Tuesday, 5 November 2013

Installation and setup of CISCO SG500-28P:

The SG500 series cisco switches are the next step up from already popular SG300 layer 3 switches.
Here some highlight of SG500 series switches:
1.       High power over Ethernet plus(PoE+), Providing up to 30 watts per port.
2.       Full IPv6 support.
3.       Advanced layer 3 traffic management.
4.       Strong security. Access Control lists,Voice VLAN , Guest VLAN and many more security features
5.       Expandability. Offering 1G and 1G/5G Ethernet expansion slot.
               
Before You Begin:
                Both SG300 and SG500 series switches are layer-3 capable. This means we can create multiple VLANs and route between them. Function called InterVLAN routing
                Most of people are not aware that when an SG300 and SG500 switch is powered up for the first time , it default to layer 2 model.In order to create multiple VLANs ,assign IP addresses and enable layer3 switching , You must switch the SG300 and SG500 to ROUTER model.
                When this is done all configuration is erased and the device is reset ,losing any configuration performed.

Switching to ROUTER mode – Enabling Layer-3 Switching:
                To switch to router mode, connect to the serial port using the provided DB9 serial cable . Set the com port thus:
1.       115200 Baud rate
2.       8 Data bits
3.       No parity
4.       1 stop bit
5.       No flow control


When presented with the login prompt, Use “cisco” as a username and password. You will be requested to change the password before you perform any configuration.




When complete the CLI prompt will be presented along with the familiar hash symbol. At the prompt, enter “show system mode” to view the current mode.



Without delay,let’s switch to router mode:




As the reset process begins a number of messages will be displayed on the console and the switch will finally reboot:
Issuing the show system command will then confirm the switch in router mode.






Creating VLANs, Assigning IP addresses, Default Gateway, DNS Name server, Enabling IP Routing.
                The process of creating VLANs on the SG500 is similar to that of the catalyst switches. First create your VLAN and then VLAN interfaces to configure IP addresses. Since VLAN1 , The default VLAN is already created , We only require that we changes its IP address to match our network. Keep in mind that the switch has VLAN1 preconfigured with IP address 192.168.1.154, but also has DHCP enabled, so if the switch find a DHCP server during start-up it will automatically obtain an IP address.





We have now set VLAN 1’s IP address to 192.168.1.2. Next step is create VLAN 10, name them and configure an IP address.
The “VLAN 10” command creates VLAN 10.



Finally we configure default gateway, Name server for DNS resolution and enabling IP Routing.



THANK YOU......!!!!!!!!!!!!             
Posted by at No comments:

Wednesday, 23 October 2013

Que ) How to monitor packet flow in Cyberoam Firewall ?


Ans : You can monitor packet flow from Cybroam CLI using the tcpdump command.

tcpdump is a packet capture tool that allows interception and capture of packets passing through a network interface, making it useful for understanding and troubleshooting network layer problems. It helps in monitoring packet flow coming on interface, response for each packet, packet drop, and ARP information. tcpdump prints out the headers of packets on a network interface that match the Boolean expression.

Command Description
Use tcpdump from Cyberoam Telnet Console or from Cyberoam CLI.

How to view traffic of the
tcpdump command
Example

specific host
tcpdump ‘host <ipaddress>‘
tcpdump ‗host 192.168.1.25‘

specific source host
tcpdump ‘src host <ipaddress>‘
tcpdump ‗src host 192.168.1.25‘
specific destination host
tcpdump ‘dst host <ipaddress>‘
tcpdump ‗dst host 192.168.1.100‘
specific network
tcpdump ‘net <network address>‘
tcpdump ‗net 192.168.1.0‘
specific source network
tcpdump ‘src net <network address>‘
tcpdump ‗src net 192.168.1.0‘

specific destination network
tcpdump ‘dst net <network address>‘
tcpdump ‗dst net 27.34.245.92‘

specific port
tcpdump ‘port <port-number>‘
tcpdump ‗port 21‘

specific source port
tcpdump ‘src port <port-number>‘
tcpdump ‗src port 21‘

specific destination port
tcpdump ‘dst port <port-number>‘
tcpdump ‗dst port 21‘

specific host for the particular port
tcpdump ‗host <ipaddress> and port
<port-number>‘
tcpdump ‗host 192.168.1.138
and port 21‘

the specific host for all the ports except SSH
tcpdump ‗host <ipaddress> and port not <port-number>‘
tcpdump ‗host 192.168.1.138 and port not 22‘
specific protocol
                                 tcpdump ‘proto ICMP‘
                                 tcpdump ‘proto UDP‘
                                 tcpdump ‘proto TCP‘
                                 tcpdump ‗arp‘

paritcular interface
tcpdump interface <interface>
tcpdump interface PortB
specific port of a particular interface
tcpdump interface <interface> ‗port <port-number>‘
tcpdump interface PortB ‗port 21‘




Step 1 :


               
Step 2 :


               
Step 3 :
  
             
Step 4 :
      

         
Step 5 :

Step 6 :

Step 7 :


Step 8 :
      
         
Step 9 :

Step 10 :

Step 11 :


Posted by at 1 comment:

Basic of static routing configure cisco router



Static routing occurs when you manually add routes in each router's routing table. There are advantages and disadvantages to static routing, but that's true for all routing processes.
Static routing has the following advantages:
·          There is no overhead on the router CPU.
·          There is no bandwidth usage between routers.
·          It adds security because the administrator can choose to allow routing access to certain networks only.
           Static routing has the following disadvantages:
·          The administrator must really understand the internetwork and how each router is connected in order to configure routes correctly.
·          If a network is added to the internetwork, the administrator has to add a route to it on all routers—manually.
·          It's not possible in large networks because maintaining it would be a full-time job in itself.

Command syntax for static route:
            ip route [destination_network] [mask] [next-hop_address or exit_interface][administrative_distance] [permanent]

              ip route :The command used to create the static route
    
    Destination network: The network you're placing in the routing table
     Mask The subnet mask being used on the network
   
    Next-hop address:The address of the next-hop router that will receive the packet and forward it to the remote network.
    
exit interface Used in place of the next-hop address if you want, and shows up as a directly connected route.

   administrative_distance  By default, static routes have an administrative distance of 1 (or even 0 if you use an exit interface instead of a next-hop address).
    permanent Keyword (Optional) Without the permanent keyword in a static route statement, a static route will be removed if an interface goes down. Adding the permanent keyword to a static route statement will keep the static routes in the routing table even if the interface goes down and the directly connected networks are removed.

Default Routing:

Default routing is used to send packets with a remote destination network not in the routing table to the next-hop router. You should only use default routing on stub networks—those with only one exit path out of the network.


How to configure Default routing on Cisco router :
           

Configuration:
            PC0: IP address 10.0.0.2 Subnet mask 255.0.0.0 Default Gateway 10.0.0.1 
            PC0: IP address 30.0.0.2 Subnet mask 255.0.0.0 Default Gateway 30.0.0.1
 
 
1841 Router 0:
                                         Continue with configuration dialog? [yes/no]: no
 
Press RETURN to get started!
 
Router>
Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname R1
R1(config)#banner motd # Unauthorized access is prohibited #
R1(config)#interface fastethernet 0/0
R1(config-if)#ip address 10.0.0.1 255.0.0.0
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
R1(config-if)#exit
R1(config)#
R1(config)#interface serial 0/0/0
R1(config-if)#ip address 20.0.0.1 255.0.0.0
R1(config-if)#clock rate 64000
R1(config-if)#bandwidth 64
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to up
R1(config-if)#exit
R1(config)#
R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2
R1(config)#
 
30.0.0.0 = destination network.
255.0.0.0 = subnet mask.
20.0.0.2 = next-hop address.
 
2621XMRouter1:
Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 30.0.0.1 255.0.0.0
R2(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R2(config-if)#exit
R2(config)#
R2(config)#interface serial 0/0
R2(config-if)#ip address 20.0.0.2 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1
R2(config)#
 
10.0.0.0 = Destination network
255.0.0.0 =Subnet mask
20.0.0.1=Next hop IP


how to Static Route configure on Cisco router:

 

We will use four different series router

 A static route is a manually configured route on your router. Static routes are typically used in smaller networks and when few networks or subnets exist, or with WAN links that have little available bandwidth. With a network that has hundreds of routes, static routes are not scalable, since you would have to configure each route and any redundant paths for that route on each router.
1841 Series Router0 (R1)

FastEthernet0/0
Serial0/1/0
IP address
10.0.0.1
20.0.0.1
Connected With
Pc0
R2 on Serial 1/0

2620XM Series Router1 (R2)

FastEthernet0/0
Serial1/0

IP address
30.0.0.1
20.0.0.2

Connected With
R3 on FastEthernet0/0
R1 on Serial 0/1/0


2621XM Series Router0 (R3)


FastEthernet0/0
Serial1/0
IP address
30.0.0.2
40.0.0.1
Connected With
FastEthernet0/0
R4 on Serial 1/0

2811 Series Router0 (R4)

FastEthernet0/0
Serial1/0

IP address
50.0.0.1
40.0.0.2

Connected With
Pc1
R3 on Serial 1/0


(1841Router0) Hostname R1:

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname R1
R1(config)#interface fastethernet 0/0
R1(config-if)#ip address 10.0.0.1 255.0.0.0
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#exit
R1(config)#interface serial 0/0/0
R1(config-if)#ip address 20.0.0.1 255.0.0.0
R1(config-if)#clock rate 64000
R1(config-if)#bandwidth 64
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to down
R1(config-if)#exit
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2
R1(config)#ip route 40.0.0.0 255.0.0.0 20.0.0.2
R1(config)#ip route 50.0.0.0 255.0.0.0 20.0.0.2

(2620XM-Router1) Hostname R2:

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface serial 0/0
R2(config-if)#ip address 20.0.0.2 255.0.0.0
R2(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
R2(config-if)#exit
R2(config)#interface fastethernet 0/0
R2(config-if)#ip address 30.0.0.1 255.0.0.0
R2(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
R2(config-if)#exit
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R2(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1
R2(config)#ip route 40.0.0.0 255.0.0.0 30.0.0.2
R2(config)#ip route 50.0.0.0 255.0.0.0 30.0.0.2
 
 

(2620XM-Router2)Hostname R3:

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname R3
R3(config)#interface fastethernet 0/0
R3(config-if)#ip address 30.0.0.2 255.0.0.0
R3(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R3(config-if)#interface serial 0/0
R3(config-if)#ip address 40.0.0.1 255.0.0.0
R3(config-if)#clock rate 64000
R3(config-if)#bandwidth 64
R3(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0, changed state to down
R3(config-if)#exit
%LINK-5-CHANGED: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
R3(config)#ip route 10.0.0.0 255.0.0.0 30.0.0.1
R3(config)#ip route 20.0.0.0 255.0.0.0 30.0.0.1
R3(config)#ip route 50.0.0.0 255.0.0.0 40.0.0.2


(2811Router3) Hostname R4:

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface serial 0/0/0
Router(config-if)#ip address 40.0.0.2 255.0.0.0
Router(config-if)#no shutdown
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to up
Router(config-if)#exit
Router(config)#interface fastethernet 0/0
Router(config-if)#ip address 50.0.0.1 255.0.0.0
Router(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router(config-if)#exit
Router(config)#ip route 10.0.0.0 255.0.0.0 40.0.0.1
Router(config)#ip route 20.0.0.0 255.0.0.0 40.0.0.1
Router(config)#ip route 30.0.0.0 255.0.0.0 40.0.0.1
 

PC-1:

PC>ipconfig
 
IP Address......................: 10.0.0.2
Subnet Mask.....................: 255.0.0.0
Default Gateway.................: 10.0.0.1
  

PC-2:

PC>ipconfig
 
IP Address......................: 50.0.0.2
Subnet Mask.....................: 255.0.0.0
Default Gateway.................: 50.0.0.1

Posted by at No comments:
Subscribe to: Posts (Atom)