Network Security Architecture Implementation
As soon as the security policy has been defined, the next step is implementing the policy in the form of a network security design. We will discuss various security principles and design issues throughout this book. The first step to take after a security policy has been created is to translate it into procedures. These procedures are typically laid out as a set of tasks that must be completed to successfully implement the policy. These procedures upon execution result in a n..
Besides smurf and fraggle attacks, other attacks involve the use of what can be generally termed inappropriate IP addresses, both for the source IP address and destination IP address. By using inappropriate IP addresses, the attacker can remain hidden and elicit cooperation of other hosts to create a distributed denial-of-service (DDoS) attack. One of the Layer 3 security best practices is to use ACLs to filter packets whose IP addresses are not appropriate—for instance, th..
Customer Edge QoS Design Considerations
In addition to the full-mesh implication of MPLS VPNs, these considerations should be kept in mind when considering MPLS VPN CE QoS design: • Layer 2 access (link-specific) QoS design • Service-provider service-level agreements (SLA) • Enterprise-to-service provider mapping models The following sections examine these considerations in more detail. Layer 2 Access (Link-Specific) QoS Design Although MPLS VPNs are e..
Committed Access Rate (CAR) provides a useful method for policing the traffic rate through an interface. The main features of CAR are functionally similar to traffic shaping, but it also allows several extremely useful extensions. This first example shows the simplest application. We have configured CAR here to do basic rate limiting. The interface will transmit packets at an average rate of 500,000 bps, allowing bursts of 4500 bytes. If there is a burst of longer than 9000 b..
To enable HSRP Version 2, use the standby version 2 configuration command: Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface FastEthernet0/1 Router1(config-if)#standby version 2 Router1(config-if)#standby 4095 ip 10.1.1.1 &..
