32Cisco Packet Tracer 6.0 一个模拟路由网络配置的软件 -
CISCO认证初级课程-网络技术入门-CCNA
2017-01-11 10:35:10CCNA(Cisco Certified Network Associate)认证是Cisco售后工程师认证体系的入门认证,也是Cisco各项认证中级别低的技术认证,通过CCNA认证可证明你已掌握网络的基本知识,并能初步安装、配置和操作Cisco路由器、... -
cisco pt 6.2
2015-08-10 15:59:01cisco pt 6.2 用于思科实验,练习使用。非常方便。 -
CISCO网络拓扑图标库
2019-03-15 11:05:48包含了CISCO大多数官方图标Visio版,由于文件过大一共分为三部分,本文件含有PPT超高清图片,文件名字如下:CISCO网络拓扑图标库-PPT、CISCO网络拓扑图标库-Visio-1、CISCO网络拓扑图标库-Visio-2 -
Cisco 华为 H3C命令对照
2020-10-03 19:47:37Cisco 华为 H3C命令对照Cisco 华为 H3C命令对照Cisco 华为 H3C命令对照Cisco 华为 H3C命令对照Cisco 华为 H3C命令对照Cisco 华为 H3C命令对照Cisco 华为 H3C命令对照Cisco 华为 H3C命令对照Cisco 华为 H3C命令对照... -
Cisco Works
2014-08-22 14:21:08CiscoWorks是一个Cisco产品,其帮助用户管理基于Cisco的网络。CiscoWorks是一个基于网络大量发展在Java上的工具组。旧的版本较多地使用客户端Java;最近的版本使用更多HTML和改进的工具间的数据共享。CiscoWorks组有...
-
营销葵花宝典.txt
-
Xyplayer X3.9.3正式版.rar
-
牛牛量化策略交易
-
PPT大神之路高清教程
-
办理注册公司的流程是什么?
-
rust之内置复合类型
-
fluxweb结合Swagger出现的问题
-
二维码实例.zip下载
-
PowerBI重要外部工具详解
-
Web应用程序测试的工具selenium用法详解
-
【考研初试】安徽建筑大学703艺术设计理论考研真题库资料
-
注册商标需要什么条件呢?
-
360手机卫士模块结构图(wainshine制作)[1].jpeg
-
MySQL Router 实现高可用、负载均衡、读写分离
-
参数列表 是调用方给予方法的参数用于方法内的使用
-
【正点原子】I.MX6U 出厂系统Qt交叉编译环境搭建V1.4.pdf
-
社交运营数据挖掘.ppt
-
C++代码规范和Doxygen根据注释自动生成手册
-
朱老师C++课程第3部分-3.6智能指针与STL查漏补缺
-
基于Flink+Hudi构建企业亿级云上实时数据湖教程(PC、移动、小