1. The document describes configuring high availability routing between two firewalls (ASA1 and ASA2) using failover, and between two routers (MLS3 and R2) using HSRP.
2. It provides configuration examples for failover on the ASAs, HSRP on MLS3 and R2, PAT on the ASA and R2, and EIGRP routing between the ASA and MLS3.
3. It also specifies default gateways for different PCs to reach R1 via the active HSRP router.
Redistribution is necessary when routing protocols connect and must pass routes between the two.
Route Redistribution involves placing the routes learned from one routing domain, such as RIP, into
another routing domain, such as EIGRP.
While running a single routing protocol throughout your entire IP internetwork is desirable, multiprotocol routing is common for a number of reasons, such as company mergers, multiple departments
managed by multiple network administrators, and multi-vendor environments. Running different
routing protocols is often part of a network design.
A network consists of a collection of computers, printers and other compatible equipment/ hardware
that is connected together so that they can communicate with each other.
IP Address is a unique identification given to Host, network device, server for data communication. IP
Address stand for Internet Protocol address, it is an addressing scheme used to identify a system on a
network. It is a unique address that certain electronic devices currently use to communicate with each
other on a network using internet protocol.
Redistribution is necessary when routing protocols connect and must pass routes between the two.
Route Redistribution involves placing the routes learned from one routing domain, such as RIP, into
another routing domain, such as EIGRP.
While running a single routing protocol throughout your entire IP internetwork is desirable, multiprotocol routing is common for a number of reasons, such as company mergers, multiple departments
managed by multiple network administrators, and multi-vendor environments. Running different
routing protocols is often part of a network design.
A network consists of a collection of computers, printers and other compatible equipment/ hardware
that is connected together so that they can communicate with each other.
IP Address is a unique identification given to Host, network device, server for data communication. IP
Address stand for Internet Protocol address, it is an addressing scheme used to identify a system on a
network. It is a unique address that certain electronic devices currently use to communicate with each
other on a network using internet protocol.
Wireless networks come in many different forms, cover various distances, and provide a range of low to
high bandwidth depending on the type installed. Wireless LAN – Wireless LAN enable Laptop users to
access the Network of a company.
In Computer Networking, the term port can refer to either physical or virtual connection points. In
computer terms, a port generally refers to the female part of connection. Computer ports have many
uses, to connect a monitor, webcam, speakers, or other peripheral devices.
Remote-access VPNs allow secure access to corporate resources by establishing an encrypted tunnel
across the Internet. The ubiquity of the Internet, combined with today's VPN technologies, allows
organizations to cost-effectively and securely extend the reach of their networks to anyone, anyplace,
anytime.
Switching – A Process of using the MAC address on LAN is called Layer 2 Switching.
Layer 2 Switching is the process of using hardware address of devices on a LAN to segment a network.
Switching breaks up large collision domains into smaller ones and that a collision domain is a network
segment with two or more devices sharing the same bandwidth.
Switches direct and control much of the data flowing across computer networks.
Conventional network security often focuses more on routers and blocking traffic from the outside.
Switches are internal to the organization and designed to allow ease of connectivity, therefore only
limited or no security measures are applied.
CCNA: Scaling Networks SA Exam
CCNA: Scaling Networks
Skills Assessment (EIGRP & OSPFv2) – Hands On Skills Assessment
Topology
Addressing Table
Device
Interface
IP Address
Subnet Mask
Default Gateway
R1
G0/1
172.27.0.1
255.255.255.0
N/A
S0/0/0
172.27.123.1
255.255.255.252
N/A
Lo1
172.27.1.1
255.255.255.0
N/A
Lo2
172.27.2.1
255.255.255.0
N/A
Lo3
172.27.3.1
255.255.255.0
N/A
R2
S0/0/0
172.27.123.2
255.255.255.252
N/A
S0/0/1
172.27.123.5
255.255.255.252
N/A
Lo0
209.165.200.225
255.255.255.248
N/A
R3
G0/1
172.27.0.3
255.255.255.0
N/A
S0/0/1
172.27.123.6
255.255.255.252
N/A
Lo4
172.27.4.1
255.255.255.0
N/A
Lo5
172.27.5.1
255.255.255.0
N/A
Lo6
172.27.6.1
255.255.255.0
N/A
S1
VLAN 1
172.27.0.11
255.255.255.0
172.27.0.2
S2
VLAN 1
172.27.0.12
255.255.255.0
172.27.0.2
S3
VLAN 1
172.27.0.13
255.255.255.0
172.27.0.2
PC-A
NIC
172.27.0.21
255.255.255.0
172.27.0.2
PC-B
NIC
172.27.0.22
255.255.255.0
172.27.0.2
PC-C
NIC
172.27.0.23
255.255.255.0
172.27.0.2
Assessment Objectives
Part 1: Initialize Devices (2 points, 5 minutes)
Part 2: Configure Device Basic Settings (5 points, 30 minutes)
Part 3: Configure LAN Redundancy and Link Aggregation (6 points, 25 minutes)
Part 4A: Configure EIGRP for IPv4 Dynamic Routing Protocol (8 points, 30 minutes)
Part 4B: Configure OSPFv2 Dynamic Routing Protocol (8 points, 30 minutes)
Part 5: Verify Network Connectivity and HSRP Configuration (6 points, 15 minutes)
Part 6: Display IOS Image and License Information (5 points, 5 minutes)
Scenario
In this Skills Assessment (SA), you will create a small network. You must connect the network devices, and configure those devices to support IPv4 connectivity, LAN redundancy, and link aggregation. You will then configure EIGRP and OSPFv2 for IPv4 on the network and verify connectivity and HSRP. Finally, you will demonstrate your knowledge of IOS images and licensing.
Required Resources
3 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
3 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
3 PCs (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term)
Console cable to configure the Cisco IOS devices via the console ports
Ethernet and Serial cables as shown in the topology
Initialize Devices
Total points: 2
Time: 5 minutes
Initialize and reload the routers and switches.
Erase the startup configurations and reload the devices.
Before proceeding, have your instructor verify device initializations.
Task
IOS Command
Points
Erase the startup-config file on all routers.
R1# erase startup-config
2
Reload all routers.
R1# reload
Erase the startup-config file on all switches and remove the old VLAN database.
S1# erase startup-config
S1# del vlan.dat
Reload all switches.
S1# reload
Verify VLAN database is absent from flash on all switches.
S1# show flash
Points: __________ of 2
Configure Device Basic Settings
Total points: 5
Time: 30 minutes
Configure R1.
Configuration tasks for R1 include the f ...
Free CCNP switching workbook by networkershome pdfNetworkershome
ccnp workbook and lab manual by NETWORKERS HOME. NETWORKERS HOME understand the importance of CCNP switching workbook when it comes Cisco certification which is why we offered free CCNP switching workbook.
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...CODE BLUE
We propose a new exploit technique that brings a whole-new attack surface to bypass SSRF (Server Side Request Forgery) protections. This is a very general attack approach, in which we used in combination with our own fuzzing tool to discover many 0days in built-in libraries of very widely-used programming languages, including Python, PHP, Perl, Ruby, Java, JavaScript, Wget and cURL. The root cause of the problem lies in the inconsistency of URL parsers and URL requesters.
Being a very fundamental problem that exists in built-in libraries, sophisticated web applications such as WordPress (27% of the Web), vBulletin, MyBB and GitHub can also suffer, and 0days have been discovered in them via this technique. This general technique can also adapt to various code contexts and lead to protocol smuggling and SSRF bypassing. Several scenarios will be demonstrated to illustrate how URL parsers can be exploited to bypass SSRF protection and achieve RCE (Remote Code Execution), which is the case in our GitHub Enterprise demo.
Understanding the basics of this technique, the audience won’t be surprised to know that more than 20 vulnerabilities have been found in famous programming languages and web applications aforementioned via this technique.
1. Lab 25: HSRP with Failover
Task
1. Configure IP Address as per given in topology.
2. Configure Failover on ASA1 and ASA2. Make Sure Use IP address 200.200.200.0/24 for failover.
3. Configure HSRP between MLS3 and R2. Make sure R2 is active for group 1 and MLS3 is active for
group 2. HSRP Authentication is Netwaxlab.
4. Configure PAT on ASA and R2.
5. Configure EIGRP between ASA and MLS3.
6. PC1 to PC4 Reach R1 via R2 and PC5 & PC6 reach R1 via MLS3.
Figure 1 Topology
2. Lab 25: HSRP with Failover
Solution
Task 2: Configure Failover on ASA1 and ASA2. Make Sure Use IP address 200.200.200.0/24 for
failover.
ASA1
failover lan unit primary
failover lan interface fover e0/5
failover link fover e0/5
failover interface ip fover 200.200.200.1 255.255.255.0 standby 200.200.200.2
failover replication http
int e0/0
ip add 124.55.221.2 255.255.255.0 standby 124.55.221.3
no shut
exit
int e0/1
nameif inside
ip add 192.168.2.1 255.255.255.0 standby 192.168.2.2
no shut
exit
ASA2
failover lan unit secondary
failover lan interface fover e0/5
failover link fover e0/5
failover interface ip fover 200.200.200.1 255.255.255.0 standby 200.200.200.2
Task 3: Configure HSRP between MLS3 and R2. Make sure R2 is active for group 1 and MLS3 is
active for group 2. HSRP Authentication is Netwaxlab.
MLS3
int f1/2
standby 1 ip 110.0.0.254
standby 1 priority 99
standby 1 authentication md5 key-string Netwaxlab
standby 1 preempt
3. Lab 25: HSRP with Failover
standby 2 ip 110.0.0.253
standby 2 priority 101
standby 2 authentication md5 key-string Netwaxlab
standby 2 preempt
R2
int f0/1
standby 1 ip 110.0.0.254
standby 1 preempt
standby 1 priority 101
standby 1 authentication md5 key-string Netwaxlab
standby 2 ip 110.0.0.253
standby 2 priority 99
standby 2 authentication md5 key-string Netwaxlab
standby 2 preempt
Task 4: Configure PAT on ASA and R2.
ASA1
access-list OUT permit icmp any any
access-group OUT in interface outsie
access-list NAT permit ip 192.168.2.0 255.255.255.0 any
access-list NAT permit ip 110.0.0.0 255.255.255.0 any
nat (inside) 1 access-list NAT
global (outside) 1 interface
route outside 0 0 124.55.221.1
R2
ip access-list extended NAT
permit ip 110.0.0.0 0.0.0.255 any
exit
ip nat inside source list NAT interface f0/0 overload
4. Lab 25: HSRP with Failover
Task 5: Configure EIGRP between ASA and MLS3
ASA1
router eigrp 100
network 192.168.2.0 255.255.255.0
no auto-summary
redistribute static
exit
MLS3
router eigrp 100
network 192.168.2.0 0.0.0.255
network 110.0.0.0 0.0.0.255
no auto-summary
exit
Task 6: PC1 to PC4 Reach R1 via R2 and PC5 & PC6 reach R1 via MLS3.
On PC1 to PC4
Configure Default gateway as 110.0.0.254
On PC5 and PC6
Configure default gateway as 110.0.0.253