Network Security Architecture Implementation
As soon as the security policy has been defined, the next step is implementing the policy in the form of a network security design. We will discuss various security principles and design issues throughout this book. The first step to take after a security policy has been created is to translate it into procedures. These procedures are typically laid out as a set of tasks that must be completed to successfully implement the policy. These procedures upon execution result in a n..
The traceroute command may be invoked from user mode, whereas the extended traceroute is only available from privileged mode. This shows the routers a packet has passed through to reach its destination. The extended traceroute test is called by entering the command without any destination. This results in the utility asking a series of questions, allowing you to change the defaults
Static NAT works just like the example in Figure 4-6, but with the IP addresses statically mapped to each other via configuration commands. With static NAT: ■ A particular Inside Local address always maps to the same Inside Global (public) IP address. ■ If used, each Outside Local address always maps to the same Outside Global (public) IP address. ■ Static NAT does not conserve public IP addresses. Although static NAT does not help with IP address conservation, sta..
Policy routing provides the capability to route a packet based on information in the packet besides the destination IP address. The policy routing configuration uses route maps to classify packets. The route-map clauses include set commands that define the route (based on setting a next-hop IP address or outgoing interface). Policy routing can also mark the IPP field, or the entire ToS byte, using the set command in a route map. When using policy routing for marking purpose..
Use the ntp max-associations configuration command to limit the number of NTP associations the router will accept: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#ntp max-associations 30 Router(config)#end Router# To prevent oversubscribing valuable router resources by NTP associations, Cisco provides the ability to limit the number of associations that a router will accept. While the ntp max-associations command..
