Skip to content

Network Ninja

The Long Road to Cisco

  • Home
  • About
  • Legal Disclaimer
  • Archives
Less
More
Trim
Untrim
« Older
Home
Loading
Newer »

Tag Archive for 'AAA'

Booked For Networkers at Cisco Live!

Published
by
Deon Botha
on August 19, 2008
in Cisco Systems and Vine
. 0 Comments

So I just booked for Networkers at Cisco Live! if you haven’t followed I posted about it back in June and have been looking forward to it since then. This is going to be the first time that Networkers is going to be held outside the USA and the chosen location is Johannesburg, South Africa.

Its great that Networkers is going to be in my back yard like one city over and all but DAAAAMN!!!! this better be the best conference ever because I feel raped after booking, with the invoice coming in at just under $ 1,000 USD.

To break that down its entrance for Networkers at Cisco Live with an $80 USD discount, the Techtorial session, and cause you spending so much money anyway the Social Pass (it better be open bar) to ease the pain and suffering of a long day. I’m still going to commute between cities and skip on the hotel don’t think thats going to fly over well including the ticket price.

So in short Im still majorly stoked to go but this better be the BEST conference EVER for the insane ticket price. I also somehow need to recoup the ticket price in either Keynotes, Super Sessions, Technical Breakout Sessions, Case Studies, Technical Solutions Clinic, Meet the Engineer, Techtorial Session and or Business contacts else I am going to go crazy and pocket my way through branded conference freebies that I can use for marketing/PR/advertising customer give-aways till sometime after 2010.

If you considering going book now, the $80 discout is only valid for a short period of time.

Preparing a used switch for use

Published
by
Deon Botha
on July 3, 2008
in BCMSN, Cabling and Equiptment, Certification, Cisco Systems, Concepts and Constructs, SSH, Telnet and VLAN
. 1 Comment

Console Port AS

Console Port DS

Step 1: Connect a Workstation (PC or notebook) to the console port of the switch (shown above for Access layer-2 and Distribution layer-3 devices). This is the Cisco Blue cable that comes with the switches (generally a RJ-45 connector on one end and Serial connector on the other, dependant on the switch it was shipped with).

This will enable you to gain console access via Telnet or SSH into your switch. This is how configuration is done at the command line level (if you got this far without ever doing this, it’s a miracle you passed).

Step 2 :D elete the vlan.dat file

When in privaleged mode, you can type the following commands and delete the vlan.dat file
ASW1#delete vlan.dat
Delete filename [vlan.dat]?
Delete flash:vlan.dat? [confirm]
ASW1#

Step 3 :D elete the startup-config file

After erasing the vlan.dat file all vlan information is gone, now the startup config file needs to be erased as this holds VTP, interface, passwords and other information that you want to get rid of to start the switch from scratch.

ASW1#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]? [OK]
Erase of nvram: complete
ASW1#

Step 4:Reload

After the above steps, it is now time to reload the switch

ASW1#reload
System configuration has been modified. Save? [yes/no] no
Proceed with reload?

Side Note

As a side note User-Defined VLAN setting is stored in a file on flash called vlan.dat (unix/linux based operating systems like Cisco IOS use case sensitive file naming unlike windows where a file called Aaa.dat and aaa.dat will be seen as identical.

If and when VLAN information is configured and created on a network, this vlan.dat file is used and information stored inside this file. To insert new kit or old kit into a networking (or lab) use the above steps to get rid of the file. If you have for some reason renamed the file using the below steps then you need to follow the below steps.

You can change the file-name where the vlan.dat is stored in the following way:

ASW1(config)#vtp file VLAN.dat

This command changes the vlan.dat file from vlan.dat (all lowercase) uppercase which is seen as different in IOS.

To then delete the file keep in mind that you have to keep the case sensitive spelling otherwise IOS will tell you the file doesn’t exist or delete the old file (vlan.dat) and not the new file where information is actually stored in. To delete the file:

ASW1#delete VLAN.dat

You can name the file anything you want and do pretty much anything you want on “your network”, just keep in mind that keeping things as standard and normal as possible means that if you leave your current job / position / contract the next person to work on that network is going to hate your guts if you went buck wild and creative setting up things in totally weird ways.

Notes and Notices:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

Switch Security Layer-2 Attacks – One

Published
by
Deon Botha
on May 27, 2008
in 802.1X, AAA, BCMSN, CAM, Certification, Cisco Systems, Concepts and Constructs, MAC Address Flooding, Port Security and TCAM
. 0 Comments

Mac-Address-Flooding

MAC Address Flooding

MAC Address flooding results in a switch’s CAM table overflow, which causes flooding of regular data frames out all switch ports. This attack can be launched for the malicious purpose of collecting a broad sample of traffic or as a denial of service (DoS) attack.

A switch has a limited CAM table and can only contain a limited number of entries at one time. If for example an intruder at the beginning of a work day floods a switch with invalid MAC entries then until the invalid entries expire the switch will flood all frames out all ports. This has two negative effects:

  • Switch traffic is inefficient and voluminous
  • The attacker/intruder connected to a switch port and capture traffic that is not normally seen on that port.

Mitigation of this attack is to configure port-security and defining the number of MAC addresses allowed on a given port. Port security can also specify the MAC addresses allowed on a port.

Port Security

This is a feature of Cisco Catalyst Switches, it is a security feature that restricts a switch port to a specific number of MAC addresses. These MAC addresses can be dynamically learned or statically configured. When configured the switch will only allow frames on those ports from the configured MAC addresses.

NB if you configure 4 MAC addresses and don’t specify them, the switch will learn 4 addresses dynamically. Those 4 will then be the MAC addresses allowed.

A feature (on some platforms) combine statically configured and dynamically learnt addresses. When configured an interface converts dynamically learnt addresses to “sticky secure” addresses. This adds those addresses to the config as if they were added by switchport port-security mac-address

Port Security – Configuration

Enable Port Security on the Switch:

switch#configure terminal
switch(config)#interface gigabitethernet 0/1
switch(config-if)#switchport port-security

Set the maximum number of MAC addresses that will be allowed on the port (default is one)

switch(config-if)#switchport port-security maximum value

Be sure to set this value to 2 when you have a Cisco IP Phone and a desktop attached to a switchport. I know I didn’t do this and it resulted in a port security violation. My bad.

Now Option 1 you can set whether the MAC address(es) learnt must be aged out after X time

switch(config-if)#switchport port-security aging 1-1024

Now optional 2 specify the MAC addresses that will be allowed on the port (this can also be dynamically learnt thats why its optional)

switch(config-if)#switchport port-security mac-address mad-address
switch(config-if)#switchport port-security mac-address mad-address

Finally set the action to be taken if something goes wrong (mac address attack)

switch(config-if)#switchport port-security violation {shutdown/restrict/protect}

Protect Mode drops the frame and leaves no syslog message, Restrict mode drops the frame and logs the drop + a SMTP trap is sent, and finally shutdown logs + SMTP traps + errdisables the interface (CAT OS, Cisco IOS).

Port security has a feature called “sticky MAC address” that can limit switch port access to a single, specific MAC address without the network administrator having to gather MAC addresses of every legitimate device and manually associate it with a particular switch port (This cannot be used where Voice VLANs are in use).

switch(config-if)#switchport port-security mac-address sticky

Last but not least lets check port-security:

switch(config)#show port-security

Authentication

Authentication, authorization and accounting (AAA) network security services provide a framework through which acess control is set up on a network. Authentication is the way a user is identified before being allowed access to the network and network services. AAA authentication is configured by defining a list of named authentication methods and then applying that list to various interfaces. The list defined the type of authentication (enable password, Kerberos 5, Kerberos 5-Telnet Authentication, Line Password, Local database, Local database with case sensitive, No Authentication, RADIUS, TACACS+) to be performed and the sequence in which they will be performed.

The only exception is the “default” list. The default list is automatically applied to all interfaces if no other method/list is defined. A defined method/list overrides the default list.

802.1x

IEEE 802.1x defines a port-based access control and authentication protocol that restricts unauthorized workstations from connecting to a LAN through publicly accessible switch ports. Until a workstation is authenticated, 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port. After authentication normal traffic can pass through.

With 802.1x port-based authentication, the devices in the network have specific port roles:

Client: the end-device that requests access to the LAN and switch. The end-device must be running 802.1x compliant software. (the port the end-device (client) is attached to is the supplicant)

Authentication server: performs the actual authentication. The server authenticates the identity of the client and lets the switch know whether to let the end-device access the LAN. As the switch is acting as a proxy the authentication service is transparent to the end-device. The RADIUS security system with Extensible Authentication Protocol (EAP) is the only supported authentication server.

Switch (authenticator): controls physical access onto the network. Acts as an intermediary (proxy service) between client and authentication server. The switch uses a RADIUS software agent responsible for encapsulating and decapsulating EAP frames and interacting with the authentication server.

802.1x Configure

Enable AAA

switch#configure terminal
switch(config)#aaa new-model

You Radius Server Location

switch(config)#radius-server host 000.000.000.000auth-port port key auth-key

Create a 802.1x port-based authentication method list

switch(config)#aaa authentication dot1x default group radius

Globally configure 802.1x port-based autnetication

switch(config)#dot1q system-auth-control

OR enter enable 802.1x on an interface

switch(config)#interface gigabitethernet 0/1
switch(config-if)#dot1x port-control auto

Definition

Content Addressable Memory (CAM)is a specialized type of memory think of it as the opposite of Random Access Memory (RAM). With RAM an Operating Sysem (OS) provides an address, and receives the data stored at the supplied address. With CAM, the OS supplies the data, and the CAM returns a list of addresses where the data is stored, if any. Also a CAM searches the entire memory in one operation therefore is faster than RAM.

Binary CAMssearch only for 1 and 0’s (ON or OFF). A MAC address table in switches commonly get stored inside binary CAMs (sometimes even called a CAM Table).

A Ternary CAM (TCAM)allows the OS to match a third state, “X.” The “X” state is a “mask” and could be anything. Routers can store their entire routing table in these TCAMs, allowing for very quick lookups.

Notes and Notices:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

WLAN Standards

Published
by
Deon Botha
on May 15, 2008
in 802.11, Access Point, BCMSN, Certification, Cisco Systems, Concepts and Constructs and Wireless
. 0 Comments

This is a generally a nice to know topic; if you don’t want to know the basics on “how” it works but rather just care that it works this might not be “light” reading.

There are “generally” (dependant on your country) unlicensed bands:

  1. 900-MHz Industrial, Scientific and Medical (ISM) Band (902-MHz to 928-MHz)
  2. 2.4-GHz Industrial, Scientific and Medical (ISM) Band (2400-MHz to 2483-MHz) (Japan to 2495-MHz)
  3. 5.7-GHz Unlicensed National Information Infrastructure (UNII) Band (5150-MHz to 5350/5725/5825 MHz) (Not all countries support 802.11a)

Radio Frequency Transmission (for dummies i.e. with no electric/electronic engineering background a.k.a ME):

Radio Frequencies (RF) are radiated (why does this not make me feel better I’ve seen what a microwave do when it radiates things) into the air by antennas that create radio waves. When radio waves are propagated through objects, they may be absorbed (walls) or reflected (metal). This absorption may cause areas of low-signal.

Radio wave transmission is affected by the three factors:

  • Reflection: when RF waves bounce of objects (metal, glass)
  • Scattering: when RF waves strike uneven surfaces and are reflected in many directions
  • Absorption: when RF waves are absorbed by objects (concrete, bricks, walls)

Data Transmission over Radio Waves (for dummies i.e. with no eletric/electronic engineering background a.k.a ME):

  1. Higher data rates (faster connection) have shorter range because the receiver needs a stronger signal with a better signal-to-noise ratio (SNR) to retrieve the information.
  2. Higher transmit power results in greater range. To double the range, the power has to be increased by a factor of 4 (four).
  3. Higher data rates require more bandwidth. Increased bandwidth is possible with higher frequencies.
  4. Higher frequencies have shorter range through higher degradation and absorption. More efficient antennas can compensate for this effect.

WLAN Regulations and Standardizations:

Regulatory Agencies control the use and enjoyment of RF bands. The two main regulatory agencies are the FCC (USA) and ETSI (Europe) (South Africa and EMEA region if in doubt follow ETSI).

The network (802) standardization is done by the IEEE. The wireless (802.11) standards are part of the network standard these include 802.11 a/b/g and soon to be finalized/ratified n.

Finally the Wi-Fi Alliance offers certification for vendors of 802.11 products so that their products are interoperable. The Wi-Fi Alliance certifications include all three 802.11 RF technologies and Wi-Fi Protected Access (WPA) security model (2003) based on IEEE 802.11i (ratified 2004).

IEEE 802.11b

Ratified Sept 1999

Operates in the 2.4-GHz ISM Band

Specifies direct sequence spread spectrum (DSSS)

Specifies four data rates up to 11-Mbps (1, 2, 5.5, and 11-Mbps)

Throughput Mbps * 1024/Users = X kbps Bandwidth per user

2.4-GHz Channels

Wireless-2.4-Channels

Up until this point Wireless channels might not have made “sense” if you weren’t as I joked “previously advantaged” with a electrical or electronic engineering qualification. Those ladies and gents are force fed this amongst other things for at the very least a semester in university so they know this kind of thing backwards (I know how they complained about it). If you are like myself a business grad then this is all new.

What this graph shows (pay attention to the grey highlight) is 3 non-overlapping Channels (except for Japan). If you are in Japan you can use the 14th channel along with 3 others to have access to 4 total channels.

This information is region specific and then also country specific (I know South Africa in general follows ETSI which falls under EMEA). Some countries may allow 14 channels while others may only allow 1 channel.

At a Cisco Tech-Update (I can’t remember the speaker forgive me) Wireless channel usage was explained using the below diagram and it made all the above fall into place for me.

Wireless Channel Use

What the diagram shows is the 2.4-Ghz frequency (visually) with the channels laid out how all the channels overlap. This is what 802.11 b/g “looks” like with the 3 non-overlapping channels (black).

Example: Three non-overlapping channels (1, 6, and 11) that do not share RFs. There would be no degradation in throughput if 3 APs were to operate in the same cell using channels 1, 6, and 11.

To show the maths 3 APs on 3 non-overlapping channels (2, 6, and 11) provide an aggregate data-rate for a cell of 33-Mbps (11-Mbps x 3), with an aggregated throughput of approx. 16-Mbps (33-Mbps/2).

Example: Three APs sharing the same channel, in the same cell.

To show the math 3 APs on the same channel(1, 1, and 1) provide an aggregate data rate a 11-Mbps but an aggregated throughput of 6-Mbps. This results from APs sharing a cell.

Example: Three APs sharing overlapping channels, in the same cell.

To show the math 3 APs on overlapping channels (1, 2, and 3) the throughput could drop to well below 1-Mbps due to interference.

Channel Reuse

At the same Tech Update they explained how using the non-overlapping channels a deployment can be done where none of the same channels border. Imagine the cells from top down on an overaly of an office plan looking like the diagram below.

Wireless Cell Re-Use

Data Rates

WLAN clients (end-devices) can shift data rates as they move. The closer you are to a AP the better coverage will be (11-Mbps), as you move away from the AP coverage will get worse (5.5-Mbps) and worse (2-Mbps) and worse (1-Mbps) until there is no signal. This data rate shifting occurs without user interaction or connection loss.

This rate shifting also happens on a transmission-by-transmission basis; whereby the AP can support multiple clients at multiple speeds (meaning transmissions 1 might be 11-Mbps and transmission 2 might be 1-Mbps depending on the end-user location).

IEEE 802.11a

Ratified Sept 1999

Operates in the 5-GHz ISM Band

Uses orthogonal frequency-division multiplexing (OFDM)

Specifies eight data rates up to 54-Mbps (6, 9, 12, 18, 24, 36, 48, 54-Mbps)

FCC – 12 to 23 non-overlapping channels

ETSI – up to 19 non-overlapping channels

Regulatory differences across countries

802.11a requires Transmit (Tx) power control and dynamic frequency selection (802.11h)

Throughput Mbps * 1024/Users = X kbps Bandwidth per user

5-GHz Channels

802.11a must comply with two features in 802.11h namely Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS).

TPC links back to the basics, the more Transmit Power pumped into an AP the greater the range (greater range = less data-rate). TPC is where an AP exchanges transmit power information with end-device adapters. This has a twofold advantage:

  1. end-device adapters use only enough power to maintain association with APs at any given data rate. In turn conserving energy (good for mobile devices and at current Eksom).
  2. end-devices contribute less to adjacent cell interference.

DFS is where the AP monitors the available 5-Ghz RF spectrum radar installations in the environment and if found flags the appropriate channel(s) as unavailable. DFS continually monitors the operating environment for changes during operation.

IEEE 802.11g

Ratified June 2003

Operates in the 2.4-GHz ISM Band as 802.11b

Uses direct sequence spread spectrum (DSSS) complementary code keying (CKK) and orthogonal frequency-division multiplexing (OFDM)

Specifies twelve data rates up to 54-Mbps (1, 2, 5.5, 11-Mbps DSSS/802.11b and 6, 9, 12, 18, 24, 36, 48, 54-Mbps OFDM).

Throughput Mbps * 1024/Users = X kbps Bandwidth per user

Security and Mitigation of Wireless Risks

Linking back to the beginning of this post and why Wireless could potentially be a security threat. The process of Wireless is “Radio Frequencies (RF) (that) are radiated into the air by antennas that create radio waves” and in turn your network data travels across radio waves from source (server or point A) to destination (end-device or point B).

This wireless communication if left unsecured, leaves a wide open method of access to anyone that wants to enter, use and abuse your enterprise infrastructure. With the low cost of IEEE 802.11 wireless equipment these days adoption is gaining in the mass market (home, small office/home office (SOHO),  small medium business (SMB)). With greater adoption of the mass market the products are easier to use and deploy and implement (graphical user interface (GUI) deployments and out the box operation). This large adoption also makes for sub-business class consumer grade products making a regular appearance in server-rooms, business settings and other environments where they are definitely not meant to be (don’t get me wrong consumer products work great for a family of 5 people but aren’t built or designed to handle with an office of 10 people or a department of 50 people).

There are many large telco (Telkom) companies that offer pre-configured Wi-Fi combination routers with the DSL accounts. Most if not the majority of users literally plug and play (plug it in and use it with default settings). This is a very conducive environment for “war driving” for the single purpose of free Internet, collecting sensitive information through the use of various freely available tools and applications.

The Process

Anyone implementing Wireless needs to at the very least consider security which is a three step process of Authentication (802.1x or Extensible Authentication Protocol (EAP)), Encryption (Wi-Fi Protected Access (WPA – TKIP, WPA2 – AES or TKIP)) and Intrusion Detection and Protection (IDS and IPS).

Wireless Association

Looking at how end-devices (clients like notebooks, smartphones, PDAs) associate with APs then something I mentioned in a previous post will crystallize.

APs broadcast (send out) beacons with SSIDs (one or many), data rates (depending on distance from AP) and other information. The end-device scans the available channels looking for beacons and responses from APs. The end-device then in turn associates with the AP with the strongest signal.

If you are using a mobile device and moving with your device and signal becomes weak this process will repeat.

It is during this association process that SSID, MAC address and security settings are sent from end-device to the AP and checked. This is what we are going to be talking about in the next couple of paragraphs.

Authentication

When an end-device attempts to associate this is done via the 802.1x protocol. The end-device is called a supplicant which communicates with an autonomous AP* (called the authenticator) that communicates and in turn authenticates to an Authentication, Authorization and Accounting Server (AAA Server) like RADIUS/TACACS+ or Cisco Secure ACS.

*LWAPP uses the WLAN controller that acts as the Athenticator that in turn communicates and authenticates with the AAA Server.

Encryption

After authentication is successful (if unsuccessful the connection is denied) data between the end-device and the AP is sent encrypted in either TKIP or AES encryption.

Definitions

Signal-to-Noise

Notes and Notices:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

Search

About

You are currently browsing the Network Ninja weblog archives for 'aaa' tag.

Latest

RSS
  • Digital Growth with your Job
  • Open Shortest Path First – OSPF Fundamentals – Scenario
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 13
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 12
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 11
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 10
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 9
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 8
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 7
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 6

Archives

  • June 2009
  • April 2009
  • March 2009
  • February 2009
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008

Categories

  • 802.11 (7)
  • 802.1Q (1)
  • 802.1X (1)
  • AAA (1)
  • Access Point (7)
  • ACL (4)
  • Addressing (3)
  • Asides (31)
  • auto-summary (3)
  • AutoQoS (1)
  • Bandwidth (2)
  • BCMSN (55)
  • BDR (2)
  • BGP (1)
  • BPDU Filtering (1)
  • BPDU Guard (2)
  • BPDU Root Guard (1)
  • BSCI (67)
  • BSCI Notes (18)
  • BSCI Questions (48)
  • Business (1)
  • Cabling and Equiptment (3)
  • CAM (1)
  • CCDA (1)
  • CDP (1)
  • CEF (1)
  • Certification (123)
  • CIDR (2)
  • CIR (2)
  • Cisco Systems (144)
  • Concepts and Constructs (76)
  • CoS (1)
  • Cost (3)
  • DAI (1)
  • DDNS (1)
  • Debug (2)
  • DHCP Snooping (1)
  • DHCP Spoofing (1)
  • DR (3)
  • DUAL (1)
  • Dynamic ARP Inspection (1)
  • ECNM (5)
  • EIGRP (5)
  • Enterprise Architecture (7)
  • EtherChannel (1)
  • GLBP (1)
  • Hello Timer (2)
  • Hold Timer (2)
  • Hot Standby Router Protocol (1)
  • HSRP (1)
  • IGRP (1)
  • IIN (2)
  • Inter-Vlan Routing (1)
  • Interconnection Technologies (2)
  • IP Source Guard (1)
  • IS-IS (1)
  • ISL (1)
  • LACP (1)
  • Link State Advertisements (2)
  • Load Balancing (2)
  • Loop Guard (1)
  • MAC Address Flooding (1)
  • MLS (1)
  • MSTP (1)
  • NBAR (1)
  • NBMA (1)
  • Off-Topic (12)
  • OSPF (18)
  • PAgP (1)
  • passive-interface (1)
  • PoE (1)
  • Port Security (1)
  • Priority (2)
  • Proxy ARP (1)
  • PVC (1)
  • QoS (2)
  • RIP (1)
  • RIPv2 (1)
  • Root Guard (1)
  • RSTP (1)
  • Show (6)
  • Software (1)
  • SONA (2)
  • SSH (2)
  • STP (5)
  • Stub Router (3)
  • summary-address (1)
  • Support (4)
  • Switch Spoofing (1)
  • TCAM (1)
  • Telnet (2)
  • Troubleshooting (1)
  • Trunk (6)
  • Unidirectional Link Detection (1)
  • VACL (3)
  • VC (1)
  • Vine (20)
  • VLAN (11)
  • VLAN Hopping (1)
  • VLSM (1)
  • VoIP (1)
  • VRRP (1)
  • VTP (4)
  • VTY (1)
  • Wireless (7)

Styled with Sawchuk

Powered by WordPressabc and K21.0-RC7

Entries Feed and Comments Feed

44 queries. 2.1320 seconds.