Welcome to the Dojo

Welcome to InfoTech Ninja

IT professional writing about cybersecurity, cloud & DevOps, automation, networking, and systems administration. Real-world guides for real-world problems.

#Cybersecurity #Cloud #Automation #Networking #SysAdmin

Latest Articles

Networking

Cisco IOS Static and Default Routes: AD, Floating, Null0

Working reference for static routing on Cisco IOS. The three forms (recursive next-hop, interface-only for point-to-point, fully-specified for multi-access), default routes (0.0.0.0/0), administrative distance values across sources (Connected 0, Static 1, eBGP 20, EIGRP 90, OSPF 110, IS-IS 115, RIP 120, EIGRP-external 170, iBGP 200, Unknown 255), floating static routes for backup paths (AD set higher than protocol), the permanent keyword and why you usually shouldn't use it, the Null0 trick for black-holing and for keeping summary advertisements alive in BGP, ODR for hub-and-spoke. Pitfalls: ARP pressure from recursive routes on Ethernet, floating AD set too low, wrong default-route gateway, longest-prefix-match surprises.

5 min read
Read →
Networking

Cisco IOS Legacy WAN: HDLC, PPP, Frame Relay, and PPPoA

Working reference for legacy Cisco WAN encapsulations. HDLC as the Cisco-only proprietary default with no authentication, PPP as the standards-based alternative with PAP and CHAP authentication (cross-username pattern, challenge-response hash for CHAP), PPP compression and multilink, PPPoA for DSL access. Frame Relay configuration with DLCI / LMI / map statements, the multipoint vs point-to-point sub-interface decision (sub-interfaces sidestep split-horizon issues), Frame Relay verification commands. Pitfalls: HDLC mismatch with non-Cisco peers, CHAP password mismatch, Frame Relay split-horizon on multipoint, missing Inverse ARP, DCE clocking on lab serials, LMI type mismatch.

5 min read
Read →
Networking

Cisco IOS Device Hardening: AAA, SSH, RADIUS, NTP, and Privilege

Working reference for Cisco IOS device-access hardening. The bare-minimum local-auth setup (enable secret, login local, transport input ssh, access-class on VTY, service password-encryption, security passwords min-length), SSH config (2048-bit RSA, ip ssh version 2, public-key auth via pubkey-chain), brute-force defense with login block-for, full AAA stack with RADIUS and the critical local fallback, NTP with authentication and Loopback source-interface, privilege levels vs the modern parser-view RBAC alternative, and the 10-item hardening checklist (no Telnet, weak keys, missing fallback, default communities, etc.).

5 min read
Read →
Networking

Cisco IOS Logging, SNMP, and EEM: Syslog Levels, Traps, and Automation

Working reference for Cisco IOS visibility and automation. The 8 syslog severity levels (Emergency 0 through Debug 7) and how to threshold each destination, syslog config (buffered / console / host / source-interface Loopback0 for stable identity), service timestamps log datetime msec for correlation, SNMP v2c with ACL-restricted community strings vs SNMPv3 with auth+priv security level, EEM applets for event-driven automation (syslog pattern matching, time-based cron schedules, counters), example applets for interface-down alerting and auto-saving config, and the pitfalls (console at debug, missing source-interface, community without ACL, EEM runaway loops, no timestamps).

5 min read
Read →
Networking

Cisco IOS File Management & Maintenance: Backup, Archive, Rollback

Working reference for Cisco IOS file management. The running vs startup config distinction (RAM vs NVRAM) and copy run start as the most-forgotten command, backing up to TFTP / FTP / SCP including credential setup, the file system layout (flash, nvram, system, tftp:, scp:, usbflash0), running the router itself as a TFTP server, the archive feature for automatic config snapshots with path / write-memory / time-period, configure replace for non-disruptive rollback (it computes the diff vs copy which is additive only), archive log config for audit logging with hidekeys redaction, verify /md5 for IOS image integrity, and the pitfalls (TFTP file-must-exist trap, plaintext FTP creds, insufficient flash before image upgrade).

4 min read
Read →
Networking

Cisco IOS Basic Configuration: Interfaces, Sub-interfaces, DHCP, CDP, and Banners

Working reference for baseline Cisco IOS configuration. The hostname / domain / no ip domain-lookup trio (the latter saves 20 seconds per typo), Layer 3 interfaces with description / ip address / no shutdown, sub-interfaces for router-on-a-stick with encapsulation dot1Q including the native keyword, loopback interfaces for management and router-id, the Null0 bit-bucket, clock rate / bandwidth on serial, full DHCP server config (excluded-address, pool, default-router, dns-server, lease) and ip helper-address for relay, CDP enable/disable per-interface, MOTD/login/exec banners, clock + NTP, disabling the HTTP server, and the baseline template every new router should start from.

6 min read
Read →
Networking

Cisco IOS CLI & ROMMON: Modes, Shortcuts, and Password Recovery

Working reference for the Cisco IOS command-line. The mode hierarchy (User EXEC -> Privileged EXEC -> global config -> interface/router/line config), tab-complete and command abbreviation, the navigation shortcuts (Ctrl-A/E/W/U/R), output filtering with pipe (include / exclude / begin / section / redirect), the seven ping result codes, ROMMON access via terminal break sequence, and the standard four-step password recovery procedure (confreg 0x2142 - reset - copy startup to running - enable secret - config-register 0x2102). Pitfalls: forgetting to restore config-register, break sequence not transmitting, console baud-rate mismatches in ROMMON.

5 min read
Read →
Networking

Cisco IOS IPv6: Addressing, Routing Protocols, and Tunneling

Working reference for IPv6 on Cisco IOS. The 128-bit address format and compression rules, the five address scopes (loopback ::1/128, link-local fe80::/10 - automatic on every interface, ULA fc00::/7, GUA 2000::/3, multicast ff00::/8), the ipv6 unicast-routing global enable, three ways to set an interface address (manual, EUI-64 derived from MAC, SLAAC), static routing with ipv6 route, the four IPv6 routing protocols (OSPFv3 with the IPv4-format router-id quirk, EIGRPv6 which stays shutdown by default, RIPng, MP-BGP with its activate-in-address-family pattern), tunneling options (manual, GRE, 6to4, ISATAP), and the differences from IPv4 (no NAT, no ARP - replaced by NDP - no broadcast, multiple addresses per interface). Pitfalls: forgetting ipv6 unicast-routing, EIGRPv6 shutdown by default, missing BGP activate, routing protocols using link-locals you don't expect.

8 min read
Read →