My Grandmom passed on yesterday. She was 93 and she passed away painlessly. She lived a full life and she’s with her maker. Love you gran :*
After this , i got back on the CCIE bus and i finished Day -4 of the bootcamp. Again a very productive day. Here are the notes :
MANAGEMENT – PART 1
- Port filter service policy takes care of “early” drop of traffic to closed/ non listed ports. This ensures that the packets don’t have to go till the CPU to get dropped ( saves resources )
- Logging type class-maps match packets that are permitted / dropped.
- IP-options traffic is always sent to the control-plane( processor )
- Control Plane Protection
- host subinterface : Routing traffic destined to the router,etc
- Transit subinterrface : Non – terminating tunnels,etc
- CEF exception subinterface : ARP, L2 keepalives ,etc
- Ensure that during policing , we don’t misconfigure the “burst” value (I’ve done this before
) - Ensure that when configuring droppping traffic going to closed-ports, ensure that all the necessary ports that we need are open.
- FPM
- PHDF -> Protocol header definition file
- If we don’t load the PHDF files, we won’t have access to the protocol structures, we have to match using offsets from L2 , L3 start, etc
- Use nested policy maps judiciously
- Do not change the current directory that you are working on using the “CD” command ( ‘coz after reloading you always go back to the original directory. So for “load protocol” command, use the full path of thePHDF files.
MANAGEMENT – PART 2
- SNMP v3
- Additional security features compared to v1 and v2
- Version 1 , communities, ACL’s
- Version 2 has views as a security feature
- v3 adds the different security levels.
- noAuthnoPriv
- AuthNoPriv
- AuthPriv
- SNMP v3 has groups defined. Individual users within a group have different credentials
- Sample config
- access-list 99 permit 10.0.0.100
- snmp-server view NORMVW iso included
- snmp-server view RESTVW ifENTR.*.3 included
- snmp-server group NORMGRP v3 priv read NORMVW write NORMVW
- snmp-server user NORMUSER NORMGRP v3 auth sha CISCO priv des56 CISCO
- For the write and notify views, without a view configured, we can’t access the views (unlike the “read” view which is read everything by default )
- Notify view gets autogen after the “snmp-server host” command
- Note : the user information doesn’t come up in the “sh run “
- RMON
- custom Log, trap intries based on SNMP values
- Under the “Technologies” section of the DocCD
- FLEXIBLE NETFLOW
- flow monitor TEST
- statistics packet protocol
- statistics packet size
- record netflow ipv4 protocol-port-tos
- int fa 0/1
- ip flow monitor TEST output
- This is more granular than the old netflow ( Read more )
- IP ACCOUNTING
- int fa 0/1
- ip accounting output-packets
- ASA CAPTURE
- Can look at traffic real-time
- check what the order of the flow-capture events are
IPS
- Ensure that SPAN /RSPAN is configured on the switches correctly.
- Ensure that the RSPAN VLAN is allowed in the trunk between the swxs
- In Inline VLAN pairs, you don’t have to configure SPAN.
- Ensure that the traffic flow the IPS to the AAA server is allowed. ( HTTPS ACCESS )
- Ensure that if the management network is translated, then permit that translated address in the IPS
IOS IPS
- We use the 5.x signature formats
- Even if the -package is present locally, don’t forget to copy it onto IDCONF
- And remember to setup the key information prior to copying the pacage to the IDCONF
- The ASA IPS configuration is not on the blueprint
One more day to go! 
Cheers,
TacACK
