Cisco LAP-1131AG-A's FastEthernet 0 interface receives an IP address from DHCP server.
But to assign a static IP address to this interface, follow this following information:
AP> enable
password: Cisco
AP# debug lwapp con cli
AP# debug lwapp client no-reload
AP# conf t
AP(config)# interface fa0
AP(config-if)# ip address 192.168.2.200 255.255.255.0
For new IOS version:
AP# capwap ap ip address 192.168.2.200 255.255.255.0
AP# capwap ap ip default-gateway 192.168.2.250
Thursday, October 20, 2011
Sunday, October 16, 2011
Switch Trunk
Configuring Trunk between 2 switches.
Configuration will setup a trunk between 2 switches with dot1q (802.1Q) encapsulation and change the native VLAN from 1 to 100 with allowing only VLAN 100,101, 102, 104 and 105.
Switch-A(config-if)# switchport mode dynamic desirable
Switch-D(config)# interface gigabitethernet 0/24
Switch-D(config-if)# switchport
Switch-D(config-if)# switchport trunk encapsulation dot1q
Switch-D(config-if)# switchport trunk native vlan 100
Switch-D(config-if)# switchport trunk allowed vlan 100-105
Switch-D(config-if)# switchport trunk allowed vlan remove 103
Switch-D(config-if)# switchport mode dynamic desireable
Configuration will setup a trunk between 2 switches with dot1q (802.1Q) encapsulation and change the native VLAN from 1 to 100 with allowing only VLAN 100,101, 102, 104 and 105.
Switch-A(config)# interface gigabitethernet 0/2
Switch-A(config-if)# switchport
Switch-A(config-if)# switchport trunk encapsulation dot1q
Switch-A(config-if)# switchport trunk native vlan 100
Switch-A(config-if)# switchport trunk allowed vlan 100-105Switch-A(config-if)# switchport mode dynamic desirable
Switch-D(config)# interface gigabitethernet 0/24
Switch-D(config-if)# switchport
Switch-D(config-if)# switchport trunk encapsulation dot1q
Switch-D(config-if)# switchport trunk native vlan 100
Switch-D(config-if)# switchport trunk allowed vlan 100-105
Switch-D(config-if)# switchport trunk allowed vlan remove 103
Switch-D(config-if)# switchport mode dynamic desireable
Switch VLAN and VLAN Trunk Configuration
Switch VLAN syntax:
switch(config)# interface type module/number
switch(config-if)# switchport
! switchport command configures the port for layer 2 operation
switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan vlan-num
VLAN Trunking Configuration
switch> enable
switch# configure terminal
switch(config)# interface type mod/port
switch(config-if)# switchport!switch port must be in Layer 2 mode before it can supporta trunk
switch(config-if)# switchport trunk encapsulation {isl | dot1q | negotiate}
switch(config-if)# switchport trunk native vlan vlan-id
!native vlan only for dot1q encapsulation
!identifying the untagged or native VLAN number as vlan-id (1 to 4094)
!ISL doesn't support an untagged VLAN
switch(config-if)# switchport trunk allowed vlan {vlan-list | all | <add | except | remove> vlan-list}
switch(config-if)# switchport mode {trunk | dynamic <desirable | auto>}
switch(config)# interface type module/number
switch(config-if)# switchport
! switchport command configures the port for layer 2 operation
switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan vlan-num
VLAN Trunking Configuration
switch> enable
switch# configure terminal
switch(config)# interface type mod/port
switch(config-if)# switchport!switch port must be in Layer 2 mode before it can supporta trunk
switch(config-if)# switchport trunk encapsulation {isl | dot1q | negotiate}
switch(config-if)# switchport trunk native vlan vlan-id
!native vlan only for dot1q encapsulation
!identifying the untagged or native VLAN number as vlan-id (1 to 4094)
!ISL doesn't support an untagged VLAN
switch(config-if)# switchport trunk allowed vlan {vlan-list | all | <add | except | remove> vlan-list}
switch(config-if)# switchport mode {trunk | dynamic <desirable | auto>}
Thursday, September 29, 2011
Configure DHCP on ASA 5505
Here are the CLI to setup DHCP for Inside network on ASA 5505
ciscoasa(config)# dhcpd address 192.168.1.100-192.168.1.200 inside
ciscoasa(config)# dhcpd enable inside
ciscoasa(config)# dhcpd address 192.168.1.100-192.168.1.200 inside
ciscoasa(config)# dhcpd enable inside
Saturday, August 6, 2011
Upgrading ASA 5500 series 8.4
Detailed Steps
Step 1 
Back up your configuration file. To print the configuration to the terminal, enter the following command:
Back up your configuration file. To print the configuration to the terminal, enter the following command:hostname# show running-config
Note If you are upgrading from a pre-8.3 version, then the running configuration is backed up automatically.
If you are upgrading from a pre-8.3 version, then the running configuration is backed up automatically.For other methods of backing up, see the "Managing Software and Configurations" chapter in Cisco ASA 5500 Series Configuration Guide using the CLI.
Step 2 Install the new images using TFTP. Enter this command separately for the OS image and the ASDM image:
Install the new images using TFTP. Enter this command separately for the OS image and the ASDM image:hostname# copy tftp://server[/path]/filename {disk0:/ | disk1:/}[path/]filename
For example:
hostname# copy tftp://10.1.1.1/asa840-4-k8.bin disk0:/asa841-k8.bin
...
hostname# copy tftp://10.1.1.1/asdm-64099.bin disk0:/asdm-641.bin
If your ASA does not have enough memory to hold two images, overwrite the old image with the new one by specifying the same destination filename as the existing image.
Step 3 To change the OS boot image to the new image name, enter the following commands:
To change the OS boot image to the new image name, enter the following commands:hostname(config)# clear configure boot
hostname(config)# boot system {disk0:/ | disk1:/}[path/]new_filename
For example:
hostname(config)# clear configure boot
hostname(config)# boot system disk0:/asa841-k8.bin
Step 4 To configure the ASDM image to the new image name, enter the following command:
To configure the ASDM image to the new image name, enter the following command:hostname(config)# asdm image {disk0:/ | disk1:/}[path/]new_filename
Step 5 To save the configuration and reload, enter the following commands:
To save the configuration and reload, enter the following commands:hostname(config)# write memory
hostname(config)# reload
Saturday, May 21, 2011
Basic ASA Configuration
Configure ASA hostname
ASA(config)# hostname TestASA
Configure enable password
TestASA(config)# enable password THISISPASSWORDTEXT
Configure DNS on ASA
TestASA(config)# domain-name MyTest.com
Configure uploading ASDM image on ASA and enabling access to ASDM
TestASA(config)# asdm image disk0:/asdm-524.bin
TestASA(config)# http server enable
Configure the interfaces
TestASA# config tTestASA(config)# interface Vlan1
TestASA(config-if)# nameif inside
TestASA(config-if)# security-level 100
TestASA(config-if)# ip address 192.168.2.1 255.255.255.0TestASA(config-if)# no shutdown
TestASA(config-if)# exit
TestASA(config)# interface Vlan2
TestASA(config-if)# nameif outside
TestASA(config-if)# security-level 0
TestASA(config-if)# ip address 192.168.1.254 255.255.255.0TestASA(config-if)# no shutdown
TestASA(config-if)# exit
Assign physical interface ETH0/0 to VLAN2 or Outside interface
TestASA(config)# interface ethernet 0/0
TestASA(config-if)# switchport access vlan 2
The rest of the physical interfaces are assigned to VLAN1 by default
Configure access to ASA device, for SSH please read this link.
TestASA(config)# username USER_1 password PASSWORD_1 privilege 15
TestASA(config)# username USER_2 password PASSWORD_2 privilege 5
TestASA(config)# aaa authenticate ssh console LOCAL
TestASA(config)# aaa authenticate telnet console LOCAL
TestASA(config)# aaa authenticate http console LOCAL
TestASA(config)# crypto key generate rsa modulus 1024
!- generates an RSA key pair which is required for SSH
TestASA(config)# ssh 192.168.2.0 255.255.255.0 inside
TestASA(config)# ssh timeout 30
!- allow putty to connect using SSH
TestASA(config)# telnet 192.168.2.0 255.255.255.0 inside
TestASA(config)# telnet timeout 30
!- allow putty to connect using Telnet
TestASA(config)# http 192.168.2.0 255.255.255.0 inside
!- allow user to connect using ASDM
Configure clock
TestASA(config)# clock set hh:mm:ss {month day} year
--------------------------------------------------------------------------------Good CLI to use:
# show curpriv
Sunday, May 15, 2011
Dynamic NAT configuration on ASA 55XX
Configure using 8.0 ASA
ciscoasa(config)# nat (inside) 1 192.168.2.0 255.255.255.0 ciscoasa(config)# global (outside) 1 10.2.2.1-10.2.2.10 netmask 255.255.255.0
additional note: Running PAT
ciscoasa(config)# nat (inside) 1 0.0.0.0 0.0.0.0ciscoasa(config)# global (outside) 1 interface
Configure using 8.3 ASA
ciscoasa(config)# object network MyOutsideRangePool
ciscoasa(config-network-object)# range 10.2.2.1 10.2.2.10
ciscoasa(config)# object network MyInsideNetwork
ciscoasa(config-network-object)# subnet 192.168.2.0 255.255.255.0
ciscoasa(config-network-object)# nat (inside,outside) dynamic MyOutsideRangePool
Configure using 8.0 ASA
ciscoasa(config)# nat (inside) 1 192.168.2.0 255.255.255.0
ciscoasa(config)# nat (inside) 2 192.168.3.0 255.255.255.0
ciscoasa(config)# global (outside) 1 10.2.2.1-10.2.2.10 netmask 255.255.255.0
ciscoasa(config)# global (outside) 2 10.2.2.11-10.2.2.20 netmask 255.255.255.0
Configure using 8.3 ASA
ciscoasa(config)# object network MyOutsideRangePool_1
ciscoasa(config-network-object)# range 10.2.2.1 10.2.2.10
ciscoasa(config)# object network MyInsideNetwork_1
ciscoasa(config-network-object)# subnet 192.168.2.0 255.255.255.0
ciscoasa(config-network-object)# nat (inside,outside) dynamic MyOutsideRangePool_1
ciscoasa(config)# object network MyInsideNetwork_2
ciscoasa(config-network-object)# subnet 192.168.3.0 255.255.255.0
ciscoasa(config-network-object)# nat (inside,outside) dynamic MyOutsideRangePool_2
ciscoasa(config)# object network MyOutsideRangePool_2
ciscoasa(config-network-object)# range 10.2.2.11 10.2.2.20
Tuesday, April 26, 2011
SSH configuration on ASA 5500
Here is the configuration on how to enable SSH on ASA device.
ASA# config t
ASA(config)# enable password EPICPASSWORD
!--Enable password is necessary to enable ssh access
ASA(config)# username box password boxpasswordonly
!--Username and password for connecting using SSH
ASA(config)# aaa authentication ssh console LOCAL
!--We specified LOCAL authentication with usernamea & password above
ASA(config)# ssh 192.168.x.x 255.255.255.0 inside
!--This line allow the user with the right username and password
!--from this specific subnet (reside locally) to access the ASA
!--ssh (Outside IP) (Outside Subnet) outside
!--This is to allow user from the outside IP to access the ASA
ASA(config)# domain-name WOW.LOCAL
!--Domain name of your company. RSA key is generated usig DOMAIN NAME
!--plus FIREWALL name combination
ASA(config)# crypto key generate rsa modulus 1024
!--ASA generate RSA key
The firewall is now ready for SSH connection.
Additional reading for ASA 8.3 configuration from Cisco site.
ASA# config t
ASA(config)# enable password EPICPASSWORD
!--Enable password is necessary to enable ssh access
ASA(config)# username box password boxpasswordonly
!--Username and password for connecting using SSH
ASA(config)# aaa authentication ssh console LOCAL
!--We specified LOCAL authentication with usernamea & password above
ASA(config)# ssh 192.168.x.x 255.255.255.0 inside
!--This line allow the user with the right username and password
!--from this specific subnet (reside locally) to access the ASA
!--ssh (Outside IP) (Outside Subnet) outside
!--This is to allow user from the outside IP to access the ASA
ASA(config)# domain-name WOW.LOCAL
!--Domain name of your company. RSA key is generated usig DOMAIN NAME
!--plus FIREWALL name combination
ASA(config)# crypto key generate rsa modulus 1024
!--ASA generate RSA key
The firewall is now ready for SSH connection.
Additional reading for ASA 8.3 configuration from Cisco site.
Saturday, April 23, 2011
Router Configuration: IP NAT
Command:
ip nat inside source
Mode:
Router(config) #
Syntax:
ip nat inside source {list {access-list-number | name} {pool name | interface dialer-name} [overload] | static local-ip global-ip}
no ip nat inside source {list {access-list-number | name} {pool name | interface dialer-name} [overload] | static local-ip global-ip}
Command Description:
To enable NAT of the inside source address, use the ip nat inside source global configuration command.
Example:
ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28
ip nat inside source list 1 pool net-208
!
interface ethernet 0
ip address 171.69.232.182 255.255.255.240
ip nat outside
!
interface ethernet 1
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
!
ip classless
ip route 192.168.0.0 255.255.252.0 e1
ip route 0.0.0.0 0.0.0.0 e0
Original link Soft30
ip nat inside source
Mode:
Router(config) #
Syntax:
ip nat inside source {list {access-list-number | name} {pool name | interface dialer-name} [overload] | static local-ip global-ip}
no ip nat inside source {list {access-list-number | name} {pool name | interface dialer-name} [overload] | static local-ip global-ip}
Command Description:
To enable NAT of the inside source address, use the ip nat inside source global configuration command.
Example:
The following portion of a show running-config translates between inside hosts addressed from either the 192.168.1.0 or 192.168.2.0 networks to the globally unique 171.69.233.208/28 network:
ip nat inside source list 1 pool net-208
!
interface ethernet 0
ip address 171.69.232.182 255.255.255.240
ip nat outside
!
interface ethernet 1
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
!
ip classless
ip route 192.168.0.0 255.255.252.0 e1
ip route 0.0.0.0 0.0.0.0 e0
Original link Soft30
Friday, April 22, 2011
How to install Internet Authentication Service on W2K3
This is step-by-step instruction on how to install Internet Authentication Service (IAS) on W2K3.
To Install IAS
To Install IAS
- Open Add or Remore Program in Control Panel.
- Click Add/Remove Windows Components.
- In the Windows Components Wizard dialog box, click Networking Services, and then click Details.
- In the Networking Services dialog box, select Internet Authentication Service, click OK, and then click Next.
- If prompted, insert your Windows Server 2003 CD.
- After IAS is installed, click Finish, and then click Close.
How to install Network Policy Server on W2K8
This is step-by-step process on how to install Network Policy Server (NPS) on W2K8 server.
- Click Start, and then click Server Manager. In the left pane of Server Manager, double-click Roles to expand the tree. Browse to and right-click Network Policy and Access Services, and then click Add Role Services. The Add Role Services wizard opens.
- In Select Role Services, in Role Services, select Network Policy Server, and then click Next.
- In Confirm Installation Selections, click Install.
- In Installation Results, review your installation results, and then click Close.
Original link from Microsoft TechNet site.
Why am I doing this?
This blog is just a quick remind or tips on how to do certain thing that relates to my work.
Subscribe to:
Posts (Atom)