Archive
Why have a routing VLAN
Here is a good example of one reason to have a routing VLAN. You may have 10.0.100.0/24 and 10.0.200.0/24 where you servers and PCs connect to. Your router has interfaces on 10.0.100 and 10.0.200, so all is good — until you need to install a sniffer or a device like a Blue Coat. The Blue Coat by default comes with 2 NICs, one for to intercept the LAN traffic and the other NIC to forward the traffic to the router.
In this setup, *without spending more money*, you can only see one of your subnets, but not both. I know you can purchase a 4-port card for the Blue Coat, but the card is approx $3000 plus tax and shipping. If you have a routing VLAN, i.e. 10.0.300.0/24, you can forward all your traffic to the 10.0.300 subnet and place your Blue Coat on the 300 subnet, then it will see all your LAN traffic. Of course, if this is a larger network, spending $3000 would be the easy fix…
Cisco IOS and ASA auto lock-out
The command to lock-out an account after X amount failed attempts:
aaa local authentication attempts max-fail 3
show aaa local user lockout
clear aaa local user lockout username bob
clear aaa local user lockout all
clear aaa local user fail-attempts user bob
One risk to using the auto-lockout is that an attacker can lockout all your valid accounts. I think a workaround would be to create account name is very abstract.
I saw the following syslog message. However I did not see any syslog messages that included a username.
Jan 11 2011 03:42:23 LAX-ASA5520 : %ASA-3-710003: TCP access denied by ACL from 10.5.5.9/60240 to inside:10.5.3.7/22
On a related syslog message, the below message will appear when there has been a failed SSH attempt.
Jan 11 2011 12:36:32 LAX-ASA5520 : %ASA-6-611102: User authentication failed: Uname: admintest
If you are not logging syslog message at level 6, you can change the level via this command:
logging message 611102 level warnings
http://fengnet.com/book/Cisco.IOS.Cookbook.2nd/I_0596527225_CHP_27_SECT_8.html
movement3 