Who is hogging your precious WAN bandwidth? That’s probably one of the things that you’re asking on your mind when you receive an alert about a certain WAN link has reached its full capacity. Well, you’re in luck. In newer Cisco IOS, it will allow you to enable NetFlow and Top Talkers which gives you the ability to view who are the current top talkers in your network. I really believe that the commands that I am about to show you should be part of your standard configuration on routers.
Update: New home lab for CCIE R&S v5.
As you may know, I am studying for the CCIE written and lab exam. To help with my CCIE studies, I have decided to build my own CCIE home lab. Sure, you can rent CCIE racks and there are tons of them out there. However, you don’t get the convenience of being able to turn it on and off at your own time. Another alternative of having a rack is building a GNS3 or Dynamips server to run Cisco IOS. It is a very inexpensive way to study for CCIE and it works great for other people. While Cisco uses IOU (IOS on Unix) on their troubleshooting section, they’re not running any emulators for the configuration section. That said, configuring routers and switches on a real gear will mimic the same results. Other CCIE aspirants will disagree on this logic; however, I’ve met and read forum member’s posts who
In this blog post, I will cover on how to build and configure TACACS+ on Ubuntu Server using tac_plus. While this is an old blog post, the instructions covered here are still valid in Ubuntu Server 16.04 LTS. I highly recommend that you integrate two-factor authentication (2FA) as well, which is covered here.
If you are looking for an alternative to Cisco Secure Access Control Server (ACS) and how to implement it, then you came to the right place. Since you are looking for an alternative, I think it is safe to assume that you’ve seen how much is the price tag of Cisco Secure ACS (EoS/EoL now – functionality is now on Cisco ISE) and you think it’s too expensive for your network – my quote was $17K. A lot of companies do not have a budget for something like that. The Great Recession also didn’t help since a lot more companies are tightening their belt, especially in IT projects and that’s not something new.
Having said all of that, how can Network Engineers harden the networking devices that is also cost efficient? Well, let’s thank Cisco for that by releasing the source code of TACACS+ back in the day and of course the open source community.
The source can still be downloaded from Cisco’s FTP site. Cisco has not updated this source code for probably more than a decade but Open Source community has made some changes to it so features may be better than the source code. However, if you’re just looking for a simple AAA (Authentication Authorization Accounting) then tac_plus will be fine. This is actually one of the topics in a Cisco Press book called Network Administrators Survival Guide.
I talked about tac_plus here which talks about how to build and configure TACACS+ server. In this blog post, I will cover how to configure AAA on Cisco routers and switches that worked in conjunction with the tac_plus covered in the previous blog.
Backup Local Account
I think the first important step before enabling AAA on Cisco routers and switches is to create a backup local account. Though, one could also configure the device to just use the enable secret as a way to log in. I personally prefer the local account.
username backup password strongpassword
Let’s start by welcoming you to my little space on the Internet!
Having my own domain name has been on my mind for more than a decade, but I didn’t really have a reason to register one and build my own site. With the big growth of blogs, I have decided to join the bandwagon and have my own, yet another, Cisco blog.
The main purpose of this blog is to document as much as I can about my CCIE journey and to share my little knowledge about networking. While I will try to post as much as possible, I will, however, be more active in posting short information about my CCIE journey and what my current projects are on my Twitter page. Occasionally, I will write about Linux related posts that are useful for network management, monitoring, etc. I will occasionally write about my geeky home projects.
Hopefully, this blog site will be able to share valuable information to my fellow Cisconians! Happy networking!
NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.