Category Archives: Cisco

Cisco 1841 + HWIC-4ESW + NAT

Cisco 1841 ethernet port + dialer interface

interface FastEthernet0/0
description == WAN interface
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0/1
description == LAN interface
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
duplex auto
speed auto
!

interface Dialer1
description == pppoe to ISP
ip address negotiated
ip mask-reply
ip directed-broadcast
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname username@domain.tld
ppp chap password 7 060B162A5D4C222C1F
ppp pap sent-username username@domain.tld password 7 030E3100150D592954
ppp ipcp dns request
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!

DHCP POOL

ip dhcp pool LAN
network 192.168.2.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 4.4.4.4
domain-name your-domain.tld

VLAN configuration

interface Vlan2
description == LAN
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside <— important part in NAT translation
ip virtual-reassembly in

HWIC-4ESW ethernet port configuration

interface FastEthernet0/0/0
description == PC LAN
switchport access vlan 2
no ip address
!
interface FastEthernet0/0/1
description == AP LAN
switchport access vlan 2
no ip address
!

NAT

ip nat inside source list 1 interface Dialer1 overload

NAT ACL

access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255

Connect cisco switch and linux server for kvm virtualization

We need bridge (brX) interface(s) for linux kvm virtualization.

EXAMPLE FOR 3 VLAN-S

VLAN-s must be defined on Cisco switch

VLAN 10 – IT vlan
VLAN 20 – DMZ vlan
VLAN 30 – guest vlan

Define vlan without ip (L2 switch):

switch# conf t
switch(config)# vlan 10
switch(config-vlan)# name vlan-it
switch(config-vlan)# end
switch# write

Define vlan with ip address (L3 switch):

switch# conf t
switch(config)# interface vlan 10
switch(config-if)# ip adress 192.168.10.1 255.255.255.0
switch(config-if)# description vlan-it
switch(config-if)# end
switch# write

INTERFACE CONFIGURATION ON CISCO SWITCH

Connection to network interface eth0 on linux server for vlan 10 and vlan 30 (trunk connection):

interface GigabitEthernet1/0/30
 description == kvm server IT
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10,30
 switchport mode trunk

Connection to network interface eth1 on linux server for vlan 20 (trunk connection):

interface GigabitEthernet1/0/31
 description == kvm server DMZ
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 20
 switchport mode trunk

NETWORK CONFIGURATION ON LINUX SERVER (Debian)

linux-server:~# cat /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# VLAN 10 (IT vlan)
auto eth0.10
iface eth0.10 inet manual
        up ifconfig eth0.10 up

# KVM bridge , VLAN 10, via eth0 (management interface)
auto br10
iface br10 inet static
        address xx.xy.xz.10
        netmask xx.xy.xz.0
        network xx.xy.xz.0
        broadcast xx.xy.xz.255
        gateway xx.xy.xz.1
        dns-nameservers 8.8.8.8 4.4.4.4
        dns-search local.domain.com
        bridge_ports    eth0.10 
        bridge_maxwait  5
        bridge_fd       1
        bridge_stp      on

# VLAN 20 (DMZ vlan)
auto eth1.20
iface   eth1.20 inet manual
        up ifconfig eth1.20 up

# KVM bridge, VLAN 20, via eth1
auto br20
iface br20 inet manual
        bridge_ports    eth1.20
        bridge_maxwait  5
        bridge_fd       1
        bridge_stp      on

# VLAN 30 (guest vlan)
auto eth0.30
iface eth0.30 inet manual
        up ifconfig eth0.30 up

# KVM bridge, VLAN 30, via eth0
auto br30
iface br30 inet manual
        bridge_ports    eth0.30
        bridge_maxwait  5
        bridge_fd       1
        bridge_stp      on

Replace stack member

SCENARIO:
Two Cisco 3750 series switches in stack.
Master C3750G-48TS
Slave C3750-24TS

GOAL:
Replace slave switch (C3750-24TS) with another slave C3750G-48TS switch witch has the same version of IOS as master switch. In the end we have 2 equal switches in rack. More interfaces and faster speed on second switch.

HOW TO DO IT:
1. backup all configurations

# copy running-config tftp

2. prepare configuration for interfaces witch where on 24 port switch for 48 port giga switch (in config replace FastEthernet with GigaEthernet)
3. write down cable arrangement (from patch panel to switch)
4. shutdown slave switch (unplug electrical cable)
5. remove stack cable(s) from slave switch
6. remove utp cables from switch
6. remove slave switch from rack
7. add new slave switch to rack
8. reconnect stack cables to new switch
9. power on new switch
10.reconnect utp cables,…
11. repair configuration on stack for newly added interfaces
12. check if everything is working as it should with;

# sh stack ...
# sh int bri
# ping ... 

Cisco vtp updating problems

It could be as simple as forget to setup a password. šŸ™‚

If you setup a vtp password on cisco server switch then you must setup a password on client switch to.

Check if password is configured for vtp:

# show vtp password

Setup vtp password on switch:

sw(config)# vtp password ...

Now vtp updating on cisco client switch is working perfectly well.

vtp – vlan trunk protocol

Cisco PIX …

hardware: Cisco PIX 515E with 6.3.x version of OS

Backup PIX configuration to tftp server

  1. login
  2. enable
  3. write net xxx.yyy.zzz.www:pix-conf-date.conf

xxx.yyy.zzz.www – tftp IP address

pix-conf-date.conf – configuration file name

 

Upgrade PIX OS from tftp

  1. login
  2. enable
  3. copy tftp flashĀ <— upgrade OS
  4. reloadĀ <— restart PIX

 

Configure NTP server

  1. login
  2. enable
  3. conf t
  4. ntp authenticate
  5. ntp server xxx.yyy.zzz.w1w source outsideĀ <— external NTP server
  6. ntp server xxx.yyy.zzz.w2w source outside
  7. ntp server xxx.yyy.zzz.w3w source insideĀ <— internal NTP server
  8. write mem <— save changes

Cisco dictionary

term mon – monitoring activities on the switch

term no mon – disable monitoring

show cdp neighbors – show conneced device to specific device

en – enable administrator mode

conf t – switch to configuration mode