routeprotocol.com

CCNP Enterprise Core (350-401)

  • Numbered Extended Access Control Lists

    The process for defining an extended access control list: access-list 2100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 The above configuration will permit access from 192.168.1.0/24 to 192.168.2.0/24 An extended numbered access list can have a number between 100 to 199 or 2300 to 2699 Some additional flexibility is present with extended access control lists. Greater…

  • Numbered Standard Access Control List (ACL)

    The process for defining a numbered standard access control list for the network 192.168.1.0 to be permitted and the 192.168.2.0 to be denied and logged: access-list 10 permit 192.168.1.0 0.0.0.255 access-list 10 deny 192.168.2.0 0.0.0.255 log The access-control list is applied to the inteface interface GigabitEthernet0/0 ip access-group 10 in Note the standard access control…

  • Access Control Lists (ACL)

    An access control list is an sequential list of access control entries that can perform or deny packets based on inputted matching statements. The classification begins at the lowest sequence number, and works its way down through the larger sequence numbers until a matching pattern has been found for the packet being analysed. When a…

  • MACsec

    MACsec is an IEEE 802.1AE standards based Layer 2 hop-by-hop encryption method. Traffic is encrypted on the wire between two MACsec peers and is unencrypted to process internally on the switch. It allows the switch to look for objects inside of the packet such as SGT enforcement or Quality of Service priortisation. MACsec can utilise…

  • Cisco TrustSec

    TrustSec is the next generation access-control enforcement solution developed by Cisco to address growing operational challenges regarding firewall rules and access control lists. TrustSec uses Scalable Group Tags to perform ingress tagging and egress filtering to enforce access control policy. Cisco ISE assigns Scaleable Group Tags to users or devices that have authenticated and are…

  • Cisco Identity-Based Networking Services (IBNS) 2.0

    Cisco IBNS 2.0 is an integrated solution that offers authentication, access control and user policy enforcement with a common end to end access policy that can apply to both wired and wireless networks. It is a combination of the following products: Enhanced FlexAuth Cisco Common Classification Policy Language Cisco ISE

  • Network Access Control – Enhanced Flexible Authentication (FlexAuth)

    A Cisco Switch configured with 802.1x, MAC Authentication Bypass, and WebAuth will always try 802.1x authentication first, followed by MAB, followed by WebAuth. If there is an endpoint that does not support 802.1x when it tries to connect to the network, it will need to wait for a reasonable amount of time before WebAuth is…

  • Network Access Control – Web Authentication (WebAuth)

    Endpoints that connect to the network may not have 802.1x capabilities, Web Authenticaiton can be used as a fall back similar to MAC Authentication Bypass. Endpoints are presented with a portal requesting a username and password. The username and password submitted through the web portal are sent from the switch (or wireless controller) to a…

  • Network Access Control – MAC Authentication Bypass (MAB)

    MAC Authentication Bypass is an access control technique that enables port-based access control using the MAC address of the endpoint, it is used as a fallback mechanism to 802.1x Process The switch initiates authentication by sending a EAPoL identity request message to the endpoint every 30 seconds by default. After three timeouts the switch will…

  • Network Access Control – 802.1x

    IEEE 802.1x is a standard for port-based network access control. It provides an authentication mechanism for local area networks and wireless area networks. Components 802.1x is made up of the following components: Extensible Authentication Protocol This message format and framework provides an encapsulated transport for authentication parameters EAP Method Different authentication methods can be used…