Category: Configuration

Use TFTP to configure a Router

April 28, 2012 Router Config

If we want to send previously prepared configs commands to Router via TFTP we can do this in very simple way and in this article we will se how to do it on Cisco and Juniper device.

CISCO

When we use TFTP to download configuration commands to the router, he is not making an echo of each command which reduces overall time consumption, CPU consumption and increases speed.

In this example, we will configure this router by making it receive the file named RConfig from the server at 20.20.1.1 by using the Trivial File Transfer Protocol – TFTP. The router will use the whole file received via TFTP before entering all the commands into the running configuration. This is particularly good because some commands in the configuration process could prevent your access to the router by locking you out or disconnecting you from the network, but the rest of the commands might fix the issue. If you enter the same configurations manually using telnet or “configure t”, you would simply lock yourself out of the router and not be able to continue with your work. A usual example of this issue happens when you change an active access-list. When you enter the first line, the router puts an implicit deny at the end, which will break your connection. Entering commands by using TFTP avoids any of this kind of problem.

[Continue Reading...]

Saving VLAN.dat To NVRam

April 5, 2012 Configuration

Saving VLAN.dat To NVRam – How to save VLAN.dat to different place – VLAN.dat redirection

Switch VLAN.dat managementSometimes it can happen to you that the VLAN Database is lost when the switch is restarted. This is especially often when working in the lab environment. To help cross this issue you can tell the switch to save the VLAN.dat file to NVRAM instead of storing it to Flash. By default on Cisco switches that are running Cisco IOS the Flash memory is a default place to store VLAN.dat

[Continue Reading...]

PVLAN configuration

March 15, 2012 Configuration

Private VLAN – PVLAN configuration needs to be started by defining any secondary VLANs that are needed for isolation. Secondary VLAN  can be isolated or community VLAN.

Switch(config)# vlan 4
Switch(config-vlan)# private-vlan community
Switch(config)# vlan 5
Switch(config-vlan)# private-vlan community
Switch(config)# vlan 6
Switch(config-vlan)# private-vlan isolated

private VLAN - PVLAN configure

[Continue Reading...]

SPAN – Switched Port Analyzer technology and configuration

February 28, 2012 Configuration, Security - layer 2

In simple words SPAN technology enables port mirroring on selected switch.

In some cases you will need that some kind of server, PC or other network device receives a copy of network traffic that is destinated for some other device in the network. Why would you want that? Maybe you need some kind of control of the traffic or you want to implement IDS – Intrusion Detection System or something else. In that case you can configure every Cisco switch to send a copy of the traffic to one of the ports that is connected to sensor device.

[Continue Reading...]

Prevent ARP Spoofing using Dynamic ARP Inspection – DAI

February 23, 2012 Configuration, Security - layer 2

Additional protection of potential man in the middle attack
Dynamic ARP Inspection will help us prevent Address Resolution Protocol – ARP spoofing attacks with help of DHCP functionality and specially DHCP snooping. This is why  Dynamic ARP Inspection is usually used simultaneously with DCHP snooping. Let’s se how is this technology protecting us from ARP attack.

[Continue Reading...]