- Broadcast : This network type uses 224.0.0.5 and 224.0.0.6, DR/BDR election is done between the neighbors.
- Point-to-point: This network type uses multicast address 224.0.0.5 and no DR BDR election is performed between the neighbors
- Point-to-Multipoint: This network type uses multicast address 224.0.0.5 and no DR BDR election is performed between the neighbors. Hosts installs /32 routes for the endpoints.
- Non-Broadcast: This network type used unicast instead of multicast. Neighbors needs to be defined statically and DR/BDR elections is done.
- Point-to-Multipoint Non Broadbcast: Attributes of both Point-to-multipoint and Non-broadcast networks.
Saturday, June 23, 2012
OSPF Network Types
Friday, June 15, 2012
Dynamic IP Address assignment using FreeRadius IP POOL or radippool table
The following steps needs to be performed to configure a user for dynamic IP configuration setup.
- Add username/password to “radcheck” table.
- Map user to relevant dynamic user group in “radusergrop” table
- Map the dynamic user group to “Pool-Name” attribute’s value in “radgroupcheck” table
- Populate “radippool” table with the dynamic IP addresses and the relevant pool name.
- Example:
Configure a dynamic IP user setup for 254 users. Following data will be used for our example; Username: foo@domain Groupname: dynamic_test Pool-Name: dynamic_pool IP range: 10.10.10.1/24 First start with adding the user "foo@domain” to “radcheck” table.
- Map user “foo@cerbereus" to the group “dynamic_test” in the “radusergroup” table, e.g.
Username: Groupname : Priority foo@cerberus: dynamic_test : 1
- Map the dynamic user group (dynamic_test) to Pool-name attributes in “radgroupcheck” table.
Groupname: attribute : op : Value Dynamic_test: Pool-Name : := : dynamic_pool
- Add the IP addresses into the “radippool” table, as:
Pool_name : Framedipaddress Dynamic_pool: 10.10.10.1 Dynamic_pool: 10.10.10.2
Thursday, June 14, 2012
Monday, June 11, 2012
Packet Sniffer on Fortigate Firewall
There was always been an embedded packet capture in Fortigate CLI which can be accessed using below command:
diagnose packet sniffer [filters] [level]
e.g
diagnose packet sniffer wan1 'icmp and host 10.10.10.1' 4
Now in FortiOS 4.0 MR3, Fortinet has incorporated packet sniffer on GUI which can be accessed to set up a capture and download the PCAP file as well for further analysis.
you may see the faded options available with it and below is the capture settings;
It can be used for real time troubleshooting and works like a charm..!!
diagnose packet sniffer
e.g
diagnose packet sniffer wan1 'icmp and host 10.10.10.1' 4
Now in FortiOS 4.0 MR3, Fortinet has incorporated packet sniffer on GUI which can be accessed to set up a capture and download the PCAP file as well for further analysis.
you may see the faded options available with it and below is the capture settings;
It can be used for real time troubleshooting and works like a charm..!!
Sunday, June 10, 2012
Cisco ADSL PPPoE Sample Configuration
service timestamps debug datetime msec
service timestamps log datetime msec
vpdn enable no vpdn logging vpdn-group pppoe request-dialin protocol pppoe
!--- These commands are needed only on Cisco IOS Software earlier than than 12.2(13)T.
!
!
ip subnet-zero
!
!--- For DHCP:
ip dhcp excluded-address
ip dhcp pool
network
default-router
dns-server
!
interface ethernet0
no shut
ip address
ip tcp adjust-mss 1452
!--- If the ip tcp adjust-mss 1452 command is not supported, try this !--- configuration statement: ip adjust-mss 1452. If this command is not !--- supported in your current Cisco DSL Router software release, upgrade to the !--- latest Cisco DSL Router software or follow the procedure in the !--- "Possible Required Configuration Steps on the PC" section of this document.
!--- For NAT:
ip nat inside
no ip directed-broadcast
!
interface atm0
no ip address
bundle-enable
dsl operating-mode auto
!
interface atm0.1 point-to-point
no ip address
no ip directed-broadcast
no atm ilmi-keepalive
pvc
pppoe-client dial-pool-number 1
!--- Common PVC values supported by ISPs are 0/35 or 8/35. !--- Confirm your PVC values with your ISP.
!
!
interface dialer1
ip address
mtu 1492
!--- For NAT:
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap hostname
ppp chap password
ppp pap sent-username password
!
!--- For NAT:
ip nat inside source list 1 interface dialer1 overload
!--- If you have a pool (a range) of public IP addresses provided !--- by your ISP, you can use a NAT Pool. Replace !--- ip nat inside source list 1 interface dialer1 overload
!--- with these two configuration statements: !--- ip nat inside source list 1 pool overload
!--- ip nat pool
!--- netmask
!--- If Internet users require access to an internal server, you can !--- add this static NAT configuration statement: !--- ip nat inside source static tcp {80 or 25}
!--- {80 or 25} extendable
!--- Note: TCP port 80 (HTTP/web) and TCP port 25 (SMTP/mail) are used
!--- for this example. You can open other TCP or UDP ports, if needed.
!
ip classless
ip route 0.0.0.0 0.0.0.0 interface dialer1
!--- For NAT:
access-list 1 permit
!--- In this configuration, access-list 1 defines a standard access list !--- that permits the addresses that NAT translates. For example, if !--- your private IP network is 10.10.10.0, configure !--- access-list 1 permit 10.10.10.0 0.0.0.255 in order to allow NAT to translate !--- packets with source addresses between 10.10.10.0 and 10.10.10.255.
!
end
Source : Cisco.com
service timestamps log datetime msec
vpdn enable no vpdn logging vpdn-group pppoe request-dialin protocol pppoe
!--- These commands are needed only on Cisco IOS Software earlier than than 12.2(13)T.
!
!
ip subnet-zero
!
!--- For DHCP:
ip dhcp excluded-address
!
interface ethernet0
no shut
ip address
ip tcp adjust-mss 1452
!--- If the ip tcp adjust-mss 1452 command is not supported, try this !--- configuration statement: ip adjust-mss 1452. If this command is not !--- supported in your current Cisco DSL Router software release, upgrade to the !--- latest Cisco DSL Router software or follow the procedure in the !--- "Possible Required Configuration Steps on the PC" section of this document.
!--- For NAT:
ip nat inside
no ip directed-broadcast
!
interface atm0
no ip address
bundle-enable
dsl operating-mode auto
!
interface atm0.1 point-to-point
no ip address
no ip directed-broadcast
no atm ilmi-keepalive
pvc
pppoe-client dial-pool-number 1
!--- Common PVC values supported by ISPs are 0/35 or 8/35. !--- Confirm your PVC values with your ISP.
!
!
interface dialer1
ip address
mtu 1492
!--- For NAT:
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap hostname
ppp chap password
ppp pap sent-username
!
!--- For NAT:
ip nat inside source list 1 interface dialer1 overload
!--- If you have a pool (a range) of public IP addresses provided !--- by your ISP, you can use a NAT Pool. Replace !--- ip nat inside source list 1 interface dialer1 overload
!--- with these two configuration statements: !--- ip nat inside source list 1 pool
!--- If Internet users require access to an internal server, you can !--- add this static NAT configuration statement: !--- ip nat inside source static tcp
!
ip classless
ip route 0.0.0.0 0.0.0.0 interface dialer1
!--- For NAT:
access-list 1 permit
!--- In this configuration, access-list 1 defines a standard access list !--- that permits the addresses that NAT translates. For example, if !--- your private IP network is 10.10.10.0, configure !--- access-list 1 permit 10.10.10.0 0.0.0.255 in order to allow NAT to translate !--- packets with source addresses between 10.10.10.0 and 10.10.10.255.
!
end
Source : Cisco.com
Cisco ADSL PPPoA Sample Configuration
!--- Comments contain explanations and additional information.
service timestamps debug datetime msec
service timestamps log datetime msec
ip subnet-zero
!
!--- For DHCP:
ip dhcp excluded-address
ip dhcp pool
network
default-router
dns-server
!
interface ethernet0
no shut
ip address
!--- For NAT:
ip nat inside
no ip directed-broadcast
!
interface atm0
no shut
no ip address
no ip directed-broadcast
no ip mroute-cache
pvc
encapsulation aal5mux ppp dialer
dialer pool-member 1
!--- Common PVC values supported by ISPs are 0/35 or 8/35. !--- Confirm your PVC values with your ISP.
!
interface dialer1
ip address subnet mask use ip address negotiated, if dynamic address)
no ip directed-broadcast
!--- For NAT:
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap hostname
ppp chap password
ppp pap sent-username password
!
!--- For NAT:
ip nat inside source list 1 interface dialer1 overload
!--- If you have a pool (a range) of public IP addresses provided !--- by your ISP, you can use a NAT Pool. Replace !--- ip nat inside source list 1 interface dialer1 overload
!--- with these two configuration statements: !--- ip nat inside source list 1 pool overload
!--- ip nat pool
!--- netmask
!--- If Internet users require access to an internal server, you can !--- add this static NAT configuration statement: !--- ip nat inside source static tcp {80 or 25}
!--- {80 or 25} extendable
!--- Note: TCP port 80 (HTTP/web) and TCP port 25 (SMTP/mail) are used
!--- for this example. You can open other TCP or UDP ports, if needed.
!
ip classless
ip route 0.0.0.0 0.0.0.0 dialer1
!--- For NAT:
access-list 1 permit
!--- In this configuration, access-list 1 defines a standard access list !--- that permits the addresses that NAT translates. For example, if !--- your private IP network is 10.10.10.0, configure !--- access-list 1 permit 10.10.10.0 0.0.0.255 in order to allow NAT to translate !--- packets with source addresses between 10.10.10.0 and 10.10.10.255.
!
end
Source : Cisco.com
service timestamps debug datetime msec
service timestamps log datetime msec
ip subnet-zero
!
!--- For DHCP:
ip dhcp excluded-address
!
interface ethernet0
no shut
ip address
!--- For NAT:
ip nat inside
no ip directed-broadcast
!
interface atm0
no shut
no ip address
no ip directed-broadcast
no ip mroute-cache
pvc
encapsulation aal5mux ppp dialer
dialer pool-member 1
!--- Common PVC values supported by ISPs are 0/35 or 8/35. !--- Confirm your PVC values with your ISP.
!
interface dialer1
ip address
no ip directed-broadcast
!--- For NAT:
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap hostname
ppp chap password
ppp pap sent-username
!
!--- For NAT:
ip nat inside source list 1 interface dialer1 overload
!--- If you have a pool (a range) of public IP addresses provided !--- by your ISP, you can use a NAT Pool. Replace !--- ip nat inside source list 1 interface dialer1 overload
!--- with these two configuration statements: !--- ip nat inside source list 1 pool
!--- If Internet users require access to an internal server, you can !--- add this static NAT configuration statement: !--- ip nat inside source static tcp
!
ip classless
ip route 0.0.0.0 0.0.0.0 dialer1
!--- For NAT:
access-list 1 permit
!--- In this configuration, access-list 1 defines a standard access list !--- that permits the addresses that NAT translates. For example, if !--- your private IP network is 10.10.10.0, configure !--- access-list 1 permit 10.10.10.0 0.0.0.255 in order to allow NAT to translate !--- packets with source addresses between 10.10.10.0 and 10.10.10.255.
!
end
Source : Cisco.com
Subscribe to:
Posts (Atom)
-
People from Cisco world would always wonder that how to restrict ssh access to a Juniper EX switch to fewer hosts or ranges Here is how y...
-
There are cases where one needs to deploy the VoIP phones in the existing network and due to lack of internal cabling you cant connect IPph... -
Here is the step by step configuration of VPN between Fortigate and vShield Edge Fortigate configuration Create addresses on the For...