Install NAC Server April 18, 2011
Posted by ZoeL in Cisco, NAC, Security, VMWare.Tags: NAC Server Installation
add a comment
1. 1:Start the NAC Instance
2&3:Insert the Installer Disc to the CD-Rom or attach Disc Image
2. Choose the Optical Drive
3. Press Enter to start CCA Installation,
Create NAC Server on VMWare (ESX) April 15, 2011
Posted by ZoeL in Cisco, NAC, Security, VMWare.Tags: NAC Server On VMWare
add a comment
Our objective is to create NAC Server or Manager on VMWare Server.
First we need to create an instance for NAC with specific SCSI Storage type.
I tried use default SCSI type and NAC OS could not see the harddrive.
1. Create a new Virtual Machine
(more…)
traceroute, difference between Linux and Windows August 18, 2010
Posted by ZoeL in Cisco, Desktop PC, Notes.Tags: traceroute
1 comment so far
What is the difference of “traceroute” between Windows and Linux?.
Never met one until recently, our DNS server failed. And during troubleshooting session we tried to trace the path. I already open icmp ports (host-unreachable and time-exceed) on our firewall. But strangely, we were not able to trace from linux machines. Different result achieved if we tried it from windows machines, traceroute running okay.
Googled it, and found the fact :
Windows uses ICMP, whilst Linux use random high UDP port number.
i test it on our firewall, open all high UDP port number, and voila… now our Linux server able to “traceroute” traverse Firewall machine.
.end of notes.
Zone-Based Firewall August 6, 2010
Posted by ZoeL in Cisco, Security.Tags: ZFW, Zone-Based Firewall
add a comment
Cisco Router has capability to act as Zoned Firewall. The concept itself is not very far with the real PIX or ASA box. These are 3 important things to remember if we want to setup ZBFW on Cisco Routers.
- Zones
Just like ASA or PIX, we must define which interface would be the Outside (untrusted) zone, or Inside (trusted) Zone. Or u can setup other zone. lets say : DMZ. - Inspect type for Class-maps and Policy-Maps.
There is one special type for Class-Map and Policy-Map for ZBFW. And this type is called INSPECT. This type must be used each time we create Class or Policy-Map. Otherwise, we wont be able to setup zone-pair. - Zone-Pair
This command binds Zones/Areas with policy-map and define the flow of packet between areas. For example : from outside to inside, inside to outside or from DMZ to outside, etc etc.
And here is a simple scenario,
Create 2 Zones on R1, outside and inside. Internet User must not able to telnet and ping inside Router (R2). R2 is not allowed to telnet into internet area. Let any other packet flows.
Private-VLAN July 5, 2010
Posted by ZoeL in Cisco, Switching.Tags: Private-Vlan
3 comments
- 2 Cisco Switch (SW1 & SW2) connected via trunk with VTP mode set as Transparent. Our SAP engineer connect SAP server to VLAN 50 on SW1.
- on SW2, 2 PCs (PC A & PC B) connected and assigned as vlan 50.
- PC A & PC B are not allowed to communicate to each other. But, both of PCs allowed to access SAP Server.
- Our client ordered us to separate PC A & PCB at layer 2 level, using Private VLAN.
- use one additional VLAN (VLAN 501) as VLAN Association.
- PC A connect to SW2 port 1
PC B connect to SW2 port 2
SAPSvr connect to SW1 port 1
.
OEQ (Open Ended Questions) Removed from CCIE RS and Voice EXAM May 11, 2010
Posted by ZoeL in CCIE LAB, Certifications, Cisco.Tags: Open Ended Questions
add a comment
Great news,
https://learningnetwork.cisco.com/docs/DOC-6484
at last…. Cisco removed the OEQ for Routing and Switching and voice track.
According to Cisco’s latest announcement, OEQ removal due to establishment of new exam section : troubleshooting.
The exam itself now consist of 2 parts. Troubleshooting (2 hrs) and Lab (6 hrs). Given certain number of tickets to be solved for Troubleshooting sections before enter the lab portion.
So, what happen to people who has taken CCIE exam before this changes and failed due to insufficient score because of OEQ?. Cisco said the OEQ itself not consider as improper nor irrelevant method ( http://ciscocert.custhelp.com/app/answers/detail/a_id/6003 ). Troubleshoot section considered as suitable replacement and sufficient enough to proof candidate readiness yet stands for Cisco Quality on CCIE Certification.
I guess (take this as my personal opinion), pros, contras and bad comments from many people around the globe at least give Cisco second thought about his “not-so-popular” Open Ended Questions.
regards.
Free Software Huraayyy…! November 24, 2009
Posted by ZoeL in Softwares.Tags: Free Software, Freeware
add a comment
Berikut dibawah akan saya tampilkan software – software yang saya baru tau ternyata ada Free version-nya. Dan software-software yang sering saya gunakan. Tidak semua free software saya cantumkan, hanya yang penting saja.
- Nero
Tau donk Nero? software untuk burn CD/DVD, feature full bisa untuk melakukan convert audio/video ke CD/DVD.
Yaa… burner tools ini punya versi free. Nero Lite-Version hanya memiliki fungsi burn. TIdak ada fitur lain misalkan convert DVD/VCD. Atau slideshow untuk foto. Cari dibagian Download, lalu pilih lite version. Hanya memerlukan e-mail address untuk registrasi, lalu silahkan download. Besar file hanya berkisar 50MB.
(more…)
Serangan DDOS, salah siapa? October 20, 2009
Posted by ZoeL in Security.Tags: DDOS, DDOS Salah siapa?
1 comment so far
Tadi saya iseng baca-baca artikel di majalah PC Magazine bulan oktober (versi US bukan versi negara kita). Ada satu artikel yang menarik mengenai DDOS yang menyerang server Twitter (dan beberapa server situs ternama lainnya) di bulan Agustus.
Sebelum mengulas “SALAH SIAPA?”. Udah tau belum apa itu DDOS?. Anda mungkin sebagian pernah mendengar istilah DOS (Denial of Service). Sebuah metode serangan dimana sebuah host menyerang mesin lain dengan melakukan request secara bertubi-tubi. Sehingga server tidak sanggup melayani request dari host-host lain dan ketika sudah tidak mampu lagi, semua request akhirnya di-drop. Lalu bayangkan kalau request yang bertubi2 ini dilakukan oleh banyak host, bahkan bisa sampai jutaan host melakukan hal yang sama ke satu server. Bisa di perkirakan server akan sangat sibuk melayani banyak host yang melakukan banyak request sekaligus. Dan tak lama kemudian, server is down. Hal inilah yang di sebut serangan DDOS (Distributes Denial of Service).
Catatan : OSPF Virtual Links October 5, 2009
Posted by ZoeL in Cisco, Routing.Tags: Discontiguous OSPF Area, OSPF Partitioned Area, OSPF Virtual Link
add a comment
Virtual link digunakan untuk menghubungkan area yang terpisah dari area 0 (backbone), atau menghubungkan area yang terbelah (partitioned).
Contoh topologi :
Koneksi R1 & R2 merupakan area backbone (area 0), sedangkan koneksi R1, R2 dan R4 berada di area 10. R4 juga punya koneksi ke area 20. R1 juga memiliki koneksi ke R3 yang berada di area 5. Karena sesuai syarat OSPF bahwa setiap area yang bukan area 0, harus memiliki koneksi ke area backbone (area 0), maka area 20 harus di buatkan virtual link yang melalui R4-R1 atau R4-R2, sehingga area 20 memiliki koneksi ke area backbone.
Case lainnya, ketika koneksi R1 dan R2 putus. R4 melihat ada dua area backbone yaitu R1 dan R2. R1 dan R2 menjadi memiliki area 0 yang terpisah (discontiguous area). Masalah ini bisa diatas dengan membuat sebuah virtual link dari R1 ke R4 kemudia dari R4 ke R2. Sehingga dengan bantuan virtual link, backbone R1 bisa terkoneksi dengan backbone di R2.
(more…)
Setting-up GNS October 5, 2009
Posted by ZoeL in Cisco, Router Simulator.Tags: Cisco Simulator, Setting GNS
1 comment so far
Okeyy.. karena banyak request (dikantor) untuk melihat setingan GNS (Cisco Router Emulator with Graphics interface), lebih baik gw buatkan screenshot kecil2an dan sedikit penjelasan apa saja yang paling pas untuk di contreng atau tidak (versi gw). Mohon ralatnya kalau ada salah.
Setelah instalasi, langsung buka aplikasi GNS. Ada 2 bagian seting yang perlu di perhatikan. Pertama bagian Preference dan kedua bagian IOS Images.
1. Preference
- Buka Edit – Preference
.
(more…)
