Valuable Information for Water 3 Jan 2010 9:51 PM (15 years ago)
Correct timing to drink water, will maximize its effectiveness on the Human body.
Three to four (03-04) glasses of water - After waking up - Helps activate internal organs
One (01) glass of water - 30 minutes before meals - Helps digestion
One (01) glass of water - Before taking a bath - Helps lower blood pressure
One (01) glass of water - Before sleep - To avoid stroke or heart attack
%20glasses%20of%20water%20-%20After%20waking%20up%20-%20Helps%20activate%20internal%20organs%3Cbr%20/%3EOne%20(01)%20glass%20of%20water%20-%2030%20minutes%20before%20meals%20-%20Helps%20digestion%3Cbr%20/%3EOne%20(01)%20glass%20of%20water%20-%20Before%20taking%20a%20bath%20-%20Helps%20lower%20blood%20pressure%3Cbr%20/%3EOne%20(01)%20glass%20of%20water%20-%20Before%20sleep%20-%20To%20avoid%20stroke%20or%20heart%20attack%3Cbr%20/%3E%3Ca%20href%3D%22https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzkgODO9rlvLU5y6UVz1Yd-BldwRZt9YTssXlVzlp6LoV7AgBPYpN2MqDVnw-HzrSNIP4YMly-4Xd1bv9nwa8sBUQ5dxGwZYvOJRgl6Jw8lx0aMWxpihvm8blyKZJ-Pr71uZL-g8Oc00gW/s1600-h/clip_image001.jpg%22%3E%3Cimg%20style%3D%22margin:%200px%20auto%2010px;%20display:%20block;%20text-align:%20center;%20cursor:%20pointer;%20width:%20214px;%20height:%20320px;%22%20src%3D%22https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzkgODO9rlvLU5y6UVz1Yd-BldwRZt9YTssXlVzlp6LoV7AgBPYpN2MqDVnw-HzrSNIP4YMly-4Xd1bv9nwa8sBUQ5dxGwZYvOJRgl6Jw8lx0aMWxpihvm8blyKZJ-Pr71uZL-g8Oc00gW/s320/clip_image001.jpg%22%20alt%3D%22%22%20id%3D%22BLOGGER_PHOTO_ID_5422773956979018226%22%20border%3D%220%22%20/%3E%3C/a%3E)
Indian spices for all diseases 21 Dec 2009 5:26 AM (15 years ago)
COLDS
Mix a gram of dalchini/cinnamon powder with a teaspoon of honey to** cure cold. Prepare a cup of tea to which you should add ginger, clove, bay leaf and black pepper... This should be consumed twice a day.. Reduce the intake as the cold disappears.* **
GINGER FOR COLDS
Ginger tea is very good to cure cold. Preparation of tea: cut ginger into small pieces and boil it with water, boil it a few times and then add sugar to sweeten and milk to taste, and drink it hot.
DRY COUGHS
Add a gram of turmeric (haldi) powder to a teaspoon of honey for curing dry cough. Also chew a cardamom for a long time.
BLOCKED NOSE
For blocked nose or to relieve congestion, take a table spoon of crushed carom seeds (ajwain) and tie it in a cloth and inhale it.
SORE THROAT
Add a tea spoon of cumin seeds (jeera) and a few small pieces of dry ginger to a glass of boiling water. Simmer it for a few minutes, and then let it cool. Drink it twice daily. This will cure cold as well as sour throat.
AJWAIN/AJMO FOR ASTHMA*
*Boil ajwain in water and inhale the steam.
CURE FOR BACKACHE
Rub ginger paste on the backache to get relief.
GARLIC FOR HIGH BLOOD PRESSURE**
Have 1-2 pod garlic (lasan) first thing in the morning with water *
HONEY AND GINGER FOR HIGH BLOOD PRESSURE
Mix 1 table spoon and 1 table spoon ginger (adrak) juice, *1 table spoon of crushed cumin seeds (jeera), and have it twice daily.
MIGRAINE
For the cure of migraine or acute cold in the head; boil a tablespoon of pepper powder, and a pinch of turmeric in a cup of milk, and have it daily for a few couple of days.
BITTER GOURD/KARELA IS GOOD
A tablespoon of amla juice mixed with a cup of fresh bitter gourd (karela) juice and taken daily for 2 months reduces blood sugar.
TURMERIC: CURE FOR INJURIES
For any cut or wound, apply turmeric powder to the injured portion to stop the bleeding. It also works as an antiseptic. You can tie a bandage after applying haldi/turmeric.
CRAMPS
You must do a self-massage using mustard oil every morning. Just take a little oil between your palms and rub it all over your body. Then take a shower. This is especially beneficial during winter. You could also mix a little mustard powder with water to make a paste and apply this on your palms and soles of your feet.
HEADACHES
If you have a regular migraine problem, include five almonds along with hot milk in your daily diet. You could also have a gram of black pepper along with honey or milk, twice or thrice a day. Make an almond paste by rubbing wet almonds against a stone. This can be applied to forehead.
Eat an apple with a little salt on an empty stomach everyday and see its wonderful effects. OR when headache is caused by cold winds, cinnamon works best in curing headache. Make a paste of cinnamon by mixing in water and apply it all over your forehead *
TURMERIC FOR ARTHRITIS
Turmeric can be used in treating arthritis due to its anti-inflammatory property. Turmeric can be taken as a drink other than adding to dishes to help prevent all problems. Use one teaspoon of turmeric powder per cup of warm milk every day. It is also used as a paste for local action.
GOOD FOR THE HEART
Turmeric lower cholesterol and by preventing the formation of the internal blood clots improves circulation and prevents heart disease and stroke. Turmeric can be taken as a drink other than adding to dishes to help preventall problems.. Use one teaspoon of turmeric powder per cup of warm milk every day. It is also used as a paste for local action.
GOOD FOR INDIGESTION *
Turmeric can be used to relieve digestive problems like ulcers, dysentery. Turmeric can be taken as a drink other than adding to dishes to help prevent all problems. Use one teaspoon of turmeric powder per cup of warm milk every day. It is also used as a paste for local action.
HONEY IS A GOOD CURE FOR ALL DISEASES
Mix 1 teaspoon honey with a teaspoon of cinnamon powder and have it at night.
HICCUPS
Take a warm slice of lemon and sprinkle salt, sugar and black pepper on it. The lemon should be eaten until the hiccups stop. *
HIGH BLOOD CHOLESTEROL
In 1 glass of water, add 2 tbsps of coriander/dhania seeds and bring to a boil. Let the decoction cool for some time and then strain. Drink this mixture two times in a day. **OR Sunflower seeds are extremely beneficial, as they contain linoleic acid that helps in reducing the cholesterol deposits on the walls of arteries.*
PILES
Radish juice should be taken twice a day, once in the morning and then later in the night. Initially drink about? cup of radish juice and then gradually increase it to ? cup.. OR Soak 3-4 figs in a glass of water. Keep it overnight. Consume the figs on an empty stomach, the next day in the morning
VOMITING
Take 2 cardamoms/elachi and roast them on a dry pan (tava). Powder the cardamoms and thereafter add a tsp of honey in it. Consume it frequently. It serves as a fabulous home remedy for vomiting. OR In the mixture of 1 tsp of mint juice and 1 tsp limejuice, add 1 tsp of ginger juice and 1 tsp honey. Drink this mixture to prevent vomiting. *
*OR Limejuice is an effective remedy for vomiting. Take a glass of chilled limejuice and sip slowly. To prevent vomiting, drink ginger tea. OR In 1 glass water, add some honey and drink sip by sip. *
WARTS
Apply castor oil daily over the problematic area. Continue for several months. OR Apply milky juice of fresh and barely-ripe figs a number of times a day. Continue for two weeks. OR Rub cut raw potatoes on the affected area several times daily. Continue for at least two weeks. *
*OR Rub cut onions on the warts to stimulate the circulation of blood. OR Apply milk from the cut end of dandelion over the warts 2-3 times a day. OR Apply oil extracted from the shell of the cashew nut over the warts. OR Apply Papaya juice OR Apply Pineapple juice.*
URINARY TRACT INFECTION
Drink Cranberry juice. You can also add some apple juice for taste.
SINUSITIS
Mango serves as an effective home remedy for preventing the frequent attacks of sinus, as it is packed with loads of vitamin A. OR Another beneficial remedy consists of consuming pungent foods like onion and garlic, as a part of your daily meals. OR Fenugreek/methi leaves are considered valuable in curing sinusitis. In 250 ml water, boil 1 tsp of Fenugreek seeds and reduce it to half. This will help you to perspire, dispel toxicity and reduce the fever period. OR Tie a tsp of black cumin seeds in a thin cotton cloth and inhale.*
TONSILLITIS
Take a fresh lemon and squeeze it in a glass of water. Add 4 tsp of honey and ? tsp of salt in it. Drink it slowly sip by sip. OR Milk has proved beneficial in treating tonsillitis. In 1 glass of pure boiled milk, add a pinch of turmeric powder and pepper powder. Drink it every night for about 3 days. *
Boson Netsim CCNA Lab Manual 14 Dec 2009 7:18 AM (15 years ago)
Boson Netsim CCNA Lab download Manual - http://www.megaupload.com/?d=NQU8O2E0
OR
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
BOSON Classroom Labs for CCNA
Student Lab Guide
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
TABLE OF CONTENTS
INTRODUCTION
LAB 1 - BASIC ROUTER CONFIGURATION
LAB 2 - ADVANCED ROUTER CONFIGURATION
LAB 3 - CDP
LAB 4 - TELNET
LAB 5 - TFTP
LAB 6 - RIP
LAB 7 - IGRP
LAB 8 - EIGRP
LAB 9 - OSPF
LAB 10 - CATALYST 1900 SWITCH CONFIGURATION
LAB 11 - VLANs and TRUNKING (Catalyst 1900 Switches)
LAB 12 - CATALYST 2950 SWITCH CONFIGURATION
LAB 13 - VLANs and TRUNKING (Catalyst 2950 Switches)
LAB 14 - IP ACCESS LISTS
LAB 15 - NAT/PAT
LAB 16 - PPP & CHAP
LAB 17 - ISDN BRI-BRI using Legacy DDR
LAB 18 - ISDN BRI-BRI using Dialer Profiles
LAB 19 - ISDN PRI using Dialer Profiles
LAB 20 - FRAME RELAY
Appendix A: IPX LAB
Appendix B: ANSWERS TO QUESTIONS
Appendix C: LAB CONFIGURATIONS (coming soon)
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
INTRODUCTION
Boson NetSim: Overview
The CCNA labs contained in this lab guide are based on the Boson NetSim. This PCbased
product simulates a wide variety of Cisco routers as well as the Catalyst 1900,
2950, and 5000 switches. The NetSim supports multiple routing protocols, including
RIP, IGRP, EIGRP, and single-area OSPF. It supports different LAN/WAN protocols,
including PPP/CHAP, ISDN, and Frame Relay.
The exercises in this lab guide only require the NetSim – they do not require access to
any external router or switch hardware.
It should be noted that the NetSim supports many, but not all of the IOS commands
available on a real router or switch. All the commands referenced in this lab guide are
supported through the Simulator.
Getting Started
To invoke the NetSim, double-click on the Boson NetSim icon on your PC screen.
If there is not an icon on the PC screen, you can start the NetSim by pressing Start ->
Boson NetSim -> Boson NetSim.
You will be presented with a screen that has buttons at the top representing each router,
switch, or PC that you will be configuring.
Press one of the buttons to configure a device. Some of the devices are hidden (Switch 3,
Switch 4, PC1, and PC2) and can be accessed
by pressing the More Devices button. There is also a button that can be pressed to show
the network topology that the labs are based on.
Lab Topology
The Lab Topology is shown in the diagram on the next page (it can also be viewed by
selecting the Topology button at the top of the NetSim screen).
You will have:
• 4 x Cisco 2500 routers
o each router has one Ethernet and two serial interfaces
o one of the 2500’s, router1, has an ISDN BRI interface
• 1 x Cisco 2600 router (identified as router2)
o has one Ethernet interface
o has both an ISDN BRI and a PRI interface
• 2 x Catalyst 1912 switches
o each switch has twelve 10baseT and two Fast Ethernet ports
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
• 2 X Catalyst 2950 switches
o each switch has twelve 10/100 Ethernet ports
• 2 x PC’s
The LAN/WAN interfaces and subnet numbers are indicated on the diagram. Specific
interface IP addresses are included in a table on page 6.
LAB TOPOLOGY
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
IP Addresses
The IP addresses and subnet masks used in all the labs are shown in the table below.
DEVICE INTERFACE IP ADDRESS MASK
router1
E0
S0
S1
BRI0
160.10.1.1
175.10.1.1
215.10.1.1
200.10.1.1
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
router2
FA0/0
BRI0/0
S0/0 (ISDN PRI)
160.10.1.2
200.10.1.2
201.10.1.2
255.255.255.0
255.255.255.0
255.255.255.0
router3
S0
S1
E0
175.10.1.2
180.10.1.1
197.10.1.1
255.255.255.0
255.255.255.0
255.255.255.0
router4 E0
S0
195.10.1.1
180.10.1.2
255.255.255.0
255.255.255.0
router5 S0 215.10.1.2 255.255.255.0
switch1 - 195.10.1.99 255.255.255.0
switch2 - 195.10.1.100 255.255.255.0
switch3 - 197.10.1.99 255.255.255.0
switch4 - 197.10.1.100 255.255.255.0
pc1 - 195.10.1.2 255.255.255.0
pc2 - 197.10.1.2 255.255.255.0
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
Lab Scenarios
There are 20 labs contained in this Lab Guide. They include:
• Lab 1 - Basic Router Configuration
• Lab 2 - Advanced Router Configuration
• Lab 3 - CDP
• Lab 4 - Telnet
• Lab 5 - TFTP
• Lab 6 - RIP
• Lab 7 - IGRP
• Lab 8 - EIGRP
• Lab 9 - OSPF
• Lab 10 – Catalyst 1900 Switch Configuration
• Lab 11 - VLANs & Trunking (Catalyst 1900)
• Lab 12 - Catalyst 2950 Switch Configuration
• Lab 13 - VLANs and Trunking (Catalyst 2950)
• Lab 14 - IP Access Lists
• Lab 15 - NAT/PAT
• Lab 16 - PPP & CHAP
• Lab 17 - ISDN BRI-BRI using Legacy DDR
• Lab 18 - ISDN BRI-BRI using Dialer Profiles
• Lab 19 - ISDN PRI using Dialer Profiles
• Lab 20 - Frame Relay
There is also an optional IPX lab contained in Appendix A of this lab guide.
These labs build upon each other so the best approach is to follow the labs sequentially.
You will also be asked questions at various points during the lab. Answers to these
questions are contained in Appendix B at the back of this lab guide. Appendix C also
contains the completed configurations for selected labs.
Saving/Restoring Configuration Files
You can save your work and exit at any point. First, make sure you have selected the
appropriate router/switch/PC button at the top of the NetSim screen.
The next step is to press File -> Save Device Config from the top of the screen. You will
then be prompted for a file name.
Each individual device configuration must be saved separately. At a minimum, you
should plan to save all configurations each time you power off your PC.
To restore a configuration file, make sure you have pressed the appropriate
router/switch/PC button. The next step is to press File -> Load Device Config
(Overwrite) at the top of the screen and to select the correct saved configuration file.
The configuration will then be loaded.
Note: this process can take 15-20 seconds to complete and you will see configuration
commands flash across the screen. Be patient!
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 1 – BASIC ROUTER CONFIGURATION
1. In this lab, you will get practice with basic configuration and show commands on the
Cisco router.
2. Select Router1 from the tool bar. Press enter to get to the user prompt
Router>
3. The greater-than symbol ( >) in the prompt indicates you are in user mode. Type ? to
see a list of commands that can be entered in user mode.
Router> ?
4. Type enable to get into privileged mode. The pound sign (#) indicates you are now in
privileged mode.
Router> enable
Router#
5. Type ? to see a list of commands that can be entered in privileged mode. Notice that
there are more commands available in
privileged mode than are available in user mode. Configure and reload are two such
commands that can only be issued in privileged mode.
Router# ?
6. Exit privileged mode by typing disable.
Router# disable
Router>
7. Re-enter privileged mode and type configure terminal to get into configuration mode
Router> enable
Router# configure terminal
Router(config)#
8. Configure a hostname of ‘router1’ (without the quote marks). Notice how the prompt
changes.
Router(config)# hostname router1
router1(config)#
9. In global configuration mode on router1, type enable ?. This will show valid
parameters that can be entered with the enable command.
Configure an enable password of ‘ccnalab’ that will not be encrypted when viewing the
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
router configuration file and an enable
password of ’cisco’ that will be encrypted.
a. Question: when both encrypted and unencrypted enable passwords are configured,
which one is used?
router1(config)# enable ?
router1(config)# enable password ccnalab
router1(config)# enable secret cisco
10. Configure an IP address for the Ethernet0 interface on router1 (refer to the table on
page 6 for all IP addresses and masks).
Activate the interface – it is currently in ‘shutdown’ mode. You should see a message
that the interface has now come up.
Practice using the tab key – type int and then the tab key (no spaces). You should see the
word interface spelled out.
router1(config)# int
router1(config)# interface ethernet0
router1(config-if)# ip address 160.10.1.1 255.255.255.0
router1(config-if)# no shutdown
11. Configure an IP address for router1’s Serial0 interface (refer to the table for IP
addresses and masks) and activate the interface.
Practice using abbreviated commands for both interface serial0 and no shutdown.
router1(config-if)# int s0
router1(config-if)# ip address 175.10.1.1 255.255.255.0
router1(config-if)# no shut
12. Exit configuration mode by keying ctrl-z . This will bring you back to the privileged
mode prompt. You could also accomplish the same thing
by keying exit twice. The exit command moves you back one level
(from interface-configuration mode - global configuration mode - privileged mode
prompt).
router1(config-if)# ctrl-z
router1#
13. Type logout to exit the command line interface
router1# logout
14. Press the enter key to get back into the user mode prompt and then type enable to get
into privileged mode. You will be prompted for the
enable secret password ‘cisco’ which you previously configured.
router1> enable
password: cisco
router1#
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
15. Display a summary of all interfaces by typing:
router1# show ip interface brief
16. Display detailed information on each interface by typing:
router1# show interfaces
17. Display the active configuration in DRAM by typing:
router1# show running-config
18. Display the saved configuration in NVRAM by typing show startup-config.
a. Question: does anything exist in NVRAM? If not, why not?
router1# show startup-config
19. Save the running (active) configuration to NVRAM by typing:
router1# copy running-config startup-config
20. Now display the contents of NVRAM again. This time, you should see the active
configuration saved in NVRAM.
router1# show startup-config
21. Issue the show version command and answer these questions:
a. Question: What IOS release is running on router1?
b. Question: What are the contents of the configuration register?
router1# show version
22. Issue the command to show which Layer 3 protocols are currently running on the
router.
a. Question: which protocols are currently running on the router?
router1# show protocols
23. Select router2 from the toolbar on top. Press enter and get into user mode. From
there go into privileged mode.
Router> enable
Router# configure terminal
Router(config)#
24. Configure a hostname of ‘router2’ and configure an enable secret password of ‘cisco’
for router2.
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
Router(config)# hostname router2
router2(config)# enable secret cisco
25. Configure an IP address for Fast Ethernet 0/0 on router2 and activate the interface
(see the diagram above for IP addresses and masks). Router2 is 2600 modular router and
must be configured using slot/port notation.
router2(config)# interface Fa 0/0
router2(config-if)# ip address 160.10.1.2 255.255.255.0
router2(config-if)# no shut
26. Display the summary status of all interfaces. Remember to get out of configuration
mode first before issuing any show commands.
a. Question: what status should interface Fa 0/0 show if it is fully activated?
b. Question: what status would Fa 0/0 show if it was in ‘shutdown’ mode?
router2(config-if)# ctrl-z
router2# show ip interface brief
27. Try to ping router1’s Ethernet address (160.10.1.1) from router2.
a. Question: Were you successful? If not, what commands should you use for troubleshooting?
router2# ping 160.10.1.1
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 2 – ADVANCED ROUTER CONFIGURATION
1. In this lab you will practice using some advanced configuration and show commands
on the Cisco router. Please remember your lab 1 commands needed to switch
between Router modes (i.e. exit, end, disable)
2. On router1, configure a console password of ‘boson’. The console user must enter this
password before gaining access to the user mode prompt.
router1(config)# line console 0
router1(config-line)# login
router1(config-line)# password boson
3. Configure a banner that says” Welcome to Router1 - Authorized Users Only”.
router1(config)# banner motd #
Welcome to Router1 - Authorized Users Only #
4. Test the banner and console password by logging out of the router and logging back
in. Get into enable mode after successfully logging into the console.
router1# logout
enter
password: boson
router1> enable
password: cisco
router1#
5. Configure a password of ‘cisco’ on router2 that will enable remote users to Telnet into
it:
router2(config)# line vty 0 4
router2(config-line)# login
router2(config-line)# password cisco
6. On router1, associate a name of ‘router2’ with the remote IP address 160.10.1.2. This
will allow you to ping router2’s name rather than having to remember its IP address.
router1(config)# ip host router2 160.10.1.2
7. Verify that the name is in router1’s host table with the show hosts command.
router1# show hosts
8. Ping ‘router2’ and verify that the pings succeed.
router1# ping router2
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
9. Display the contents of flash memory on router2.
a. Question: what is the name of the IOS image in flash and how large is it?
router2# show flash
10. Display the history table on router1. This shows the last 10 commands that were
entered on the router. You can recall commands by entering CTRL-P or by hitting the up
arrow key.
router1# show history
router1# ctrl-p (to see previously entered commands)
11. On router1, do a show interfaces on Serial 0. Note on the third line of the output that
the bandwidth is assumed to be 1544kb. This is because the router assumes all serial
links are T1’s unless you configure otherwise. Configure router1’s S0 link to have a
bandwidth of 64kb and then reenter the show interfaces command.
router1# show interfaces serial 0
router1# configure terminal
router1(config)# interface serial 0
router1(config-if)# bandwidth 64
router1(config-if)# clock rate 64000
router1(config-if)# ctrl-z
router1# show interfaces serial 0
12. On router1, add a description to interface Serial 0 that says “Serial Link to Router3”.
This description will appear whenever you issue a show interfaces
command for Serial 0.
router1(config)# interface serial 0
router1(config-if)# description Serial Link to Router3
router1(config-if)# exit
router1(config)# exit
router1# show interfaces serial 0
13. Configure router3 and router4:
• configure hostnames
• configure an enable secret password of ‘cisco’
• assign IP addresses and subnet masks to serial & Ethernet interfaces (see table on
page 6)
• Remember to set the clock rate on the Router 3 Serial 1 interface.
• activate serial and Ethernet interfaces
• verify router3 can ping router1
• verify router3 can ping router4
• save the configurations to NVRAM
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 3 - CDP
1. In this lab, you will practice using Cisco Discovery Protocol (CDP) commands to view
information about directly connected neighbors.
2. On router1, display summary information for router1’s CDP neighbors. You should
see one-line entries for both router2 and router3.
router1# sh cdp neighbors
3. On router1, display detailed information about CDP neighbors. You can do this with
either the show cdp neighbors detail or show cdp entry * commands.
router1# show cdp neighbors detail
router1# show cdp entry *
4. On router1, display the interfaces where CDP is active.
a. Question: what is the CDP advertisement interval?
b. Question: what is the holdtime interval and what does it signify?
router1# show cdp interface
5. On router1, change the CDP advertisement interval to 50 sec. and the holdtime interval
to 170 sec.
Issue the show cdp interface command to verify the new timers are set correctly.
router1(config)# cdp timer 50
router1(config)# cdp holdtime 170
router1(config)# exit
router1# sh cdp interface
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 4 – TELNET
1. In this lab, you will practice Telnet’ing from one router to another. You will suspend
Telnet sessions using the ctrl-shift-6 X sequence and display active Telnet sessions using
the show sessions and show users commands.
2. From router1, Telnet to router2 (160.10.1.2). Once into router2, issue the show users
command. This command shows which remote users are Telnet’ed into this local router.
You should see router1’s IP address (160.10.1.1) as the user Telnet’ed into router2.
router1# telnet 160.10.1.2
router2>
router2# show users
3. Suspend your Telnet session to router2 by pressing CTRL-SHIFT-6 and X. You
should return to router1 without breaking the active Telnet session. Issue the show
sessions command on router1. This command shows what active, but suspended,
sessions you have to other routers.
router2# ctrl-shift-6 x
router1#
router1# show sessions
4. Now Telnet from router1 to router3. Suspend the session and return to router1. Issue
the show sessions command. You should now see two suspended sessions: one to
router2 (160.10.1.2) and one to router3 (175.10.1.2).
router1# telnet 175.10.1.2
router3>
router3> ctrl-shift-6 x
router1#
router1# show sessions
5. Disconnect the two suspended sessions on router1. The number used in the disconnect
command comes from the
left-most column in the show sessions output. Issue show sessions to see if the
suspended Telnet sessions have disappeared.
router1# disconnect 2
router1# disconnect 1
router1# show sessions
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 5 - TFTP
1. In this lab, you are going to configure PC1 as a TFTP-Server. You will then backup
and restore router4’s configuration to the TFTP-Server.
2. Under the NetSim, select PC1 from the Other Devices drop-down menu. Configure
PC1 to have an IP address of 195.10.1.2 with a mask of 255.255.255.0 and a defaultgateway
of 195.10.1.1. Use the winipcfg utility on the PC to do this. The PC is
automatically enabled to be a TFTP server.
c:> winipcfg
3. On router4, make sure you can ping PC1:
router4# ping 195.10.1.2
4. On router4, copy your running-configuration to the tftp-server. You will be prompted
for the address of the tftp-server (195.10.1.2). You will also be prompted for a file name
(any name you choose).
router4# copy running-config tftp
5. On the tftp-server (PC1), issue the show tftp-configs command to see if router4’s
configuration was successfully backed up (this is not a standard PC command, but one
developed for use with the NetSim).
c:> show tftp-configs
6. You will now restore the configuration you saved on the TFTP server to NVRAM on
router4. Make sure router4’s NVRAM is currently empty by issuing the show startupconfig
command. If it is not empty, use the erase startup-config command to clear it.
Restore the configuration from the tftp-server to NVRAM on router4 with the following
copy command (enter the PC’s IP address and previously-saved file name when
prompted):
router4# copy tftp startup-config
7. Issue the show startup-config command. You should now see the restored
configuration file in NVRAM.
a. Question: was it necessary to clear out router4’s NVRAM in order to copy a file into
it? Why?
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 6 - RIP
1. In this lab, you will be configuring RIP. On router1, router2, router3, and router4,
configure RIP V1 on all serial and Ethernet interfaces (except for the ISDN and frame
relay interfaces).
a. Question: On router1, why doesn’t the network statement under RIP specify
160.10.1.0 rather than 160.10.0.0?
router1(config)# router rip
router1(config-router)# network 160.10.0.0
router1(config-router)# network 175.10.0.0
router2(config)# router rip
router2(config-router)# network 160.10.0.0
router3(config)# router rip
router3(config-router)# network 175.10.0.0
router3(config-router)# network 180.10.0.0
router3(config-router)# network 197.10.1.0
router4(config)# router rip
router4(config-router)# network 180.10.0.0
router4(config-router)# network 195.10.1.0
2. On router1, issue the show ip protocols command. This commands shows information
about all dynamic routing protocols that are running on the router.
Based on the output of this command:
a. Question: how frequently does RIP advertise routing updates?
b. Question: what is the holddown timer interval for RIP?
router1# show ip protocols
3. On router4, issue the show ip route command. You should see two directly connected
routes (180.10.1.0 and 195.10.1.0) and three remote routes (160.10.0.0, 197.10.1.0 and
175.10.0.0).
a. What is the administrative distance for RIP?
router4# show ip route
4. On router4, ping both router1 and router2. The pings should succeed if RIP is
configured on all routers.
router4# ping 175.10.1.1
router4# ping 160.10.1.2
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
5. On router4, clear and recreate the IP routing table with the clear ip route * command.
This command is sometimes necessary when trying to troubleshoot unusual routing
problems.
router4# clear ip route *
6. On router1, enter the debug ip rip command. This will show the periodic (every 30
seconds) RIP updates being transmitted and received on each interface.
router1# debug ip rip
7. After you examine a few debug updates, turn debugging off with the command
undebug all
router1# undebug all
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 7 – IGRP
1. In this lab, you will configure the IGRP routing protocol. Begin by turning off RIP on
router1, router2, router3, and router4. You can verify RIP is turned off by using the
command show ip protocols.
routerx(config)# no router rip
routerx# show ip protocols
2. Turn on IGRP on router1, router2, router3, and router4. Use AS# 200.
router1(config)# router igrp 200
router1(config-router)# network 160.10.0.0
router1(config-router)# network 175.10.0.0
router2(config)# router igrp 200
router2(config-router)# network 160.10.0.0
router3(config)# router igrp 200
router3(config-router)# network 175.10.0.0
router3(config-router)# network 180.10.0.0
router3(config-router)# network 197.10.1.0
router4(config)# router igrp 200
router4(config-router)# network 180.10.0.0
router4(config-router)# network 195.10.1.0
3. Display the dynamic routing protocols that are running on router4.
a. Question: how frequently does IGRP send out routing updates?
b. Question: what is the holddown interval for IGRP?
c. Question: what is the default hop count for IGRP?
router4# show ip protocols
4. Display the IP routing table on router4.
a. Question: what is the administrative distance for IGRP?
router4# show ip route
5. From router4, ping router1 and router2. These pings should succeed if IGRP is
configured on all the routers.
router4# ping 175.10.1.1
router4# ping 160.10.1.2
6. On router1, issue the debug ip igrp events and debug ip igrp transactions commands.
Both commands can be used to show periodic (every 90 seconds) IGRP routing updates
being sent and received by the router.
a. Question: what is the difference between the two debug ip igrp commands?
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
router1# debug ip igrp events
router1# debug ip igrp transactions
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 8 – EIGRP
1. In this lab, you will configure the EIGRP routing protocol. Begin by turning off IGRP
on router1, router2, router3, and router4.
routerx(config)# no router igrp 200
2. Configure EIGRP on router1, router2, router3, and router4. Use Autonomous System
number 100 and configure EIGRP to send and receive updates on all interfaces,
excluding the ISDN and Frame Relay interfaces.
router1(config)# router eigrp 100
router1(config-router)# network 160.10.0.0
router1(config-router)# network 175.10.0.0
router2(config)# router eigrp 100
router2(config-router)# network 160.10.0.0
router3(config)# router eigrp 100
router3(config-router)# network 175.10.0.0
router3(config-router)# network 180.10.0.0
router3(config-router)# network 197.10.1.0
router4(config)# router eigrp 100
router4(config-router)# network 180.10.0.0
router4(config-router)# network 195.10.1.0
3. Display the dynamic routing protocols that are running on router4.
a. Question: what is the maximum router hop count with EIGRP?
router4# show ip protocols
4. On router1, display its EIGRP neighbors.
router1# show ip eigrp neighbors
5. On router1, display the statistics for EIGRP packet types sent and received.
router1# show ip eigrp traffic
6. On router1, display the EIGRP topology database.
a. Question: what does the EIGRP topology database contain?
router1# show ip eigrp topology
7. Display the IP routing table on router4.
a. Question: what is the administrative distance for EIGRP?
router4# show ip route
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
8. From router4, ping router1 and router2. These pings should succeed if EIGRP is
configured on all the routers.
router4# ping 175.10.1.1
router4# ping 160.10.1.2
9. On router1, enter the debug ip eigrp command to view EIGRP routing activity. (This
command is coming soon)
router1# debug ip eigrp
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 9 - OSPF
1. In this lab, you will configure the OSPF routing protocol. Begin by turning off EIGRP
on router1, router2, router3, and router4.
.
routerx(config)# no router eigrp 100
2. Configure OSPF on router1, router2, router3, and router4. Use Process ID 1
and configure OSPF to send and receive updates on all interfaces excluding the ISDN and
Frame Relay interfaces.
router1(config)# router ospf 1
router1(config-router)# network 160.10.1.0 0.0.0.255 area 0
router1(config-router)# network 175.10.1.0 0.0.0.255 area 0
router2(config)# router ospf 1
router2(config-router)# network 160.10.1.0 0.0.0.255 area 0
router3(config)# router ospf 1
router3(config-router)# network 175.10.1.0 0.0.0.255 area 0
router3(config-router)# network 180.10.1.0 0.0.0.255 area 0
router3(config-router)# network 197.10.1.0 0.0.0.255 area 0
router4(config)# router ospf 1
router4(config-router)# network 180.10.1.0 0.0.0.255 area 0
router4(config-router)# network 195.10.1.0 0.0.0.255 area 0
3. Display the dynamic routing protocols that are running on router4.
a. Question: How frequently does OSPF send routing updates?
router4# sh ip protocols
4. On router1, display its OSPF neighbors.
router1# sh ip ospf neighbor
5. On router1, display the interfaces running OSPF.
a. Question: what is the OSPF cost for a 10Mbps Ethernet interface?
router1# sh ip ospf interface
6. Display the IP routing table on router4.
a. Question: what is the administrative distance for OSPF?
router4# show ip route
7. From router4, ping router1 and router2. These pings should succeed if OSPF is
configured on all routers.
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
router4# ping 175.10.1.1
router4# ping 160.10.1.2
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 10 – CATALYST 1900 SWITCH CONFIGURATION
1. In this lab, you will configure basic IOS commands on the Catalyst 1900 switch.
2. From the NetSim tool bar, select Switch1 (Catalyst 1900). Press enter to get into the
user prompt mode. Enter enable to get into privileged mode.
Type ? to see a list of privileged mode commands. Enter disable to go back to user
mode.
enter
> enable
# ?
# disable
>
3. On switch1, go into privileged mode and then into global configuration mode. Assign
Switch1 a host name of 1900sw1. Use exit or ctrl-z to get out of configuration mode.
> enable
# configure terminal
(config)# hostname 1900sw1
1900sw1(config)# exit
1900sw1#
4. On switch1, type show running-config to see the active configuration.
a. Question: Do you need to issue copy running-config startup-config on the Catalyst
1900 to save the running configuration?
If not, why not?
1900sw1# show running-config
5. On switch1, erase the current configuration with the following command:
1900sw1# delete nvram
6. On switch1, get into privileged mode and then into global configuration. Reassign the
switch a hostname of 1900sw1 and an enable password of ‘cisco’. Assign the switch an
IP address of 195.10.1.99 with a subnet mask of 255.255.255.0. Assign the switch a
default gateway of 195.10.1.1 (router4’s Ethernet address).
> enable
# configure terminal
(config)# hostname 1900sw1
1900sw1(config)# enable password level 15 cisco
1900sw1(config)# ip address 195.10.1.99 255.255.255.0
1900sw1(config)# ip default-gateway 195.10.1.1
7. On switch1, issue the show ip command to verify that the IP address, mask, and default
gateway are correct.
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
1900sw1# show ip
8. On switch1, issue the show interfaces command.
a. Question: What is the Spanning Tree (802.1D) state of interface e0/1?
b. Question: What is the duplex setting for interface e0/2?
1900sw1# show interfaces
9. From the NetSim tool bar, select Switch 2 (Catalyst 1900). Configure it with a
hostname of 1900sw2 and an enable password of cisco (the enable password should be
encrypted when displaying the configuration file). Assign an IP address of
195.10.1.100/24 and a default-gateway of 195.10.1.1
> enable
# configure terminal
(config)# hostname 1900sw2
1900sw2(config)# enable secret level 15 cisco
1900sw2(config)# ip address 195.10.1.100 255.255.255.0
1900sw2(config)# ip default-gateway 195.10.1.1
10. On switch2, issue the show version command.
a. Question: What version of IOS is the switch running?
b. Question: What is the base Ethernet address of 1900sw2?
1900sw2# show version
11. On switch1, issue the show spantree command.
a. Question: what is the address of the root bridge?
b. Question: what is the port cost of E0/1?
c. Question: what is the maxage interval?
d. Question: what is the hello interval?
1900sw1# show spantree
12. On switch1, issue the show mac-address-table command. This shows which devices
are attached to which switch ports.
1900sw1# show mac-address-table
13. On switch1, permanently assign a device with MAC address 1111-1111-1111 to port
E0/5. Issue the show mac-address-table command to verify the device is in the table as a
permanent entry.
1900sw1(config)# mac-address-table permanent 1111-1111-1111 e0/5
1900sw1(config)# exit
1900sw1# show mac-address-table
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
14. On switch1, configure port security for port e0/9. The switch will ‘sticky-learn’ the
MAC address of the device connected to port e0/9 and will only allow that device to
connect to this port in the future.
1900sw1(config)# interface e0/9
1900sw1(config-if)# port secure
1900sw1(config-if)# port secure max-mac-count 1
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 11 – VLANs and TRUNKING (Catalyst 1900 Switches)
1. In this lab, you will set up VLANs on the Catalyst 1900 switches and test them by
pinging between router4 and PC1. Router4 is connected to e0/1 on switch1 and PC1 is
connected to e0/1 on switch2. Switch1 and switch2 are interconnected through their
fa0/26 Fast Ethernet ports.
2. Using winipcfg on PC1, configure an IP address of 195.10.1.2/24 and a default
gateway of 195.10.1.1
(if not already configured from a previous lab).
c:> winipcfg
3. Verify you can presently ping between PC1 and router4. If you cannot ping
successfully, check that router4’s Ethernet0 IP address is 195.10.1.1/24 and that the
interface is enabled. Also, using the winipcfg utility, check that the PC has a configured
IP address of 195.10.1.2/24.
c:> ping 195.10.1.1
4. On switch1 and switch2, issue the show vlan command. You should note that, by
default, all switch ports are in VLAN1. Because router4, PC1, and the switch-to-switch
link are all in VLAN1, should be able to ping between PC1 and router4.
1900swx# show vlan
5. On switch1 and switch2, set up a VTP domain called bigdomain. Verify it has been
created with the show vtp command.
a. Question: what VTP operating mode are the switches in?
1900swx(config)# vtp domain bigdomain
1900swx(config)# exit
1900swx# show vtp
6. On switch1 and switch2, create VLAN 10, calling it ccnavlan. Issue the show vlan
command to verify it was successfully created.
a. Question: do you see any ports connected to VLAN 10. If not, why not?
1900swx(config)# vlan 10 name ccnavlan
1900swx(config)# exit
1900swx# show vlan
7. On switch1 and switch2, assign the e0/1 ports to the new VLAN you created. Router4
and PC1 are attached to these ports. Issue the show vlan command on both switches to
verify these ports have been moved to VLAN10. Also, issue the show vlan-membership
command. This is another command that shows VLAN assignments by port on the
1900.
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
1900swx(config)# interface e0/1
1900swx(config-if)# vlan-membership static 10
1900swx(config-if)# ctrl-z
1900swx# show vlan
1900swx# show vlan-membership
8. Now that both router4 and PC1 are in VLAN10, try to ping from the PC1 to router4. It
should fail.
a. Question: if both devices are in the same VLAN, why should the pings fail?
c:> ping 195.10.1.1
9. Make the link between switch1 and switch2 a trunk line capable of carrying traffic for
any VLAN. Use the show trunk a command to verify trunking is enabled on port fa0/26
on both switches (it should say “Trunking: on”)
a. Question: what trunking protocol does the 1900 use – ISL or 802.1Q?
1900swx(config)# interface fa0/26
1900swx(config-if)# trunk on
1900swx(config-if)# ctrl-z
1900swx# show trunk a
10. Now ping between PC1 and router4. The pings should succeed because both devices
are in the same VLAN and the inter-switch link is a trunk line capable of carrying traffic
for any VLAN.
c:> ping 195.10.1.1
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 12 - CATALYST 2950 SWITCH CONFIGURATION
1. In this lab, you will configure basic IOS commands on switch3 and switch4 which are
Catalyst 2950 switches.
2. From the NetSim tool bar, select Switch3 (Catalyst 2950). Press enter to get into the
user prompt mode.
Enter enable to get into privileged mode. Type ? to see a list of privileged mode
commands. Enter disable to go back to user mode.
enter
> enable
# ?
# disable
>
3. On switch3, go into privileged mode and then into global configuration mode. Assign
Switch3 a host name of 2950sw3. Use exit or ctrl-z to get out of configuration mode.
> enable
# configure terminal
(config)# hostname 2950sw3
2950sw3(config)# exit
2950sw3#
4. On switch3, type show running-config to see the active configuration.
a. Question: Do you need to issue copy running-config startup-config on the Catalyst
2950 to save the running configuration?
2950sw3# show running-config
5. On switch3, type copy running-config startup-config to save the active configuration to
NVRAM. Display the saved configuration in NVRAM with the show startup-config
command.
2950sw3# copy running-config startup-config
2950sw3# show startup-config
6. On switch3, erase the saved configuration and reload the box.
2950sw3# erase startup-config
2950sw3# reload
7. On switch3, go into privileged mode and then into global configuration mode.
Reassign the switch a hostname of 2950sw3 and an enable password of ‘cisco’
(unencrypted). Assign the switch an IP address of 197.10.1.99 with a subnet mask of
255.255.255.0. Assign the switch a default gateway of 197.10.1.1 (router3’s Ethernet
address).
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
> enable
# configure terminal
(config)# hostname 2950sw3
2950sw3(config)# enable password cisco
2950sw3(config)# interface vlan1
2950sw3(config-if)# ip address 197.10.1.99 255.255.255.0
2950sw3(config-if)# no shutdown
2950sw3(config-if)# exit
2950sw3(config)# ip default-gateway 197.10.1.1
8. On switch3, issue the show interface vlan1 command to verify that the IP address,
mask, and default gateway are correct.
2950sw3# show interface vlan1
9. On switch3, issue the show interfaces command.
a. Question: What is the Spanning Tree (802.1D) state of interface fa0/1?
b. Question: What is the duplex setting for interface fa0/2?
2950sw3# show interfaces
10. From the NetSim tool bar, select Switch 4 (Catalyst 2950). Configure it with a
hostname of 2950sw4 and an enable password of cisco (the enable password should be
encrypted when displaying the configuration file). Assign an IP address of
197.10.1.100/24 and a default gateway of 197.10.1.1.
> enable
# configure terminal
(config)# hostname 2950sw4
2950sw4(config)# enable secret cisco
2950sw4(config)# interface vlan1
2950sw4(config-if)# ip address 197.10.1.100 255.255.255.0
2950sw4(config-if)# no shutdown
2950sw4(config-if)# exit
2950sw4(config)# ip default-gateway 197.10.1.1
On switch4, issue the show version command.
2950sw4# show version
11. On switch4, issue the show spantree command.
a. Question: what is the address of the root bridge?
b. Question: what is the port cost of fa0/1?
c. Question: what is the maxage interval?
d. Question: what is the hello interval?
2950sw4# show spanning-tree
12. On switch4, issue the show mac-address-table command. This shows which devices
are attached to which switch ports.
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
2950sw4# show mac-address-table
13. On switch4, permanently assign a device with MAC address 4444-4444-4444 to port
fa0/5. Issue the show mac-address-table command to verify the device is in the table as a
permanent entry.
2950sw4(config)# mac-address-table static 4444-4444-4444 vlan 1 int fa0/5
2950sw4(config)# exit
2950sw4# show mac-address-table
14. On switch4, configure port security for port fa0/9. The switch will ‘sticky-learn’ the
MAC address of the device connected to port fa0/9 and will only allow that device to
connect to the port in the future.
2950sw4(config)# interface fa0/9
2950sw4(config-if)# switchport port-security
2950sw4(config-if)# switchport port-security maximum 1
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 13 – VLANs and TRUNKING (Catalyst 2950 Switches)
1. In this lab, you will set up VLANs on switch3 and switch4 (Catalyst 2950
switches) and test them by pinging between router3 and PC2. Router3 is connected to
Fa0/1 on switch3 and PC2 is connected to Fa0/1 on switch4. Switch3 and switch4 are
interconnected through their fa0/12 Fast Ethernet ports.
2. On PC2 using winipcfg, configure an IP address of 197.10.1.2/24 and a default
gateway of 197.10.1.1.
c:> winipcfg
3. Verify you can presently ping between PC2 and router3. If you cannot ping
successfully, check that router3’s FastEthernet0 IP address is 197.10.1.1/24 and that the
interface is enabled. Also, using the winipcfg utility, check that PC2 has a configured IP
address of 197.10.1.2/24.
c:> ping 197.10.1.1
4. On switch3 and switch4, issue the show vlan command. You should note that, by
default, all switch ports are in VLAN1. Because router3, PC2, and the switch-to-switch
link are all in VLAN1, you should be able to ping between PC2 and router3.
2950swx# show vlan
5. On switch3 and switch4, set up a VTP domain called classroom. Verify it has been
created with the show vtp status command.
2950swx# vlan database
2950swx(vlan)# vtp domain classroom
2950swx(vlan)# ctrl-z
2950swx# show vtp status
6. On switch3 and switch4, create VLAN 20, calling it 2950vlan. Issue the show vlan
command to verify it was successfully created.
a. Question: do you see any ports connected to VLAN 20. If not, why not?
2950swx# vlan database
2950swx(vlan)# vlan 20 name 2950vlan
2950swx(vlan)# exit
2950swx# show vlan
7. On switch3 and switch4, assign the fa0/1 ports to the new VLAN you created. Router3
and PC2 are attached to these ports. Issue the show vlan command on both switches to
verify these ports have been moved to VLAN20.
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
2950swx(config)# interface fa0/1
2950swx(config-if)# switchport mode access
2950swx(config-if)# switchport access vlan 20
2950swx(config-if)# ctrl-z
2950swx# show vlan
8. Now that both router3 and PC2 are in VLAN20, try to ping from PC2 to router3. It
should fail.
a. Question: if both devices are in the same VLAN, why should the pings fail?
c:> ping 197.10.1.1
9. Make the link between switch3 and switch4 a trunk line capable of carrying traffic for
any VLAN.
Use the show interface fa0/12 switchport command to verify trunking is enabled on port
fa0/12 on both switches.
a. Question: what trunking protocol does the 2950 use – ISL or 802.1Q?
2950swx(config)# interface fa0/12
2950swx(config-if)# switchport mode trunk
2950swx(config-if)# ctrl-z
2950swx# show interface fa0/12 switchport
10. Now ping between PC2 and router3. The pings should succeed because both devices
are in the same VLAN
and the inter-switch link is a trunk line capable of carrying traffic for any VLAN.
c:> ping 197.10.1.1
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 14 – IP ACCESS-LISTS
1. In this lab, you will build standard and extended IP access-lists to filter traffic coming
inbound on router1’s serial0 interface.
2. Insure you can ping router2 (160.10.1.2) from both router3 and router4. The path to
router2 is through router1’s serial0 interface. If you cannot successfully ping router2,
check that IP addresses have been assigned, all interfaces are up, and that a dynamic
routing protocol (RIP, IGRP, EIGRP, or OSPF) is running on all routers.
router3# ping 160.10.1.2
router4# ping 160.10.1.2
3. On router1, build a standard IP access-list that permits traffic from subnet 175.10.1.0,
but blocks traffic from all other devices. Apply this access-list to router1’s serial0
interface for inbound traffic.
a. Question: is a ‘deny any’ statement required in the access-list?
b. Question: what does the mask 0.0.0.255 mean in the access-list?
c. Question: can any number be assigned to a standard IP access-list?
router1(config)# access-list 1 permit 175.10.1.0 0.0.0.255
router1(config)# interface serial0
router1(config-if)# ip access-group 1 in
4. Test your access-list by ping’ing from router3 and router4 to router2. The pings from
router3 (in subnet 175.10.1.0)
should succeed while the pings from router4 (in subnet 180.10.1.0) should fail.
5. On router1, build an extended IP access-list that will allow Telnet traffic from host
175.10.1.2 (router3), and
ICMP traffic from host 180.10.1.2 (router4), but that will block everything else.
Remove the previous access-list and apply this new one to router1’s serial0 interface.
a. Question: what are two ways you can specify a host address in an extended IP accesslist?
b. Question: what is the number range for extended IP access-lists?
c. Question: how would you permit RIP routing updates?
router1(config)# access-list 100 permit tcp host 175.10.1.2 any eq telnet
router1(config)# access-list 100 permit icmp host 180.10.1.2 any
router1(config)# interface serial0
router1(config-if)# no ip access-group 1 in
router1(config-if)# ip access-group 100 in
6. Test access-list 100 by pinging and telneting from router3 & router4 to router2.
Router3 (175.10.1.2) should be able to telnet to router2, but not ping to it. Router4
(180.10.1.2) should be able to ping to router2, but not telnet to it.
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
router3# ping 160.10.1.2
router3# telnet 160.10.1.2
router4# ping 160.10.1.2
rotuer4# telnet 160.10.1.2
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 15 - NAT/PAT
1. In this lab, you will configure NAT/PAT function on router1. You will configure three
forms of translation: static network address translation, dynamic translation, and
overloading (port address translation). Remember to disable the access lists your
configured in the previous lab before continuing this lab.
2. On router1, configure NAT to statically translate router2’s Ethernet address
160.10.1.2 to 169.10.1.2.
router1(config)# ip nat inside source static 160.10.1.2 169.10.1.2
router1(config)# interface ethernet0
router1(config-if)# ip address 160.10.1.1 255.255.255.0
router1(config-if)# ip nat inside
router1(config-if)# interface serial0
router1(config-if)# ip address 175.10.1.1 255.255.255.0
router1(config-if)# ip nat outside
router1(config-if)# no shut
3. Test the static NAT translation by telnet’ing from router2 to router3. Once into
router3, issue the show users command. The output of this command should show that
169.10.1.2 (the translated IP address) is the logged-in device.
router2# telnet 175.10.1.2
router3# show users
4. Display the NAT Translation table on router1. The output of the display should show
that the inside local IP address (160.10.1.2) is translated to the inside global IP address
(169.10.1.2).
a. Question: does the “inside global IP address” normally represent a public or a private
IP address?
router1# show ip nat translations
5. On router1, remove the previous static NAT commands and configure NAT to
translate router2’s Ethernet address to a dynamically assigned address. You will utilize a
pool of public addresses in the range of 169.10.1.50 to 169.10.1.100.
a. Question: if the pool of dynamically assigned addresses only contains one IP address
entry, what’s another term for this form of NAT translation?
router1(config)# no ip nat inside source static 160.10.1.2 169.10.1.2
router1(config)# ip nat pool pool1 169.10.1.50 169.10.1.100 netmask 255.255.255.0
router1(config)# ip nat inside source list 1 pool pool1
router1(config)# access-list 1 permit 160.10.1.0 0.0.0.255
6. Test the dynamic NAT translation function by telneting from router2 to router3. Once
into router3, issue the show users command. The output of this command should show
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
that the logged-in device is 169.10.1.50 (the translated address). Also, display the NAT
translation table on router1 using the show ip nat translations command.
router2# telnet 175.10.1.2
router3# show users
|router1# show ip nat translations
7. Remove the previous NAT commands. Configure NAT overloading (port address
translation) on router1 to translate router2’s Ethernet address
(160.10.1.2) to the serial0 interface address (175.10.1.1) on router1.
router1(config)# ip nat inside source list 1 interface serial0 overload
router1(config)# interface Ethernet 0
router1(config-if)# ip address 160.10.1.1 255.255.255.0
router1(config-if)# ip nat inside
router1(config-if)# interface serial 0
router1(config-if)# ip address 175.10.1.1 255.255.255.0
router1(config-if)# ip nat outside
router1(config-if)# exit
router1(config)# access-list 1 permit 160.10.1.0 0.0.0.255
8. Test the overloading (PAT) function by Telnet’ing from router2 to router3. Issue the
show users command on router3. It should show that the logged-in device is 175.10.1.1
(the translated IP address). Also, issue the show ip nat translations command on router1
to display the NAT translation table.
router2# telnet 175.10.1.2
router3# show users
router1# show ip nat translations
9. Remove all NAT/PAT configuration commands from router1 before continuing on
with the CCNA labs.
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 16 - PPP & CHAP
1. In this lab, you will configure PPP and CHAP authentication on a serial interface. On
router1, issue the show interfaces serial 0 command. Note the encapsulation type of
HDLC which is the default for serial links.
router1# show interfaces serial 0
2. On router1 and router3, configure PPP encapsulation for interface S0. Note that the
link will not come up unless both ends are configured with the same encapsulation type.
routerx(config)# interface serial0
routerx(config-if)# encapsulation ppp
3. On router1 and router3, issue the show interfaces serial 0 command to verify that PPP
is configured for the link. The output should show the PPP LCP phase as ‘Open’ from
router1, ping router3 to verify the link is operational.
routerx# show interfaces serial 0
router1# ping 175.10.1.2
4. Configure PPP CHAP authentication for the S0 link on router1 and router3. Use the
password of ‘cisco’.
router1(config)# username router3 password cisco
router1(config)# interface serial 0
router1(config-if)# ppp authentication chap
router3(config)# username router1 password cisco
router3(config)# interface serial 0
router3(config-if)# ppp authentication chap
5. On router1 and router3, issue the show interfaces serial0 command to verify the link is
‘up and up’. Ping from router1 to router3 across the link.
routerx# show interfaces serial0
router1# ping 175.10.1.2
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 17 – ISDN BRI-BRI using Legacy DDR
Router IP Address Mask SPID1 Local Tel# ISDN Switch
router1 200.10.1.1 /24 32177820010100 7782001 basic-ni
router2 200.10.1.2 /24 32177820020100 7782002 basic-ni
ISDN Parameters
1. Configure ISDN between router1 and router2 using Legacy Dial on Demand Routing.
Legacy DDR means all ISDN parameters are configured under the BRI/PRI interface and
not under a dialer interface. Any IP packet should represent ‘interesting traffic’ and
either router should be able to initiate the call. PPP encapsulation and CHAP
authentication should be used. Refer to the table above for ISDN switch-type, IP
addresses, subnet masks, and telephone numbers.
router1(config)# isdn switch-type basic-ni
router1(config)# dialer-list 1 protocol ip permit
router1(config)# username router2 password cisco
router1(config)# interface bri0
router1(config-if)# encap ppp
router1(config-if)# ip address 200.10.1.1 255.255.255.0
router1(config-if)# isdn spid1 32177820010100
router1(config-if)# dialer-group 1
router1(config-if)# dialer map ip 200.10.1.2 name router2 broadcast 7782002
router1(config-if)# ppp authentication chap
router1(config-if)# no shut
router2(config)# isdn switch-type basic-ni
router2(config)# dialer-list 1 protocol ip permit
router2(config)# username router1 password cisco
router2(config)# interface bri0
router2(config-if)# encap ppp
router2(config-if)# ip address 200.10.1.2 255.255.255.0
router2(config-if)# isdn spid1 32177820020100
router2(config-if)# dialer-group 1
router2(config-if)# dialer map ip 200.10.1.1 name router1 broadcast 7782001
router2(config-if)# ppp authentication chap
router2(config-if)# no shut
2. Issue the show isdn status command on both router1 and router2. You should see:
Layer1: Active
Layer2: Multiple Frame Established with spid1 valid.
routerx# show isdn status
3. Issue the show interfaces bri0 command on router1. This displays the signaling or D
Channel. It should show ‘Up and Up (spoofing)’ if it is ready to handle a call request.
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
Now issue the command show interfaces bri0 1 2. This should show the status of the
two data, or B channels.
a. Question: what status are the B channels? Why?
router1# show interfaces bri0
router1# show interfaces bri0 1 2
4. From router1, ping the ISDN interface of router2. This should cause an ISDN call to
be initiated and the pings should succeed.
a. Question: which configuration parameter(s) on router1 identifies the interesting traffic
that will trigger a call?
router1# ping 200.10.1.2
5. Issue the show isdn status command on router1.
a. Question: what does it show for the ‘Layer 3 Status’?
router1# show isdn status
6. Issue the show interfaces bri0 1 2 command on router1.
a. Question: what is the status of the two B channels?
router1# show interfaces bri0 1 2
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 18 – ISDN BRI-BRI using Dialer Profiles
Router IP Address Mask SPID1 Local Tel# ISDN Switch
router1 200.10.1.1 /24 32177820010100 7782001 basic-ni
router2 200.10.1.2 /24 32177820020100 7782002 basic-ni
ISDN Parameters
1. In this lab, you will configure ISDN BRI on router1 and router2 using dialer profiles.
With dialer profiles, you are effectively moving some of the logical ISDN parameters
from the physical BRI/PRI interface to a dialer interface. Any IP packet should
represent ‘interesting traffic’ in this lab and either router should be able to initiate the
call. PPP encapsulation and CHAP authentication should be used. Refer to the table
above for ISDN switch-type, IP addresses, subnet masks, and telephone numbers.
router1(config)# isdn switch-type basic-ni
router1(config)# dialer-list 1 protocol ip permit
router1(config)# username router2 password cisco
router1(config)# interface bri0
router1(config-if)# encap ppp
router1(config-if)# ppp authentication chap
router1(config-if)# isdn spid1 32177820010100
router1(config-if)# dialer pool-member 1
router1(config-if)# no shut
router1(config-if)# interface dialer 1
router1(config-if)# no shut
router1(config-if)# ip address 200.10.1.1 255.255.255.0
router1(config-if)# encap ppp
router1(config-if)# dialer-group 1
router1(config-if)# dialer pool 1
router1(config-if)# dialer remote-name router2
router1(config-if)# dialer string 7782002
router1(config-if)# ppp authentication chap
router2(config)# isdn switch-type basic-ni
router2(config)# dialer-list 1 protocol ip permit
router2(config)# username router1 password cisco
router2(config)# interface bri0
router2(config-if)# encap ppp
router2(config-if)# ppp authentication chap
router2(config-if)# isdn spid1 32177820020100
router2(config-if)# dialer pool-member 1
router2(config-if)# no shut
router2(config-if)# interface dialer 1
router2(config-if)# no shut
router2(config-if)# ip address 200.10.1.2 255.255.255.0
router2(config-if)# encap ppp
router2(config-if)# dialer-group 1
router2(config-if)# dialer pool 1
router2(config-if)# dialer remote-name router1
router2(config-if)# dialer string 7782001
router2(config-if)# ppp authentication chap
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
2. Issue the show isdn status command on both router1 and router2. You should see:
Layer1: Active
Layer2: Multiple Frame Established with spid1 valid.
routerx# show isdn status
3. Issue the show interfaces bri0 command on router1. This displays the signaling or D
Channel. It should show ‘Up and Up (spoofing)’ if it is ready to handle a call request.
Now issue the command show interfaces bri0 1 2. This should show the status of the two
data, or B channels.
router1# show interfaces bri0
router1# show interfaces bri0 1 2
4. From router1, ping the ISDN interface of router2. This should cause an ISDN call to
be initiated and the pings should succeed.
router1# ping 200.10.1.2
6. Issue the show isdn status command on router1. Under the Layer 3 status in the
output, it should show one call active.
router1# show isdn status
7. Issue the show interfaces bri0 1 2 command on router1. This shows the status of the B
channels (data channels). One of the B channels should have a status of ‘UP and UP’
indicating a successful call is in progress.
router1# show interfaces bri0 1 2
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 19 – ISDN PRI using Dialer Profiles
Router IP Address Mask SPID1 Local Tel# ISDN Switch
router1 201.10.1.1 /24 32177820010100 7782001 basic-ni
router2 201.10.1.2 /24 ----- 7782002 primary-5ess
1. In this lab, you will configure ISDN BRI on router1 and ISDN PRI on router2 using
dialer profiles. Router2 has a primary rate ISDN interface (S0/0) as well as a basic rate
ISDN interface. Any IP packet should represent ‘interesting traffic’ in this lab and either
router should be able to initiate the call. PPP encapsulation and CHAP authentication
should be used. Refer to the table above for ISDN switch-type, IP addresses, subnet
masks, and telephone numbers.
a. Question: if this PRI was being configured in Europe, what would the options be for
controller type, framing, and linecode?
b. Question: On the PRI interface statement, what is the significance of: 23
router1(config)# isdn switch-type basic-ni
router1(config)# dialer-list 1 protocol ip permit
router1(config)# username router2 password cisco
router1(config)# interface bri0/0
router1(config-if)# encap ppp
router1(config-if)# ppp authentication chap
router1(config-if)# isdn spid1 32177820010100
router1(config-if)# dialer pool-member 1
router1(config-if)# no shut
router1(config-if)# interface dialer 2
router1(config-if)# no shut
router1(config-if)# ip address 201.10.1.1 255.255.255.0
router1(config-if)# encap ppp
router1(config-if)# dialer-group 1
router1(config-if)# dialer pool 1
router1(config-if)# dialer remote-name router2
router1(config-if)# dialer string 7782002
router1(config-if)# ppp authentication chap
router2(config)# isdn switch-type primary-5esss
router2(config)# dialer-list 1 protocol ip permit
router2(config)# username router1 password cisco
router2(config)# controller t1 0/0
router2(config-controller)# framing esf
router2(config-controller)# linecode b8zs
router2(config-controller)# pri-group timeslots 1-24
router2(config-controller)# exit
router2(config)# interface serial0/0:23
router2(config-if)# encapsulation ppp
router2(config-if)# ppp authentication chap
router2(config-if)# dialer pool-member 2
router2(config-if)# no shut
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
router2(config-if)# interface dialer 2
router2(config-if)# ip address 201.10.1.2 255.255.255.0
router2(config-if)# encapsulation ppp
router2(config-if)# dialer-group 1
router2(config-if)# dialer pool 2
router2(config-if)# dialer remote-name router1
router2(config-if)# dialer string 7782001
router2(config-if)# ppp authentication chap
router2(config-if)# no shut
2. Issue the show isdn status command on both router1 and router2. You should see:
Layer1: Active
Layer2: Multiple Frame Established
routerx# show isdn status
3. From router1, ping the ISDN interface of router2. This should cause an ISDN call to
be initiated and the pings should succeed.
router1# ping 201.10.1.2
4. Issue the show isdn status command on router1. Under the Layer 3 status in the
output, it should show one call active.
router1# show isdn status
5. Issue the show interfaces bri0 1 2 command on router1. This shows the status of the
B channels (data channels). One of the B channels should
have a status of ‘UP and UP’ indicating a successful call is in progress.
router1# show interfaces bri0 1 2
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 20 – FRAME RELAY
Router Interface IP Address Local DLCI
router1 serial 1 215.10.1.1 /24 105
router5 serial 0 215.10.1.2 /24 501
1. In this lab, you will set up frame relay PVC’s between router1 and router5 using both
physical interfaces and point-to-point sub interfaces. Both routers will be frame relay
DTE devices connected to a frame relay cloud.
2. Using physical interfaces (no sub interfaces), configure frame relay on router1’s serial1
interface and router5’s serial0 interface. Refer to the chart above for IP addresses and
local DLCI’s. Both routers will use ANSI as their lmi-type. Frame relay map statements
should be used for static mapping.
a. Question: what is the default lmi-type on Cisco routers?
router1(config)# interface serial1
router1(config-if)# encapsulation frame-relay
router1(config-if)# ip address 215.10.1.1 255.255.255.0
router1(config-if)# frame-relay map ip 215.10.1.2 105 broadcast
router1(config-if)# frame-relay lmi-type ansi
router1(config-if)# no shut
router5(config)# interface serial0
router5(config-if)# encapsulation frame-relay
router5(config-if)# ip address 215.10.1.2 255.255.255.0
router5(config-if)# frame-relay map ip 215.10.1.1 501 broadcast
router5(config-if)# frame-relay lmi-type ansi
router5(config-if)# no shut
3. Issue the show interfaces serial x command on both router1 and router5. This will
show if the routers are successfully connected to their local frame relay switches. The
status on the first line should be ‘up and line protocol is up’. On the fifth line of output,
you should also see ‘DTE LMI up’. The encapsulation type should be frame relay.
router1# show interfaces serial1
router5# show interfaces serial0
4. Issue the show frame-relay map command on router1 and router5. This will show the
mapping of local DLCI’s to remote IP addresses.
routerx# show frame-relay map
5. Issue the show frame-relay pvc command on router1 and router5. This will show the
status of the PVC’s connected to the routers. You want to
see a status of ‘active’ which indicates the PVC is operational end-to-end.
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
routerx# show frame-relay pvc
6. Issue the show frame-relay lmi command on router1.
This will show LMI statistics including how many status inquiries and replies have been
exchanged.
router1# show frame-relay lmi
7. Ping router1 from router5 to verify the frame-relay connection is working correctly.
router5# ping 215.10.1.1
8. You will now create point-to-point sub interfaces on router1 and router5.
You will use the same IP addresses and local DLCI’s as in the previous exercise.
It will be necessary to remove the IP addresses and frame map statements from the
physical interfaces prior to configuring the sub interfaces.
router1(config)# interface serial1
router1(config-if)# no ip address 215.10.1.1 255.255.255.0
router1(config-if)# no frame map ip 215.10.1.2 105 broadcast
router1(config-if)# interface serial1.1 point-to-point
router1(config-subif)# ip address 215.10.1.1 255.255.255.0
router1(config-subif)# frame-relay interface-dlci 105
router5(config)# interface serial0
router5(config-if)# no ip address 215.10.1.2 255.255.255.0
router5(config-if)# no frame map ip 215.10.1.1 501 broadcast
router5(config-if)# interface serial0.1 point-to-point
router5(config-subif)# ip address 215.10.1.2 255.255.255.0
router5(config-subif)# frame-relay interface-dlci 501
9. On both router1 and router5, issue the show ip interface brief command to insure the
physical interfaces and sub interfaces are active (status = up and up). Issue a show frame
relay pvc command on both routers to insure the PVC with DLCI 105 on router1 and
DLCI 501 on router5 is active.
routerx# show ip interface brief
routerx# show frame-relay pvc
10. Test the PVC by pinging from router5 to router1.
router5# ping 215.10.1.1
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
Appendix A - IPX LAB
Router Interface IPX NTWK # IPX Encapsulation
router1 E0
S0
a
b
sap(802.3/802.2)
hdlc
router2 Fa0/0 a sap
router3
S0
S1
E0
b
c
e
hdlc
hdlc
novell-ether
router4 S0
E0
c
d
hdlc
arap (Ethernet V2)
1. Configure IPX routing on all LAN/WAN interfaces on router1, router2, router3, and
router4 (excluding ISDN and frame-relay interfaces).
Refer to the table above for IPX network numbers and encapsulation types.
router1(config)# ipx routing
router1(config)# interface ethernet0
router1(config-if)# ipx network a encapsulation sap
router1(config-if)# interface serial0
router1(config-if)# ipx network b
router2(config)# ipx routing
router2(config)# interface ethernet0
router2(config-if)# ipx network a encapsulation sap
router3(config)# ipx routing
router3(config)# interface serial0
router3(config-if)# ipx network b
router3(config-if)# interface serial1
router3(config-if)# ipx network c
router3(config-if)# interface ethernet0
router3(config-if)# ipx network e
router4(config)# ipx routing
router4(config)# interface ethernet0
router4(config-if)# ipx network d encapsulation arpa
router4(config-if)# interface serial0
router4(config-if)# ipx network c
2. On router1, issue the show protocols command. This should show IPX routing is
enabled.
router1# show protocols
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
3. On router1, issue the show ipx interface command. This will show IPX addresses and
other information on any interfaces where IPX is enabled.
a. Question: for LAN interfaces, where does the host portion of the IPX address come
from?
b. Question: for serial interfaces, where does the host portion of the IPX address come
from by default?
router1# show ipx interface
4. On router2, issue the show ipx route command. You should see one directly connected
network (designated by a ‘C’ in the left column) and four remote IPX networks
(designated by an ‘R’ in the left column).
router2# show ipx route
5. From router2, do a ping ipx to router3’s S0 interface and router4’s E0 interface. This
will demonstrate that there is connectivity across the IPX network.
router2# ping ipx b.000c.1695.2148
router2# ping ipx d.000c.9273.2381
6. From router2, issue the show ipx traffic command.
a. Question: What different Novell packet types does this command show traffic
statistics for?
router2# show ipx traffic
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
Appendix B: ANSWERS TO QUESTIONS
LAB 1 - Basic Router Configuration
9a. Question: When both encrypted and unencrypted enable passwords are configured,
which one is used?
• Answer: The enable secret (encrypted) password is used and the enable password is
ignored.
18a. Question: does anything exist in NVRAM? If not, why not?
• Answer: No - nothing will be saved to NVRAM until you do a copy running-config
startup-config.
21a. Question: What IOS release is running router1? Answer: 12.1(9)T
b. Question: What are the contents of the configuration register? Answer:
0x’2102’
22a. Question: which protocols are currently running on the router?
• Answer: IP is the only protocol currently running on the router. IP is supported by
default on the Cisco router. Routing for
other layer 3 protocols must be turned on explicitly using commands such as ipx routing
or decnet routing.
26a. Question: what status should interface E0/0 show if it is fully activated?
• Answer: ‘Ethernet is up and Line Protocol is Up’
b. Question: what status would E0/0 show if it was in ‘shutdown’ mode?
• Answer: ‘Administratively Down’
27a. Question: Were you successful? If not what commands should you use for
trouble-shooting?
• Answer: If you cannot successfully ping router1, you should use:
1. show interfaces: to verify the interface(s) are up
2. show run: to verify the IP addresses and subnet masks are correct
LAB 2 – Advanced Router Configuration
9a. Question: what is the name of the IOS image in flash and how large is it?
• Answer: c2500-js-mz.121-9.T.bin; 5.88MB
LAB 3 – CDP
4a. Question: what is the CDP advertisement interval:
• Answer: CDP advertises information every 60 seconds by default.
b. Question: what is the holdtime interval and what does it signify?
• Answer: The default holdtime interval is 180 secs. This is how long the remote device
should keep this
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
CDP advertisement information in its tables if it doesn’t receive another CDP
advertisement from this device.
LAB 5 – TFTP
7a. Question: was it necessary to clear out router4’s NVRAM in order to copy a file
into it? Why?
• Answer: No. When you copy a file into NVRAM, it will overwrite completely what’s
in there. When you copy a file into DRAM (running-config),
however, it merges that file with what is already in there.
LAB 6 - RIP
1a. Question: On router1, why doesn’t the network statement under RIP specify
160.10.1.0 rather than 160.10.0.0?
• Answer: The network statement under both RIP and IGRP must specify a classful
network number (A, B, or C address). It cannot be a subnet.
160.10.1.0 is a subnet, not a classful address.
2a. Question: how frequently does RIP advertise routing updates?
• Answer: every 30 seconds.
b. Question: what is the holddown interval for RIP?
• Answer: 180 seconds.
3a. Question: what is the administrative distance for RIP?
• Answer: 120.
LAB 7 – IGRP
3a. Question: how frequently does IGRP send out routing updates?
• Answer: every 90 seconds.
b. Question: what is the holddown interval for IGRP?
• Answer: 280 seconds.
c. Question: what is the default hop count for IGRP?
• Answer: 100 (maximum of 100 routers along the path).
4a. Question: what is the administrative distance for IGRP?
• Answer: 100.
6a. Question: what is the difference between the two debug ip igrp commands?
• Answer: the debug ip igrp events command traces IGRP routing updates without
showing individual network numbers.
The debug ip igrp transactions command shows routing updates with individual network
numbers that are being advertised or received.
LAB 8 – EIGRP
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
3a. Question: what is the maximum router hop count with EIGRP? Answer: 100 hops.
6a. Question: what does the EIGRP topology database contain?
• Answer: the EIGRP topology database contains primary and backup routes to each
destination learned from EIGRP neighbors.
The ‘best routes’ (those with the lowest composite metric) are termed successor routes
and are inserted in the IP routing table on the router.
7a. Question: what is the administrative distance for EIGRP? Answer: 90.
LAB 9 – OSPF
3a. Question: how frequently does OSPF send routing updates.
• Answer: OSPF is a link state routing protocol and does not send out periodic routing
updates.
OSPF will flood a Link State Advertisement (LSA) when a topology change occurs.
5a. Question: what is the OSPF cost for a 10Mbps Ethernet interface?
• Answer: the default cost is 10 which is calculated by dividing the speed of the interface
into 100,000,000.
The default cost can be overridden using the ip ospf cost interface-level command.
6a. Question: what is the administrative distance for OSPF? Answer: 110.
LAB 10 – 1900 Switch Configuration
4a. Question: do you need to issue copy running-config startup-config on the
Catalyst 1900 to save the running configuration? If not, why not?
• Answer: No – the Catalyst 1900 automatically saves any configuration changes you
make to NVRAM.
8a. Question: What is the Spanning Tree (802.1D) state of interface e0/1?
• Answer: it is in the ‘forwarding’ state.
b. Question: What is the duplex setting for interface e0/2?
• Answer: Half-duplex - 10baseT ports default to half-duplex.
10a. Question: What version of IOS is the switch running?
• Answer: Version V4.00.00.
b. Question: What is the base Ethernet address of switch2?
• Answer: 00-0C-55-09-32-11.
11a. Question: what is the address of the root bridge? Answer: 000C.1835.8565
b. Question: what is the port cost of E0/1? Answer: 100.
c. Question: what is the maxage interval? Answer: 20 seconds
d. Question: what is the hello interval? Answer: 2 seconds
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
LAB 11 – VLANS and TRUNKING (Catalyst 1900 Switches)
5a. Question: what VTP operating mode are the switches in?
• Answer: the Catalyst 1900 switch defaults to ‘server’ mode.
6a. Question: do you see any ports connected to VLAN 10. If not, why not?
• Answer: No. Although VLAN 10 has been created, no ports have been manually
assigned to it, as yet.
8a. Question: if both devices are in the same VLAN, why should the pings fail?
• Answer: The link connecting switch1 and switch2 is still in VLAN 1.
It must be configured to be in VLAN 10 or configured as a trunk line which, by
definition, is capable of supporting all VLANs.
9a. Question: what trunking protocol does the 1900 use – ISL or 802.1Q?
• Answer: ISL.
Lab 12 – CATALYST 2950 SWITCH CONFIGURATION
4a. Question: Do you need to issue copy running-config startup-config on the Catalyst
2950 to save the running configuration?
• Answer: Yes. The active configuration is not automatically saved to NVRAM on the
2950.
9a. Question: What is the Spanning Tree (802.1D) state of interface fa0/1?
• Answer: forwarding.
b. Question: What is the duplex setting for interface fa0/2?
• Answer: auto – 10//100 ports default to auto-negotiate on the 2950.
12a. Question: what is the address of the root bridge? Answer: 000C 1835 8565
b. Question: what is the port cost of fa0/1? Answer: 19
c. Question: what is the maxage interval? Answer: 20 seconds
d. Question: what is the hello interval? Answer: 2 seconds
LAB 13 – VLANs and TRUNKING (Catalyst 2950 Switches)
6a. Question: do you see any ports connected to VLAN 20? If not, why not?
• Answer: No. Although VLAN 20 has been created, no ports have been manually
assigned to it, as yet.
8a. Question: if both devices are in the same VLAN, why should the pings fail?
• Answer: The link connecting switch3 and switch4 is still in VLAN 1.
It must be configured to be in VLAN 20 or configured as a trunk line which, by
definition, is capable of supporting all VLANs.
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
9a. Question: what trunking protocol does the 2950 use – ISL or 802.1Q?
• Answer: the 2950 only supports 802.1Q.
LAB 14 – ACCESS LISTS
3a. Question: is a ‘deny any’ statement required in the access-list?
• Answer: No – an implicit ‘deny any’ is at the end of every access-list.
b. Question: what does the mask 0.0.0.255 mean in the access-list?
• Answer: This is a wildcard or reverse mask. It means permit any device where the
source address starts with 175.10.1 in the first three octets.
c. Question: can any number be assigned to a standard IP access-list?
• Answer: No – standard IP access-lists are in the range 1-99 or 1300-1999..
5a. Question: what are two ways you can specify a host address in an extended
IP access-list?
• Answer: You can specify ‘host 172.16.1.1’ or ‘172.16.1.1 0.0.0.0’.
b. Question: what is the number range for extended IP access-lists?
• Answer: 100-199 or 2000-2699..
c. Question: how would you permit RIP routing updates:
• Answer: access-list 100 permit udp any any eq 520 (RIP uses UDP port 520)
Lab 15 – NAT/PAT
4a. Question: does the “inside global IP address” normally represent a public or a
private IP address?
• Answer: the inside global IP address normally represents a public, or registered IP
address.
NAT/PAT translates the inside local IP address, which is usually a private IP address, to
an inside global IP address,
which is usually a registered IP address.
5a. Question: if the pool of dynamically assigned addresses only contains one IP
address entry, what’s another term for this form of NAT translation?
• Answer: this is also known as overloading or Port Address Translation (PAT). It is
possible to configure overloading by defining one or a few
IP addresses in the dynamic address pool. This is an alternative to pointing to a physical
interface in the PAT definitions.
LAB 17 – ISDN BRI-BRI using Legacy DDR
3a. Question: what status are the B channels? Why?
• Answer: the B channels are ‘down and down’ since no calls are active.
4a. Question: which configuration parameter(s) on router1 identifies the
interesting traffic that will trigger a call?
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
• Answer: the dialer-list and dialer-group commands are used to identify
‘interesting traffic’
5a. Question: what does it show for ‘Layer 3 Status’?
• Answer: It should show ‘1 Active Layer 3 Call’
6a. Question: what is the status of the two B channels?
• Answer: Now that a call has been established, one of the B channels should be ‘up and
line protocol up’.
The other one should still have a status of down and down.
LAB 19 – ISDN PRI using Dialer Profiles
1a. Question: if this PRI was being configured in Europe, what would the options be for
controller type, framing, and linecode?
• Answer: In Europe, the controller type is E1; the framing is either crc4 or no-crc4, and
the linecode is hdb3.
b. Question: On the PRI interface statement, what is the significance of :23?
• Answer: 23 represents the ISDN signaling channel on the PRI/T1 link. It is the 24th
time-slot on the T1 link.
LAB 20 – FRAME RELAY
2a. Question: what is the default lmi-type on Cisco routers? Answer: cisco.
IPX LAB (Appendix A)
3a. Question: for LAN interfaces, where does the host portion of the IPX address
come from?
• Answer: the host address is equivalent to the six-byte MAC address
b. Question: for serial interfaces, where does the host portion of the IPX address
come from by default?
• Answer: the host address is equivalent to the MAC address of the lowest-numbered
Ethernet interface.
6a. Question: what different Novell packet types does this command show
traffic statistics for?
• Answer: RIP, SAP, ECHO, WATCHDOG, EIGRP
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved.
Appendix C: LAB CONFIGURATIONS
Coming Soon!!!
Ice Cream If Eat 19 Nov 2009 3:22 AM (15 years ago)
If eat IceCream:
· If eat ice cream too cool will get problem in Tonsils
· Will improve bacteria between teath gap’s
· Some liquid Glands in Mouth will damage
· In the stomach temp will goes less than -36Degree as regular
· In Ice Cream will give more sugar in body, will reduce resistance power for kids….
Please don't encourage kids for ice cream daily base, obsessionally monthly once or twice is good for your kids otherwise .......
Fasting Weekly Once for Good Health 19 Nov 2009 2:20 AM (15 years ago)
Start fasting weekly Once only for your health:
Fasting mean Complete Rest of stomach or body for 24 hours (repair, clean and recharge) than regular life cycle…..
Please follow rules:
· If you want start fasting weekly once please finish meal current day below 7pm
· Next day early monring during fasting take drink 1 Liter water then go Motion to release ysterday food
· Morning 8.30-9am take worm water of one glass then mix Honey 3 or 4 tea spoon with one Lemon (Honey will make repair in stomach and Lemon will give power) after 2 hours drink 1 or 2 glass of water. After 2 hours again take 1 glass of water then mix Honey 3 tea spoons with one Lemon then 2 hours later drink water 1 glass ………do it alternate till 7pm.
· If your feeling hungy at night time take water with honey+lemon more..….
Sugar cure in Human through Natural Life Style 19 Nov 2009 1:40 AM (15 years ago)
· If parents are sugar diabetics – is 80% chance come to kids
· If any one have sugar in parents – is 20% chance come to kids
Want to reduce sugar please follow 3 or 4 steps in dialy routine: (90-95% chance not come if follow the Tips which given below)
1. Earning monring please leave completely breakfast like Idli, Dosa, Upma, poori etc., (just for test of our tounge) – In case of just for taste can take Sat & Sun only
2. Instead of your breakfast take “Seeds” (just for body purpose) - Eat (Monday – Friday)
{ seeds (four types) are usefull for more protiens and improve hormones to your body, for improve Insulin in body through Pancreas Gland}
3. During Lunch and Dinner Time eat more curries with less rice, if can’t take more curries will produce more sugar in blood. In the curries use less salt and oil.
4. During Lunch time first can take 2 pulkas with curry more then rice (Un-polished Rice not white rice) and Dinner time can take only Pulkas with curry (for pulkas don’t use refined wheet floor) and finish it below 6-7pm bcoz require to produce insulin from Pancreas Gland at least 12 hours)
5. Need to do walking or exercise or Asanas at least one hour per day.
If you follow above rules will reduce sugar in body through Natural Life Style…………………
(Above comments from Dr. Mantena SatyanarayaRaju from India Nature Ramedy Specialist)
IOS Soft Installation and Upgrade Procedure in Cisco 18 Nov 2009 5:25 AM (15 years ago)
IOS Software Installation and Upgrade Procedure
This procedure applies to the following Cisco products:
| |
Contents
Introduction
Before You Begin
Software Installation and Upgrade Procedures
Upgrade procedure for routers with Internal Flash (for example, 2600 Series Routers)
Upgrade procedure for routers with PCMCIA Flash cards (for example, 3600 Series Routers)
This document explains the procedure for upgrading a Cisco IOS® Software image on Access router platforms. The examples provided from the 2600 and 3600 Series Routers also apply to the list of router platforms mentioned below. The Cisco IOS software file names may vary depending on the Cisco IOS software version, feature set, and platform.The following Cisco series routers are addressed in this document:
- Cisco 1000 Series Routers
- Cisco 1400Series Routers
- Cisco 1600-R Series Routers
- Cisco 1700 Series Routers
- Cisco 2600 Series Routers
- Cisco 3600 Series Routers
- Cisco 3700 Series Routers
- Cisco 4000 Series Routers
- Cisco 4700 Series Routers
- Cisco AS5300 Series Routers
- Cisco MC3810 Series Routers
The information in this document is based on Cisco IOS Software Release 12.0 or later.
The Field Engineer must receive permission from Cisco VISE that a software image upgrade is required, BEFORE carrying out any of these procedures.
Step 1: Install a TFTP Server
A Trival File Transfer Protocol (TFTP) server or a Remote Copy Protocol (RCP) server application must be installed on a TCP/IP-ready workstation or PC. Once the application is installed, a minimal level of configuration must be performed.
- Note: Cisco no longer supply or support their own TFTP Server application, however searching within your favourite search engine for "TFTP Server" will locate a third party TFTP application for you. Alternatively, you may find Cisco's unsupported TFTP Server application on the COMPASS CD.
1. First, the TFTP application must be configured to operate as a TFTP server as opposed to a TFTP client.
2. The outbound file directory must be specified. This is the directory in which the Cisco IOS Software images are stored. Most TFTP applications provide a set-up routine to assist in these configuration tasks.
Step 2: Request which IOS Software Image is to be used.
The Field Engineer must ask the VISE engineer or the customer, which image is to be upgraded. It is not the responsibility of the Field Engineer to recommend software image versions. The software image may be provided by the customer, and so the Field Engineer must ask the Cisco VISE engineer for directions.
Step 3: Download the Cisco IOS Software Image
Download the Cisco IOS Software image into your workstation or PC from the Cisco website (http://www.cisco.com).
Software Installation and Upgrade Procedures
Routers with Internal Flash (for example, 2600 Series Routers)
Routers with PCMCIA Flash cards (for example, 3600 Series Routers)
Cisco 2600 Series Routers Upgrade Procedure
- Establish a console session to the router
- Verify that the TFTP server has IP connectivity to the router
- Copy the new image into the Flash memory of the 2600 Series Router through the TFTP server
Step 1: Establish a console session to the router
Even if it is possible to connect to the router through a telnet session, it is strongly recommended to be directly connected to the router using the console port. The reason is that if something goes wrong during the upgrade, it might be necessary to be physically located next to the router to power-cycle it. Moreover, the telnet connection will be lost while the router is rebooting during the upgrade procedure.
A rolled cable (usually a flat black cable) is used to connect the console port of the router to one of the COM ports of the PC.
Once the PC is connected to the console port of the router, you need to open Hyperterminal on the PC, and use the following settings:
Speed 9600 bits per second
8 databits
0 parity bits
1 stop bit
No Flow Control
Note: If you are getting any garbage characters in the hyperterminal session, this means that you have not set the hyperterminal properties properly, or the config-register of the router is set to a non-standard value for which the console connection speed is higher than 9600 bps. Check the value of the config-register using the show version command (shown in the last line of the output) and ensure it is set to 0x2102 or 0x102. It is necessary to reload the router for a configuration register change to take effect. Once you are sure the console speed is set to 9600 bps on the router side, you should check the hyperterminal properties as above .
Once you are connected to the console port of the router, you might notice that the router is either in ROMmon or Boot mode. These two modes are used for recovery and/or diagnostic procedures. If you do not see the usual router prompt, you should follow the recommendations below to proceed with the upgrade procedure installation.
1. Router boots in rommon mode, and the following message appears when you issue dir flash: command.
2. rommon 1 > dir flash:
3. device does not contain a valid magic number
4. dir: cannot open device "flash:"
rommon 2 >
When you see the above error message, it means the Flash is empty or the filesystem is corrupted. A Xmodem console download procedure using ROMmon may then be necessary.
5. Router boots in boot mode, with the following messages on the console:
6. router(boot)>
7. device does not contain a valid magic number
8. boot: cannot open "flash:"
boot: cannot determine first file name on device "flash:"
When you get the above error messages on the console output, it means the Flash is empty or the file system is corrupted. Copy a valid image on the Flash by following the procedures provided in this document.
Step 2: Verify that the TFTP server has IP connectivity to the router
The TFTP server must have a network connection to the router, and must be able to ping the IP address of the router targeted for a TFTP software upgrade. To achieve this, the router interface and the TFTP server must have:
· an IP address in the same range, or
· a default gateway configured.
To verify this, check the IP address of the TFTP server.
Step 3: Copy the new image into the Flash memory of the 2600 Series Router through the TFTP server
1. Now that you have IP connectivity and can ping between the computer acting as a TFTP server and the router, you can copy the Cisco IOS Software image into the Flash.
Note: Before copying, make sure you have started the TFTP server software on your PC and that you have the filename mentioned in the TFTP server root directory. We recommend that you keep a backup of the router/access server configuration before upgrading. The upgrade itself does not affect the configuration (which is stored in nonvolatile RAM (NVRAM). However, this might happen if the right steps are not followed properly.
For RCP applications, substitute RCP for every occurrence of TFTP. For example, use the copy rcp flash command instead of the copy tftp flash command.
2600> enable
Password:xxxxx
2600#
2600# copy tftp flash
If necessary, you can copy an image from one device to another.
2. Specify the IP address of the TFTP server.
When prompted, enter the IP address of the TFTP server as in the following example:
Address or name of remote host []? 10.10.10.2
3. Specify the filename of the new Cisco IOS Software image.
When prompted, enter the filename of the Cisco IOS Software image to be installed, as in the following example:
Source filename []? c2600-i-mz.121-14.bin
Note: The filename is case sensitive, so be sure to enter it correctly.
4. Specify the destination filename.
This is the name the new software image will have when it is loaded onto the router. The image can be named anything, but common practice is to enter the same image filename.
Destination filename []? c2600-i-mz.121-14.bin
Note: If you see the below error message:
%Error copying tftp://10.10.10.2/c2600-i-mz.121-14.bin
(Not enough space on device)
This indicates that there is not enough room available in Flash to copy the image. You need to erase a file(s) before copying the new image from the TFTP server.
5. Upgrade the new image from a TFTP server
6. 2610#copy tftp flash
7. Address or name of remote host []? 10.10.10.2
8. Source filename []? c2600-i-mz.121-14.bin
9. Destination filename [c2600-i-mz.121-14.bin]?y
10.Accessing tftp://10.10.10.2/c2600-i-mz.121-14.bin...
11.Erase flash: before copying? [confirm]y !---If there is not enough
12. !--- memory available, erase the Flash
13.Erasing the flash filesystem will remove all files! Continue? [confirm]y
14.Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
15.eeeeeeeeee ...erased
16.Erase of flash: complete
17.Loading c2600-i-mz.121-14.bin from 10.10.10.2 (via Ethernet0/0): !!!!!!!!
18.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
19.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
20.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
21.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
22.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
23.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
24.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
25.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
26.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
27.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
28.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
29.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
30.[OK - 4501480/9001984 bytes]
31.
32.Verifying checksum... OK (0xAC8A)
4501480 bytes copied in 56.88 secs (80383 bytes/sec)
The copying process takes several minutes; the time differs from network to network. During the copy process, messages are displayed to indicate which file has been accessed.
The exclamation point "!" indicates that the copy process is taking place. Each exclamation point indicates that ten packets have been transferred successfully. A checksum verification of the image occurs after the image is written to Flash memory.
After you have upgraded the Flash, you need to reload the router using the reload command.
Before you reload the router, you need to check two things:
- The value of the config-register - You can check this using the show version command. The value is shown in the last line of the show version output. It should be set to 0x2102.
2610#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
2610(config)#config-register 0x2102
2610(config)#^Z
- The other files on the Flash - If the first file in the Flash is not the Cisco IOS Software image, but a configuration file or something else, then you need to configure a boot system statement in order to boot the specified image. Otherwise, the router will try to boot with the configuration file or the first file in the Flash; this will not work. If there is only one file in the Flash which is the Cisco IOS Software image, then this step is not necessary.
2610#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
2610(config)#no boot system
2610(config)#boot system flash c2600-i-mz.121-14.bin
2610(config)#^Z
Note: If you type the reload command, the router asks you if you want to save the configuration. You should be very cautious here. The reason is that if the router is in boot mode for instance, it is a subset of the full Cisco IOS software which is running and there is no routing functionality. Therefore, all the routing configuration is gone in the running configuration and if you save the configuration at this time, then you erase the good startup-configuration in NVRAM and replace it by the incomplete running-configuration. Save the configuration only if you are sure that you have the full configuration in the output of show run. It is NOT necessary to save the configuration to take into account the new config-register if this one has been changed previously. That is done automatically.
2610#reload
System configuration has been modified. Save? [yes/no]: y
Building configuration...
[OK]
Proceed with reload? [confirm]y
Verify that the router is running with the proper image. After the reload is complete, the router should be running the desired Cisco IOS Software image. Use the show version command to verify.
2610#show version
00:22:25: %SYS-5-CONFIG_I: Configured from console by console
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(14), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Mon 25-Mar-02 20:33 by kellythw
Image text-base: 0x80008088, data-base: 0x80828788
ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
2610 uptime is 22 minutes
System returned to ROM by reload
System image file is "flash:c2600-i-mz.121-14.bin"
Cisco 3600 Series Routers (with PCMCIA cards) Upgrade Procedure
- Establish a console session to the router
- Verify the amount of free space on the Flash memory card (PCMCIA slot)
- Verify that the TFTP server has IP connectivity to the router
- Copy the new image into the Flash memory card through the TFTP server
- Set boot statements to load the new image upon startup
- Reboot the router to load the new image
- Verify the upgrade
Step 1: Establish a console session to the router
See Establish a console session to the router for more information.
Note: Once connected to the router through the console port, if you get a ">" or "rommon >" prompt, your router is in ROM monitor (ROMmon) mode. If the router is showing the "router (boot)>" prompt, then the router is in boot mode. See booting problems for steps to handle either of these situations.
Step 2: Verify the amount of free space on the Flash memory card (PCMCIA slot)
At this point, you need to verify that you have enough space in the Flash memory card to copy the new image. If there is not enough memory, you need to delete some files to make enough space. In some situations, if the image is very large, you may need to delete the current image in the Flash memory card.
To determine the amount of free space, and to show files currently located in slot0: or slot1:, issue the dir{device:} command.
3600#dir slot1:
Directory of slot1:/
1 -rw- 2779832 c3640-i-mz.113-11c.bin
2 -rw- 3748760 c3640-i-mz.120-22.bin
Verify that the name and the file size are correct.
If you find that there is not enough space, you can delete the file. The delete{device:}[filename] command deletes the file.
3600#delete slot1:
Delete filename []? c3640-i-mz.113-11c.bin
Delete slot1:c3640-i-mz.113-11c.bin? [confirm]y
Note: Do not reload or powercycle the router if there is not a valid image in the Flash; this causes the router to boot into rommon or bootmode.
Step 3: Verify that the TFTP server has IP connectivity to the router
The TFTP server must have a network connection to the router and must be able to ping the IP address of the router targeted for a TFTP software upgrade. To achieve this, the router interface and the TFTP server must have:
- an IP address in the same range, or
- a default gateway configured
To verify this, check the IP address of the TFTP server.
Step 4: Copy the new image into the Flash memory card through the TFTP server
Now that you have IP connectivity and can ping between the computer acting as a TFTP server and the router, you can copy the image into the right slot.
Note: Before copying, make sure you have started the TFTP server software on your PC and that you have the filename mentioned in the TFTP server root directory. We recommend that you keep a backup of the router/access server configuration before upgrading. The upgrade itself does not affect the configuration (which is stored in nonvolatile RAM -NVRAM). However, this may happen if the right steps are not followed properly.
For RCP applications, substitute RCP for every occurrence of TFTP. For example, use the copy rcp {device:} command instead of the copy tftp {device:} command.
If necessary, you can copy an image from one device to another.
3600#copy tftp: slot1:
Address or name of remote host []? 171.68.173.10
Source filename []? c3640-i-mz.122-7b.bin
Destination filename [c3640-i-mz.122-7b.bin]?
Accessing tftp://171.68.173.10/c3640-i-mz.122-7b.bin...
Erase slot1: before copying? [confirm]n !--- Here you are specifying "n"
!--- because there is enough memory available.
Loading c3640-i-mz.122-7b.bin from 171.68.173.10 (via Ethernet1/0):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!
[OK - 5996844/11993088 bytes]
Verifying checksum... OK (0x13F0)
5996844 bytes copied in 67.708 secs (89505 bytes/sec)
3600#
Use the dir slot1: command to check whether the image has been copied to slot1. Below, you can see that the new image c3640-i-mz.122-7b.bin has been copied on the PCMCIA slot1:
3600#dir slot1:
Directory of slot1:/
2 -rw- 3748760 c3640-i-mz.120-22.bin
3 -rw- 5996844 c3640-i-mz.122-7b.bin
Step 5: Set boot statements to load the new image upon startup
After copying the image through TFTP, you may need to tell the router which image to load upon boot up.
Checking Current Boot Statements
At this point, the new image is now in the slot1. You need to set the router to boot the new image. By default, the router boots the first available image (the default is enabled when there are no boot statements in the configuration).
3600#show running-config
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3600
!
boot system flash slot1:c3640-i-mz.120-22.bin
!
ip subnet-zero
!
The commands appear at the begginning of the configuration. In our example above, it shows the router has a boot system command configured as boot system flash slot1:c3640-i-mz.120-22.bin.
If you have boot system command entries in your configuration, you need to remove them from the configuration. For more information on removing boot entries, refer to the next section.
Removing Previous Boot Statements
To remove the commands, enter into configuration terminal mode. From the configuration mode, you can negate any command by typing "no" in front of each boot statement. The following example illustrates the removal of an existing boot statement.
3600#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
3600(config)#no boot system flash slot1:c3640-i-mz.120-22.bin
3600(config)#^Z
3600#
The statement "no boot system flash slot1:c3640-i-mz.120-22.bin" is removed from the configuration. Verify that the command has been removed by issuing the show running-config command.
Setting New Boot Statements
Now set the router to boot the new image. Issue the following command to set the boot system parameter:
boot system flash slot#:{imagename} (imagename = name of the new Cisco IOS software image)
3600#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
3600(config)#boot system flash slot1:c3640-i-mz.122-7b.bin
3600(config)#^Z
3600#write memory
3d01h: %SYS-5-CONFIG_I: Configured from console by vty0
Building configuration...
3600#
Be sure to verify that you are using config-register 0x2102 by issuing the show version command. If it is set up differently, you can change it by issuing the following command in configuration mode:
3600#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
3600(config)#config-register 0x2102
3600(config)#^Z
After changing the config-register, the change takes place at the next reload.
Step 6: Reboot the router to load the new image
For the router to run the new Cisco IOS software image, you need to reload the router. Make sure you have saved the configuration by issuing the copy running-config starting-config or write memory commands.
3600#write memory
3d01h: %SYS-5-CONFIG_I: Configured from console by vty0 (127.0.0.11)
Building configuration...
3600#reload
After the router comes up, make sure you are currently running the new version of code, by issuing the show version command.
3640#show version
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3640-I-M), Version 12.2(7b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Mon 04-Mar-02 20:23 by pwade
Image text-base: 0x600089A8, data-base: 0x60A6A000
ROM: System Bootstrap, Version 11.1(19)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (f)
Router uptime is 2 minutes
System returned to ROM by reload
System image file is "slot1:c3640-i-mz.122-7b.bin"
cisco 3640 (R4700) processor (revision 0x00) with 59392K/6144K bytes of memory.
Processor board ID 10524422
R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
4 Ethernet/IEEE 802.3 interface(s)
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of non-volatile configuration memory.
4096K bytes of processor board System flash (Read/Write)
20480K bytes of processor board PCMCIA Slot0 flash (Read/Write)
20480K bytes of processor board PCMCIA Slot1 flash (Read/Write)
Configuration register is 0x2102
How To Configure SNMP Community Strings on a Router 18 Nov 2009 5:15 AM (15 years ago)
How To Configure SNMP Community Strings on a Router and a Cisco IOS Software−based XL Catalyst Switch
Enable SNMP Community Strings
The procedure listed below is the same for both routers and Cisco IOS software−based XL Catalyst Switches.
Telnet to the router:
prompt# telnet 172.16.99.20
1.Enter the enable mode by entering the enable password at the prompt:
Router>enable
Password:
Router#
2.Display the running configuration and look for the SNMP information:
Router#show running−config
Building configuration...
....
Note: If no SNMP information is present, continue with the steps below. If any SNMP commands are
listed, you can modify or disable them.
3.Go into the configuration mode:
Router#configure terminal
Enter configuration commands, one per line. End
with CNTL/Z.
Router(config)#
4.Use the command below to enable the Read−only (RO) community string:
Router(config)#snmp−server community public RO
where "public" is the Read−only community string.
5.Use the command below to enable the Read−write (RW) community string:
Router(config)#snmp−server community private RW
where "private" is the Read−write community string.
6.Exit out of the configuration mode and return to the main prompt:
Router(config)#exit
Router#
7. Write the modified configuration to nonvolatile RAM (NVRAM) to save the settings:
Router#write memory
Building configuration...
[OK]
Router#
Verify SNMP Community Strings:
Here is how to verify SNMP community strings.
Verify that there is TCP/IP connectivity between the Network Management Server (NMS) server and
the router:
C:\>ping 172.16.99.20
Pinging 172.16.99.20 with 32 bytes of data:
Reply from 172.16.99.20: bytes=32 time<10ms ttl="247" bytes="32" time="10ms" ttl="247" bytes="32" ttl="247" bytes="32" ttl="247" sent =" 4," received =" 4," lost =" 0" minimum =" 0ms," maximum =" 10ms," average =" 2ms">enable
Password:
Router#
3.
Display the running configuration and look for the SNMP information:
Router#show running−config
....
snmp−server community public RO
snmp−server community private RW
....
In the above sample output, "public" is the read−only community string and "private" is the
read−write community string.
Note: If you do not see any "snmp−server" statements, SNMP has not been enabled on the router.
Alternatively, execute the show snmp command in the enable mode. If you see the following
message, it also indicates that SNMP has not been enabled on the router:
Router#show snmp
%SNMP agent not enabled
Router#
4.
Exit out of the enable mode and return to the main prompt:
Router#disable
Router>
Modify SNMP Community Strings:
Follow these steps to modify SNMP community strings.
Telnet to the router:
prompt# telnet 172.16.99.20
1.
Enter the enable mode by entering the enable password at the prompt:
Router>enable
Password:
Router#
2.
Display the running configuration and look for the SNMP information:
Router#show running−config
Building configuration...
...
snmp−server community public RO
snmp−server community private RW
....
3.
Go into the configuration mode:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
To modify the current Read−only (RO) community string:
Delete the current Read−only (RO) community string by using the command below:
Router(config)#no snmp−server community public RO (where "public" is
the Read−only community string)
×
a.
Enter the new Read−only (RO) community string by using the command below:
Router(config)#snmp−server community XXXX RO (where "XXXX" is
the Read−only community string)
×
b.
¨
To modify the current Read−write (RW) community string:
Delete the current Read−write (RW) community string by using the command below:
Router(config)#no snmp−server community private RW (where "private"
is the Read−write community string)
×
a.
Enter the new Read−write (RW) community string by using the command below:
Router(config)#snmp−server community YYYY RW (where "YYYY" is
the Read−write community string)
×
b.
¨
4.
Exit out of the configuration mode and return to the main prompt:
Router(config)#exit
Router#
5.
Write the modified configuration to nonvolatile RAM (NVRAM) to save the settings:
Router#write memory
Disable/Remove SNMP Community Strings:
Follow these directions to disable or remove SMMP community strings.
Telnet to the router:
prompt# telnet 172.16.99.20
1.
Enter the enable mode by entering the enable password at the prompt:
Router>enable
Password:
Router#
2.
Display the running configuration and look for the SNMP information:
Router#show running−config
Building configuration...
...
...
snmp−server community public RO
snmp−server community private RW
....
....
3.
Go into the configuration mode:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
4.
To disable/remove the current Read−only (RO) community string, use the following command:
Router(config)#no snmp−server community public RO
where "public" is the Read−only community string
5.
To disable/remove the current Read−write (RW) community string, use the following command:
Router(config)#no snmp−server community private RW
where "private" is the Read−write community string
6.
Exit out of the configuration mode and return to the main prompt:
Router(config)#exit
Router#
7.
Write the modified configuration to nonvolatile RAM (NVRAM) to save the settings:
Router#write memory
Building configuration...
[OK]
Router#
Advanced Routers and Routings in Cisco 18 Nov 2009 4:42 AM (15 years ago)
Chapter details and links given below:
1. Layer2 Switching: http://skvincent.home.att.net/NET224_7.htm
2. Virtual LAN's(vlan): http://skvincent.home.att.net/NET224_8.htm
3. Manage Cisco Internetwork: http://skvincent.home.att.net/NET224_9.htm
4. Manage Access List: http://skvincent.home.att.net/NET224_10.htm
5. Wide Area Network Protocol: http://skvincent.home.att.net/NET224_11.htm
Credit goes to: Stevevincent
Introduction to Routers and Routing in Cisco 18 Nov 2009 4:25 AM (15 years ago)
Chapter details and link are given below:
1. Introduction : http://home.att.net/~s.k.vincent/NET222_1.htm
2. Internet Protocol: http://home.att.net/~s.k.vincent/NET222_2.htm
3. IP subnetting: http://home.att.net/~s.k.vincent/NET222_3.htm
4. Introduction of Cisco IOS: http://home.att.net/~s.k.vincent/NET222_4.htm
5. IP routing: http://home.att.net/~s.k.vincent/NET222_5.htm
6. EIGRP and OSPF: http://home.att.net/~s.k.vincent/NET222_6.htm
Credit goes to: SteveVincent
Recovering A Lost Enable Secret Password in Cisco Router 3 Aug 2009 8:37 AM (15 years ago)
If the enable secret password is lost, a new password must be set. To recover a lost enable secret for cisco routers, follow the steps outlined below.
Before you begin - Connect A Console
Connect through Hyperterminal Procedure:
1. Power cycle the router.
2. Send a "break" command to the router within the first 60 seconds after power cycle. The break command will vary depending on the terminal emulation package used. For Windows Hyperterminal, the break command is sent by holding the CTRL key down and pressing the BREAK key. After sending a successful break character, the router will be in ROM monitor mode as indicated by the angle bracket (>) prompt.
3. From the ROM monitor prompt, set the configuration register value to 0x142. This causes the router to bypass the configuration contents stored in NVRAM upon next bootup and reboot the router by typing the following: 2500/4000
4. > o/r 0x142
5. > i
or 1000/1600/3600/4500
> confreg 0x142
> reset ``````````````````````````````````` The router will reboot itself
6. Enter privileged EXEC mode by typing the enable command. No password will be required. The prompt will change to Router(boot)#.
7. Router> enable
8. Router#
9. Load the original configuration back into the router. There are two equivalent ways of doing this depending on the software version you are running.
10.Router# copy startup-config running-config
For IOS Releases 11.0 and above OR
Router# config mem
For IOS Releases prior to 11.0
11. Set the new enable password.
12.Router# config term
13.Router(config)# enable secret new_password
14. Restore the configuration register and exit configuration mode. The configuration register must be reset so the router will properly boot using the configuration now stored in NVRAM.
15.Router(config)# config-reg 0x2102
16.Router(config)# end
17. Save changes
18.Router# copy running-config startup-config
For IOS Releases 11.0 and above OR
Router# write memory
Nat Enable in Cisco 2600 Router 3 Aug 2009 8:33 AM (15 years ago)
interface FastEthernet0/0
ip address 66.178.43.50 255.255.255.128
ip nat outside
duplex auto
speed auto
no keepalive
!
interface FastEthernet0/1
ip address 192.168.168.1 255.255.255.224 secondary
ip address 172.22.11.1 255.255.255.224 secondary
ip nat inside
duplex auto
speed auto
!
ip nat pool sharif 66.178.43.3 66.178.43.4 prefix-length 24
ip nat inside source list 1 pool sharif overload
no ip http server
no ip http secure-server
ip classless
!
ip route 0.0.0.0 0.0.0.0 66.178.43.1
!
!
access-list 1 permit 172.0.0.0 0.255.255.255
access-list 1 permit 192.0.0.0 0.255.255.255
dialer-list 1 protocol ip permit
DHCP configuration in Cisco Router 3 Aug 2009 8:01 AM (15 years ago)
!
no ip dhcp conflict logging
ip dhcp excluded-address 191.121.121.1
!
ip dhcp pool sharif
network 191.121.121.0 255.255.255.0
default-router 191.121.121.1
domain-name www.sharif.com
dns-server 66.178.2.16
!
ip name-server 66.178.2.25
ip name-server 195.129.12.122
no ftp-server write-enable
Redhat Lab Manuals - Squid Proxy, FTP / Apache / Email / DNS Servers, filt 2 Aug 2009 7:05 AM (15 years ago)
LAB 1. Iptables – Multi Network Firewall (3 Network Cards, refer to scenario)
PACKAGE REQUIRED: squid
iptables –A FORWARD –j ACCEPT
iptables –t nat –A PREROUTING –d 66.178.1.221 –p tcp –m tcp --dport 80 –j DNAT --to-destination 10.1.1.2:80
iptables –t nat –A PREROUTING -s 192.168.0.0/24 –p tcp –m tcp --dport 80 –j DNAT --to-destination 192.168.0.1:3128
iptables –t nat –A POSTROUTING –o eth0 –j SNAT –-to-source 66.178.1.221
iptables-save > /etc/sysconfig/iptables
service iptables restart
vi /etc/sysctl.conf
(change this setting: net.ipv4.ip_forward = 1)
sysctl -p
LAB 2. Iptables – SQUID TRANSPARENT PROXY (2 Network Cards, refer to scenario)
PACKAGE REQUIRED: squid
IPTABLES FIREWALL CONFIGURATION:
iptables –A FORWARD –j ACCEPT
iptables –t nat –A PREROUTING -s 192.168.0.0/24 –p tcp –m tcp --dport 80 –j DNAT --to-destination 192.168.0.1:3128
iptables –t nat –A POSTROUING –o eth0 –j SNAT –-to-source 66.178.1.221
iptables-save > /etc/sysconfig/iptables
service iptables restart
SQUID PROXY CONFIGURATION:
http_port 192.168.0.1:3128
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 MB
cache_swap_low 80
cache_swap_high 100
maximum_object_size 1024 KB
cache_dir ufs /var/spool/squid 512 16 256
cache_access_log /var/log/squid/access.log
cache_log none
cache_store_log none
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl full_host src 192.168.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow full_host
http_access deny all
http_reply_access allow all
icp_access allow all
memory_pools off
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_port 80
httpd_accel_uses_host_header on
LAB 1 and LAB 2 checklist and additional information:
Make sure iptables and squid services are started, also check ntsysv
Check squid logs in /var/log/squid/access.log if squid transparent is working
Save your firewall using iptables-save > /etc/sysconfig/iptables
You can edit firewall using vi /etc/sysconfig/iptables and restart the firewall using service iptables restart
You can check if squid is installed using rpm –q squid
Make sure that net.ipv4.conf.default.rp_filter = 1 is enabled in /etc/sysctl.conf
LAB 3. VsFTPd – File Transfer Protocol server
PACKAGE REQUIRED: vsftpd
adduser sample –g 100 –c “sample description”
passwd sample
NOTE: Please copy any file to /var/ftp/pub and any file to /home/sample
LAB 3 checklist and additional information:
Make sure vsftpd started, also check ntsysv
Check ftp logs in /var/log/xferlog if vsftpd is working
Access your PUBLIC ftp
Access your PRIVATE ftp, you must login and supply password
LAB 4. Apache – Web server (IP-based)
PACKAGE REQUIRED: httpd-* php-*
SINGLE DOMAIN:
Copy or create an HTML file in /var/www/html and preview it in Web Browser
VIRTUAL DOMAIN:
Create sub-interface using GUI redhat-config-network or ifconfig
adduser sample1 –g 100 –c “sample1 description”
passwd sample1
cd /home/sample1
mkdir html
mkdir logs
mkdir icons
chmod 777 /home/sample1 -Rf
vi /etc/httpd/conf.d/sample1.conf
ServerAdmin sample1@sample.com
DocumentRoot /home/sample1/html
ServerName 10.1.1.3
ErrorLog /home/sample1/logs/error_log
TransferLog /home/sample1/logs/access_log
Order Deny,Allow
Allow from all
Options +Indexes
DirectoryIndex index.html index.php
LAB 4 checklist and additional information:
Make sure httpd started, also check ntsysv
Check https logs in /home/sample/logs/access.log if httpd is working
Copy or create an HTML file in /home/sample/html and preview it in Web Browser specify the IP
LAB 5. MySQL – Database Server
PACKAGE REQUIRED: libdbi, libdbi-dbd, mysql, mysqlclient10, mysql-server, perl-DBI, perl-DBD-mysql, php, php-mysql, php-mbstring, php-ldap, php-odbc, php-pear
NOTE: Please verify the following packages are installed, if not please install them before proceeding to the rest of the lab. The command “rpm –q package_name” verifies if a package is install, if not you can use “rpm –ivh package_name” to install it.
LAB 6. DNS – Domain Name Server
PACKAGE REQUIRED: caching-nameserver, bind
vi /etc/named.conf (add the following:)
zone "yourcompany.com" {
type master;
file "yourcompany.com.zone";
vi /var/named/yourcompany.com.zone (add the following)
$ORIGIN yourcompany.com.
$TTL 86400
@ IN SOA ns.yourcompany.com. admin.yourcompany.com. (
7 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ; ttl
)
IN NS ns.yourcompany.com.
IN MX 10 mail.yourcompany.com.
IN A 10.1.1.2
ftp IN A 10.1.1.3
www IN A 10.1.1.4
mail IN A 10.1.1.5
LAB 6. Postfix/Cyrus-IMAPd – Mail Server
PACKAGE REQUIRED: pam_mysql, postfix-mysql, squirrelmail, cyrus-imap, web-cryadm
NOTE: Please check exact package name, actual filename may change because of version number.
INSTALL AND CONFIGURE web-cyradm /var/www/html/cyrus/config/conf.php
# The Cyrus login stuff
$CYRUS = array(
'HOST' => 'localhost',
'PORT' => 143,
'ADMIN' => 'cyrus',
'PASS' => 'secret'
);
$DB = array(
'TYPE' => 'mysql',
'USER' => 'mail',
'PASS' => 'secret',
'PROTO' => 'unix', // set to "tcp" for TCP/IP
'HOST' => 'localhost',
'NAME' => 'mail'
);
START MYSQLD, ASSIGN ROOT PASSWORD AND DATABASE web-cyradm
service mysqld start
mysqladmin -u root -p password 123456
mysqld -u root -p < /var/www/html/cyrus/scripts/insertuser_mysql.sql
mysqld mail -u root -p < /var/www/html/cyrus/scripts/create_mysql.sql
PAM AUTHENTICATION
(do this in /etc/imap.d)
vi /etc/pam.d/imap
vi /etc/pam.d/smtp
vi /etc/pam.d/pop
vi /etc/pam.d/seive
auth sufficient pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time
account required pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time
SASLAUTHD
vi /etc/sysconfig/saslauthd
# Directory in which to place saslauthd's listening socket, pid file, and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd
# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled to use.
MECH=pam
# Additional flags to pass to saslauthd on the command line. See saslauthd(8)
# for the list of accepted flags.
FLAGS=-r
START=yes
CYRUS IMAPD CONFIGURATION
vi /etc/imapd.conf
vi /etc/imapd-local.conf
postmaster: postmaster
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sieve_maxscriptsize: 320
sieve_maxscripts: 5
unixhierarchysep: yes
altnamespace: yes
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
allowanonymouslogin: no
allowplaintext: yes
allowplainwithouttls: yes
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
servername: host.example.com
CYRUS IMAPD CONFIGURATION
vi /etc/cyrus.conf
START {
recover cmd="ctl_cyrusdb -r"
idled cmd="idled"
}
SERVICES {
imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
pop3 cmd="pop3d" listen="pop3" prefork=3
pop3s cmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="sieve" prefork=1
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
}
EVENTS {
checkpoint cmd="ctl_cyrusdb -c" period=30
delprune cmd="cyr_expire -E 3" at=0400
tlsprune cmd="tls_prune" at=0400
}
CONFIGURE POSTFIX
vi /etc/postfix/main.cf
# postfix user/group
#soft_bounce=yes
mail_owner = postfix
setgid_group = postdrop
delay_warning_time = 4
# postfix paths
html_directory = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
queue_directory = /var/spool/postfix
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.2/samples
readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES
# network settings
inet_interfaces = all
mydomain = yourdomain.com
myhostname = host.yourdomain.com
mynetworks = 192.168.0.0/16,
127.0.0.0/24,
69.239.170.72/29
mydestination = $myhostname,
localhost.$mydomain,
localhost,
mysql:/etc/postfix/mysql-mydestination.cf
relay_domains = $mydestination
# mail delivery
local_transport = cyrus
mailbox_transport = cyrus
recipient_delimiter = +
# mappings
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf,
regexp:/etc/postfix/virtual_regexp
transport_maps = mysql:/etc/postfix/mysql-transport.cf,
regexp:/etc/postfix/transport_regexp
#local_recipient_maps =
# sympa parameters
# sympa_destination_recipient_limit = 1
# sympabounce_destination_recipient_limit = 1
# debugging
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
# authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
# rules restrictions
# smtpd_client_restrictions = reject_rbl_client sb1.spamhaus.org
smtpd_helo_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_hostname
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain
smtpd_helo_required = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
CONFIGURE POSTFIX
vi /etc/postfix/master.cf
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
CONFIGURE POSTFIX
vi /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
CONFIGURE POSTFIX
/etc/postfix/mysql-canonical.cf
hosts = 127.0.0.1
user = mail
password = secret
dbname = mail
table = virtual
select_field = alias
where_field = username
additional_conditions = and status = '1' limit 1
CONFIGURE POSTFIX
/etc/postfix/mysql-mydestination.cf
hosts = 127.0.0.1
user = mail
password = secret
dbname = mail
table = domain
select_field = domain_name
where_field = domain_name
CONFIGURE POSTFIX
/etc/postfix/mysql-relay.cf
hosts = 127.0.0.1
user = mail
password = secret
dbname = mail
table = domain
select_field = transport
where_field = domain_name
CONFIGURE POSTFIX
/etc/postfix/mysql-transport.cf
hosts = 127.0.0.1
user = mail
password = secret
dbname = mail
table = domain
select_field = transport
where_field = domain_name
CONFIGURE POSTFIX
/etc/postfix/mysql-virtual.cf
hosts = 127.0.0.1
user = mail
password = secret
dbname = mail
table = virtual
select_field = dest
where_field = alias
additional_conditions = and status = '1'
CONFIGURE POSTFIX
/etc/postfix/transport_regexp
# /^.*+owner\@lists\..*$/ sympabounce:
# /^.*\@lists\..*$/ sympa:
CONFIGURE POSTFIX
/etc/postfix/virtual_regexp
# This will be used to deal with the mailing lists
#/^(.*)-owner\@lists\.(.*)$/ $1+owner@lists.$2
service postfix start
service saslauthd start
service cyrus-imapd start
service mysqld start
Mail Server configuration through Postfix with virtual Domain in Linux RedhatES4 2 Aug 2009 6:21 AM (15 years ago)
Postfix with Virtual Domain / MExchange in Linux
All related files of rpm and configuration files get from below link to complete MExchange in linux:
http://www.megaupload.com/?d=U8SUSQUJ
Installation and Configuration Procedure in Power Point Slides Step by Step: http://www.megaupload.com/?d=MQ1BICOE
First during installation need to be select these programs --
· In Webserver = php-mysql & php-odbc
· Select DNS Name Server
· Select Mysql Database = my sql-server
· In Mail server = cyrus-imapd & squirrelmail
Install these packages additionally for Mexchange:
Install - rpm –ivh postfix-2.1.5-4.2.RHEL4.mysql.centos4.i386.rpm
Then install - rpm –ivh pam-mysql-0.5.1.i386.rpm
Then install - rpm –ivh phb-mbstring-4.3.9-3.1.i386.rpm
Cyrus-imapd already installed during installation if not should be install
Squirrelmail already installed during installation if not should be install
===============================================================
Go to WEB-CYRADM folder copy (cp) web-cyradmn-svn-0.5.5.tar t0 /var/www/html
Then cd /var/www/html => tar xvfz web-cyradm-svn-0.5.5.tar.gz
Then mv tmp/web-cyradm-0.5.5 web-cyradm
Then go to WEB-CYRADM folder - cp conf.php /var/www/html/web-cyradm/config/
===============================================================
Go to folder POSTFIX – copy * /etc/postfix/ -Rf
Vi /etc/postfix/main.cf :
Edit : domain - sharif.com / host – mail.sharif.com / network – 121.121.121.1/24
Go to folder PAM.D - copy * /etc/pam.d/ -Rf (5 files)
===============================================================
Password creation for MYSQL server:
mysqladmin -u root password 123456
mysql -u root –p < /var/www/html/web-cyradm/scripts/insertuser_mysql.sql password: 123456 mysql mail –u root –p < /var/www/html/web-cyradm/scripts/create_mysql.sql password 123456 copy saslauthd file - cp saslauthd /etc/sysconfig/ =============================================================== Under Root – Type - /usr/share/squirrelmail/config/conf.pl 2 – domain : sharif.com 3 – 2 (smtp) A = 8 – cyrus Save then Quit =============================================================== Go to CYRUS folder then copy all files : cp * /etc/ -Rf =============================================================== Then go NTSYSV - saslauthd + postfix + cyrus-imapd + named + httpd + mysql (select) After enable to need to restart services - all which we enabled (chkconfig –add postfix) ===============================================================
BIND DNS:
Need to install rpm file – rpm –ivh Caching-nameserver-7.3.3.noarch.rpm
Vi /etc/named.conf
--------------------------------------------------------------------------
Add zone: zone “sharif.com” IN {
type master;
file “sharif.com.zone”;
allow-update { none; };
};
--------------------------------------------------------------------------
Then go cd - /var/named/chroot/var/named -
vi sharif.com.zone
===============================================================
$ORIGIN sharif.com.
$TTL 86400
@ IN SOA ns.sharif.com admin.sharif.com. (
7 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ; ttl
IN NS ns.sharif.com.
IN A 121.121.121.1
IN MX 10 mail.sharif.com.
mail IN A 121.121.12.12.1 {save}
===============================================================
add in ntsysv - service named start
vi /etc/resolv.conf := search sharif.com / nameserver 127.0.0.1
vi /etc/sysconfig/network := HOSTNAME = ns.sharif.com
[dig sharif.com] service named restart (enter)
121.121.121.1/web-cyradm = admin/test (un/pw)
Tail –f /var/log/messages
Add new domain (sharif.com) mailto:nagur@sharif.com%20/%20shannu@sharif.com add accounts (2) smpl
For webmail : 121.121.121.1/webmail/src/webmail.php
Root password recovery in Linux Redhat 2 Aug 2009 6:15 AM (15 years ago)
Root Password Recovery Procedure:
During booting Press ‘e’
Go to Kernel and check ‘e’
at the end type Single (enter) and click ‘b’
then type passwd,
type new password and then reboot.
Disaster and Recovery, Backup or restore procedure in Linux 2 Aug 2009 6:11 AM (15 years ago)
Back-up and Restore:
Having a backup depends upon the scope of your server, for a MySQL server you need to backup /var/lib/mysql
#!/bin/bash
rm /opt/backup/set_a/server/gfps04/mysql.* -Rf
find /var/lib/mysql -mtime -31 -depth \! -type d > /tmp/modified_mysql.files
tar cT /tmp/modified_mysql.files > /opt/backup/set_a/server/gfps04/mysql.`date '+%d%b'`.tar
gzip -9f /opt/backup/set_a/server/gfps04/mysql.`date '+%d%b'`.tar
Restoration will require you more likely to use a separate test server, first examine the files to be restored so you may not damage the existing file system. If you are certain then you may copy the files in any way, but best is via scp (secure file copy) to maintain file ownership and permissions.
File System Health:
Place your Red Hat Enterprise 4 disk # 1 to CDROM drive and reboot. Following the loaded prompt enter: linux rescue
If it ask for file system mount answer NO. This will let you check file systems freely without any hard. Mount file system or choosing no is preferred only if you intend to change settings or edit files on your system.
Afterwards the bash prompt will appear and now your ready to examine your file system. This applicable on many cases, such as before having a backup, or having a corrupted disk and you are attempting to recover from it.
bash# fsck /dev/hda1 bash# fsck /dev/hda2
If your hard disk is an ide it will be /dev/had device, for scsi or sata it will be /dev/sda. Fsck might find corrupted files, if so it will ask you to fix it, press “Y” for yes if it does check inconsistency. After having checked all file systems, you may reboot.
Automatic Backup:
As you learned in CRON you may create a script to backup necessary service location. You may design your very own backup system as long as you can restore it.
[root@ server01 ~]# mkdir scripts
[root@ server01 ~]# mkdir /opt/backup
[root@ server01 ~]# cd scripts
[root@ scripts]# vi sql_backup.sh
#!/bin/bash
rm /opt/backup/mysql.* -Rf
find /var/lib/mysql -mtime -31 -depth \! -type d > /tmp/modified_mysql.files
tar cT /tmp/modified_mysql.files > /opt/backup/mysql.`date '+%d%b'`.tar
gzip -9f /opt/backup/mysql.`date '+%d%b'`.tar
[root@ scripts]# vi /var/spool/cron/root
30 15 * * * sh /root/scripts/sql_backup.sh
[root@ scripts]# chmod 744 sql_backup.sh
You may want to try to script yourself by executing sh sql_backup.sh
[root@ scripts]# sh sql_backup.sh
Monitor the disk Space: df –h -7
Monitor system Load: [root@ server01 ~]# top
To monitor CPU Usage press Shift + P / Memory Usage press Shift + M
If ever you had pin point a service that is causing trouble, all you had to do is pin point the PID number. And using kill command to terminate the service.
[root@ server01 ~]# kill 8888
8888 is assumed to be the PID; you may check your own to get real service number. A leaky program such as those needing updates can cause memory or CPU leakage leaving it to use more memory or CPU resources than it should.
SE Linux configuration in linux redhat 2 Aug 2009 6:09 AM (15 years ago)
SELinux:
SELinux safe guards several services such as httpd to run only on port 80 and not to allow any other services to hi-jack port 80. The configuration is pretty simple and everything else has been default. All you need to do is enable it.
[root@server01 ~]# vi /etc/selinux/config
SELINUX=enforcing (how to protect)
SELINUXTYPE=targeted (what to protect)
Apache Web Server Configuration in Linux Redhat ES4 2 Aug 2009 6:04 AM (15 years ago)
Web Server had become so important into today e-commerce. For RedHat Administrator task to setup a fast, efficient and reliable web server. Apache supports nearly all technology of web such as PHP, XML, JSP and ASP. Apache has very strong point of usage which is PHP. There are three type of Apache – Single Domain, IP Based Virtual Host and Name Based Virtual Host.
Single Domain:
Apache is a single domain only running on port 80 of your network interface. The default conf. files of apache located in /etc/httpd and the root home can be located in /var/www/html.
To check whether Apache is there or not the command: rpm –q httpd
files store in /etc/www
Then go ntsysv and check whether httpd select – vi /etc/httpd/conf.d (global conf. can’t change)
My setup of Apache web server will incorporate PHP and MySQL, it is so famous for the acromyn LAMP (Linux, Apache, MySQL, PHP) google and yahoo is built from this platform. During installation package selection or even installation of RedHat via rpm. Open web browser and test your web server http://192.168.0.1/ (you should see Apache test page)
RHEL 4 has Apache 2.0 / PHP 4.3 / PERL 5.8 / MySQL 4.1
Apache 2.0 virtural host conf. should be save /etc/httpd/conf.d/profile.conf
IP Based Virtual Host:
If you don’t have any plan to register your domain, but you need to have web services over internet, your have no option but to use IP Based Virtual Host. Virtual host mean allows you to create another web server service to listen on another IP address or interface. If don’t have dns therefore Apache will listen on Virtual IP. Right now create a virtual ip either you preferred method, command line or system config network (XII). If you have only one interaface create alias eth1 to eth1:1 and assign different IP. Then restart network service change to take effect.
First create Virtual IP, 192.168.0.2 – eth1 and 192.168.0.3/0.4 – eth1:1/eth1:2
Create User (unix accnt): adduser alvin –g apache –d /var/www/alvin
Adduser sharif –g apache –d/var/www/sharif
Edit files
vi /etc/httpd/conf.d/alvin.conf
Document Root /var/www/alvin/public_html
Server Name http://www.alvin.com/
Directory Index index.html index.htm index.shtml
vi /etc/httpd/conf.d/sharif.conf
Document Root /var/www/sharif/public_html
Server Name http://www.sharif.com/
Directory Index index.html index.htm index.shtml
Then go each user create sample file as below:
[root@server01 alvin]# cd public_html [root@server01 sharif]# cd public_html
[root@server01 public_html]# vi index.html [root@server01 public_html]# vi index.html
Hello World! I’m a Red Hat Linux System Administrator!
Save the file the restart Apache - service httpd restart
Click on webbrowser: http://192.168.0.3/ or http://192.168.0.4/ to see the test page.
Name Based Virtual Host:
If you have a DNS properly registered resolve and you have a static IP, then you can create Name Based Virtual Host. Imagine a Single IP address having multiple host name alias.
First create Virtual IP, 192.168.0.2 – eth1 and 192.168.0.3 – eth1:1
Ex: 192.168.0.3 – www.alvin.com/www.sharif.com/www.shasmeen.com
Create User (unix accnt): adduser alvin –g apache –d /var/www/alvin (sharif / shasmeen)
Edit files
vi /etc/httpd/conf.d/alvin.conf
Document Root /var/www/alvin/public_html
Server Name http://www.alvin.com/
Directory Index index.html index.htm index.shtml
vi /etc/httpd/conf.d/sharif.conf
Document Root /var/www/sharif/public_html
Server Name http://www.sharif.com/
Directory Index index.html index.htm index.shtml
Then go each user create sample file as below:
[root@server01 alvin]# cd public_html [root@server01 sharif]# cd public_html
[root@server01 public_html]# vi index.html [root@server01 public_html]# vi index.html
Hello World! I’m a Red Hat Linux System Administrator!
Save the file the restart Apache - service httpd restart
Click on webbrowser: http://www.alvin.com/ or http://www.sharif.com/ to see the test page.
Samba Domain Controller configuration in linux Redhat ES4 2 Aug 2009 5:55 AM (15 years ago)
During installation Linux ES4 should be select service File Server its automatically installed Sambas otherwise will install manually samba swat(web).
Before install the samba should be install shadow_utilities for user creates
Shadow_utilites-4.0.3-56.i386.rpm
Installation the file:
rpm –ivh
Samba Domain Controller- samba-3.0.10-1.4E for RedHat4 ES for Active Directory (samba+LDAP)
Samba domain controllers with LDAP support. Samba has limited features such as Domain and Admin Group, neither does it support full active directory. Roaming profiles is compatible with Primary and Backup Domain Controller or Stand-Alone. Also function as Domain member of windows domain family.
The technique to perform SDC user accounts requires a good knowledge of UNIX accounts & groups. Samba map its username to UNIX accounts. Can either create UNIX account buy using adduser.
Root# adduser test –g 100 (create the user test under user group – GID 100)
Samba an account, a UNIX account should first exist. Can also use system-config-users which offers a GUI interface under XII.
To make Domain Controller: (Domain – WORKGROUP) –
vi /etc/samba/smb.conf
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2006/02/06 11:53:56
# Global parameters
[global]
workgroup = WORKGROUP
server string = Red Hat Enterprise 4
passwd program = /usr/bin/passwd %u
username map = /etc/samba/smbusers
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/adduser %u
delete user script = /usr/sbin/userdel %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add machine script = /usr/sbin/useradd -d /dev/null -c 'machines' -s /sbin/false %u
domain logons = Yes
os level = 99
preferred master = Yes
domain master = Yes
dns proxy = No
ldap ssl = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
admin users = @users
cups options = raw
oplocks = True
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[utils]
comment = utils
path = /home/utils
force user = root
force group = root
guest ok = Yes
[homes]
comment = Home Directories
read only = No
guest ok = Yes
Browseable = No
The package – samba-swat-3.0.10.-1.4E like web, After installed should be enable it via "ntsysv" and check smb,
then command service xinetd restart or service smb start
Root# (add user) adduser sharif –c “Nagur Sharif” –g 100
Set password: smbpasswd –a sharif…..type new password:xxxxxxx
When we login from xp…it will goes non-privalised mode, should be apply administrator level. Computer name should be different user name then it will login otherwise it not.
Restriction Web Access by Time and IP address through Squid Proxy in Linux Version 7,9,10 2 Aug 2009 5:47 AM (15 years ago)
vi /etc/squid/squid.conf
#Sample configuration of squid proxy below:
http_port 192.168.0.1:3128
cache_mem 20MB
cache_dir_ufs /var/spool/squid 2000 16 256
chae_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
acl our_host src 192.168.0.10 192.168.0.100
acl our_host1 src 10.10.10.10 10.10.10.50
http_access allow our_host
http_access allow our_host1
http_access deny all
#Port 80 is block by default, isp provide forces of proxy:
cache_peer (server ip) (port) 0 default no-query
never_direct allow all
#Direct connection with auto proxy: Transparent Proxy
httpd_accel_host virtual
httpd_accel_port 80
gttpd_accel_single_host on
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Restriction Web Access By Time:
# Add this to the bottom of the ACL section of squid.conf
acl home_network src 192.168.1.0/24
acl business_hours time M T W H F 9:00-17:00
# Add this at the top of the http_access section of squid.conf
http_access allow home_network business_hours
Or, you can allow morning access only:
# Add this to the bottom of the ACL section of squid.conf
acl mornings time 08:00-12:00
# Add this at the top of the http_access section of squid.conf
http_access allow mornings
Restricting Web Access By IP Address:
You can create an access control list that restricts Web access to users on certain networks. In this case, it's an ACL that defines a home network of 192.168.1.0.
# Add this to the bottom of the ACL section of squid.conf
acl home_network src 192.168.1.0/255.255.255.0
You also have to add a corresponding http_access statement that allows traffic that matches the ACL:
# Add this at the top of the http_access section of squid.conf
http_access allow home_network
phpBB configuration manual 2 Aug 2009 5:39 AM (15 years ago)
Setting up a Linux Server for phpBB :: phpBB tutorial
Brief Tutorial on Apache, PHP, and MySQL Installation and Configuration
Introduction
Software Used
Document Conventions
Apache, PHP, MySQL Installation and Initial Setup
Apache
MySQL
PHP
Configuration and Testing
Preliminary phpBB Installation Steps
Obtaining phpBB
Installing phpBB
MySQL Database Setup
MySQL Basics
Creating the Database
Granting Access to the Database
Setting up phpBB
Using dbinformer.php
phpBB Installation
Changing the Installation Information (Host, User Name, Password)
Links
Contributions
Introduction
If you do not already know, phpBB is a php based message board that is open source. http://www.phpbb.com/This document, in addition to covering phpBB, briefly covers the installation and configuration of Apache, PHP, and MySQL, which are necessary to get up and running with phpBB. Note that phpBB works with many more system configurations than are mentioned here. It can be used with MySQL 3 and 4, PostgreSQL 7.x, and MS SQL 7/2000 and a web server that supports PHP.
Software Used
Apache 2.0.48
PHP 4.3.4
MySQL 4.0.16
phpBB 2.0.6
Document Conventions
This document will follow the following conventions:
Grey boxes will contain commands to be entered or lines to be inserted into a file.
In examples when a command is entered at a command prompt it will be preceded by a '$'.
When "PATH_TO_
Command/Code snippets and all other information that is being used from a source other than me will be appropriately documented as such.
Apache, PHP, MySql Installation and Initial Setup:
Apache
If you are installing from source see the Apache Compiling and Installing document. Their
Overview for the impatient is as follows:
Download $ lynx http://httpd.apache.org/download.cgi
Extract $ gzip -d httpd-2_0_NN.tar.gz
$ tar xvf httpd-2_0_NN.tar
Configure $ ./configure --prefix=PREFIX --enable-so
Compile $ make
Install $ make install
Customize $ vi PREFIX/conf/httpd.conf
Test $ PREFIX/bin/apachectl start
NN must be replaced with the current minor version number, and PREFIX must be replaced with the filesystem path under which the server should be installed. If PREFIX is not specified, it defaults to /usr/local/apache2.note: --enable-so is not part of Apache's documentation
IMPORTANT: you must add the --enable-so to get PHP working as a module later.
Security Note: If the only services you are going to be providing are http access and phpBB then you can use a firewall to close all ports except for port 80.
MySQL
If you are installing MySQL from binary, source, or RPM you can obtain a copy from www.mysql.com/downloads/. See www.mysql.com/documentation/mysql/bychapter/manual_Installing.html for all of the installation instructions. For the extremely daring and trusting, here is a summary for a binary installation (From MySQL's installation page):
The basic commands you must execute to install and use a MySQL binary distribution are:
shell> groupadd mysql
shell> useradd -g mysql mysql
shell> cd /usr/local
shell> gunzip < /path/to/mysql-VERSION-OS.tar.gz tar xvf - shell> ln -s full-path-to-mysql-VERSION-OS mysql
shell> cd mysql
shell> scripts/mysql_install_db
shell> chown -R root .
shell> chown -R mysql data
shell> chgrp -R mysql .
shell> bin/mysqld_safe --user=mysql &
If your version of MySQL is older than 4.0, substitute bin/safe_mysqld for bin/mysqld_safe in the final command.
If you want to install from source see www.mysql.com/documentation/mysql/bychapter/manual_Installing.html#Installing_source. No pasted summary here, its best to read what the MySQL team's documentation because there are system criteria you must meet and CFLAG settings that should be used.
Also, get the my-medium.cnf file from the MySQL documentation and replace my.cnf with this new file. (I find that the medium config gives decent performance, the large config eats up too much resources, and the little one is just weak)
PHP
You can download PHP from www.php.net/manual/en/install.unix.php. It is important to click on the "/downloads.php" and select one of the 4.3 source files. Do not attempt to install the "latest stable development version." The latest build may have problems during the make. PHP's source installation instructions are www.php.net/manual/en/install.apache2.php. You may also want to refer to dan.drydog.com/apache2php.html for information on getting it compiled and installed correctly. The most important thing is when running ./configure that you include the --with-apxs2=/"PATH_TO_apxs"/apxs and the --with-mysql which you may set
equal to your MySQL directory.
Do something similar to this:
$ cd /"PATH_TO_downloaded_php"/
$ tar zxvf php4-"version".tax.gz
$ cd php4-"numbers"/
$ ./configure \
--with-apxs2=/"PATH_TO_apxs"/apxs \
--with-mysql=/"PATH_TO_mysql"
$ make
$ make install
$ cp -p .libs/libphp4.so /"PATH_TO_apache"/modules
$ cp -p php.ini-recommended /"PATH_TO_prefix_to_php"/php.ini
NOTE: if you did not give a --prefix= option to ./configure
the last line will be:
$ cp -p php.ini-recommended /usr/local/lib/php.ini
NOTE: to find where apxs resides (or any other file that an explicit path is not given to in this document) run "find / -name 'apxs' -print".
Configuration and Testing
Now, Apache needs to be told about PHP. If httpd is running stop it:
NOTE: You can check if the httpd process is running by typing: "ps aux grep httpd". If a process other than grep is listed you need to stop the httpd daemon.
$ /etc/init.d/httpd stop
NOTE: If you installed from source this will be /"PATH_TO_apache"/bin/apachectl start.NOTE: If not, it may be in a different location and may be called apache2.
Open your .httpd.conf file (location varies depending on installation method). Customize the
variables in this file to suit your needs and add:
#Add where the other LoadModule lines are
#Make sure this line exist only once
LoadModule php4_module /"PATH_TO_apache"/modules/libphp4.so
#Find DirectoryIndex and add index.php
DirectoryIndex index.php index.html
AddType application/x-httpd-php .php .php4
AddType application/x-httpd-php-source .phps
Open up /"PATH_TO_php.ini"/php.ini and add or uncomment:
extension=mysql.so
Also have "safe_mode = off" in your php.ini file. The only reason to have it set to on is in a shared hosting environment.
Restart Apache:
$ /etc/init.d/httpd start
Test Apache and PHP
If Apache starts without any errors point your browser to "http://localhost" and see if the Apache test page loads. To test php create a file called test.php in your http root directory containing the following:
Security Note: Also, delete all of the files that Apache put by default in your html directory (In the past example files have been used as exploits. This is an easy precaution to take).
When pointing your browser to "http://localhost/test.php" you should see information about
your php installation.
Final Configuration of MySQLMake sure that the MySQL daemon is running, if not:
$ /etc/init.d/mysql start
If you installed MySQL via the binary or source install you will start it by:
$ cd /"PATH_TO_mysql"/$ ./bin/mysqld_safe --user=mysql &
If you have not already done so, use mysqladmin to create an account for root so root can access
MySQL
$ mysqladmin -u root password 'password_you_want'
Preliminary phpBB Installation Steps
Obtaining phpBB
phpBB can be obtained from www.phpbb.com/downloads.php
Installing phpBB
The initial installation of phpBB is as simple as extracting the archive and copying the PHPBB2 directory you HTML directory.
$ tar zxf phpBB-2.x.x.tar.gz$ mv ./phpBB2 /"PATH_TO_html_files"/
MySQL Database Setup
For a less hands on method (not entering the mysql commands by hand) use phpMyAdmin. Take a look at the demo on their site for an example. If using phpMyAdmin create a file called .htaccess in the phpMyAdmin install directory and add these lines:
IndexIgnore *order deny,allowdeny from allallow from 127.0.0.1
This makes it so that phpMyAdmin can only be accessed from the localhost. If not using phpMyAdmin follow these steps.
MySQL Basics
First some very basics tips for using MySQL. To enter into the mysql prompt type:
mysql -u root -p
You will then be prompted for the password that you set earlier using mysqladmin. Now you should see a prompt like "mysql> ".
As stated in MySQL Basics -- A MySQL Tutorial: "MySQL has good security controls, but the default installation is wide open. So, if you're doing a new installation, let's close things up before we go any further. Of course, change NewRootName and NewPassword, below, to something unique."
mysql> use mysql;
Database changed
mysql> delete from user where Host='%';
mysql> delete from user where User='';
mysql> delete from db where Host='%';
mysql> update user set User='NewRootName',
-> Password=password('NewPassword') where User='root';
mysql> flush privileges;
NOTE: The use mysql; command is not part of the cited example.
NOTE: use mysql; is not part of the cited example, but it is the databases that needs to be loaded in order to execute these commands.
NOTE: From this point on when starting the MySQL monitor you will need to use the "NewRootName" and "NewPassword" that you entered above. Example: "mysql -u my_new_root_name -p".
To see what databases exist use the SHOW DATABASES command:
mysql> show databases;
+----------+
Database
+----------+
mysql
test
+----------+
2 rows in set (0.00 sec)
To make changes to a database you will want to use the command USE "database name":
mysql> use mysql;Database changed
From here you can show the tables in the database, modify stuff, and a whole lot of other stuff. See MySQL Basics -- A MySQL Tutorial for more basic information and the MySQL Documentation for detailed information. Here is an example to view the tables in the database:
mysql> show tables;
+-----------------+
Tables_in_mysql
+-----------------+
columns_priv
db
func
host
tables_priv
user
+-----------------+
6 rows in set (0.00 sec)
Creating the Database
Back to the necessary steps to getting rolling with phpBB. In MySQL we need to create a new database for phpBB to use. This is done using the CREATE DATABASE command. http://www.mysql.com/doc/en/CREATE_DATABASE.html
mysql> create database phpbb_db;Query OK, 1 row affected (0.01 sec)
Granting Access to the Database
We now have a database called phpbb_db that will hold the information for phpBB. Next we grant the permissions for the database so that phpBB can access it. http://www.mysql.com/doc/en/Adding_users.html
mysql> use phpbb_db;
Database changed
mysql> GRANT ALL PRIVILEGES ON phpbb_db.* to phpbb_account@localhost
-> IDENTIFIED BY 'this_password';
Query OK, 0 rows affected (0.01 sec)
Now the phpbb_account has full access to our phpbb_db database. You can now type quit.
Setting up phpBB
Using dbinformer.php
In the phpBB2 directory there is a folder called contrib. It "contains a couple extra add-ons for phpBB 2.0.x." One of these extras is dbinformer. Point your web browser to "http://localhost/phpBB2/contrib/dbinformer.php". We can use it to ensure that phpBB will we able to use the database that we have created.
(click on image for a full sized view)
Because it was able to find and establish a connection to the database we are in the green to proceed.
phpBB Installation
Point your browser to "http://localhost/phpBB2/" and it should take you to the phpBB 2 installation page, "http://localhost/phpBB2/install/install.php" Fill in the fields similar to as shown in the screen shot.
(click on image for a full sized view)
Note: Its better to put your domain name (www.something.com) under "Domain Name:" rather than a local ip address (as is show in the screenshot). This will be used when it sends out e-mails that contain links back to your message board and can be changed at a later time by going to the "Administration Panel".
It may now inform you that the config is un-writable. Select "Just send the file to me and I'll FTP it manually" and click on "Download Config". Once downloaded copy it to your phpBB2 directory.
mv config.php /"PATH_TO_html_files"/phpBB2/
For security reasons you must delete "phpBB2/install" and "phpBB2/contrib". In the phpBB2 directory type
rm -rf install contrib
This completes the installation for the most part. Reload "http://localhost/phpBB2/" and you should be confronted with the message board. Once you log in there will be an "Go to Administration Panel" link at the bottom of the page. Click there and configure your new shiny phpBB!
Changing the Installation Information (Host, User Name, Password)
If your database's host name, database name, user name, or user password change after you delete the installation files you are able to modify them by editing config.php, which is found in the root of the install directory. You can also change the domain name that you had entered, during the install, by going into the "Administration Panel" -> "General Admin" -> "Configuration" and you will see "Domain Name" listed as the first field.
DHCP and TFTP server configuration in Linux 2 Aug 2009 5:30 AM (15 years ago)
Setting up DHCP and TFTP servers:
A DHCP server is required to provide IP addresses for the clients when booting Grub (BOOTP) and later when booting Linux. A TFTP server is required to make the boot images available on the network for Linux to boot. The TFTP server is also necessary to make it possible to save and restore the disk images.
3.1. Setting up DHCP
Details on DHCP are beyond the scope of this article. The "Linux Networking HOWTO" has a chapter on DHCP.
Setting up DHCP is very easy, but if you are in a network environment administered by someone else, it's advisable to use a preexisting DHCP server. If you "own" the network then you can follow this procedure.
Install DHCP, if not installed, from the rpm package, normally found in Linux distributions:
# rpm -ihv dhcp-*.rpm
Edit the /etc/dhcpd.conf file to configure DHCP service.
In our setup, the server has IP address 10.0.0.1 and provides IP addresses up to 253 clients. Configure /etc/dhcpd.conf according to your environment:
#/etc/dhcpd.conf
server-identifier dhcp.clonedomain.com;
default-lease-time 172800;
max-lease-time 604800;
option domain-name "clonedomain.com";
subnet 10.0.0.0 netmask 255.255.255.0 {
range dynamic-bootp 10.0.0.2 10.0.0.254;}
Start the dhcpd server:
/etc/rc.d/init.d/dhcpd start.
3.2. Setting up TFTP:
Setting up TFTP is almost as easy as DHCP.
First install from the rpm package:
# rpm -ihv tftp-server-*.rpm
Create a directory for the files:
# mkdir /tftpboot
# chown nobody:nobody /tftpboot
The directory /tftpboot is owned by user nobody, because this is the default user id set up by tftpd to access the files.
Edit the file /etc/xinetd.d/tftp to look like the following:
service tftp
{ socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -c -s /tftpboot
disable = no
per_source = 11
cps = 100 2 }
The changes from the default file are the parameter disable = no (to enable the service) and the server argument -c. This argument allows for the creation of files, which is necessary if you want to save boot or disk images. You may want to make TFTP read only in normal operation.
Then reload xinetd:
/etc/rc.d/init.d/xinetd reload
You can use the tftp command, available from the tftp (client) rpm package, to test the server. At the tftp prompt, you can issue the commands put and get.
Filtering URL's of sex through Dansguardian with Transparent Squid Proxy 29 Jul 2009 8:43 AM (15 years ago)
After running successfully Transparent proxy of Squid in Intranet or LAN, How to block Illegal sites through Dansguardian:
1) Need to check Transparent squid proxy running in LAN if running well go through below procedure:
2)Get Dansguadian file from http://rpmfind.net and search Dansguardian, get "dansguardian-2.8.0.6-1.2.el4.rpm" save to /opt.
3) Go to CD /opt : install Dansguardian software
"rpm -ivh dansguardian-2.8.0.6-1.2.el4.rpm"
after success install of Dansguardian file......
4) Copy the file "Dansguardian.pl" from /var/www/dansguardian to /var/www/cgi-bin
5)Edit below file:
Vi /etc/dansguardian/dansguardian.conf
============================================
Filter port = 8080
Proxy ip = 192.168.0.1 (eth1 IP)
Proxy port = 3128
============================================
6)Edit another file like below:
Vi /etc/httpd/conf.d/dansguardian.conf
==================================================
Script Alias /dansguardian/ /var/www/danguardian/
DirectoryIndex dansguardian.pl
Options ExecCGI
Order allow, deny
Allow from all
Allow from 127.0.0.1
=================================================
7) In browser of LAN or INTRANET put proxy IP AND PORT :
Proxy IP: 192.168.0.1 Port: 8080
8) All Illegal url blocked, can't access withthis proxy.
9) Need to enable Dansguarian from Boot: "ntsysv" and check Dansguardian, OK.
10) service dansguardian start
11) service network restart
12) service iptables restart
Credits: nsharif.blogspot.com
Squid & Transparent proxy Configuration in Redhat ES 4 29 Jul 2009 6:04 AM (15 years ago)
1) Need to check in linux Squid install or not fist....
In terminal type: "rpm -q squid"
2) If not install software, please get rpm file from http://rpmfind.net and search "squid" and get the file "squid-2.5.STABLE6-3.i386.rpm" for Redhat ES4 & save to /opt then cd /opt
3)Install squid in cd /opt: "rpm -ivh squid-2.5.STABLE6-3.i386.rpm"
4) After install success need to edit squid.conf like below:
vi /etc/squid.conf
=================================================
http_port 192.168.0.1:3128
heirarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 # use 32MB of memory only
cache_swap_low 80 # set cache sensitivity
cache_swap_high 100 # set cache sensitivity
maximum_object_size 1024 KB # if objects are too large, dont cache
cache_dir ufs /var/spool/squid 512 16 256 # use 512mb disk space for cache only
cache_access_log /var/log/squid/access.log (none in Future) # disable logs access
cache_log none # disable the object cache logs
cache_store_log none # disable the store cache logs
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
half_closed_clients off # don't monitor browser status
acl all src 0.0.0.0/0.0.0.0
acl full_host src 192.168.0.0/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow full_host
http_access deny all
http_reply_access allow all
# Transparent Proxy setting
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on /for tran.should be on add that four lines
=================================================
save the file: Esc, Shift+:wq (save and quit)
5) After squid configure need to add command in IPtables:
"iptables –t nat –A PREROUTING –p tcp –m tcp --dport 80 –j DNAT --to–destination 192.168.0.1:3128"
6) Save in Iptables : "iptables-save > /etc/sysconfig/iptables"
7) Need to start squid service: "service squid start"
8) Squid start auto during boot service: Go to "ntsysv" check 'squid' option and OK
9) You can interactively see the squid logs using the
command: "tail –f /var/log/squid/access.log"
10) If not working....restart services "Network / Squid / iptables"
service network restart / service squid restart / service iptables restart
Credits: nsharif.blogspot.com