Friday, August 31, 2012

Configuring Windows Server 2008R2 as a Router and Default Gateway for IPv6 Networks

You can configure your  Windows Server 2008 as a default gateway for your LAN by installing Routing and Remote Access Services Role service in Network Policy and Access Servicess Role.

After the installation process has finished Configure and Enable Routing and Remote Access by choosing Custom Configuration and LAN routing option.  Right Click Routing and Remote Access and check the Ipv6 Router box on General tab(screenshot.1) and check the Enable IPv6 forwarding and Enable Default Route Advertisement boxes on IPv6 tab(screenshot.2).

Lastly we should exceute command below on our server to let itself to advertise as default gateway to clients.

netsh interface ipv6 set interface "Internal" forwarding=en advertise=en advertisedefaultroute=en



IPv6 DNS and Default Gateway Settings for DHCPv6 on Windows Server 2008R2

for DNS settings, you can use "DNS Recursive Name Server IPv6 Address List" option in Server or Scope options on Wnidows DHCP server management console.

Windows DHCPv6 server does not have option for setting Default Gateway. Instead you can use logon script by using the command below; does not include the words in brackets.

netsh interface ipv6 add dnsserver "Local Area Connection"(Interface Name) 2001:db8::99:4acd::8(Gateway IPv6 Address)

Monday, August 13, 2012

Command rejected: ........ is a dynamic port

On Cisco Catalyst series switch Port security feature can only be configured on static access ports or trunk ports. So you should set the interface switchport mode as access by using

"switchport mode access" interface configuration command.

Friday, August 10, 2012

Juniper SSG Prevent Brute Force and Dictionary Attack

Open Management Console

Under Configuration --> Admin --> Management

Configure the "Max Login Attempts" value.

Thursday, August 9, 2012

Disable SID Filtering

If you have established trust(s) between your domains and you will migrate users, preserve their SIDs and give them them security rights for resources you should disable SID filtering mechanism.

To disable SID filter quarantining for the trusting domain

Open a Command Prompt.
At the command prompt, type the following command, and then press ENTER:

Netdom trust  /domain: 
/quarantine:No /userD: /passwordD:

netdom trust  otkn.local /domain:otkn.arg /quarantine:No /UserD:otkn.local\cad /passwordD:caduserpassword


Wednesday, August 1, 2012

Securing the Cisco IOS image file

You can hide the your Routers Cisco IOS by using Cisco IOS Resilient Configuration. Users can not view IOS information by using after "Show flash" command after this configuration.  By using this property you can hide the IOS and These secure files cannot be removed by the user. No extra space is required to secure the primary Cisco IOS image file.

The Cisco IOS Resilient Configuration feature is mainly intended to speed up the recovery process.

In Global Configuration Mode, use the commands below;

 secure boot-image    'Enables Cisco IOS image resilience
 secure boot-config    'Stores a secure copy of the primary bootset in persistent storage.


 show secure bootset ' Displays the status of configuration resilience and the primary bootset filename

Note: This feature is available only on platforms that support a Personal Computer Memory Card International Association (PCMCIA) Advanced Technology Attachment (ATA) disk. There must be enough space on the storage device to accommodate at least one Cisco IOS image (two for upgrades) and a copy of the running configuration.

span.fullpost {display:none;}