Active Hub 2: 2019

Wednesday, September 4, 2019

Nping - ICMP Types

Nping, one of the utility that comes with nmap. Today, I will give some info on ICMP types that it supports. It may not be complete list of ICMP types, but a few.

References:

https://linux.die.net/man/1/nping
https://nmap.org/book/nping-man-icmp-mode.html

I have a Fedora Linux machine connected to a wireless router through ethernet cable.

Basic Ping

$nping --icmp -c 1 --dest-ip 192.168.1.1

Starting Nping 0.6.45 ( http://nmap.org/nping ) at 2019-09-02 09:23 EDT
SENT (0.0225s) ICMP [192.168.1.10 > 192.168.1.1 Echo request (type=8/code=0) id=13299 seq=1] IP [ttl=64 id=18670 iplen=28 ]
RCVD (0.0232s) ICMP [192.168.1.1 > 192.168.1.10 Echo reply (type=0/code=0) id=13299 seq=1] IP [ttl=64 id=9377 iplen=28 ]
 
Max rtt: 0.651ms | Min rtt: 0.651ms | Avg rtt: 0.651ms
Raw packets sent: 1 (28B) | Rcvd: 1 (46B) | Lost: 0 (0.00%)
Nping done: 1 IP address pinged in 1.04 seconds

'c' refers to number of requests to be sent.

Some other stuff we can do like:

Time Stamp

$nping --icmp -c 1 --icmp-type 13 --dest-ip 192.168.1.1

Starting Nping 0.6.45 ( http://nmap.org/nping ) at 2019-09-02 11:29 EDT
SENT (0.0176s) ICMP [192.168.1.10 > 192.168.1.1 Timestamp request (type=13/code=0) id=24214 seq=1 orig=0 recv=0 trans=0] IP [ttl=64 id=14849 iplen=40 ]
RCVD (0.0183s) ICMP [192.168.1.1 > 192.168.1.10 Timestamp reply (type=14/code=0) id=24214 seq=1 orig=0 recv=3463577600 trans=3463577600] IP [ttl=64 id=65252 iplen=40 ]
 
Max rtt: 0.675ms | Min rtt: 0.675ms | Avg rtt: 0.675ms
Raw packets sent: 1 (40B) | Rcvd: 1 (46B) | Lost: 0 (0.00%)
Nping done: 1 IP address pinged in 1.03 seconds

There are other types of ICMP that are not widely used. You may try to experiment and end up disappointed because many would not have been configured. For understanding purpose you can go through wiki. https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol

Sunday, August 25, 2019

Basic Demo of Default Gateway

I got a host having a IP Address 192.168.10.176. We will see how it reacts when it wants to reach out to different IP Addresses.

IP Addresses within Network

In the above picture, whenever the host wants to reach to any IP Address within the network, it sends out ARP Request to resolve the MAC Address. To demonstrate, we tried to ping 192.168.10.177, 192.168.10.178 and 192.168.10.190. As I connect only *.177 PC there was reply from only that machine. It is not important.

# ping -c 1 192.168.10.177
PING 192.168.10.177 (192.168.10.177): 56 data bytes
64 bytes from 192.168.10.177: seq=0 ttl=64 time=0.724 ms

--- 192.168.10.177 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.724/0.724/0.724 ms
#
# ping -c 1 192.168.10.178
PING 192.168.10.178 (192.168.10.178): 56 data bytes
^C
--- 192.168.10.178 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss

# ping -c 1 192.168.10.190
PING 192.168.10.190 (192.168.10.190): 56 data bytes
^C
--- 192.168.10.190 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss

#

Analysing the following sniffer capture.

Note those ARP Requests that our host generates. It requests MAC only for *.177, *.178 and *.190. The conclusion is for all the IPs that are within the network host will directly requests for MAC addresses of those machines.

IP Address outside Network

I try to ping some IP Address outside its network that do not exist.

# ping -c 1 192.168.10.200
PING 192.168.10.200 (192.168.10.200): 56 data bytes
^C
--- 192.168.10.200 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss

# ping -c 1 192.168.1.20
PING 192.168.1.20 (192.168.1.20): 56 data bytes
^C
--- 192.168.1.20 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss

# ping -c 1 1.3.2.4
PING 1.3.2.4 (1.3.2.4): 56 data bytes

--- 1.3.2.4 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
#

As there are no hosts with those IPs, all pings fail. Let us analyze the sniffer capture:

Here the host wanted to reach out to an IP Address that is not in its configured network interface. The sequence of things that happened here:

Requests for the MAC Address of 'Default Gateway' that is configured(i.e. 192.168.1.177).
Host took note of the MAC address of gateway, say it gw-mac
Following packets destined to that IP address will have destination mac as gw-mac. Other elements like source mac, source IP and destination IP will be as usual

The aim here is -- Host has to deliver the packet to the gateway that is capable of routing. That is why the destination mac is of the gateway's. The gateway must be configured such that the packet is routing to its desired network.

Tuesday, August 13, 2019

Proxy ARP in Linux

In my previous post, you have seen how proxy arp was configured on cisco router. Now, we do a demo on a linux machines FC19.

Briefly,

Without proxyarp, Multihost will respond for all configured IPs
With proxyarp, Multihost will respond for all connected network IPs(except the interface on which it receives arp request)

Here, I will discuss only about how multicast responds to ARP and not about Ping. To simplify our explanation we use a tool 'arping'. It is usually inbuilt in all machines.

Without proxyarp, Multihost will respond for all configured IPs

No proxyarp is enabled in Multihost. 'eth0' on Multihost will arp respond to its configured IP addresses '172.16.0.10' and '192.168.1.8'. The way I use arping below to direct arp request is self-explanatory.

[root@abc12end1 ~]$arping -I enp0s20u4 -f 172.16.0.10
ARPING 172.16.0.10 from 172.16.0.1 enp0s20u4
Unicast reply from 172.16.0.10 [00:FF:18:B4:CC:6F]  0.811ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

[root@abc12end1 ~]$arping -I enp0s20u4 -f 192.168.1.8
ARPING 192.168.1.8 from 172.16.0.1 enp0s20u4
Unicast reply from 192.168.1.8 [00:FF:18:B4:CC:6F]  0.799ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

[root@abc12end1 ~]$arping -I enp0s20u4 -f 192.168.1.1
ARPING 192.168.1.1 from 172.16.0.1 enp0s20u4
^CSent 2 probes (2 broadcast(s))
Received 0 response(s)

Observe that I requested for 192.168.1.1 for which Multihost didn't respond.

With proxyarp, Multihost will respond for all connected network IPs

Now, I enable proxyarp using the following commands.

# cat /proc/sys/net/ipv4/conf/all/proxy_arp
0
# cat /proc/sys/net/ipv4/ip_forward
0

# echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp
# echo 1 > /proc/sys/net/ipv4/ip_forward

# cat /proc/sys/net/ipv4/conf/all/proxy_arp
1
# cat /proc/sys/net/ipv4/ip_forward
1

Now issue arp request for any of the IP address in 192.168.1.x network. Irrespective of whether the host exists or not, eth0 will respond with its MAC address.

[root@abc12end1 ~]$arping -I enp0s20u4 -f 192.168.1.8
ARPING 192.168.1.8 from 172.16.0.1 enp0s20u4
Unicast reply from 192.168.1.8 [00:FF:18:B4:CC:6F]  0.802ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

[root@abc12end1 ~]$arping -I enp0s20u4 -f 192.168.1.1
ARPING 192.168.1.1 from 172.16.0.1 enp0s20u4
Unicast reply from 192.168.1.1 [00:FF:18:B4:CC:6F]  444.585ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

[root@abc12end1 ~]$arping -I enp0s20u4 -f 192.168.1.2
ARPING 192.168.1.2 from 172.16.0.1 enp0s20u4
Unicast reply from 192.168.1.2 [00:FF:18:B4:CC:6F]  126.458ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

Here 192.168.1.1 and 192.168.1.2 hosts do not exist. But Multihost's eth0 responded with its MAC Address.

Thursday, August 1, 2019

Proxy ARP in Packet Tracer

I believe the following diagram will give a brief idea about what Proxy ARP does. By default all cisco routers will have proxy arp enabled over the interfaces.

Description

Typically, any interface having IP address 'IP1' after receiving an arp request(for IP1) it sends arp response with its MAC address.

Suppose 'proxy arp' is enabled in any interface(say Gi0/1), and the other interfaces(Gi0/2, Gi0/3) of the network device are configured with other networks(IP2, IP3). If Gi0/1 receives any arp request for any of the IP addresses in IP2 or IP3, Gi0/1 sends out ARP response with its own MAC Address.

'Proxy ARP' configuration gives the authority for that interface.

Demonstration

I picked a router with following interfaces and IP addresses.

Topology

Configurations in the router will be as follows:

Router(config)#
Router(config)#int gigabitEthernet 0/0
Router(config-if)#ip address 192.168.0.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#int gigabitEthernet 0/1
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#int gigabitEthernet 0/2
Router(config-if)#ip address 192.168.2.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit

If you observe, Laptop0 has subnet mask 255.0.0.0 while others have 255.255.255.0. I did it for a reason. If I ping to 192.168.2.x or 192.168.3.x from Laptop0, it initially generates ARP request for that particular IP address. If I keep subnet as 255.255.255.0 and issue a ping to 192.168.2.x or 192.168.3.x, it will generate ARP for the default IP address configured. Explanation of this needs a separate post which I am planning to do later.

For this post, just remember that with this configuration I will be able to generate ARP requests for 192.168.2.x or 192.168.3.x IP addresses.

C:\>arp -a
No ARP Entries Found

C:\>ping -n 1 192.168.0.1
Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time<1ms TTL=255
Ping statistics for 192.168.0.1:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),

C:\>ping -n 1 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=255
Ping statistics for 192.168.1.1:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),

C:\>ping -n 1 192.168.1.100
Pinging 192.168.1.100 with 32 bytes of data:
Request timed out.
Ping statistics for 192.168.1.100:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

C:\>ping -n 1 192.168.1.101
Pinging 192.168.1.101 with 32 bytes of data:
Request timed out.
Ping statistics for 192.168.1.101:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

C:\>ping -n 1 192.168.2.1

Pinging 192.168.2.1 with 32 bytes of data:

Request timed out.

Ping statistics for 192.168.2.1:

    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

Initially we made sure ARP entries are not present. We have issued ping to

192.168.0.1 (its own network on Gi 0/0)
192.168.1.1 and 192.168.1.100 (other interface's Gi0/1 network address) (Existing IP address)
192.168.1.101 (other interface's Gi0/1 network address) (This IP address not present)
192.168.2.1 (other interface's Gi0/2 network address) (Existing IP address)

When we look at arp entries:

C:\>arp -a
  Internet Address      Physical Address      Type
  192.168.0.1           0040.0b1a.9a01        dynamic
  192.168.1.1           0040.0b1a.9a01        dynamic
  192.168.1.100         0040.0b1a.9a01        dynamic
  192.168.1.101         0040.0b1a.9a01        dynamic

Line 3, its conventional arp response of Gi0/0 MAC address.
Line 4 and 5, Gi0/0 responded with its own MAC address for the network present in Gi0/1
Line 6, Irrespective whether the IP address exists or not, if it gets arp request for any of the IP address in 192.168.1.x network it responds with its own MAC address.

Bonus Tip

You must have noticed that I issued ping to 192.168.2.1 (Gi0/2), but the arp entry is not present. This is because that operational status is down. So, we placed a switch to make it 'up'. Now proxy-arp works as usual.

Placed a switch to make Gig0/2 operational status 'up'

C:\>arp -a
No ARP Entries Found

C:\>ping 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Reply from 192.168.2.1: bytes=32 time=1ms TTL=255
Reply from 192.168.2.1: bytes=32 time<1ms TTL=255
Ping statistics for 192.168.2.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

C:\>ping 192.168.2.100
Pinging 192.168.2.100 with 32 bytes of data:
Ping statistics for 192.168.2.100:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

C:\>arp -a
  Internet Address      Physical Address      Type
  192.168.2.1           0040.0b1a.9a01        dynamic
  192.168.2.100         0040.0b1a.9a01        dynamic

Sunday, July 21, 2019

Generate WiFi Beacons

I am going to pump Wifi Beacons in the air. For this, I use Alfa-AWUS036NHA usb wifi dongle in Fedora. I googled through some websites to create a virtual interface of usb wifi in monitor mode. Installed Scapy so as to program.

Beacon Frame

The Beacon Frame above is generated using the following python code. Run the code, and in sniffer the above frame will be seen.

#! /usr/bin/env python
from scapy.all import *
import sys

####### Enter the interface ###########
iface = 'mon0'

####### Initializing the parameters in pairs of SSID and BSSID #########
pairs = [('ACTIVEHUB','00:90:12:34:56:78'),('ACTIVEHUB2','00:90:12:34:56:79')]

for SSID,BSSID in pairs:
        # Create MAC Header
        dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff',addr2=BSSID, addr3=BSSID)
        beacon = Dot11Beacon()
        # Create SSID Tag Parameter in Beacon Frame
        essid = Dot11Elt(ID='SSID',info=SSID, len=len(SSID))

        # Combine all objects into a single frame
        frame = RadioTap()/dot11/beacon/essid

        # Send 'count' number of frames with interval 'inter' seconds
        sendp(frame, iface=iface, inter=0.100, count=1)

In line 9, I have included 2 beacons. Each beacon represented as a pair (SSID, BSSID). You can include as many as you like.

Wednesday, June 12, 2019

Basic Wireless–WLC-1

I am going to setup a wireless network. This would be a very basic network with very minimalistic operations. It includes

Light weight Access Point
Wireless Controller WLC
Layer 3 switch (Any Layer 2 switch can also be used)
Laptop

No configurations are needed on Light weight Access Point or on Layer 3 switch. Steps for configuring can be defined like

WLC – Management Interface
WLC – DHCP Configuration
WLC – Wireless Configuration
WLC – AP Discovery
Laptop – Connecting
Ping Test

1. WLC – Management Interface

Click WLC –> Config –> Management. Configure IP Parameters.

2. WLC – DHCP Configuration

Click WLC –> Config –> DHCP
Create a DHCP Pool ‘Pool192’ for 200 users starting from 192.168.1.5. Set any DNS Server IP Address, though it is of no use here. Without this, it gives error and we cannot proceed further.
Click ‘Add’, so that an entry will be created in the lower table.

3. WLC – Wireless Configuration

Click WLC –> Config –> Wireless LANs
Create a Wireless profile ‘AP’ with SSID ‘AP-SSID’. Let other parameters be as default. It would be a no-encryption wireless network.
Click ‘Save’ to save the profile.

4. WLC – AP Discovery

Click WLC –> Config –> AP Groups
Wait for few seconds. The Light Weight Access Point will be listed in the group.

5. Laptop – Connecting

Now all the configurations are done. We have to connect Laptop to wireless network.
Click Laptop –> Config –> Wireless0.
Type SSID name –> ‘AP-SSID’
Uncheck and check ‘Port Status’
Laptop will receive the IP Address from DHCP server configured in WLC. It will be reflected in ‘IP Configuration’

6. Ping Test

Click Laptop –> Desktop –> Command Prompt
Issue ping to WLC’s IP address ‘192.168.1.1’. It will be a success.

Friday, April 5, 2019

Basic Routing - vlan - connected

This is an extension to my previous vlan posts.

Basic Routing on Multilayer Switch - Connected Network - No VLAN
Basic Routing on Multilayer Switch 2 - Connected Network - No VLAN

We keep 3 networks and do intervlan routing with Multilayer switch as below:

Topology

Keep the following picture as a reference while reading the info for better understanding.

Reference Topology

Task Breakup

Configure IP Addresses of Laptops
Create VLANs on Switch
Assign VLANs to Interfaces on Switch
Configure IP Addresses to VLAN on Switch
View VLAN Information
Enabling Routing
Validation
Alternate Topology

1. Configure IP Addresses of Laptops

PC Name	IP Address	Subnet Mask	Default Gateway
Inside1-1	172.16.0.11	255.255.0.0	172.16.0.1
Inside1-2	172.16.0.12	255.255.0.0	172.16.0.1
Inside2-1	10.0.0.11	255.0.0.0	10.0.0.1
Inside2-2	10.0.0.12	255.0.0.0	10.0.0.1
Outside	5.0.0.11	255.0.0.0	5.0.0.1

Click Laptop -> Desktop -> IP Configuration

IP Address Configuration - Outside Laptop

2. Create VLANs on Switch

As a good convention, we create VLANs and assign names to them

routing(config)#vlan 172
routing(config-vlan)#name vlan-172
routing(config-vlan)#exit
routing(config)#vlan 10
routing(config-vlan)#name vlan-10
routing(config-vlan)#exit
routing(config)#vlan 5
routing(config-vlan)#name vlan-5
routing(config-vlan)#exit

3. Assign VLANs to Interfaces on Switch

PC Name	IP Address	Subnet Mask	Default Gateway	Switchport interface	VLAN ID
Inside1-1	172.16.0.11	255.255.0.0	172.16.0.1	gig 1/0/1	VLAN 172
Inside1-2	172.16.0.12	255.255.0.0	172.16.0.1	gig 1/0/2	VLAN 172
Inside2-1	10.0.0.11	255.0.0.0	10.0.0.1	gig 1/0/11	VLAN 10
Inside2-2	10.0.0.12	255.0.0.0	10.0.0.1	gig 1/0/12	VLAN 10
Outside	5.0.0.11	255.0.0.0	5.0.0.1	gig 1/0/5	VLAN 5

routing(config)#int gig 1/0/1
routing(config-if)#switchport mode access
routing(config-if)#switchport access vlan 172
routing(config-if)#exit
routing(config)#int gig 1/0/2
routing(config-if)#switchport mode access
routing(config-if)#switchport access vlan 172

routing(config)#int gig 1/0/11
routing(config-if)#switchport mode access
routing(config-if)#switchport access vlan 10
routing(config-if)#exit
routing(config)#int gig 1/0/12
routing(config-if)#switchport mode access
routing(config-if)#switchport access vlan 10
routing(config-if)#exit

routing(config)#int gig 1/0/5
routing(config-if)#switchport mode access
routing(config-if)#switchport access vlan 5
routing(config-if)#exit

4. Configure IP Addresses to VLAN on Switch

VLAN ID	VLAN Name	VLAN IP Address
172	vlan-172	172.16.0.1
10	vlan-10	10.0.0.1
5	vlan-5	5.0.0.1

routing(config)#int vlan 172
routing(config-if)#ip address 172.16.0.1 255.255.0.0
routing(config-if)#no shut
routing(config-if)#exit
routing(config)#int vlan 10
routing(config-if)#ip address 10.0.0.1 255.0.0.0
routing(config-if)#no shut
routing(config-if)#exit
routing(config)#int vlan 5
routing(config-if)#ip address 5.0.0.1 255.0.0.0
routing(config-if)#no shut
routing(config-if)#exit

5. View VLAN Information

The following show commands gives an overview of what VLANs are assigned to which interfaces and the IP Address of VLANs

routing#show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig1/0/3, Gig1/0/4, Gig1/0/6, Gig1/0/7
                                                Gig1/0/8, Gig1/0/9, Gig1/0/10, Gig1/0/13
                                                Gig1/0/14, Gig1/0/15, Gig1/0/16, Gig1/0/17
                                                Gig1/0/18, Gig1/0/19, Gig1/0/20, Gig1/0/21
                                                Gig1/0/22, Gig1/0/23, Gig1/0/24, Gig1/1/1
                                                Gig1/1/2, Gig1/1/3, Gig1/1/4
5    vlan-5                           active    Gig1/0/5
10   vlan-10                          active    Gig1/0/11, Gig1/0/12
172  vlan-172                         active    Gig1/0/1, Gig1/0/2
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active 


routing#show ip int br
Interface              IP-Address      OK? Method Status                Protocol 
GigabitEthernet1/0/1   unassigned      YES NVRAM  up                    up 
GigabitEthernet1/0/2   unassigned      YES NVRAM  up                    up 
............
...........
GigabitEthernet1/1/3   unassigned      YES NVRAM  down                  down 
GigabitEthernet1/1/4   unassigned      YES NVRAM  down                  down 
Vlan1                  unassigned      YES NVRAM  administratively down down 
Vlan5                  5.0.0.1         YES manual up                    up 
Vlan10                 10.0.0.1        YES manual up                    up 
Vlan172                172.16.0.1      YES manual up                    up

6. Enabling Routing

Routing might be already enabled. It doesn't hurt to enable one more time.

routing#conf t
routing(config)#ip routing
routing(config)#exit

In the show command, if Connected Network information is shown, it means routing is enabled.

routing#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

C    5.0.0.0/8 is directly connected, Vlan5
C    10.0.0.0/8 is directly connected, Vlan10
C    172.16.0.0/16 is directly connected, Vlan172

7. Validation

Issue ping from any Laptop to any Laptop, it will be success.

Successful ping from Inside2-1 to Outside

Successful ping from Outside to Inside1-1

8. Alternate Topology

If there is no multilayer switch and we use Router, our topology has to be like this. We will not be using VLANs. All the laptops that are earlier connected to same VLAN, will be connected to a hub here.

Wednesday, April 3, 2019

Basic Routing on Multilayer Switch 2 - Connected Network - No VLAN

Today, we are enhancing a little bit our previous post

https://activehub2.blogspot.com/2019/03/basic-routing-on-multilayer-switch.html

Earlier we had a single inside laptop. Now we are placing one more laptop on the inside. Both laptops are connected to Hub, that in turn connected to the port of the switch.

All the configurations will be same.

Topology

Task Breakup

Configuring IP Address on Laptops
Configuring IP Address on Switch
Analysis before Routing
Enable Routing
Analysis after Routing
Validation

1. Configuring IP address on Laptops

Click on Laptop -> Desktop -> IP Configuration

Inside1 - IP Address - Configuration

Inside2 - IP Address - Configuration

Outside - IP Address - Configuration

2. Configure IP addresses on Switch

As it is a multilayer switch, by default it will act as a switchport. We have to convert to routing interface, by the command 'no switchport'. Setting the IP address as mentioned in the Topology

routing(config)#int gig 1/0/1
routing(config-if)#no switchport
routing(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up

routing(config-if)#ip address 172.16.0.1 255.255.0.0
routing(config-if)#no shut
routing(config-if)#exit
routing(config)#int gig1/0/10
routing(config-if)#no switchport
routing(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/10, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/10, changed state to up

routing(config-if)#ip address 5.0.0.1 255.0.0.0
routing(config-if)#no shut
routing(config-if)#exit

3. Analysis before Routing

Enable Packet Debugging

routing#debug ip packet
Packet debugging is on

Observe the IP Routing table is empty

routing#show ip route 
Default gateway is not set

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty

routing#

4. Enable Routing

I am not sure if Routing is enabled by default. Even it is enabled, it doesn't hurt to enable with the command 'ip routing'.

routing#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
routing(config)#ip routing 
routing(config)#exit

5. Analysis after Routing

Observe that IP Routing table will show connected networks. It means, packets can be passed between those networks.

routing#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

C    5.0.0.0/8 is directly connected, GigabitEthernet1/0/10
C    172.16.0.0/16 is directly connected, GigabitEthernet1/0/1

6. Validation

Issue a ping from inside2 to outside. It will be successful.

Successful ping from inside to outside

As packet debug is enabled in step 3, we will observe some routing information that the switch has processed to route packets between inside and outside network.

IP: tableid=0, s=172.16.0.11 (GigabitEthernet1/0/1), d=5.0.0.2 (GigabitEthernet1/0/10), routed via RIB

IP: s=172.16.0.11 (GigabitEthernet1/0/1), d=5.0.0.2 (GigabitEthernet1/0/10), g=5.0.0.2, len 128, forward

IP: tableid=0, s=5.0.0.2 (GigabitEthernet1/0/10), d=172.16.0.11 (GigabitEthernet1/0/1), routed via RIB

IP: s=5.0.0.2 (GigabitEthernet1/0/10), d=172.16.0.11 (GigabitEthernet1/0/1), g=172.16.0.11, len 128, forward

Issue a ping from outside to inside1 laptop. It will be successful. Observe the packet debug info.

Successful ping - Outside - Inside1

IP: tableid=0, s=5.0.0.2 (GigabitEthernet1/0/10), d=172.16.0.10 (GigabitEthernet1/0/1), routed via RIB

IP: s=5.0.0.2 (GigabitEthernet1/0/10), d=172.16.0.10 (GigabitEthernet1/0/1), g=172.16.0.10, len 128, forward

IP: tableid=0, s=172.16.0.10 (GigabitEthernet1/0/1), d=5.0.0.2 (GigabitEthernet1/0/10), routed via RIB

IP: s=172.16.0.10 (GigabitEthernet1/0/1), d=5.0.0.2 (GigabitEthernet1/0/10), g=5.0.0.2, len 128, forward

Sunday, March 31, 2019

Basic Routing on Multilayer Switch - Connected Network - No VLAN

Today, we are going to try connectivity between two networks, connected by a multilayer switch.

Topology

We see two networks 172.16.0.0 (inside) and 5.0.0.0 (outside). Inside laptop with 172.16.0.10 and Outside laptop with 5.0.0.10. We check for ping between inside and outside laptops.

Task Breakup

Configuring IP address on Laptops
Configure IP address on Switch
Analysis before routing
Configure routing on switch
Analysis after routing

1. Configuring IP address on Laptop

Click on Laptop -> Desktop -> IP Configuration

Inside - Laptop - IP Configuration

Outside - Laptop - IP Configuration

2. Configure IP addresses on Switch

As it is multilayer switch, we have to convert the interface into routing interface instead of switch interface. 'no switchport' is the command we use. We set the interface according to the details mentioned in Topology.

routing#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
routing(config)#int gig 1/0/1
routing(config-if)#no switchport 
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up

routing(config-if)#ip address 172.16.0.1 255.255.0.0
routing(config-if)#no shut
routing(config-if)#exit

routing(config)#int gig 1/0/10
routing(config-if)#no switchport
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/10, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/10, changed state to up

routing(config-if)#ip address 5.0.0.1 255.0.0.0
routing(config-if)#no shut
routing(config-if)#exit

3. Analysis before Routing

Enable debugging at packet level

routing#debug ip packet 
Packet debugging is on
routing#

IP Routing information will be empty

routing#show ip route 
Default gateway is not set

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty

Ping from Inside Laptop and Outside Laptop will not happen

4. Configuring routing on switch

routing#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
routing(config)#ip routing
routing(config)#exit
routing#

Routing information will be populated with connected networks

routing#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

C    5.0.0.0/8 is directly connected, GigabitEthernet1/0/10
C    172.16.0.0/16 is directly connected, GigabitEthernet1/0/1

5. Analysis after Routing

Issue ping from Inside laptop(172.16.0.10) to outside laptop(5.0.0.2) . It will be successful !!!

As packet debug is enabled, we will see the following dumps.

IP: tableid=0, s=172.16.0.10 (GigabitEthernet1/0/1), d=5.0.0.2 (GigabitEthernet1/0/10), routed via RIB

IP: s=172.16.0.10 (GigabitEthernet1/0/1), d=5.0.0.2 (GigabitEthernet1/0/10), g=5.0.0.2, len 128, forward

IP: tableid=0, s=5.0.0.2 (GigabitEthernet1/0/10), d=172.16.0.10 (GigabitEthernet1/0/1), routed via RIB

IP: s=5.0.0.2 (GigabitEthernet1/0/10), d=172.16.0.10 (GigabitEthernet1/0/1), g=172.16.0.10, len 128, forward

First 2 lines, indicates the routing process that happened for ICMP Echo Request packet with source IP(inside laptop) and destination IP (outside laptop)

Next 2 lines, indicates the routing process of ICMP Echo Reply packet with source IP (outside laptop) and destination IP(inside laptop)

Thursday, March 28, 2019

Simple VTP Operation

VLAN Trunk Protocol (VTP) in simple terms. We configure VLAN information in one switch. It will be passed on to number of switches connected to it. Saving the effort of typing same VLAN information on all switches.

Topology

If help is needed on how to power on cisco switch in packet tracer. click here

Task Breakup

Create Trunk between master and clients
Create VLAN info in master switch
Configure VTP server on master switch
Configure VTP client on client switches
Validation

1. Create Trunk between master and clients

Establish trunk link between

Master(Gig 1/0/1) ------------- (Gig 1/0/1)Client1
Master(Gig 1/0/2) ------------- (Gig 1/0/1)Client2

master(config)#int gig 1/0/1
master(config-if)#switchport trunk encapsulation dot1q
master(config-if)#switchport mode trunk
master(config-if)#exit
master(config)#int gig 1/0/2
master(config-if)#switchport trunk encapsulation dot1q
master(config-if)#switchport mode trunk

client1(config)#int gig 1/0/1
client1(config-if)#switchport trunk encapsulation dot1q
client1(config-if)#switchport mode trunk

client2(config)#int gig 1/0/1
client2(config-if)#switchport trunk encapsulation dot1q
client2(config-if)#switchport mode trunk

2. Create VLAN info in master switch

We create few vlans in master switch. Our intention is to pass those information to the client switches. We assign an interface to vlan 300 (reason will be explained in step 5). At this stage, observe that the vlan info in client1 and client2 is default.

master#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
master(config)#vlan 200
master(config-vlan)#name vtp-200
master(config-vlan)#exit
master(config)#vlan 300
master(config-vlan)#name vtp-300
master(config-vlan)#exit
master(config)#vlan 400
master(config-vlan)#name vtp-400
master(config-vlan)#exit
master(config)#int gig
master(config)#int gigabitEthernet 1/0/24
master(config-if)#switchport access vlan 300
master(config-if)#exit
master(config)#^Z
master#
%SYS-5-CONFIG_I: Configured from console by console
show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig1/0/1, Gig1/0/2, Gig1/0/3, Gig1/0/4
                                                Gig1/0/5, Gig1/0/6, Gig1/0/7, Gig1/0/8
                                                Gig1/0/9, Gig1/0/10, Gig1/0/11, Gig1/0/12
                                                Gig1/0/13, Gig1/0/14, Gig1/0/15, Gig1/0/16
                                                Gig1/0/17, Gig1/0/18, Gig1/0/19, Gig1/0/20
                                                Gig1/0/21, Gig1/0/22, Gig1/0/23, Gig1/1/1
                                                Gig1/1/2, Gig1/1/3, Gig1/1/4
200  vtp-200                          active    
300  vtp-300                          active    Gig1/0/24
400  vtp-400                          active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active

client1#show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig1/0/1, Gig1/0/2, Gig1/0/3, Gig1/0/4
                                                Gig1/0/5, Gig1/0/6, Gig1/0/7, Gig1/0/8
                                                Gig1/0/9, Gig1/0/10, Gig1/0/11, Gig1/0/12
                                                Gig1/0/13, Gig1/0/14, Gig1/0/15, Gig1/0/16
                                                Gig1/0/17, Gig1/0/18, Gig1/0/19, Gig1/0/20
                                                Gig1/0/21, Gig1/0/22, Gig1/0/23, Gig1/0/24
                                                Gig1/1/1, Gig1/1/2, Gig1/1/3, Gig1/1/4
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active

client2#show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig1/0/1, Gig1/0/2, Gig1/0/3, Gig1/0/4
                                                Gig1/0/5, Gig1/0/6, Gig1/0/7, Gig1/0/8
                                                Gig1/0/9, Gig1/0/10, Gig1/0/11, Gig1/0/12
                                                Gig1/0/13, Gig1/0/14, Gig1/0/15, Gig1/0/16
                                                Gig1/0/17, Gig1/0/18, Gig1/0/19, Gig1/0/20
                                                Gig1/0/21, Gig1/0/22, Gig1/0/23, Gig1/0/24
                                                Gig1/1/1, Gig1/1/2, Gig1/1/3, Gig1/1/4
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active

3. Configure master switch as VTP server

We create VTP. Usually contains following information.

Mode (server, client) - default will be server
Domain - it is case sensitive. All switches with same domain name will have vlan configuration as in vtp server
Password - enhanced authentication

master(config)#vtp mode server
Device mode already VTP SERVER.
master(config)#vtp domain blogger
Changing VTP domain name from NULL to blogger
master(config)#vtp pass
master(config)#vtp password blog-pass
Setting device VLAN database password to blog-pass
master(config)#

master#show vtp status
VTP Version capable             : 1 to 2
VTP version running             : 2
VTP Domain Name                 : blogger
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 0000.0CE1.E500
Configuration last modified by 0.0.0.0 at 3-1-93 00:47:49
Local updater ID is 0.0.0.0 (no valid interface found)

Feature VLAN : 
--------------
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 8
Configuration Revision            : 0
MD5 digest                        : 0x65 0xBC 0x5B 0x21 0xC3 0x28 0x52 0x80 
                                    0x9E 0xBA 0x83 0xA1 0x0E 0xF7 0x57 0xAD

4. Configure client switches as VTP client

We create VTP in the client switches. Configuration will be the same as VTP master, except mode as client.

client1(config)#vtp mode client
Setting device to VTP CLIENT mode.
client1(config)#vtp domain blogger
Changing VTP domain name from NULL to blogger
client1(config)#vtp password blog-password
Setting device VLAN database password to blog-password
client1(config)#vtp password blog-pass
Setting device VLAN database password to blog-pass
client1#show vtp status
VTP Version capable             : 1 to 2
VTP version running             : 2
VTP Domain Name                 : blogger
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 000A.F38B.B400
Configuration last modified by 0.0.0.0 at 3-1-93 00:47:49

Feature VLAN : 
--------------
VTP Operating Mode                : Client
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 8
Configuration Revision            : 0
MD5 digest                        : 0x65 0xBC 0x5B 0x21 0xC3 0x28 0x52 0x80 
                                    0x9E 0xBA 0x83 0xA1 0x0E 0xF7 0x57 0xAD

client2(config)#vtp mode client
Setting device to VTP CLIENT mode.
client2(config)#vtp domain blogger
Changing VTP domain name from NULL to blogger
client2(config)#vtp password blog-pass
Setting device VLAN database password to blog-pass
client2(config)#exit
client2#show vtp status
VTP Version capable             : 1 to 2
VTP version running             : 2
VTP Domain Name                 : blogger
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 0001.636E.B900
Configuration last modified by 0.0.0.0 at 3-1-93 00:47:49

Feature VLAN : 
--------------
VTP Operating Mode                : Client
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 8
Configuration Revision            : 0
MD5 digest                        : 0x65 0xBC 0x5B 0x21 0xC3 0x28 0x52 0x80 
                                    0x9E 0xBA 0x83 0xA1 0x0E 0xF7 0x57 0xAD

5. Validation

After step 4, if we view vlan information in client1 and client2, all the vlan info that are configured in master switch will be present. Note that we assigned gig 1/0/24 to vlan 300. It will not be shown in client switches. Port assignment is not part of VTP.

client1# show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig1/0/2, Gig1/0/3, Gig1/0/4, Gig1/0/5
                                                Gig1/0/6, Gig1/0/7, Gig1/0/8, Gig1/0/9
                                                Gig1/0/10, Gig1/0/11, Gig1/0/12, Gig1/0/13
                                                Gig1/0/14, Gig1/0/15, Gig1/0/16, Gig1/0/17
                                                Gig1/0/18, Gig1/0/19, Gig1/0/20, Gig1/0/21
                                                Gig1/0/22, Gig1/0/23, Gig1/0/24, Gig1/1/1
                                                Gig1/1/2, Gig1/1/3, Gig1/1/4
200  vtp-200                          active    
300  vtp-300                          active    
400  vtp-400                          active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active

client2#show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig1/0/2, Gig1/0/3, Gig1/0/4, Gig1/0/5
                                                Gig1/0/6, Gig1/0/7, Gig1/0/8, Gig1/0/9
                                                Gig1/0/10, Gig1/0/11, Gig1/0/12, Gig1/0/13
                                                Gig1/0/14, Gig1/0/15, Gig1/0/16, Gig1/0/17
                                                Gig1/0/18, Gig1/0/19, Gig1/0/20, Gig1/0/21
                                                Gig1/0/22, Gig1/0/23, Gig1/0/24, Gig1/1/1
                                                Gig1/1/2, Gig1/1/3, Gig1/1/4
200  vtp-200                          active    
300  vtp-300                          active    
400  vtp-400                          active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active

Labels

Wednesday, September 4, 2019

Basic Ping

Time Stamp

Sunday, August 25, 2019

Tuesday, August 13, 2019

Thursday, August 1, 2019

Description

Demonstration

Bonus Tip

Sunday, July 21, 2019

Wednesday, June 12, 2019

1. WLC – Management Interface

2. WLC – DHCP Configuration

3. WLC – Wireless Configuration

4. WLC – AP Discovery

5. Laptop – Connecting

6. Ping Test

Friday, April 5, 2019

Wednesday, April 3, 2019

Sunday, March 31, 2019

Thursday, March 28, 2019