In this post we will automate the deployment of a Cisco DMVPN network. I use this as a lab for testing, but with a few tweaks you could use this to deploy a production DMVPN network. I’ve tested this in GNS3 on IOSv 15.6 routers and the Network Automation appliance from the GNS3 marketplace, with […]
Quick and Easy Junos Labs with Vagrant and VirtualBox
It’s been far too long since my last blog post, mainly due to the fact that my spare time recently has been taken up with authoring a series of courses over at Pluralsight for the Juniper JNCIA-Junos certification, which are due to be published in October this year. Anyway, with this in mind, there are […]
Junos Basics – Route Based IPSec VPN’s
Here’s how to build a simple route based IPSec VPN between two Juniper SRX gateways. With a route based VPN, there is no particular policy tied to a VPN tunnel, rather traffic is forwarded across a tunnel link based on the routing table. ie. when the route to a particular network is via a Secure […]
How to log traffic dropped by Juniper SRX firewalls
Prior to working with Juniper SRX’s my firewall experience was predominantly Check Point. Two nice features of Check Point firewalls are Smart Log and Smart View Tracker which both provide easy access to firewall log records. When I started using SRX’s one of my first questions was how do I get to view dropped traffic? […]
Junos Basics – Securing J-Web Access On Juniper EX Series Switches
In my previous Junos Basics post I covered automatic configuration archiving. In this post we’ll step through a solution to prevent unauthorised access to the J-Web GUI on EX Series switches. This solution could be modified to also restrict access on other management ports such as SSH and SNMP. First of all we need to […]
BGP Basics – modifying attributes
The previous post in this series looked at the exchange of routes between BGP peers, and this post takes this a step further by looking at two BGP attributes that can be modified to influence how a router decides which routes to place in it’s routing table – WEIGHT and LOCAL PREFERENCE Here’s our example […]
BGP Basics – advertising networks into BGP
The first post in this BGP mini-series looked at setting up BGP peering between routers. Now we’ll take things a step further and actually exchange some routing information between those peers. Here’s the network: The basic BGP config on each router looks like this: R1#sh run | s router router bgp 1 no synchronization bgp […]
BGP Basics – iBGP and eBGP peering
This is the first post in a mini-series on BGP basics, and looks at setting up internal and external BGP neighbours using loopback interfaces. The advantage loopbacks have over physical interfaces is that they are always up and reachable. iBGP configuration: The routers must be able to reach each others loopback IP’s and we don’t […]
CCNP ROUTE Study – OSPF Virtual Links
One of the golden rules of OSPF is that all areas must be connected to the backbone area 0, however sometimes this is not physically possible, and this is where Virtual Links come in. A virtual link is created through another area that is connected to area 0. To explain this, here is our network: […]
CCNP ROUTE Study – OSPF DR/BDR Elections (and how to rig them….)
When multiple OSPF routers are connected to a multi-access medium such as Ethernet, a Designated Router (DR) and a Backup Designated Router (BDR) are elected. DR’s reduce network traffic as only they maintain the complete ospf database and then send updates to the other routers on the shared network segment. The other routers become ‘slaves’ […]