Assigning static/dynamic address for Debian

Tags

, , , ,

Open up /etc/network/interfaces with a text editor.

nano /etc/network/interfaces

 

Static

auto eth0
iface eth0 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1

 

Dynamic

auto eth0
 iface eth0 inet dhcp

 

After editing the configuration file. Save and exit the text editor.

Restart networking service.

service networking restart

 

or you can just ifdown and ifup the interface.

ifdown eth0
ifup eth0

DHCP on Cisco router

Tags

, ,

The following commands will create a pool of addresses.

  • network: 10.10.10.0/24
  • domain name: DOMAIN-NAME.LOCAL
  • dns server: 10.10.10.2, 10.10.10.3
  • default gateway: 10.10.10.1
  • least duration: 7 days
# conf t
# ip dhcp pool POOLNAME
# network 10.10.10.0 /24
# domain-name DOMAIN-NAME.LOCAL
# dns-server 10.10.10.2 10.10.10.3
# default router 10.10.10.1
# lease 7

 

We’ll then need to exclude the address that we’ve previously assigned statically.

The following line will exclude the addresses for the router and the dns servers.

# conf t
# ip dhcp excluded-address 10.10.10.1 10.10.10.3

Cisco – Voice Over IP

Tags

, , ,

 

Connect to the top router and enter the telephony service setup wizard.

# conf t
# telephony-service setup
# Set up DHCP?
# Y
#
# IP?
# 10.15.0.0
#
# netmask?
# 255.255.255.0
#
# TFTP?
# 10.15.0.1
#
# Default router?
# 10.15.0.1
#
# start telephony setup?
# Y
#
# Source IP?
# 10.15.0.1
#
# Port?
# default (2000)
#
# phone amount?
# 4
#
# dual lines?
# Y
#
# language?
# english
#
# call progress tone?
# default
#
# DID?
# N
#
# voice msg service?
# N
# 
# call forward timeout?
# 18
#
# change settings?
# no

 

After entering the configuration, plug in the IP phones into the switch port and they should be registered and able to call each other.

Once we got the local pod connectivity up, go throught the wizard for the bottom router with the adequate changes for the ip addresses.

Enter the following commands on the respective routers.

Top# conf t
 Top# dial-peer voice 6 voip
 Top# destination-pattern 50[0,1,2].
 Top# session target ipv4:10.19.0.1
 Top# codec g711ulaw
Btm# conf t
Btm# dial-peer voice 6 voip
Btm# destination-pattern 50[0,1,2].
Btm# session target ipv4:10.19.0.1
Btm# codec g711ulaw

 

We should be able to call across the routers now.

NTP on Cisco router

Tags

,

Basic configuration

IP address of server 10.10.10.1.

For the server.

# conf t
# ntp master 5

 

For the client.

# conf t
# ntp server 10.10.10.1

With authentication

CISCO is the authentication key encrypted in md5.
IP address of server 10.10.10.1.

For the server.

# conf t
# ntp master 5
# ntp authentication-key 1 md5 CISCO 1
# ntp authenticate

 

For the client.

# conf t
# ntp server 10.10.10.1
# ntp authentication-key 1 md5 CISCO 1
# ntp authenticate

Verifying synchronicity of the time

# show ntp associations
# show ntp status

Cisco Static Routing and Default Route

Tags

,

 

In order for network 8.8.7.0/24 and 8.8.9.0/24 to have connectivity, we need to create static routes on R1 and R2 so that R1 will know about the 8.8.9.0/24 network on R2 and R2 will know about the 8.8.7.0/24 on R1.

To create a static route, we use the command ip route on the global config mode. The command’s format is something like this.

# ip route (destination address) (destination subnet mask) (forwarding router's address)

 

For the scenario above.

R1# conf t
R1# ip route 8.8.9.0 255.255.255.0 8.8.8.2
R2# conf t
R2# ip route 8.8.7.0 255.255.255.0 8.8.8.1

 

To test.

R1# ping 8.8.9.1 source 8.8.7.1 R2# ping 8.8.7.1 source 8.8.9.1

 

To create a default route, simply set the destination address and subnet mask as 0.0.0.0.

R1# conf t
R1# ip route 0.0.0.0 0.0.0.0 8.8.9.2
R2# conf t
R2# ip route 0.0.0.0 0.0.0.0 8.8.8.1

Implementing zone-based firewall with DMZ using CCP

Tags

, , , ,

Implementing zone-based firewall using the CCP comes with alot of benefit such as the comfort of simplicity as compared to command line interface.

 

To begin, go to the Configure tab with the big gear icon on it. Expand the Security folder and click on Firewall and ACL. We should now be able see the Basic and Advanced firewall options. Select the Advanced Firewall and click Launch the selected task.

 

The Firewall Wizard should appear and you can read through the description and features of the advanced firewall. Click Next after reading.

Select the correct zones for the interface and click Next. If you want to access the CCP from outside the network, tick Allow secure Cisco CP access from outside interfaces.

 

Click Next after verifying the settings. If you did not tick Allow secure Cisco CP access from outside interfaces, you’ll be warned that access from outside will be denied after the firewall wizard’s completion. Click OK.

On this page, we’ll be able to add the services that we’re hosting in the DMZ zone that we want people from outside the network to connect to. In our case, we have a web server.

Click on Add and enter the ip address or the range of the web server. Select TCP/UDP and enter the service that we have. For web server, we’re going to add http and https.

 

 

Click Next after verifying the settings.

On the next page, we can select the level of security that we want to implement on the firewall.

For High Security

  • The router identifies inbound and outbound Instant Messaging and Peer-to-Peer traffic and drops it.
  • The router checks inbound and outbound HTTP traffic and e-mail traffic for protocol compliance, and drops noncompliant traffic.
  • Returns traffic for other TCP and UDP applications if the session was initiated inside the firewall.
  • Choose this option if you want to prevent use of these applications on the network.

For Medium Security

  • The router identifies inbound and outbound Instant Messaging and Peer-to-Peer traffic, and checks inbound and outbound HTTP traffic and e-mail traffic for protocol compliance.
  • Returns TCP and UDP traffic on sessions initiated inside the firewall.
  • Choose this option if you want to track use of these applications on the network.

For Low Security

  • The router does not identify application-specific traffic. Returns TCP and UDP traffic on sessions initiated inside the firewall.
  • Choose this option if you do not need to track use of these applications on the network.

Select the level of security according to your needs. For my case, I’m going to go with the medium level as I would like to monitor some of the application usage of the users inside the network.

Click on Preview Commands and verify the configurations that will be sent to the router.

Click Next.

Enter the IP address of the DNS Server and click Next.

Verify the summary and click Finish.

Tick Save running config. to device’s startup config to save the configuration to theNVRAM. Deliver.

Cisco Configuration Professional – Connecting to your router

Tags

, , ,

Cisco Configuration Professional(CCP) is the new device manager that will be replacing the old Security Device Manager(SDM).

Cisco Configuration Professional simplifies router, security, Unified Communications, wireless,WAN and basic LAN configuration through GUI-based easy-to-use wizards. The workflows in Cisco Configuration Professional help medium-sized business and enterprise customers and Cisco partners to quickly and easily deploy, configure, and monitor a Cisco router without requiring knowledge of the command-line interface (CLI).

To connect to the router, we’ll have to turn on http and https server on the router. We’ll also have to enable telnet and ssh login with a user account with maximum privilege.

# conf t
# ip http server
# ip http secure-server
# ip http authentication local
# username admin privilege 15 secret cisco
#
# line vty 0 4
# privilege level 15
# login local
# transport input telnet
# transport input telnet ssh

 

Make sure that the interface that is connected to the PC has an IP address configured.

# ip address 8.8.1.1 255.255.255.0
# no shut

 

Once the router is configured, load up the CCP on the PC. If no community member was configured, the Manage Devices setup should pop up and prompt you for the device’s information.

Enter the IP address that we’ve configured on the router with the username and password. Ticking Connect Securely will utilise SSH for the connection while not ticking it will use the less secure TELNET.

 

Once the OK is pressed, it should auto discover the router and indicate the success of the discovery. If the auto discovery did not occur, click on the discover button located at the bottom of the GUI to initiate it.

 

Once the device is discovered, we can begin to configure the device using the handy dandy GUI of the CCP.

Linksys Cisco wireless access point and adapter(2) – Security

Tags

, , , , , , , , , ,

Previously, I did a basic configuration to connect a client wirelessly to the network using a Cisco access point.

Now, I’ll be attempting to try out various authentication methods as well as using a Windows Server 2008 R2 to provide the ip addresses using DHCP.

Below is the topology of my network.

 

Wired Equivalent Privacy (WEP)

WEP is the most unsecured among all of the available methods for securing the wireless connection. It has been demonstrated to be unsecured as compared to the newer standards such as the WPA.

To set up WEP on the Access point, all we have to do is to go to the Wireless tab then go to the Wireless Security sub tab and select WEP for the Security Mode. Select 104 / 128-bit for better encryption. Enter the Passphrase, I’ll be using Fishcake for mine. The passphrase will be used to generate keys which will be used to connect to the AP. Click on generate and then Save Settings.

 

Input the generated key into the Security key prompt.

 

Wifi Protected Access/2 (WPA/WPA2)

The WPA was defined in response to serious weaknesses researchers had found in the previous system, WEP (Wired Equivalent Privacy). WPA provides.

WPA2 was then introduced in 2004 to provide an even more secure and complex solution.

Setting up WPA or WPA2 is very similar. First, go to the Wireless tab then go to the Wireless Security sub tab and select PSK Personal/PSK Personal 2 for the Security Mode.

Select the encryption method, I’m going to use TKIP or AES.

Insert the desired Pre-shared Key, I’ll be using Fishcake as my PSK. The pre-shared key will have to be used on the client later on for the authentication.

For key renewal, I’m going to leave it as the default(3600 seconds).

 

On the client PC, click on the network icon on the task bar and connect to the AP. The prompt for the PSK should pop up. Enter the PSK that we’ve configured on the AP, Fishcake in my case.

 

RADIUS

To configure your AP to do RADIUS authentication for the wireless clients, go to the Wireless tab then go to the Wireless Security sub tab and select WPA Enterprise for the Security Mode.

Select TKIP as for the encryption method.

Enter the IP address for the RADIUS server and the shared key. Leave the RADIUS port and Key Renewal as default.

 

Go to the RADIUS server and create a RADIUS client. Enter the Friendly name and the IP address of the wireless AP. Enter the Shared Secret, enter what you’ve entered for the shared key on the wireless AP.

 

Create the network policy using the NPS wizard. Click on NPS (local) on the side bar. Select RADIUS server for 802.1X Wireless or Wired Connections and then click on Configure 802.1X.

 

Select Secure Wireless Connections and click Next.

Select the RADIUS client that we’ve just created and click Next.

Select Microsoft: Protected EAT (PEAP) and click on Configure. I’ve previously obtained a self signed certificate from the local Certificate Authority. Select the server certificate and click OK.

 

Add the user group that will be used to authenticate the wireless connection. Click Next.

Click Next then Finish.

On the client, go to Control Panel and open up Network and Sharing Center. Select Manage wireless networks and click Add.

Select Manually create a network profile.

Enter the SSID into the Network name text box. Select WPA-Enterprise for the Security type and TKIP for the Encryption type.

Untick Connect automatically when this network is in range. This should be ticked after the connection is tested to be working.

 

Click Next then Change connection settings.

Go to the Security tab and make sure that the Security type and Encryption type is WPA-Enterprise and TKIP.

 

Select Microsoft: Protected EAP (PEAP) for the authentication method and select Settings.

Make sure that Validate server certificate, connect to these servers: and the root CA is ticked. The RADIUS server’s FQDN should be filled in the Connect to these servers: text box.

Ensure that Secured password (EAP-MSCHAP v2) is selected and click Configure. Untick Automatically use my Windows Logon name and password. Click OK, then OK.

 

Untick Remember my credentials for this connection each time i’m logged on.

Click on Advanced settings. Tick Specify authentication mode and select user authentication. Click OK.

Click OK.

Click on the network icon on the task bar and connect to the AP. The prompt for the username and password should pop up. Enter the allowed username and password and it should connect to the wireless AP.

 

 

 

 

 

Linksys Cisco wireless access point and adapter

Tags

, , , , ,

For this setup, I’m using the Linksys WRT300N and Linksys WUSB54GS.

 

First, we will set up the wireless router.

Power it up and connect a ethernet to the access port on the wireless router.

We should receive a ip address via DHCP.

Use the given default gateway address(this is the ip address of the wireless router) to access the wireless router using a web browser.

Use admin for both the username and password for the login. Different product or manufacturer could have different username and password, check the product manual for more information.

Once you’ve logged in, you should be greeted by a GUI that looks like the following image.

 

Setting up the IP addresses and DNS addresses should be pretty straight forward. I’ve used 11.11.11.1 address for my router and configured my DHCP to distribute addresses from 11.11.11.100 to 159 (50 users). DNS: 11.11.11.2.

After setting up the basic IP address settings, we should set the SSID so that we can differenciate our access point from the others. Go to the Wireless Tab which is located at the top of the page.

Under Basic Wireless Settings, change the Network Name(SSID): to the desired name that you want to be. Remember to save the settings after doing the configurations.

 

For the client, all we have to do is to click the network icon on the task bar and connect to the access point.

 

Verify that the client had received an IP address from the router. Open Command Prompt and do an ipconfig /all.

 

The above configurations are the bare minimum to set up a wireless connection and provide absolutely no security or whatsoever.