Tuesday, January 3, 2012

Source NAT on Cisco Router

There are only 4 commands to do static NAT on Cisco Router. Here is an example

access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface <wan> overload
ip nat outside ==> on WAN port
ip nat inside ==> on LAN port
Posted by at No comments:

VLAN on Cisco Switch & Mikrotik Router

On Cisco Switch
=============>
set ports of switch to reqired vlan-id. Make a port as trunk & connect a ethernet cable from trunk port to Mikrotik Router

On Mikrotik Router
===============>
1. Create VLAN for example valn10, vlan20, vlan30 on the port connected to switch.
2. Put IP address for each vlan.
3. Do DHCP on each vlan if required.
Posted by at No comments:

VLAN on Cisco

On Switch
==========>

VLAN on Cisco Switch is quite easy.  We can set a particular port to an specific VLAN by using the following command:
switchport access vlan <vlan-id>
Further we can set a particular port as a trunk-port to carry multiple VLANs traffic using the following commands:
switchport mode trunk
switchport trunk allowed vlan 10,20,30 ==> do not use this command if you want to carry all VLANs traffic

On Router
=========>
Either you have to connect to the router through access-vlan port individually (i.e. from each vlan to Router's different port) or connect to the router through trunk port & create subinterface as follows.

int f0/0.1
encapsulation dot1q
ip address 192.168.10.1 255.255.255.0
no shut


int f0/0.2
encapsulation dot1q
ip address 192.168.20.1 255.255.255.0
no shut


int f0/0.3
encapsulation dot1q
ip address 192.168.30.1 255.255.255.0
no shut
Posted by at 1 comment:

Sunday, November 6, 2011

VPN Configuration Mikrotik-Juniper

Mikrotik
===========>>

Mikrotik does not have clear demarcation between phase1 & phase2. However peer setting can be regarded as phase 1 and policy & proposal (esp-des-md5) can be regarded as phase2. We will established policy based VPN tunnel between Mikrotik & Juniper. Here is the configuration.

Mikrotik 450G
==============

Peer: Address: <peer-address>
    port:500
    Auth. Method: pre-sharedkey
    Exchange Mode: main
    Send Initial Contact: enable
    NAT Traversal: do not enable
    Proposal check: obey
    Hash Algorithm: md5
    Encryption Algorithm: des
    DH Group: modp768(this is same as group 1)
    Generate Policy: do not enable
    other thing: leave as it is.
Policy: General:
            Specify Src Address & Dst. Address
      Action:
        Action:encrypt
        Level: unique
        IPsec Protocols: esp
        Tunnel: enable
        SA Src. Address: <Local Public IP>
        SA Dst. Address: <Remote public IP>
        Proposal: default

Proposal:
    Auth Algorithms: md5
    Enc Algorithms: des
    PFS Group: none


Juniper SSG-350M
==================

    Click VPNs > AutoKey Advanced > Gateway
    Click New
        Gateway Name: Site B GW
        Security Level: Custom
        Remote Gateway: Click Static, and enter IP address: <peer IP>
        Preshared Key: <secret>
        Outgoing Interface: untrust (or whichever interface goes out to the Internet)
        Click Advanced
            Phase 1 Proposal: pre-g1-des-sha
            Mode (Initiator): Main
            Click Return
        Click OK
    Click Autokey IKE
    Click New
        VPN Name: Site B VPN
        Security Level: Custom
        Remote Gateway: Click Predefined, and select Site B GW from the pulldown menu
        Click Advanced
            Phase 2 Proposal: nopfs-esp-des-md5
        Bind to: None
            Click Return
        Click OK
    Click Policy
    Select From Trust to Untrust Zone, and click New
        Source Address: Click New Address : <Private network src>
        Destination Address: Click New Address: <Private network dest>
        Service: Any
        Action: Tunnel
        Tunnel: Site B VPN
        Modify matching bidirectional VPN policy: Enabled
        Click Ok
        Position at Top: Enabled

Posted by at 3 comments:

Monday, February 28, 2011

Nagios installation & Configufration

First install all dependencies if not installed previously
gcc, make, autoconf, automake
gd, gd-devel, openssl, openssl-devel
postgresql, postgresql-devel
ntp, ntp-snmp


Now install Nagios as follows
#useradd nagios
#passwd nagios
#groupadd nagcmd
#usermod -G nagcmd nagios
#usermod -G nagcmd apache
#mkdir ~/downloads
#cd ~/downloads#wget http://osdn.dl.sourceforge.net/sourceforge/nagios/nagios-3.0b3.tar.gz
#wget http://osdn.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.7.tar.gz
#cd ~/downloads
#tar xzf nagios-3.0b3.tar.gz
#cd nagios-3.0b3
#./configure –with-command-group=nagcmd
#make all
#make install
#make install-init
#make install-config
#make install-commandmode
#make install-webconf
#cd ~/downloads
#tar xzf nagios-plugins-1.4.7.tar.gz
#cd nagios-plugins-1.4.7
#./configure --with-nagios-user=nagios –with-nagios-group=nagios
#make
#make install
#htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
#/etc/init.d/httpd restart
#/etc/init.d/nagios restart
#chkconfig nagios on

Now check this configuration using link given below
http://localhost/nagios
or
http://yourhostname/nagios

Now go to /usr/local/nagios and configure the corresponding file as per your requirement. For more detail go to nagios.org
Posted by at No comments:

Thursday, January 20, 2011

what is running on which port

netstat -tnlp ==> to see what the system is listening on whice port
netstat -anp | grep :8000 ==> to see what the system is listening on port number 8000
Posted by at No comments:
Subscribe to: Posts (Atom)