Cisco SSH access hardening

It is 2019 and plenty of network devices still rely on old crypto algorithms and functions. Therefore, I decided to write down some best practices for hardening SSH on Cisco routers / switches. I tested these setting on IOS-XE 16.x releases.  This article is meant as a write-down of picked security practices. You can find more technical deep-dive meaning of the commands by internet research. In fact, when it comes

Snmpwalk tricks

snmpwalk xyz.network.local snmpwalk -v1 -c community xyz.network.local … snmpget -v 2c –c community xyz.network.local … rnetstat –ix xyz.network.local Interface description   Status of Interfaces   System uptime   Interface IP addresses   Last change of interfaces   TCP connection state – who is connected on which port   Other options ifAdminStatus ifOperStatus ifPhysAddress  (mac address) ifSpeed ifType sysContact.0 sysName.0 sysLocation.0

Cisco vs. HP ProCurve VLAN switch ports

Usually, when Cisco oriented networker sets off to the HP networking world, first confusing thing is VLAN port assignment. When speaking about VLAN ports in HP world, the ports can be tagged or untagged (despite the access / trunk ports in Cisco). As you may guess, tagging means 802.1q tagging in Ethernet frames. It is important to realize that Cisco is “port-centric”, whereas Procurve is is “vlan-centric” when speaking about