Author Archive for: talebi_it@yahoo.com
Entries by talebi_it@yahoo.com
connect AD to ISE
1- Verify basic functionality and DNS 2- Join ISE to AD 3- Make an Identity Source Sequences go to Administration > External Identity Sources and add active directory. Click on Add and then enter information of AD, you probably get the prompt for Username and Password. So, Enter your AD administrator in the prompt. You […]
802.1X Mac Authentication Bypass (MAB)
First, configure the interface which is connected to the endpoint, previously we configured the interface as below: SW(config)#int gi1/0/2 SW(config-if)#switchport mode access SW(config-if)#authentication host-mode multi-auth SW(config-if)#authentication open SW(config-if)#dot1x pae authenticator SW(config-if)#dot1x timeout tx-period 10 SW(config-if)#authentication port-control auto SW(config-if)#authentication periodic SW(config-if)#authentication timer reauthenticate server Now, add this configuration for the interface: SW(config-if)#mab SW(config-if)#authentication order mab dot1x […]
802.1x wired authentication
SWTEST(config)#aaa authentication dot1x default group radius SWTEST(config)#aaa accounting dot1x default start-stop group radius SWTEST(config)#aaa authorization network default group radius SWTEST(config)#radius-server attribute 8 include-in-access-req SWTEST(config)#! enable D dot1x SWTEST(config)#dot1x system-auth-control SWTEST(config)#int gi1/0/2 SWTEST(config-if)#shut SWTEST(config-if)#switchport host switchport mode will be set to access spanning-tree portfast will be enabled channel group will be disabled SWTEST(config-if)#authentication host-mode multi-auth SWTEST(config-if)#authentication […]
How to Connect ISE to Switch
SW1(config)#enable secret YourPassword SW1(config)#aaa new-model SW1(config)#aaa authentication login default enable SW1(config)#radius server ISE SW1(config-radius-server)#address ipv4 192.168.10.6 auth port 1812 acct-port 1813 SW1(config-radius-server)# key ….. SW1(config)#aaa group server radius ISE-group SW1(config-sg-radius)#server name ISE SW1(config)#radius-server vsa send authentication SW1#test aaa group ISE-group hamid YourPassword new-code
Cisco ASA troubleshooting commands
AAA debug radius debug tacacs show aaa-server protocol PROTOCOL_NAME test aaa-server Access Control Lists show access-list show run | include ACCESS_LIST_NAME show run object-group show run time-range Application Inspection show conn state STATE_TYPE detail show service-policy Configuring Interfaces show firewall show int show int ip brief show ip show mode show nameif show run interface […]
Zone-Based Firewall
Introduction The Cisco IOS Zone Based Firewall is one of the most advanced form of Stateful firewall used in the Cisco IOS devices. The zone based firewall (ZBFW) is the successor of Classic IOS firewall or CBAC (Context-Based Access Control). Cisco first implemented the router-based stateful firewall in CBAC where it used ip inspect command […]
Firewall DDOS Policy
Incoming interface The interface to which this security policy applies. It will be the that the traffic is coming into the firewall on. Source address This will be the address that the traffic is coming from and must be a address listed in the Address section of the Firewall Objects. This can include the predefined […]
Linux vulnerability could lead to DDoS attacks
A Linux kernel vulnerability affecting version 4.9 and up could allow an attacker to carry out denial-of-service attacks on a system with an available open port, according to an Aug 6 security advisory from the CERT Coordination Center at Carnegie Mellon University’s Software Engineering Institute. “Linux kernel versions 4.9+ can be forced to make very expensive […]
Add shared folder Ubuntu to Virtual Box
I have seen some people want to make shared folder between VirtualBox and ubuntu but it is sometimes tricky for them to make a shared folder: 1- First install “Insert guest Additional CD” from Devices. In ubuntu VM, you may install those sh files first. 2- restart the system 3- Make a Shared Folder from […]