Today I am going to write about how to turn your Juniper SRX onto a DHCP server. It is quite easy and quick.
root@srx100-01> configure
Entering configuration mode
[edit]
root@srx100-01# set system services dhcp router 192.168.1.1
root@srx100-01#set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2
root@srx100-01#set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254
root@srx100-01#set system services dhcp propagate-settings fe-0/0/0.0
root@srx100-01#set interfaces fe-0/0/0 unit 0 family inet dhcp
root@srx100-01#set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services dhcp
Monday, 20 May 2013
Saturday, 18 May 2013
Setting up Bind DNS for your Network (Red Hat/Centos)
I just bought a new domain for me and I am going through the process of setting up my own DNS server. I want to share with you the experience and also the knowledge.
Package Requirements
bind
bind-libs
bind-utils
Install all packages
[root@centos63 named]yum install bind bind-libs bind-utils -y
Make sure Bind starts at boot time
[root@centos63 named]# chkconfig --level 2345 named on
Note: On Red Hat based systems Bind damon is called named.
Configuring Bind
My domain name is e-networks.co.uk and this is domain I will use as an example.
The Server IP address will be: 192.168.1.34
Configure /etc/named.cof
[root@centos63 named]# cd /etc
[root@centos63 named]# mv named.conf named.back
##################################################################################################
[root@centos63 named]# vi named.conf
Note: Add the lines below
# This file is the main config for e-networks.co.uk domain
options {
listen-on { 192.168.1.34; }; //Change it to your servers IP address
version "This is not a public Server";
directory "/var/named";
pid-file "/var/run/named/pid";
hostname "centos63.e-networks.co.uk"; //Change it to your Servers name and domain
notify yes;
forward first; // the default
fetch-glue no; // only fetches requested records, not everything
// DNS server for your ISP, its IP address should be set below,
// This will make you resolution faster by using its cache.
forwarders {
194.168.4.100; // this IP is for NTL resolver 1 (change it to your ISP Nameserver)
194.168.8.100; // This IP is for NTL resolver 2 (change it to your ISP Nameserver)
};
/*
* Uncomment the line below if you or the name servers are behind a firewall
*/
// query-source address * port 53;
/*
* If running in a chroot, you will need to specify a different
* folder to save the dump files.
*/
// dump-file "s/named_dump.db";
// SORT LIST
sortlist { { localhost; localnets; };
{ localnets; };
};
};
// SECONDARY ZONES
// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
zone "." {
type hint;
file "named.root";
};
zone "e-networks.co.uk" { // change it to your domain name
type master;
allow-update { 192.168.1.0/24; }; // change it to your IP range or any server you wish to allow updates
allow-transfer { 192.168.1.0/24; }; // change it to your IP range or any server you wish to allow transfers
notify yes;
file "e-networks.co.uk"; // change it to you domain name
};
zone "localhost" {
type master;
file "named.localhost";
allow-transfer { localhost; };
notify no;
};
# reverse zones
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
zone "1.168.192.in-addr.arpa" { // Change it to to match your network or range assigned to you
type master;
file "1.168.192.in-addr.arpa"; // Change it to to match your network or range assigned to you
allow-update { 192.168.1.0/24; }; // change it to your IP range or any server you wish to allow updates
allow-transfer { 192.168.1.0/24; }; // change it to your IP range or any server you wish to allow transfers
};
###################################################################################
[root@centos63 named]# cd /var/named
[root@centos63 named]# mv named.localhost named.localhost.bak
[root@centos63 named]# vi e-network.co.uk
Note: Add the lines below
$TTL 3600
e-networks.co.uk. IN SOA centos63.e-networks.co.uk. root.centos63.e-networks.co.uk. (
2013051801 ; Serial YYYYMMDDnn
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
; DNS Servers
@ IN NS centos63.e-networks.co.uk.
; Machine Names
localhost IN A 127.0.0.1
centos63 IN A 192.168.1.34
; mail server (use this if you have a mail server running)
mail IN A 192.168.1.34
@ IN A 192.168.1.34
; Aliases (use this if you have a web server here, www.e-networks.co.uk.)
www IN CNAME @
; MX Record (use this if you have a mail server running)
@ IN MX 10 mail.e-networks.co.uk.
#########################################################################################
[root@centos63 named]# vi named.localhost
Note: Add the lines below
$ORIGIN localhost.
$TTL 6h
@ IN SOA localhost. postmaster.localhost. (
1 ; serial
3600 ; refresh
1800 ; retry
604800 ; expiration
3600 ) ; minimum
IN NS localhost.
IN A 127.0.0.1
##########################################################################################
[root@centos63 named]# vi localhost.rev
Note: Add the lines below
$TTL 3600
@ IN SOA centos63.e-networks.co.uk. root.centos63.e-networks.co.uk. (
2013051801 ; Serial YYYYMMDDnn
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS centos63.e-networks.co.uk.
1 IN PTR localhost.e-networks.co.uk.
##########################################################################################
[root@centos63 named]# vi 1.168.192.in-addr.arpa
Note: Add the lines below
$TTL 3600
@ IN SOA centos63.e-networks.co.uk. root.centos63.e-networks.co.uk. (
2013051801 ; Serial YYYYMMDDnn
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS centos63.e-networks.co.uk.
1 IN PTR centos63.e-networks.co.uk.
##########################################################################################
[root@centos63 named]# vi named.root
Note: Add the lines below
# This is the named.root file for all Root Name Servers
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of File
##########################################################################################
Reminder:
1. Change the forwarders
2. Change the line: "listen on"
3. Change the line "hostname"
4. Change the zone "e-networks"
5. Change the line "Allow updates"
6. Change the line "Allow transfers"
7. Change the line "1.168.192.in-addr.arpa"
8. Change the line "Allow updates"
9. Change the line "Allow transfers"
Remember when Creating the files to represent the zones, make sure you also change the names
to suit your environment.
Review the whole configuration and double check for typos and names.
Starting DNS
[root@centos63 named]# service named start
Note: If the named service does not start check for errors on /var/log/messages
[root@centos63 named]# tail /var/log/messages
Check if the named service is running
[root@centos63 named]# ps -eaf | grep named
named 1061 1 0 07:49 ? 00:00:00 /usr/sbin/named -u named
root 1471 1415 0 08:23 pts/0 00:00:00 grep named
Last Note
When you start the named service for the first type the script will try and generate the rndc.key for your server. This will take some time.
I hope you enjoy folks
by Renato de Oliveira
Package Requirements
bind
bind-libs
bind-utils
Install all packages
[root@centos63 named]yum install bind bind-libs bind-utils -y
Make sure Bind starts at boot time
[root@centos63 named]# chkconfig --level 2345 named on
Note: On Red Hat based systems Bind damon is called named.
Configuring Bind
My domain name is e-networks.co.uk and this is domain I will use as an example.
The Server IP address will be: 192.168.1.34
Configure /etc/named.cof
[root@centos63 named]# cd /etc
[root@centos63 named]# mv named.conf named.back
##################################################################################################
[root@centos63 named]# vi named.conf
Note: Add the lines below
# This file is the main config for e-networks.co.uk domain
options {
listen-on { 192.168.1.34; }; //Change it to your servers IP address
version "This is not a public Server";
directory "/var/named";
pid-file "/var/run/named/pid";
hostname "centos63.e-networks.co.uk"; //Change it to your Servers name and domain
notify yes;
forward first; // the default
fetch-glue no; // only fetches requested records, not everything
// DNS server for your ISP, its IP address should be set below,
// This will make you resolution faster by using its cache.
forwarders {
194.168.4.100; // this IP is for NTL resolver 1 (change it to your ISP Nameserver)
194.168.8.100; // This IP is for NTL resolver 2 (change it to your ISP Nameserver)
};
/*
* Uncomment the line below if you or the name servers are behind a firewall
*/
// query-source address * port 53;
/*
* If running in a chroot, you will need to specify a different
* folder to save the dump files.
*/
// dump-file "s/named_dump.db";
// SORT LIST
sortlist { { localhost; localnets; };
{ localnets; };
};
};
// SECONDARY ZONES
// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
zone "." {
type hint;
file "named.root";
};
zone "e-networks.co.uk" { // change it to your domain name
type master;
allow-update { 192.168.1.0/24; }; // change it to your IP range or any server you wish to allow updates
allow-transfer { 192.168.1.0/24; }; // change it to your IP range or any server you wish to allow transfers
notify yes;
file "e-networks.co.uk"; // change it to you domain name
};
zone "localhost" {
type master;
file "named.localhost";
allow-transfer { localhost; };
notify no;
};
# reverse zones
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
zone "1.168.192.in-addr.arpa" { // Change it to to match your network or range assigned to you
type master;
file "1.168.192.in-addr.arpa"; // Change it to to match your network or range assigned to you
allow-update { 192.168.1.0/24; }; // change it to your IP range or any server you wish to allow updates
allow-transfer { 192.168.1.0/24; }; // change it to your IP range or any server you wish to allow transfers
};
###################################################################################
[root@centos63 named]# cd /var/named
[root@centos63 named]# mv named.localhost named.localhost.bak
[root@centos63 named]# vi e-network.co.uk
Note: Add the lines below
$TTL 3600
e-networks.co.uk. IN SOA centos63.e-networks.co.uk. root.centos63.e-networks.co.uk. (
2013051801 ; Serial YYYYMMDDnn
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
; DNS Servers
@ IN NS centos63.e-networks.co.uk.
; Machine Names
localhost IN A 127.0.0.1
centos63 IN A 192.168.1.34
; mail server (use this if you have a mail server running)
mail IN A 192.168.1.34
@ IN A 192.168.1.34
; Aliases (use this if you have a web server here, www.e-networks.co.uk.)
www IN CNAME @
; MX Record (use this if you have a mail server running)
@ IN MX 10 mail.e-networks.co.uk.
#########################################################################################
[root@centos63 named]# vi named.localhost
Note: Add the lines below
$ORIGIN localhost.
$TTL 6h
@ IN SOA localhost. postmaster.localhost. (
1 ; serial
3600 ; refresh
1800 ; retry
604800 ; expiration
3600 ) ; minimum
IN NS localhost.
IN A 127.0.0.1
##########################################################################################
[root@centos63 named]# vi localhost.rev
Note: Add the lines below
$TTL 3600
@ IN SOA centos63.e-networks.co.uk. root.centos63.e-networks.co.uk. (
2013051801 ; Serial YYYYMMDDnn
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS centos63.e-networks.co.uk.
1 IN PTR localhost.e-networks.co.uk.
##########################################################################################
[root@centos63 named]# vi 1.168.192.in-addr.arpa
Note: Add the lines below
$TTL 3600
@ IN SOA centos63.e-networks.co.uk. root.centos63.e-networks.co.uk. (
2013051801 ; Serial YYYYMMDDnn
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS centos63.e-networks.co.uk.
1 IN PTR centos63.e-networks.co.uk.
##########################################################################################
[root@centos63 named]# vi named.root
Note: Add the lines below
# This is the named.root file for all Root Name Servers
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of File
##########################################################################################
Reminder:
1. Change the forwarders
2. Change the line: "listen on"
3. Change the line "hostname"
4. Change the zone "e-networks"
5. Change the line "Allow updates"
6. Change the line "Allow transfers"
7. Change the line "1.168.192.in-addr.arpa"
8. Change the line "Allow updates"
9. Change the line "Allow transfers"
Remember when Creating the files to represent the zones, make sure you also change the names
to suit your environment.
Review the whole configuration and double check for typos and names.
Starting DNS
[root@centos63 named]# service named start
Note: If the named service does not start check for errors on /var/log/messages
[root@centos63 named]# tail /var/log/messages
Check if the named service is running
[root@centos63 named]# ps -eaf | grep named
named 1061 1 0 07:49 ? 00:00:00 /usr/sbin/named -u named
root 1471 1415 0 08:23 pts/0 00:00:00 grep named
Last Note
When you start the named service for the first type the script will try and generate the rndc.key for your server. This will take some time.
I hope you enjoy folks
by Renato de Oliveira
Thursday, 16 May 2013
Data Center Design (A new Look)
I have Built a New Data Centre for the company I work for and I am going to give you some insight on the design and the cool look I gave to it.
I had literally 2 months to build a whole new Data Centre, but even with the time constraints I manage to deliver it on time and it is not only beautiful, but it has great features and as far as I am concerned ticks all the boxes.
Some of the requirements to meet:
See some picture below:
Below you can see the front is all glass pannels, there are seven Server Racks in total. At the front of the racks you can see there are three glass panels on the floor, and under the each pannel there is a light which is remote controlled and changes colours (it is currently in blue).
On each side of the room we have a 14Kwatts Air-con at the back we have a heat extraction system, to extract the heat generated by all the servers.
Below you can see I have used a 20KVA UPS for holding the servers, and there is a by-bass just in case we need to maintain the UPS.
I have a smaller UPS 10KVA for Comms equipment, the air-cons are also UPS protected.
I had literally 2 months to build a whole new Data Centre, but even with the time constraints I manage to deliver it on time and it is not only beautiful, but it has great features and as far as I am concerned ticks all the boxes.
Some of the requirements to meet:
- It must look presenteable to customers
- It must have space for growth
- It must have the cooling capacity for existing heating load and future growth
- It must have the power capacity for existing load and future growth
See some picture below:
Below you can see the front is all glass pannels, there are seven Server Racks in total. At the front of the racks you can see there are three glass panels on the floor, and under the each pannel there is a light which is remote controlled and changes colours (it is currently in blue).
On each side of the room we have a 14Kwatts Air-con at the back we have a heat extraction system, to extract the heat generated by all the servers.
Below you can see I have used a 20KVA UPS for holding the servers, and there is a by-bass just in case we need to maintain the UPS.
I have a smaller UPS 10KVA for Comms equipment, the air-cons are also UPS protected.
The comms racks at at the back and they host all switches, patch pannels and firewalls.
The links between the server cabinets and the patch pannels are two looms of 24 CAT6a cables for each rack, one at the top and another at the bottom.
I paid a lot of attention to the detail, functionality and also to easy of maintenance.
I'll take some pictures of the patch pannel to show you another time.
If you need help with your Data Center or Server Room, I can help you with ideas.
Renato Oliveira
Wednesday, 15 May 2013
Setting up DFS (Distributed File System) on Windows 2008 R2
I think DFS is one of the best product Microsoft has. The possibilities are just imense.
If you need a global, distributed file system with high availibility DFS is for you. You can share a folder and make it high available across the WAN. It is simple to set up, easy to use and very quick to replicate.
Today I am going to show you how to set it up. I am going to have a text version and once I have a bit more time I will give you a screenshot version.
I have two Windows 2008 R2 servers, one as my domain controller and a second one just as a member server.
You will need to install DFS Role on two servers, otherwise you won't be able to configure it.
Installing DFS (Follow these steps on both Servers)
Configuring DFS Role and Namespace
This will give you a full DFS system with two servers, source and destination fully working.
There are some extra details, which need configuring, I will describe them later, keep posted.
by Renato Oliveira
If you need a global, distributed file system with high availibility DFS is for you. You can share a folder and make it high available across the WAN. It is simple to set up, easy to use and very quick to replicate.
Today I am going to show you how to set it up. I am going to have a text version and once I have a bit more time I will give you a screenshot version.
I have two Windows 2008 R2 servers, one as my domain controller and a second one just as a member server.
You will need to install DFS Role on two servers, otherwise you won't be able to configure it.
Installing DFS (Follow these steps on both Servers)
- Click on [Start]
- Click on "Administrative Tools"
- Click on "Server Manager"
- Click on "Roles"
- Click on "Add Roles"
- Click on <Next>
- Select "File Services" then click on <Next>
- Click on <Next> once again
- Tick the boxes:
- File Server
- Distributed File System
- DFS Namespace
- DFS Replication
- After selecting the options above, click on <Next>
- Select "Create a namespace later" and click <Next>
- Click "Intall"
- Once the installation has been complete, click on <Close>
Configuring DFS Role and Namespace
- Click on [Start]
- Click on "Administrative Tools"
- Click on "DFS Management"
- Click on "Replication"
- Click on "New Replication Group..."
- Select the option "Replication Group for data collection" and click on <Next>
- Within the field "Name of replication group" type a descriptive name i.e: MyReplication
- Within the field "Domain" type in your Windows domain name i.e: linuxad.int
- Click on <Next>
- Type in the destination server name i.e.: dfsrep01.linuxad.int
- Note: Remember that the DFS role needs to be installed on the destination server.
- Replace the server name with the name of your source server.
- Click on <Next>
- On "Replicated Folders" screen, click on [Add...]
- Choose the folder you wish to replicate for example: "C:\Data", then click on [OK]
- Click on <Next>
- Type in the destination Server Name i.e: dfsrep02.linuxad.int
- Note: Remember that the DFS role needs to be installed on the destination server.
- Replace the server name with the name of your source server.
- Click on <Next>
- Choose the destination foder for the replication data for example: "C:\Data", then click on <Next>
- Click on "Replicate Continuously using the specified bandwidth".
- Leave it in [Full] and click <Next>
- Click on [Create]
- then click on [OK]
This will give you a full DFS system with two servers, source and destination fully working.
There are some extra details, which need configuring, I will describe them later, keep posted.
by Renato Oliveira
Saturday, 4 May 2013
Retaking CCNA
Studying for CCNA
OSI Model
7
Layers (7 - Application, 6 - Presentation, 5 - Session, 4 - Transport, 3 -
Network, 2 - Data Link, 1 - Physical)
Differences between
HUB and Switch
HUB
= 1 Single Collision Domain
HUB
= 1 Single Broadcast domain
HUB
= Half Duplex
HUB
= Works at the Physical layer of the OSI model, sends signals
Switches
= each port is a separate collision domain
Switches
= have a single Broadcast domain if no VLANs are configured
Switches
= Full Duplex
Switches
uses ASICS chips allows
Switches
= Creates a CAM (Content Accessible Memory) table where all MAC addresses is
stored
Switches
work at the Data Link Layer of the OSI model sends phases
Type of Communications
Unicast
= One to one communication between source and destination
Broadcast
= A communication which is sent to all devices connected to a Network segment
Multicast
= A communication which is sent to a group of devices
ARP (Address Resolution Protocol) =
Broadcast message
Connecting to switch
to configure
Open
putty
Click
on "Serial"
Connection
Settings
Baud
Rate = 9600
Data
Bits: 8
Parity:
none
Stop
bit: 1
Flo
Control: none
Cisco Command modes:
User
EXEC mode - Switch - > (BAsic mode)
Enable
- Privileged EXEC mode - switch# (Full access)
Config
terminal - Global Configuration Mode – Switch (config)# (Full Configuration
Mode)
Configure Cisco Switch
Setup switch name:
# hostname
switch1
Set Switch's IP address for Management
You
need to setup the IP for the default VLAN, or VLAN interface 1
# interface
vlan 1
# ip
address 192.168.1.1 255.255.255.0
# no
shutdown
Setup default gateway at Global Config
Mode
# ip
default-gateway 192.168.1.1
Saving Configuration
# copy
running-config startup-config
How to show the version of IOS running
# show
version
Protecting User Privileged mode
Note: this is not secure
# enable
password cisco123
# enable
secret cisco1234
Note: this password is
encrypted within the configuration file
If
you have enable password and enable secret, enable secret will override enable
password
If you have enable password set, just
remove it with
# no enable
password
Password protect your Console mode
# line
console 0
# password
cisco123
# login
Set password for telnet
# line vty
0 4
# login
# password
cisco123
# service
password-encryption (to encrypt all passwords)
# banner
motd C
#################
Private
#################
C
Setup SSH
# username
renato password cisco1234
# ip
domain-name e-networks4real.co.uk
# crypto
key generate rsa 1024
# ip ssh
version 2
# line vty
0 4
# transport
input ssh
Port Security
How
many devices can be plugged onto each port? If anyone plugs a different device
port is disabled
# Show ip
interface brief
How to show all messages displayed on
the terminal
# Terminal
monitor
MAC address security
#
switchport mode access
#
switchport port-security
#
switchport port-security maximum 1
#
switchport port-security violation
#
interface fastEthernet 0
# show
port-security interface fastethernet <port>
Duplex mismatch
# interface
fastethernet 0/2
# speed 100
# duplex
full
Fixing console text wrapping
# line
console 0
# logging
synchronous
# line vty
0 4
# logging
synchronous
Setting IDLE time
# line console
0
#
exec-timeout 30 0
# line
vty 0 4
#
exec-timeout 30 0
Fixing Domain resolution annoying
problem
# no ip
domain-lookup
Troubleshooting Cisco Switches
# Show ip
interface brief
# show
interface fastEthernet 0/2
tx
load = Sending data
rx
load = receiving data
5
min input rate
5
min output rate
High
level of broadcast is considered to be 20%
Runt
is a packet considered to be too small
Late
collision means the cable length is greater than 100M
Check
for duplex mismatch
# show run
Type of Wireless
Networks
PAN
- Personal Area Network
LAN
- Local Area Network
MAN
- Metropolitan Area Network
WAN
- Wide Area Network
Wireless
is shared and Half-Duplex
The
more people connected the less Bandwidth available
Uses
Unlicensed BANDS of Radio Frequency (RF)
WIFI
operates at the Physical and Data Link layer of OSI model
WIFI
uses CSMA/CA (Carrier Sense Multiple Access/Collision Avoidence
Interference
is a problem and causes connectivity issues
WIFI Frequencies
·
900MHZ Range - 902 - 928
·
2.4-6GHz Range - 2.400 - 2.483
·
5-gGHz Range - 5.150 to 5350
The
lower Frequency the bigger is the range but the bandwidth is also low
Higher
frequency supports higher data rate
WiFi Standards
802.11B
1999
Up
to 11Mbps
2.45GHz
Three
channels
802.11A 1999
Up
to 54Mbps
5.8GHz
12 -
23 Channels
802.11G
2003
54Mbps
2.4GHz
Three
channels
802.11N
100+Mbps
using MIMO and multiple antenas
WIFI Channels
Range of Frequencies
The
channel defines a section of the 2.4GHz range of frequency
If
AP are in the same channel they will cause conflict and
802.11B
3 Clean Channels
802.11A
up to 23 Channels considered Clean or not overlapping
300Feet
without obstructions on the way
ITU-R
IEEE
WI-FI
Alliance
WIFI Security
Remember
it is an open door to the world
Authentication
Encryption
Intrusion
Prevention System
Pre-shared
key WEP (Use the same key)
Pre-shared
keys WPA1 using encryption methot called TKIP
WPA
and 802.1x Authentication (standard to request username and
Password
or pass-through to a server for checking the credentials)
WPA2
(802.11I) and 802.1x
SSID
(Service Set Identifier)
* Multiple
SSIDs
*
Used for public
*
used for internal or private
RF
10-15% overlaps in your frequency area
Repeaters
should have around 50%
BSS
Basic Service Set (Roaming with service drop)
ESS
Extended Service Set (Roaming without service loss)
Setting up redundant links
We
need to use spanning tree protocol
Ports
Well
known ports are 1-1023
A
socket is a combination of an IP address plus a port number:
192.168.20.22:80
Clients
use ramdon ports above 1024 as their source ports for example:
192.168.33:55667
Important Port
Numbers
20:
FTP
21:
FTP
22:
SSH
23:
TELNET
25:
SMTP
53:
DNS
80:
HTTP
110:
POP3
443:
HTTPS
69:
TFTP
Subscribe to:
Posts (Atom)