EIGRP Passive Interface
The command of passive-interface is to restrict outgoing advertisement. For example: If your network have two routers connected to each other using EIGRP routing protocol to advertise network routes and passive interface is on, the two routers will receive their routing information fine as the hello packets are exchanged between them.
Once the passive-interface command is issued on R1's Serial0, for instance. The R1 will no longer advertise / send hello packets or receive on that interface, so the routing relationship between the two routers are broken. Meaning R2 can no longer route data to networks connected to R1 but R1 can route the data to connected network of R2.
To solve this issue, you can apply access-list and distribute-list on R1's serial0 interface. A command like below should allow R1 to receive routing updates and stay restricted in sending routing updates to R2.
R1(config)#access-list 20 deny any R1(config)#router eigrp 1 R1(config-router)#no passive-interface serial 0 R1(config-router)#distribute-list 20 out serial 0
Remember to verify your configuration and the status of the routing relationship. To do this use:
show ip eigrp neighbors
Switch - IP default-gateway
For any unsolved packets on LAN the switch will redirect those packets to configured default-gateway IP Address. For instance, it's usually set to the LAN interface of router.
SW1(config)#ip default-gateway 192.168.2.1
AAA (Authentication, Authorisation and Accounting)
AAA (Authentication, Authorisation and Accounting) is a form of network security framework. Techrepublic (2008) defines that AAA is a requirement when it comes to network security. It is a feature that allows users to authenticate them-self and only those users can access the right network resources.
In order to setup a VPN server access on the Cisco router, you will need to enable AAA. Use following statement in config t (Global configuration mode)
aaa new-modelAAA feature has now been enabled, we will need to tell the AAA to put an authentication in place to allow remote clients to have a chance to authenticate them self. Copy the following statement and enter it on the Global configuration mode:
aaa authentication ppp default localThe statement is telling the AAA to setup a authentication in place, use ppp (Point-to-Point Protocol), default means use the default authentication list, and you will get an option for local. Basically the command is telling the router to use default local user accounts for authentication, this will be used to match the client's username and password for gaining access, which I will go through later.
How to reset a Cisco router
System configuration has been modified. Save? [yes/no]: n
Proceed with reload? [confirm] yes