Monday, 27 October 2014

Install And Configure Nagios on Ubuntu 14.04 LTS



 Install And Configure Nagios

Nagios is an open source software that can be used for network and infrastructure monitoring. Nagios will monitor servers, switches, applications and services. It alerts the System Administrator when something goes wrong and also alerts back when the issues has been rectified.
Using Nagios, you can:
  • Monitor your entire IT infrastructure.
  • Identify problems before they occur.
  • Know immediately when problems arise.
  • Share availability data with stakeholders.
  • Detect security breaches.
  • Plan and budget for IT upgrades.
  • Reduce downtime and business losses.

Scenario

In this tutorial i am going to use two systems as mentioned below.

Nagios server:

Operating system : Ubuntu 14.04 LTS Server
IP Address       : 192.168.0.2/24

Nagios client:

Operating System : Ubuntu 14.04 Desktop
IP Address       : 192.168.0.107/24
 

Prerequisites

Make sure your server have installed with fully working LAMP stack. If not, follow the below link to install LAMP server On Ubuntu 14.04 and earlier versions.

Install Nagios

Install nagios and nagios plugin using the following command:
sudo apt-get install nagios3 nagios-nrpe-plugin
During installation, you’ll have to answer some simple questions. First, you’ll be asked to configure your mail server to get alerts from your nagios server.
sk@server: ~_001
Select the type of mail configuration:
sk@server: ~_002
Enter the system mail name. It will be automatically selected by the installer. If not, enter it manually.
sk@server: ~_003
Enter the “nagiosadmin” password.
sk@server: ~_004

 

Re-enter the nagiosadmin password.
sk@server: ~_005

Configure Nagios

After nagios and nagios plugins installation, assign the permissions of www-data directory to nagios user, and set executable permission to the /var/lib/nagios3/ directory.
sudo usermod -a -G nagios www-data
sudo chmod -R +x /var/lib/nagios3/
By default, Nagios won’t check for external commands, just to be on the cautious side.  If you want to be able to use the CGI command interface, you will have to enable this.
To do that, edit file /etc/nagios3/nagios.cfg,
sudo nano /etc/nagios3/nagios.cfg
Find the line,
check_external_commands=0
And change it to:
check_external_commands=1
Save and close the file. Restart nagios service.
sudo /etc/init.d/nagios3 restart

Access Nagios Web console

Open up the web browser and point it to http://ip-address/nagios3. You’ll be asked to enter the username and password. Enter username as nagiosadmin and the password that you’ve created earlier.
New Tab - Mozilla Firefox_001
This is how my Nagios web console looked.
Nagios Core - Mozilla Firefox_002
Click on the Hosts section on the left pane to list of hosts being monitored.
Nagios Core - Mozilla Firefox_003
If you want to see the complete details of a monitoring hosts, click on the respective monitoring hosts in the above window.
Nagios Core - Mozilla Firefox_004
As you see in the above picture, the localhost(Nagios server) itself only is being monitored by default. We have to add the clients to monitor them now.

Add Monitoring targets

Now let us add some clients to monitor by Nagios server. To do that we have to install nrpe and nagios-plugins packages in our monitoring targets.
sudo apt-get install nagios-nrpe-server nagios-plugins

Configure Monitoring targets

Edit /etc/nagios/nrpe.cfg file,
sudo nano /etc/nagios/nrpe.cfg
Add your Nagios server ip address:
[...]
allowed_hosts=127.0.0.1 192.168.1.100
[...]
Start/Restart nrpe service as shown below.
sudo /etc/init.d/nagios-nrpe-server restart
Now, go back to your Nagios server to add the clients to be monitored through nagios server. By default, Debian based systems uses a configuration directory called /etc/nagios3/conf.d/ where nagios3-common, other packages and the local admin can dump or link all object configuration files into.
In the object configuration files, you can define hosts, host groups, contacts, contact groups, services, etc. You can split your object definitions across several config files if you wish, or keep them all in a single config file.
Ex:
cfg_file=/etc/nagios3/objects/commands.cfg
cfg_file=/etc/nagios3/objects/contacts.cfg
cfg_file=/etc/nagios3/objects/timeperiods.cfg
cfg_file=/etc/nagios3/objects/templates.cfg
Also, You can tell Nagios to process all config files (with a .cfg extension) in a particular directory by using the cfg_dir directive.
In this tutorial, I will tell Nagios to process client config files in a particular directory.
Edit /etc/nagios3/nagios.cfg file,
sudo nano /etc/nagios3/nagios.cfg
and uncomment the following line.
[...]
cfg_dir=/etc/nagios3/servers
Create a directory called servers under /etc/nagios3/ location.
sudo mkdir /etc/nagios3/servers
Create config file to the client to be monitored. In my case, I want to monitor my Ubuntu desktop which has IP address 192.168.1.100, and hostname as sk.
sudo nano /etc/nagios3/servers/clients.cfg
Add the following lines:
define host{

use                             generic-host

host_name                       sk

alias                           sk

address                         192.168.1.100

max_check_attempts              5

check_period                    24x7

notification_interval           30

notification_period             24x7

}
Save and close the file.
Here, sk is my Ubuntu 14.04 client host name, and 192.168.1.100 is the IP address of my client.
Restart nagios service.
sudo /etc/init.d/nagios3 restart
Now, open the nagios web console again in the browser and navigate to “Hosts” section in the left pane. You should see the newly added client will be visible there. Click on the host to see if there is anything wrong or alerts. Please note that you have to wait 90 seconds after any changes in your nagios server.
Nagios Core - Mozilla Firefox_005
Click on the monitoring target, you’ll get the detailed output:
Nagios Core - Mozilla Firefox_006
Like this way, you can define more clients by creating a separate config files /etc/nagios3/servers directory for each client.

Define services

We have defined the monitoring host before. Now let us add some services of the monitoring host. For example, to monitor the ssh service, add the following lines shown in red colour in the /etc/nagios3/servers/clients.cfg file.
sudo nano /etc/nagios3/servers/clients.cfg
Add the lines shown in red color:
define host{

use                             generic-host

host_name                       sk

alias                           sk

address                         192.168.1.100

max_check_attempts              5

check_period                    24x7

notification_interval           30

notification_period             24x7

}
define service {
        use                             generic-service
        host_name                       sk
        service_description             SSH
        check_command                   check_ssh
        notifications_enabled           0
        }
Save and close the file. Restart Nagios.
sudo /etc/init.d/nagios3 restart
Now log in to Nagios web console and check for the added services. Navigate to Services section, you should see the ssh service will be available there.
Nagios Core - Mozilla Firefox_007
To know more about object definitions such as Host definitions, service definitions, contact definitions and more please do visit here. This page will describe you the description and format of all nagios object definitions.
That’s it. Happy Monitoring with Nagios!

Reference Links:
For questions please refer to our Q/A forum at : http://ask.unixmen.com/
Posted by at No comments:

Wednesday, 3 September 2014

How to configure Site-Site IPSec VPN in Cisco Routers (IOS)

STEPS FOR IPSEC:-
VPN is a network which uses a shared network infrastructure (Internet) which allows a secure access between two networks or securely connects a remote user to his corporate network.
Let's check out here how to configure a Site to Site VPN using a Pre-shared Key in Cisco Routers running Cisco IOS
Let's use a Chennai- office network setup with the following:
Authentication Method: Pre-Shared Key
Hash Algorithm: SHA
Chennai Router External IP : 172.10.10.100
(Peer IP for Branch Network)
Chennai Internal Network: 172.11.1.0/24
Branch Router External IP : 10.1.1.100
(Peer IP for HQ Network)
Branch Internal Network: 10.11.2.0/24
Configuring IKE Policies
Create an IKE Policy
From the global configuration mode, create a new IKE Policy.
VPN-CH(config)# crypto isakmp policy 1
Set the Keep-Alive & Retry intervals
The default Keep-Alive time os 10 seconds and retry when the keep-alive fails is 2 seconds. If you prefer changing this value then do the following else can be ignored
VPN-CH(config-isakmp)# crypto isakmp keepalive 15 retry 3
Specify the Encryption Algorithm
I'm using 3DES encryption method here 
VPN-CH(config-isakmp)# encryption 3des
Specify the HASH Algorithm
I'm using sha hashing algorithm here
VPN-CH(config-isakmp)# hash sha
Set the Authentication Method
We are using Pre-shared key here for Authentication
VPN-CH(config-isakmp)# authentication pre-share
Set the Diffe-Hellman Group Identifier
We are using DH Group-2 (1024)
VPN-CH(config-isakmp)# group 2
Specify SA's lifetime (seconds)
Set the lifetime of the Security Associations in seconds. I'll set it for 24hrs (86400 seconds) here
VPN-CH(config-isakmp)# lifetime 86400
Set Pre-shared Key
The Authentication method we use here is the Pre-Shared key. We should now set this previously agreed shared key (don't exchange on emails. Use your phone,letters or faxes) from the global configuration mode.I'll use a simple pre-shared key "0urVpN" but use more complex key when configuring a production system.
VPN-CH(config)# crypto isakmp key 0urVpN address 10.1.1.100
where 10.1.1.100 is the Peer routers IP Address and "0urVpN" is the pre-shared key.
Define Transformation Set
We set the transformation of ESP-3DES transform and ESP-SHA-HMAC transform to Transformation set 3DES-SHA-HMAC
VPN-CH(config)# crypto ipsec transform-set 3DES-SHA-HMAC esp-3des esp-sha-hmac
VPN-CH(cfg-crypto-trans)# exit
Setup a Crypto ACL
This ACL defines the protected traffic that passes through the VPN tunnel. Customize the ACL as per your organisation needs.
VPN-CH(config)# ip access-list 101 permit ip 172.11.1.0 0.0.0.0 10.11.2.0 0.0.0.0
Create an IPSec Map
Create an IPSec Crypto Map and assign it a Sequence number
VPN-CH(config)# crypto map HQ-BR1-MAP 2 ipsec-isakmp
where 2 is the sequence number and CH-BR1-MAP is the nameof the map.
Set the Network traffic to be protected
Here use the extended ACl created earlier to define the traffic that is protected and passed through the tunnel.
VPN-CH(config-crypto-map)# match address 101
where 101 is the Extended ACL
Set the Peer Address
VPN-CH(config-crypto-map)# set peer 10.1.1.100
Set Transform Set
VPN-CH(config-crypto-map)# set 3DES-SHA-HMAC
Set Perfect Forwarding Secret
VPN-CH(config-crypto-map)# set pfs group 2
Apply Crypto Map to the external Interface
VPN-CH(config)# int fa0/0
VPN-CH(config-if)# crypto map HQ-BR1-MAP
Allow inbound IPSec traffic from the Peer on the external interface
VPN-CH(config)# ip access-list 102 permit udp host 10.1.1.100 any eq isakmp
VPN-CH(config)# ip access-list 102 permit esp host 10.1.1.100 any
That completes the configuration on the Cisco Router at the HQ. Repeat the procedure with only changing
1. The Peer IP in the steps for setting the Pre-shared Key & setting Peer.
2. Modify the ACLs for the protected networks
3. Inbound ACL to allow incoming traffic from peer
To verify the configs, use the following show commands:
Display Crypto IKE Policy
VPN-CH# show crypto isakmp policy
Display Crypto Transform Set
VPN-CH# show crypto ipsec transform-set
Display Crypto Map entries
VPN-CH# show crypto map
Posted by at No comments:

Thursday, 24 July 2014

HOW TO INSTALL AND CONFIGURE CISCO ASA 8.4 WITH ASDM ON GNS3



 CISCO ASA 8.4 WITH ASDM ON GNS3;

This guide shows you how to install ASDM for cisco ASA Firewall on GNS3. You will establish ASDM session from your machine to GNS3. So you will be building connection/bridge between GNS3 and PC. Note: First you will have to copy ASDM via TFTP to Firewall

Step 1:

Add a loopback adapter to Windows 7, Windows XP
To manually install the Microsoft Loopback adapter in Windows XP, follow these steps:
  • 1. Click Start, and then click Control Panel.
  • 2. If you are in Classic view, click Switch to Category View under Control Panel in the left pane.
  • 3. Double-click Printers and Other Hardware, and then click Next.
  • 4. Under See Also in the left pane, click Add Hardware, and then click Next.
  • 5. Click Yes, I have already connected the hardware, and then click Next.
  • 6. At the bottom of the list, click Add a new hardware device, and then click Next.
  • 7. Click Install the hardware that I manually select from a list, and then click Next.
  • 8. Click Network adapters, and then click Next.
  • 9. In the Manufacturer box, click Microsoft.
  • 10. In the Network Adapter box, click Microsoft Loopback Adapter, and then click Next.
  • 11. Click Finish.
To manually install the Microsoft Loopback adapter in Windows 7, follow these steps:
The key step I was missing was how to find the Hardware Wizard:
  • 1. Click the Start menu.
  • 2. Search for “cmd“.
  • 3. Right-click on “cmd” and select “Run as Administrator
  • 4. Enter “hdwwiz.exe
From that point on it’s the same approach as under Vista, i.e.:
  • 1. In the “Welcome to the Add Hardware Wizard“, click Next.
  • 2. Select “Install the hardware that I manually select from a list (Advanced)” and clickNext.
  • 3. Scroll down and select “Network adapters” and click Next.
  • 4. Select under Manufacturer “Microsoft” and then under Network Adapter “Microsoft Loopback Adapter” and click Next.
Step 2:
Restart your PC.
Step 3:
Following this guide about how to configure cisco ASA 8.4 firewall on GNS3.
Start a new Porject in GNS3 and drag/drop a ASA (8.4) firewall to the topology.
  • 1. Drag/Drop Cloud Object from Panel on the Left to the topology and right click it. Select ‘Configure‘. Select ‘C1‘ or whatever name of the object.
  • 2. Now as per following diagram. Select the loopback adapter that you added in step 1.
  •  diagram. Select the loopback adapter that you added in step 1.loopback1
  • 3. Add the adapter as per following after selecting and press OK.
    loopback2
  • 4. Drop an ethernet switch to the topology. If you don’t do this and try drawing a direct connection between Firewall and Cloud it will come up with error saying ‘Devices does not support this type of NIO. Use an ETHSW to bridge the connection to the NIO Instead.
    5. Connect both Cloud and Firewall to the Switch as picture below:
    topo
  • 6. Now start all devices in GNS and use following commands on the firewall to give it an IP address.
ciscoasa# config t
ciscoasa(config)# int gi
ciscoasa(config)# int gigabitEthernet 0
ciscoasa(config-if)# ip address 172.30.1.1 255.255.255.0
ciscoasa(config-if)# nameif management
ciscoasa(config-if)# no shut
  • 7. Now, go back to Windows 7 and open ‘Network and Sharing Centre‘, Click on Change adapter settings and Change the IP Address of the Loopback adapater as following
loopback-interface
  • 8. You will have to turn off your PC firewall. Because you will be copying ASDM to ASA firewall. If you don’t know this, stop studying networking or stop the Windows Firewall Service or if that doesn’t work then Base Filtering Service.
  • 9. Now you PC is ready to talk to firewall, lets try.
ciscoasa# ping 172.30.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.30.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/20 ms
ciscoasa#
Step 4:
  • 1. OK, Now the next step is to copy ASDM to Firewall. If you already have TFTP Server installed, cool otherwise Download and start this TFTP Application from following website: http://tftpd32.jounin.net/tftpd32_download.html
  • 2. Download ASDM from Cisco website or any other source you have. I have ASDM 6.47Download Here:
  • 3. On the TFTP application browse to the folder where you have downloaded ASDM.
  • 4. On the firewall use following command to download TFTP Image.
ciscoasa# copy tftp flash
Address or name of remote host []? 172.30.1.2
Source filename []? asdm-647.bin
Destination filename [asdm-647.bin]?
Accessing tftp://172.30.1.2/asdm-647.bin.!!!!!!!
Writing current ASDM file disk0:/asdm-647.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
17902288 bytes copied in 55.470 secs (325496 bytes/sec)
ciscoasa# config t
ciscoasa(config)# asdm image flash:asdm-647.bin
ciscoasa(config)# http server enable
ciscoasa(config)# http 172.30.1.2 255.255.255.255 management
ciscoasa(config)# username cisco password cisco privilege 15
  • 5. Using ‘wr‘ command and then reload the firewall using ‘reload‘ command
Step 5:
  • 1. Launch your browser and go to https://172.30.1.1 (Disable Proxy if you are using any)
  • 2. Download and Install ASDM App from website you browsed to.
  • 3. Launch the ASDM. Login username and password. Done!
Posted by at No comments:

Monday, 21 April 2014

How to Configure VLAN

How to Configure VLAN, STP, DTP:

  • Configure Access or Trunk links
  • Create VLAN
  • Assign VLAN membership
  • Configure Intra VLAN routing
  • Configure VTP Server
  • Make VTP Clients
  • Show STP Static
  • Configure DTP port
To complete these lab either create a topology as shown in figure:--

Advance switch configuration

PC configurations :-

DevicesIP AddressVLANConnected With
PC010.0.0.2VLAN10Switch1 on F0/1
PC120.0.0.2VLAN20Switch1 on F0/2
PC210.0.0.3VLAN10Switch2 on F0/1
PC320.0.0.3VLAN20Switch2 on F0/2
PC410.0.0.4VLAN10Switch3 on F0/1
PC520.0.0.4VLAN20Switch3 on F0/2

2960 – 24 TTL Switch 1 Configuration:-

Port Connected toVLANLINKSTATUS
F0/1 With PC0VLAN10AccessOK
F0/2 With PC1VLAN20AccessOK
Gig1/1 With RouterVLAN 10,20TrunkOK
Gig 1/2 With Switch2VLAN 10,20TrunkOK
F0/24 Witch Switch2VLAN 10,20TrunkOK

2960 – 24 TTL Switch 2 Configuration:-

F0/1 With PC0VLAN10AccessOK
F0/2 With PC1VLAN20AccessOK
Gig 1/2 With Switch1VLAN 10,20TrunkOK
Gig 1/1 With Switch3VLAN 10,20TrunkOK
F0/24 Witch Switch1VLAN 10,20TrunkBlocked
F0/23 Witch Switch3VLAN 10,20TrunkOK

2960 – 24 TTL Switch 3 Configuration:-

F0/1 With PC0VLAN10AccessOK
F0/2 With PC1VLAN20AccessOK
Gig 1/1 With Switch2VLAN 10,20TrunkOK
F0/24 Witch Switch1VLAN 10,20TrunkBlocked

Task

You are the administrator at ComputerNetworkingNotes.com. company have two department sales and management. You have given three pc for sales and three pc in management. You created two VLAN. VLAN 10 for sales and VLAN20 for management. For backup purpose you have interconnected switch with one extra connection. You have one router for intera VLAN communications.

Let's start configuration first assign IP address to all pc's
To assign IP address double click on pc and select ip configurations from desktop tab and give ip address as shown in table given above

VLAN Trunking Protocol

Configure VTP Server

We will first create a VTP Server so it can automatically propagate VLAN information to other switch. Double click on Switch1 and select CLI. Set hostname to S1 and create VTP domain name example and set password to vinita ( Remember password is case sensitive ).

 Switch 1:-

Switch>enable
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname S1
S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain example
Changing VTP domain name from NULL to example
S1(config)#vtp password Ranjith
Setting device VLAN database password to Ranjith
 

Configure VTP clients:-

Once you have created a VTP domain. Configure remaining Switch to Client mode.

Switch 2:-

Switch>enable
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname S2
S2(config)#vtp mode client
Setting device to VTP CLIENT mode.
S2(config)#vtp domain example
Changing VTP domain name from NULL to example
S2(config)#vtp password Ranjith
Setting device VLAN database password to Ranjith
S2(config)#

 Switch 3:-

Switch>enable
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname S3
S3(config)#vtp mode client
Setting device to VTP CLIENT mode.
S3(config)#vtp domain example
Changing VTP domain name from NULL to example
S3(config)#vtp password Ranjith
Setting device VLAN database password to Ranjith
S3(config)#

 

Dynamic Trunking Protocol:-

Configure DTP port

All Switch ports remain by default in access mode. Access port can not transfer the trunk frame. Change mode to trunk on all the port those are used to interconnect the switches

Switch 1 :-

S1(config)#interface fastEthernet 0/24
S1(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24,
changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24,
changed state to up
S1(config-if)#exit
S1(config)#interface gigabitEthernet 1/1
S1(config-if)#switchport mode trunk
S1(config-if)#exit
S1(config)#interface gigabitEthernet 1/2
S1(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/2,
changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/2,
changed state to up
S1(config-if)#exit
S1(config)#
 
Switch 2:-
 
S2(config)#interface gigabitEthernet 1/1
S2(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1,
changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1,
changed state to up
S2(config-if)#exit
S2(config)#interface gigabitEthernet 1/2
S2(config-if)#switchport mode trunk
S2(config-if)#exit
S2(config)#interface fastEthernet 0/23
S2(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23,
changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23,
changed state to up
S2(config-if)#exit
S2(config)#interface fastEthernet 0/24
S2(config-if)#switchport mode trunk
S2(config-if)#exit

 Switch 3:-

S3(config)#interface fastEthernet 0/24
S3(config-if)#switchport mode trunk
S3(config-if)#exit
S3(config)#interface gigabitEthernet 1/1
S3(config-if)#switchport mode trunk
S3(config-if)#exit
 

Virtual LAN (VLAN)

Create VLAN

After VTP server configuration its time to organize VLAN. We need only to create VLAN on VTP server and reset will be done by VTP Server automatically.

Switch 1 :-

S1(config)#vlan 10
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#exit
S1(config)#
 
As we have already configure VTP server in our network so we don't need 
to create VLAN on S2 or S3. We need only to associate VLAN with port.
 

Assign VLAN membership

Switch 1:-

S1(config)#interface fastEthernet 0/1
S1(config-if)#switchport access vlan 10
S1(config-if)#interface fastEthernet 0/2
S1(config-if)#switchport access vlan 20

Switch 2:-

S2(config)#interface fastEthernet 0/1
S2(config-if)#switchport access vlan 10
S2(config-if)#interface fastEthernet 0/2
S2(config-if)#switchport access vlan 20
 
 
Switch 3:-

S3(config)#interface fastEthernet 0/1
S3(config-if)#switchport access vlan 10
S3(config-if)#interface fastEthernet 0/2
S3(config-if)#switchport access vlan 20

Now we have two working vlan. To test connectivity do ping form 10.0.0.2 to 10.0.0.3 and 10.0.0.4. if you get successfully replay then you have successfully created VLAN and VTP server.

Spanning-Tree Protocol

In this configuration STP will block these ports F0/24 of S1 , F0/23 and F0/24 of S2 and F0/24 of S3 to avoid loop at layer to two. Verify those ports blocked due to STP functions 

Verify STP ports


 Switch 2:-
 
 S2#show spanning-tree active
VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     0002.174D.7794
             Cost        4
             Port        26(GigabitEthernet1/2)
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     00D0.FF08.82E1
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- ---------------------------
Fa0/1            Desg FWD 19        128.1    P2p
Fa0/2            Desg FWD 19        128.2    P2p
Fa0/23           Desg FWD 19        128.23   P2p
Fa0/24           Altn BLK 19        128.24   P2p
Gi1/1            Desg FWD 4         128.25   P2p
Gi1/2            Root FWD 4         128.26   P2p
[Output is omitted]
S2#
 
You can test STP protocols status on S1 and S3 also with
  show spanning-tree active command
 

Router on Stick

At this point of configuration you have two successfully running VLAN but they will not connect each other. To make intra VLAN communications we need to configure router . To do this double click on router and select CLI.

Configure intra VLAN:-

Router:-

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface fastEthernet 0/0
Router(config-if)#no ip address
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fastEthernet 0/0.10
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 10.0.0.1 255.0.0.0
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.20
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip address 20.0.0.1 255.0.0.0
Router(config-subif)#exit
 
To test connectivity between different vlan do ping form any pc to all 
reaming pc. it should be ping successfully. If you have error download 
this configured topology and cross check that where you have committed 
mistake.

 Configured VLAN VTP STP topology

VLAN VTP Server STP DTP command reference sheet

Switch(config)#vlan 10Creates VLAN 10 and enters VLAN configuration mode for further definitions.
Switch(config-vlan)#name SalesAssigns a name to the VLAN. The length of the name can be from 1 to 32 characters.
Switch(config-vlan)#exitApplies changes, increases the revision number by 1, and returns to global configuration mode.
Switch(config)#interface fastethernet 0/1Moves to interface configuration mode
Switch(config-if)#switchport mode accessSets the port to access mode
Switch(config-if)#switchport access vlan 10Assigns this port to VLAN 10
Switch#show vlanDisplays VLAN information
Switch#show vlan briefDisplays VLAN information in brief
Switch#show vlan id 10Displays information about VLAN 10 only
Switch#show vlan name salesDisplays information about VLAN named sales only
Switch#show interfaces vlan xDisplays interface characteristics for the specified VLAN
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]?
Delete flash:vlan.dat? [confirm]
Switch#		Removes the entire VLAN database from flash.
Make sure there is no space between the colon (:) and the characters vlan.dat. You can potentially erase the entire contents of the flash with this command if the syntax is not correct. Make sure you read the output from the switch. If you need to cancel, press ctrl+c to escape back to privileged mode:
Switch(config)#interface fastethernet 0/5Moves to interface configuration mode.
Switch(config-if)#no switchport access vlan 5Removes port from VLAN 5 and reassigns it to VLAN 1—the default VLAN.
Switch(config-if)#exitMoves to global configuration mode.
Switch(config)#no vlan 5Removes VLAN 5 from the VLAN database.
Switch#copy running-config startupconfigSaves the configuration in NVRAM
Switch(config-if) #switchport mode trunkPuts the interface into permanent trunking mode and negotiates to convert the link into a trunk link.
Switch(config)#vtp mode serverChanges the switch to VTP server mode.
Switch(config)#vtp mode clientChanges the switch to VTP client mode.
Switch(config)#vtp mode transparentChanges the switch to VTP transparent mode.
Switch(config)#no vtp modeReturns the switch to the default VTP server mode.
Switch(config)#vtp domain domain-nameConfigures the VTP domain name. The name can be from 1 to 32 characters long.
Switch(config)#vtp password passwordConfigures a VTP password
.
Switch(config)#vtp pruningEnables VTP pruning
Switch#show vtp statusDisplays general information about VTP configuration
Switch#show vtp countersDisplays the VTP counters for the switch

 

 

 

 

  

Posted by at No comments:

Monday, 24 March 2014

How To Remove GPO From System

Instructions:

 1. Click on "Start," type "regedit" in the search box and press "Enter." Once the registry opens, right-click on "Computer" at the top and select "Export." Depending on how many registry keys you have this may take a few minutes.

 2. Save the backup that you created to a removable storage device in the event that you need to access it. Click on "Start," type "regedit" in the search box and press "Enter." Click the arrow next to the primary registry key labeled "HKEY_LOCAL_MACHINE" to expand the registry key
Moves all your apps and files to new PC, Windows 7!  

3.Navigate to the "Software" folder and click on the arrow next to the folder to expand the contents. Click on the arrow next to the "Policies" folder. Scroll down to the "Microsoft" folder under "Policies," click on the folder to highlight the folder and press the "Delete" key on your keyboard. 

 4.Click on the arrow next to the "HKEY_LOCAL_MACHINE" to collapse the folders. Navigate registry key folder labeled "HKEY_CURRENT_USER" and click on the arrow to expand the folder. Locate the "Software" folder and click the arrow to expand it. Double-click the "Policies" folder, click to highlight the folder labeled "Microsoft" and delete the folder.

 5.Click the arrow to expand the "Microsoft" folder located in the "Software" folder of the "HKEY_CURRENT_USER" registry folder. Click the arrow to expand the "Windows" folder. Double-click the "CurrentVersion" folder to show "Group Policy Objects" and "Policies." Delete both of these folders.

 6.Exit the Registry Editor and restart the computer. After the computer restarts, the Domain Group Policy will no longer be in effect.


 Read more: How to Remove the Domain Group Policy From a Machine | eHow.com http://www.ehow.com/how_7824176_remove-domain-group-policy-machine.html#ixzz2DmuakdQs




       
Posted by at No comments:

Wednesday, 19 March 2014

Cisco Basic Switch configurations commands

User vs. Privileged Mode

User mode is indicated with the > next to the switch name. You can look at settings but can not make changes from user mode. In Privilege mode, indicated by the #, you can do anything. To get into privilege mode the keyword is enable.

HELP

To view all commands available from this mode type:?This will give you the list of all available commands for the switch in your current mode. You can also use the question mark after you have started typing a command. For example if you want to use a show command but you do not remember which one it is, use the ? as this will output all commands that you can use with the show command.

Configuration Mode

From privilege mode you can enter configuration mode by typing config term command you can exit configuration mode type type end or <CTL>+z

Configuration of Cisco 2960 Switch

To practically implement these command either create a simple topology on packet tracer or download this topology.
Ddownload Topology
basic switch configuration

Now click on any switch and configure it as given below
To know all available command on user exec mode type ? and press enter

In Cisco Terminal 


Switch>?
Exec commands:
    [1-99]         Session number to resume
    connect        Open a terminal connection
    disconnect     Disconnect an existing network connection
    enable         Turn on privileged commands
    exit           Exit from the EXEC
    logout         Exit from the EXEC
    ping           Send echo messages

[Output is omitted]
 
 
Three command can be used to logout from terminal. 


Switch>enable
Switch#disable
Switch>exit

Switch con0 is now available

Press RETURN to get started.
 
show version Command will display  the device platform, detected interface, ios name 


Switch>enable
Switch#show version
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version
12.2(25)FX, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 12-Oct-05 22:05 by pt_team
ROM: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX,
RELEASE SOFTWARE (fc4)
System returned to ROM by power-on
Cisco WS-C2960-24TT (RC32300) processor (revision C0) with
21039K bytes of memory.
24 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)

[Output is omitted]
 
show mac address Command will show all detected mac address dynamically and manually 

Switch#show mac-address-table
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----

   1    0001.643a.5501    DYNAMIC     Gig1/1

To view run time configuration of RAM use show running-config command 

Switch#show running-config
Building configuration...
Current configuration : 925 bytes
version 12.2
no service password-encryption
!
hostname Switch

[Output is omitted]
 
To view startup configuration [ Stored in NVRAM] use show startup-config command 


Switch#show startup-config
Current configuration : 925 bytes
version 12.2
no service password-encryption
!
hostname Switch

[Output is omitted]
 
To get information about VLAN configuration use show vlan command 
 
Switch#show vlan

VLAN Name                      Status    Ports
---- -------------------------------- --------- -----------------------
1    default                   active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                         Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                         Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                         Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                         Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                         Fa0/21, Fa0/22, Fa0/23, Fa0/24
[Output is omitted] 
 
show interface command will show all detected interface with their hardware description and configuration
 
Switch#show interfaces
FastEthernet0/1 is up, line protocol is up (connected)
  Hardware is Lance, address is 0060.2f9d.9101 (bia 0060.2f9d.9101)
  MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
[Output is omitted] 
 
interface vlan 1 is used to assign ip address and default gateway to switch. Show interface vlan 1 will give a over view of vlan1.
 
Switch#show interface vlan1
Vlan1 is administratively down, line protocol is down
  Hardware is CPU Interface, address is 0060.5c23.82ae
   (bia 0060.5c23.82ae)
  MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00

[Output is omitted] 
 
delete command is used to delete all vlan configuration 
from switch Don’t add space between flash and vlan.dat Run this exactly 
shown here adding a space could erase flash entirely leaving switch 
blank 
 
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]?
Delete flash:/vlan.dat? [confirm]
%deleting flash:/vlan.dat 
 
Startup configuration can be removed by erase commands
 
Switch#erase startup-config
Erasing the nvram filesystem will remove all configuration files!
Continue? [confirm]
[OK]
Erase of nvram: complete
%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram 
 

Basic Switch Configuration Step by Step:

use configure terminal command to go in global configuration mode 

Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
 
Now change default switch name to switch 1 

Switch(config)#hostname Switch1
 
Set enable password to Ranjith and secret to Thulasi
 
Switch1(config)#enable password Ranjith
Switch1(config)#enable secret Thulasi
Set console password to vinita and enable it by login command.
Order of command is important. Set password before you enable it.
 
Switch1(config)#line console 0
Switch1(config-line)#password vinita
Switch1(config-line)#login
Switch1(config-line)#exit 
 
Enable 5 telnet session [ vty0 - vty4] for router and set their password to Ranjith
 
Switch1(config)#line vty 0 4
Switch1(config-line)#password vinita
Switch1(config-line)#login
Switch1(config-line)#exit 
 
Now set switch ip address to 192.168.0.10 255.255.255.0 and default gateway to 192.168.0.5 
 
Switch1(config)#interface vlan1
Switch1(config-if)#ip address 192.168.0.10 255.255.255.0
Switch1(config-if)#exit
Switch1(config)#ip default-gateway 192.168.0.5 
 
Set a description finance VLAN to interface fast Ethernet 1 
 
Switch1(config)#interface fastEthernet 0/1
Switch1(config-if)#description finance VLAN 
 
By default switch automatically negotiate speed and duplex but you can adjust it manually 
Switch1(config-if)#duplex full
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
 changed state to downSwitch1
(config-if)#duplex auto
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
Switch1(config-if)#duplex half
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
changed state to down
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
Switch1(config-if)#duplex auto
Switch1(config-if)#speed 10
Switch1(config-if)#speed 100
Switch1(config-if)#speed auto
Switch1(config-if)#exit
Switch1(config)#exit
 
mac address table can be wiped out by clear commands 
 
Switch1#show
Switch1#show mac-address-table
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----

   1    0001.643a.5501    DYNAMIC     Gig1/1
Switch1#clear mac-address-table
Switch1#clear mac-address-table ?
  dynamic  dynamic entry type
Switch1#clear mac-address-table dynamic 
 
To restart switch use reload command [ running configuration will be erased so copy it first to startup configuration ] 
 
Switch1#reload
Proceed with reload? [confirm]
Switch con0 is now available
Press RETURN to get started. 
 
 
 
 

 



 












Posted by



at





No comments:
  


































        

      









Subscribe to:
Posts (Atom)