Frame-Relay

Frame-Relay

1) Point-to-Point (Use only 1 pvc from router's serial interface to destination)
R1#int se0/0/0
R1#encapsulation frame-relay
R1#int se0/0/0.102 point-to-point
R1#ip address 192.168.1.1 255.255.255.0
R1#frame-relay interface-dlci 16

point-to-point.pkt


2) Multipoint (Use when have center router in network diagram)
R1#int se0/0/0
R1#encapsulation frame-relay
R1#int se0/0/0.102 multipoint
R1#ip address 10.10.10.1 255.255.255.0
R1#frame-relay map ip 192.168.1.1 102 broadcast

multipoint .pkt


R1#show frame map
R1#show frame lmi
R1#show frame pvc

Posted by

Switch - Find Switch by MAC

S1#show mac address-table address (1234.1234.1234)
S1#show interface status
S1#show cdp neighbors interface (fa0/1)
S1#show cdp neighbors interface (fa0/1) detail

S2#Same S1
S2#Same S1
S2#Same S1
S2#Same S1

.
.
.

Find until it not trunk port
Posted by

NAC

NAC (Network Access Control)

Is used by a multitude of users and devices
Desktops, Workstations, Laptops, Tablets, Printers, IP Phone, Switches, Access Point
Employees laptops and tablets, Smartphones, Tablets

User + Device + Situation = Access

Concepts

Pre-admission & Post-admission
            Two prevailing design philosophies in NAC
            Pre-admission: Hosts are inspected prior to being allowed on the network
            Post-admission: NAC makes enforcement decisions based on user actions, after those users have been provided with access to the network

Agent versus Agentless
            A key difference among NAC is whether they require “Agent Software” to report end-system characteristics or whether they use “Scanning and Network Inventory Techniques
            Note: Microsoft provides NAP(network access protection) agent as part of Windows

Out-of-band versus Inline
            Out-of-band systems : agents are distributed on end-stations(host) and report information to a central console
            Inline : Can be single-box solutions (Act as Internal firewall) (Easy to deploy on new network)

Remediation, quarantine and captive portals
            Quarantine: A Quarantine network is a restricted IP Network that provides user with routed access only some applications or hosts, When a NAC product determines that an end-user is out-of-date, their switch port is assigned to a VLAN that is routed only to patch and update servers.
            Captive portals: Intercepts HTTP access to web pages, redirecting users to a web application that provides instructions and tools for updating their computer. Until their computer passes automated inspection, no network usage besides the captive portal is allowed. This similar to the way paid wireless access works at public access points.


Thanks
http://en.wikipedia.org/wiki/Network_Access_Control
http://www.throughwave.co.th/2011/03/09/network-access-control-%E0%B9%80%E0%B8%A5%E0%B8%B7%E0%B8%AD%E0%B8%81%E0%B8%AD%E0%B8%A2%E0%B9%88%E0%B8%B2%E0%B8%87%E0%B9%84%E0%B8%A3%E0%B9%83%E0%B8%AB%E0%B9%89%E0%B9%80%E0%B8%AB%E0%B8%A1%E0%B8%B2/
http://kmcenter.rid.go.th/kcitc/2011/index.php?option=com_content&view=article&id=144:network-access-control-nac&catid=47:2011-08-25-08-18-13



Posted by

Spanning Tree

Network Devices can out of order (down) So, To increase durable of fault tolerance in switches or bridge network, We can add Switches or bridge if switch cannot run and other one can run.

Spanning tree protocol is IEEE802.1D Standard

Fundamental of Spanning Tree (STP)

its will find main switch from all switch in network topology, Called "Root Bridge or Root Switch"
And it will calculate any port and give status of port (Forwarding state, Blocking State) automatically

It have 3 steps

1)Select Root Bridge
- Send BPDU (Bridge Protocol Data Unit), enchange this message to other switch
- In BPDU have important fields is
Bridge Priority, Mac address



- Find Switch that can use as "Root Switch"
- We have Root switch
2)Select Root Ports
- Select by using path cost
- Count from BPDU (Count from its port to Root bridge)
- Select high path cost (less than any)
3)Select Designated Ports
- We must decide to select one port to active (Designated port) and other one is blocking port
- Select by high path cost, Select by Bridge ID, Select by Port ID


Note : 1 Root Port / 1 Switch, Designated <-> Root, Designated <-> Blocking
Root bridge's ports are designated port



Command :
switch34# show spanning-tree


thanks:
http://rekrowten.wordpress.com/2011/08/08/stp-path-cost-values/
Posted by

Switch - External Router

External Router (Route-on-stick)

Divide physical interface to sub-interface and use each sub-interface to route traffic between VLAN, Each sub-interface can have IP address

This method is usually use for network that no have layer3-switch
at layer2-switch must have trunk port connect to router and other port use for host

Router1#conf t
Router1(config)#interface fa0/1.2    (2 is Vlan)
Router1(config-if)#encapsulation dot1q 2 (2 is Vlan) 
Router1(config-if)#ip address 192.168.1.1 255.255.255.0

encapsulation : dot1q or is1
encapsulation type must same with switch's encapsulation
Posted by

IP - VLSM 1

Major Network : 192.168.1.0/24

This IP assign to 4 department
A - 95 hosts
B - 45 hosts
C - 25 hosts
D -  5 hosts

Calculate now ...
A - Allocate the highest ranges of IP to highest requirement
192.168.1.0/25 -> give 126 IP
192.168.1.1 - 192.168.1.126 //remaining 192.168.1.128

B - Allocate the next highest ranges of IP to next highest requirement
192.168.1.128/26 -> give 62 IP
192.168.1.129 - 192.168.1.190 //remaining 192.168.1.192

C -
192.168.1.192/27 -> give 32 IP
192.168.1.193 - 192.168.1.222 //remaining 192.168.1.224

D -
192.168.1.224/29 -> give 8 IP
192.168.1.225 - 192.168.1.230 //remaining 192.168.1.232

End

A: 192.168.1.1 - 192.168.1.126
B: 192.168.1.129 - 192.168.1.190
C: 192.168.1.193 - 192.168.1.222
D: 192.168.1.225 - 192.168.1.230

Posted by

Switch - Traffic route using L3

Switch Layer3

vlan database
vlan 70 name v70
conf t
interface vlan70 (or interface vlan 70)
ip address 192.168.70.254 255.255.255.0
no shutdown

Switch Layer2

vlan database
vlan 70 name v70
conf t
int range fa0/1-24
switchport access vlan 70
no shutdown
//show vlan
conf t
int giga1/1
switchport mode trunk


https://www.mediafire.com/?b7vsjb1lt3xurbb

Posted by

Switch - Trunk port

Expand VLAN to other switches

Examples

  • Port that connect to other switch
  • Port Uplink
  • Port that connect to router (Router traffic between VLAN)
(config)# interface <interface module/port>
(config-if)#switchport trunk encapsulation [isl | dot1q]
(config-if)#switchport mode trunk




#switchport trunk allow vlan 10-15
#show interface giga0/1 switchport (View Trunk port status)
#show interface trunk (trunks port status)
Posted by

Switch - Access port

Examples of Access port

  • Port that have connected with user's computer
  • Port that connect with server
  • Port that connect with router (Router not route traffic between VLAN)
(config)#interface <interface module/port>
(config-if)#switchport mode access
Posted by

Switch - Dynamic Static VLAN

Static VLAN : port-based membership
Give a member of VLAN by using switch's port number

#vlan database
(vlan)#vlan <vlan number> name <vlan name>
(vlan)#exit
#conf t
(config)#interface interface-type //interface fa0/1
(config-if)#switchport mode access
(config-if)#switchport access vlan <vlan number>
(config-if)#end


#show vlan

Dynamic VLAN : mac address
Give a member of VLAN by using mac address

  1.  when computer connect to switch
  2.  switch checks computer's mac address
  3.  switch send mac address to database on server*
  4.  server check mac address if exist send Vlan number back to computer
  5.  give vlan to computer


*server: VLAN Membership Policy Server (VMPS)
Posted by

Switch - VLAN.DAT

VLAN.DAT is worked for store VLAN's database
if you want to delete 3 Vlan from 20 Vlan , You must use this command
switch1#no vlan <vlan number>
or if you want to delete 20 Vlan from 20 Vlan You should use this command


after switch has started , Configuration about VLAN will be empty

switch1#show vtp status
Posted by

Switch - ip default gateway

What we do when our switch has different subnet with administrator's subnet
This answer is
Set Default gateway's ip address to Switch
Ex.
       switch1#conf t
       switch1(config)#int vlan1
       switch1(config-if)#ip address 10.10.10.1 255.255.255.0 //This is Switch's ip and Type Exit
       switch1(config)#ip default-gateway 10.10.10.254 //10.10.10.254 is default gateway's IP
Posted by

Switch - Vlan1

VLAN (Virtual Lan)

VLAN1 is called Management VLAN
because it has created for manage or config via telnet

by default Vlan1 is empty and no have any IP Address
We must to address to VLAN1 and it will be switch's address

Ex.
     switch1(config)#int vlan1
     switch1(config)#ip address 10.10.10.1 255.255.255.0
     switch1(config)#no shutdown
Posted by
Subscribe to: Posts (Atom)