Cisco Works Lan Management Solution :
The need for computers in this world are increasing day by day and the most important things is to have a connection between these computers so therr is need for network devices like switches , Routers and Firewalls.
The toughest job for Network Administrators is to administrator all the network devices from one place. Cisco systems has come with an solution called Cisco Works LAN Management Solution which is a software used to managemt and troubleshoot network devices.
LMS 3.2 Features :
1. Campus Manager
2. Common Services
3. Device Fault Management
4. Health And Utiliziation Monitors
5. Internetwork Performance Monitors
6. Resource Manager Essentials
I invite all those who are working in the field of Networking and Network Security for Knowledge Sharing.
Saturday, June 29, 2013
ASA Firewall
Hi Readers ,
Today i am going to post about the Security Appliance ( i.e Adapative Security Appliance )
Cisco Develops Security appliance for all kinds of customers vary from small , medium sized to large organizations.
Various models of ASA firewall :
1. Cisco 5505
2. Cisco 5510
3. Cisco 5520
4. Cisco 5540
5. Cisco 5550
6. Cisco 5580
7. Cisco 5585 X
Functional Overview of a Firewall :
Firewall Mode :
a. Routed Mode -
b. Transparent Mode -
-> A transparent firewall, on the other hand, is a Layer 2 firewall that acts like a "bump in the wire," or a "stealth firewall," and is not seen as a router hop to connected devices.
-> Layer 3 traffic, such as IP traffic, cannot pass through the security appliance unless you explicitly permit it with an extended access list.
-> The only traffice can pass through transparent firewall is ARP traffic which can be controlled by arp inspection
a. Routed Mode -
b. Transparent Mode -
-> A transparent firewall, on the other hand, is a Layer 2 firewall that acts like a "bump in the wire," or a "stealth firewall," and is not seen as a router hop to connected devices.
-> Layer 3 traffic, such as IP traffic, cannot pass through the security appliance unless you explicitly permit it with an extended access list.
-> The only traffice can pass through transparent firewall is ARP traffic which can be controlled by arp inspection
Differnce Between HSRP and VRRP Protocol
I hope this blog will be usefull to those who want to understand the difference between HSRP and VRRP.Both the protocols are widely used by Network professional to achieve gateway load-balancing .The More about these protocols are listed below.
HSRP :
-> HSRP stands for Hot Standby Routing Protocol
-> Cisco Properiotity Protocol
-> Preempt is diabled by default
-> HSRP Router terms Active Router, Standby Router
VRRP :
-> VRRP stands for Virtual Router Redundancy Protocol
-> Open Standard Protocol
-> Preempt is enable by default
-> VRRP Router terms Master Router, Backup Router
HSRP :
-> HSRP stands for Hot Standby Routing Protocol
-> Cisco Properiotity Protocol
-> Preempt is diabled by default
-> HSRP Router terms Active Router, Standby Router
VRRP :
-> VRRP stands for Virtual Router Redundancy Protocol
-> Open Standard Protocol
-> Preempt is enable by default
-> VRRP Router terms Master Router, Backup Router
Friday, June 28, 2013
Dell Sonicwall - Interview Questions
Hi readers ,
This time i would like to share another interview experience of mine in my blog
Company Name - Dell Sonicwall
Job Title - Network Security Engineer
Work Location - Chennai
Interview Mode - Telephonic
1. Can you explain about you , your educational background and Technical Background ?
2. Explain about DHCP process ?
3. What is the use of ARP Protocol ?
4. scenario - There are two brand new systems with windows seven operating system .In one of the system
i have created a file and saved it to the desktop. Now my question is what are the minimum software and
hardware requirments required for me to get the file in another system.
5. What do you mean by proxy ARP ?
6. What is mean by SSL Handshake ?
7. what is the difference between STP and RSTP ?
8. Can you explain about VPN ?
9. What is mean by TCP Handshake ?
10. what is mean by iterative query ?
11. Scenario - In a router there are two routing protocol EIGRP and OSPF , by default the router will
choose which route .
This time i would like to share another interview experience of mine in my blog
Company Name - Dell Sonicwall
Job Title - Network Security Engineer
Work Location - Chennai
Interview Mode - Telephonic
1. Can you explain about you , your educational background and Technical Background ?
2. Explain about DHCP process ?
3. What is the use of ARP Protocol ?
4. scenario - There are two brand new systems with windows seven operating system .In one of the system
i have created a file and saved it to the desktop. Now my question is what are the minimum software and
hardware requirments required for me to get the file in another system.
5. What do you mean by proxy ARP ?
6. What is mean by SSL Handshake ?
7. what is the difference between STP and RSTP ?
8. Can you explain about VPN ?
9. What is mean by TCP Handshake ?
10. what is mean by iterative query ?
11. Scenario - In a router there are two routing protocol EIGRP and OSPF , by default the router will
choose which route .
Wednesday, June 5, 2013
What happens when the Environment Temperature of the Cisco Switches Exceeds the Threshold Temperature
Hi everybody today i will share my knowledge about what will be the problem for the cisco switches if the environment temperature exceeds the Normal Operating temperature.
I will show how to check the Environment temperature details in cisco catalyst switches cisco 4507 and 6509 series.
Commands you should use to check environment temperature details are
1. show environment status.
2. show environment temperature.
Below are the ouput you will get if you type these commands in cisco switches
switch_4507>show environment temperature
Module Sensor Temperature Status
------+--------------------------+--------------------+------------
3 air inlet 36C (51C,65C,68C) ok
3 air outlet 43C (69C,83C,86C) ok
switch_6509>show environment temperature
VTT 1 outlet temperature: 23C
VTT 2 outlet temperature: 25C
VTT 3 outlet temperature: 29C
module 1 outlet temperature: 41C
module 1 inlet temperature: 24C
module 1 device-1 temperature: 24C
module 1 device-2 temperature: 39C
module 1 EARL outlet temperature: 34C
module 1 EARL inlet temperature: 29C
module 2 outlet temperature: 39C
module 2 inlet temperature: 24C
module 2 device-1 temperature: 24C
module 2 device-2 temperature: 37C
module 2 EARL outlet temperature: 29C
module 2 EARL inlet temperature: 28C
module 3 outlet temperature: 37C
module 3 inlet temperature: 26C
module 3 EARL outlet temperature: 26C
module 3 EARL inlet temperature: 27C
module 4 outlet temperature: 39C
module 4 inlet temperature: 25C
module 4 EARL outlet temperature: 26C
module 4 EARL inlet temperature: 27C
--More-- module 5 outlet temperature: 25C
module 5 inlet temperature: 21C
module 5 device-1 temperature: 29C
module 5 device-2 temperature: 30C
module 5 asic-1 temperature: 20C
module 5 asic-2 temperature: 20C
module 5 asic-3 temperature: 20C
module 5 asic-4 temperature: 20C
module 5 asic-5 temperature: 20C
module 5 asic-6 temperature: 20C
module 5 RP outlet temperature: 23C
module 5 RP inlet temperature: 24C
module 5 EARL outlet temperature: 28C
module 5 EARL inlet temperature: 22C
module 6 outlet temperature: 25C
module 6 inlet temperature: 20C
module 6 device-1 temperature: 29C
module 6 device-2 temperature: 29C
module 6 asic-1 temperature: 21C
module 6 asic-2 temperature: 21C
module 6 asic-3 temperature: 21C
module 6 asic-4 temperature: 21C
module 6 asic-5 temperature: 21C
--More-- module 6 asic-6 temperature: 21C
module 6 RP outlet temperature: 23C
module 6 RP inlet temperature: 24C
module 6 EARL outlet temperature: 28C
module 6 EARL inlet temperature: 22C
module 9 outlet temperature: 30C
module 9 inlet temperature: 30C
module 9 device-1 temperature: 25C
module 9 device-2 temperature: 28C
I will show how to check the Environment temperature details in cisco catalyst switches cisco 4507 and 6509 series.
Commands you should use to check environment temperature details are
1. show environment status.
2. show environment temperature.
Below are the ouput you will get if you type these commands in cisco switches
switch_4507>show environment temperature
Module Sensor Temperature Status
------+--------------------------+--------------------+------------
3 air inlet 36C (51C,65C,68C) ok
3 air outlet 43C (69C,83C,86C) ok
switch_6509>show environment temperature
VTT 1 outlet temperature: 23C
VTT 2 outlet temperature: 25C
VTT 3 outlet temperature: 29C
module 1 outlet temperature: 41C
module 1 inlet temperature: 24C
module 1 device-1 temperature: 24C
module 1 device-2 temperature: 39C
module 1 EARL outlet temperature: 34C
module 1 EARL inlet temperature: 29C
module 2 outlet temperature: 39C
module 2 inlet temperature: 24C
module 2 device-1 temperature: 24C
module 2 device-2 temperature: 37C
module 2 EARL outlet temperature: 29C
module 2 EARL inlet temperature: 28C
module 3 outlet temperature: 37C
module 3 inlet temperature: 26C
module 3 EARL outlet temperature: 26C
module 3 EARL inlet temperature: 27C
module 4 outlet temperature: 39C
module 4 inlet temperature: 25C
module 4 EARL outlet temperature: 26C
module 4 EARL inlet temperature: 27C
--More-- module 5 outlet temperature: 25C
module 5 inlet temperature: 21C
module 5 device-1 temperature: 29C
module 5 device-2 temperature: 30C
module 5 asic-1 temperature: 20C
module 5 asic-2 temperature: 20C
module 5 asic-3 temperature: 20C
module 5 asic-4 temperature: 20C
module 5 asic-5 temperature: 20C
module 5 asic-6 temperature: 20C
module 5 RP outlet temperature: 23C
module 5 RP inlet temperature: 24C
module 5 EARL outlet temperature: 28C
module 5 EARL inlet temperature: 22C
module 6 outlet temperature: 25C
module 6 inlet temperature: 20C
module 6 device-1 temperature: 29C
module 6 device-2 temperature: 29C
module 6 asic-1 temperature: 21C
module 6 asic-2 temperature: 21C
module 6 asic-3 temperature: 21C
module 6 asic-4 temperature: 21C
module 6 asic-5 temperature: 21C
--More-- module 6 asic-6 temperature: 21C
module 6 RP outlet temperature: 23C
module 6 RP inlet temperature: 24C
module 6 EARL outlet temperature: 28C
module 6 EARL inlet temperature: 22C
module 9 outlet temperature: 30C
module 9 inlet temperature: 30C
module 9 device-1 temperature: 25C
module 9 device-2 temperature: 28C
Thursday, April 25, 2013
IPv6 - The Begining
Features:
-> 128bit in length.
-> Total 3.40 Trillion Trillion Trillion IP address
-> No Broadcast IP Address
-> No NAT
-> IPv6 addresses are represented as eight groups of four hexadecimal digits separated by colons, for example 2001:0db8:85a3:0042:1000:8a2e:0370:7334,
Types of address:
Link local IP address:
- The first three bits should be 001
Following Combination is possible
001 0 i.e 2
001 1 i.e 3
Site Local IP address
- The first seven bits should be 1111 110
following combination is possible
Dear Readers kindly post your valuable suggestions and comments below so that i can enhance this blog with more informative and knowledgeable.
-> 128bit in length.
-> Total 3.40 Trillion Trillion Trillion IP address
-> No Broadcast IP Address
-> No NAT
-> IPv6 addresses are represented as eight groups of four hexadecimal digits separated by colons, for example 2001:0db8:85a3:0042:1000:8a2e:0370:7334,
Types of address:
Link local IP address:
- The first three bits should be 001
Following Combination is possible
001 0 i.e 2
001 1 i.e 3
Site Local IP address
- The first seven bits should be 1111 110
following combination is possible
Dear Readers kindly post your valuable suggestions and comments below so that i can enhance this blog with more informative and knowledgeable.
Monday, March 11, 2013
Syntel Corportion - Network Engineer Interview questions
Hi , i have attended Telephonic interview last week for Information Security Domain in Syntel Corporation, chennai . So i want to share my experience because i think it may be helpful to those who are searching job.
The questions i was asked during the interview are
1. The common question in all the interviews is " Tell about yourself ?"
2. Difference b/w Router and Firewall ?
3. Whether Firewall can able to terminate the network ?
3. Difference b/w the access-list in the router and Firewall ?
4. What is the port number used by Ping Command ?
5. Can you explain about the media layer in OSI model ?
6. How DHCP Works ?
7. what is the purpose of SRV Records in DNS ?
8. Router and Firewall works in which layer of OSI model ?
9. What is the use of NSLOOKUP command ?
10. what is the difference between AD in windows server 2003 and 2008 ( interms of security side)
11. What are the things you will observer , if you are asked to do firewall auditing ?
12. How will you contribute yourself to Information Security ?
13. Tell some commands you used for troubleshooting in windows or linux environment ?
The questions i was asked during the interview are
1. The common question in all the interviews is " Tell about yourself ?"
2. Difference b/w Router and Firewall ?
3. Whether Firewall can able to terminate the network ?
3. Difference b/w the access-list in the router and Firewall ?
4. What is the port number used by Ping Command ?
5. Can you explain about the media layer in OSI model ?
6. How DHCP Works ?
7. what is the purpose of SRV Records in DNS ?
8. Router and Firewall works in which layer of OSI model ?
9. What is the use of NSLOOKUP command ?
10. what is the difference between AD in windows server 2003 and 2008 ( interms of security side)
11. What are the things you will observer , if you are asked to do firewall auditing ?
12. How will you contribute yourself to Information Security ?
13. Tell some commands you used for troubleshooting in windows or linux environment ?
Wednesday, February 27, 2013
Network Device Troubleshooting Tips
Corrupt image & router boots into rommon mode:
Introduction:
This page explains how to recover a Cisco 2600 Series Router and a VG200 stuck in ROMmon (rommon# >prompt).Before You Begin
Conventions
For more information on document conventions, see the Cisco Technical Tips Conventions.
Prerequisites
There are no specific prerequisites for this document.
Components Used
This document is not restricted to specific software and hardware versions.
The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.
Check Configuration Register Settings
If the router is stuck in ROMmon mode, the first setting that should be checked is the value of the configuration register.
The first four bits of the configuration register comprise the boot field. The value of the boot field defines the source of a default Cisco IOS® software image that will be used to run the router. If the value of the boot field is 0 (configuration register value of XXX0), on startup the system enters and remains in the ROM monitor mode (rommon>), awaiting a user command to boot the system manually. For more information on the software configuration register bit meanings, see Configuring the Software Configuration Register.
If your router keeps entering the ROMmon mode each time the system is restarted, it is probably due to the setting of the configuration register. To verify the configured value of the configuration register, use the confreg command as shown below:
rommon 2 > confreg
Configuration Summary
enabled are:
load rom after netboot fails
console baud: 9600
boot: the ROM Monitor
do you wish to change the configuration? y/n [n]:
As indicated by the output of the confreg command above, the configuration register is set to a value that forces the router to go into the ROMmon mode each time it is reloaded or power-cycled. To make the router boot automatically from a default Cisco IOS software image, change the configuration register value as shown below:
rommon 2 > confreg
Configuration Summary
enabled are:
load rom after netboot fails
console baud: 9600
boot: the ROM Monitor
do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]:
enable "use net in IP bcast address"? y/n [n]:
disable "load rom after netboot fails"? y/n [n]:
enable "use all zero broadcast"? y/n [n]:
enable "break/abort has effect"? y/n [n]:
enable "ignore system config info"? y/n [n]:
change console baud rate? y/n [n]:
change the boot characteristics? y/n [n]: y
enter to boot:
0 = ROM Monitor
1 = the boot helper image
2-15 = boot system
[0]: 2
Configuration Summary
enabled are:
load rom after netboot fails
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-C2600
do you wish to change the configuration? y/n [n]: n
You must reset or power cycle for new config to take effect
By doing this, you have changed the configuration register to a value that makes it look for a valid Cisco IOS software image on startup and boot from the same. The router must now be reset.
rommon 3 > reset System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Copyright (c) 1999 by cisco Systems, Inc. TAC:Home:SW:IOS:Specials for info
The router should now reload with a valid Cisco IOS software image.
Look for a Valid Image in Flash
If the configuration register value is set to make the system boot automatically from a default Cisco IOS software image, and if no break signal is sent during start up, the router should boot normally. However, if the router still enters the ROMmon mode, it is probably because the device is unable to locate a valid Cisco IOS software image.
The first thing you need to do then is to look for a valid Cisco IOS software image. To do this, issue the dir <device> command for each available device, and look for a valid Cisco IOS software image. For example, to look for the IOS in the Flash, use the command shown below.
rommon 1 > dir flash:
File size Checksum File name
5358032 bytes (0x51c1d0) 0x7b16 c2600-i-mz.122-10b.bin
rommon 2 >
Note that if the router returns the "bad device name" message, the device specified probably does not exist. The output above indicates that a valid image is indeed present in the Flash. Try to boot from that image using the boot command.
rommon 2 > boot flash:c2600-i-mz.122-10b.bin program load complete, entry point: 0x80008000, size: 0x51c0dc Self decompressing the image : ################################################# ################################## ...
The router should now boot with the Cisco IOS software image specified in the boot command. However, there are times when a valid image does not exist on any of the devices or the image on the Flash might be corrupted. In these cases, a valid image has to be downloaded using Trivial File Transfer Protocol (TFTP) or by using the Xmodem procedure. Both these procedures can be carried out from the ROMmon mode.
Note: There are instances where the system message "Device does not contain a valid magic number" appears. If this happens, in addition to getting a valid Cisco IOS software image, you might need to reseat the Flash or replace it, if it is damaged.
Wednesday, November 28, 2012
Dynamic Routing Protocol :
1. RIP
2. IGRP
3. EIGRP
4. OSPF
5. BGP
RIP :
Routing Information Protocol is a true distance vector Routing protocol which sends complete routing table to its neighbours over a periodic time of 30 seconds. RIP is a broadcasting protocol. The maximum HOP count is 15 which means that RIP protocol will not suitable for a network where the no of router exceeds 16.
RIP protocol comes in two versions
1. RIP v1
2. RIP v2
Dear Readers kindly post your valuable suggestions and comments below which will initiate me to make this blog with more information.
Thursday, November 15, 2012
Steps to Configure Site to Site VPN
R1(config)#crypto isakmp enable
R1(config)#crypto isakmp policy 1
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#encryption aes
R1(config-isakmp)#hash sha
R1(config-isakmp)#group 2
R1(config-isakmp)#exit
R1(config)#crypto isakmp key 0 address 10.0.0.1 0.0.0.0
R1(config)#crypto ipsec transform-set yasser esp-aes esp-sha-hmac
R1(config)#crypto ipsec security-association lifetime seconds 86400
R1(config)#ip access-list extended ramzy
R1(config-ext-nacl)#permit ip 172.16.0.0 0.0.255.255 192.168.10.0 0.0.0.255
R1(config-ext-nacl)#exit
R1(config)#
Subscribe to:
Posts (Atom)