5 Ip Services Dhcp Acls Nat Snmp Syslog
-
Upload
fawad-hasan -
Category
Documents
-
view
31 -
download
2
description
Transcript of 5 Ip Services Dhcp Acls Nat Snmp Syslog
![Page 1: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/1.jpg)
1
![Page 2: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/2.jpg)
2
![Page 3: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/3.jpg)
Rick Graziani [email protected] 3
![Page 4: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/4.jpg)
Rick Graziani [email protected] 4
![Page 5: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/5.jpg)
BOOTP and DHCP differences
There are two primary differences between DHCP and BOOTP:
• DHCP defines mechanisms through which clients can be assigned an IP address for a finite lease period. – This lease period allows for reassignment of the IP address to another
client later, or for the client to get another assignment, if the client moves to another subnet.
– Clients may also renew leases and keep the same IP address. • DHCP provides the mechanism for a client to gather other IP configuration
parameters, such as WINS and domain name.
![Page 6: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/6.jpg)
Major DHCP features
![Page 7: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/7.jpg)
Dynamic Host Configuration Protocol (DHCP)
![Page 8: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/8.jpg)
Rick Graziani [email protected] 8
![Page 9: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/9.jpg)
DHCP Relay
• DHCP clients use IP broadcasts to find the DHCP server on the segment.
• What happens when the server and the client are not on the same segment and are separated by a router? – Routers do not forward these broadcasts.
• When possible, administrators should use the ip helper-address command to relay broadcast requests for these key UDP services.
![Page 10: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/10.jpg)
Using helper addresses
![Page 11: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/11.jpg)
Configuring IP helper addresses
To configure RTA e0, the interface that receives the Host A broadcasts, to relay DHCP broadcasts as a unicast to the DHCP server, use the following commands:
RTA(config)#interface e0RTA(config-if)#ip helper-address 172.24.1.9
Broadcast Unicast
![Page 12: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/12.jpg)
Configuring IP helper addresses
Helper address configuration that relays broadcasts to all servers on the segment.
RTA(config)#interface e0RTA(config-if)#ip helper-address 172.24.1.255But will RTA forward the broadcast?
Broadcast Unicast
![Page 13: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/13.jpg)
Configuring IP helper addresses
Helper address configuration that relays broadcasts to all servers on the segment.
RTA(config)#interface e0RTA(config-if)#ip helper-address 172.24.1.255RTA(config)#interface e3RTA(config-if)#ip directed-broadcast
L3 Broadcast L2 Broadcast
![Page 14: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/14.jpg)
![Page 15: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/15.jpg)
Configuring IP helper addresses
By default, the ip helper-address command forwards the eight UDPs services.
![Page 16: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/16.jpg)
Directed Broadcast
• Notice that the RTA interface e3, which connects to the server farm, is not configured with helper addresses.
• However, the output shows that for this interface, directed broadcast forwarding is disabled.
• This means that the router will not convert the logical broadcast 172.24.1.255 into a physical broadcast with a Layer 2 address of FF-FF-FF-FF-FF-FF.
• To allow all the nodes in the server farm to receive the broadcasts at Layer 2, e3 will need to be configured to forward directed broadcasts with the following command:
RTA(config)#interface e3RTA(config-if)#ip directed-broadcast
![Page 17: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/17.jpg)
ACCESS CONTROL LISTs
![Page 18: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/18.jpg)
![Page 19: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/19.jpg)
![Page 20: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/20.jpg)
![Page 21: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/21.jpg)
Standard ACL Extended ACL
Range : 1-99 Range : 100 -199
General Specific
Source Address only Source and Destination address
Applied close to destination Applied close to Source
Filters Complete Protocol Suite
Can filter one protocol out of complete protocol suite
![Page 22: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/22.jpg)
![Page 23: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/23.jpg)
![Page 24: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/24.jpg)
C#(config) access-list 10 deny 2.1.1.1 0.0.0.0C#(config) access-list 10 permit any
C#(config) int ser 1/0C#(config-if) ip access-group 10 in
![Page 25: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/25.jpg)
![Page 26: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/26.jpg)
B#(config) access-list 101 deny tcp 200.100.100.1 0.0.0.0 200.100.150.100 0.0.0.0 eq telnetB#(config) access-list 101 permit ip any any
B#(config) int ser 1/0B#(config-if) ip access-group 101 out
![Page 27: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/27.jpg)
Create a Named Standard ACL on R2 that should deny packets sourced by host 1.1.1.1and apply the list to fa 0/0
![Page 28: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/28.jpg)
![Page 29: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/29.jpg)
![Page 30: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/30.jpg)
![Page 31: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/31.jpg)
![Page 32: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/32.jpg)
![Page 33: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/33.jpg)
![Page 34: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/34.jpg)
R1# (config) int ser 1/0R1#(config-if) ip nat outsideR1#(config) int fa 0/0R1#(config-if) ip nat insideR1# (config) ip nat inside source static 192.168.1.5 12.1.1.3
![Page 35: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/35.jpg)
![Page 36: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/36.jpg)
![Page 37: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/37.jpg)
![Page 38: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/38.jpg)
R1 (config)# access-list 10 per host 192.168.1.5R1 (config)# access-list 10 per host 192.168.1.6R1 (config)# access-list 10 per host 192.168.1.7R1 (config)# access-list 10 per host 192.168.1.8R1 (config)# ip nat pool ABC 12.1.1.3 12.1.1.5 netmask 255.0.0.0R1 (config)# ip nat inside source list 10 pool ABC
R1(config)# int ser 1/0R1 (config-if)# ip nat outsideR1(config)# int fa 0/0R1 (config-if)# ip nat inside
R1(config)# Int fastethernet 0/0R1 (config-if)# ip address 192.168.1.6 255.255.255.0 secondaryR1 (config-if) # ip address 192.168.1.7 255.255.255.0 secondaryR1 (config-if) # ip address 192.168.1.8 255.255.255.0 secondary
![Page 39: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/39.jpg)
PORT ADDRESS TRANSLATION (PAT)OVERLOADING
![Page 40: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/40.jpg)
R1 (config)# access-list 10 per host 192.168.1.5R1 (config)# access-list 10 per host 192.168.1.6R1 (config)# access-list 10 per host 192.168.1.7R1 (config)# access-list 10 per host 192.168.1.8R1 (config)# ip nat pool ABC 12.1.1.3 12.1.1.3 netmask 255.0.0.0R1 (config)# ip nat inside source list 10 pool ABC overload
R1(config)# int ser 1/0R1 (config-if)# ip nat outsideR1(config)# int fa 0/0R1 (config-if)# ip nat inside
PORT ADDRESS TRANSLATION (PAT)OVERLOADING
![Page 41: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/41.jpg)
![Page 42: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/42.jpg)
![Page 43: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/43.jpg)
![Page 44: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/44.jpg)
![Page 45: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/45.jpg)
![Page 46: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/46.jpg)
![Page 47: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/47.jpg)
![Page 48: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/48.jpg)
![Page 49: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/49.jpg)
![Page 50: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/50.jpg)
![Page 51: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/51.jpg)
![Page 52: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/52.jpg)
![Page 53: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/53.jpg)
Network Management ToolsSyslog, SNMP & Netflow
![Page 54: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/54.jpg)
![Page 55: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/55.jpg)
• Syslog is a standard for logging program messages. It sends information to a Syslog server via either UDP or TCP port 514 (UDP is the default). It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them. It also provides devices which would otherwise be unable to communicate a means to notify administrators of problems or performance.
• SNMP is a set of protocols for managing complex networks. It utilizes UDP is a transport means. SNMP capable devices store information about themselves in Management Information Bases (MIBs) and return the data stored to the SNMP requestors.
![Page 56: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/56.jpg)
Router Logging
Configure the router to send log messages to:• Console: Console logging is used when modifying or
testing the router while it is connected to the console. Messages sent to the console are not stored by the router and, therefore, are not very valuable as security events.
• Terminal lines: Configure enabled EXEC sessions to receive log messages on any terminal lines. Similar to console logging, this type of logging is not stored by the router and, therefore, is only valuable to the user on that line.
![Page 57: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/57.jpg)
Implementing Router Logging
• Buffered logging: Store log messages in router memory. Log messages are stored for a time, but events are cleared whenever the router is rebooted.
• Syslog: Configure routers to forward log messages to an external syslog service. This service can reside on any number of servers, including Microsoft Windows and UNIX-based systems, or the Cisco Security MARS appliance.
Router Logging
![Page 58: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/58.jpg)
Syslog - Mechanism
• Syslog servers: Known as log hosts, these systems accept and process log messages from syslog clients.
• Syslog clients: Routers or other types of equipment that generate and forward log messages to syslog servers.
e0/010.2.1.1 e0/1
10.2.2.1e0/210.2.3.1
User 10.2.3.3
Public WebServer
10.2.2.3
MailServer
10.2.2.4
AdministratorServer
10.2.2.5
SyslogServer 10.2.3.2
Protected LAN10.2.3.0/24
DMZ LAN 10.2.2.0/24
Syslog Client
R3
![Page 59: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/59.jpg)
![Page 60: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/60.jpg)
![Page 61: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/61.jpg)
Configuring System Logging
R3(config)# logging 10.2.2.6R3(config)# logging trap informationalR3(config)# logging source-interface loopback 0R3(config)# logging on
1. Set the destination logging host2. Set the log severity (trap) level
3. Set the source interface4. Enable logging
Turn logging on and off using the logging buffered, logging monitor, and logging commands
![Page 62: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/62.jpg)
![Page 63: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/63.jpg)
SNMP ARCHITECTURE
![Page 64: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/64.jpg)
![Page 65: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/65.jpg)
![Page 66: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/66.jpg)
![Page 67: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/67.jpg)
![Page 68: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/68.jpg)
Capturing Running-Configurations & comparing using Ultra-Edit Software
![Page 69: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/69.jpg)
![Page 70: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/70.jpg)
-SNMP Net flowBoth gather statistics from network devices
Device Statistics ( e-g CPU usage, memory usage, interface errors etc). Primary focus is on collection of various statistics from components within network devices.
Traffic Statistics (collects information about IP traffic flowing through the device) - Only gathers traffic statistics.
Use PULL based model – NMS queries SNMP agents.
Use PUSH based model- devices send data to the collector.
Less granular More granularAvailable on all enterprise network devices
Available on routers and high end switches
![Page 71: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/71.jpg)
![Page 72: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/72.jpg)
![Page 73: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/73.jpg)
![Page 74: 5 Ip Services Dhcp Acls Nat Snmp Syslog](https://reader036.fdocuments.net/reader036/viewer/2022062310/577cc7661a28aba711a0d26c/html5/thumbnails/74.jpg)