Vlan Numbers

Posted by fanie on Wednesday, June 19, 2013

2950:
standard ios supports up to 64 vlans, able to use vlan id from 1 – 4094.
Enhanced image supports up to 250 vlans, able to use vlan id from 1 – 4094
2960:
Maximum up to 255 vlans, able to use vlan id from 1 – 4094
Lan lite supports up to 64 vlans, able to use vlan id from 1 – 4094
3550, 3560, 3750:
Maximum allowed vlans is 1005, able to use vlan id from 1 – 4094
4500, 6500:
Supports maximum up to 4094 vlans, able to use vlan id from 1 – 4094

source: http://cyruslab.net/2010/09/12/number-of-vlans-that-can-be-created-for-each-cisco-switch-models/

  • 0 and 4095: Reserved
  • 1 - Cisco default management
  • 2-1001: Available for Ethernet VLANs
  • 1002-1005: Defaults for FDDI and Token Ring VLANs
  • 1006-4094: Extended range available for Ethernet VLANs (802.1Q only) 

source : http://www.certmag.com/read.php?in=2692
More aboutVlan Numbers
at 8:00 PM { Add comments }

3 way handshake

Posted by fanie on Friday, March 29, 2013

The best 3 way handshake illustration :


source : http://jvmblog.tistory.com/180
More about3 way handshake
at 5:13 PM { Add comments }

Privilege Router Switch Mode

Posted by fanie on Saturday, March 23, 2013

Router> (this is user exec mode -> privilege 1)
Router# (this is enable exec mode -> privilege 15)
Router(conf) (this is global config)

Show history (show all commands that we have typed before)
The history size is up to 256 buffer


command :
Router#terminal history size 256


More aboutPrivilege Router Switch Mode
at 11:07 PM { Add comments }

HSRP version Multicast Switch Settings

Posted by fanie on Saturday, January 26, 2013

To setting hsrp is something like this :

int fa0/0
ip add 34.34.115.1 255.255.255.0
standby 0 ip 34.34.115.8

to know the multicast ip and port used by the system, use this :

debug ip packet detail

*Mar  1 00:54:07.423: IP: s=34.34.115.8 (local), d=224.0.0.2 (Vlan123), len 48, sending broad/multicast
*Mar  1 00:54:07.427:     UDP src=1985, dst=1985







the multicast ip and port number
Ip=224.0.0.2 source port=1985 destination port=1985
More aboutHSRP version Multicast Switch Settings
at 7:23 AM { Add comments }

Auto RP Multicast Router Settings

Posted by fanie

Finding auto-rp multicast port number, without memorizing the numbers

sh ip mroute

Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.0.1.39), 00:04:18/stopped, RP 0.0.0.0, flags: DCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Vlan123, Forward/Sparse-Dense, 00:03:07/00:00:00
    Loopback0, Forward/Sparse-Dense, 00:04:18/00:00:00

(*, 224.0.1.40), 00:04:20/stopped, RP 0.0.0.0, flags: DCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Loopback0, Forward/Sparse-Dense, 00:04:20/00:00:00

224.0.1.39 rp-announce
224.0.1.40 rp-discovery

More aboutAuto RP Multicast Router Settings
at 7:17 AM { Add comments }

IP DHCP Snooping Switch Settings

Posted by fanie on Sunday, January 20, 2013

Ip dhcp snooping


DHCP Snooping to stop rogue DHCP servers. Only allow dhcp messages from "trusted" ports

ip dhcp snooping trust -> to the dhcp server
ip dchp snooping vlan 100 -> inspect dhcp messages in vlan 100
ip dhcp snooping binding abcd.abcd.abcd vlan 100 1.1.1.2 vlan 100 (static binding)
ip dhcp snooping information option -> insertion 82 (in cisco drop insertion 82 when activating dhcp snooping-> default)

router drop insertion 82 message, to overcome this matter :
switch
no ip dhcp snooping information option
router
ip dhcp relay information trust-all (accept insertion 82 from switch)

ip dhcp snooping databse flash:data.txt (save ip dhcp mapping)

Verification


switch#sh ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
100
DHCP snooping is operational on following VLANs:   
100
DHCP snooping is configured on the following L3 Interfaces:

Insertion of option 82 is enabled
   circuit-id format: vlan-mod-port
    remote-id format: MAC
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:

Interface                    Trusted     Rate limit (pps)
------------------------     -------     ----------------
FastEthernet0/8              yes         unlimited

switch#sh ip dhcp snooping binding vlan 100
MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface
------------------  ---------------  ----------  -------------  ----  --------------------
00:0A:BC:1F:41:31   10.10.10.3         56371       dhcp-snooping   100    FastEthernet0/8
Total number of bindings: 1

Do static dhcp snooping binding
switch#ip dhcp snooping binding abcd.abcd.abcd vlan 100 10.10.10.2 interface f0/5 expiry 5000
Cat2#sh ip dhcp snooping binding
MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface
------------------  ---------------  ----------  -------------  ----  --------------------
00:0A:BC:1F:41:31   10.10.10.3         56371       dhcp-snooping   100    FastEthernet0/8
ab:cd:ab:cd:ab:cd   10.10.10.2          4995       dhcp-snooping   100    FastEthernet0/5
Total number of bindings: 2

Ip source guard
ip verify source -> inspect spoofed ip
ip verify source port-security -> inspect spoofed ip and mac address (need insertion 82)


DAI (dynamic arp inspection)

More aboutIP DHCP Snooping Switch Settings
at 8:00 AM { Add comments }

Syslog Priority Router Settings

Posted by fanie on Thursday, January 17, 2013

Syslog Priority (highest to lowest):
0.  Emergency (highest)
1.  Alert
2.  Critical
3.  Error
4.  Warning
5.  Notice
6.  Informational
7.  Debug (lowest)

Quick tips to Remember :
Eat Asian Cuisine Early With Ninja In Dubai


The lowest syslog priority can see all the syslog message. For example, syslog 6 can see syslog 0 - 6 messages.
 
More aboutSyslog Priority Router Settings
at 12:45 AM { Add comments }