Exportertransport catch memory from router to

Info icon This preview shows pages 85–98. Sign up to view the full content.

View Full Document Right Arrow Icon
Exporter:transport catch memory from router to management station for analyzing. Collector:exporte to netflow collector software.example PLIXER
Image of page 85

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ flexibel NewFlow can be extended to include information not available in earlier versions of NewFlow. Flow exporter EXPORT-1 Destination 192.168.1.23 Transport udp 9996 Export-protocol netflow-v9 Source gig 1/0 Exit Do show flow exporter EXPORT-1
Image of page 86
Cont’ Flow monitor MONITOR-1 Record netflow ipv4 original-input Exporter EXPORT-1 Exit Do show flow monitor name MONITOR-1 Do show flow monitor AND press inter
Image of page 87

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Int gig 1/0 Ip flow monitor MONITOR-1 input End Show flow monitor name MONITOR-1 cache Show flow monitor name MONITOR-1 cache format table Show flow monitor name MONITOR-1 cache sort Show flow exporter statistics
Image of page 88
Cont’ To reduce CUP utilization we can use sampler Sampler OUR-SAMPLER Description our custom sampler for NewFlow Mode deterministic 1 out-of 10 Exit Do show sampler OUR-SAMPLER Int gig 1/0 No ip flow monitor MONITOR-1 input Ip flow monitor MONITOR-1 sampler OUR-SAMLER input Exit Do show flow int gig 1/0
Image of page 89

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
16 - NAT and PAT Network address translation Port address Translation Options: NAT one-to-one dynamic:using a pool of address of translation. PAT one-to-many dynamic:using single adders for translation and replace the port when it out. NAT one-to-one STATIC:replace 10.1.0.1 to 197.200.1.2 and replace 10.1.0.2 to 197.200.1.3 PAT port forwarding STATIC:to reach two different server with the same one nated address.
Image of page 90
Cont’ Access-list 10 permit 10.1.0.0 0.0.0.255 Int gig 1/0 Ip nat outside Exit Int gig 2/0 Ip nat inside Exit Ip nat pool OUR-NAT-POOL 10.123.0.33 10.123.0.62 prefix-length 27(NAT)
Image of page 91

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Do show ip nat translation Do clear ip nat translation * No ip nat inside source list 10 pool OUR-NAT- POOL Ip nat inside source list 10 int gig1/0 overload(PAT) Do clear ip nat translation * Do show ip nat translation
Image of page 92
Cont’ Do clear ip nat translation * Ip nat inside source static 192.168.1.2 10.25.0.222 (static) Do show ip nat translaton Ip nat inside source static tcp 10.1.0.50 80 10.123.0.99 80 extendable(PAT port forwarding STATIC)
Image of page 93

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
17 - Zone-Based Firewalls ZBF ingredients Zones Inspect class maps Inspect policy maps Zone pairs Inspect service policy Application layer options App inspect class maps App inspect policy maps
Image of page 94
Cont’ Stateful filtering :When the traffic is out the router or firewall remember the state of session.to remember it used stateful database. Interfaces In the same zone by default they are allowed to forwarded packet between them By default no traffic allowed between to different zone Any traffic from Self zone to self zone allowed by default
Image of page 95

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Inspect:put the detail regarding the packet in state full database and allow it to pass through Pass:don’t put the detail regarding the packet in state full database simple allow to pass through Drop:to drop Log:to log
Image of page 96
Cont, Zone security IN Exit Zone security OUT Exit Zone security DMZ EXIT
Image of page 97

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 98
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern