mercoledì 27 gennaio 2010

Configure a Management Interface for 3550 and 3750 Series Switches

On Catalyst 3550 and 3750 series switches that run Cisco IOS Software, any routable interface can be used for management. There are three options to configure this interface.

Option 1—Configure a loopback interface for switch management. There are a few advantages to a loopback interface. A loopback is a virtual interface that is always up. Packets that are routed to the loopback interface are rerouted back to the L3 switch or router and processed locally. IP packets that are routed out the loopback interface but are not destined to the loopback interface are dropped. This means that the loopback interface serves as the null 0 interface also. The loopback interface serves as the router ID for OSPF and so on. This example uses loopback 0:

Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface loopback 0
Switch(config-if)#ip address 10.1.1.1 255.255.255.255

!--- The loopback interface should have a 32-bit subnet mask, which means that
!--- the 10.1.1.1 address is the only destination address in this subnet.


Switch(config-if)#end
Switch#

You must also configure a routing protocol to distribute the subnet that is assigned to the loopback address or create a static route.

Option 2—Configure the interface as an L3 routed interface with an IP address. All interfaces on a Catalyst 3550 or 3750 switch that runs Cisco IOS Software are L2 by default. In order to make an L2 interface an L3 interface, issue the no switchport command and then configure an IP address. All interfaces are enabled by default, so you do not need to issue the no shutdown command. This example uses Fast Ethernet 2/0/1 on a Catalyst 3750:

Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface fastethernet 2/0/1
Switch(config-if)#no switchport
Switch(config-if)#ip address 11.1.1.1 255.0.0.0
Switch(config-if)#end
Switch#

If you issue the show running-config interface fastethernet 2/0/1 command, this output displays:

Switch#show running-config interface fastethernet 2/0/1
Building configuration...
Current configuration : 81 bytes
!
interface FastEthernet2/0/1
no switchport
ip address 11.1.1.1 255.0.0.0
end
Switch#

Option 3—Configure an L2 interface as a part of a specific VLAN. Issue the switchport mode access command and the switchport access vlan vlan-id command, and use a corresponding SVI with an IP address.

Complete these steps:

  1. Issue these commands:

    Switch(config)#interface vlan 1

    !--- Interface VLAN 1 is an SVI.

    Switch(config-if)#ip address 10.1.1.1 255.0.0.0
    Switch(config-if)#no shut

    Note: This example uses VLAN 1 as the management VLAN. VLAN 1 is in the VLAN database by default.

  2. Issue the switchport mode access command under the desired physical interface if you want confirmation that the interface is an access switch port.

    By default, all interfaces are L2 interfaces and are access switch ports in VLAN 1. If you plan to use VLAN 1 as the management VLAN, no configuration is necessary under the interface. But if you want confirmation in the configuration that the interface is indeed an access switch port, you need to use the switchport mode access command.

    This example uses Fast Ethernet 2/0/1:

    Switch(config)#interface fastethernet 2/0/1
    Switch(config-if)#switchport mode access
    Switch(config-if)#end

    If you issue the show run interface fastethernet 2/0/1 command, this output now displays:

    Switch#show run interface fastethernet 2/0/1
    Building configuration...
    Current configuration : 59 bytes
    !
    interface FastEthernet2/0/1
    switchport mode access
    end
    Switch#
  3. If you want to change the management interface from the default VLAN 1 to another VLAN, issue the interface vlan vlan-id command in order to create a new SVI.

    You must then issue the switchport access vlan vlan-id command in order to configure an L2 interface to be a part of the new VLAN. This example demonstrates this process:

    Switch(config)#interface vlan 2
    Switch(config-if)#ip address 20.1.1.1 255.0.0.0
    Switch(config-if)#no shut

    !--- Configure an interface to access the new management VLAN.

    Switch(config)#interface fastethernet 2/0/1
    Switch(config-if)#switchport access vlan 2
    Switch(config-if)#end
    Switch#

    If you issue the show run interface fastethernet 2/0/1 command, this output now displays:

    Switch#show run interface fastethernet 2/0/1
    Building configuration...
    Current configuration : 85 bytes
    !
    interface FastEthernet2/0/1
    switchport access vlan 2
    switchport mode access
    end
    Switch#

    In order for the switch to access remote networks, you must have either:

    • A default gateway that is set for the next hop router that is directly connected to the switch

    • A dynamic routing protocol configured

    If you are not routing IP, issue the ip default-gateway ip-address command in order to configure a gateway router IP address.

    If you plan to configure dynamic routing, keep in mind that IP routing is disabled by default. You must issue the global ip routing command in order to enable IP routing. Routing Information Protocol (RIP) is the only dynamic routing protocol that is supported when you use the Standard Multilayer Software Image (SMI). The Enhanced Multilayer Software Image (EMI) is required for Interior Gateway Routing Protocol (IGRP), Enhanced IGRP (EIGRP), OSPF, and Border Gateway Protocol (BGP) support. In order to configure dynamic routing, use the router routing_protocol command. Issue the show ip route command in order to view the status of the routing table.

Catalyst 2900-XL and 3500-XL Password Recovery Procedure

Description

This document describes the password recovery procedure for the Cisco Catalyst 2900-XL and the Cisco Catalyst 3500-XL.

Step-by-Step Procedure

  1. Attach a terminal or PC with terminal emulation to the console port of the switch. Use the following terminal settings:

    9600 baud rate
    No parity
    8 data bits
    No stop bit

  2. Unplug the power cable.

  3. Hold down the mode button while reconnecting the power cord to the switch. You can release the mode button a second or two after the LED above port 1x is no longer illuminated.

    The following instructions appear:

    The system has been interrupted prior to initializing the flash file system.
    The following commands will initialize the flash file system, and finish loading
    the operating system software:

    flash_init
    load_helper
    boot
  4. Type flash_init.

  5. Type load_helper.

  6. Type dir flash:.

    The switch file system is displayed:

    Directory of flash:
    2 -rwx 843947 Mar 01 1993 00:02:18 C2900XL-h-mz-112.8-SA
    4 drwx 3776 Mar 01 1993 01:23:24 html
    66 -rwx 130 Jan 01 1970 00:01:19 env_vars
    68 -rwx 1296 Mar 01 1993 06:55:51 config.text
    1728000 bytes total (456704 bytes free)
  7. Type rename flash:config.text flash:config.old to rename the configuration file.

    This file contains the password definition.

  8. Type boot to boot the system.

  9. Enter N at the prompt to start the Setup program, Continue with the configuration dialog? [yes/no] : N

  10. At the switch prompt type en to turn on enable mode.

  11. Type rename flash:config.old flash:config.text to rename the configuration file with its original name.
  12. Copy the configuration file into memory:
    Switch# copy flash:config.text system:running-config
    Source filename [config.text]? (press Return)
    Destination filename [running-config]? (press Return)

    The configuration file is now reloaded.

  13. Change the password:
    switch#configure terminal
    switch(config)#enable password Cisco
    switch#control/Z
  14. Write the running configuration to the configuration file:

    switch(config)#write memory

martedì 26 gennaio 2010

Proxy Problem WINDOWS 7

I managed to how to bypass this problem, I did not find out what proxy is used here, but I used the following steps to solve the problem:

"The problem is the autentificación NTLM of Windows7. It is necessary to create the following key in the registry to solve it (I'm using Squid Version 3.0.STABLE8 in Debian Lenny):

1. In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
If it doesn’t exist, create a DWORD value named LmCompatibilityLevel and set the value to 1 to use LM NTLM and NTLMv2 if is negociated, this is
Also it works establishing the value to 0, and 3 though for more safety the value using 3 though with old operating systems it will not work on having used obligatorily NTLMv2.

2. Reboot

To follow the link for more information: http://technet.microsoft.com/es-es/magazine/2006.08.securitywatch(en-us).aspx"

Source: http://www.nabble.com/Windows-7-beta-and-NTLM-td21377271.html

This worked well, now I'm able to connect in internet through proxy server.

Thanks