Saturday, December 16, 2017

Tuesday, November 14, 2017

RADIUS Attributes overview

Restart networking under Ubuntu

 Task: Restart networking under Ubuntu Linux

Open terminal (command line) and type the following command:
$ sudo /etc/init.d/networking restart

To start networking service, enter:

$ sudo /etc/init.d/networking start

To stop networking service, enter:

$ sudo /etc/init.d/networking stop

Providing DNSv6 server info via ISG

 Here we are trying to assign IPv6 address using SLAAC and send DNS v6 server info using DHCPv6.
   
  For this we have to confogure a IPv6 local pool in ISG as show below:
   
  ipv6 local pool RED 6868::/48 64
   
  First, configure the ISG as DHCPv6 server by defining a IPv6 pool
   
 
   ASR-2#show run | s POOL14
 
   ipv6 dhcp pool POOL14
 
    dns-server 1818::1818
 
    
 
   ##################################################
 
    
 
   Now add the below commands to the access interface config:
   
  ASR-2#show run int g1/2/1.200
  Building configuration...
   
  Current configuration : 279 bytes
  !
  interface GigabitEthernet1/2/1.200
   encapsulation dot1Q 200
   ip unnumbered Loopback66
   ipv6 enable
   ipv6 nd other-config-flag    <<<<<<<<<
   ipv6 dhcp server POOL14    <<<<<<<<<<
   service-policy type control START_MAC
   ip subscriber l2-connected
    initiator unclassified mac-address
    initiator dhcp
  end
   
  ASR-2#
  ASR-2#
  ASR-2#
   
  Enable below debugs:
   

 
   ASR-2#debug ipv6 dhcp detail 
 
      IPv6 DHCP debugging is on (detailed)
 
   ASR-2#
 
   ASR-2#
 
   ASR-2#
 
   ASR-2#config t
 
   Enter configuration commands, one per line.  End with CNTL/Z.
 
   ASR-2(config)#logg conso
 
   ASR-2(config)#^Z
 
   ASR-2#
 
   ASR-2#
 
   ASR-2#
 
   ASR-2#sss
 
   %No active Subscriber Sessions
 
   ASR-2#
 
   *Aug 22 08:58:21.455 IST: %SYS-5-CONFIG_I: Configured from console by console
 
   *Aug 22 08:58:37.406 IST: IPv6 DHCP: Received INFORMATION-REQUEST from FE80::201:11FF:FE11:2222 on GigabitEthernet1/2/2.500
 
   *Aug 22 08:58:37.406 IST: IPv6 DHCP: detailed packet contents
 
   *Aug 22 08:58:37.406 IST:   src FE80::201:11FF:FE11:2222 (GigabitEthernet1/2/2.500)
 
   *Aug 22 08:58:37.406 IST:   dst FF02::1:2
 
   *Aug 22 08:58:37.406 IST:   type INFORMATION-REQUEST(11), xid 7260385
 
   *Aug 22 08:58:37.406 IST:   option ELAPSED-TIME(8), len 2
 
   *Aug 22 08:58:37.406 IST:     elapsed-time 0
 
   *Aug 22 08:58:37.406 IST:   option CLIENTID(1), len 10
 
   *Aug 22 08:58:37.406 IST:     00030001442B035DFF80
 
   *Aug 22 08:58:37.406 IST:   option ORO(6), len 6
 
   *Aug 22 08:58:37.406 IST:     DNS-SERVERS,DOMAIN-LIST,UNKNOWN
 
   *Aug 22 08:58:37.406 IST: IPv6 DHCP: Using interface pool POOL14
 
   *Aug 22 08:58:37.406 IST: IPv6 DHCP_AAA: Retrieved subblock; It has AAA DNS_SERVERS=0
 
   *Aug 22 08:58:37.406 IST: IPv6 DHCP: Source Address from SAS FE80::227:DFF:FE4E:D562
 
   *Aug 22 08:58:37.406 IST: IPv6 DHCP: detailed packet contents
 
   *Aug 22 08:58:37.406 IST:   src FE80::227:DFF:FE4E:D562
 
   *Aug 22 08:58:37.406 IST:   dst FE80::201:11FF:FE11:2222 (GigabitEthernet1/2/2.500)
 
   *Aug 22 08:58:37.406 IST:   type REPLY(7), xid 7260385
 
   *Aug 22 08:58:37.406 IST:   option SERVERID(2), len 10
 
   *Aug 22 08:58:37.406 IST:     0003000100270D4ED500
 
   *Aug 22 08:58:37.406 IST:   option CLIENTID(1), len 10
 
   *Aug 22 08:58:37.406 IST:     00030001442B035DFF80
 
   *Aug 22 08:58:37.406 IST:   option DNS-SERVERS(23), len 16
 
   *Aug 22 08:58:37.406 IST:     1818::1818
 
   *Aug 22 08:58:37.406 IST: IPv6 DHCP: Sending REPLY to FE80::201:11FF:FE11:2222 on GigabitEthernet1/2/2.500
 
   ASR-2#
 
    
 
    
 
   ####################################################################################
 
    
 
   Enable below debug in client:
 
    
 
  
    client#debug ipv6 dhcp detail  
  
       IPv6 DHCP debugging is on (detailed) 
  
    client# 
  
    client# 
  
    client#config t 
  
    Enter configuration commands, one per line.  End with CNTL/Z. 
  
    client(config)#int g0/2.500 
  
    client(config-subif)#shut 
  
      
  
    *Aug 22 15:55:55.767: IPv6 DHCP: Stopping client stateless autoconfig 
  
    *Aug 22 15:55:55.767: IPv6 DHCP: Unconfiguring DNS server 1818::1818 
  
    client(config-subif)# 
  
    client(config-subif)# 
  
    client(config-subif)# 
  
    client(config-subif)#no shut 
  
    client(config-subif)# 
  
    *Aug 22 15:56:05.379:  DEBUG_SWITCH:ARP 64.64.64.3 64.64.64.1 
  
    *Aug 22 15:56:05.379:  DEBUG_SWITCH:OFP Roaming 64.64.64.1 observed 
  
    *Aug 22 15:56:07.383: IPv6 DHCP: Sending INFORMATION-REQUEST to FF02::1:2 on GigabitEthernet0/2.500 
  
    *Aug 22 15:56:07.383: IPv6 DHCP: detailed packet contents 
  
    *Aug 22 15:56:07.383:   src FE80::201:11FF:FE11:2222 
  
    *Aug 22 15:56:07.383:   dst FF02::1:2 (GigabitEthernet0/2.500) 
  
    *Aug 22 15:56:07.383:   type INFORMATION-REQUEST(11), xid 7387384 
  
    *Aug 22 15:56:07.383:   option ELAPSED-TIME(8), len 2 
  
    *Aug 22 15:56:07.383:     elapsed-time 0 
  
    *Aug 22 15:56:07.383:   option CLIENTID(1), len 10 
  
    *Aug 22 15:56:07.383:     00030001442B035DFF80 
  
    *Aug 22 15:56:07.383:   option ORO(6), len 6 
  
    *Aug 22 15:56:07.383:     DNS-SERVERS,DOMAIN-LIST,INFO-REFRESH 
  
    *Aug 22 15:56:07.383: IPv6 DHCP: DHCPv6 changes state from IDLE to INFORMATION-REQUEST (STATELESS) on GigabitEthernet0/2.500 
  
    *Aug 22 15:56:07.385: IPv6 DHCP: Received REPLY from FE80::227:DFF:FE4E:D562 on GigabitEthernet0/2.500 
  
    *Aug 22 15:56:07.385: IPv6 DHCP: detailed packet contents 
  
    *Aug 22 15:56:07.385:   src FE80::227:DFF:FE4E:D562 (GigabitEthernet0/2.500) 
  
    *Aug 22 15:56:07.385:   dst FE80::201:11FF:FE11:2222 (GigabitEthernet0/2.500) 
  
    *Aug 22 15:56:07.385:   type REPLY(7), xid 7387384 
  
    *Aug 22 15:56:07.385:   option SERVERID(2), len 10 
  
    *Aug 22 15:56:07.385:     0003000100270D4ED500 
  
    *Aug 22 15:56:07.385:   option CLIENTID(1), len 10 
  
    *Aug 22 15:56:07.385:     00030001442B035DFF80 
  
    *Aug 22 15:56:07.385:   option DNS-SERVERS(23), len 16 
  
    *Aug 22 15:56:07.385:     1818::1818 
  
    *Aug 22 15:56:07.385: IPv6 DHCP: Adding server FE80::227:DFF:FE4E:D562 
  
    *Aug 22 15:56:07.385: IPv6 DHCP: Processing options 
  
    *   Aug 22 15:56:07.385: IPv6 DHCP: Configuring DNS server 1818::1818     <<<<<<<<<< 
  
    *Aug 22 15:56:07.385: IPv6 DHCP: DHCPv6 changes state from INFORMATION-REQUEST to IDLE (REPLY_RECEIVED) on GigabitEthernet0/2.500 
  
    client(config-subif)# 
  
    client(config-subif)# 
  
    client(config-subif)# 
  
    *Aug 22 15:56:10.385:  DEBUG_SWITCH:ARP 64.64.64.3 64.64.64.1 
  
    *Aug 22 15:56:10.385:  DEBUG_SWITCH:OFP Roaming 64.64.64.1 observed 
  
    *Aug 22 15:56:11.427: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0/2.500 assigned DHCP address 64.64.64.3, mask 255.255.255.0, hostname client 
  
      
  
    client(config-subif)# 
  
    client(config-subif)# 
  
      
  
    Use the below command to view the DNS info received: 
  
      
  
   
     client#show ipv6 dhcp interface g0/2.500  
   
     GigabitEthernet0/2.500 is in client mode  
   
       Prefix State is IDLE (0)  
   
       Information refresh timer expires in 23:53:18  
   
       Address State is IDLE  
   
       List of known servers:  
   
         Reachable via address: FE80::227:DFF:FE4E:D562  
   
         DUID: 0003000100270D4ED500  
   
         Preference: 0  
   
         Configuration parameters:  
   
           DNS server: 1818::1818   <<<<<<<<<<<<<<<<<<  
   
           Information refresh time: 0  
   
       Prefix Rapid-Commit: disabled  
   
       Address Rapid-Commit: disabled  
   
     client#  
    

Configuring CentOS

Below commands would be useful while configuring broadhop:
   
  Edit interface IP address ==> vi /etc/sysconfig/network-scripts/ifcfg-eth0
   
  Restart NIC ==> service network restart
   
  Replace default route ==> ip route replace default via 10.104.99.1 dev eth0
   
  Bring down an interface ==> ifdown eth0
   
  Bring UP an interface ==> ifup eth0
   
  Add persistent routes by editing the file @ /etc/sysconfig/network-scripts/route-eth0 and the do "service network restart"
   

  View routing table ==> route -n

Monday, July 24, 2017

Configure SCP in cisco router/switch

http://itknowledgeexchange.techtarget.com/network-technologies/how-to-configure-secure-copy-scp-in-cisco-devices/

In order to configure Secure Copy (SCP) in a Cisco Router make sure the SSH is enabled and its working.
Step 1) Lets enable the SSH and AAA features in the Cisco Device

ITKE-AS1(config)#ip domain-name itke.com
ITKE-AS1(config)#crypto key generate rsa general-keys modulus 512
The name for the keys will be: ITKE-AS1.itke.com

% The key modulus size is 512 bits
% Generating 512 bit RSA keys, keys will be non-exportable…[OK]

ITKE-AS1(config)#
ITKE-AS1(config)#aaa new-model
ITKE-AS1(config)#aaa authentication login default local
ITKE-AS1(config)#aaa authorization exec default local

Step 2) In order to use the SCP feature to manage configuration we must have at least once user account with enough privilege to access it
ITKE-AS1(config)#
ITKE-AS1(config)#username itke privilege 15 password secret itkeleads

Step 3) Now you are ready to enable the SCP server on:
ITKE-AS1(config)#ip scp server enable


Just by following these 3 simple steps we can enable Secure Copy (SCP) in a Cisco router or a Switch. For any further clarifications you can always have a close look at Cisco’s document on Secure Copy (SCP). 

Monday, July 10, 2017

Reset cisco ISE CLI and GUI password



To change the CLI Admin password, simply enter the command "password"
To change the GUI Admin password, the command is "application reset-passwd ise admin newpassword"


Monday, April 17, 2017

Copy multiple files from Cisco router to FTP server

https://community.spiceworks.com/how_to/77152-move-multiple-files-to-or-from-flash-on-your-cisco-router

conf t
file prompt quiet
exit
tclsh
set fileList [glob -directory crashinfo:tracelogs -nocomplain smd_R*]
foreach file $fileList { copy $file ftp://10.104.99.167/[string range $file 7 end] }
exit

set fileList [glob -directory crashinfo:tracelogs -nocomplain smd_R*]

Friday, April 14, 2017

Private VLAN Video

Refer below link for protected port and private VLAN

https://www.youtube.com/watch?v=RbpWgAuO53A

Thursday, February 9, 2017

Repeat a unix command

watch -n1  command
Example:
watch -n5 "ls -lrt test"
Above command will execute every 5 seconds

Friday, January 27, 2017

Procedure to copy ISE upgrade image

Login with anonymous/anonymous

Polaris-ISE/admin# copy ftp://1.2.3.4/positronBuild/others/2.0.0.306/ise-upgradebundle-1.3.x-and-1.4.x-to-2.0.0.306.x86_64.tar.gz disk:
Username: anonymous
Password:
6 [23870]:[info] transfer: cars_xfer.c[285] [admin]: ftp copy in of ftp://10.56.60.100/positronBuild/others/2.0.0.306/ise-upgradebundle-1.3.x-and-1.4.x-to-2.0.0.306.x86_64.tar.gz requested
7 [23870]:[debug] transfer: cars_xfer_util.c[305] [admin]: ftp get source - ftp://10.56.60.100/positronBuild/others/2.0.0.306/ise-upgradebundle-1.3.x-and-1.4.x-to-2.0.0.306.x86_64.tar.gz
7 [23870]:[debug] transfer: cars_xfer_util.c[306] [admin]: ftp get destination - /localdisk/ise-upgradebundle-1.3.x-and-1.4.x-to-2.0.0.306.x86_64.tar.gz
7 [23870]:[debug] transfer: cars_xfer_util.c[325] [admin]: initializing curl
7 [23870]:[debug] transfer: cars_xfer_util.c[338] [admin]: full url is ftp://10.56.60.100/positronBuild/others/2.0.0.306/ise-upgradebundle-1.3.x-and-1.4.x-to-2.0.0.306.x86_64.tar.gz



Wednesday, January 18, 2017

Understanding STP

http://www.omnisecu.com/cisco-certified-network-associate-ccna/what-is-layer-2-switching-loop.php

Wednesday, January 4, 2017

Requirements to display the Attribute Editor in Active directory server

The „Advanced Features“ have to be activated in the “Active Directory Users and Computers” console. Without this, the Attribute Editor cannot be displayed!


Use below link to convert the password to hex format:

http://string-functions.com/string-hex.aspx



how to filter last days of months in excel

how to filter last days of months in excel
https://www.youtube.com/watch?v=MEH7iReCZA8


=AND(WEEKDAY(A3,2)<6,MONTH(WORKDAY(A3,1))<>MONTH(A3))

Monday, January 2, 2017

Finding your processes to learn how to determine the job numbers

`Finding your processes' to learn how to determine the job numbers of your background processes.

http://infohost.nmt.edu/tcc/help/unix/suspended.html

http://infohost.nmt.edu/tcc/help/unix/ps.html


  • To find the job numbers of all the background jobs you are running, type:
            % jobs
    The job numbers will be shown in square brackets ([]), followed by the notation ``Stopped'' (for suspended jobs) or ``Running'' (for jobs that are still executing).
  • To find out all the process ID numbers of processes you are running, type:
            % ps -gx
    Here is an example of output from this command:
              PID TT STAT  TIME COMMAND
            12030 p5 S     0:01 -csh (csh)
            12068 p5 T     1:46 emacs foo
            12788 p5 R     0:00 ps -gx
    The first column is the process ID. The second column tells what terminal is controlling it (in this case, ttyp5). Next comes the current status (S for sleeping, T for stopped, R for running). The next column tells how much time it has spent.

Resuming a suspended process

http://infohost.nmt.edu/tcc/help/unix/fg-bg.html

  • The bg command can be used to resume a suspended process in the background. When used with no arguments, the bg command will continue the last suspended job. To resume job number 2, you would type the command:
            % bg %2
  • The fg command resumes a suspended process in the foreground. For example, to resume job 1 in the foreground, you would type this command:
            % fg %1
  • You can also resume suspended processes by just typing a percent sign (%) followed by the job number. For example, the command %1 would resume job 1 in the foreground. This command:
            % %2&
    would resume job 2 in the background, because it ends with an ampersand.
Kill a suspended process as shown below:

       % kill %1