IT Certification Study Guide share & Training Preparation Ebooks free download
Posts tagged cisco lab
Configuring Cisco to work with a Windows NLB Cluster
Aug 16th
Introduction
To ensure high availability of critical network applications, the Operations team uses Microsoft’s Network Load Balancer or NLB. NLB allows load balancing between servers without a dedicated stand alone box. To achieve this Microsoft performs some network hacks which require configuration on the network side.
NLB can work in two modes, unicast and multicast. Unicast is the default operation mode due to compatibility. In this mode the switch will have a common unicast mac-address. Since dynamic CAM entries cannot exist for two ports the switch floods all traffic going to a NLB host.
With multicast mode turned on the NLB uses a shared multicast mac-address with a unicast IP address. This mode works better with a Cisco network but has two drawback Due to this inconsistency with a unicast ip address and a multicast mac-address the router will refuse to learn the ARP for the IP address. In addition the switch cannot determine the membership ports in the multicast stream the traffic is still flooded to all hosts., although being a multicast mac-address has a lesser effect on the CPU of flooded hosts.
Fortunately we can create both static ARP entries and static CAM entries to allow the NLB hosts to behave correctly. More >
Popularity: 3% [?]
Cisco VPN Client ISAKMP Transform Set List
Aug 16th
Overview
After trying to set up remote access IPSec VPN on my ASA5540, I was unable to connect using the Cisco VPN Client. After running debug crypto isakmp 255, I found that there were a total of 14 ISAKMP transform set configurations that the client will try before giving up. Please keep in mind that this list is for IPSec remote access only.
This is a list of possible configurations:
| Transform # | Encryption | Hashing | Group | Authentication |
|---|---|---|---|---|
| 1 | AES-256 | SHA1 | Group 2 | xauth |
| 2 | AES-256 | MD5 | Group 2 | xauth |
| 3 | AES-256 | SHA1 | Group 2 | PSK |
| 4 | AES-256 | MD5 | Group 2 | PSK |
| 5 | AES-128 | SHA1 | Group 2 | xauth |
| 6 | AES-128 | MD5 | Group 2 | xauth |
| 7 | AES-128 | SHA1 | Group 2 | PSK |
| 8 | AES-128 | MD5 | Group 2 | PSK |
| 9 | 3DES | SHA1 | Group 2 | xauth |
| 10 | 3DES | MD5 | Group 2 | xauth |
| 11 | 3DES | SHA1 | Group 2 | PSK |
| 12 | 3DES | MD5 | Group 2 | PSK |
| 13 | DES | MD5 | Group 2 | xauth |
| 14 | DES | MD5 | Group 2 | PSK |
Popularity: 3% [?]
Cisco PPTP VPDN server
Aug 16th
Using a Cisco ISR as a PPTP VPN Endpoint
A typical setup is for port 1723 (PPTP) to be forwarded through to an internal server which then acts as the VPN endpoint, here security policies can be applied from the server and so forth. But what happens if the VPN Server is offline or has failed? What if your staff or you still require remote access for fault correction? Below i will attempt to explain the pros and configurational examples of using a Cisco ISR as the VPN endpoint.
I will write the relevant config first, then explain each section below….
aaa new-model
aaa authorization network default group radius local aaa authentication ppp default group radius local More >
Popularity: 3% [?]
Bring down an interface when IP SLA fails
Aug 16th
eltrboricv We want f0/0 to be down when there is SLA failure:
The idea is to use backup interfaces in a way that when one interface is up, the other will be up, and once the interface is down the other will be also down. To do this we will use 3 interface: Tunnel interface Loopback interface and the f0/0 interface. The backup of the tunnel will be the loopback, and the backup of the loopback will be the tunnel. so when the tunnel is down the loopback is up, but when the loopback ip up, f0/0 is down because its the backup interface of the loopback.
Lets configure this:
interface Tunnel99 no ip address tunnel source Loopback98 tunnel destination 1.1.1.1 backup interface lo 99 ! interface Loopback98 no ip address ! interface Loopback99 no ip address backup interface FastEthernet0/0 More >
Popularity: 3% [?]
Basic PPPoE
Aug 16th
Simple PPPoE configuration for a DSL modem. This config assumes a dynamic IP setup. The last line shows an example of how to port forward.
The pvc is usually 0/35 but it might be 0/34. It also depends on your country. PVC 8/35 is reported to work for a signapore ISP.
PVC 8/35 is reported to work for Australian ISPs.
vpdn enable ! vpdn-group pppoe request-dialin protocol pppoe ! interface ATM0/0 no ip address no atm ilmi-keepalive dsl operating-mode auto pvc 0/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip nat inside duplex auto speed auto ! interface Dialer1 ip address negotiated ip mtu 1492 ip nat outside encapsulation ppp dialer pool 1 dialer watch-group 1 dialer-group 1 ppp chap hostname paulius ppp chap password 0 passwordpassword ppp pap sent-username paulius password 0 passwordpassword ! ip nat inside source list 1 interface Dialer1 overload ip nat inside source static tcp 10.0.0.10 80 interface Dialer1 80
Popularity: 3% [?]
Advanced ping checker
Aug 16th
A fancy script to ping a list of ipv4/ipv6 addresses and return some very basic troubleshooting (show ip route, sh ip arp) if the pings fail
Building the script
=Building the script=
<pre>
tclsh
proc pingthem { args } {
#allows for lists, strings, multiple args, etc.
set interface { }
foreach subargs $args {
foreach i $subargs {
#Checks for shortcuts and names of interfaces... allows for some tricky tricks
if [regexp -nocase "lo|po|et|s|vi|tu|fa|gi" $i] {
set interface "source $i"
continue
} elseif [regexp -nocase "x" $i] {
set interface { }
continue
} elseif [regexp -nocase "help" $i] {
puts "ping script hotness! jp.senior aught gmail.com (sartan) 5/19/2009"
puts "Usage: pingthem \[source interface\] <ips> \[moresources\] \[moreips\] or pingthem help (to get this message)"
puts "Source interface may be specified by simply adding a source interface before the list of IPs"
More >
Popularity: 3% [?]
CCIE Security: Certificate-based ACLs
Jul 23rd
A big shout out to all the students in the Raleigh Security CCIE bootcamp last week. I had a blast! Thank you for all your hard work, as well as the after hours discussions about the unknown, and why people feel they know it.
I promised a few blog posts related to security over the next few weeks, and this one is regarding Certificate-based ACLs.
This blog may also serve as a review on how to configure the CA clients so that their certificates contain various fields and values, such as subject-name.
Let’s use this diagram for the backdrop of our discussion:
Popularity: 7% [?]
MPLS Components, Part 2
Jul 23rd
In the previous MPLS Components post, we discussed the many benefits that MPLS can bring to the network, and we detailed the typical components found in a Layer 3 MPLS VPN design. In this post, we will provide more details for the MPLS components and their important, inner workings. We will make reference to the previous diagram in this post as well:
Popularity: 5% [?]
Do You Need the New INE QoS Class?
Jul 23rd
Try these questions on for size! Learn all this and much more in the new QoS class.
1. Based on the following configuration, what traffic will be policed?
class-map C_MUSIC
match protocol kazaa2
match protocol napster
!
class-map match-any C_WEB
match protocol http
match class-map C_MUSIC
!
policy-map P_WEB
class C_WEB
police 64000
!
interface serial 0/0
service-policy output P_WEB More >
Popularity: 5% [?]
6-Day Mock Lab Workshop Sample
Sep 22nd
12-day CCIE R&S Bootcamp students often indicate that the most important day of the training is Day 3 of the 6-Day Mock Lab Workshop. This entire day is dedicated to a discussion about successful strategy for passing the CCIE Lab Exam. The strategy discussion begins with effective study techniques, and then guides students through everything from the night before the exam, to what is best to do during the lunch break!
Perhaps the most satisfying thing for the instructors during the event is watching students raise their score by more than 20 points on a mock lab following the strategy discussion. We confiscated this student video taken at the last Mock Lab Workshop and thought we would leak it here. 
We hope you enjoy.
Part 1
Part 2
Popularity: 1% [?]
Recent Comments