In this article I will configure, debug and shows the process of RIPv2 authentication.
Port-Mirroring
Port mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. This is commonly used for network appliances that require monitoring of network traffic such as an intrusion detection system, passive probe or real user monitoring (RUM) technology that is used to support application performance management (APM).
In our particular case, the faculty provided us with a Cisco Catalyst 2960 switch. We have configured this switch to mirror all internet-bound data traffic traversing the interface connected to network gateway, to the interface connected to Moloch server. As a result, we can now monitor all inbound and outbound lab traffic.
In this article I will configure dynamic complex ACL (Lock and Key). This technique is described during CCNA4 Exploration.
About Lock and Key
Description from the cisco web
Recovering from a Lost or Forgotten Password
The default configuration for the switch allows an end user with physical access to the switch to recover from a lost password by interrupting the boot process during power-on and by entering a new password. These recovery procedures require that you have physical access to the switch.
There are three steps to enable traceroute:
- In policy map “global_policy” in class “inspection_default” you need to add “inspect icmp” and “inspect icmp error”
- In policy map “global_policy” in class “class_default” you need to add “set connection decrement-ttl”
- On your oudside interface, you need add access list, that permits ICMP with “time-exceeded” on ingress direction
There is code, that you can paste in your ASA firewall:
Simple web calculator used for computation of the IP subnets through VLSM:
- Default route origination not working reliably.
- Automatic summarization turned on causes major networks to be propagated throughout the RIP domain with a metric of 1.
- Using RIPv2 on NBMA hub-and-spoke topology causes the hub router to rewrite the next hop field in the RIPv2 update to the IP address of the spoke router advertising the originalupdate, thereby creating reachability issues
Sometimes in my lab happens that students delete IOS of the switch from its flash. Unfortunately switches does not have rommon to realize quick IOS recovery over tftp. Only one way is over Xmodem.
Cat 2960 switchIOS recovery
To speed up the process of the recovery we may setup Xmodem speed to higher rate as default 9600 bits:
In this article I will describe how to proceed if your firmware upgrade on SRW 248G4 switch failed and the switch then stop working.
I have found only one solution how to recover from this disaster and it is sending a new firmware over PC serial (COM) port using xmodem protocol. A new firmware can be send to the failed switch with the help of Startup menu of the switch. The Startup menu can be entered when the switch is booting.
The flash animation explains how to configure DHCP server on a cisco router using the SDM. Where to find and how to install the SDM is described in this article.