To recover a password on a Cisco switch, you will have to be connected to the console port of the Cisco switch using 9600 baud, 8 bits, no parity, 1 stop bit, and xon/xoff flow control. I recommend using Hyperterminal that comes with Windows XP to do this (Read How to Use HyperTerminal with Cisco Routers & Switches for more info).
Once you are connected and see something on the terminal window when you press enter, unplug the power cable. Next, hold down the mode button on the front, as seen in the photo below, and connect the power cable.
On a 2900, 3500XL or 3550 (like the one shown) release the mode button after the 1x port LED goes out. On a 2940 or 2950 switch release the mode button after the stat light goes out. On a 2955, press the break key (ctrl-break on Windows) when you see the message that the switch will autoboot.
You should now see something like this (taken from a 3550 switch):
Notice that it says that the password-recovery mechanism is enabled.
At the switch: prompt, type flash_init and press enter. You should see something like this (at least on a 3550):
Now type load_helper and press enter. You should see something like this:
Now type dir flash: and press enter. You should see something like this:
The config.text file is what stores the administrative password that is keeping you from logging into the router. To get rid of this file, use this command:
rename flash:config.text flash:config.backup
Next, boot the switch using the boot command, like this:
Once the system is booted, you will be asked if you want to enter the initial configuration dialog. Say no and press enter.
Next, enter enable mode with the en or enable command. Then, type the following commands:
rename flash:config.backup config.text
copy flash:config.text system:running-config
After each command, you will be prompted to confirm the name of the destination file. Do this by pressing enter each time.
Go into global configuration mode by typing config terminal. Next type no enable secret.
Now you can reset your enable password to whatever password you want. In the example below, we used the enable password NetInsider to set the password to NetInsider.
Exit out of global configuration using the exit command and save your configuration with the copy running-config startup-config command. You will be prompted to confirm the name of the destination file. Press enter.
You have successfully reconfigured your switch’s enable password using the password recovery procedure. Even better, you were able to do this while preserving the entire switch configuration.
Wednesday, June 15, 2011
Tuesday, May 3, 2011
What Is IP Routing?
IP Routing is an umbrella term for the set of protocols that determine the path that data follows in order to travel across multiple networks from its source to its destination. Data is routed from its source to its destination through a series of routers, and across multiple networks. The IP Routing protocols enable routers to build up a forwarding table that correlates final destinations with next hop addresses.
These protocols include:
* BGP (Border Gateway Protocol)
* IS-IS (Intermediate System - Intermediate System)
* OSPF (Open Shortest Path First)
* RIP (Routing Information Protocol)
When an IP packet is to be forwarded, a router uses its forwarding table to determine the next hop for the packet's destination (based on the destination IP address in the IP packet header), and forwards the packet appropriately. The next router then repeats this process using its own forwarding table, and so on until the packet reaches its destination. At each stage, the IP address in the packet header is sufficient information to determine the next hop; no additional protocol headers are required.
The Internet, for the purpose of routing, is divided into Autonomous Systems (ASs). An AS is a group of routers that are under the control of a single administration and exchange routing information using a common routing protocol. For example, a corporate intranet or an ISP network can usually be regarded as an individual AS. The Internet can be visualized as a partial mesh of ASs. An AS can be classified as one of the following three types.
* A Stub AS has a single connection to one other AS. Any data sent to, or received from, a destination outside the AS must travel over that connection. A small campus network is an example of a stub AS.
* A Transit AS has multiple connections to one or more ASs, which permits data that is not destined for a node within that AS to travel through it. An ISP network is an example of a transit AS.
* A Multihomed AS also has multiple connections to one or more ASs, but it does not permit data received over one of these connections to be forwarded out of the AS again. In other words, it does not provide a transit service to other ASs. A Multihomed AS is similar to a Stub AS, except that the ingress and egress points for data traveling to or from the AS can be chosen from one of a number of connections, depending on which connection offers the shortest route to the eventual destination. A large enterprise network would normally be a multihomed AS.
An Interior Gateway Protocol (IGP) calculates routes within a single AS. The IGP enables nodes on different networks within an AS to send data to one another. The IGP also enables data to be forwarded across an AS from ingress to egress, when the AS is providing transit services.
Routes are distributed between ASs by an Exterior Gateway Protocol (EGP). The EGP enables routers within an AS to choose the best point of egress from the AS for the data they are trying to route.
The EGP and the IGPs running within each AS cooperate to route data across the Internet. The EGP determines the ASs that data must cross in order to reach its destination, and the IGP determines the path within each AS that data must follow to get from the point of ingress (or the point of origin) to the point of egress (or the final destination).
The diagram below illustrates the different types of AS in a network. OSPF, IS-IS and RIP are IGPs used within the individual ASs; BGP is the EGP used between ASs.
These protocols include:
* BGP (Border Gateway Protocol)
* IS-IS (Intermediate System - Intermediate System)
* OSPF (Open Shortest Path First)
* RIP (Routing Information Protocol)
When an IP packet is to be forwarded, a router uses its forwarding table to determine the next hop for the packet's destination (based on the destination IP address in the IP packet header), and forwards the packet appropriately. The next router then repeats this process using its own forwarding table, and so on until the packet reaches its destination. At each stage, the IP address in the packet header is sufficient information to determine the next hop; no additional protocol headers are required.
The Internet, for the purpose of routing, is divided into Autonomous Systems (ASs). An AS is a group of routers that are under the control of a single administration and exchange routing information using a common routing protocol. For example, a corporate intranet or an ISP network can usually be regarded as an individual AS. The Internet can be visualized as a partial mesh of ASs. An AS can be classified as one of the following three types.
* A Stub AS has a single connection to one other AS. Any data sent to, or received from, a destination outside the AS must travel over that connection. A small campus network is an example of a stub AS.
* A Transit AS has multiple connections to one or more ASs, which permits data that is not destined for a node within that AS to travel through it. An ISP network is an example of a transit AS.
* A Multihomed AS also has multiple connections to one or more ASs, but it does not permit data received over one of these connections to be forwarded out of the AS again. In other words, it does not provide a transit service to other ASs. A Multihomed AS is similar to a Stub AS, except that the ingress and egress points for data traveling to or from the AS can be chosen from one of a number of connections, depending on which connection offers the shortest route to the eventual destination. A large enterprise network would normally be a multihomed AS.
An Interior Gateway Protocol (IGP) calculates routes within a single AS. The IGP enables nodes on different networks within an AS to send data to one another. The IGP also enables data to be forwarded across an AS from ingress to egress, when the AS is providing transit services.
Routes are distributed between ASs by an Exterior Gateway Protocol (EGP). The EGP enables routers within an AS to choose the best point of egress from the AS for the data they are trying to route.
The EGP and the IGPs running within each AS cooperate to route data across the Internet. The EGP determines the ASs that data must cross in order to reach its destination, and the IGP determines the path within each AS that data must follow to get from the point of ingress (or the point of origin) to the point of egress (or the final destination).
The diagram below illustrates the different types of AS in a network. OSPF, IS-IS and RIP are IGPs used within the individual ASs; BGP is the EGP used between ASs.
LDP IN MPLS
The Label Distribution Protocol (LDP) is used to establish MPLS transport LSPs when traffic engineering is not required. It establishes LSPs that follow the existing IP routing table, and is particularly well suited for establishing a full mesh of LSPs between all of the routers on the network.
LDP can operate in many modes to suit different requirements; however the most common usage is unsolicited mode, which sets up a full mesh of tunnels between routers.
* In solicited mode, the ingress router sends an LDP label request to the next hop router, as determined from its IP routing table. This request is forwarded on through the network hop-by-hop by each router. Once the request reaches the egress router, a return message is generated. This message confirms the LSP and tells each router the label mapping to use on each link for that LSP.
* In unsolicited mode, the egress routers broadcast label mappings for each external link to all of their neighbors. These broadcasts are fanned across every link through the network until they reach the ingress routers. Across each hop, they inform the upstream router of the label mapping to use for each external link, and by flooding the network they establish LSPs between all of the external links.
The main advantage of LDP over RSVP is the ease of setting up a full mesh of tunnels using unsolicited mode, so it is most often used in this mode to set up the underlying mesh of tunnels needed by Layer 2 and Layer 3 VPNs.
LDP can operate in many modes to suit different requirements; however the most common usage is unsolicited mode, which sets up a full mesh of tunnels between routers.
* In solicited mode, the ingress router sends an LDP label request to the next hop router, as determined from its IP routing table. This request is forwarded on through the network hop-by-hop by each router. Once the request reaches the egress router, a return message is generated. This message confirms the LSP and tells each router the label mapping to use on each link for that LSP.
* In unsolicited mode, the egress routers broadcast label mappings for each external link to all of their neighbors. These broadcasts are fanned across every link through the network until they reach the ingress routers. Across each hop, they inform the upstream router of the label mapping to use for each external link, and by flooding the network they establish LSPs between all of the external links.
The main advantage of LDP over RSVP is the ease of setting up a full mesh of tunnels using unsolicited mode, so it is most often used in this mode to set up the underlying mesh of tunnels needed by Layer 2 and Layer 3 VPNs.
Wednesday, April 13, 2011
assign ip to the l3 switch ethernet port
l3>en
l3#config t
l3#int Gi0/0/20
l3#no switchport
l3#ip address 10.10.10.5 255.255.255.252
l3#
ip is assigned to the port of the l3 switch
l3#config t
l3#int Gi0/0/20
l3#no switchport
l3#ip address 10.10.10.5 255.255.255.252
l3#
ip is assigned to the port of the l3 switch
Monday, April 11, 2011
BGP (BORDER GATEWAY PROTOCOL
1. BGP is IGP or EGP?
2. BGP is link state or distance vector protocol?
3. BGP uses which port?
4. When to use BGP?
5. Can I use BGP instead of any IGP?
6. Can I run two BGP process on single router?
7. What is Autonomous System?
8. Types of BGP routing table?
9. What is the BGP path selection criteria?
10. Define various BGP path attributes.
11. Why weight doesn’t fall under path attribute category?
12. What is confederation?
13. What is route reflector and why it is required?
14. What is no-synchronization rule?
15. Default BGP timers.
16. When does BGP use 0.0.0.0 router id?
17. Does route reflector come in actual path during traffic forwarding?
18. What is Site of origin aka SOO?
19. What is the cost of external and internal BGP routes?
20. Can we use local preference outside the autonomous system?
21. Does it require that BGP router-id should reachable in cloud?
22. What is recursive lookup in BGP and how it works?
23. What is the meaning of update source loopback?
24. If a static route is advertised in BGP without using update source what will be the next hop address in update?
25. Define various types of communities and why they are used?
26. If BGP neighbor state is showing idle what does it mean?
27. In Multihoming scenario if primary link gets fail, after how long traffic will be shifted to secondary link.
28. I am having two routes for remote destination but only single route is installing in routing table, what’s the reason for this?
29. How many links can be assigned for load balancing or sharing?
30. In eBGP I am establishing my neighbourship with loopback address but it’s not coming up. Please specify different reasons for not coming up.
31. Can we redistribute BGP in IGP? Please explain your answers.
32. What is cluster id?
33. I am receiving updates from eBGP peer, will the next hop change or not?
34. I am receiving updates from iBGP peer, will the next hop change or not?
35. A router is receiving same route from two different eBGP peers. The AS information contains in peer 1 is {65500, 65550, 65555} and in peer 2 is {65501, 65501}. But I want to make peer 1 preferred.
36. What is the difference between next-hop-self and update source loopback?
37. Define loop prevention mechanism in BGP.
2. BGP is link state or distance vector protocol?
3. BGP uses which port?
4. When to use BGP?
5. Can I use BGP instead of any IGP?
6. Can I run two BGP process on single router?
7. What is Autonomous System?
8. Types of BGP routing table?
9. What is the BGP path selection criteria?
10. Define various BGP path attributes.
11. Why weight doesn’t fall under path attribute category?
12. What is confederation?
13. What is route reflector and why it is required?
14. What is no-synchronization rule?
15. Default BGP timers.
16. When does BGP use 0.0.0.0 router id?
17. Does route reflector come in actual path during traffic forwarding?
18. What is Site of origin aka SOO?
19. What is the cost of external and internal BGP routes?
20. Can we use local preference outside the autonomous system?
21. Does it require that BGP router-id should reachable in cloud?
22. What is recursive lookup in BGP and how it works?
23. What is the meaning of update source loopback?
24. If a static route is advertised in BGP without using update source what will be the next hop address in update?
25. Define various types of communities and why they are used?
26. If BGP neighbor state is showing idle what does it mean?
27. In Multihoming scenario if primary link gets fail, after how long traffic will be shifted to secondary link.
28. I am having two routes for remote destination but only single route is installing in routing table, what’s the reason for this?
29. How many links can be assigned for load balancing or sharing?
30. In eBGP I am establishing my neighbourship with loopback address but it’s not coming up. Please specify different reasons for not coming up.
31. Can we redistribute BGP in IGP? Please explain your answers.
32. What is cluster id?
33. I am receiving updates from eBGP peer, will the next hop change or not?
34. I am receiving updates from iBGP peer, will the next hop change or not?
35. A router is receiving same route from two different eBGP peers. The AS information contains in peer 1 is {65500, 65550, 65555} and in peer 2 is {65501, 65501}. But I want to make peer 1 preferred.
36. What is the difference between next-hop-self and update source loopback?
37. Define loop prevention mechanism in BGP.
Wednesday, March 23, 2011
How bgp works
Networking 101: Understanding BGP Routing
The Border Gateway Protocol is the routing protocol of the Internet. BGP itself isn’t too complex, but the concepts behind autonomous-system-based routing can be strange to newcomers. In this article we hope to provide a short overview of how BGP works, along with the problems it solves and causes.
From last week’s overview of Internet routing, you should realize that routing in the Internet is comprised of two parts: the internal fine-grained portions that are managed by an IGP such as OSPF, and the interconnections of those autonomous systems (AS) via BGP.
Everyone on the Internet has at least one unique AS number, and they use BGP to advertise their networks to their peers. BGP is a path-vector protocol, because it advertises the paths required to get to a certain destination. BGP does not say anything about how a packet will get routed within the AS, nor does it know about the entire network as OSPF does. BGP can be called a distance-vector protocol, because it’s similar, excluding a few twists.
Related Articles
• Networking 101: Understanding RIP Routing
• Networking 101: Understanding OSPF Routing
• Networking 101: Understanding Internet Routing and Peering
BGP itself is a Layer 4 protocol that sits on top of TCP. BGP is much simpler than OSPF, because it doesn’t have to worry about the things TCP will handle. This works because BGP is very connection-oriented anyway, since it requires two manually configured peers, who configure their routers then exchange routes. BGP peers (neighbors) will generally be directly connected, but some masochists like to set up BGP sessions between multi-hop peers—which is okay, since BGP uses TCP (port 179) and doesn’t rely on broadcasts or link-local multicast.
BGP-4 (BGP-3 didn’t do CIDR) updates are packets comprised of the following: a network, a subnet, and some attributes. We make routing decisions based on the attributes, mainly the AS-Path attribute. A BGP update could contain the following information: “I can get to network 1.1.1.0/12 via AS numbers 8,19,2000,5.” A very important aspect of BGP to understand is that the AS-Path itself is an anti-loop mechanism. Routers will not import any routes that contain themselves in the AS-Path.
If you, as a router, import a route and then advertise it to one of your peers, you must prepend your own AS to the AS-Path before announcing the route. Naturally, this provides a “path” that one can take, as the route is advertised further from the source AS. Generally, but not always, routers will choose the shortest path to an AS. BGP only knows about these paths based on updates it receives. Unlike RIP (that distance-vector protocol) BGP does not broadcast its entire routing table. At boot, your peer will hand over their entire table, but after that everything relies on updates received.
Route updates are stored in a Routing Information Base (RIB). A routing table will only store one route per destination, but the RIB usually contains multiple paths to a destination. It is up to the router to decide which routes will make it into the routing table, i.e. which paths will actually be used. In the event that a route is withdrawn, another to the same place can be taken from the RIB. The RIB is only used to keep track of possible routes we could use. We never advertise a route to a peer that we aren’t using, because that would be false information. We only advertise what we have in our routing table. If a route withdrawal is received and it only existed in the RIB, we don’t need to send an update to our peers, instead we silently delete it from the RIB. The RIB entries never time out, they stick around until we think that route is no longer valid.
A great deal of routing on the Internet is said to be policy-based. Sometimes you’ll have an expensive link that you only want to use when necessary, or perhaps you’ll have a link that you can use to send traffic only to certain parties. Many times the BGP attribute “Community” will be used to identify a set of routes. If you want to let your neighbor know some secret information about a route, you can set a community number before you export those routes. These numbers are completely arbitrary, so whatever you send must be agreed upon a priori to have some sort of meaning.
Another important BGP attribute is the Multi-Exit Discriminator (MED). This is used to tell a remote AS that we prefer a specific exit point, even though we may have many. This is very important in iBGP, the IGP version of BGP that will be covered next time.
To get a true sense of how BGP works, it’s important to spend some time talking about the issues that plague the Internet.
First, we have a very big problem with routing table growth. If someone decides to deaggregate a network that used to be a single /16 network, they could potentially start advertising hundreds of new routes. Every router on the Internet will get every new route when this happens. People are constantly pressured to aggregate, or combine multiple routes into a single advertisement. Aggregation isn’t always possible, especially if you want to break up a /19 into two /20’s that will be geographically separate. Routing tables are approaching 200,000 routes now, and for a time they were appearing to grow exponentially.
Second, there is always a concern that someone will “advertise the Internet.” If some large ISP’s customer suddenly decides to advertise everything, and the ISP accepts the routes, all of the Internet’s traffic will be sent to the small customer’s AS. There’s a simple solution to this, and it’s called route filtering. It’s quite simple to set up filters so that your routers won’t accept routes from customers that you aren’t expecting, but many large ISPs will still accept the equivalent of “default” from peers that have no likelihood of being able to provide transit.
Finally, we come to flapping. BGP has a mechanism to “hold down” routes that appear to be flaky. Routes that flap, or come and go, usually aren’t reliable enough to send traffic to. If routes flap frequently, the load on all Internet routes will increase due to the processing of updates every time someone disappears and reappears. Dampening will prevent BGP peers from listening to all routing updates from flapping peers. The amount of time one is in hold-down increases exponentially with every flap. It’s annoying when you have a faulty link, since it can be more than an hour before you can get to many Internet sites, but it is very necessary.
This has been a very quick discussion of BGP; enough to get you thinking the right way about the protocol but is by no means comprehensive. Spend some time reading the RFCs if you’re tasked with operating a BGP router: your peers will appreciate it.
In a Nutshell
• BGP is the path-vector protocol that provides routing information for autonomous systems on the Internet via its AS-Path attribute.
• Peers that have been manually configured to exchange routing information will form a TCP connection and begin speaking BGP. There is no discovery in BGP.
• Medium-sized business usually get into BGP for the purpose of true multi-homing for their entire network.
The Border Gateway Protocol is the routing protocol of the Internet. BGP itself isn’t too complex, but the concepts behind autonomous-system-based routing can be strange to newcomers. In this article we hope to provide a short overview of how BGP works, along with the problems it solves and causes.
From last week’s overview of Internet routing, you should realize that routing in the Internet is comprised of two parts: the internal fine-grained portions that are managed by an IGP such as OSPF, and the interconnections of those autonomous systems (AS) via BGP.
Everyone on the Internet has at least one unique AS number, and they use BGP to advertise their networks to their peers. BGP is a path-vector protocol, because it advertises the paths required to get to a certain destination. BGP does not say anything about how a packet will get routed within the AS, nor does it know about the entire network as OSPF does. BGP can be called a distance-vector protocol, because it’s similar, excluding a few twists.
Related Articles
• Networking 101: Understanding RIP Routing
• Networking 101: Understanding OSPF Routing
• Networking 101: Understanding Internet Routing and Peering
BGP itself is a Layer 4 protocol that sits on top of TCP. BGP is much simpler than OSPF, because it doesn’t have to worry about the things TCP will handle. This works because BGP is very connection-oriented anyway, since it requires two manually configured peers, who configure their routers then exchange routes. BGP peers (neighbors) will generally be directly connected, but some masochists like to set up BGP sessions between multi-hop peers—which is okay, since BGP uses TCP (port 179) and doesn’t rely on broadcasts or link-local multicast.
BGP-4 (BGP-3 didn’t do CIDR) updates are packets comprised of the following: a network, a subnet, and some attributes. We make routing decisions based on the attributes, mainly the AS-Path attribute. A BGP update could contain the following information: “I can get to network 1.1.1.0/12 via AS numbers 8,19,2000,5.” A very important aspect of BGP to understand is that the AS-Path itself is an anti-loop mechanism. Routers will not import any routes that contain themselves in the AS-Path.
If you, as a router, import a route and then advertise it to one of your peers, you must prepend your own AS to the AS-Path before announcing the route. Naturally, this provides a “path” that one can take, as the route is advertised further from the source AS. Generally, but not always, routers will choose the shortest path to an AS. BGP only knows about these paths based on updates it receives. Unlike RIP (that distance-vector protocol) BGP does not broadcast its entire routing table. At boot, your peer will hand over their entire table, but after that everything relies on updates received.
Route updates are stored in a Routing Information Base (RIB). A routing table will only store one route per destination, but the RIB usually contains multiple paths to a destination. It is up to the router to decide which routes will make it into the routing table, i.e. which paths will actually be used. In the event that a route is withdrawn, another to the same place can be taken from the RIB. The RIB is only used to keep track of possible routes we could use. We never advertise a route to a peer that we aren’t using, because that would be false information. We only advertise what we have in our routing table. If a route withdrawal is received and it only existed in the RIB, we don’t need to send an update to our peers, instead we silently delete it from the RIB. The RIB entries never time out, they stick around until we think that route is no longer valid.
A great deal of routing on the Internet is said to be policy-based. Sometimes you’ll have an expensive link that you only want to use when necessary, or perhaps you’ll have a link that you can use to send traffic only to certain parties. Many times the BGP attribute “Community” will be used to identify a set of routes. If you want to let your neighbor know some secret information about a route, you can set a community number before you export those routes. These numbers are completely arbitrary, so whatever you send must be agreed upon a priori to have some sort of meaning.
Another important BGP attribute is the Multi-Exit Discriminator (MED). This is used to tell a remote AS that we prefer a specific exit point, even though we may have many. This is very important in iBGP, the IGP version of BGP that will be covered next time.
To get a true sense of how BGP works, it’s important to spend some time talking about the issues that plague the Internet.
First, we have a very big problem with routing table growth. If someone decides to deaggregate a network that used to be a single /16 network, they could potentially start advertising hundreds of new routes. Every router on the Internet will get every new route when this happens. People are constantly pressured to aggregate, or combine multiple routes into a single advertisement. Aggregation isn’t always possible, especially if you want to break up a /19 into two /20’s that will be geographically separate. Routing tables are approaching 200,000 routes now, and for a time they were appearing to grow exponentially.
Second, there is always a concern that someone will “advertise the Internet.” If some large ISP’s customer suddenly decides to advertise everything, and the ISP accepts the routes, all of the Internet’s traffic will be sent to the small customer’s AS. There’s a simple solution to this, and it’s called route filtering. It’s quite simple to set up filters so that your routers won’t accept routes from customers that you aren’t expecting, but many large ISPs will still accept the equivalent of “default” from peers that have no likelihood of being able to provide transit.
Finally, we come to flapping. BGP has a mechanism to “hold down” routes that appear to be flaky. Routes that flap, or come and go, usually aren’t reliable enough to send traffic to. If routes flap frequently, the load on all Internet routes will increase due to the processing of updates every time someone disappears and reappears. Dampening will prevent BGP peers from listening to all routing updates from flapping peers. The amount of time one is in hold-down increases exponentially with every flap. It’s annoying when you have a faulty link, since it can be more than an hour before you can get to many Internet sites, but it is very necessary.
This has been a very quick discussion of BGP; enough to get you thinking the right way about the protocol but is by no means comprehensive. Spend some time reading the RFCs if you’re tasked with operating a BGP router: your peers will appreciate it.
In a Nutshell
• BGP is the path-vector protocol that provides routing information for autonomous systems on the Internet via its AS-Path attribute.
• Peers that have been manually configured to exchange routing information will form a TCP connection and begin speaking BGP. There is no discovery in BGP.
• Medium-sized business usually get into BGP for the purpose of true multi-homing for their entire network.
port security
ADD-VLAN-11(config-if)#switchport port-security v
ADD-VLAN-11(config-if)#switchport port-security violation
% Incomplete command.
ADD-VLAN-11(config-if)#switchport port-security violation ?
protect Security violation protect mode
restrict Security violation restrict mode
shutdown Security violation shutdown mode
ADD-VLAN-11(config-if)#switchport port-security violation re
ADD-VLAN-11(config-if)#switchport port-security violation restrict ?
ADD-VLAN-11(config-if)#switchport port-security violation restrict
ADD-VLAN-11(config-if)#switchport port-security m
ADD-VLAN-11(config-if)#switchport port-security mac-address 00e0.4c4d.0e01
ADD-VLAN-11(config-if)#^Z
ADD-VLAN-11#
ADD-VLAN-11(config-if)#switchport port-security violation
% Incomplete command.
ADD-VLAN-11(config-if)#switchport port-security violation ?
protect Security violation protect mode
restrict Security violation restrict mode
shutdown Security violation shutdown mode
ADD-VLAN-11(config-if)#switchport port-security violation re
ADD-VLAN-11(config-if)#switchport port-security violation restrict ?
ADD-VLAN-11(config-if)#switchport port-security violation restrict
ADD-VLAN-11(config-if)#switchport port-security m
ADD-VLAN-11(config-if)#switchport port-security mac-address 00e0.4c4d.0e01
ADD-VLAN-11(config-if)#^Z
ADD-VLAN-11#
Friday, March 11, 2011
OSPF CONFIGURATION
1. CONFIGURE INTERFACE
interface ethernet 0
ip address 192.168.251.201 255.255.255.0
ip ospf authentication-key adcdefgh
!
router ospf 201
network 10.0.0.0 0.255.255.255 area 10.0.0.0
network 192.168.0.0 0.0.255.255 area 0
area 10.0.0.0 authentication
area 0 authentication
interface ethernet 0
ip address 192.168.251.201 255.255.255.0
ip ospf authentication-key adcdefgh
!
router ospf 201
network 10.0.0.0 0.255.255.255 area 10.0.0.0
network 192.168.0.0 0.0.255.255 area 0
area 10.0.0.0 authentication
area 0 authentication
Thursday, February 3, 2011
TO CREATE THE VLAN ON MULTIPLE LAN
Cisco IOS #config t
Cisco IOS(config) #int range GigabitEthernet3/1 - 24
Cisco IOS(config-if) #switchport access vlan7
Cisco IOS(config-if) #end
Cisco IOS # show vlan
Cisco IOS(config) #int range GigabitEthernet3/1 - 24
Cisco IOS(config-if) #switchport access vlan7
Cisco IOS(config-if) #end
Cisco IOS # show vlan
Tuesday, February 1, 2011
From configuration mode create the VLAN and add access interface to it:
root> configure
Entering configuration mode
[edit]
root# set vlansvlan-id
root# set interfaces ge-0/0/.0 family ethernet-switching port-mode access vlan members
root# commit
Verify the VLAN and interface:
root# run show vlans
-------------------------------------------------------
Name Tag Adress Ports
Active/Total
-------------------------------------------------------
bar 67 --------- 0/0
default None --------- 3/5
foo 66 --------- 1/1
root# run show ethernet-switching table except :
VLAN MAC address Type Age Interfaces
foo * Flood - ge-0/0/5.0
bar * Flood - ge-0/0/16.0, ge-0/0/15.0
default * Flood - ge-0/0/0.0, ge-0/0/1.0, ge-0/0/2.0
root# run show ethernet-switching interfaces
Interface Index State VLAN members
ge-0/0/0.0 69 UP default
ge-0/0/1.0 70 UP default
ge-0/0/5.0 71 UP foo
root# show ethernet-switching interfaces detail
Interface: ge-0/0/0.0 Index: 69
State: UP
Vlans: default(untagged)
Interface: ge-0/0/1.0 Index: 70
State: UP
Vlans: default(untagged)
Interface: ge-0/0/5.0 Index: 71
State: UP
Vlans: foo(untagged)
Configure the TRUNK and add VLAN that was created in previous steps:
root# set interfaces ge-0/0/.0 family ethernet-switching port-mode trunk [native-vlan-id ] vlan members [ whitespace separated list of vlan names or IDs ]
root# commit
Verify the TRUNK and the VLAN members for this trunk:
root# run show interfaces ge-0/0/.0
Flags: Trunk-Mode <---
root# run show ethernet-switching interfaces
Interface Index State VLAN members
ge-0/0/2.0 71 UP my-vlan, mydefault, pfetest
root> configure
Entering configuration mode
[edit]
root# set vlans
root# set interfaces ge-0/0/
root# commit
Verify the VLAN and interface:
root# run show vlans
-------------------------------------------------------
Name Tag Adress Ports
Active/Total
-------------------------------------------------------
bar 67 --------- 0/0
default None --------- 3/5
foo 66 --------- 1/1
root# run show ethernet-switching table except :
VLAN MAC address Type Age Interfaces
foo * Flood - ge-0/0/5.0
bar * Flood - ge-0/0/16.0, ge-0/0/15.0
default * Flood - ge-0/0/0.0, ge-0/0/1.0, ge-0/0/2.0
root# run show ethernet-switching interfaces
Interface Index State VLAN members
ge-0/0/0.0 69 UP default
ge-0/0/1.0 70 UP default
ge-0/0/5.0 71 UP foo
root# show ethernet-switching interfaces detail
Interface: ge-0/0/0.0 Index: 69
State: UP
Vlans: default(untagged)
Interface: ge-0/0/1.0 Index: 70
State: UP
Vlans: default(untagged)
Interface: ge-0/0/5.0 Index: 71
State: UP
Vlans: foo(untagged)
Configure the TRUNK and add VLAN that was created in previous steps:
root# set interfaces ge-0/0/
root# commit
Verify the TRUNK and the VLAN members for this trunk:
root# run show interfaces ge-0/0/
Flags: Trunk-Mode <---
root# run show ethernet-switching interfaces
Interface Index State VLAN members
ge-0/0/2.0 71 UP my-vlan, mydefault, pfetest
Monday, January 31, 2011
CONFIGURE OF JUNIPER SWITCHES
set system domain-name EXAMPLE.in
set system time-zone Asia/Calcutta
set system root-authentication encrypted-password "JFHKDJFHKJm."
set system name-server IP
set system name-server IP
set system login message "\n\n==========================================================\n\nAccess to this device is limited to authorized users only.\n\nWARNING:All unauthorized access is prohibited.\n\n==================================="
set system login user KISHEN uid 2000
set system login user KISHEN class super-user
set system login user KISHEN authentication encrypted-password "$FDSFLFJLDFJLKDJFLJDLFDSFS/"
set system login user ABC uid 2002
set system login user ABC class read-only
set system login user ABC authentication encrypted-password "$1$CGFGFD9Y.N0M49bKAB1"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system ntp server IP
set interfaces ge-0/0/0 unit 0 family inet address IP WITH SUBNET MASK
set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces ge-0/0/2 unit 0 family ethernet-switching
set interfaces ge-0/0/3 unit 0 family ethernet-switching
set interfaces ge-0/0/4 unit 0 family ethernet-switching
set interfaces ge-0/0/5 unit 0 family ethernet-switching
set protocols igmp-snooping vlan all
set protocols rstp
set protocols lldp interface all
set protocols lldp-med interface all
set ethernet-switching-options storm-control interface all level 50
To see the command used to configure
root#
root# show | display set
set system domain-name EXAMPLE.in
set system time-zone Asia/Calcutta
set system root-authentication encrypted-password "JFHKDJFHKJm."
set system name-server IP
set system name-server IP
set system login message "\n\n==========================================================\n\nAccess to this device is limited to authorized users only.\n\nWARNING:All unauthorized access is prohibited.\n\n==================================="
set system login user KISHEN uid 2000
set system login user KISHEN class super-user
set system login user KISHEN authentication encrypted-password "$FDSFLFJLDFJLKDJFLJDLFDSFS/"
set system login user ABC uid 2002
set system login user ABC class read-only
set system login user ABC authentication encrypted-password "$1$CGFGFD9Y.N0M49bKAB1"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system ntp server IP
set interfaces ge-0/0/0 unit 0 family inet address IP WITH SUBNET MASK
set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces ge-0/0/2 unit 0 family ethernet-switching
set interfaces ge-0/0/3 unit 0 family ethernet-switching
set interfaces ge-0/0/4 unit 0 family ethernet-switching
set interfaces ge-0/0/5 unit 0 family ethernet-switching
set protocols igmp-snooping vlan all
set protocols rstp
set protocols lldp interface all
set protocols lldp-med interface all
set ethernet-switching-options storm-control interface all level 50
To see the command used to configure
root#
root# show | display set
Subscribe to:
Posts (Atom)