The Network Administrator

I have been using a free tool from Fluke networks called the Switch Port monitor. http://networking.flukenetworks.com/?elqPURLPage=607

You simply need to configure SNMP on your network device, I have provided an example for Cisco devices below.

snmp-server host inside 192.168.1.24
snmp-server host inside 192.168.1.24 trap
snmp-server host inside 192.168.1.24 poll
snmp-server enable traps

here 192.168.1.24 is the host that holds the Fluke switch port monitoring tool.
There are certain  vulnerabilities in regards to snmp , read about it on Cisco’s
website. Do not allow polling from outside.

If you are using WEP either 128bit or 64bit, you will have issues with iPhones, iPads, etc unless you enter $ before your actual WEP key. So from  favorite Apple device, enter WEP key as $1234567891 if your WEP key is 1234567891

Often time it is necessary to segment your network via different subnets and in some cases, you will need a DHCP scope for both subnets. In my case, I am creating a 2nd VLAN to be used for a public wireless network. I thought it would be nice to manage both DHCP scopes via MS DHCP.

This is the perfect situation to use a DHCP relay agent.

First you need to make sure you have your VLANS set up on your switches and trunk your up link ports all the way back to your default gateway. Next you want to be sure your switch ports are tagged for the proper VLAN ID (ie. VLAN1 for data, VLAN 2 for wireless). In my case, I am using Cisco wireless access points and I tagged the switch ports that they are connected to VLAN ID 2.

Next you need to add a 2nd DHCP scope to your MS DHCP server and add the proper scope options (Router, Name Server and DNS Servers)

The actual relay agent itself is the easy part. Enter the config mode on your router and set your encapsulation type to dot1Q, and assign a VLAN ID to each of your interfaces. The use the ip helper-address command to point to your DHCP Server. Then make sure your IP address for each interface is on the same subnet as the DHCP scopes your configured in DHCP. Below is an example of what your interfaces might look like.

I recommend http://networksims.com/, for what you may spend on dinner you get tons of labs http://networksims.com/em_details.html

This is great for testing and for practicing for Cisco CCNA, CCNP and CCIE!

I have two Cisco 2611 routers and I have two Cisco 1721 routers, This will work with a wide variety of Cisco router gear.

On router A, get to priv exec mode, and get to the first serial interface. Issue the commands below on that interface, also don’t forget a valid ip address, subnet mask (12.173.110.2) (255.0.0.0) and lastly issue a no shut to bring the interface up!

interface Serial0
no fair-queue
service-module t1 clock source internal

On router B, get to priv exec mode, and get to the first serial interface. Issue the commands below on that interface, also don’t forget a valid ip address, subnet mask (12.173.110.3) (255.0.0.0) and lastly issue a no shut to bring the interface up!

interface Serial0
no fair-queue
service-module t1 clock source line

If you need to make a t1 crossover cable, see below

8--8 unused

I had an issue where I wanted to leave a server off and only power it on when I needed it. I configured a Cisco Pix 501 as my vpn end point. I was able to establish the vpn tunnel and access my entire lan. I was not able to use WoL to wake up the server. I read a Cisco article that told me I simply needed to add a static route from my public ip (outside interface) to the ip of my server and that was it.


From the Pix cli issue
pix501(config)#static (inside,outside) 10.1.1.4 45.23.74.55 netmask 255.255.255.255 0 0


We recently came accross and issue while creating a new site to site vpn with a Cisco Pix 515 IOS 6.3(4) and a new ASA 5505 IOS 7.2(4) We were able to resolve the issue by removing peer-id-validate nocheck by issuing simple  peer-id-validate nocheck

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpngrp.html

Specify whether to validate the identity of the peer using the peer’s certificate:

hostname(config-ipsec)# peer-id-validate option
The available options are req (required), cert (if supported by certificate), and nocheck (do not check). The default is req. For example, the following command sets the peer-id-validate option to nocheck:

hostname(config-ipsec)# peer-id-validate nocheck

The other day I needed a tool to show me what port an application was  using….Instead of going out in search of another tool I simply opened a command windows, and typed in  netstat -ano

I was able to see the  the local ip of the server with all the ports listed and to the right I was able to see the process id. I could then go to my task manager, select view, select columns,  make sure  process id is checked. Within the task manager select processes and you will be able to see the process ids

I have seen this in Windows Vista and Windows 7 even with the lastest 5.6.0 VPN Client. I have read suggestions about disabling the windows firewall, etc.

This seems to have fixed the problem for now:

In the Start menu, right-click on the Command Prompt, and select “Run as Administrator.”

1. Enter the following line:reg add HKLM\System\CurrentControlSet\Services\Tcpip\Parameters /v ArpRetryCount /t REG_DWORD /d 0 /f

After building my new 64bit 2008 web server I never got around to enable the nic teaming. The steps for implementing this might be different depending on the manufacture of the network interface cards I have Intel nics. The first thing to do is to make sure that you have the correct driver for your nic to support the advanced functions such as teaming. Then go into the properties of one of the nics and select configure, select teaming, select new team and choose the nics that would want in the team. Now you can go to your network connections and you will see three interfaces for the Team. I like to rename the two nics that make up the virtual nic as a and b and then call the virtual nic public. You can then select the properties of public and set the correct settings such as ip, dns, gateway, etc.

The last thing to do is configure the port aggregation for each interface on the switch that the nics are connected. I have my server connected to a Cisco catalyst 2924. I will be using Fast ethernet ports 21 and 22.  This command needs to be issued on both fast ethernet interfaces  ”port group 1 distribution destination” without the quotes. For better performance I have also disabled spanning tree on each port 21 and 22, this is done by issuing the no spanning-tree command on each interface.