Saturday, February 26, 2011

ARP , RARP & Proxy ARP

ARP = Address Resolution Protocol
RARP = Reverse Address Resolution Protocol

ARP
--------
- I know my destination IP address but i don't know it's MAC address
- Map known layer 3 destination address to unknown destination layer 2 address.

RARP
--------
- I know my source MAC address but i don't know my IP address
- DHCP server will give IP address to my host

Reference ::
http://www.youtube.com/watch?v=b7gv09B_80A
Posted by at No comments:

Cisco :: Configuring SSH

PRECONDITION: You need a K9 IOS (newer than 12.1) to enable SSH

1) You MUST set a host name
hostname ciscolab

2) You MUST set a ip domain name
ip domain-name mydomain.com

3) You MUST enable aaa new-model OR set “login local” under vty configuration but not just “login”
aaa new-model

4) You MUST create a user
username sshtest password 0 sshpass

5) You MUST generate RSA keys
crypto key generate rsa

if you have RSA keys before you will receive a message, type yes
% You already have RSA keys defined named ciscolab.mydomain.com.
% Do you really want to replace them? [yes/no]: yes

it will ask for modulus size, 1024 is fine (it depends your security needs)
How many bits in the modulus [512]: 1024

6) You MUST set vty access method to all OR ssh (if you chose ssh telnet will be disabled)
line vty 0 4
transport input ssh




Reference ::
http://cisco-network.com/hands-on/ssh-cisco/
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml#diagram
Posted by at No comments:

Cisco :: Port Security

Buat cengginie ::

Switch)# config t
Switch(config)# int fa0/18
Switch(config-if)# switchport port-security ?
 aging           Port-security aging commands
 mac-address     Secure mac address
 maximum         Max secure addresses
 violation       Security violation mode


Switch(config-if)# switchport port-security
Switch(config-if)#^Z


As you can see in the example, there are a number of other port security commands that you can configure. Here are some of your options:

  • switchport port-security maximum {max # of MAC addresses allowed}: You can use this option to allow more than the default number of MAC addresses, which is one. For example, if you had a 12-port hub connected to this switch port, you would want to allow 12 MAC addresses—one for each device. The maximum number of secure MAC addresses per port is 132.
  • switchport port-security violation {shutdown | restrict | protect}: This command tells the switch what to do when the number of MAC addresses on the port has exceeded the maximum. The default is to shut down the port. However, you can also choose to alert the network administrator (i.e., restrict) or only allow traffic from the secure port and drop packets from other MAC addresses (i.e., protect).
  • switchport port-security mac-address {MAC address}: You can use this option to manually define the MAC address allowed for this port rather than letting the port dynamically determine the MAC address.

These are the guidelines to configure port security:

A secure port cannot be a trunk port.
A secure port cannot be an 802.1X port.
A secure port cannot belong to an EtherChannel port-channel interface.
A secure port and static MAC address configuration are mutually exclusive.
A secure port cannot be a destination port for Switch Port Analyzer (SPAN).

Reference ::
http://www.techrepublic.com/article/lock-down-cisco-switch-port-security/6123047
http://www.networkworld.com/community/node/25359
http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_example09186a00807c4101.shtml#diag

Posted by at No comments:

Sunday, February 20, 2011

Linux | ls dan rm command

rm

you could delete each file individually with the following command:
rm Joe\name Joe\address Joe\phone Joe\Other\ssn\ Joe\Other\age

You could then use the rmdir command to remove the directories Other and Joe:

rmdir Joe/Other Joe

the command:

rm -r Joe

Finally, a trick. A common problem people run into is how to delete a file whose name starts with a -. For example, if you entered the command

rm -garbagefile

in an attempt to remove a file named -garbagefile, you would get the error message:

rm: illegal option -g

Try rm -help for more information.

This is because rm assumes that if its first argument starts with a - it is an option. The solution is to use a name that does not confuse rm. For example, you can use either the full pathname of the file or a relative pathname where you explicitly specify the current directory using ./. Thus, the following command would do the job:

rm ./-garbagefile

Reference::
http://www.linuxjournal.com/article/50

LS
-----

1) ls -t sorts the file by modification time, showing the last edited file first. head -1 picks up this first file.

$ vi first-long-file.txt
$ vi second-long-file.txt

$ vi `ls -t | head -1`

[Note: This will open the last file you edited (i.e second-long-file.txt)]

2)To show single entry per line, use -1 option as shown below.

$ ls -1 bin boot cdrom dev etc home initrd initrd.img lib


3) To show long listing information about the file/directory.


$ ls -l -rw-r----- 1 ramesh team-dev 9275204 Jun 13 15:27 mthesaur.txt.gz



Reference ::


http://www.thegeekstuff.com/2009/07/linux-ls-command-examples/#more-550
Posted by at No comments:

Cara nk reset switch kpd factory default setting

Before You Begin

Before you reset the switch to factory defaults, perform one of these tasks:

  • Back up your configuration on a TFTP server.

  • Copy your configuration to a text file.

  • Copy the configuration locally on the bootflash or slot0: device.

Once you clear the user configuration, there is no way to recover the configuration unless you restore the backed-up configuration.



1- Reset Catalyst Switches Running CatOS

Cat5k> (enable) clear config all
This command will clear all configuration in NVRAM.
This command will cause ifIndex to be reassigned on the next system startup.
Do you want to continue (y/n) [n]? y
2002 Aug 03 15:16:19 %MLS-5-MCAST_STATUS:IP Multicast Multilayer Switching is disabled

System configuration cleared.
Use 'session' command to clear ATM or Router specific configurations.
Console> (enable)
Cat5k> (enable) clear config 5
This command will clear module 5 configuration.
Do you want to continue (y/n) [n]? y
................................
Module 5 configuration cleared.


2- Reset Catalyst Switches Running Cisco IOS Software

Cat2950# write erase
Erasing the nvram filesystem will remove all files! Continue? [confirm]y[OK]
Erase of nvram: complete
Cat2950# reload
System configuration has been modified. Save? [yes/no]: n

!--- Do not save the configuration at this prompt. Otherwise, the switch
!--- reloads with the current running configuration and does not reset to default.

Proceed with reload? [confirm]y                         

2w0d: %SYS-5-RELOAD: Reload requested

C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1)
Compiled Mon 22-Jul-02 18:57 by antonino
WS-C2950G-12-EI starting...

Reset VLAN Information

Cat2950# show vlan
Cat2950# dir flash:

!--- On the 4500/4000, issue the dir cat4000_flash: command.
!--- On the 6500/6000, issue the dir const_nvram: command.


Directory of flash:/

2  -rwx     2487439   Mar 11 1993 01:25:32  c2950-i6q4l2-mz.121-9.EA1d.bin
3  -rwx         840   Mar 20 1993 09:20:09  vlan.dat

!--- This vlan.dat file stores user-configured VLANs.

4  -rwx     2491435   Mar 08 1993 16:14:13  c2950-mvr.bin
6  -rwx          42   Mar 01 1993 00:07:35  env_vars
7  -rwx         109   Mar 11 1993 01:23:56  info
8  drwx         640   Mar 11 1993 01:26:35  html
19  -rwx         109   Mar 11 1993 01:26:35  info.ver

7741440 bytes total (1088512 bytes free)
Switch#

Cat2950# delete flash:vlan.dat
Delete filename [vlan.dat]
!----- Press Enter.

The reason is that this vlan and VTP information is actually kept in the VLAN.DAT file
in Flash memory, and the contents of Flash are kept on a reload. The file has to be
deleted manually.

There's a little trick to deleting this file. The switch will prompt you twice to ask if you
really want to get rid of this file. Don't type "y" or "yes" just accept the defaults by
hitting the return key. If you type "y", the router attempts to delete a file named "y",
as shown here:

------!
Cat2950# delete vlan.dat
Delete filename [vlan.dat]? y
Delete flash:y? [confirm]
%Error deleting flash:y (No such file or directory)

Cat2950# delete vlan.dat
Delete filename [vlan.dat]?
Delete flash:vlan.dat? [confirm]

Cat2950# reload


Another way to delete Vlan :

So simple:
Cat2950(config)#no vlan 2-1000

Verify that VLANs (2-1000) are gone:
Cat2950(config)#do sh vlan br

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24, Fa0/25, Fa0/26, Fa0/27
Fa0/28, Fa0/29, Fa0/30, Fa0/31
Fa0/32, Fa0/33, Fa0/34, Fa0/35
Fa0/36, Fa0/37, Fa0/38, Fa0/39
Fa0/40, Fa0/41, Fa0/42, Fa0/43
Fa0/44, Fa0/45, Fa0/46, Fa0/47
Fa0/48, Gi0/1, Gi0/2, Gi0/3
Gi0/4
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup




Reference::
http://www.cisco.com/en/US/products/hw/switches/ps607/products_tech_note09186a00800c4546.shtml
http://www.mcmcse.com/cisco/guides/vlandat.shtml
http://cciepursuit.wordpress.com/2007/06/16/easy-way-to-quickly-remove-vlans/
















Posted by



at





No comments:
  









































Policy Based Routing










Nape nk buat "Policy Based Routing" ni ? maklumat lanjut bleh refer pd link di bawah. Secara ringkasnya apabila korang ada 2 ISP / gateway dan nk forward setiap traffic melalui gateway berlainan.

Reference :
http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml#wp14009









Posted by



at





No comments:
  










































Cisco ACL










http://www.cisco.com/en/US/partner/tech/tk648/tk361/tk821/tsd_technology_support_sub-protocol_home.html

 
Access lists may be used for purposes filtering IP traffic, defining  traffic to Network Address Translate (NAT) or encrypt, or filtering  non-IP protocols such as AppleTalk ,IPX etc.
 
                        
                         

                         

                         

                         

                       
                                                                                                                    Troubleshoot and Alerts

Security Advisories, Responses and Notices

(All IP Addressing Services Security Advisories, Responses and Notices)

Cisco Security Advisory: MS SQL Worm Mitigation RecommendationsCross-Navigate

Troubleshooting TechNotes

(All IP Addressing Services Troubleshooting TechNotes)

Characterizing and Tracing Packet Floods Using Cisco RoutersCross-Navigate

Cisco Guide to Harden Cisco IOS Devices

Configuring IP Access ListsCross-Navigate

Transit Access Control Lists: Filtering at Your Edge
Configuring Commonly Used IP ACLs
Configuring IP Access Lists

Configuring Commonly Used IP ACLs

Configuring IP Access Lists











Posted by



at





No comments:
  

































          

        

          

        

Saturday, February 19, 2011


          

        









Troubleshooting TCP/IP connectivity dgn Win XP










Bnyk gk command nyer..bleh refer sini ::

http://support.microsoft.com/kb/314067

Basic tools
  • Network Diagnostics in Help and Support
    Contains detailed information about the network configuration     and the results of automated tests.
  • Network Connections folder
    Contains information and configuration for all network     connections on the computer. To locate the Network Connections folder, click     Start, click Control Panel, and then click     Network and Internet Connections.
  • IPConfig command
    Displays current TCP/IP network configuration values,     updates, or releases, Dynamic Host Configuration Protocol (DHCP) allocated     leases, and display, register, or flush Domain Name System (DNS)     names.
  • Ping command
    Sends ICMP Echo Request messages to verify that TCP/IP is     configured correctly and that a TCP/IP host is available.
Advanced tools
  • Hostname command
    Displays the name of the host computer.
  • Nbtstat command
    Displays the status of current NetBIOS over TCP/IP     connections, updates the NetBIOS name cache, and displays the registered names and     scope ID.
  • PathPing command
    Displays a path of a TCP/IP host and packet losses     at each router along the way.
  • Route command
    Displays the IP routing table and adds or deletes IP     routes.
  • Tracert command
    Displays the path of a TCP/IP host.
 To view the correct command syntax to use with each of these     tools, type -? at a command prompt after the name of the     tool.

Windows XP Professional tools
 Windows XP Professional contains the following additional tools:      
  • Event viewer
    Records system errors and events.
  • Computer Management
    Changes network interface drivers and other     components.










Posted by



at





No comments:
  









































CCNA Guide










Blog

http://www.depacket.com/
http://kasl33.blogspot.com/

Routing Basic
http://www.joshgentry.com/cisco/cisco.htm
http://www.cisco.com/en/US/docs/internetworking/technology/handbook/Routing-Basics.html

Subnetting
http://www.joshgentry.com/networking/subnet.htm

Cisco Quick Tips
http://www.joshgentry.com/cisco/cisco-quick-tips.php









Posted by



at





No comments:
  

































          

        

          

        

Sunday, February 13, 2011


          

        









PING - How To










Tutorial menarik tentang PING...belajar melalui PHP..


Reference :
http://birk-jensen.dk/2010/09/php-ping/









Posted by



at





No comments:
  










































OSI Model













Reference ::

http://www.tech-faq.com/osi-model.html
http://www.protocols.com/pbook/tcpip1.htm









Posted by



at





No comments:
  

































        

      









Subscribe to:
Posts (Atom)