Friday 29 November 2013

Controlling ARP table entries on Windows

1. Displaying all ARP entries

arp -a

2. Adding a new ARP entry 

arp -s 99.99.99.99 11-22-33-44-55-66

To do this, make sure you run the Command Prompt as Administrator. Otherwise, this will show up:


Run as administrator as per below:


3. Deleting an ARP entry

arp -d 99.99.99.99


4. Deleting all ARP entries

arp -d -a 


Monday 20 May 2013

How to enable telnet on Cisco Catalyst Switches?



Dear friends, we will discuss on how to enable telnet to Cisco Catalyst Switches and all other applicable devices.

1. First, we must configure the terminal lines, and we must set a password.

Switch#conf t
Switch(config)#line vty 0 15
Switch(config-line)#password cisco
Switch(config-line)#login
Switch(config-line)#end

2. If you haven't configured the enable password for your switch, then you will need to do so. Otherwise, telnet will fail as well.

Switch#conf t
Switch(config)#enable password cisco
Switch(config)#end

3. Test the telnet connection using third party client such as PuTTY. Display should be as below.



I hope this post will benefit you guys. Thank you for dropping by.

- Soulpower

How to configure a VLAN Trunking Protocol (VTP) ?


Hi. Let's discuss on how to setup a basic VTP configuration.

Network setup

2 units of Cisco Catalyst 2950 are connected to each other via trunk port. SwitchA will be chosen as the VTP Server, SwitchB will be the VTP client.

Steps

1. This step is not compulsory. But to make it easier, I have reset my VLAN and VTP database to default settings. You can learn how to do it here.

SwitchA#sh vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 128
Number of existing VLANs        : 5
VTP Operating Mode              : Server
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 10.0.0.110 on interface Vl1 (lowest numbered VLAN interface found)
SwitchB#sh vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 128
Number of existing VLANs        : 5
VTP Operating Mode              : Server
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 10.0.0.111 on interface Vl1 (lowest numbered VLAN interface found)

2. Configure at least one trunk port on both switches, because VTP packets will use trunk port to communicate. In this case, I'm using port Fa0/8 on both switches as trunk port. ISL is not available on this switch, therefore, dot1q is used by default.

SwitchA(config)#int fa0/8
SwitchA(config-if)#switchport mode trunk
SwitchA(config-if)#end
SwitchB(config)#int fa0/8
SwitchB(config-if)#switchport mode trunk
SwitchB(config-if)#end

3. Verify your configuration. Make sure it's being set as trunk port. Catalyst 2950 is using dot1q as default trunking encapsulation, therefore, I don't need to configure it manually.

SwitchA#sh int f0/8 switchport
Name: Fa0/8
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: up
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
SwitchB#sh int f0/8 switchport
Name: Fa0/8
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: up
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none

4. Now, let's configure VTP. Please make sure that the VTP domain name and VTP password is identical on both switches.

SwitchA(config)#vtp mode server
Device mode already VTP SERVER.
SwitchA(config)#vtp domain cisco
Changing VTP domain name from NULL to cisco
SwitchA(config)#vtp password cisco
Setting device VLAN database password to cisco
SwitchA(config)#end
SwitchB(config)#vtp mode client
Setting device to VTP CLIENT mode.
SwitchB(config)#vtp domain cisco
Changing VTP domain name from NULL to cisco
SwitchB(config)#vtp password cisco
Setting device VLAN database password to cisco
SwitchB(config)#end

5. Now we have configured VTP on both switches. Let's confirm that by turning on VTP debug events. I noticed that, as soon as a VLAN is added, VTP Server will send a summary packet to its VTP client, less than a second.

a) A VTP summary packet is being transmitted by SwitchA (VTP Server) via its trunk port Fa0/8 to all switches within its domain (cisco).
b) A VTP summary packet is being received by SwitchB via its trunk port Fa0/8 from SwitchA.

SwitchA#debug sw-vlan vtp events
vtp events debugging is on
SwitchA#
SwitchA(config)#vlan 100
SwitchA(config-vlan)#name ciscovlan
SwitchA(config-vlan)#end
SwitchA#
00:28:56: VTP LOG RUNTIME: Transmit vtp summary, domain cisco, rev 1, followers 1, tlv blk size 5 (inc #tlv field),
   MD5 digest calculated = 8D 6C F5 D2 A8 3D B0 F5 29 38 B0 A0 A7 01 6F EB

00:28:56: VTP LOG RUNTIME: Summary packet received, domain = cisco, rev = 1, followers = 1, length 77, trunk Fa0/8

00:28:56: VTP LOG RUNTIME: Summary packet rev 1 equal to domain cisco rev 1

00:28:56: VTP LOG RUNTIME: Subset packet received, domain = cisco, rev = 1, seq = 1, length = 228
SwitchB#debug sw-vlan vtp events
vtp events debugging is on
SwitchB#
00:50:42: VTP LOG RUNTIME: Summary packet received, domain = cisco, rev = 1, followers = 1, length 77, trunk Fa0/8

00:50:42: VTP LOG RUNTIME: Summary packet rev 1 greater than domain cisco rev 0

00:50:42: VTP LOG RUNTIME: Domain cisco currently not in updating state

00:50:42: VTP LOG RUNTIME: pdu len 77, #tlvs 1

00:50:42: VTP LOG RUNTIME: Subset packet received, domain = cisco, rev = 1, seq = 1, length = 228

00:50:42: VTP LOG RUNTIME: Transmit vtp summary, domain cisco, rev 1, followers 1, tlv blk size 5 (inc #tlv field),
   MD5 digest calculated = 8D 6C F5 D2 A8 3D B0 F5 29 38 B0 A0 A7 01 6F EB

6. VTP Revision number is now increased by 1 value (from 0 to 1), and we can see VLAN 100 is also added on SwitchB which was being added on SwitchA.

SwitchA#sh vtp status
VTP Version                     : 2
Configuration Revision          : 1
Maximum VLANs supported locally : 128
Number of existing VLANs        : 6
VTP Operating Mode              : Server
VTP Domain Name                 : cisco
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x8D 0x6C 0xF5 0xD2 0xA8 0x3D 0xB0 0xF5
Configuration last modified by 10.0.0.110 at 3-1-93 00:28:56
Local updater ID is 10.0.0.110 on interface Vl1 (lowest numbered VLAN interface found)

SwitchA#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/5, Fa0/6, Fa0/7, Fa0/9, Fa0/10, Fa0/11, Fa0/12
100  ciscovlan                        active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
100  enet  100100     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
SwitchB#sh vtp status
VTP Version                     : 2
Configuration Revision          : 1
Maximum VLANs supported locally : 128
Number of existing VLANs        : 6
VTP Operating Mode              : Client
VTP Domain Name                 : cisco
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x8D 0x6C 0xF5 0xD2 0xA8 0x3D 0xB0 0xF5

SwitchB#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/9, Fa0/10, Fa0/11, Fa0/12
100  ciscovlan                        active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
100  enet  100100     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    srb      0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

Conclusion

  • We can see that our VTP has been configured correctly, and we have verified that it's working fine as it should.
  • Please be advised that VTP is a layer 2 Cisco Proprietary Protocol, please do not attempt to implement this on other switches. :)

I hope this post will benefit you guys. Thank you for dropping by.

- Soulpower

How to reset passwords on a Cisco Catalyst Switch ?

Hi, today we'll discuss on how to reset all passwords on a Cisco Catalyst switches.

Steps

1. Make sure you are connected to the switch via console connection.

2. Power down the switch.

3. While the switch is turned off, press and hold "Mode" button that is located in front, on the left side of the switch. Please refer below image.



4. Next, power on the switch. Remember, you still need to hold the "Mode" button.

5. Release the "Mode" button after approximately 5 seconds when the Status (STAT) LED goes out. When you release the Mode button, the SYST LED blinks amber.

6. The console message will be displayed like this:

C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1)
Compiled Mon 22-Jul-02 17:18 by antonino
WS-C2950-12 starting...
Base ethernet MAC Address: 00:0d:bc:01:a0:40
Xmodem file system is available.

The system has been interrupted prior to initializing the
flash filesystem.  The following commands will initialize
the flash filesystem, and finish loading the operating
system software:

    flash_init
    load_helper
    boot

switch:

7. Enter command "flash_init".

switch: flash_init
Initializing Flash...
flashfs[0]: 7 files, 1 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 3139072
flashfs[0]: Bytes available: 4602368
flashfs[0]: flashfs fsck took 5 seconds.
...done initializing flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
switch:

8. Then, enter command "load_helper", nothing will happen next.

switch: load_helper

9. Enter "dir flash:" command. The switch file system will be displayed as below.

switch: dir flash:

Directory of flash:/

2    -rwx  660       <date>               vlan.dat
7    -rwx  2412      <date>               config.text
3    -rwx  3132319   <date>               c2950-i6q4l2-mz.121-22.EA14.bin
5    -rwx  316       <date>               env_vars
6    -rwx  5         <date>               private-config.text
21   -rwx  109       <date>               info
22   -rwx  109       <date>               info.ver

4602368 bytes available (3139072 bytes used)
switch:

10. Type in rename flash:config.text flash:config.old. config.text is where the password (that you have forgotten) is stored.

switch: rename flash:config.text flash:config.old

11. Enter "boot" command. This command will reboot the switch (obviously). 

switch: boot

Loading "flash:/c2950-i6q4l2-mz.121-22.EA14.bin"...##############################################################

12. When you see "Press RETURN to get started!" , type rename flash:config.old flash:config.text to rename the configuration file to its original file.

SwitchB#rename flash:config.old flash:config.text
Destination filename [config.text]

13. Then, type copy flash:config.text system:running-config to copy the configuration file into the memory.

SwitchB#copy flash:config.text system:running-config
Destination filename [running-config]?
840 bytes copied in 0.772 secs (1088 bytes/sec)
SwitchB#

14. Finally, please configure a new password to your Switch, and please remember it. Otherwise, you'll need to repeat these steps again. :D

SwitchB(config)#enable secret xxx
SwitchB(config)#enable password xxx

SwitchB(config)#line vty 0 15
SwitchB(config-line)#password xxx
SwitchB(config-line)#login

SwitchB(config)#line con 0
SwitchB(config-line)#password xxx

15. Write the running configuration to the configuration file with the write memory command.

SwitchB# write memory

I hope this post will benefit you guys. Thank you for dropping by.

- Soulpower

How to reset VLAN and VTP to factory default settings ?


Hi guys, let's discuss on how to reset VLAN and VTP database to factory default settings. This example is made by using Cisco Catalyst 2950.

Steps

1. VLAN and VTP information are stored in vlan.dat file which is located in flash.
2. To display files in flash, enter the command dir flash: or show flash. You will see the file vlan.dat.

SwitchB#dir flash:
Directory of flash:/

    2  -rwx         660  Mar 01 1993 02:13:00 +00:00  vlan.dat
    7  -rwx        2412  Mar 01 1993 05:11:18 +00:00  config.old
    3  -rwx     3132319  Mar 01 1993 00:09:35 +00:00  c2950-i6q4l2-mz.121-22.EA14.bin
    4  -rwx         840  Mar 01 1993 02:40:48 +00:00  config.text
    5  -rwx         316  Mar 01 1993 00:12:13 +00:00  env_vars
   21  -rwx         109  Mar 01 1993 00:05:00 +00:00  info
   22  -rwx         109  Mar 01 1993 00:07:55 +00:00  info.ver
    8  -rwx           5  Mar 01 1993 02:40:48 +00:00  private-config.text

7741440 bytes total (4600832 bytes free)

SwitchB#show flash
Directory of flash:/

    2  -rwx         660  Mar 01 1993 02:13:00 +00:00  vlan.dat
    7  -rwx        2412  Mar 01 1993 05:11:18 +00:00  config.old
    3  -rwx     3132319  Mar 01 1993 00:09:35 +00:00  c2950-i6q4l2-mz.121-22.EA14.bin
    4  -rwx         840  Mar 01 1993 02:40:48 +00:00  config.text
    5  -rwx         316  Mar 01 1993 00:12:13 +00:00  env_vars
   21  -rwx         109  Mar 01 1993 00:05:00 +00:00  info
   22  -rwx         109  Mar 01 1993 00:07:55 +00:00  info.ver
    8  -rwx           5  Mar 01 1993 02:40:48 +00:00  private-config.text

7741440 bytes total (4600832 bytes free)

4. Delete the file by following below command.

SwitchB#delete flash:/vlan.dat
Delete filename [vlan.dat]?
Delete flash:/vlan.dat? [confirm]

5. Reload the switch by entering below command.

SwitchB#reload
Proceed with reload? [confirm]

6. After reload, the VLAN and VTP data will be set to default settings.

SwitchB#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/9
                                                Fa0/10, Fa0/11, Fa0/12
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

SwitchB#sh vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 128
Number of existing VLANs        : 5
VTP Operating Mode              : Server
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x3F 0x17 0xC8 0xB8 0x5A 0xE3 0x01 0x66
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

I hope this post will benefit you guys. Thank you for dropping by.

- Soulpower

Saturday 18 May 2013

How to configure Switched Port Analyzer (SPAN) ?


Dear friends. Today, let's discuss on how to configure a SPAN port on a Cisco Switch.

Network Setup

MacBook 10.0.0.152/24 -->f0/9 L2 switch --> f0/1 L2 switch --> Unifi Router 10.0.0.99/24 --> Internet
Dell 10.0.0.151/24 --> f0/5 L2 switch --> f0/1 L2 switch --> Unifi Router 10.0.0.99/24 --> Internet

Plan

Macbook will generate traffic to the internet. Dell laptop will capture all it's live traffic using WireShark.

Terms

Source interface: The interface where the traffic will be captured.
Destination interface: The interface where all the captured traffic will be mirrored to.

Steps

1. At the L2 switch, configure the span source interface. In this case, I want to capture all of the traffic generated from MacBook to Internet. Therefore, port f0/1 will be used as span source interface because all traffic will go through this port to go to the internet.

Switch(config)#monitor session 1 source interface fastEthernet 0/1

2. Configure the destination interface. All traffic that is being captured at span source interface will be mirrored to this port.

Switch(config)#monitor session 1 destination interface fastEthernet 0/5

3. Please take note that the destination span port's protocol status will be changed to down once you've configured it as destination interface.

Switch#sh int f0/5 status

Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/5                        monitoring   1          a-full  a-100 10/100BaseTX

Switch#sh int f0/5
FastEthernet0/5 is up, line protocol is down (monitoring)

4. To check on current SPAN port setup on that switch.

Switch#show monitor session 1
Session 1
---------
Type              : Local Session
Source Ports      :
    Both          : Fa0/1
Destination Ports : Fa0/5
    Encapsulation : Native
          Ingress: Disabled

5. Live traffic that is being captured at port f0/1 of the L2 switch can be seen as per below. You're only seeing ICMP traffic because I'm generating continuous ping to 4.2.2.2 from the MacBook (10.0.0.152).


I hope that this post will benefit us all. Thank you for your time.

- Soulpower

Wednesday 27 March 2013

2. VLANs and VLAN Trunking


VLAN


VLAN means Virtual Local Area Network, as you guessed it. Its function is to virtually separate ethernet devices or interfaces to a different segment or broadcast domain. We need VLANs because by separating broadcast domain to a smaller group, it will reduce broadcast traffic to the entire broadcast domain (entire broadcast domain means all devices that are connected to a single switch or hub in the same segment without any layer 3 device). How VLANs reduce broadcast traffic? It's simple. Broadcast sent by a device in one VLAN will only be forwarded to the other devices in the same VLAN. Therefore, devices in other VLANs will not be receiving the broadcast traffic, at the same time reducing switch's resources and loads.


In general, there are 2 types of VLANs. L2 VLAN and L3 VLAN. L means Layer in case you don't know. :P I know you must be wondering what's the differences of both VLANs, yes? Let's start with this. L2 VLAN does not have any IP address, but L3 VLAN owns an IP address and is represented as a subnet. Yes you are right. When it is Layer 3, then of course it can be routed in an IP network using routing protocols, as well as communicating with other VLANs. Please take note that unlike L3 VLAN, L2 VLAN devices cannot talk to each other unless there's a layer 3 device such as router configured as their default gateway.

Private VLANs
Will be updated soon.

VLAN Trunking Protocol (VTP)


Why do we need VTP and what is the benefit of using VTP to our network? Imagine if we have 100 switches and all of the switches needs to have the same VLAN configuration. Isn't that a lot of work for us to configure each 100 switches again and again with the same VLAN configuration? That's when VTP come to save us. If we use VTP, it advertises VLAN configuration information to the neighbouring switches so that VLAN configuration information needs to be made to only one switch, with all other switches in the network learning the VLAN information dynamically. So, we don't need to configure all 100 switches with the same VLAN configurations. Thanks to VTP!

VTP Modes
  1. Server Mode - Originates VTP adv., processes and update its VLAN configs, Forward received VTP adv., Saves VLAN in NVRAM or VLAN.dat, can create, modify or delete VLANs.
  2. Client Mode - Same as Server Mode but cannot create, modify or delete VLANs.
  3. Transparent Mode - Same as Server Mode but cannot originate VTP adv., and do not process adv. to update its VLAN configs.
To be continued.

-Soulpower