TekRADIUS Usage for AD Authentication
TekRADIUS is a RADIUS software which can be easily integrated with AD. I have tested on one of pc , which even it is not in the domain. But AD…
PKI Basic Flow Chart
PKI = Public Key Infrastructure(公钥基础设施) 基础设施: 就是一个普适性基础,它在一个大环境里起着基本框架的作用,,设施基本原理共通,操作简便,只要遵循基本原则,不同的实体就可以方便地使用基础设施提供的服务。 公钥基础设施: 用非对称密码算法原理和技术是实现并提供安全服务的具有通用性的安全基础设施。 公钥证书: 用户的身份与之所持有的公钥的结合,在结合之前,由一个可信任的权威机构——认证机构(CA)来证实用户的身份。然后由可信任的CA对该用户身份及对应公钥相结合的证书进行数字签名,用来证明证书的有效性。 一个PKI系统主要包括: 认证机构,证书库,密钥备份及恢复系统,证书撤销处理系统,PKI应用接口系统。 PKI主要包括四个部分: X.509格式证书,证书注销列表CRL; CA/RA操作协议; CA管理协议; CA政策制定。 密钥对产生的两种方式: 用户自己产生密钥对,然后将公钥以安全方式传给CA,该过程应保证用户公钥的可检验性和完整性(验证身份的密钥对应先产生) CA替用户产生密钥对,然后将其以安全方式传送给用户,必须保证密钥的机密性,完整性和可检验性。该方式下由于用户的私钥为CA所产生,故对CA的可信性有更高的要求。 证书签发两种方式: 离线方式发放:面对面发放,用于企业级高级证书的发放; 在线方式发放:通过Internet使用LDAP(Lightweight Directory Access Protocol ),在i500目录服务器上下载证书。 LDAP:http://www.microsoft.com/china/technet/prodtechnol/exchange/2003/insider/ldapquery.mspx 离线方式发放:…
NSM Shows License Validation Exception even with new license added in.
SRX license expired yesterday, log into support site and renewed new license and added it into SRX. But NSM still shows ‘Attack/Detector Update License Validation Exception’ ————————————————————————————————-On SRX Device, system…
Cisco Switch Radius Configuration Work With TekRADIUS AD Authentication
Cisco Switch Example Configuration: aaa authentication login default local group radius aaa authentication enable default enable group radius aaa authorization exec default local group radius radius-server host 10.9.2.4 auth-port 1812…
Troubleshooting Cisco Radius Configuration with Free Radius Server TekRadius
Configured a cisco 2960 switch to use TekRadius as radius server for authentication and authorization. Authentication part was ok, but could not let user directly get into enable mode although…
F5 Big-IP 2500 Appliance System Initial Configuration
Some Other related posts in this blog: F5 Big IP 2000s Appliance Initial Configuration F5 BigIP LTM v11.5.3 Virtual Appliance Configuration – Part 1 F5 BigIP LTM v11.5.3 Virtual Appliance…
Use your ssh key to encrypt / decrypt files
Create a file:echo ‘This is a sekret’ >/tmp/msg.txt Export public key:openssl rsa -in ~/private.pem -out /tmp/public.pub -outform PEM -pubout Encrypt file with public key (anyone can have this key):openssl rsautl…
Enable Traceoption and manually update security update on Juniper JunOS SRX
In our environment, there was having issue to use NSM push security update to one pair of Juniper SRX 240. NSM is the only method to get update from Internet…
Cisco Switchport Mode Best Practices
For Access Mode: switchport mode access switchport nonegotiate switchport access vlan 100 For Trunk Mode:switchport trunk encapsulation dot1qswitchport mode trunkswitchport nonegotiateswitchport trunk allowed vlan 10,100switchport trunk native vlan 1 The…
Basic MPLS Lab on GNS3
Topology: IOS: c3640-jk9s-mz.124-16.bin GNS3 IOS Configuration: Changed XTERM to gnome-terminal for better copy&paste feature: In GNS3 Preference , replaced xterm -T %d -e ‘telnet %h %p’ >/dev/null 2>&1 & with…
Cisco MPLS IOS for GNS3
Here are listed working IOS for MPLS LAB on GNS3: c3640-jk9s-mz.124-16 c3640-jk9s-mz.124-16a c3640-jk9o3s-mz.123-14.T7 c7200-adventerprisek9-mz.124-11.T c3725-adventerprisek9-mz.124-15.T10 Note: c3640-jk9s-mz.124-16是学习Gisco过程中最我们最常用IOS,此IOS不单单支持路由交换实验,同时还支持IPv6、VPN、VOip、MPLS-VPN 等,所以人们通常称之为全能型IOS。
BGP Command : soft-reconfiguration inbound & soft in
When you apply policy changes, they are only applied on routes that are learned after the policy changes have been enacted. This is because BGP is most frequently implemented on…