IPSec Site-to-Site VPN in 10 seconds

This is a very basic configuration example for a site-to-site IPSec VPN. You should understand what the parameters mean, before you set it up for production.
Read the rest of this entry »

How to protect your network from malicious traffic

Lately I stumbled upon a Cisco 877 security hardening guide. The suggestion is to block (via source IP) private, reserved and unallocated IP ranges. I will explain why this is a bad idea and how to properly block malicious traffic. Read the rest of this entry »

Howto upgrade your stackable 3750 with limited service disruption

When you have two or more 3750 in a Stack Configuration and need to upgrade the image, you will have a long service disruption (it can take about  7 – 10 minutes, because – depending on the image – the bootloader will be upgraded too and POST tests also take their time). However, if you have a redundant configuration, you can limit the downtime to a few seconds. Read the rest of this entry »

The Cisco Wireless Controller nightmare™

We have a wireless network with about 80 APs and 2 4404 WLC’s running, however, we ran into several issue when working with the Wireless Controllers.
Read the rest of this entry »

Why disabling ICMP unreachables is a bad thing

People tend to have ICMP unreachables disabled (“no ip unreachables” under the interface configuration on Cisco IOS boxes) in their security templates. I would like to explain why this is not needed (anymore) and what disadvantages this can bring.

Read the rest of this entry »