NetworkLabNotes/main.tex

% Declare Document Class
\documentclass[a4paper,12pt,twoside,twocolumn,landscape]{book}

\include{structure} % Load structure cfg for document

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%                                                    %
% BEGIN DOCUMENT                                     %
%                                                    %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{document}

\include{frontpage}

\tableofcontents

% Only applied after generation of TOC
\setlength{\parskip}{0.35em} % Define length between paragrahps
\renewcommand{\baselinestretch}{1.15} % Define lineheight

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%                                                    %
% BEGIN chapters                                     %
%                                                    %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
	
% <!-- CONFIGURATION EXAMPLES -->

\include{chapter/baseconf}

% <!-- LAYER 2 -->

\chapter{Layer 2}

\input{chapter/section/switchednetwork}

\newpage

\input{chapter/section/spanningtree}

% <!-- INTERVLAN -->

\chapter{L2 to L3}

\input{chapter/section/intervlanrouting}

% <!-- DHCP -->

\chapter{DHCP}

\input{chapter/section/dhcp}

% <!-- VRRP, GLBP, HSRP -->

\chapter{FHRP}

\section{VRRP}

\section{GLBP}

\section{HSRP}

% <!-- ACCOUNTING AND LOGINS, RADIUS, TACACS+ -->

\chapter{Triple A\tsq{s}}

\myquote{}{Remember to log the details, too.}

\xkcd{latitude}{Remember logging when necessary}

\newpage

\begin{itemize}
    \item \textbf{Authentication:}
    \begin{enumerate}
        \item Identify the user,
        \item Validate the user,
        \item Allow/Disallow user based upon credentials.
    \end{enumerate}
    \item \textbf{Authorization:}
    \begin{enumerate}
        \item Have defined levels of allowed operations/tasks divided into groups,
        \item Validate user-to-groups relations,
        \item Allow/Disallow user actions.
        \item On network gear the Allow/Disallowed actions can be stored on either the central \acrshort{aaa} server or locally\footnote{May not apply to all network gear} in the network node.
    \end{enumerate}
    \item \textbf{Accounting:}
    \begin{enumerate}
        \item Network nodes collect user and session information from start to end when connecting to a node,
        \item All information is transferred back to \acrshort{aaa} server,
        \item Transferred info can be leveraged for several purposes. Typically logged info is:
        \begin{itemize}
            \item session duration,
            \item user commands,
            \item disallowed commands
        \end{itemize}
    \end{enumerate}
\end{itemize}

\bigskip

\textbf{Obvious} benefits by using the \acrshort{aaa} is scalability, increased flexibility and granularity of assigned rights, standardization, having failover by using multiple triple a\tsq{s} server\footnote{Cisco devices uses the descending order in which \acrshort{aaa} servers are configured on the node}.

\newpage

\begin{table}[!ht]
    \centering
    \caption{Tacacs+ vs. Radius}
    \label{radiusversustacacsplus}
    \resizebox{\columnwidth}{!}{%
        \begin{tabular}{|l|l|l|l|l|}
            \hline
            \multicolumn{1}{|c|}{\textbf{Feature}} & \multicolumn{1}{c|}{\textbf{RADIUS}} & \multicolumn{1}{c|}{\textbf{TACACS+}} \\ \hline
            Developer & \begin{tabular}[c]{@{}l@{}}Livington Enterprise\\ (now industry standard)\end{tabular} & \begin{tabular}[c]{@{}l@{}}Cisco\\ (proprietary)\end{tabular} \\ \hline
            Transport protocol & UDP ports 1812-1813 & TCP port 49 \\ \hline
            \acrshort{aaa} support & \begin{tabular}[c]{@{}l@{}}Combines authentication\\ and authorization and \\ separate accounting\end{tabular} & \begin{tabular}[c]{@{}l@{}}Uses the \acrshort{aaa}\\ model and sep-\\ arates all three\\ services\end{tabular} \\ \hline
            Challange response & \begin{tabular}[c]{@{}l@{}}One-way, unidirectional\\ (single challenge response)\end{tabular} & \begin{tabular}[c]{@{}l@{}}Two-way, bidirec-\\ tional (multiple\\ challenge responses)\end{tabular} \\ \hline
            Security & \begin{tabular}[c]{@{}l@{}}Encrypts only the password\\ in the packet\end{tabular} & \begin{tabular}[c]{@{}l@{}}Encrypt the entire\\ packet body\end{tabular} \\ \hline
        \end{tabular}%
    }
\end{table}

\newpage

\section{RADIUS}

\fig{radius/radiuscommunication}{radiuscommunication}{Radius handshake and communication}

\begin{txt}
radius server DK-RADIUS-SERVER
 address ipv4 radiusserver.example.com auth-port 1812 acct-port 1813
 key unkn0wn!unic@st.|.
!
aaa new-model
aaa group server RADIUS
 server name DK-RADIUS-SERVER
!
aaa authentication login radius_list group RADIUS local
!
line vty 0-4
 login authentication radius_list
line vty 5-15
 login authentication radius_list
\end{txt}

\newpage

\section{TACACS+}

\fig{tacacsplus/tacacspluscommunication}{tacacspluscommunication}{Tacacs plus handshake and communication}

\begin{txt}
aaa group server tacacs+ TACACS
server-private 1.1.1.1 unkn0wn!unicAst
ip tacacs source-interface Loopback0
!
aaa authentication attempts login 1
aaa authentication login default group TACACS local-case
aaa authentication login console local-case
aaa authentication enable default group TACACS enable
aaa authorization exec default group TACACS local 
aaa authorization commands 0 default group TACACS local 
aaa authorization commands 15 default group TACACS local 
aaa accounting exec default
 action-type start-stop
 group tacacs+
!
aaa accounting commands 1 default
 action-type start-stop
 group tacacs+
!
aaa accounting commands 2 default
 action-type start-stop
 group tacacs+
!
aaa accounting commands 15 default
 action-type start-stop
 group tacacs+
!
aaa session-id common
!
tacacs-server host 10.21.0.45
tacacs-server unkn0wn!unicAst
\end{txt}

% <!-- NTP -->

\chapter{Network Time Protocol}

\section{The old NTP from \tsq{85}}

\section{Secure NTP}

% <!-- NETWORK MANAGEMENT -->

\chapter{Managemnt}

\section{Network management}

\subsection{Routers}

\subsection{Switches}

\subsection{Firewall}

\section{Out-of-band management}

\subsection{Console server}

% <!-- LAYER 3 STUFF -->

\chapter{Protocols Layer 3}

\input{chapter/section/routednetwork}

% <!-- DESCRIBE THE INTERNET -->

\chapter{The Internet {\footnotesize "Post cold-war modern times"}}

\section{Service Providers}

\section{IXP}

\section{MPLS}

\section{BGP}

\section{EVPN}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%                                                    %
% BEGIN list of acronyms                             %
%                                                    %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\clearpage

\section*{Section with acronyms}

\printglossary[type=\acronymtype,title=Special Terms,toctitle=List of terms]

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%                                                    %
% BEGIN list of figures                              %
%                                                    %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\renewcommand{\listfigurename}{List of {\footnotesize hidden} Figures}
\listoffigures

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%                                                    %
% BEGIN list of tables                               %
%                                                    %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\renewcommand{\listtablename}{Tables {\footnotesize hidding} on the pages}
\listoftables

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%                                                    %
% BEGIN references                                   %
%                                                    %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\bibliography{references}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%                                                    %
% END DOCUMENT                                       %
%                                                    %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\end{document}