netravnen/NetworkLabNotes
1
0
Fork 0
mirror of https://gitlab.com/netravnen/NetworkLabNotes.git synced 2024-12-23 20:57:53 +00:00
Code Releases Activity

Changed file structure

Browse source
This commit is contained in:
chhan11 2017-06-01 20:41:55 +02:00
parent 5b49b43092
commit fef6796951
13 changed files with 212 additions and 223 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
chapter/section/dhcp.tex → chapter/dhcp.tex
View file

@ -1,3 +1,5 @@
\chapter{DHCP}
\section{DHCP Process} \section{DHCP Process}
\fig{dhcp/dhcpdiscoverprocess}{dhcpdiscoverprocess}{DHCP Discover Process} \fig{dhcp/dhcpdiscoverprocess}{dhcpdiscoverprocess}{DHCP Discover Process}
@ -25,9 +27,9 @@
\subsection{Cisco} \subsection{Cisco}
\begin{txt} \begin{txt}
ip dhcp excluded-address 192.168.0.254 ip dhcp excluded-address 192.168.0.254
! !
ip dhcp pool LAN-1-POOL-DHCP ip dhcp pool LAN-1-POOL-DHCP
network 192.168.0.0 255.255.255.0 network 192.168.0.0 255.255.255.0
default-router 192.168.0.254 default-router 192.168.0.254
lease 2 ! set in days lease 2 ! set in days
@ -36,7 +38,7 @@ ip dhcp pool LAN-1-POOL-DHCP
When configuring a Layer 3 interface as a relay port for DHCP request for a subnet. Set the ip helper command on the interface with one \textit{or} more ip addresses. When configuring a Layer 3 interface as a relay port for DHCP request for a subnet. Set the ip helper command on the interface with one \textit{or} more ip addresses.
\begin{txt} \begin{txt}
interface GigabitEthernet 0/3 interface GigabitEthernet 0/3
ip helper-address 192.168.220.220 ip helper-address 192.168.220.220
ip helper-address 192.168.222.222 ip helper-address 192.168.222.222
\end{txt} \end{txt}

7
chapter/fhrp.tex Normal file
View file

@ -0,0 +1,7 @@
\chapter{FHRP}
\section{VRRP}
\section{GLBP}
\section{HSRP}

11
chapter/internet.tex Normal file
View file

@ -0,0 +1,11 @@
\chapter{The Internet {\footnotesize "Post cold-war modern times"}}
\section{Service Providers}
\section{IXP}
\section{MPLS}
\section{BGP}
\section{EVPN}

22
chapter/section/intervlanrouting.tex → chapter/l2tol3.tex
View file

@ -1,3 +1,5 @@
\chapter{L2 to L3}
\section{Vlan-to-vlan routing} \section{Vlan-to-vlan routing}
\myquote{}{Guidance and Understanding of the art of Layer 3 networks. Routing between different slash 24\tsq{s}.\\ \textit{Aka. Inter-vlan routing.}} \myquote{}{Guidance and Understanding of the art of Layer 3 networks. Routing between different slash 24\tsq{s}.\\ \textit{Aka. Inter-vlan routing.}}
@ -26,11 +28,11 @@ There are different ways to go \tsq{bout} Inter-vlan routing and doing it.
\subsubsection{Routed interfaces} \subsubsection{Routed interfaces}
\begin{txt} \begin{txt}
interface GigabitEthernet 0/1.10 interface GigabitEthernet 0/1.10
encapsulation dot1q 10 encapsulation dot1q 10
ip address 192.168.0.1 255.255.255.128 ip address 192.168.0.1 255.255.255.128
! !
interface GigabitEthernet 0/1.20 interface GigabitEthernet 0/1.20
encapsulation dot1q 20 encapsulation dot1q 20
ip address 192.168.0.129 255.255.255.128 ip address 192.168.0.129 255.255.255.128
\end{txt} \end{txt}
@ -38,17 +40,17 @@ interface GigabitEthernet 0/1.20
\subsubsection{Switches interfaces} \subsubsection{Switches interfaces}
\begin{txt} \begin{txt}
Vlan10 Vlan10
name VLAN10 name VLAN10
Vlan20 Vlan20
name VLAN20 name VLAN20
! !
interface Vlan10 interface Vlan10
ip address 192.168.1.1 255.255.255.128 ip address 192.168.1.1 255.255.255.128
interface Vlan20 interface Vlan20
ip address 192.168.1.129 255.255.255.128 ip address 192.168.1.129 255.255.255.128
! !
interface GigabitEthernet 0/2 interface GigabitEthernet 0/2
switchport mode trunk switchport mode trunk
switchport trunk encapsulation dot1q switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20 switchport trunk allowed vlan 10,20

7
chapter/layer2.tex Normal file
View file

@ -0,0 +1,7 @@
\chapter{Layer 2}
\input{layer2/switchednetwork}
\newpage
\input{layer2/spanningtree}

0
chapter/section/spanningtree.tex → chapter/layer2/spanningtree.tex
View file

0
chapter/section/switchednetwork.tex → chapter/layer2/switchednetwork.tex
View file

3
chapter/layer3.tex Normal file
View file

@ -0,0 +1,3 @@
\chapter{Layer 3}
\input{layer3/routednetwork}

0
chapter/section/routednetwork.tex → chapter/layer3/routednetwork.tex
View file

14
chapter/mgmt.tex Normal file
View file

@ -0,0 +1,14 @@
\chapter{Management}
\section{Network management}
\subsection{Routers}
\subsection{Switches}
\subsection{Firewall}
\section{Out-of-band management}
\subsection{Console server}

120
chapter/networkmgmt.tex Normal file
View file

@ -0,0 +1,120 @@
\chapter{Triple A\tsq{s}}
\myquote{}{Remember to log the details, too.}
\xkcd{latitude}{Remember logging when necessary}
\newpage
\begin{itemize}
\item \textbf{Authentication:}
\begin{enumerate}
\item Identify the user,
\item Validate the user,
\item Allow/Disallow user based upon credentials.
\end{enumerate}
\item \textbf{Authorization:}
\begin{enumerate}
\item Have defined levels of allowed operations/tasks divided into groups,
\item Validate user-to-groups relations,
\item Allow/Disallow user actions.
\item On network gear the Allow/Disallowed actions can be stored on either the central \gls{aaa} server or locally\footnote{May not apply to all network gear} in the network node.
\end{enumerate}
\item \textbf{Accounting:}
\begin{enumerate}
\item Network nodes collect user and session information from start to end when connecting to a node,
\item All information is transferred back to \gls{aaa} server,
\item Transferred info can be leveraged for several purposes. Typically logged info is:
\begin{itemize}
\item session duration,
\item user commands,
\item disallowed commands
\end{itemize}
\end{enumerate}
\end{itemize}
\bigskip
\textbf{Obvious} benefits by using the \gls{aaa} is scalability, increased flexibility and granularity of assigned rights, standardization, having failover by using multiple triple a\tsq{s} server\footnote{Cisco devices uses the descending order in which \gls{aaa} servers are configured on the node}.
\newpage
\begin{table}[!ht]
\centering
\caption{Tacacs+ vs. Radius}
\label{radiusversustacacsplus}
\resizebox{\columnwidth}{!}{%
\begin{tabular}{|l|l|l|l|l|}
\hline
\multicolumn{1}{|c|}{\textbf{Feature}} & \multicolumn{1}{c|}{\textbf{RADIUS}} & \multicolumn{1}{c|}{\textbf{TACACS+}} \\ \hline
Developer & \begin{tabular}[c]{@{}l@{}}Livington Enterprise\\ (now industry standard)\end{tabular} & \begin{tabular}[c]{@{}l@{}}Cisco\\ (proprietary)\end{tabular} \\ \hline
Transport protocol & UDP ports 1812-1813 & TCP port 49 \\ \hline
\gls{aaa} support & \begin{tabular}[c]{@{}l@{}}Combines authentication\\ and authorization and \\ separate accounting\end{tabular} & \begin{tabular}[c]{@{}l@{}}Uses the \gls{aaa}\\ model and sep-\\ arates all three\\ services\end{tabular} \\ \hline
Challange response & \begin{tabular}[c]{@{}l@{}}One-way, unidirectional\\ (single challenge response)\end{tabular} & \begin{tabular}[c]{@{}l@{}}Two-way, bidirec-\\ tional (multiple\\ challenge responses)\end{tabular} \\ \hline
Security & \begin{tabular}[c]{@{}l@{}}Encrypts only the password\\ in the packet\end{tabular} & \begin{tabular}[c]{@{}l@{}}Encrypt the entire\\ packet body\end{tabular} \\ \hline
\end{tabular}%
}
\end{table}
\newpage
\section{RADIUS}
\fig{radius/radiuscommunication}{radiuscommunication}{Radius handshake and communication}
\begin{txt}
radius server DK-RADIUS-SERVER
address ipv4 radiusserver.example.com auth-port 1812 acct-port 1813
key unkn0wn!unic@st.|.
!
aaa new-model
aaa group server RADIUS
server name DK-RADIUS-SERVER
!
aaa authentication login radius_list group RADIUS local
!
line vty 0-4
login authentication radius_list
line vty 5-15
login authentication radius_list
\end{txt}
\newpage
\section{TACACS+}
\fig{tacacsplus/tacacspluscommunication}{tacacspluscommunication}{Tacacs plus handshake and communication}
\begin{txt}
aaa group server tacacs+ TACACS
server-private 1.1.1.1 unkn0wn!unicAst
ip tacacs source-interface Loopback0
!
aaa authentication attempts login 1
aaa authentication login default group TACACS local-case
aaa authentication login console local-case
aaa authentication enable default group TACACS enable
aaa authorization exec default group TACACS local
aaa authorization commands 0 default group TACACS local
aaa authorization commands 15 default group TACACS local
aaa accounting exec default
action-type start-stop
group tacacs+
!
aaa accounting commands 1 default
action-type start-stop
group tacacs+
!
aaa accounting commands 2 default
action-type start-stop
group tacacs+
!
aaa accounting commands 15 default
action-type start-stop
group tacacs+
!
aaa session-id common
!
tacacs-server host 10.21.0.45
tacacs-server unkn0wn!unicAst
\end{txt}

6
chapter/ntp.tex Normal file
View file

@ -0,0 +1,6 @@
\chapter{Network Time Protocol}
\section{The old NTP from \tsq{85}}
\section{Secure NTP}

201
main.tex
View file

@ -27,208 +27,25 @@
% % % %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% <!-- CONFIGURATION EXAMPLES -->
\include{chapter/baseconf} \include{chapter/baseconf}
% <!-- LAYER 2 --> \include{chapter/layer2}
\chapter{Layer 2} \include{chapter/l2tol3}
\input{chapter/section/switchednetwork} \include{chapter/layer3}
\newpage \include{chapter/dhcp}
\input{chapter/section/spanningtree} \include{chapter/fhrp}
% <!-- INTERVLAN --> \include{chapter/networkmgmt}
\chapter{L2 to L3} \include{chapter/ntp}
\input{chapter/section/intervlanrouting} \include{chapter/mgmt}
% <!-- DHCP --> \include{chapter/internet}
\chapter{DHCP}
\input{chapter/section/dhcp}
% <!-- VRRP, GLBP, HSRP -->
\chapter{FHRP}
\section{VRRP}
\section{GLBP}
\section{HSRP}
% <!-- ACCOUNTING AND LOGINS, RADIUS, TACACS+ -->
\chapter{Triple A\tsq{s}}
\myquote{}{Remember to log the details, too.}
\xkcd{latitude}{Remember logging when necessary}
\newpage
\begin{itemize}
\item \textbf{Authentication:}
\begin{enumerate}
\item Identify the user,
\item Validate the user,
\item Allow/Disallow user based upon credentials.
\end{enumerate}
\item \textbf{Authorization:}
\begin{enumerate}
\item Have defined levels of allowed operations/tasks divided into groups,
\item Validate user-to-groups relations,
\item Allow/Disallow user actions.
\item On network gear the Allow/Disallowed actions can be stored on either the central \gls{aaa} server or locally\footnote{May not apply to all network gear} in the network node.
\end{enumerate}
\item \textbf{Accounting:}
\begin{enumerate}
\item Network nodes collect user and session information from start to end when connecting to a node,
\item All information is transferred back to \gls{aaa} server,
\item Transferred info can be leveraged for several purposes. Typically logged info is:
\begin{itemize}
\item session duration,
\item user commands,
\item disallowed commands
\end{itemize}
\end{enumerate}
\end{itemize}
\bigskip
\textbf{Obvious} benefits by using the \gls{aaa} is scalability, increased flexibility and granularity of assigned rights, standardization, having failover by using multiple triple a\tsq{s} server\footnote{Cisco devices uses the descending order in which \gls{aaa} servers are configured on the node}.
\newpage
\begin{table}[!ht]
\centering
\caption{Tacacs+ vs. Radius}
\label{radiusversustacacsplus}
\resizebox{\columnwidth}{!}{%
\begin{tabular}{|l|l|l|l|l|}
\hline
\multicolumn{1}{|c|}{\textbf{Feature}} & \multicolumn{1}{c|}{\textbf{RADIUS}} & \multicolumn{1}{c|}{\textbf{TACACS+}} \\ \hline
Developer & \begin{tabular}[c]{@{}l@{}}Livington Enterprise\\ (now industry standard)\end{tabular} & \begin{tabular}[c]{@{}l@{}}Cisco\\ (proprietary)\end{tabular} \\ \hline
Transport protocol & UDP ports 1812-1813 & TCP port 49 \\ \hline
\gls{aaa} support & \begin{tabular}[c]{@{}l@{}}Combines authentication\\ and authorization and \\ separate accounting\end{tabular} & \begin{tabular}[c]{@{}l@{}}Uses the \gls{aaa}\\ model and sep-\\ arates all three\\ services\end{tabular} \\ \hline
Challange response & \begin{tabular}[c]{@{}l@{}}One-way, unidirectional\\ (single challenge response)\end{tabular} & \begin{tabular}[c]{@{}l@{}}Two-way, bidirec-\\ tional (multiple\\ challenge responses)\end{tabular} \\ \hline
Security & \begin{tabular}[c]{@{}l@{}}Encrypts only the password\\ in the packet\end{tabular} & \begin{tabular}[c]{@{}l@{}}Encrypt the entire\\ packet body\end{tabular} \\ \hline
\end{tabular}%
}
\end{table}
\newpage
\section{RADIUS}
\fig{radius/radiuscommunication}{radiuscommunication}{Radius handshake and communication}
\begin{txt}
radius server DK-RADIUS-SERVER
address ipv4 radiusserver.example.com auth-port 1812 acct-port 1813
key unkn0wn!unic@st.|.
!
aaa new-model
aaa group server RADIUS
server name DK-RADIUS-SERVER
!
aaa authentication login radius_list group RADIUS local
!
line vty 0-4
login authentication radius_list
line vty 5-15
login authentication radius_list
\end{txt}
\newpage
\section{TACACS+}
\fig{tacacsplus/tacacspluscommunication}{tacacspluscommunication}{Tacacs plus handshake and communication}
\begin{txt}
aaa group server tacacs+ TACACS
server-private 1.1.1.1 unkn0wn!unicAst
ip tacacs source-interface Loopback0
!
aaa authentication attempts login 1
aaa authentication login default group TACACS local-case
aaa authentication login console local-case
aaa authentication enable default group TACACS enable
aaa authorization exec default group TACACS local
aaa authorization commands 0 default group TACACS local
aaa authorization commands 15 default group TACACS local
aaa accounting exec default
action-type start-stop
group tacacs+
!
aaa accounting commands 1 default
action-type start-stop
group tacacs+
!
aaa accounting commands 2 default
action-type start-stop
group tacacs+
!
aaa accounting commands 15 default
action-type start-stop
group tacacs+
!
aaa session-id common
!
tacacs-server host 10.21.0.45
tacacs-server unkn0wn!unicAst
\end{txt}
% <!-- NTP -->
\chapter{Network Time Protocol}
\section{The old NTP from \tsq{85}}
\section{Secure NTP}
% <!-- NETWORK MANAGEMENT -->
\chapter{Managemnt}
\section{Network management}
\subsection{Routers}
\subsection{Switches}
\subsection{Firewall}
\section{Out-of-band management}
\subsection{Console server}
% <!-- LAYER 3 STUFF -->
\chapter{Protocols Layer 3}
\input{chapter/section/routednetwork}
% <!-- DESCRIBE THE INTERNET -->
\chapter{The Internet {\footnotesize "Post cold-war modern times"}}
\section{Service Providers}
\section{IXP}
\section{MPLS}
\section{BGP}
\section{EVPN}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% % % %