Hour 305: Dynamic ACL and security through obscurity

I’m not studying for the security track but quite a few security features are in the CCIE R&S exam. Today, I will be demonstrating how to secure a WAN edge router by using a combination of SSH port security and dynamic ACL’s (lock in key). This feature will add some additional security through obscurity.

This will the topology for this example:


Let’s first start by configuring basic SSH on the router. Continue reading

Hour 192: Cisco Order of Operations

The order of operations in IOS is one of the most important topic an engineer can learn.  You can spend countless hours trying to figure out the solution to a problem involving NAT, routing, ACL, QoS and IPSEC if you don’t understand in what order flows get processed within the Cisco IOS. For example if you are doing NAT on a device, and you want to route traffic going through NAT, will you use the inside or outside NAT IP address?

The answer is: it depends. Order of operation will vary depending if the traffic is going from the inside-to-outside interface or from outside-to-inside interface. It will also vary if it’s from an inbound interface to an outbound interface. Let’s look at the official release from Cisco:

OrderOfOps Continue reading