How Does Internet Work

In short RADIUS means Remote Authentication Dial-In User Service server or proxy.  Is used for centralised accounting, authorisation and most of all, authentication. This technology will help you control who will be able to connect to your network and who will not be granted the access.

It can control the access for all sorts of networks, wireless, VPN, dial-up, direct device to device like router to router connections, basically wherever you put it the middle of communication he can do the control.

There is also RADIUS proxy configuration where proxy only receives and accepts the connection requests but for the decision making it will be connected to other server who will do the RADIUS role.

There are two major ways to deploy radius server and that are:

• Deployment of FreeRADIUS server on UNIX servers. This is by many network engineers basically a best daemon which implements radius protocol and makes your UNIX server a RADIUS enabled server.
• Deployment of IAS role – Internet Authentication Service on Windows Server machine will allow you to make your Windows Server machine respond to RADIUS requests and act as a real RADIUS server. It includes some AD stuff implemented in so it will be able to authenticate the users from Active Directory domain. Which is his biggest advantage over UNIX deployment of course if you have AD deployed in you organization, and you have surely.

RADIUS server connects to user account database which is Active Directory in Windows Server or some normal user database in UNIX. Can be normal SQL table with users in it and can checks access credentials. If the user is authorized to access some network that is secured with RADIUS, he will authorize the access for that user and writes a log of the user entrance to the network.

Components of a RADIUS infrastructure

As you will see here, there are two kinds of IPv6 address autoconfiguration. One of them is the old and well know way to automatically configure IP address from IPv4 world, DHCP. The other way to make the autoconfiguration in IPv6 world in a new, and really interesting way, as it leaves the hosts the ability to make the autoconfiguration by themselves without the need to communicate to anybody else on the network.

IPv6 is meant for various purposes but one main purpose it serves is that it makes the life of the network administrators easier, especially when it comes to dealing with vast address space provided by IPv6. IPv6 address number is fairly bigger than IPv4. In order to make things work out of the box, automatic address configuration was created.

As a result, an IPv6 host can configure for itself complete or part of the address settings automatically, which depends on the type and method it uses for autoconfiguration. The method types include:

• Stateful autoconfiguration
• Stateless autoconfiguration using EUI-64 addressing process (SLAAC)

Policy-Based Routing Configuration

Here we will show different examples on how to configure specific PBR types:

• Enabling PBR on the Router
• Fast-Switched PBR
• Local PBR
• CEF-Switched PBR

Enabling PBR

This command will define that the router will use PBR and that the PBR will use route-map named TEST.

R1(config)# route-map TEST permit 10

About Policy-Based Routing

Policy-Based Routing – PBR gives you very simple way of controlling where packets will be forwarded before they enter in the destination-based routing process of the router.

It’s a technology that gives you more control over network traffic flow because you will not always want to send certain packets by the obvious shortest path. That is the job of routing protocol. If you want to send some traffic to the destination using some other path, you will need to use a method that will catch the packet as soon as they enter into router and decides where to send packets before they enter destination-based routing process. That’s Policy-Based routing all about.

This will be a short Reverse Proxy Caching Overview that will explain what proxy is and what is reverse proxy all about.

Normal proxy cache topology is one where the server called proxy server will be some kind of intermediate device between client and server. Proxy will receive all requests from clients and it will forward those requests to servers. The clients will think that the proxy is really the server with the content and the server will think that the Proxy is really the client asking for some resources. Proxy server is used to intercept the communication from client and evaluate the request or control the request for security reasons. On other side clients are sometimes using proxy servers to hide their identity and location because server will only see the location and IP address of proxy server and it will think that that is really the client.

We can say, normal proxy is when proxy server is proxy for clients.

In the reverse proxy, the reverse proxy server acts as a proxy for the server.

Reverse proxy is used for replication of content to different far locations and in other case for replication of content for load balancing.

What is Wildcard Masking?

Wildcard mask is like any other computer IP address basically a group od zeroes and ones (o and 1). To be short, in wildcard mask all number one (1) mean “I don’t care about that position”, and all zeroes (0) mean “I care about that position in binary address”. Let’s take an example where Access list with wildcardmask will be able to deny fourth subnet and alow next four and so on for all /24 subnets of 192.168.0.0/16 supernetwork.

In the access-list we put an  0.0.0.0 255.255.251.255 network;

We know that 255 means 1111 1111 in binary.
We know that 251 means 1111 1011 in binary.

In the 0.0.0.0 255.255.251.255 line we could change 0.0.0.0 to any other kind of 1.1.0.1 23.23.0.33 because in this situation our ACL will not care about the bits in the first, second and last octet. We could write 192.168.0.0 it will fit in our example.

One more thing to make myself more clear. If we use deny 192.168.0.0 255.255.251.255 in ACL, this ACL will not filter only 192.168.0.0/16 network, but every network in the whole 32bit range from 0.0.0.0 to 255.255.255.255 in which third octet has an zero (0) in 6th position. To filter only those subnets that are part of 192.168.0.0/16 supernet we would need to use deny 192.168.0.0 0.0.251.255 because in that way we will say that we care about first and second octet of the address.

Example:

Cisco device will not send log messages to your terminal session by default. That means that you will see log messages in putty only if you are connected to console port but if you connect with telnet or SSH you will not get log messages. Here’s how to resolve this: