tag:blogger.com,1999:blog-12280613893800247212024-03-05T03:11:39.816-08:00CCNP SwitchPreparation for the CCNP Switch examohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.comBlogger53125tag:blogger.com,1999:blog-1228061389380024721.post-13893543736838505872022-07-22T05:34:00.005-07:002022-07-22T07:14:18.667-07:00Cisco CLI pathway tracking Commands<h2 style="text-align: center;"> <span style="color: red;"><b><u>Cisco CLI pathway tracking</u></b></span></h2><div>This is a list of some of my personal commands to track through the network.Some times we need to figure out what relation it have , if we are dealing with layer 2, layer 3 or a Nexus devices.in any case we need to use different commands</div><div><b><br /></b></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCXbyr12AbAbGqx2KlA5DKmMo066wh0HrKhjloNQq3ITKx9JvMK36QQ4hwj8ehUHi9ucCT3d4BuhWvDizjtAW66DmbapSvVXlUs9ZND2yZaybgTG0N8oWk2LvIHYc0fuuJUj2UUkqVL2By8V2yEBlG2TRtZe1-njTHOq5A0Git6Lr57m4q2xCAOnmydQ/s800/cisco-cli-show-commands.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="400" data-original-width="800" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCXbyr12AbAbGqx2KlA5DKmMo066wh0HrKhjloNQq3ITKx9JvMK36QQ4hwj8ehUHi9ucCT3d4BuhWvDizjtAW66DmbapSvVXlUs9ZND2yZaybgTG0N8oWk2LvIHYc0fuuJUj2UUkqVL2By8V2yEBlG2TRtZe1-njTHOq5A0Git6Lr57m4q2xCAOnmydQ/w640-h320/cisco-cli-show-commands.jpg" width="640" /></a></div><br /><b><br /></b></div><div><b><br /></b></div><div><ul style="text-align: left;"><li><b>show cdp neighbor ( trafficc, neighbor detail)</b></li><li><b>show version</b></li><li><b>show vlan</b></li><li><b>show running-config</b></li><li><b>show ip intertace</b></li><li><b>show mac-address table</b></li><li><b>show vtp status</b></li><li><b>show ip cef</b></li><li><b>show vlan brief</b></li><li><b>show interface status</b></li></ul></div><div>We can see a lot of different values when we set those commands with different values like Vlans, mac address and Ip address.</div><div>For example , we would like to trace through different network devices in our network</div><div><br /></div><div><ol style="text-align: left;"><li>show running-config vlan 30</li><li>ping 10.10.10.1</li><li>show ip arp (mac address & vlan)</li><li>show port-channel summary (port 310, eth 1/51)</li><li>show cdp neigh</li><li>traceroute</li><li>show ip route 10.234.0.90</li><li>show ip arp (ip)</li><li>show run int vlan 60</li><li>show ip int br | include (ip or mac address )</li><li>show ip arp | include 10.236.7.132</li><li>show mac address-table | include (mac)</li><li>show vlan id 61</li></ol><div>Hopefully this information was useful. If it was , please comment. Thanks in advance</div></div><div><br /></div><p><br /></p>ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-24950568153619900722022-07-07T13:55:00.007-07:002022-07-07T13:56:51.336-07:00<blockquote style="border: none; margin: 0 0 0 40px; padding: 0px;"><p style="text-align: center;"><span style="color: #2b00fe; font-size: large;"> <b>SD-WAN</b></span></p></blockquote><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxYLk2BEXc47I2wB0oaSdx5qw7hpynGI1oARQz8OYZ4W3WMOQCfHv1XyMkIspn9ko37fHJqWddlDPsbTYhdQ4UPrTyxMC_G6zDuZ5M1QNuIR3lPS8hoMAgQx8qsZpEUFqaoQpmxfStfFjNSJtMocaEmGm3tpIkz8YFKAj_Q-9PQ-duVQdJUbo9bLxqNA/s759/sdwan1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="347" data-original-width="759" height="292" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxYLk2BEXc47I2wB0oaSdx5qw7hpynGI1oARQz8OYZ4W3WMOQCfHv1XyMkIspn9ko37fHJqWddlDPsbTYhdQ4UPrTyxMC_G6zDuZ5M1QNuIR3lPS8hoMAgQx8qsZpEUFqaoQpmxfStfFjNSJtMocaEmGm3tpIkz8YFKAj_Q-9PQ-duVQdJUbo9bLxqNA/w640-h292/sdwan1.jpg" width="640" /></a></div><br /><p><br /></p><p><br /></p><div><span style="background-color: white; color: #656565; font-family: "Nunito Sans", sans-serif; font-size: 17px;">SD-WAN </span><span style="background-color: white; color: #656565; font-family: "Nunito Sans", sans-serif; font-size: 17px;">stands for Software-Defined Wide-Area Network. </span><span style="background-color: white; color: #656565; font-family: "Nunito Sans", sans-serif; font-size: 17px;"> is something that is used by thousands of companies across the country as they look to connect different parts of their business to a wireless network.</span><span style="background-color: white; color: #656565; font-family: "Nunito Sans", sans-serif; font-size: 17px;">This is achieved via the application of SDN technologies to WAN connections. The fun</span><span style="background-color: white; color: #656565; font-family: "Nunito Sans", sans-serif; font-size: 17px;">tion is to connect the various business premises to the same, secure network through the internet or a cloud-native private network.</span></div><p><span style="background-color: white; color: #656565; font-family: "Nunito Sans", sans-serif; font-size: 17px;"><br /></span></p><p></p><ul style="text-align: left;"><li><span style="color: #656565;"><span style="background-color: white; font-size: 17px;"><span style="font-family: Nunito Sans, sans-serif;">U</span><span style="font-family: inherit;">se dedic</span><span style="font-family: Nunito Sans, sans-serif;">ated</span><span style="font-family: inherit;"> circuits :</span></span></span><span style="font-family: inherit;"> <span style="font-family: inherit;">include broadband connections, 4G, and LTE</span></span></li><li><span style="color: #656565; font-family: Nunito Sans, sans-serif;"><span style="background-color: white; font-size: 17px;">Provide reliability and security</span></span></li><li><span style="color: #656565; font-family: Nunito Sans, sans-serif;"><span style="background-color: white; font-size: 17px;">Rise of cloud usage requires simplicity</span></span></li><li><span style="color: #656565; font-family: Nunito Sans, sans-serif;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpw-EnLjLyZTvfp5bu0RiBH4F3IR4Der-cXKkBUJTiOci-pDAe_CkZeCrl1I01wdWgo-YOyNFi7MNGop9aIRq1ZOxuAM0nq5YYh_gmlCOyknyl_QHnRZD4X4zOQbOj6GLMVGe9MJwtJu_JrxHQ56pBanKNcJIUYOo50Q7dEAhE9kXpEHaGt2BwH0GSKg/s1199/sd-wan2.webp" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="912" data-original-width="1199" height="243" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpw-EnLjLyZTvfp5bu0RiBH4F3IR4Der-cXKkBUJTiOci-pDAe_CkZeCrl1I01wdWgo-YOyNFi7MNGop9aIRq1ZOxuAM0nq5YYh_gmlCOyknyl_QHnRZD4X4zOQbOj6GLMVGe9MJwtJu_JrxHQ56pBanKNcJIUYOo50Q7dEAhE9kXpEHaGt2BwH0GSKg/s320/sd-wan2.webp" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV9jEU2aACOWxdtN6fzFGuDijCYwyFDPmsoxiS3xsPQrYzMrhGQhbAiIMrvLATd4vvyLYkYb7ak99MeKhyErExqpVsVJ8YBx9nmRCJHS2dtZoqWQWOsRD-LYZQjraqlYyNHiTEULtQ_WjtzWLh4ok_H2TKtQ-mOEYXAEB3K0Ti_DiMqQ6zmWDZl0DgPQ/s1023/sdwan2.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="647" data-original-width="1023" height="404" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV9jEU2aACOWxdtN6fzFGuDijCYwyFDPmsoxiS3xsPQrYzMrhGQhbAiIMrvLATd4vvyLYkYb7ak99MeKhyErExqpVsVJ8YBx9nmRCJHS2dtZoqWQWOsRD-LYZQjraqlYyNHiTEULtQ_WjtzWLh4ok_H2TKtQ-mOEYXAEB3K0Ti_DiMqQ6zmWDZl0DgPQ/w640-h404/sdwan2.jpeg" width="640" /></a></div>We can see SD-wan Viptela</span></li></ul><div><span style="color: #656565; font-family: Nunito Sans, sans-serif;"><br /></span></div><ul style="text-align: left;"><li><span style="color: #656565; font-family: Nunito Sans, sans-serif;"><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><span style="background-color: white; font-size: 17px;"><br /></span></span></li></ul><div><span style="color: #656565; font-family: Nunito Sans, sans-serif;"><span style="font-size: 17px;"><br /></span></span></div><div><span style="color: #656565; font-family: Nunito Sans, sans-serif;"><span style="font-size: 17px;"><br /></span></span></div><div><span style="color: #656565;"><div class="separator" style="clear: both; font-family: "Nunito Sans", sans-serif; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-CXpY6j-V6qCAbqdxRFYTa3bH2Ux--0vdcm0gIX_I3oih3nseLKWcnE_bSVfWL7tybfFyb9rrDAhCNGfV_jO9-UoHfVUGkKIzj32-zV5ExaU15p04VEjuqppfuKA5PbOHUUMz95-tFuGBrHZGfdb2NaYlWR8uDWZwbDPQUWMzBNUuF4JHd4VVQOGJyQ/s1080/sdwan4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="639" data-original-width="1080" height="378" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-CXpY6j-V6qCAbqdxRFYTa3bH2Ux--0vdcm0gIX_I3oih3nseLKWcnE_bSVfWL7tybfFyb9rrDAhCNGfV_jO9-UoHfVUGkKIzj32-zV5ExaU15p04VEjuqppfuKA5PbOHUUMz95-tFuGBrHZGfdb2NaYlWR8uDWZwbDPQUWMzBNUuF4JHd4VVQOGJyQ/w640-h378/sdwan4.png" width="640" /></a></div><br /></span><p style="text-align: left;"><span style="color: #656565;"><span style="font-size: 17px;"><span style="font-family: arial;">Vedge run on data plane . </span></span></span><span style="background-color: white; color: #4d4c4c; font-size: 18px;"><span style="font-family: arial;">An edge platform, also called an edge router, is a single device for connecting and securing enterprise traffic to the cloud. </span></span><span style="background-color: white; color: #4d4c4c; font-family: CiscoSans, Arial, sans-serif; font-size: 18px;">Edge platforms offer networking, security, and other IT services in a compact form factor.</span></p><p style="text-align: left;"><span style="background-color: white; color: #4d4c4c; font-family: CiscoSans, Arial, sans-serif; font-size: 18px;"><br /></span></p><p style="text-align: left;"><span style="background-color: white; color: #4d4c4c; font-family: CiscoSans, Arial, sans-serif; font-size: 18px;"><b><u>Edge router hardware platform</u></b>; A)Cisco vedge router using Viptela OS</span><span style="background-color: white; color: #4d4c4c; font-family: CiscoSans, Arial, sans-serif; font-size: 18px;">I B)SR 1000 and 4000 series and C) ASR 1000 series</span></p><p style="text-align: left;"><span style="background-color: white; color: #4d4c4c; font-family: CiscoSans, Arial, sans-serif; font-size: 18px;"><br /></span></p><p style="text-align: left;"><span style="background-color: white; color: #4d4c4c; font-family: CiscoSans, Arial, sans-serif; font-size: 18px;"><b><u>Edge router software plattform: A)</u> </b>CSR 1000 v router and B) vEdge Cloud router</span></p><p style="text-align: left;"><span style="background-color: white; color: #4d4c4c; font-family: CiscoSans, Arial, sans-serif; font-size: 18px;"><br /></span></p><p style="text-align: left;"><span style="background-color: white; color: #4d4c4c; font-family: CiscoSans, Arial, sans-serif; font-size: 18px;">This is an example of Cisco vManage</span></p><p style="text-align: left;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgX9Lfj_O-4e4ILtAeVBV3i8iKQ_F88UQcAGZq3cf_SCKgg2PwWF9UXf3F5EegLH4DaoIMYEEkTmXANv0IPnTE72So2u2FGucsKkzCIHZg3ozN1MD0csuT9xvZ3CZaQXq3_PtL-Elz-8B1Wnx9X4cmcldUqKWV3ndcJmr9Ly0ruguTn8QpTS0MAArG2_g/s700/sdwan6.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="394" data-original-width="700" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgX9Lfj_O-4e4ILtAeVBV3i8iKQ_F88UQcAGZq3cf_SCKgg2PwWF9UXf3F5EegLH4DaoIMYEEkTmXANv0IPnTE72So2u2FGucsKkzCIHZg3ozN1MD0csuT9xvZ3CZaQXq3_PtL-Elz-8B1Wnx9X4cmcldUqKWV3ndcJmr9Ly0ruguTn8QpTS0MAArG2_g/w640-h360/sdwan6.jpg" width="640" /></a></div><br /><span style="background-color: white; color: #4d4c4c; font-family: CiscoSans, Arial, sans-serif; font-size: 18px;">You can check more information on <a href="http://Cisco.com/go/sdwandemos">Cisco.com/go/sdwandemos</a></span><p></p><p style="text-align: left;"><span style="background-color: white; color: #4d4c4c; font-family: CiscoSans, Arial, sans-serif; font-size: 18px;"><br /></span></p><p style="text-align: left;"><span style="background-color: white; color: #4d4c4c; font-family: CiscoSans, Arial, sans-serif; font-size: 18px;"><br /></span></p><p style="text-align: left;"></p><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiODT1zP74kL2fmXWCnNv8kO4bOar_gyUW2n_VfAsvZAslwRtxtqP3O7s6ajHc0Q83yajsL93vRewyZDpKhe4zrUXZLgnZlKVblanahzdE6aDfCfTb9HOj09mzV8M-cKOQqWhkWLrR1MzxEiH16znZNTZPvX_xp9L1tGQ6e0ARQXhTuRWHZcaAfe3IVMg/s1951/sdwan7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1077" data-original-width="1951" height="354" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiODT1zP74kL2fmXWCnNv8kO4bOar_gyUW2n_VfAsvZAslwRtxtqP3O7s6ajHc0Q83yajsL93vRewyZDpKhe4zrUXZLgnZlKVblanahzdE6aDfCfTb9HOj09mzV8M-cKOQqWhkWLrR1MzxEiH16znZNTZPvX_xp9L1tGQ6e0ARQXhTuRWHZcaAfe3IVMg/w640-h354/sdwan7.png" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCCL1RVk_9sPuUssgSg8zuFS5QLA48QjicZ4sHickLOAw8ibhKGEzMCrCPWqKEQRIFTVklJpT8Y-AcHWNyHVVdmsI1rhukeIaM-myRbTLFzlPZmTlHczJr5hFZi9Wq2Qf28K0Ia_XLncSkPPWlm_GGYk706QSJI7Z5m_G2COhcZnXVp-M0gaONNwPjBA/s1292/sdwan8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="727" data-original-width="1292" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCCL1RVk_9sPuUssgSg8zuFS5QLA48QjicZ4sHickLOAw8ibhKGEzMCrCPWqKEQRIFTVklJpT8Y-AcHWNyHVVdmsI1rhukeIaM-myRbTLFzlPZmTlHczJr5hFZi9Wq2Qf28K0Ia_XLncSkPPWlm_GGYk706QSJI7Z5m_G2COhcZnXVp-M0gaONNwPjBA/w640-h360/sdwan8.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /> </div><br /><span style="background-color: white; color: #4d4c4c; font-family: CiscoSans, Arial, sans-serif; font-size: 18px;"><br /></span><p></p><p style="text-align: left;"><span style="background-color: white; color: #4d4c4c; font-family: CiscoSans, Arial, sans-serif; font-size: 18px;"><br /></span></p></div><p></p>ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-54219366510976706852022-07-07T11:54:00.002-07:002022-07-07T11:54:55.970-07:00Wireless deployment options<p> </p><p><br /></p><h3 style="text-align: center;"><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><span style="color: #6fa8dc; font-size: x-large;"><u>Wireless deployment options</u></span></div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsortnXa36JFsfwsMovvqAFHvXioiYjbSNloc7aHVjHt0oPVxW00OM82x4KJ92lmDRJPKDUcYH9up35o2UCvdrFCUTAo5lalT4sJdxvEcY58hFF6hYUg0ZEjWDWKZWj4Up0oPni48t_pBmeLuDDn7thK900RnC8asezhlr-ER4W2AgHBJEK3pU0rsldA/s600/ap3.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="247" data-original-width="600" height="132" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsortnXa36JFsfwsMovvqAFHvXioiYjbSNloc7aHVjHt0oPVxW00OM82x4KJ92lmDRJPKDUcYH9up35o2UCvdrFCUTAo5lalT4sJdxvEcY58hFF6hYUg0ZEjWDWKZWj4Up0oPni48t_pBmeLuDDn7thK900RnC8asezhlr-ER4W2AgHBJEK3pU0rsldA/s320/ap3.jpg" width="320" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"></td></tr></tbody></table><br /><span style="color: red;"><br /></span></h3><h3 style="text-align: center;"><span style="color: red;"><br /></span></h3><h3 style="text-align: center;"><span style="color: red;">Autonomous Access point</span></h3><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtqsu8PLRfjMZVti4yM7_Oc4FwglUy4W5mjqWmkiDqZDTS3ZFuLWjtV1mvSAv6Ia-51-bByD6Spyg1WNeU4KgahcGUUWm9c2wevzxpBwyv43CKJf33R6Nj6b8P-6CX0qGatUlf3ijt8Nd31bTAG5FQn6dF1bsSJ84YDjibxgYKtu0CO_PgfLFT9Jni6g/s800/AP%201.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="598" data-original-width="800" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtqsu8PLRfjMZVti4yM7_Oc4FwglUy4W5mjqWmkiDqZDTS3ZFuLWjtV1mvSAv6Ia-51-bByD6Spyg1WNeU4KgahcGUUWm9c2wevzxpBwyv43CKJf33R6Nj6b8P-6CX0qGatUlf3ijt8Nd31bTAG5FQn6dF1bsSJ84YDjibxgYKtu0CO_PgfLFT9Jni6g/w262-h196/AP%201.png" width="262" /></a></div><br /><span style="color: red;"><br /></span></div><div><ul style="text-align: left;"><li>Home or small office environment</li><li>Standalone, independent devices</li><li>No wireless controller deployment model</li><li>Not commonly used in large companies</li></ul></div><div><br /></div><div><h3 style="text-align: center;"><span style="color: red;"><br /></span></h3><h3 style="text-align: center;"><span style="color: red;"><br /></span></h3><h3 style="text-align: center;"><span style="color: red;">Lightweight Access point</span></h3></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirlL5s4G9SOo3ReA45Y3OrWETtG1eIGd1PVzhPuAbiaJeRGYBK59T0Do84X3l9SBz-5ff7tgVov1wnDnXaD2cM1G_XNq87GWlQt_FZkD1Csqwu1DKKcO1XCAe5ji6xbQTOP0MUucwcTfGyc5V7qCDIqoicJQ29OIlE-Clpn-pebTFe78r72atOzBaScg/s279/ap4.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="181" data-original-width="279" height="131" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirlL5s4G9SOo3ReA45Y3OrWETtG1eIGd1PVzhPuAbiaJeRGYBK59T0Do84X3l9SBz-5ff7tgVov1wnDnXaD2cM1G_XNq87GWlQt_FZkD1Csqwu1DKKcO1XCAe5ji6xbQTOP0MUucwcTfGyc5V7qCDIqoicJQ29OIlE-Clpn-pebTFe78r72atOzBaScg/w202-h131/ap4.jpg" width="202" /></a></div><br /><span style="color: red;"><br /></span></div><div><span style="color: red;"><br /></span></div><div><ul style="text-align: left;"><li>Need a Wireless LAN Controller (WLC) for enterprise environment</li><li>Wireless controller deployment with a single control administration </li><li>WLC can be physicals or virtual</li><li>Controller communicates changes to AP</li><li>Control and provisioning Wireless Access point (CAPWAP) a wireless tunnel</li></ul></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtn0BK3FnBYzS5ETmLUyX_XB4SJtqQM0CZ5u6sy5WwnIOFN6NJ7CsNgqe6wM2MQotM195fHgRQ0mi9sniqBJNOEs08_CDuJtTzz4_ACE3K5pnjO2cPIm8FDo-fUbQZOo0tn1SwbKU4i3Gd1So360rHKljybMhPP7ybn9K8JholWy_v08dDD50_BPudgg/s1020/capwap%20tunnel.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="441" data-original-width="1020" height="173" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtn0BK3FnBYzS5ETmLUyX_XB4SJtqQM0CZ5u6sy5WwnIOFN6NJ7CsNgqe6wM2MQotM195fHgRQ0mi9sniqBJNOEs08_CDuJtTzz4_ACE3K5pnjO2cPIm8FDo-fUbQZOo0tn1SwbKU4i3Gd1So360rHKljybMhPP7ybn9K8JholWy_v08dDD50_BPudgg/w400-h173/capwap%20tunnel.png" width="400" /></a></div><br /><div><br /></div><div><ul style="background-color: white; box-sizing: border-box; color: #222222; font-family: "Noticia Text", serif; font-size: 16px; list-style-image: initial; list-style-position: initial; margin: 0px 0px 24px 1.25em; padding: 0px;"><li style="box-sizing: inherit;">Layer 3 boundary for each data VLAN is handled at/or near the WLC.</li><li style="box-sizing: inherit;">CAPWAP tunnel between AP and WLC that is usually connected to Core Switch are used to carry multiple VLANs</li></ul></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgocvuf1Yt-BEF6__kLfJfR52_JS6HCG_CJ429271q-JNUA0Dzj6iPTWxmQFN28N26Oq3s0F7_5qkBlZ4F_43kZvao7iKPIK49E0sCVenFslFrflu_0xFwEOdYyR5l2rljvrHhJXhkO4jQo8kzqC5HT8vHQGyOF-TMTv-nPYjyQswAkQiWt1UzpIdWyw/s760/ap5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="760" data-original-width="650" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgocvuf1Yt-BEF6__kLfJfR52_JS6HCG_CJ429271q-JNUA0Dzj6iPTWxmQFN28N26Oq3s0F7_5qkBlZ4F_43kZvao7iKPIK49E0sCVenFslFrflu_0xFwEOdYyR5l2rljvrHhJXhkO4jQo8kzqC5HT8vHQGyOF-TMTv-nPYjyQswAkQiWt1UzpIdWyw/s320/ap5.png" width="274" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;">but in this situation look what happens when they move to another Vlan</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifY8FukM-za08sY0RRVFxpx7LK6dnEuge-QzVaItCwruWc4Qz_YyhWMO35MR-GqFUzFn5_5MCEbG9CmjBIYLzZmDzhxuC4G9bE_dejW5PwZEw13aTX4BVTL2NEem88AwpWd2Y0PfEx4cvuW0J6yf77qXJuypT5ax2OiqgYl-mvj_noxtEScGVnUhzn6Q/s518/ap7.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="406" data-original-width="518" height="502" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifY8FukM-za08sY0RRVFxpx7LK6dnEuge-QzVaItCwruWc4Qz_YyhWMO35MR-GqFUzFn5_5MCEbG9CmjBIYLzZmDzhxuC4G9bE_dejW5PwZEw13aTX4BVTL2NEem88AwpWd2Y0PfEx4cvuW0J6yf77qXJuypT5ax2OiqgYl-mvj_noxtEScGVnUhzn6Q/w640-h502/ap7.jpg" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div>If a user move a computer from one area to another it will keep the communication because it keeps the same IP address , that is called <b>Layer 3 roaming</b> .. Wireless roaming</div><div><br /></div><div><br /></div><div style="text-align: center;"><b><span style="color: #cc0000; font-size: large;">Cisco Flex Connect</span></b></div><div><b><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2NrdSv-SOynU-cca8sZMJqL3sP50IUXRou_7EfdEE-SazOjT0F4XbQt1CsRGjz_4kz0QGWam9Mlm8m9bf1LF4DmvoauFC2eIb3qLwvfN-Hp3p7WV41CZxIOJXmvS3ol0OvVn2xhMJSlMTYaQxYaV0r77lbUUgWI36KLipR820fwn01ifJayDNfBG-GQ/s1269/ap8.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="498" data-original-width="1269" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2NrdSv-SOynU-cca8sZMJqL3sP50IUXRou_7EfdEE-SazOjT0F4XbQt1CsRGjz_4kz0QGWam9Mlm8m9bf1LF4DmvoauFC2eIb3qLwvfN-Hp3p7WV41CZxIOJXmvS3ol0OvVn2xhMJSlMTYaQxYaV0r77lbUUgWI36KLipR820fwn01ifJayDNfBG-GQ/w640-h253/ap8.JPG" width="640" /></a></div><br /><span style="color: #cc0000;"><br /></span></b></div><div><b><span style="color: #cc0000;"><br /></span></b></div><div><ul style="text-align: left;"><li>Configure and control <b>Remote</b> wireless network</li><li>Similar to layer 3 roaming with Capwap</li></ul><div><b><span style="color: #6aa84f;">Cisco Flex connect central switched</span></b></div></div><div><span style="background-color: white;"><span style="color: #6b6b6b; font-family: Open Sans, sans-serif;"><span style="font-size: 14px;">When WLAN is configured to use Central Switching, traffic from an AP is still tunneled to WLC, however, local-site traffic can be enabled for local switching by configuring Split Tunneling. Normal CAPWAP mode of operation. Not the recommended mode</span></span></span></div><div><b><span style="color: #6aa84f;"><br /></span></b></div><div><b><span style="color: #6aa84f;">Cisco Flex connect local switched</span></b></div><div><span style="background-color: white; color: #6b6b6b; font-family: "Open Sans", sans-serif; font-size: 14px;">AP in Flex Connect Local Switching mode switches all traffic locally, even when AP can reach WLC. It is similar to the operation of autonomous APs which also switches traffic locally by mapping SSIDs to VLANs. Map user traffic to Vlan or adjacent switch.</span></div><div><span style="background-color: white; color: #6b6b6b; font-family: "Open Sans", sans-serif; font-size: 14px;"><br /></span></div><h3 style="text-align: left;"><b><span style="color: #6aa84f; font-size: large;"><span style="font-family: Open Sans, sans-serif;">Location</span><span style="background-color: white; font-family: "Open Sans", sans-serif;"> services</span></span></b></h3><div><span style="background-color: white; color: #6b6b6b; font-family: "Open Sans", sans-serif; font-size: 14px;">Enterprises asset </span><span style="color: #6b6b6b; font-family: Open Sans, sans-serif;"><span style="font-size: 14px;">tracking</span></span></div><div><span style="color: #6b6b6b; font-family: Open Sans, sans-serif;"><span style="font-size: 14px;">Marketing: they send advertisement to your email</span></span></div><div><span style="color: #6b6b6b; font-family: Open Sans, sans-serif;"><span style="font-size: 14px;">it show the location of your devices</span></span></div><div><br /></div><div><br /></div>ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-81728315141763942222021-11-08T20:25:00.005-08:002022-05-20T16:17:04.832-07:00Cisco Nexus Configuration in GNS3<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgN0_CEK9qtrEsHU1fBYOmDIpGHPq1EqQR30eaLS0qD17_gKE9YagA10ncMSJdHgMy5Pbh3q6Mi9WMRT39yqNnfa0o2pthc-D89lATwOJms1r0q8hysqEGjGNDep8Y4MZALvJ1Z5t44ezP2/s300/gns3-7.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="209" data-original-width="300" height="209" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgN0_CEK9qtrEsHU1fBYOmDIpGHPq1EqQR30eaLS0qD17_gKE9YagA10ncMSJdHgMy5Pbh3q6Mi9WMRT39yqNnfa0o2pthc-D89lATwOJms1r0q8hysqEGjGNDep8Y4MZALvJ1Z5t44ezP2/s0/gns3-7.jpg" width="300" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;">First, we need to download the GNS3 and the images of Nexus and routers in GNS3 from the internet</div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2VrvzHMlo-vRHW7dgTwGCfWR1xJo3h0NCKXg0YS3klcio4csNwIWrmW8DeW61T2kAaLN_toOZvSJ8CzJt9MFy24mzXMIaOCGrFtbqZFxbYObWJCYVcAOb1o_Kvg04TbTV9HjkTiey66tI/s889/gns3-1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="404" data-original-width="889" height="290" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2VrvzHMlo-vRHW7dgTwGCfWR1xJo3h0NCKXg0YS3klcio4csNwIWrmW8DeW61T2kAaLN_toOZvSJ8CzJt9MFy24mzXMIaOCGrFtbqZFxbYObWJCYVcAOb1o_Kvg04TbTV9HjkTiey66tI/w640-h290/gns3-1.png" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;">We will choose the nexus images as well</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj11fbzs-udFF_0gRxrkcwxVZUIuy7DrLMN_hqUbL5wBV8UDElTg1KNuNrsSn9BDW2s-NWiDbhQ6YynFlxkj4RJJteKN7bJAczj1kRN8JxhezZwIq3MxDNRc_Fx7oq59vJhnvpFcktPpNlY/s942/gns3-2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="377" data-original-width="942" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj11fbzs-udFF_0gRxrkcwxVZUIuy7DrLMN_hqUbL5wBV8UDElTg1KNuNrsSn9BDW2s-NWiDbhQ6YynFlxkj4RJJteKN7bJAczj1kRN8JxhezZwIq3MxDNRc_Fx7oq59vJhnvpFcktPpNlY/w640-h256/gns3-2.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1VVOpTToX_lrAsladuuCIihg4HCC-t-4ZilHrt85MuokxLRCMLGu-x6cbR9Jg0ULEG2YSbun6DmCK9RUBDLh0hYha2bEVB33AO47FkEdxU4vi32a8SpT3LeG273C1I6Yf5oB29oQjg33S/s989/gns3-3.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="549" data-original-width="989" height="356" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1VVOpTToX_lrAsladuuCIihg4HCC-t-4ZilHrt85MuokxLRCMLGu-x6cbR9Jg0ULEG2YSbun6DmCK9RUBDLh0hYha2bEVB33AO47FkEdxU4vi32a8SpT3LeG273C1I6Yf5oB29oQjg33S/w640-h356/gns3-3.png" width="640" /></a></div><p><br /></p>Nexus will take a while to download, login and password are admin , admin<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9Rep2obo_f_RQwLMmLRaOEXYHS0zH4eFy1z5XAoKL1frMFLYAwo7U9o0otCuTAiz42jaIiZoOs-eNhPNEmZHxlGHt1zWDkVX9YOnT2kscUEiKk_4D8Pbus13LQvBmFhT2hREwVAEZ8g0m/s959/gns3-4.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="586" data-original-width="959" height="392" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9Rep2obo_f_RQwLMmLRaOEXYHS0zH4eFy1z5XAoKL1frMFLYAwo7U9o0otCuTAiz42jaIiZoOs-eNhPNEmZHxlGHt1zWDkVX9YOnT2kscUEiKk_4D8Pbus13LQvBmFhT2hREwVAEZ8g0m/w640-h392/gns3-4.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj01RZMBFkO0ootpbzKqCGlFOEESkyJGr7a_VxI_xzIItDxdOCLBaAclzkdD00ed4XruX52BV_jN8nRr9qYXKcaS6eV0mfAY6bxnleBSJSLZLNTHMfjM10n-msSUZswBcrqpWes-Q0gHLFY/s886/gns3-5.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="579" data-original-width="886" height="418" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj01RZMBFkO0ootpbzKqCGlFOEESkyJGr7a_VxI_xzIItDxdOCLBaAclzkdD00ed4XruX52BV_jN8nRr9qYXKcaS6eV0mfAY6bxnleBSJSLZLNTHMfjM10n-msSUZswBcrqpWes-Q0gHLFY/w640-h418/gns3-5.png" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;">We will verify the interfaces, we see they are shut down </div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhljzZqkgIOejCF56dpwNzyub-xnEO4WVuutFmYhsDR65Tm-n1MNjsMgBMygW-av88oao-FyAp33ljXTT0Ve6cWObcB9XiSVeiy3r4GWh1q6dsW8lviUbmRBabvGyXsNEf-t8Xog7caT10/s957/gns3-6.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="703" data-original-width="957" height="470" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhljzZqkgIOejCF56dpwNzyub-xnEO4WVuutFmYhsDR65Tm-n1MNjsMgBMygW-av88oao-FyAp33ljXTT0Ve6cWObcB9XiSVeiy3r4GWh1q6dsW8lviUbmRBabvGyXsNEf-t8Xog7caT10/w640-h470/gns3-6.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div>now let's rename the nexus and see the neighbors<p></p><p><br /></p><p><br /></p><h3 style="text-align: center;"><span style="color: #6aa84f;">Nexus status</span></h3><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2h6TTnQ7bw2VNQNtc9lS0UJ7Ru59rpCTlEad2O828zC5N2a_4LDb478PV71qk3FYqHkQCwlC659WU-sRY-Cksy7AcC5PccFYYjGzM4Q-BBA4C9cUCjCSt1ZOLQrMWK6KBe65TUcnct81z/s416/gns3-8.jpg.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="416" data-original-width="373" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2h6TTnQ7bw2VNQNtc9lS0UJ7Ru59rpCTlEad2O828zC5N2a_4LDb478PV71qk3FYqHkQCwlC659WU-sRY-Cksy7AcC5PccFYYjGzM4Q-BBA4C9cUCjCSt1ZOLQrMWK6KBe65TUcnct81z/w359-h400/gns3-8.jpg.png" width="359" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div><br /></div><br /><p><br /></p><p>R1 configuration<br /> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYFxVkP1M_RXHYjDKIymiroEJBgpqEFqUSFpdQUCgc6kO4zcQZGjyQJ6zzXUeveerlKWQ1oNNzEBMT6Txc8grCBOHP0Jy34VdLnyUP-pUNZBlmQkIqWWlrpjesaPiJppomqK_7re9_HR3D/s380/gns3-9.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="362" data-original-width="380" height="610" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYFxVkP1M_RXHYjDKIymiroEJBgpqEFqUSFpdQUCgc6kO4zcQZGjyQJ6zzXUeveerlKWQ1oNNzEBMT6Txc8grCBOHP0Jy34VdLnyUP-pUNZBlmQkIqWWlrpjesaPiJppomqK_7re9_HR3D/w640-h610/gns3-9.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4OIA1tv_cpgBskS_XQl149kecDWl7I1kG03iWqVMxRWth9JNP0QOOpUpfI_1PoychnzebRMQDDagwlMuyl99MMbmak10ddGLouWllJqxeeKM2-dFnE_cpNyx3FwtdW3DnVYn12cgdrwO2/s519/gns3-10.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="387" data-original-width="519" height="478" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4OIA1tv_cpgBskS_XQl149kecDWl7I1kG03iWqVMxRWth9JNP0QOOpUpfI_1PoychnzebRMQDDagwlMuyl99MMbmak10ddGLouWllJqxeeKM2-dFnE_cpNyx3FwtdW3DnVYn12cgdrwO2/w640-h478/gns3-10.png" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;">R2 configuration</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyRZBmzv3nYfXuSPB1W_xbFfIaL_gOmqEJLqjsPc4SsU4JA5D-0qSzkLlXAYiYoDf2y28DNRJMe3V8a9_zbDMf2Bl6uWi4oimtL4SxMt5NFxbFmW4S7cqMXLFKyY4VfGv-lxdZBm_CZdW-/s396/gns3-11.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="381" data-original-width="396" height="616" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyRZBmzv3nYfXuSPB1W_xbFfIaL_gOmqEJLqjsPc4SsU4JA5D-0qSzkLlXAYiYoDf2y28DNRJMe3V8a9_zbDMf2Bl6uWi4oimtL4SxMt5NFxbFmW4S7cqMXLFKyY4VfGv-lxdZBm_CZdW-/w640-h616/gns3-11.png" width="640" /></a></div><div><br /></div><div><br /></div>Nexus configuration<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgczsw6nZKyeG8aBuG52Vn8zS2KdzPBJ7Iqt8PyhyphenhyphenXsDTBmPHWIiNCjvOfKTwtGXMonVwc6btt3WzvetHs7mq_vdDEnCkF3WKmgTRGIJaBFuOokM2jgDrljLNnp6WBKa-wF6WIduaZN1NIs/s536/gns3-12.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="516" data-original-width="536" height="616" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgczsw6nZKyeG8aBuG52Vn8zS2KdzPBJ7Iqt8PyhyphenhyphenXsDTBmPHWIiNCjvOfKTwtGXMonVwc6btt3WzvetHs7mq_vdDEnCkF3WKmgTRGIJaBFuOokM2jgDrljLNnp6WBKa-wF6WIduaZN1NIs/w640-h616/gns3-12.png" width="640" /></a></div><br /><div><br /></div><h2 style="text-align: center;"><u><span style="color: #6aa84f;">Setting the route so we can ping</span></u></h2><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvC4LtoHuN6lEzs1HAxc3fwebt0dCFn4mEPYJCqJbWgurgVin7zPmSHlmTleKrkY6atNnlcnwB_pH3fdmUXiHpFMYIEfckKS0ruihsvV3M7AE_G8SNEjD-rGzZgBSsMwuTwCoQ2LDeGvzm/s513/gns3-13.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="405" data-original-width="513" height="506" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvC4LtoHuN6lEzs1HAxc3fwebt0dCFn4mEPYJCqJbWgurgVin7zPmSHlmTleKrkY6atNnlcnwB_pH3fdmUXiHpFMYIEfckKS0ruihsvV3M7AE_G8SNEjD-rGzZgBSsMwuTwCoQ2LDeGvzm/w640-h506/gns3-13.png" width="640" /></a></div><br /><div>as you cann see we added the ip addresses oif the two routers to the Nexus</div><div><br /></div><div>The routers can noty ping each otyher: they are in different subnet.We will use ospf in BOTH routers</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9ENB1ZqfgCM-Z1x6rY17odEUH40uNNiN5lfOgiUN6PejnPEmJxPXblXephULJwTa1o1k5pnrrQvPNRta8gjE2LF0cyAH9asV3Vv57LI1jxwCYmrKO_DO6lY2vyRprmUp7f79rQZcgUCaD/s517/gns3-14.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="112" data-original-width="517" height="138" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9ENB1ZqfgCM-Z1x6rY17odEUH40uNNiN5lfOgiUN6PejnPEmJxPXblXephULJwTa1o1k5pnrrQvPNRta8gjE2LF0cyAH9asV3Vv57LI1jxwCYmrKO_DO6lY2vyRprmUp7f79rQZcgUCaD/w640-h138/gns3-14.png" width="640" /></a></div><div><br /></div><div><br /></div>in nexus we will see the resulty...with "show running config" command<div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZT6Ggkvl5ckYDPW42Rh8UgRvzlPFW8NaPCAAGpWAceySvyDjHCbcygUt1_Q78euSuq76Tjjbsv5_n13_jgAg82Q-v1VrrfuIyr82dvZb-Kd7xpvoufK8BnG_57_Ob6TTlSxUPzaRbbGD5/s259/gns3-15.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="259" data-original-width="240" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZT6Ggkvl5ckYDPW42Rh8UgRvzlPFW8NaPCAAGpWAceySvyDjHCbcygUt1_Q78euSuq76Tjjbsv5_n13_jgAg82Q-v1VrrfuIyr82dvZb-Kd7xpvoufK8BnG_57_Ob6TTlSxUPzaRbbGD5/w593-h640/gns3-15.png" width="593" /></a></div><br /><div><br /></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUfTdgn-AzQFNjxws3TMJIYN58hhsYgOTFKpss2eTexkP4-iJvShuV5zNvrptKvOXg8Ah9NIslRr_Wr1puvM-Hkvz0rtifpBTrAiIr7meVQ1ML80OLaXz5yRs4k-YYWIZFqHmV9FxWjoKx/s363/gns3-16.jpg.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="255" data-original-width="363" height="450" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUfTdgn-AzQFNjxws3TMJIYN58hhsYgOTFKpss2eTexkP4-iJvShuV5zNvrptKvOXg8Ah9NIslRr_Wr1puvM-Hkvz0rtifpBTrAiIr7meVQ1ML80OLaXz5yRs4k-YYWIZFqHmV9FxWjoKx/w640-h450/gns3-16.jpg.png" width="640" /></a></div><div><br /></div>config of R1 in nexus<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgafdTqD76oVfIZWcQy-JWMhdAem3nY5KinBUtDcNbepJytwrFgFJamKCqIMlT014ZKSY0CWGgxH4U0c8NgWLf8VaNtRXtofVsX47-un9G5lBeHwTR2A7tYZlpFMglHVrCQevRp2QeUzvkK/s562/gns3-17.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="189" data-original-width="562" height="216" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgafdTqD76oVfIZWcQy-JWMhdAem3nY5KinBUtDcNbepJytwrFgFJamKCqIMlT014ZKSY0CWGgxH4U0c8NgWLf8VaNtRXtofVsX47-un9G5lBeHwTR2A7tYZlpFMglHVrCQevRp2QeUzvkK/w640-h216/gns3-17.png" width="640" /></a></div><div><br /></div>config of r2 in nexux and checking the ospf neighbor relationship<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTZrNuTiPn84TojL9kMpcj7vosvErK2fDvzkRCgkM6ksNtLh__QjOt8yp-7f57bmLt7a7_5ZXB961eLyBSd-h-cJjmyh2DhAakzM1Y4et4j2WgJ5Z7iO5xpbeQaoeaiEQHodtShPciM6ML/s538/gns3-18.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="400" data-original-width="538" height="476" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTZrNuTiPn84TojL9kMpcj7vosvErK2fDvzkRCgkM6ksNtLh__QjOt8yp-7f57bmLt7a7_5ZXB961eLyBSd-h-cJjmyh2DhAakzM1Y4et4j2WgJ5Z7iO5xpbeQaoeaiEQHodtShPciM6ML/w640-h476/gns3-18.png" width="640" /></a></div><br /><div><br /></div><div>we will check on R1 , if this was loading the neighbor and eventually we will create the loopback on r1 and we will check if this was available on the nexus</div><div><br /></div></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh83VdrGyIjzfb_xYn5FWMd37_w-Jy07c4sywlWm7IQvqGwTdCZq6chyUAJ-W37LMYVZgr8P21Mzf4zmSpAobg-6RZjzfYjb9mVBpBQxli3YhXxH4OxUwZZsVwg2Ikq8vDTGHnuL9engfF7/s1109/gns3-19.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="399" data-original-width="1109" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh83VdrGyIjzfb_xYn5FWMd37_w-Jy07c4sywlWm7IQvqGwTdCZq6chyUAJ-W37LMYVZgr8P21Mzf4zmSpAobg-6RZjzfYjb9mVBpBQxli3YhXxH4OxUwZZsVwg2Ikq8vDTGHnuL9engfF7/w640-h230/gns3-19.png" width="640" /></a></div><br /><div><br /></div><div><br /></div><div>Now we will create a loopback in R1 and we will ping from the nexus switch..we will eventually ping the loopback we will create</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRjvlTXFWLPx6HiE0zwNvJ17qvn88DPeVnZw8k-jbXo-3CXNyuPRMGjhDPkhteaEL8QXNZdo6tKDZrC9BaUVUeJTswD4WxQxifGDiHb9V1oH6TElBJrfX5YFcAJoqGFjbyu6kTsQ4R8vv8/s1001/gns3-20.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="429" data-original-width="1001" height="274" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRjvlTXFWLPx6HiE0zwNvJ17qvn88DPeVnZw8k-jbXo-3CXNyuPRMGjhDPkhteaEL8QXNZdo6tKDZrC9BaUVUeJTswD4WxQxifGDiHb9V1oH6TElBJrfX5YFcAJoqGFjbyu6kTsQ4R8vv8/w640-h274/gns3-20.png" width="640" /></a></div><br /><div><br /></div><div>Now we will check if we can ping the loopback from the other router in R1</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoLBgFMciDN5RglHXgcRh2-wPYIxdGNHVyKmv1Ox805eeZfL8TwNiVIgAZG2QLBDoUIoWnaE0vp_MId0enQAjkLoZ2AM05G0zYJ9xjSNLRZ4SlCw7K1fgcTLVSR_jGnAKFrYyEM1jus_Yq/s544/gns3-21.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="408" data-original-width="544" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoLBgFMciDN5RglHXgcRh2-wPYIxdGNHVyKmv1Ox805eeZfL8TwNiVIgAZG2QLBDoUIoWnaE0vp_MId0enQAjkLoZ2AM05G0zYJ9xjSNLRZ4SlCw7K1fgcTLVSR_jGnAKFrYyEM1jus_Yq/w640-h480/gns3-21.png" width="640" /></a></div><br /><div><br /></div><div>Now from R2 we will do the same</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3_9vnUxixaaGJKWik34mt6s93Sh8ziFEuNGXpn9p4k81JwVuD71mqWXLF7aeZP7YKeptowHuviVFDXDD6veMZd4b_Qy64V7fRDYvTA0MruGBczphcqZTHJEnJpAAnBG_RLYCnsjCl9XUb/s423/gns3-22.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="408" data-original-width="423" height="618" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3_9vnUxixaaGJKWik34mt6s93Sh8ziFEuNGXpn9p4k81JwVuD71mqWXLF7aeZP7YKeptowHuviVFDXDD6veMZd4b_Qy64V7fRDYvTA0MruGBczphcqZTHJEnJpAAnBG_RLYCnsjCl9XUb/w640-h618/gns3-22.png" width="640" /></a></div><div><br /></div><div><br /></div>we will verify in nexus<div><br /></div><div>show feature command<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1B4eAh6Z8Sd_MT3ZDMl9BZSQajOu6ehznw806m-8QWWa4LoSpk0FjhOonkKevJplNxn9-06Za30m9syCZsiecfDdcVY0ZfX11HS6TMlpLflho2Y4rbUPJcCv8R190M3um2eKjl-W2C7nS/s432/gns3-23.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="421" data-original-width="432" height="624" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1B4eAh6Z8Sd_MT3ZDMl9BZSQajOu6ehznw806m-8QWWa4LoSpk0FjhOonkKevJplNxn9-06Za30m9syCZsiecfDdcVY0ZfX11HS6TMlpLflho2Y4rbUPJcCv8R190M3um2eKjl-W2C7nS/w640-h624/gns3-23.png" width="640" /></a></div><div><br /></div><div><br /></div><div><br /></div>show run command<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnzWiZjQFt1mW36F_8lx_yjKIyRJP9UJs5hP5xdcZaZl1xYMAOsMhwut1Ah9-IZey5B_4gDfFAwsgD_5rl8x9SjpW_bCy_QeDyoc2gtKY2ARP-hFh6HJRaUkak9iiQLjIUU0bgzDrXWbYB/s341/gns3-24.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="341" data-original-width="285" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnzWiZjQFt1mW36F_8lx_yjKIyRJP9UJs5hP5xdcZaZl1xYMAOsMhwut1Ah9-IZey5B_4gDfFAwsgD_5rl8x9SjpW_bCy_QeDyoc2gtKY2ARP-hFh6HJRaUkak9iiQLjIUU0bgzDrXWbYB/w534-h640/gns3-24.png" width="534" /></a></div><br /><div><br /></div><div>OSPF verification</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjU0sdfocuuuFxT1FP7jLVklOqRhVhBm_GLxs2p5peLMHEJnzsCIkOcA4k5WkzDadJheKHjIBKedaoQ6dfz2kB3fr8eGSTPcqUHXu44icUKnIFmGb2FuISD-x2AbKRVOwtWhfZa0N0gL_6/s453/gns3-25.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="248" data-original-width="453" height="350" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjU0sdfocuuuFxT1FP7jLVklOqRhVhBm_GLxs2p5peLMHEJnzsCIkOcA4k5WkzDadJheKHjIBKedaoQ6dfz2kB3fr8eGSTPcqUHXu44icUKnIFmGb2FuISD-x2AbKRVOwtWhfZa0N0gL_6/w640-h350/gns3-25.png" width="640" /></a></div><br /><div><br /></div><div><br /></div><div>This lab was done! and we verified all the information.</div><div>If you like it, please share!</div><div>Thanks!</div><div><br /></div></div>ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-63712741221754163782018-02-25T15:52:00.000-08:002018-11-09T12:03:46.296-08:00Dynamic Trunk Protocol (DTP)<img alt="Image result for dynamic trunk protocol" src="https://images.slideplayer.com/26/8759770/slides/slide_81.jpg" height="300" width="400"><br />
<br />
<span style="background-color: white; color: #333333; font-family: "roboto" , sans-serif; font-size: 13px;">A dynamic trunk protocol enables dynamic negotiation of trunk encapsulation types between ports connecting intermediate stations in a computer network.</span><br />
<span style="background-color: white; color: #333333; font-family: "roboto" , sans-serif; font-size: 13px;"> The stations are preferably interconnected by a point-to-point link. Negotiation between a local port and a neighbor port of the switches results in synchronization of the port configurations to a common trunk encapsulation type, such as an Interswitch Link (ISL), IEEE 802.1Q or non-trunk port configuration.</span><br />
<span style="background-color: white; color: #333333; font-family: "roboto" , sans-serif; font-size: 13px;"><br /></span>
<span style="background-color: white; color: #333333; font-family: "roboto" , sans-serif; font-size: 13px;"><br /></span>
<img alt="Image result for dynamic trunk protocol" src="https://image.slidesharecdn.com/ciscosystems-hackinglayer2ethernetswitches-150725072559-lva1-app6892/95/cisco-systems-hacking-layer-2-ethernet-switches-25-638.jpg?cb=1437809200" /><br />
<span style="background-color: white; color: #333333; font-family: "roboto" , sans-serif; font-size: 13px;"><br /></span>
<span style="background-color: white; color: #333333; font-family: "roboto" , sans-serif; font-size: 13px;">The present invention relates to a dynamic trunk protocol (DTP) that enables dynamic negotiation of trunk encapsulation types between ports connecting intermediate stations in a computer network. The stations are preferably switches interconnected by a trunking mechanism used to transport logical links for virtual local area networks (VLANs) between the ports. Negotiation between the ports results in synchronization of their configurations to a common trunk encapsulation type. In particular, the DTP synchronizes each trunk capable port to a common Interswitch Link (ISL), IEEE 802.1Q or non-trunk port configuration.</span><br />
<span style="background-color: white; color: #333333; font-family: "roboto" , sans-serif; font-size: 13px;"><br /></span>
<span style="background-color: white; color: #333333; font-family: "roboto" , sans-serif; font-size: 13px;"><br /></span>
<img alt="Image result for dynamic trunk protocol" src="https://networkjutsu.com/wp-content/uploads/2014/02/DTP.png?x33213" /><br />
<br />
<br />
<img alt="Image result for dynamic trunk protocol" src="https://www.ciscopress.com/content/images/chap3_9781587133183/elementLinks/03fig21.jpg"><br />
<br />
This graphic will show the negotiation with DTP<br />
<br />
<img alt="Image result for dynamic trunk protocol" src="https://image.slidesharecdn.com/multilayer-campus-architectures-and-design-principles-mmontanez-120601103600-phpapp02/95/multilayer-campus-architectures-and-design-principles-40-728.jpg?cb=1362736978" /><br />
<br />
<br />
<br />ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-54343662561712549862017-02-14T08:49:00.000-08:002018-11-09T14:33:08.540-08:00 AAAdot1x Lab Sim<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixw3pYQZhAOIcr5MCuXRF3BX8lHJdX0zkfpAiV_a8fZr7F_W0z22W7wp2LE4EU3wEeSLeDsOzKJnuVByee7NzyJ65CcmxbEoc2pu3DBg8bfZn9NfaVa2iHc4wbJoGlurGNCJIQvNrunjHb/s1600/Switch.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixw3pYQZhAOIcr5MCuXRF3BX8lHJdX0zkfpAiV_a8fZr7F_W0z22W7wp2LE4EU3wEeSLeDsOzKJnuVByee7NzyJ65CcmxbEoc2pu3DBg8bfZn9NfaVa2iHc4wbJoGlurGNCJIQvNrunjHb/s640/Switch.jpg" width="640" /></a></div>
<br />
<br />
Acme is a small shipping company that has an existing enterprise network comprised of 2 switches;DSW1 and ASW1. The topology diagram indicates their layer 2 mapping. VLAN 40 is a new VLAN that will be used to provide the shipping personnel access to the server. For security reasons, it is necessary to restrict access to VLAN 20 in the following manner:<br />
– Users connecting to ASW1’s port must be authenticate before they are given access to the network. Authentication is to be done via a Radius server:<br />
– Radius server host: 172.120.39.46<br />
– Radius key: rad123<br />
– Authentication should be implemented as close to the host device possible.<br />
– Devices on VLAN 20 are restricted to in the address range of 172.120.40.0/24.<br />
– Packets from devices in the address range of 172.120.40.0/24 should be passed on VLAN 20.<br />
– Packets from devices in any other address range should be dropped on VLAN 20.<br />
– Filtering should be implemented as close to the server farm as possible.<br />
<br />
<br />
The Radius server and application servers will be installed at a future date. You have been tasked with implementing the above access control as a pre-condition to installing the servers. You must use the available IOS switch features.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZubCOyx7J9nKd40awgeEZO2BhaRGxMAeIIKvPXPRivDbsSqjjvemQ8LsRRpd9rb65Em9hiPjf9KNINoihWuB22NfbNhIUEYdSYilwDziADDIu4G5fooBC-Olf8tAIM3NO0wUQZb47Ved_/s1600/ccnpswitch.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="460" data-original-width="819" height="358" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZubCOyx7J9nKd40awgeEZO2BhaRGxMAeIIKvPXPRivDbsSqjjvemQ8LsRRpd9rb65Em9hiPjf9KNINoihWuB22NfbNhIUEYdSYilwDziADDIu4G5fooBC-Olf8tAIM3NO0wUQZb47Ved_/s640/ccnpswitch.png" width="640" /></a></div>
<br />
<br />
<br />
<br />
<h3>
<div style="text-align: center;">
<b></b><br />
<div style="display: inline !important;">
<b><b><span class="ccnaexplanation" style="color: #990000;"><u>Answer and Explanation:</u></span></b></b></div>
<b> </b></div>
</h3>
<span id="more-41"></span><br />
<br />
<br />
<br />
1.-So the first thing is to draw our diagram<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJDMJEMliq28_UcwDdNGb7oZwPtsp4Ll8VG-N292_3lA_jHUaWXR6ynWZJB7vVEFEjEHdqAtn0-3pHrweyn1AJlgLYtOKWuvY25kLAmzMeJJBVQ1kEIBYAhlhTcb4NiK7-qyyE_g3O0Np9/s1600/AAA-2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="255" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJDMJEMliq28_UcwDdNGb7oZwPtsp4Ll8VG-N292_3lA_jHUaWXR6ynWZJB7vVEFEjEHdqAtn0-3pHrweyn1AJlgLYtOKWuvY25kLAmzMeJJBVQ1kEIBYAhlhTcb4NiK7-qyyE_g3O0Np9/s320/AAA-2.png" width="320" /></a></div>
<br />
2.-And I want you to remember this that is located in our previous AAA lab on this CCNP Switch web site<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpAH7XJxUzE8z0GwAuLCeOmW2xlGgXatF_VYDZJU7PFDPVVPqMUcLpwJFqLZ9dOms4KMDUd7iiSfa41y0aGEsUA-glf2TssyAVBLdNSm5wiaHDO0DWzvV-1n0Ktej43MmAH9SldOnkm3yB/s1600/aaa.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="440" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpAH7XJxUzE8z0GwAuLCeOmW2xlGgXatF_VYDZJU7PFDPVVPqMUcLpwJFqLZ9dOms4KMDUd7iiSfa41y0aGEsUA-glf2TssyAVBLdNSm5wiaHDO0DWzvV-1n0Ktej43MmAH9SldOnkm3yB/s640/aaa.png" width="640" /></a></div>
<br />
3.-Get real Cisco equipment to do this lab...! I don't think you can do this with Packet Tracert<br />
<br />
4.-Check the initial , real connection that we have ..Both switches connected on fa0/2<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifYP44rxHe_-v2Bn-s6uwk9ROjDWM3pZllE67jNhnxmr-a0dNTMb-7YDPrvZ9SO_uw4dd1gQlLdKTmVI-gjjyBCJJiqUid2RtqriZ5dA8orRytlqoCnSPqNfx-M4VgjaixzFJwchqASPwY/s1600/AAA-3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="104" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifYP44rxHe_-v2Bn-s6uwk9ROjDWM3pZllE67jNhnxmr-a0dNTMb-7YDPrvZ9SO_uw4dd1gQlLdKTmVI-gjjyBCJJiqUid2RtqriZ5dA8orRytlqoCnSPqNfx-M4VgjaixzFJwchqASPwY/s640/AAA-3.png" width="640" /></a></div>
<br />
<br />
<div style="text-align: left;">
<b> <u><span style="color: #660000;">A) Configure ASW1</span></u></b></div>
<div style="text-align: left;">
<b><u><span style="color: #660000;"> </span></u><br />
</b></div>
<div style="text-align: left;">
<br />
<h4>
<span style="color: #274e13; font-size: large;">Enable AAA on the switch:</span></h4>
<span class="blueandbold">ASW1(config)#</span><b><span style="color: #073763;"><span class="pinkandbold">aaa new-model</span></span></b></div>
<div style="text-align: left;">
The new-model keyword refers to the use of method lists, by which authentication methods and sources can be grouped or organized.</div>
<div style="text-align: left;">
Define the server along with its secret shared password:<br />
<span class="blueandbold">ASW1(config)#</span><b><span style="color: #073763;"><span class="pinkandbold">radius-server host 172.120.39.46 key rad123</span></span></b></div>
<div style="text-align: left;">
<span class="blueandbold">ASW1(config)#</span><span style="color: #073763;"><b><span class="pinkandbold">aaa authentication dot1x default group radius</span></b></span><br />
This command causes the RADIUS server defined on the switch to be used for 802.1x authentication.<br />
<br /></div>
<div style="text-align: left;">
<h4>
<b><span style="color: #274e13;">Enable 802.1x on the switch:</span></b></h4>
<span class="blueandbold">ASW1(config)#</span><b><span style="color: #073763;"><span class="pinkandbold">dot1x system-auth-control</span></span></b><br />
<b><span style="color: #073763;"><span class="pinkandbold"><br /></span></span></b></div>
<div style="text-align: left;">
<b><span style="color: #274e13;">Configure Fa0/1 to use 802.1x:</span></b></div>
<div style="text-align: left;">
<span class="blueandbold">ASW1(config)#</span><b><span style="color: #073763;"><span class="pinkandbold">interface fastEthernet 0/1</span></span></b><br />
<span class="blueandbold">ASW1(config-if)#</span><b><span style="color: #073763;"><span class="pinkandbold">switchport mode access</span></span></b><br />
<span class="blueandbold">ASW1(config-if)#</span><b><span style="color: #073763;"><span class="pinkandbold">dot1x port-control auto</span></span></b><br />
<b><span style="color: #073763;"><span class="pinkandbold"><br /></span></span></b>
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.</div>
<div style="text-align: left;">
<span class="blueandbold">ASW1(config-if)#</span><b><span style="color: #073763;"><span class="pinkandbold">exit</span></span></b><br />
<b><span style="color: #073763;"><span class="pinkandbold"><br /></span></span></b>
<span class="blueandbold">ASW1#</span><b><span style="color: #073763;"><span class="pinkandbold" style="color: #274e13;">copy running-config startup-config</span></span></b></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<u><span style="color: #660000;"><b>B) <b>Configure DSW1:</b></b></span></u></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<b><span style="color: #274e13;">Define an access-list:</span></b><br />
<span class="blueandbold">DSW1(config)#</span><b><span style="color: #073763;"><span class="pinkandbold">ip access-list standard 10</span></span></b> (syntax: <b>ip access-list</b> {standard | extended} acl-name)<br />
<span class="blueandbold">DSW1(config-std-nacl)#</span><b><span style="color: #073763;"><span class="pinkandbold">permit 172.120.40.0 0.0.0.255</span></span></b><br />
<span class="blueandbold">DSW1(config-std-nacl)#</span><b><span style="color: #073763;"><span class="pinkandbold">exit</span></span></b></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<b><span style="color: #274e13;">Define an access-map which uses the access-list above:</span></b><br />
<span class="blueandbold">DSW1(config)#</span><b><span style="color: #073763;"><span class="pinkandbold">vlan access-map MYACCMAP 10</span></span></b> (syntax: <b>vlan access-map</b> map_name [0-65535] )<br />
<span class="blueandbold">DSW1(config-access-map)#</span><b><span style="color: #073763;"><span class="pinkandbold">match ip address 10</span> </span></b>(syntax: <b>match ip address</b> {acl_number | acl_name})<br />
<span class="blueandbold">DSW1(config-access-map)#</span><b><span style="color: #073763;"><span class="pinkandbold">action forward</span></span></b><br />
<span class="blueandbold">DSW1(config-access-map)#</span><b><span style="color: #0c343d;"><span class="pinkandbold">exit</span></span></b><br />
<b><span style="color: #0c343d;"><span class="pinkandbold"><br /></span></span></b></div>
<div style="text-align: left;">
<b><span style="color: #274e13;">Packets from devices in any other address range should be dropped on VLAN 20.</span></b></div>
<span class="blueandbold">DSW1(config)#</span><b><span style="color: #073763;"><span class="pinkandbold">vlan access-map MYACCMAP 20</span></span></b><br />
<span class="blueandbold">DSW1(config-access-map)#</span><b><span style="color: #073763;"><span class="pinkandbold">action drop</span></span></b> (drop other networks)<br />
<span class="blueandbold">DSW1(config-access-map)#</span><b><span style="color: #073763;"><span class="pinkandbold">exit</span></span></b><br />
<b><span style="color: #073763;"><span class="pinkandbold"><br /></span></span></b>
<br />
<div style="text-align: left;">
<b><span style="color: #274e13;">Apply a vlan-map into a vlan:</span></b><br />
<span class="blueandbold">DSW1(config)#</span><span class="pinkandbold"><b><span style="color: #073763;">vlan filter MYACCMAP vlan-list 20</span></b> </span>(syntax: <b>vlan filter</b> mapname <b>vlan-list</b> list)</div>
<div style="text-align: left;">
<span class="blueandbold">DSW1#</span><b><span style="color: #073763;"><span class="pinkandbold">copy running-config startup-config</span></span></b></div>
(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)<br />
<br />
Now let's do this with real equipment (not able to do this with PT)<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxqZPGUa6vn6Dan1Sv9EwvtEo-pvvu9wh3Fnq-VERevhguttF6XRV4wQ3INEazTREF9Hv8mwOmMv8Cz0XcUtMb8gXSGdBNBztLqC2gH0sOwUt5KXNL3XCJIIIyvUUdEk5c3WBBLkZFdHWU/s1600/AAA-4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="187" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxqZPGUa6vn6Dan1Sv9EwvtEo-pvvu9wh3Fnq-VERevhguttF6XRV4wQ3INEazTREF9Hv8mwOmMv8Cz0XcUtMb8gXSGdBNBztLqC2gH0sOwUt5KXNL3XCJIIIyvUUdEk5c3WBBLkZFdHWU/s640/AAA-4.png" width="640" /></a></div>
<br />
<br />
Now the other switch<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeZ4Cn0P4cUfCiKxPiyOKhuuPVrnt0nZLcPMwKKtl8fVEyiW19T4dd52D0HN8QrmqB1kJqZs43j8NYL9kYexsMU-MaTsMie1vjqrZbJsJDVLsy86x7cwdGh5emT56gnqGVNkcjqQpvMr9H/s1600/AAA-5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="425" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeZ4Cn0P4cUfCiKxPiyOKhuuPVrnt0nZLcPMwKKtl8fVEyiW19T4dd52D0HN8QrmqB1kJqZs43j8NYL9kYexsMU-MaTsMie1vjqrZbJsJDVLsy86x7cwdGh5emT56gnqGVNkcjqQpvMr9H/s640/AAA-5.png" width="640" /></a></div>
<br />
<br />
This lab is done..If you like it..Please share it..<br />
<br />
<br />ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-2976642960158281142017-02-13T15:52:00.000-08:002017-04-13T13:43:29.000-07:00MLS and EIGRP Sim<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1JAoxNOjMnh4ztZuIJcFNZ0Ek7u5_As_0Yy8S8lPmKyfqPRyEVxjzSkP_zkD_vdqkOtZlyWL1EpWgKPGvRmaiBuzSNJUNNvmbBmM09WRPhzKiYIDKrGKTB02rO4zizwzEMiw1eKDp5JKi/s1600/www.shootandplay.com.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1JAoxNOjMnh4ztZuIJcFNZ0Ek7u5_As_0Yy8S8lPmKyfqPRyEVxjzSkP_zkD_vdqkOtZlyWL1EpWgKPGvRmaiBuzSNJUNNvmbBmM09WRPhzKiYIDKrGKTB02rO4zizwzEMiw1eKDp5JKi/s400/www.shootandplay.com.png" width="400" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<h2 style="text-align: center;">
<b><span style="font-size: 16.0pt; mso-bidi-font-size: 11.0pt; mso-font-kerning: 18.0pt;"><span style="color: #660000;">MLS and EIGRP</span></span></b></h2>
<h2 style="text-align: center;">
<b><span style="font-size: 16.0pt; mso-bidi-font-size: 11.0pt; mso-font-kerning: 18.0pt;"><span style="color: #660000;"> </span></span></b></h2>
<blockquote class="tr_bq">
<div style="text-align: left;">
<b><span style="font-size: 16.0pt; mso-bidi-font-size: 11.0pt; mso-font-kerning: 18.0pt;"><span style="color: #660000;"><span style="color: black;">This is a popular lab on the web, but everywhere I go, I saw it incomplete, so I tried to finish properly..So Please, follow the complete lab..</span> </span></span></b></div>
</blockquote>
<br />
<h2 style="text-align: left;">
<b><span style="font-size: 16.0pt; mso-bidi-font-size: 11.0pt; mso-font-kerning: 18.0pt;"><br /></span></b></h2>
<div style="background: white; line-height: 12.75pt; margin-bottom: 7.5pt; margin-left: 0in; margin-right: 0in; margin-top: 0in;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjq3yE4n7RRZ5zYWCdHZIZXmFzM1hJ0sNXtCu9b0rONhnwgijClEbMsdlVckKYAsXX3j2Ix3bERKA9MjK5mR6nwdJRr4aH03sR5PFKqftczx14kb0rYbTdppockBaZ3y4kdtdJoFRqEJvFU/s1600/cooltext231240576972963.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="32" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjq3yE4n7RRZ5zYWCdHZIZXmFzM1hJ0sNXtCu9b0rONhnwgijClEbMsdlVckKYAsXX3j2Ix3bERKA9MjK5mR6nwdJRr4aH03sR5PFKqftczx14kb0rYbTdppockBaZ3y4kdtdJoFRqEJvFU/s200/cooltext231240576972963.png" width="200" /></a></div>
<br /></div>
<div style="background: white; line-height: 12.75pt; margin-bottom: 7.5pt; margin-left: 0in; margin-right: 0in; margin-top: 0in;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">You
need to configure multilayer Switch according to topology diagram and
such that both hosts i.e. Host-A and Host-B are able to successfully
ping the Internet server “Server_S1”.</span></div>
<br />
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">You
are not allowed to add/delete VLANs, changes VLAN port assignments or
create trunk links. Also you can’t use a static or default routing. All
routes must be learned via EIGRP 650 routing protocol. RouterC is
correctly configured and no trunking has been configured on RouterC.<br />
Routed interfaces should use the lowest host on a subnet when possible.
The following subnets are available to implement this solution:</span><br />
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">– 10.10.10.0/24<br /> – 190.200.250.32/27<br /> – 190.200.250.64/27</span><br />
<br />
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"> Hosts H1 and H2 are configured with the correct IP address and default gateway. The enable password for Multi-Switch is <b>Cisco</b>. Routing must only be enabled for the specific subnets shown in the diagram.</span><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<img border="0" height="335" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSRKTZ58_hRr9JuweWvTT5RgLXvTfiy1L-kXVPQ5qJ8FDMRa6jd7gUoeb8RBbzUHSV-eKeiV5aAmL_AH1caWygXKXN1oIZgqegYgWYsoBcbwfswRJumnl3rZ4Q6-PnBskD1FuGs3s5pFWU/s400/MLS-2.png" width="400" /> </div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<div class="MsoNoSpacing">
<b><span style="font-size: 14.0pt; mso-bidi-font-size: 11.0pt;"><br /></span></b></div>
<div class="MsoNoSpacing">
<b><span style="font-size: 14.0pt; mso-bidi-font-size: 11.0pt;"><br /></span></b></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPkvayacBfAuc40WlPAhq8QA8llFDY9XiCIpd2LouPEWIfMC1mf0sN2jGXFPwCYx1sKObrg_UMYgkbDn17f92BL3UaqzTS6-IfX1b4t0u5sUrU8sh4vUYkwhGn5QiZrF0721W7mBn6G-re/s1600/mls-3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="68" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPkvayacBfAuc40WlPAhq8QA8llFDY9XiCIpd2LouPEWIfMC1mf0sN2jGXFPwCYx1sKObrg_UMYgkbDn17f92BL3UaqzTS6-IfX1b4t0u5sUrU8sh4vUYkwhGn5QiZrF0721W7mBn6G-re/s320/mls-3.png" width="320" /></a></div>
<div class="MsoNoSpacing">
<b><span style="font-size: 14.0pt; mso-bidi-font-size: 11.0pt;"><br /></span></b></div>
<div class="MsoNoSpacing">
<b><span style="font-size: 14.0pt; mso-bidi-font-size: 11.0pt;"><br /></span></b></div>
<div class="MsoNoSpacing">
<span style="color: #660000;"><br /></span></div>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
<span style="color: #660000;"><b>A.--Download from he internet the initial configuration of this lab in any simulator.</b><span style="color: black;"> </span></span><br />
<span style="color: #660000;"><span style="color: black;">In that way you don't need to configure anything, just start working right away on the pre-configured lab.</span></span></div>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
<span style="color: #660000;"><span style="color: black;"> <span style="color: #660000;"><b>B.-</b></span><b><span style="color: #660000;">Check the graphic for subnetting</span>,</b> so when you do the mask of 27 ...you will see the proper wild mask of 224</span></span></div>
<div class="MsoNoSpacing">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYavZdjb43F3H8pUI3XSOLpWmTyA82OE12efOYwl2Lr7kJ25DrcO5vnXkkycyiUr1TfabU2mTUZ56jiecx-9D9gz9AwHP8WFVJe5RA-NFk7U2dcCzmjfFnw4YTxlLI_h7MU6L6zmYWK9sa/s1600/mls-5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="43" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYavZdjb43F3H8pUI3XSOLpWmTyA82OE12efOYwl2Lr7kJ25DrcO5vnXkkycyiUr1TfabU2mTUZ56jiecx-9D9gz9AwHP8WFVJe5RA-NFk7U2dcCzmjfFnw4YTxlLI_h7MU6L6zmYWK9sa/s320/mls-5.PNG" width="320" /></a></div>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
<span style="color: #660000;"><span style="color: black;"> </span><b><span style="color: black;"> </span></b></span></div>
<div class="MsoNoSpacing">
<b><span style="color: #660000;">C.-</span><span style="color: #660000;">Find gateways of PCs</span></b>
with “ipconfig” command in Exam simulator.</div>
<div class="MsoNoSpacing">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlYnvvjB8h0jP76UqBiHL6bDcJranffm9zjgh4FB316f7m-bCYB8oF1mT-fEoViN0XQ9hSEruk8BLxPtEPWCZArWvK0U8gSZpXp_Ir1QWrNe4W6r1fTWB93SGaggvC1EJKVTQ_Pyoq0l2V/s1600/mls-4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="182" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlYnvvjB8h0jP76UqBiHL6bDcJranffm9zjgh4FB316f7m-bCYB8oF1mT-fEoViN0XQ9hSEruk8BLxPtEPWCZArWvK0U8gSZpXp_Ir1QWrNe4W6r1fTWB93SGaggvC1EJKVTQ_Pyoq0l2V/s320/mls-4.png" width="320" /></a></div>
</div>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
These gateways are use to
configured as the virtual interface on multilayer switch for given VLANs
and in our case we have the following:</div>
<div class="MsoNoSpacing">
<b>Host1</b>:<br />
IP Address: 192.200.250.34</div>
<div class="MsoNoSpacing">
Default gateway: 192.200.250.33</div>
<div class="MsoNoSpacing">
<b>Host2</b>:<br />
IP Address: 192.200.250.66</div>
<div class="MsoNoSpacing">
Default gateway: 192.200.250.65<br />
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNoSpacing">
<b><span style="color: #660000;">D.-</span><span style="color: #660000;">Note down the EIGRP AS number and VLANs information</span></b></div>
<div class="MsoNoSpacing">
You can find it from topology diagram and it is EIGRP 650. </div>
<div class="MsoNoSpacing">
VLAN
22 and 33 are created on multilayer switch and interfaces (connected to
hosts) were configured as access ports so we don’t need to configure
them in this sim, you also use the “show vlan” command for checking
VLANs .<br />
</div>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
<b><span style="color: #660000;">E.-Configure the Virtual interfaces on switch </span></b></div>
<div class="MsoNoSpacing">
According
to SIM requirement we are not allow to use trunking therefore we will
configure the Multi-Switch as a Layer 3 switch with SVIs for interVLAN
routing and will configure these VLAN interfaces with gateways of PCs
for respective VLANs.<br />
</div>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
Multi-Switch# <span style="color: #073763;"><b>configure terminal</b></span><br />
Multi-Switch(config<span style="color: #7030a0;">)<span style="color: #073763;"># int f0/3</span><br />
</span>Multi-Switch(config-if)#<b><span style="color: #073763;">no switchport</span> </b>(without using this command, the simulator does not let you assign IP address on f0/0 interface.)<br />
Multi-Switch(config-if)#<span style="color: #073763;"> </span><b><span style="color: #073763;">ip address 10.10.10.2 255.255.255.0</span> </b>(Router has IP address of 10.10.10.1 therefore we have to assign this interface with same IP-Range) </div>
<div class="MsoNoSpacing">
Multi-Switch(config-if)# <span style="color: #073763;"><b>no shutdown</b></span><br />
Multi-Switch(config-if)# <span style="color: #073763;"><b>exit</b></span><span style="color: #7030a0;"><br />
</span>Multi-Switch(config)#<span style="color: #073763;"> <b>int vlan 22</b></span><br />
Multi-Switch(config-if)#<span style="color: #073763;"> <b>ip address </b><b><b>190.200.250.33</b></b> <b>255.255.255.224 </b><span style="color: black;">(check the subnet table, where 224 is coming from)</span></span><br />
Multi-Switch(config-if)#<span style="color: #073763;"> <b>no shutdown</b></span><span style="color: #7030a0;"><br />
</span>Multi-Switch(config-if)# <span style="color: #073763;"><b>int vlan 33</b></span><br />
Multi-Switch(config-if)# <span style="color: #073763;"><b>ip address </b></span><span style="color: #073763;"><b><b>190.200.250.65</b> 255.255.255.224</b></span><br />
Multi-Switch(config-if)# <span style="color: #073763;"><b>no shutdown</b></span><br />
Multi-Switch(config-if)#<span style="color: #073763;"><b>exit</b></span></div>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
<b> </b><b> </b></div>
<div class="MsoNoSpacing">
<span style="color: #660000;"><b>F.--Run the routing protocol on Multi layered switch</b></span></div>
<br />
<div class="MsoNoSpacing">
Multi-Switch(config)# <span style="color: #073763;"><b>ip routing</b></span> (Notice: MLS will not work without this command)<br />
Multi-Switch(config)# <span style="color: #073763;"><b>router eigrp 650</b></span><br />
Multi-Switch(config-router)# <span style="color: #073763;"><b>network 10.10.10.0 0.0.0.255</b></span><span style="color: #7030a0;"><br />
</span>Multi-Switch(config-router)# <span style="color: #073763;"><b>network </b></span><span style="color: #073763;"><b><b>190.200.250.32</b> 0.0.0.31 </b><span style="color: black;">( 31, the wild mask ,comes from 255-224)</span></span><br />
Multi-Switch(config-router)# <span style="color: #073763;"><b>network </b></span><span style="color: #073763;"><b><b>190.200.250.64</b> 0.0.0.31</b></span></div>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
</div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"></span><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"></span><br />
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"><span style="color: #660000;"><b>G.-Note:</b></span> </span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">Please make sure you use the correct EIGRP AS number (in the configuration
above it is 650 but it will change when you take the exam) but we are
not allowed to access RouterC so the only way to find out the EIGRP AS
is to look at the exhibit above. If you use wrong AS number, no neighbor
relationship is formed between RouterC and SwitchC.The same happens with the interface and vlan numbers. </span></div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">
</span>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"></span><span style="font-family: "calibri" , sans-serif; font-size: 11pt;"></span><br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"></span></div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">
</span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"><br /></span></div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">
</span><span style="font-family: "calibri" , sans-serif; font-size: 11pt;"></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">Now look what happens when we run the command "show ip int brief "</span></div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">
</span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwvO-BHwoNUZauvzSVsjIozcoglFx9S-EDVLFtZFaqLmtDra0J5B2Gk659qkiz35p3g9h3zjAmxuqxfjfDEqZLlYe0k56_rd6PhbL2eKEXtclmo7C3eIiuHgVKLHNzXPom1VecqShDUa8V/s1600/mls-6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="88" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwvO-BHwoNUZauvzSVsjIozcoglFx9S-EDVLFtZFaqLmtDra0J5B2Gk659qkiz35p3g9h3zjAmxuqxfjfDEqZLlYe0k56_rd6PhbL2eKEXtclmo7C3eIiuHgVKLHNzXPom1VecqShDUa8V/s400/mls-6.PNG" width="400" /></a></span></div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">
</span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"><br /></span></div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">
</span>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"></span><span style="font-family: "calibri" , sans-serif; font-size: 11pt;"></span><span style="font-family: "calibri" , sans-serif; font-size: 11pt;"></span><span style="font-family: "calibri" , sans-serif; font-size: 11pt;"></span><br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"></span></div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">
</span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">So you will need some extra configuration..Otherwise this lab won't work</span></div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">
</span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">
</span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"><br /></span></div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">
</span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"></span></div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">
</span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">
</span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5VcIj0CA5CM_wXNCbI7DMJDLBvt4GjJ88ywwTmoY1sUTCvl1QfabvHx_GBjtToPu3AhNwup9TAFnbELgMDJrP0WDKyR-VejPXe3UKGCjsmdQ9xx8PARaMFRTb3ESZBMKXELo1bksrDdDA/s1600/mls-8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="373" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5VcIj0CA5CM_wXNCbI7DMJDLBvt4GjJ88ywwTmoY1sUTCvl1QfabvHx_GBjtToPu3AhNwup9TAFnbELgMDJrP0WDKyR-VejPXe3UKGCjsmdQ9xx8PARaMFRTb3ESZBMKXELo1bksrDdDA/s400/mls-8.PNG" width="400" /></a></span></div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">
</span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"></span></div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">
</span>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">Now let's double check it , now that we have it properly configure..Use the command "show ip int brief"</span></div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;">
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8xmACyr_ngsN-SmQChjAazMJQWKDpdm-y4vVAv_SR3q-A8wH4AH1oDGm5NpN6zjjT2zrtrJjBGe8Vuh9q1VG4DwLYev5DwpnZJ87W7UjhKNb_eeJhD6m7QMlrTDXte8zejfQt93_w0bZS/s1600/mls-9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="116" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8xmACyr_ngsN-SmQChjAazMJQWKDpdm-y4vVAv_SR3q-A8wH4AH1oDGm5NpN6zjjT2zrtrJjBGe8Vuh9q1VG4DwLYev5DwpnZJ87W7UjhKNb_eeJhD6m7QMlrTDXte8zejfQt93_w0bZS/s400/mls-9.PNG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
Now we will do another final confirmation</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgb5N7SSXqzO5tq-SaBNe-Gq_hGV8FwoJxj7VKuBLb9eYdq0VjwBr6-UlCTL_0FIO6aisKQvzxFQKfeAPJJmxep8YH6ZHpWT7oDEYgxhanTkgLKh1gpAGBOD-oELvzvYzRpMAT7qwnSeeCR/s1600/mls-10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="201" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgb5N7SSXqzO5tq-SaBNe-Gq_hGV8FwoJxj7VKuBLb9eYdq0VjwBr6-UlCTL_0FIO6aisKQvzxFQKfeAPJJmxep8YH6ZHpWT7oDEYgxhanTkgLKh1gpAGBOD-oELvzvYzRpMAT7qwnSeeCR/s400/mls-10.PNG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
We could see all the working routes as well.Everything worked fine.</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<b>Now this was a good working lab, remember that the numbers will change in the exam and you need to understand the concepts<u> first</u>.</b></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="color: #990000;"><b>If you like it please share .</b>.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
</span>ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com1tag:blogger.com,1999:blog-1228061389380024721.post-55215369068364706952017-02-12T06:35:00.001-08:002017-09-24T15:54:12.282-07:00LACP with STP Sim<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2_erOVmaBkI3c8A3eTnXs9-vEPScCqdL0I0HPxGucEDPWSqcxKYRNZCC2gbK1IYOCOgIBB5u_umtArPdYz0OjwdRcPST-6gMuzpXbEtbxRipHmTsj_I7r5uJN7kW3O0OR5Fn0DputGn8M/s1600/lacp2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="408" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2_erOVmaBkI3c8A3eTnXs9-vEPScCqdL0I0HPxGucEDPWSqcxKYRNZCC2gbK1IYOCOgIBB5u_umtArPdYz0OjwdRcPST-6gMuzpXbEtbxRipHmTsj_I7r5uJN7kW3O0OR5Fn0DputGn8M/s640/lacp2.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<blockquote class="tr_bq">
I saw this lab in a couple of places on the internet..They were incomplete, or worst..Over worked with extra configuration that I didn't need..and only helps to get me more confused and inaccurate results.So I will do this on my own , and I will check the final result.</blockquote>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<h3 style="text-align: center;">
<span style="color: #274e13;"><u><span style="color: #660000;"><b>Scenario:</b></span></u></span></h3>
<br />
<br />
You work for SWITCH.com. They have just added a new switch (Switch A) to the existing network as shown in the topology diagram.<br />
RouterA is currently configured correctly and is providing the routing function for devices on SwitchA and SwitchB. Switch B is currently configured correctly, but will need to be modified to support the addition of Switch A. SwitchA has a minimal configuration. You have been tasked with competing the needed configuring of SwitchA and SwitchB. SwitchA and SwitchB use Cisco as the enable password.<br />
<br />
<blockquote class="tr_bq">
<span style="color: blue;"><b>First</b> of all , we found that we have a lot of information and we can not address them in the same order where we posted it. <b>Second</b>, you will need some preparation before you start working this labs.<b>Third</b> ,w</span><span style="color: blue;">e will number the order when we address certain specific issue so you will know what we are doing..<b>Fourth</b>, certain part of this lab can not be done in packet Tracer , like "Switchport trunk encapsulation" command , so we strongly suggest that you practice them with real equipment</span></blockquote>
<br />
<br />
<span style="color: #660000;"><b></b></span><br />
<span style="color: #660000;"><b><br /></b></span><span style="color: #660000;"><b> Configuration Requirements for Switch B</b></span><br />
<br />
The VTP and STP configuration modes on SwitchB should not be modified.<br />
· SwitchB needs to be the root switch for vlans 11, 12, 13, 21, 22 and 23. All other vlans should be left are their default values.<br />
<br />
<br />
<div style="text-align: center;">
<span style="color: #660000;"><b>Configuration Requirements for Switch A</b></span></div>
<br />
– Vlan 21, Name: Marketing, will support two servers attached to fa0/9 and fa0/10<br />
– Vlan 22, Name: Sales, will support two servers attached to fa0/13 and fa0/14<br />
– Vlan 23, Name: Engineering, will support two servers attached to fa0/15 and fa0/16<br />
– Access ports that connect to server should transition immediately to
forwarding state upon detecting the connection of a device.<br />
– SwitchB VTP mode needs to be the same as SwitchB.<br />
– SwitchA must operate in the same spanning tree mode as SwitchB.<br />
– No routing is to be configured on SwitchA.<br />
– Only the SVI vlan 1 is to be configured and it is to use address 192.168.1.11/24.<br />
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: #660000;"><br /></span></div>
<div style="text-align: center;">
<span style="color: #660000;"><b>Inter-switch Connectivity Configuration Requirements:</b></span></div>
<b> </b>
<br />
<div style="text-align: left;">
– For operational and security reasons
trunking should be unconditional and Vlans 1, 21, 22 and 23 should
tagged when traversing the trunk link.<br />
– The two trunks between SwitchA and SwitchB need to be configured in a
mode that allows for the maximum use of their bandwidth for all vlans.
This mode should be done with a non-proprietary protocol, with SwitchB
controlling activation.<br />
– Propagation of unnecessary broadcasts should be limited using manual pruning on this trunk link.</div>
<div style="text-align: center;">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQF0TTGGOKxgcDF6NwkodsCefU-afhGbmu-Zf7IXS8siAaaeAgoKuv5Oi1KmR1zrXB41F8dHRHoMySVWDeLcTkLaIhe8hXRybNkLhKakjOq8VUBpOaa5I4J5DLGK6We2-tID-BNUsIJDka/s1600/graphic1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="84" data-original-width="174" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQF0TTGGOKxgcDF6NwkodsCefU-afhGbmu-Zf7IXS8siAaaeAgoKuv5Oi1KmR1zrXB41F8dHRHoMySVWDeLcTkLaIhe8hXRybNkLhKakjOq8VUBpOaa5I4J5DLGK6We2-tID-BNUsIJDka/s1600/graphic1.JPG" /></a></div>
</div>
<div style="text-align: center;">
<br />
<style type="text/css">
p, li { white-space: pre-wrap; }
</style>
<br />
<div style="-qt-block-indent: 0; -qt-paragraph-type: empty; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<br /></div>
<div style="-qt-block-indent: 0; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<b>So, in other words, your main task is going to be:</b></div>
<div style="-qt-block-indent: 0; -qt-paragraph-type: empty; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<br /></div>
<div style="margin: 0px; text-align: left; text-indent: 0px;">
1. Use non proprietary mode of aggregation with Switch B being the initiator</div>
<div style="margin: 0px; text-align: left; text-indent: 0px;">
<br /></div>
<div style="margin: 0px; text-align: left; text-indent: 0px;">
2. Use non proprietary trunking and no negotiation</div>
<div style="margin: 0px; text-align: left; text-indent: 0px;">
<br /></div>
<div style="margin: 0px; text-align: left; text-indent: 0px;">
3. Restrict only to vlans needed</div>
<div style="margin: 0px; text-align: left; text-indent: 0px;">
<br /></div>
<div style="margin: 0px; text-align: left; text-indent: 0px;">
4. SVI on vlan 1 with ip 10.10.10.2 255.255.255.0</div>
<div style="margin: 0px; text-align: left; text-indent: 0px;">
<br /></div>
<div style="margin: 0px; text-align: left; text-indent: 0px;">
5. Configure switch A so that nodes other side of Router C are accessible</div>
<div style="margin: 0px; text-align: left; text-indent: 0px;">
<br /></div>
<div style="margin: 0px; text-align: left; text-indent: 0px;">
6. Make switch B the root </div>
<br />
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjyoDXcY9a5uzxEe7rws3xzaGb0onyJLsmfj1pZWIUjvT0YiCS-oaKSPmU4zYh2LTNRC5n8g8lVIJsklz2Mxo-GfUC0EuVb2JFH1uPGn46-OFys8HYgmndvj4iWC8j1NUpyp9bxfh4iREr/s1600/cooltext229913541323334.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="63" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjyoDXcY9a5uzxEe7rws3xzaGb0onyJLsmfj1pZWIUjvT0YiCS-oaKSPmU4zYh2LTNRC5n8g8lVIJsklz2Mxo-GfUC0EuVb2JFH1uPGn46-OFys8HYgmndvj4iWC8j1NUpyp9bxfh4iREr/s320/cooltext229913541323334.png" width="320" /></a></div>
<h2 style="text-align: center;">
</h2>
<h2 style="text-align: center;">
</h2>
<div style="text-align: center;">
<h3>
<span style="color: #660000;"><b>Step 1.-Notes before starting working with the lab:</b><span style="font-size: small;"> </span></span></h3>
<br /></div>
<div style="text-align: center;">
<span style="color: #660000;"><span style="font-size: small;"><span style="color: #660000;"><b>A.-</b></span><span style="color: black;"><b>Design a topology like this in Packet Tracer</b></span></span></span></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXmaaSbw3j8TrLauuS-35f1Ta7weQhAWdGAH8hPO94i1qIaoSW96A8srC6I6jGj-NbC6d2IJgAyJF5YocuFYWKhz1JpD6UuXF4L1eaWy6qRzPlR_ie_cIUcIgCB8LCK4ZlAZ10Yqy6Uw1s/s1600/lacp6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="321" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXmaaSbw3j8TrLauuS-35f1Ta7weQhAWdGAH8hPO94i1qIaoSW96A8srC6I6jGj-NbC6d2IJgAyJF5YocuFYWKhz1JpD6UuXF4L1eaWy6qRzPlR_ie_cIUcIgCB8LCK4ZlAZ10Yqy6Uw1s/s640/lacp6.PNG" width="640" /></a></div>
<div style="text-align: center;">
<span style="color: #660000;"><span style="font-size: small;">Please check the switches and the servers</span></span></div>
<div style="text-align: center;">
<span style="color: #660000;"><span style="font-size: small;"><br /></span></span></div>
<div style="text-align: center;">
<span style="color: #660000;"><span style="font-size: small;"><br /></span></span></div>
<div style="text-align: center;">
<span style="color: #660000;"><span style="color: #660000;"><b>B.-</b></span><span style="color: black;">You will need some handy configuration before you start the configuration, step by step</span></span><br />
<span style="color: #660000;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHGkSoQzXq9gg1ALwiZDpjpljQpCh0RrA788TMqZ25LDKGALHPVUhxuwX01dn0QdLialTt1Wx6DUPJsy6c5Ehs9rMUWIbohmE9rh19-6x_lTrtwJinDePaMZngM5pIKVTOD1bZvTo2gu5S/s1600/lacp4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="118" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHGkSoQzXq9gg1ALwiZDpjpljQpCh0RrA788TMqZ25LDKGALHPVUhxuwX01dn0QdLialTt1Wx6DUPJsy6c5Ehs9rMUWIbohmE9rh19-6x_lTrtwJinDePaMZngM5pIKVTOD1bZvTo2gu5S/s640/lacp4.PNG" width="640" /></a></div>
<span style="color: #660000;"><br /></span>
<br />
<span style="color: #660000;">C.-<span style="color: black;">Use this useful commands <b>BEFORE AND AFTER </b>configure the lab to know exactly what is the switch situation</span> </span></div>
<h2 style="text-align: left;">
<span style="font-weight: normal;"><span style="color: #660000;"> <div class="separator" style="clear: both; text-align: center;">
<a href="https://www.blogger.com/blogger.g?blogID=1228061389380024721&pli=1" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjelTOkaWIRR_1gCt9jBIUAzOtI6BbPbmNSqPMRXdMKAgewb-K-Vo5cBbvt6NnIS5ICky5pNyBT1BkZ2ZUbRVr5AG9CiJNmKXyqFtXpg9S6JQgqeHUDvTtQZOlbgA6R1GYJwMVj7twJwell/s1600/lacp+with+stp+6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="148" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjelTOkaWIRR_1gCt9jBIUAzOtI6BbPbmNSqPMRXdMKAgewb-K-Vo5cBbvt6NnIS5ICky5pNyBT1BkZ2ZUbRVr5AG9CiJNmKXyqFtXpg9S6JQgqeHUDvTtQZOlbgA6R1GYJwMVj7twJwell/s640/lacp+with+stp+6.png" width="640" /></a></div>
</span></span></h2>
<h2 style="text-align: center;">
</h2>
<span style="color: #660000;">D.</span>-after running these commands you will find a configuration similar to this:<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHuWjgp5_CDGWhWxk0rVrkvnI0gMWvRF8jI6gldY0-1wwi8Vw6ylwvzprJoprAJDQL0k_TE-dwfhndXtk8WC_8GkG0sHXMDhn4YlgmPhcPa0jtk3iEz3VGSOWoWXNG78s76uCOpYjNY9Sp/s1600/lacp5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="543" data-original-width="448" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHuWjgp5_CDGWhWxk0rVrkvnI0gMWvRF8jI6gldY0-1wwi8Vw6ylwvzprJoprAJDQL0k_TE-dwfhndXtk8WC_8GkG0sHXMDhn4YlgmPhcPa0jtk3iEz3VGSOWoWXNG78s76uCOpYjNY9Sp/s400/lacp5.PNG" width="330" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<h3 style="text-align: center;">
<span style="color: #660000;"><span style="font-weight: normal;"> <b>STEP 2: Development of the lab</b></span></span></h3>
<br />
A)<b>show run or show vlan</b> to see if we need to create Vlan 21- 23<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsO8n6kf2ilwejaqpkA0ay7bjWDMpUgI0w8MJxcPJxBJQmC5Vc3zbnbEiBX_njU0FVhl8s8RoID4TeQ56UkhpZaFIa-Cu9jTPH4Pxj7Ia4IiWnYVqO1lrBNU1GL6i_ZnxfDh-09-wvZjjU/s1600/lacp7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="307" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsO8n6kf2ilwejaqpkA0ay7bjWDMpUgI0w8MJxcPJxBJQmC5Vc3zbnbEiBX_njU0FVhl8s8RoID4TeQ56UkhpZaFIa-Cu9jTPH4Pxj7Ia4IiWnYVqO1lrBNU1GL6i_ZnxfDh-09-wvZjjU/s640/lacp7.png" width="640" /></a></div>
<br />
<br />
<b><span style="font-size: large;"><span style="color: #274e13;">Section 1 : Creation of the VLAN</span></span></b><br />
<br />
<span style="font-size: large;"> This is what we have :</span><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUFiqj7tUJSsmMoQwBxxmqAZX2njvNp5qf9W1XHF5XkAx2d6YEGSjt60tPSaUhrXRki2w_4303kIdAvjyhbIGEhDZjIgRX4mxIBiMUgkqPi3fGVlOjIwjxLLMPxa1SEneOQjzbyNE2P40Z/s1600/lacp+7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUFiqj7tUJSsmMoQwBxxmqAZX2njvNp5qf9W1XHF5XkAx2d6YEGSjt60tPSaUhrXRki2w_4303kIdAvjyhbIGEhDZjIgRX4mxIBiMUgkqPi3fGVlOjIwjxLLMPxa1SEneOQjzbyNE2P40Z/s1600/lacp+7.png" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7mdAv7UcwRJIn-oqt1c2XHF_eakK3Rod3DpSHsFKlqccfGBMIm_zZmWkydBgINLxvHf1s0FjufxEtLHtqQesrsN1uqNnJQLi3DKzJpPOlV8neq4ksi34AHtfVjt9gdTwE0EouPj9Jfhdi/s1600/Graphic2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="80" data-original-width="862" height="29" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7mdAv7UcwRJIn-oqt1c2XHF_eakK3Rod3DpSHsFKlqccfGBMIm_zZmWkydBgINLxvHf1s0FjufxEtLHtqQesrsN1uqNnJQLi3DKzJpPOlV8neq4ksi34AHtfVjt9gdTwE0EouPj9Jfhdi/s320/Graphic2.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<pre>SW-A(config)# vtp mode transparent
SW-A(config)# spanning-tree mode rapid-pvst </pre>
<blockquote class="tr_bq">
<pre><span style="font-size: 13.5pt;">Note: Access ports that assigned to VLANs
should transition immediately to forwarding state upon detecting the
connection of a device.</span> </pre>
</blockquote>
<pre> </pre>
<pre> </pre>
<pre> SW-A(config)# vlan 21
SW-A(config-vlan)# name Marketing
SW-A(config-vlan)# exit
SW-A(config)# vlan 22
SW-A(config-vlan)# name Sales
SW-A(config-vlan)# exit
SW-A(config)# vlan 23
SW-A(config-vlan)# name Engineering
SW-A(config-vlan)# exit
SW-A(config)# vlan 99
SW-A(config-vlan)# name TrunkNative
SW-A(config-vlan)# exit </pre>
<pre> </pre>
<pre></pre>
<br />
<blockquote class="tr_bq">
Note: If the trunk gets packets that are not label to any VLAN ,they will go to VLAN99 by default</blockquote>
<a href="https://www.blogger.com/blogger.g?blogID=1228061389380024721&pli=1" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><br />
<pre><a href="https://www.blogger.com/blogger.g?blogID=1228061389380024721&pli=1" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a>SW-A(config)#int range fa0/3 – 4
SW-A(config-int-range)#no switchport access vlan 98
SW-A(config-int-range)#switchport trunk encapsulation dot1q
SW-A(config-int-range)#switchport mode trunk
SW-A(config-int-range)#switchport trunk native vlan 99
SW-A(config-int-range)#switchport trunk allowed vlan 1,21-23
SW-A(config-int-range)#channel-protocol lacp
SW-A(config-int-range)#channel-group 1 mode active
SW-A(config-int-range)#exit</pre>
<pre> </pre>
<pre> </pre>
<blockquote class="tr_bq">
<pre>Note:Use"no switchport access vlan 98"command to form a trunk link </pre>
</blockquote>
<blockquote class="tr_bq">
<br />
<pre>Note :Lacp is the not propietary trunking protocol</pre>
</blockquote>
<pre> </pre>
<pre> </pre>
<pre><a href="https://www.blogger.com/blogger.g?blogID=1228061389380024721&pli=1" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a> SW-A(config)# int port-channel 1
SW-A(config-if)# switchport trunk encapsulation dot1q
SW-A(config-if)# switchport mode trunk
SW-A(config-if)# switchport trunk native vlan 99
SW-A(config-if)# switchport trunk allowed vlan 1,21-23
SW-A(config-if)# no shutdown
SW-A(config-if)# end
SW-A(config)# int range fa 0/9 – 10
SW-A(config-int-range)# switchport mode access
SW-A(config-int-range)# switchport access vlan 21
SW-A(config-int-range)# spanning-tree portfast
SW-A(config-int-range)# no shutdown
SW-A(config)# exit
SW-A(config)# int range fa 0/13 – 14
SW-A(config-int-range)# switchport mode access
SW-A(config-int-range)# switchport access vlan 22
SW-A(config-int-range)# spanning-tree portfast
SW-A(config-int-range)# no shutdown
SW-A(config-int-range)# exit
SW-A(config)# int range fa 0/15 – 16
SW-A(config-int-range)# switchport mode access
SW-A(config-int-range)# switchport access vlan 23
SW-A(config-int-range)# spanning-tree portfast
SW-A(config-int-range)# no shutdown
SW-A(config-int-range)# exit
SW-A(config)# interface vlan 1
SW-A(config-if)# ip address 192.168.1.11 255.255.255.0
SW-A(config-if)# no shutdown
SW-A(config-if)# exit
SW-A(config)# ip default-gateway 192.168.1.1
SW-A(config)# end
SW-A# copy run start</pre>
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQ6lM9zBGC0tghHtnHvp-Yu2ozV_Gs0ztuGf9vBryEsfUSj6zT_RsxSWcJzoe3VYH1Zr3RvwNnSlv3JDWeetIDewsbDn0BTZ8UFjAGcmzfd9C7zwdJ-llwwfF5RHfCsok4FW46ywbYj27f/s1600/Graphic+3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="86" data-original-width="853" height="40" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQ6lM9zBGC0tghHtnHvp-Yu2ozV_Gs0ztuGf9vBryEsfUSj6zT_RsxSWcJzoe3VYH1Zr3RvwNnSlv3JDWeetIDewsbDn0BTZ8UFjAGcmzfd9C7zwdJ-llwwfF5RHfCsok4FW46ywbYj27f/s400/Graphic+3.JPG" width="400" /></a></div>
<br />
<h3>
</h3>
<br />
<pre>SW-B(config)# vlan 21
SW-B(config-vlan)# name Marketing
SW-B(config-vlan)# exit
SW-B(config)# vlan 22
SW-B(config-vlan)# name Sales
SW-B(config-vlan)# exit
SW-B(config)# vlan 23
SW-B(config-vlan)# name Engineering
SW-B(config-vlan)# exit
SW-B(config)# spanning-tree vlan 11-13,21-23 root primary
SW-B(config)# int range fa0/3 – 4
SW-B(config-int-range)# no switchport access vlan 98
SW-B(config-int-range)# switchport trunk encapsulation dot1q
SW-B(config-int-range)# switchport mode trunk
SW-B(config-int-range)# switchport trunk native vlan 99
SW-B(config-int-range)# switchport trunk allowed vlan 1,21-23
SW-B(config-int-range)# channel-protocol lacp
SW-B(config-int-range)# channel-group 1 mode active
SW-B(config-int-range)# exit
SW-B(config-if)# int port-channel 1
SW-B(config-if)# switchport trunk encapsulation dot1q
SW-B(config-if)# switchport mode trunk
SW-B(config-if)# switchport trunk native vlan 99
SW-B(config-if)# switchport trunk allowed vlan 1,21-23
SW-B(config-if)# no shutdown
SW-B(config-if)# end
SW-B# copy running-config startup-config</pre>
<pre> </pre>
<pre> </pre>
<pre> </pre>
<h2 class="" style="clear: both; text-align: center;">
<a href="https://www.blogger.com/blogger.g?blogID=1228061389380024721&pli=1" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><span style="color: #660000;"><span style="font-weight: normal;">Step 3:</span></span></h2>
<pre> </pre>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIxOr7MOYkUYQatIuycgd1QqOJmeE-nyECWuc0hnEa1VDccZrowdU_1YtAz4SEM0wkhkJZVMuzAEOj4EQUqkA3XaeuZVI4CPlmnirzAKsWoxuMVFJaKsFxbNWVy1JEXC1GIVr3jx-Ue2ha/s1600/cooltext231038256007852.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="31" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIxOr7MOYkUYQatIuycgd1QqOJmeE-nyECWuc0hnEa1VDccZrowdU_1YtAz4SEM0wkhkJZVMuzAEOj4EQUqkA3XaeuZVI4CPlmnirzAKsWoxuMVFJaKsFxbNWVy1JEXC1GIVr3jx-Ue2ha/s320/cooltext231038256007852.png" width="320" /></a></div>
<pre> </pre>
<pre> </pre>
<h3>
<span style="color: blue;"> show vlan </span></h3>
<h3>
<span style="color: blue;">show spanning-tree summary </span></h3>
<pre> </pre>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.blogger.com/blogger.g?blogID=1228061389380024721&pli=1" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtR-Y1Y3t9Og0fBlWmi8j3IqF1M15dGxisLdm3An1XI85DLkUzNMX56-eA5Rbuqp__UQldIwio5r07-u0r4iiRl5pQKMVis0NmUkYVvGiw8a1_NVyXkLZwlz1BCPffdFoQtzPzNsDdsHBe/s1600/lacp8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtR-Y1Y3t9Og0fBlWmi8j3IqF1M15dGxisLdm3An1XI85DLkUzNMX56-eA5Rbuqp__UQldIwio5r07-u0r4iiRl5pQKMVis0NmUkYVvGiw8a1_NVyXkLZwlz1BCPffdFoQtzPzNsDdsHBe/s640/lacp8.png" width="614" /></a></div>
<pre> </pre>
<h4>
<span style="color: blue;"> #show run</span></h4>
<pre> </pre>
<pre> </pre>
<div class="" style="clear: both; text-align: center;">
<a href="https://www.blogger.com/blogger.g?blogID=1228061389380024721&pli=1" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=1228061389380024721&pli=1" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjI2mc4QMev9ARh5SztLaW03Hq546NoMsPEVaOitW_HWUf3i2FcV6FlDMETWCkchP7yxCempujhZ5bjy05RMH5B0yT9HsMtDEvCb6aK_2Ggme7J8S7XN5hru1oAh7IHM54O1Q4tT1THup3Y/s1600/lacp9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjI2mc4QMev9ARh5SztLaW03Hq546NoMsPEVaOitW_HWUf3i2FcV6FlDMETWCkchP7yxCempujhZ5bjy05RMH5B0yT9HsMtDEvCb6aK_2Ggme7J8S7XN5hru1oAh7IHM54O1Q4tT1THup3Y/s640/lacp9.png" width="313" /></a> </div>
<div class="" style="clear: both; text-align: center;">
<br /></div>
<div class="" style="clear: both; text-align: center;">
<br /></div>
<div class="" style="clear: both; text-align: center;">
<h4>
<span style="color: blue;"><br /></span></h4>
</div>
<div class="" style="clear: both; text-align: center;">
<h4>
<span style="color: blue;"> show ip int brief</span></h4>
<h4>
<span style="color: blue;"> </span></h4>
</div>
<h4>
<span style="color: blue;"> show etherchannel port-channel</span></h4>
<h4>
<span style="color: blue;"> </span></h4>
<h4>
<span style="color: blue;"> show vtp status </span></h4>
<pre> </pre>
<pre> </pre>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.blogger.com/blogger.g?blogID=1228061389380024721&pli=1" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=1228061389380024721&pli=1" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=1228061389380024721&pli=1" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=1228061389380024721&pli=1" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigc_Zjhu2RuXHC2fQS8GU05q2xerLGbwPgDZnUl97QeJXMMdbO62kwe6_QK5dm1jNdFK9GICDUw5f3h4rV5DE2Qh2SIUt0XiVRuSqY_wpB5TL2CGbvuSxCwOoWM54ekoXHv2ad8U9HRa2J/s1600/lacp10.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigc_Zjhu2RuXHC2fQS8GU05q2xerLGbwPgDZnUl97QeJXMMdbO62kwe6_QK5dm1jNdFK9GICDUw5f3h4rV5DE2Qh2SIUt0XiVRuSqY_wpB5TL2CGbvuSxCwOoWM54ekoXHv2ad8U9HRa2J/s640/lacp10.png" width="592" /></a></div>
<pre> </pre>
<pre> </pre>
<pre> </pre>
<pre><a href="https://www.blogger.com/blogger.g?blogID=1228061389380024721&pli=1" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a> </pre>
<br />
<blockquote class="tr_bq">
<pre><b>This lab is done and confirmed..If you like it,please share..</b></pre>
</blockquote>
<br />
<blockquote class="tr_bq">
<pre><b>Thank you !</b></pre>
<pre> </pre>
</blockquote>
ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-52245420074308227232016-11-14T12:37:00.005-08:002017-10-01T12:19:25.743-07:00Virtual Switching System (VSS)<br />
<br />
<br />
<b><span style="color: red;">Virtual Switching System (VSS</span>)</b> allows two Cisco Catalyst 6500 or 4500
switches to be connected together so that they appear to the network as a
single switch. Other devices in the network will see the VSS configured
switches as a single switch, which allows the engineer the ability to
create multi chassis Ether-Channels between the VSS pair and other
devices while appearing to other protocols like spanning-tree as a
single switch.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEpukr6Lv_7weEMkuofSjkOonw2FCK6gdtOeRAM4TF4fG-g2O_qBrcK2pyAXIhp0_N-xiGWYh8jtsWEHw8i0rTbh-TMDq39fPOnVfCmWQF6NgltJ9sxoMB2Z6QDc6gZPithuKDXvLArh-k/s1600/vss1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="262" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEpukr6Lv_7weEMkuofSjkOonw2FCK6gdtOeRAM4TF4fG-g2O_qBrcK2pyAXIhp0_N-xiGWYh8jtsWEHw8i0rTbh-TMDq39fPOnVfCmWQF6NgltJ9sxoMB2Z6QDc6gZPithuKDXvLArh-k/s400/vss1.png" width="400" /></a></div>
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhehbvKCQj4wbpTVyXiCb6LJiU7n9iuyTGQyVB8N7U3N8svR1GP290pSVvI_6z-AMnUu_4MRCqlehecANxE5jwk2QKikHGub05_qicOZFmwer6-yKqe6lCrBtc0k7W3J2J0lfmlBMLn0wQG/s1600/vss2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="241" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhehbvKCQj4wbpTVyXiCb6LJiU7n9iuyTGQyVB8N7U3N8svR1GP290pSVvI_6z-AMnUu_4MRCqlehecANxE5jwk2QKikHGub05_qicOZFmwer6-yKqe6lCrBtc0k7W3J2J0lfmlBMLn0wQG/s400/vss2.png" width="400" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJY0UDzWVzOhTRgOeeOqhCAYgnVYhAvNu_b3WQD7-jnJMmKYE-YPq96Wfnxmb80DvP4OqxGIY8MlLq0RyWyX6el9ckUNUUbKeni1FIXfrq_rDIRVYPUt4v2lkuBY1KOmbEODym47b_HBD8/s1600/vss3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJY0UDzWVzOhTRgOeeOqhCAYgnVYhAvNu_b3WQD7-jnJMmKYE-YPq96Wfnxmb80DvP4OqxGIY8MlLq0RyWyX6el9ckUNUUbKeni1FIXfrq_rDIRVYPUt4v2lkuBY1KOmbEODym47b_HBD8/s400/vss3.png" width="400" /></a></div>
<h3 class="separator" style="clear: both; text-align: center;">
<span style="color: #274e13;"><span style="color: red;"><b><u>What are the benefits of VSS? </u> </b></span></span></h3>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
By far the best feature of VSS is<b> <span style="color: red;">NSF (Non Stop Forwarding</span>) </b>/ SSO
(Stateful Switchover) which allows the failure of a single device
without any downtime. This is due to the routing table / CEF table etc.
being stored in supervisor module of both chassis, allowing one device
to take over when the other fails similar to the failover that occurs
between supervisor modules in a switch equipped with dual supervisors.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
Another great feature of VSS is the ability to have a single point of management to
make changes. Changes made to configuration or IOS on the supervisor of
one device within the VSS pair are synchronized to the supervisor of
the other device, similar to a 6500 or 4500 with dual supervisors or a
3750 stack.<br />
<div class="separator" style="clear: both; text-align: left;">
VSS increases operational efficiency by simplifying the network, reducing switch management overhead by at least 50 percent.
<a href="https://www.blogger.com/null" name="wp9000051"> </a>
</div>
<div class="pBulletCMT" style="font-style: normal; font-variant: normal; font-weight: normal; margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt; text-decoration: none; text-transform: none;">
<br /></div>
<a href="https://www.blogger.com/null" name="wp9000052"> </a>
<br />
<div class="pBullet2CMT" style="margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt;">
– Single configuration file and node to manage. Removes the need to
configure redundant switches twice with identical policies. </div>
<a href="https://www.blogger.com/null" name="wp9000053"> </a>
<br />
<div class="pBullet2CMT" style="margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt;">
– Only one gateway IP address is required per VLAN, instead of the three IP addresses per VLAN used today. </div>
<a href="https://www.blogger.com/null" name="wp9000054"> </a>
<br />
<div class="pBullet2CMT" style="margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt;">
– <span style="color: #660000;"><b>Removes the need for Hot Standby Router Protocol (HSRP), Virtual
Router Redundancy Protocol (VRRP), and Gateway Load Balancing Protocol
(GLBP) </b></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaX8tBwh-Os5DLm2EIwkUZM2z927DLIL8SbaOJJGbLTenzvuVRQvKBGbc2bOzu1wZIgcVKhgMK1KMwlbdKOG4xVsDtM1pfwB29HFwdzjjCHSaMW19WS05nl9QXWCsgGv9-SaaJZtNPbBVu/s1600/exam.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaX8tBwh-Os5DLm2EIwkUZM2z927DLIL8SbaOJJGbLTenzvuVRQvKBGbc2bOzu1wZIgcVKhgMK1KMwlbdKOG4xVsDtM1pfwB29HFwdzjjCHSaMW19WS05nl9QXWCsgGv9-SaaJZtNPbBVu/s1600/exam.png" /></a></div>
<div class="pBullet2CMT" style="margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt;">
<br /></div>
<a href="https://www.blogger.com/null" name="wp9000055"> </a>
<br />
<div class="pBullet2CMT" style="margin-bottom: 3pt; margin-right: 0pt; margin-top: 0pt;">
– CiscoWorks LAN Management System (LMS) 3.0 can be used to centrally
manage a Cisco Catalyst 6500 virtual switch as a single entity. </div>
<div class="separator" style="clear: both; text-align: left;">
- VSS boosts nonstop communications</div>
<div class="separator" style="clear: both; text-align: left;">
-</div>
If for some rare reason all <span style="color: red;"><b>Virtual Switching Link (VSL)</b></span> connections
are lost between the virtual switch members leaving both the virtual
switch members up, the VSS will transition to the <span style="color: red;"><b>dual active recovery
mode.</b></span><br />
In the dual active recovery mode, all interfaces except the VSL
interfaces are in an operationally shut down state in the formerly
active virtual switch member. The new active virtual switch continues to
forward traffic on all links.<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbQh6ZnJs_jnQepLTe9CTI04uYOlm-MbcEDOerdnB5GoyyqD946u9QHYtM7UdrHESSKKybo_d-0g1y-AO4t16Wbzp141dmlIsWkm1z90hY3BBoOXpCzjlvbJ7e7A7tyf-ktN6T8bxEzQZD/s1600/mec.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="535" data-original-width="688" height="496" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbQh6ZnJs_jnQepLTe9CTI04uYOlm-MbcEDOerdnB5GoyyqD946u9QHYtM7UdrHESSKKybo_d-0g1y-AO4t16Wbzp141dmlIsWkm1z90hY3BBoOXpCzjlvbJ7e7A7tyf-ktN6T8bxEzQZD/s640/mec.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com1tag:blogger.com,1999:blog-1228061389380024721.post-16354410954394337972016-10-22T16:47:00.000-07:002019-02-18T19:20:17.822-08:00SNMP<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLsEDXbdgGopN6wL05-180TlCCqZEffymFJ6WEKq0Z4COf8TCCmDaZkdXjj4K8KACamTNQd27L0RPLMcW6yScyRZkyEEG8QM3wvxPKm4TBOMv-keZbFJPcFjNBAU5aCDZSsAE9PN-eW6zW/s1600/snmp.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="286" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLsEDXbdgGopN6wL05-180TlCCqZEffymFJ6WEKq0Z4COf8TCCmDaZkdXjj4K8KACamTNQd27L0RPLMcW6yScyRZkyEEG8QM3wvxPKm4TBOMv-keZbFJPcFjNBAU5aCDZSsAE9PN-eW6zW/s400/snmp.PNG" width="400" /></a></div>
<br />
<br />
<b><span style="color: red;">SNMP</span></b> is still the most popular way to monitor the performance of network devices, including Cisco routers and switches. With an SNMP management station, you can graph the performance of network devices. In addition, Cisco devices can send alerts (called <b><i>traps</i></b>) to the management station, which you can configure to alert you.<br />
<br />
SNMP consists of 3 items:<br />
<br />
+ <span style="color: red;"><b>SNMP Manager</b> </span>(sometimes called Network Management System – NMS): a software runs on the device of the network administrator (in most case, a computer) to monitor the network.<br />
<br />
+ <b><span style="color: red;">SNMP Agent:</span></b> a software runs on network devices that we want to monitor (router, switch, server…)<br />
<br />
+<span style="color: red;"> <b>Management Information Base</b> (MIB):</span> is the collection of managed objects. This component makes sure that the data exchange between the manager and the agent remains structured. In other words, MIB contains a set of questions that the SNMP Manager can ask the Agent (and the Agent can understand them). MIB is commonly shared between the Agent and Manager<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0iJyohzbC3eM6NIVPeTTzUjoO7RoP8YLyVrzmOMeNipx0W8fXbLdRXCkEGZEyYvyHulwP21wBc1yAsQpa9t_MaWGBCaRKmvdV7xFcIaBFHKTGOPM_7feD-rKoxhn9BaS-Rjpy5vDtnPIw/s1600/snmp4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="236" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0iJyohzbC3eM6NIVPeTTzUjoO7RoP8YLyVrzmOMeNipx0W8fXbLdRXCkEGZEyYvyHulwP21wBc1yAsQpa9t_MaWGBCaRKmvdV7xFcIaBFHKTGOPM_7feD-rKoxhn9BaS-Rjpy5vDtnPIw/s320/snmp4.PNG" width="320" /></a></div>
<br />
A SNMP client program known as the SNMP manager runs on a remote machine and queries these objects, through <span style="color: #741b47;"><b>SNMP Get requests</b></span>, to know the status of the network device. Similarly, the manager can control some of the network device parameters by doing an <span style="color: #4c1130;"><b>SNMP Set request</b></span> which is equivalent to a write operation ( e.g. to reset a router or shutting down an interface of a router).<br />
Apart from the manager sending <span style="color: #741b47;"> <b>SNMP GET/SET</b></span> requests to the agent, the agent too can proactively notify the manager of critical/significant events on the network devices through <b><span style="color: #4c1130;">SNMP TRAP</span> </b>messages.<br />
Thus, SNMP manages the device by reading and writing values to different SNMP objects, with each object representing a specific network parameter.<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1pSXheOjXgneAT-fc4_nNo486RNeBYVu8gC7qgspxYjhA0W75eYXp93kz1ndjrGJ_dR2T35600h_Gwt0SyBTpVx2iLf4Ro5a-9O_XcD9d_4UIdcpNO8erDqED5LMRuzFcAFcFJsLK-gyp/s1600/snmp3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1pSXheOjXgneAT-fc4_nNo486RNeBYVu8gC7qgspxYjhA0W75eYXp93kz1ndjrGJ_dR2T35600h_Gwt0SyBTpVx2iLf4Ro5a-9O_XcD9d_4UIdcpNO8erDqED5LMRuzFcAFcFJsLK-gyp/s200/snmp3.jpg" width="197" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
For example, in the topology above you want to monitor a router, servers, switches and a firewall. You can run SNMP Agent on all of them.<br />
Then on a PC you install a SNMP Manager software to receive monitoring information. SNMP is the protocol running between the Manager and Agent. SNMP communication between Manager and Agent takes place in form of messages. The monitoring process must be done via a MIB which is a standardized database and it contains parameters/objects to describe these networking devices (like IP addresses, interfaces, CPU utilization, …).<br />
<br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTIAZ6PqwOO1vB5F_30P7scGeTTSJY1l2TkbABZBn8FdqzmG0uyGlP5cFjvsDUm6nGZTTkGF-sQ8SrCH2VZPNbLMalUKTv3G3qu1oFqzBc8P-SXIkeMk59hr9gEqib3O61dceol2nkufD4/s1600/snmp.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="187" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTIAZ6PqwOO1vB5F_30P7scGeTTSJY1l2TkbABZBn8FdqzmG0uyGlP5cFjvsDUm6nGZTTkGF-sQ8SrCH2VZPNbLMalUKTv3G3qu1oFqzBc8P-SXIkeMk59hr9gEqib3O61dceol2nkufD4/s320/snmp.jpg" width="320" /></a></div>
<br />
There are three versions of SNMP — v1, v2, and v3. Each has more features than the next. Most network admins today use v2, but v3 offers many more security features.V3 has both authentication and encryption capability; the earlier versions do not. Try to use V3 whenever is possible and the other versions should be restricted to allowing read-only access via the use of <b>community strings.</b><br />
<br />
<b> </b><span class="_Tgc"> The SNMP Read-Only <span style="color: #660000;"><b>Community String</b></span> is like a password. It is sent along with each SNMP Get-Request and allows (or denies) access to device. Most network vendors ship their equipment with a default password of "public". (This is the so-called "default public <b>community string</b>")</span><br />
<br />
<span class="_Tgc"> </span>For example, in the topology above you want to monitor a router, a server and a Multilayer Switch. You can run SNMP Agent on all of them. Then on a PC you install a SNMP Manager software to receive monitoring information. SNMP is the protocol running between the Manager and Agent. SNMP communication between Manager and Agent takes place in form of messages. The monitoring process must be done via a MIB which is a standardized database and it contains parameters/objects to describe these networking devices (like IP addresses, interfaces, CPU utilization, …). Therefore the monitoring process now becomes the process of GET and SET the information from the MIB.<br />
<br />
<h3 style="text-align: center;">
<span style="color: purple;">Benefits of SNMP:</span></h3>
<ul>
<li> Page or send an SMS text message when a device fails.</li>
<li>Provide Read/Write abilities – for example, you could use it to reset passwords remotely or re-configure IP addresses.</li>
<li>Collect information on how much bandwidth is being used.</li>
<li>Collect error reports into a log, useful for troubleshooting and identifying trends.</li>
<li>Email an alert when your server is low on disk space.</li>
<li>Monitor your servers’ CPU and Memory use, alert when thresholds are exceeded.</li>
<li>Can perform active polling, i.e. Monitoring station asks devices for status every few minutes.</li>
<li>Passive SNMP – devices can send alerts to a monitoring station on error conditions.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="text-align: center;">
<span style="font-size: large;"> <span style="color: purple;"><b>Lab</b></span></span></div>
<br />
We are going to make a very simple lab here so you would understand SNMP configuration, so you will see authentication, encryption and community string in action.<br />
Let's check the community string: we will going to call this community string <b>Cisco</b> and will set the string of <b>read-only</b> access<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCndk0ltIqhbzOwMVY_AyLv3pJ_4kmpP-YBLpVlmpg3ztCP44EjxCqZAourOBdTL3HPb5Wsgnj97lq7NAro65VvQXsEJUaMj7LuAhGC9abcURmpq33OyPvKg_ATgXHXTouViyqHzbrwD_C/s1600/snmp7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="636" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCndk0ltIqhbzOwMVY_AyLv3pJ_4kmpP-YBLpVlmpg3ztCP44EjxCqZAourOBdTL3HPb5Wsgnj97lq7NAro65VvQXsEJUaMj7LuAhGC9abcURmpq33OyPvKg_ATgXHXTouViyqHzbrwD_C/s640/snmp7.png" width="640" /></a></div>
This configuration would allow hosts identified by ACL 12 to have read-only access to all SNMP objects specified by the community string.<br />
With SNMP V3 things are getting harder and more secured, so now we will create an SNMP group called MiamiHeat ( yes, I am a fan of this team !) and assigning a user to that group<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitpvcju9s6XqGDIu5kWS2LwV1h0FbTYE-JuFmWOsi1UyfuSueF-Mb59sta2DvPzso6bRCWrW8XjLvnw34XnZL6ySrQpLP2xFf8r5G9IFz2tvAfTubi89LaWO1tOnnTm0y4xpmHoKSgIo1e/s1600/smtp8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="370" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitpvcju9s6XqGDIu5kWS2LwV1h0FbTYE-JuFmWOsi1UyfuSueF-Mb59sta2DvPzso6bRCWrW8XjLvnw34XnZL6ySrQpLP2xFf8r5G9IFz2tvAfTubi89LaWO1tOnnTm0y4xpmHoKSgIo1e/s640/smtp8.png" width="640" /></a></div>
Now you are aware of how simple it is to configure SNMP version 3 with authentication and encryption capability.<br />
<br />
If you have any questions, please feel free to ask.<br />
<br />
If you understood and liked this simple SNMP explanation, please feel free to share.<br />
<br />
<h3 style="text-align: center;">
<span style="color: purple;"> </span></h3>
<h3 style="text-align: left;">
<span style="color: purple;"> </span></h3>
ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-74510367952501373972016-10-02T17:18:00.002-07:002018-01-25T05:51:14.494-08:00Configuring SYSLOG & NTP<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOZ2nxYqbbVyX77EU_zAv4YBzTd2h2m86AVaMvUF9H7PfTDRk1TmqmR_Ym25JoMjqknOQHy2D5Pro2sIuGBAnxFMgl-ogh7A6ctf5n4zwdZndgAFp3beyPldsh8eNi78qyrrwoK_pxYlo-/s1600/syslog.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="228" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOZ2nxYqbbVyX77EU_zAv4YBzTd2h2m86AVaMvUF9H7PfTDRk1TmqmR_Ym25JoMjqknOQHy2D5Pro2sIuGBAnxFMgl-ogh7A6ctf5n4zwdZndgAFp3beyPldsh8eNi78qyrrwoK_pxYlo-/s320/syslog.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
<br />
<span style="font-size: small;"><span style="font-family: "courier new" , "courier" , monospace;">Knowing how to properly use logging is a necessary skill for any network administrator. It's vital that you know how to use logging when it comes time to start troubleshooting.</span></span><br />
<span style="font-size: small;"><span style="font-family: "courier new" , "courier" , monospace;"><br /></span></span>
<br />
<div data-canvas-width="79.56380000000003" style="left: 577.517px; top: 845.094px; transform: scaleX(1.00248);">
<h4>
<span style="font-size: xx-small;"><span style="font-family: "courier new" , "courier" , monospace; font-size: large;"><b><span style="color: #990000;"><u>Syslog messages</u></span> </b>that are generated by the network devices can be collected and archived on a <b>syslog server</b>. The information can be used for monitoring, debugging,and troubleshooting purposes. The administrator can control where the messages are stored and displayed. </span></span></h4>
<span style="font-size: xx-small;"><span style="font-family: "courier new" , "courier" , monospace;"><br /></span></span></div>
<div data-canvas-width="79.56380000000003" style="left: 577.517px; top: 845.094px; transform: scaleX(1.00248);">
</div>
<div data-canvas-width="79.56380000000003" style="font-family: sans-serif; left: 577.517px; top: 845.094px; transform: scaleX(1.00248);">
<br />
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCkm9MaW3GTEsaSew8WrrCcwWgme_8RQww7CL8PWB5MNR66gDr4jbBbM-HGKZh5DXs5KY3RV-kC3vOczHAkJKoLogUIDxh3sXtNIyp4ZMvggJIeQP5kqRhR0mKV1oiYmOpwBE2-l2wYqVX/s1600/imagesyslog.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCkm9MaW3GTEsaSew8WrrCcwWgme_8RQww7CL8PWB5MNR66gDr4jbBbM-HGKZh5DXs5KY3RV-kC3vOczHAkJKoLogUIDxh3sXtNIyp4ZMvggJIeQP5kqRhR0mKV1oiYmOpwBE2-l2wYqVX/s400/imagesyslog.jpg" width="400" /> </a></div>
<div style="font-size: 16.6px;">
Syslog messages usually include information to help identify basic information about where, when, and why the log was sent: ip address, timestamp, and the actual log message. Messages are sometimes in a descriptive, human-readable format – but not always!</div>
<div style="font-size: 16.6px;">
<br /></div>
<div style="font-size: 16.6px;">
Syslog uses a concept called “facility” to identify the source of a message on any given machine. For example, a facility of “0” would be a Kernel message, and a facility of “11” would be an FTP message. This dates back to Syslog’s UNIX roots. Most Cisco network equipment uses the “Local6” or “Local7”facility codes.</div>
<div data-canvas-width="472.6850000000001" style="font-family: sans-serif; font-size: 16.6px; left: 173.833px; top: 883.294px; transform: scaleX(1.00586);">
Syslog messages can be time-stamped for analysis of the sequence of network events; therefore, it is important to synchronize the clock across the network devices with a Network Time Protocol <span style="color: #990000;">(<b>NTP</b>)</span> server.</div>
<div style="font-size: 16.6px;">
<br /></div>
<div style="font-size: 16.6px;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
The Cisco IOS offers a great many options for logging. To help bring you up to speed, let's check how to configure logging.The <b><i>logging</i></b> command in Global Configuration Mode and the <i>show logging</i> command in Privileged Mode are two simple but powerful tools to configure and show all Cisco IOS logging options. Let's take a closer look.</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
Let's check the syslog server..We have many devices to do that on our physical equipment and it can be confusing.</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
We will do the <i><u>first</u></i> part of our lab a lab with <u>Cisco packet </u><u>tracer</u> , them the<i> <u>second</u></i> part , only focusing in a <u>Real Cisco switch</u> ;so at the beginning you can see graphically easier what we are doing in a network...</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
These are the steps that we are going to take:</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
1.-Configure Syslog service</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
2.-Generate logging events</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
3.-Manually set switch clock </div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
4.-Configure NTP Service</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
5.-Verify timestamp logs</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
You can download this lab here: <b>http://tinyurl.com/gsfaxxm</b></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvNMiiEHBgF1WiZZRrua16u_o6DovOa8Pem5g8hpr3lLP2J1N6AlJKgLlFIiRzCrxZnDFBUnpobsu6pcLEjLTsxWD1DlAR7eFXKuwBmVzhL9qM_y0LURGoai7AZvbDVn2pq-Qfc0qXYClp/s1600/sys1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="275" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvNMiiEHBgF1WiZZRrua16u_o6DovOa8Pem5g8hpr3lLP2J1N6AlJKgLlFIiRzCrxZnDFBUnpobsu6pcLEjLTsxWD1DlAR7eFXKuwBmVzhL9qM_y0LURGoai7AZvbDVn2pq-Qfc0qXYClp/s400/sys1.png" width="400" /></a></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<span style="color: purple;"><b>Part 1: Configure Syslog service</b></span></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
1.-We will enable syslog, on the syslog server..</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRc8zVkmFX-ScAqSadyEP8u0en0V1zmA0FLSigeS7np-nVKaBvrXVAUEXRG-R7UI1REaMaxQNhf1ZuQok6-JHq8gRUlZ_8ryyWJ4tNGm2WSyx8mfOQ_RrS2kK-3Rwr6_6tZSZcEaok1d_3/s1600/sys2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="285" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRc8zVkmFX-ScAqSadyEP8u0en0V1zmA0FLSigeS7np-nVKaBvrXVAUEXRG-R7UI1REaMaxQNhf1ZuQok6-JHq8gRUlZ_8ryyWJ4tNGm2WSyx8mfOQ_RrS2kK-3Rwr6_6tZSZcEaok1d_3/s320/sys2.png" width="320" /></a></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
2.-We will enable intermediary service (router and switches) to use Syslog service</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
2.1 We will configure R1 to send logs event to the Syslog server and <b>BOTH</b> switches</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCVUYr2mrMMsTtdVOW0aFkkHRJj-7S5BuEA2GDtNptA5TPjzhmxLhgIeNdFL6I8tPhxv64V5IQQuGvEkwKNQSTVwmeIsbf6vl4fZpGluHy463Dxs7BPFFnoInPy5VEjXAjnrnZA53SDnZk/s1600/sys3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="328" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCVUYr2mrMMsTtdVOW0aFkkHRJj-7S5BuEA2GDtNptA5TPjzhmxLhgIeNdFL6I8tPhxv64V5IQQuGvEkwKNQSTVwmeIsbf6vl4fZpGluHy463Dxs7BPFFnoInPy5VEjXAjnrnZA53SDnZk/s640/sys3.png" width="640" /></a></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgitdRjE2YQPR2vBoUzpbLhnesDofNsDkXzBaTqyYmWX7fl0uvoklGsgpv_-f3fAgl1mj0ShNR_OGhHllp4uMC0O6C4N8F8btBA5xhEbKbwgCeTu4-ONDCoQOjWG_5V_r8tWo3uFb8Q2c8A/s1600/sys4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgitdRjE2YQPR2vBoUzpbLhnesDofNsDkXzBaTqyYmWX7fl0uvoklGsgpv_-f3fAgl1mj0ShNR_OGhHllp4uMC0O6C4N8F8btBA5xhEbKbwgCeTu4-ONDCoQOjWG_5V_r8tWo3uFb8Q2c8A/s400/sys4.png" width="400" /></a></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<span style="color: purple;"><b> Part 2 :Generate logging events</b></span></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<span style="color: purple;"><b>1 <span style="color: black;">Change the status of the interfaces to create event logs</span></b></span></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<span style="color: purple;"><b><span style="color: black;"> -</span></b><span style="color: black;">Configure a loopback0 on interface R1 them disable</span></span></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<span style="color: purple;"><span style="color: black;">-Turn off and on the PC's</span></span></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<b><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0ved_dG-KVY4PWRn6XD-1RbQw4kGh68a5n0c4TnEfDRtoUKHRjTS5quUi0RHP1f15DK6aKpP5aB68GBnUSjAWMCbs8lgZY5MI20C2j81yaoy-Eza2r-cDJ6qA9TGtSVBEOX5C4NKd7mhf/s1600/sys5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="137" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0ved_dG-KVY4PWRn6XD-1RbQw4kGh68a5n0c4TnEfDRtoUKHRjTS5quUi0RHP1f15DK6aKpP5aB68GBnUSjAWMCbs8lgZY5MI20C2j81yaoy-Eza2r-cDJ6qA9TGtSVBEOX5C4NKd7mhf/s400/sys5.png" width="400" /></a></b></div>
<div style="font-size: 16.6px;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgX5_uuuo6kac9nwj1gBvPfVFNgY2LHCVU45oMjM6xq06DaYE7Z_6poNbs2BUEIrAUyF6yU3I_yvI6ZEfUdVyN5xzz7u3Gw9HAsT_MPPjP-KL4jwVOj0OmcGapEmdKF9qDzRcrp1W947ESe/s1600/sys6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="129" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgX5_uuuo6kac9nwj1gBvPfVFNgY2LHCVU45oMjM6xq06DaYE7Z_6poNbs2BUEIrAUyF6yU3I_yvI6ZEfUdVyN5xzz7u3Gw9HAsT_MPPjP-KL4jwVOj0OmcGapEmdKF9qDzRcrp1W947ESe/s320/sys6.png" width="320" /></a></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<span style="color: purple;"><b>Part 2: Check the syslog events</b></span></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<b><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWgQbMaKRjHATLaJuiqpG6spWt2GKd5io5tYA8nQ8dDRQNpWpqJvhyphenhyphenPH1sArsiB2nvCaB7wfieEUky5qYnZIU2-bv_1CvrhOpqYktCBExUNGR5ENW5oSblYMiqFfEthoMB-UaV_1jmNiIZ/s1600/sys7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="345" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWgQbMaKRjHATLaJuiqpG6spWt2GKd5io5tYA8nQ8dDRQNpWpqJvhyphenhyphenPH1sArsiB2nvCaB7wfieEUky5qYnZIU2-bv_1CvrhOpqYktCBExUNGR5ENW5oSblYMiqFfEthoMB-UaV_1jmNiIZ/s400/sys7.png" width="400" /></a></b></div>
<div style="font-size: 16.6px;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<b> We will eventually clear the log</b></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<b><span style="color: purple;">Part 3: Manually set the switch clocks in both switches</span></b></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4GX_Y1FsoicKQMUdEV1R-wCosnPSymRFjcALfMaQcVccCYqdnxd60NaTDBKlbiyl_6w5vRetA5jfr0xDDMseFb9j0W6C5_cl4QyVqd8jJuZfoW05MnMRbqDLidtKXwgiq56CeuxWaw_5g/s1600/sys8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="85" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4GX_Y1FsoicKQMUdEV1R-wCosnPSymRFjcALfMaQcVccCYqdnxd60NaTDBKlbiyl_6w5vRetA5jfr0xDDMseFb9j0W6C5_cl4QyVqd8jJuZfoW05MnMRbqDLidtKXwgiq56CeuxWaw_5g/s400/sys8.png" width="400" /></a></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<b><span style="color: purple;"><br /></span></b></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
#clock set 6:00:00 October 1 2016</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<b></b></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<b>Enable the logging timestamp on both switches and send the log to the Syslog server</b></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs176rzR6iDgcc6JO2N_pDNIUfcn0aRT0BwfV4Ojt5D1O_F0k26enWcLZQPqzhu89LtopDBSstEp3FvxFAAENf3OU_whRWmlu_REafspHYw7a-DLSQ355abd_iiXxAcmp-9A4DM8sktxqk/s1600/sys9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="90" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs176rzR6iDgcc6JO2N_pDNIUfcn0aRT0BwfV4Ojt5D1O_F0k26enWcLZQPqzhu89LtopDBSstEp3FvxFAAENf3OU_whRWmlu_REafspHYw7a-DLSQ355abd_iiXxAcmp-9A4DM8sktxqk/s640/sys9.png" width="640" /></a></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<b><br /></b></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<b><span style="color: purple;">Part 4: Configure the NTP Service</span></b></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<b><br /></b></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<b> Open the NTP service, check the service tab, turn it on and check the date</b></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<b><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpwA2L4_VizR1Ac1Hbp-lhbGqd9tt952OQM2MgSNOZ4ghG0nnFR_zWu0VVdxBok1HUGuIEgQfCi51qvZNNmAyoPbIiHgrmQkNj9f63Xcn8YpWXon3-G_I31Y9hUDyHyOsRgPFb_CUUIEl0/s1600/sys10.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpwA2L4_VizR1Ac1Hbp-lhbGqd9tt952OQM2MgSNOZ4ghG0nnFR_zWu0VVdxBok1HUGuIEgQfCi51qvZNNmAyoPbIiHgrmQkNj9f63Xcn8YpWXon3-G_I31Y9hUDyHyOsRgPFb_CUUIEl0/s320/sys10.png" width="320" /></a></b></div>
<div style="font-size: 16.6px;">
set the clock on the router</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhS5uZ0wTlGHyq9YThHsNhoNKj1KUHeebQGC2yuupixv0eb89E4PAsBppaT2D_FSOY30ew61EezSA2d18wMKuMJWINhCWG9-BhIqI01PC0_oYv4uUm-zhePvNy4Zi59xu_2uEE1BHZVMETu/s1600/sys12.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="194" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhS5uZ0wTlGHyq9YThHsNhoNKj1KUHeebQGC2yuupixv0eb89E4PAsBppaT2D_FSOY30ew61EezSA2d18wMKuMJWINhCWG9-BhIqI01PC0_oYv4uUm-zhePvNy4Zi59xu_2uEE1BHZVMETu/s640/sys12.png" width="640" /></a></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<b><span style="color: purple;">Part 5 : Verify the timestamped log</span></b></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
We will renable and disable the loopback 0 on the router and turn Off and On the laptops </div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjV05BV167A9X7yaq35GZiIMBdYFWWmbzMod9DiDeqlwzo8cZLAi-IlVeLSJwrEK7oBcwnctu-5y3bTCcvjH1lRv3NdDZLlS9b-TwlKpyKYUCNmM0c-qdnfggTZ8tPc4iHMUq5OqN39AgcD/s1600/sys13.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="368" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjV05BV167A9X7yaq35GZiIMBdYFWWmbzMod9DiDeqlwzo8cZLAi-IlVeLSJwrEK7oBcwnctu-5y3bTCcvjH1lRv3NdDZLlS9b-TwlKpyKYUCNmM0c-qdnfggTZ8tPc4iHMUq5OqN39AgcD/s640/sys13.png" width="640" /></a></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTWkxzoKuC4kydvFz0vi85HHqcDDUw64dc-rvgcwQF6r_lUh_Kna3YvJZUIPL9__ENVhCE12PcKuZNNwCp0O54c7OncONakpFwwyoX0xpZRP3n_JKtSR23R-64XW945NredTnzZJZtOqVs/s1600/sys14.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="296" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTWkxzoKuC4kydvFz0vi85HHqcDDUw64dc-rvgcwQF6r_lUh_Kna3YvJZUIPL9__ENVhCE12PcKuZNNwCp0O54c7OncONakpFwwyoX0xpZRP3n_JKtSR23R-64XW945NredTnzZJZtOqVs/s400/sys14.png" width="400" /></a></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
Examine the syslog events</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGSXHblWKieB9Q1J4s4Q6f-NuTcMBEQ1tU1ouy_W3er4WeNREt-G_ysySpd_CbKND7uDP-kRLzcIsMHLAuRNfs2ZZF89nQ9SGeBBEzt-g79sVw3QKdMKe1cbpijLu2S0LOLkckB7LiuWJi/s1600/sys16.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="352" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGSXHblWKieB9Q1J4s4Q6f-NuTcMBEQ1tU1ouy_W3er4WeNREt-G_ysySpd_CbKND7uDP-kRLzcIsMHLAuRNfs2ZZF89nQ9SGeBBEzt-g79sVw3QKdMKe1cbpijLu2S0LOLkckB7LiuWJi/s640/sys16.png" width="640" /></a></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
We could see the change in the clock settings , we see all the events recorded properly.</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
This lab is done in packet tracer, that we use because of the graphics , so you understand better.</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
Now let's check some command on real Cisco devices </div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<h3 class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<u><span style="color: #b45f06;">Second Part of our lab</span></u></h3>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdNcMNyW7Fu0hHVKJ5ctAG0OVCzc_chX5EyiZliXg4QDdBjd-Fm8zomZ2Qo1E4TsSpc0ESHJO5prBMsG3fuu1s15M_mwcTXlbWrj1exN9jRHtHCEzvuziOVI6YI0xwJOkCcttyjIgLBMGO/s1600/sys20.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="452" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdNcMNyW7Fu0hHVKJ5ctAG0OVCzc_chX5EyiZliXg4QDdBjd-Fm8zomZ2Qo1E4TsSpc0ESHJO5prBMsG3fuu1s15M_mwcTXlbWrj1exN9jRHtHCEzvuziOVI6YI0xwJOkCcttyjIgLBMGO/s640/sys20.png" width="640" /></a></div>
<div style="font-size: 16.6px;">
When we check the tap option , all message of the numeric severity you choose and all those with lower numeric value are sent to the logging server specified with hostname..Therefore, to send all log messages to the server , you only need to specify level 7.</div>
<div style="font-size: 16.6px;">
<br /></div>
<div style="font-size: 16.6px;">
You can change the beginning of the syslof message to the timestamp format of your choice with service timestamp log.For example I don't want the msec no more and I would choose datetime format</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
</div>
<div style="font-size: 16.6px;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQFNNJubZpqWfV8GzWLhW4pG3xJjHd3nTLVcv9l3MvHwQoe4HGrGB6DBNArBXeDq5-t1AU3fOQSoQ5r8hUUi9hPg-UUKL1VSjbgUnlSlPIfbmaiclGnWKDFz-liMfrsSB1Mz7rUpHYxmik/s1600/sys21.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="558" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQFNNJubZpqWfV8GzWLhW4pG3xJjHd3nTLVcv9l3MvHwQoe4HGrGB6DBNArBXeDq5-t1AU3fOQSoQ5r8hUUi9hPg-UUKL1VSjbgUnlSlPIfbmaiclGnWKDFz-liMfrsSB1Mz7rUpHYxmik/s640/sys21.png" width="640" /></a></div>
<div style="font-size: 16.6px;">
<br /></div>
<div style="font-size: 16.6px;">
<br /></div>
<div style="font-size: 16.6px;">
<br /></div>
<div style="font-size: 16.6px;">
If you prefer to see the uptime reflected in Syslog messages , you simply choose that option</div>
<div style="font-size: 16.6px;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3Sfec_mZ3UeU1U7N4h009vD38sHaJykMX0WAEE4TJlEajvPYEJdntH8vqd6gdhca0c18glRMxsjSgeQ9YK877GlfFs_DLhfX1IASl2jBUEV5EfUiQnCaOwJEgaveE_C5TpntpKLMkPQ08/s1600/sys23.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="282" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3Sfec_mZ3UeU1U7N4h009vD38sHaJykMX0WAEE4TJlEajvPYEJdntH8vqd6gdhca0c18glRMxsjSgeQ9YK877GlfFs_DLhfX1IASl2jBUEV5EfUiQnCaOwJEgaveE_C5TpntpKLMkPQ08/s640/sys23.png" width="640" /></a></div>
<div style="font-size: 16.6px;">
<br /></div>
<div style="font-size: 16.6px;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
To change this severity value use logging console</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNodKknna3HhquwM-jkKBxb5OrPMptA70xlSZ1_fUHdzTdcRvD4aBhKsJ0fOI5PbhaBGj8BYV5YxQI-hzwIVsNMF5rhnjH67zURpAuojKptFPp3xx2Kt-cYW1EaepIeaySqp3eXr38NZsq/s1600/sys24.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="378" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNodKknna3HhquwM-jkKBxb5OrPMptA70xlSZ1_fUHdzTdcRvD4aBhKsJ0fOI5PbhaBGj8BYV5YxQI-hzwIVsNMF5rhnjH67zURpAuojKptFPp3xx2Kt-cYW1EaepIeaySqp3eXr38NZsq/s400/sys24.png" width="400" /></a></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
To send log messages to the local device's internal buffer , run logging buffered follow by the severity level.</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
To view the logs , run show logging</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6SLTvZy6RaGp08uLIt2Tqu7koK1n2X1-9ePWyxhWUbqHBbcs-ELP_TIP6gER2PSS_r5-cKQv6MIw5WFylJ2wbJCLeJgv6vUSR4FXYyl9BJkgJUBqYR4ND_3QAC49ICqFplgsne_hiEQs6/s1600/sys25.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="361" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6SLTvZy6RaGp08uLIt2Tqu7koK1n2X1-9ePWyxhWUbqHBbcs-ELP_TIP6gER2PSS_r5-cKQv6MIw5WFylJ2wbJCLeJgv6vUSR4FXYyl9BJkgJUBqYR4ND_3QAC49ICqFplgsne_hiEQs6/s400/sys25.png" width="400" /></a></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
..continuation</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEho1nUWUB1cWuBMops9n5bnYYMBYQlFf_asFIiLoSnzTgtwTUmySaYiKLL3eBzHywpeDIJR_OZrRk7J2IyxkUoP9x7u_hLQ55GPSqN8vsKqSV83VC4WGp9SxbqfxhYlYrQKksoCvzIvXBy8/s1600/sys26.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="562" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEho1nUWUB1cWuBMops9n5bnYYMBYQlFf_asFIiLoSnzTgtwTUmySaYiKLL3eBzHywpeDIJR_OZrRk7J2IyxkUoP9x7u_hLQ55GPSqN8vsKqSV83VC4WGp9SxbqfxhYlYrQKksoCvzIvXBy8/s640/sys26.png" width="640" /></a></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
In case that you have a very long log with message of "link up-down"</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7ENm7TOyEq_Z_CPF_Sbd5H0ReUA8OkyT0V56s9A_k9sfUhmC_VxgbS8UmqfhrCH4T7aJI4eDXOd0fWefBCKWHuh82f9KRsmrX4vvNqRNj-7CnoEYgdXZaBCd1GqRIsY_sNXaIo7Ft13ll/s1600/sys27.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="347" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7ENm7TOyEq_Z_CPF_Sbd5H0ReUA8OkyT0V56s9A_k9sfUhmC_VxgbS8UmqfhrCH4T7aJI4eDXOd0fWefBCKWHuh82f9KRsmrX4vvNqRNj-7CnoEYgdXZaBCd1GqRIsY_sNXaIo7Ft13ll/s400/sys27.png" width="400" /></a></div>
<div style="font-size: 16.6px;">
, and you want to keep your log message smaller, to make the log easier to read, you can use the command<i> no logging event link-status</i>, to get rid of those messages.</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
I hope that this lab was useful for you..If you like it click share</div>
<div class="separator" style="clear: both; font-size: 16.6px; text-align: left;">
<br /></div>
</div>
ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-22149697235744984262016-10-01T09:15:00.002-07:002016-10-28T10:54:12.963-07:00SWITCH FEATURES<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtMmkHFM0oJjuhLoj3zHLp7cFlWvVNjUnLXbBVg01y_jYS867Lg5Sbe_1CLdfsQQyTsyChNb5yCSK6TmFqSgLSPonV_vyGje1hAi62ivHsh9bsMUHKpQHNPZXnhhIICEgwSWTigGvNv0at/s1600/Switch+features.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtMmkHFM0oJjuhLoj3zHLp7cFlWvVNjUnLXbBVg01y_jYS867Lg5Sbe_1CLdfsQQyTsyChNb5yCSK6TmFqSgLSPonV_vyGje1hAi62ivHsh9bsMUHKpQHNPZXnhhIICEgwSWTigGvNv0at/s320/Switch+features.jpg" width="320" /></a></div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUycAenOOM_r3ktrx3gyjex2u6SycU4Wy1-PEOe2bGEBfStp8Utei2aNB5VUQxYeBj2TZGO2ppcpX4BdwIqEYFUU2qJ0DAMETbfP4VY87dvt0l8Q8rxACvk4UPbiCcd3sc1fsDqbcY8LzA/s1600/cooltext207892342850842.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a> <br />
We will describe some of the features you may find supported on
switches. The size of your network and its expected growth affect the
way you use Ethernet switches and the type of switch features that you
need. A network in a home or single office space can get by with one or a
few small and low-cost switches that provide basic Ethernet service at
high enough speeds to meet your needs with few extra features. Such
networks are not expected to be complex enough to present major
challenges in terms of network stability, nor are they expected to grow
much larger.<br />
<br />
On the other hand, a medium-sized network supporting
multiple offices may need more powerful switches with some management
features and configuration capabilities. If the offices require
high-performance networking for access to file servers, then the network
design may require switches with fast uplink ports. Large campus
networks with hundreds or even thousands of network connections will
typically have a hierarchical network design based on switches with
high-speed uplink ports, and more sophisticated switch features to
support network management and help maintain network stability.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBDnwkM3IZIjtC9dZXI2h5B8_z05WnZ3kQpRtXgudrB6fXxM4ijCOppt_JT1ClyXHfeSeJuhHoMZrZiflzyOZpWsUGOaqV-9SGrrb_a0juP_gJrhCVXSOQ_Wrki_7SNsZpYFj5PJVECJ6a/s1600/sw-featu.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="311" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBDnwkM3IZIjtC9dZXI2h5B8_z05WnZ3kQpRtXgudrB6fXxM4ijCOppt_JT1ClyXHfeSeJuhHoMZrZiflzyOZpWsUGOaqV-9SGrrb_a0juP_gJrhCVXSOQ_Wrki_7SNsZpYFj5PJVECJ6a/s400/sw-featu.PNG" width="400" /></a></div>
<br />
Depending
on their cost, switches may be provided with a management interface and
management software that collects and displays statistics on switch
operation, network activity, and port traffic and error counters.<br />
<br />
We will talk about different switch features in this charter:<br />
<br />
<ul>
<li>SPAN</li>
</ul>
<ul>
<li>UDLD</li>
</ul>
<ul>
<li>CAM table, TCAM &SDM Templates</li>
</ul>
<ul>
<li>CDP,LLDP, Internet of things, POE</li>
</ul>
<br />
<br />
<br />
<br />
<br />
<h2>
</h2>
ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-47480286135141340852016-09-30T13:13:00.000-07:002017-09-24T15:01:04.109-07:00AAA<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNmjwTuUWh7JWtLXOLcdR4vE-viPLGLcHd4WfSAMxVqC3Q3bz0wJwZ3YCYeA2cC5XLYbmt7hxuKZxp-tbiSmVGAG57KBXjtldHjymmY3u0hc22QSCqI-B8fkpN54yaVxQKzAVe8UYSvrDG/s1600/cooltext207613555123114.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNmjwTuUWh7JWtLXOLcdR4vE-viPLGLcHd4WfSAMxVqC3Q3bz0wJwZ3YCYeA2cC5XLYbmt7hxuKZxp-tbiSmVGAG57KBXjtldHjymmY3u0hc22QSCqI-B8fkpN54yaVxQKzAVe8UYSvrDG/s400/cooltext207613555123114.png" width="400" /></a></div>
<br />
<br />
<br />
<span style="color: red;"><b>AAA</b></span> is an acronyms for authentication, authorization and accounting and is a term for a framework for intelligently controlling access
to computer resources, enforcing policies, auditing usage, and
providing the information necessary to bill for services.<br />
This whole process is important for effective network management and
security.<br />
<br />
<br />
<br />
If you have more than a few network devices using local user accounts is
not a scalable solution. The solution is to centralize the
authentication either via a TACACS+ or a RADIUS server. It is more
common to use a TACACS server. Cisco has their own TACACS server which
is called Cisco ACS. To setup authentication we need to do some
configuration.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVfYyy3en533ITVmFeZ33wDRquGE3Ng4WMwgx_zn8Zmw6FHVXMLcaf2ql3mltuh04mvmhMnn9ysFYKTnedYGJuTGn7m1jC6aObtIZJviZQsWmLwRrdsecp2z4a6MA7VPSWwE8ud4-dtsf6/s1600/Cool+Text+-+Tacacs+207613771242940.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="55" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVfYyy3en533ITVmFeZ33wDRquGE3Ng4WMwgx_zn8Zmw6FHVXMLcaf2ql3mltuh04mvmhMnn9ysFYKTnedYGJuTGn7m1jC6aObtIZJviZQsWmLwRrdsecp2z4a6MA7VPSWwE8ud4-dtsf6/s200/Cool+Text+-+Tacacs+207613771242940.png" width="200" /></a></div>
<br />
Terminal Access Controller Access-Control System<span style="color: red;"> (TACACS)</span> is a protocol
set created and intended for controlling access to UNIX terminals. Cisco
created a new protocol called TACACS+, which was released as an open
standard in the early 1990’s.<br />
TACACS+ uses Transmission Control Protocol (TCP) port 49 to communicate
between the TACACS+ client and the TACACS+ server. An example is a Cisco
switch authenticating and authorizing administrative access to the
switch’s IOS CLI.<br />
One of the key differentiators of TACACS+ is its ability to separate
authentication, authorization and accounting as separate and independent
functions. This is why TACACS+ is so commonly used for device
administration, even though RADIUS is still certainly capable of
providing device administration AAA.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8cXdsYJMa4Dh_x53vlmy-JmvgKdoOagnz_4cUyLnCGq90IcJIW6cYTbz1sBAbQ9XfA4siig2dWar6Kfj4YqDZTg_ci8PbxMSpMNjdJ16fshgFDnU1e6QIRAuUCKJxIgUxXgB9E5myknfy/s1600/Cool+Text+-+Radius+207613694146283.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="58" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8cXdsYJMa4Dh_x53vlmy-JmvgKdoOagnz_4cUyLnCGq90IcJIW6cYTbz1sBAbQ9XfA4siig2dWar6Kfj4YqDZTg_ci8PbxMSpMNjdJ16fshgFDnU1e6QIRAuUCKJxIgUxXgB9E5myknfy/s200/Cool+Text+-+Radius+207613694146283.png" width="200" /></a></div>
Remote Access Dial-In User Service <span style="color: red;">(RADIUS</span>) is an IETF standard for AAA.
As with TACACS+, it follows a client / server model where the client
initiates the requests to the server. With IEEE 802.1X, RADIUS is used to extend the layer-2 Extensible
Authentication Protocol (EAP) from the end-user to the authentication
server.<br />
<br />
<div data-canvas-width="682.4094000000001" style="font-family: serif; font-size: 16.6px; left: 246.002px; top: 778.895px; transform: scaleX(1.05102);">
<b> <span style="color: red;">RADIUS security system with Extensible Authentication Protocol (EAP) extensions is the only</span></b><b><span style="color: red;"> supported authentication server to configure 802.1x</span></b></div>
<div data-canvas-width="682.4094000000001" style="font-family: serif; font-size: 16.6px; left: 246.002px; top: 778.895px; transform: scaleX(1.05102);">
</div>
<div data-canvas-width="682.4094000000001" style="font-family: serif; font-size: 16.6px; left: 246.002px; top: 778.895px; transform: scaleX(1.05102);">
<br />
<div class="separator" style="clear: both; text-align: center;">
<b><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s1600/exam.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s200/exam.png" width="200" /></a></b></div>
<b>
</b></div>
<br />
<br />
<br />
<br />
Here are some differences between Tacacs and Radius :<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4oQDAtQv_VWMTzdzUdVykcYmbttqH9ZeFKmpx0p-7s4Er4yxY5wNPAEApU4CQ4yv-JWooe3et_5JG7ZT2CREOZSrPMEhDKhg2p4LMa_SKUwBoIrJdLxDuAkI-FWhks4UXQC8nGbKx723X/s1600/aaa3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="330" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4oQDAtQv_VWMTzdzUdVykcYmbttqH9ZeFKmpx0p-7s4Er4yxY5wNPAEApU4CQ4yv-JWooe3et_5JG7ZT2CREOZSrPMEhDKhg2p4LMa_SKUwBoIrJdLxDuAkI-FWhks4UXQC8nGbKx723X/s640/aaa3.png" width="640" /></a></div>
<br />
<br />
<img alt="" border="0" height="2" src="https://www.cisco.com/c/dam/en/us/td/i/templates/blank.gif" width="19" /><b><span style="color: red;"><span style="font-style: normal;">Network</span> authorization type connection</span></b>: —Applies to network connections. This can include a PPP, SLIP, or ARAP connection. <br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s1600/exam.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s200/exam.png" width="200" /></a></div>
<br />
<br />
This is the configuration of AAA<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpe-gyr0-Z1rTkBveyeVLyiEiiBg86YTCY-G38iOS4tAUaS1Uxm4OzbIyCwdZVCF2p9KwggMJGOtT0otSFhkusSHIltlIxlunaMaGdkdvTlFLn4DOsBR0SjZrBA2pMq7EnrbyJkq1qBoEE/s1600/aaa.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="275" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpe-gyr0-Z1rTkBveyeVLyiEiiBg86YTCY-G38iOS4tAUaS1Uxm4OzbIyCwdZVCF2p9KwggMJGOtT0otSFhkusSHIltlIxlunaMaGdkdvTlFLn4DOsBR0SjZrBA2pMq7EnrbyJkq1qBoEE/s400/aaa.png" width="400" /></a></div>
<span style="color: purple;"><br /></span>
<span style="color: purple;">Now check the example..I am going to use my name as a password..</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4E5APpVw6IjAqHSYfU1JsQUMbmYIAN53s_fF_1U-y1Cs9STMO3CbSyQez7y-8oSmc4Qyo5HPuQeo4_x6cJZd_GpS6ZnNHwCAT4xztachUSiGZ31LxEDBUJdTlYk0ynFNvnJZYJ21Pqhj2/s1600/aaa4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="604" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4E5APpVw6IjAqHSYfU1JsQUMbmYIAN53s_fF_1U-y1Cs9STMO3CbSyQez7y-8oSmc4Qyo5HPuQeo4_x6cJZd_GpS6ZnNHwCAT4xztachUSiGZ31LxEDBUJdTlYk0ynFNvnJZYJ21Pqhj2/s640/aaa4.png" width="640" /></a></div>
<br />
<span style="color: purple;">In this first part we try to enable a a Radius and Tacacs server authentication</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJT42A7Jb8HHtFwPkyL4H3BZtmsiJocKxMIUMP3Vqaqslhjgni8JiFDV0E6cADMOBGMN3OMBa3DsVT7dLsHAJb22tjPNC2IeS1Emv_OhdLoE9DFXXofH3G8MwDwv2Yd7i58UWXyZmRAmBI/s1600/aaa5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="520" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJT42A7Jb8HHtFwPkyL4H3BZtmsiJocKxMIUMP3Vqaqslhjgni8JiFDV0E6cADMOBGMN3OMBa3DsVT7dLsHAJb22tjPNC2IeS1Emv_OhdLoE9DFXXofH3G8MwDwv2Yd7i58UWXyZmRAmBI/s640/aaa5.png" width="640" /></a></div>
<br />
<span style="color: purple;">Now we try to set up a local authentication in case that the server authentication fails.</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFprOsw2BAUI5OqxLr2vovjPyosjBv319aAgttpF_5yGxQhzK5HVrHH5e2AXE82-ljq8sTJzJf04ghn3LtouldIe3gm2NzoUDHB4hopDkpZljSs-SrRYQBkLFdPcGaoktKN8swCojgxI2C/s1600/aaa6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="174" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFprOsw2BAUI5OqxLr2vovjPyosjBv319aAgttpF_5yGxQhzK5HVrHH5e2AXE82-ljq8sTJzJf04ghn3LtouldIe3gm2NzoUDHB4hopDkpZljSs-SrRYQBkLFdPcGaoktKN8swCojgxI2C/s640/aaa6.png" width="640" /></a></div>
<br />
<br />
<span style="color: purple;">Now this is the results when we try to exit..And we try to login again</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYcL8oIS_0BiXSfp9btT6rNghyE9GkTG_WnZs2mtMCbzB3oGeJbJVZ1ldnKzJSTxImSqzmr4h0KLg-zjpOfNsbBTRP19TVGg-SI8t3Wj6Hbm1Gf-K5PUPF5Dh_WH_RfiObNm9vguxNuzIP/s1600/aaa7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYcL8oIS_0BiXSfp9btT6rNghyE9GkTG_WnZs2mtMCbzB3oGeJbJVZ1ldnKzJSTxImSqzmr4h0KLg-zjpOfNsbBTRP19TVGg-SI8t3Wj6Hbm1Gf-K5PUPF5Dh_WH_RfiObNm9vguxNuzIP/s640/aaa7.png" width="640" /></a></div>
<br />
<span style="color: purple;">This is the way we authenticate locally.</span><br />
<br />
I hope that you like this lab...And you understand Radius and Tacacs authentication..<br />
In case you did , please share it...<br />
<br />ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-78020976203103760252016-09-29T16:24:00.001-07:002016-10-28T10:20:34.680-07:00Difference between Telnet & SSH<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8Mx5Rlg1tRO3-ANLGUmbjzEy_xFqpgZMD3HrVyadqMBrlxVBQ48aZc-ZPYOnSy6PDyW3ikZJ3Rf8xoSTna0bToXX4jOkKsHGT-XgCV1bBl5fcG1a2epOEVqkYbIUoxhca4jqlVTlUiudf/s1600/telnet+and+ssh.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8Mx5Rlg1tRO3-ANLGUmbjzEy_xFqpgZMD3HrVyadqMBrlxVBQ48aZc-ZPYOnSy6PDyW3ikZJ3Rf8xoSTna0bToXX4jOkKsHGT-XgCV1bBl5fcG1a2epOEVqkYbIUoxhca4jqlVTlUiudf/s320/telnet+and+ssh.jpg" width="320" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
<b>Secure Shell ( SSH), and Telnet</b> are two network
protocols that have been used to communicate with remote routers , servers and switches. The primary
difference is that all data sent to the remote host , including password is transmitted in clear text , and that's a big security issue.<br />
SSH offers security mechanisms that protect the users against anyone
with malicious intent while Telnet has no security measures whatsoever and can cause all kind of trouble in our network.<br />
<div style="background-color: white; border: medium none; color: black; overflow: hidden; text-align: left; text-decoration: none;">
<br />
You can see the options when you connect your computer to a switch or router:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTZ684lrr5fVKtp4MPdc8cNkDhuQWMcrlc7NYEtKFYV-_hBEyYANBYQfd3H-Kuvs0LDDYYG9GwSIjKZsh6LuPQf_5hCFFQU-opT6mAq5RURwwMxYWS_d28r2xDIFPIZotZTs-exvewv-xY/s1600/telnet4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="188" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTZ684lrr5fVKtp4MPdc8cNkDhuQWMcrlc7NYEtKFYV-_hBEyYANBYQfd3H-Kuvs0LDDYYG9GwSIjKZsh6LuPQf_5hCFFQU-opT6mAq5RURwwMxYWS_d28r2xDIFPIZotZTs-exvewv-xY/s320/telnet4.png" width="320" /></a></div>
<br />
<br />
<br />
<h2 style="text-align: justify;">
<span style="background-color: purple;"><span style="color: magenta;"><span style="background-color: white;"></span></span></span><span style="color: purple;">Telnet</span></h2>
<div style="text-align: justify;">
Telnet was designed to work within a
private network and not across a public network where threats can
appear. Because of this, all the data is transmitted in plain text,
including passwords. This is a major security issue and the developers
of SSH used encryption to make it harder for other people to sniff the
password and other relevant information.<br />
Telnet also omits another
safety measure called <b>authentication</b>. This ensures that the source of
the data is still the same device and not another computer. Without
authentication, another person can intercept the communication and do
what he wishes. This is also addressed in SSH as it uses a public key to
authenticate the source of the data.<br />
<br />
<br />
<h2 style="text-align: justify;">
<span style="color: purple;">SSH (Secure Shell)</span></h2>
<div style="text-align: justify;">
Secure Shell frequently known as SSH is a
network protocol which is used to form a reliable and stable connection
among two remote computers within the network or on the internet. It
uses a an encrypted form to transmit data between
computers. This obscure language or code allows confidentiality of the
information that has been swapped.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
A lot of people use of SSH for the
purpose of login to remote servers and performing remote commands and
instructions because it contains high security. With the use of this
system, any user can transfer his private details like user id,
passwords, and other personal information in a protective way. As these
data uses hidden format, and the hackers are not able to read them. It
can also be used in public networks. It gives a kind of secure
transmission over insecure paths.</div>
<div style="text-align: justify;">
<br /></div>
</div>
<div style="text-align: justify;">
Due to the security measures that
were necessary for SSH to be used in public networks, each packet
contains less data to make room for the data of the security mechanisms.
In order to transmit the same amount of data ,
you would need to take-up a lot more bandwidth. This is called <b>overhead</b>
and was such a major issue back when internet speeds were very low
because it translates to a performance hit.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The security issues of Telnet forced a
lot of people to use SSH in order to protect themselves. It didn’t take a
long time before SSH replaced Telnet in a great majority of its uses.
Telnet did not fade away though as it is still used in some areas,
mostly in testing and debugging. Telnet extensions were developed to
provide security but they are not used in most Telnet implementations.</div>
<div style="text-align: justify;">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeBJAEZmDmpKQP8vN7KX-pntRKd_X-GUZZ1UVNh40UpjOJM4ls3aZY-RWhi3JkJs7ewiYPDxM0vUEeetw-Lke_WWp3_UdeuyNK5g3qiRCbTOWxhpaLMOvUJqpG9DKyDwSpHrOtTYGV1ifO/s1600/telnet1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="171" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeBJAEZmDmpKQP8vN7KX-pntRKd_X-GUZZ1UVNh40UpjOJM4ls3aZY-RWhi3JkJs7ewiYPDxM0vUEeetw-Lke_WWp3_UdeuyNK5g3qiRCbTOWxhpaLMOvUJqpG9DKyDwSpHrOtTYGV1ifO/s400/telnet1.png" width="400" /></a></div>
<br /></div>
<div style="text-align: justify;">
<h2>
<span style="color: purple;">Summary:</span></h2>
1. SSH and Telnet commonly serves the same purpose<br />
2. SSH encrypts the data while Telnet sends data in plain text<br />
3. SSH uses a public key for authentication while Telnet does not use any authentication<br />
4. SSH adds a bit more overhead to the bandwidth compared to Telnet<br />
5. SSH is more secure compared to Telnet<br />
6. Telnet has been all but replaced by SSH in almost all uses</div>
<div style="background-color: white; border: medium none; color: black; overflow: hidden; text-align: left; text-decoration: none;">
<br /></div>
</div>
ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-77790772058582423932016-09-29T10:55:00.003-07:002016-12-21T12:06:37.020-08:00CISCO Discovery Protocol<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdQm1N9DCG9N9TxB7LQRErqlngQG1qajye4CysQypU22se4Swrslrl_oQainmEXiBgIs60ehCJezS4J_Gdq9wzoJpSzndmLFh74IxjUyPhrOEd673RO4zsnieiKBV7xN8jbKl5rC8qp5Bs/s1600/CDP19.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="147" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdQm1N9DCG9N9TxB7LQRErqlngQG1qajye4CysQypU22se4Swrslrl_oQainmEXiBgIs60ehCJezS4J_Gdq9wzoJpSzndmLFh74IxjUyPhrOEd673RO4zsnieiKBV7xN8jbKl5rC8qp5Bs/s400/CDP19.jpg" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
<br />
<b>Cisco Discovery Protocol (CDP)</b> is a proprietary layer 2 management
protocol for networks.CDP helps administrators in collecting information about cisco devices.<br />
CDP provides network device inventory,
connectivity information, and IP next hop info. It works on LANs and
WANs. CDP also works no matter the layer 3 network in use. CDP is excellent for troubleshooting tool to see what Cisco devices are directly connected to the Cisco devices with are working on.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNdPS0keVhcqQ6KneDaVyVMbA9JvKLw3qtaJ656H2U7EcRvpyjV2-P0nlG0A88hWUEwOZ5bxrp0LQP2zKJ-8WAtnkG6F3IWB3N4DohaK62Lj2u2nPKPIiB7DVOTzKdRn5-nZ4dfJlR9WpI/s1600/cdp2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="448" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNdPS0keVhcqQ6KneDaVyVMbA9JvKLw3qtaJ656H2U7EcRvpyjV2-P0nlG0A88hWUEwOZ5bxrp0LQP2zKJ-8WAtnkG6F3IWB3N4DohaK62Lj2u2nPKPIiB7DVOTzKdRn5-nZ4dfJlR9WpI/s640/cdp2.jpg" width="640" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
This protocol runs globally and on per-interface level by default on Cisco Routers and switches and is Cisco-proprietary. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Cisco devices send periodic CDP announcements to the multicast
destination address 01-00-0ccc- cc-cc, out each connected network
interface. These multicast packets may be received by Cisco switches and
other networking devices that support CDP into their connected network
interface.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKlgGrt_Wu93P-fmTNEwXfVDPrnK89-5j9VYlYZVCLlI0mb-iJlHLWLnjz1hld7PqYr0VyTDlBnjJtLNYXDzCL7XoXKhYsbN9Ok8Jg2mUx1hKah8477h-cYh9_znLqHpcl9i-U-OP6YnXV/s1600/cooltext207527821829574.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="38" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKlgGrt_Wu93P-fmTNEwXfVDPrnK89-5j9VYlYZVCLlI0mb-iJlHLWLnjz1hld7PqYr0VyTDlBnjJtLNYXDzCL7XoXKhYsbN9Ok8Jg2mUx1hKah8477h-cYh9_znLqHpcl9i-U-OP6YnXV/s320/cooltext207527821829574.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
CDP contains important information about Cisco devices including:</div>
<ul class="ul-star">
<li> IOS version number</li>
<li> <b>Hardware platform</b></li>
<li><b>Native VLAN ID</b></li>
<li><b> Duplex setting</b></li>
<li> Port ID</li>
<li> Hardware capabilities</li>
<li> Layer 3 address (IP address) of device</li>
<li> Interface that generate CDP message</li>
<li> Number of seconds for CDP advertisement is valid</li>
<li> Name of device configured with hostname</li>
<li> Device type</li>
</ul>
CDP messages are generated in every 60 seconds. Hold down time for missing neighbor is 180 s<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEib1DYsDpMt9btLXWIbjyxzxPGjp0BM_emP50W8xLpPeI2M1PAdv_a670PnZCSwV4vvl10T1-b7UC_NVnGnyRJFbT3RQOdzdZSdisq9uKX8lgb5L5YYlJjbiFRLkMRb8WT3D2YIyBOEaSFg/s1600/cooltext207529628534311.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="48" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEib1DYsDpMt9btLXWIbjyxzxPGjp0BM_emP50W8xLpPeI2M1PAdv_a670PnZCSwV4vvl10T1-b7UC_NVnGnyRJFbT3RQOdzdZSdisq9uKX8lgb5L5YYlJjbiFRLkMRb8WT3D2YIyBOEaSFg/s640/cooltext207529628534311.png" width="640" /></a></div>
<ol>
<li><b>cdp run</b> and <b>cdp no run</b> – to enable and disable CDP globally</li>
<li><b>cdp enable</b> and <b>no cdp enable</b> – to enable and disable cdp per interface</li>
<li><b>show cdp neighbors</b> – to view see what routers and switches are connected to you on the LAN or WAN.</li>
<li><b>show cdp interfaces</b> – to see which of your interfaces are participating in the CDP exchange</li>
<li><b>show cdp entry</b> – to look at a particular switch or router that is a neighbor</li>
<li><b>show traffic </b>– to see statistics about how many CDP packets have been exchanged</li>
</ol>
Also, you can also set <b>cdp timers</b> and <b>clear cdp statistics</b>.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg7aUbbfFno1p7tuGThrB0jNta7qUbejiq15olLmAVw0ZiciAnlFRpQccvcz-3mRYPAU4_ud365slaOaDMUJWxY64cRdgcLshzGs-VsIhyCa9mfHoRcXUmx9Ln7E7u92fuTcGGblqldcP5/s1600/cdp6.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg7aUbbfFno1p7tuGThrB0jNta7qUbejiq15olLmAVw0ZiciAnlFRpQccvcz-3mRYPAU4_ud365slaOaDMUJWxY64cRdgcLshzGs-VsIhyCa9mfHoRcXUmx9Ln7E7u92fuTcGGblqldcP5/s400/cdp6.jpg" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhf_tbLvHABgjtr-iokIcyWxvNla4q6Vg9CCNHcjeVTxpfzZZ2AHdfUEdKOFa45xE1YAJfarXyJTs6Zbg23BrwgbdOMerhaUmNmsOmO9CHut_qgmrQFAMaujHze4hcYj9npBtGw1nNcyOUA/s1600/cooltext207535966706115.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="41" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhf_tbLvHABgjtr-iokIcyWxvNla4q6Vg9CCNHcjeVTxpfzZZ2AHdfUEdKOFa45xE1YAJfarXyJTs6Zbg23BrwgbdOMerhaUmNmsOmO9CHut_qgmrQFAMaujHze4hcYj9npBtGw1nNcyOUA/s400/cooltext207535966706115.png" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipMlC7n8w3ODzFAgQYjfQ38Xx0nTj69l2w9UfvKhvETtsEWDXW9JOL7BwCI-tYpmdRZKgxUO-9AxRjkoio1gkjbENYBzon6GEzy9BlHqk-N9ysy5_xQKwoiJJbB065ENKoR-OYYt4IoRIm/s1600/cdp4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="100" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipMlC7n8w3ODzFAgQYjfQ38Xx0nTj69l2w9UfvKhvETtsEWDXW9JOL7BwCI-tYpmdRZKgxUO-9AxRjkoio1gkjbENYBzon6GEzy9BlHqk-N9ysy5_xQKwoiJJbB065ENKoR-OYYt4IoRIm/s320/cdp4.png" width="320" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_zwBKhj9D-dQT-MfK-Kx60NOLG8V2NvgUj5oT3ubd3J9caujMeOvFww6RCWpHi5d2_MGwE2s0zSPLPmkO9kciGY1_XIyvls96HMCmFX22peNhLhlmmaerbjTmuBHXxLVN5qV_vUrdNPa9/s1600/cooltext207533712510389.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="54" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_zwBKhj9D-dQT-MfK-Kx60NOLG8V2NvgUj5oT3ubd3J9caujMeOvFww6RCWpHi5d2_MGwE2s0zSPLPmkO9kciGY1_XIyvls96HMCmFX22peNhLhlmmaerbjTmuBHXxLVN5qV_vUrdNPa9/s320/cooltext207533712510389.png" width="320" /></a></div>
<br />
Let's run show CDP to see if CDP is enable on the first place .If you get global info, it's on, but if you don't , it's not ..<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5tsPRMIE-Pw4Czf6Lt5yAls0bkuTE77WEifNQrb9u4Iqa80GSDAWK-rSA2hsundoFUaok12UmiL6rE80Fu5YCGlnVwTButEctwZXJ9sWkYUVZw33eW0ubLSMZWvZD0KPWu6ht8ouuK-qm/s1600/cdp7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="580" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5tsPRMIE-Pw4Czf6Lt5yAls0bkuTE77WEifNQrb9u4Iqa80GSDAWK-rSA2hsundoFUaok12UmiL6rE80Fu5YCGlnVwTButEctwZXJ9sWkYUVZw33eW0ubLSMZWvZD0KPWu6ht8ouuK-qm/s640/cdp7.png" width="640" /></a></div>
<br />
We could see that in this situation CDP is enable by default, so we don't nmeed to run "cdp run" command.We could see that CDP is sending it's announcements every 60 seconds, and the holdtime is 180 seconds.To change those values please follow the directions:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRAZIU4VlF3FdGneDhKn-ePetfosjQD8my_5ZPMXwlw8GXCt3E6XcA4bMxPCdXg-PLYU_O9gS0ehM4wTcnz-SgyK1CcoK_in6SFu20HoFmyK-yydLMftVJYTeoTpbg_fM-c63iiyPVKBMi/s1600/cdp8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="296" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRAZIU4VlF3FdGneDhKn-ePetfosjQD8my_5ZPMXwlw8GXCt3E6XcA4bMxPCdXg-PLYU_O9gS0ehM4wTcnz-SgyK1CcoK_in6SFu20HoFmyK-yydLMftVJYTeoTpbg_fM-c63iiyPVKBMi/s640/cdp8.png" width="640" /></a></div>
<br />
<br />
<br />
Now to check important information about connected devices to our switch:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitina36Rz15MS4DKoGz2Jwx1vRWg8ZbY88yFor3-_hfuU1ctdVUOwquJr64GFArYM_Ot8IGUR2TgWMga2hbO3KAjv_C-geem1npptlqeBWj_7-kXhigzkgDEOkV8oGN8K0H0bsX-kbm1H5/s1600/cdp9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitina36Rz15MS4DKoGz2Jwx1vRWg8ZbY88yFor3-_hfuU1ctdVUOwquJr64GFArYM_Ot8IGUR2TgWMga2hbO3KAjv_C-geem1npptlqeBWj_7-kXhigzkgDEOkV8oGN8K0H0bsX-kbm1H5/s1600/cdp9.png" /></a></div>
<br />
<br />
These is my equipment and you can compare the right results...<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8C5ECrPs35GHplOcndOOYYo5OxiIhbGXMTKlND95lGAhIBKR2FI3S-vMhxLpWdlbUTF3dHxSvhmgerHTZk7Q-fR59AwSLuNeWGHVqbipdLhRDEvmHd3d6fJZlDmDrCi_ODv8j305_1qFA/s1600/switch-mio.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="223" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8C5ECrPs35GHplOcndOOYYo5OxiIhbGXMTKlND95lGAhIBKR2FI3S-vMhxLpWdlbUTF3dHxSvhmgerHTZk7Q-fR59AwSLuNeWGHVqbipdLhRDEvmHd3d6fJZlDmDrCi_ODv8j305_1qFA/s400/switch-mio.png" width="400" /></a></div>
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
So, to explain certain concepts:</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<ul>
<li><span style="color: red;"><b>Holdtime:</b></span>The number of seconds the local device will retains the contentents of the last CDP advertisement received from the remote host<b> </b></li>
</ul>
<ul>
<li><span style="color: red;"><b>Capability:</b></span> The type of device the remote device is </li>
</ul>
<ul>
<li><b><span style="color: red;">Platform </span>:</b>The remote device platform, in our case an IP phone and a 3550 Cisco switch</li>
</ul>
<ul>
<li><span style="color: red;"><b>Port ID:</b></span> The remote device interface involved</li>
</ul>
<br />
Now let's check in case you want to keep enable CDP globally but disable n int fa0/10<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjP9omrYCbLfQJx8qkvb0MLA5S1LCmXO7sbMKxt8x_gTaqaEQQ0UQ3SwVF8Tdb-riV7oqT7bka58v0vx2NFTc_-l0iETgmc3KN4Rn6aHqwWFY7VKm5j5ntDw2EM1si5-ye34lUD-HY4BtiU/s1600/cdp11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="324" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjP9omrYCbLfQJx8qkvb0MLA5S1LCmXO7sbMKxt8x_gTaqaEQQ0UQ3SwVF8Tdb-riV7oqT7bka58v0vx2NFTc_-l0iETgmc3KN4Rn6aHqwWFY7VKm5j5ntDw2EM1si5-ye34lUD-HY4BtiU/s640/cdp11.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Now the results several times before expiring those 134 secs. :</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkKQiepATd873AbTE9Yk7Jf2QIhe8lfLBtkd4odQDcK5LWKxGVO6XrJ9e6aruEndyWTDSbfDe0iQgBrZHhzItZVMWexRgD3KQBB9KbS-ZKGo55knEgOT2C2j3uoZJ3XbPtShGaX9NUDBcr/s1600/cdp12.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="364" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkKQiepATd873AbTE9Yk7Jf2QIhe8lfLBtkd4odQDcK5LWKxGVO6XrJ9e6aruEndyWTDSbfDe0iQgBrZHhzItZVMWexRgD3KQBB9KbS-ZKGo55knEgOT2C2j3uoZJ3XbPtShGaX9NUDBcr/s640/cdp12.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Now if you want to check on more details of the remaining device:</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgU8Z34ObIjfu52yRLur9WtgLdoQcMQf7y7RkQTZvMcw_rprGtP-2zh22YOJdl4ozVTANv6UJYPoLfaecNbXxIjc9pUpRGv_PI1CwAKs_CuWMfVAR7TgYh-XZEYRYp2Qq-AMXTtQcFhhL5r/s1600/cdp13.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="252" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgU8Z34ObIjfu52yRLur9WtgLdoQcMQf7y7RkQTZvMcw_rprGtP-2zh22YOJdl4ozVTANv6UJYPoLfaecNbXxIjc9pUpRGv_PI1CwAKs_CuWMfVAR7TgYh-XZEYRYp2Qq-AMXTtQcFhhL5r/s400/cdp13.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
You see here advertisement version 2, but CDP version 1 still available but doesn't have a lot of features like mismatched native VLAN's</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
A lot of network administrators disable CDP because it can provide a lot of information that can be accessible to everyone who can see the information with the command "show cdp neighbor detail", and all that information is sent with clear text without any encryption;but the problem with disabling CDP is that many network management tools use data collected by CDP.</div>
<div class="separator" style="clear: both; text-align: left;">
To reduce that risk make sure you know what you can do without it, and where it needs to be running and use the interface -level command to make sure that situation happens.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
In case that you work in your network with non-Cisco device , the Link Layer Discovery Protocol (LLDP) can be very useful, which is the equivalent of CDP and is defined by IEEE 802 parameters. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
There is an usuful extension, LLDP for Media Endpoint devices (LLDP_MED) that can be handy when VOIP is in use, but CDP carry features that that LLDP-MED doesn't like MTU size VLAN trunking protocol Information, IP network prefix support, etc, etc.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="color: purple;"><b>To enable CDP globally:</b></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5Sc7CF9bNb1ehNx7Y1Fmb996KBV_Ct_xpQf5xQZz2RJPs2ostzOYdoHoKPa7IIT-CdGNUaLoTb2mYWk5CsYXX7CcoU4Q4LcQLQjHVBUiQm3OIVQiFacctd450vF99DMDjVUs4siqN_5iE/s1600/cdp16.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="120" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5Sc7CF9bNb1ehNx7Y1Fmb996KBV_Ct_xpQf5xQZz2RJPs2ostzOYdoHoKPa7IIT-CdGNUaLoTb2mYWk5CsYXX7CcoU4Q4LcQLQjHVBUiQm3OIVQiFacctd450vF99DMDjVUs4siqN_5iE/s640/cdp16.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="color: red;"><b> <span style="color: purple;">To enable CDP on the interface</span></b></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWr-l6tsLWkUvhFpRDe5kPdDOT57rxUaN5wGCmoTCdow7qhVq2S72lxdbKZlpCFdIuFmwiugqghA7DAkvLIXU9X7whvGRFF0Sn5GZ5OrVLKQtu8cTiYQDTiRAOfLXA1W6PX99UodS5Bm6X/s1600/cdp18.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="204" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWr-l6tsLWkUvhFpRDe5kPdDOT57rxUaN5wGCmoTCdow7qhVq2S72lxdbKZlpCFdIuFmwiugqghA7DAkvLIXU9X7whvGRFF0Sn5GZ5OrVLKQtu8cTiYQDTiRAOfLXA1W6PX99UodS5Bm6X/s640/cdp18.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="color: red;"><b><br /></b></span></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
I hope that this article was useful for you..If you understood it and like if, please share it..</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-25755039046226899112016-09-28T14:55:00.000-07:002016-09-29T05:07:07.391-07:00Vlan Hopping Attack<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6OOJ8ARMPFrihTucW5JDIbLHi33vk1q-hi4TGSK89qMnlhm2DsxAoBKJQIW8NNOLBxgyYOYg_k8LqefwWlGM4U4OPCJd1lDzZFuBWGFSl8bAMsWi529_03Pd9x4WoDJskUG38iBjos6zo/s1600/coollogo_com-256991661.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="104" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6OOJ8ARMPFrihTucW5JDIbLHi33vk1q-hi4TGSK89qMnlhm2DsxAoBKJQIW8NNOLBxgyYOYg_k8LqefwWlGM4U4OPCJd1lDzZFuBWGFSl8bAMsWi529_03Pd9x4WoDJskUG38iBjos6zo/s640/coollogo_com-256991661.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
<br />
<br />
<br />
VLAN hopping describes when an attacker connects to a VLAN to gain
access to traffic on other VLANs that would normally not be accessible.
There are two VLAN hopping exploit methods: Switch spoofing and Double
tagging.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyMR7ZqqKvT6K1GnlxxG-RR7S7BFuB4Ul8YbUnU711Pv5IZxUivNZ0onmqzPz3nSpud_58z38IIX37QLIwHsp-9CYuUWQRWzvPfM-f8zF60cqk5vxVJN84ReikPPjN-DUspFjIPd7f9cN6/s1600/lamington.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyMR7ZqqKvT6K1GnlxxG-RR7S7BFuB4Ul8YbUnU711Pv5IZxUivNZ0onmqzPz3nSpud_58z38IIX37QLIwHsp-9CYuUWQRWzvPfM-f8zF60cqk5vxVJN84ReikPPjN-DUspFjIPd7f9cN6/s320/lamington.png" width="320" /></a></div>
<br />
<br />
<br />
Let's start with Switch Spoofing:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinIowHj2SrMGrVPYRMTlbv-cxJlUBJzEBLyBMUtdSw06Wv_BZ6308NuWhGFv5eo-R-wUU6MKA0UjupU5Zt86jLATCEnDqJJuSWOh_rd2y7S2B6qeszcw9fR2eF9sMkya78iZCb_QiNelk8/s1600/coollogo_com-326565936.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="63" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinIowHj2SrMGrVPYRMTlbv-cxJlUBJzEBLyBMUtdSw06Wv_BZ6308NuWhGFv5eo-R-wUU6MKA0UjupU5Zt86jLATCEnDqJJuSWOh_rd2y7S2B6qeszcw9fR2eF9sMkya78iZCb_QiNelk8/s320/coollogo_com-326565936.png" width="320" /></a></div>
Switch spoofing allows the rogue to pretend to be a member of all VLANs in our network and it occur when the switch port an attacker connects to,
is either in trunking mode or in DTP auto-negotiation mode – both
allowing devices that use 802.1q encapsulation to tag traffic with
different VLAN identifiers in an agrresive effort to form a trunk.<br />
<br />
An attacker adds 802.1q encapsulation
headers with VLAN tags for remote VLANs to its outgoing frames. The
receiving switch interprets those frames as sourced from another 802.1q
switch (only switches usually use 802.1q encapsulation after all), and
forwards the frames into the appropriate VLAN.<br />
The problem is , that the switch just know it's sending Dynamic Trunking Protocol frames, and has no idea who is receiving them..<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBLxJK0SFJkyGB0Yif7JlS0HNLzI6lmJWbSlZw2C2TNo4T1AeId2TUhhnIcq5STR6vT7MnpDMggzHdpcuBQEK3bqI5quWlFkDbTYpI4qy3Az2m1kk6j0nMDG0mdUbj7wBcr0IQznOx_EnP/s1600/switchspoofing.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="293" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBLxJK0SFJkyGB0Yif7JlS0HNLzI6lmJWbSlZw2C2TNo4T1AeId2TUhhnIcq5STR6vT7MnpDMggzHdpcuBQEK3bqI5quWlFkDbTYpI4qy3Az2m1kk6j0nMDG0mdUbj7wBcr0IQznOx_EnP/s400/switchspoofing.jpg" width="400" /></a></div>
<br />
<br />
<br />
A lot of network administrators will put the switches in auto mode , meaning the port can trunk ,but in fact it isn't looking to do so.But this situation could leads to a problem because a hacker connected to a port in Auto mode , can pretend it's a switch and send DTP frames trying to trunk between our switch and somebody else switch<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIDhjkJ2Krhl_G2XwB5tiC_3uX9ALJ9ypR1CFCNV5YZ4JTb51cH7BccMNnXnzDbai2BUzBpmuW89CRpwydgpP8_RSG3QSgLvlkTJEYYMhEIKLHin-lzG_IhCuw2Av3F4UuDdDqAzg4t42h/s1600/coollogo_com-217061188.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="35" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIDhjkJ2Krhl_G2XwB5tiC_3uX9ALJ9ypR1CFCNV5YZ4JTb51cH7BccMNnXnzDbai2BUzBpmuW89CRpwydgpP8_RSG3QSgLvlkTJEYYMhEIKLHin-lzG_IhCuw2Av3F4UuDdDqAzg4t42h/s200/coollogo_com-217061188.png" width="200" /></a></div>
<br />
<div style="text-align: center;">
<br /></div>
<br />
<br />
<br />
<br />
There are two solutions for that:<br />
<br />
<ol>
<li>Every port on your switch that doesn't lead to another switch should be place under your administrative control in access mode.</li>
<li>Disable DTP negotiations in all ports.</li>
</ol>
You could use these commands:<br />
<code>Switch(config-if)# switchport mode access </code><br />
<code>Switch(config-if)# switchport nonegotiate</code><br />
<br />
These tips will take out some headaches as a network administrator.<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgD8o6NZ7RNjlSbScZSbW1OT3JECvTA19hDVU-yYg2TB1MDpCD1gk7CMOyxxcccVw1XGksYX34ExiOHilCSxU0XyEjQUlDFvnXagVBwMx4N6_bSbxgI0LfwnubpEzV0ksnDTh_9GlbWZV0w/s1600/coollogo_com-242395799.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="112" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgD8o6NZ7RNjlSbScZSbW1OT3JECvTA19hDVU-yYg2TB1MDpCD1gk7CMOyxxcccVw1XGksYX34ExiOHilCSxU0XyEjQUlDFvnXagVBwMx4N6_bSbxgI0LfwnubpEzV0ksnDTh_9GlbWZV0w/s320/coollogo_com-242395799.png" width="320" /></a></div>
A double tagging attack begins when an intruder sends a frame connected
to a switch port using two separates VLAN tags in the frame header.<br />
<br />
If the
attacker is connected to an access port, the <b>first</b> tag matches it. If
the attacker is connected to an 802.1Q trunk port, the first tag matches
that of the native VLAN (usually VLAN 1). The <b>second</b> tag identifies the VLAN
the attacker would like to forward the frame to.<br />
<br />
There are some requirements to do that:<br />
<ol>
<li>The attacker device must be attached to an access port </li>
<li>The VLAN used by that access port must be the native VLAN</li>
<li>ISL can not work at all for this attack , so dot1q must be in use.. </li>
</ol>
In other words, there is no way an intruder can do this attack unless the switch is misconfigured .<br />
<br />
<br />
Check the next graphic and assume that VLAN 20 is the ultimate target<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXmnQa2Y9BsqrkJ-IjJLkVFtsDKKYwex6MNiNSRj8BJWM0p6z32oCgMAkihSjNcSttUdZPPB9WkDd8fkjxZIE31cuMgWvDWL4d0HQ4bBtOnxyPDwSjRxHAP-fyQGjimu_J-OIcIFS1kKd_/s1600/vlh3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="292" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXmnQa2Y9BsqrkJ-IjJLkVFtsDKKYwex6MNiNSRj8BJWM0p6z32oCgMAkihSjNcSttUdZPPB9WkDd8fkjxZIE31cuMgWvDWL4d0HQ4bBtOnxyPDwSjRxHAP-fyQGjimu_J-OIcIFS1kKd_/s400/vlh3.jpg" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
The trunk receive the double-tagged frame and the native VLAN 10 is removed , but the tag for VLAN 20 still there and is send to the second switch.The second switch forward the frames to ports in that VLAN.The rogue has now successfully hopped from one VLAN to another.<br />
<br />
This is a very serious situation because this scheme has been use for a variety of network attacks , ranging from Trojan horse, virus propagation and stealing bank accounts numbers and password<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXcEQLOJAigm837TMML5X0KaPf998zxrejMz_t2iAbu_4Oz-tMqCUPFPrg1yTncEoI8CgMUZ5HJPW9SOdKyEA2SKkZzsbh6aNZM_DeqnIZ2g1rdAz_-Bogtp9LxnGajIEfFlo7TewYFrgU/s1600/coollogo_com-217061188.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="35" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXcEQLOJAigm837TMML5X0KaPf998zxrejMz_t2iAbu_4Oz-tMqCUPFPrg1yTncEoI8CgMUZ5HJPW9SOdKyEA2SKkZzsbh6aNZM_DeqnIZ2g1rdAz_-Bogtp9LxnGajIEfFlo7TewYFrgU/s200/coollogo_com-217061188.png" width="200" /></a></div>
<br />
<br />
Make your native VLAN a VLAN that no host are actually a member of. The key feature of a double tagging attack is exploiting the native
VLAN. Since VLAN 1 is the default VLAN for access ports and the default
native VLAN on trunks, it’s an easy target.<br />
Follow these corrective steps <br />
<br />
<ol>
<li>The first step is to remove access ports from the default VLAN
1 since the attacker’s port must match that of the switch’s native
VLAN.(let's called it my_access-port)</li>
</ol>
<code>Switch(config-if)# switchport access vlan 15 </code><br />
<code>Switch(config-if)# description my_access_port</code><br />
<br />
2.-The second step is to assign the native VLAN on all switch trunks to an unused VLAN.<br />
<code>Switch(config-if)# switchport trunk native vlan 90</code><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgluAzdZVcgraiatO-NGkCQD4Y-GPRLkRRD9KRviYXQLk5cHaouawa-z9TBWeMDHy1CyHjkoCGN2Lt9I92IOOyy13ESb-US3BuKOYO8ohxHi0K7-cSl03ej-2Jb9p6Und-3j7EzcI9cwJ3f/s1600/coollogo_com-13141847.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="95" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgluAzdZVcgraiatO-NGkCQD4Y-GPRLkRRD9KRviYXQLk5cHaouawa-z9TBWeMDHy1CyHjkoCGN2Lt9I92IOOyy13ESb-US3BuKOYO8ohxHi0K7-cSl03ej-2Jb9p6Und-3j7EzcI9cwJ3f/s320/coollogo_com-13141847.png" width="320" /></a></div>
<br />
<br />
<br />
VLAN hopping is an important topic to understand when securing our networks and preparing for the CCNP switch exam .VLAN hopping can be prevented with simple trunk
and access port configuration .<br />
<br />
Also remember that latest versions of Cisco IOS code
drop 802.1Q tagged packets on incoming access ports, helping to limit
the potential for a double tagging attack.<br />
<br />
<br />
So, just to recap, secure ports statically, disable DTP frames globally,
and also secure native VLANs to make sure your network is safe. <br />
Understanding
the switch spoofing and double tagging attacks, will help you on the preparation for the CCNP Switch exam ,and eventually
will help you keep your networks secure and be a better professional.<br />
<br />
If you like this article ,please share..<br />
<br />
Thanks..<br />
<br />
<br />
<br />
<div style="text-align: left;">
<br /></div>
<br />
<br />ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-88487308474138123722016-09-27T18:33:00.001-07:002016-11-14T10:18:03.403-08:00IP Source Guard<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0zL20tGDLPV8hR_4C5A7FExa3b45Hdl7_akhd5UiheWIxGjMBJXNnLvip2AJaDB5XglDJZNgXsfU77YTZMRGQ16feYGS8ym4uMf8fFR18zJ4747WyM03aacUAKUmC9vAntUjcx3g1zuEW/s1600/ip+source+12.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="267" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0zL20tGDLPV8hR_4C5A7FExa3b45Hdl7_akhd5UiheWIxGjMBJXNnLvip2AJaDB5XglDJZNgXsfU77YTZMRGQ16feYGS8ym4uMf8fFR18zJ4747WyM03aacUAKUmC9vAntUjcx3g1zuEW/s400/ip+source+12.jpg" width="400" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
The primary purpose of IP Source Guard is to restrict the port access to
a number of authorized LAN clients, whose MAC address and IP address
are both listed in IP source guard table. If an unauthorized LAN client
connects to a port which has IP Source Guard enabled, Switch will
drop the packets from it.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPLzl0FEGdsm-xRntL_eMe39oCk8XSCp5mE6cEMZAIRe_CjD-5j_nKms5-VQQNDu1nmvxSVYsgF2JfA6F4YaxRjUPacAvCjvnqbhBAl6aFmNBfxF3KA-ZPRHLaXkzsKAa_jR4I7DNBh-cO/s1600/ip+source+guard+5.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="368" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPLzl0FEGdsm-xRntL_eMe39oCk8XSCp5mE6cEMZAIRe_CjD-5j_nKms5-VQQNDu1nmvxSVYsgF2JfA6F4YaxRjUPacAvCjvnqbhBAl6aFmNBfxF3KA-ZPRHLaXkzsKAa_jR4I7DNBh-cO/s640/ip+source+guard+5.jpg" width="640" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
IP Source Guard provides security to the network by filtering clients
with invalid or spoofed IP addresses. IP Source Guard is a Layer 2 (L2),
port-to-port feature that works closely with information in the Dynamic
Host Control Protocol (DHCP) snooping binding table. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s1600/exam.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s200/exam.png" width="200" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
When you enable IP
Source Guard on an untrusted port with DHCP snooping enabled, an IP
filter entry is created or deleted for that port automatically, based on
IP information stored in the corresponding DHCP binding table entry.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
When a connecting client receives a valid IP address from the DHCP
server, a filter is installed on the port to allow traffic only from the
assigned IP address. A maximum of 10 IP addresses are allowed on each
IP Source Guard-enabled port. When this number is reached, no more
filters are set up and traffic is dropped. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
These are the command for the configuration:</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoL6qTUP1ih4e-xHoZRPl3POAPRjy0FaMsbTz1hVeKzUYmvBLnIhcJXYW8T_voOkOiJ7lExpb_mGbdXEeDAyL6-8Odv8fQamRrSw_qD7FNNtYmX0eFpCz1hBPTRGTH8eEKF9JMateXlRR8/s1600/IP+source+guard.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="262" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoL6qTUP1ih4e-xHoZRPl3POAPRjy0FaMsbTz1hVeKzUYmvBLnIhcJXYW8T_voOkOiJ7lExpb_mGbdXEeDAyL6-8Odv8fQamRrSw_qD7FNNtYmX0eFpCz1hBPTRGTH8eEKF9JMateXlRR8/s400/IP+source+guard.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
IP Source Guard use the information stored in the DHCP binding
table (from DHCP Snooping) to validate the IP traffic. Any device
whether it be statically configured or dynamically configured would need
to appear in the DHCP binding table.</div>
<div class="separator" style="clear: both; text-align: left;">
Statically configured devices
would need to be manually placed in the DHCP binding table. If someone
changed out a device the MAC address would most likely need to be
updated in the DHCP binding table.</div>
<div class="separator" style="clear: both; text-align: left;">
If for any reason the DHCP binding table was
accidentally cleared the switch would block IP traffic until the DHCP
binding table was re-built either manually or from DHCP transactions.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
So we will do the initial configuration using DHCP snooping:</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgm8sQU-xhSbPNax_m1TPvM9FBPhyphenhyphenTB18X28URSp7V6F6VVZKPsePqtLBOHx9bVC6xE16Lq0FEbmGJ6u57zH0nmDNitH-tTUnWa_DyGETG3efk68f6cqBejLmepxqRI8256F24CUVK9OMw4/s1600/ip_source_7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgm8sQU-xhSbPNax_m1TPvM9FBPhyphenhyphenTB18X28URSp7V6F6VVZKPsePqtLBOHx9bVC6xE16Lq0FEbmGJ6u57zH0nmDNitH-tTUnWa_DyGETG3efk68f6cqBejLmepxqRI8256F24CUVK9OMw4/s640/ip_source_7.png" width="488" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span id="goog_2103820751"></span><span id="goog_2103820752"></span><br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
We see that DHCP snooping was successfully installed on the interface Fa0/4.Now we will use IP VERIFY SOURCE to enable ip source guard at the interface level</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghyphenhypheng4ESi00kG68pCtdmRZnKhx2cB_sL_PycfVuszg5HhVDKlVc7qlAiFAQSfzCFF1km_28PHFmAzgDzlDItH8lb6yY6yW-zSEZOr99z6H5denacPg3vWEjCXSQ987OUe_yvFa7tIBIHbs5/s1600/ip_source_8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="185" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghyphenhypheng4ESi00kG68pCtdmRZnKhx2cB_sL_PycfVuszg5HhVDKlVc7qlAiFAQSfzCFF1km_28PHFmAzgDzlDItH8lb6yY6yW-zSEZOr99z6H5denacPg3vWEjCXSQ987OUe_yvFa7tIBIHbs5/s400/ip_source_8.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
With the last command we verified the mac address related to the interface fa0/4 .</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<blockquote class="tr_bq">
<div class="separator" style="clear: both; text-align: left;">
If we choose the option of port-security , it will enable an extra level of security , as the source MAC Address of incoming packets on that port will be checked against the local switch 's Mac Address table.If those packets match , all is well;if not , the packets are dropped.</div>
</blockquote>
Check this out:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizyAdOHfUATCgn-mjQqSej7bwXXeP7TwKFlwru8TYFA7c_f3-nUE-xOWPBb-JRojQ2fFoB-H7qS66rIQYSkLzIzNUfohF11Ldvh-h928Xv4MGnyZPPyVdo5w5PM0-8C_z0T7pR7tCj91Qs/s1600/ip+source+11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="174" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizyAdOHfUATCgn-mjQqSej7bwXXeP7TwKFlwru8TYFA7c_f3-nUE-xOWPBb-JRojQ2fFoB-H7qS66rIQYSkLzIzNUfohF11Ldvh-h928Xv4MGnyZPPyVdo5w5PM0-8C_z0T7pR7tCj91Qs/s640/ip+source+11.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
If the device off fa0/4 was getting the ip address via DHCP , we would see a secure MAC address under IP Address , rather than inactive-trust-port</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-Gv29hCY2Zyyna8BmZOTOkYJ25zyn4XrsmLiHE_4PwW5HUf68X-PW-d_k75B7D3iCmSdY1S7aKRt0nbEgDBazwCbNn_0OONERu8w60yNNFgY41D6ylFt6yTZBfOfTyvrEnRJrNpLOgpyk/s1600/ip+source+10.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="382" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-Gv29hCY2Zyyna8BmZOTOkYJ25zyn4XrsmLiHE_4PwW5HUf68X-PW-d_k75B7D3iCmSdY1S7aKRt0nbEgDBazwCbNn_0OONERu8w60yNNFgY41D6ylFt6yTZBfOfTyvrEnRJrNpLOgpyk/s640/ip+source+10.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Here we finished this configuration, and with the command #show ip verify source you will see the interface fa0/4 binding with IP address 10.0.0.13 and the lab is done.</div>
<div class="separator" style="clear: both; text-align: left;">
If you like it please share it..</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-51120505563580728002016-09-25T15:33:00.004-07:002016-11-14T09:22:42.793-08:00Dynamic ARP Inspection (DAI) <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9Lvhyfny5PfMjU7tXEUGXWpoxdIerTkP-rIbhK8YBz-y8XakfCEwD8ro3hMXTfKq7xIOlTO0_YoSIjD_WyzegDC6Wldc-uQdeNMEK4fMi4QB2SACAaD4KbGaZD6-0Vkh47j11dIsO0XK3/s1600/dynamic+Arp+Inspection.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9Lvhyfny5PfMjU7tXEUGXWpoxdIerTkP-rIbhK8YBz-y8XakfCEwD8ro3hMXTfKq7xIOlTO0_YoSIjD_WyzegDC6Wldc-uQdeNMEK4fMi4QB2SACAaD4KbGaZD6-0Vkh47j11dIsO0XK3/s320/dynamic+Arp+Inspection.jpg" width="320" /></a></div>
<br />
<br />
<span style="color: red;"><b>Dynamic ARP Inspection (DAI)</b> </span>is a security feature that verifies address resolution protocol (ARP) requests, which is vulnerable to an attack like ARP poisoning, and responses in a network.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYr4Q2_0njEFETgbnP5AbkwA8-bvH5D_NWT86-w6Z0WxBHGGsOa9b3wl3gDFT0CD1vDpawkbXbwQCHafcA4R8T4x60O4qRwd1APDbgggNcxM3pQQCHMO4DkjAvERH8qIx3ozMnxAac-cds/s1600/arp+inspection.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="312" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYr4Q2_0njEFETgbnP5AbkwA8-bvH5D_NWT86-w6Z0WxBHGGsOa9b3wl3gDFT0CD1vDpawkbXbwQCHafcA4R8T4x60O4qRwd1APDbgggNcxM3pQQCHMO4DkjAvERH8qIx3ozMnxAac-cds/s640/arp+inspection.png" width="640" /></a></div>
<br />
<u><b>Graphic A</b></u><br />
<br />
<br />
ARP allows hosts within a Layer 2 broadcast domain to communicate. It does this by mapping an IP address to the individual host's media access control (MAC)
address.<br />
If a particular host wants to send information to another host
but does not have the second host's MAC address in its ARP cache, it sends a message to all hosts throughout the domain seeking that information. The second host then responds with its MAC address.<br />
<br />
<br />
These transmissions can be vulnerable to man in the middle attacks. DAI stops these attacks by intercepting all ARP requests and responses and dropping packets with invalid IP-to-MAC address bindings.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s1600/exam.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s200/exam.png" width="200" /></a></div>
<br />
<br />
DAI create a database of trusted MC-IP address mapping that is the same as the DHCP snoopping <br />
This approach ensures that only valid ARP requests and responses are passed through.<br />
<br />
DAI is performed on ARP message as they are received , not as they are sent.<br />
We use trusted and untrusted ports in DAI as well.As with DHCP snooping, all ports are consider untrusted by default.<br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaSC5OtOWfFquqfV9DCmSgeVuHE766RKQrclc8U63j2Ku_VU6Epza4S17m84r-3m20zVBYZYnBiizMGUJfxOFZXuLfV-s72Lf6vvjjevTDARqzQ8bxHvVXCqoV5CbHffRGBnuQ_U9vcS6d/s1600/DAI.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="215" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaSC5OtOWfFquqfV9DCmSgeVuHE766RKQrclc8U63j2Ku_VU6Epza4S17m84r-3m20zVBYZYnBiizMGUJfxOFZXuLfV-s72Lf6vvjjevTDARqzQ8bxHvVXCqoV5CbHffRGBnuQ_U9vcS6d/s400/DAI.jpg" width="400" /></a></div>
<br />
<br />
<div style="text-align: center;">
<u><b>Graphic B</b></u></div>
<br />
We are going to use DHCP Snooping initially in this operation to mark the trusted and no trusted ports, but DAI has major difference how messages are treated by these port types.DAI is performed as ARP messages are received , not transmitted.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2jTw2W9LRoRL4l-9tBLYwzxRlpVQCYXd40_tev1J9vy5k2XKYVbLD1P23Kbro7qNP7g5JMaWas58JqGOca2QCXDdkcO4PrHmAvzfnufy8buv2clu4deaR2vwPacqLhLhR0eDaW4pQs-zI/s1600/snap3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="610" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2jTw2W9LRoRL4l-9tBLYwzxRlpVQCYXd40_tev1J9vy5k2XKYVbLD1P23Kbro7qNP7g5JMaWas58JqGOca2QCXDdkcO4PrHmAvzfnufy8buv2clu4deaR2vwPacqLhLhR0eDaW4pQs-zI/s640/snap3.PNG" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
We could see in the above diagram that DHCP snooping is enable. The next step is to configure the vlan that will be using the DAI.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioFBOcjtpUquU-MMExJffJ3NO9jTfOJteE43DW6URJwc8EriOVV4Daab06T-8ItcyiaupXhDXTKk75CnSTX28O81Lrl13yVdb3ODAxFntREEDDs5Y5QG8nCVqioispwL2DwLYqeNJPdHZy/s1600/snap4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioFBOcjtpUquU-MMExJffJ3NO9jTfOJteE43DW6URJwc8EriOVV4Daab06T-8ItcyiaupXhDXTKk75CnSTX28O81Lrl13yVdb3ODAxFntREEDDs5Y5QG8nCVqioispwL2DwLYqeNJPdHZy/s640/snap4.PNG" width="616" /></a></div>
<br />
<br />
If you see those validation failure starting to add up , you must have a rogue device on your network.!<br />
Now , DAI consider all ports untrusted by default.To trust one of them or to remove the trust in one of them already trusted , use IP ARP INSPECTION<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi43wuPfTL1PZJywwjUiaHu3F4J_s2nfX08WlGsFFymAGcJr9v1BR_pAHUy5H4TkoEULuF3Q-hkVQo4vIdK7N2lNisOFiqlIOmEQY-V8S0p9530JlTtx-AHh5HJ-p30HD6aEuRfIo_i3NoD/s1600/snap5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="420" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi43wuPfTL1PZJywwjUiaHu3F4J_s2nfX08WlGsFFymAGcJr9v1BR_pAHUy5H4TkoEULuF3Q-hkVQo4vIdK7N2lNisOFiqlIOmEQY-V8S0p9530JlTtx-AHh5HJ-p30HD6aEuRfIo_i3NoD/s640/snap5.PNG" width="640" /></a></div>
<br />
<br />
If you run DAI in your network, it's a good idea to run in all your switches to avoid unnecessary inspection.Cisco recommend to have all ports connected to a host as untrusted , and all ports connected to switches as trusted, like graphic B..<br />
Since DAI runs only in ingress ports , this scheme ensures that every ARP packet has to pass one checkpoint but no more than that.<br />
<br />
So, in conclusion , these are some features of ARP Inspection:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyYyfcG9HBmXbbfIrJGax22E1aF6crMnfVFTdFYuWHtoM69fK0mxS03PCMxp_cHq-jLUs6Gv40rFS8drzFMHzEz2xe0pt2nQLjVCtqdHhLEKIlPJxxkbnFbBmo2xky5W8z33fNPv97gTFt/s1600/snap6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="451" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyYyfcG9HBmXbbfIrJGax22E1aF6crMnfVFTdFYuWHtoM69fK0mxS03PCMxp_cHq-jLUs6Gv40rFS8drzFMHzEz2xe0pt2nQLjVCtqdHhLEKIlPJxxkbnFbBmo2xky5W8z33fNPv97gTFt/s640/snap6.PNG" width="640" /></a></div>
<br />
<br />
I initially didn't see a lot of labs about dynamic ARP Inspection . So, I made it .And if you like this lab, and was useful, please click to share.<br />
<br />
Thank you for watching..<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com1tag:blogger.com,1999:blog-1228061389380024721.post-47414501663321016602016-08-25T10:05:00.001-07:002016-11-14T10:07:37.456-08:00DHCP Snooping<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCoEDwXdClEDM4BmDEJYC3_xT9EFi4N_gxO8o2PNjVt9IjCdAlTciWtf6fNMIduioHR1Ze6lJRm_9t7kb26pSwM0QK4JPEa1IMliJFfDQRRbKee5LhH1SniNHXtGL64VjrqdWNCQ5nmJi4/s1600/ccnp311.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCoEDwXdClEDM4BmDEJYC3_xT9EFi4N_gxO8o2PNjVt9IjCdAlTciWtf6fNMIduioHR1Ze6lJRm_9t7kb26pSwM0QK4JPEa1IMliJFfDQRRbKee5LhH1SniNHXtGL64VjrqdWNCQ5nmJi4/s1600/ccnp311.jpg" /></a></div>
<br />
<br />
<span style="color: red;"><b>DHCP spoofing</b></span> is a type of attack in that the attacker listens for
DHCP Requests from clients and answers them with fake DHCP Response
before the authorized DHCP Response comes to the clients. The fake DHCP
Response often gives its IP address as the client default gateway ->
all the traffic sent from the client will go through the attacker
computer, the attacker becomes a “man-in-the-middle”.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5Zh_1BKlXVocFahOLCmrUOux3xQLq7s-0Zj35J5gPqUPXuyxpbFTOpgU_14q2ilOMYjcIPI9Ba4SdfmCCABss0MleAtn3aeeBhCA2ldrd26AwsjwjdQ7TmEydBDBPlcnhjHvgO4vCoidw/s1600/dhcpspoofing.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="181" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5Zh_1BKlXVocFahOLCmrUOux3xQLq7s-0Zj35J5gPqUPXuyxpbFTOpgU_14q2ilOMYjcIPI9Ba4SdfmCCABss0MleAtn3aeeBhCA2ldrd26AwsjwjdQ7TmEydBDBPlcnhjHvgO4vCoidw/s400/dhcpspoofing.jpg" width="400" /></a></div>
<br />
The attacker can have some ways to make sure its fake DHCP Response
arrives first. In fact, if the attacker is “closer” than the DHCP Server
then he doesn’t need to do anything. Or he can DoS the DHCP Server so
that it can’t send the DHCP Response. <br />
DHCP snooping can prevent DHCP spoofing attacks with malicious purpose..<br />
<br />
<h3 style="text-align: center;">
</h3>
<h3 style="text-align: center;">
</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfpxE-2YAOx6v_ZN6VtQNRi56ma314au9aJaf-N63J50BculNc_ZRHvqdo3R3fcOt01V_m_8QvqEjD7kO4LcE1ddSEEo8hWnV51npe1jbJ7Vac4mLFnU024Ou1qYQDymK6ZbJhHGsUO8B0/s1600/DHCP+Snooping.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="39" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfpxE-2YAOx6v_ZN6VtQNRi56ma314au9aJaf-N63J50BculNc_ZRHvqdo3R3fcOt01V_m_8QvqEjD7kO4LcE1ddSEEo8hWnV51npe1jbJ7Vac4mLFnU024Ou1qYQDymK6ZbJhHGsUO8B0/s320/DHCP+Snooping.png" width="320" /></a></div>
<h3 style="text-align: center;">
<br /><span class="_Tgc"> </span></h3>
<br />
<span style="color: red;"><b>D</b></span><span class="_Tgc"><span style="color: red;"><b>HCP snooping</b> </span>is a layer 2 security technology built into the operating system of a capable network switch that drops <b>DHCP</b> traffic determined to be unacceptable. The basic use for <b>DHCP snooping</b> is to prevent unauthorized (rogue) <b>DHCP</b> servers offering IP addresses to <b>DHCP</b> clients</span><br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<span class="_Tgc"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s1600/exam.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s200/exam.png" width="200" /></a></span></div>
<br />
<br />
<br />
The attacker could also send DHCP discover messages to the DHCP server
and try to deplete its DHCP pool. So what can we do to stop this
madness? <b>DHCP snooping</b> can really help us!.DHCP Snooping allows the switch to serves as a firewall between host and untrusted DHCP server.<br />
We can configure our switches so they track the <b>DHCP discover</b> and <b>DHCP offer</b> messages.Check this out:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqe_4digwpc04W8WdoQv-CHxXfkvBbpo-hdn5OSzyY8fg0aYEyNh4RSvkO_ZCyvomvZReFxE31O1PpZENboWOWr8xvoDaent0h3QNEG4gJz4DV3G2GDkqxG6ueFYoCN0cr_qu4inOz_cMp/s1600/ccnp314.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="279" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqe_4digwpc04W8WdoQv-CHxXfkvBbpo-hdn5OSzyY8fg0aYEyNh4RSvkO_ZCyvomvZReFxE31O1PpZENboWOWr8xvoDaent0h3QNEG4gJz4DV3G2GDkqxG6ueFYoCN0cr_qu4inOz_cMp/s320/ccnp314.jpg" width="320" /></a></div>
<br />
<br />
<br />
DHCP snooping is a
Cisco Catalyst feature that determines which switch ports can respond to
DHCP requests. Ports are identified as <b>trusted</b> and <b>untrusted</b>.<br />
The interfaces that connect to the switch should never send DHCP offer and should be consider <b>untrusted. </b>The switch should block those untrusted DHCP offer message message.only an interface that has been properly and manually configure as trusted should be allow to forward DHCP discovery message<br />
<br />
<div style="text-align: center;">
<span style="color: #990000;"> <b>What traffic will DHCP snooping drop?</b></span></div>
<br />
<ul>
<li>DHCP snooping will drop DHCP messages from a DHCP server that is not
trusted. Trusted DHCP servers are identified by configuring a
switchport’s DHCP snooping trust state. DHCP server messages can flow
through switchports that have a DHCP snooping trusted state. DHCP server
messages will be dropped if attempting to flow through a switchport
that is not trusted.</li>
<li> </li>
<li>DHCP messages where the source MAC and embedded client hardware MAC
do not match will also be dropped, although this protection can be
defeated; badly written vendor IP implementations can cause this to
happen with a surprising amount of frequency, the most common scenario
being a DHCP request for one interface being forwarded through another
interface on that same device.</li>
<li> </li>
<li>DHCP snooping will also drop messages that release a lease or
decline an offer, if the release or decline message is received on a
switchport other than the port that the original DHCP conversation was
held. This prevents a third party from terminating a lease or declining a
DHCP offer on behalf of the actual DHCP client.</li>
</ul>
<br />
<ul>
</ul>
<div style="text-align: center;">
<span style="color: #990000;"><b> How does DHCP snooping track information?</b></span></div>
<b> </b>DHCP
snooping stores its observations in a database containing the client MAC
address, DHCP assigned IP address, remaining lease time, VLAN, and
switchport. The database is a simple flat-file that can be stored in
device flash. However, flash is limited in size; as such, it’s
considered best-practice to store the DHCP snooping off-box in a remote
location, such as a TFTP server.<br />
<br />
Storing the DHCP snooping database
off-box also guarantees that the DHCP snooping database would survive a
catastrophic switch failure.<br />
<br />
<div style="text-align: center;">
<span style="color: #990000;"> <b>What happens when a DHCP snooping violation occurs?</b></span></div>
<b> </b> When
the DHCP snooping service detects a violation, the packet is dropped,
and a message is logged that includes the text “DHCP_SNOOPING”.<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPvW_TxMmCXL7JVBYN_vWQlVJ1LojP9rc7mk-9GdxReEHwDrzneyg0ktRwGEZpz5odP3iOf52QnrR5_8SACpPWPc41dlLK7DVyVxdUgVrYkZUsTft7i92s4-8ohOQA2a6gfBRxXEkj-SrL/s1600/DHCPSnooping.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="37" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPvW_TxMmCXL7JVBYN_vWQlVJ1LojP9rc7mk-9GdxReEHwDrzneyg0ktRwGEZpz5odP3iOf52QnrR5_8SACpPWPc41dlLK7DVyVxdUgVrYkZUsTft7i92s4-8ohOQA2a6gfBRxXEkj-SrL/s400/DHCPSnooping.png" width="400" /></a></div>
So before we start I want you to understand a couple things:<br />
<br />
<ol>
<li>We will use Packet Tracer for two reasons: We don't have to connect two DHCP servers as you will see here and we want to graphically see what we are doing.</li>
<li>We are going to make it in Packet tracer 7.It's very important that you do it in #7, because older PT won't be able to do work with snooping</li>
<li>Packet tracer 7 wont work in many windows 10 OS.Be aware</li>
<li>I didn't see a lot of labs of DHCP snooping on the web, so I humbly try to make one of my own. </li>
</ol>
So we will start with the graphic so you could see the interfaces:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvhhOCYh56iDTCaYMTAYzEB2C4_TrgYsjQvFdLTB-rG01-j5hNWagTV-ohklYyCJvKbQvAGhrcBaIhVtWZPawh2QuaLNennYHocNQZlfPcrynVGwndOvogpjHBToXgiVFbGQNIbSMHv6aS/s1600/ccnp350.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="322" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvhhOCYh56iDTCaYMTAYzEB2C4_TrgYsjQvFdLTB-rG01-j5hNWagTV-ohklYyCJvKbQvAGhrcBaIhVtWZPawh2QuaLNennYHocNQZlfPcrynVGwndOvogpjHBToXgiVFbGQNIbSMHv6aS/s400/ccnp350.png" width="400" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
Them we will add a router and the values that you will see:</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiR1fdcXCYuoCMjz2IaaoJHwxJF1sVsSJQVoX9_-PI-M61cpHEhjKCdUdHVg-LeOcO4eHqsXwgWTtJAwBxPLwJPKxmAoCQGK0-WtMWShxbP07HE-VmYdrWepyCKP-KOpS2hpxZBZ81f8AvY/s1600/ccnp351.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="393" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiR1fdcXCYuoCMjz2IaaoJHwxJF1sVsSJQVoX9_-PI-M61cpHEhjKCdUdHVg-LeOcO4eHqsXwgWTtJAwBxPLwJPKxmAoCQGK0-WtMWShxbP07HE-VmYdrWepyCKP-KOpS2hpxZBZ81f8AvY/s640/ccnp351.png" width="640" /></a></div>
<br />
<br />
Now check on Server 0<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMbPsfpS9pYa6AhJTKMbP72HylY_F8CQ2lYLOm9jBS-9L6a8XaaqpipZQBDi2_BkmEpGa1OenzBiJjoSWJPE0NbAG2L-mQlMFZ_T6q0gbd6iCgB6MofGUM-INhTZjXDdFUF5judeoyK7aX/s1600/ccnp354.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMbPsfpS9pYa6AhJTKMbP72HylY_F8CQ2lYLOm9jBS-9L6a8XaaqpipZQBDi2_BkmEpGa1OenzBiJjoSWJPE0NbAG2L-mQlMFZ_T6q0gbd6iCgB6MofGUM-INhTZjXDdFUF5judeoyK7aX/s400/ccnp354.png" width="400" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
it doesnt need a gateway so far because it's local and not providing service to another network </div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
Now we will go to service label, DHCP, we will call it MyPool , change values, add , ON</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZi4vrZkOcBHURXYnDgTMr7gdcCUdbdfdwAKoD_KircnBknOpN6dOD55vbsarxi2dHgArkGMBXNdaz4FqGQFm_vUukxlRKYjNzTtG9quGIlFJAjGetNTxcNQMTZo3eL8KWt0CAcupsLbu4/s1600/ccnp355.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="247" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZi4vrZkOcBHURXYnDgTMr7gdcCUdbdfdwAKoD_KircnBknOpN6dOD55vbsarxi2dHgArkGMBXNdaz4FqGQFm_vUukxlRKYjNzTtG9quGIlFJAjGetNTxcNQMTZo3eL8KWt0CAcupsLbu4/s400/ccnp355.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
Now let's configure the router so it can have a Gateway</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBQfsA_O_g6U_6G2NdjMtSKIVvGTCBbYZvA4spNhJPru03be_u8-U1qggYaIYs8kEIG1RH9jFeWq9c2E8zUvcUbfkZwtFMlSMYZa2L0TfMuw953nB36Ga4UGWmukec9sKE64WWKbhLWLbn/s1600/ccnp356.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="370" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBQfsA_O_g6U_6G2NdjMtSKIVvGTCBbYZvA4spNhJPru03be_u8-U1qggYaIYs8kEIG1RH9jFeWq9c2E8zUvcUbfkZwtFMlSMYZa2L0TfMuw953nB36Ga4UGWmukec9sKE64WWKbhLWLbn/s400/ccnp356.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
Now let's check on the other Server 1:</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJcRNm3uCTIV5hXLqnwOTMZz5cVkgh_4yDPOBLrhOi-f906O5DUPMFqjXeybiO_XyaBCY5MLZdjx9HlAfPFp9XG3SZ7fdL_BHF6RsaQyGVLcPx6XMAd0aMLKvWgYNZ_gjVxs5KRoiu6K-n/s1600/ccnp357.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJcRNm3uCTIV5hXLqnwOTMZz5cVkgh_4yDPOBLrhOi-f906O5DUPMFqjXeybiO_XyaBCY5MLZdjx9HlAfPFp9XG3SZ7fdL_BHF6RsaQyGVLcPx6XMAd0aMLKvWgYNZ_gjVxs5KRoiu6K-n/s400/ccnp357.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
Change the values:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuucLC56658WtoM1ASM1tO8peGOdjtFqMUZfbMf6zQOHRXwtYmuzgWDuxCMScqcM1Tb8q8v-LVw7k2GE-37L3dx79OH4v-9pC1Dj04igJjEx7zXWN9f4Al1tCeynG77Avdz_I9ClAchPnP/s1600/ccnp358.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="226" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuucLC56658WtoM1ASM1tO8peGOdjtFqMUZfbMf6zQOHRXwtYmuzgWDuxCMScqcM1Tb8q8v-LVw7k2GE-37L3dx79OH4v-9pC1Dj04igJjEx7zXWN9f4Al1tCeynG77Avdz_I9ClAchPnP/s400/ccnp358.png" width="400" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Where the pc's are going to get the information?<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghAYIHV2n4tbZrcnqwrrs4EgFMQdrkkELieYmV6vqMpSSQfMrrgMmBXxDFuZhGCGR8ZNbf11p5HCOAcVSKl8mcTQ4aZnY8KjGwS5e7ZlVfTF3DixsbT4i3zuhtAl11DgDotusiVebc21Ff/s1600/ccnp361.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="197" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghAYIHV2n4tbZrcnqwrrs4EgFMQdrkkELieYmV6vqMpSSQfMrrgMmBXxDFuZhGCGR8ZNbf11p5HCOAcVSKl8mcTQ4aZnY8KjGwS5e7ZlVfTF3DixsbT4i3zuhtAl11DgDotusiVebc21Ff/s320/ccnp361.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiH4hFcfth90_TFdhuZlcC_8rkKGurqC43dcUXWCuEbV3CM1F-2uyTiV72tvxjGfu11miLz4cEd8W11G2yhrPrr-JXTVMgKASo1j_S_ZnCxFG3t7Kt0VYMUZOE-LJ2rU4x5O9yWMQuEBx17/s1600/ccnp363.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="185" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiH4hFcfth90_TFdhuZlcC_8rkKGurqC43dcUXWCuEbV3CM1F-2uyTiV72tvxjGfu11miLz4cEd8W11G2yhrPrr-JXTVMgKASo1j_S_ZnCxFG3t7Kt0VYMUZOE-LJ2rU4x5O9yWMQuEBx17/s320/ccnp363.png" width="320" /></a></div>
But if you press static and dhcp again you can find a different result<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgh8q_VSQrCKksTHjfwWGUAGTU5WcCkGzY1cWZxAxTYDJx059jDktzRXwcAh7puDvKN4Wf5rSMXrWK993xg0bElGYj6grXaD3stDYJp0IYAKKS1EWcW43qrq4KY07wh9FPCwsxRQsI1D37C/s1600/ccnp366.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgh8q_VSQrCKksTHjfwWGUAGTU5WcCkGzY1cWZxAxTYDJx059jDktzRXwcAh7puDvKN4Wf5rSMXrWK993xg0bElGYj6grXaD3stDYJp0IYAKKS1EWcW43qrq4KY07wh9FPCwsxRQsI1D37C/s400/ccnp366.png" width="400" /></a></div>
<br />
<br />
In the process the pc's are doing a DHCP discovery and they have two DHCP offers from two different DHCP servers including the fake one<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhe4tf7nEKHfG9odEqHU5842g2KnWO50ICKS8HiOAo7aYe78So8kxq7egA9s6owxmv-Csw9Rg5qfmq-lFXYACFiUK5Zyax8GhPLaVB-aECVCnDD-7fakSA4HjRlnvE1nWefNKZkDk9v5CUP/s1600/ccnp379.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="149" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhe4tf7nEKHfG9odEqHU5842g2KnWO50ICKS8HiOAo7aYe78So8kxq7egA9s6owxmv-Csw9Rg5qfmq-lFXYACFiUK5Zyax8GhPLaVB-aECVCnDD-7fakSA4HjRlnvE1nWefNKZkDk9v5CUP/s320/ccnp379.gif" width="320" /></a></div>
<br />
To avoid that we will enable dhcp snooping on<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRHUZziclXV9SrvyMLjPl20sJll7JRPz2bBtjjIkrjDFv08gFAlRLVjGh2xXgmCYpiPcGzmrpzdgOBeSAvAgqjF46mGis3aitDCgpqTEXX_YyJLdngAiq73NbV1NyWIV6iGVWfqJaFORuU/s1600/ccnp368.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="341" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRHUZziclXV9SrvyMLjPl20sJll7JRPz2bBtjjIkrjDFv08gFAlRLVjGh2xXgmCYpiPcGzmrpzdgOBeSAvAgqjF46mGis3aitDCgpqTEXX_YyJLdngAiq73NbV1NyWIV6iGVWfqJaFORuU/s400/ccnp368.png" width="400" /></a></div>
Check the command. We are leaving out all the <b>untrusted</b> interface out (all of them .)<br />
Do the same with Switch 1.<br />
<br />
Now check what happens to the PC's IP address:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBzGZLiUIKwTrU5wA_XYfT6rufqx5m09MtSN33lGxF1o_ZuPlobqaIcNyYkR1mHtKf0jFH70DDmWKVkA90paxdxtlpE5Z_QrPQyXGgSXchh7OoO0xk5f3V4ETzm2lBAQAFNjF6JXKfUxFG/s1600/ccnp375.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="276" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBzGZLiUIKwTrU5wA_XYfT6rufqx5m09MtSN33lGxF1o_ZuPlobqaIcNyYkR1mHtKf0jFH70DDmWKVkA90paxdxtlpE5Z_QrPQyXGgSXchh7OoO0xk5f3V4ETzm2lBAQAFNjF6JXKfUxFG/s640/ccnp375.png" width="640" /></a></div>
<br />
The PC's can not get an IP address from the DHCP server. That IP address they have now (apipa)is auto generated and we can ping from the other pc:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJrsgFCkfZ778eo51dxbrbqhQ_hKoNnV4rozdPgupYgHSJnLpNDkD9WiXHRICKKyUG_7xK505wtaHHqzGddQNzPjQiLJdSwRSprpgk4q33ddhBmnT9Ic7-9vYwfATCUEthqLOVrvXehawk/s1600/ccnp377.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="268" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJrsgFCkfZ778eo51dxbrbqhQ_hKoNnV4rozdPgupYgHSJnLpNDkD9WiXHRICKKyUG_7xK505wtaHHqzGddQNzPjQiLJdSwRSprpgk4q33ddhBmnT9Ic7-9vYwfATCUEthqLOVrvXehawk/s400/ccnp377.png" width="400" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
We check the situation in the switch with the command show ip dhcp snooping.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjd8tu6xQb3aiqijK0065R7zMcAxG5sUkEv7hMFDPcqAne9OJiAfzfdQllyUuPXOifithQps8vtDxfW2n3rezFMlvx8DCfDBOBvq44lktbER0wklVg6V5A9Jt5Z8e6zF6MVLsk_vipjyv2T/s1600/ccnp379.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjd8tu6xQb3aiqijK0065R7zMcAxG5sUkEv7hMFDPcqAne9OJiAfzfdQllyUuPXOifithQps8vtDxfW2n3rezFMlvx8DCfDBOBvq44lktbER0wklVg6V5A9Jt5Z8e6zF6MVLsk_vipjyv2T/s400/ccnp379.png" width="400" /></a></div>
<br />
The result is that is that the switch doesn't trust nobody<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s1600/exam.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s200/exam.png" width="200" /></a></div>
<br />
Now let's go to switch 0 to have a reliable interface.Check the commands<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhh1jhJwnEcT3Ig1x3CVQGGDSPFc8GQMA7i0dr28Ma72bOEjMqPSc7kLwPXmzATpkgCsnqaFvlYpiuAqjhl_qHdDZcyq-9YkcEwP-5a4RxDxUO4Wl-QMSg6x6RFiAgwWusnRrfdpydeBjOd/s1600/ccnp382.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhh1jhJwnEcT3Ig1x3CVQGGDSPFc8GQMA7i0dr28Ma72bOEjMqPSc7kLwPXmzATpkgCsnqaFvlYpiuAqjhl_qHdDZcyq-9YkcEwP-5a4RxDxUO4Wl-QMSg6x6RFiAgwWusnRrfdpydeBjOd/s400/ccnp382.png" width="400" /></a></div>
<br />
We will do the same in the other switch:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6w2Isg19Bwnvpc4Pmky8jb05E4NGiMlQuEPaJHajPd_HFh0O_rE6xWdmGS8SFd2vuiUrlKQ6RnmpkfqL6927R59JBYRpK3ZP1w6V-bVfS1cRVAo69gWuKN0WNazi8eJOkF2eMvKJkntTf/s1600/ccnp393.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="362" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6w2Isg19Bwnvpc4Pmky8jb05E4NGiMlQuEPaJHajPd_HFh0O_rE6xWdmGS8SFd2vuiUrlKQ6RnmpkfqL6927R59JBYRpK3ZP1w6V-bVfS1cRVAo69gWuKN0WNazi8eJOkF2eMvKJkntTf/s400/ccnp393.png" width="400" /></a></div>
<br />
We will fix the other interface on the first switch that connect to the "good " DHCP server with their <b>trusted </b>interface<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAnlSePc9_UJ2UVI9M4GkJt85nBxDYbiX-zfpvIFxRjiOa24DdGBn6KArcZCrifqMwdM5-L1ZPyLrXe_Aj_h8CAoKE9GUpwQdGi7Y0hBuo6ZHNcgSDjrfS3rvi0EVN_vQdCMnZWLEfLvGF/s1600/ccnp394.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAnlSePc9_UJ2UVI9M4GkJt85nBxDYbiX-zfpvIFxRjiOa24DdGBn6KArcZCrifqMwdM5-L1ZPyLrXe_Aj_h8CAoKE9GUpwQdGi7Y0hBuo6ZHNcgSDjrfS3rvi0EVN_vQdCMnZWLEfLvGF/s320/ccnp394.png" width="278" /></a></div>
we check the successful result in the PC: the right Ip address<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9CQ-E2OYB5YlVcZbINHO1lAm0k0TxZ2iy1_hIzUlJc-zKfXmlK0X09txbG4jH8quY6a8SiIB-kYVvdmsS-tg-tDaCYixQPXaczjwG75NbOJKY_fGeeC5GqWNZv7_RSJXs4n-sHaATfBrr/s1600/ccnp399.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="206" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9CQ-E2OYB5YlVcZbINHO1lAm0k0TxZ2iy1_hIzUlJc-zKfXmlK0X09txbG4jH8quY6a8SiIB-kYVvdmsS-tg-tDaCYixQPXaczjwG75NbOJKY_fGeeC5GqWNZv7_RSJXs4n-sHaATfBrr/s400/ccnp399.png" width="400" /></a></div>
<br />
We can have our ip pool flooded with DHCP offers.We can prevent an attack. We can stop the fake DHCP response as we mention at the beginning of this article by allowing one response per second .<br />
Let's go to the switch 1<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjck9xxqtNEynmJZc-eZgGjX4JvJxH2fi43Ii7PELfc7NIj3rPSN_0uNaOVNDyGk5UUvnJbsz7IeNHP87ki15Nv-Z-8oIe_cAW4lOIv5y2yRJUHALhgLSg6lP_5YDyDo1tQjrHQFqjHl92X/s1600/ccnp400.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjck9xxqtNEynmJZc-eZgGjX4JvJxH2fi43Ii7PELfc7NIj3rPSN_0uNaOVNDyGk5UUvnJbsz7IeNHP87ki15Nv-Z-8oIe_cAW4lOIv5y2yRJUHALhgLSg6lP_5YDyDo1tQjrHQFqjHl92X/s640/ccnp400.png" width="494" /></a></div>
<br />
<br />
We initially see the "Rate limit" of packets per second we can accept : it's unlimited..But after the configuration we only allow 1 packet per second.<br />
<br />
If you also wants to see the ip addresses, vlans, and mac addresses related to dhcp snooping in a switch use the following command to verify the mapping in the binding database<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQ1yVWVAAbZyh2-Xl5sWFm8PT1UyZOGUuN7u_D4jkTyuT86W8zhWM3F5tKWeDTMNj-pjHR2tz6l3-zIYxULd6lYAxdSsARCTEKO8p78_san8axYiTulOoz47T0tQFf_h2dNci9CnjYQT9U/s1600/ccnp402.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="187" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQ1yVWVAAbZyh2-Xl5sWFm8PT1UyZOGUuN7u_D4jkTyuT86W8zhWM3F5tKWeDTMNj-pjHR2tz6l3-zIYxULd6lYAxdSsARCTEKO8p78_san8axYiTulOoz47T0tQFf_h2dNci9CnjYQT9U/s640/ccnp402.png" width="640" /></a></div>
<br />
If you are really concern about security with DHCP Snooping consider the following implementation guidelines:<br />
<br />
<ol>
<li>In a multi switch environment designate an inter-switch link as trusted in case the other switch doesn't perform DHCP Snooping</li>
<li>To address DHCP starvation , deploy port security because it's more robust than DHCP rate limiting feature</li>
<li>Enable Network Time Protocol (NTP ) in our switches to ensure the right handling of DHCP lease in the stored mapping database.We need to make sure our time is accurate in our devices</li>
</ol>
<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<b>This lab is done! I hope that you like it..Please like and share</b></div>
<br />ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-22261280334361327922016-08-07T18:15:00.002-07:002017-02-09T15:06:10.246-08:00Private VLAN<br />
<h2>
</h2>
<h2>
</h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFBhC3UXp7ZEugHCc4734Uq17o2QQG57HFxm5v9p4WTO7gYdquD0DdgRPagXAT5NOBaqK9saAhSQmTnjsxhShshE9pLtu9b2LcpqOpj2SqMgVYDFXbif_wjFzqqcKJFDec7P1OvmT3cnQP/s1600/ccnp352.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="176" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFBhC3UXp7ZEugHCc4734Uq17o2QQG57HFxm5v9p4WTO7gYdquD0DdgRPagXAT5NOBaqK9saAhSQmTnjsxhShshE9pLtu9b2LcpqOpj2SqMgVYDFXbif_wjFzqqcKJFDec7P1OvmT3cnQP/s320/ccnp352.jpg" width="320" /></a></div>
<br />
<br />
<br />
<span style="color: #660000;"><b>PVLAN</b></span>s provide layer 2 isolation between ports within the same broadcast domain.VLANs limit broadcasts to specified users.<br />
<br />
<span style="color: #660000;"> <b>Private
VLANs (PVLANs) </b></span> split the broadcast
domain into multiple isolated broadcast subdomains and essentially
putting secondary VLANs inside a primary VLAN.<br />
PVLANs restrict traffic
flows through their member switch ports (called “private ports”)
so that these ports communicate only with a specified uplink trunk
port or with specified ports within the same VLAN.<br />
<br />
<b>These concepts seem a little bit confusing ,specially if they explain them with technical term, but please check the graphics and try to understand them </b><br />
<br />
There are three types of PVLAN ports:<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9Vf21CkqwMcESKK1HjU4ELYV4BiXz1eUzTrEWBsq2VVReSU7_mHInwJ8_uVBMbkcqvXJwvHkX3pehR0k8steZ4Ls_FPtlAl5ZfvN2GzhYSIyFYKManPWyXsX0dq51k2jjfjM4FbxZr0RI/s1600/ccnp318.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="371" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9Vf21CkqwMcESKK1HjU4ELYV4BiXz1eUzTrEWBsq2VVReSU7_mHInwJ8_uVBMbkcqvXJwvHkX3pehR0k8steZ4Ls_FPtlAl5ZfvN2GzhYSIyFYKManPWyXsX0dq51k2jjfjM4FbxZr0RI/s640/ccnp318.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s1600/exam.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s200/exam.png" width="200" /></a></div>
<br />
<br />
Here you can see the ports communicate <b><u>only</u> </b>with a specified uplink trunk
port or with specified ports within the same VLAN. <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhr95CBAQcIJPI94OX4c3lqegxOj8qTCp2pE7_6RhipqkrqzkoHQFYCwjPFTUtwrRdkiNwlDTdiuzMQskTOdioCf-RkbV3tiEl5UTG49tW0EuErEHyfNu910lbMu5ZOxm1pYdMVTctGDD6n/s1600/ccnp348.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="203" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhr95CBAQcIJPI94OX4c3lqegxOj8qTCp2pE7_6RhipqkrqzkoHQFYCwjPFTUtwrRdkiNwlDTdiuzMQskTOdioCf-RkbV3tiEl5UTG49tW0EuErEHyfNu910lbMu5ZOxm1pYdMVTctGDD6n/s320/ccnp348.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<br />
The private VLAN always has<span style="color: #274e13;"> <b>one primary VLAN</b> </span> (the uplink Trunk port).<br />
Within
the primary VLAN you will find the promiscuous port. In my picture
above you can see that there’s a router connected to a promiscuous port.
All other ports are able to communicate with the<b> <span style="color: #274e13;">Promiscuous Port</span></b><span style="color: #274e13;"> </span>(The switch).<br />
Within the primary VLAN you will encounter one or more secondary VLANs, there are two types:
<br />
<ul>
<li><span style="color: #274e13;"><b>Community VLAN</b>:</span> All ports within the community VLAN are <b>able</b> to communicate with each other and the promiscuous port.</li>
<li><span style="color: #274e13;"><b>Isolated VLAN</b>:</span> All ports within the isolated VLAN are <b>unable</b> to communicate with each other but they can communicate with the promiscuous port as you can see in the graphic.</li>
</ul>
In our configuration, we'll map primary private VLANs to secondary private VLANs.A primary private VLAN can be mapped to multiple secondary VLANs, but a secondary private VLAN can be mapped only to one primary.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0UJACUvyJxTGeo5o39E3bcmHzmsPj9U8IYgwP50X7zi-37uT2T8FzNmQ7NSEU3UvB2xrF_nAgjl8amVKdbdGNSNbw7kWWpuNvu0Epi2-rbw29AyLCK7NTaGUzPcdaqSql9Vusa5-IsN-U/s1600/ccnp371.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0UJACUvyJxTGeo5o39E3bcmHzmsPj9U8IYgwP50X7zi-37uT2T8FzNmQ7NSEU3UvB2xrF_nAgjl8amVKdbdGNSNbw7kWWpuNvu0Epi2-rbw29AyLCK7NTaGUzPcdaqSql9Vusa5-IsN-U/s320/ccnp371.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<ol>
<li><span style="color: #38761d;"><b><span style="color: #274e13;">VLAN 100</span></b></span> is a secondary private VLAN (community) Ports are fa0/1-5</li>
<li> <b><span style="color: #0b5394;">VLAN 200</span></b> is a secondary private VLAN (Isolated) Ports are fa0/6-10</li>
<li> <span style="color: #666666;"><span style="color: #444444;"><span style="color: #999999;"><span style="background-color: #666666;"><b><span style="color: #0b5394;"><span style="background-color: white;">VLAN 250</span></span></b></span></span></span> </span>is a secondary private VLAN (Isolated) Ports are fa0/11-15</li>
<li> <b><span style="color: red;">VLAN 300</span></b> is a primary private VLAN . Router is off.Port fa0/20</li>
</ol>
<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
Before we start they need to be in transparent mode.We will configure VLAN 100 .200, 250 and 300 and we will set what type of VLAN they are</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicRu98f0b6I0bA9H8LLjEob7J2P5Gfi5gQpAAPQxDh3I4wmpt1BVVHuSbcm9ROra6WZAgDsdWQSRoLQxVInz_yoB8g25F_BxBQqZNNbdWrCNRzPOI5qCrma_NKfeCkQbYEdgDzG_EKVAdX/s1600/ccnp370.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="385" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicRu98f0b6I0bA9H8LLjEob7J2P5Gfi5gQpAAPQxDh3I4wmpt1BVVHuSbcm9ROra6WZAgDsdWQSRoLQxVInz_yoB8g25F_BxBQqZNNbdWrCNRzPOI5qCrma_NKfeCkQbYEdgDzG_EKVAdX/s640/ccnp370.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Now we will assign :</div>
<ol>
<li>the ports ,</li>
<li> the private-vlan mode </li>
<li>the host association </li>
</ol>
We see that they all will be part of primary vlan (300) <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjC5nkJZbJNVkg7qbp64M2b83EnsjaWEmtqrbB4NAHzSNCUIZ0g6WBugf6cmkmgfthu8uMsptmcu62oHwthLUeLXNnzSkVzqkp5Dx6t49mGPBNAzA-TAxsNaorOpoVq8QydCWhWvKTcHpkR/s1600/ccnp373.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="577" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjC5nkJZbJNVkg7qbp64M2b83EnsjaWEmtqrbB4NAHzSNCUIZ0g6WBugf6cmkmgfthu8uMsptmcu62oHwthLUeLXNnzSkVzqkp5Dx6t49mGPBNAzA-TAxsNaorOpoVq8QydCWhWvKTcHpkR/s640/ccnp373.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Now we will do the verification with two commands:</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<ol>
<li><b>show vlan private-vlan</b></li>
<li><b>show int</b> <u><i>int</i></u> <b>switchport </b></li>
</ol>
<br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7gE_hdAcCSTQYq_LHKEexSullpmBKncnahUlwWRGfemL8cXiSOkPFO2ozOcM92FVAx6BnH9VkULqak9SJJbzz1fO_GVTKYIfSky4G_yN4lxM5k2mjg75rf0gGQ3_kmtiy2Rqvl85UwkHq/s1600/ccnp374.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7gE_hdAcCSTQYq_LHKEexSullpmBKncnahUlwWRGfemL8cXiSOkPFO2ozOcM92FVAx6BnH9VkULqak9SJJbzz1fO_GVTKYIfSky4G_yN4lxM5k2mjg75rf0gGQ3_kmtiy2Rqvl85UwkHq/s640/ccnp374.png" width="625" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
We seee a difference between a host association and the private-vlan mapping in the results.That's because one of them is promiscuous (vlan 300) and the other one is a community VLAN (Vlan 100)</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
This lab initially seem a little bit confusing for a lot of people if it would be explain in technical terms, but please, check the graphic to make sure you mentally understand the concepts and everything will be fine..</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>This lab is done! I hope that you like it..Please like and share</b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq6mkdcFvXlPmFL_FwdwyiXcWsDq6g6FEFgFvSWipL6PJM3d7VN1ng5u5m9uXw7829wM1Rn9cLLpxT_zumYbsZEdatBOxH6JFmWy2q5gy6PccFx0N6NUpgwItrbP-V-ADjvxfUd7dy4uCS/s1600/ccnp365.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-17000834688938585152016-08-06T11:25:00.000-07:002016-11-14T10:33:22.012-08:00Storm Control<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><br />
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:RelyOnVML/>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves>false</w:TrackMoves>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="false"
DefSemiHidden="false" DefQFormat="false" DefPriority="99"
LatentStyleCount="371">
<w:LsdException Locked="false" Priority="0" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 7"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 8"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index 9"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" Name="toc 9"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Normal Indent"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="footnote text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="annotation text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="header"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="footer"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="index heading"/>
<w:LsdException Locked="false" Priority="35" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="table of figures"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="envelope address"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="envelope return"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="footnote reference"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="annotation reference"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="line number"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="page number"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="endnote reference"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="endnote text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="table of authorities"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="macro"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="toa heading"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Bullet 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Number 5"/>
<w:LsdException Locked="false" Priority="10" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Closing"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Signature"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="true"
UnhideWhenUsed="true" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text Indent"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="List Continue 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Message Header"/>
<w:LsdException Locked="false" Priority="11" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Salutation"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Date"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text First Indent"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text First Indent 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Note Heading"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text Indent 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Body Text Indent 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Block Text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Hyperlink"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="FollowedHyperlink"/>
<w:LsdException Locked="false" Priority="22" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Document Map"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Plain Text"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="E-mail Signature"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Top of Form"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Bottom of Form"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Normal (Web)"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Acronym"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Address"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Cite"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Code"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Definition"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Keyboard"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Preformatted"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Sample"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Typewriter"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="HTML Variable"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Normal Table"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="annotation subject"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="No List"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Outline List 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Outline List 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Outline List 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Simple 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Simple 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Simple 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Classic 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Colorful 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Colorful 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Colorful 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Columns 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 7"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Grid 8"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 4"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 5"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 6"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 7"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table List 8"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table 3D effects 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table 3D effects 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table 3D effects 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Contemporary"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Elegant"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Professional"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Subtle 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Subtle 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Web 1"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Web 2"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Web 3"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Balloon Text"/>
<w:LsdException Locked="false" Priority="39" Name="Table Grid"/>
<w:LsdException Locked="false" SemiHidden="true" UnhideWhenUsed="true"
Name="Table Theme"/>
<w:LsdException Locked="false" SemiHidden="true" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" SemiHidden="true" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" QFormat="true"
Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" QFormat="true"
Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" QFormat="true"
Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" QFormat="true"
Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" QFormat="true"
Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" QFormat="true"
Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" SemiHidden="true"
UnhideWhenUsed="true" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" SemiHidden="true"
UnhideWhenUsed="true" QFormat="true" Name="TOC Heading"/>
<w:LsdException Locked="false" Priority="41" Name="Plain Table 1"/>
<w:LsdException Locked="false" Priority="42" Name="Plain Table 2"/>
<w:LsdException Locked="false" Priority="43" Name="Plain Table 3"/>
<w:LsdException Locked="false" Priority="44" Name="Plain Table 4"/>
<w:LsdException Locked="false" Priority="45" Name="Plain Table 5"/>
<w:LsdException Locked="false" Priority="40" Name="Grid Table Light"/>
<w:LsdException Locked="false" Priority="46" Name="Grid Table 1 Light"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark"/>
<w:LsdException Locked="false" Priority="51" Name="Grid Table 6 Colorful"/>
<w:LsdException Locked="false" Priority="52" Name="Grid Table 7 Colorful"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 1"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 1"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 1"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 1"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 1"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 2"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 2"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 2"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 2"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 2"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 3"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 3"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 3"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 3"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 3"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 4"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 4"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 4"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 4"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 4"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 5"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 5"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 5"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 5"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 5"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="46"
Name="Grid Table 1 Light Accent 6"/>
<w:LsdException Locked="false" Priority="47" Name="Grid Table 2 Accent 6"/>
<w:LsdException Locked="false" Priority="48" Name="Grid Table 3 Accent 6"/>
<w:LsdException Locked="false" Priority="49" Name="Grid Table 4 Accent 6"/>
<w:LsdException Locked="false" Priority="50" Name="Grid Table 5 Dark Accent 6"/>
<w:LsdException Locked="false" Priority="51"
Name="Grid Table 6 Colorful Accent 6"/>
<w:LsdException Locked="false" Priority="52"
Name="Grid Table 7 Colorful Accent 6"/>
<w:LsdException Locked="false" Priority="46" Name="List Table 1 Light"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark"/>
<w:LsdException Locked="false" Priority="51" Name="List Table 6 Colorful"/>
<w:LsdException Locked="false" Priority="52" Name="List Table 7 Colorful"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 1"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 1"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 1"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 1"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 1"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 1"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 2"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 2"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 2"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 2"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 2"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 2"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 3"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 3"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 3"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 3"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 3"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 3"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 4"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 4"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 4"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 4"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 4"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 4"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 5"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 5"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 5"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 5"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 5"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 5"/>
<w:LsdException Locked="false" Priority="46"
Name="List Table 1 Light Accent 6"/>
<w:LsdException Locked="false" Priority="47" Name="List Table 2 Accent 6"/>
<w:LsdException Locked="false" Priority="48" Name="List Table 3 Accent 6"/>
<w:LsdException Locked="false" Priority="49" Name="List Table 4 Accent 6"/>
<w:LsdException Locked="false" Priority="50" Name="List Table 5 Dark Accent 6"/>
<w:LsdException Locked="false" Priority="51"
Name="List Table 6 Colorful Accent 6"/>
<w:LsdException Locked="false" Priority="52"
Name="List Table 7 Colorful Accent 6"/>
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:8.0pt;
mso-para-margin-left:0in;
line-height:107%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
<br />
<div class="MsoNormal">
<b style="mso-bidi-font-weight: normal;"><span style="color: #4472c4; font-size: 28.0pt; line-height: 107%;">Storm control</span></b></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipbWq9A52G3gqLudzU7yueTZV91GW16KqObSuGmts31guwSjvN9ICZGEKPPSBSrScmjmj3c9MLM1TddfHFYlwsVxhhABH1LeXhZYVKuiwCI9oLwyeln62ZCj2SB15sGTx9gRQs88Wrazh-/s1600/ccnp343.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="319" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipbWq9A52G3gqLudzU7yueTZV91GW16KqObSuGmts31guwSjvN9ICZGEKPPSBSrScmjmj3c9MLM1TddfHFYlwsVxhhABH1LeXhZYVKuiwCI9oLwyeln62ZCj2SB15sGTx9gRQs88Wrazh-/s320/ccnp343.png" width="320" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
As you probably know, there is a big concern as
administrator, when the number of broadcast and multicast start to overwhelm
your network. These storm, that could be accidentally or maliciously caused,
can overwhelm your host with multicast and broadcast as well, flowed by the
switch.</div>
<div class="MsoNormal">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s1600/exam.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s200/exam.png" width="200" /></a></div>
<br />
<br /></div>
<div class="MsoNormal">
A <b style="mso-bidi-font-weight: normal;">Storm Control </b>is
a Cisco switch feature that can detect broadcast, unicast and multicast traffic
storm on a switch port and respond by putting the port into Error Disable state
and/or sending SNMP trap</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
These traffic storm can be measure by:</div>
<span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">1.<span style="font: 7.0pt "Times New Roman";">
</span></span></span>Bits per second<br />
<span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">2.<span style="font: 7.0pt "Times New Roman";">
</span></span></span>Packets per second<br />
<span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">3.<span style="font: 7.0pt "Times New Roman";">
</span></span></span>Bandwidth percentage<br />
<br />
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Storm control was designed to stop that overwhelming
flooding before our host are flooded with so much traffic till it cannot handle
it no more. It’s enable on per port basics..</div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6Y1dOy1vW5y57pUzdaTZSBr-tkBLdWGc3hTxsHjlcIlQmKzc2HEryZcFx0cLOvnd1M7rMgUslXgOIKIcGN4ak6NEcVILDQ5rKQnazCaiDzoVnCkFuR4uGNBYEist2pAr6BSR7UkkbYMhe/s1600/ccnp341.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="215" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6Y1dOy1vW5y57pUzdaTZSBr-tkBLdWGc3hTxsHjlcIlQmKzc2HEryZcFx0cLOvnd1M7rMgUslXgOIKIcGN4ak6NEcVILDQ5rKQnazCaiDzoVnCkFuR4uGNBYEist2pAr6BSR7UkkbYMhe/s320/ccnp341.png" width="320" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Now imagine that we have a denial of service attack , where
our switches are flooded with unicast, multicast or broadcast<span style="mso-spacerun: yes;"> </span>frames, but also our switch need to be
protected<span style="mso-spacerun: yes;"> </span>for spanning-tree protocol
failure .With that broadcast storm, storm control can help stepping in and
blocking the port and breaking that layer two topological loop.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Let’s see with this example..</div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-ZSJ7EtF4hstho4NijrbtEd2fuFbsjxd2Dv7YfDP5tEPZy0bL1RlpIwCgQRvck01Dhq4CLBX69B7Q6UB_eTowoOY-Qza7u_7ve6-rbqWeaWl1Q742yLN1HsHMiHcGkn5b5Dy7h6CDid21/s1600/ccnp340.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-ZSJ7EtF4hstho4NijrbtEd2fuFbsjxd2Dv7YfDP5tEPZy0bL1RlpIwCgQRvck01Dhq4CLBX69B7Q6UB_eTowoOY-Qza7u_7ve6-rbqWeaWl1Q742yLN1HsHMiHcGkn5b5Dy7h6CDid21/s640/ccnp340.png" width="640" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="mso-no-proof: yes;">
</span></div>
<div class="MsoNormal">
If more that 40% of my bandwidth is consume by broadcast
traffic , that is going to make my storm control to kick in. as you could see in my previous and next graphic.</div>
<div class="MsoNormal">
We were using bandwidth percentage in this command, which
can also be configure using packets per second.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3e6nyM3KpFcYw2jJlComR5OyBE8_ht1t2euI5qVI-nTzVA13qpSazg0fF0Zlhd3etUglWePPgvuxwUMYlqqHeAgzX-wuIQMmJ6Y0uUKbjtqXmWLSKRl3xK_ld4uU6SeeNjkxYA-LLK1pT/s1600/ccnp343.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="120" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3e6nyM3KpFcYw2jJlComR5OyBE8_ht1t2euI5qVI-nTzVA13qpSazg0fF0Zlhd3etUglWePPgvuxwUMYlqqHeAgzX-wuIQMmJ6Y0uUKbjtqXmWLSKRl3xK_ld4uU6SeeNjkxYA-LLK1pT/s320/ccnp343.jpg" width="320" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Now we are going to explain this graphic:</b></div>
<div class="MsoNormal">
</div>
<br />
<div style="box-sizing: border-box; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 22px; margin: 0px 0px 20px; text-align: justify;">
In
interval T0, inbound traffic is accepted as its rate never exceeds the
rising threshold. In T1, the rising threshold is exceeded, and the
switch makes a note to block incoming traffic for the next interval. In
T2, traffic is blocked, but the switch continues to monitor the incoming
rate. Although the rate has fallen below the rising threshold, it still
exceeds the falling threshold, so the switch will continue to block
traffic for the next interval.</div>
<div style="box-sizing: border-box; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 22px; margin: 0px 0px 20px; text-align: justify;">
During
T3, (yellow area) traffic stays below the falling interval, so the switch removes the
blocking for T4. Although traffic in T4 exceeds the falling threshold
again, traffic will not be blocked for the next interval as the rising
threshold hasn't been exceeded.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWlLAYj4ApLJZTgrabG6vMpCTDdNJNdfGA-hcOKB_oZwoAxLsasAYkY-rG9cgxiaFy0NHQAEAtlYYjI8bz7WR0mhgjqB4jgr2munBbBL3cMZD-WpYAFyX_osBPjE7Qc9zMWL0SZFfX8p38/s1600/Traffic_control.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="216" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWlLAYj4ApLJZTgrabG6vMpCTDdNJNdfGA-hcOKB_oZwoAxLsasAYkY-rG9cgxiaFy0NHQAEAtlYYjI8bz7WR0mhgjqB4jgr2munBbBL3cMZD-WpYAFyX_osBPjE7Qc9zMWL0SZFfX8p38/s640/Traffic_control.png" width="640" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
</div>
<div style="box-sizing: border-box; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 22px; margin: 0px 0px 20px; text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s1600/exam.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s200/exam.png" width="200" /></a></div>
<br />
<br /></div>
<div style="box-sizing: border-box; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 22px; margin: 0px 0px 20px; text-align: justify;">
Maybe you want to set a different level at witch Storm Control should cease the action .The line storm-control level 40 30 means Storm Control will take action when broadcast are taking over 40% of available bandwidth and will stop that action when the levels of broadcast drops below 30% of that available bandwidth </div>
<div style="box-sizing: border-box; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 22px; margin: 0px 0px 20px; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQLSgThV0oyZFH9Yefk5OrR1OTcGaEmxlk2HDKR8ysuTSZOuvD-hjrFDSjKeo96foVZRFulyGceB9s38xBywZg3deibKnYovOS13e_zhUXE7SBJNyhyphenhyphenFVk2rhpb8u8TKmInFVH7zVCG0s2/s1600/ccnp334.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="155" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQLSgThV0oyZFH9Yefk5OrR1OTcGaEmxlk2HDKR8ysuTSZOuvD-hjrFDSjKeo96foVZRFulyGceB9s38xBywZg3deibKnYovOS13e_zhUXE7SBJNyhyphenhyphenFVk2rhpb8u8TKmInFVH7zVCG0s2/s640/ccnp334.png" width="640" /></a></div>
<div style="box-sizing: border-box; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 22px; margin: 0px 0px 20px; text-align: justify;">
If we set it up in shutdown state we would be putting that port in errdisable state or to send a SNMP trap..and we can do both as well. </div>
<div style="box-sizing: border-box; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 22px; margin: 0px 0px 20px; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdlOBLBOxHw0q388FuerDPHee0FYK8BLOI6WVsQ0PaN3FxIgkcSZ8vPO-aMWeuLnVyD6lXDEvNC9Q9dcflcBsa-UjGmjRA3hL61aTBKcS6vD9DlxDAaaGufxwR0z__FMkVJdec7FW1OldK/s1600/ccnp346.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="331" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdlOBLBOxHw0q388FuerDPHee0FYK8BLOI6WVsQ0PaN3FxIgkcSZ8vPO-aMWeuLnVyD6lXDEvNC9Q9dcflcBsa-UjGmjRA3hL61aTBKcS6vD9DlxDAaaGufxwR0z__FMkVJdec7FW1OldK/s640/ccnp346.png" width="640" /></a></div>
<div style="box-sizing: border-box; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 22px; margin: 0px 0px 20px; text-align: justify;">
We see here three things:</div>
<ol>
<li>The setting for broadcast and multicast </li>
<li>We set the threshold for multicast of 60, 000 <b>PPS</b> (packets per second )</li>
<li>The results of rising and falling threshold of storm control: 40% and 30%</li>
</ol>
<div style="box-sizing: border-box; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 22px; margin: 0px 0px 20px; text-align: justify;">
<b> This lab was successful!If you like it please share and comment!</b></div>
<div style="box-sizing: border-box; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 22px; margin: 0px 0px 20px; text-align: justify;">
<br /></div>
<div style="box-sizing: border-box; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 22px; margin: 0px 0px 20px; text-align: justify;">
<br /></div>
<div style="box-sizing: border-box; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 22px; margin: 0px 0px 20px; text-align: justify;">
<br /></div>
<div style="box-sizing: border-box; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 22px; margin: 0px 0px 20px; text-align: justify;">
<br /></div>
<div style="box-sizing: border-box; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 22px; margin: 0px 0px 20px; text-align: justify;">
<br /></div>
<div style="box-sizing: border-box; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 22px; margin: 0px 0px 20px; text-align: justify;">
<br /></div>
ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-56524826461073118602016-08-06T07:52:00.000-07:002016-11-14T10:44:15.444-08:00Port Security<h2 style="text-align: center;">
<span style="color: #274e13; font-size: x-large;"> <u>Port Security</u></span></h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5g06JbK6YbzBhKiprDfJPai83aDORdFO38bVrYCGGMjWpZc5Fh7hpQKhKeO4FrcVwQIKMGq1nrYk607g73S7qBs3yV2KtZGVSxGOI87j8zjGkp0G5NvmEWWooXfBsZFz4fwAjT_VlqzRN/s1600/ccnp307.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5g06JbK6YbzBhKiprDfJPai83aDORdFO38bVrYCGGMjWpZc5Fh7hpQKhKeO4FrcVwQIKMGq1nrYk607g73S7qBs3yV2KtZGVSxGOI87j8zjGkp0G5NvmEWWooXfBsZFz4fwAjT_VlqzRN/s320/ccnp307.jpg" width="320" /></a></div>
<h2 style="text-align: center;">
</h2>
T<u>he basic form of switch security is using port level security.</u>
When using port level security, the <b>MAC address</b>(es) and/or number of MAC
addresses of the connected devices is controlled.<br />
<br />
In a
nutshell, port security entails having the switch look at the source
MAC address of an incoming packet and asking itself: "Do I trust the
source of this frame?"<br />
<br />
Port security is enable with the<b><i> </i><span style="color: #073763;"><i>switchport port-security</i></span></b>
command ,Before everything else we need to make sure the port is a
non-trunking port.Port security can be configure in a port that has a
possibility of becoming a trunk.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s1600/exam.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s200/exam.png" width="200" /></a></div>
<br />
Port security feature will not work on three types of ports.<br />
<br />
<ol class="circles-list">
<li> Trunk ports</li>
<li> Ether channel ports</li>
<li> Switch port analyzer ports</li>
</ol>
<br />
<br />
Let's use this diagram<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiH-IMOBHkR_QilfTLZ2qsPHKiuof2wiUSMs06lCluGkTZQodg5qKDLA9PMqUUZqPhJBfrVykaVlyhXSSO8QQLGIeJ8oAo78NDgn9ECAMXCmVmwd3GURTco1L3sziOClOAaCRzEVz7VQ3x6/s1600/ccnp326.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiH-IMOBHkR_QilfTLZ2qsPHKiuof2wiUSMs06lCluGkTZQodg5qKDLA9PMqUUZqPhJBfrVykaVlyhXSSO8QQLGIeJ8oAo78NDgn9ECAMXCmVmwd3GURTco1L3sziOClOAaCRzEVz7VQ3x6/s1600/ccnp326.png" /></a></div>
<br />
<br />
To check on that use the command <b><i>show int trunk</i></b><br />
<br />
<b><i><br /><span style="color: #0c343d;">Switch>enable<br />Switch#show int trunk<br /><br />Switch#</span></i></b><br />
<br />
So, let's make sure it's an access port:<br />
<br />
<b><i><span style="color: #073763;">Switch>en<br />Switch#conf t<br />Enter configuration commands, one per line. End with CNTL/Z.<br />Switch(config)#int fa0/1<br />Switch(config-if)#switchport mode access<br />Switch(config-if)#switchport access vlan 30<br />% Access VLAN does not exist. Creating vlan 30</span></i></b><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCJOg9kO9guFvsgpJo1iVPzq3pHRyqnISxtz0rbvYjnNZI4GrEixUBIOeY6PKHFkN_cjS50m0GQQ-SoZ8CsCq-WnASRSprqflZztYBza455DqeLRDTMNnGUV9VSg4ylUHjvu35rfnCJpju/s1600/ccnp330.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="217" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCJOg9kO9guFvsgpJo1iVPzq3pHRyqnISxtz0rbvYjnNZI4GrEixUBIOeY6PKHFkN_cjS50m0GQQ-SoZ8CsCq-WnASRSprqflZztYBza455DqeLRDTMNnGUV9VSg4ylUHjvu35rfnCJpju/s320/ccnp330.png" width="320" /></a></div>
<br />
<br />
Now let's check our actual configuration<br />
<br />
<b><i><span style="color: #073763;"> Switch(config-if)#do show port-security<br />Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action<br /> (Count) (Count) (Count)<br />--------------------------------------------------------------------<br /> Fa0/1 1 1 0 Shutdown<br />----------------------------------------------------------------------<br />Switch(config-if)#</span></i></b><br />
<br />
<br />
We can see different options as well:<br />
<br />
<br />
<br />
.Let's start with <span style="color: #0c343d;"><b>Maximum </b></span>that defines the number of secure Mac address the port can learn and the default is one.<br />
<br />
<span style="color: #073763;"><b><i> Switch(config)#int fa0/1<br />Switch(config-if)#switchport port-security maximum ?<br /> <1-132> Maximum addresses</i></b></span><br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZdEQ1G8We8Aj0hSisFri41BuTISnY4ARMeuBO6J8OjVjRMmpRpyAFs0Aa4WC7pYV3QMXXu1C8z02QuBm-A-lOXryu4ed_9tzGaFhqGF9N2yHqBkhZsKTnbIVVbG6yFMDeHNf-H2w2OYIF/s1600/ccnp308.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="43" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZdEQ1G8We8Aj0hSisFri41BuTISnY4ARMeuBO6J8OjVjRMmpRpyAFs0Aa4WC7pYV3QMXXu1C8z02QuBm-A-lOXryu4ed_9tzGaFhqGF9N2yHqBkhZsKTnbIVVbG6yFMDeHNf-H2w2OYIF/s640/ccnp308.png" width="640" /></a></div>
There are three
different ways that MAC addresses can be configured onto a port:<br />
<ul>
<li>Statically</li>
<li>Dynamically</li>
<li>Sticky</li>
</ul>
<span style="color: #274e13;"><span style="color: #660000;"><b>A statically-configured MAC address</b></span> </span>is rather simple; a single MAC address is configured to be allowed on a port:<br />
In static method we have to manually define exact host mac address with <b>switchport port-security mac-address <i>MAC_address</i></b> command.
This is the most secure method but it needs a lot of manual works.
We need to enter all mac addresses manually that is too much tedious job.<br />
<br />
<br />
<b><span style="color: #660000;">A dynamic MAC address</span> </b>is one that is learned on an interface and is
held in the Content-Addressable Memory (CAM) table until it times out (5
minutes); these are enabled by default.<br />
In dynamic mode we use sticky feature that allows interface to learn mac address automatically.
Interface will learn mac addresses until it reaches maximum number of allowed hosts<br />
<br />
<br />
Here is an example<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7-5k7uY1RBOLRup1jEjd0j8Kg3YSN5p2yL8miMqY3VR_h2_ULoOhHbmMuBBBq-WUE6DfaimWRDtYdTowekYciA5vxDrXC6dANMXFflOkLKNc1Xc66zfea7AvKFxNdUgqlqC6xvo374dYn/s1600/ccnp304.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="287" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7-5k7uY1RBOLRup1jEjd0j8Kg3YSN5p2yL8miMqY3VR_h2_ULoOhHbmMuBBBq-WUE6DfaimWRDtYdTowekYciA5vxDrXC6dANMXFflOkLKNc1Xc66zfea7AvKFxNdUgqlqC6xvo374dYn/s400/ccnp304.png" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s1600/exam.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNrnMo_qAr91Jv5VFy6pQ_k48aDRAzxWYljh79-Cz6YFtQ1eGgcoCj4VZ_kHognUui-FINgHuI_-YA9TUYoCy7GZExbp7eG5PX2GG2UFM5nrPPus268aUWPC21z-vSL5bVii_yqltmW-Zn/s200/exam.png" width="200" /></a></div>
<br />
<br />
<b><span style="color: #660000;">A sticky address </span></b>is dynamically learned and then immediately
converted into a sticky secure MAC address; this “sticks” the specific
MAC address to this port alone. Sticky MAC addresses are lost on reboot
unless the running configuration is saved.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3VgIbFpeG0AZ2aUG5waBOb1nxXY0WYvCEbytjrBh5o2otviX3y_ZjnuxEaU_eCQVg_ZJo5_6MFv2XT2i4HxwBsXH9DefmF5wck21t5bcYdAyp9RHJuZ7LGrR1WnAUauQna33QdcOt3D90/s1600/ccnp309.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3VgIbFpeG0AZ2aUG5waBOb1nxXY0WYvCEbytjrBh5o2otviX3y_ZjnuxEaU_eCQVg_ZJo5_6MFv2XT2i4HxwBsXH9DefmF5wck21t5bcYdAyp9RHJuZ7LGrR1WnAUauQna33QdcOt3D90/s1600/ccnp309.png" /></a></div>
<h3 style="text-align: center;">
<span style="font-size: x-large;"><b><span style="color: #0c343d;"><span style="color: #660000;"><u>Part 1 Configure port Security</u></span></span></b></span></h3>
<h3 style="text-align: left;">
<b><span style="color: #0c343d;"><span style="color: black;"><span style="color: #0c343d;">W</span>e will enable port security, set the sticky mac address , set the maximum of allow mac address</span><i><br /></i></span></b></h3>
<br />
<b><span style="color: #0c343d;"><i> Switch>en<br />Switch#conf t<br />Enter configuration commands, one per line. End with CNTL/Z.<br />Switch(config)#int range fa0/1-2</i></span></b><br />
<b><span style="color: #0c343d;"><i> </i></span></b><b><span style="color: #0c343d;"><i>Switch(config)#switchport mode access</i></span></b><br />
<b><span style="color: #0c343d;"><i><b><span style="color: #0c343d;"><i>Switch(config-if)#switchport port-security mac-address ?<br /> H.H.H 48 bit mac address<br /> sticky Configure dynamic secure addresses as sticky</i></span></b> <br />Switch(config-if-range)#switchport port-security maximum 1<br />Switch(config-if-range)#switchport port-security mac-address sticky</i></span></b><br />
<br />
<br />
<br />
<b>Now the switch learn automatically (dynamically) the MAC Address of the two PCs</b><br />
<b><br /></b>
<b><span style="color: #0c343d;">A<span style="color: black;">long
with configure these mac address , a port can be configure with a
maximum number of allowed mac address (the default is one) We set them
in one</span></span></b><br />
<span style="color: #073763;"><i><b><span style="color: #0c343d;"> Switch(config-if)#switchport port-security maximum ?<br /> <1-132> Maximum addresses<br />Switch(config-if)#switchport port-security maximum 1</span></b></i></span><br />
<br />
<br />
<br />
Use
the aging option to define how long dynamically learned secure MAC
address should be considered secure.You have the rarely used option of
enabling aging for the static entries<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq549ZBSGm8XeImTv8EyJr9QdwgCIC8jJ2d8G6i4eysgK934JCEYW1q-0EtnHUzs3MJiBcUMYWgdBjQaz1PQySXv_67i87ZfI4wklAnk1pOh1QqWOM3FDFuysZi720vpPCYmEU9ppr3ctQ/s1600/ccnp331.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="289" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq549ZBSGm8XeImTv8EyJr9QdwgCIC8jJ2d8G6i4eysgK934JCEYW1q-0EtnHUzs3MJiBcUMYWgdBjQaz1PQySXv_67i87ZfI4wklAnk1pOh1QqWOM3FDFuysZi720vpPCYmEU9ppr3ctQ/s640/ccnp331.png" width="640" /></a></div>
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq6bT9v9H3fcrlChuh65Tk6KGrMxGUHwbAk9740qjlyAi6GAkwaIZ3KGlf4j_YUhoNpDwizmXy28wv8d8gSLExNJpeHggy6EI_QSCivszsr6eY0eZmte0IyZCL1MF1TU4IM9EyYX0S3pVx/s1600/ccnp302.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq6bT9v9H3fcrlChuh65Tk6KGrMxGUHwbAk9740qjlyAi6GAkwaIZ3KGlf4j_YUhoNpDwizmXy28wv8d8gSLExNJpeHggy6EI_QSCivszsr6eY0eZmte0IyZCL1MF1TU4IM9EyYX0S3pVx/s400/ccnp302.png" width="400" /></a></div>
<b><span style="color: #0c343d;"><i><br /></i></span></b>
<b><span style="color: #0c343d;"><i><br /></i></span></b>
<br />
If a port security violation should occur, there are three different
methods that can be configured based on the intended device reaction:<br />
<ul>
<li><span style="font-size: large;"><span style="color: #274e13;"><b>Protect</b></span></span>—When using this method, the packets from the unknown source addresses will be dropped.</li>
<li><b><span style="color: #274e13;"><span style="font-size: large;">Restrict</span></span></b>—When using this method, the packets from the unknown
source addresses will be dropped, AND the security violation counter
will be incremented and a management message will be sent.</li>
<li><span style="font-size: large;"><span style="color: #274e13;"><b>Shutdown</b></span></span>—When using this method, the port will shut down upon
receipt of packets from unknown addresses, AND the security violation
counter will be incremented, and a management message will be sent.
(This is the default.)</li>
</ul>
<span style="color: #073763;"><b><i> Switch>en</i></b></span><br />
<span style="color: #073763;"><b><i>
</i></b></span>
<br />
<div style="-qt-block-indent: 0; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<span style="color: #073763;"><b><i>Switch#conf t</i></b></span></div>
<span style="color: #073763;"><b><i>
</i></b></span>
<br />
<div style="-qt-block-indent: 0; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<span style="color: #073763;"><b><i>Enter configuration commands, one per line. End with CNTL/Z.</i></b></span></div>
<span style="color: #073763;"><b><i>
</i></b></span>
<br />
<div style="-qt-block-indent: 0; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<span style="color: #073763;"><b><i>Switch(config)#int range fa0/1-2</i></b></span></div>
<span style="color: #073763;"><b><i>
</i></b></span>
<br />
<div style="-qt-block-indent: 0; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<span style="color: #073763;"><b><i>Switch(config-if)#switchport port violation ?</i></b></span></div>
<span style="color: #073763;"><b><i>
</i></b></span>
<br />
<div style="-qt-block-indent: 0; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<span style="color: #073763;"><b><i> protect Security violation protect mode</i></b></span></div>
<span style="color: #073763;"><b><i>
</i></b></span>
<br />
<div style="-qt-block-indent: 0; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<span style="color: #073763;"><b><i> restrict Security violation restrict mode</i></b></span></div>
<span style="color: #073763;"><b><i>
</i></b></span>
<br />
<div style="-qt-block-indent: 0; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<span style="color: #073763;"><b><i> shutdown Security violation shutdown mode</i></b></span></div>
<div style="-qt-block-indent: 0; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<br /></div>
<div style="-qt-block-indent: 0; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<span style="color: #073763;"><b> <span style="color: black;">The default port security mode is</span><i> shutdown ,</i> <span style="color: black;">which does just that , the port is place into</span><i> error-disable state (err-disable)</i></b></span></div>
<div style="-qt-block-indent: 0; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<span style="color: #073763;"><b><i><br /></i></b></span></div>
<div style="-qt-block-indent: 0; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<span style="color: #073763;"><b><i>Let's check with an example</i></b></span></div>
<div style="-qt-block-indent: 0; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<span style="color: #073763;"><b><i><br /></i></b></span></div>
<div style="-qt-block-indent: 0; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<u><span style="color: #660000;"><b>Command </b></span></u></div>
<table class="table table-bordered table-hover"><tbody>
<tr class="cnn_table_header"><td><u><br /></u></td><td><u><b><span style="color: #660000;">Description</span></b></u></td></tr>
<tr><td><i>Switch>enable</i></td><td>Move in privilege exec mode</td></tr>
<tr><td><i>Switch#configure terminal</i></td><td>Move in global configuration mode</td></tr>
<tr><td><i>Switch(config)#interface fastethernet 0/1</i></td><td>Move in interface mode</td></tr>
<tr><td><i>Switch(config-if)#switchport mode access</i></td><td>Assign port as host port</td></tr>
<tr><td><i>Switch(config-if)#switchport port-security</i></td><td>Enable port security feature on this port</td></tr>
<tr><td><i>Switch(config-if)#switchport port-security maximum 1</i></td><td>Set limit for hosts that can be associated with interface. Default value is 1. Skip this command to use default value.</td></tr>
<tr><td><i>Switch(config-if)#switchport port-security violation restrict</i></td><td>Set security violation mode. Default mode is shutdown. Skip this command to use default mode.</td></tr>
<tr><td><i>Switch(config-if)#switchport port-security mac-address sticky</i></td><td>Enable sticky feature.</td></tr>
</tbody></table>
<div style="-qt-block-indent: 0; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-indent: 0px;">
<br /></div>
<table class="table table-bordered table-hover"><tbody>
<tr class="cnn_table_header"><td style="text-align: center;"><h3>
<u><span style="color: #660000;"><b><br /></b></span></u></h3>
</td><td style="text-align: center;"><h2>
<span style="color: #660000;"><b> <u>Part 2 : Verify Port security</u></b></span></h2>
<h3 style="text-align: left;">
<span style="font-weight: normal;"><span style="color: #cc0000;">1.-</span>We will disable the rest of the ports</span></h3>
<div style="text-align: left;">
<b><span style="font-weight: normal;"><span style="color: #073763;"><i> Switch(config)#int range fa0/3-24, gi1/1-2</i></span></span></b></div>
<div style="text-align: left;">
<b><span style="font-weight: normal;"><span style="color: #073763;"><i>Switch(config-if-range)#shutdown</i></span></span></b></div>
<div style="text-align: left;">
<b><span style="font-weight: normal;"><span style="color: #073763;"><i>%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to administratively down</i></span></span></b></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<b><span style="font-weight: normal;"><span style="color: red;">2.-</span>We will check the ip address of the PCs and ping one to another.That way packe</span></b><span style="font-weight: normal;">t tracert can read the mac address</span><b><span style="font-weight: normal;"><br /></span></b></div>
<div style="text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<b><i><b><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjssR7zS9lI12M7w9YV_ILI233OIQxJEoVxM3kn_Jwt8EAxrYKu55vy_CAB-sHZdgMHLyJPY6mcil3P0cvbRuqmsrkD3eSqTrP3-T5JEk-rVt78kCN6ITUuCmwq2tObTbdedDuy96umjLzn/s1600/ccnp310.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="308" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjssR7zS9lI12M7w9YV_ILI233OIQxJEoVxM3kn_Jwt8EAxrYKu55vy_CAB-sHZdgMHLyJPY6mcil3P0cvbRuqmsrkD3eSqTrP3-T5JEk-rVt78kCN6ITUuCmwq2tObTbdedDuy96umjLzn/s400/ccnp310.png" width="400" /></a></b></i></b></div>
<b><i> </i></b><br />
<h3 style="text-align: left;">
<span style="font-weight: normal;"><span style="color: red;">3.-</span>We will verify the port security and the learned MAC address</span></h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUn-Rr5FLN3EXRyJ2VHrhaYJDabuwuPnzXDJ6KeKdEyQsPxTMyYk1QGEzguo0IMPwhEy6yCbZ0Bow80faEcupcWPzrP3rEwPMU7vLVt0q_xr0cnT7BxO6DQU5Hw9jVj73aysQhniIFDZl9/s1600/ccnp311.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUn-Rr5FLN3EXRyJ2VHrhaYJDabuwuPnzXDJ6KeKdEyQsPxTMyYk1QGEzguo0IMPwhEy6yCbZ0Bow80faEcupcWPzrP3rEwPMU7vLVt0q_xr0cnT7BxO6DQU5Hw9jVj73aysQhniIFDZl9/s400/ccnp311.png" width="385" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2YqC_MH5qluT1xV86LvzDODNSKfvlZgfNvHLDQNT9d2SIbxy34oPvJuTk2Yj20QRCE2nib_oFwSn3BjEMaG4NUopPKV0Vqudh_O9z2k66hFJ1UwXbuZ3AI59hckoployqWYf428mMZLo5/s1600/ccnp311.png" style="margin-left: 1em; margin-right: 1em;"><br /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyq5Y5dD0XmDLE-uO5oQz8Okmpsr7Wg_bqZWyCqPhatOMowJOvJySAhsF-nYnkxFBlnAxzslfLuvNVwC3mFDWK9VVgIJh9gi14n_Ye_Gno08NbUkprb9y67LErBPUcDt13qlDmfFVAgUf7/s1600/ccnp312.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="317" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyq5Y5dD0XmDLE-uO5oQz8Okmpsr7Wg_bqZWyCqPhatOMowJOvJySAhsF-nYnkxFBlnAxzslfLuvNVwC3mFDWK9VVgIJh9gi14n_Ye_Gno08NbUkprb9y67LErBPUcDt13qlDmfFVAgUf7/s320/ccnp312.png" width="320" /></a></div>
</td><td style="text-align: center;"><div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8jYOxYpTvBkQHwuVUxB-Ivo1wVWbMHENkHInB5fauR34N5VxzbRQkA4hdjRZ0hlH8_eK4YcwAAhVjTDr5wiuw9O_w70ssGuCa0uu0cwiW-5a2PlrwhqyqOy_khVlxV91KWdcahKuuXopq/s1600/ccnp311.png" style="margin-left: 1em; margin-right: 1em;"><br /></a></div>
<h3 style="text-align: left;">
<span style="font-weight: normal;"><br /></span></h3>
<h3 style="text-align: left;">
<u><span style="color: #660000;"><b><br /></b></span></u></h3>
<h3 style="text-align: left;">
<u><span style="color: #660000;"><b><br /></b></span></u></h3>
</td></tr>
<tr><td><br /></td><td><br /></td></tr>
<tr><td><br /></td><td><br /></td></tr>
<tr><td><br /></td><td><br /></td></tr>
<tr><td><br /></td><td><br /></td></tr>
<tr><td> </td><td><span style="color: red;">4.- </span> A)We will attach a rogue laptop and check how the connection becomes red.<br />
B)Eventually we will enable the port and will ping pc0.<br />
C)We will end shutting down the port again<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1KSTnZ4v0QTZU09opXu7kJtFZRm83XiL_t8My-bhICGGFg3hWDOtPaCrimRx6Ya2p69woGgNFZVln1R4eSMmiSp-IXwnuCxaggVcMvQY1UbgHopa02rFPKjMZRvK6iYEXcsUCEJyJwg2J/s1600/ccnp313.png" style="margin-left: 1em; margin-right: 1em;">A)<img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1KSTnZ4v0QTZU09opXu7kJtFZRm83XiL_t8My-bhICGGFg3hWDOtPaCrimRx6Ya2p69woGgNFZVln1R4eSMmiSp-IXwnuCxaggVcMvQY1UbgHopa02rFPKjMZRvK6iYEXcsUCEJyJwg2J/s200/ccnp313.png" width="198" /></a></div>
<br /></td></tr>
<tr><td><br /></td><td><div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCFKLXXi8QhZ1DVI3pb0Wd6Lwu3AWInPaGSo-vVwJ-qUXIu6y6TL-SZGxnjlVb9Ud7uxWjfZpMJHg1kLqNjNzIfPBUe3dfH1ZDZ2xvdIKxXMbZ4p12up80h_-3KSOmRMhcpyqpk7N3B1pT/s1600/ccnp315.png" style="margin-left: 1em; margin-right: 1em;">B)<img border="0" height="177" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCFKLXXi8QhZ1DVI3pb0Wd6Lwu3AWInPaGSo-vVwJ-qUXIu6y6TL-SZGxnjlVb9Ud7uxWjfZpMJHg1kLqNjNzIfPBUe3dfH1ZDZ2xvdIKxXMbZ4p12up80h_-3KSOmRMhcpyqpk7N3B1pT/s640/ccnp315.png" width="640" /></a></div>
<br /></td></tr>
<tr><td><br /></td><td><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvxs7YduLLg35ZfcAwHwhoeFVN52MaUyYUNZbvk5j5RvV06c2OHOfvIGhGrbi_qZ2RtMG1mOe9JozBJgS8da6TQEwv8ejVWZKi4aSSWukE53giE6q3PLLsrpUITk-JgWdiPem2K_hxJ76n/s1600/ccnp316.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="252" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvxs7YduLLg35ZfcAwHwhoeFVN52MaUyYUNZbvk5j5RvV06c2OHOfvIGhGrbi_qZ2RtMG1mOe9JozBJgS8da6TQEwv8ejVWZKi4aSSWukE53giE6q3PLLsrpUITk-JgWdiPem2K_hxJ76n/s320/ccnp316.png" width="320" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_5Ua8XDGnK5q3najaZEFvO8dI5ejICeIRqSVWrtxokjqm4X5RZTHyh7uS77mVEZwz9WNMw3-04JmEAKqMmcV1eXp6UpFVGrLqEVo4J4zjxX9nwhhHb6La6wUjK46ZmKsO9lg_MnAvKJqX/s1600/ccnp316.JPG" style="margin-left: 1em; margin-right: 1em;">C)<img border="0" height="203" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_5Ua8XDGnK5q3najaZEFvO8dI5ejICeIRqSVWrtxokjqm4X5RZTHyh7uS77mVEZwz9WNMw3-04JmEAKqMmcV1eXp6UpFVGrLqEVo4J4zjxX9nwhhHb6La6wUjK46ZmKsO9lg_MnAvKJqX/s640/ccnp316.JPG" width="640" /></a></div>
<br />
Now the connection turns red again<br />
<br />
<span style="color: red;">5.- </span>We
will disconnect pc1 and in the previous port fa0/2 we will connect the
laptop.From laptop ping pc0.Them show it's port security<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidjg9Z3eDMJk9r8xIjwk_JplXTxr6wS4ia3tU_zCA3h60xqfsabNJ3az9xSBSWssJdNLcEHdc7mar_HA8X8aQYDr4MWI_ZzIpSWOlMPdUm7Zz8XWuykBoyfExkqC3FXa7p9h2PRV0EyAl2/s1600/ccnp317.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="187" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidjg9Z3eDMJk9r8xIjwk_JplXTxr6wS4ia3tU_zCA3h60xqfsabNJ3az9xSBSWssJdNLcEHdc7mar_HA8X8aQYDr4MWI_ZzIpSWOlMPdUm7Zz8XWuykBoyfExkqC3FXa7p9h2PRV0EyAl2/s200/ccnp317.png" width="200" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdG8x7GXKKmefc0oywkmKcZmL3tF-aK4mn4mSKWGN6WBGrbTpVlywGj-B2ry2buDGy94AOE-P0ySaDkzSWKxnZ1h3qrgOgvEQ8fRdzedsxQ0ye72qLWDQqvsO7EEJXkkNA46MKqinOakD_/s1600/ccnp320.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="214" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdG8x7GXKKmefc0oywkmKcZmL3tF-aK4mn4mSKWGN6WBGrbTpVlywGj-B2ry2buDGy94AOE-P0ySaDkzSWKxnZ1h3qrgOgvEQ8fRdzedsxQ0ye72qLWDQqvsO7EEJXkkNA46MKqinOakD_/s320/ccnp320.png" width="320" /></a></div>
<br /></td></tr>
<tr><td><br />
<br />
<br /></td><td>The ping failed
because there is a breach in the port security of port fa0/2, in that
port only can be used pc1 with it's proper MAC address<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4QDjE_huMHhvphw6WJRvdlU5dJJKJQfKJvVf5oQCAbwJWuDOpxwy-6ExnWvxlIxDuPoA5SmYbpxlJukxHejAlyPzdMagqtGMndm08cAxgKglhcgC850aNhzUICe6t5aP8MSXzXRMc7HKM/s1600/ccnp319.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4QDjE_huMHhvphw6WJRvdlU5dJJKJQfKJvVf5oQCAbwJWuDOpxwy-6ExnWvxlIxDuPoA5SmYbpxlJukxHejAlyPzdMagqtGMndm08cAxgKglhcgC850aNhzUICe6t5aP8MSXzXRMc7HKM/s320/ccnp319.png" width="320" /></a></div>
Four times violation of security in ping..the same in security violation count<br />
<br />
<span style="color: red;">6.-</span> Now we will disconnect the rogue laptop and we will connect again the PC1.From there we will ping pc0<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPez5LBqaq0m65h0Vs-GI-yrG_ZEezuPwfc0umxJUl3GAXdLWTN6IzffQAN0b12FTDRsEGrJlZZbPKNQ3PKBjqvb2O5Eu7wXj2G6ORMgL9ICTGXz1t1foPFTDRB5TT2ynfE2K0TUUk2-Di/s1600/ccnp321.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPez5LBqaq0m65h0Vs-GI-yrG_ZEezuPwfc0umxJUl3GAXdLWTN6IzffQAN0b12FTDRsEGrJlZZbPKNQ3PKBjqvb2O5Eu7wXj2G6ORMgL9ICTGXz1t1foPFTDRB5TT2ynfE2K0TUUk2-Di/s1600/ccnp321.png" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8AogYEf-64UJgdjQ6Q2kv0hgQxIjJaJexo97pXBWUSCy5CPshOUNnke8sEOTW_R9NNpQQT9-6yfSvHZBqQFEQVLZvJ6QkG1O1nXi3Y1LoAjyJiX-ryqIqH33bdj0_vTr1WvY4_AVc8LMY/s1600/ccnp322.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="246" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8AogYEf-64UJgdjQ6Q2kv0hgQxIjJaJexo97pXBWUSCy5CPshOUNnke8sEOTW_R9NNpQQT9-6yfSvHZBqQFEQVLZvJ6QkG1O1nXi3Y1LoAjyJiX-ryqIqH33bdj0_vTr1WvY4_AVc8LMY/s320/ccnp322.png" width="320" /></a></div>
<br />
<br />
<br />
The reason pc1 can ping pc0 is that in this case,Switch learned only ONE mac address in fa0/2: the one from PC1<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf9VGNmS0a5EUNpRjLp6k764POJbfqy6khTRLtlUwKv_vpmPmEb6XPUidRBOPYb_prAXBDZLEkqCmCOq4U1jN1puna_9KTlPu2qwbR3S_bmYFRnph00LEcoAvrtfRqL2YQoH7nMa_oUwb0/s1600/ccnp324.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="197" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf9VGNmS0a5EUNpRjLp6k764POJbfqy6khTRLtlUwKv_vpmPmEb6XPUidRBOPYb_prAXBDZLEkqCmCOq4U1jN1puna_9KTlPu2qwbR3S_bmYFRnph00LEcoAvrtfRqL2YQoH7nMa_oUwb0/s320/ccnp324.png" width="320" /></a></div>
We want to confirm that it was learned dynamically:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCloxnfPe_8CPEp7dWgcydncpGQ2HsbqRS3bahrIOQtbVpw5L7O86o6zIdQyXD4ekS9W53BtYOKLmGuEs93jc2FaG2kPN7PEV7SN6L3jggPWYiKIOkMJ4XuN9wQsZ-WsHB2c1x7YgHmEej/s1600/ccnp323.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="146" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCloxnfPe_8CPEp7dWgcydncpGQ2HsbqRS3bahrIOQtbVpw5L7O86o6zIdQyXD4ekS9W53BtYOKLmGuEs93jc2FaG2kPN7PEV7SN6L3jggPWYiKIOkMJ4XuN9wQsZ-WsHB2c1x7YgHmEej/s400/ccnp323.png" width="400" /></a></div>
<br />
<br />
But
what happens if you allow multiple secure MAC Address on a port , and
you statically configure a few without hitting the maximum.Let's find
out on port fa0/2 , where I will allow three addresses to be
considered secure while configuring two static secure address<br />
<br />
<span style="color: #073763;"><i><b>Switch#conf t<br />Enter configuration commands, one per line. End with CNTL/Z.<br />Switch(config)#int fa0/2<br />Switch(config-if)#switchport port-security<br />Switch(config-if)#switchport port-security maximum 3</b></i></span><br />
<span style="color: #073763;"><i><b>Switch(config-if)#switchport port-security mac-address aaaa.bbbb.cccc</b></i></span><br />
<i><b><span style="color: #073763;">Switch(config-if)#switchport port-security mac-address aaaa.aaaa.aaaa</span></b></i><br />
<br />
Now we will ping fa0/2 and go back to the switch to check it's port security<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg09tQTQI7hdJ82ZXTJ9HkwJqqKLgTo9eg1naATR3om1-ViKTXhcHMTaLDumY9TydRnsxjJt4ufGGnvL7Om3fHicg9oMjTZd6D_RuilrPwqQNyaliJgxx9Pur6ezfQ9wt-c7qzhxpRPoPOC/s1600/ccnp329.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="154" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg09tQTQI7hdJ82ZXTJ9HkwJqqKLgTo9eg1naATR3om1-ViKTXhcHMTaLDumY9TydRnsxjJt4ufGGnvL7Om3fHicg9oMjTZd6D_RuilrPwqQNyaliJgxx9Pur6ezfQ9wt-c7qzhxpRPoPOC/s320/ccnp329.png" width="320" /></a></div>
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh890AvxthTyw2LDchgw-UwHKBiIoCrLaoRlNkPCZtHpn8bg0PZKi1-Jk9AsAV3QeVRB4yS0tyolG5QavyBrGVx9HEIAZotBYHIzAzKN3M8Ybbz-P9kAPou_keUnvxU9kpoLx6paD2hneXq/s1600/ccnp328.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="217" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh890AvxthTyw2LDchgw-UwHKBiIoCrLaoRlNkPCZtHpn8bg0PZKi1-Jk9AsAV3QeVRB4yS0tyolG5QavyBrGVx9HEIAZotBYHIzAzKN3M8Ybbz-P9kAPou_keUnvxU9kpoLx6paD2hneXq/s640/ccnp328.png" width="640" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAt0Kk2Zk4ZZyRNru5g2hfgpfCMiPjksgsl_XtYG5qwbAQsgsjW29LejuQG4ku1Jwn5TvhJbZ5dhSDOp7firgsSUS1OqmviowjfNo9YSBi5SlpZ9vzKQsm_s92_8WT-PcMDHU2xLDGvxjQ/s1600/ccnp331.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="328" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAt0Kk2Zk4ZZyRNru5g2hfgpfCMiPjksgsl_XtYG5qwbAQsgsjW29LejuQG4ku1Jwn5TvhJbZ5dhSDOp7firgsSUS1OqmviowjfNo9YSBi5SlpZ9vzKQsm_s92_8WT-PcMDHU2xLDGvxjQ/s640/ccnp331.png" width="640" /></a></div>
<br />
<br />
We see three entries for fa0/2 , two of them statically configured and one of them dynamically learned<br />
<br />
So far this lab was successful!<br />
<br />
<b> Please comment and share thanks for watching this lab!</b></td></tr>
</tbody></table>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAt0Kk2Zk4ZZyRNru5g2hfgpfCMiPjksgsl_XtYG5qwbAQsgsjW29LejuQG4ku1Jwn5TvhJbZ5dhSDOp7firgsSUS1OqmviowjfNo9YSBi5SlpZ9vzKQsm_s92_8WT-PcMDHU2xLDGvxjQ/s1600/ccnp331.png" style="margin-left: 1em; margin-right: 1em;"></a>ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-72249029603523428282016-08-04T16:49:00.001-07:002016-11-14T08:45:51.104-08:00Errdisable Concept<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8tMlakqZ_2PcvMIQ3GqunEe3NqIB1UuoB2ksbpuW0xi9yjvaIyrojw6o5cjgBNW9xM3KjCoe8__K5rNF25FG-T8w-QN4YT4gTgAXoZg-PqrR7H6TrnZPvTRwz66tnWy6PnOjDUgwDq-la/s1600/ccnp308.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8tMlakqZ_2PcvMIQ3GqunEe3NqIB1UuoB2ksbpuW0xi9yjvaIyrojw6o5cjgBNW9xM3KjCoe8__K5rNF25FG-T8w-QN4YT4gTgAXoZg-PqrR7H6TrnZPvTRwz66tnWy6PnOjDUgwDq-la/s320/ccnp308.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
The <i>errDisable status</i> is the feature utilized by Cisco Catalyst
switches that is designed to protect the network from issues resulting
from switch misconfiguration and other errors in our network.<br />
<br />
The
errDisable status describes a port that has been shut down by the switch
operating system due to an error being detected on the port. Once a
port is placed into the errDisable state, an administrator must manually
re-enable the port.<br />
This feature is reserved for errors that might
seriously jeopardize the stability of the switch or the entire LAN
network.<br />
<br />
You, as an adminsitrator, can also configure Cisco Catalyst switches to automatically enable errDisabled ports after a configurable timer expires<br />
<br />
Let's see them in action<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirJCUHn8l6M4f1Zu4BtCHpxQyiVjXdeI9Fx6pAjG3ufireRxCKJyzUFBdcGyzEceLSXbuj30DCvkekcGT8UCTaCeTc1SenflCecF27uZZtDKAwphmIfWp8wW-IZ3AT4-Q6NUT2dHx9sVWI/s1600/ccnp309.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="505" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirJCUHn8l6M4f1Zu4BtCHpxQyiVjXdeI9Fx6pAjG3ufireRxCKJyzUFBdcGyzEceLSXbuj30DCvkekcGT8UCTaCeTc1SenflCecF27uZZtDKAwphmIfWp8wW-IZ3AT4-Q6NUT2dHx9sVWI/s640/ccnp309.png" width="640" /></a></div>
<br />
<br />
<h4>
Troubleshooting Steps</h4>
As with any problem that you might try to solve, you should take
clear troubleshooting steps, depending on the issue you are trying to
tackle. The following describes each of the troubleshooting steps you
should take when trying to determine the cause of the errDisable state
of a port:<br />
<ol>
<li>Determine an issue exists</li>
<li>Determine why the port(s) were disabled</li>
<li>Resolve the issue(s)</li>
<li>Re-enable the port(s)</li>
</ol>
<br />
So let's do an exercise :The first part in green we are doing a port-security configuration, the second part in yellow we are applying an errdisable recovery interval .I will set it to 30 seconds for our lab ( the default is 300 seconds)<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdaNsCdcHgprpLDakIn4Y8f9N1Jm4yj7Q__-hNKLrG6trKqvvG30KpPKqe3CfdNsU5zY_RarY-FdWDRT86BBpIrwrwC2rsA8zk4KYb44Ry8Kh61LPYxdUpC_DZMYt2NLHOE078MhZSLkRx/s1600/exam.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdaNsCdcHgprpLDakIn4Y8f9N1Jm4yj7Q__-hNKLrG6trKqvvG30KpPKqe3CfdNsU5zY_RarY-FdWDRT86BBpIrwrwC2rsA8zk4KYb44Ry8Kh61LPYxdUpC_DZMYt2NLHOE078MhZSLkRx/s200/exam.png" width="200" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDiI4tdf8dGIu8_WiAhUMoEGds-H6fMEBD4zrZhmMGGeH0x1JHFvyBa5N31DAUpsJF_M-fw4RgkBABR7UKyoJhgaNhjFJRrlUbQ7rH4q1UAcbn3xezpp0nNM9TXowSMf5QKV2arbchHHbf/s1600/ccnp312.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="619" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDiI4tdf8dGIu8_WiAhUMoEGds-H6fMEBD4zrZhmMGGeH0x1JHFvyBa5N31DAUpsJF_M-fw4RgkBABR7UKyoJhgaNhjFJRrlUbQ7rH4q1UAcbn3xezpp0nNM9TXowSMf5QKV2arbchHHbf/s640/ccnp312.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
Now let see what happens when we connect a cable from your computer to that port<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIp_PKOI1vMpBCVe4-npSw1kvFele2vJFaEOR6YH8e-7bHXZZnOkcjy9ZXNFhU-ebXlz7Yg118TYYl-ceovzZt_k_2ca7piQzvPjFJHwtzTnDuRymVXSO_JpeuMBpMq_vn2LiNjwwJUxf-/s1600/ccnp315.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="403" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIp_PKOI1vMpBCVe4-npSw1kvFele2vJFaEOR6YH8e-7bHXZZnOkcjy9ZXNFhU-ebXlz7Yg118TYYl-ceovzZt_k_2ca7piQzvPjFJHwtzTnDuRymVXSO_JpeuMBpMq_vn2LiNjwwJUxf-/s640/ccnp315.png" width="640" /></a></div>
<br />
<br />
Beisdes that three things happens:<br />
<ul>
<li>Port LED changes color from green to orange</li>
<li>Loss of functionality in the network</li>
<li>Notification via network management systems </li>
</ul>
<br />
<br />
...and 30 seconds later , the port begin to come out of that err-disable state..:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcp-flzjJa1H-NPE9_RLjdMXsQQ4FRWJnNjVcndlHZQoR6uvczL2P-C5nbzewR86kDkujj8a17lVt7MR28trPi-OqI0Ivnv_F_vphWF5T44L5sy3nn9ZMIJSgB7e_WGOkKYL7lIJsCZ8am/s1600/ccnp318.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="120" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcp-flzjJa1H-NPE9_RLjdMXsQQ4FRWJnNjVcndlHZQoR6uvczL2P-C5nbzewR86kDkujj8a17lVt7MR28trPi-OqI0Ivnv_F_vphWF5T44L5sy3nn9ZMIJSgB7e_WGOkKYL7lIJsCZ8am/s640/ccnp318.png" width="640" /></a></div>
<br />
Them, you should go to fa0/41 , disconnect the cable and disable port security so it wouldn't be bouncing from errdisable state forever (in green the commands , in yellow the results)!<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7RfXryF5TqmbYFzEHf9Es0NoT9OI5PwKe1rH5uf7HVXw6gDkEEdTnf6JugjDU2DvAzQx1byOz8ezrix8ut1h2MEhaSGXJWxuh4rXjidPV5qQavn4O09rO99c1N9FroydCGHcDvmZSNLqe/s1600/ccnp320.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="176" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7RfXryF5TqmbYFzEHf9Es0NoT9OI5PwKe1rH5uf7HVXw6gDkEEdTnf6JugjDU2DvAzQx1byOz8ezrix8ut1h2MEhaSGXJWxuh4rXjidPV5qQavn4O09rO99c1N9FroydCGHcDvmZSNLqe/s640/ccnp320.png" width="640" /></a></div>
.<br />
<b>This lab was successful ! Thanks for watching and please share!</b><br />
<br />ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-25818310027562051742016-08-02T13:56:00.001-07:002016-10-24T13:50:21.907-07:00Switch Security<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhR96RYpsTsEUvMPsVn7LgV5CNfJg0T9txv7lKLW7pPYvSncGUk64uZDlP3R-50cEI3WghuFPBb08P1ljQNe6WDxcw5AD5HeRUEv_K2yByLKOSmXiQqGmUBx817zivYjInpatg9RjJHevSY/s1600/ccnp324.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4WbBTRTAb_E9-_eMgtEGoNioZWqjMw30UPWIe11CxImKC_cy9GSR5nuBpKtJ_epAQh4lA1timK8TJDCIv8yFuhBUP15C8dkxwHD_y7hbm3sO1bPi3V9M5Ja9t3Arx38dLn-aeNV5vOCdP/s1600/ccnp324.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9WluaQJ0SLkwpL4Y4By4sOXBumgfv1kp3rH4N5wUNhJcy-T0MIAZd5xAi14xaBs9YnlCTZKPEfTQzutNOhxyRuFEpQWaZpvXkYDEIBSUuiPRTAVWo3cALmmraiQNlvjMs6eyILlXJj_LU/s1600/ccnp302.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeKOgmoefWtnG-u4SgqI8nGesqOBLqAat6GjGrmkTOKu0AkPktwX30KmCgaSM9xwGO3zaqs3-H4dqcRFBVF8EYNGRsM9J5oVhIR_qtOaeVX3Womoa7cRicRlKqei4H5ZRY5yT_eq_Bnl3M/s1600/ccnp306.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeKOgmoefWtnG-u4SgqI8nGesqOBLqAat6GjGrmkTOKu0AkPktwX30KmCgaSM9xwGO3zaqs3-H4dqcRFBVF8EYNGRsM9J5oVhIR_qtOaeVX3Womoa7cRicRlKqei4H5ZRY5yT_eq_Bnl3M/s320/ccnp306.png" width="320" /></a></div>
<div class="articleTools clearfix box">
<br />
<div class="pagination">
<span class="paginationLocation"><span class="pagination-bold"><br /></span><span class="pagination-nodisplay"></span></span>
</div>
</div>
An important
part of securing our network involves the layer 2 parts of
the network, specifically the switches. Many people think of attacks originating from outside and tend to ignore
the security vulnerabilities that can be exploited with switches, but these
devices are just as vulnerable as high layer devices but are just
attacked in different ways.<br />
<br />
These attackes are usually an inside job , an originated from seemingly innocent sources like DHCP , ARP CDP, telnet, etc.<br />
The attacker’s goal is to become the Man-In-The-Middle, with a naive
user sending packets to the attacker as if it were a router.
The attacker can glean information from the packets sent to it before it
forwards them normally. In this post<br />
<br />
<br />
<br />
This switch security section check on t these potential
threats and at the different configurations that can be
used to avoid them.We will do this in packet tracert so you can graphically understand what we are doing and with real equipment as well the ones not available through PT.<br />
<br />
<br />
In this post I’ll describe different security features of Cisco Catalyst switch :<br />
<ol>
<li><b>DHCP Snooping</b><b> </b></li>
<li><b>Errdisable Concept </b></li>
<li><b>Port Security</b></li>
<li><b>Dot1x port-based authentication </b></li>
<li><b> </b><b>Storm Control</b></li>
<li><b>Span (In the "Switch Features "section of this blog) </b></li>
<li><b> </b><b>IP Source Guard </b></li>
<li><b> </b><b>Private VLAN</b></li>
<li><b> </b><b>Dynamic ARP Inspection</b></li>
</ol>
<br />
These security features will prevent certain types of malicious attacks and will enhance your network security..<br />
<br />
We invite everyone to try these labs in their home to improve your switch security skills.. <br />
<br />
<br />
<br />
<table class="table table-bordered table-hover"><tbody>
<tr class="cnn_table_header"><td style="text-align: center;"><br /></td><td style="text-align: center;"><br /></td><td style="text-align: center;"><br /></td></tr>
<tr><td><br /></td><td><br /></td></tr>
<tr><td><br /></td><td><br /></td></tr>
<tr><td><br /></td><td><br /></td></tr>
<tr><td><br /></td><td><br /></td></tr>
<tr><td><br /></td><td><br /></td></tr>
<tr><td><br /></td><td><br /></td></tr>
<tr><td><br /></td><td><br /></td></tr>
<tr><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td><td><br /></td></tr>
</tbody></table>
<ul>
</ul>
ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0tag:blogger.com,1999:blog-1228061389380024721.post-48747851393073277012016-05-12T17:59:00.001-07:002017-11-01T10:41:58.203-07:00FHRP<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4xny_qg-xLrh9o1kluNgyAWzKcKVeRRQHx6UkVw7SOhJktJ1SIiVA-V_4Ypy1Z4fPOaMUXt43N0O4R_eu621sFv1Fbv6qNGdUWOZFcaghrtt5lLV-lo_8sIvOmKfS9ezZrUzr9FgExK6k/s1600/test426.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="311" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4xny_qg-xLrh9o1kluNgyAWzKcKVeRRQHx6UkVw7SOhJktJ1SIiVA-V_4Ypy1Z4fPOaMUXt43N0O4R_eu621sFv1Fbv6qNGdUWOZFcaghrtt5lLV-lo_8sIvOmKfS9ezZrUzr9FgExK6k/s400/test426.png" width="400" /></a></div>
<br />
<br />
<br />
<b><span style="color: purple;">First Hop Redundancy protocols</span> </b>will allow default gateway redundancy, meaning, having more than one default gateway enabled, in the event of a router failure there’s a backup device that will kick in and almost transparently to users, continue to forward traffic to remote networks, thus avoiding the situation of isolation<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmKH_-wBZi4EGYeImRQbSlnc78yjhORHkGf4p3xDuAtI43K3k8HGgbdjVA4wrnktu3b3O8QPx_9hp0lXeQ_jcL5PStKnGlyd_h4ocW2d3C36XqhU-VSKc48tRO0gl2gzylX0wUAWgEpH31/s1600/test377.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmKH_-wBZi4EGYeImRQbSlnc78yjhORHkGf4p3xDuAtI43K3k8HGgbdjVA4wrnktu3b3O8QPx_9hp0lXeQ_jcL5PStKnGlyd_h4ocW2d3C36XqhU-VSKc48tRO0gl2gzylX0wUAWgEpH31/s400/test377.png" width="400" /></a></div>
A <span style="color: red;"><b>first hop redundancy protocol (FHRP)</b></span> is a computer networking protocol which is designed to protect the default gateway used on a subnetwork by allowing two or more routers to provide backup for that address; in the event of failure of an active router, the backup router will take over the address, usually within a few seconds.<br />
In fact, such protocols can also be used to protect other services like layer 3 switches as well ,operating on a single IP address<br />
<br />
We will talk about 3 types of protocols:<br />
<br />
<ul>
<li><span style="color: #274e13;"><b>Hot Standby Router Protocol (HSRP)</b></span> - Cisco's initial, proprietary standard</li>
<li><b><span style="color: #274e13;">Virtual Router Redundancy Protocol (VRRP)</span></b> - an open standard protocol</li>
<li> <span style="color: #274e13;"><b>Gateway Load Balancing Protocol (GLBP) </b></span>- a more recent proprietary standard from Cisco that permits load balancing as well as redundancy </li>
</ul>
<br />
<span style="color: purple;"><b>Hot Standby Router Protocol (HSRP)</b></span> is a Cisco-proprietary redundancy protocol for establishing a fault-tolerant default gateway. It is described in RFC 2281. HSRP provides a transparent failover mechanism to the end stations on the network. This provides users at the access layer with uninterrupted service to the network if the primary gateway becomes inaccessible.<br />
<br />
<br />
The<b> <span style="color: purple;">Virtual Router Redundancy Protocol (VRRP)</span> </b>is a standards-based alternative to HSRP and is defined in RFC 3768. The two technologies are similar but not compatible.<br />
<br />
The main disadvantage of HSRP and VRRP is that only one gateway is elected to be the active gateway and used to forward traffic while the rest are unused until the active one fails.<span style="color: purple;"><b> </b></span><br />
<span style="color: purple;"><b>Gateway Load Balancing Protocol (GLBP)</b></span> is a Cisco proprietary protocol and performs the similar function to HSRP and VRRP but it supports load balancing among members in a GLBP group.<br />
<ul>
</ul>
We will explain each one in the next articles.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidJg3YK5dRZV_0d7bOHIRpQtQFn6_Y_h2NKE_tyJ9fKcmlKoD8f9a6AdqFamPN0uygbOmtYD504VstChGxCOtLXKsDa7ZrOdy0xoenOxbe9QOGQ1xYYshMSx79tAaxjRSOUwm4zYqG8iS6/s1600/hsrp.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="878" data-original-width="884" height="634" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidJg3YK5dRZV_0d7bOHIRpQtQFn6_Y_h2NKE_tyJ9fKcmlKoD8f9a6AdqFamPN0uygbOmtYD504VstChGxCOtLXKsDa7ZrOdy0xoenOxbe9QOGQ1xYYshMSx79tAaxjRSOUwm4zYqG8iS6/s640/hsrp.png" width="640" /></a></div>
<br />ohhhvictorhttp://www.blogger.com/profile/17581129164182280657noreply@blogger.com0