Network technologies and trends


September 24, 2008  8:27 AM

How to configure intervlan routing between Cisco Catalyst Switches and HP Procurve Switches Series 2

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

In my previous post I did discussed about the how common terminologies are applied by both Cisco & HP, now it’s time  proceed further , in this example we will create two VLANs and make intervlan communication between HP Procurve Switches  and Cisco Catalyst Switches.

 

HP-Cisco Vlan

 

We will create 2 VLANS in both Switches, as shown in the below table

IP address

 

Now let’s see what configuration commands required to create a VLAN, and enable intervlan communication between HP Procurve Switches  and Cisco Catalyst Switches.

commands1

Commands2

September 22, 2008  6:53 AM

How to configure intervlan routing between Cisco Catalyst Switches and HP Procurve Switches Series 1.

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

In this series of article you are going to experience how to configure VLAN trunking between HP Procurve Switches  and Cisco Catalyst Switches.

Before proceeding further lest understand the basic terminoly applied by both Cisco and HP for the following things

When it comes to VLANs in Cisco every one thinks of the term TRUKING.

HP applies trunking for ether channel where as in Cisco it applies for VLANs

Let’s compare how both vendors define Trunking

HP-Cisco

Source:HP

VLAN Terminologies applied by Both Cisco & HP

Vlans comparison

 

to be continued in next series


September 16, 2008  7:55 AM

How to enable browsing with multiple subnets(VLANS) through Microsoft ISA Server 2006

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Other day we installed Microsoft ISA Server 2006 for Internet Browsing as shown in the below figure.

ISA

The ISA Server has two NICS one is connected to the DMZ zone with a Real IP Natted to a Private DMZ Zone IP and the Second NIC is connected to the internal network.

Users were able to access the internet from the same subnet of the Windows ISA Server 2006  (10.0.0.0/23 with Default Gateway 10.0.0.1). But we were facing a problem with the users in other subnet they couldn’t able to browse the Internet. So we checked the connectivity from the client to Windows ISA Server 2006  network and VLAN configurations in the Cisco Catalyst Switch. Everything was fine. But we couldn’t able to ping the default gateways for all the VLANS (subnets). Finally we checked the event log in Windows ISA Server 2006 and found that the Windows ISA Server 2006 is dropping the packets due to a suspected spoof attack. Why should requests coming from a different subnet be considered as spoof? This is because Windows ISA Server 2006 believes that requests coming from any network which does not have a direct route mentioned in its routing table are spoof. So what is the solution? Quite Simple! Add a static route using the route add command.

Route Add


September 14, 2008  7:00 AM

Learn How to secure your Cisco router with Cisco’s Secure Device Manager (SMD) Firewall Policy Wizard.

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

This document describes how to use the Cisco Security Device Manager (SDM) to secure your Cisco router. The Cisco Security Device Manager (SDM) firewall policy wizard can help make things easier for the first time users who are not comfortable with the Cisco CLI commands.In this example let’s configure the basic firewall using the Cisco Security Device Manager (SDM) firewall policy wizard. For this example a Cisco 877W router with an IOS version 12.4(4)T8  is used with SDM version 2.5.

Using the Cisco Security Device Manager (SDM) Firewall and ACL task section , you can create new Firewall and ACL.

Firewall & ACL 

The Cisco Security Device Manager (SDM) offers wizard to create either a Basic Firewall or an Advance Firewall. Now you are thinking what is the difference? The Basic Firewall won’t allow you to configure a DMZ zone where as the advance firewall does.

As we are not interested in creating a DMZ zone lets proceed with a Basic Firewall option as shown in the below figure A

Figure Abasic fw

Th below figure explains how the basic firewall Configuration Wizard applies its template policy to the inside and outside interfaces. The wizard will give you the opportunity to which interface is which. The new policy will inspect TCP, UDP and other protocols that travel from inside to outside zone. It will block IM, P2P, MSN, Yahoo and AOL  IM traffic. It will also deny any unsolicited traffic coming on to the outside interface Figure Bfigureb

Click Next, which will take you to the basic firewall Interface Configuration screen, as seen in figure B. This is where you can select which interface will be the inside and which will be the outside.

After you have made your selection, click Next. This takes you to the Basic firewall Security Configuration screen, as shown in figure C. Choose the level of Security for the firewall: High, Medium, or Low.

I choose Medium Security and clicked the preview commands button to review the commands this settings would apply.Figure C

Figure C

When you see the output, you are pleased as you didn’t have to type all those commands manually

Figure D

FigD

Click Next. This takes you to the Basic Firewall Domain Name Server Configuration Screen, as shown in figure D. Specify the primary & secondary DNS server, and click Next. The Firewall Configuration summary screen sums up our choices as shown in figure E. Then click Finish.

Figure E

figuree

After successful completion of the above mentioned steps you can always review the changes as shown in figure F by clicking Edit Firewall Policy tab

Figure F

figuref


September 8, 2008  8:12 AM

How to reset/delete the password & configuraton on a Cisco WS-C350-48-SMI

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

This article describes the procedure for resetting / delete  the  password & current configuration on a Cisco Catalyst WS-C3550-48-SMI.Model: WS-C3550-48-SMI
Warning: This procedure will remove the switch configuration. Be sure to have a backup of you current switch configuration before proceeding.
The Cisco WS-C3550-48-SMI Catalyst switch is similar to most Catalyst switches and the procedure for resetting the password is the same.

Step 1: Connect the console cable to the switch and start your terminal program (HyperTerminal/Secure CRT). Console port settings are 9600,8,N,1

Step 2: Hold the MODE button (on the front of the switch) while you power on the switch.

reset 3550

Step 3: Hold the MODE button for a few seconds until you the System light stop flashing.Step 4: At this point, the switch should be in ROMmon mode. Step 5: From ROMmon mode, type: flash_initStep 6: From ROMmon mode, type: delete flash:config.textStep 7: From ROMmon mode, type: boot

At this point the switch will boot as normal with a new configuration and no password.

how-to-reset-the-cisco-3550-switch.JPG

 


September 6, 2008  10:40 AM

The best way to record the serial number for Cisco Devices for Remote support.

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Imagine if you are accesing the remote router and need to figure out the serial number for a router or the Circuit IDs of the serial interface, then you may start looking your docmented data or call the remote technician to help you out in figuring these details. The best and easy way to get these details in matter of seconds is to put the serial number of each device in the Banner MOTD, and the circuit IDs in the serial interface descriptions.


September 1, 2008  9:42 AM

Most Commonly used Network Layer Utilities

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

I was just thinking about the most commonly used Network Layer utilities in day to day business. Here are they which are useful to guys who are aspiring for their CCNA.
1) Address Resolution Protocol (ARP)
2) Domain Name Systems (DNS)
3) Dynamic Host Configuration Protocol (DHCP)
4) Ping.

You can find more details about  Network Layer Utilities  in detail, how they work etc.


August 30, 2008  5:16 AM

A cool tool to solve layer 1 UTP cable issues in Cisco Catalyst Switches.

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Here is a simple and cool tool for solving layer 1 UTP cable issues in a Cisco Catalyst Switches, the command used for this function is “test cable-diagnostics tdr interface”
Here is the example

MBGF-DAC-3560-AS01#test cable-diagnostics tdr interface gigabitEthernet 0/1
TDR test started on interface Gi0/1
A TDR test can take a few seconds to run on an interface
Use ‘show cable-diagnostics tdr’ to read the TDR results.
MBGF-DAC-3560-AS01#
The Catalyst 2960, 2970, 3560/3560-E, and 3750/3750-E switches have an integrated Time Domain Reflector (TDR), which is used to test cables associated with a port. TDR is supported only on 10/100/1000 and some 10/100 (Catalyst 2960) copper Ethernet ports. It is not supported on 10 GigabitEthernet or SFP module ports.

A TDR test can take a few seconds to run on an interface. Use “show cable-diagnostics tdr” to read the TDR results.

MBGF-DAC-3560-AS01#sho cable-diagnostics tdr interface gigabitEthernet 0/1
TDR test last run on: August 30 08:01:35

Interface Speed Local pair Pair length        Remote pair Pair status
——— —– ———- —————— ———– ——————–
Gi0/1     1000M Pair A     54   +/- 4  meters Pair A      Normal             
                Pair B     52   +/- 4  meters Pair B      Normal             
                Pair C     53   +/- 4  meters Pair C      Normal             
                Pair D     54   +/- 4  meters Pair D      Normal             
MBGF-DAC-3560-AS01#


August 24, 2008  6:20 AM

How to reset the Cisco Catalyst Switch to Factory Defaults

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

To reset the Cisco Catalyst switches to factory defaults, you need access to the Cisco Catalyst Switch console through either a physical console or a Telnet connection. You also need the console/enable passwords. If you forget the console and enable password of your Cisco Catalyst Switch , you cannot reset the Cisco Catalyst Switch  configuration to factory default to reset the password.

So you have decided to reset the Cisco Catalyst  Switch to factory default settings or else to delete the complete configuration along with VLAN data, here is the easy way.Log in to your Cisco Switch, in global configuration mode issue the following commands

ITKE# write erase
ITKE # delete flash:vlan.dat
ITKE # reload

Here is the graphical snap shots I took while reseting the Cisco Catalyst 3550 Switch.

This snap shot is before reseting with exsisting configuration.

Switch1

 

Now lets issue the following commands to reset the Cisco Catalyst Switch to factory default setting,

ITKE# write erase
ITKE # delete flash:vlan.dat
ITKE # reload

Switch2

 

After reload you will see the following

Switch3


August 23, 2008  6:04 AM

Discover Cisco Network Assistant (CNA)

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Cisco Network Assistant (CNA) is a PC-based graphical network management application which is free tool included when a new Cisco Switch is purchased. Cisco Network Assistant (CNA) is capable of managing the standalone Cisco Switches and clusters of Cisco Switches in your intranet. Cisco Network Assistant (CNA) is best suited for Small to Mid Sized LANS. . Cisco Network Assistant (CNA) supports wide range of Cisco Catalyst Switches from Cisco 2900 through Cisco Catalyst 4506. The Cisco Network Assistant (CNA) manages many of the critical functions of a Cisco Switches & is optimized for wired and Wireless LANs (WLANs). The Cisco Network Assistant (CNA) provides a centralized network view and allows network administrators to employ its features across Cisco switches, routers, and access points.  With Cisco Network Assistant (CNA) a Network Administrators can easily apply common services, generate inventory reports, synchronize passwords and employ features across Cisco Switches, routers and access points.   Cisco Network Assistant (CNA) is available at no cost and can be downloaded from the Cisco Network Assistant Software Download.

CNA

 

What’s new in Cisco Network Assistant (CNA) Version 5.4?

Increased device limits: Supports up to 40 switches and routers

Enhanced discovery: Discover devices with subnet or IP range 

Diagnostics: Conduct on-demand or scheduled tests to verify hardware functionality 

Command-line interface (CLI) preview: View CLIs before they are sent to the device

In my next article I will focus on how to use the Cisco Network Assistant (CNA).

[kml_flashembed movie="http://www.cisco.com/cdc_content_elements/flash/netwrk_mgmt/cna/index.html" width="undefined" height="undefined"/]


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: